From be4e9d973c2717872663010c9c02f8bc75cb18a5 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sat, 14 Nov 2009 18:56:43 +0000 Subject: Reindent include directory, reformatting prototypes as necessary. Exclude include/gssrpc due to its Sun origin and k5-platform.h due to macros too hairy for emacs c-mode to handle. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23180 dc483132-0cff-0310-8789-dd5450dbe970 --- src/Makefile.in | 3 + src/include/CredentialsCache.h | 589 +++--- src/include/CredentialsCache2.h | 111 +- src/include/adm.h | 275 +-- src/include/adm_proto.h | 114 +- src/include/cm.h | 25 +- src/include/copyright.h | 1 + src/include/fake-addrinfo.h | 121 +- src/include/foreachaddr.h | 13 +- src/include/gssapi.h | 1 + src/include/iprop.h | 237 +-- src/include/iprop_hdr.h | 25 +- src/include/k5-buf.h | 2 +- src/include/k5-err.h | 19 +- src/include/k5-gmt_mktime.h | 3 +- src/include/k5-int-pkinit.h | 249 +-- src/include/k5-int.h | 3240 ++++++++++++++++----------------- src/include/k5-ipc_stream.h | 29 +- src/include/k5-platform.h | 285 +-- src/include/k5-plugin.h | 13 +- src/include/k5-thread.h | 327 ++-- src/include/k5-unicode.h | 11 +- src/include/k5-utf8.h | 105 +- src/include/k5-util.h | 21 +- src/include/kdb.h | 779 ++++---- src/include/kdb_ext.h | 89 +- src/include/kdb_kt.h | 1 + src/include/kdb_log.h | 117 +- src/include/kim/kim.h | 1 + src/include/kim/kim_ccache.h | 25 +- src/include/kim/kim_credential.h | 3 +- src/include/kim/kim_identity.h | 35 +- src/include/kim/kim_library.h | 1 + src/include/kim/kim_options.h | 1 + src/include/kim/kim_preferences.h | 35 +- src/include/kim/kim_selection_hints.h | 25 +- src/include/kim/kim_string.h | 3 +- src/include/kim/kim_types.h | 1 + src/include/kim/kim_ui_plugin.h | 3 +- src/include/krb5.h | 1 + src/include/krb5/authdata_plugin.h | 203 ++- src/include/krb5/krb5.hin | 2940 ++++++++++++++---------------- src/include/krb5/locate_plugin.h | 13 +- src/include/krb5/preauth_plugin.h | 221 ++- src/include/osconf.hin | 76 +- src/include/pkinit_apple_utils.h | 39 +- src/include/pkinit_asn1.h | 85 +- src/include/pkinit_cert_store.h | 41 +- src/include/pkinit_client.h | 41 +- src/include/pkinit_cms.h | 65 +- src/include/port-sockets.h | 127 +- src/include/socket-utils.h | 1 + src/include/spnego-asn1.h | 19 +- src/include/win-mac.h | 31 +- 54 files changed, 5219 insertions(+), 5622 deletions(-) diff --git a/src/Makefile.in b/src/Makefile.in index 92969b35b5..7d6e05eb8a 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -662,6 +662,7 @@ PYTHON = python INDENTDIRS = \ clients \ + include \ kadmin \ kdc \ lib/kadm5 \ @@ -684,6 +685,8 @@ BSDFILES = \ slave/kpropd_rpc.c OTHEREXCLUDES = \ + include/k5-platform.h \ + include/gssrpc \ lib/krb5/asn.1/asn1_decode.h \ lib/krb5/asn.1/asn1_encode.h \ lib/krb5/asn.1/asn1_k_encode.c \ diff --git a/src/include/CredentialsCache.h b/src/include/CredentialsCache.h index 656b436255..75c4ce7642 100644 --- a/src/include/CredentialsCache.h +++ b/src/include/CredentialsCache.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * $Header$ * @@ -57,7 +58,7 @@ extern "C" { #endif #if defined(_WIN32) -#define CCACHE_API __declspec(dllexport) +#define CCACHE_API __declspec(dllexport) #if _INTEGRAL_MAX_BITS >= 64 && _MSC_VER >= 1500 && !defined(_WIN64) && !defined(_USE_32BIT_TIME_T) #if defined(_TIME_T_DEFINED) || defined(_INC_IO) || defined(_INC_TIME) || defined(_INC_WCHAR) @@ -268,7 +269,7 @@ enum { ccErrInvalidCCache, /*!< CCache is invalid (e.g., it was released or destroyed). */ /* 206 */ - ccErrInvalidString, /*!< String is invalid (e.g., it was released). */ + ccErrInvalidString, /*!< String is invalid (e.g., it was released). */ ccErrInvalidCredentials, /*!< Credentials are invalid (e.g., they were released), or they have a bad version. */ ccErrInvalidCCacheIterator, /*!< CCache iterator is invalid (e.g., it was released). */ ccErrInvalidCredentialsIterator, /*!< Credentials iterator is invalid (e.g., it was released). */ @@ -282,7 +283,7 @@ enum { ccErrContextUnlocked, /*!< Context is not locked by the caller. */ /* 216 */ - ccErrCCacheLocked, /*!< CCache is already locked. */ + ccErrCCacheLocked, /*!< CCache is already locked. */ ccErrCCacheUnlocked, /*!< CCache is not locked by the caller. */ ccErrBadLockType, /*!< Bad lock type. */ ccErrNeverDefault, /*!< CCache was never default. */ @@ -359,7 +360,7 @@ enum cc_lock_modes { enum { /* Make sure all of these are multiples of four (for alignment sanity) */ cc_v4_name_size = 40, - cc_v4_instance_size = 40, + cc_v4_instance_size = 40, cc_v4_realm_size = 40, cc_v4_ticket_size = 1254, cc_v4_key_size = 8 @@ -552,11 +553,11 @@ typedef struct cc_credentials_v4_t cc_credentials_v4_t; */ struct cc_data { /*! The type of the data as defined by the krb5_data structure. */ - cc_uint32 type; + cc_uint32 type; /*! The length of \a data. */ - cc_uint32 length; + cc_uint32 length; /*! The data buffer. */ - void* data; + void* data; }; typedef struct cc_data cc_data; @@ -599,14 +600,14 @@ typedef struct cc_credentials_v5_t cc_credentials_v5_t; struct cc_credentials_union { /*! The credentials version of this credentials object. */ - cc_uint32 version; + cc_uint32 version; /*! The credentials. */ union { - /*! If \a version is #cc_credentials_v4, a pointer to a cc_credentials_v4_t. */ - cc_credentials_v4_t* credentials_v4; - /*! If \a version is #cc_credentials_v5, a pointer to a cc_credentials_v5_t. */ - cc_credentials_v5_t* credentials_v5; - } credentials; + /*! If \a version is #cc_credentials_v4, a pointer to a cc_credentials_v4_t. */ + cc_credentials_v4_t* credentials_v4; + /*! If \a version is #cc_credentials_v5, a pointer to a cc_credentials_v5_t. */ + cc_credentials_v5_t* credentials_v5; + } credentials; }; typedef struct cc_credentials_union cc_credentials_union; @@ -756,224 +757,224 @@ struct cc_context_f { const char *in_name, cc_ccache_t *out_ccache); - /*! - * \param in_context the context object for the cache collection. - * \param out_ccache on exit, a ccache object for the default ccache - * \return On success, #ccNoError. If no default ccache exists, - * #ccErrCCacheNotFound. On failure, an error code representing the failure. - * \brief \b cc_context_open_default_ccache(): Open the default ccache. - * - * Opens the default ccache. It returns a reference to the ccache in *ccache. - * - * This function performs the same function as calling - * cc_context_get_default_ccache_name followed by cc_context_open_ccache, - * but it performs it atomically. - */ + /*! + * \param in_context the context object for the cache collection. + * \param out_ccache on exit, a ccache object for the default ccache + * \return On success, #ccNoError. If no default ccache exists, + * #ccErrCCacheNotFound. On failure, an error code representing the failure. + * \brief \b cc_context_open_default_ccache(): Open the default ccache. + * + * Opens the default ccache. It returns a reference to the ccache in *ccache. + * + * This function performs the same function as calling + * cc_context_get_default_ccache_name followed by cc_context_open_ccache, + * but it performs it atomically. + */ cc_int32 (*open_default_ccache) (cc_context_t in_context, cc_ccache_t *out_ccache); - /*! - * \param in_context the context object for the cache collection. - * \param in_name the name of the new ccache to create - * \param in_cred_vers the version of the credentials the new ccache will hold - * \param in_principal the client principal of the credentials the new ccache will hold - * \param out_ccache on exit, a ccache object for the newly created ccache - * \return On success, #ccNoError. On failure, an error code representing the failure. - * \brief \b cc_context_create_ccache(): Create a new ccache. - * - * Create a new credentials cache. The ccache is uniquely identified by its name. - * The principal given is also associated with the ccache and the credentials - * version specified. A NULL name is not allowed (and ccErrBadName is returned - * if one is passed in). Only cc_credentials_v4 and cc_credentials_v5 are valid - * input values for cred_vers. If you want to create a new ccache that will hold - * both versions of credentials, call cc_context_create_ccache() with one version, - * and then cc_ccache_set_principal() with the other version. - * - * If you want to create a new ccache (with a unique name), you should use - * cc_context_create_new_ccache() instead. If you want to create or reinitialize - * the default cache, you should use cc_context_create_default_ccache(). - * - * If name is non-NULL and there is already a ccache named name: - * - * \li the credentials in the ccache whose version is cred_vers are removed - * \li the principal (of the existing ccache) associated with cred_vers is set to principal - * \li a handle for the existing ccache is returned and all existing handles for the ccache remain valid - * - * If no ccache named name already exists: - * - * \li a new empty ccache is created - * \li the principal of the new ccache associated with cred_vers is set to principal - * \li a handle for the new ccache is returned - * - * For a new ccache, the name should be any unique string. The name is not - * intended to be presented to users. - * - * If the created ccache is the first ccache in the collection, it is made - * the default ccache. Note that normally it is undesirable to create the first - * ccache with a name different from the default ccache name (as returned by - * cc_context_get_default_ccache_name()); see the description of - * cc_context_get_default_ccache_name() for details. - * - * The principal should be a C string containing an unparsed Kerberos principal - * in the format of the appropriate Kerberos version, i.e. \verbatim foo.bar/@BAZ - * \endverbatim for Kerberos v4 and \verbatim foo/bar/@BAZ \endverbatim - * for Kerberos v5. - */ - cc_int32 (*create_ccache) (cc_context_t in_context, + /*! + * \param in_context the context object for the cache collection. + * \param in_name the name of the new ccache to create + * \param in_cred_vers the version of the credentials the new ccache will hold + * \param in_principal the client principal of the credentials the new ccache will hold + * \param out_ccache on exit, a ccache object for the newly created ccache + * \return On success, #ccNoError. On failure, an error code representing the failure. + * \brief \b cc_context_create_ccache(): Create a new ccache. + * + * Create a new credentials cache. The ccache is uniquely identified by its name. + * The principal given is also associated with the ccache and the credentials + * version specified. A NULL name is not allowed (and ccErrBadName is returned + * if one is passed in). Only cc_credentials_v4 and cc_credentials_v5 are valid + * input values for cred_vers. If you want to create a new ccache that will hold + * both versions of credentials, call cc_context_create_ccache() with one version, + * and then cc_ccache_set_principal() with the other version. + * + * If you want to create a new ccache (with a unique name), you should use + * cc_context_create_new_ccache() instead. If you want to create or reinitialize + * the default cache, you should use cc_context_create_default_ccache(). + * + * If name is non-NULL and there is already a ccache named name: + * + * \li the credentials in the ccache whose version is cred_vers are removed + * \li the principal (of the existing ccache) associated with cred_vers is set to principal + * \li a handle for the existing ccache is returned and all existing handles for the ccache remain valid + * + * If no ccache named name already exists: + * + * \li a new empty ccache is created + * \li the principal of the new ccache associated with cred_vers is set to principal + * \li a handle for the new ccache is returned + * + * For a new ccache, the name should be any unique string. The name is not + * intended to be presented to users. + * + * If the created ccache is the first ccache in the collection, it is made + * the default ccache. Note that normally it is undesirable to create the first + * ccache with a name different from the default ccache name (as returned by + * cc_context_get_default_ccache_name()); see the description of + * cc_context_get_default_ccache_name() for details. + * + * The principal should be a C string containing an unparsed Kerberos principal + * in the format of the appropriate Kerberos version, i.e. \verbatim foo.bar/@BAZ + * \endverbatim for Kerberos v4 and \verbatim foo/bar/@BAZ \endverbatim + * for Kerberos v5. + */ + cc_int32 (*create_ccache) (cc_context_t in_context, const char *in_name, cc_uint32 in_cred_vers, const char *in_principal, cc_ccache_t *out_ccache); - /*! - * \param in_context the context object for the cache collection. - * \param in_cred_vers the version of the credentials the new default ccache will hold - * \param in_principal the client principal of the credentials the new default ccache will hold - * \param out_ccache on exit, a ccache object for the newly created default ccache - * \return On success, #ccNoError. On failure, an error code representing the failure. - * \brief \b cc_context_create_default_ccache(): Create a new default ccache. - * - * Create the default credentials cache. The behavior of this function is - * similar to that of cc_create_ccache(). If there is a default ccache - * (which is always the case except when there are no ccaches at all in - * the collection), it is initialized with the specified credentials version - * and principal, as per cc_create_ccache(); otherwise, a new ccache is - * created, and its name is the name returned by - * cc_context_get_default_ccache_name(). - */ - cc_int32 (*create_default_ccache) (cc_context_t in_context, + /*! + * \param in_context the context object for the cache collection. + * \param in_cred_vers the version of the credentials the new default ccache will hold + * \param in_principal the client principal of the credentials the new default ccache will hold + * \param out_ccache on exit, a ccache object for the newly created default ccache + * \return On success, #ccNoError. On failure, an error code representing the failure. + * \brief \b cc_context_create_default_ccache(): Create a new default ccache. + * + * Create the default credentials cache. The behavior of this function is + * similar to that of cc_create_ccache(). If there is a default ccache + * (which is always the case except when there are no ccaches at all in + * the collection), it is initialized with the specified credentials version + * and principal, as per cc_create_ccache(); otherwise, a new ccache is + * created, and its name is the name returned by + * cc_context_get_default_ccache_name(). + */ + cc_int32 (*create_default_ccache) (cc_context_t in_context, cc_uint32 in_cred_vers, const char *in_principal, cc_ccache_t *out_ccache); - /*! - * \param in_context the context object for the cache collection. - * \param in_cred_vers the version of the credentials the new ccache will hold - * \param in_principal the client principal of the credentials the new ccache will hold - * \param out_ccache on exit, a ccache object for the newly created ccache - * \return On success, #ccNoError. On failure, an error code representing the failure. - * \brief \b cc_context_create_new_ccache(): Create a new uniquely named ccache. - * - * Create a new unique credentials cache. The behavior of this function - * is similar to that of cc_create_ccache(). If there are no ccaches, and - * therefore no default ccache, the new ccache is created with the default - * ccache name as would be returned by get_default_ccache_name(). If there - * are some ccaches, and therefore there is a default ccache, the new ccache - * is created with a new unique name. Clearly, this function never reinitializes - * a ccache, since it always uses a unique name. - */ - cc_int32 (*create_new_ccache) (cc_context_t in_context, + /*! + * \param in_context the context object for the cache collection. + * \param in_cred_vers the version of the credentials the new ccache will hold + * \param in_principal the client principal of the credentials the new ccache will hold + * \param out_ccache on exit, a ccache object for the newly created ccache + * \return On success, #ccNoError. On failure, an error code representing the failure. + * \brief \b cc_context_create_new_ccache(): Create a new uniquely named ccache. + * + * Create a new unique credentials cache. The behavior of this function + * is similar to that of cc_create_ccache(). If there are no ccaches, and + * therefore no default ccache, the new ccache is created with the default + * ccache name as would be returned by get_default_ccache_name(). If there + * are some ccaches, and therefore there is a default ccache, the new ccache + * is created with a new unique name. Clearly, this function never reinitializes + * a ccache, since it always uses a unique name. + */ + cc_int32 (*create_new_ccache) (cc_context_t in_context, cc_uint32 in_cred_vers, const char *in_principal, cc_ccache_t *out_ccache); - /*! - * \param in_context the context object for the cache collection. - * \param out_iterator on exit, a ccache iterator object for the ccache collection. - * \return On success, #ccNoError. On failure, an error code representing the failure. - * \brief \b cc_context_new_ccache_iterator(): Get an iterator for the cache collection. - * - * Used to allocate memory and initialize iterator. Successive calls to iterator's - * next() function will return ccaches in the collection. - * - * If changes are made to the collection while an iterator is being used - * on it, the iterator must return at least the intersection, and at most - * the union, of the set of ccaches that were present when the iteration - * began and the set of ccaches that are present when it ends. - */ - cc_int32 (*new_ccache_iterator) (cc_context_t in_context, + /*! + * \param in_context the context object for the cache collection. + * \param out_iterator on exit, a ccache iterator object for the ccache collection. + * \return On success, #ccNoError. On failure, an error code representing the failure. + * \brief \b cc_context_new_ccache_iterator(): Get an iterator for the cache collection. + * + * Used to allocate memory and initialize iterator. Successive calls to iterator's + * next() function will return ccaches in the collection. + * + * If changes are made to the collection while an iterator is being used + * on it, the iterator must return at least the intersection, and at most + * the union, of the set of ccaches that were present when the iteration + * began and the set of ccaches that are present when it ends. + */ + cc_int32 (*new_ccache_iterator) (cc_context_t in_context, cc_ccache_iterator_t *out_iterator); - /*! - * \param in_context the context object for the cache collection. - * \param in_lock_type the type of lock to obtain. - * \param in_block whether or not the function should block if the lock cannot be obtained immediately. - * \return On success, #ccNoError. On failure, an error code representing the failure. - * \brief \b cc_context_lock(): Lock the cache collection. - * - * Attempts to acquire an advisory lock for the ccache collection. Allowed values - * for lock_type are: - * - * \li cc_lock_read: a read lock. - * \li cc_lock_write: a write lock - * \li cc_lock_upgrade: upgrade an already-obtained read lock to a write lock - * \li cc_lock_downgrade: downgrade an already-obtained write lock to a read lock - * - * If block is cc_lock_block, lock() will not return until the lock is acquired. - * If block is cc_lock_noblock, lock() will return immediately, either acquiring - * the lock and returning ccNoError, or failing to acquire the lock and returning - * an error explaining why. - * - * Locks apply only to the list of ccaches, not the contents of those ccaches. To - * prevent callers participating in the advisory locking from changing the credentials - * in a cache you must also lock that ccache with cc_ccache_lock(). This is so - * that you can get the list of ccaches without preventing applications from - * simultaneously obtaining service tickets. - * - * To avoid having to deal with differences between thread semantics on different - * platforms, locks are granted per context, rather than per thread or per process. - * That means that different threads of execution have to acquire separate contexts - * in order to be able to synchronize with each other. - * - * The lock should be unlocked by using cc_context_unlock(). - * - * \note All locks are advisory. For example, callers which do not call - * cc_context_lock() and cc_context_unlock() will not be prevented from writing - * to the cache collection when you have a read lock. This is because the CCAPI - * locking was added after the first release and thus adding mandatory locks would - * have changed the user experience and performance of existing applications. - */ - cc_int32 (*lock) (cc_context_t in_context, + /*! + * \param in_context the context object for the cache collection. + * \param in_lock_type the type of lock to obtain. + * \param in_block whether or not the function should block if the lock cannot be obtained immediately. + * \return On success, #ccNoError. On failure, an error code representing the failure. + * \brief \b cc_context_lock(): Lock the cache collection. + * + * Attempts to acquire an advisory lock for the ccache collection. Allowed values + * for lock_type are: + * + * \li cc_lock_read: a read lock. + * \li cc_lock_write: a write lock + * \li cc_lock_upgrade: upgrade an already-obtained read lock to a write lock + * \li cc_lock_downgrade: downgrade an already-obtained write lock to a read lock + * + * If block is cc_lock_block, lock() will not return until the lock is acquired. + * If block is cc_lock_noblock, lock() will return immediately, either acquiring + * the lock and returning ccNoError, or failing to acquire the lock and returning + * an error explaining why. + * + * Locks apply only to the list of ccaches, not the contents of those ccaches. To + * prevent callers participating in the advisory locking from changing the credentials + * in a cache you must also lock that ccache with cc_ccache_lock(). This is so + * that you can get the list of ccaches without preventing applications from + * simultaneously obtaining service tickets. + * + * To avoid having to deal with differences between thread semantics on different + * platforms, locks are granted per context, rather than per thread or per process. + * That means that different threads of execution have to acquire separate contexts + * in order to be able to synchronize with each other. + * + * The lock should be unlocked by using cc_context_unlock(). + * + * \note All locks are advisory. For example, callers which do not call + * cc_context_lock() and cc_context_unlock() will not be prevented from writing + * to the cache collection when you have a read lock. This is because the CCAPI + * locking was added after the first release and thus adding mandatory locks would + * have changed the user experience and performance of existing applications. + */ + cc_int32 (*lock) (cc_context_t in_context, cc_uint32 in_lock_type, cc_uint32 in_block); - /*! - * \param in_context the context object for the cache collection. - * \return On success, #ccNoError. On failure, an error code representing the failure. - * \brief \b cc_context_unlock(): Unlock the cache collection. - */ - cc_int32 (*unlock) (cc_context_t in_cc_context); - - /*! - * \param in_context a context object. - * \param in_compare_to_context a context object to compare with \a in_context. - * \param out_equal on exit, whether or not the two contexts refer to the same cache collection. - * \return On success, #ccNoError. On failure, an error code representing the failure. - * \brief \b cc_context_compare(): Compare two context objects. - */ - cc_int32 (*compare) (cc_context_t in_cc_context, - cc_context_t in_compare_to_context, - cc_uint32 *out_equal); - - /*! - * \param in_context a context object. - * \return On success, #ccNoError. On failure, an error code representing the failure. - * \brief \b cc_context_wait_for_change(): Wait for the next change in the cache collection. - * - * This function blocks until the next change is made to the cache collection - * ccache collection. By repeatedly calling cc_context_wait_for_change() from - * a worker thread the caller can effectively receive callbacks whenever the - * cache collection changes. This is considerably more efficient than polling - * with cc_context_get_change_time(). - * - * cc_context_wait_for_change() will return whenever: - * - * \li a ccache is created - * \li a ccache is destroyed - * \li a credential is stored - * \li a credential is removed - * \li a ccache principal is changed - * \li the default ccache is changed - * - * \note In order to make sure that the caller doesn't miss any changes, - * cc_context_wait_for_change() always returns immediately after the first time it - * is called on a new context object. Callers must use the same context object - * for successive calls to cc_context_wait_for_change() rather than creating a new - * context for every call. - * - * \sa get_change_time - */ - cc_int32 (*wait_for_change) (cc_context_t in_cc_context); + /*! + * \param in_context the context object for the cache collection. + * \return On success, #ccNoError. On failure, an error code representing the failure. + * \brief \b cc_context_unlock(): Unlock the cache collection. + */ + cc_int32 (*unlock) (cc_context_t in_cc_context); + + /*! + * \param in_context a context object. + * \param in_compare_to_context a context object to compare with \a in_context. + * \param out_equal on exit, whether or not the two contexts refer to the same cache collection. + * \return On success, #ccNoError. On failure, an error code representing the failure. + * \brief \b cc_context_compare(): Compare two context objects. + */ + cc_int32 (*compare) (cc_context_t in_cc_context, + cc_context_t in_compare_to_context, + cc_uint32 *out_equal); + + /*! + * \param in_context a context object. + * \return On success, #ccNoError. On failure, an error code representing the failure. + * \brief \b cc_context_wait_for_change(): Wait for the next change in the cache collection. + * + * This function blocks until the next change is made to the cache collection + * ccache collection. By repeatedly calling cc_context_wait_for_change() from + * a worker thread the caller can effectively receive callbacks whenever the + * cache collection changes. This is considerably more efficient than polling + * with cc_context_get_change_time(). + * + * cc_context_wait_for_change() will return whenever: + * + * \li a ccache is created + * \li a ccache is destroyed + * \li a credential is stored + * \li a credential is removed + * \li a ccache principal is changed + * \li the default ccache is changed + * + * \note In order to make sure that the caller doesn't miss any changes, + * cc_context_wait_for_change() always returns immediately after the first time it + * is called on a new context object. Callers must use the same context object + * for successive calls to cc_context_wait_for_change() rather than creating a new + * context for every call. + * + * \sa get_change_time + */ + cc_int32 (*wait_for_change) (cc_context_t in_cc_context); }; /*! @@ -1462,136 +1463,136 @@ CCACHE_API cc_int32 cc_initialize (cc_context_t *out_context, * @{ */ /*! Helper macro for cc_context_f release() */ -#define cc_context_release(context) \ - ((context) -> functions -> release (context)) +#define cc_context_release(context) \ + ((context) -> functions -> release (context)) /*! Helper macro for cc_context_f get_change_time() */ -#define cc_context_get_change_time(context, change_time) \ - ((context) -> functions -> get_change_time (context, change_time)) +#define cc_context_get_change_time(context, change_time) \ + ((context) -> functions -> get_change_time (context, change_time)) /*! Helper macro for cc_context_f get_default_ccache_name() */ -#define cc_context_get_default_ccache_name(context, name) \ - ((context) -> functions -> get_default_ccache_name (context, name)) +#define cc_context_get_default_ccache_name(context, name) \ + ((context) -> functions -> get_default_ccache_name (context, name)) /*! Helper macro for cc_context_f open_ccache() */ -#define cc_context_open_ccache(context, name, ccache) \ - ((context) -> functions -> open_ccache (context, name, ccache)) +#define cc_context_open_ccache(context, name, ccache) \ + ((context) -> functions -> open_ccache (context, name, ccache)) /*! Helper macro for cc_context_f open_default_ccache() */ -#define cc_context_open_default_ccache(context, ccache) \ - ((context) -> functions -> open_default_ccache (context, ccache)) +#define cc_context_open_default_ccache(context, ccache) \ + ((context) -> functions -> open_default_ccache (context, ccache)) /*! Helper macro for cc_context_f create_ccache() */ -#define cc_context_create_ccache(context, name, version, principal, ccache) \ - ((context) -> functions -> create_ccache (context, name, version, principal, ccache)) +#define cc_context_create_ccache(context, name, version, principal, ccache) \ + ((context) -> functions -> create_ccache (context, name, version, principal, ccache)) /*! Helper macro for cc_context_f create_default_ccache() */ -#define cc_context_create_default_ccache(context, version, principal, ccache) \ - ((context) -> functions -> create_default_ccache (context, version, principal, ccache)) +#define cc_context_create_default_ccache(context, version, principal, ccache) \ + ((context) -> functions -> create_default_ccache (context, version, principal, ccache)) /*! Helper macro for cc_context_f create_new_ccache() */ -#define cc_context_create_new_ccache(context, version, principal, ccache) \ - ((context) -> functions -> create_new_ccache (context, version, principal, ccache)) +#define cc_context_create_new_ccache(context, version, principal, ccache) \ + ((context) -> functions -> create_new_ccache (context, version, principal, ccache)) /*! Helper macro for cc_context_f new_ccache_iterator() */ -#define cc_context_new_ccache_iterator(context, iterator) \ - ((context) -> functions -> new_ccache_iterator (context, iterator)) +#define cc_context_new_ccache_iterator(context, iterator) \ + ((context) -> functions -> new_ccache_iterator (context, iterator)) /*! Helper macro for cc_context_f lock() */ -#define cc_context_lock(context, type, block) \ - ((context) -> functions -> lock (context, type, block)) +#define cc_context_lock(context, type, block) \ + ((context) -> functions -> lock (context, type, block)) /*! Helper macro for cc_context_f unlock() */ -#define cc_context_unlock(context) \ - ((context) -> functions -> unlock (context)) +#define cc_context_unlock(context) \ + ((context) -> functions -> unlock (context)) /*! Helper macro for cc_context_f compare() */ -#define cc_context_compare(context, compare_to, equal) \ - ((context) -> functions -> compare (context, compare_to, equal)) +#define cc_context_compare(context, compare_to, equal) \ + ((context) -> functions -> compare (context, compare_to, equal)) /*! Helper macro for cc_context_f wait_for_change() */ -#define cc_context_wait_for_change(context) \ - ((context) -> functions -> wait_for_change (context)) +#define cc_context_wait_for_change(context) \ + ((context) -> functions -> wait_for_change (context)) /*! Helper macro for cc_ccache_f release() */ -#define cc_ccache_release(ccache) \ - ((ccache) -> functions -> release (ccache)) +#define cc_ccache_release(ccache) \ + ((ccache) -> functions -> release (ccache)) /*! Helper macro for cc_ccache_f destroy() */ -#define cc_ccache_destroy(ccache) \ - ((ccache) -> functions -> destroy (ccache)) +#define cc_ccache_destroy(ccache) \ + ((ccache) -> functions -> destroy (ccache)) /*! Helper macro for cc_ccache_f set_default() */ -#define cc_ccache_set_default(ccache) \ - ((ccache) -> functions -> set_default (ccache)) +#define cc_ccache_set_default(ccache) \ + ((ccache) -> functions -> set_default (ccache)) /*! Helper macro for cc_ccache_f get_credentials_version() */ -#define cc_ccache_get_credentials_version(ccache, version) \ - ((ccache) -> functions -> get_credentials_version (ccache, version)) +#define cc_ccache_get_credentials_version(ccache, version) \ + ((ccache) -> functions -> get_credentials_version (ccache, version)) /*! Helper macro for cc_ccache_f get_name() */ -#define cc_ccache_get_name(ccache, name) \ - ((ccache) -> functions -> get_name (ccache, name)) +#define cc_ccache_get_name(ccache, name) \ + ((ccache) -> functions -> get_name (ccache, name)) /*! Helper macro for cc_ccache_f get_principal() */ -#define cc_ccache_get_principal(ccache, version, principal) \ - ((ccache) -> functions -> get_principal (ccache, version, principal)) +#define cc_ccache_get_principal(ccache, version, principal) \ + ((ccache) -> functions -> get_principal (ccache, version, principal)) /*! Helper macro for cc_ccache_f set_principal() */ -#define cc_ccache_set_principal(ccache, version, principal) \ - ((ccache) -> functions -> set_principal (ccache, version, principal)) +#define cc_ccache_set_principal(ccache, version, principal) \ + ((ccache) -> functions -> set_principal (ccache, version, principal)) /*! Helper macro for cc_ccache_f store_credentials() */ -#define cc_ccache_store_credentials(ccache, credentials) \ - ((ccache) -> functions -> store_credentials (ccache, credentials)) +#define cc_ccache_store_credentials(ccache, credentials) \ + ((ccache) -> functions -> store_credentials (ccache, credentials)) /*! Helper macro for cc_ccache_f remove_credentials() */ -#define cc_ccache_remove_credentials(ccache, credentials) \ - ((ccache) -> functions -> remove_credentials (ccache, credentials)) +#define cc_ccache_remove_credentials(ccache, credentials) \ + ((ccache) -> functions -> remove_credentials (ccache, credentials)) /*! Helper macro for cc_ccache_f new_credentials_iterator() */ -#define cc_ccache_new_credentials_iterator(ccache, iterator) \ - ((ccache) -> functions -> new_credentials_iterator (ccache, iterator)) +#define cc_ccache_new_credentials_iterator(ccache, iterator) \ + ((ccache) -> functions -> new_credentials_iterator (ccache, iterator)) /*! Helper macro for cc_ccache_f lock() */ -#define cc_ccache_lock(ccache, type, block) \ - ((ccache) -> functions -> lock (ccache, type, block)) +#define cc_ccache_lock(ccache, type, block) \ + ((ccache) -> functions -> lock (ccache, type, block)) /*! Helper macro for cc_ccache_f unlock() */ -#define cc_ccache_unlock(ccache) \ - ((ccache) -> functions -> unlock (ccache)) +#define cc_ccache_unlock(ccache) \ + ((ccache) -> functions -> unlock (ccache)) /*! Helper macro for cc_ccache_f get_last_default_time() */ -#define cc_ccache_get_last_default_time(ccache, last_default_time) \ - ((ccache) -> functions -> get_last_default_time (ccache, last_default_time)) +#define cc_ccache_get_last_default_time(ccache, last_default_time) \ + ((ccache) -> functions -> get_last_default_time (ccache, last_default_time)) /*! Helper macro for cc_ccache_f get_change_time() */ -#define cc_ccache_get_change_time(ccache, change_time) \ - ((ccache) -> functions -> get_change_time (ccache, change_time)) +#define cc_ccache_get_change_time(ccache, change_time) \ + ((ccache) -> functions -> get_change_time (ccache, change_time)) /*! Helper macro for cc_ccache_f move() */ -#define cc_ccache_move(source, destination) \ - ((source) -> functions -> move (source, destination)) +#define cc_ccache_move(source, destination) \ + ((source) -> functions -> move (source, destination)) /*! Helper macro for cc_ccache_f compare() */ -#define cc_ccache_compare(ccache, compare_to, equal) \ - ((ccache) -> functions -> compare (ccache, compare_to, equal)) +#define cc_ccache_compare(ccache, compare_to, equal) \ + ((ccache) -> functions -> compare (ccache, compare_to, equal)) /*! Helper macro for cc_ccache_f get_kdc_time_offset() */ -#define cc_ccache_get_kdc_time_offset(ccache, version, time_offset) \ - ((ccache) -> functions -> get_kdc_time_offset (ccache, version, time_offset)) +#define cc_ccache_get_kdc_time_offset(ccache, version, time_offset) \ + ((ccache) -> functions -> get_kdc_time_offset (ccache, version, time_offset)) /*! Helper macro for cc_ccache_f set_kdc_time_offset() */ -#define cc_ccache_set_kdc_time_offset(ccache, version, time_offset) \ - ((ccache) -> functions -> set_kdc_time_offset (ccache, version, time_offset)) +#define cc_ccache_set_kdc_time_offset(ccache, version, time_offset) \ + ((ccache) -> functions -> set_kdc_time_offset (ccache, version, time_offset)) /*! Helper macro for cc_ccache_f clear_kdc_time_offset() */ -#define cc_ccache_clear_kdc_time_offset(ccache, version) \ - ((ccache) -> functions -> clear_kdc_time_offset (ccache, version)) +#define cc_ccache_clear_kdc_time_offset(ccache, version) \ + ((ccache) -> functions -> clear_kdc_time_offset (ccache, version)) /*! Helper macro for cc_ccache_f wait_for_change() */ -#define cc_ccache_wait_for_change(ccache) \ - ((ccache) -> functions -> wait_for_change (ccache)) +#define cc_ccache_wait_for_change(ccache) \ + ((ccache) -> functions -> wait_for_change (ccache)) /*! Helper macro for cc_string_f release() */ -#define cc_string_release(string) \ - ((string) -> functions -> release (string)) +#define cc_string_release(string) \ + ((string) -> functions -> release (string)) /*! Helper macro for cc_credentials_f release() */ -#define cc_credentials_release(credentials) \ - ((credentials) -> functions -> release (credentials)) +#define cc_credentials_release(credentials) \ + ((credentials) -> functions -> release (credentials)) /*! Helper macro for cc_credentials_f compare() */ -#define cc_credentials_compare(credentials, compare_to, equal) \ - ((credentials) -> functions -> compare (credentials, compare_to, equal)) +#define cc_credentials_compare(credentials, compare_to, equal) \ + ((credentials) -> functions -> compare (credentials, compare_to, equal)) /*! Helper macro for cc_ccache_iterator_f release() */ -#define cc_ccache_iterator_release(iterator) \ - ((iterator) -> functions -> release (iterator)) +#define cc_ccache_iterator_release(iterator) \ + ((iterator) -> functions -> release (iterator)) /*! Helper macro for cc_ccache_iterator_f next() */ -#define cc_ccache_iterator_next(iterator, ccache) \ - ((iterator) -> functions -> next (iterator, ccache)) +#define cc_ccache_iterator_next(iterator, ccache) \ + ((iterator) -> functions -> next (iterator, ccache)) /*! Helper macro for cc_ccache_iterator_f clone() */ -#define cc_ccache_iterator_clone(iterator, new_iterator) \ - ((iterator) -> functions -> clone (iterator, new_iterator)) +#define cc_ccache_iterator_clone(iterator, new_iterator) \ + ((iterator) -> functions -> clone (iterator, new_iterator)) /*! Helper macro for cc_credentials_iterator_f release() */ -#define cc_credentials_iterator_release(iterator) \ - ((iterator) -> functions -> release (iterator)) +#define cc_credentials_iterator_release(iterator) \ + ((iterator) -> functions -> release (iterator)) /*! Helper macro for cc_credentials_iterator_f next() */ -#define cc_credentials_iterator_next(iterator, credentials) \ - ((iterator) -> functions -> next (iterator, credentials)) +#define cc_credentials_iterator_next(iterator, credentials) \ + ((iterator) -> functions -> next (iterator, credentials)) /*! Helper macro for cc_credentials_iterator_f clone() */ -#define cc_credentials_iterator_clone(iterator, new_iterator) \ - ((iterator) -> functions -> clone (iterator, new_iterator)) +#define cc_credentials_iterator_clone(iterator, new_iterator) \ + ((iterator) -> functions -> clone (iterator, new_iterator)) /*!@}*/ #if TARGET_OS_MAC diff --git a/src/include/CredentialsCache2.h b/src/include/CredentialsCache2.h index e9ea311cfb..687ff43016 100644 --- a/src/include/CredentialsCache2.h +++ b/src/include/CredentialsCache2.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * $Header$ * @@ -70,19 +71,19 @@ typedef cc_uint32 cc_flags; /* Credentials types are visible to the caller so we have to keep binary compatibility */ typedef struct cc_credentials_v5_compat { - char* client; - char* server; - cc_data_compat keyblock; - cc_time_t authtime; - cc_time_t starttime; - cc_time_t endtime; - cc_time_t renew_till; - cc_uint32 is_skey; - cc_uint32 ticket_flags; - cc_data_compat** addresses; - cc_data_compat ticket; - cc_data_compat second_ticket; - cc_data_compat** authdata; + char* client; + char* server; + cc_data_compat keyblock; + cc_time_t authtime; + cc_time_t starttime; + cc_time_t endtime; + cc_time_t renew_till; + cc_uint32 is_skey; + cc_uint32 ticket_flags; + cc_data_compat** addresses; + cc_data_compat ticket; + cc_data_compat second_ticket; + cc_data_compat** authdata; } cc_credentials_v5_compat; enum { @@ -96,21 +97,21 @@ enum { }; typedef struct cc_credentials_v4_compat { - unsigned char kversion; - char principal[KRB_NAME_SZ+1]; - char principal_instance[KRB_INSTANCE_SZ+1]; - char service[KRB_NAME_SZ+1]; - char service_instance[KRB_INSTANCE_SZ+1]; - char realm[KRB_REALM_SZ+1]; - unsigned char session_key[8]; - cc_int32 kvno; - cc_int32 str_to_key; - long issue_date; - cc_int32 lifetime; - cc_uint32 address; - cc_int32 ticket_sz; - unsigned char ticket[MAX_V4_CRED_LEN]; - unsigned long oops; + unsigned char kversion; + char principal[KRB_NAME_SZ+1]; + char principal_instance[KRB_INSTANCE_SZ+1]; + char service[KRB_NAME_SZ+1]; + char service_instance[KRB_INSTANCE_SZ+1]; + char realm[KRB_REALM_SZ+1]; + unsigned char session_key[8]; + cc_int32 kvno; + cc_int32 str_to_key; + long issue_date; + cc_int32 lifetime; + cc_uint32 address; + cc_int32 ticket_sz; + unsigned char ticket[MAX_V4_CRED_LEN]; + unsigned long oops; } cc_credentials_v4_compat; typedef union cred_ptr_union_compat { @@ -126,9 +127,9 @@ typedef struct cred_union { /* NC info structure is gone in v3 */ struct infoNC { - char* name; - char* principal; - cc_int32 vers; + char* name; + char* principal; + cc_int32 vers; }; typedef struct infoNC infoNC; @@ -180,17 +181,17 @@ enum { CCACHE_API cc_int32 cc_shutdown (apiCB **io_context) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_get_NC_info (apiCB *in_context, infoNC ***out_info) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_get_change_time (apiCB *in_context, cc_time_t *out_change_time) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_open (apiCB *in_context, @@ -198,7 +199,7 @@ cc_open (apiCB *in_context, cc_int32 in_version, cc_uint32 in_flags, ccache_p **out_ccache) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_create (apiCB *in_context, @@ -207,113 +208,113 @@ cc_create (apiCB *in_context, cc_int32 in_version, cc_uint32 in_flags, ccache_p **out_ccache) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_close (apiCB *in_context, ccache_p **ioCCache) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_destroy (apiCB *in_context, ccache_p **io_ccache) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_seq_fetch_NCs_begin (apiCB *in_context, ccache_cit **out_nc_iterator) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_seq_fetch_NCs_next (apiCB *in_context, ccache_p **out_ccache, ccache_cit *in_nc_iterator) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_seq_fetch_NCs_end (apiCB *in_context, ccache_cit **io_nc_iterator) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_get_name (apiCB *in_context, ccache_p *in_ccache, char **out_name) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_get_cred_version (apiCB *in_context, ccache_p *in_ccache, cc_int32 *out_version) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_set_principal (apiCB *in_context, ccache_p *in_ccache, cc_int32 in_version, char *in_principal) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_get_principal (apiCB *in_context, ccache_p *in_ccache, char **out_principal) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_store (apiCB *in_context, ccache_p *in_ccache, cred_union in_credentials) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_remove_cred (apiCB *in_context, ccache_p *in_ccache, cred_union in_credentials) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_seq_fetch_creds_begin (apiCB *in_context, const ccache_p *in_ccache, ccache_cit **out_ccache_iterator) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_seq_fetch_creds_next (apiCB *in_context, cred_union **out_cred_union, ccache_cit *in_ccache_iterator) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_seq_fetch_creds_end (apiCB *in_context, ccache_cit **io_ccache_iterator) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_free_principal (apiCB *in_context, char **io_principal) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_free_name (apiCB *in_context, char **io_name) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_free_creds (apiCB *in_context, cred_union **io_cred_union) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_free_NC_info (apiCB *in_context, infoNC ***io_info) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; CCACHE_API cc_int32 cc_lock_request (apiCB *in_context, const ccache_p *in_ccache, const cc_int32 in_lock_type) -CCAPI_DEPRECATED; + CCAPI_DEPRECATED; #if TARGET_OS_MAC #pragma pack(pop) diff --git a/src/include/adm.h b/src/include/adm.h index 15b42d9ab8..f857d1898b 100644 --- a/src/include/adm.h +++ b/src/include/adm.