10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*6536Sgtb * Common Development and Distribution License (the "License"). 6*6536Sgtb * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 21*6536Sgtb 220Sstevel@tonic-gate /* 23*6536Sgtb * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 240Sstevel@tonic-gate * Use is subject to license terms. 250Sstevel@tonic-gate */ 260Sstevel@tonic-gate 270Sstevel@tonic-gate #ifndef _KCMD_H 280Sstevel@tonic-gate #define _KCMD_H 290Sstevel@tonic-gate 300Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 310Sstevel@tonic-gate 320Sstevel@tonic-gate #ifdef __cplusplus 330Sstevel@tonic-gate extern "C" { 340Sstevel@tonic-gate #endif 350Sstevel@tonic-gate 360Sstevel@tonic-gate #define OPTS_FORWARD_CREDS 0x00000002 370Sstevel@tonic-gate #define OPTS_FORWARDABLE_CREDS 0x00000001 380Sstevel@tonic-gate 390Sstevel@tonic-gate #define SERVER 0 400Sstevel@tonic-gate #define CLIENT 1 410Sstevel@tonic-gate 420Sstevel@tonic-gate enum kcmd_proto { 430Sstevel@tonic-gate /* 440Sstevel@tonic-gate * Old protocol: DES encryption only. No subkeys. 450Sstevel@tonic-gate * No protection for cleartext length. No ivec supplied. 460Sstevel@tonic-gate * OOB hacks used for rlogin. Checksum may be omitted at 470Sstevel@tonic-gate * connection startup. 480Sstevel@tonic-gate */ 490Sstevel@tonic-gate KCMD_OLD_PROTOCOL = 1, 500Sstevel@tonic-gate /* 510Sstevel@tonic-gate * New protocol: Any encryption scheme. Client-generated 520Sstevel@tonic-gate * subkey required. Prepend cleartext-length to cleartext 530Sstevel@tonic-gate * data (but don't include it in count). Starting ivec defined, 540Sstevel@tonic-gate * chained. In-band signalling. Checksum required. 550Sstevel@tonic-gate */ 560Sstevel@tonic-gate KCMD_NEW_PROTOCOL, 570Sstevel@tonic-gate 580Sstevel@tonic-gate /* 590Sstevel@tonic-gate * Hack: Get credentials, and use the old protocol iff the session 600Sstevel@tonic-gate * key type is single-DES. 610Sstevel@tonic-gate */ 620Sstevel@tonic-gate KCMD_PROTOCOL_COMPAT_HACK, 630Sstevel@tonic-gate /* Using Kerberos version 4. */ 640Sstevel@tonic-gate KCMD_V4_PROTOCOL, 650Sstevel@tonic-gate KCMD_UNKNOWN_PROTOCOL 660Sstevel@tonic-gate }; 670Sstevel@tonic-gate 680Sstevel@tonic-gate #define SOCK_FAMILY(ss) ((ss).ss_family) 690Sstevel@tonic-gate 700Sstevel@tonic-gate #define SOCK_PORT(ss) ((ss).ss_family == AF_INET6 ? \ 710Sstevel@tonic-gate ((struct sockaddr_in6 *)&(ss))->sin6_port : \ 720Sstevel@tonic-gate ((struct sockaddr_in *)&(ss))->sin_port) 730Sstevel@tonic-gate 740Sstevel@tonic-gate #define SOCK_ADDR(ss) ((ss).ss_family == AF_INET6 ? \ 750Sstevel@tonic-gate (void *)&((struct sockaddr_in6 *)&(ss))->sin6_addr : \ 760Sstevel@tonic-gate (void *)&((struct sockaddr_in *)&(ss))->sin_addr) 770Sstevel@tonic-gate 780Sstevel@tonic-gate #define SET_SOCK_FAMILY(ss, family) (SOCK_FAMILY(ss) = (family)) 790Sstevel@tonic-gate 800Sstevel@tonic-gate #define SET_SOCK_PORT(ss, port) \ 810Sstevel@tonic-gate ((ss).ss_family == AF_INET6 ? \ 820Sstevel@tonic-gate (((struct sockaddr_in6 *)&(ss))->sin6_port = (port)) : \ 830Sstevel@tonic-gate (((struct sockaddr_in *)&(ss))->sin_port = (port))) 840Sstevel@tonic-gate 850Sstevel@tonic-gate #define SET_SOCK_ADDR4(ss, addr) ((void)(sock_set_inaddr(&(ss), (addr)))) 860Sstevel@tonic-gate 870Sstevel@tonic-gate #define SET_SOCK_ADDR_ANY(ss) \ 880Sstevel@tonic-gate ((void) ((ss).ss_family == AF_INET6 ? \ 890Sstevel@tonic-gate (void) (((struct sockaddr_in6 *)&(ss))->sin6_addr = in6addr_any) : \ 900Sstevel@tonic-gate (void) (((struct sockaddr_in *)&(ss))->sin_addr.s_addr = \ 910Sstevel@tonic-gate htonl(INADDR_ANY)))) 920Sstevel@tonic-gate 930Sstevel@tonic-gate /* 940Sstevel@tonic-gate * Prototypes for functions in 'kcmd.c' 950Sstevel@tonic-gate */ 960Sstevel@tonic-gate char *strsave(char *sp); 970Sstevel@tonic-gate 980Sstevel@tonic-gate int kcmd(int *sock, char **ahost, ushort_t rport, char *locuser, 990Sstevel@tonic-gate char *remuser, char *cmd, int *fd2p, char *service, char *realm, 1000Sstevel@tonic-gate krb5_context bsd_context, krb5_auth_context *authconp, 1010Sstevel@tonic-gate krb5_creds **cred, krb5_int32 *seqno, krb5_int32 *server_seqno, 1020Sstevel@tonic-gate krb5_flags authopts, 1030Sstevel@tonic-gate int anyport, enum kcmd_proto *kcmd_proto); 1040Sstevel@tonic-gate 1050Sstevel@tonic-gate void init_encrypt(int, krb5_context, enum kcmd_proto, 1060Sstevel@tonic-gate krb5_data *, krb5_data *, 1070Sstevel@tonic-gate int, krb5_encrypt_block *); 1080Sstevel@tonic-gate 1090Sstevel@tonic-gate int desread(int, char *, int, int); 1100Sstevel@tonic-gate int deswrite(int, char *, int, int); 1110Sstevel@tonic-gate 1120Sstevel@tonic-gate #ifdef __cplusplus 1130Sstevel@tonic-gate } 1140Sstevel@tonic-gate #endif 1150Sstevel@tonic-gate 1160Sstevel@tonic-gate #endif /* _KCMD_H */ 117