1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _KCMD_H 28 #define _KCMD_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #define OPTS_FORWARD_CREDS 0x00000002 37 #define OPTS_FORWARDABLE_CREDS 0x00000001 38 39 #define SERVER 0 40 #define CLIENT 1 41 42 enum kcmd_proto { 43 /* 44 * Old protocol: DES encryption only. No subkeys. 45 * No protection for cleartext length. No ivec supplied. 46 * OOB hacks used for rlogin. Checksum may be omitted at 47 * connection startup. 48 */ 49 KCMD_OLD_PROTOCOL = 1, 50 /* 51 * New protocol: Any encryption scheme. Client-generated 52 * subkey required. Prepend cleartext-length to cleartext 53 * data (but don't include it in count). Starting ivec defined, 54 * chained. In-band signalling. Checksum required. 55 */ 56 KCMD_NEW_PROTOCOL, 57 58 /* 59 * Hack: Get credentials, and use the old protocol iff the session 60 * key type is single-DES. 61 */ 62 KCMD_PROTOCOL_COMPAT_HACK, 63 /* Using Kerberos version 4. */ 64 KCMD_V4_PROTOCOL, 65 KCMD_UNKNOWN_PROTOCOL 66 }; 67 68 #define SOCK_FAMILY(ss) ((ss).ss_family) 69 70 #define SOCK_PORT(ss) ((ss).ss_family == AF_INET6 ? \ 71 ((struct sockaddr_in6 *)&(ss))->sin6_port : \ 72 ((struct sockaddr_in *)&(ss))->sin_port) 73 74 #define SOCK_ADDR(ss) ((ss).ss_family == AF_INET6 ? \ 75 (void *)&((struct sockaddr_in6 *)&(ss))->sin6_addr : \ 76 (void *)&((struct sockaddr_in *)&(ss))->sin_addr) 77 78 #define SET_SOCK_FAMILY(ss, family) (SOCK_FAMILY(ss) = (family)) 79 80 #define SET_SOCK_PORT(ss, port) \ 81 ((ss).ss_family == AF_INET6 ? \ 82 (((struct sockaddr_in6 *)&(ss))->sin6_port = (port)) : \ 83 (((struct sockaddr_in *)&(ss))->sin_port = (port))) 84 85 #define SET_SOCK_ADDR4(ss, addr) ((void)(sock_set_inaddr(&(ss), (addr)))) 86 87 #define SET_SOCK_ADDR_ANY(ss) \ 88 ((void) ((ss).ss_family == AF_INET6 ? \ 89 (void) (((struct sockaddr_in6 *)&(ss))->sin6_addr = in6addr_any) : \ 90 (void) (((struct sockaddr_in *)&(ss))->sin_addr.s_addr = \ 91 htonl(INADDR_ANY)))) 92 93 /* 94 * Prototypes for functions in 'kcmd.c' 95 */ 96 char *strsave(char *sp); 97 98 int kcmd(int *sock, char **ahost, ushort_t rport, char *locuser, 99 char *remuser, char *cmd, int *fd2p, char *service, char *realm, 100 krb5_context bsd_context, krb5_auth_context *authconp, 101 krb5_creds **cred, krb5_int32 *seqno, krb5_int32 *server_seqno, 102 krb5_flags authopts, 103 int anyport, enum kcmd_proto *kcmd_proto); 104 105 void init_encrypt(int, krb5_context, enum kcmd_proto, 106 krb5_data *, krb5_data *, 107 int, krb5_encrypt_block *); 108 109 int desread(int, char *, int, int); 110 int deswrite(int, char *, int, int); 111 112 #ifdef __cplusplus 113 } 114 #endif 115 116 #endif /* _KCMD_H */ 117