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * include/krb5/adm.h * @@ -24,38 +25,38 @@ * or implied warranty. * */ -#ifndef KRB5_ADM_H__ -#define KRB5_ADM_H__ +#ifndef KRB5_ADM_H__ +#define KRB5_ADM_H__ /* * Kerberos V5 Change Password service name */ -#define KRB5_ADM_SERVICE_NAME "kpasswd" -#define KRB5_ADM_DEFAULT_PORT 464 +#define KRB5_ADM_SERVICE_NAME "kpasswd" +#define KRB5_ADM_DEFAULT_PORT 464 #define KRB5_ADM_SERVICE_INSTANCE "changepw" /* * Maximum password length. */ -#define KRB5_ADM_MAX_PASSWORD_LEN 512 +#define KRB5_ADM_MAX_PASSWORD_LEN 512 /* * Protocol command strings. */ -#define KRB5_ADM_QUIT_CMD "QUIT" -#define KRB5_ADM_CHECKPW_CMD "CHECKPW" -#define KRB5_ADM_CHANGEPW_CMD "CHANGEPW" -#define KRB5_ADM_MOTD_CMD "MOTD" -#define KRB5_ADM_MIME_CMD "MIME" -#define KRB5_ADM_LANGUAGE_CMD "LANGUAGE" +#define KRB5_ADM_QUIT_CMD "QUIT" +#define KRB5_ADM_CHECKPW_CMD "CHECKPW" +#define KRB5_ADM_CHANGEPW_CMD "CHANGEPW" +#define KRB5_ADM_MOTD_CMD "MOTD" +#define KRB5_ADM_MIME_CMD "MIME" +#define KRB5_ADM_LANGUAGE_CMD "LANGUAGE" -#define KRB5_ADM_ADD_PRINC_CMD "ADD-PRINCIPAL" -#define KRB5_ADM_DEL_PRINC_CMD "DELETE-PRINCIPAL" -#define KRB5_ADM_REN_PRINC_CMD "RENAME-PRINCIPAL" -#define KRB5_ADM_MOD_PRINC_CMD "MODIFY-PRINCIPAL" -#define KRB5_ADM_INQ_PRINC_CMD "INQUIRE-PRINCIPAL" -#define KRB5_ADM_EXT_KEY_CMD "EXTRACT-KEY" +#define KRB5_ADM_ADD_PRINC_CMD "ADD-PRINCIPAL" +#define KRB5_ADM_DEL_PRINC_CMD "DELETE-PRINCIPAL" +#define KRB5_ADM_REN_PRINC_CMD "RENAME-PRINCIPAL" +#define KRB5_ADM_MOD_PRINC_CMD "MODIFY-PRINCIPAL" +#define KRB5_ADM_INQ_PRINC_CMD "INQUIRE-PRINCIPAL" +#define KRB5_ADM_EXT_KEY_CMD "EXTRACT-KEY" /* * Protocol command strings for the current version of the admin @@ -73,118 +74,118 @@ /* * Reply status values. */ -#define KRB5_ADM_SUCCESS 0 -#define KRB5_ADM_CMD_UNKNOWN 1 -#define KRB5_ADM_PW_UNACCEPT 2 -#define KRB5_ADM_BAD_PW 3 -#define KRB5_ADM_NOT_IN_TKT 4 -#define KRB5_ADM_CANT_CHANGE 5 -#define KRB5_ADM_LANG_NOT_SUPPORTED 6 +#define KRB5_ADM_SUCCESS 0 +#define KRB5_ADM_CMD_UNKNOWN 1 +#define KRB5_ADM_PW_UNACCEPT 2 +#define KRB5_ADM_BAD_PW 3 +#define KRB5_ADM_NOT_IN_TKT 4 +#define KRB5_ADM_CANT_CHANGE 5 +#define KRB5_ADM_LANG_NOT_SUPPORTED 6 -#define KRB5_ADM_P_ALREADY_EXISTS 64 -#define KRB5_ADM_P_DOES_NOT_EXIST 65 -#define KRB5_ADM_NOT_AUTHORIZED 66 -#define KRB5_ADM_BAD_OPTION 67 -#define KRB5_ADM_VALUE_REQUIRED 68 -#define KRB5_ADM_SYSTEM_ERROR 69 -#define KRB5_ADM_KEY_DOES_NOT_EXIST 70 -#define KRB5_ADM_KEY_ALREADY_EXISTS 71 +#define KRB5_ADM_P_ALREADY_EXISTS 64 +#define KRB5_ADM_P_DOES_NOT_EXIST 65 +#define KRB5_ADM_NOT_AUTHORIZED 66 +#define KRB5_ADM_BAD_OPTION 67 +#define KRB5_ADM_VALUE_REQUIRED 68 +#define KRB5_ADM_SYSTEM_ERROR 69 +#define KRB5_ADM_KEY_DOES_NOT_EXIST 70 +#define KRB5_ADM_KEY_ALREADY_EXISTS 71 /* * Principal flag keywords. */ /* Settable only */ -#define KRB5_ADM_KW_PASSWORD "PASSWORD" -#define KRB5_ADM_KW_APASSWORD "APASSWORD" -#define KRB5_ADM_KW_RANDOMKEY "RANDOMKEY" -#define KRB5_ADM_KW_ARANDOMKEY "ARANDOMKEY" -#define KRB5_ADM_KW_SETFLAGS "SETFLAGS" -#define KRB5_ADM_KW_UNSETFLAGS "UNSETFLAGS" +#define KRB5_ADM_KW_PASSWORD "PASSWORD" +#define KRB5_ADM_KW_APASSWORD "APASSWORD" +#define KRB5_ADM_KW_RANDOMKEY "RANDOMKEY" +#define KRB5_ADM_KW_ARANDOMKEY "ARANDOMKEY" +#define KRB5_ADM_KW_SETFLAGS "SETFLAGS" +#define KRB5_ADM_KW_UNSETFLAGS "UNSETFLAGS" /* Settable and retrievable */ -#define KRB5_ADM_KW_MAXLIFE "MAXLIFE" -#define KRB5_ADM_KW_MAXRENEWLIFE "MAXRENEWLIFE" -#define KRB5_ADM_KW_EXPIRATION "EXPIRATION" -#define KRB5_ADM_KW_PWEXPIRATION "PWEXPIRATION" -#define KRB5_ADM_KW_FLAGS "FLAGS" -#define KRB5_ADM_KW_AUXDATA "AUXDATA" -#define KRB5_ADM_KW_EXTRADATA "EXTRADATA" +#define KRB5_ADM_KW_MAXLIFE "MAXLIFE" +#define KRB5_ADM_KW_MAXRENEWLIFE "MAXRENEWLIFE" +#define KRB5_ADM_KW_EXPIRATION "EXPIRATION" +#define KRB5_ADM_KW_PWEXPIRATION "PWEXPIRATION" +#define KRB5_ADM_KW_FLAGS "FLAGS" +#define KRB5_ADM_KW_AUXDATA "AUXDATA" +#define KRB5_ADM_KW_EXTRADATA "EXTRADATA" /* Retrievable only */ -#define KRB5_ADM_KW_LASTPWCHANGE "LASTPWCHANGE" -#define KRB5_ADM_KW_LASTSUCCESS "LASTSUCCESS" -#define KRB5_ADM_KW_LASTFAILED "LASTFAILED" -#define KRB5_ADM_KW_FAILCOUNT "FAILCOUNT" -#define KRB5_ADM_KW_KEYDATA "KEYDATA" +#define KRB5_ADM_KW_LASTPWCHANGE "LASTPWCHANGE" +#define KRB5_ADM_KW_LASTSUCCESS "LASTSUCCESS" +#define KRB5_ADM_KW_LASTFAILED "LASTFAILED" +#define KRB5_ADM_KW_FAILCOUNT "FAILCOUNT" +#define KRB5_ADM_KW_KEYDATA "KEYDATA" /* Valid mask */ -#define KRB5_ADM_M_PASSWORD 0x00000001 -#define KRB5_ADM_M_MAXLIFE 0x00000002 -#define KRB5_ADM_M_MAXRENEWLIFE 0x00000004 -#define KRB5_ADM_M_EXPIRATION 0x00000008 -#define KRB5_ADM_M_PWEXPIRATION 0x00000010 -#define KRB5_ADM_M_RANDOMKEY 0x00000020 -#define KRB5_ADM_M_FLAGS 0x00000040 -#define KRB5_ADM_M_LASTPWCHANGE 0x00000080 -#define KRB5_ADM_M_LASTSUCCESS 0x00000100 -#define KRB5_ADM_M_LASTFAILED 0x00000200 -#define KRB5_ADM_M_FAILCOUNT 0x00000400 -#define KRB5_ADM_M_AUXDATA 0x00000800 -#define KRB5_ADM_M_KEYDATA 0x00001000 -#define KRB5_ADM_M_APASSWORD 0x00002000 -#define KRB5_ADM_M_ARANDOMKEY 0x00004000 -#define KRB5_ADM_M_UNUSED_15 0x00008000 -#define KRB5_ADM_M_UNUSED_16 0x00010000 -#define KRB5_ADM_M_UNUSED_17 0x00020000 -#define KRB5_ADM_M_UNUSED_18 0x00040000 -#define KRB5_ADM_M_UNUSED_19 0x00080000 -#define KRB5_ADM_M_UNUSED_20 0x00100000 -#define KRB5_ADM_M_UNUSED_21 0x00200000 -#define KRB5_ADM_M_UNUSED_22 0x00400000 -#define KRB5_ADM_M_UNUSED_23 0x00800000 -#define KRB5_ADM_M_UNUSED_24 0x01000000 -#define KRB5_ADM_M_UNUSED_25 0x02000000 -#define KRB5_ADM_M_UNUSED_26 0x04000000 -#define KRB5_ADM_M_UNUSED_27 0x08000000 -#define KRB5_ADM_M_UNUSED_28 0x10000000 -#define KRB5_ADM_M_UNUSED_29 0x20000000 -#define KRB5_ADM_M_GET 0x40000000 -#define KRB5_ADM_M_SET 0x80000000 +#define KRB5_ADM_M_PASSWORD 0x00000001 +#define KRB5_ADM_M_MAXLIFE 0x00000002 +#define KRB5_ADM_M_MAXRENEWLIFE 0x00000004 +#define KRB5_ADM_M_EXPIRATION 0x00000008 +#define KRB5_ADM_M_PWEXPIRATION 0x00000010 +#define KRB5_ADM_M_RANDOMKEY 0x00000020 +#define KRB5_ADM_M_FLAGS 0x00000040 +#define KRB5_ADM_M_LASTPWCHANGE 0x00000080 +#define KRB5_ADM_M_LASTSUCCESS 0x00000100 +#define KRB5_ADM_M_LASTFAILED 0x00000200 +#define KRB5_ADM_M_FAILCOUNT 0x00000400 +#define KRB5_ADM_M_AUXDATA 0x00000800 +#define KRB5_ADM_M_KEYDATA 0x00001000 +#define KRB5_ADM_M_APASSWORD 0x00002000 +#define KRB5_ADM_M_ARANDOMKEY 0x00004000 +#define KRB5_ADM_M_UNUSED_15 0x00008000 +#define KRB5_ADM_M_UNUSED_16 0x00010000 +#define KRB5_ADM_M_UNUSED_17 0x00020000 +#define KRB5_ADM_M_UNUSED_18 0x00040000 +#define KRB5_ADM_M_UNUSED_19 0x00080000 +#define KRB5_ADM_M_UNUSED_20 0x00100000 +#define KRB5_ADM_M_UNUSED_21 0x00200000 +#define KRB5_ADM_M_UNUSED_22 0x00400000 +#define KRB5_ADM_M_UNUSED_23 0x00800000 +#define KRB5_ADM_M_UNUSED_24 0x01000000 +#define KRB5_ADM_M_UNUSED_25 0x02000000 +#define KRB5_ADM_M_UNUSED_26 0x04000000 +#define KRB5_ADM_M_UNUSED_27 0x08000000 +#define KRB5_ADM_M_UNUSED_28 0x10000000 +#define KRB5_ADM_M_UNUSED_29 0x20000000 +#define KRB5_ADM_M_GET 0x40000000 +#define KRB5_ADM_M_SET 0x80000000 -#define KRB5_ADM_M_EXTRADATA 0x00000000 /* Hack to get */ - /* libkadm to compile */ +#define KRB5_ADM_M_EXTRADATA 0x00000000 /* Hack to get */ + /* libkadm to compile */ -#define KRB5_ADM_M_SET_VALID (KRB5_ADM_M_SET + \ - KRB5_ADM_M_PASSWORD + \ - KRB5_ADM_M_APASSWORD + \ - KRB5_ADM_M_MAXLIFE + \ - KRB5_ADM_M_MAXRENEWLIFE+ \ - KRB5_ADM_M_EXPIRATION + \ - KRB5_ADM_M_PWEXPIRATION+ \ - KRB5_ADM_M_RANDOMKEY + \ - KRB5_ADM_M_ARANDOMKEY + \ - KRB5_ADM_M_FLAGS + \ - KRB5_ADM_M_AUXDATA) -#define KRB5_ADM_M_GET_VALID (KRB5_ADM_M_GET + \ - KRB5_ADM_M_MAXLIFE + \ - KRB5_ADM_M_MAXRENEWLIFE+ \ - KRB5_ADM_M_EXPIRATION + \ - KRB5_ADM_M_PWEXPIRATION+ \ - KRB5_ADM_M_FLAGS + \ - KRB5_ADM_M_LASTPWCHANGE+ \ - KRB5_ADM_M_LASTSUCCESS + \ - KRB5_ADM_M_LASTFAILED + \ - KRB5_ADM_M_FAILCOUNT + \ - KRB5_ADM_M_AUXDATA + \ - KRB5_ADM_M_KEYDATA) +#define KRB5_ADM_M_SET_VALID (KRB5_ADM_M_SET + \ + KRB5_ADM_M_PASSWORD + \ + KRB5_ADM_M_APASSWORD + \ + KRB5_ADM_M_MAXLIFE + \ + KRB5_ADM_M_MAXRENEWLIFE+ \ + KRB5_ADM_M_EXPIRATION + \ + KRB5_ADM_M_PWEXPIRATION+ \ + KRB5_ADM_M_RANDOMKEY + \ + KRB5_ADM_M_ARANDOMKEY + \ + KRB5_ADM_M_FLAGS + \ + KRB5_ADM_M_AUXDATA) +#define KRB5_ADM_M_GET_VALID (KRB5_ADM_M_GET + \ + KRB5_ADM_M_MAXLIFE + \ + KRB5_ADM_M_MAXRENEWLIFE+ \ + KRB5_ADM_M_EXPIRATION + \ + KRB5_ADM_M_PWEXPIRATION+ \ + KRB5_ADM_M_FLAGS + \ + KRB5_ADM_M_LASTPWCHANGE+ \ + KRB5_ADM_M_LASTSUCCESS + \ + KRB5_ADM_M_LASTFAILED + \ + KRB5_ADM_M_FAILCOUNT + \ + KRB5_ADM_M_AUXDATA + \ + KRB5_ADM_M_KEYDATA) /* * Keytab reply components. */ -#define KRB5_ADM_KT_PRINCIPAL 0 -#define KRB5_ADM_KT_TIMESTAMP 1 -#define KRB5_ADM_KT_VNO 2 -#define KRB5_ADM_KT_KEY_ENCTYPE 3 -#define KRB5_ADM_KT_KEY_KEY 4 -#define KRB5_ADM_KT_NCOMPS 5 +#define KRB5_ADM_KT_PRINCIPAL 0 +#define KRB5_ADM_KT_TIMESTAMP 1 +#define KRB5_ADM_KT_VNO 2 +#define KRB5_ADM_KT_KEY_ENCTYPE 3 +#define KRB5_ADM_KT_KEY_KEY 4 +#define KRB5_ADM_KT_NCOMPS 5 /* for krb5_key_salt_tuple */ #include "kdb.h" @@ -193,30 +194,30 @@ * Data structure returned by krb5_read_realm_params() */ typedef struct __krb5_realm_params { - char * realm_profile; - char * realm_dbname; - char * realm_mkey_name; - char * realm_stash_file; - char * realm_kdc_ports; - char * realm_kdc_tcp_ports; - char * realm_acl_file; + char * realm_profile; + char * realm_dbname; + char * realm_mkey_name; + char * realm_stash_file; + char * realm_kdc_ports; + char * realm_kdc_tcp_ports; + char * realm_acl_file; char * realm_host_based_services; char * realm_no_host_referral; - krb5_int32 realm_kadmind_port; - krb5_enctype realm_enctype; - krb5_deltat realm_max_life; - krb5_deltat realm_max_rlife; - krb5_timestamp realm_expiration; - krb5_flags realm_flags; - krb5_key_salt_tuple *realm_keysalts; - unsigned int realm_reject_bad_transit:1; - unsigned int realm_kadmind_port_valid:1; - unsigned int realm_enctype_valid:1; - unsigned int realm_max_life_valid:1; - unsigned int realm_max_rlife_valid:1; - unsigned int realm_expiration_valid:1; - unsigned int realm_flags_valid:1; - unsigned int realm_reject_bad_transit_valid:1; - krb5_int32 realm_num_keysalts; + krb5_int32 realm_kadmind_port; + krb5_enctype realm_enctype; + krb5_deltat realm_max_life; + krb5_deltat realm_max_rlife; + krb5_timestamp realm_expiration; + krb5_flags realm_flags; + krb5_key_salt_tuple *realm_keysalts; + unsigned int realm_reject_bad_transit:1; + unsigned int realm_kadmind_port_valid:1; + unsigned int realm_enctype_valid:1; + unsigned int realm_max_life_valid:1; + unsigned int realm_max_rlife_valid:1; + unsigned int realm_expiration_valid:1; + unsigned int realm_flags_valid:1; + unsigned int realm_reject_bad_transit_valid:1; + krb5_int32 realm_num_keysalts; } krb5_realm_params; -#endif /* KRB5_ADM_H__ */ +#endif /* KRB5_ADM_H__ */ diff --git a/src/include/adm_proto.h b/src/include/adm_proto.h index cd17a2fa6e..9cdd22c678 100644 --- a/src/include/adm_proto.h +++ b/src/include/adm_proto.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * include/krb5/adm_proto.h * @@ -24,16 +25,16 @@ * or implied warranty. * */ -#ifndef KRB5_ADM_PROTO_H__ -#define KRB5_ADM_PROTO_H__ +#ifndef KRB5_ADM_PROTO_H__ +#define KRB5_ADM_PROTO_H__ /* * This is ugly, but avoids having to include k5-int or kdb.h for this. */ -#ifndef KRB5_KDB5__ +#ifndef KRB5_KDB5__ struct _krb5_db_entry; typedef struct _krb5_db_entry krb5_db_entry; -#endif /* KRB5_KDB5__ */ +#endif /* KRB5_KDB5__ */ /* Ditto for adm.h */ @@ -44,25 +45,21 @@ typedef struct _krb5_db_entry krb5_db_entry; #if !defined(KRB5_ADM_H__) && !defined(__KADM5_ADMIN_H__) struct ___krb5_realm_params; typedef struct ___krb5_realm_params krb5_realm_params; -#endif /* KRB5_ADM_H__ */ +#endif /* KRB5_ADM_H__ */ #ifndef KRB5_KDB5__ struct ___krb5_key_salt_tuple; typedef struct ___krb5_key_salt_tuple krb5_key_salt_tuple; -#endif /* KRB5_KDB5__ */ +#endif /* KRB5_KDB5__ */ /* * Function prototypes. */ /* logger.c */ -krb5_error_code krb5_klog_init - (krb5_context, - char *, - char *, - krb5_boolean); -void krb5_klog_close (krb5_context); -int krb5_klog_syslog (int, const char *, ...) +krb5_error_code krb5_klog_init(krb5_context, char *, char *, krb5_boolean); +void krb5_klog_close(krb5_context); +int krb5_klog_syslog(int, const char *, ...) #if !defined(__cplusplus) && (__GNUC__ > 2) __attribute__((__format__(__printf__, 2, 3))) #endif @@ -70,70 +67,41 @@ int krb5_klog_syslog (int, const char *, ...) void krb5_klog_reopen (krb5_context); /* alt_prof.c */ -krb5_error_code krb5_aprof_init - (char *, char *, krb5_pointer *); -krb5_error_code krb5_aprof_getvals - (krb5_pointer, const char **, char ***); -krb5_error_code krb5_aprof_get_boolean - (krb5_pointer, const char **, int, krb5_boolean *); -krb5_error_code krb5_aprof_get_deltat - (krb5_pointer, - const char **, - krb5_boolean, - krb5_deltat *); -krb5_error_code krb5_aprof_get_string - (krb5_pointer, const char **, krb5_boolean, char **); -krb5_error_code krb5_aprof_get_string_all - (krb5_pointer, const char **, char **); -krb5_error_code krb5_aprof_get_int32 - (krb5_pointer, - const char **, - krb5_boolean, - krb5_int32 *); -krb5_error_code krb5_aprof_finish (krb5_pointer); +krb5_error_code krb5_aprof_init(char *, char *, krb5_pointer *); +krb5_error_code krb5_aprof_getvals(krb5_pointer, const char **, char ***); +krb5_error_code krb5_aprof_get_boolean(krb5_pointer, const char **, int, + krb5_boolean *); +krb5_error_code krb5_aprof_get_deltat(krb5_pointer, const char **, + krb5_boolean, krb5_deltat *); +krb5_error_code krb5_aprof_get_string(krb5_pointer, const char **, + krb5_boolean, char **); +krb5_error_code krb5_aprof_get_string_all(krb5_pointer, const char **, + char **); +krb5_error_code krb5_aprof_get_int32(krb5_pointer, const char **, + krb5_boolean, krb5_int32 *); +krb5_error_code krb5_aprof_finish(krb5_pointer); -krb5_error_code krb5_read_realm_params (krb5_context, - char *, - krb5_realm_params **); -krb5_error_code krb5_free_realm_params (krb5_context, - krb5_realm_params *); +krb5_error_code krb5_read_realm_params(krb5_context, char *, + krb5_realm_params **); +krb5_error_code krb5_free_realm_params(krb5_context, krb5_realm_params *); krb5_boolean krb5_match_config_pattern(const char *, const char *); /* str_conv.c */ -krb5_error_code -krb5_string_to_flags (char *, - const char *, - const char *, - krb5_flags *); -krb5_error_code -krb5_flags_to_string (krb5_flags, - const char *, - char *, - size_t); -krb5_error_code -krb5_input_flag_to_string (int, - char *, - size_t); +krb5_error_code krb5_string_to_flags(char *, const char *, const char *, + krb5_flags *); +krb5_error_code krb5_flags_to_string(krb5_flags, const char *, char *, size_t); +krb5_error_code krb5_input_flag_to_string (int, char *, size_t); /* keysalt.c */ -krb5_boolean -krb5_keysalt_is_present (krb5_key_salt_tuple *, - krb5_int32, - krb5_enctype, - krb5_int32); -krb5_error_code -krb5_keysalt_iterate (krb5_key_salt_tuple *, - krb5_int32, - krb5_boolean, - krb5_error_code (*) (krb5_key_salt_tuple *, - krb5_pointer), - krb5_pointer); +krb5_boolean krb5_keysalt_is_present(krb5_key_salt_tuple *, krb5_int32, + krb5_enctype, krb5_int32); +krb5_error_code krb5_keysalt_iterate(krb5_key_salt_tuple *, krb5_int32, + krb5_boolean, + krb5_error_code (*)(krb5_key_salt_tuple *, + krb5_pointer), + krb5_pointer); -krb5_error_code -krb5_string_to_keysalts (char *, - const char *, - const char *, - krb5_boolean, - krb5_key_salt_tuple **, - krb5_int32 *); -#endif /* KRB5_ADM_PROTO_H__ */ +krb5_error_code krb5_string_to_keysalts(char *, const char *, const char *, + krb5_boolean, krb5_key_salt_tuple **, + krb5_int32 *); +#endif /* KRB5_ADM_PROTO_H__ */ diff --git a/src/include/cm.h b/src/include/cm.h index a317c835a1..240735a3b1 100644 --- a/src/include/cm.h +++ b/src/include/cm.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * include/cm.h * @@ -29,14 +30,14 @@ struct select_state { int max, nfds; fd_set rfds, wfds, xfds; - struct timeval end_time; /* magic: tv_sec==0 => never time out */ + struct timeval end_time; /* magic: tv_sec==0 => never time out */ }; /* Select state flags. */ -#define SSF_READ 0x01 -#define SSF_WRITE 0x02 -#define SSF_EXCEPTION 0x04 +#define SSF_READ 0x01 +#define SSF_WRITE 0x02 +#define SSF_EXCEPTION 0x04 static const char *const state_strings[] = { @@ -62,13 +63,13 @@ struct conn_state { int (*service)(struct conn_state *, struct select_state *, int); struct addrinfo *addr; struct { - struct { - sg_buf sgbuf[2]; - sg_buf *sgp; - int sg_count; - unsigned char msg_len_buf[4]; - } out; - struct incoming_krb5_message in; + struct { + sg_buf sgbuf[2]; + sg_buf *sgp; + int sg_count; + unsigned char msg_len_buf[4]; + } out; + struct incoming_krb5_message in; } x; }; @@ -80,4 +81,4 @@ struct sendto_callback_info { krb5_error_code krb5int_cm_call_select (const struct select_state *, - struct select_state *, int *); + struct select_state *, int *); diff --git a/src/include/copyright.h b/src/include/copyright.h index 68dcfdbdb8..705e0a757e 100644 --- a/src/include/copyright.h +++ b/src/include/copyright.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (C) 1989-1994 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. diff --git a/src/include/fake-addrinfo.h b/src/include/fake-addrinfo.h index d6ba0fb7c7..5063ae8004 100644 --- a/src/include/fake-addrinfo.h +++ b/src/include/fake-addrinfo.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (C) 2001,2002,2003,2004 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. @@ -77,25 +78,25 @@ /* To do, maybe: + For AIX 4.3.3, using the RFC 2133 definition: Implement - AI_NUMERICHOST. It's not defined in the header file. + AI_NUMERICHOST. It's not defined in the header file. - For certain (old?) versions of GNU libc, AI_NUMERICHOST is - defined but not implemented. + For certain (old?) versions of GNU libc, AI_NUMERICHOST is + defined but not implemented. + Use gethostbyname2, inet_aton and other IPv6 or thread-safe - functions if available. But, see - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one - gethostbyname2 problem on Linux. And besides, if a platform is - supporting IPv6 at all, they really should be doing getaddrinfo - by now. + functions if available. But, see + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one + gethostbyname2 problem on Linux. And besides, if a platform is + supporting IPv6 at all, they really should be doing getaddrinfo + by now. + inet_ntop, inet_pton + Conditionally export/import the function definitions, so a - library can have a single copy instead of multiple. + library can have a single copy instead of multiple. + Upgrade host requirements to include working implementations of - these functions, and throw all this away. Pleeease? :-) */ + these functions, and throw all this away. Pleeease? :-) */ #ifndef FAI_DEFINED #define FAI_DEFINED @@ -105,37 +106,37 @@ #if !defined (HAVE_GETADDRINFO) #undef addrinfo -#define addrinfo my_fake_addrinfo +#define addrinfo my_fake_addrinfo struct addrinfo { - int ai_family; /* PF_foo */ - int ai_socktype; /* SOCK_foo */ - int ai_protocol; /* 0, IPPROTO_foo */ - int ai_flags; /* AI_PASSIVE etc */ - size_t ai_addrlen; /* real length of socket address */ - char *ai_canonname; /* canonical name of host */ - struct sockaddr *ai_addr; /* pointer to variable-size address */ - struct addrinfo *ai_next; /* next in linked list */ + int ai_family; /* PF_foo */ + int ai_socktype; /* SOCK_foo */ + int ai_protocol; /* 0, IPPROTO_foo */ + int ai_flags; /* AI_PASSIVE etc */ + size_t ai_addrlen; /* real length of socket address */ + char *ai_canonname; /* canonical name of host */ + struct sockaddr *ai_addr; /* pointer to variable-size address */ + struct addrinfo *ai_next; /* next in linked list */ }; -#undef AI_PASSIVE -#define AI_PASSIVE 0x01 -#undef AI_CANONNAME -#define AI_CANONNAME 0x02 -#undef AI_NUMERICHOST -#define AI_NUMERICHOST 0x04 +#undef AI_PASSIVE +#define AI_PASSIVE 0x01 +#undef AI_CANONNAME +#define AI_CANONNAME 0x02 +#undef AI_NUMERICHOST +#define AI_NUMERICHOST 0x04 /* RFC 2553 says these are part of the interface for getipnodebyname, not for getaddrinfo. RFC 3493 says they're part of the interface for getaddrinfo, and getipnodeby* are deprecated. Our fake getaddrinfo implementation here does IPv4 only anyways. */ -#undef AI_V4MAPPED -#define AI_V4MAPPED 0 -#undef AI_ADDRCONFIG -#define AI_ADDRCONFIG 0 -#undef AI_ALL -#define AI_ALL 0 -#undef AI_DEFAULT -#define AI_DEFAULT (AI_V4MAPPED|AI_ADDRCONFIG) +#undef AI_V4MAPPED +#define AI_V4MAPPED 0 +#undef AI_ADDRCONFIG +#define AI_ADDRCONFIG 0 +#undef AI_ALL +#define AI_ALL 0 +#undef AI_DEFAULT +#define AI_DEFAULT (AI_V4MAPPED|AI_ADDRCONFIG) #ifndef NI_MAXHOST #define NI_MAXHOST 1025 @@ -144,40 +145,40 @@ struct addrinfo { #define NI_MAXSERV 32 #endif -#undef NI_NUMERICHOST -#define NI_NUMERICHOST 0x01 -#undef NI_NUMERICSERV -#define NI_NUMERICSERV 0x02 -#undef NI_NAMEREQD -#define NI_NAMEREQD 0x04 -#undef NI_DGRAM -#define NI_DGRAM 0x08 -#undef NI_NOFQDN -#define NI_NOFQDN 0x10 +#undef NI_NUMERICHOST +#define NI_NUMERICHOST 0x01 +#undef NI_NUMERICSERV +#define NI_NUMERICSERV 0x02 +#undef NI_NAMEREQD +#define NI_NAMEREQD 0x04 +#undef NI_DGRAM +#define NI_DGRAM 0x08 +#undef NI_NOFQDN +#define NI_NOFQDN 0x10 #undef EAI_ADDRFAMILY -#define EAI_ADDRFAMILY 1 +#define EAI_ADDRFAMILY 1 #undef EAI_AGAIN -#define EAI_AGAIN 2 +#define EAI_AGAIN 2 #undef EAI_BADFLAGS -#define EAI_BADFLAGS 3 +#define EAI_BADFLAGS 3 #undef EAI_FAIL -#define EAI_FAIL 4 +#define EAI_FAIL 4 #undef EAI_FAMILY -#define EAI_FAMILY 5 +#define EAI_FAMILY 5 #undef EAI_MEMORY -#define EAI_MEMORY 6 +#define EAI_MEMORY 6 #undef EAI_NODATA -#define EAI_NODATA 7 +#define EAI_NODATA 7 #undef EAI_NONAME -#define EAI_NONAME 8 +#define EAI_NONAME 8 #undef EAI_SERVICE -#define EAI_SERVICE 9 +#define EAI_SERVICE 9 #undef EAI_SOCKTYPE -#define EAI_SOCKTYPE 10 +#define EAI_SOCKTYPE 10 #undef EAI_SYSTEM -#define EAI_SYSTEM 11 +#define EAI_SYSTEM 11 #endif /* ! HAVE_GETADDRINFO */ @@ -211,16 +212,16 @@ extern const struct in6_addr krb5int_in6addr_any; /* Call out to stuff defined in libkrb5support. */ extern int krb5int_getaddrinfo (const char *node, const char *service, - const struct addrinfo *hints, - struct addrinfo **aip); + const struct addrinfo *hints, + struct addrinfo **aip); extern void krb5int_freeaddrinfo (struct addrinfo *ai); extern const char *krb5int_gai_strerror(int err); extern int krb5int_getnameinfo (const struct sockaddr *sa, socklen_t salen, - char *hbuf, size_t hbuflen, - char *sbuf, size_t sbuflen, - int flags); + char *hbuf, size_t hbuflen, + char *sbuf, size_t sbuflen, + int flags); #ifndef IMPLEMENT_FAKE_GETADDRINFO -#undef getaddrinfo +#undef getaddrinfo #define getaddrinfo krb5int_getaddrinfo #undef freeaddrinfo #define freeaddrinfo krb5int_freeaddrinfo diff --git a/src/include/foreachaddr.h b/src/include/foreachaddr.h index ae422c7b1b..c46d47195a 100644 --- a/src/include/foreachaddr.h +++ b/src/include/foreachaddr.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * include/foreachaddr.c * @@ -51,13 +52,13 @@ extern int krb5int_foreach_localaddr (/*@null@*/ void *data, - int (*pass1fn) (/*@null@*/ void *, - struct sockaddr *) /*@*/, - /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/, - /*@null@*/ int (*pass2fn) (/*@null@*/ void *, - struct sockaddr *) /*@*/) + int (*pass1fn) (/*@null@*/ void *, + struct sockaddr *) /*@*/, + /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/, + /*@null@*/ int (*pass2fn) (/*@null@*/ void *, + struct sockaddr *) /*@*/) #if defined(DEBUG) || defined(TEST) - /*@modifies fileSystem@*/ +/*@modifies fileSystem@*/ #endif ; diff --git a/src/include/gssapi.h b/src/include/gssapi.h index 7ce379ac41..9383dabdc0 100644 --- a/src/include/gssapi.h +++ b/src/include/gssapi.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Wrapper so that #include will work without special include * paths. diff --git a/src/include/iprop.h b/src/include/iprop.h index 9cfbb30936..942ad8d605 100644 --- a/src/include/iprop.h +++ b/src/include/iprop.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Please do not edit this file. * It was generated using rpcgen. @@ -15,180 +16,180 @@ extern "C" { typedef struct { - u_int utf8str_t_len; - char *utf8str_t_val; + u_int utf8str_t_len; + char *utf8str_t_val; } utf8str_t; typedef uint32_t kdb_sno_t; struct kdbe_time_t { - uint32_t seconds; - uint32_t useconds; + uint32_t seconds; + uint32_t useconds; }; typedef struct kdbe_time_t kdbe_time_t; struct kdbe_key_t { - int32_t k_ver; - int32_t k_kvno; - struct { - u_int k_enctype_len; - int32_t *k_enctype_val; - } k_enctype; - struct { - u_int k_contents_len; - utf8str_t *k_contents_val; - } k_contents; + int32_t k_ver; + int32_t k_kvno; + struct { + u_int k_enctype_len; + int32_t *k_enctype_val; + } k_enctype; + struct { + u_int k_contents_len; + utf8str_t *k_contents_val; + } k_contents; }; typedef struct kdbe_key_t kdbe_key_t; struct kdbe_data_t { - int32_t k_magic; - utf8str_t k_data; + int32_t k_magic; + utf8str_t k_data; }; typedef struct kdbe_data_t kdbe_data_t; struct kdbe_princ_t { - utf8str_t k_realm; - struct { - u_int k_components_len; - kdbe_data_t *k_components_val; - } k_components; - int32_t k_nametype; + utf8str_t k_realm; + struct { + u_int k_components_len; + kdbe_data_t *k_components_val; + } k_components; + int32_t k_nametype; }; typedef struct kdbe_princ_t kdbe_princ_t; struct kdbe_tl_t { - int16_t tl_type; - struct { - u_int tl_data_len; - char *tl_data_val; - } tl_data; + int16_t tl_type; + struct { + u_int tl_data_len; + char *tl_data_val; + } tl_data; }; typedef struct kdbe_tl_t kdbe_tl_t; typedef struct { - u_int kdbe_pw_hist_t_len; - kdbe_key_t *kdbe_pw_hist_t_val; + u_int kdbe_pw_hist_t_len; + kdbe_key_t *kdbe_pw_hist_t_val; } kdbe_pw_hist_t; enum kdbe_attr_type_t { - AT_ATTRFLAGS = 0, - AT_MAX_LIFE = 1, - AT_MAX_RENEW_LIFE = 2, - AT_EXP = 3, - AT_PW_EXP = 4, - AT_LAST_SUCCESS = 5, - AT_LAST_FAILED = 6, - AT_FAIL_AUTH_COUNT = 7, - AT_PRINC = 8, - AT_KEYDATA = 9, - AT_TL_DATA = 10, - AT_LEN = 11, - AT_MOD_PRINC = 12, - AT_MOD_TIME = 13, - AT_MOD_WHERE = 14, - AT_PW_LAST_CHANGE = 15, - AT_PW_POLICY = 16, - AT_PW_POLICY_SWITCH = 17, - AT_PW_HIST_KVNO = 18, - AT_PW_HIST = 19, + AT_ATTRFLAGS = 0, + AT_MAX_LIFE = 1, + AT_MAX_RENEW_LIFE = 2, + AT_EXP = 3, + AT_PW_EXP = 4, + AT_LAST_SUCCESS = 5, + AT_LAST_FAILED = 6, + AT_FAIL_AUTH_COUNT = 7, + AT_PRINC = 8, + AT_KEYDATA = 9, + AT_TL_DATA = 10, + AT_LEN = 11, + AT_MOD_PRINC = 12, + AT_MOD_TIME = 13, + AT_MOD_WHERE = 14, + AT_PW_LAST_CHANGE = 15, + AT_PW_POLICY = 16, + AT_PW_POLICY_SWITCH = 17, + AT_PW_HIST_KVNO = 18, + AT_PW_HIST = 19, }; typedef enum kdbe_attr_type_t kdbe_attr_type_t; struct kdbe_val_t { - kdbe_attr_type_t av_type; - union { - uint32_t av_attrflags; - uint32_t av_max_life; - uint32_t av_max_renew_life; - uint32_t av_exp; - uint32_t av_pw_exp; - uint32_t av_last_success; - uint32_t av_last_failed; - uint32_t av_fail_auth_count; - kdbe_princ_t av_princ; - struct { - u_int av_keydata_len; - kdbe_key_t *av_keydata_val; - } av_keydata; - struct { - u_int av_tldata_len; - kdbe_tl_t *av_tldata_val; - } av_tldata; - int16_t av_len; - uint32_t av_pw_last_change; - kdbe_princ_t av_mod_princ; - uint32_t av_mod_time; - utf8str_t av_mod_where; - utf8str_t av_pw_policy; - bool_t av_pw_policy_switch; - uint32_t av_pw_hist_kvno; - struct { - u_int av_pw_hist_len; - kdbe_pw_hist_t *av_pw_hist_val; - } av_pw_hist; - struct { - u_int av_extension_len; - char *av_extension_val; - } av_extension; - } kdbe_val_t_u; + kdbe_attr_type_t av_type; + union { + uint32_t av_attrflags; + uint32_t av_max_life; + uint32_t av_max_renew_life; + uint32_t av_exp; + uint32_t av_pw_exp; + uint32_t av_last_success; + uint32_t av_last_failed; + uint32_t av_fail_auth_count; + kdbe_princ_t av_princ; + struct { + u_int av_keydata_len; + kdbe_key_t *av_keydata_val; + } av_keydata; + struct { + u_int av_tldata_len; + kdbe_tl_t *av_tldata_val; + } av_tldata; + int16_t av_len; + uint32_t av_pw_last_change; + kdbe_princ_t av_mod_princ; + uint32_t av_mod_time; + utf8str_t av_mod_where; + utf8str_t av_pw_policy; + bool_t av_pw_policy_switch; + uint32_t av_pw_hist_kvno; + struct { + u_int av_pw_hist_len; + kdbe_pw_hist_t *av_pw_hist_val; + } av_pw_hist; + struct { + u_int av_extension_len; + char *av_extension_val; + } av_extension; + } kdbe_val_t_u; }; typedef struct kdbe_val_t kdbe_val_t; typedef struct { - u_int kdbe_t_len; - kdbe_val_t *kdbe_t_val; + u_int kdbe_t_len; + kdbe_val_t *kdbe_t_val; } kdbe_t; struct kdb_incr_update_t { - utf8str_t kdb_princ_name; - kdb_sno_t kdb_entry_sno; - kdbe_time_t kdb_time; - kdbe_t kdb_update; - bool_t kdb_deleted; - bool_t kdb_commit; - struct { - u_int kdb_kdcs_seen_by_len; - utf8str_t *kdb_kdcs_seen_by_val; - } kdb_kdcs_seen_by; - struct { - u_int kdb_futures_len; - char *kdb_futures_val; - } kdb_futures; + utf8str_t kdb_princ_name; + kdb_sno_t kdb_entry_sno; + kdbe_time_t kdb_time; + kdbe_t kdb_update; + bool_t kdb_deleted; + bool_t kdb_commit; + struct { + u_int kdb_kdcs_seen_by_len; + utf8str_t *kdb_kdcs_seen_by_val; + } kdb_kdcs_seen_by; + struct { + u_int kdb_futures_len; + char *kdb_futures_val; + } kdb_futures; }; typedef struct kdb_incr_update_t kdb_incr_update_t; typedef struct { - u_int kdb_ulog_t_len; - kdb_incr_update_t *kdb_ulog_t_val; + u_int kdb_ulog_t_len; + kdb_incr_update_t *kdb_ulog_t_val; } kdb_ulog_t; enum update_status_t { - UPDATE_OK = 0, - UPDATE_ERROR = 1, - UPDATE_FULL_RESYNC_NEEDED = 2, - UPDATE_BUSY = 3, - UPDATE_NIL = 4, - UPDATE_PERM_DENIED = 5, + UPDATE_OK = 0, + UPDATE_ERROR = 1, + UPDATE_FULL_RESYNC_NEEDED = 2, + UPDATE_BUSY = 3, + UPDATE_NIL = 4, + UPDATE_PERM_DENIED = 5, }; typedef enum update_status_t update_status_t; struct kdb_last_t { - kdb_sno_t last_sno; - kdbe_time_t last_time; + kdb_sno_t last_sno; + kdbe_time_t last_time; }; typedef struct kdb_last_t kdb_last_t; struct kdb_incr_result_t { - kdb_last_t lastentry; - kdb_ulog_t updates; - update_status_t ret; + kdb_last_t lastentry; + kdb_ulog_t updates; + update_status_t ret; }; typedef struct kdb_incr_result_t kdb_incr_result_t; struct kdb_fullresync_result_t { - kdb_last_t lastentry; - update_status_t ret; + kdb_last_t lastentry; + update_status_t ret; }; typedef struct kdb_fullresync_result_t kdb_fullresync_result_t; @@ -206,8 +207,8 @@ extern kdb_incr_result_t * iprop_get_updates_1_svc(kdb_last_t *, struct svc_req extern kdb_fullresync_result_t * iprop_full_resync_1(void *, CLIENT *); extern kdb_fullresync_result_t * iprop_full_resync_1_svc(void *, struct svc_req *); #define IPROP_FULL_RESYNC_EXT 3 -extern kdb_fullresync_result_t * iprop_full_resync_ext_1(uint32_t *, CLIENT *); -extern kdb_fullresync_result_t * iprop_full_resync_ext_1_svc(uint32_t *, struct svc_req *); +extern kdb_fullresync_result_t * iprop_full_resync_ext_1(uint32_t *, CLIENT *); +extern kdb_fullresync_result_t * iprop_full_resync_ext_1_svc(uint32_t *, struct svc_req *); extern int krb5_iprop_prog_1_freeresult (SVCXPRT *, xdrproc_t, caddr_t); #else /* K&R C */ diff --git a/src/include/iprop_hdr.h b/src/include/iprop_hdr.h index cd6d3b440b..9027c76cf9 100644 --- a/src/include/iprop_hdr.h +++ b/src/include/iprop_hdr.h @@ -1,15 +1,16 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -#ifndef _IPROP_HDR_H -#define _IPROP_HDR_H +#ifndef _IPROP_HDR_H +#define _IPROP_HDR_H -/* #pragma ident "@(#)iprop_hdr.h 1.1 04/02/20 SMI" */ +/* #pragma ident "@(#)iprop_hdr.h 1.1 04/02/20 SMI" */ -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -22,16 +23,16 @@ extern "C" { * Maximum size for each ulog entry is 2KB and maximum * possible attribute-value pairs for each ulog entry is 20 */ -#define MAXENTRY_SIZE 2048 -#define MAXATTRS_SIZE 20 +#define MAXENTRY_SIZE 2048 +#define MAXATTRS_SIZE 20 -#define KIPROP_SVC_NAME "kiprop" -#define MAX_BACKOFF 300 /* Backoff for a maximum for 5 mts */ +#define KIPROP_SVC_NAME "kiprop" +#define MAX_BACKOFF 300 /* Backoff for a maximum for 5 mts */ enum iprop_role { - IPROP_NULL = 0, - IPROP_MASTER = 1, - IPROP_SLAVE = 2 + IPROP_NULL = 0, + IPROP_MASTER = 1, + IPROP_SLAVE = 2 }; typedef enum iprop_role iprop_role; @@ -42,7 +43,7 @@ typedef enum iprop_role iprop_role; #define IPROPX_VERSION_1 1 #define IPROPX_VERSION IPROPX_VERSION_1 -#ifdef __cplusplus +#ifdef __cplusplus } #endif diff --git a/src/include/k5-buf.h b/src/include/k5-buf.h index 5f7936fd5b..a6c55c1b76 100644 --- a/src/include/k5-buf.h +++ b/src/include/k5-buf.h @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * include/k5-buf.h * diff --git a/src/include/k5-err.h b/src/include/k5-err.h index 463125b2c2..7014002c86 100644 --- a/src/include/k5-err.h +++ b/src/include/k5-err.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * include/k5-err.h * @@ -16,7 +17,7 @@ * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label + * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of @@ -52,31 +53,31 @@ struct errinfo { void krb5int_set_error (struct errinfo *ep, - long code, - const char *fmt, ...) + long code, + const char *fmt, ...) #if !defined(__cplusplus) && (__GNUC__ > 2) __attribute__((__format__(__printf__, 3, 4))) #endif ; void krb5int_vset_error (struct errinfo *ep, long code, - const char *fmt, va_list args) + const char *fmt, va_list args) #if !defined(__cplusplus) && (__GNUC__ > 2) __attribute__((__format__(__printf__, 3, 0))) #endif ; void krb5int_set_error_fl (struct errinfo *ep, long code, - const char *file, int line, - const char *fmt, ...) + const char *file, int line, + const char *fmt, ...) #if !defined(__cplusplus) && (__GNUC__ > 2) __attribute__((__format__(__printf__, 5, 6))) #endif ; void krb5int_vset_error_fl (struct errinfo *ep, long code, - const char *file, int line, - const char *fmt, va_list args) + const char *file, int line, + const char *fmt, va_list args) #if !defined(__cplusplus) && (__GNUC__ > 2) __attribute__((__format__(__printf__, 5, 0))) #endif @@ -91,7 +92,7 @@ void krb5int_set_error_info_callout_fn (const char *(KRB5_CALLCONV *f)(long)); #ifdef DEBUG_ERROR_LOCATIONS -#define krb5int_set_error(ep, code, ...) \ +#define krb5int_set_error(ep, code, ...) \ krb5int_set_error_fl(ep, code, __FILE__, __LINE__, __VA_ARGS__) #endif diff --git a/src/include/k5-gmt_mktime.h b/src/include/k5-gmt_mktime.h index e7115a54f4..11cb9dd8d5 100644 --- a/src/include/k5-gmt_mktime.h +++ b/src/include/k5-gmt_mktime.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * include/k5-gmt_mktime.h * @@ -16,7 +17,7 @@ * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label + * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of diff --git a/src/include/k5-int-pkinit.h b/src/include/k5-int-pkinit.h index 2acc956f9d..77bd260ffb 100644 --- a/src/include/k5-int-pkinit.h +++ b/src/include/k5-int-pkinit.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * COPYRIGHT (C) 2006 * THE REGENTS OF THE UNIVERSITY OF MICHIGAN @@ -37,67 +38,67 @@ /* PKAuthenticator */ typedef struct _krb5_pk_authenticator { - krb5_int32 cusec; /* (0..999999) */ - krb5_timestamp ctime; - krb5_int32 nonce; /* (0..4294967295) */ - krb5_checksum paChecksum; + krb5_int32 cusec; /* (0..999999) */ + krb5_timestamp ctime; + krb5_int32 nonce; /* (0..4294967295) */ + krb5_checksum paChecksum; } krb5_pk_authenticator; /* PKAuthenticator draft9 */ typedef struct _krb5_pk_authenticator_draft9 { - krb5_principal kdcName; - krb5_octet_data kdcRealm; - krb5_int32 cusec; /* (0..999999) */ - krb5_timestamp ctime; - krb5_int32 nonce; /* (0..4294967295) */ + krb5_principal kdcName; + krb5_octet_data kdcRealm; + krb5_int32 cusec; /* (0..999999) */ + krb5_timestamp ctime; + krb5_int32 nonce; /* (0..4294967295) */ } krb5_pk_authenticator_draft9; /* AlgorithmIdentifier */ typedef struct _krb5_algorithm_identifier { - krb5_octet_data algorithm; /* OID */ - krb5_octet_data parameters; /* Optional */ + krb5_octet_data algorithm; /* OID */ + krb5_octet_data parameters; /* Optional */ } krb5_algorithm_identifier; /* SubjectPublicKeyInfo */ typedef struct _krb5_subject_pk_info { - krb5_algorithm_identifier algorithm; - krb5_octet_data subjectPublicKey; /* BIT STRING */ + krb5_algorithm_identifier algorithm; + krb5_octet_data subjectPublicKey; /* BIT STRING */ } krb5_subject_pk_info; /* AuthPack */ typedef struct _krb5_auth_pack { - krb5_pk_authenticator pkAuthenticator; - krb5_subject_pk_info *clientPublicValue; /* Optional */ - krb5_algorithm_identifier **supportedCMSTypes; /* Optional */ - krb5_octet_data clientDHNonce; /* Optional */ + krb5_pk_authenticator pkAuthenticator; + krb5_subject_pk_info *clientPublicValue; /* Optional */ + krb5_algorithm_identifier **supportedCMSTypes; /* Optional */ + krb5_octet_data clientDHNonce; /* Optional */ } krb5_auth_pack; /* AuthPack draft9 */ typedef struct _krb5_auth_pack_draft9 { - krb5_pk_authenticator_draft9 pkAuthenticator; - krb5_subject_pk_info *clientPublicValue; /* Optional */ + krb5_pk_authenticator_draft9 pkAuthenticator; + krb5_subject_pk_info *clientPublicValue; /* Optional */ } krb5_auth_pack_draft9; /* ExternalPrincipalIdentifier */ typedef struct _krb5_external_principal_identifier { - krb5_octet_data subjectName; /* Optional */ - krb5_octet_data issuerAndSerialNumber; /* Optional */ - krb5_octet_data subjectKeyIdentifier; /* Optional */ + krb5_octet_data subjectName; /* Optional */ + krb5_octet_data issuerAndSerialNumber; /* Optional */ + krb5_octet_data subjectKeyIdentifier; /* Optional */ } krb5_external_principal_identifier; /* TrustedCas */ typedef struct _krb5_trusted_ca { - enum { - choice_trusted_cas_UNKNOWN = -1, - choice_trusted_cas_principalName = 0, - choice_trusted_cas_caName = 1, - choice_trusted_cas_issuerAndSerial = 2 - } choice; - union { - krb5_principal principalName; - krb5_octet_data caName; /* fully-qualified X.500 "Name" as defined by X.509 (der-encoded) */ - krb5_octet_data issuerAndSerial; /* Optional -- IssuerAndSerialNumber (der-encoded) */ - } u; + enum { + choice_trusted_cas_UNKNOWN = -1, + choice_trusted_cas_principalName = 0, + choice_trusted_cas_caName = 1, + choice_trusted_cas_issuerAndSerial = 2 + } choice; + union { + krb5_principal principalName; + krb5_octet_data caName; /* fully-qualified X.500 "Name" as defined by X.509 (der-encoded) */ + krb5_octet_data issuerAndSerial; /* Optional -- IssuerAndSerialNumber (der-encoded) */ + } u; } krb5_trusted_ca; /* typed data */ @@ -113,74 +114,74 @@ typedef struct _krb5_typed_data { /* PA-PK-AS-REQ (Draft 9 -- PA TYPE 14) */ typedef struct _krb5_pa_pk_as_req_draft9 { - krb5_octet_data signedAuthPack; - krb5_trusted_ca **trustedCertifiers; /* Optional array */ - krb5_octet_data kdcCert; /* Optional */ - krb5_octet_data encryptionCert; + krb5_octet_data signedAuthPack; + krb5_trusted_ca **trustedCertifiers; /* Optional array */ + krb5_octet_data kdcCert; /* Optional */ + krb5_octet_data encryptionCert; } krb5_pa_pk_as_req_draft9; /* PA-PK-AS-REQ (rfc4556 -- PA TYPE 16) */ typedef struct _krb5_pa_pk_as_req { - krb5_octet_data signedAuthPack; - krb5_external_principal_identifier **trustedCertifiers; /* Optional array */ - krb5_octet_data kdcPkId; /* Optional */ + krb5_octet_data signedAuthPack; + krb5_external_principal_identifier **trustedCertifiers; /* Optional array */ + krb5_octet_data kdcPkId; /* Optional */ } krb5_pa_pk_as_req; /* DHRepInfo */ typedef struct _krb5_dh_rep_info { - krb5_octet_data dhSignedData; - krb5_octet_data serverDHNonce; /* Optional */ + krb5_octet_data dhSignedData; + krb5_octet_data serverDHNonce; /* Optional */ } krb5_dh_rep_info; /* KDCDHKeyInfo */ typedef struct _krb5_kdc_dh_key_info { - krb5_octet_data subjectPublicKey; /* BIT STRING */ - krb5_int32 nonce; /* (0..4294967295) */ - krb5_timestamp dhKeyExpiration; /* Optional */ + krb5_octet_data subjectPublicKey; /* BIT STRING */ + krb5_int32 nonce; /* (0..4294967295) */ + krb5_timestamp dhKeyExpiration; /* Optional */ } krb5_kdc_dh_key_info; /* KDCDHKeyInfo draft9*/ typedef struct _krb5_kdc_dh_key_info_draft9 { - krb5_octet_data subjectPublicKey; /* BIT STRING */ - krb5_int32 nonce; /* (0..4294967295) */ + krb5_octet_data subjectPublicKey; /* BIT STRING */ + krb5_int32 nonce; /* (0..4294967295) */ } krb5_kdc_dh_key_info_draft9; /* ReplyKeyPack */ typedef struct _krb5_reply_key_pack { - krb5_keyblock replyKey; - krb5_checksum asChecksum; + krb5_keyblock replyKey; + krb5_checksum asChecksum; } krb5_reply_key_pack; /* ReplyKeyPack */ typedef struct _krb5_reply_key_pack_draft9 { - krb5_keyblock replyKey; - krb5_int32 nonce; + krb5_keyblock replyKey; + krb5_int32 nonce; } krb5_reply_key_pack_draft9; /* PA-PK-AS-REP (Draft 9 -- PA TYPE 15) */ typedef struct _krb5_pa_pk_as_rep_draft9 { - enum { - choice_pa_pk_as_rep_draft9_UNKNOWN = -1, - choice_pa_pk_as_rep_draft9_dhSignedData = 0, - choice_pa_pk_as_rep_draft9_encKeyPack = 1 - } choice; - union { - krb5_octet_data dhSignedData; - krb5_octet_data encKeyPack; - } u; + enum { + choice_pa_pk_as_rep_draft9_UNKNOWN = -1, + choice_pa_pk_as_rep_draft9_dhSignedData = 0, + choice_pa_pk_as_rep_draft9_encKeyPack = 1 + } choice; + union { + krb5_octet_data dhSignedData; + krb5_octet_data encKeyPack; + } u; } krb5_pa_pk_as_rep_draft9; /* PA-PK-AS-REP (rfc4556 -- PA TYPE 17) */ typedef struct _krb5_pa_pk_as_rep { - enum { - choice_pa_pk_as_rep_UNKNOWN = -1, - choice_pa_pk_as_rep_dhInfo = 0, - choice_pa_pk_as_rep_encKeyPack = 1 - } choice; - union { - krb5_dh_rep_info dh_Info; - krb5_octet_data encKeyPack; - } u; + enum { + choice_pa_pk_as_rep_UNKNOWN = -1, + choice_pa_pk_as_rep_dhInfo = 0, + choice_pa_pk_as_rep_encKeyPack = 1 + } choice; + union { + krb5_dh_rep_info dh_Info; + krb5_octet_data encKeyPack; + } u; } krb5_pa_pk_as_rep; /* @@ -191,84 +192,94 @@ typedef struct _krb5_pa_pk_as_rep { * Prototypes for pkinit asn.1 encode routines *************************************************************************/ -krb5_error_code encode_krb5_pa_pk_as_req - (const krb5_pa_pk_as_req *rep, krb5_data **code); +krb5_error_code +encode_krb5_pa_pk_as_req(const krb5_pa_pk_as_req *rep, krb5_data **code); -krb5_error_code encode_krb5_pa_pk_as_req_draft9 - (const krb5_pa_pk_as_req_draft9 *rep, krb5_data **code); +krb5_error_code +encode_krb5_pa_pk_as_req_draft9(const krb5_pa_pk_as_req_draft9 *rep, + krb5_data **code); -krb5_error_code encode_krb5_pa_pk_as_rep - (const krb5_pa_pk_as_rep *rep, krb5_data **code); +krb5_error_code +encode_krb5_pa_pk_as_rep(const krb5_pa_pk_as_rep *rep, krb5_data **code); -krb5_error_code encode_krb5_pa_pk_as_rep_draft9 - (const krb5_pa_pk_as_rep_draft9 *rep, krb5_data **code); +krb5_error_code +encode_krb5_pa_pk_as_rep_draft9(const krb5_pa_pk_as_rep_draft9 *rep, + krb5_data **code); -krb5_error_code encode_krb5_auth_pack - (const krb5_auth_pack *rep, krb5_data **code); +krb5_error_code +encode_krb5_auth_pack(const krb5_auth_pack *rep, krb5_data **code); -krb5_error_code encode_krb5_auth_pack_draft9 - (const krb5_auth_pack_draft9 *rep, krb5_data **code); +krb5_error_code +encode_krb5_auth_pack_draft9(const krb5_auth_pack_draft9 *rep, + krb5_data **code); -krb5_error_code encode_krb5_kdc_dh_key_info - (const krb5_kdc_dh_key_info *rep, krb5_data **code); +krb5_error_code +encode_krb5_kdc_dh_key_info(const krb5_kdc_dh_key_info *rep, krb5_data **code); -krb5_error_code encode_krb5_reply_key_pack - (const krb5_reply_key_pack *, krb5_data **code); +krb5_error_code +encode_krb5_reply_key_pack(const krb5_reply_key_pack *, krb5_data **code); -krb5_error_code encode_krb5_reply_key_pack_draft9 - (const krb5_reply_key_pack_draft9 *, krb5_data **code); +krb5_error_code +encode_krb5_reply_key_pack_draft9(const krb5_reply_key_pack_draft9 *, + krb5_data **code); -krb5_error_code encode_krb5_typed_data - (const krb5_typed_data **, krb5_data **code); +krb5_error_code +encode_krb5_typed_data(const krb5_typed_data **, krb5_data **code); -krb5_error_code encode_krb5_td_trusted_certifiers - (const krb5_external_principal_identifier **, krb5_data **code); +krb5_error_code +encode_krb5_td_trusted_certifiers(const krb5_external_principal_identifier **, + krb5_data **code); -krb5_error_code encode_krb5_td_dh_parameters - (const krb5_algorithm_identifier **, krb5_data **code); +krb5_error_code +encode_krb5_td_dh_parameters(const krb5_algorithm_identifier **, + krb5_data **code); /************************************************************************* * Prototypes for pkinit asn.1 decode routines *************************************************************************/ -krb5_error_code decode_krb5_pa_pk_as_req - (const krb5_data *, krb5_pa_pk_as_req **); +krb5_error_code +decode_krb5_pa_pk_as_req(const krb5_data *, krb5_pa_pk_as_req **); -krb5_error_code decode_krb5_pa_pk_as_req_draft9 - (const krb5_data *, krb5_pa_pk_as_req_draft9 **); +krb5_error_code +decode_krb5_pa_pk_as_req_draft9(const krb5_data *, + krb5_pa_pk_as_req_draft9 **); -krb5_error_code decode_krb5_pa_pk_as_rep - (const krb5_data *, krb5_pa_pk_as_rep **); +krb5_error_code +decode_krb5_pa_pk_as_rep(const krb5_data *, krb5_pa_pk_as_rep **); -krb5_error_code decode_krb5_pa_pk_as_rep_draft9 - (const krb5_data *, krb5_pa_pk_as_rep_draft9 **); +krb5_error_code +decode_krb5_pa_pk_as_rep_draft9(const krb5_data *, + krb5_pa_pk_as_rep_draft9 **); -krb5_error_code decode_krb5_auth_pack - (const krb5_data *, krb5_auth_pack **); +krb5_error_code +decode_krb5_auth_pack(const krb5_data *, krb5_auth_pack **); -krb5_error_code decode_krb5_auth_pack_draft9 - (const krb5_data *, krb5_auth_pack_draft9 **); +krb5_error_code +decode_krb5_auth_pack_draft9(const krb5_data *, krb5_auth_pack_draft9 **); -krb5_error_code decode_krb5_kdc_dh_key_info - (const krb5_data *, krb5_kdc_dh_key_info **); +krb5_error_code +decode_krb5_kdc_dh_key_info(const krb5_data *, krb5_kdc_dh_key_info **); -krb5_error_code decode_krb5_principal_name - (const krb5_data *, krb5_principal_data **); +krb5_error_code +decode_krb5_principal_name(const krb5_data *, krb5_principal_data **); -krb5_error_code decode_krb5_reply_key_pack - (const krb5_data *, krb5_reply_key_pack **); +krb5_error_code +decode_krb5_reply_key_pack(const krb5_data *, krb5_reply_key_pack **); -krb5_error_code decode_krb5_reply_key_pack_draft9 - (const krb5_data *, krb5_reply_key_pack_draft9 **); +krb5_error_code +decode_krb5_reply_key_pack_draft9(const krb5_data *, + krb5_reply_key_pack_draft9 **); -krb5_error_code decode_krb5_typed_data - (const krb5_data *, krb5_typed_data ***); +krb5_error_code +decode_krb5_typed_data(const krb5_data *, krb5_typed_data ***); -krb5_error_code decode_krb5_td_trusted_certifiers - (const krb5_data *, krb5_external_principal_identifier ***); +krb5_error_code +decode_krb5_td_trusted_certifiers(const krb5_data *, + krb5_external_principal_identifier ***); -krb5_error_code decode_krb5_td_dh_parameters - (const krb5_data *, krb5_algorithm_identifier ***); +krb5_error_code +decode_krb5_td_dh_parameters(const krb5_data *, krb5_algorithm_identifier ***); void krb5_free_typed_data(krb5_context, krb5_typed_data **); diff --git a/src/include/k5-int.h b/src/include/k5-int.h index a9769234cd..01f76de609 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006,2007,2008,2009 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. @@ -84,9 +85,9 @@ #include "osconf.h" #if defined(__MACH__) && defined(__APPLE__) -# include +# include # if TARGET_RT_MAC_CFM -# error "Use KfM 4.0 SDK headers for CFM compilation." +# error "Use KfM 4.0 SDK headers for CFM compilation." # endif #endif @@ -104,10 +105,10 @@ #include "win-mac.h" /* Kerberos Windows initialization file */ -#define KERBEROS_INI "kerberos.ini" -#define INI_FILES "Files" -#define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */ -#define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */ +#define KERBEROS_INI "kerberos.ini" +#define INI_FILES "Files" +#define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */ +#define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */ #define ANSI_STDIO #endif @@ -116,13 +117,13 @@ #ifndef KRB5_SYSTYPES__ #define KRB5_SYSTYPES__ -#ifdef HAVE_SYS_TYPES_H /* From autoconf.h */ +#ifdef HAVE_SYS_TYPES_H /* From autoconf.h */ #include #else /* HAVE_SYS_TYPES_H */ -typedef unsigned long u_long; -typedef unsigned int u_int; -typedef unsigned short u_short; -typedef unsigned char u_char; +typedef unsigned long u_long; +typedef unsigned int u_int; +typedef unsigned short u_short; +typedef unsigned char u_char; #endif /* HAVE_SYS_TYPES_H */ #endif /* KRB5_SYSTYPES__ */ @@ -136,9 +137,9 @@ typedef INT64_TYPE krb5_int64; #define DEFAULT_PWD_STRING1 "Enter password" #define DEFAULT_PWD_STRING2 "Re-enter password for verification" -#define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ -#define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */ -#define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */ +#define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ +#define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */ +#define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */ /* * Windows requires a different api interface to each function. Here @@ -262,95 +263,95 @@ typedef INT64_TYPE krb5_int64; (which allows non-ambiguous error codes between subsystems) */ /* KDC errors */ -#define KDC_ERR_NONE 0 /* No error */ -#define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */ -#define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */ -#define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */ -#define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */ -#define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */ -#define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */ -#define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */ -#define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */ -#define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */ -#define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */ -#define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */ -#define KDC_ERR_POLICY 12 /* KDC policy rejects request */ -#define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */ -#define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */ -#define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */ -#define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */ -#define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */ -#define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */ -#define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */ -#define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */ -#define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */ -#define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */ -#define KDC_ERR_KEY_EXP 23 /* Password has expired */ -#define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */ -#define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */ - /* required */ -#define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */ - /* ticket don't match*/ -#define KDC_ERR_MUST_USE_USER2USER 27 /* Server principal valid for */ - /* user2user only */ -#define KDC_ERR_PATH_NOT_ACCEPTED 28 /* KDC policy rejected transited */ - /* path */ -#define KDC_ERR_SVC_UNAVAILABLE 29 /* A service is not - * available that is - * required to process the - * request */ +#define KDC_ERR_NONE 0 /* No error */ +#define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */ +#define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */ +#define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */ +#define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */ +#define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */ +#define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */ +#define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */ +#define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */ +#define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */ +#define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */ +#define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */ +#define KDC_ERR_POLICY 12 /* KDC policy