* k5-int.h: Remove commented-out <widen.h> and <narrow.h>.

* krb5.h: Same as old krb5/krb5.h, as a start.  Gradually things
that don't need to be exported will be moved from krb5.h into
k5-int.h (and vice verse for e.g. function prototypes).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5003 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 336 insertions, 32 deletions

diff --git a/src/include/ChangeLog b/src/include/ChangeLog
index 3f5fb4592b..71dbb79773 100644
--- a/src/include/ChangeLog
+++ b/src/include/ChangeLog
@@ -1,3 +1,10 @@
+Wed Feb 22 18:31:12 1995  John Gilmore  (gnu at toad.com)
+
+	* k5-int.h:  Remove commented-out <widen.h> and <narrow.h>.
+	* krb5.h: Same as old krb5/krb5.h, as a start.  Gradually things
+	that don't need to be exported will be moved from krb5.h into
+	k5-int.h (and vice verse for e.g. function prototypes).
+
 Wed Jan 25 19:19:38 1995  John Gilmore  (gnu at toad.com)
 
 	Make it possible to #include "..." without using slashes,
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 8280bf8a34..4580abbf06 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1,12 +1,13 @@
 /*
  * This prototype for k5-int.h (Krb5 internals include file)
- * simply includes every file
- * in the lower krb5 directory, more or less.
+ * includes the user-visible definitions from krb5.h and then
+ * includes other definitions that are not user-visible but are
+ * required for compiling Kerberos internal routines.
  *
  * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995
  */
 
-#include "krb5/krb5.h"
+#include "krb5.h"
 
 /* krb5/krb5.h includes many other krb5/*.h files too.  The ones that it
    doesn't include, we include below.  */
@@ -22,11 +23,9 @@
 #include "krb5/libos.h"
 #include "krb5/los-proto.h"
 #include "krb5/mit-des.h"
-/* #include "krb5/narrow.h" -- used in encryption.h and others, custom usage */
 #include "krb5/preauth.h"
 /* #include "krb5/rsa-md4.h" -- removed from krb5 to lib/crypto/md4 */
 #include "krb5/rsa-md5.h"
 /* #include "krb5/stock" */
 #include "krb5/sysincl.h"
-/* #include "krb5/widen.h" -- used in encryption.h, custom usage. */
 /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
diff --git a/src/include/krb5.h b/src/include/krb5.h
index 15bffb5efb..4452f95564 100644
--- a/src/include/krb5.h
+++ b/src/include/krb5.h
@@ -1,31 +1,329 @@
 /*
- * This prototype for a globally useful krb5.h simply includes every file
- * in the lower krb5 directory, in alphabetical order.
+ * include/krb5.h
  *
- * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995
+ * Copyright 1989,1990,1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * General definitions for Kerberos version 5.
  */
 
-#include "krb5/krb5.h"
-
-/* krb5/krb5.h includes many other krb5/*.h files too.  The ones that it
-   doesn't include, we include below.  */
-
-#include "krb5/adm_defs.h"
-#include "krb5/asn1.h"
-#include "krb5/copyright.h"
-/* #include "krb5/crc-32.h" -- removed from krb5 to lib/crypto/crc32 */
-#include "krb5/dbm.h"
-#include "krb5/ext-proto.h"
-#include "krb5/kdb.h"
-#include "krb5/kdb_dbm.h"
-#include "krb5/libos.h"
-#include "krb5/los-proto.h"
-#include "krb5/mit-des.h"
-/* #include "krb5/narrow.h" -- used in encryption.h and others, custom usage */
-#include "krb5/preauth.h"
-/* #include "krb5/rsa-md4.h" -- removed from krb5 to lib/crypto/md4 */
-#include "krb5/rsa-md5.h"
-/* #include "krb5/stock" */
-#include "krb5/sysincl.h"
-/* #include "krb5/widen.h" -- used in encryption.h, custom usage. */
-/* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
+#ifndef KRB5_GENERAL__
