*** empty log message ***

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2449 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 343 insertions, 0 deletions

diff --git a/src/include/krb5/adm_defs.h b/src/include/krb5/adm_defs.h
new file mode 100644
index 000000000..ae69831e0
--- /dev/null
+++ b/src/include/krb5/adm_defs.h
@@ -0,0 +1,198 @@
+/*
+ * $Source$
+ * $Author$
+ * $Id$
+ *
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America is assumed
+ *   to require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * <<< Description >>>
+ */
+
+
+#ifndef __ADM_DEFINES__
+#define __ADM_DEFINES__
+
+#define ADM5_VERSTR		"ADM5VER1"
+#define ADM5_VERSIZE		strlen(ADM5_VERSTR)
+/* This used to be kerberos_master */
+#define ADM5_PORTNAME		"kerberos_adm"
+#define DEFAULT_ACL_NAME	"/krb5/.admin_acl_file"
+#define ADM5_CPW_VERSION	"V5CPWS01"
+#define ADM5_ADM_VERSION	"V5ADMS01"
+#define CPWNAME			"kadmin"
+/* Instance used to be kerberos
+#define CPWINSTANCE		"kerberos"
+   Now, instance is realm */
+#define ADMINSTANCE		"admin"
+
+#define ADM_CPW_VERSION         "V5CPWS01"
+#define ADM_MAX_PW_ITERATIONS	5
+#define ADM_MAX_PW_CHOICES	5
+
+#ifdef MACH_PASS
+#define ADM_MAX_PW_LENGTH       8
+#define ADM_MAX_PHRASE_LENGTH	101
+#else
+#define ADM_MAX_PW_LENGTH       255
+#endif
+
+#define CPW_SNAME               ADM5_PORTNAME
+
+#define MAXCPWBUFSIZE 4096
+
+#ifdef unicos61
+#define SIZEOF_INADDR  SIZEOF_in_addr
+#else
+#define SIZEOF_INADDR sizeof(struct in_addr)
+#endif
+
+/* Server */
+#define KADMIND		0x01
+
+/* Applications */
+#define KPASSWD		0x01
+#define KSRVUTIL	0x02
+#define KADMIN		0x03
+
+/* Operations */
+#define ADDOPER		0x01    /* Add Principal */
+#define CHGOPER		0x02    /* Change Password */
+#define ADROPER         0x03    /* Add principal with random password */
+#define CHROPER         0x04    /* Change to random password */
+#define DELOPER		0x05    /* Delete Principal */
+#define MODOPER		0x06    /* Modify Principal attributes */
+#define INQOPER		0x07    /* Display Principal info */
+#define AD4OPER         0x08    /* Add Principal using v4 string-to-key */
+#define CH4OPER         0x09    /* Change password using v4 string-to-key */
+#define COMPLETE	0x0f
+
+/* Extra Message Types */
+#define SENDDATA1	0x00
+#define SENDDATA2	0x01
+#define SENDDATA3	0x02
+
+/* Unknowns */
+#define KUNKNOWNAPPL	0xff
+#define KUNKNOWNOPER	0xff
+#define KUNKNOWNERR	0xff
+
+typedef struct {
+    char appl_code;
+    char oper_code;