rejects request */ +#define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */ +#define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */ +#define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */ +#define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */ +#define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */ +#define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */ +#define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */ +#define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */ +#define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */ +#define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */ +#define KDC_ERR_KEY_EXP 23 /* Password has expired */ +#define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */ +#define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */ + /* required */ +#define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */ + /* ticket don't match*/ +#define KDC_ERR_MUST_USE_USER2USER 27 /* Server principal valid for */ + /* user2user only */ +#define KDC_ERR_PATH_NOT_ACCEPTED 28 /* KDC policy rejected transited */ + /* path */ +#define KDC_ERR_SVC_UNAVAILABLE 29 /* A service is not + * available that is + * required to process the + * request */ /* Application errors */ -#define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */ -#define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */ -#define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */ -#define KRB_AP_ERR_REPEAT 34 /* Request is a replay */ -#define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */ -#define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */ -#define KRB_AP_ERR_SKEW 37 /* Clock skew too great */ -#define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */ -#define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */ -#define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */ -#define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */ -#define KRB_AP_ERR_BADORDER 42 /* Message out of order */ -#define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */ -#define KRB_AP_ERR_NOKEY 45 /* Service key not available */ -#define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */ -#define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */ -#define KRB_AP_ERR_METHOD 48 /* Alternative authentication */ - /* method required */ -#define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */ - /* in message */ -#define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */ - /* checksum in message */ -#define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */ -#define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */ - /* retry with TCP */ +#define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */ +#define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */ +#define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */ +#define KRB_AP_ERR_REPEAT 34 /* Request is a replay */ +#define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */ +#define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */ +#define KRB_AP_ERR_SKEW 37 /* Clock skew too great */ +#define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */ +#define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */ +#define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */ +#define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */ +#define KRB_AP_ERR_BADORDER 42 /* Message out of order */ +#define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */ +#define KRB_AP_ERR_NOKEY 45 /* Service key not available */ +#define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */ +#define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */ +#define KRB_AP_ERR_METHOD 48 /* Alternative authentication */ + /* method required */ +#define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */ + /* in message */ +#define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */ + /* checksum in message */ +#define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */ +#define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */ + /* retry with TCP */ /* other errors */ -#define KRB_ERR_GENERIC 60 /* Generic error (description */ - /* in e-text) */ -#define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */ +#define KRB_ERR_GENERIC 60 /* Generic error (description */ + /* in e-text) */ +#define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */ /* PKINIT server-reported errors */ -#define KDC_ERR_CLIENT_NOT_TRUSTED 62 /* client cert not trusted */ -#define KDC_ERR_KDC_NOT_TRUSTED 63 -#define KDC_ERR_INVALID_SIG 64 /* client signature verify failed */ -#define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED 65 /* invalid Diffie-Hellman parameters */ -#define KDC_ERR_CERTIFICATE_MISMATCH 66 -#define KRB_AP_ERR_NO_TGT 67 -#define KDC_ERR_WRONG_REALM 68 -#define KRB_AP_ERR_USER_TO_USER_REQUIRED 69 -#define KDC_ERR_CANT_VERIFY_CERTIFICATE 70 /* client cert not verifiable to */ - /* trusted root cert */ -#define KDC_ERR_INVALID_CERTIFICATE 71 /* client cert had invalid signature */ -#define KDC_ERR_REVOKED_CERTIFICATE 72 /* client cert was revoked */ -#define KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 /* client cert revoked, reason unknown */ -#define KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74 -#define KDC_ERR_CLIENT_NAME_MISMATCH 75 /* mismatch between client cert and */ - /* principal name */ -#define KDC_ERR_INCONSISTENT_KEY_PURPOSE 77 /* bad extended key use */ -#define KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED 78 /* bad digest algorithm in client cert */ -#define KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED 79 /* missing paChecksum in PA-PK-AS-REQ */ +#define KDC_ERR_CLIENT_NOT_TRUSTED 62 /* client cert not trusted */ +#define KDC_ERR_KDC_NOT_TRUSTED 63 +#define KDC_ERR_INVALID_SIG 64 /* client signature verify failed */ +#define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED 65 /* invalid Diffie-Hellman parameters */ +#define KDC_ERR_CERTIFICATE_MISMATCH 66 +#define KRB_AP_ERR_NO_TGT 67 +#define KDC_ERR_WRONG_REALM 68 +#define KRB_AP_ERR_USER_TO_USER_REQUIRED 69 +#define KDC_ERR_CANT_VERIFY_CERTIFICATE 70 /* client cert not verifiable to */ + /* trusted root cert */ +#define KDC_ERR_INVALID_CERTIFICATE 71 /* client cert had invalid signature */ +#define KDC_ERR_REVOKED_CERTIFICATE 72 /* client cert was revoked */ +#define KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 /* client cert revoked, reason unknown */ +#define KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74 +#define KDC_ERR_CLIENT_NAME_MISMATCH 75 /* mismatch between client cert and */ + /* principal name */ +#define KDC_ERR_INCONSISTENT_KEY_PURPOSE 77 /* bad extended key use */ +#define KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED 78 /* bad digest algorithm in client cert */ +#define KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED 79 /* missing paChecksum in PA-PK-AS-REQ */ #define KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED 80 /* bad digest algorithm in SignedData */ #define KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED 81 @@ -360,10 +361,10 @@ typedef INT64_TYPE krb5_int64; * authentication is returned, KRB_AP_METHOD. */ typedef struct _krb5_alt_method { - krb5_magic magic; - krb5_int32 method; - unsigned int length; - krb5_octet *data; + krb5_magic magic; + krb5_int32 method; + unsigned int length; + krb5_octet *data; } krb5_alt_method; /* @@ -374,10 +375,10 @@ typedef struct _krb5_alt_method { * but s2kparams must be null when encoding etype-info. */ typedef struct _krb5_etype_info_entry { - krb5_magic magic; - krb5_enctype etype; - unsigned int length; - krb5_octet *salt; + krb5_magic magic; + krb5_enctype etype; + unsigned int length; + krb5_octet *salt; krb5_data s2kparams; } krb5_etype_info_entry; @@ -393,33 +394,33 @@ typedef krb5_etype_info_entry ** krb5_etype_info; /* RFC 4537 */ typedef struct _krb5_etype_list { - int length; - krb5_enctype *etypes; + int length; + krb5_enctype *etypes; } krb5_etype_list; /* * a sam_challenge is returned for alternate preauth */ /* - SAMFlags ::= BIT STRING { - use-sad-as-key[0], - send-encrypted-sad[1], - must-pk-encrypt-sad[2] - } - */ + SAMFlags ::= BIT STRING { + use-sad-as-key[0], + send-encrypted-sad[1], + must-pk-encrypt-sad[2] + } +*/ /* - PA-SAM-CHALLENGE ::= SEQUENCE { - sam-type[0] INTEGER, - sam-flags[1] SAMFlags, - sam-type-name[2] GeneralString OPTIONAL, - sam-track-id[3] GeneralString OPTIONAL, - sam-challenge-label[4] GeneralString OPTIONAL, - sam-challenge[5] GeneralString OPTIONAL, - sam-response-prompt[6] GeneralString OPTIONAL, - sam-pk-for-sad[7] EncryptionKey OPTIONAL, - sam-nonce[8] INTEGER OPTIONAL, - sam-cksum[9] Checksum OPTIONAL - } + PA-SAM-CHALLENGE ::= SEQUENCE { + sam-type[0] INTEGER, + sam-flags[1] SAMFlags, + sam-type-name[2] GeneralString OPTIONAL, + sam-track-id[3] GeneralString OPTIONAL, + sam-challenge-label[4] GeneralString OPTIONAL, + sam-challenge[5] GeneralString OPTIONAL, + sam-response-prompt[6] GeneralString OPTIONAL, + sam-pk-for-sad[7] EncryptionKey OPTIONAL, + sam-nonce[8] INTEGER OPTIONAL, + sam-cksum[9] Checksum OPTIONAL + } */ /* sam_type values -- informational only */ #define PA_SAM_TYPE_ENIGMA 1 /* Enigma Logic */ @@ -434,89 +435,89 @@ typedef struct _krb5_etype_list { #define PA_SAM_TYPE_DIGI_PATH_HEX 8 /* Digital Pathways hex mode */ #endif #define PA_SAM_TYPE_EXP_BASE 128 /* experimental */ -#define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */ -#define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */ +#define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */ +#define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */ typedef struct _krb5_predicted_sam_response { - krb5_magic magic; - krb5_keyblock sam_key; - krb5_flags sam_flags; /* Makes key munging easier */ - krb5_timestamp stime; /* time on server, for replay detection */ - krb5_int32 susec; - krb5_principal client; - krb5_data msd; /* mechanism specific data */ + krb5_magic magic; + krb5_keyblock sam_key; + krb5_flags sam_flags; /* Makes key munging easier */ + krb5_timestamp stime; /* time on server, for replay detection */ + krb5_int32 susec; + krb5_principal client; + krb5_data msd; /* mechanism specific data */ } krb5_predicted_sam_response; typedef struct _krb5_sam_challenge { - krb5_magic magic; - krb5_int32 sam_type; /* information */ - krb5_flags sam_flags; /* KRB5_SAM_* values */ - krb5_data sam_type_name; - krb5_data sam_track_id; - krb5_data sam_challenge_label; - krb5_data sam_challenge; - krb5_data sam_response_prompt; - krb5_data sam_pk_for_sad; - krb5_int32 sam_nonce; - krb5_checksum sam_cksum; + krb5_magic magic; + krb5_int32 sam_type; /* information */ + krb5_flags sam_flags; /* KRB5_SAM_* values */ + krb5_data sam_type_name; + krb5_data sam_track_id; + krb5_data sam_challenge_label; + krb5_data sam_challenge; + krb5_data sam_response_prompt; + krb5_data sam_pk_for_sad; + krb5_int32 sam_nonce; + krb5_checksum sam_cksum; } krb5_sam_challenge; -typedef struct _krb5_sam_key { /* reserved for future use */ - krb5_magic magic; - krb5_keyblock sam_key; +typedef struct _krb5_sam_key { /* reserved for future use */ + krb5_magic magic; + krb5_keyblock sam_key; } krb5_sam_key; typedef struct _krb5_enc_sam_response_enc { - krb5_magic magic; - krb5_int32 sam_nonce; - krb5_timestamp sam_timestamp; - krb5_int32 sam_usec; - krb5_data sam_sad; + krb5_magic magic; + krb5_int32 sam_nonce; + krb5_timestamp sam_timestamp; + krb5_int32 sam_usec; + krb5_data sam_sad; } krb5_enc_sam_response_enc; typedef struct _krb5_sam_response { - krb5_magic magic; - krb5_int32 sam_type; /* informational */ - krb5_flags sam_flags; /* KRB5_SAM_* values */ - krb5_data sam_track_id; /* copied */ - krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */ - krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */ - krb5_int32 sam_nonce; - krb5_timestamp sam_patimestamp; + krb5_magic magic; + krb5_int32 sam_type; /* informational */ + krb5_flags sam_flags; /* KRB5_SAM_* values */ + krb5_data sam_track_id; /* copied */ + krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */ + krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */ + krb5_int32 sam_nonce; + krb5_timestamp sam_patimestamp; } krb5_sam_response; typedef struct _krb5_sam_challenge_2 { - krb5_data sam_challenge_2_body; - krb5_checksum **sam_cksum; /* Array of checksums */ + krb5_data sam_challenge_2_body; + krb5_checksum **sam_cksum; /* Array of checksums */ } krb5_sam_challenge_2; typedef struct _krb5_sam_challenge_2_body { - krb5_magic magic; - krb5_int32 sam_type; /* information */ - krb5_flags sam_flags; /* KRB5_SAM_* values */ - krb5_data sam_type_name; - krb5_data sam_track_id; - krb5_data sam_challenge_label; - krb5_data sam_challenge; - krb5_data sam_response_prompt; - krb5_data sam_pk_for_sad; - krb5_int32 sam_nonce; - krb5_enctype sam_etype; + krb5_magic magic; + krb5_int32 sam_type; /* information */ + krb5_flags sam_flags; /* KRB5_SAM_* values */ + krb5_data sam_type_name; + krb5_data sam_track_id; + krb5_data sam_challenge_label; + krb5_data sam_challenge; + krb5_data sam_response_prompt; + krb5_data sam_pk_for_sad; + krb5_int32 sam_nonce; + krb5_enctype sam_etype; } krb5_sam_challenge_2_body; typedef struct _krb5_sam_response_2 { - krb5_magic magic; - krb5_int32 sam_type; /* informational */ - krb5_flags sam_flags; /* KRB5_SAM_* values */ - krb5_data sam_track_id; /* copied */ - krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */ - krb5_int32 sam_nonce; + krb5_magic magic; + krb5_int32 sam_type; /* informational */ + krb5_flags sam_flags; /* KRB5_SAM_* values */ + krb5_data sam_track_id; /* copied */ + krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */ + krb5_int32 sam_nonce; } krb5_sam_response_2; typedef struct _krb5_enc_sam_response_enc_2 { - krb5_magic magic; - krb5_int32 sam_nonce; - krb5_data sam_sad; + krb5_magic magic; + krb5_int32 sam_nonce; + krb5_data sam_sad; } krb5_enc_sam_response_enc_2; /* @@ -547,17 +548,17 @@ extern char *strdup (const char *); #endif #ifdef HAVE_SYS_STAT_H -#include /* struct stat, stat() */ +#include /* struct stat, stat() */ #endif #ifdef HAVE_SYS_PARAM_H -#include /* MAXPATHLEN */ +#include /* MAXPATHLEN */ #endif #ifdef HAVE_SYS_FILE_H -#include /* prototypes for file-related - syscalls; flags for open & - friends */ +#include /* prototypes for file-related + syscalls; flags for open & + friends */ #endif #ifdef HAVE_FCNTL_H @@ -572,68 +573,72 @@ struct addrlist; struct sendto_callback_info; /* libos.spec */ -krb5_error_code krb5_lock_file (krb5_context, int, int); -krb5_error_code krb5_unlock_file (krb5_context, int); -krb5_error_code krb5_sendto_kdc (krb5_context, const krb5_data *, - const krb5_data *, krb5_data *, int *, int); - -krb5_error_code krb5int_sendto (krb5_context context, const krb5_data *message, - const struct addrlist *addrs, struct sendto_callback_info* callback_info, - krb5_data *reply, struct sockaddr *localaddr, socklen_t *localaddrlen, - struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, int *addr_used, - int (*msg_handler)(krb5_context, const krb5_data *, void *), - void *msg_handler_data); +krb5_error_code krb5_lock_file(krb5_context, int, int); +krb5_error_code krb5_unlock_file(krb5_context, int); +krb5_error_code krb5_sendto_kdc(krb5_context, const krb5_data *, + const krb5_data *, krb5_data *, int *, int); -krb5_error_code krb5_get_krbhst (krb5_context, const krb5_data *, char *** ); -krb5_error_code krb5_free_krbhst (krb5_context, char * const * ); -krb5_error_code krb5_create_secure_file (krb5_context, const char * pathname); -krb5_error_code krb5_sync_disk_file (krb5_context, FILE *fp); - -krb5_error_code krb5int_get_fq_local_hostname (char *, size_t); +krb5_error_code +krb5int_sendto(krb5_context context, const krb5_data *message, + const struct addrlist *addrs, + struct sendto_callback_info* callback_info, + krb5_data *reply, struct sockaddr *localaddr, + socklen_t *localaddrlen, + struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, + int *addr_used, + int (*msg_handler)(krb5_context, const krb5_data *, void *), + void *msg_handler_data); + +krb5_error_code krb5_get_krbhst(krb5_context, const krb5_data *, char *** ); +krb5_error_code krb5_free_krbhst(krb5_context, char * const * ); +krb5_error_code krb5_create_secure_file(krb5_context, const char * pathname); +krb5_error_code krb5_sync_disk_file(krb5_context, FILE *fp); + +krb5_error_code krb5int_get_fq_local_hostname(char *, size_t); krb5_error_code krb5int_init_context_kdc(krb5_context *); -krb5_error_code krb5_os_init_context (krb5_context, krb5_boolean); +krb5_error_code krb5_os_init_context(krb5_context, krb5_boolean); -void krb5_os_free_context (krb5_context); +void krb5_os_free_context(krb5_context); /* This function is needed by KfM's KerberosPreferences API * because it needs to be able to specify "secure" */ -krb5_error_code os_get_default_config_files - (profile_filespec_t **pfiles, krb5_boolean secure); +krb5_error_code +os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure); -krb5_error_code krb5_os_hostaddr - (krb5_context, const char *, krb5_address ***); +krb5_error_code +krb5_os_hostaddr(krb5_context, const char *, krb5_address ***); -krb5_error_code krb5int_get_domain_realm_mapping - (krb5_context , const char *, char ***); +krb5_error_code +krb5int_get_domain_realm_mapping(krb5_context , const char *, char ***); /* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're going to use this structure. */ struct addrlist { struct { #ifdef FAI_DEFINED - struct addrinfo *ai; + struct addrinfo *ai; #else - struct undefined_addrinfo *ai; + struct undefined_addrinfo *ai; #endif - void (*freefn)(void *); - void *data; + void (*freefn)(void *); + void *data; } *addrs; size_t naddrs; size_t space; }; #define ADDRLIST_INIT { 0, 0, 0 } -extern void krb5int_free_addrlist (struct addrlist *); -extern int krb5int_grow_addrlist (struct addrlist *, int); -extern int krb5int_add_host_to_list (struct addrlist *, const char *, - int, int, int, int); +extern void krb5int_free_addrlist(struct addrlist *); +extern int krb5int_grow_addrlist(struct addrlist *, int); +extern int krb5int_add_host_to_list(struct addrlist *, const char *, + int, int, int, int); #include krb5_error_code -krb5int_locate_server (krb5_context, const krb5_data *realm, - struct addrlist *, enum locate_service_type svc, - int sockettype, int family); +krb5int_locate_server(krb5_context, const krb5_data *realm, + struct addrlist *, enum locate_service_type svc, + int sockettype, int family); struct derived_key { krb5_data constant; @@ -656,34 +661,26 @@ struct krb5_enc_provider { size_t block_size, keybytes, keylength; /* cipher-state == 0 fresh state thrown away at end */ - krb5_error_code (*encrypt) (krb5_key key, - const krb5_data *cipher_state, - const krb5_data *input, - krb5_data *output); + krb5_error_code (*encrypt)(krb5_key key, const krb5_data *cipher_state, + const krb5_data *input, krb5_data *output); - krb5_error_code (*decrypt) (krb5_key key, - const krb5_data *ivec, - const krb5_data *input, - krb5_data *output); + krb5_error_code (*decrypt)(krb5_key key, const krb5_data *ivec, + const krb5_data *input, krb5_data *output); - krb5_error_code (*make_key) (const krb5_data *randombits, - krb5_keyblock *key); + krb5_error_code (*make_key)(const krb5_data *randombits, + krb5_keyblock *key); - krb5_error_code (*init_state) (const krb5_keyblock *key, - krb5_keyusage keyusage, krb5_data *out_state); - krb5_error_code (*free_state) (krb5_data *state); + krb5_error_code (*init_state)(const krb5_keyblock *key, + krb5_keyusage keyusage, + krb5_data *out_state); + krb5_error_code (*free_state)(krb5_data *state); /* In-place encryption/decryption of multiple buffers */ - krb5_error_code (*encrypt_iov) (krb5_key key, - const krb5_data *cipher_state, - krb5_crypto_iov *data, - size_t num_data); - + krb5_error_code (*encrypt_iov)(krb5_key key, const krb5_data *cipher_state, + krb5_crypto_iov *data, size_t num_data); - krb5_error_code (*decrypt_iov) (krb5_key key, - const krb5_data *cipher_state, - krb5_crypto_iov *data, - size_t num_data); + krb5_error_code (*decrypt_iov)(krb5_key key, const krb5_data *cipher_state, + krb5_crypto_iov *data, size_t num_data); }; @@ -692,99 +689,81 @@ struct krb5_hash_provider { size_t hashsize, blocksize; /* this takes multiple inputs to avoid lots of copying. */ - krb5_error_code (*hash) (unsigned int icount, const krb5_data *input, - krb5_data *output); + krb5_error_code (*hash)(unsigned int icount, const krb5_data *input, + krb5_data *output); }; struct krb5_keyhash_provider { size_t hashsize; - krb5_error_code (*hash) (krb5_key key, - krb5_keyusage keyusage, - const krb5_data *ivec, - const krb5_data *input, - krb5_data *output); - - krb5_error_code (*verify) (krb5_key key, - krb5_keyusage keyusage, - const krb5_data *ivec, - const krb5_data *input, - const krb5_data *hash, - krb5_boolean *valid); - - krb5_error_code (*hash_iov) (krb5_key key, - krb5_keyusage keyusage, - const krb5_data *ivec, - const krb5_crypto_iov *data, - size_t num_data, - krb5_data *output); - - krb5_error_code (*verify_iov) (krb5_key key, - krb5_keyusage keyusage, - const krb5_data *ivec, - const krb5_crypto_iov *data, - size_t num_data, - const krb5_data *hash, - krb5_boolean *valid); + krb5_error_code (*hash)(krb5_key key, krb5_keyusage keyusage, + const krb5_data *ivec, const krb5_data *input, + krb5_data *output); + + krb5_error_code (*verify)(krb5_key key, krb5_keyusage keyusage, + const krb5_data *ivec, const krb5_data *input, + const krb5_data *hash, krb5_boolean *valid); + + krb5_error_code (*hash_iov)(krb5_key key, krb5_keyusage keyusage, + const krb5_data *ivec, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output); + + krb5_error_code (*verify_iov)(krb5_key key, krb5_keyusage keyusage, + const krb5_data *ivec, + const krb5_crypto_iov *data, + size_t num_data, const krb5_data *hash, + krb5_boolean *valid); }; struct krb5_aead_provider { - krb5_error_code (*crypto_length) (const struct krb5_aead_provider *aead, - const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_cryptotype type, - unsigned int *length); - krb5_error_code (*encrypt_iov) (const struct krb5_aead_provider *aead, - const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, - krb5_keyusage keyusage, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data); - krb5_error_code (*decrypt_iov) (const struct krb5_aead_provider *aead, - const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, - krb5_keyusage keyusage, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data); + krb5_error_code (*crypto_length)(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + krb5_cryptotype type, + unsigned int *length); + krb5_error_code (*encrypt_iov)(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + krb5_key key, krb5_keyusage keyusage, + const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data); + krb5_error_code (*decrypt_iov)(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + krb5_key key, krb5_keyusage keyusage, + const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data); }; /* * in here to deal with stuff from lib/crypto */ -void krb5int_nfold -(unsigned int inbits, const unsigned char *in, - unsigned int outbits, unsigned char *out); +void krb5int_nfold(unsigned int inbits, const unsigned char *in, + unsigned int outbits, unsigned char *out); -krb5_error_code krb5int_hmac -(const struct krb5_hash_provider *hash, - krb5_key key, unsigned int icount, - const krb5_data *input, krb5_data *output); +krb5_error_code krb5int_hmac(const struct krb5_hash_provider *hash, + krb5_key key, unsigned int icount, + const krb5_data *input, krb5_data *output); -krb5_error_code krb5int_hmac_iov -(const struct krb5_hash_provider *hash, - krb5_key key, - const krb5_crypto_iov *data, size_t num_data, - krb5_data *output); +krb5_error_code krb5int_hmac_iov(const struct krb5_hash_provider *hash, + krb5_key key, const krb5_crypto_iov *data, + size_t num_data, krb5_data *output); -krb5_error_code krb5int_hmac_keyblock -(const struct krb5_hash_provider *hash, - const krb5_keyblock *key, unsigned int icount, - const krb5_data *input, krb5_data *output); +krb5_error_code +krb5int_hmac_keyblock(const struct krb5_hash_provider *hash, + const krb5_keyblock *key, unsigned int icount, + const krb5_data *input, krb5_data *output); -krb5_error_code krb5int_hmac_iov_keyblock -(const struct krb5_hash_provider *hash, - const krb5_keyblock *key, - const krb5_crypto_iov *data, size_t num_data, - krb5_data *output); +krb5_error_code +krb5int_hmac_iov_keyblock(const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output); -krb5_error_code krb5int_pbkdf2_hmac_sha1 (const krb5_data *, unsigned long, - const krb5_data *, - const krb5_data *); +krb5_error_code krb5int_pbkdf2_hmac_sha1(const krb5_data *, unsigned long, + const krb5_data *, const krb5_data *); /* Make this a function eventually? */ #ifdef _WIN32 @@ -805,8 +784,8 @@ static inline void zapfree(void *ptr, size_t len) { if (ptr != NULL) { - zap(ptr, len); - free(ptr); + zap(ptr, len); + free(ptr); } } @@ -814,41 +793,39 @@ zapfree(void *ptr, size_t len) * sets up an 8-byte IV of all zeros */ -krb5_error_code krb5int_des_init_state -(const krb5_keyblock *key, krb5_keyusage keyusage, krb5_data *new_state); +krb5_error_code +krb5int_des_init_state(const krb5_keyblock *key, krb5_keyusage keyusage, + krb5_data *new_state); /* * normally to free a cipher_state you can just memset the length to zero and * free it. */ -krb5_error_code krb5int_default_free_state -(krb5_data *state); +krb5_error_code krb5int_default_free_state(krb5_data *state); /* * Combine two keys (normally used by the hardware preauth mechanism) */ -krb5_error_code krb5int_c_combine_keys -(krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2, - krb5_keyblock *outkey); - - -void krb5int_c_free_keyblock -(krb5_context, krb5_keyblock *key); -void krb5int_c_free_keyblock_contents - (krb5_context, krb5_keyblock *); -krb5_error_code krb5int_c_init_keyblock - (krb5_context, krb5_enctype enctype, - size_t length, krb5_keyblock **out); -krb5_error_code krb5int_c_copy_keyblock -(krb5_context context, const krb5_keyblock *from, krb5_keyblock **to); -krb5_error_code krb5int_c_copy_keyblock_contents -(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to); +krb5_error_code +krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1, + krb5_keyblock *key2, krb5_keyblock *outkey); + +void krb5int_c_free_keyblock(krb5_context, krb5_keyblock *key); +void krb5int_c_free_keyblock_contents(krb5_context, krb5_keyblock *); +krb5_error_code krb5int_c_init_keyblock(krb5_context, krb5_enctype enctype, + size_t length, krb5_keyblock **out); +krb5_error_code krb5int_c_copy_keyblock(krb5_context context, + const krb5_keyblock *from, + krb5_keyblock **to); +krb5_error_code krb5int_c_copy_keyblock_contents(krb5_context context, + const krb5_keyblock *from, + krb5_keyblock *to); /* * Internal - for cleanup. */ -extern void krb5int_prng_cleanup (void); +extern void krb5int_prng_cleanup(void); /* @@ -863,37 +840,34 @@ extern const struct krb5_hash_provider krb5int_hash_md5; #ifdef KRB5_OLD_CRYPTO /* old provider api */ -krb5_error_code krb5_crypto_os_localaddr - (krb5_address ***); +krb5_error_code krb5_crypto_os_localaddr(krb5_address ***); -krb5_error_code krb5_crypto_us_timeofday - (krb5_int32 *, - krb5_int32 *); +krb5_error_code krb5_crypto_us_timeofday(krb5_int32 *, krb5_int32 *); #endif /* KRB5_OLD_CRYPTO */ /* this helper fct is in libkrb5, but it makes sense declared here. */ -krb5_error_code krb5_encrypt_helper -(krb5_context context, const krb5_keyblock *key, - krb5_keyusage keyusage, const krb5_data *plain, - krb5_enc_data *cipher); +krb5_error_code +krb5_encrypt_helper(krb5_context context, const krb5_keyblock *key, + krb5_keyusage keyusage, const krb5_data *plain, + krb5_enc_data *cipher); -krb5_error_code krb5_encrypt_keyhelper -(krb5_context context, krb5_key key, - krb5_keyusage keyusage, const krb5_data *plain, - krb5_enc_data *cipher); +krb5_error_code +krb5_encrypt_keyhelper(krb5_context context, krb5_key key, + krb5_keyusage keyusage, const krb5_data *plain, + krb5_enc_data *cipher); /* * End "los-proto.h" */ typedef struct _krb5_os_context { - krb5_magic magic; - krb5_int32 time_offset; - krb5_int32 usec_offset; - krb5_int32 os_flags; - char * default_ccname; + krb5_magic magic; + krb5_int32 time_offset; + krb5_int32 usec_offset; + krb5_int32 os_flags; + char * default_ccname; } *krb5_os_context; /* @@ -910,31 +884,31 @@ typedef struct _krb5_os_context { * returned as the time by the krb5 time routines. This should only * be used for testing purposes (obviously!) */ -#define KRB5_OS_TOFFSET_VALID 1 -#define KRB5_OS_TOFFSET_TIME 2 +#define KRB5_OS_TOFFSET_VALID 1 +#define KRB5_OS_TOFFSET_TIME 2 /* lock mode flags */ -#define KRB5_LOCKMODE_SHARED 0x0001 -#define KRB5_LOCKMODE_EXCLUSIVE 0x0002 -#define KRB5_LOCKMODE_DONTBLOCK 0x0004 -#define KRB5_LOCKMODE_UNLOCK 0x0008 +#define KRB5_LOCKMODE_SHARED 0x0001 +#define KRB5_LOCKMODE_EXCLUSIVE 0x0002 +#define KRB5_LOCKMODE_DONTBLOCK 0x0004 +#define KRB5_LOCKMODE_UNLOCK 0x0008 /* * Define our view of the size of a DES key. */ -#define KRB5_MIT_DES_KEYSIZE 8 -#define KRB5_MIT_DES3_KEYSIZE 24 -#define KRB5_MIT_DES3_KEY_BYTES 21 +#define KRB5_MIT_DES_KEYSIZE 8 +#define KRB5_MIT_DES3_KEYSIZE 24 +#define KRB5_MIT_DES3_KEY_BYTES 21 /* * Check if des_int.h has been included before us. If so, then check to see * that our view of the DES key size is the same as des_int.h's. */ -#ifdef MIT_DES_KEYSIZE -#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE +#ifdef MIT_DES_KEYSIZE +#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) -#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ -#endif /* MIT_DES_KEYSIZE */ +#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ +#endif /* MIT_DES_KEYSIZE */ /* * Begin "preauth.h" @@ -958,9 +932,9 @@ error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) * requested information. It is opaque to the plugin code and can be * expanded in the future as new types of requests are defined which * may require other things to be passed through. */ - struct krb5int_fast_request_state; +struct krb5int_fast_request_state; typedef struct _krb5_preauth_client_rock { - krb5_magic magic; + krb5_magic magic; krb5_enctype *etype; struct krb5int_fast_request_state *fast_state; } krb5_preauth_client_rock; @@ -971,65 +945,65 @@ typedef struct _krb5_preauth_client_rock { typedef struct _krb5_preauth_context { int n_modules; struct _krb5_preauth_context_module { - /* Which of the possibly more than one preauth types which the - * module supports we're using at this point in the list. */ - krb5_preauthtype pa_type; - /* Encryption types which the client claims to support -- we - * copy them directly into the krb5_kdc_req structure during - * krb5_preauth_prepare_request(). */ - krb5_enctype *enctypes; - /* The plugin's per-plugin context and a function to clear it. */ - void *plugin_context; - preauth_client_plugin_fini_proc client_fini; - /* The module's table, and some of its members, copied here for - * convenience when we populated the list. */ - struct krb5plugin_preauth_client_ftable_v1 *ftable; - const char *name; - int flags, use_count; - preauth_client_process_proc client_process; - preauth_client_tryagain_proc client_tryagain; - preauth_client_supply_gic_opts_proc client_supply_gic_opts; - preauth_client_request_init_proc client_req_init; - preauth_client_request_fini_proc client_req_fini; - /* The per-request context which the client_req_init() function - * might allocate, which we'll need to clean up later by - * calling the client_req_fini() function. */ - void *request_context; - /* A pointer to the request_context pointer. All modules within - * a plugin will point at the request_context of the first - * module within the plugin. */ - void **request_context_pp; + /* Which of the possibly more than one preauth types which the + * module supports we're using at this point in the list. */ + krb5_preauthtype pa_type; + /* Encryption types which the client claims to support -- we + * copy them directly into the krb5_kdc_req structure during + * krb5_preauth_prepare_request(). */ + krb5_enctype *enctypes; + /* The plugin's per-plugin context and a function to clear it. */ + void *plugin_context; + preauth_client_plugin_fini_proc client_fini; + /* The module's table, and some of its members, copied here for + * convenience when we populated the list. */ + struct krb5plugin_preauth_client_ftable_v1 *ftable; + const char *name; + int flags, use_count; + preauth_client_process_proc client_process; + preauth_client_tryagain_proc client_tryagain; + preauth_client_supply_gic_opts_proc client_supply_gic_opts; + preauth_client_request_init_proc client_req_init; + preauth_client_request_fini_proc client_req_fini; + /* The per-request context which the client_req_init() function + * might allocate, which we'll need to clean up later by + * calling the client_req_fini() function. */ + void *request_context; + /* A pointer to the request_context pointer. All modules within + * a plugin will point at the request_context of the first + * module within the plugin. */ + void **request_context_pp; } *modules; } krb5_preauth_context; typedef struct _krb5_pa_enc_ts { - krb5_timestamp patimestamp; - krb5_int32 pausec; + krb5_timestamp patimestamp; + krb5_int32 pausec; } krb5_pa_enc_ts; typedef struct _krb5_pa_for_user { - krb5_principal user; - krb5_checksum cksum; - krb5_data auth_package; + krb5_principal user; + krb5_checksum cksum; + krb5_data auth_package; } krb5_pa_for_user; typedef struct _krb5_s4u_userid { - krb5_int32 nonce; - krb5_principal user; - krb5_data subject_cert; - krb5_flags options; + krb5_int32 nonce; + krb5_principal user; + krb5_data subject_cert; + krb5_flags options; } krb5_s4u_userid; -#define KRB5_S4U_OPTS_CHECK_LOGON_HOURS 0x40000000 /* check logon hour restrictions */ -#define KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE 0x20000000 /* sign with usage 27 instead of 26 */ +#define KRB5_S4U_OPTS_CHECK_LOGON_HOURS 0x40000000 /* check logon hour restrictions */ +#define KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE 0x20000000 /* sign with usage 27 instead of 26 */ typedef struct _krb5_pa_s4u_x509_user { - krb5_s4u_userid user_id; - krb5_checksum cksum; + krb5_s4u_userid user_id; + krb5_checksum cksum; } krb5_pa_s4u_x509_user; enum { - KRB5_FAST_ARMOR_AP_REQUEST = 0x1 + KRB5_FAST_ARMOR_AP_REQUEST = 0x1 }; typedef struct _krb5_fast_armor { @@ -1047,7 +1021,7 @@ typedef struct _krb5_fast_req { krb5_magic magic; krb5_flags fast_options; /* padata from req_body is used*/ - krb5_kdc_req *req_body; + krb5_kdc_req *req_body; } krb5_fast_req; /* Bits 0-15 are critical in fast options.*/ @@ -1090,91 +1064,69 @@ typedef struct _krb5_ad_signedpath { krb5_pa_data **method_data; } krb5_ad_signedpath; -typedef krb5_error_code (*krb5_preauth_obtain_proc) - (krb5_context, - krb5_pa_data *, - krb5_etype_info, - krb5_keyblock *, - krb5_error_code ( * )(krb5_context, - const krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_creds *, - krb5_kdc_req *, - krb5_pa_data **); - -typedef krb5_error_code (*krb5_preauth_process_proc) - (krb5_context, - krb5_pa_data *, - krb5_kdc_req *, - krb5_kdc_rep *, - krb5_error_code ( * )(krb5_context, - const krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_error_code ( * )(krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ), - krb5_keyblock **, - krb5_creds *, - krb5_int32 *, - krb5_int32 *); +typedef krb5_error_code +(*krb5_preauth_obtain_proc)(krb5_context, krb5_pa_data *, + krb5_etype_info, krb5_keyblock *, + krb5_error_code (*)(krb5_context, + const krb5_enctype, + krb5_data *, + krb5_const_pointer, + krb5_keyblock **), + krb5_const_pointer, krb5_creds *, + krb5_kdc_req *, krb5_pa_data **); + +typedef krb5_error_code +(*krb5_preauth_process_proc)(krb5_context, krb5_pa_data *, krb5_kdc_req *, + krb5_kdc_rep *, + krb5_error_code (*)(krb5_context, + const krb5_enctype, + krb5_data *, + krb5_const_pointer, + krb5_keyblock **), + krb5_const_pointer, + krb5_error_code (*)(krb5_context, + const krb5_keyblock *, + krb5_const_pointer, + krb5_kdc_rep * ), + krb5_keyblock **, krb5_creds *, krb5_int32 *, + krb5_int32 *); typedef struct _krb5_preauth_ops { krb5_magic magic; int type; - int flags; - krb5_preauth_obtain_proc obtain; - krb5_preauth_process_proc process; + int flags; + krb5_preauth_obtain_proc obtain; + krb5_preauth_process_proc process; } krb5_preauth_ops; -krb5_error_code krb5_obtain_padata - (krb5_context, - krb5_pa_data **, - krb5_error_code ( * )(krb5_context, - const krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_creds *, - krb5_kdc_req *); - -krb5_error_code krb5_process_padata - (krb5_context, - krb5_kdc_req *, - krb5_kdc_rep *, - krb5_error_code ( * )(krb5_context, - const krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_error_code ( * )(krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ), - krb5_keyblock **, - krb5_creds *, - krb5_int32 *); - -krb5_pa_data * krb5int_find_pa_data -(krb5_context, krb5_pa_data * const *, krb5_preauthtype); +krb5_error_code +krb5_obtain_padata(krb5_context, krb5_pa_data **, + krb5_error_code (*)(krb5_context, const krb5_enctype, + krb5_data *, krb5_const_pointer, + krb5_keyblock **), + krb5_const_pointer, krb5_creds *, krb5_kdc_req *); + +krb5_error_code +krb5_process_padata(krb5_context, krb5_kdc_req *, krb5_kdc_rep *, + krb5_error_code (*)(krb5_context, const krb5_enctype, + krb5_data *, krb5_const_pointer, + krb5_keyblock **), + krb5_const_pointer, + krb5_error_code (*)(krb5_context, const krb5_keyblock *, + krb5_const_pointer, krb5_kdc_rep *), + krb5_keyblock **, krb5_creds *, krb5_int32 *); + +krb5_pa_data * +krb5int_find_pa_data(krb5_context, krb5_pa_data *const *, krb5_preauthtype); /* Does not return a copy; original padata sequence responsible for freeing*/ -void krb5_free_etype_info - (krb5_context, krb5_etype_info); +void krb5_free_etype_info(krb5_context, krb5_etype_info); /* * Preauthentication property flags */ -#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001 -#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002 +#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001 +#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002 #endif /* KRB5_PREAUTH__ */ /* @@ -1210,16 +1162,16 @@ void krb5_free_etype_info #define KRB5_GET_INIT_CREDS_OPT_EXTENDED 0x80000000 #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000 -#define krb5_gic_opt_is_extended(s) \ +#define krb5_gic_opt_is_extended(s) \ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0) -#define krb5_gic_opt_is_shadowed(s) \ +#define krb5_gic_opt_is_shadowed(s) \ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0) typedef struct _krb5_gic_opt_private { int num_preauth_data; krb5_gic_opt_pa_data *preauth_data; - char * fast_ccache_name; + char * fast_ccache_name; } krb5_gic_opt_private; /* @@ -1255,154 +1207,158 @@ typedef struct _krb5_gic_opt_ext { #endif krb5_error_code -krb5int_gic_opt_to_opte(krb5_context context, - krb5_get_init_creds_opt *opt, - krb5_gic_opt_ext **opte, - unsigned int force, +krb5int_gic_opt_to_opte(krb5_context context, krb5_get_init_creds_opt *opt, + krb5_gic_opt_ext **opte, unsigned int force, const char *where); krb5_error_code -krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *); +krb5int_copy_data_contents(krb5_context, const krb5_data *, krb5_data *); krb5_error_code -krb5int_copy_data_contents_add0 (krb5_context, const krb5_data *, krb5_data *); +krb5int_copy_data_contents_add0(krb5_context, const krb5_data *, krb5_data *); krb5_error_code -krb5int_copy_creds_contents (krb5_context, const krb5_creds *, krb5_creds *); +krb5int_copy_creds_contents(krb5_context, const krb5_creds *, krb5_creds *); -typedef krb5_error_code (*krb5_gic_get_as_key_fct) - (krb5_context, - krb5_principal, - krb5_enctype, - krb5_prompter_fct, - void *prompter_data, - krb5_data *salt, - krb5_data *s2kparams, - krb5_keyblock *as_key, - void *gak_data); +typedef krb5_error_code +(*krb5_gic_get_as_key_fct)(krb5_context, krb5_principal, krb5_enctype, + krb5_prompter_fct, void *prompter_data, + krb5_data *salt, krb5_data *s2kparams, + krb5_keyblock *as_key, void *gak_data); krb5_error_code KRB5_CALLCONV -krb5_get_init_creds -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_prompter_fct prompter, - void *prompter_data, - krb5_deltat start_time, - char *in_tkt_service, - krb5_gic_opt_ext *gic_options, - krb5_gic_get_as_key_fct gak, - void *gak_data, - int *master, - krb5_kdc_rep **as_reply); - -krb5_error_code krb5int_populate_gic_opt ( - krb5_context, krb5_gic_opt_ext **, - krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes, - krb5_preauthtype *pre_auth_types, krb5_creds *creds); - - -krb5_error_code KRB5_CALLCONV krb5_do_preauth - (krb5_context context, - krb5_kdc_req *request, - krb5_data *encoded_request_body, - krb5_data *encoded_previous_request, - krb5_pa_data **in_padata, krb5_pa_data ***out_padata, - krb5_data *salt, krb5_data *s2kparams, - krb5_enctype *etype, krb5_keyblock *as_key, - krb5_prompter_fct prompter, void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, void *gak_data, - krb5_preauth_client_rock *get_data_rock, - krb5_gic_opt_ext *opte); -krb5_error_code KRB5_CALLCONV krb5_do_preauth_tryagain - (krb5_context context, - krb5_kdc_req *request, - krb5_data *encoded_request_body, - krb5_data *encoded_previous_request, - krb5_pa_data **in_padata, krb5_pa_data ***out_padata, - krb5_error *err_reply, - krb5_data *salt, krb5_data *s2kparams, - krb5_enctype *etype, krb5_keyblock *as_key, - krb5_prompter_fct prompter, void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, void *gak_data, - krb5_preauth_client_rock *get_data_rock, - krb5_gic_opt_ext *opte); -void KRB5_CALLCONV krb5_init_preauth_context - (krb5_context); -void KRB5_CALLCONV krb5_free_preauth_context - (krb5_context); -void KRB5_CALLCONV krb5_clear_preauth_context_use_counts - (krb5_context); -void KRB5_CALLCONV krb5_preauth_prepare_request - (krb5_context, krb5_gic_opt_ext *, krb5_kdc_req *); -void KRB5_CALLCONV krb5_preauth_request_context_init - (krb5_context); -void KRB5_CALLCONV krb5_preauth_request_context_fini - (krb5_context); - -void KRB5_CALLCONV krb5_free_sam_challenge - (krb5_context, krb5_sam_challenge * ); -void KRB5_CALLCONV krb5_free_sam_challenge_2 - (krb5_context, krb5_sam_challenge_2 * ); -void KRB5_CALLCONV krb5_free_sam_challenge_2_body - (krb5_context, krb5_sam_challenge_2_body *); -void KRB5_CALLCONV krb5_free_sam_response - (krb5_context, krb5_sam_response * ); -void KRB5_CALLCONV krb5_free_sam_response_2 - (krb5_context, krb5_sam_response_2 * ); -void KRB5_CALLCONV krb5_free_predicted_sam_response - (krb5_context, krb5_predicted_sam_response * ); -void KRB5_CALLCONV krb5_free_enc_sam_response_enc - (krb5_context, krb5_enc_sam_response_enc * ); -void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2 - (krb5_context, krb5_enc_sam_response_enc_2 * ); -void KRB5_CALLCONV krb5_free_sam_challenge_contents - (krb5_context, krb5_sam_challenge * ); -void KRB5_CALLCONV krb5_free_sam_challenge_2_contents - (krb5_context, krb5_sam_challenge_2 * ); -void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents - (krb5_context, krb5_sam_challenge_2_body * ); -void KRB5_CALLCONV krb5_free_sam_response_contents - (krb5_context, krb5_sam_response * ); -void KRB5_CALLCONV krb5_free_sam_response_2_contents - (krb5_context, krb5_sam_response_2 *); -void KRB5_CALLCONV krb5_free_predicted_sam_response_contents - (krb5_context, krb5_predicted_sam_response * ); -void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents - (krb5_context, krb5_enc_sam_response_enc * ); -void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents - (krb5_context, krb5_enc_sam_response_enc_2 * ); - -void KRB5_CALLCONV krb5_free_pa_enc_ts - (krb5_context, krb5_pa_enc_ts *); -void KRB5_CALLCONV krb5_free_pa_for_user - (krb5_context, krb5_pa_for_user * ); -void KRB5_CALLCONV krb5_free_s4u_userid_contents - (krb5_context, krb5_s4u_userid * ); -void KRB5_CALLCONV krb5_free_pa_s4u_x509_user - (krb5_context, krb5_pa_s4u_x509_user * ); -void KRB5_CALLCONV krb5_free_pa_svr_referral_data - (krb5_context, krb5_pa_svr_referral_data * ); -void KRB5_CALLCONV krb5_free_pa_server_referral_data - (krb5_context, krb5_pa_server_referral_data * ); -void KRB5_CALLCONV krb5_free_pa_pac_req - (krb5_context, krb5_pa_pac_req * ); -void KRB5_CALLCONV krb5_free_etype_list - (krb5_context, krb5_etype_list * ); - -void KRB5_CALLCONV krb5_free_fast_armor -(krb5_context, krb5_fast_armor *); -void KRB5_CALLCONV krb5_free_fast_armored_req -(krb5_context, krb5_fast_armored_req *); +krb5_get_init_creds(krb5_context context, krb5_creds *creds, + krb5_principal client, krb5_prompter_fct prompter, + void *prompter_data, krb5_deltat start_time, + char *in_tkt_service, krb5_gic_opt_ext *gic_options, + krb5_gic_get_as_key_fct gak, void *gak_data, + int *master, krb5_kdc_rep **as_reply); + +krb5_error_code +krb5int_populate_gic_opt (krb5_context, krb5_gic_opt_ext **, + krb5_flags options, krb5_address *const *addrs, + krb5_enctype *ktypes, + krb5_preauthtype *pre_auth_types, krb5_creds *creds); + + +krb5_error_code KRB5_CALLCONV +krb5_do_preauth(krb5_context context, krb5_kdc_req *request, + krb5_data *encoded_request_body, + krb5_data *encoded_previous_request, krb5_pa_data **in_padata, + krb5_pa_data ***out_padata, krb5_data *salt, + krb5_data *s2kparams, krb5_enctype *etype, + krb5_keyblock *as_key, krb5_prompter_fct prompter, + void *prompter_data, krb5_gic_get_as_key_fct gak_fct, + void *gak_data, krb5_preauth_client_rock *get_data_rock, + krb5_gic_opt_ext *opte); + +krb5_error_code KRB5_CALLCONV +krb5_do_preauth_tryagain(krb5_context context, krb5_kdc_req *request, + krb5_data *encoded_request_body, + krb5_data *encoded_previous_request, + krb5_pa_data **in_padata, krb5_pa_data ***out_padata, + krb5_error *err_reply, + krb5_data *salt, krb5_data *s2kparams, + krb5_enctype *etype, krb5_keyblock *as_key, + krb5_prompter_fct prompter, void *prompter_data, + krb5_gic_get_as_key_fct gak_fct, void *gak_data, + krb5_preauth_client_rock *get_data_rock, + krb5_gic_opt_ext *opte); + +void KRB5_CALLCONV krb5_init_preauth_context(krb5_context); +void KRB5_CALLCONV krb5_free_preauth_context(krb5_context); +void KRB5_CALLCONV krb5_clear_preauth_context_use_counts(krb5_context); +void KRB5_CALLCONV krb5_preauth_prepare_request(krb5_context, + krb5_gic_opt_ext *, + krb5_kdc_req *); +void KRB5_CALLCONV krb5_preauth_request_context_init(krb5_context); +void KRB5_CALLCONV krb5_preauth_request_context_fini(krb5_context); + +void KRB5_CALLCONV +krb5_free_sam_challenge(krb5_context, krb5_sam_challenge *); + +void KRB5_CALLCONV +krb5_free_sam_challenge_2(krb5_context, krb5_sam_challenge_2 *); + +void KRB5_CALLCONV +krb5_free_sam_challenge_2_body(krb5_context, krb5_sam_challenge_2_body *); + +void KRB5_CALLCONV +krb5_free_sam_response(krb5_context, krb5_sam_response *); + +void KRB5_CALLCONV +krb5_free_sam_response_2(krb5_context, krb5_sam_response_2 *); + +void KRB5_CALLCONV +krb5_free_predicted_sam_response(krb5_context, krb5_predicted_sam_response *); + +void KRB5_CALLCONV +krb5_free_enc_sam_response_enc(krb5_context, krb5_enc_sam_response_enc *); + +void KRB5_CALLCONV +krb5_free_enc_sam_response_enc_2(krb5_context, krb5_enc_sam_response_enc_2 *); + +void KRB5_CALLCONV +krb5_free_sam_challenge_contents(krb5_context, krb5_sam_challenge *); + +void KRB5_CALLCONV +krb5_free_sam_challenge_2_contents(krb5_context, krb5_sam_challenge_2 *); + +void KRB5_CALLCONV +krb5_free_sam_challenge_2_body_contents(krb5_context, + krb5_sam_challenge_2_body *); + +void KRB5_CALLCONV +krb5_free_sam_response_contents(krb5_context, krb5_sam_response *); + +void KRB5_CALLCONV +krb5_free_sam_response_2_contents(krb5_context, krb5_sam_response_2 *); + +void KRB5_CALLCONV +krb5_free_predicted_sam_response_contents(krb5_context, + krb5_predicted_sam_response * ); + +void KRB5_CALLCONV +krb5_free_enc_sam_response_enc_contents(krb5_context, + krb5_enc_sam_response_enc * ); + +void KRB5_CALLCONV +krb5_free_enc_sam_response_enc_2_contents(krb5_context, + krb5_enc_sam_response_enc_2 * ); + +void KRB5_CALLCONV +krb5_free_pa_enc_ts(krb5_context, krb5_pa_enc_ts *); + +void KRB5_CALLCONV +krb5_free_pa_for_user(krb5_context, krb5_pa_for_user *); + +void KRB5_CALLCONV +krb5_free_s4u_userid_contents(krb5_context, krb5_s4u_userid *); + +void KRB5_CALLCONV +krb5_free_pa_s4u_x509_user(krb5_context, krb5_pa_s4u_x509_user *); + +void KRB5_CALLCONV +krb5_free_pa_svr_referral_data(krb5_context, krb5_pa_svr_referral_data *); + +void KRB5_CALLCONV +krb5_free_pa_server_referral_data(krb5_context, + krb5_pa_server_referral_data * ); + +void KRB5_CALLCONV +krb5_free_pa_pac_req(krb5_context, krb5_pa_pac_req * ); + +void KRB5_CALLCONV +krb5_free_etype_list(krb5_context, krb5_etype_list * ); + +void KRB5_CALLCONV krb5_free_fast_armor(krb5_context, krb5_fast_armor *); +void KRB5_CALLCONV krb5_free_fast_armored_req(krb5_context, + krb5_fast_armored_req *); void KRB5_CALLCONV krb5_free_fast_req(krb5_context, krb5_fast_req *); -void KRB5_CALLCONV krb5_free_fast_finished -(krb5_context, krb5_fast_finished *); -void KRB5_CALLCONV krb5_free_fast_response -(krb5_context, krb5_fast_response *); -void KRB5_CALLCONV krb5_free_ad_kdcissued -(krb5_context, krb5_ad_kdcissued *); -void KRB5_CALLCONV krb5_free_ad_signedpath -(krb5_context, krb5_ad_signedpath *); +void KRB5_CALLCONV krb5_free_fast_finished(krb5_context, krb5_fast_finished *); +void KRB5_CALLCONV krb5_free_fast_response(krb5_context, krb5_fast_response *); +void KRB5_CALLCONV krb5_free_ad_kdcissued(krb5_context, krb5_ad_kdcissued *); +void KRB5_CALLCONV krb5_free_ad_signedpath(krb5_context, krb5_ad_signedpath *); /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ #include "com_err.h" @@ -1414,131 +1370,120 @@ struct _krb5_authdata_context { krb5_magic magic; int n_modules; struct _krb5_authdata_context_module { - krb5_authdatatype ad_type; - void *plugin_context; + krb5_authdatatype ad_type; + void *plugin_context; authdata_client_plugin_fini_proc client_fini; - krb5_flags flags; - krb5plugin_authdata_client_ftable_v0 *ftable; - authdata_client_request_init_proc client_req_init; - authdata_client_request_fini_proc client_req_fini; - const char *name; - void *request_context; - void **request_context_pp; + krb5_flags flags; + krb5plugin_authdata_client_ftable_v0 *ftable; + authdata_client_request_init_proc client_req_init; + authdata_client_request_fini_proc client_req_fini; + const char *name; + void *request_context; + void **request_context_pp; } *modules; struct plugin_dir_handle plugins; }; typedef struct _krb5_authdata_context *krb5_authdata_context; -void KRB5_CALLCONV krb5int_free_data_list -(krb5_context context, krb5_data *data); +void KRB5_CALLCONV +krb5int_free_data_list(krb5_context context, krb5_data *data); -krb5_error_code KRB5_CALLCONV krb5_authdata_context_init -(krb5_context kcontext, krb5_authdata_context *pcontext); +krb5_error_code KRB5_CALLCONV +krb5_authdata_context_init(krb5_context kcontext, + krb5_authdata_context *pcontext); void KRB5_CALLCONV -krb5_authdata_context_free -(krb5_context kcontext, krb5_authdata_context context); +krb5_authdata_context_free(krb5_context kcontext, + krb5_authdata_context context); + +krb5_error_code KRB5_CALLCONV +krb5_authdata_export_authdata(krb5_context kcontext, + krb5_authdata_context context, krb5_flags usage, + krb5_authdata ***pauthdata); + +krb5_error_code KRB5_CALLCONV +krb5_authdata_get_attribute_types(krb5_context kcontext, + krb5_authdata_context context, + krb5_data **attrs); + +krb5_error_code KRB5_CALLCONV +krb5_authdata_get_attribute(krb5_context kcontext, + krb5_authdata_context context, + const krb5_data *attribute, + krb5_boolean *authenticated, + krb5_boolean *complete, krb5_data *value, + krb5_data *display_value, int *more); + +krb5_error_code KRB5_CALLCONV +krb5_authdata_set_attribute(krb5_context kcontext, + krb5_authdata_context context, + krb5_boolean complete, const krb5_data *attribute, + const krb5_data *value); + +krb5_error_code KRB5_CALLCONV +krb5_authdata_delete_attribute(krb5_context kcontext, + krb5_authdata_context context, + const krb5_data *attribute); -krb5_error_code KRB5_CALLCONV krb5_authdata_export_authdata -(krb5_context kcontext, - krb5_authdata_context context, - krb5_flags usage, - krb5_authdata ***pauthdata); +krb5_error_code KRB5_CALLCONV +krb5_authdata_import_attributes(krb5_context kcontext, + krb5_authdata_context context, + krb5_flags usage, const krb5_data *attributes); + +krb5_error_code KRB5_CALLCONV +krb5_authdata_export_attributes(krb5_context kcontext, + krb5_authdata_context context, + krb5_flags usage, krb5_data **pattributes); krb5_error_code KRB5_CALLCONV -krb5_authdata_get_attribute_types -(krb5_context kcontext, - krb5_authdata_context context, - krb5_data **attrs); - -krb5_error_code KRB5_CALLCONV krb5_authdata_get_attribute -(krb5_context kcontext, - krb5_authdata_context context, - const krb5_data *attribute, - krb5_boolean *authenticated, - krb5_boolean *complete, - krb5_data *value, - krb5_data *display_value, - int *more); - -krb5_error_code KRB5_CALLCONV krb5_authdata_set_attribute -(krb5_context kcontext, - krb5_authdata_context context, - krb5_boolean complete, - const krb5_data *attribute, - const krb5_data *value); +krb5_authdata_export_internal(krb5_context kcontext, + krb5_authdata_context context, + krb5_boolean restrict_authenticated, + const char *module, void **ptr); krb5_error_code KRB5_CALLCONV -krb5_authdata_delete_attribute -(krb5_context kcontext, - krb5_authdata_context context, - const krb5_data *attribute); - -krb5_error_code KRB5_CALLCONV krb5_authdata_import_attributes -(krb5_context kcontext, - krb5_authdata_context context, - krb5_flags usage, - const krb5_data *attributes); - -krb5_error_code KRB5_CALLCONV krb5_authdata_export_attributes -(krb5_context kcontext, - krb5_authdata_context context, - krb5_flags usage, - krb5_data **pattributes); - -krb5_error_code KRB5_CALLCONV krb5_authdata_export_internal -(krb5_context kcontext, - krb5_authdata_context context, - krb5_boolean restrict_authenticated, - const char *module, - void **ptr); - -krb5_error_code KRB5_CALLCONV krb5_authdata_context_copy -(krb5_context kcontext, - krb5_authdata_context src, - krb5_authdata_context *dst); - -krb5_error_code KRB5_CALLCONV krb5_authdata_free_internal -(krb5_context kcontext, - krb5_authdata_context context, - const char *module, - void *ptr); - - -struct _kdb5_dal_handle; /* private, in kdb5.h */ +krb5_authdata_context_copy(krb5_context kcontext, krb5_authdata_context src, + krb5_authdata_context *dst); + +krb5_error_code KRB5_CALLCONV +krb5_authdata_free_internal(krb5_context kcontext, + krb5_authdata_context context, const char *module, + void *ptr); + +struct _kdb5_dal_handle; /* private, in kdb5.h */ typedef struct _kdb5_dal_handle kdb5_dal_handle; struct _kdb_log_context; struct _krb5_context { - krb5_magic magic; - krb5_enctype *in_tkt_etypes; - krb5_enctype *tgs_etypes; - struct _krb5_os_context os_context; - char *default_realm; - profile_t profile; - kdb5_dal_handle *dal_handle; - int ser_ctx_count; - void *ser_ctx; - /* allowable clock skew */ - krb5_deltat clockskew; - krb5_cksumtype kdc_req_sumtype; - krb5_cksumtype default_ap_req_sumtype; - krb5_cksumtype default_safe_sumtype; - krb5_flags kdc_default_options; - krb5_flags library_options; - krb5_boolean profile_secure; - int fcc_default_format; - krb5_prompt_type *prompt_types; - /* Message size above which we'll try TCP first in send-to-kdc - type code. Aside from the 2**16 size limit, we put no - absolute limit on the UDP packet size. */ - int udp_pref_limit; - - /* Use the config-file ktypes instead of app-specified? */ - krb5_boolean use_conf_ktypes; + krb5_magic magic; + krb5_enctype *in_tkt_etypes; + krb5_enctype *tgs_etypes; + struct _krb5_os_context os_context; + char *default_realm; + profile_t profile; + kdb5_dal_handle *dal_handle; + int ser_ctx_count; + void *ser_ctx; + /* allowable clock skew */ + krb5_deltat clockskew; + krb5_cksumtype kdc_req_sumtype; + krb5_cksumtype default_ap_req_sumtype; + krb5_cksumtype default_safe_sumtype; + krb5_flags kdc_default_options; + krb5_flags library_options; + krb5_boolean profile_secure; + int fcc_default_format; + krb5_prompt_type *prompt_types; + /* Message size above which we'll try TCP first in send-to-kdc + type code. Aside from the 2**16 size limit, we put no + absolute limit on the UDP packet size. */ + int udp_pref_limit; + + /* Use the config-file ktypes instead of app-specified? */ + krb5_boolean use_conf_ktypes; #ifdef KRB5_DNS_LOOKUP - krb5_boolean profile_in_memory; + krb5_boolean profile_in_memory; #endif /* KRB5_DNS_LOOKUP */ /* locate_kdc module stuff */ @@ -1562,43 +1507,40 @@ struct _krb5_context { /* could be used in a table to find an etype and initialize a block */ -#define KRB5_LIBOPT_SYNC_KDCTIME 0x0001 +#define KRB5_LIBOPT_SYNC_KDCTIME 0x0001 /* internal message representations */ typedef struct _krb5_safe { krb5_magic magic; - krb5_data user_data; /* user data */ - krb5_timestamp timestamp; /* client time, optional */ - krb5_int32 usec; /* microsecond portion of time, - optional */ - krb5_ui_4 seq_number; /* sequence #, optional */ - krb5_address *s_address; /* sender address */ - krb5_address *r_address; /* recipient address, optional */ - krb5_checksum *checksum; /* data integrity checksum */ + krb5_data user_data; /* user data */ + krb5_timestamp timestamp; /* client time, optional */ + krb5_int32 usec; /* microsecond portion of time, + optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ + krb5_address *s_address; /* sender address */ + krb5_address *r_address; /* recipient address, optional */ + krb5_checksum *checksum; /* data integrity checksum */ } krb5_safe; typedef struct _krb5_priv { krb5_magic magic; - krb5_enc_data enc_part; /* encrypted part */ + krb5_enc_data enc_part; /* encrypted part */ } krb5_priv; typedef struct _krb5_priv_enc_part { krb5_magic magic; - krb5_data user_data; /* user data */ - krb5_timestamp timestamp; /* client time, optional */ - krb5_int32 usec; /* microsecond portion of time, opt. */ - krb5_ui_4 seq_number; /* sequence #, optional */ - krb5_address *s_address; /* sender address */ - krb5_address *r_address; /* recipient address, optional */ + krb5_data user_data; /* user data */ + krb5_timestamp timestamp; /* client time, optional */ + krb5_int32 usec; /* microsecond portion of time, opt. */ + krb5_ui_4 seq_number; /* sequence #, optional */ + krb5_address *s_address; /* sender address */ + krb5_address *r_address; /* recipient address, optional */ } krb5_priv_enc_part; -void KRB5_CALLCONV krb5_free_safe - (krb5_context, krb5_safe * ); -void KRB5_CALLCONV krb5_free_priv - (krb5_context, krb5_priv * ); -void KRB5_CALLCONV krb5_free_priv_enc_part - (krb5_context, krb5_priv_enc_part * ); +void KRB5_CALLCONV krb5_free_safe(krb5_context, krb5_safe *); +void KRB5_CALLCONV krb5_free_priv(krb5_context, krb5_priv *); +void KRB5_CALLCONV krb5_free_priv_enc_part(krb5_context, krb5_priv_enc_part *); /* * Begin "asn1.h" @@ -1626,11 +1568,11 @@ void KRB5_CALLCONV krb5_free_priv_enc_part EncKrbPrivPart is APPLICATION 28. EncKrbCredPart is APPLICATION 29. KRB_ERROR is APPLICATION 30. - */ +*/ /* allow either constructed or primitive encoding, so check for bit 6 set or reset */ -#define krb5int_is_app_tag(dat,tag)\ - ((dat) && (dat)->length && \ +#define krb5int_is_app_tag(dat,tag) \ + ((dat) && (dat)->length && \ ((((dat)->data[0] & ~0x20) == ((tag) | 0x40)))) #define krb5_is_krb_ticket(dat) krb5int_is_app_tag(dat, 1) #define krb5_is_krb_authenticator(dat) krb5int_is_app_tag(dat, 2) @@ -1655,380 +1597,400 @@ void KRB5_CALLCONV krb5_free_priv_enc_part *************************************************************************/ /* - krb5_error_code encode_krb5_structure(const krb5_structure *rep, - krb5_data **code); - modifies *code - effects Returns the ASN.1 encoding of *rep in **code. - Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep. - Returns ENOMEM if memory runs out. + krb5_error_code encode_krb5_structure(const krb5_structure *rep, + krb5_data **code); + modifies *code + effects Returns the ASN.1 encoding of *rep in **code. + Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep. + Returns ENOMEM if memory runs out. */ -krb5_error_code encode_krb5_authenticator - (const krb5_authenticator *rep, krb5_data **code); +krb5_error_code +encode_krb5_authenticator(const krb5_authenticator *rep, krb5_data **code); -krb5_error_code encode_krb5_ticket - (const krb5_ticket *rep, krb5_data **code); +krb5_error_code +encode_krb5_ticket(const krb5_ticket *rep, krb5_data **code); -krb5_error_code encode_krb5_encryption_key - (const krb5_keyblock *rep, krb5_data **code); +krb5_error_code +encode_krb5_encryption_key(const krb5_keyblock *rep, krb5_data **code); -krb5_error_code encode_krb5_enc_tkt_part - (const krb5_enc_tkt_part *rep, krb5_data **code); +krb5_error_code +encode_krb5_enc_tkt_part(const krb5_enc_tkt_part *rep, krb5_data **code); -krb5_error_code encode_krb5_enc_kdc_rep_part - (const krb5_enc_kdc_rep_part *rep, krb5_data **code); +krb5_error_code +encode_krb5_enc_kdc_rep_part(const krb5_enc_kdc_rep_part *rep, + krb5_data **code); /* yes, the translation is identical to that used for KDC__REP */ -krb5_error_code encode_krb5_as_rep - (const krb5_kdc_rep *rep, krb5_data **code); +krb5_error_code +encode_krb5_as_rep(const krb5_kdc_rep *rep, krb5_data **code); /* yes, the translation is identical to that used for KDC__REP */ -krb5_error_code encode_krb5_tgs_rep - (const krb5_kdc_rep *rep, krb5_data **code); +krb5_error_code +encode_krb5_tgs_rep(const krb5_kdc_rep *rep, krb5_data **code); -krb5_error_code encode_krb5_ap_req - (const krb5_ap_req *rep, krb5_data **code); +krb5_error_code +encode_krb5_ap_req(const krb5_ap_req *rep, krb5_data **code); -krb5_error_code encode_krb5_ap_rep - (const krb5_ap_rep *rep, krb5_data **code); +krb5_error_code +encode_krb5_ap_rep(const krb5_ap_rep *rep, krb5_data **code); -krb5_error_code encode_krb5_ap_rep_enc_part - (const krb5_ap_rep_enc_part *rep, krb5_data **code); +krb5_error_code +encode_krb5_ap_rep_enc_part(const krb5_ap_rep_enc_part *rep, krb5_data **code); -krb5_error_code encode_krb5_as_req - (const krb5_kdc_req *rep, krb5_data **code); +krb5_error_code +encode_krb5_as_req(const krb5_kdc_req *rep, krb5_data **code); -krb5_error_code encode_krb5_tgs_req - (const krb5_kdc_req *rep, krb5_data **code); +krb5_error_code +encode_krb5_tgs_req(const krb5_kdc_req *rep, krb5_data **code); -krb5_error_code encode_krb5_kdc_req_body - (const krb5_kdc_req *rep, krb5_data **code); +krb5_error_code +encode_krb5_kdc_req_body(const krb5_kdc_req *rep, krb5_data **code); -krb5_error_code encode_krb5_safe - (const krb5_safe *rep, krb5_data **code); +krb5_error_code +encode_krb5_safe(const krb5_safe *rep, krb5_data **code); struct krb5_safe_with_body { krb5_safe *safe; krb5_data *body; }; -krb5_error_code encode_krb5_safe_with_body - (const struct krb5_safe_with_body *rep, krb5_data **code); +krb5_error_code +encode_krb5_safe_with_body(const struct krb5_safe_with_body *rep, + krb5_data **code); -krb5_error_code encode_krb5_priv - (const krb5_priv *rep, krb5_data **code); +krb5_error_code +encode_krb5_priv(const krb5_priv *rep, krb5_data **code); -krb5_error_code encode_krb5_enc_priv_part - (const krb5_priv_enc_part *rep, krb5_data **code); +krb5_error_code +encode_krb5_enc_priv_part(const krb5_priv_enc_part *rep, krb5_data **code); -krb5_error_code encode_krb5_cred - (const krb5_cred *rep, krb5_data **code); +krb5_error_code +encode_krb5_cred(const krb5_cred *rep, krb5_data **code); -krb5_error_code encode_krb5_enc_cred_part - (const krb5_cred_enc_part *rep, krb5_data **code); +krb5_error_code +encode_krb5_enc_cred_part(const krb5_cred_enc_part *rep, krb5_data **code); -krb5_error_code encode_krb5_error - (const krb5_error *rep, krb5_data **code); +krb5_error_code +encode_krb5_error(const krb5_error *rep, krb5_data **code); -krb5_error_code encode_krb5_authdata - (krb5_authdata *const *rep, krb5_data **code); +krb5_error_code +encode_krb5_authdata(krb5_authdata *const *rep, krb5_data **code); -krb5_error_code encode_krb5_authdata_elt - (const krb5_authdata *rep, krb5_data **code); +krb5_error_code +encode_krb5_authdata_elt(const krb5_authdata *rep, krb5_data **code); -krb5_error_code encode_krb5_pwd_sequence - (const passwd_phrase_element *rep, krb5_data **code); +krb5_error_code +encode_krb5_pwd_sequence(const passwd_phrase_element *rep, krb5_data **code); -krb5_error_code encode_krb5_pwd_data - (const krb5_pwd_data *rep, krb5_data **code); +krb5_error_code +encode_krb5_pwd_data(const krb5_pwd_data *rep, krb5_data **code); + +krb5_error_code +encode_krb5_padata_sequence(krb5_pa_data *const *rep, krb5_data **code); -krb5_error_code encode_krb5_padata_sequence - (krb5_pa_data *const *rep, krb5_data **code); +krb5_error_code +encode_krb5_alt_method(const krb5_alt_method *, krb5_data **code); -krb5_error_code encode_krb5_alt_method - (const krb5_alt_method *, krb5_data **code); +krb5_error_code +encode_krb5_etype_info(krb5_etype_info_entry *const *, krb5_data **code); -krb5_error_code encode_krb5_etype_info - (krb5_etype_info_entry *const *, krb5_data **code); -krb5_error_code encode_krb5_etype_info2 - (krb5_etype_info_entry *const *, krb5_data **code); +krb5_error_code +encode_krb5_etype_info2(krb5_etype_info_entry *const *, krb5_data **code); -krb5_error_code encode_krb5_enc_data - (const krb5_enc_data *, krb5_data **); +krb5_error_code +encode_krb5_enc_data(const krb5_enc_data *, krb5_data **); -krb5_error_code encode_krb5_pa_enc_ts - (const krb5_pa_enc_ts *, krb5_data **); +krb5_error_code +encode_krb5_pa_enc_ts(const krb5_pa_enc_ts *, krb5_data **); -krb5_error_code encode_krb5_sam_challenge - (const krb5_sam_challenge * , krb5_data **); +krb5_error_code +encode_krb5_sam_challenge(const krb5_sam_challenge * , krb5_data **); -krb5_error_code encode_krb5_sam_key - (const krb5_sam_key * , krb5_data **); +krb5_error_code +encode_krb5_sam_key(const krb5_sam_key * , krb5_data **); -krb5_error_code encode_krb5_enc_sam_response_enc - (const krb5_enc_sam_response_enc * , krb5_data **); +krb5_error_code +encode_krb5_enc_sam_response_enc(const krb5_enc_sam_response_enc *, + krb5_data **); -krb5_error_code encode_krb5_sam_response - (const krb5_sam_response * , krb5_data **); +krb5_error_code +encode_krb5_sam_response(const krb5_sam_response *, krb5_data **); #if 0 /* currently not compiled because we never use them */ -krb5_error_code encode_krb5_sam_challenge_2 - (const krb5_sam_challenge_2 * , krb5_data **); +krb5_error_code +encode_krb5_sam_challenge_2(const krb5_sam_challenge_2 * , krb5_data **); -krb5_error_code encode_krb5_sam_challenge_2_body - (const krb5_sam_challenge_2_body * , krb5_data **); +krb5_error_code +encode_krb5_sam_challenge_2_body(const krb5_sam_challenge_2_body *, + krb5_data **); #endif -krb5_error_code encode_krb5_enc_sam_response_enc_2 - (const krb5_enc_sam_response_enc_2 * , krb5_data **); +krb5_error_code +encode_krb5_enc_sam_response_enc_2(const krb5_enc_sam_response_enc_2 *, + krb5_data **); -krb5_error_code encode_krb5_sam_response_2 - (const krb5_sam_response_2 * , krb5_data **); +krb5_error_code +encode_krb5_sam_response_2(const krb5_sam_response_2 * , krb5_data **); -krb5_error_code encode_krb5_predicted_sam_response - (const krb5_predicted_sam_response * , krb5_data **); +krb5_error_code +encode_krb5_predicted_sam_response(const krb5_predicted_sam_response *, + krb5_data **); struct krb5_setpw_req { krb5_principal target; krb5_data password; }; -krb5_error_code encode_krb5_setpw_req - (const struct krb5_setpw_req *rep, krb5_data **code); +krb5_error_code +encode_krb5_setpw_req(const struct krb5_setpw_req *rep, krb5_data **code); + +krb5_error_code +encode_krb5_pa_for_user(const krb5_pa_for_user *, krb5_data **); + +krb5_error_code +encode_krb5_s4u_userid(const krb5_s4u_userid *, krb5_data **); + +krb5_error_code +encode_krb5_pa_s4u_x509_user(const krb5_pa_s4u_x509_user *, krb5_data **); + +krb5_error_code +encode_krb5_pa_svr_referral_data(const krb5_pa_svr_referral_data *, + krb5_data **); -krb5_error_code encode_krb5_pa_for_user - (const krb5_pa_for_user * , krb5_data **); +krb5_error_code +encode_krb5_pa_server_referral_data(const krb5_pa_server_referral_data *, + krb5_data **); -krb5_error_code encode_krb5_s4u_userid - (const krb5_s4u_userid * , krb5_data **); +krb5_error_code +encode_krb5_pa_pac_req(const krb5_pa_pac_req *, krb5_data **); -krb5_error_code encode_krb5_pa_s4u_x509_user - (const krb5_pa_s4u_x509_user * , krb5_data **); +krb5_error_code +encode_krb5_etype_list(const krb5_etype_list * , krb5_data **); -krb5_error_code encode_krb5_pa_svr_referral_data - (const krb5_pa_svr_referral_data * , krb5_data **); +krb5_error_code +encode_krb5_pa_fx_fast_request(const krb5_fast_armored_req *, krb5_data **); -krb5_error_code encode_krb5_pa_server_referral_data - (const krb5_pa_server_referral_data * , krb5_data **); +krb5_error_code +encode_krb5_fast_req(const krb5_fast_req *, krb5_data **); -krb5_error_code encode_krb5_pa_pac_req - (const krb5_pa_pac_req * , krb5_data **); +krb5_error_code +encode_krb5_pa_fx_fast_reply(const krb5_enc_data *, krb5_data **); -krb5_error_code encode_krb5_etype_list - (const krb5_etype_list * , krb5_data **); +krb5_error_code +encode_krb5_fast_response(const krb5_fast_response *, krb5_data **); -krb5_error_code encode_krb5_pa_fx_fast_request -(const krb5_fast_armored_req *, krb5_data **); -krb5_error_code encode_krb5_fast_req -(const krb5_fast_req *, krb5_data **); -krb5_error_code encode_krb5_pa_fx_fast_reply -(const krb5_enc_data *, krb5_data **); +krb5_error_code +encode_krb5_ad_kdcissued(const krb5_ad_kdcissued *, krb5_data **); -krb5_error_code encode_krb5_fast_response -(const krb5_fast_response *, krb5_data **); +krb5_error_code +encode_krb5_ad_signedpath(const krb5_ad_signedpath *, krb5_data **); -krb5_error_code encode_krb5_ad_kdcissued -(const krb5_ad_kdcissued *, krb5_data **); -krb5_error_code encode_krb5_ad_signedpath -(const krb5_ad_signedpath *, krb5_data **); -krb5_error_code encode_krb5_ad_signedpath_data -(const krb5_ad_signedpath_data *, krb5_data **); +krb5_error_code +encode_krb5_ad_signedpath_data(const krb5_ad_signedpath_data *, krb5_data **); /************************************************************************* * End of prototypes for krb5_encode.c *************************************************************************/ -krb5_error_code decode_krb5_sam_challenge - (const krb5_data *, krb5_sam_challenge **); +krb5_error_code +decode_krb5_sam_challenge(const krb5_data *, krb5_sam_challenge **); -krb5_error_code decode_krb5_enc_sam_key - (const krb5_data *, krb5_sam_key **); +krb5_error_code +decode_krb5_enc_sam_key(const krb5_data *, krb5_sam_key **); -krb5_error_code decode_krb5_enc_sam_response_enc - (const krb5_data *, krb5_enc_sam_response_enc **); +krb5_error_code +decode_krb5_enc_sam_response_enc(const krb5_data *, + krb5_enc_sam_response_enc **); -krb5_error_code decode_krb5_sam_response - (const krb5_data *, krb5_sam_response **); +krb5_error_code +decode_krb5_sam_response(const krb5_data *, krb5_sam_response **); -krb5_error_code decode_krb5_predicted_sam_response - (const krb5_data *, krb5_predicted_sam_response **); +krb5_error_code +decode_krb5_predicted_sam_response(const krb5_data *, + krb5_predicted_sam_response **); -krb5_error_code decode_krb5_sam_challenge_2 - (const krb5_data *, krb5_sam_challenge_2 **); +krb5_error_code +decode_krb5_sam_challenge_2(const krb5_data *, krb5_sam_challenge_2 **); -krb5_error_code decode_krb5_sam_challenge_2_body - (const krb5_data *, krb5_sam_challenge_2_body **); +krb5_error_code +decode_krb5_sam_challenge_2_body(const krb5_data *, + krb5_sam_challenge_2_body **); -krb5_error_code decode_krb5_enc_sam_response_enc_2 - (const krb5_data *, krb5_enc_sam_response_enc_2 **); +krb5_error_code +decode_krb5_enc_sam_response_enc_2(const krb5_data *, + krb5_enc_sam_response_enc_2 **); -krb5_error_code decode_krb5_sam_response_2 - (const krb5_data *, krb5_sam_response_2 **); +krb5_error_code +decode_krb5_sam_response_2(const krb5_data *, krb5_sam_response_2 **); /************************************************************************* * Prototypes for krb5_decode.c *************************************************************************/ -krb5_error_code krb5_validate_times - (krb5_context, - krb5_ticket_times *); +krb5_error_code +krb5_validate_times(krb5_context, krb5_ticket_times *); /* - krb5_error_code decode_krb5_structure(const krb5_data *code, - krb5_structure **rep); - - requires Expects **rep to not have been allocated; - a new *rep is allocated regardless of the old value. - effects Decodes *code into **rep. - Returns ENOMEM if memory is exhausted. - Returns asn1 and krb5 errors. + krb5_error_code decode_krb5_structure(const krb5_data *code, + krb5_structure **rep); + + requires Expects **rep to not have been allocated; + a new *rep is allocated regardless of the old value. + effects Decodes *code into **rep. + Returns ENOMEM if memory is exhausted. + Returns asn1 and krb5 errors. */ -krb5_error_code decode_krb5_authenticator - (const krb5_data *code, krb5_authenticator **rep); - -krb5_error_code decode_krb5_ticket - (const krb5_data *code, krb5_ticket **rep); +krb5_error_code +decode_krb5_authenticator(const krb5_data *code, krb5_authenticator **rep); -krb5_error_code decode_krb5_encryption_key - (const krb5_data *output, krb5_keyblock **rep); +krb5_error_code +decode_krb5_ticket(const krb5_data *code, krb5_ticket **rep); -krb5_error_code decode_krb5_enc_tkt_part - (const krb5_data *output, krb5_enc_tkt_part **rep); +krb5_error_code +decode_krb5_encryption_key(const krb5_data *output, krb5_keyblock **rep); -krb5_error_code decode_krb5_enc_kdc_rep_part - (const krb5_data *output, krb5_enc_kdc_rep_part **rep); +krb5_error_code +decode_krb5_enc_tkt_part(const krb5_data *output, krb5_enc_tkt_part **rep); -krb5_error_code decode_krb5_as_rep - (const krb5_data *output, krb5_kdc_rep **rep); +krb5_error_code +decode_krb5_enc_kdc_rep_part(const krb5_data *output, + krb5_enc_kdc_rep_part **rep); -krb5_error_code decode_krb5_tgs_rep - (const krb5_data *output, krb5_kdc_rep **rep); +krb5_error_code +decode_krb5_as_rep(const krb5_data *output, krb5_kdc_rep **rep); -krb5_error_code decode_krb5_ap_req - (const krb5_data *output, krb5_ap_req **rep); +krb5_error_code +decode_krb5_tgs_rep(const krb5_data *output, krb5_kdc_rep **rep); -krb5_error_code decode_krb5_ap_rep - (const krb5_data *output, krb5_ap_rep **rep); +krb5_error_code +decode_krb5_ap_req(const krb5_data *output, krb5_ap_req **rep); -krb5_error_code decode_krb5_ap_rep_enc_part - (const krb5_data *output, krb5_ap_rep_enc_part **rep); +krb5_error_code +decode_krb5_ap_rep(const krb5_data *output, krb5_ap_rep **rep); -krb5_error_code decode_krb5_as_req - (const krb5_data *output, krb5_kdc_req **rep); +krb5_error_code +decode_krb5_ap_rep_enc_part(const krb5_data *output, + krb5_ap_rep_enc_part **rep); -krb5_error_code decode_krb5_tgs_req - (const krb5_data *output, krb5_kdc_req **rep); +krb5_error_code +decode_krb5_as_req(const krb5_data *output, krb5_kdc_req **rep); -krb5_error_code decode_krb5_kdc_req_body - (const krb5_data *output, krb5_kdc_req **rep); +krb5_error_code +decode_krb5_tgs_req(const krb5_data *output, krb5_kdc_req **rep); -krb5_error_code decode_krb5_safe - (const krb5_data *output, krb5_safe **rep); +krb5_error_code +decode_krb5_kdc_req_body(const krb5_data *output, krb5_kdc_req **rep); -krb5_error_code decode_krb5_safe_with_body - (const krb5_data *output, krb5_safe **rep, krb5_data *body); +krb5_error_code +decode_krb5_safe(const krb5_data *output, krb5_safe **rep); -krb5_error_code decode_krb5_priv - (const krb5_data *output, krb5_priv **rep); +krb5_error_code +decode_krb5_safe_with_body(const krb5_data *output, krb5_safe **rep, + krb5_data *body); -krb5_error_code decode_krb5_enc_priv_part - (const krb5_data *output, krb5_priv_enc_part **rep); +krb5_error_code +decode_krb5_priv(const krb5_data *output, krb5_priv **rep); -krb5_error_code decode_krb5_cred - (const krb5_data *output, krb5_cred **rep); +krb5_error_code +decode_krb5_enc_priv_part(const krb5_data *output, krb5_priv_enc_part **rep); -krb5_error_code decode_krb5_enc_cred_part - (const krb5_data *output, krb5_cred_enc_part **rep); +krb5_error_code +decode_krb5_cred(const krb5_data *output, krb5_cred **rep); -krb5_error_code decode_krb5_error - (const krb5_data *output, krb5_error **rep); +krb5_error_code +decode_krb5_enc_cred_part(const krb5_data *output, krb5_cred_enc_part **rep); -krb5_error_code decode_krb5_authdata - (const krb5_data *output, krb5_authdata ***rep); +krb5_error_code +decode_krb5_error(const krb5_data *output, krb5_error **rep); -krb5_error_code decode_krb5_pwd_sequence - (const krb5_data *output, passwd_phrase_element **rep); +krb5_error_code +decode_krb5_authdata(const krb5_data *output, krb5_authdata ***rep); -krb5_error_code decode_krb5_pwd_data - (const krb5_data *output, krb5_pwd_data **rep); +krb5_error_code +decode_krb5_pwd_sequence(const krb5_data *output, passwd_phrase_element **rep); -krb5_error_code decode_krb5_padata_sequence - (const krb5_data *output, krb5_pa_data ***rep); +krb5_error_code +decode_krb5_pwd_data(const krb5_data *output, krb5_pwd_data **rep); -krb5_error_code decode_krb5_alt_method - (const krb5_data *output, krb5_alt_method **rep); +krb5_error_code +decode_krb5_padata_sequence(const krb5_data *output, krb5_pa_data ***rep); -krb5_error_code decode_krb5_etype_info - (const krb5_data *output, krb5_etype_info_entry ***rep); +krb5_error_code +decode_krb5_alt_method(const krb5_data *output, krb5_alt_method **rep); -krb5_error_code decode_krb5_etype_info2 - (const krb5_data *output, krb5_etype_info_entry ***rep); +krb5_error_code +decode_krb5_etype_info(const krb5_data *output, krb5_etype_info_entry ***rep); -krb5_error_code decode_krb5_enc_data - (const krb5_data *output, krb5_enc_data **rep); +krb5_error_code +decode_krb5_etype_info2(const krb5_data *output, krb5_etype_info_entry ***rep); -krb5_error_code decode_krb5_pa_enc_ts - (const krb5_data *output, krb5_pa_enc_ts **rep); +krb5_error_code +decode_krb5_enc_data(const krb5_data *output, krb5_enc_data **rep); -krb5_error_code decode_krb5_sam_key - (const krb5_data *, krb5_sam_key **); +krb5_error_code +decode_krb5_pa_enc_ts(const krb5_data *output, krb5_pa_enc_ts **rep); -krb5_error_code decode_krb5_setpw_req - (const krb5_data *, krb5_data **, krb5_principal *); +krb5_error_code +decode_krb5_sam_key(const krb5_data *, krb5_sam_key **); -krb5_error_code decode_krb5_pa_for_user - (const krb5_data *, krb5_pa_for_user **); +krb5_error_code +decode_krb5_setpw_req(const krb5_data *, krb5_data **, krb5_principal *); -krb5_error_code decode_krb5_pa_s4u_x509_user - (const krb5_data *, krb5_pa_s4u_x509_user **); +krb5_error_code +decode_krb5_pa_for_user(const krb5_data *, krb5_pa_for_user **); -krb5_error_code decode_krb5_pa_svr_referral_data - (const krb5_data *, krb5_pa_svr_referral_data **); +krb5_error_code +decode_krb5_pa_s4u_x509_user(const krb5_data *, krb5_pa_s4u_x509_user **); -krb5_error_code decode_krb5_pa_server_referral_data - (const krb5_data *, krb5_pa_server_referral_data **); +krb5_error_code +decode_krb5_pa_svr_referral_data(const krb5_data *, + krb5_pa_svr_referral_data **); -krb5_error_code decode_krb5_pa_pac_req - (const krb5_data *, krb5_pa_pac_req **); +krb5_error_code +decode_krb5_pa_server_referral_data(const krb5_data *, + krb5_pa_server_referral_data **); -krb5_error_code decode_krb5_etype_list - (const krb5_data *, krb5_etype_list **); +krb5_error_code +decode_krb5_pa_pac_req(const krb5_data *, krb5_pa_pac_req **); -krb5_error_code decode_krb5_pa_fx_fast_request -(const krb5_data *, krb5_fast_armored_req **); +krb5_error_code +decode_krb5_etype_list(const krb5_data *, krb5_etype_list **); -krb5_error_code decode_krb5_fast_req -(const krb5_data *, krb5_fast_req **); +krb5_error_code +decode_krb5_pa_fx_fast_request(const krb5_data *, krb5_fast_armored_req **); +krb5_error_code +decode_krb5_fast_req(const krb5_data *, krb5_fast_req **); -krb5_error_code decode_krb5_pa_fx_fast_reply -(const krb5_data *, krb5_enc_data **); +krb5_error_code +decode_krb5_pa_fx_fast_reply(const krb5_data *, krb5_enc_data **); -krb5_error_code decode_krb5_fast_response -(const krb5_data *, krb5_fast_response **); +krb5_error_code +decode_krb5_fast_response(const krb5_data *, krb5_fast_response **); -krb5_error_code decode_krb5_ad_kdcissued -(const krb5_data *, krb5_ad_kdcissued **); +krb5_error_code +decode_krb5_ad_kdcissued(const krb5_data *, krb5_ad_kdcissued **); -krb5_error_code decode_krb5_ad_signedpath -(const krb5_data *, krb5_ad_signedpath **); +krb5_error_code +decode_krb5_ad_signedpath(const krb5_data *, krb5_ad_signedpath **); -struct _krb5_key_data; /* kdb.h */ +struct _krb5_key_data; /* kdb.h */ struct ldap_seqof_key_data { - krb5_int32 mkvno; /* Master key version number */ + krb5_int32 mkvno; /* Master key version number */ struct _krb5_key_data *key_data; krb5_int16 n_key_data; }; typedef struct ldap_seqof_key_data ldap_seqof_key_data; krb5_error_code -krb5int_ldap_encode_sequence_of_keys (const ldap_seqof_key_data *val, - krb5_data **code); +krb5int_ldap_encode_sequence_of_keys(const ldap_seqof_key_data *val, + krb5_data **code); krb5_error_code -krb5int_ldap_decode_sequence_of_keys (krb5_data *in, - ldap_seqof_key_data **rep); +krb5int_ldap_decode_sequence_of_keys(krb5_data *in, + ldap_seqof_key_data **rep); /************************************************************************* * End of prototypes for krb5_decode.c @@ -2043,171 +2005,144 @@ krb5int_ldap_decode_sequence_of_keys (krb5_data *in, /* * Internal krb5 library routines */ -krb5_error_code krb5_encrypt_tkt_part - (krb5_context, - const krb5_keyblock *, - krb5_ticket * ); - - -krb5_error_code krb5_encode_kdc_rep - (krb5_context, - krb5_msgtype, - const krb5_enc_kdc_rep_part *, - int using_subkey, - const krb5_keyblock *, - krb5_kdc_rep *, - krb5_data ** ); - -krb5_boolean krb5int_auth_con_chkseqnum - (krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq); +krb5_error_code +krb5_encrypt_tkt_part(krb5_context, const krb5_keyblock *, krb5_ticket *); + +krb5_error_code +krb5_encode_kdc_rep(krb5_context, krb5_msgtype, const krb5_enc_kdc_rep_part *, + int using_subkey, const krb5_keyblock *, krb5_kdc_rep *, + krb5_data ** ); + +krb5_boolean +krb5int_auth_con_chkseqnum(krb5_context ctx, krb5_auth_context ac, + krb5_ui_4 in_seq); /* * [De]Serialization Handle and operations. */ struct __krb5_serializer { - krb5_magic odtype; - krb5_error_code (*sizer) (krb5_context, - krb5_pointer, - size_t *); - krb5_error_code (*externalizer) (krb5_context, - krb5_pointer, - krb5_octet **, - size_t *); - krb5_error_code (*internalizer) (krb5_context, - krb5_pointer *, - krb5_octet **, - size_t *); + krb5_magic odtype; + krb5_error_code (*sizer) (krb5_context, + krb5_pointer, + size_t *); + krb5_error_code (*externalizer) (krb5_context, + krb5_pointer, + krb5_octet **, + size_t *); + krb5_error_code (*internalizer) (krb5_context, + krb5_pointer *, + krb5_octet **, + size_t *); }; typedef const struct __krb5_serializer * krb5_ser_handle; typedef struct __krb5_serializer krb5_ser_entry; -krb5_ser_handle krb5_find_serializer - (krb5_context, - krb5_magic); -krb5_error_code krb5_register_serializer - (krb5_context, - const krb5_ser_entry *); +krb5_ser_handle krb5_find_serializer(krb5_context, krb5_magic); +krb5_error_code krb5_register_serializer(krb5_context, const krb5_ser_entry *); /* Determine the external size of a particular opaque structure */ -krb5_error_code KRB5_CALLCONV krb5_size_opaque - (krb5_context, - krb5_magic, - krb5_pointer, - size_t *); +krb5_error_code KRB5_CALLCONV +krb5_size_opaque(krb5_context, krb5_magic, krb5_pointer, size_t *); /* Serialize the structure into a buffer */ -krb5_error_code KRB5_CALLCONV krb5_externalize_opaque - (krb5_context, - krb5_magic, - krb5_pointer, - krb5_octet **, - size_t *); +krb5_error_code KRB5_CALLCONV +krb5_externalize_opaque(krb5_context, krb5_magic, krb5_pointer, krb5_octet **, + size_t *); /* Deserialize the structure from a buffer */ -krb5_error_code KRB5_CALLCONV krb5_internalize_opaque - (krb5_context, - krb5_magic, - krb5_pointer *, - krb5_octet **, - size_t *); +krb5_error_code KRB5_CALLCONV +krb5_internalize_opaque(krb5_context, krb5_magic, krb5_pointer *, + krb5_octet **, size_t *); /* Serialize data into a buffer */ -krb5_error_code krb5_externalize_data - (krb5_context, - krb5_pointer, - krb5_octet **, - size_t *); +krb5_error_code +krb5_externalize_data(krb5_context, krb5_pointer, krb5_octet **, size_t *); /* * Initialization routines. */ /* Initialize serialization for krb5_[os_]context */ -krb5_error_code KRB5_CALLCONV krb5_ser_context_init - (krb5_context); +krb5_error_code KRB5_CALLCONV krb5_ser_context_init(krb5_context); /* Initialize serialization for krb5_auth_context */ -krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init - (krb5_context); +krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init(krb5_context); /* Initialize serialization for krb5_keytab */ -krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init - (krb5_context); +krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init(krb5_context); /* Initialize serialization for krb5_ccache */ -krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init - (krb5_context); +krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init(krb5_context); /* Initialize serialization for krb5_rcache */ -krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init - (krb5_context); +krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init(krb5_context); /* [De]serialize 4-byte integer */ -krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32 - (krb5_int32, - krb5_octet **, - size_t *); -krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32 - (krb5_int32 *, - krb5_octet **, - size_t *); +krb5_error_code KRB5_CALLCONV +krb5_ser_pack_int32(krb5_int32, krb5_octet **, size_t *); + +krb5_error_code KRB5_CALLCONV +krb5_ser_unpack_int32(krb5_int32 *, krb5_octet **, size_t *); + /* [De]serialize 8-byte integer */ -krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64 - (krb5_int64, krb5_octet **, size_t *); -krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64 - (krb5_int64 *, krb5_octet **, size_t *); +krb5_error_code KRB5_CALLCONV +krb5_ser_pack_int64(krb5_int64, krb5_octet **, size_t *); + +krb5_error_code KRB5_CALLCONV +krb5_ser_unpack_int64(krb5_int64 *, krb5_octet **, size_t *); + /* [De]serialize byte string */ -krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes - (krb5_octet *, - size_t, - krb5_octet **, - size_t *); -krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes - (krb5_octet *, - size_t, - krb5_octet **, - size_t *); - -krb5_error_code KRB5_CALLCONV krb5int_cc_default - (krb5_context, krb5_ccache *); - -krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default - (krb5_context, krb5_ccache, krb5_flags, - krb5_creds *, krb5_creds *); +krb5_error_code KRB5_CALLCONV +krb5_ser_pack_bytes(krb5_octet *, size_t, krb5_octet **, size_t *); + +krb5_error_code KRB5_CALLCONV +krb5_ser_unpack_bytes(krb5_octet *, size_t, krb5_octet **, size_t *); + +krb5_error_code KRB5_CALLCONV +krb5int_cc_default(krb5_context, krb5_ccache *); + +krb5_error_code KRB5_CALLCONV +krb5_cc_retrieve_cred_default(krb5_context, krb5_ccache, krb5_flags, + krb5_creds *, krb5_creds *); krb5_boolean KRB5_CALLCONV -krb5_creds_compare (krb5_context in_context, - krb5_creds *in_creds, - krb5_creds *in_compare_creds); +krb5_creds_compare(krb5_context in_context, krb5_creds *in_creds, + krb5_creds *in_compare_creds); -void krb5int_set_prompt_types - (krb5_context, krb5_prompt_type *); +void +krb5int_set_prompt_types(krb5_context, krb5_prompt_type *); krb5_error_code -krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context, - krb5_keyblock * /* Old keyblock, not new! */, - krb5_enctype); +krb5int_generate_and_save_subkey(krb5_context, krb5_auth_context, + krb5_keyblock * /* Old keyblock, not new! */, + krb5_enctype); /* set and change password helpers */ -krb5_error_code krb5int_mk_chpw_req - (krb5_context context, krb5_auth_context auth_context, - krb5_data *ap_req, char *passwd, krb5_data *packet); -krb5_error_code krb5int_rd_chpw_rep - (krb5_context context, krb5_auth_context auth_context, - krb5_data *packet, int *result_code, - krb5_data *result_data); -krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string - (krb5_context context, int result_code, - char **result_codestr); -krb5_error_code krb5int_mk_setpw_req - (krb5_context context, krb5_auth_context auth_context, - krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet); -krb5_error_code krb5int_rd_setpw_rep - (krb5_context context, krb5_auth_context auth_context, - krb5_data *packet, int *result_code, - krb5_data *result_data); -krb5_error_code krb5int_setpw_result_code_string - (krb5_context context, int result_code, - const char **result_codestr); +krb5_error_code +krb5int_mk_chpw_req(krb5_context context, krb5_auth_context auth_context, + krb5_data *ap_req, char *passwd, krb5_data *packet); + +krb5_error_code +krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, + krb5_data *packet, int *result_code, + krb5_data *result_data); + +krb5_error_code KRB5_CALLCONV +krb5_chpw_result_code_string(krb5_context context, int result_code, + char **result_codestr); + +krb5_error_code +krb5int_mk_setpw_req(krb5_context context, krb5_auth_context auth_context, + krb5_data *ap_req, krb5_principal targetprinc, + char *passwd, krb5_data *packet); + +krb5_error_code +krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context, + krb5_data *packet, int *result_code, + krb5_data *result_data); + +krb5_error_code +krb5int_setpw_result_code_string(krb5_context context, int result_code, + const char **result_codestr); struct srv_dns_entry { struct srv_dns_entry *next; @@ -2219,9 +2154,9 @@ struct srv_dns_entry { #ifdef KRB5_DNS_LOOKUP krb5_error_code krb5int_make_srv_query_realm(const krb5_data *realm, - const char *service, - const char *protocol, - struct srv_dns_entry **answers); + const char *service, + const char *protocol, + struct srv_dns_entry **answers); void krb5int_free_srv_dns_data(struct srv_dns_entry *); #endif @@ -2233,7 +2168,7 @@ void krb5int_free_srv_dns_data(struct srv_dns_entry *); /* * Convenience function for structure magic number */ -#define KRB5_VERIFY_MAGIC(structure,magic_number) \ +#define KRB5_VERIFY_MAGIC(structure,magic_number) \ if ((structure)->magic != (magic_number)) return (magic_number); /* to keep lint happy */ @@ -2245,146 +2180,198 @@ void krb5int_free_srv_dns_data(struct srv_dns_entry *); #define KRB5INT_ACCESS_STRUCT_VERSION 15 #ifndef ANAME_SZ -struct ktext; /* from krb.h, for krb524 support */ +struct ktext; /* from krb.h, for krb524 support */ #endif typedef struct _krb5int_access { /* crypto stuff */ const struct krb5_hash_provider *md5_hash_provider; const struct krb5_enc_provider *arcfour_enc_provider; krb5_error_code (*hmac)(const struct krb5_hash_provider *hash, - const krb5_keyblock *key, - unsigned int icount, const krb5_data *input, - krb5_data *output); + const krb5_keyblock *key, + unsigned int icount, const krb5_data *input, + krb5_data *output); krb5_error_code (*auth_con_get_subkey_enctype)(krb5_context, - krb5_auth_context, - krb5_enctype *); + krb5_auth_context, + krb5_enctype *); /* service location and communication */ - krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg, - const struct addrlist *, struct sendto_callback_info*, krb5_data *reply, - struct sockaddr *, socklen_t *,struct sockaddr *, - socklen_t *, int *, - int (*msg_handler)(krb5_context, const krb5_data *, void *), - void *msg_handler_data); + krb5_error_code (*sendto_udp)(krb5_context, const krb5_data *msg, + const struct addrlist *, + struct sendto_callback_info *, + krb5_data *reply, struct sockaddr *, + socklen_t *, struct sockaddr *, + socklen_t *, int *, + int (*msg_handler)(krb5_context, + const krb5_data *, + void *), + void *msg_handler_data); krb5_error_code (*add_host_to_list)(struct addrlist *lp, - const char *hostname, - int port, int secport, - int socktype, int family); - void (*free_addrlist) (struct addrlist *); + const char *hostname, + int port, int secport, + int socktype, int family); + void (*free_addrlist)(struct addrlist *); krb5_error_code (*make_srv_query_realm)(const krb5_data *realm, - const char *service, - const char *protocol, - struct srv_dns_entry **answers); + const char *service, + const char *protocol, + struct srv_dns_entry **answers); void (*free_srv_dns_data)(struct srv_dns_entry *); int (*use_dns_kdc)(krb5_context); - krb5_error_code (*clean_hostname)(krb5_context, const char *, char *, size_t); + krb5_error_code (*clean_hostname)(krb5_context, const char *, char *, + size_t); krb5_error_code (*mandatory_cksumtype)(krb5_context, krb5_enctype, - krb5_cksumtype *); + krb5_cksumtype *); krb5_error_code (KRB5_CALLCONV *ser_pack_int64)(krb5_int64, krb5_octet **, - size_t *); + size_t *); krb5_error_code (KRB5_CALLCONV *ser_unpack_int64)(krb5_int64 *, - krb5_octet **, size_t *); + krb5_octet **, size_t *); /* Used for KDB LDAP back end. */ krb5_error_code - (*asn1_ldap_encode_sequence_of_keys) (const ldap_seqof_key_data *val, - krb5_data **code); + (*asn1_ldap_encode_sequence_of_keys)(const ldap_seqof_key_data *val, + krb5_data **code); krb5_error_code - (*asn1_ldap_decode_sequence_of_keys) (krb5_data *in, - ldap_seqof_key_data **); - /* Used for encrypted challenge fast factor*/ + (*asn1_ldap_decode_sequence_of_keys)(krb5_data *in, + ldap_seqof_key_data **); + + /* Used for encrypted challenge fast factor*/ krb5_error_code (*encode_enc_data)(const krb5_enc_data *, krb5_data **); krb5_error_code (*decode_enc_data)(const krb5_data *, krb5_enc_data **); void (*free_enc_data)(krb5_context, krb5_enc_data *); krb5_error_code (*encode_enc_ts)(const krb5_pa_enc_ts *, krb5_data **); krb5_error_code (*decode_enc_ts)(const krb5_data *, krb5_pa_enc_ts **); void (*free_enc_ts)(krb5_context, krb5_pa_enc_ts *); - krb5_error_code (*encrypt_helper) - (krb5_context, const krb5_keyblock *, krb5_keyusage, const krb5_data *, - krb5_enc_data *); + krb5_error_code + (*encrypt_helper)(krb5_context, const krb5_keyblock *, krb5_keyusage, + const krb5_data *, krb5_enc_data *); /* * pkinit asn.1 encode/decode functions */ - krb5_error_code (*encode_krb5_auth_pack) - (const krb5_auth_pack *rep, krb5_data **code); - krb5_error_code (*encode_krb5_auth_pack_draft9) - (const krb5_auth_pack_draft9 *rep, krb5_data **code); - krb5_error_code (*encode_krb5_kdc_dh_key_info) - (const krb5_kdc_dh_key_info *rep, krb5_data **code); - krb5_error_code (*encode_krb5_pa_pk_as_rep) - (const krb5_pa_pk_as_rep *rep, krb5_data **code); - krb5_error_code (*encode_krb5_pa_pk_as_rep_draft9) - (const krb5_pa_pk_as_rep_draft9 *rep, krb5_data **code); - krb5_error_code (*encode_krb5_pa_pk_as_req) - (const krb5_pa_pk_as_req *rep, krb5_data **code); - krb5_error_code (*encode_krb5_pa_pk_as_req_draft9) - (const krb5_pa_pk_as_req_draft9 *rep, krb5_data **code); - krb5_error_code (*encode_krb5_reply_key_pack) - (const krb5_reply_key_pack *, krb5_data **code); - krb5_error_code (*encode_krb5_reply_key_pack_draft9) - (const krb5_reply_key_pack_draft9 *, krb5_data **code); - krb5_error_code (*encode_krb5_td_dh_parameters) - (const krb5_algorithm_identifier **, krb5_data **code); - krb5_error_code (*encode_krb5_td_trusted_certifiers) - (const krb5_external_principal_identifier **, krb5_data **code); - krb5_error_code (*encode_krb5_typed_data) - (const krb5_typed_data **, krb5_data **code); - - krb5_error_code (*decode_krb5_auth_pack) - (const krb5_data *, krb5_auth_pack **); - krb5_error_code (*decode_krb5_auth_pack_draft9) - (const krb5_data *, krb5_auth_pack_draft9 **); - krb5_error_code (*decode_krb5_pa_pk_as_req) - (const krb5_data *, krb5_pa_pk_as_req **); - krb5_error_code (*decode_krb5_pa_pk_as_req_draft9) - (const krb5_data *, krb5_pa_pk_as_req_draft9 **); - krb5_error_code (*decode_krb5_pa_pk_as_rep) - (const krb5_data *, krb5_pa_pk_as_rep **); - krb5_error_code (*decode_krb5_pa_pk_as_rep_draft9) - (const krb5_data *, krb5_pa_pk_as_rep_draft9 **); - krb5_error_code (*decode_krb5_kdc_dh_key_info) - (const krb5_data *, krb5_kdc_dh_key_info **); - krb5_error_code (*decode_krb5_principal_name) - (const krb5_data *, krb5_principal_data **); - krb5_error_code (*decode_krb5_reply_key_pack) - (const krb5_data *, krb5_reply_key_pack **); - krb5_error_code (*decode_krb5_reply_key_pack_draft9) - (const krb5_data *, krb5_reply_key_pack_draft9 **); - krb5_error_code (*decode_krb5_td_dh_parameters) - (const krb5_data *, krb5_algorithm_identifier ***); - krb5_error_code (*decode_krb5_td_trusted_certifiers) - (const krb5_data *, krb5_external_principal_identifier ***); - krb5_error_code (*decode_krb5_typed_data) - (const krb5_data *, krb5_typed_data ***); - - krb5_error_code (*decode_krb5_as_req) - (const krb5_data *output, krb5_kdc_req **rep); - krb5_error_code (*encode_krb5_kdc_req_body) - (const krb5_kdc_req *rep, krb5_data **code); - void (KRB5_CALLCONV *free_kdc_req) - (krb5_context, krb5_kdc_req * ); - void (*set_prompt_types) - (krb5_context, krb5_prompt_type *); - krb5_error_code (*encode_krb5_authdata_elt) - (const krb5_authdata *rep, krb5_data **code); + krb5_error_code + (*encode_krb5_auth_pack)(const krb5_auth_pack *rep, krb5_data **code); - /* Exported for testing only! */ - krb5_error_code (*encode_krb5_sam_response_2) - (const krb5_sam_response_2 *rep, krb5_data **code); - krb5_error_code (*encode_krb5_enc_sam_response_enc_2) - (const krb5_enc_sam_response_enc_2 *rep, krb5_data **code); + krb5_error_code + (*encode_krb5_auth_pack_draft9)(const krb5_auth_pack_draft9 *rep, + krb5_data **code); + + krb5_error_code + (*encode_krb5_kdc_dh_key_info)(const krb5_kdc_dh_key_info *rep, + krb5_data **code); + + krb5_error_code + (*encode_krb5_pa_pk_as_rep)(const krb5_pa_pk_as_rep *rep, + krb5_data **code); + + krb5_error_code + (*encode_krb5_pa_pk_as_rep_draft9)(const krb5_pa_pk_as_rep_draft9 *rep, + krb5_data **code); + + krb5_error_code + (*encode_krb5_pa_pk_as_req)(const krb5_pa_pk_as_req *rep, + krb5_data **code); + + krb5_error_code + (*encode_krb5_pa_pk_as_req_draft9)(const krb5_pa_pk_as_req_draft9 *rep, + krb5_data **code); + + krb5_error_code + (*encode_krb5_reply_key_pack)(const krb5_reply_key_ + krb5_data **code); + + krb5_error_code + (*encode_krb5_reply_key_pack_draft9)(const krb5_reply_key_pack_draft9 *, + krb5_data **code); + + krb5_error_code + (*encode_krb5_td_dh_parameters)(const krb5_algorithm_identifier **, + krb5_data **code); + + krb5_error_code + (*encode_krb5_td_trusted_certifiers)(const + krb5_external_principal_identifier **, + krb5_data **code); + krb5_error_code + (*encode_krb5_typed_data)(const krb5_typed_data **, krb5_data **code); + + krb5_error_code + (*decode_krb5_auth_pack)(const krb5_data *, krb5_auth_pack **); + + krb5_error_code + (*decode_krb5_auth_pack_draft9)(const krb5_data *, + krb5_auth_pack_draft9 **); + + krb5_error_code + (*decode_krb5_pa_pk_as_req)(const krb5_data *, krb5_pa_pk_as_req **); + + krb5_error_code + (*decode_krb5_pa_pk_as_req_draft9)(const krb5_data *, + krb5_pa_pk_as_req_draft9 **); + + krb5_error_code + (*decode_krb5_pa_pk_as_rep)(const krb5_data *, krb5_pa_pk_as_rep **); + + krb5_error_code + (*decode_krb5_pa_pk_as_rep_draft9)(const krb5_data *, + krb5_pa_pk_as_rep_draft9 **); + + krb5_error_code + (*decode_krb5_kdc_dh_key_info)(const krb5_data *, krb5_kdc_dh_key_info **); + + krb5_error_code + (*decode_krb5_principal_name)(const krb5_data *, krb5_principal_data **); + + krb5_error_code + (*decode_krb5_reply_key_pack)(const krb5_data *, krb5_reply_key_pack **); + + krb5_error_code + (*decode_krb5_reply_key_pack_draft9)(const krb5_data *, + krb5_reply_key_pack_draft9 **); + + krb5_error_code + (*decode_krb5_td_dh_parameters)(const krb5_data *, + krb5_algorithm_identifier ***); + + krb5_error_code + (*decode_krb5_td_trusted_certifiers)(const krb5_data *, + krb5_external_principal_identifier + ***); + + krb5_error_code + (*decode_krb5_typed_data)(const krb5_data *, krb5_typed_data ***); + + krb5_error_code + (*decode_krb5_as_req)(const krb5_data *output, krb5_kdc_req **rep); + + krb5_error_code + (*encode_krb5_kdc_req_body)(const krb5_kdc_req *rep, krb5_data **code); + + void + (KRB5_CALLCONV *free_kdc_req)(krb5_context, krb5_kdc_req * ); + void + (*set_prompt_types)(krb5_context, krb5_prompt_type *); + + krb5_error_code + (*encode_krb5_authdata_elt)(const krb5_authdata *rep, krb5_data **code); + + /* Exported for testing only! */ + krb5_error_code + (*encode_krb5_sam_response_2)(const krb5_sam_response_2 *rep, + krb5_data **code); + krb5_error_code + (*encode_krb5_enc_sam_response_enc_2)(const + krb5_enc_sam_response_enc_2 *rep, + krb5_data **code); } krb5int_access; -#define KRB5INT_ACCESS_VERSION \ - (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \ - (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF) +#define KRB5INT_ACCESS_VERSION \ + (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \ + (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF) -krb5_error_code KRB5_CALLCONV krb5int_accessor - (krb5int_access*, krb5_int32); +krb5_error_code KRB5_CALLCONV +krb5int_accessor(krb5int_access*, krb5_int32); /* Ick -- some krb524 and krb4 support placed in the krb5 library, because AFS (and potentially other applications?) use the krb4 @@ -2415,46 +2402,46 @@ typedef struct krb5_cc_ptcursor_s *krb5_cc_ptcursor; struct _krb5_cc_ops { krb5_magic magic; char *prefix; - const char * (KRB5_CALLCONV *get_name) (krb5_context, krb5_ccache); - krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_ccache *, - const char *); - krb5_error_code (KRB5_CALLCONV *gen_new) (krb5_context, krb5_ccache *); - krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_ccache, - krb5_principal); - krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_ccache); - krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_ccache); - krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_ccache, - krb5_creds *); - krb5_error_code (KRB5_CALLCONV *retrieve) (krb5_context, krb5_ccache, - krb5_flags, krb5_creds *, - krb5_creds *); - krb5_error_code (KRB5_CALLCONV *get_princ) (krb5_context, krb5_ccache, - krb5_principal *); - krb5_error_code (KRB5_CALLCONV *get_first) (krb5_context, krb5_ccache, - krb5_cc_cursor *); - krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_ccache, - krb5_cc_cursor *, krb5_creds *); - krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_ccache, - krb5_cc_cursor *); - krb5_error_code (KRB5_CALLCONV *remove_cred) (krb5_context, krb5_ccache, - krb5_flags, krb5_creds *); - krb5_error_code (KRB5_CALLCONV *set_flags) (krb5_context, krb5_ccache, - krb5_flags); - krb5_error_code (KRB5_CALLCONV *get_flags) (krb5_context, krb5_ccache, - krb5_flags *); + const char * (KRB5_CALLCONV *get_name)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, krb5_ccache *, + const char *); + krb5_error_code (KRB5_CALLCONV *gen_new)(krb5_context, krb5_ccache *); + krb5_error_code (KRB5_CALLCONV *init)(krb5_context, krb5_ccache, + krb5_principal); + krb5_error_code (KRB5_CALLCONV *destroy)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV *store)(krb5_context, krb5_ccache, + krb5_creds *); + krb5_error_code (KRB5_CALLCONV *retrieve)(krb5_context, krb5_ccache, + krb5_flags, krb5_creds *, + krb5_creds *); + krb5_error_code (KRB5_CALLCONV *get_princ)(krb5_context, krb5_ccache, + krb5_principal *); + krb5_error_code (KRB5_CALLCONV *get_first)(krb5_context, krb5_ccache, + krb5_cc_cursor *); + krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_ccache, + krb5_cc_cursor *, krb5_creds *); + krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_ccache, + krb5_cc_cursor *); + krb5_error_code (KRB5_CALLCONV *remove_cred)(krb5_context, krb5_ccache, + krb5_flags, krb5_creds *); + krb5_error_code (KRB5_CALLCONV *set_flags)(krb5_context, krb5_ccache, + krb5_flags); + krb5_error_code (KRB5_CALLCONV *get_flags)(krb5_context, krb5_ccache, + krb5_flags *); krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context, - krb5_cc_ptcursor *); + krb5_cc_ptcursor *); krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context, - krb5_cc_ptcursor, - krb5_ccache *); + krb5_cc_ptcursor, + krb5_ccache *); krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context, - krb5_cc_ptcursor *); + krb5_cc_ptcursor *); krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache, - krb5_ccache); + krb5_ccache); krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context, - krb5_ccache, krb5_timestamp *); + krb5_ccache, krb5_timestamp *); krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache, - krb5_timestamp *); + krb5_timestamp *); krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache); krb5_error_code (KRB5_CALLCONV *unlock)(krb5_context, krb5_ccache); }; @@ -2467,104 +2454,83 @@ krb5int_cc_os_default_name(krb5_context context, char **name); typedef struct _krb5_donot_replay { krb5_magic magic; krb5_ui_4 hash; - char *server; /* null-terminated */ - char *client; /* null-terminated */ - char *msghash; /* null-terminated */ + char *server; /* null-terminated */ + char *client; /* null-terminated */ + char *msghash; /* null-terminated */ krb5_int32 cusec; krb5_timestamp ctime; } krb5_donot_replay; -krb5_error_code krb5_rc_default - (krb5_context, - krb5_rcache *); -krb5_error_code krb5_rc_resolve_type - (krb5_context, - krb5_rcache *,char *); -krb5_error_code krb5_rc_resolve_full - (krb5_context, - krb5_rcache *,char *); -char * krb5_rc_get_type - (krb5_context, - krb5_rcache); -char * krb5_rc_default_type - (krb5_context); -char * krb5_rc_default_name - (krb5_context); -krb5_error_code krb5_auth_to_rep - (krb5_context, - krb5_tkt_authent *, - krb5_donot_replay *); -krb5_error_code krb5_rc_hash_message - (krb5_context context, - const krb5_data *message, char **out); - - -krb5_error_code KRB5_CALLCONV krb5_rc_initialize - (krb5_context, krb5_rcache,krb5_deltat); -krb5_error_code KRB5_CALLCONV krb5_rc_recover_or_initialize - (krb5_context, krb5_rcache,krb5_deltat); -krb5_error_code KRB5_CALLCONV krb5_rc_recover - (krb5_context, krb5_rcache); -krb5_error_code KRB5_CALLCONV krb5_rc_destroy - (krb5_context, krb5_rcache); -krb5_error_code KRB5_CALLCONV krb5_rc_close - (krb5_context, krb5_rcache); -krb5_error_code KRB5_CALLCONV krb5_rc_store - (krb5_context, krb5_rcache,krb5_donot_replay *); -krb5_error_code KRB5_CALLCONV krb5_rc_expunge - (krb5_context, krb5_rcache); -krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan - (krb5_context, krb5_rcache,krb5_deltat *); -char *KRB5_CALLCONV krb5_rc_get_name - (krb5_context, krb5_rcache); -krb5_error_code KRB5_CALLCONV krb5_rc_resolve - (krb5_context, krb5_rcache, char *); +krb5_error_code krb5_rc_default(krb5_context, krb5_rcache *); +krb5_error_code krb5_rc_resolve_type(krb5_context, krb5_rcache *,char *); +krb5_error_code krb5_rc_resolve_full(krb5_context, krb5_rcache *,char *); +char *krb5_rc_get_type(krb5_context, krb5_rcache); +char *krb5_rc_default_type(krb5_context); +char *krb5_rc_default_name(krb5_context); +krb5_error_code krb5_auth_to_rep(krb5_context, krb5_tkt_authent *, + krb5_donot_replay *); +krb5_error_code krb5_rc_hash_message(krb5_context context, + const krb5_data *message, char **out); + +krb5_error_code KRB5_CALLCONV +krb5_rc_initialize(krb5_context, krb5_rcache, krb5_deltat); + +krb5_error_code KRB5_CALLCONV +krb5_rc_recover_or_initialize(krb5_context, krb5_rcache,krb5_deltat); + +krb5_error_code KRB5_CALLCONV +krb5_rc_recover(krb5_context, krb5_rcache); + +krb5_error_code KRB5_CALLCONV +krb5_rc_destroy(krb5_context, krb5_rcache); + +krb5_error_code KRB5_CALLCONV +krb5_rc_close(krb5_context, krb5_rcache); + +krb5_error_code KRB5_CALLCONV +krb5_rc_store(krb5_context, krb5_rcache, krb5_donot_replay *); + +krb5_error_code KRB5_CALLCONV +krb5_rc_expunge(krb5_context, krb5_rcache); + +krb5_error_code KRB5_CALLCONV +krb5_rc_get_lifespan(krb5_context, krb5_rcache,krb5_deltat *); +char *KRB5_CALLCONV +krb5_rc_get_name(krb5_context, krb5_rcache); + +krb5_error_code KRB5_CALLCONV +krb5_rc_resolve(krb5_context, krb5_rcache, char *); + +/* + * This structure was exposed and used in macros in krb5 1.2, so do not + * change its ABI. + */ typedef struct _krb5_kt_ops { krb5_magic magic; char *prefix; + /* routines always present */ - krb5_error_code (KRB5_CALLCONV *resolve) - (krb5_context, - const char *, - krb5_keytab *); - krb5_error_code (KRB5_CALLCONV *get_name) - (krb5_context, - krb5_keytab, - char *, - unsigned int); - krb5_error_code (KRB5_CALLCONV *close) - (krb5_context, - krb5_keytab); - krb5_error_code (KRB5_CALLCONV *get) - (krb5_context, - krb5_keytab, - krb5_const_principal, - krb5_kvno, - krb5_enctype, - krb5_keytab_entry *); - krb5_error_code (KRB5_CALLCONV *start_seq_get) - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); - krb5_error_code (KRB5_CALLCONV *get_next) - (krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_kt_cursor *); - krb5_error_code (KRB5_CALLCONV *end_get) - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); + krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, const char *, + krb5_keytab *); + krb5_error_code (KRB5_CALLCONV *get_name)(krb5_context, krb5_keytab, + char *, unsigned int); + krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_keytab); + krb5_error_code (KRB5_CALLCONV *get)(krb5_context, krb5_keytab, + krb5_const_principal, krb5_kvno, + krb5_enctype, krb5_keytab_entry *); + krb5_error_code (KRB5_CALLCONV *start_seq_get)(krb5_context, krb5_keytab, + krb5_kt_cursor *); + krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_keytab, + krb5_keytab_entry *, + krb5_kt_cursor *); + krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_keytab, + krb5_kt_cursor *); /* routines to be included on extended version (write routines) */ - krb5_error_code (KRB5_CALLCONV *add) - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); - krb5_error_code (KRB5_CALLCONV *remove) - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); + krb5_error_code (KRB5_CALLCONV *add)(krb5_context, krb5_keytab, + krb5_keytab_entry *); + krb5_error_code (KRB5_CALLCONV *remove)(krb5_context, krb5_keytab, + krb5_keytab_entry *); /* Handle for serializer */ const krb5_ser_entry *serializer; @@ -2572,11 +2538,11 @@ typedef struct _krb5_kt_ops { extern const krb5_kt_ops krb5_kt_dfl_ops; -extern krb5_error_code krb5int_translate_gai_error (int); +extern krb5_error_code krb5int_translate_gai_error(int); /* Not sure it's ready for exposure just yet. */ extern krb5_error_code -krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *); +krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); extern int krb5int_crypto_init (void); extern int krb5int_prng_init(void); @@ -2584,7 +2550,7 @@ extern int krb5int_prng_init(void); /* * Referral definitions, debugging hooks, and subfunctions. */ -#define KRB5_REFERRAL_MAXHOPS 10 +#define KRB5_REFERRAL_MAXHOPS 10 /* #define DEBUG_REFERRALS */ #ifdef DEBUG_REFERRALS @@ -2592,356 +2558,254 @@ void krb5int_dbgref_dump_principal(char *, krb5_principal); #endif /* Common hostname-parsing code. */ -krb5_error_code KRB5_CALLCONV krb5int_clean_hostname - (krb5_context, - const char *, - char *, - size_t); +krb5_error_code KRB5_CALLCONV +krb5int_clean_hostname(krb5_context, const char *, char *, size_t); krb5_error_code krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec, - const krb5_data *input, krb5_data *output); + const krb5_data *input, krb5_data *output); krb5_error_code krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec, - const krb5_data *input, krb5_data *output); + const krb5_data *input, krb5_data *output); -struct _krb5_kt { /* should move into k5-int.h */ +struct _krb5_kt { /* should move into k5-int.h */ krb5_magic magic; const struct _krb5_kt_ops *ops; krb5_pointer data; }; -krb5_error_code krb5_set_default_in_tkt_ktypes - (krb5_context, - const krb5_enctype *); -krb5_error_code krb5_get_default_in_tkt_ktypes - (krb5_context, - krb5_enctype **); +krb5_error_code krb5_set_default_in_tkt_ktypes(krb5_context, + const krb5_enctype *); + +krb5_error_code krb5_get_default_in_tkt_ktypes(krb5_context, krb5_enctype **); -krb5_error_code krb5_set_default_tgs_ktypes - (krb5_context, - const krb5_enctype *); +krb5_error_code krb5_set_default_tgs_ktypes(krb5_context, + const krb5_enctype *); -krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes - (krb5_context, - krb5_const_principal, - krb5_enctype **); +krb5_error_code KRB5_CALLCONV +krb5_get_tgs_ktypes(krb5_context, krb5_const_principal, krb5_enctype **); -void KRB5_CALLCONV krb5_free_ktypes - (krb5_context, krb5_enctype *); +void KRB5_CALLCONV krb5_free_ktypes(krb5_context, krb5_enctype *); -krb5_boolean krb5_is_permitted_enctype - (krb5_context, krb5_enctype); +krb5_boolean krb5_is_permitted_enctype(krb5_context, krb5_enctype); typedef struct { - krb5_enctype *etype; - krb5_boolean *etype_ok; - krb5_int32 etype_count; + krb5_enctype *etype; + krb5_boolean *etype_ok; + krb5_int32 etype_count; } krb5_etypes_permitted; -krb5_boolean krb5_is_permitted_enctype_ext - ( krb5_context, krb5_etypes_permitted *); +krb5_boolean krb5_is_permitted_enctype_ext(krb5_context, + krb5_etypes_permitted *); krb5_boolean KRB5_CALLCONV krb5int_c_weak_enctype(krb5_enctype); -krb5_error_code krb5_kdc_rep_decrypt_proc - (krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ); -krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part - (krb5_context, - const krb5_keyblock *, - krb5_ticket * ); -krb5_error_code krb5_get_cred_from_kdc - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); -krb5_error_code krb5_get_cred_from_kdc_validate - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); -krb5_error_code krb5_get_cred_from_kdc_renew - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); - -krb5_error_code krb5_get_cred_via_tkt - (krb5_context, - krb5_creds *, - krb5_flags, - krb5_address * const *, - krb5_creds *, - krb5_creds **); - -krb5_error_code KRB5_CALLCONV krb5_copy_addr - (krb5_context, - const krb5_address *, - krb5_address **); - -void krb5_init_ets - (krb5_context); -void krb5_free_ets - (krb5_context); -krb5_error_code krb5_generate_subkey - (krb5_context, - const krb5_keyblock *, krb5_keyblock **); -krb5_error_code krb5_generate_subkey_extended - (krb5_context, - const krb5_keyblock *, - krb5_enctype, - krb5_keyblock **); -krb5_error_code krb5_generate_seq_number - (krb5_context, - const krb5_keyblock *, krb5_ui_4 *); - -krb5_error_code KRB5_CALLCONV krb5_kt_register - (krb5_context, - const struct _krb5_kt_ops * ); +krb5_error_code krb5_kdc_rep_decrypt_proc(krb5_context, const krb5_keyblock *, + krb5_const_pointer, krb5_kdc_rep *); +krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part(krb5_context, + const krb5_keyblock *, + krb5_ticket * ); +krb5_error_code krb5_get_cred_from_kdc(krb5_context, krb5_ccache, + krb5_creds *, krb5_creds **, + krb5_creds *** ); +krb5_error_code krb5_get_cred_from_kdc_validate(krb5_context, krb5_ccache, + krb5_creds *, krb5_creds **, + krb5_creds *** ); +krb5_error_code krb5_get_cred_from_kdc_renew(krb5_context, krb5_ccache, + krb5_creds *, krb5_creds **, + krb5_creds *** ); + +krb5_error_code krb5_get_cred_via_tkt(krb5_context, krb5_creds *, krb5_flags, + krb5_address *const *, krb5_creds *, + krb5_creds **); + +krb5_error_code KRB5_CALLCONV krb5_copy_addr(krb5_context, + const krb5_address *, + krb5_address **); + +void krb5_init_ets(krb5_context); +void krb5_free_ets(krb5_context); +krb5_error_code krb5_generate_subkey(krb5_context, const krb5_keyblock *, + krb5_keyblock **); +krb5_error_code krb5_generate_subkey_extended(krb5_context, + const krb5_keyblock *, + krb5_enctype, krb5_keyblock **); +krb5_error_code krb5_generate_seq_number(krb5_context, const krb5_keyblock *, + krb5_ui_4 *); + +krb5_error_code KRB5_CALLCONV krb5_kt_register(krb5_context, + const struct _krb5_kt_ops *); /* use krb5_free_keytab_entry_contents instead */ -krb5_error_code KRB5_CALLCONV krb5_kt_free_entry - (krb5_context, - krb5_keytab_entry * ); +krb5_error_code KRB5_CALLCONV krb5_kt_free_entry(krb5_context, + krb5_keytab_entry * ); -krb5_error_code krb5_principal2salt_norealm - (krb5_context, - krb5_const_principal, krb5_data *); +krb5_error_code krb5_principal2salt_norealm(krb5_context, krb5_const_principal, + krb5_data *); -unsigned int KRB5_CALLCONV krb5_get_notification_message - (void); +unsigned int KRB5_CALLCONV krb5_get_notification_message(void); /* chk_trans.c */ -krb5_error_code krb5_check_transited_list - (krb5_context, const krb5_data *trans, - const krb5_data *realm1, const krb5_data *realm2); +krb5_error_code krb5_check_transited_list(krb5_context, const krb5_data *trans, + const krb5_data *realm1, + const krb5_data *realm2); /* free_rtree.c */ -void krb5_free_realm_tree - (krb5_context, - krb5_principal *); - -void KRB5_CALLCONV krb5_free_authenticator_contents - (krb5_context, krb5_authenticator * ); - -void KRB5_CALLCONV krb5_free_address - (krb5_context, krb5_address * ); - -void KRB5_CALLCONV krb5_free_enc_tkt_part - (krb5_context, krb5_enc_tkt_part * ); - -void KRB5_CALLCONV krb5_free_tickets - (krb5_context, krb5_ticket ** ); -void KRB5_CALLCONV krb5_free_kdc_req - (krb5_context, krb5_kdc_req * ); -void KRB5_CALLCONV krb5_free_kdc_rep - (krb5_context, krb5_kdc_rep * ); -void KRB5_CALLCONV krb5_free_last_req - (krb5_context, krb5_last_req_entry ** ); -void KRB5_CALLCONV krb5_free_enc_kdc_rep_part - (krb5_context, krb5_enc_kdc_rep_part * ); -void KRB5_CALLCONV krb5_free_ap_req - (krb5_context, krb5_ap_req * ); -void KRB5_CALLCONV krb5_free_ap_rep - (krb5_context, krb5_ap_rep * ); -void KRB5_CALLCONV krb5_free_cred - (krb5_context, krb5_cred *); -void KRB5_CALLCONV krb5_free_cred_enc_part - (krb5_context, krb5_cred_enc_part *); -void KRB5_CALLCONV krb5_free_pa_data - (krb5_context, krb5_pa_data **); -void KRB5_CALLCONV krb5_free_tkt_authent - (krb5_context, krb5_tkt_authent *); -void KRB5_CALLCONV krb5_free_pwd_data - (krb5_context, krb5_pwd_data *); -void KRB5_CALLCONV krb5_free_pwd_sequences - (krb5_context, passwd_phrase_element **); -void KRB5_CALLCONV krb5_free_passwd_phrase_element - (krb5_context, passwd_phrase_element *); -void KRB5_CALLCONV krb5_free_alt_method - (krb5_context, krb5_alt_method *); -void KRB5_CALLCONV krb5_free_enc_data - (krb5_context, krb5_enc_data *); -krb5_error_code krb5_set_config_files - (krb5_context, const char **); - -krb5_error_code KRB5_CALLCONV krb5_get_default_config_files - (char ***filenames); - -void KRB5_CALLCONV krb5_free_config_files - (char **filenames); -krb5_error_code krb5int_send_tgs - (krb5_context, - krb5_flags, - const krb5_ticket_times *, - const krb5_enctype *, - krb5_const_principal, - krb5_address * const *, - krb5_authdata * const *, - krb5_pa_data * const *, - const krb5_data *, - krb5_creds *, - krb5_error_code (*gcvt_fct)(krb5_context, - krb5_keyblock *, - krb5_kdc_req *, - void *), - void *gcvt_data, - krb5_response * , krb5_keyblock **subkey); - /* The subkey field is an output parameter; if a - * tgs-rep is received then the subkey will be filled - * in with the subkey needed to decrypt the TGS - * response. Otherwise it will be set to null. - */ -krb5_error_code krb5int_decode_tgs_rep - (krb5_context, - krb5_data *, - const krb5_keyblock *, krb5_keyusage, - krb5_kdc_rep ** ); -krb5_error_code krb5int_find_authdata -(krb5_context context, krb5_authdata *const * ticket_authdata, - krb5_authdata * const *ap_req_authdata, - krb5_authdatatype ad_type, - krb5_authdata ***results); - -krb5_error_code krb5_rd_req_decoded - (krb5_context, - krb5_auth_context *, - const krb5_ap_req *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **); - -krb5_error_code krb5_rd_req_decoded_anyflag - (krb5_context, - krb5_auth_context *, - const krb5_ap_req *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **); - -krb5_error_code KRB5_CALLCONV krb5_cc_register - (krb5_context, - const krb5_cc_ops *, - krb5_boolean ); -krb5_error_code krb5_walk_realm_tree - (krb5_context, - const krb5_data *, - const krb5_data *, - krb5_principal **, - int); -krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype - (krb5_context, - krb5_auth_context, - krb5_cksumtype); - -krb5_error_code krb5_auth_con_set_safe_cksumtype - (krb5_context, - krb5_auth_context, - krb5_cksumtype); -krb5_error_code krb5_auth_con_setivector - (krb5_context, - krb5_auth_context, - krb5_pointer); - -krb5_error_code krb5_auth_con_getivector - (krb5_context, - krb5_auth_context, - krb5_pointer *); - -krb5_error_code krb5_auth_con_setpermetypes - (krb5_context, - krb5_auth_context, - const krb5_enctype *); - -krb5_error_code krb5_auth_con_getpermetypes - (krb5_context, - krb5_auth_context, - krb5_enctype **); - -krb5_error_code krb5_auth_con_get_subkey_enctype - (krb5_context context, - krb5_auth_context, - krb5_enctype *); - -krb5_error_code -krb5_auth_con_get_authdata_context - (krb5_context context, - krb5_auth_context auth_context, - krb5_authdata_context *ad_context); - -krb5_error_code -krb5_auth_con_set_authdata_context - (krb5_context context, - krb5_auth_context auth_context, - krb5_authdata_context ad_context); +void krb5_free_realm_tree(krb5_context, krb5_principal *); + +void KRB5_CALLCONV krb5_free_authenticator_contents(krb5_context, + krb5_authenticator *); + +void KRB5_CALLCONV krb5_free_address(krb5_context, krb5_address *); + +void KRB5_CALLCONV krb5_free_enc_tkt_part(krb5_context, krb5_enc_tkt_part *); + +void KRB5_CALLCONV krb5_free_tickets(krb5_context, krb5_ticket **); +void KRB5_CALLCONV krb5_free_kdc_req(krb5_context, krb5_kdc_req *); +void KRB5_CALLCONV krb5_free_kdc_rep(krb5_context, krb5_kdc_rep *); +void KRB5_CALLCONV krb5_free_last_req(krb5_context, krb5_last_req_entry **); +void KRB5_CALLCONV krb5_free_enc_kdc_rep_part(krb5_context, + krb5_enc_kdc_rep_part *); +void KRB5_CALLCONV krb5_free_ap_req(krb5_context, krb5_ap_req *); +void KRB5_CALLCONV krb5_free_ap_rep(krb5_context, krb5_ap_rep *); +void KRB5_CALLCONV krb5_free_cred(krb5_context, krb5_cred *); +void KRB5_CALLCONV krb5_free_cred_enc_part(krb5_context, krb5_cred_enc_part *); +void KRB5_CALLCONV krb5_free_pa_data(krb5_context, krb5_pa_data **); +void KRB5_CALLCONV krb5_free_tkt_authent(krb5_context, krb5_tkt_authent *); +void KRB5_CALLCONV krb5_free_pwd_data(krb5_context, krb5_pwd_data *); +void KRB5_CALLCONV krb5_free_pwd_sequences(krb5_context, + passwd_phrase_element **); +void KRB5_CALLCONV krb5_free_passwd_phrase_element(krb5_context, + passwd_phrase_element *); +void KRB5_CALLCONV krb5_free_alt_method(krb5_context, krb5_alt_method *); +void KRB5_CALLCONV krb5_free_enc_data(krb5_context, krb5_enc_data *); +krb5_error_code krb5_set_config_files(krb5_context, const char **); + +krb5_error_code KRB5_CALLCONV krb5_get_default_config_files(char ***filenames); + +void KRB5_CALLCONV krb5_free_config_files(char **filenames); +krb5_error_code krb5int_send_tgs(krb5_context, krb5_flags, + const krb5_ticket_times *, + const krb5_enctype *, + krb5_const_principal, krb5_address *const *, + krb5_authdata *const *, + krb5_pa_data *const *, const krb5_data *, + krb5_creds *, + krb5_error_code (*gcvt_fct)(krb5_context, + krb5_keyblock *, + krb5_kdc_req *, + void *), + void *gcvt_data, krb5_response * + krb5_keyblock **subkey); +/* The subkey field is an output parameter; if a + * tgs-rep is received then the subkey will be filled + * in with the subkey needed to decrypt the TGS + * response. Otherwise it will be set to null. + */ +krb5_error_code krb5int_decode_tgs_rep(krb5_context, krb5_data *, + const krb5_keyblock *, krb5_keyusage, + krb5_kdc_rep ** ); + +krb5_error_code krb5int_find_authdata(krb5_context context, + krb5_authdata *const *ticket_authdata, + krb5_authdata *const *ap_req_authdata, + krb5_authdatatype ad_type, + krb5_authdata ***results); + +krb5_error_code krb5_rd_req_decoded(krb5_context, krb5_auth_context *, + const krb5_ap_req *, krb5_const_principal, + krb5_keytab, krb5_flags *, krb5_ticket **); + +krb5_error_code krb5_rd_req_decoded_anyflag(krb5_context, krb5_auth_context *, + const krb5_ap_req *, + krb5_const_principal, krb5_keytab, + krb5_flags *, krb5_ticket **); + +krb5_error_code KRB5_CALLCONV +krb5_cc_register(krb5_context, const krb5_cc_ops *, krb5_boolean ); + +krb5_error_code krb5_walk_realm_tree(krb5_context, const krb5_data *, + const krb5_data *, krb5_principal **, + int); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_set_req_cksumtype(krb5_context, krb5_auth_context, + krb5_cksumtype); + +krb5_error_code +krb5_auth_con_set_safe_cksumtype(krb5_context, krb5_auth_context, + krb5_cksumtype); + +krb5_error_code krb5_auth_con_setivector(krb5_context, krb5_auth_context, + krb5_pointer); + +krb5_error_code krb5_auth_con_getivector(krb5_context, krb5_auth_context, + krb5_pointer *); + +krb5_error_code krb5_auth_con_setpermetypes(krb5_context, krb5_auth_context, + const krb5_enctype *); + +krb5_error_code krb5_auth_con_getpermetypes(krb5_context, krb5_auth_context, + krb5_enctype **); + +krb5_error_code krb5_auth_con_get_subkey_enctype(krb5_context context, + krb5_auth_context, + krb5_enctype *); + +krb5_error_code +krb5_auth_con_get_authdata_context(krb5_context context, + krb5_auth_context auth_context, + krb5_authdata_context *ad_context); + +krb5_error_code +krb5_auth_con_set_authdata_context(krb5_context context, + krb5_auth_context auth_context, + krb5_authdata_context ad_context); krb5_error_code KRB5_CALLCONV -krb5int_server_decrypt_ticket_keyblock - (krb5_context context, - const krb5_keyblock *key, - krb5_ticket *ticket); - -krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *); -krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *); -krb5_error_code krb5int_write_messages (krb5_context, krb5_pointer, krb5_data *, int); -int krb5_net_read (krb5_context, int , char *, int); -int krb5_net_write (krb5_context, int , const char *, int); - -krb5_error_code KRB5_CALLCONV krb5_get_realm_domain - (krb5_context, - const char *, - char ** ); - -krb5_error_code krb5_gen_portaddr - (krb5_context, - const krb5_address *, - krb5_const_pointer, - krb5_address **); -krb5_error_code krb5_gen_replay_name - (krb5_context, - const krb5_address *, - const char *, - char **); -krb5_error_code krb5_make_fulladdr - (krb5_context, - krb5_address *, - krb5_address *, - krb5_address *); - -krb5_error_code krb5_set_debugging_time - (krb5_context, krb5_timestamp, krb5_int32); -krb5_error_code krb5_use_natural_time - (krb5_context); -krb5_error_code krb5_set_time_offsets - (krb5_context, krb5_timestamp, krb5_int32); +krb5int_server_decrypt_ticket_keyblock(krb5_context context, + const krb5_keyblock *key, + krb5_ticket *ticket); + +krb5_error_code krb5_read_message(krb5_context, krb5_pointer, krb5_data *); +krb5_error_code krb5_write_message(krb5_context, krb5_pointer, krb5_data *); +krb5_error_code krb5int_write_messages(krb5_context, krb5_pointer, krb5_data *, + int); +int krb5_net_read(krb5_context, int , char *, int); +int krb5_net_write(krb5_context, int , const char *, int); + +krb5_error_code KRB5_CALLCONV krb5_get_realm_domain(krb5_context, + const char *, char ** ); + +krb5_error_code krb5_gen_portaddr(krb5_context, const krb5_address *, + krb5_const_pointer, krb5_address **); + +krb5_error_code krb5_gen_replay_name(krb5_context, const krb5_address *, + const char *, char **); +krb5_error_code krb5_make_fulladdr(krb5_context, krb5_address *, + krb5_address *, krb5_address *); + +krb5_error_code krb5_set_debugging_time(krb5_context, krb5_timestamp, + krb5_int32); +krb5_error_code krb5_use_natural_time(krb5_context); +krb5_error_code krb5_set_time_offsets(krb5_context, krb5_timestamp, + krb5_int32); krb5_error_code krb5int_check_clockskew(krb5_context, krb5_timestamp); /* * The realm iterator functions */ -krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create - (krb5_context context, void **iter_p); +krb5_error_code KRB5_CALLCONV +krb5_realm_iterator_create(krb5_context context, void **iter_p); -krb5_error_code KRB5_CALLCONV krb5_realm_iterator - (krb5_context context, void **iter_p, char **ret_realm); +krb5_error_code KRB5_CALLCONV +krb5_realm_iterator(krb5_context context, void **iter_p, char **ret_realm); -void KRB5_CALLCONV krb5_realm_iterator_free - (krb5_context context, void **iter_p); +void KRB5_CALLCONV +krb5_realm_iterator_free(krb5_context context, void **iter_p); -void KRB5_CALLCONV krb5_free_realm_string - (krb5_context context, char *str); +void KRB5_CALLCONV krb5_free_realm_string(krb5_context context, char *str); /* Internal principal function used by KIM to avoid code duplication */ krb5_error_code KRB5_CALLCONV @@ -2957,7 +2821,7 @@ static inline int data_eq(krb5_data d1, krb5_data d2) { return (d1.length == d2.length - && !memcmp(d1.data, d2.data, d1.length)); + && !memcmp(d1.data, d2.data, d1.length)); } static inline krb5_data @@ -2993,8 +2857,8 @@ static inline int authdata_eq(krb5_authdata a1, krb5_authdata a2) { return (a1.ad_type == a2.ad_type - && a1.length == a2.length - && !memcmp(a1.contents, a2.contents, a1.length)); + && a1.length == a2.length + && !memcmp(a1.contents, a2.contents, a1.length)); } /* Allocate zeroed memory; set *code to 0 on success or ENOMEM on failure. */ @@ -3010,40 +2874,40 @@ k5alloc(size_t size, krb5_error_code *code) krb5_error_code KRB5_CALLCONV krb5int_pac_sign(krb5_context context, - krb5_pac pac, - krb5_timestamp authtime, - krb5_const_principal principal, - const krb5_keyblock *server_key, - const krb5_keyblock *privsvr_key, - krb5_data *data); + krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal, + const krb5_keyblock *server_key, + const krb5_keyblock *privsvr_key, + krb5_data *data); krb5_error_code KRB5_CALLCONV krb5_get_credentials_for_user(krb5_context context, krb5_flags options, - krb5_ccache ccache, - krb5_creds *in_creds, - krb5_data *cert, - krb5_creds **out_creds); + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_data *cert, + krb5_creds **out_creds); krb5_error_code KRB5_CALLCONV krb5_get_credentials_for_proxy(krb5_context context, - krb5_flags options, - krb5_ccache ccache, - krb5_creds *in_creds, - krb5_ticket *evidence_tkt, - krb5_creds **out_creds); + krb5_flags options, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_ticket *evidence_tkt, + krb5_creds **out_creds); krb5_error_code KRB5_CALLCONV krb5int_get_authdata_containee_types(krb5_context context, - const krb5_authdata *container, - unsigned int *nad_types, - krb5_authdatatype **ad_types); + const krb5_authdata *container, + unsigned int *nad_types, + krb5_authdatatype **ad_types); krb5_error_code krb5int_parse_enctype_list(krb5_context context, char *profstr, - krb5_enctype *default_list, - krb5_enctype **result); + krb5_enctype *default_list, + krb5_enctype **result); #ifdef DEBUG_ERROR_LOCATIONS -#define krb5_set_error_message(ctx, code, ...) \ +#define krb5_set_error_message(ctx, code, ...) \ krb5_set_error_message_fl(ctx, code, __FILE__, __LINE__, __VA_ARGS__) #endif diff --git a/src/include/k5-ipc_stream.h b/src/include/k5-ipc_stream.h index 1f56d76f2b..c1a36e6b53 100644 --- a/src/include/k5-ipc_stream.h +++ b/src/include/k5-ipc_stream.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * $Header$ * @@ -42,36 +43,36 @@ uint64_t krb5int_ipc_stream_size (k5_ipc_stream in_stream); const char *krb5int_ipc_stream_data (k5_ipc_stream in_stream); uint32_t krb5int_ipc_stream_read (k5_ipc_stream in_stream, - void *io_data, - uint64_t in_size); + void *io_data, + uint64_t in_size); uint32_t krb5int_ipc_stream_write (k5_ipc_stream in_stream, - const void *in_data, - uint64_t in_size); + const void *in_data, + uint64_t in_size); uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream io_stream, - char **out_string); + char **out_string); uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream io_stream, - const char *in_string); + const char *in_string); void krb5int_ipc_stream_free_string (char *in_string); uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream io_stream, - int32_t *out_int32); + int32_t *out_int32); uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream, - int32_t in_int32); + int32_t in_int32); uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream io_stream, - uint32_t *out_uint32); + uint32_t *out_uint32); uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream, - uint32_t in_uint32); + uint32_t in_uint32); uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream io_stream, - int64_t *out_int64); + int64_t *out_int64); uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream, - int64_t in_int64); + int64_t in_int64); uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream io_stream, - uint64_t *out_uint64); + uint64_t *out_uint64); uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream, - uint64_t in_uint64); + uint64_t in_uint64); #endif /* K5_IPC_STREAM_H */ diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h index d4d05aee10..7c1c57d706 100644 --- a/src/include/k5-platform.h +++ b/src/include/k5-platform.h @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * k5-platform.h * @@ -16,7 +17,7 @@ * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label + * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of @@ -209,52 +210,52 @@ # include "k5-thread.h" typedef struct { k5_once_t once; int error, did_run; void (*fn)(void); } k5_init_t; # ifdef USE_LINKER_INIT_OPTION -# define MAYBE_DUMMY_INIT(NAME) \ - void JOIN__2(NAME, auxinit) () { } +# define MAYBE_DUMMY_INIT(NAME) \ + void JOIN__2(NAME, auxinit) () { } # else # define MAYBE_DUMMY_INIT(NAME) # endif # ifdef __GNUC__ /* Do it in macro form so we get the file/line of the invocation if the assertion fails. */ -# define k5_call_init_function(I) \ - (__extension__ ({ \ - k5_init_t *k5int_i = (I); \ - int k5int_err = k5_once(&k5int_i->once, k5int_i->fn); \ - (k5int_err \ - ? k5int_err \ - : (assert(k5int_i->did_run != 0), k5int_i->error)); \ - })) +# define k5_call_init_function(I) \ + (__extension__ ({ \ + k5_init_t *k5int_i = (I); \ + int k5int_err = k5_once(&k5int_i->once, k5int_i->fn); \ + (k5int_err \ + ? k5int_err \ + : (assert(k5int_i->did_run != 0), k5int_i->error)); \ + })) # define MAYBE_DEFINE_CALLINIT_FUNCTION # else -# define MAYBE_DEFINE_CALLINIT_FUNCTION \ - static inline int k5_call_init_function(k5_init_t *i) \ - { \ - int err; \ - err = k5_once(&i->once, i->fn); \ - if (err) \ - return err; \ - assert (i->did_run != 0); \ - return i->error; \ - } +# define MAYBE_DEFINE_CALLINIT_FUNCTION \ + static inline int k5_call_init_function(k5_init_t *i) \ + { \ + int err; \ + err = k5_once(&i->once, i->fn); \ + if (err) \ + return err; \ + assert (i->did_run != 0); \ + return i->error; \ + } # endif -# define MAKE_INIT_FUNCTION(NAME) \ - static int NAME(void); \ - MAYBE_DUMMY_INIT(NAME) \ - /* forward declaration for use in initializer */ \ - static void JOIN__2(NAME, aux) (void); \ - static k5_init_t JOIN__2(NAME, once) = \ - { K5_ONCE_INIT, 0, 0, JOIN__2(NAME, aux) }; \ - MAYBE_DEFINE_CALLINIT_FUNCTION \ - static void JOIN__2(NAME, aux) (void) \ - { \ - JOIN__2(NAME, once).did_run = 1; \ - JOIN__2(NAME, once).error = NAME(); \ - } \ - /* so ';' following macro use won't get error */ \ - static int NAME(void) -# define CALL_INIT_FUNCTION(NAME) \ - k5_call_init_function(& JOIN__2(NAME, once)) +# define MAKE_INIT_FUNCTION(NAME) \ + static int NAME(void); \ + MAYBE_DUMMY_INIT(NAME) \ + /* forward declaration for use in initializer */ \ + static void JOIN__2(NAME, aux) (void); \ + static k5_init_t JOIN__2(NAME, once) = \ + { K5_ONCE_INIT, 0, 0, JOIN__2(NAME, aux) }; \ + MAYBE_DEFINE_CALLINIT_FUNCTION \ + static void JOIN__2(NAME, aux) (void) \ + { \ + JOIN__2(NAME, once).did_run = 1; \ + JOIN__2(NAME, once).error = NAME(); \ + } \ + /* so ';' following macro use won't get error */ \ + static int NAME(void) +# define CALL_INIT_FUNCTION(NAME) \ + k5_call_init_function(& JOIN__2(NAME, once)) /* This should be called in finalization only, so we shouldn't have multiple active threads mucking around in our library at this point. So ignore the once_t object and just look at the flag. @@ -264,10 +265,10 @@ typedef struct { k5_once_t once; int error, did_run; void (*fn)(void); } k5_init application code should already be coordinating things such that the library code is not in use by this point, and memory synchronization will be needed there. */ -# define INITIALIZER_RAN(NAME) \ - (JOIN__2(NAME, once).did_run && JOIN__2(NAME, once).error == 0) +# define INITIALIZER_RAN(NAME) \ + (JOIN__2(NAME, once).did_run && JOIN__2(NAME, once).error == 0) -# define PROGRAM_EXITING() (0) +# define PROGRAM_EXITING() (0) #elif defined(__GNUC__) && !defined(_WIN32) && defined(CONSTRUCTOR_ATTR_WORKS) @@ -275,63 +276,63 @@ typedef struct { k5_once_t once; int error, did_run; void (*fn)(void); } k5_init # ifdef USE_LINKER_INIT_OPTION /* Both gcc and linker option?? Favor gcc. */ -# define MAYBE_DUMMY_INIT(NAME) \ - void JOIN__2(NAME, auxinit) () { } +# define MAYBE_DUMMY_INIT(NAME) \ + void JOIN__2(NAME, auxinit) () { } # else # define MAYBE_DUMMY_INIT(NAME) # endif typedef struct { int error; unsigned char did_run; } k5_init_t; -# define MAKE_INIT_FUNCTION(NAME) \ - MAYBE_DUMMY_INIT(NAME) \ - static k5_init_t JOIN__2(NAME, ran) \ - = { 0, 2 }; \ - static void JOIN__2(NAME, aux)(void) \ - __attribute__((constructor)); \ - static int NAME(void); \ - static void JOIN__2(NAME, aux)(void) \ - { \ - JOIN__2(NAME, ran).error = NAME(); \ - JOIN__2(NAME, ran).did_run = 3; \ - } \ - static int NAME(void) -# define CALL_INIT_FUNCTION(NAME) \ - (JOIN__2(NAME, ran).did_run == 3 \ - ? JOIN__2(NAME, ran).error \ - : (abort(),0)) -# define INITIALIZER_RAN(NAME) (JOIN__2(NAME,ran).did_run == 3 && JOIN__2(NAME, ran).error == 0) - -# define PROGRAM_EXITING() (0) +# define MAKE_INIT_FUNCTION(NAME) \ + MAYBE_DUMMY_INIT(NAME) \ + static k5_init_t JOIN__2(NAME, ran) \ + = { 0, 2 }; \ + static void JOIN__2(NAME, aux)(void) \ + __attribute__((constructor)); \ + static int NAME(void); \ + static void JOIN__2(NAME, aux)(void) \ + { \ + JOIN__2(NAME, ran).error = NAME(); \ + JOIN__2(NAME, ran).did_run = 3; \ + } \ + static int NAME(void) +# define CALL_INIT_FUNCTION(NAME) \ + (JOIN__2(NAME, ran).did_run == 3 \ + ? JOIN__2(NAME, ran).error \ + : (abort(),0)) +# define INITIALIZER_RAN(NAME) (JOIN__2(NAME,ran).did_run == 3 && JOIN__2(NAME, ran).error == 0) + +# define PROGRAM_EXITING() (0) #elif defined(USE_LINKER_INIT_OPTION) || defined(_WIN32) /* Run initializer at load time, via linker magic, or in the case of WIN32, win_glue.c hard-coded knowledge. */ typedef struct { int error; unsigned char did_run; } k5_init_t; -# define MAKE_INIT_FUNCTION(NAME) \ - static k5_init_t JOIN__2(NAME, ran) \ - = { 0, 2 }; \ - static int NAME(void); \ - void JOIN__2(NAME, auxinit)() \ - { \ - JOIN__2(NAME, ran).error = NAME(); \ - JOIN__2(NAME, ran).did_run = 3; \ - } \ - static int NAME(void) -# define CALL_INIT_FUNCTION(NAME) \ - (JOIN__2(NAME, ran).did_run == 3 \ - ? JOIN__2(NAME, ran).error \ - : (abort(),0)) -# define INITIALIZER_RAN(NAME) \ - (JOIN__2(NAME, ran).error == 0) - -# define PROGRAM_EXITING() (0) +# define MAKE_INIT_FUNCTION(NAME) \ + static k5_init_t JOIN__2(NAME, ran) \ + = { 0, 2 }; \ + static int NAME(void); \ + void JOIN__2(NAME, auxinit)() \ + { \ + JOIN__2(NAME, ran).error = NAME(); \ + JOIN__2(NAME, ran).did_run = 3; \ + } \ + static int NAME(void) +# define CALL_INIT_FUNCTION(NAME) \ + (JOIN__2(NAME, ran).did_run == 3 \ + ? JOIN__2(NAME, ran).error \ + : (abort(),0)) +# define INITIALIZER_RAN(NAME) \ + (JOIN__2(NAME, ran).error == 0) + +# define PROGRAM_EXITING() (0) #else # error "Don't know how to do load-time initializers for this configuration." -# define PROGRAM_EXITING() (0) +# define PROGRAM_EXITING() (0) #endif @@ -345,29 +346,29 @@ typedef struct { int error; unsigned char did_run; } k5_init_t; # ifdef __hpux /* On HP-UX, we need this auxiliary function. At dynamic load or - unload time (but *not* program startup and termination for - link-time specified libraries), the linker-indicated function - is called with a handle on the library and a flag indicating - whether it's being loaded or unloaded. + unload time (but *not* program startup and termination for + link-time specified libraries), the linker-indicated function + is called with a handle on the library and a flag indicating + whether it's being loaded or unloaded. - The "real" fini function doesn't need to be exported, so - declare it static. + The "real" fini function doesn't need to be exported, so + declare it static. - As usual, the final declaration is just for syntactic - convenience, so the top-level invocation of this macro can be - followed by a semicolon. */ + As usual, the final declaration is just for syntactic + convenience, so the top-level invocation of this macro can be + followed by a semicolon. */ # include -# define MAKE_FINI_FUNCTION(NAME) \ - static void NAME(void); \ - void JOIN__2(NAME, auxfini)(shl_t, int); /* silence gcc warnings */ \ - void JOIN__2(NAME, auxfini)(shl_t h, int l) { if (!l) NAME(); } \ - static void NAME(void) +# define MAKE_FINI_FUNCTION(NAME) \ + static void NAME(void); \ + void JOIN__2(NAME, auxfini)(shl_t, int); /* silence gcc warnings */ \ + void JOIN__2(NAME, auxfini)(shl_t h, int l) { if (!l) NAME(); } \ + static void NAME(void) # else /* not hpux */ -# define MAKE_FINI_FUNCTION(NAME) \ - void NAME(void) +# define MAKE_FINI_FUNCTION(NAME) \ + void NAME(void) # endif @@ -378,8 +379,8 @@ typedef struct { int error; unsigned char did_run; } k5_init_t; function attribute that makes use of the same facility as C++. XXX How do we know if the C++ support actually works? */ -# define MAKE_FINI_FUNCTION(NAME) \ - static void NAME(void) __attribute__((destructor)) +# define MAKE_FINI_FUNCTION(NAME) \ + static void NAME(void) __attribute__((destructor)) #elif !defined(SHARED) @@ -388,8 +389,8 @@ typedef struct { int error; unsigned char did_run; } k5_init_t; The code will still define the function, but we won't do anything with it. Annoying: This may generate unused-function warnings. */ -# define MAKE_FINI_FUNCTION(NAME) \ - static void NAME(void) +# define MAKE_FINI_FUNCTION(NAME) \ + static void NAME(void) #else @@ -505,10 +506,10 @@ typedef struct { int error; unsigned char did_run; } k5_init_t; on most of our platforms except Windows, where we're not using GCC. */ #ifdef __GNUC__ -# define PUT(SIZE,PTR,VAL) (((struct { uint##SIZE##_t i; } __attribute__((packed)) *)(PTR))->i = (VAL)) -# define GET(SIZE,PTR) (((const struct { uint##SIZE##_t i; } __attribute__((packed)) *)(PTR))->i) -# define PUTSWAPPED(SIZE,PTR,VAL) PUT(SIZE,PTR,SWAP##SIZE(VAL)) -# define GETSWAPPED(SIZE,PTR) SWAP##SIZE(GET(SIZE,PTR)) +# define PUT(SIZE,PTR,VAL) (((struct { uint##SIZE##_t i; } __attribute__((packed)) *)(PTR))->i = (VAL)) +# define GET(SIZE,PTR) (((const struct { uint##SIZE##_t i; } __attribute__((packed)) *)(PTR))->i) +# define PUTSWAPPED(SIZE,PTR,VAL) PUT(SIZE,PTR,SWAP##SIZE(VAL)) +# define GETSWAPPED(SIZE,PTR) SWAP##SIZE(GET(SIZE,PTR)) #endif /* To do: Define SWAP16, SWAP32, SWAP64 macros to byte-swap values with the indicated numbers of bits. @@ -520,25 +521,25 @@ typedef struct { int error; unsigned char did_run; } k5_init_t; #if defined(HAVE_BYTESWAP_H) && defined(HAVE_BSWAP_16) # include -# define SWAP16 bswap_16 -# define SWAP32 bswap_32 +# define SWAP16 bswap_16 +# define SWAP32 bswap_32 # ifdef HAVE_BSWAP_64 -# define SWAP64 bswap_64 +# define SWAP64 bswap_64 # endif #endif #if TARGET_OS_MAC # include # if 0 /* This causes compiler warnings. */ -# define SWAP16 OSSwapInt16 +# define SWAP16 OSSwapInt16 # else -# define SWAP16 k5_swap16 +# define SWAP16 k5_swap16 static inline unsigned int k5_swap16 (unsigned int x) { x &= 0xffff; return (x >> 8) | ((x & 0xff) << 8); } # endif -# define SWAP32 OSSwapInt32 -# define SWAP64 OSSwapInt64 +# define SWAP32 OSSwapInt32 +# define SWAP64 OSSwapInt64 #endif /* Note that on Windows at least this file can be included from C++ @@ -612,8 +613,8 @@ load_32_be (const void *cvp) return GETSWAPPED(32,p); #else return (p[3] | (p[2] << 8) - | ((uint32_t) p[1] << 16) - | ((uint32_t) p[0] << 24)); + | ((uint32_t) p[1] << 16) + | ((uint32_t) p[0] << 24)); #endif } static inline UINT64_TYPE @@ -769,51 +770,51 @@ k5_ntohll (UINT64_TYPE val) #ifdef HAVE_GETPWNAM_R # ifndef GETPWNAM_R_4_ARGS /* POSIX */ -# define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \ - (getpwnam_r(NAME,REC,BUF,BUFSIZE,OUT) == 0 \ - ? (*(OUT) == NULL ? -1 : 0) : -1) +# define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \ + (getpwnam_r(NAME,REC,BUF,BUFSIZE,OUT) == 0 \ + ? (*(OUT) == NULL ? -1 : 0) : -1) # else /* POSIX drafts? */ # ifdef GETPWNAM_R_RETURNS_INT -# define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \ - (getpwnam_r(NAME,REC,BUF,BUFSIZE) == 0 \ - ? (*(OUT) = REC, 0) \ - : (*(OUT) = NULL, -1)) +# define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \ + (getpwnam_r(NAME,REC,BUF,BUFSIZE) == 0 \ + ? (*(OUT) = REC, 0) \ + : (*(OUT) = NULL, -1)) # else # define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \ - (*(OUT) = getpwnam_r(NAME,REC,BUF,BUFSIZE), *(OUT) == NULL ? -1 : 0) + (*(OUT) = getpwnam_r(NAME,REC,BUF,BUFSIZE), *(OUT) == NULL ? -1 : 0) # endif # endif #else /* no getpwnam_r, or can't figure out #args or return type */ /* Will get warnings about unused variables. */ # define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \ - (*(OUT) = getpwnam(NAME), *(OUT) == NULL ? -1 : 0) + (*(OUT) = getpwnam(NAME), *(OUT) == NULL ? -1 : 0) #endif /* int k5_getpwuid_r(uid_t, blah blah) */ #ifdef HAVE_GETPWUID_R # ifndef GETPWUID_R_4_ARGS /* POSIX */ -# define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \ - (getpwuid_r(UID,REC,BUF,BUFSIZE,OUT) == 0 \ - ? (*(OUT) == NULL ? -1 : 0) : -1) +# define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \ + (getpwuid_r(UID,REC,BUF,BUFSIZE,OUT) == 0 \ + ? (*(OUT) == NULL ? -1 : 0) : -1) # else /* POSIX drafts? Yes, I mean to test GETPWNAM... here. Less junk to do at configure time. */ # ifdef GETPWNAM_R_RETURNS_INT -# define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \ - (getpwuid_r(UID,REC,BUF,BUFSIZE) == 0 \ - ? (*(OUT) = REC, 0) \ - : (*(OUT) = NULL, -1)) +# define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \ + (getpwuid_r(UID,REC,BUF,BUFSIZE) == 0 \ + ? (*(OUT) = REC, 0) \ + : (*(OUT) = NULL, -1)) # else # define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \ - (*(OUT) = getpwuid_r(UID,REC,BUF,BUFSIZE), *(OUT) == NULL ? -1 : 0) + (*(OUT) = getpwuid_r(UID,REC,BUF,BUFSIZE), *(OUT) == NULL ? -1 : 0) # endif # endif #else /* no getpwuid_r, or can't figure out #args or return type */ /* Will get warnings about unused variables. */ # define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \ - (*(OUT) = getpwuid(UID), *(OUT) == NULL ? -1 : 0) + (*(OUT) = getpwuid(UID), *(OUT) == NULL ? -1 : 0) #endif /* Ensure, if possible, that the indicated file descriptor won't be @@ -829,10 +830,10 @@ set_cloexec_fd(int fd) #if defined(F_SETFD) # ifdef FD_CLOEXEC if (fcntl(fd, F_SETFD, FD_CLOEXEC) != 0) - return errno; + return errno; # else if (fcntl(fd, F_SETFD, 1) != 0) - return errno; + return errno; # endif #endif return 0; @@ -850,14 +851,14 @@ set_cloexec_file(FILE *f) with F_SETFD. */ #ifdef F_SETFD # ifdef FD_CLOEXEC -# define set_cloexec_fd(FD) (fcntl((FD), F_SETFD, FD_CLOEXEC) ? errno : 0) +# define set_cloexec_fd(FD) (fcntl((FD), F_SETFD, FD_CLOEXEC) ? errno : 0) # else -# define set_cloexec_fd(FD) (fcntl((FD), F_SETFD, 1) ? errno : 0) +# define set_cloexec_fd(FD) (fcntl((FD), F_SETFD, 1) ? errno : 0) # endif #else -# define set_cloexec_fd(FD) ((FD),0) +# define set_cloexec_fd(FD) ((FD),0) #endif -#define set_cloexec_file(F) set_cloexec_fd(fileno(F)) +#define set_cloexec_file(F) set_cloexec_fd(fileno(F)) #endif @@ -871,7 +872,7 @@ set_cloexec_file(FILE *f) #if defined(HAS_VA_COPY) || defined(va_copy) /* Do nothing. */ #elif defined(CAN_COPY_VA_LIST) -#define va_copy(dest, src) ((dest) = (src)) +#define va_copy(dest, src) ((dest) = (src)) #else /* Assume array type, but still simply copyable. @@ -879,7 +880,7 @@ set_cloexec_file(FILE *f) allocate some storage pointed to by the va_list, and in that case we'll just lose. If anyone cares, we could try to devise a test for that case. */ -#define va_copy(dest, src) memcmp(dest, src, sizeof(va_list)) +#define va_copy(dest, src) memcmp(dest, src, sizeof(va_list)) #endif /* Provide strlcpy/strlcat interfaces. */ @@ -903,7 +904,7 @@ vsnprintf(char *str, size_t size, const char *format, va_list args) length = _vscprintf(format, args_copy); va_end(args_copy); if (size) - _vsnprintf(str, size, format, args); + _vsnprintf(str, size, format, args); return length; } static inline int diff --git a/src/include/k5-plugin.h b/src/include/k5-plugin.h index 498c5668c6..6ffbdbb716 100644 --- a/src/include/k5-plugin.h +++ b/src/include/k5-plugin.