+#define KRB5_GENERAL__
+
+#ifndef KRB5_SYSTYPES__
+#define KRB5_SYSTYPES__
+#include <sys/types.h>
+#endif /* KRB5_SYSTYPES__ */
+
+#include "k5-config.h"
+
+#include "base-defs.h"
+#include "hostaddr.h"
+
+typedef struct _krb5_context {
+	krb5_magic	magic;
+	krb5_enctype  * etypes;
+	int		etype_count;
+	void	      * os_context;
+} * krb5_context;
+
+#include "encryption.h"
+#include "fieldbits.h"
+#include "errors.h"
+#include "proto.h"
+#include "macros.h"
+#include "error_def.h"
+
+/* Time set */
+typedef struct _krb5_ticket_times {
+    krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
+				in ticket? otherwise client can't get this */ 
+    krb5_timestamp starttime;		/* optional in ticket, if not present,
+					   use authtime */
+    krb5_timestamp endtime;
+    krb5_timestamp renew_till;
+} krb5_ticket_times;
+
+/* structure for auth data */
+typedef struct _krb5_authdata {
+    krb5_magic magic;
+    krb5_authdatatype ad_type;
+    int length;
+    krb5_octet *contents;
+} krb5_authdata;
+
+/* structure for transited encoding */
+typedef struct _krb5_transited {
+    krb5_magic magic;
+    krb5_octet tr_type;
+    krb5_data tr_contents;
+} krb5_transited;
+
+typedef struct _krb5_enc_tkt_part {
+    krb5_magic magic;
+    /* to-be-encrypted portion */
+    krb5_flags flags;			/* flags */
+    krb5_keyblock *session;		/* session key: includes keytype */
+    krb5_principal client;		/* client name/realm */
+    krb5_transited transited;		/* list of transited realms */
+    krb5_ticket_times times;		/* auth, start, end, renew_till */
+    krb5_address **caddrs;		/* array of ptrs to addresses */
+    krb5_authdata **authorization_data;	/* auth data */
+} krb5_enc_tkt_part;
+
+typedef struct _krb5_ticket {
+    krb5_magic magic;
+    /* cleartext portion */
+    krb5_principal server;		/* server name/realm */
+    krb5_enc_data enc_part;		/* encryption type, kvno, encrypted
+					   encoding */
+    krb5_enc_tkt_part *enc_part2;	/* ptr to decrypted version, if
+					   available */
+} krb5_ticket;
+
+/* the unencrypted version */
+typedef struct _krb5_authenticator {
+    krb5_magic magic;
+    krb5_principal client;		/* client name/realm */
+    krb5_checksum *checksum;		/* checksum, includes type, optional */
+    krb5_int32 cusec;			/* client usec portion */
+    krb5_timestamp ctime;		/* client sec portion */
+    krb5_keyblock *subkey;		/* true session key, optional */
+    krb5_int32 seq_number;		/* sequence #, optional */
+    krb5_authdata **authorization_data; /* New add by Ari, auth data */
+} krb5_authenticator;
+
+typedef struct _krb5_tkt_authent {
+    krb5_magic magic;
+    krb5_ticket *ticket;
+    krb5_authenticator *authenticator;
+    krb5_flags ap_options;
+} krb5_tkt_authent;
+
+/* credentials:  Ticket, session key, etc. */
+typedef struct _krb5_creds {
+    krb5_magic magic;
+    krb5_principal client;		/* client's principal identifier */
+    krb5_principal server;		/* server's principal identifier */
+    krb5_keyblock keyblock;		/* session encryption key info */
+    krb5_ticket_times times;		/* lifetime info */
+    krb5_boolean is_skey;		/* true if ticket is encrypted in
+					   another ticket's skey */
+    krb5_flags ticket_flags;		/* flags in ticket */
+    krb5_address **addresses;		/* addrs in ticket */
+    krb5_data ticket;			/* ticket string itself */
+    krb5_data second_ticket;		/* second ticket, if related to
+					   ticket (via DUPLICATE-SKEY or
+					   ENC-TKT-IN-SKEY) */
+    krb5_authdata **authdata;		/* authorization data */
+} krb5_creds;
+