+    char retn_code;
+    char *message;
+} kadmin_requests;
+
+static char *oper_type[] = {
+	"complete",					/* 0 */
+	"addition",					/* 1 */
+	"deletion",					/* 2 */
+	"change",					/* 3 */
+	"modification",					/* 4 */
+	"inquiry"					/* 5 */
+};
+
+#define SKYCHANGED	0x00
+#define NSKYRCVD	0x01
+
+static char *ksrvutil_message[] = {
+	"Service Key Changed",				/* 0 */
+	"New Key and Version Received"			/* 1 */
+};
+
+#define KADMGOOD	0x00
+#define KADMSAG		0x01
+
+static char *kadmind_general_response[] = {
+	"Success",					/* 0 */
+	"Service Access Granted"			/* 1 */
+};
+
+
+#define KPASSGOOD	0x00
+#define KPASSBAD	0x01
+
+static char *kadmind_kpasswd_response[] = {
+	"Password Changed",				/* 0 */
+	"Password NOT Changed!"				/* 1 */
+};
+
+#define KSRVGOOD	0x00
+#define KSRVBAD		0x01
+#define KSRVCATASTROPHE	0x02
+
+static char *kadmind_ksrvutil_response[] = {
+	"Service Password Change Complete",		/* 0 */
+	"One or More Service Password Change(s) Failed!",	/* 1 */
+	"Database Update Failure - Possible Catastrophe!!"	/* 2 */
+};
+
+#define KADMGOOD	0x00
+#define KADMBAD		0x01
+
+static char *kadmind_kadmin_response[] = {
+	"Administrative Service Completed",		/* 0 */
+	"Principal Unknown!",				/* 1 */
+	"Principal Already Exists!",			/* 2 */
+	"Allocation Failure!",				/* 3 */
+	"Password Failure!",				/* 4 */
+	"Protocol Failure!",				/* 5 */
+	"Security Failure!",				/* 6 */
+	"Admin Client Not in ACL List!",			/* 7 */
+	"Database Update Failure - Possible Catastrophe!!"	/* 8 */
+};
+
+#define KMODVNO		0x00
+#define KMODATTR	0x01
+
+#ifdef SANDIA
+#define KMODFCNT	0x02
+#endif
+
+#define ATTRPOST	0x00
+#define ATTRNOPOST	0x01
+#define ATTRFOR		0x02
+#define ATTRNOFOR	0x03
+#define ATTRTGT		0x04
+#define ATTRNOTGT	0x05
+#define ATTRREN		0x06
+#define ATTRNOREN	0x07
+#define ATTRPROXY	0x08
+#define ATTRNOPROXY	0x09
+#define ATTRDSKEY	0x0a
+#define ATTRNODSKEY	0x0b
+#define ATTRLOCK	0x0c
+#define ATTRUNLOCK	0x0d
+
+#ifdef SANDIA
+#define ATTRPRE		0x0e
+#define ATTRNOPRE	0x0f
+#define ATTRPWOK	0x10
+#define ATTRPWCHG	0x11
+#define ATTRSID		0x12
+#define ATTRNOSID	0x13
+#endif
+
+#define ATTRNOSVR       0x14
+#define ATTRSVR         0x15
+
+#define BADATTR		0x3f
+
+#endif /* __ADM_DEFINES__ */
diff --git a/src/include/krb5/preauth.h b/src/include/krb5/preauth.h
new file mode 100644
index 000000000..e36ece67d
--- /dev/null
+++ b/src/include/krb5/preauth.h
@@ -0,0 +1,81 @@
+/*
+ * $Author$
+ * (Originally written by Glen Machin at Sandia Labs.)