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (C) 2006 Massachusetts Institute of Technology. * All Rights Reserved. @@ -82,7 +83,7 @@ #define PLUGIN_SYMBOL_NAME(prefix, symbol) symbol #endif -struct plugin_file_handle; /* opaque */ +struct plugin_file_handle; /* opaque */ struct plugin_dir_handle { /* This points to a NULL-terminated list of pointers to plugin_file_handle structs */ @@ -98,28 +99,28 @@ krb5int_close_plugin (struct plugin_file_handle *); long KRB5_CALLCONV krb5int_get_plugin_data (struct plugin_file_handle *, const char *, void **, - struct errinfo *); + struct errinfo *); long KRB5_CALLCONV krb5int_get_plugin_func (struct plugin_file_handle *, const char *, - void (**)(), struct errinfo *); + void (**)(), struct errinfo *); long KRB5_CALLCONV krb5int_open_plugin_dirs (const char * const *, const char * const *, - struct plugin_dir_handle *, struct errinfo *); + struct plugin_dir_handle *, struct errinfo *); void KRB5_CALLCONV krb5int_close_plugin_dirs (struct plugin_dir_handle *); long KRB5_CALLCONV krb5int_get_plugin_dir_data (struct plugin_dir_handle *, const char *, - void ***, struct errinfo *); + void ***, struct errinfo *); void KRB5_CALLCONV krb5int_free_plugin_dir_data (void **); long KRB5_CALLCONV krb5int_get_plugin_dir_func (struct plugin_dir_handle *, const char *, - void (***)(void), struct errinfo *); + void (***)(void), struct errinfo *); void KRB5_CALLCONV krb5int_free_plugin_dir_func (void (**)(void)); diff --git a/src/include/k5-thread.h b/src/include/k5-thread.h index 069b51c74b..5f0325c5e7 100644 --- a/src/include/k5-thread.h +++ b/src/include/k5-thread.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * include/k5-thread.h * @@ -40,101 +41,101 @@ /* Interface (tentative): - Mutex support: - - // Between these two, we should be able to do pure compile-time - // and pure run-time initialization. - // POSIX: partial initializer is PTHREAD_MUTEX_INITIALIZER, - // finish does nothing - // Windows: partial initializer is an invalid handle, - // finish does the real initialization work - k5_mutex_t foo_mutex = K5_MUTEX_PARTIAL_INITIALIZER; - int k5_mutex_finish_init(k5_mutex_t *); - // for dynamic allocation - int k5_mutex_init(k5_mutex_t *); - // Must work for both kinds of alloc, even if it means adding flags. - int k5_mutex_destroy(k5_mutex_t *); - - // As before. - int k5_mutex_lock(k5_mutex_t *); - int k5_mutex_unlock(k5_mutex_t *); - - In each library, one new function to finish the static mutex init, - and any other library-wide initialization that might be desired. - On POSIX, this function would be called via the second support - function (see below). On Windows, it would be called at library - load time. These functions, or functions they calls, should be the - only places that k5_mutex_finish_init gets called. - - A second function or macro called at various possible "first" entry - points which either calls pthread_once on the first function - (POSIX), or checks some flag set by the first function (Windows), - and possibly returns an error. (In the non-threaded case, a simple - flag can be used to avoid multiple invocations, and the mutexes - don't need run-time initialization anyways.) - - A third function for library termination calls mutex_destroy on - each mutex for the library. This function would be called - automatically at library unload time. If it turns out to be needed - at exit time for libraries that don't get unloaded, perhaps we - should also use atexit(). Any static mutexes should be cleaned up - with k5_mutex_destroy here. - - How does that second support function invoke the first support - function only once? Through something modelled on pthread_once - that I haven't written up yet. Probably: - - k5_once_t foo_once = K5_ONCE_INIT; - k5_once(k5_once_t *, void (*)(void)); - - For POSIX: Map onto pthread_once facility. - For non-threaded case: A simple flag. - For Windows: Not needed; library init code takes care of it. - - XXX: A general k5_once mechanism isn't possible for Windows, - without faking it through named mutexes or mutexes initialized at - startup. I was only using it in one place outside these headers, - so I'm dropping the general scheme. Eventually the existing uses - in k5-thread.h and k5-platform.h will be converted to pthread_once - or static variables. - - - Thread-specific data: - - // TSD keys are limited in number in gssapi/krb5/com_err; enumerate - // them all. This allows support code init to allocate the - // necessary storage for pointers all at once, and avoids any - // possible error in key creation. - enum { ... } k5_key_t; - // Register destructor function. Called in library init code. - int k5_key_register(k5_key_t, void (*destructor)(void *)); - // Returns NULL or data. - void *k5_getspecific(k5_key_t); - // Returns error if key out of bounds, or the pointer table can't - // be allocated. A call to k5_key_register must have happened first. - // This may trigger the calling of pthread_setspecific on POSIX. - int k5_setspecific(k5_key_t, void *); - // Called in library termination code. - // Trashes data in all threads, calling the registered destructor - // (but calling it from the current thread). - int k5_key_delete(k5_key_t); - - For the non-threaded version, the support code will have a static - array indexed by k5_key_t values, and get/setspecific simply access - the array elements. - - The TSD destructor table is global state, protected by a mutex if - threads are enabled. - - - Any actual external symbols will use the krb5int_ prefix. The k5_ - names will be simple macros or inline functions to rename the - external symbols, or slightly more complex ones to expand the - implementation inline (e.g., map to POSIX versions and/or debug - code using __FILE__ and the like). - - - More to be added, perhaps. */ + Mutex support: + + // Between these two, we should be able to do pure compile-time + // and pure run-time initialization. + // POSIX: partial initializer is PTHREAD_MUTEX_INITIALIZER, + // finish does nothing + // Windows: partial initializer is an invalid handle, + // finish does the real initialization work + k5_mutex_t foo_mutex = K5_MUTEX_PARTIAL_INITIALIZER; + int k5_mutex_finish_init(k5_mutex_t *); + // for dynamic allocation + int k5_mutex_init(k5_mutex_t *); + // Must work for both kinds of alloc, even if it means adding flags. + int k5_mutex_destroy(k5_mutex_t *); + + // As before. + int k5_mutex_lock(k5_mutex_t *); + int k5_mutex_unlock(k5_mutex_t *); + + In each library, one new function to finish the static mutex init, + and any other library-wide initialization that might be desired. + On POSIX, this function would be called via the second support + function (see below). On Windows, it would be called at library + load time. These functions, or functions they calls, should be the + only places that k5_mutex_finish_init gets called. + + A second function or macro called at various possible "first" entry + points which either calls pthread_once on the first function + (POSIX), or checks some flag set by the first function (Windows), + and possibly returns an error. (In the non-threaded case, a simple + flag can be used to avoid multiple invocations, and the mutexes + don't need run-time initialization anyways.) + + A third function for library termination calls mutex_destroy on + each mutex for the library. This function would be called + automatically at library unload time. If it turns out to be needed + at exit time for libraries that don't get unloaded, perhaps we + should also use atexit(). Any static mutexes should be cleaned up + with k5_mutex_destroy here. + + How does that second support function invoke the first support + function only once? Through something modelled on pthread_once + that I haven't written up yet. Probably: + + k5_once_t foo_once = K5_ONCE_INIT; + k5_once(k5_once_t *, void (*)(void)); + + For POSIX: Map onto pthread_once facility. + For non-threaded case: A simple flag. + For Windows: Not needed; library init code takes care of it. + + XXX: A general k5_once mechanism isn't possible for Windows, + without faking it through named mutexes or mutexes initialized at + startup. I was only using it in one place outside these headers, + so I'm dropping the general scheme. Eventually the existing uses + in k5-thread.h and k5-platform.h will be converted to pthread_once + or static variables. + + + Thread-specific data: + + // TSD keys are limited in number in gssapi/krb5/com_err; enumerate + // them all. This allows support code init to allocate the + // necessary storage for pointers all at once, and avoids any + // possible error in key creation. + enum { ... } k5_key_t; + // Register destructor function. Called in library init code. + int k5_key_register(k5_key_t, void (*destructor)(void *)); + // Returns NULL or data. + void *k5_getspecific(k5_key_t); + // Returns error if key out of bounds, or the pointer table can't + // be allocated. A call to k5_key_register must have happened first. + // This may trigger the calling of pthread_setspecific on POSIX. + int k5_setspecific(k5_key_t, void *); + // Called in library termination code. + // Trashes data in all threads, calling the registered destructor + // (but calling it from the current thread). + int k5_key_delete(k5_key_t); + + For the non-threaded version, the support code will have a static + array indexed by k5_key_t values, and get/setspecific simply access + the array elements. + + The TSD destructor table is global state, protected by a mutex if + threads are enabled. + + + Any actual external symbols will use the krb5int_ prefix. The k5_ + names will be simple macros or inline functions to rename the + external symbols, or slightly more complex ones to expand the + implementation inline (e.g., map to POSIX versions and/or debug + code using __FILE__ and the like). + + + More to be added, perhaps. */ #include @@ -161,7 +162,7 @@ /* Define the OS mutex bit. */ typedef char k5_os_nothread_mutex; -# define K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER 0 +# define K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER 0 /* Empty inline functions avoid the "statement with no effect" warnings, and do better type-checking than functions that don't use their arguments. */ @@ -186,28 +187,28 @@ static inline int k5_os_nothread_mutex_unlock(k5_os_nothread_mutex *m) { 3 - function has been run 4 - function is being run -- deadlock detected */ typedef unsigned char k5_os_nothread_once_t; -# define K5_OS_NOTHREAD_ONCE_INIT 2 -# define k5_os_nothread_once(O,F) \ - (*(O) == 3 ? 0 \ - : *(O) == 2 ? (*(O) = 4, (F)(), *(O) = 3, 0) \ - : (assert(*(O) != 4), assert(*(O) == 2 || *(O) == 3), 0)) +# define K5_OS_NOTHREAD_ONCE_INIT 2 +# define k5_os_nothread_once(O,F) \ + (*(O) == 3 ? 0 \ + : *(O) == 2 ? (*(O) = 4, (F)(), *(O) = 3, 0) \ + : (assert(*(O) != 4), assert(*(O) == 2 || *(O) == 3), 0)) #ifndef ENABLE_THREADS typedef k5_os_nothread_mutex k5_os_mutex; -# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ - K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER -# define k5_os_mutex_finish_init k5_os_nothread_mutex_finish_init -# define k5_os_mutex_init k5_os_nothread_mutex_init -# define k5_os_mutex_destroy k5_os_nothread_mutex_destroy -# define k5_os_mutex_lock k5_os_nothread_mutex_lock -# define k5_os_mutex_unlock k5_os_nothread_mutex_unlock - -# define k5_once_t k5_os_nothread_once_t -# define K5_ONCE_INIT K5_OS_NOTHREAD_ONCE_INIT -# define k5_once k5_os_nothread_once +# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ + K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER +# define k5_os_mutex_finish_init k5_os_nothread_mutex_finish_init +# define k5_os_mutex_init k5_os_nothread_mutex_init +# define k5_os_mutex_destroy k5_os_nothread_mutex_destroy +# define k5_os_mutex_lock k5_os_nothread_mutex_lock +# define k5_os_mutex_unlock k5_os_nothread_mutex_unlock + +# define k5_once_t k5_os_nothread_once_t +# define K5_ONCE_INIT K5_OS_NOTHREAD_ONCE_INIT +# define k5_once k5_os_nothread_once #elif HAVE_PTHREAD @@ -247,10 +248,10 @@ typedef k5_os_nothread_mutex k5_os_mutex; symbol tables of the current process. */ extern int krb5int_pthread_loaded(void) #ifdef __GNUC__ - /* We should always get the same answer for the life of the process. */ - __attribute__((const)) +/* We should always get the same answer for the life of the process. */ + __attribute__((const)) #endif - ; + ; #if defined(HAVE_PRAGMA_WEAK_REF) && !defined(NO_WEAK_PTHREADS) # pragma weak pthread_once # pragma weak pthread_mutex_lock @@ -259,7 +260,7 @@ extern int krb5int_pthread_loaded(void) # pragma weak pthread_mutex_init # pragma weak pthread_self # pragma weak pthread_equal -# define K5_PTHREADS_LOADED (krb5int_pthread_loaded()) +# define K5_PTHREADS_LOADED (krb5int_pthread_loaded()) # define USE_PTHREAD_LOCK_ONLY_IF_LOADED /* Can't rely on useful stubs -- see above regarding Solaris. */ @@ -267,19 +268,19 @@ typedef struct { pthread_once_t o; k5_os_nothread_once_t n; } k5_once_t; -# define K5_ONCE_INIT { PTHREAD_ONCE_INIT, K5_OS_NOTHREAD_ONCE_INIT } -# define k5_once(O,F) (K5_PTHREADS_LOADED \ - ? pthread_once(&(O)->o,F) \ - : k5_os_nothread_once(&(O)->n,F)) +# define K5_ONCE_INIT { PTHREAD_ONCE_INIT, K5_OS_NOTHREAD_ONCE_INIT } +# define k5_once(O,F) (K5_PTHREADS_LOADED \ + ? pthread_once(&(O)->o,F) \ + : k5_os_nothread_once(&(O)->n,F)) #else /* no pragma weak support */ -# define K5_PTHREADS_LOADED (1) +# define K5_PTHREADS_LOADED (1) typedef pthread_once_t k5_once_t; -# define K5_ONCE_INIT PTHREAD_ONCE_INIT -# define k5_once pthread_once +# define K5_ONCE_INIT PTHREAD_ONCE_INIT +# define k5_once pthread_once #endif @@ -294,28 +295,28 @@ typedef pthread_once_t k5_once_t; #endif typedef pthread_mutex_t k5_os_mutex; -# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ - PTHREAD_MUTEX_INITIALIZER +# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ + PTHREAD_MUTEX_INITIALIZER #ifdef USE_PTHREAD_LOCK_ONLY_IF_LOADED -# define k5_os_mutex_finish_init(M) (0) -# define k5_os_mutex_init(M) \ - (K5_PTHREADS_LOADED ? pthread_mutex_init((M), 0) : 0) -# define k5_os_mutex_destroy(M) \ - (K5_PTHREADS_LOADED ? pthread_mutex_destroy((M)) : 0) -# define k5_os_mutex_lock(M) \ - (K5_PTHREADS_LOADED ? pthread_mutex_lock(M) : 0) -# define k5_os_mutex_unlock(M) \ - (K5_PTHREADS_LOADED ? pthread_mutex_unlock(M) : 0) +# define k5_os_mutex_finish_init(M) (0) +# define k5_os_mutex_init(M) \ + (K5_PTHREADS_LOADED ? pthread_mutex_init((M), 0) : 0) +# define k5_os_mutex_destroy(M) \ + (K5_PTHREADS_LOADED ? pthread_mutex_destroy((M)) : 0) +# define k5_os_mutex_lock(M) \ + (K5_PTHREADS_LOADED ? pthread_mutex_lock(M) : 0) +# define k5_os_mutex_unlock(M) \ + (K5_PTHREADS_LOADED ? pthread_mutex_unlock(M) : 0) #else static inline int k5_os_mutex_finish_init(k5_os_mutex *m) { return 0; } -# define k5_os_mutex_init(M) pthread_mutex_init((M), 0) -# define k5_os_mutex_destroy(M) pthread_mutex_destroy((M)) -# define k5_os_mutex_lock(M) pthread_mutex_lock(M) -# define k5_os_mutex_unlock(M) pthread_mutex_unlock(M) +# define k5_os_mutex_init(M) pthread_mutex_init((M), 0) +# define k5_os_mutex_destroy(M) pthread_mutex_destroy((M)) +# define k5_os_mutex_lock(M) pthread_mutex_lock(M) +# define k5_os_mutex_unlock(M) pthread_mutex_unlock(M) #endif /* is pthreads always available? */ @@ -328,21 +329,21 @@ typedef struct { # define K5_OS_MUTEX_PARTIAL_INITIALIZER { INVALID_HANDLE_VALUE, 0 } -# define k5_os_mutex_finish_init(M) \ - (assert((M)->h == INVALID_HANDLE_VALUE), \ - ((M)->h = CreateMutex(NULL, FALSE, NULL)) ? 0 : GetLastError()) -# define k5_os_mutex_init(M) \ - ((M)->is_locked = 0, \ - ((M)->h = CreateMutex(NULL, FALSE, NULL)) ? 0 : GetLastError()) -# define k5_os_mutex_destroy(M) \ - (CloseHandle((M)->h) ? ((M)->h = 0, 0) : GetLastError()) +# define k5_os_mutex_finish_init(M) \ + (assert((M)->h == INVALID_HANDLE_VALUE), \ + ((M)->h = CreateMutex(NULL, FALSE, NULL)) ? 0 : GetLastError()) +# define k5_os_mutex_init(M) \ + ((M)->is_locked = 0, \ + ((M)->h = CreateMutex(NULL, FALSE, NULL)) ? 0 : GetLastError()) +# define k5_os_mutex_destroy(M) \ + (CloseHandle((M)->h) ? ((M)->h = 0, 0) : GetLastError()) static inline int k5_os_mutex_lock(k5_os_mutex *m) { DWORD res; res = WaitForSingleObject(m->h, INFINITE); if (res == WAIT_FAILED) - return GetLastError(); + return GetLastError(); /* Eventually these should be turned into some reasonable error code. */ assert(res != WAIT_TIMEOUT); @@ -354,10 +355,10 @@ static inline int k5_os_mutex_lock(k5_os_mutex *m) return 0; } -# define k5_os_mutex_unlock(M) \ - (assert((M)->is_locked == 1), \ - (M)->is_locked = 0, \ - ReleaseMutex((M)->h) ? 0 : GetLastError()) +# define k5_os_mutex_unlock(M) \ + (assert((M)->is_locked == 1), \ + (M)->is_locked = 0, \ + ReleaseMutex((M)->h) ? 0 : GetLastError()) #else @@ -369,7 +370,7 @@ static inline int k5_os_mutex_lock(k5_os_mutex *m) typedef k5_os_mutex k5_mutex_t; -#define K5_MUTEX_PARTIAL_INITIALIZER K5_OS_MUTEX_PARTIAL_INITIALIZER +#define K5_MUTEX_PARTIAL_INITIALIZER K5_OS_MUTEX_PARTIAL_INITIALIZER static inline int k5_mutex_init(k5_mutex_t *m) { return k5_os_mutex_init(m); @@ -378,7 +379,7 @@ static inline int k5_mutex_finish_init(k5_mutex_t *m) { return k5_os_mutex_finish_init(m); } -#define k5_mutex_destroy(M) \ +#define k5_mutex_destroy(M) \ (k5_os_mutex_destroy(M)) #if __GNUC__ >= 4 @@ -390,13 +391,13 @@ static inline int k5_mutex_lock(k5_mutex_t *m) return k5_os_mutex_lock(m); } -#define k5_mutex_unlock(M) \ - (k5_os_mutex_unlock(M)) +#define k5_mutex_unlock(M) \ + (k5_os_mutex_unlock(M)) -#define k5_mutex_assert_locked(M) ((void)(M)) -#define k5_mutex_assert_unlocked(M) ((void)(M)) -#define k5_assert_locked k5_mutex_assert_locked -#define k5_assert_unlocked k5_mutex_assert_unlocked +#define k5_mutex_assert_locked(M) ((void)(M)) +#define k5_mutex_assert_unlocked(M) ((void)(M)) +#define k5_assert_locked k5_mutex_assert_locked +#define k5_assert_unlocked k5_mutex_assert_unlocked /* Thread-specific data; implemented in a support file, because we'll @@ -417,10 +418,10 @@ typedef enum { K5_KEY_MAX } k5_key_t; /* rename shorthand symbols for export */ -#define k5_key_register krb5int_key_register -#define k5_getspecific krb5int_getspecific -#define k5_setspecific krb5int_setspecific -#define k5_key_delete krb5int_key_delete +#define k5_key_register krb5int_key_register +#define k5_getspecific krb5int_getspecific +#define k5_setspecific krb5int_setspecific +#define k5_key_delete krb5int_key_delete extern int k5_key_register(k5_key_t, void (*)(void *)); extern void *k5_getspecific(k5_key_t); extern int k5_setspecific(k5_key_t, void *); diff --git a/src/include/k5-unicode.h b/src/include/k5-unicode.h index 3a42a8269c..d643734632 100644 --- a/src/include/k5-unicode.h +++ b/src/include/k5-unicode.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (C) 2008 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. @@ -111,11 +112,11 @@ void krb5int_ucstr2upper( krb5_unicode *, size_t); -#define KRB5_UTF8_NOCASEFOLD 0x0U -#define KRB5_UTF8_CASEFOLD 0x1U -#define KRB5_UTF8_ARG1NFC 0x2U -#define KRB5_UTF8_ARG2NFC 0x4U -#define KRB5_UTF8_APPROX 0x8U +#define KRB5_UTF8_NOCASEFOLD 0x0U +#define KRB5_UTF8_CASEFOLD 0x1U +#define KRB5_UTF8_ARG1NFC 0x2U +#define KRB5_UTF8_ARG2NFC 0x4U +#define KRB5_UTF8_APPROX 0x8U krb5_error_code krb5int_utf8_normalize( krb5_data *, diff --git a/src/include/k5-utf8.h b/src/include/k5-utf8.h index c27d20923d..ac54147e75 100644 --- a/src/include/k5-utf8.h +++ b/src/include/k5-utf8.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (C) 2008 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. @@ -84,19 +85,19 @@ #endif #if INT_MAX == 0x7fff -typedef unsigned int krb5_ucs2; +typedef unsigned int krb5_ucs2; #elif SHRT_MAX == 0x7fff -typedef unsigned short krb5_ucs2; +typedef unsigned short krb5_ucs2; #else #error undefined 16 bit type #endif #if INT_MAX == 0x7fffffffL -typedef int krb5_ucs4; +typedef int krb5_ucs4; #elif LONG_MAX == 0x7fffffffL -typedef long krb5_ucs4; +typedef long krb5_ucs4; #elif SHRT_MAX == 0x7fffffffL -typedef short krb5_ucs4; +typedef short krb5_ucs4; #else #error: undefined 32 bit type #endif @@ -111,47 +112,47 @@ size_t krb5int_ucs4_to_utf8(krb5_ucs4 c, char *buf); int krb5int_ucs2s_to_utf8s(const krb5_ucs2 *ucs2s, - char **utf8s, - size_t *utf8slen); + char **utf8s, + size_t *utf8slen); int krb5int_ucs2cs_to_utf8s(const krb5_ucs2 *ucs2s, - size_t ucs2slen, - char **utf8s, - size_t *utf8slen); + size_t ucs2slen, + char **utf8s, + size_t *utf8slen); int krb5int_ucs2les_to_utf8s(const unsigned char *ucs2les, - char **utf8s, - size_t *utf8slen); + char **utf8s, + size_t *utf8slen); int krb5int_ucs2lecs_to_utf8s(const unsigned char *ucs2les, - size_t ucs2leslen, - char **utf8s, - size_t *utf8slen); + size_t ucs2leslen, + char **utf8s, + size_t *utf8slen); int krb5int_utf8s_to_ucs2s(const char *utf8s, - krb5_ucs2 **ucs2s, - size_t *ucs2chars); + krb5_ucs2 **ucs2s, + size_t *ucs2chars); int krb5int_utf8cs_to_ucs2s(const char *utf8s, - size_t utf8slen, - krb5_ucs2 **ucs2s, - size_t *ucs2chars); + size_t utf8slen, + krb5_ucs2 **ucs2s, + size_t *ucs2chars); int krb5int_utf8s_to_ucs2les(const char *utf8s, - unsigned char **ucs2les, - size_t *ucs2leslen); + unsigned char **ucs2les, + size_t *ucs2leslen); int krb5int_utf8cs_to_ucs2les(const char *utf8s, - size_t utf8slen, - unsigned char **ucs2les, - size_t *ucs2leslen); + size_t utf8slen, + unsigned char **ucs2les, + size_t *ucs2leslen); /* returns the number of bytes in the UTF-8 string */ size_t krb5int_utf8_bytes(const char *); @@ -200,26 +201,28 @@ char *krb5int_utf8_strtok( char* sp, const char* sep, char **last); extern const char krb5int_utf8_lentab[128]; extern const char krb5int_utf8_mintab[32]; -#define KRB5_UTF8_ISASCII(p) ( !(*(const unsigned char *)(p) & 0x80 ) ) -#define KRB5_UTF8_CHARLEN(p) ( KRB5_UTF8_ISASCII(p) \ - ? 1 : krb5int_utf8_lentab[*(const unsigned char *)(p) ^ 0x80] ) +#define KRB5_UTF8_BV(p) (*(const unsigned char *)(p)) +#define KRB5_UTF8_ISASCII(p) (!(KRB5_UTF8_BV(p) & 0x80)) +#define KRB5_UTF8_CHARLEN(p) (KRB5_UTF8_ISASCII(p) ? 1 : \ + krb5int_utf8_lentab[KRB5_UTF8_BV(p) ^ 0x80]) /* This is like CHARLEN but additionally validates to make sure * the char used the shortest possible encoding. * 'l' is used to temporarily hold the result of CHARLEN. */ -#define KRB5_UTF8_CHARLEN2(p, l) ( ( ( l = KRB5_UTF8_CHARLEN( p )) < 3 || \ - ( krb5int_utf8_mintab[*(const unsigned char *)(p) & 0x1f] & (p)[1] ) ) ? \ - l : 0 ) +#define KRB5_UTF8_CHARLEN2(p, l) ( \ + ((l = KRB5_UTF8_CHARLEN(p)) < 3 || \ + (krb5int_utf8_mintab[KRB5_UTF8_BV(p) & 0x1f] & (p)[1])) ? \ + l : 0) -#define KRB5_UTF8_OFFSET(p) ( KRB5_UTF8_ISASCII(p) \ - ? 1 : krb5int_utf8_offset((p)) ) +#define KRB5_UTF8_OFFSET(p) (KRB5_UTF8_ISASCII(p) \ + ? 1 : krb5int_utf8_offset((p)) ) -#define KRB5_UTF8_COPY(d,s) ( KRB5_UTF8_ISASCII(s) \ - ? (*(d) = *(s), 1) : krb5int_utf8_copy((d),(s)) ) +#define KRB5_UTF8_COPY(d,s) (KRB5_UTF8_ISASCII(s) \ + ? (*(d) = *(s), 1) : krb5int_utf8_copy((d),(s))) -#define KRB5_UTF8_NEXT(p) ( KRB5_UTF8_ISASCII(p) \ - ? (char *)(p)+1 : krb5int_utf8_next((p)) ) +#define KRB5_UTF8_NEXT(p) (KRB5_UTF8_ISASCII(p) \ + ? (char *)(p)+1 : krb5int_utf8_next((p))) #define KRB5_UTF8_INCR(p) ((p) = KRB5_UTF8_NEXT(p)) @@ -231,19 +234,19 @@ extern const char krb5int_utf8_mintab[32]; * these macros assume 'x' is an ASCII x * and assume the "C" locale */ -#define KRB5_ASCII(c) (!((c) & 0x80)) -#define KRB5_SPACE(c) ((c) == ' ' || (c) == '\t' || (c) == '\n') -#define KRB5_DIGIT(c) ((c) >= '0' && (c) <= '9') -#define KRB5_LOWER(c) ((c) >= 'a' && (c) <= 'z') -#define KRB5_UPPER(c) ((c) >= 'A' && (c) <= 'Z') -#define KRB5_ALPHA(c) (KRB5_LOWER(c) || KRB5_UPPER(c)) -#define KRB5_ALNUM(c) (KRB5_ALPHA(c) || KRB5_DIGIT(c)) - -#define KRB5_LDH(c) (KRB5_ALNUM(c) || (c) == '-') - -#define KRB5_HEXLOWER(c) ((c) >= 'a' && (c) <= 'f') -#define KRB5_HEXUPPER(c) ((c) >= 'A' && (c) <= 'F') -#define KRB5_HEX(c) (KRB5_DIGIT(c) || \ - KRB5_HEXLOWER(c) || KRB5_HEXUPPER(c)) +#define KRB5_ASCII(c) (!((c) & 0x80)) +#define KRB5_SPACE(c) ((c) == ' ' || (c) == '\t' || (c) == '\n') +#define KRB5_DIGIT(c) ((c) >= '0' && (c) <= '9') +#define KRB5_LOWER(c) ((c) >= 'a' && (c) <= 'z') +#define KRB5_UPPER(c) ((c) >= 'A' && (c) <= 'Z') +#define KRB5_ALPHA(c) (KRB5_LOWER(c) || KRB5_UPPER(c)) +#define KRB5_ALNUM(c) (KRB5_ALPHA(c) || KRB5_DIGIT(c)) + +#define KRB5_LDH(c) (KRB5_ALNUM(c) || (c) == '-') + +#define KRB5_HEXLOWER(c) ((c) >= 'a' && (c) <= 'f') +#define KRB5_HEXUPPER(c) ((c) >= 'A' && (c) <= 'F') +#define KRB5_HEX(c) (KRB5_DIGIT(c) || \ + KRB5_HEXLOWER(c) || KRB5_HEXUPPER(c)) #endif /* K5_UTF8_H */ diff --git a/src/include/k5-util.h b/src/include/k5-util.h index 11b275f552..b978760cab 100644 --- a/src/include/k5-util.h +++ b/src/include/k5-util.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (C) 1989-1998,2002 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. @@ -63,25 +64,25 @@ #ifndef krb5_seteuid #if defined(HAVE_SETEUID) -# define krb5_seteuid(EUID) (seteuid((uid_t)(EUID))) +# define krb5_seteuid(EUID) (seteuid((uid_t)(EUID))) #elif defined(HAVE_SETRESUID) -# define krb5_seteuid(EUID) setresuid(getuid(), (uid_t)(EUID), geteuid()) +# define krb5_seteuid(EUID) setresuid(getuid(), (uid_t)(EUID), geteuid()) #elif defined(HAVE_SETREUID) -# define krb5_seteuid(EUID) setreuid(geteuid(), (uid_t)(EUID)) +# define krb5_seteuid(EUID) setreuid(geteuid(), (uid_t)(EUID)) #else - /* You need to add a case to deal with this operating system.*/ -# define krb5_seteuid(EUID) (errno = EPERM, -1) +/* You need to add a case to deal with this operating system.*/ +# define krb5_seteuid(EUID) (errno = EPERM, -1) #endif #ifdef HAVE_SETEGID -# define krb5_setegid(EGID) (setegid((gid_t)(EGID))) +# define krb5_setegid(EGID) (setegid((gid_t)(EGID))) #elif defined(HAVE_SETRESGID) -# define krb5_setegid(EGID) (setresgid(getgid(), (gid_t)(EGID), getegid())) +# define krb5_setegid(EGID) (setresgid(getgid(), (gid_t)(EGID), getegid())) #elif defined(HAVE_SETREGID) -# define krb5_setegid(EGID) (setregid(getegid(), (gid_t)(EGID))) +# define krb5_setegid(EGID) (setregid(getegid(), (gid_t)(EGID))) #else - /* You need to add a case to deal with this operating system.*/ -# define krb5_setegid(EGID) (errno = EPERM, -1) +/* You need to add a case to deal with this operating system.*/ +# define krb5_setegid(EGID) (errno = EPERM, -1) #endif #endif diff --git a/src/include/kdb.h b/src/include/kdb.h index 7506f1c0e1..8c6f532651 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * include/krb5/kdb.h * @@ -72,36 +73,36 @@ #include /* Salt types */ -#define KRB5_KDB_SALTTYPE_NORMAL 0 -#define KRB5_KDB_SALTTYPE_V4 1 -#define KRB5_KDB_SALTTYPE_NOREALM 2 -#define KRB5_KDB_SALTTYPE_ONLYREALM 3 -#define KRB5_KDB_SALTTYPE_SPECIAL 4 -#define KRB5_KDB_SALTTYPE_AFS3 5 -#define KRB5_KDB_SALTTYPE_CERTHASH 6 +#define KRB5_KDB_SALTTYPE_NORMAL 0 +#define KRB5_KDB_SALTTYPE_V4 1 +#define KRB5_KDB_SALTTYPE_NOREALM 2 +#define KRB5_KDB_SALTTYPE_ONLYREALM 3 +#define KRB5_KDB_SALTTYPE_SPECIAL 4 +#define KRB5_KDB_SALTTYPE_AFS3 5 +#define KRB5_KDB_SALTTYPE_CERTHASH 6 /* Attributes */ -#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 -#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 -#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 -#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 -#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 -#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 -#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 -#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 -#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 -#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 -#define KRB5_KDB_DISALLOW_SVR 0x00001000 -#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 +#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 +#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 +#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 +#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 +#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 +#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 +#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 +#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 +#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 +#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 +#define KRB5_KDB_DISALLOW_SVR 0x00001000 +#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 #define KRB5_KDB_SUPPORT_DESMD5 0x00004000 -#define KRB5_KDB_NEW_PRINC 0x00008000 -#define KRB5_KDB_OK_AS_DELEGATE 0x00100000 -#define KRB5_KDB_OK_TO_AUTH_AS_DELEGATE 0x00200000 /* S4U2Self OK */ -#define KRB5_KDB_NO_AUTH_DATA_REQUIRED 0x00400000 +#define KRB5_KDB_NEW_PRINC 0x00008000 +#define KRB5_KDB_OK_AS_DELEGATE 0x00100000 +#define KRB5_KDB_OK_TO_AUTH_AS_DELEGATE 0x00200000 /* S4U2Self OK */ +#define KRB5_KDB_NO_AUTH_DATA_REQUIRED 0x00400000 /* Creation flags */ -#define KRB5_KDB_CREATE_BTREE 0x00000001 -#define KRB5_KDB_CREATE_HASH 0x00000002 +#define KRB5_KDB_CREATE_BTREE 0x00000001 +#define KRB5_KDB_CREATE_HASH 0x00000002 #if !defined(_WIN32) @@ -111,10 +112,10 @@ * adding new tl_data types. */ typedef struct _krb5_tl_data { - struct _krb5_tl_data* tl_data_next; /* NOT saved */ - krb5_int16 tl_data_type; - krb5_ui_2 tl_data_length; - krb5_octet * tl_data_contents; + struct _krb5_tl_data* tl_data_next; /* NOT saved */ + krb5_int16 tl_data_type; + krb5_ui_2 tl_data_length; + krb5_octet * tl_data_contents; } krb5_tl_data; /* @@ -124,40 +125,40 @@ typedef struct _krb5_tl_data { * Currently the first type is the enctype and the second is the salt type. */ typedef struct _krb5_key_data { - krb5_int16 key_data_ver; /* Version */ - krb5_int16 key_data_kvno; /* Key Version */ - krb5_int16 key_data_type[2]; /* Array of types */ - krb5_ui_2 key_data_length[2]; /* Array of lengths */ - krb5_octet * key_data_contents[2]; /* Array of pointers */ + krb5_int16 key_data_ver; /* Version */ + krb5_int16 key_data_kvno; /* Key Version */ + krb5_int16 key_data_type[2]; /* Array of types */ + krb5_ui_2 key_data_length[2]; /* Array of lengths */ + krb5_octet * key_data_contents[2]; /* Array of pointers */ } krb5_key_data; -#define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */ +#define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */ typedef struct _krb5_keysalt { - krb5_int16 type; - krb5_data data; /* Length, data */ + krb5_int16 type; + krb5_data data; /* Length, data */ } krb5_keysalt; typedef struct _krb5_db_entry_new { - krb5_magic magic; /* NOT saved */ - krb5_ui_2 len; + krb5_magic magic; /* NOT saved */ + krb5_ui_2 len; krb5_ui_4 mask; /* members currently changed/set */ - krb5_flags attributes; - krb5_deltat max_life; - krb5_deltat max_renewable_life; - krb5_timestamp expiration; /* When the client expires */ - krb5_timestamp pw_expiration; /* When its passwd expires */ - krb5_timestamp last_success; /* Last successful passwd */ - krb5_timestamp last_failed; /* Last failed passwd attempt */ - krb5_kvno fail_auth_count; /* # of failed passwd attempt */ - krb5_int16 n_tl_data; - krb5_int16 n_key_data; - krb5_ui_2 e_length; /* Length of extra data */ - krb5_octet * e_data; /* Extra data to be saved */ - - krb5_principal princ; /* Length, data */ - krb5_tl_data * tl_data; /* Linked list */ - krb5_key_data * key_data; /* Array */ + krb5_flags attributes; + krb5_deltat max_life; + krb5_deltat max_renewable_life; + krb5_timestamp expiration; /* When the client expires */ + krb5_timestamp pw_expiration; /* When its passwd expires */ + krb5_timestamp last_success; /* Last successful passwd */ + krb5_timestamp last_failed; /* Last failed passwd attempt */ + krb5_kvno fail_auth_count; /* # of failed passwd attempt */ + krb5_int16 n_tl_data; + krb5_int16 n_key_data; + krb5_ui_2 e_length; /* Length of extra data */ + krb5_octet * e_data; /* Extra data to be saved */ + + krb5_principal princ; /* Length, data */ + krb5_tl_data * tl_data; /* Linked list */ + krb5_key_data * key_data; /* Array */ } krb5_db_entry; typedef struct _osa_policy_ent_t { @@ -178,18 +179,18 @@ typedef struct _osa_policy_ent_t { typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t); typedef struct __krb5_key_salt_tuple { - krb5_enctype ks_enctype; - krb5_int32 ks_salttype; + krb5_enctype ks_enctype; + krb5_int32 ks_salttype; } krb5_key_salt_tuple; -#define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb -#define KRB5_KDB_V1_BASE_LENGTH 38 +#define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb +#define KRB5_KDB_V1_BASE_LENGTH 38 -#define KRB5_TL_LAST_PWD_CHANGE 0x0001 -#define KRB5_TL_MOD_PRINC 0x0002 -#define KRB5_TL_KADM_DATA 0x0003 -#define KRB5_TL_KADM5_E_DATA 0x0004 -#define KRB5_TL_RB1_CHALLENGE 0x0005 +#define KRB5_TL_LAST_PWD_CHANGE 0x0001 +#define KRB5_TL_MOD_PRINC 0x0002 +#define KRB5_TL_KADM_DATA 0x0003 +#define KRB5_TL_KADM5_E_DATA 0x0004 +#define KRB5_TL_RB1_CHALLENGE 0x0005 #ifdef SECURID #define KRB5_TL_SECURID_STATE 0x0006 #define KRB5_TL_DB_ARGS 0x7fff @@ -227,14 +228,14 @@ typedef struct _krb5_keylist_node { * Determines the number of failed KDC requests before DISALLOW_ALL_TIX is set * on the principal. */ -#define KRB5_MAX_FAIL_COUNT 5 +#define KRB5_MAX_FAIL_COUNT 5 /* XXX depends on knowledge of krb5_parse_name() formats */ -#define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */ +#define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */ /* prompts used by default when reading the KDC password from the keyboard. */ -#define KRB5_KDC_MKEY_1 "Enter KDC database master key" -#define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify" +#define KRB5_KDC_MKEY_1 "Enter KDC database master key" +#define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify" extern char *krb5_mkey_pwd_prompt1; @@ -247,12 +248,12 @@ extern char *krb5_mkey_pwd_prompt2; */ #ifdef _KRB5_INT_H #include "k5-platform.h" -#define krb5_kdb_decode_int16(cp, i16) \ - *((krb5_int16 *) &(i16)) = load_16_le(cp) -#define krb5_kdb_decode_int32(cp, i32) \ - *((krb5_int32 *) &(i32)) = load_32_le(cp) -#define krb5_kdb_encode_int16(i16, cp) store_16_le(i16, cp) -#define krb5_kdb_encode_int32(i32, cp) store_32_le(i32, cp) +#define krb5_kdb_decode_int16(cp, i16) \ + *((krb5_int16 *) &(i16)) = load_16_le(cp) +#define krb5_kdb_decode_int32(cp, i32) \ + *((krb5_int32 *) &(i32)) = load_32_le(cp) +#define krb5_kdb_encode_int16(i16, cp) store_16_le(i16, cp) +#define krb5_kdb_encode_int32(i32, cp) store_32_le(i32, cp) #endif /* _KRB5_INT_H */ #define KRB5_KDB_OPEN_RW 0 @@ -298,34 +299,34 @@ krb5_error_code krb5_db_set_option ( krb5_context kcontext, int option, void *va krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode ); krb5_error_code krb5_db_unlock ( krb5_context kcontext ); krb5_error_code krb5_db_get_principal ( krb5_context kcontext, - krb5_const_principal search_for, - krb5_db_entry *entries, - int *nentries, - krb5_boolean *more ); + krb5_const_principal search_for, + krb5_db_entry *entries, + int *nentries, + krb5_boolean *more ); krb5_error_code krb5_db_free_principal ( krb5_context kcontext, - krb5_db_entry *entry, - int count ); + krb5_db_entry *entry, + int count ); krb5_error_code krb5_db_put_principal ( krb5_context kcontext, - krb5_db_entry *entries, - int *nentries); + krb5_db_entry *entries, + int *nentries); krb5_error_code krb5_db_delete_principal ( krb5_context kcontext, - krb5_principal search_for, - int *nentries ); + krb5_principal search_for, + int *nentries ); krb5_error_code krb5_db_iterate ( krb5_context kcontext, - char *match_entry, - int (*func) (krb5_pointer, krb5_db_entry *), - krb5_pointer func_arg ); + char *match_entry, + int (*func) (krb5_pointer, krb5_db_entry *), + krb5_pointer func_arg ); krb5_error_code krb5_supported_realms ( krb5_context kcontext, - char **realms ); + char **realms ); krb5_error_code krb5_free_supported_realms ( krb5_context kcontext, - char **realms ); + char **realms ); krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext, - char *pwd, - krb5_keyblock *key ); + char *pwd, + krb5_keyblock *key ); krb5_error_code krb5_db_set_mkey ( krb5_context context, - krb5_keyblock *key); + krb5_keyblock *key); krb5_error_code krb5_db_get_mkey ( krb5_context kcontext, - krb5_keyblock **key ); + krb5_keyblock **key ); krb5_error_code krb5_db_set_mkey_list( krb5_context context, krb5_keylist_node * keylist); @@ -334,85 +335,85 @@ krb5_error_code krb5_db_get_mkey_list( krb5_context kcontext, krb5_keylist_node ** keylist); krb5_error_code krb5_db_free_master_key ( krb5_context kcontext, - krb5_keyblock *key ); + krb5_keyblock *key ); krb5_error_code krb5_db_store_master_key ( krb5_context kcontext, - char *keyfile, - krb5_principal mname, - krb5_kvno kvno, - krb5_keyblock *key, - char *master_pwd); + char *keyfile, + krb5_principal mname, + krb5_kvno kvno, + krb5_keyblock *key, + char *master_pwd); krb5_error_code krb5_db_store_master_key_list ( krb5_context kcontext, - char *keyfile, - krb5_principal mname, - krb5_keylist_node *keylist, - char *master_pwd); + char *keyfile, + krb5_principal mname, + krb5_keylist_node *keylist, + char *master_pwd); krb5_error_code krb5_db_fetch_mkey ( krb5_context context, - krb5_principal mname, - krb5_enctype etype, - krb5_boolean fromkeyboard, - krb5_boolean twice, - char *db_args, + krb5_principal mname, + krb5_enctype etype, + krb5_boolean fromkeyboard, + krb5_boolean twice, + char *db_args, krb5_kvno *kvno, - krb5_data *salt, - krb5_keyblock *key); + krb5_data *salt, + krb5_keyblock *key); krb5_error_code krb5_db_verify_master_key ( krb5_context kcontext, - krb5_principal mprinc, + krb5_principal mprinc, krb5_kvno kvno, - krb5_keyblock *mkey ); + krb5_keyblock *mkey ); krb5_error_code krb5_db_fetch_mkey_list( krb5_context context, - krb5_principal mname, - const krb5_keyblock * mkey, - krb5_kvno mkvno, - krb5_keylist_node **mkeys_list ); + krb5_principal mname, + const krb5_keyblock * mkey, + krb5_kvno mkvno, + krb5_keylist_node **mkeys_list ); krb5_error_code krb5_db_free_mkey_list( krb5_context context, - krb5_keylist_node *mkey_list ); + krb5_keylist_node *mkey_list ); krb5_error_code -krb5_dbe_find_enctype( krb5_context kcontext, - krb5_db_entry *dbentp, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, - krb5_key_data **kdatap); +krb5_dbe_find_enctype( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext, - krb5_db_entry *dbentp, - krb5_int32 *start, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, - krb5_key_data **kdatap); + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); krb5_error_code krb5_db_setup_mkey_name ( krb5_context context, - const char *keyname, - const char *realm, - char **fullname, - krb5_principal *principal); + const char *keyname, + const char *realm, + char **fullname, + krb5_principal *principal); krb5_error_code -krb5_dbekd_decrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt); +krb5_dbekd_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt); krb5_error_code -krb5_dbekd_encrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data); +krb5_dbekd_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data); krb5_error_code krb5_dbe_fetch_act_key_list(krb5_context context, - krb5_principal princ, - krb5_actkvno_node **act_key_list); + krb5_principal princ, + krb5_actkvno_node **act_key_list); krb5_error_code krb5_dbe_find_act_mkey( krb5_context context, @@ -422,79 +423,79 @@ krb5_dbe_find_act_mkey( krb5_context context, krb5_keyblock ** act_mkey); krb5_error_code -krb5_dbe_find_mkey( krb5_context context, +krb5_dbe_find_mkey( krb5_context context, krb5_keylist_node * mkey_list, krb5_db_entry * entry, krb5_keyblock ** mkey); krb5_error_code krb5_dbe_lookup_mkvno( krb5_context context, - krb5_db_entry * entry, - krb5_kvno * mkvno); + krb5_db_entry * entry, + krb5_kvno * mkvno); krb5_error_code krb5_dbe_lookup_mod_princ_data( krb5_context context, - krb5_db_entry * entry, - krb5_timestamp * mod_time, - krb5_principal * mod_princ); + krb5_db_entry * entry, + krb5_timestamp * mod_time, + krb5_principal * mod_princ); krb5_error_code krb5_dbe_lookup_mkey_aux( krb5_context context, - krb5_db_entry * entry, - krb5_mkey_aux_node ** mkey_aux_data_list); + krb5_db_entry * entry, + krb5_mkey_aux_node ** mkey_aux_data_list); krb5_error_code krb5_dbe_update_mkvno( krb5_context context, - krb5_db_entry * entry, - krb5_kvno mkvno); + krb5_db_entry * entry, + krb5_kvno mkvno); krb5_error_code krb5_dbe_lookup_actkvno( krb5_context context, - krb5_db_entry * entry, - krb5_actkvno_node ** actkvno_list); + krb5_db_entry * entry, + krb5_actkvno_node ** actkvno_list); krb5_error_code krb5_dbe_update_mkey_aux( krb5_context context, - krb5_db_entry * entry, - krb5_mkey_aux_node * mkey_aux_data_list); + krb5_db_entry * entry, + krb5_mkey_aux_node * mkey_aux_data_list); krb5_error_code krb5_dbe_update_actkvno(krb5_context context, - krb5_db_entry * entry, - const krb5_actkvno_node *actkvno_list); + krb5_db_entry * entry, + const krb5_actkvno_node *actkvno_list); krb5_error_code krb5_dbe_update_last_pwd_change( krb5_context context, - krb5_db_entry * entry, - krb5_timestamp stamp); + krb5_db_entry * entry, + krb5_timestamp stamp); krb5_error_code krb5_dbe_lookup_tl_data( krb5_context context, - krb5_db_entry * entry, - krb5_tl_data * ret_tl_data); + krb5_db_entry * entry, + krb5_tl_data * ret_tl_data); krb5_error_code krb5_dbe_create_key_data( krb5_context context, - krb5_db_entry * entry); + krb5_db_entry * entry); krb5_error_code krb5_dbe_update_mod_princ_data( krb5_context context, - krb5_db_entry * entry, - krb5_timestamp mod_date, - krb5_const_principal mod_princ); + krb5_db_entry * entry, + krb5_timestamp mod_date, + krb5_const_principal mod_princ); void *krb5_db_alloc( krb5_context kcontext, - void *ptr, - size_t size ); + void *ptr, + size_t size ); void krb5_db_free( krb5_context kcontext, - void *ptr); + void *ptr); krb5_error_code krb5_dbe_lookup_last_pwd_change( krb5_context context, - krb5_db_entry * entry, - krb5_timestamp * stamp); + krb5_db_entry * entry, + krb5_timestamp * stamp); krb5_error_code krb5_dbe_delete_tl_data( krb5_context context, @@ -503,47 +504,47 @@ krb5_dbe_delete_tl_data( krb5_context context, krb5_error_code krb5_dbe_update_tl_data( krb5_context context, - krb5_db_entry * entry, - krb5_tl_data * new_tl_data); + krb5_db_entry * entry, + krb5_tl_data * new_tl_data); krb5_error_code -krb5_dbe_cpw( krb5_context kcontext, - krb5_keyblock * master_key, - krb5_key_salt_tuple * ks_tuple, - int ks_tuple_count, - char * passwd, - int new_kvno, - krb5_boolean keepold, - krb5_db_entry * db_entry); +krb5_dbe_cpw( krb5_context kcontext, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry); krb5_error_code -krb5_dbe_ark( krb5_context context, - krb5_keyblock * master_key, - krb5_key_salt_tuple * ks_tuple, - int ks_tuple_count, - krb5_db_entry * db_entry); +krb5_dbe_ark( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + krb5_db_entry * db_entry); krb5_error_code -krb5_dbe_crk( krb5_context context, - krb5_keyblock * master_key, - krb5_key_salt_tuple * ks_tuple, - int ks_tuple_count, - krb5_boolean keepold, - krb5_db_entry * db_entry); +krb5_dbe_crk( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + krb5_boolean keepold, + krb5_db_entry * db_entry); krb5_error_code -krb5_dbe_apw( krb5_context context, - krb5_keyblock * master_key, - krb5_key_salt_tuple * ks_tuple, - int ks_tuple_count, - char * passwd, - krb5_db_entry * db_entry); +krb5_dbe_apw( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + krb5_db_entry * db_entry); int -krb5_db_get_key_data_kvno( krb5_context context, - int count, - krb5_key_data * data); +krb5_db_get_key_data_kvno( krb5_context context, + int count, + krb5_key_data * data); /* default functions. Should not be directly called */ @@ -553,140 +554,138 @@ krb5_db_get_key_data_kvno( krb5_context context, krb5_error_code krb5_dbe_def_search_enctype( krb5_context kcontext, - krb5_db_entry *dbentp, - krb5_int32 *start, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, - krb5_key_data **kdatap); + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); krb5_error_code krb5_def_store_mkey( krb5_context context, - char *keyfile, - krb5_principal mname, - krb5_kvno kvno, - krb5_keyblock *key, - char *master_pwd); + char *keyfile, + krb5_principal mname, + krb5_kvno kvno, + krb5_keyblock *key, + char *master_pwd); krb5_error_code krb5_def_store_mkey_list( krb5_context context, - char *keyfile, - krb5_principal mname, - krb5_keylist_node *keylist, - char *master_pwd); + char *keyfile, + krb5_principal mname, + krb5_keylist_node *keylist, + char *master_pwd); krb5_error_code krb5_db_def_fetch_mkey( krb5_context context, - krb5_principal mname, - krb5_keyblock *key, - krb5_kvno *kvno, - char *db_args); + krb5_principal mname, + krb5_keyblock *key, + krb5_kvno *kvno, + char *db_args); krb5_error_code krb5_def_verify_master_key( krb5_context context, - krb5_principal mprinc, - krb5_kvno kvno, - krb5_keyblock *mkey); + krb5_principal mprinc, + krb5_kvno kvno, + krb5_keyblock *mkey); krb5_error_code krb5_def_fetch_mkey_list( krb5_context context, - krb5_principal mprinc, - const krb5_keyblock *mkey, - krb5_kvno mkvno, - krb5_keylist_node **mkeys_list); + krb5_principal mprinc, + const krb5_keyblock *mkey, + krb5_kvno mkvno, + krb5_keylist_node **mkeys_list); krb5_error_code kdb_def_set_mkey ( krb5_context kcontext, - char *pwd, - krb5_keyblock *key ); + char *pwd, + krb5_keyblock *key ); krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext, - krb5_keylist_node *keylist ); + krb5_keylist_node *keylist ); krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, - krb5_keyblock **key ); + krb5_keyblock **key ); krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext, - krb5_keylist_node **keylist ); + krb5_keylist_node **keylist ); krb5_error_code -krb5_dbe_def_cpw( krb5_context context, - krb5_keyblock * master_key, - krb5_key_salt_tuple * ks_tuple, - int ks_tuple_count, - char * passwd, - int new_kvno, - krb5_boolean keepold, - krb5_db_entry * db_entry); +krb5_dbe_def_cpw( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry); krb5_error_code krb5_def_promote_db(krb5_context, char *, char **); krb5_error_code -krb5_dbekd_def_decrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt); +krb5_dbekd_def_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt); krb5_error_code -krb5_dbekd_def_encrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data); +krb5_dbekd_def_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data); krb5_error_code -krb5_dbekd_def_decrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt); +krb5_dbekd_def_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt); krb5_error_code -krb5_dbekd_def_encrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data); +krb5_dbekd_def_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data); krb5_error_code krb5_db_create_policy( krb5_context kcontext, - osa_policy_ent_t policy); + osa_policy_ent_t policy); krb5_error_code krb5_db_get_policy ( krb5_context kcontext, - char *name, - osa_policy_ent_t *policy, - int *nentries); + char *name, + osa_policy_ent_t *policy, + int *nentries); krb5_error_code krb5_db_put_policy( krb5_context kcontext, - osa_policy_ent_t policy); + osa_policy_ent_t policy); krb5_error_code krb5_db_iter_policy( krb5_context kcontext, - char *match_entry, - osa_adb_iter_policy_func func, - void *data); + char *match_entry, + osa_adb_iter_policy_func func, + void *data); krb5_error_code krb5_db_delete_policy( krb5_context kcontext, - char *policy); + char *policy); void krb5_db_free_policy( krb5_context kcontext, - osa_policy_ent_t policy); + osa_policy_ent_t policy); krb5_error_code -krb5_db_set_context - (krb5_context, void *db_context); +krb5_db_set_context(krb5_context, void *db_context); krb5_error_code -krb5_db_get_context - (krb5_context, void **db_context); +krb5_db_get_context(krb5_context, void **db_context); void krb5_dbe_free_key_data_contents(krb5_context, krb5_key_data *); @@ -703,22 +702,22 @@ krb5_dbe_free_mkey_aux_list(krb5_context, krb5_mkey_aux_node *); void krb5_dbe_free_tl_data(krb5_context, krb5_tl_data *); -#define KRB5_KDB_DEF_FLAGS 0 +#define KRB5_KDB_DEF_FLAGS 0 -#define KDB_MAX_DB_NAME 128 -#define KDB_REALM_SECTION "realms" -#define KDB_MODULE_POINTER "database_module" -#define KDB_MODULE_DEF_SECTION "dbdefaults" -#define KDB_MODULE_SECTION "dbmodules" -#define KDB_LIB_POINTER "db_library" -#define KDB_DATABASE_CONF_FILE DEFAULT_SECURE_PROFILE_PATH -#define KDB_DATABASE_ENV_PROF KDC_PROFILE_ENV +#define KDB_MAX_DB_NAME 128 +#define KDB_REALM_SECTION "realms" +#define KDB_MODULE_POINTER "database_module" +#define KDB_MODULE_DEF_SECTION "dbdefaults" +#define KDB_MODULE_SECTION "dbmodules" +#define KDB_LIB_POINTER "db_library" +#define KDB_DATABASE_CONF_FILE DEFAULT_SECURE_PROFILE_PATH +#define KDB_DATABASE_ENV_PROF KDC_PROFILE_ENV -#define KRB5_KDB_OPEN_RW 0 -#define KRB5_KDB_OPEN_RO 1 +#define KRB5_KDB_OPEN_RW 0 +#define KRB5_KDB_OPEN_RO 1 -#define KRB5_KDB_OPT_SET_DB_NAME 0 -#define KRB5_KDB_OPT_SET_LOCK_MODE 1 +#define KRB5_KDB_OPT_SET_DB_NAME 0 +#define KRB5_KDB_OPT_SET_LOCK_MODE 1 typedef struct _kdb_vftabl { short int maj_ver; @@ -727,90 +726,90 @@ typedef struct _kdb_vftabl { krb5_error_code (*init_library)(); krb5_error_code (*fini_library)(); krb5_error_code (*init_module) ( krb5_context kcontext, - char * conf_section, - char ** db_args, - int mode ); + char * conf_section, + char ** db_args, + int mode ); krb5_error_code (*fini_module) ( krb5_context kcontext ); krb5_error_code (*db_create) ( krb5_context kcontext, - char * conf_section, - char ** db_args ); + char * conf_section, + char ** db_args ); krb5_error_code (*db_destroy) ( krb5_context kcontext, - char *conf_section, - char ** db_args ); + char *conf_section, + char ** db_args ); krb5_error_code (*db_get_age) ( krb5_context kcontext, - char *db_name, - time_t *age ); + char *db_name, + time_t *age ); krb5_error_code (*db_set_option) ( krb5_context kcontext, - int option, - void *value ); + int option, + void *value ); krb5_error_code (*db_lock) ( krb5_context kcontext, - int mode ); + int mode ); krb5_error_code (*db_unlock) ( krb5_context kcontext); krb5_error_code (*db_get_principal) ( krb5_context kcontext, - krb5_const_principal search_for, - unsigned int flags, - krb5_db_entry *entries, - int *nentries, - krb5_boolean *more ); + krb5_const_principal search_for, + unsigned int flags, + krb5_db_entry *entries, + int *nentries, + krb5_boolean *more ); krb5_error_code (*db_free_principal) ( krb5_context kcontext, - krb5_db_entry *entry, - int count ); + krb5_db_entry *entry, + int count ); krb5_error_code (*db_put_principal) ( krb5_context kcontext, - krb5_db_entry *entries, - int *nentries, - char **db_args); + krb5_db_entry *entries, + int *nentries, + char **db_args); krb5_error_code (*db_delete_principal) ( krb5_context kcontext, - krb5_const_principal search_for, - int *nentries ); + krb5_const_principal search_for, + int *nentries ); krb5_error_code (*db_iterate) ( krb5_context kcontext, - char *match_entry, - int (*func) (krb5_pointer, krb5_db_entry *), - krb5_pointer func_arg ); + char *match_entry, + int (*func) (krb5_pointer, krb5_db_entry *), + krb5_pointer func_arg ); krb5_error_code (*db_create_policy) ( krb5_context kcontext, - osa_policy_ent_t policy ); + osa_policy_ent_t policy ); krb5_error_code (*db_get_policy) ( krb5_context kcontext, - char *name, - osa_policy_ent_t *policy, - int *cnt); + char *name, + osa_policy_ent_t *policy, + int *cnt); krb5_error_code (*db_put_policy) ( krb5_context kcontext, - osa_policy_ent_t policy ); + osa_policy_ent_t policy ); krb5_error_code (*db_iter_policy) ( krb5_context kcontext, - char *match_entry, - osa_adb_iter_policy_func func, - void *data ); + char *match_entry, + osa_adb_iter_policy_func func, + void *data ); krb5_error_code (*db_delete_policy) ( krb5_context kcontext, - char *policy ); + char *policy ); void (*db_free_policy) ( krb5_context kcontext, - osa_policy_ent_t val ); + osa_policy_ent_t val ); krb5_error_code (*db_supported_realms) ( krb5_context kcontext, - char **realms ); + char **realms ); krb5_error_code (*db_free_supported_realms) ( krb5_context kcontext, - char **realms ); + char **realms ); const char * (*errcode_2_string) ( krb5_context kcontext, - long err_code ); + long err_code ); void (*release_errcode_string) (krb5_context kcontext, const char *msg); @@ -821,96 +820,96 @@ typedef struct _kdb_vftabl { /* optional functions */ krb5_error_code (*set_master_key) ( krb5_context kcontext, - char *pwd, - krb5_keyblock *key); + char *pwd, + krb5_keyblock *key); krb5_error_code (*get_master_key) ( krb5_context kcontext, - krb5_keyblock **key); + krb5_keyblock **key); krb5_error_code (*set_master_key_list) ( krb5_context kcontext, - krb5_keylist_node *keylist); + krb5_keylist_node *keylist); krb5_error_code (*get_master_key_list) ( krb5_context kcontext, - krb5_keylist_node **keylist); + krb5_keylist_node **keylist); krb5_error_code (*setup_master_key_name) ( krb5_context kcontext, - char *keyname, - char *realm, - char **fullname, - krb5_principal *principal); + char *keyname, + char *realm, + char **fullname, + krb5_principal *principal); krb5_error_code (*store_master_key) ( krb5_context kcontext, - char *db_arg, - krb5_principal mname, - krb5_kvno kvno, - krb5_keyblock *key, - char *master_pwd); + char *db_arg, + krb5_principal mname, + krb5_kvno kvno, + krb5_keyblock *key, + char *master_pwd); krb5_error_code (*fetch_master_key) ( krb5_context kcontext, - krb5_principal mname, - krb5_keyblock *key, - krb5_kvno *kvno, - char *db_args); + krb5_principal mname, + krb5_keyblock *key, + krb5_kvno *kvno, + char *db_args); krb5_error_code (*verify_master_key) ( krb5_context kcontext, - krb5_principal mprinc, - krb5_kvno kvno, - krb5_keyblock *mkey ); + krb5_principal mprinc, + krb5_kvno kvno, + krb5_keyblock *mkey ); krb5_error_code (*fetch_master_key_list) (krb5_context kcontext, - krb5_principal mname, - const krb5_keyblock *key, - krb5_kvno kvno, - krb5_keylist_node **mkeys_list); + krb5_principal mname, + const krb5_keyblock *key, + krb5_kvno kvno, + krb5_keylist_node **mkeys_list); krb5_error_code (*store_master_key_list) ( krb5_context kcontext, - char *db_arg, - krb5_principal mname, - krb5_keylist_node *keylist, - char *master_pwd); + char *db_arg, + krb5_principal mname, + krb5_keylist_node *keylist, + char *master_pwd); krb5_error_code (*dbe_search_enctype) ( krb5_context kcontext, - krb5_db_entry *dbentp, - krb5_int32 *start, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, - krb5_key_data **kdatap); + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); krb5_error_code - (*db_change_pwd) ( krb5_context context, - krb5_keyblock * master_key, - krb5_key_salt_tuple * ks_tuple, - int ks_tuple_count, - char * passwd, - int new_kvno, - krb5_boolean keepold, - krb5_db_entry * db_entry); + (*db_change_pwd) ( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry); /* Promote a temporary database to be the live one. */ krb5_error_code (*promote_db) (krb5_context context, - char *conf_section, - char **db_args); + char *conf_section, + char **db_args); krb5_error_code (*dbekd_decrypt_key_data) ( krb5_context kcontext, - const krb5_keyblock *mkey, - const krb5_key_data *key_data, - krb5_keyblock *dbkey, - krb5_keysalt *keysalt ); + const krb5_keyblock *mkey, + const krb5_key_data *key_data, + krb5_keyblock *dbkey, + krb5_keysalt *keysalt ); krb5_error_code (*dbekd_encrypt_key_data) ( krb5_context kcontext, - const krb5_keyblock *mkey, - const krb5_keyblock *dbkey, - const krb5_keysalt *keyselt, - int keyver, - krb5_key_data *key_data ); + const krb5_keyblock *mkey, + const krb5_keyblock *dbkey, + const krb5_keysalt *keyselt, + int keyver, + krb5_key_data *key_data ); krb5_error_code (*db_invoke) ( krb5_context context, - unsigned int method, - const krb5_data *req, - krb5_data *rep ); + unsigned int method, + const krb5_data *req, + krb5_data *rep ); } kdb_vftabl; #endif /* !defined(_WIN32) */ diff --git a/src/include/kdb_ext.h b/src/include/kdb_ext.h index ce2de9b1b2..f2ae6519e1 100644 --- a/src/include/kdb_ext.h +++ b/src/include/kdb_ext.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * include/krb5/kdb_ext.h * @@ -32,78 +33,78 @@ #define KRB5_KDB5_EXT__ /* Private flag used to indicate principal is local TGS */ -#define KRB5_KDB_TICKET_GRANTING_SERVICE 0x01000000 +#define KRB5_KDB_TICKET_GRANTING_SERVICE 0x01000000 /* Private flag used to indicate xrealm relationship is non-transitive */ -#define KRB5_KDB_XREALM_NON_TRANSITIVE 0x02000000 +#define KRB5_KDB_XREALM_NON_TRANSITIVE 0x02000000 /* Entry get flags */ /* Name canonicalization requested */ -#define KRB5_KDB_FLAG_CANONICALIZE 0x00000010 +#define KRB5_KDB_FLAG_CANONICALIZE 0x00000010 /* Include authorization data generated by backend */ -#define KRB5_KDB_FLAG_INCLUDE_PAC 0x00000020 +#define KRB5_KDB_FLAG_INCLUDE_PAC 0x00000020 /* Is AS-REQ (client referrals only) */ -#define KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY 0x00000040 +#define KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY 0x00000040 /* Map cross-realm principals */ -#define KRB5_KDB_FLAG_MAP_PRINCIPALS 0x00000080 +#define KRB5_KDB_FLAG_MAP_PRINCIPALS 0x00000080 /* Protocol transition */ -#define KRB5_KDB_FLAG_PROTOCOL_TRANSITION 0x00000100 +#define KRB5_KDB_FLAG_PROTOCOL_TRANSITION 0x00000100 /* Constrained delegation */ -#define KRB5_KDB_FLAG_CONSTRAINED_DELEGATION 0x00000200 +#define KRB5_KDB_FLAG_CONSTRAINED_DELEGATION 0x00000200 /* User-to-user */ -#define KRB5_KDB_FLAG_USER_TO_USER 0x00000800 +#define KRB5_KDB_FLAG_USER_TO_USER 0x00000800 /* Cross-realm */ -#define KRB5_KDB_FLAG_CROSS_REALM 0x00001000 +#define KRB5_KDB_FLAG_CROSS_REALM 0x00001000 -#define KRB5_KDB_FLAGS_S4U ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION | \ - KRB5_KDB_FLAG_CONSTRAINED_DELEGATION ) +#define KRB5_KDB_FLAGS_S4U ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION | \ + KRB5_KDB_FLAG_CONSTRAINED_DELEGATION ) -#define KRB5_TL_PAC_LOGON_INFO 0x0100 /* NDR encoded validation info */ -#define KRB5_TL_SERVER_REFERRAL 0x0200 /* ASN.1 encoded ServerReferralInfo */ -#define KRB5_TL_SVR_REFERRAL_DATA 0x0300 /* ASN.1 encoded PA-SVR-REFERRAL-DATA */ +#define KRB5_TL_PAC_LOGON_INFO 0x0100 /* NDR encoded validation info */ +#define KRB5_TL_SERVER_REFERRAL 0x0200 /* ASN.1 encoded ServerReferralInfo */ +#define KRB5_TL_SVR_REFERRAL_DATA 0x0300 /* ASN.1 encoded PA-SVR-REFERRAL-DATA */ #define KRB5_TL_CONSTRAINED_DELEGATION_ACL 0x0400 /* Each entry is a permitted SPN */ -#define KRB5_TL_LM_KEY 0x0500 /* LM OWF */ +#define KRB5_TL_LM_KEY 0x0500 /* LM OWF */ #define KRB5_TL_X509_SUBJECT_ISSUER_NAME 0x0600 /* IssuerDNSubjectDN */ krb5_error_code krb5_db_get_principal_ext ( krb5_context kcontext, - krb5_const_principal search_for, - unsigned int flags, - krb5_db_entry *entries, - int *nentries, - krb5_boolean *more ); + krb5_const_principal search_for, + unsigned int flags, + krb5_db_entry *entries, + int *nentries, + krb5_boolean *more ); krb5_error_code krb5_db_invoke ( krb5_context kcontext, - unsigned int method, - const krb5_data *req, - krb5_data *rep ); + unsigned int method, + const krb5_data *req, + krb5_data *rep ); /* db_invoke methods */ -#define KRB5_KDB_METHOD_SIGN_AUTH_DATA 0x00000010 -#define KRB5_KDB_METHOD_CHECK_TRANSITED_REALMS 0x00000020 -#define KRB5_KDB_METHOD_CHECK_POLICY_AS 0x00000030 -#define KRB5_KDB_METHOD_CHECK_POLICY_TGS 0x00000040 -#define KRB5_KDB_METHOD_AUDIT_AS 0x00000050 -#define KRB5_KDB_METHOD_AUDIT_TGS 0x00000060 -#define KRB5_KDB_METHOD_REFRESH_POLICY 0x00000070 -#define KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE 0x00000080 +#define KRB5_KDB_METHOD_SIGN_AUTH_DATA 0x00000010 +#define KRB5_KDB_METHOD_CHECK_TRANSITED_REALMS 0x00000020 +#define KRB5_KDB_METHOD_CHECK_POLICY_AS 0x00000030 +#define KRB5_KDB_METHOD_CHECK_POLICY_TGS 0x00000040 +#define KRB5_KDB_METHOD_AUDIT_AS 0x00000050 +#define KRB5_KDB_METHOD_AUDIT_TGS 0x00000060 +#define KRB5_KDB_METHOD_REFRESH_POLICY 0x00000070 +#define KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE 0x00000080 typedef struct _kdb_sign_auth_data_req { krb5_magic magic; - unsigned int flags; /* KRB5_KDB flags */ - krb5_const_principal client_princ; /* Client name used in ticket */ - krb5_db_entry *client; /* DB entry for client principal */ - krb5_db_entry *server; /* DB entry for server principal */ - krb5_db_entry *krbtgt; /* DB entry for ticket granting service principal */ - krb5_keyblock *client_key; /* Reply key, valid for AS-REQ only */ - krb5_keyblock *server_key; /* Key used to generate server signature */ - krb5_timestamp authtime; /* Authtime of TGT */ - krb5_authdata **auth_data; /* Authorization data from TGT */ - krb5_keyblock *session_key; /* Reply session key */ - krb5_keyblock *krbtgt_key; /* Key used to decrypt TGT, valid for TGS-REQ only */ + unsigned int flags; /* KRB5_KDB flags */ + krb5_const_principal client_princ; /* Client name used in ticket */ + krb5_db_entry *client; /* DB entry for client principal */ + krb5_db_entry *server; /* DB entry for server principal */ + krb5_db_entry *krbtgt; /* DB entry for ticket granting service principal */ + krb5_keyblock *client_key; /* Reply key, valid for AS-REQ only */ + krb5_keyblock *server_key; /* Key used to generate server signature */ + krb5_timestamp authtime; /* Authtime of TGT */ + krb5_authdata **auth_data; /* Authorization data from TGT */ + krb5_keyblock *session_key; /* Reply session key */ + krb5_keyblock *krbtgt_key; /* Key used to decrypt TGT, valid for TGS-REQ only */ } kdb_sign_auth_data_req; typedef struct _kdb_sign_auth_data_rep { krb5_magic magic; - krb5_authdata **auth_data; /* Signed authorization data */ + krb5_authdata **auth_data; /* Signed authorization data */ } kdb_sign_auth_data_rep; typedef struct _kdb_check_transited_realms_req { diff --git a/src/include/kdb_kt.h b/src/include/kdb_kt.h index a628bb326b..b9063796f8 100644 --- a/src/include/kdb_kt.h +++ b/src/include/kdb_kt.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * include/krb5/kdb_kt.h * diff --git a/src/include/kdb_log.h b/src/include/kdb_log.h index 804b7328a5..620d90c906 100644 --- a/src/include/kdb_log.h +++ b/src/include/kdb_log.h @@ -1,124 +1,131 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -#ifndef _KDB_LOG_H -#define _KDB_LOG_H +#ifndef _KDB_LOG_H +#define _KDB_LOG_H -/* #pragma ident "@(#)kdb_log.h 1.3 04/02/23 SMI" */ +/* #pragma ident "@(#)kdb_log.h 1.3 04/02/23 SMI" */ #include #include #include #include "kdb.h" -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif /* * DB macros */ -#define INDEX(ulogaddr, i) ((unsigned long) ulogaddr + sizeof (kdb_hlog_t) + \ - (i*ulog->kdb_block)) +#define INDEX(ulogaddr, i) ((unsigned long) ulogaddr + sizeof (kdb_hlog_t) + \ + (i*ulog->kdb_block)) /* * Current DB version # */ -#define KDB_VERSION 1 +#define KDB_VERSION 1 /* * DB log states */ -#define KDB_STABLE 1 -#define KDB_UNSTABLE 2 -#define KDB_CORRUPT 3 +#define KDB_STABLE 1 +#define KDB_UNSTABLE 2 +#define KDB_CORRUPT 3 /* * DB log constants */ -#define KDB_ULOG_MAGIC 0x6661212 -#define KDB_ULOG_HDR_MAGIC 0x6662323 +#define KDB_ULOG_MAGIC 0x6661212 +#define KDB_ULOG_HDR_MAGIC 0x6662323 /* * DB Flags */ -#define FKADMIND 1 -#define FKPROPLOG 2 -#define FKPROPD 3 -#define FKCOMMAND 4 /* Includes kadmin.local and kdb5_util */ +#define FKADMIND 1 +#define FKPROPLOG 2 +#define FKPROPD 3 +#define FKCOMMAND 4 /* Includes kadmin.local and kdb5_util */ /* * Default ulog file attributes */ -#define MAX_ULOGENTRIES 2500 -#define DEF_ULOGENTRIES 1000 -#define ULOG_IDLE_TIME 10 /* in seconds */ +#define MAX_ULOGENTRIES 2500 +#define DEF_ULOGENTRIES 1000 +#define ULOG_IDLE_TIME 10 /* in seconds */ /* * Max size of update entry + update header * We make this large since resizing can be costly. */ -#define ULOG_BLOCK 2048 /* Default size of principal record */ +#define ULOG_BLOCK 2048 /* Default size of principal record */ -#define MAXLOGLEN 0x10000000 /* 256 MB log file */ +#define MAXLOGLEN 0x10000000 /* 256 MB log file */ /* * Prototype declarations */ extern krb5_error_code ulog_map(krb5_context context, - const char *logname, uint32_t entries, - int caller, - char **db_args); + const char *logname, uint32_t entries, + int caller, + char **db_args); extern krb5_error_code ulog_add_update(krb5_context context, - kdb_incr_update_t *upd); + kdb_incr_update_t *upd); extern krb5_error_code ulog_delete_update(krb5_context context, - kdb_incr_update_t *upd); + kdb_incr_update_t *upd); extern krb5_error_code ulog_finish_update(krb5_context context, - kdb_incr_update_t *upd); + kdb_incr_update_t *upd); extern krb5_error_code ulog_get_entries(krb5_context context, kdb_last_t last, - kdb_incr_result_t *ulog_handle); -extern krb5_error_code ulog_replay(krb5_context context, - kdb_incr_result_t *incr_ret, char **db_args); -extern krb5_error_code ulog_conv_2logentry(krb5_context context, - krb5_db_entry *entries, kdb_incr_update_t *updates, int nentries); -extern krb5_error_code ulog_conv_2dbentry(krb5_context context, - krb5_db_entry *entries, kdb_incr_update_t *updates, int nentries); + kdb_incr_result_t *ulog_handle); + +extern krb5_error_code +ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args); + +extern krb5_error_code +ulog_conv_2logentry(krb5_context context, krb5_db_entry *entries, + kdb_incr_update_t *updates, int nentries); + +extern krb5_error_code +ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries, + kdb_incr_update_t *updates, int nentries); + extern void ulog_free_entries(kdb_incr_update_t *updates, int no_of_updates); extern krb5_error_code ulog_set_role(krb5_context ctx, iprop_role role); extern krb5_error_code ulog_lock(krb5_context ctx, int mode); typedef struct kdb_hlog { - uint32_t kdb_hmagic; /* Log header magic # */ - uint16_t db_version_num; /* Kerberos database version no. */ - uint32_t kdb_num; /* # of updates in log */ - kdbe_time_t kdb_first_time; /* Timestamp of first update */ - kdbe_time_t kdb_last_time; /* Timestamp of last update */ - kdb_sno_t kdb_first_sno; /* First serial # in the update log */ - kdb_sno_t kdb_last_sno; /* Last serial # in the update log */ - uint16_t kdb_state; /* State of update log */ - uint16_t kdb_block; /* Block size of each element */ + uint32_t kdb_hmagic; /* Log header magic # */ + uint16_t db_version_num; /* Kerberos database version no. */ + uint32_t kdb_num; /* # of updates in log */ + kdbe_time_t kdb_first_time; /* Timestamp of first update */ + kdbe_time_t kdb_last_time; /* Timestamp of last update */ + kdb_sno_t kdb_first_sno; /* First serial # in the update log */ + kdb_sno_t kdb_last_sno; /* Last serial # in the update log */ + uint16_t kdb_state; /* State of update log */ + uint16_t kdb_block; /* Block size of each element */ } kdb_hlog_t; typedef struct kdb_ent_header { - uint32_t kdb_umagic; /* Update entry magic # */ - kdb_sno_t kdb_entry_sno; /* Serial # of entry */ - kdbe_time_t kdb_time; /* Timestamp of update */ - bool_t kdb_commit; /* Is the entry committed or not */ - uint32_t kdb_entry_size; /* Size of update entry */ - uint8_t entry_data[4]; /* Address of kdb_incr_update_t */ + uint32_t kdb_umagic; /* Update entry magic # */ + kdb_sno_t kdb_entry_sno; /* Serial # of entry */ + kdbe_time_t kdb_time; /* Timestamp of update */ + bool_t kdb_commit; /* Is the entry committed or not */ + uint32_t kdb_entry_size; /* Size of update entry */ + uint8_t entry_data[4]; /* Address of kdb_incr_update_t */ } kdb_ent_header_t; typedef struct _kdb_log_context { - iprop_role iproprole; - kdb_hlog_t *ulog; - uint32_t ulogentries; - int ulogfd; + iprop_role iproprole; + kdb_hlog_t *ulog; + uint32_t ulogentries; + int ulogfd; } kdb_log_context; -#ifdef __cplusplus +#ifdef __cplusplus } #endif -#endif /* !_KDB_LOG_H */ +#endif /* !_KDB_LOG_H */ diff --git a/src/include/kim/kim.h b/src/include/kim/kim.h index 83248e3d1b..7edb2a2068 100644 --- a/src/include/kim/kim.h +++ b/src/include/kim/kim.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005-2006 Massachusetts Institute of Technology. * All Rights Reserved. diff --git a/src/include/kim/kim_ccache.h b/src/include/kim/kim_ccache.h index 88cfeb602d..d2d0d1de05 100644 --- a/src/include/kim/kim_ccache.h +++ b/src/include/kim/kim_ccache.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005-2006 Massachusetts Institute of Technology. * All Rights Reserved. @@ -286,7 +287,7 @@ kim_error kim_ccache_iterator_create (kim_ccache_iterator *out_ccache_iterator); * \brief Get the next ccache in the cache collection. */ kim_error kim_ccache_iterator_next (kim_ccache_iterator in_ccache_iterator, - kim_ccache *out_ccache); + kim_ccache *out_ccache); /*! * \param io_ccache_iterator a ccache iterator object to be freed. Set to NULL on exit. @@ -303,7 +304,7 @@ void kim_ccache_iterator_free (kim_ccache_iterator *io_ccache_iterator); /*! * \param out_ccache on exit, a new cache object for a ccache containing a newly acquired - * initial credential. Must be freed with kim_ccache_free(). + * initial credential. Must be freed with kim_ccache_free(). * \param in_client_identity a client identity to obtain a credential for. Specify KIM_IDENTITY_ANY to * allow the user to choose. * \param in_options options to control credential acquisition. @@ -318,7 +319,7 @@ kim_error kim_ccache_create_new (kim_ccache *out_ccache, /*! * \param out_ccache on exit, a new cache object for a ccache containing a newly acquired - * initial credential. Must be freed with kim_ccache_free(). + * initial credential. Must be freed with kim_ccache_free(). * \param in_client_identity a client identity to obtain a credential for. Specify KIM_IDENTITY_ANY to * allow the user to choose. * \param in_options options to control credential acquisition. @@ -387,10 +388,10 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache, /*! * \param out_ccache on exit, a new ccache object containing an initial credential - * for the client identity \a in_identity obtained using in_keytab. - * Must be freed with kim_ccache_free(). + * for the client identity \a in_identity obtained using in_keytab. + * Must be freed with kim_ccache_free(). * \param in_identity a client identity to obtain a credential for. Specify NULL for - * the first client identity in the keytab. + * the first client identity in the keytab. * \param in_options options to control credential acquisition. * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -436,7 +437,7 @@ kim_error kim_ccache_create_from_type_and_name (kim_ccache *out_ccache, /*! * \param out_ccache on exit, a new ccache object which is a copy of in_krb5_ccache. - * Must be freed with kim_ccache_free(). + * Must be freed with kim_ccache_free(). * \param in_krb5_context the krb5 context used to create \a in_krb5_ccache. * \param in_krb5_ccache a krb5 ccache object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -448,7 +449,7 @@ kim_error kim_ccache_create_from_krb5_ccache (kim_ccache *out_ccache, /*! * \param out_ccache on exit, the new ccache object which is a copy of in_ccache. - * Must be freed with kim_ccache_free(). + * Must be freed with kim_ccache_free(). * \param in_ccache a ccache object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Copy a ccache. @@ -473,7 +474,7 @@ kim_error kim_ccache_compare (kim_ccache in_ccache, * \param in_ccache a ccache object. * \param in_krb5_context a krb5 context which will be used to create out_krb5_ccache. * \param out_krb5_ccache on exit, a new krb5 ccache object which is a copy of in_ccache. - * Must be freed with krb5_cc_close() or krb5_cc_destroy(). + * Must be freed with krb5_cc_close() or krb5_cc_destroy(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get a krb5 ccache for a ccache. */ @@ -503,7 +504,7 @@ kim_error kim_ccache_get_type (kim_ccache in_ccache, * \param in_ccache a ccache object. * \param out_display_name on exit, the type and name of \a in_ccache in a format appropriate for * display to the user in command line programs. (ie: ":") - * Must be freed with kim_string_free(). + * Must be freed with kim_string_free(). * Note: this string can also be passed to krb5_cc_resolve(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the type and name for a ccache in display format. @@ -514,7 +515,7 @@ kim_error kim_ccache_get_display_name (kim_ccache in_ccache, /*! * \param in_ccache a ccache object. * \param out_client_identity on exit, an identity object containing the client identity of - * \a in_ccache. Must be freed with kim_identity_free(). + * \a in_ccache. Must be freed with kim_identity_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the client identity for a ccache. */ @@ -524,7 +525,7 @@ kim_error kim_ccache_get_client_identity (kim_ccache in_ccache, /*! * \param in_ccache a ccache object. * \param out_credential on exit, the first valid credential in \a in_ccache. - * Must be freed with kim_credential_free(). Set to NULL + * Must be freed with kim_credential_free(). Set to NULL * if you only want return value, not the actual credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the first valid credential in a ccache. diff --git a/src/include/kim/kim_credential.h b/src/include/kim/kim_credential.h index 634c458f05..bf065a8d2f 100644 --- a/src/include/kim/kim_credential.h +++ b/src/include/kim/kim_credential.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005-2006 Massachusetts Institute of Technology. * All Rights Reserved. @@ -498,7 +499,7 @@ kim_error kim_credential_get_options (kim_credential in_credential, * \param in_credential a credential object. * \param in_client_identity a client identity. * \param out_ccache on exit, a ccache object containing \a in_credential with the client - * identity \a in_client_identity. Must be freed with kim_ccache_free(). + * identity \a in_client_identity. Must be freed with kim_ccache_free(). * Specify NULL if you don't want this return value. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Store a credential in a ccache in the cache collection. diff --git a/src/include/kim/kim_identity.h b/src/include/kim/kim_identity.h index a8540277db..caed0524a5 100644 --- a/src/include/kim/kim_identity.h +++ b/src/include/kim/kim_identity.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005-2006 Massachusetts Institute of Technology. * All Rights Reserved. @@ -127,7 +128,7 @@ extern "C" { * \brief Create a identity from a string. */ kim_error kim_identity_create_from_string (kim_identity *out_identity, - kim_string in_string); + kim_string in_string); /*! * \param out_identity on exit, a new identity object. Must be freed with kim_identity_free(). @@ -142,9 +143,9 @@ kim_error kim_identity_create_from_string (kim_identity *out_identity, * \brief Create a identity from a realm and component strings. */ kim_error kim_identity_create_from_components (kim_identity *out_identity, - kim_string in_realm, - kim_string in_1st_component, - ...); + kim_string in_realm, + kim_string in_1st_component, + ...); /*! * \param out_identity on exit, a new identity object which is a copy of \a in_krb5_principal. @@ -155,8 +156,8 @@ kim_error kim_identity_create_from_components (kim_identity *out_identity, * \brief Create an identity object from a krb5_principal. */ kim_error kim_identity_create_from_krb5_principal (kim_identity *out_identity, - krb5_context in_krb5_context, - krb5_principal in_krb5_principal); + krb5_context in_krb5_context, + krb5_principal in_krb5_principal); /*! * \param out_identity on exit, a new identity object which is a copy of \a in_identity. @@ -166,7 +167,7 @@ kim_error kim_identity_create_from_krb5_principal (kim_identity *out_identity, * \brief Copy an identity object. */ kim_error kim_identity_copy (kim_identity *out_identity, - kim_identity in_identity); + kim_identity in_identity); /*! @@ -180,8 +181,8 @@ kim_error kim_identity_copy (kim_identity *out_identity, * \brief Compare identity objects for equivalency. */ kim_error kim_identity_compare (kim_identity in_identity, - kim_identity in_compare_to_identity, - kim_comparison *out_comparison); + kim_identity in_compare_to_identity, + kim_comparison *out_comparison); /*! * \param in_identity an identity object. * \param out_string on exit, a string representation of \a in_identity. @@ -191,7 +192,7 @@ kim_error kim_identity_compare (kim_identity in_identity, * \note Special characters such as '@' and '/' will be escaped with '\'. */ kim_error kim_identity_get_string (kim_identity in_identity, - kim_string *out_string); + kim_string *out_string); /*! @@ -206,7 +207,7 @@ kim_error kim_identity_get_string (kim_identity in_identity, * The result of this function should \em only be used to display to the user. */ kim_error kim_identity_get_display_string (kim_identity in_identity, - kim_string *out_display_string); + kim_string *out_display_string); /*! * \param in_identity an identity object. @@ -216,7 +217,7 @@ kim_error kim_identity_get_display_string (kim_identity in_identity, * \brief Get the realm string of an identity. */ kim_error kim_identity_get_realm (kim_identity in_identity, - kim_string *out_realm_string); + kim_string *out_realm_string); /*! * \param in_identity an identity object. @@ -225,7 +226,7 @@ kim_error kim_identity_get_realm (kim_identity in_identity, * \brief Get the number of components of an identity. */ kim_error kim_identity_get_number_of_components (kim_identity in_identity, - kim_count *out_number_of_components); + kim_count *out_number_of_components); /*! * \param in_identity an identity object. @@ -236,8 +237,8 @@ kim_error kim_identity_get_number_of_components (kim_identity in_identity, * \brief Get the Nth component of an identity. */ kim_error kim_identity_get_component_at_index (kim_identity in_identity, - kim_count in_index, - kim_string *out_component_string); + kim_count in_index, + kim_string *out_component_string); /*! * \param in_identity an identity object. @@ -259,8 +260,8 @@ kim_error kim_identity_get_components_string (kim_identity in_identity, * \brief Get the krb5_principal representation of an identity. */ kim_error kim_identity_get_krb5_principal (kim_identity in_identity, - krb5_context in_krb5_context, - krb5_principal *out_krb5_principal); + krb5_context in_krb5_context, + krb5_principal *out_krb5_principal); /*! * \param in_identity an identity object whose password will be changed. diff --git a/src/include/kim/kim_library.h b/src/include/kim/kim_library.h index fe351f7fc8..c840637334 100644 --- a/src/include/kim/kim_library.h +++ b/src/include/kim/kim_library.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005-2008 Massachusetts Institute of Technology. * All Rights Reserved. diff --git a/src/include/kim/kim_options.h b/src/include/kim/kim_options.h index 85facfbbc0..2b1343197c 100644 --- a/src/include/kim/kim_options.h +++ b/src/include/kim/kim_options.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005-2006 Massachusetts Institute of Technology. * All Rights Reserved. diff --git a/src/include/kim/kim_preferences.h b/src/include/kim/kim_preferences.h index 77edde462f..fd3293319b 100644 --- a/src/include/kim/kim_preferences.h +++ b/src/include/kim/kim_preferences.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005-2006 Massachusetts Institute of Technology. * All Rights Reserved. @@ -162,7 +163,7 @@ kim_error kim_preferences_create (kim_preferences *out_preferences); * \brief Copy a preferences object. */ kim_error kim_preferences_copy (kim_preferences *out_preferences, - kim_preferences in_preferences); + kim_preferences in_preferences); /*! * \param io_preferences a preferences object to modify. @@ -172,7 +173,7 @@ kim_error kim_preferences_copy (kim_preferences *out_preferences, * \sa kim_preferences_get_options() */ kim_error kim_preferences_set_options (kim_preferences io_preferences, - kim_options in_options); + kim_options in_options); /*! * \param in_preferences a preferences object. @@ -184,7 +185,7 @@ kim_error kim_preferences_set_options (kim_preferences io_preferences, * \sa kim_preferences_set_options() */ kim_error kim_preferences_get_options (kim_preferences in_preferences, - kim_options *out_options); + kim_options *out_options); /*! * \param io_preferences a preferences object to modify. @@ -195,7 +196,7 @@ kim_error kim_preferences_get_options (kim_preferences in_preferences, * \sa kim_preferences_get_remember_options() */ kim_error kim_preferences_set_remember_options (kim_preferences io_preferences, - kim_boolean in_remember_options); + kim_boolean in_remember_options); /*! * \param in_preferences a preferences object. @@ -206,7 +207,7 @@ kim_error kim_preferences_set_remember_options (kim_preferences io_preferences, * \sa kim_preferences_set_remember_options() */ kim_error kim_preferences_get_remember_options (kim_preferences in_preferences, - kim_boolean *out_remember_options); + kim_boolean *out_remember_options); /*! * \param io_preferences a preferences object to modify. @@ -216,7 +217,7 @@ kim_error kim_preferences_get_remember_options (kim_preferences in_preferences, * \sa kim_preferences_get_client_identity() */ kim_error kim_preferences_set_client_identity (kim_preferences io_preferences, - kim_identity in_client_identity); + kim_identity in_client_identity); /*! * \param in_preferences a preferences object. @@ -227,7 +228,7 @@ kim_error kim_preferences_set_client_identity (kim_preferences io_preferences, * \sa kim_preferences_set_client_identity() */ kim_error kim_preferences_get_client_identity (kim_preferences in_preferences, - kim_identity *out_client_identity); + kim_identity *out_client_identity); /*! * \param io_preferences a preferences object to modify. @@ -238,7 +239,7 @@ kim_error kim_preferences_get_client_identity (kim_preferences in_preferences, * \sa kim_preferences_get_remember_client_identity() */ kim_error kim_preferences_set_remember_client_identity (kim_preferences io_preferences, - kim_boolean in_remember_client_identity); + kim_boolean in_remember_client_identity); /*! * \param in_preferences a preferences object. @@ -249,7 +250,7 @@ kim_error kim_preferences_set_remember_client_identity (kim_preferences io_prefe * \sa kim_preferences_set_remember_client_identity() */ kim_error kim_preferences_get_remember_client_identity (kim_preferences in_preferences, - kim_boolean *out_remember_client_identity); + kim_boolean *out_remember_client_identity); /*! * \param io_preferences a preferences object to modify. @@ -260,7 +261,7 @@ kim_error kim_preferences_get_remember_client_identity (kim_preferences in_pref * \sa kim_preferences_get_minimum_lifetime() */ kim_error kim_preferences_set_minimum_lifetime (kim_preferences io_preferences, - kim_lifetime in_minimum_lifetime); + kim_lifetime in_minimum_lifetime); /*! * \param in_preferences a preferences object. @@ -271,7 +272,7 @@ kim_error kim_preferences_set_minimum_lifetime (kim_preferences io_preferences, * \sa kim_preferences_set_minimum_lifetime() */ kim_error kim_preferences_get_minimum_lifetime (kim_preferences in_preferences, - kim_lifetime *out_minimum_lifetime); + kim_lifetime *out_minimum_lifetime); /*! * \param io_preferences a preferences object to modify. @@ -282,7 +283,7 @@ kim_error kim_preferences_get_minimum_lifetime (kim_preferences in_preferences, * \sa kim_preferences_get_maximum_lifetime() */ kim_error kim_preferences_set_maximum_lifetime (kim_preferences io_preferences, - kim_lifetime in_maximum_lifetime); + kim_lifetime in_maximum_lifetime); /*! * \param in_preferences a preferences object. @@ -293,7 +294,7 @@ kim_error kim_preferences_set_maximum_lifetime (kim_preferences io_preferences, * \sa kim_preferences_set_maximum_lifetime() */ kim_error kim_preferences_get_maximum_lifetime (kim_preferences in_preferences, - kim_lifetime *out_maximum_lifetime); + kim_lifetime *out_maximum_lifetime); /*! * \param io_preferences a preferences object to modify. @@ -305,7 +306,7 @@ kim_error kim_preferences_get_maximum_lifetime (kim_preferences in_preferences, * \sa kim_preferences_get_minimum_renewal_lifetime() */ kim_error kim_preferences_set_minimum_renewal_lifetime (kim_preferences io_preferences, - kim_lifetime in_minimum_renewal_lifetime); + kim_lifetime in_minimum_renewal_lifetime); /*! * \param in_preferences a preferences object. @@ -316,7 +317,7 @@ kim_error kim_preferences_set_minimum_renewal_lifetime (kim_preferences io_prefe * \sa kim_preferences_set_minimum_renewal_lifetime() */ kim_error kim_preferences_get_minimum_renewal_lifetime (kim_preferences in_preferences, - kim_lifetime *out_minimum_renewal_lifetime); + kim_lifetime *out_minimum_renewal_lifetime); /*! * \param io_preferences a preferences object to modify. @@ -328,7 +329,7 @@ kim_error kim_preferences_get_minimum_renewal_lifetime (kim_preferences in_pref * \sa kim_preferences_get_minimum_renewal_lifetime() */ kim_error kim_preferences_set_maximum_renewal_lifetime (kim_preferences io_preferences, - kim_lifetime in_maximum_renewal_lifetime); + kim_lifetime in_maximum_renewal_lifetime); /*! * \param in_preferences a preferences object. @@ -339,7 +340,7 @@ kim_error kim_preferences_set_maximum_renewal_lifetime (kim_preferences io_prefe * \sa kim_preferences_set_minimum_renewal_lifetime() */ kim_error kim_preferences_get_maximum_renewal_lifetime (kim_preferences in_preferences, - kim_lifetime *out_maximum_renewal_lifetime); + kim_lifetime *out_maximum_renewal_lifetime); /*! * \param in_preferences a preferences object. diff --git a/src/include/kim/kim_selection_hints.h b/src/include/kim/kim_selection_hints.h index 20af083a93..76cd41fc77 100644 --- a/src/include/kim/kim_selection_hints.h +++ b/src/include/kim/kim_selection_hints.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005-2006 Massachusetts Institute of Technology. * All Rights Reserved. @@ -251,7 +252,7 @@ extern "C" { * \brief Create a new selection hints object. */ kim_error kim_selection_hints_create (kim_selection_hints *out_selection_hints, - kim_string in_application_identifier); + kim_string in_application_identifier); /*! * \param out_selection_hints on exit, a new selection hints object which is a copy of in_selection_hints. @@ -261,7 +262,7 @@ kim_error kim_selection_hints_create (kim_selection_hints *out_selection_hints, * \brief Copy a selection hints object. */ kim_error kim_selection_hints_copy (kim_selection_hints *out_selection_hints, - kim_selection_hints in_selection_hints); + kim_selection_hints in_selection_hints); /*! * \param io_selection_hints a selection hints object to modify. @@ -303,7 +304,7 @@ kim_error kim_selection_hints_get_hint (kim_selection_hints in_selection_hints, * \sa kim_selection_hints_get_explanation() */ kim_error kim_selection_hints_set_explanation (kim_selection_hints io_selection_hints, - kim_string in_explanation); + kim_string in_explanation); /*! * \param in_selection_hints a selection hints object. @@ -315,7 +316,7 @@ kim_error kim_selection_hints_set_explanation (kim_selection_hints io_selection_ * \sa kim_selection_hints_set_explanation() */ kim_error kim_selection_hints_get_explanation (kim_selection_hints in_selection_hints, - kim_string *out_explanation); + kim_string *out_explanation); /*! @@ -326,7 +327,7 @@ kim_error kim_selection_hints_get_explanation (kim_selection_hints in_selection * \sa kim_selection_hints_get_options() */ kim_error kim_selection_hints_set_options (kim_selection_hints io_selection_hints, - kim_options in_options); + kim_options in_options); /*! * \param in_selection_hints a selection hints object. @@ -338,7 +339,7 @@ kim_error kim_selection_hints_set_options (kim_selection_hints io_selection_hint * \sa kim_selection_hints_set_options() */ kim_error kim_selection_hints_get_options (kim_selection_hints in_selection_hints, - kim_options *out_options); + kim_options *out_options); /*! * \param in_selection_hints a selection hints object to modify @@ -350,7 +351,7 @@ kim_error kim_selection_hints_get_options (kim_selection_hints in_selection_hin * \sa kim_selection_hints_get_allow_user_interaction */ kim_error kim_selection_hints_set_allow_user_interaction (kim_selection_hints in_selection_hints, - kim_boolean in_allow_user_interaction); + kim_boolean in_allow_user_interaction); /*! * \param in_selection_hints a selection hints object to modify @@ -363,7 +364,7 @@ kim_error kim_selection_hints_set_allow_user_interaction (kim_selection_hints in * \sa kim_selection_hints_set_allow_user_interaction */ kim_error kim_selection_hints_get_allow_user_interaction (kim_selection_hints in_selection_hints, - kim_boolean *out_allow_user_interaction); + kim_boolean *out_allow_user_interaction); /*! * \param in_selection_hints a selection hints object to modify @@ -375,7 +376,7 @@ kim_error kim_selection_hints_get_allow_user_interaction (kim_selection_hints i * \sa kim_selection_hints_get_remember_identity */ kim_error kim_selection_hints_set_remember_identity (kim_selection_hints in_selection_hints, - kim_boolean in_remember_identity); + kim_boolean in_remember_identity); /*! * \param in_selection_hints a selection hints object to modify @@ -387,7 +388,7 @@ kim_error kim_selection_hints_set_remember_identity (kim_selection_hints in_sele * \sa kim_selection_hints_set_remember_identity */ kim_error kim_selection_hints_get_remember_identity (kim_selection_hints in_selection_hints, - kim_boolean *out_remember_identity); + kim_boolean *out_remember_identity); /*! * \param in_selection_hints the selection hints to add to the cache. @@ -401,7 +402,7 @@ kim_error kim_selection_hints_get_remember_identity (kim_selection_hints in_sel */ kim_error kim_selection_hints_get_identity (kim_selection_hints in_selection_hints, - kim_identity *out_identity); + kim_identity *out_identity); /*! * \param in_selection_hints the selection hints to add to the cache. @@ -412,7 +413,7 @@ kim_error kim_selection_hints_get_identity (kim_selection_hints in_selection_hin */ kim_error kim_selection_hints_remember_identity (kim_selection_hints in_selection_hints, - kim_identity in_identity); + kim_identity in_identity); /*! * \param in_selection_hints the selection hints to remove from the cache. diff --git a/src/include/kim/kim_string.h b/src/include/kim/kim_string.h index 283a497427..aaf1975a93 100644 --- a/src/include/kim/kim_string.h +++ b/src/include/kim/kim_string.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005-2006 Massachusetts Institute of Technology. * All Rights Reserved. @@ -87,7 +88,7 @@ kim_error kim_string_create_for_last_error (kim_string *out_string, /*! * \param out_string on exit, a new string object which is a copy of \a in_string. - Must be freed with kim_string_free(). + Must be freed with kim_string_free(). * \param in_string the string to copy. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Copy a string. diff --git a/src/include/kim/kim_types.h b/src/include/kim/kim_types.h index 7723407cf9..4778ba527a 100644 --- a/src/include/kim/kim_types.h +++ b/src/include/kim/kim_types.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005-2006 Massachusetts Institute of Technology. * All Rights Reserved. diff --git a/src/include/kim/kim_ui_plugin.h b/src/include/kim/kim_ui_plugin.h index d5a08a87d0..579be73597 100644 --- a/src/include/kim/kim_ui_plugin.h +++ b/src/include/kim/kim_ui_plugin.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2008 Massachusetts Institute of Technology. * All Rights Reserved. @@ -60,7 +61,7 @@ enum kim_prompt_type_enum { typedef struct kim_ui_plugin_ftable_v0 { - int minor_version; /* currently 0 */ + int minor_version; /* currently 0 */ /* Called before other calls to allow the UI to initialize. * Return an error if you can't display your UI in this environment. diff --git a/src/include/krb5.h b/src/include/krb5.h index d689651550..62ef9bb957 100644 --- a/src/include/krb5.h +++ b/src/include/krb5.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* The MIT Kerberos header file krb5.h used to live here. As of the 1.5 release, we're installing multiple Kerberos headers, diff --git a/src/include/krb5/authdata_plugin.h b/src/include/krb5/authdata_plugin.h index 471f01c05b..32bff2f3b2 100644 --- a/src/include/krb5/authdata_plugin.h +++ b/src/include/krb5/authdata_plugin.