+/* Last request fields */
+typedef struct _krb5_last_req_entry {
+    krb5_magic magic;
+    krb5_octet lr_type;
+    krb5_timestamp value;
+} krb5_last_req_entry;
+
+/* pre-authentication data */
+typedef struct _krb5_pa_data {
+    krb5_magic magic;
+    krb5_ui_2  pa_type;
+    int length;
+    krb5_octet *contents;
+} krb5_pa_data;
+
+typedef struct _krb5_kdc_req {
+    krb5_magic magic;
+    krb5_msgtype msg_type;		/* AS_REQ or TGS_REQ? */
+    krb5_pa_data **padata;		/* e.g. encoded AP_REQ */
+    /* real body */
+    krb5_flags kdc_options;		/* requested options */
+    krb5_principal client;		/* includes realm; optional */
+    krb5_principal server;		/* includes realm (only used if no
+					   client) */
+    krb5_timestamp from;		/* requested starttime */
+    krb5_timestamp till;		/* requested endtime */
+    krb5_timestamp rtime;		/* (optional) requested renew_till */
+    krb5_int32 nonce;			/* nonce to match request/response */
+    int netypes;			/* # of etypes, must be positive */
+    krb5_enctype *etype;		/* requested encryption type(s) */
+    krb5_address **addresses;		/* requested addresses, optional */
+    krb5_enc_data authorization_data;	/* encrypted auth data; OPTIONAL */
+    krb5_authdata **unenc_authdata;	/* unencrypted auth data,
+					   if available */
+    krb5_ticket **second_ticket;	/* second ticket array; OPTIONAL */
+} krb5_kdc_req;
+
+typedef struct _krb5_enc_kdc_rep_part {
+    krb5_magic magic;
+    /* encrypted part: */
+    krb5_msgtype msg_type;		/* krb5 message type */
+    krb5_keyblock *session;		/* session key */
+    krb5_last_req_entry **last_req;	/* array of ptrs to entries */
+    krb5_int32 nonce;			/* nonce from request */
+    krb5_timestamp key_exp;		/* expiration date */
+    krb5_flags flags;			/* ticket flags */
+    krb5_ticket_times times;		/* lifetime info */
+    krb5_principal server;		/* server's principal identifier */
+    krb5_address **caddrs;		/* array of ptrs to addresses,
+					   optional */
+} krb5_enc_kdc_rep_part;
+
+typedef struct _krb5_kdc_rep {
+    krb5_magic magic;
+    /* cleartext part: */
+    krb5_msgtype msg_type;		/* AS_REP or KDC_REP? */
+    krb5_pa_data **padata;		/* preauthentication data from KDC */
+    krb5_principal client;		/* client's principal identifier */
+    krb5_ticket *ticket;		/* ticket */
+    krb5_enc_data enc_part;		/* encryption type, kvno, encrypted
+					   encoding */
+    krb5_enc_kdc_rep_part *enc_part2;	/* unencrypted version, if available */
+} krb5_kdc_rep;
+
+/* error message structure */
+typedef struct _krb5_error {
+    krb5_magic magic;
+    /* some of these may be meaningless in certain contexts */
+    krb5_timestamp ctime;		/* client sec portion; optional */
+    krb5_int32 cusec;			/* client usec portion; optional */
+    krb5_int32 susec;			/* server usec portion */
+    krb5_timestamp stime;		/* server sec portion */
+    krb5_ui_4 error;			/* error code (protocol error #'s) */
+    krb5_principal client;		/* client's principal identifier;
+					   optional */
+    krb5_principal server;		/* server's principal identifier */
+    krb5_data text;			/* descriptive text */
+    krb5_data e_data;			/* additional error-describing data */
+} krb5_error;
+
+typedef struct _krb5_ap_req {
+    krb5_magic magic;
+    krb5_flags ap_options;		/* requested options */
+    krb5_ticket *ticket;		/* ticket */
+    krb5_enc_data authenticator;	/* authenticator (already encrypted) */
+} krb5_ap_req;
+
+typedef struct _krb5_ap_rep {
+    krb5_magic magic;
+    krb5_enc_data enc_part;
+} krb5_ap_rep;
+