+ *
+ * Copyright 1992 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America is assumed
+ *   to require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Sandia National Laboratories also makes no representations about the 
+ * suitability of the modifications, or additions to this software for 
+ * any purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ */
+
+#define MAX_PREAUTH_SIZE 20	/* Maximum size of PreAuthenticator.data */
+
+/*
+ * Note: these typedefs are subject to change.... [tytso:19920903.1609EDT]
+ */
+typedef krb5_error_code (krb5_preauth_obtain_proc)
+    PROTOTYPE((krb5_principal client, krb5_address **src_addr,
+	       krb5_pa_data *pa_data));
+
+typedef krb5_error_code (krb5_preauth_verify_proc)
+    PROTOTYPE((krb5_principal client, krb5_address **src_addr,
+	       krb5_data *data));
+
+typedef struct _krb5_preauth_ops {
+        int     type;
+	int	flags;
+	krb5_preauth_obtain_proc	*obtain;
+	krb5_preauth_verify_proc	*verify;
+} krb5_preauth_ops;
+
+/*
+ * Preauthentication property flags
+ */
+#define KRB5_PREAUTH_FLAGS_ENCRYPT	0x00000001
+#define KRB5_PREAUTH_FLAGS_HARDWARE	0x00000002
+
+krb5_error_code find_preauthenticator
+    PROTOTYPE((int type, krb5_preauth_ops **Preauth_proc));
+
+#if 0
+krb5_error_code get_random_padata
+    PROTOTYPE((krb5_principal client, krb5_address **src_addr,
+	       krb5_pa_data *data));
+
+krb5_error_code verify_random_padata
+    PROTOTYPE((krb5_principal client, krb5_address **src_addr,
+	       krb5_data *data));
+#endif
+
+krb5_error_code get_timestamp_padata
+    PROTOTYPE((krb5_principal client, krb5_address **src_addr,
+	       krb5_pa_data *data));
+
+krb5_error_code verify_timestamp_padata
+    PROTOTYPE((krb5_principal client, krb5_address **src_addr,
+	       krb5_data *data));
+
+#ifdef KRBCONF_SECUREID
+krb5_preauth_obtain_proc get_securid_padata;
+krb5_preauth_verify_proc verify_securid_padata;
+#endif
+
diff --git a/src/include/krb5/rsa-md5.h b/src/include/krb5/rsa-md5.h
new file mode 100644
index 000000000..727818350
--- /dev/null
+++ b/src/include/krb5/rsa-md5.h
@@ -0,0 +1,64 @@
+/*
+ ***********************************************************************
+ ** md5.h -- header file for implementation of MD5                    **
+ ** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
+ ** Created: 2/17/90 RLR                                              **
+ ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version               **
+ ** Revised (for MD5): RLR 4/27/91                                    **
+ **   -- G modified to have y&~z instead of y&z                       **
+ **   -- FF, GG, HH modified to add in last register done             **
+ **   -- Access pattern: round 2 works mod 5, round 3 works mod 3     **
+ **   -- distinct additive constant for each step                     **
+ **   -- round 4 added, working mod 7                                 **
+ ***********************************************************************
+ */
+
+/*
+ ***********************************************************************
+ ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
+ **                                                                   **
+ ** License to copy and use this software is granted provided that    **
+ ** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
+ ** Digest Algorithm" in all material mentioning or referencing this  **
+ ** software or this function.                                        **
+ **                                                                   **
+ ** License is also granted to make and use derivative works          **
+ ** provided that such works are identified as "derived from the RSA  **
+ ** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
+ ** material mentioning or referencing the derived work.              **
+ **                                                                   **
+ ** RSA Data Security, Inc. makes no representations concerning       **
+ ** either the merchantability of this software or the suitability    **
+ ** of this software for any particular purpose.  It is provided "as  **
+ ** is" without express or implied warranty of any kind.              **
+ **                                                                   **
+ ** These notices must be retained in any copies of any part of this  **
+ ** documentation and/or software.                                    **
+ ***********************************************************************
+ */
+
+/* Data structure for MD5 (Message-Digest) computation */
+typedef struct {
+  krb5_ui_4 i[2];			/* number of _bits_ handled mod 2^64 */
+  krb5_ui_4 buf[4];			/* scratch buffer */
+  unsigned char in[64];			/* input buffer */
+  unsigned char digest[16];		/* actual digest after MD5Final call */
+} MD5_CTX;
+
+#if defined(__STDC__) || defined(KRB5_PROVIDE_PROTOTYPES)
+extern void MD5Init(MD5_CTX *);
+extern void MD5Update (MD5_CTX *, unsigned char *, unsigned int);
+extern void MD5Final (MD5_CTX *);
+#else
+extern void MD5Init();
+extern void MD5Update ();
+extern void MD5Final ();
+#endif
+
+#define	RSA_MD5_CKSUM_LENGTH		16
+#define	RSA_MD5_DES_CKSUM_LENGTH	16
+
+extern krb5_checksum_entry
+    rsa_md5_cksumtable_entry,
+    rsa_md5_des_cksumtable_entry;
+