+typedef struct _krb5_ap_rep_enc_part {
+    krb5_magic magic;
+    krb5_timestamp ctime;		/* client time, seconds portion */
+    krb5_int32 cusec;			/* client time, microseconds portion */
+    krb5_keyblock *subkey;		/* true session key, optional */
+    krb5_int32 seq_number;		/* sequence #, optional */
+} krb5_ap_rep_enc_part;
+
+typedef struct _krb5_response {
+    krb5_magic magic;
+    krb5_octet message_type;
+    krb5_data response;
+} krb5_response;
+
+typedef struct _krb5_safe {
+    krb5_magic magic;
+    krb5_data user_data;		/* user data */
+    krb5_timestamp timestamp;		/* client time, optional */
+    krb5_int32 usec;			/* microsecond portion of time,
+					   optional */
+    krb5_int32 seq_number;		/* sequence #, optional */
+    krb5_address *s_address;		/* sender address */
+    krb5_address *r_address;		/* recipient address, optional */
+    krb5_checksum *checksum;		/* data integrity checksum */
+} krb5_safe;
+
+typedef struct _krb5_priv {
+    krb5_magic magic;
+    krb5_enc_data enc_part;		/* encrypted part */
+} krb5_priv;
+
+typedef struct _krb5_priv_enc_part {
+    krb5_magic magic;
+    krb5_data user_data;		/* user data */
+    krb5_timestamp timestamp;		/* client time, optional */
+    krb5_int32 usec;			/* microsecond portion of time, opt. */
+    krb5_int32 seq_number;		/* sequence #, optional */
+    krb5_address *s_address;		/* sender address */
+    krb5_address *r_address;		/* recipient address, optional */
+} krb5_priv_enc_part;
+
+typedef struct _krb5_cred_info {
+    krb5_magic magic;
+    krb5_keyblock* session;             /* session key used to encrypt */
+					/* ticket */
+    krb5_principal client;              /* client name/realm, optional */
+    krb5_principal server;              /* server name/realm, optional */
+    krb5_flags flags;			/* ticket flags, optional */
+    krb5_ticket_times times;		/* auth, start, end, renew_till, */
+                                        /* optional */
+    krb5_address **caddrs;		/* array of ptrs to addresses */
+} krb5_cred_info;
+
+typedef struct _krb5_cred_enc_part {
+    krb5_magic magic;
+    krb5_int32 nonce;                   /* nonce, optional */
+    krb5_timestamp timestamp;           /* client time */
+    krb5_int32 usec;                    /* microsecond portion of time */
+    krb5_address *s_address;            /* sender address, optional */
+    krb5_address *r_address;            /* recipient address, optional */
+    krb5_cred_info **ticket_info;
+} krb5_cred_enc_part;    
+
+typedef struct _krb5_cred {
+    krb5_magic magic;
+    krb5_ticket **tickets;		/* tickets */
+    krb5_enc_data enc_part;		/* encrypted part */
+    krb5_cred_enc_part *enc_part2; 	/* unencrypted version, if available*/
+} krb5_cred;
+
+/* Sandia password generation structures */
+typedef struct _passwd_phrase_element {
+    krb5_magic magic;
+    krb5_data *passwd;
+    krb5_data *phrase;
+} passwd_phrase_element;
+
+typedef struct _krb5_pwd_data {
+    krb5_magic magic;
+    int sequence_count;
+    passwd_phrase_element **element;
+} krb5_pwd_data;
+
+/* these need to be here so the typedefs are available for the prototypes */
+#include "safepriv.h"
+#include "ccache.h"
+#include "rcache.h"
+#include "keytab.h"
+#include "func-proto.h"
+#include "k5-free.h"
+
+/* The name of the Kerberos ticket granting service... and its size */
+#define	KRB5_TGS_NAME		"krbtgt"
+#define KRB5_TGS_NAME_SIZE	6
+
+/* flags for recvauth */
+#define KRB5_RECVAUTH_SKIP_VERSION	0x0001
+#define KRB5_RECVAUTH_BADAUTHVERS	0x0002
+
+#endif /* KRB5_GENERAL__ */