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * krb5/authdata_plugin.h * @@ -103,10 +104,10 @@ typedef struct krb5plugin_authdata_server_ftable_v0 { * client (barring other problems). */ krb5_error_code (*authdata_proc)(krb5_context, - struct _krb5_db_entry_new *client, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_enc_tkt_part *enc_tkt_reply); + struct _krb5_db_entry_new *client, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_enc_tkt_part *enc_tkt_reply); } krb5plugin_server_authdata_ftable_v0; typedef krb5plugin_server_authdata_ftable_v0 krb5plugin_authdata_ftable_v0; @@ -146,163 +147,163 @@ typedef struct krb5plugin_authdata_server_ftable_v2 { * client (barring other problems). */ krb5_error_code (*authdata_proc)(krb5_context, - unsigned int flags, - struct _krb5_db_entry_new *client, - struct _krb5_db_entry_new *server, - struct _krb5_db_entry_new *tgs, - krb5_keyblock *client_key, - krb5_keyblock *server_key, - krb5_keyblock *tgs_key, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_const_principal for_user_princ, - krb5_enc_tkt_part *enc_tkt_request, - krb5_enc_tkt_part *enc_tkt_reply); + unsigned int flags, + struct _krb5_db_entry_new *client, + struct _krb5_db_entry_new *server, + struct _krb5_db_entry_new *tgs, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *tgs_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); } krb5plugin_authdata_server_ftable_v2; typedef krb5plugin_authdata_server_ftable_v2 krb5plugin_authdata_ftable_v2; typedef krb5_error_code (*authdata_client_plugin_init_proc)(krb5_context context, - void **plugin_context); + void **plugin_context); -#define AD_USAGE_AS_REQ 0x01 -#define AD_USAGE_TGS_REQ 0x02 -#define AD_USAGE_AP_REQ 0x04 -#define AD_USAGE_KDC_ISSUED 0x08 -#define AD_USAGE_MASK 0x0F -#define AD_INFORMATIONAL 0x10 +#define AD_USAGE_AS_REQ 0x01 +#define AD_USAGE_TGS_REQ 0x02 +#define AD_USAGE_AP_REQ 0x04 +#define AD_USAGE_KDC_ISSUED 0x08 +#define AD_USAGE_MASK 0x0F +#define AD_INFORMATIONAL 0x10 struct _krb5_authdata_context; typedef void (*authdata_client_plugin_flags_proc)(krb5_context kcontext, - void *plugin_context, - krb5_authdatatype ad_type, - krb5_flags *flags); + void *plugin_context, + krb5_authdatatype ad_type, + krb5_flags *flags); typedef void (*authdata_client_plugin_fini_proc)(krb5_context kcontext, - void *plugin_context); + void *plugin_context); typedef krb5_error_code (*authdata_client_request_init_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void **request_context); + struct _krb5_authdata_context *context, + void *plugin_context, + void **request_context); typedef void (*authdata_client_request_fini_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context); typedef krb5_error_code (*authdata_client_import_authdata_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - krb5_authdata **authdata, - krb5_boolean kdc_issued_flag, - krb5_const_principal issuer); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + krb5_authdata **authdata, + krb5_boolean kdc_issued_flag, + krb5_const_principal issuer); typedef krb5_error_code (*authdata_client_export_authdata_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - krb5_flags usage, - krb5_authdata ***authdata); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + krb5_flags usage, + krb5_authdata ***authdata); typedef krb5_error_code (*authdata_client_get_attribute_types_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - krb5_data **attrs); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + krb5_data **attrs); typedef krb5_error_code (*authdata_client_get_attribute_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - const krb5_data *attribute, - krb5_boolean *authenticated, - krb5_boolean *complete, - krb5_data *value, - krb5_data *display_value, - int *more); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + const krb5_data *attribute, + krb5_boolean *authenticated, + krb5_boolean *complete, + krb5_data *value, + krb5_data *display_value, + int *more); typedef krb5_error_code (*authdata_client_set_attribute_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - krb5_boolean complete, - const krb5_data *attribute, - const krb5_data *value); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + krb5_boolean complete, + const krb5_data *attribute, + const krb5_data *value); typedef krb5_error_code (*authdata_client_delete_attribute_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - const krb5_data *attribute); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + const krb5_data *attribute); typedef krb5_error_code (*authdata_client_export_internal_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - krb5_boolean restrict_authenticated, - void **ptr); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + krb5_boolean restrict_authenticated, + void **ptr); typedef void (*authdata_client_free_internal_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - void *ptr); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + void *ptr); typedef krb5_error_code (*authdata_client_verify_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - const krb5_auth_context *auth_context, - const krb5_keyblock *key, - const krb5_ap_req *req); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + const krb5_auth_context *auth_context, + const krb5_keyblock *key, + const krb5_ap_req *req); typedef krb5_error_code (*authdata_client_size_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - size_t *sizep); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + size_t *sizep); typedef krb5_error_code (*authdata_client_externalize_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - krb5_octet **buffer, - size_t *lenremain); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + krb5_octet **buffer, + size_t *lenremain); typedef krb5_error_code (*authdata_client_internalize_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - krb5_octet **buffer, - size_t *lenremain); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + krb5_octet **buffer, + size_t *lenremain); typedef krb5_error_code (*authdata_client_copy_proc)(krb5_context kcontext, - struct _krb5_authdata_context *context, - void *plugin_context, - void *request_context, - void *dst_plugin_context, - void *dst_request_context); + struct _krb5_authdata_context *context, + void *plugin_context, + void *request_context, + void *dst_plugin_context, + void *dst_request_context); typedef struct krb5plugin_authdata_client_ftable_v0 { char *name; diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 1b03451f66..f9d71559a8 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -1,5 +1,5 @@ -/* -*- c -*- - * include/krb5.h +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* include/krb5.h * * Copyright 1989,1990,1995,2001, 2003, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -16,7 +16,7 @@ * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label + * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of @@ -62,9 +62,9 @@ #endif #if defined(__MACH__) && defined(__APPLE__) -# include +# include # if TARGET_RT_MAC_CFM -# error "Use KfM 4.0 SDK headers for CFM compilation." +# error "Use KfM 4.0 SDK headers for CFM compilation." # endif #endif @@ -90,13 +90,13 @@ #define KRB5_OLD_CRYPTO #include -#include /* for *_MAX */ +#include /* for *_MAX */ #include #ifndef KRB5INT_BEGIN_DECLS #if defined(__cplusplus) -#define KRB5INT_BEGIN_DECLS extern "C" { -#define KRB5INT_END_DECLS } +#define KRB5INT_BEGIN_DECLS extern "C" { +#define KRB5INT_END_DECLS } #else #define KRB5INT_BEGIN_DECLS #define KRB5INT_END_DECLS @@ -129,43 +129,43 @@ struct _profile_t; * Word-size related definition. */ -typedef unsigned char krb5_octet; +typedef unsigned char krb5_octet; #if INT_MAX == 0x7fff -typedef int krb5_int16; -typedef unsigned int krb5_ui_2; +typedef int krb5_int16; +typedef unsigned int krb5_ui_2; #elif SHRT_MAX == 0x7fff -typedef short krb5_int16; -typedef unsigned short krb5_ui_2; +typedef short krb5_int16; +typedef unsigned short krb5_ui_2; #else #error undefined 16 bit type #endif #if INT_MAX == 0x7fffffffL -typedef int krb5_int32; -typedef unsigned int krb5_ui_4; +typedef int krb5_int32; +typedef unsigned int krb5_ui_4; #elif LONG_MAX == 0x7fffffffL -typedef long krb5_int32; -typedef unsigned long krb5_ui_4; +typedef long krb5_int32; +typedef unsigned long krb5_ui_4; #elif SHRT_MAX == 0x7fffffffL -typedef short krb5_int32; -typedef unsigned short krb5_ui_4; +typedef short krb5_int32; +typedef unsigned short krb5_ui_4; #else #error: undefined 32 bit type #endif -#define VALID_INT_BITS INT_MAX -#define VALID_UINT_BITS UINT_MAX +#define VALID_INT_BITS INT_MAX +#define VALID_UINT_BITS UINT_MAX -#define KRB5_INT32_MAX 2147483647 +#define KRB5_INT32_MAX 2147483647 /* this strange form is necessary since - is a unary operator, not a sign indicator */ -#define KRB5_INT32_MIN (-KRB5_INT32_MAX-1) +#define KRB5_INT32_MIN (-KRB5_INT32_MAX-1) #define KRB5_INT16_MAX 65535 /* this strange form is necessary since - is a unary operator, not a sign indicator */ -#define KRB5_INT16_MIN (-KRB5_INT16_MAX-1) +#define KRB5_INT16_MIN (-KRB5_INT16_MAX-1) /* * end wordsize.h @@ -180,41 +180,41 @@ typedef unsigned short krb5_ui_4; */ #ifndef FALSE -#define FALSE 0 +#define FALSE 0 #endif #ifndef TRUE -#define TRUE 1 +#define TRUE 1 #endif -typedef unsigned int krb5_boolean; -typedef unsigned int krb5_msgtype; -typedef unsigned int krb5_kvno; +typedef unsigned int krb5_boolean; +typedef unsigned int krb5_msgtype; +typedef unsigned int krb5_kvno; -typedef krb5_int32 krb5_addrtype; +typedef krb5_int32 krb5_addrtype; typedef krb5_int32 krb5_enctype; typedef krb5_int32 krb5_cksumtype; typedef krb5_int32 krb5_authdatatype; typedef krb5_int32 krb5_keyusage; typedef krb5_int32 krb5_cryptotype; -typedef krb5_int32 krb5_preauthtype; /* This may change, later on */ -typedef krb5_int32 krb5_flags; -typedef krb5_int32 krb5_timestamp; -typedef krb5_int32 krb5_error_code; -typedef krb5_int32 krb5_deltat; +typedef krb5_int32 krb5_preauthtype; /* This may change, later on */ +typedef krb5_int32 krb5_flags; +typedef krb5_int32 krb5_timestamp; +typedef krb5_int32 krb5_error_code; +typedef krb5_int32 krb5_deltat; -typedef krb5_error_code krb5_magic; +typedef krb5_error_code krb5_magic; typedef struct _krb5_data { - krb5_magic magic; - unsigned int length; - char *data; + krb5_magic magic; + unsigned int length; + char *data; } krb5_data; typedef struct _krb5_octet_data { - krb5_magic magic; - unsigned int length; - krb5_octet *data; + krb5_magic magic; + unsigned int length; + krb5_octet *data; } krb5_octet_data; /* @@ -222,51 +222,51 @@ typedef struct _krb5_octet_data { * equivalent to -1 without possible sign extension * We also overload for an unset salt type length - which is also -1, but * hey, why not.... -*/ + */ #define SALT_TYPE_AFS_LENGTH UINT_MAX #define SALT_TYPE_NO_LENGTH UINT_MAX -typedef void * krb5_pointer; +typedef void * krb5_pointer; typedef void const * krb5_const_pointer; typedef struct krb5_principal_data { krb5_magic magic; krb5_data realm; - krb5_data *data; /* An array of strings */ + krb5_data *data; /* An array of strings */ krb5_int32 length; krb5_int32 type; } krb5_principal_data; -typedef krb5_principal_data * krb5_principal; +typedef krb5_principal_data * krb5_principal; /* * Per V5 spec on definition of principal types */ /* Name type not known */ -#define KRB5_NT_UNKNOWN 0 +#define KRB5_NT_UNKNOWN 0 /* Just the name of the principal as in DCE, or for users */ -#define KRB5_NT_PRINCIPAL 1 +#define KRB5_NT_PRINCIPAL 1 /* Service and other unique instance (krbtgt) */ -#define KRB5_NT_SRV_INST 2 +#define KRB5_NT_SRV_INST 2 /* Service with host name as instance (telnet, rcommands) */ -#define KRB5_NT_SRV_HST 3 +#define KRB5_NT_SRV_HST 3 /* Service with host as remaining components */ -#define KRB5_NT_SRV_XHST 4 +#define KRB5_NT_SRV_XHST 4 /* Unique ID */ -#define KRB5_NT_UID 5 +#define KRB5_NT_UID 5 /* PKINIT */ -#define KRB5_NT_X500_PRINCIPAL 6 +#define KRB5_NT_X500_PRINCIPAL 6 /* Name in form of SMTP email name */ -#define KRB5_NT_SMTP_NAME 7 +#define KRB5_NT_SMTP_NAME 7 /* Windows 2000 UPN */ -#define KRB5_NT_ENTERPRISE_PRINCIPAL 10 +#define KRB5_NT_ENTERPRISE_PRINCIPAL 10 /* Windows 2000 UPN and SID */ -#define KRB5_NT_MS_PRINCIPAL -128 +#define KRB5_NT_MS_PRINCIPAL -128 /* NT 4 style name */ -#define KRB5_NT_MS_PRINCIPAL_AND_ID -129 +#define KRB5_NT_MS_PRINCIPAL_AND_ID -129 /* NT 4 style name and SID */ -#define KRB5_NT_ENT_PRINCIPAL_AND_ID -130 +#define KRB5_NT_ENT_PRINCIPAL_AND_ID -130 /* constant version thereof: */ typedef const krb5_principal_data *krb5_const_principal; @@ -275,18 +275,18 @@ typedef const krb5_principal_data *krb5_const_principal; #define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value)) #define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value) #define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value) -#define krb5_princ_size(context, princ) (princ)->length -#define krb5_princ_type(context, princ) (princ)->type -#define krb5_princ_name(context, princ) (princ)->data -#define krb5_princ_component(context, princ,i) \ - (((i) < krb5_princ_size(context, princ)) \ - ? (princ)->data + (i) \ - : NULL) +#define krb5_princ_size(context, princ) (princ)->length +#define krb5_princ_type(context, princ) (princ)->type +#define krb5_princ_name(context, princ) (princ)->data +#define krb5_princ_component(context, princ,i) \ + (((i) < krb5_princ_size(context, princ)) \ + ? (princ)->data + (i) \ + : NULL) /* * Constants for realm referrals. */ -#define KRB5_REFERRAL_REALM "" +#define KRB5_REFERRAL_REALM "" /* * Referral-specific functions. @@ -310,16 +310,16 @@ typedef struct _krb5_address { } krb5_address; /* per Kerberos v5 protocol spec */ -#define ADDRTYPE_INET 0x0002 -#define ADDRTYPE_CHAOS 0x0005 -#define ADDRTYPE_XNS 0x0006 -#define ADDRTYPE_ISO 0x0007 -#define ADDRTYPE_DDP 0x0010 -#define ADDRTYPE_NETBIOS 0x0014 -#define ADDRTYPE_INET6 0x0018 +#define ADDRTYPE_INET 0x0002 +#define ADDRTYPE_CHAOS 0x0005 +#define ADDRTYPE_XNS 0x0006 +#define ADDRTYPE_ISO 0x0007 +#define ADDRTYPE_DDP 0x0010 +#define ADDRTYPE_NETBIOS 0x0014 +#define ADDRTYPE_INET6 0x0018 /* not yet in the spec... */ -#define ADDRTYPE_ADDRPORT 0x0100 -#define ADDRTYPE_IPPORT 0x0101 +#define ADDRTYPE_ADDRPORT 0x0100 +#define ADDRTYPE_IPPORT 0x0101 /* macros to determine if a type is a local type */ #define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000) @@ -362,16 +362,16 @@ typedef struct krb5_key_st *krb5_key; #ifdef KRB5_OLD_CRYPTO typedef struct _krb5_encrypt_block { krb5_magic magic; - krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need - this. it was a pointer, but it - doesn't have to be. gross. */ + krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need + this. it was a pointer, but it + doesn't have to be. gross. */ krb5_keyblock *key; } krb5_encrypt_block; #endif typedef struct _krb5_checksum { krb5_magic magic; - krb5_cksumtype checksum_type; /* checksum type */ + krb5_cksumtype checksum_type; /* checksum type */ unsigned int length; krb5_octet *contents; } krb5_checksum; @@ -389,43 +389,43 @@ typedef struct _krb5_crypto_iov { } krb5_crypto_iov; /* per Kerberos v5 protocol spec */ -#define ENCTYPE_NULL 0x0000 -#define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ -#define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ -#define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ -#define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */ +#define ENCTYPE_NULL 0x0000 +#define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ +#define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ +#define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ +#define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */ /* XXX deprecated? */ -#define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */ -#define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */ -#define ENCTYPE_DES_HMAC_SHA1 0x0008 +#define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */ +#define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */ +#define ENCTYPE_DES_HMAC_SHA1 0x0008 /* PKINIT */ -#define ENCTYPE_DSA_SHA1_CMS 0x0009 /* DSA with SHA1, CMS signature */ -#define ENCTYPE_MD5_RSA_CMS 0x000a /* MD5 with RSA, CMS signature */ -#define ENCTYPE_SHA1_RSA_CMS 0x000b /* SHA1 with RSA, CMS signature */ -#define ENCTYPE_RC2_CBC_ENV 0x000c /* RC2 cbc mode, CMS enveloped data */ -#define ENCTYPE_RSA_ENV 0x000d /* RSA encryption, CMS enveloped data */ -#define ENCTYPE_RSA_ES_OAEP_ENV 0x000e /* RSA w/OEAP encryption, CMS enveloped data */ -#define ENCTYPE_DES3_CBC_ENV 0x000f /* DES-3 cbc mode, CMS enveloped data */ - -#define ENCTYPE_DES3_CBC_SHA1 0x0010 -#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 -#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 -#define ENCTYPE_ARCFOUR_HMAC 0x0017 +#define ENCTYPE_DSA_SHA1_CMS 0x0009 /* DSA with SHA1, CMS signature */ +#define ENCTYPE_MD5_RSA_CMS 0x000a /* MD5 with RSA, CMS signature */ +#define ENCTYPE_SHA1_RSA_CMS 0x000b /* SHA1 with RSA, CMS signature */ +#define ENCTYPE_RC2_CBC_ENV 0x000c /* RC2 cbc mode, CMS enveloped data */ +#define ENCTYPE_RSA_ENV 0x000d /* RSA encryption, CMS enveloped data */ +#define ENCTYPE_RSA_ES_OAEP_ENV 0x000e /* RSA w/OEAP encryption, CMS enveloped data */ +#define ENCTYPE_DES3_CBC_ENV 0x000f /* DES-3 cbc mode, CMS enveloped data */ + +#define ENCTYPE_DES3_CBC_SHA1 0x0010 +#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 +#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 +#define ENCTYPE_ARCFOUR_HMAC 0x0017 #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 -#define ENCTYPE_UNKNOWN 0x01ff +#define ENCTYPE_UNKNOWN 0x01ff -#define CKSUMTYPE_CRC32 0x0001 -#define CKSUMTYPE_RSA_MD4 0x0002 -#define CKSUMTYPE_RSA_MD4_DES 0x0003 -#define CKSUMTYPE_DESCBC 0x0004 +#define CKSUMTYPE_CRC32 0x0001 +#define CKSUMTYPE_RSA_MD4 0x0002 +#define CKSUMTYPE_RSA_MD4_DES 0x0003 +#define CKSUMTYPE_DESCBC 0x0004 /* des-mac-k */ /* rsa-md4-des-k */ -#define CKSUMTYPE_RSA_MD5 0x0007 -#define CKSUMTYPE_RSA_MD5_DES 0x0008 -#define CKSUMTYPE_NIST_SHA 0x0009 -#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c -#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f -#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 +#define CKSUMTYPE_RSA_MD5 0x0007 +#define CKSUMTYPE_RSA_MD5_DES 0x0008 +#define CKSUMTYPE_NIST_SHA 0x0009 +#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c +#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f +#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 #define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/ #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ @@ -435,19 +435,19 @@ typedef struct _krb5_crypto_iov { * entropy in the sample and to keep track of what sources of entropy have * contributed enough entropy. Sources marked internal MUST NOT be * used by applications outside the Kerberos library -*/ + */ enum { - KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/ - KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/ - KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/ - /*This source should be used carefully; data in this category - * should be from a third party trusted to give random bits - * For example keys issued by the KDC in the application server. - */ - KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/ - KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/ - KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/ + KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/ + KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/ + KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/ + /*This source should be used carefully; data in this category + * should be from a third party trusted to give random bits + * For example keys issued by the KDC in the application server. + */ + KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/ + KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/ + KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/ }; #ifndef krb5_roundup @@ -466,188 +466,168 @@ enum { #endif krb5_error_code KRB5_CALLCONV - krb5_c_encrypt - (krb5_context context, const krb5_keyblock *key, - krb5_keyusage usage, const krb5_data *cipher_state, - const krb5_data *input, krb5_enc_data *output); +krb5_c_encrypt(krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *cipher_state, + const krb5_data *input, krb5_enc_data *output); krb5_error_code KRB5_CALLCONV - krb5_c_decrypt - (krb5_context context, const krb5_keyblock *key, - krb5_keyusage usage, const krb5_data *cipher_state, - const krb5_enc_data *input, krb5_data *output); +krb5_c_decrypt(krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *cipher_state, + const krb5_enc_data *input, krb5_data *output); krb5_error_code KRB5_CALLCONV - krb5_c_encrypt_length - (krb5_context context, krb5_enctype enctype, - size_t inputlen, size_t *length); +krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype, + size_t inputlen, size_t *length); krb5_error_code KRB5_CALLCONV - krb5_c_block_size - (krb5_context context, krb5_enctype enctype, - size_t *blocksize); +krb5_c_block_size(krb5_context context, krb5_enctype enctype, + size_t *blocksize); krb5_error_code KRB5_CALLCONV - krb5_c_keylengths - (krb5_context context, krb5_enctype enctype, - size_t *keybytes, size_t *keylength); +krb5_c_keylengths(krb5_context context, krb5_enctype enctype, + size_t *keybytes, size_t *keylength); krb5_error_code KRB5_CALLCONV - krb5_c_init_state -(krb5_context context, -const krb5_keyblock *key, krb5_keyusage usage, -krb5_data *new_state); +krb5_c_init_state(krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, krb5_data *new_state); krb5_error_code KRB5_CALLCONV - krb5_c_free_state -(krb5_context context, const krb5_keyblock *key, krb5_data *state); +krb5_c_free_state(krb5_context context, const krb5_keyblock *key, + krb5_data *state); krb5_error_code KRB5_CALLCONV - krb5_c_prf (krb5_context, const krb5_keyblock *, - krb5_data *in, krb5_data *out); +krb5_c_prf(krb5_context, const krb5_keyblock *, krb5_data *in, krb5_data *out); krb5_error_code KRB5_CALLCONV - krb5_c_prf_length (krb5_context, krb5_enctype, size_t *outlen); +krb5_c_prf_length(krb5_context, krb5_enctype, size_t *outlen); + krb5_error_code KRB5_CALLCONV krb5_c_fx_cf2_simple(krb5_context context, - krb5_keyblock *k1, const char *pepper1, - krb5_keyblock *k2, const char *pepper2, - krb5_keyblock **out); - /* Returns KRB-FX-CF2 in a newly allocated - * keyblock on success or an error code on error. - * This function is simple in that it assumes - * pepper1 and pepper2 are C strings with no - * internal nulls and that the enctype of the - * result will be the same as that of k1. Both - * of these assumptions are true of current - * specs. - */ - + krb5_keyblock *k1, const char *pepper1, + krb5_keyblock *k2, const char *pepper2, + krb5_keyblock **out); +/* Returns KRB-FX-CF2 in a newly allocated + * keyblock on success or an error code on error. + * This function is simple in that it assumes + * pepper1 and pepper2 are C strings with no + * internal nulls and that the enctype of the + * result will be the same as that of k1. Both + * of these assumptions are true of current + * specs. + */ krb5_error_code KRB5_CALLCONV - krb5_c_make_random_key - (krb5_context context, krb5_enctype enctype, - krb5_keyblock *k5_random_key); +krb5_c_make_random_key(krb5_context context, krb5_enctype enctype, + krb5_keyblock *k5_random_key); krb5_error_code KRB5_CALLCONV - krb5_c_random_to_key - (krb5_context context, krb5_enctype enctype, - krb5_data *random_data, krb5_keyblock *k5_random_key); +krb5_c_random_to_key(krb5_context context, krb5_enctype enctype, + krb5_data *random_data, krb5_keyblock *k5_random_key); -/* Register a new entropy sample with the PRNG. may cause -* the PRNG to be reseeded, although this is not guaranteed. See previous randsource definitions -* for information on how each source should be used. -*/ +/* + * Register a new entropy sample with the PRNG. may cause the PRNG to be + * reseeded, although this is not guaranteed. See previous randsource + * definitions for information on how each source should be used. + */ krb5_error_code KRB5_CALLCONV - krb5_c_random_add_entropy -(krb5_context context, unsigned int randsource_id, const krb5_data *data); - +krb5_c_random_add_entropy(krb5_context context, unsigned int randsource_id, + const krb5_data *data); krb5_error_code KRB5_CALLCONV - krb5_c_random_make_octets - (krb5_context context, krb5_data *data); +krb5_c_random_make_octets(krb5_context context, krb5_data *data); /* -* Collect entropy from the OS if possible. strong requests that as strong -* of a source of entropy as available be used. Setting strong may -* increase the probability of blocking and should not be used for normal -* applications. Good uses include seeding the PRNG for kadmind -* and realm setup. -* If successful is non-null, then successful is set to 1 if the OS provided -* entropy else zero. -*/ -krb5_error_code KRB5_CALLCONV -krb5_c_random_os_entropy -(krb5_context context, int strong, int *success); + * Collect entropy from the OS if possible. strong requests that as strong + * of a source of entropy as available be used. Setting strong may + * increase the probability of blocking and should not be used for normal + * applications. Good uses include seeding the PRNG for kadmind + * and realm setup. + * If successful is non-null, then successful is set to 1 if the OS provided + * entropy else zero. + */ +krb5_error_code KRB5_CALLCONV +krb5_c_random_os_entropy(krb5_context context, int strong, int *success); /*deprecated*/ krb5_error_code KRB5_CALLCONV - krb5_c_random_seed - (krb5_context context, krb5_data *data); +krb5_c_random_seed(krb5_context context, krb5_data *data); krb5_error_code KRB5_CALLCONV - krb5_c_string_to_key - (krb5_context context, krb5_enctype enctype, - const krb5_data *string, const krb5_data *salt, - krb5_keyblock *key); +krb5_c_string_to_key(krb5_context context, krb5_enctype enctype, + const krb5_data *string, const krb5_data *salt, + krb5_keyblock *key); + krb5_error_code KRB5_CALLCONV krb5_c_string_to_key_with_params(krb5_context context, - krb5_enctype enctype, - const krb5_data *string, - const krb5_data *salt, - const krb5_data *params, - krb5_keyblock *key); - -krb5_error_code KRB5_CALLCONV - krb5_c_enctype_compare - (krb5_context context, krb5_enctype e1, krb5_enctype e2, - krb5_boolean *similar); - -krb5_error_code KRB5_CALLCONV - krb5_c_make_checksum - (krb5_context context, krb5_cksumtype cksumtype, - const krb5_keyblock *key, krb5_keyusage usage, - const krb5_data *input, krb5_checksum *cksum); - -krb5_error_code KRB5_CALLCONV - krb5_c_verify_checksum - (krb5_context context, - const krb5_keyblock *key, krb5_keyusage usage, - const krb5_data *data, - const krb5_checksum *cksum, - krb5_boolean *valid); - -krb5_error_code KRB5_CALLCONV - krb5_c_checksum_length - (krb5_context context, krb5_cksumtype cksumtype, - size_t *length); - -krb5_error_code KRB5_CALLCONV - krb5_c_keyed_checksum_types - (krb5_context context, krb5_enctype enctype, - unsigned int *count, krb5_cksumtype **cksumtypes); - -#define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1 -#define KRB5_KEYUSAGE_KDC_REP_TICKET 2 -#define KRB5_KEYUSAGE_AS_REP_ENCPART 3 -#define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4 -#define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5 -#define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6 -#define KRB5_KEYUSAGE_TGS_REQ_AUTH 7 -#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8 -#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9 -#define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10 -#define KRB5_KEYUSAGE_AP_REQ_AUTH 11 -#define KRB5_KEYUSAGE_AP_REP_ENCPART 12 -#define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13 -#define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14 -#define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15 -#define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16 -#define KRB5_KEYUSAGE_APP_DATA_CKSUM 17 -#define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18 -#define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19 -#define KRB5_KEYUSAGE_AD_MTE 20 -#define KRB5_KEYUSAGE_AD_ITE 21 + krb5_enctype enctype, + const krb5_data *string, + const krb5_data *salt, + const krb5_data *params, + krb5_keyblock *key); + +krb5_error_code KRB5_CALLCONV +krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2, + krb5_boolean *similar); + +krb5_error_code KRB5_CALLCONV +krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *input, krb5_checksum *cksum); + +krb5_error_code KRB5_CALLCONV +krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *data, + const krb5_checksum *cksum, krb5_boolean *valid); + +krb5_error_code KRB5_CALLCONV +krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype, + size_t *length); + +krb5_error_code KRB5_CALLCONV +krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype, + unsigned int *count, krb5_cksumtype **cksumtypes); + +#define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1 +#define KRB5_KEYUSAGE_KDC_REP_TICKET 2 +#define KRB5_KEYUSAGE_AS_REP_ENCPART 3 +#define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4 +#define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5 +#define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6 +#define KRB5_KEYUSAGE_TGS_REQ_AUTH 7 +#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8 +#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9 +#define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10 +#define KRB5_KEYUSAGE_AP_REQ_AUTH 11 +#define KRB5_KEYUSAGE_AP_REP_ENCPART 12 +#define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13 +#define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14 +#define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15 +#define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16 +#define KRB5_KEYUSAGE_APP_DATA_CKSUM 17 +#define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18 +#define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19 +#define KRB5_KEYUSAGE_AD_MTE 20 +#define KRB5_KEYUSAGE_AD_ITE 21 /* XXX need to register these */ -#define KRB5_KEYUSAGE_GSS_TOK_MIC 22 -#define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23 -#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24 +#define KRB5_KEYUSAGE_GSS_TOK_MIC 22 +#define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23 +#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24 /* Defined in hardware preauth draft */ -#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25 -#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26 -#define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27 +#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25 +#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26 +#define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27 /* Defined in KDC referrals draft */ -#define KRB5_KEYUSAGE_PA_REFERRAL 26 /* XXX note conflict with above */ +#define KRB5_KEYUSAGE_PA_REFERRAL 26 /* XXX note conflict with above */ /* Defined in [MS-SFU] */ -#define KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST 26 /* XXX note conflict with above */ -#define KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY 27 /* XXX note conflict with above */ +#define KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST 26 /* XXX note conflict with above */ +#define KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY 27 /* XXX note conflict with above */ -#define KRB5_KEYUSAGE_AD_SIGNEDPATH -21 +#define KRB5_KEYUSAGE_AD_SIGNEDPATH -21 /* define in draft-ietf-krb-wg-preauth-framework*/ #define KRB5_KEYUSAGE_FAST_REQ_CHKSUM 50 @@ -658,69 +638,57 @@ krb5_error_code KRB5_CALLCONV #define KRB5_KEYUSAGE_ENC_CHALLENGE_KDC 55 #define KRB5_KEYUSAGE_FAST_REP 52 -krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype - (krb5_enctype ktype); -krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum - (krb5_cksumtype ctype); +krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype(krb5_enctype ktype); +krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype(krb5_cksumtype ctype); +krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype); +krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum(krb5_cksumtype ctype); /* AEAD APIs */ -#define KRB5_CRYPTO_TYPE_EMPTY 0 /* [in] ignored */ -#define KRB5_CRYPTO_TYPE_HEADER 1 /* [out] header */ -#define KRB5_CRYPTO_TYPE_DATA 2 /* [in, out] plaintext */ -#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 /* [in] associated data */ -#define KRB5_CRYPTO_TYPE_PADDING 4 /* [out] padding */ -#define KRB5_CRYPTO_TYPE_TRAILER 5 /* [out] checksum for encrypt */ -#define KRB5_CRYPTO_TYPE_CHECKSUM 6 /* [out] checksum for MIC */ -#define KRB5_CRYPTO_TYPE_STREAM 7 /* [in] entire message */ +#define KRB5_CRYPTO_TYPE_EMPTY 0 /* [in] ignored */ +#define KRB5_CRYPTO_TYPE_HEADER 1 /* [out] header */ +#define KRB5_CRYPTO_TYPE_DATA 2 /* [in, out] plaintext */ +#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 /* [in] associated data */ +#define KRB5_CRYPTO_TYPE_PADDING 4 /* [out] padding */ +#define KRB5_CRYPTO_TYPE_TRAILER 5 /* [out] checksum for encrypt */ +#define KRB5_CRYPTO_TYPE_CHECKSUM 6 /* [out] checksum for MIC */ +#define KRB5_CRYPTO_TYPE_STREAM 7 /* [in] entire message */ krb5_error_code KRB5_CALLCONV - krb5_c_make_checksum_iov - (krb5_context context, krb5_cksumtype cksumtype, - const krb5_keyblock *key, krb5_keyusage usage, - krb5_crypto_iov *data, size_t num_data); +krb5_c_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, + const krb5_keyblock *key, krb5_keyusage usage, + krb5_crypto_iov *data, size_t num_data); krb5_error_code KRB5_CALLCONV - krb5_c_verify_checksum_iov - (krb5_context context, - krb5_cksumtype cksumtype, - const krb5_keyblock *key, krb5_keyusage usage, - const krb5_crypto_iov *data, size_t num_data, - krb5_boolean *valid); +krb5_c_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_crypto_iov *data, size_t num_data, + krb5_boolean *valid); krb5_error_code KRB5_CALLCONV - krb5_c_encrypt_iov - (krb5_context context, const krb5_keyblock *key, - krb5_keyusage usage, const krb5_data *cipher_state, - krb5_crypto_iov *data, size_t num_data); +krb5_c_encrypt_iov(krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *cipher_state, + krb5_crypto_iov *data, size_t num_data); krb5_error_code KRB5_CALLCONV - krb5_c_decrypt_iov - (krb5_context context, const krb5_keyblock *key, - krb5_keyusage usage, const krb5_data *cipher_state, - krb5_crypto_iov *data, size_t num_data); +krb5_c_decrypt_iov(krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *cipher_state, + krb5_crypto_iov *data, size_t num_data); krb5_error_code KRB5_CALLCONV - krb5_c_crypto_length - (krb5_context context, krb5_enctype enctype, - krb5_cryptotype type, unsigned int *size); +krb5_c_crypto_length(krb5_context context, krb5_enctype enctype, + krb5_cryptotype type, unsigned int *size); krb5_error_code KRB5_CALLCONV - krb5_c_crypto_length_iov - (krb5_context context, krb5_enctype enctype, - krb5_crypto_iov *data, size_t num_data); +krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype, + krb5_crypto_iov *data, size_t num_data); krb5_error_code KRB5_CALLCONV - krb5_c_padding_length - (krb5_context context, krb5_enctype enctype, - size_t data_length, unsigned int *size); +krb5_c_padding_length(krb5_context context, krb5_enctype enctype, + size_t data_length, unsigned int *size); krb5_error_code KRB5_CALLCONV krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data, - krb5_key *out); + krb5_key *out); /* Keys are logically immutable and can be "copied" by reference count. */ void KRB5_CALLCONV krb5_k_reference_key(krb5_context context, krb5_key key); @@ -730,123 +698,115 @@ void KRB5_CALLCONV krb5_k_free_key(krb5_context context, krb5_key key); krb5_error_code KRB5_CALLCONV krb5_k_key_keyblock(krb5_context context, krb5_key key, - krb5_keyblock **key_data); + krb5_keyblock **key_data); krb5_enctype KRB5_CALLCONV krb5_k_key_enctype(krb5_context context, krb5_key key); krb5_error_code KRB5_CALLCONV krb5_k_encrypt(krb5_context context, krb5_key key, krb5_keyusage usage, - const krb5_data *cipher_state, const krb5_data *input, - krb5_enc_data *output); + const krb5_data *cipher_state, const krb5_data *input, + krb5_enc_data *output); krb5_error_code KRB5_CALLCONV krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, - const krb5_data *cipher_state, krb5_crypto_iov *data, - size_t num_data); + const krb5_data *cipher_state, krb5_crypto_iov *data, + size_t num_data); krb5_error_code KRB5_CALLCONV krb5_k_decrypt(krb5_context context, krb5_key key, krb5_keyusage usage, - const krb5_data *cipher_state, const krb5_enc_data *input, - krb5_data *output); + const krb5_data *cipher_state, const krb5_enc_data *input, + krb5_data *output); krb5_error_code KRB5_CALLCONV krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, - const krb5_data *cipher_state, krb5_crypto_iov *data, - size_t num_data); + const krb5_data *cipher_state, krb5_crypto_iov *data, + size_t num_data); krb5_error_code KRB5_CALLCONV krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype, - krb5_key key, krb5_keyusage usage, const krb5_data *input, - krb5_checksum *cksum); + krb5_key key, krb5_keyusage usage, const krb5_data *input, + krb5_checksum *cksum); krb5_error_code KRB5_CALLCONV krb5_k_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, - krb5_key key, krb5_keyusage usage, - krb5_crypto_iov *data, size_t num_data); + krb5_key key, krb5_keyusage usage, + krb5_crypto_iov *data, size_t num_data); krb5_error_code KRB5_CALLCONV krb5_k_verify_checksum(krb5_context context, krb5_key key, krb5_keyusage usage, - const krb5_data *data, const krb5_checksum *cksum, - krb5_boolean *valid); + const krb5_data *data, const krb5_checksum *cksum, + krb5_boolean *valid); krb5_error_code KRB5_CALLCONV krb5_k_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, - krb5_key key, krb5_keyusage usage, - const krb5_crypto_iov *data, size_t num_data, - krb5_boolean *valid); + krb5_key key, krb5_keyusage usage, + const krb5_crypto_iov *data, size_t num_data, + krb5_boolean *valid); #ifdef KRB5_OLD_CRYPTO /* * old cryptosystem routine prototypes. These are now layered * on top of the functions above. */ -krb5_error_code KRB5_CALLCONV krb5_encrypt - (krb5_context context, - krb5_const_pointer inptr, - krb5_pointer outptr, - size_t size, - krb5_encrypt_block * eblock, - krb5_pointer ivec); -krb5_error_code KRB5_CALLCONV krb5_decrypt - (krb5_context context, - krb5_const_pointer inptr, - krb5_pointer outptr, - size_t size, - krb5_encrypt_block * eblock, - krb5_pointer ivec); -krb5_error_code KRB5_CALLCONV krb5_process_key - (krb5_context context, - krb5_encrypt_block * eblock, - const krb5_keyblock * key); -krb5_error_code KRB5_CALLCONV krb5_finish_key - (krb5_context context, - krb5_encrypt_block * eblock); -krb5_error_code KRB5_CALLCONV krb5_string_to_key - (krb5_context context, - const krb5_encrypt_block * eblock, - krb5_keyblock * keyblock, - const krb5_data * data, - const krb5_data * salt); -krb5_error_code KRB5_CALLCONV krb5_init_random_key - (krb5_context context, - const krb5_encrypt_block * eblock, - const krb5_keyblock * keyblock, - krb5_pointer * ptr); -krb5_error_code KRB5_CALLCONV krb5_finish_random_key - (krb5_context context, - const krb5_encrypt_block * eblock, - krb5_pointer * ptr); -krb5_error_code KRB5_CALLCONV krb5_random_key - (krb5_context context, - const krb5_encrypt_block * eblock, - krb5_pointer ptr, - krb5_keyblock ** keyblock); -krb5_enctype KRB5_CALLCONV krb5_eblock_enctype - (krb5_context context, - const krb5_encrypt_block * eblock); -krb5_error_code KRB5_CALLCONV krb5_use_enctype - (krb5_context context, - krb5_encrypt_block * eblock, - krb5_enctype enctype); -size_t KRB5_CALLCONV krb5_encrypt_size - (size_t length, - krb5_enctype crypto); -size_t KRB5_CALLCONV krb5_checksum_size - (krb5_context context, - krb5_cksumtype ctype); -krb5_error_code KRB5_CALLCONV krb5_calculate_checksum - (krb5_context context, - krb5_cksumtype ctype, - krb5_const_pointer in, size_t in_length, - krb5_const_pointer seed, size_t seed_length, - krb5_checksum * outcksum); -krb5_error_code KRB5_CALLCONV krb5_verify_checksum - (krb5_context context, - krb5_cksumtype ctype, - const krb5_checksum * cksum, - krb5_const_pointer in, size_t in_length, - krb5_const_pointer seed, size_t seed_length); +krb5_error_code KRB5_CALLCONV +krb5_encrypt(krb5_context context, krb5_const_pointer inptr, + krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock, + krb5_pointer ivec); + +krb5_error_code KRB5_CALLCONV +krb5_decrypt(krb5_context context, krb5_const_pointer inptr, + krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock, + krb5_pointer ivec); + +krb5_error_code KRB5_CALLCONV +krb5_process_key(krb5_context context, krb5_encrypt_block *eblock, + const krb5_keyblock * key); + +krb5_error_code KRB5_CALLCONV +krb5_finish_key(krb5_context context, krb5_encrypt_block * eblock); + +krb5_error_code KRB5_CALLCONV +krb5_string_to_key(krb5_context context, const krb5_encrypt_block *eblock, + krb5_keyblock * keyblock, const krb5_data *data, + const krb5_data *salt); + +krb5_error_code KRB5_CALLCONV +krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock, + const krb5_keyblock *keyblock, krb5_pointer *ptr); + +krb5_error_code KRB5_CALLCONV +krb5_finish_random_key(krb5_context context, const krb5_encrypt_block *eblock, + krb5_pointer *ptr); + +krb5_error_code KRB5_CALLCONV +krb5_random_key(krb5_context context, const krb5_encrypt_block *eblock, + krb5_pointer ptr, krb5_keyblock **keyblock); + +krb5_enctype KRB5_CALLCONV +krb5_eblock_enctype(krb5_context context, const krb5_encrypt_block *eblock); + +krb5_error_code KRB5_CALLCONV +krb5_use_enctype(krb5_context context, krb5_encrypt_block *eblock, + krb5_enctype enctype); + +size_t KRB5_CALLCONV +krb5_encrypt_size(size_t length, krb5_enctype crypto); + +size_t KRB5_CALLCONV +krb5_checksum_size(krb5_context context, krb5_cksumtype ctype); + +krb5_error_code KRB5_CALLCONV +krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype, + krb5_const_pointer in, size_t in_length, + krb5_const_pointer seed, size_t seed_length, + krb5_checksum * outcksum); + +krb5_error_code KRB5_CALLCONV +krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, + const krb5_checksum * cksum, krb5_const_pointer in, + size_t in_length, krb5_const_pointer seed, + size_t seed_length); #endif /* KRB5_OLD_CRYPTO */ @@ -861,138 +821,138 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum /* kdc_options for kdc_request */ /* options is 32 bits; each host is responsible to put the 4 bytes representing these bits into net order before transmission */ -/* #define KDC_OPT_RESERVED 0x80000000 */ -#define KDC_OPT_FORWARDABLE 0x40000000 -#define KDC_OPT_FORWARDED 0x20000000 -#define KDC_OPT_PROXIABLE 0x10000000 -#define KDC_OPT_PROXY 0x08000000 -#define KDC_OPT_ALLOW_POSTDATE 0x04000000 -#define KDC_OPT_POSTDATED 0x02000000 -/* #define KDC_OPT_UNUSED 0x01000000 */ -#define KDC_OPT_RENEWABLE 0x00800000 -/* #define KDC_OPT_UNUSED 0x00400000 */ -/* #define KDC_OPT_RESERVED 0x00200000 */ -/* #define KDC_OPT_RESERVED 0x00100000 */ -/* #define KDC_OPT_RESERVED 0x00080000 */ -/* #define KDC_OPT_RESERVED 0x00040000 */ -#define KDC_OPT_REQUEST_ANONYMOUS 0x00020000 -#define KDC_OPT_CNAME_IN_ADDL_TKT 0x00020000 -#define KDC_OPT_CANONICALIZE 0x00010000 -/* #define KDC_OPT_RESERVED 0x00008000 */ -/* #define KDC_OPT_RESERVED 0x00004000 */ -/* #define KDC_OPT_RESERVED 0x00002000 */ -/* #define KDC_OPT_RESERVED 0x00001000 */ -/* #define KDC_OPT_RESERVED 0x00000800 */ -/* #define KDC_OPT_RESERVED 0x00000400 */ -/* #define KDC_OPT_RESERVED 0x00000200 */ -/* #define KDC_OPT_RESERVED 0x00000100 */ -/* #define KDC_OPT_RESERVED 0x00000080 */ -/* #define KDC_OPT_RESERVED 0x00000040 */ -#define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020 -#define KDC_OPT_RENEWABLE_OK 0x00000010 -#define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008 -/* #define KDC_OPT_UNUSED 0x00000004 */ -#define KDC_OPT_RENEW 0x00000002 -#define KDC_OPT_VALIDATE 0x00000001 +/* #define KDC_OPT_RESERVED 0x80000000 */ +#define KDC_OPT_FORWARDABLE 0x40000000 +#define KDC_OPT_FORWARDED 0x20000000 +#define KDC_OPT_PROXIABLE 0x10000000 +#define KDC_OPT_PROXY 0x08000000 +#define KDC_OPT_ALLOW_POSTDATE 0x04000000 +#define KDC_OPT_POSTDATED 0x02000000 +/* #define KDC_OPT_UNUSED 0x01000000 */ +#define KDC_OPT_RENEWABLE 0x00800000 +/* #define KDC_OPT_UNUSED 0x00400000 */ +/* #define KDC_OPT_RESERVED 0x00200000 */ +/* #define KDC_OPT_RESERVED 0x00100000 */ +/* #define KDC_OPT_RESERVED 0x00080000 */ +/* #define KDC_OPT_RESERVED 0x00040000 */ +#define KDC_OPT_REQUEST_ANONYMOUS 0x00020000 +#define KDC_OPT_CNAME_IN_ADDL_TKT 0x00020000 +#define KDC_OPT_CANONICALIZE 0x00010000 +/* #define KDC_OPT_RESERVED 0x00008000 */ +/* #define KDC_OPT_RESERVED 0x00004000 */ +/* #define KDC_OPT_RESERVED 0x00002000 */ +/* #define KDC_OPT_RESERVED 0x00001000 */ +/* #define KDC_OPT_RESERVED 0x00000800 */ +/* #define KDC_OPT_RESERVED 0x00000400 */ +/* #define KDC_OPT_RESERVED 0x00000200 */ +/* #define KDC_OPT_RESERVED 0x00000100 */ +/* #define KDC_OPT_RESERVED 0x00000080 */ +/* #define KDC_OPT_RESERVED 0x00000040 */ +#define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020 +#define KDC_OPT_RENEWABLE_OK 0x00000010 +#define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008 +/* #define KDC_OPT_UNUSED 0x00000004 */ +#define KDC_OPT_RENEW 0x00000002 +#define KDC_OPT_VALIDATE 0x00000001 /* * Mask of ticket flags in the TGT which should be converted into KDC * options when using the TGT to get derivitive tickets. * * New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE | - * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE + * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE */ -#define KDC_TKT_COMMON_MASK 0x54800000 +#define KDC_TKT_COMMON_MASK 0x54800000 /* definitions for ap_options fields */ /* ap_options are 32 bits; each host is responsible to put the 4 bytes representing these bits into net order before transmission */ -#define AP_OPTS_RESERVED 0x80000000 -#define AP_OPTS_USE_SESSION_KEY 0x40000000 -#define AP_OPTS_MUTUAL_REQUIRED 0x20000000 -/* #define AP_OPTS_RESERVED 0x10000000 */ -/* #define AP_OPTS_RESERVED 0x08000000 */ -/* #define AP_OPTS_RESERVED 0x04000000 */ -/* #define AP_OPTS_RESERVED 0x02000000 */ -/* #define AP_OPTS_RESERVED 0x01000000 */ -/* #define AP_OPTS_RESERVED 0x00800000 */ -/* #define AP_OPTS_RESERVED 0x00400000 */ -/* #define AP_OPTS_RESERVED 0x00200000 */ -/* #define AP_OPTS_RESERVED 0x00100000 */ -/* #define AP_OPTS_RESERVED 0x00080000 */ -/* #define AP_OPTS_RESERVED 0x00040000 */ -/* #define AP_OPTS_RESERVED 0x00020000 */ -/* #define AP_OPTS_RESERVED 0x00010000 */ -/* #define AP_OPTS_RESERVED 0x00008000 */ -/* #define AP_OPTS_RESERVED 0x00004000 */ -/* #define AP_OPTS_RESERVED 0x00002000 */ -/* #define AP_OPTS_RESERVED 0x00001000 */ -/* #define AP_OPTS_RESERVED 0x00000800 */ -/* #define AP_OPTS_RESERVED 0x00000400 */ -/* #define AP_OPTS_RESERVED 0x00000200 */ -/* #define AP_OPTS_RESERVED 0x00000100 */ -/* #define AP_OPTS_RESERVED 0x00000080 */ -/* #define AP_OPTS_RESERVED 0x00000040 */ -/* #define AP_OPTS_RESERVED 0x00000020 */ -/* #define AP_OPTS_RESERVED 0x00000010 */ -/* #define AP_OPTS_RESERVED 0x00000008 */ -/* #define AP_OPTS_RESERVED 0x00000004 */ -#define AP_OPTS_ETYPE_NEGOTIATION 0x00000002 -#define AP_OPTS_USE_SUBKEY 0x00000001 - -#define AP_OPTS_WIRE_MASK 0xfffffff0 +#define AP_OPTS_RESERVED 0x80000000 +#define AP_OPTS_USE_SESSION_KEY 0x40000000 +#define AP_OPTS_MUTUAL_REQUIRED 0x20000000 +/* #define AP_OPTS_RESERVED 0x10000000 */ +/* #define AP_OPTS_RESERVED 0x08000000 */ +/* #define AP_OPTS_RESERVED 0x04000000 */ +/* #define AP_OPTS_RESERVED 0x02000000 */ +/* #define AP_OPTS_RESERVED 0x01000000 */ +/* #define AP_OPTS_RESERVED 0x00800000 */ +/* #define AP_OPTS_RESERVED 0x00400000 */ +/* #define AP_OPTS_RESERVED 0x00200000 */ +/* #define AP_OPTS_RESERVED 0x00100000 */ +/* #define AP_OPTS_RESERVED 0x00080000 */ +/* #define AP_OPTS_RESERVED 0x00040000 */ +/* #define AP_OPTS_RESERVED 0x00020000 */ +/* #define AP_OPTS_RESERVED 0x00010000 */ +/* #define AP_OPTS_RESERVED 0x00008000 */ +/* #define AP_OPTS_RESERVED 0x00004000 */ +/* #define AP_OPTS_RESERVED 0x00002000 */ +/* #define AP_OPTS_RESERVED 0x00001000 */ +/* #define AP_OPTS_RESERVED 0x00000800 */ +/* #define AP_OPTS_RESERVED 0x00000400 */ +/* #define AP_OPTS_RESERVED 0x00000200 */ +/* #define AP_OPTS_RESERVED 0x00000100 */ +/* #define AP_OPTS_RESERVED 0x00000080 */ +/* #define AP_OPTS_RESERVED 0x00000040 */ +/* #define AP_OPTS_RESERVED 0x00000020 */ +/* #define AP_OPTS_RESERVED 0x00000010 */ +/* #define AP_OPTS_RESERVED 0x00000008 */ +/* #define AP_OPTS_RESERVED 0x00000004 */ +#define AP_OPTS_ETYPE_NEGOTIATION 0x00000002 +#define AP_OPTS_USE_SUBKEY 0x00000001 + +#define AP_OPTS_WIRE_MASK 0xfffffff0 /* definitions for ad_type fields. */ -#define AD_TYPE_RESERVED 0x8000 -#define AD_TYPE_EXTERNAL 0x4000 -#define AD_TYPE_REGISTERED 0x2000 +#define AD_TYPE_RESERVED 0x8000 +#define AD_TYPE_EXTERNAL 0x4000 +#define AD_TYPE_REGISTERED 0x2000 -#define AD_TYPE_FIELD_TYPE_MASK 0x1fff +#define AD_TYPE_FIELD_TYPE_MASK 0x1fff /* Ticket flags */ /* flags are 32 bits; each host is responsible to put the 4 bytes representing these bits into net order before transmission */ -/* #define TKT_FLG_RESERVED 0x80000000 */ -#define TKT_FLG_FORWARDABLE 0x40000000 -#define TKT_FLG_FORWARDED 0x20000000 -#define TKT_FLG_PROXIABLE 0x10000000 -#define TKT_FLG_PROXY 0x08000000 -#define TKT_FLG_MAY_POSTDATE 0x04000000 -#define TKT_FLG_POSTDATED 0x02000000 -#define TKT_FLG_INVALID 0x01000000 -#define TKT_FLG_RENEWABLE 0x00800000 -#define TKT_FLG_INITIAL 0x00400000 -#define TKT_FLG_PRE_AUTH 0x00200000 -#define TKT_FLG_HW_AUTH 0x00100000 -#define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000 -#define TKT_FLG_OK_AS_DELEGATE 0x00040000 -#define TKT_FLG_ANONYMOUS 0x00020000 -/* #define TKT_FLG_RESERVED 0x00010000 */ -/* #define TKT_FLG_RESERVED 0x00008000 */ -/* #define TKT_FLG_RESERVED 0x00004000 */ -/* #define TKT_FLG_RESERVED 0x00002000 */ -/* #define TKT_FLG_RESERVED 0x00001000 */ -/* #define TKT_FLG_RESERVED 0x00000800 */ -/* #define TKT_FLG_RESERVED 0x00000400 */ -/* #define TKT_FLG_RESERVED 0x00000200 */ -/* #define TKT_FLG_RESERVED 0x00000100 */ -/* #define TKT_FLG_RESERVED 0x00000080 */ -/* #define TKT_FLG_RESERVED 0x00000040 */ -/* #define TKT_FLG_RESERVED 0x00000020 */ -/* #define TKT_FLG_RESERVED 0x00000010 */ -/* #define TKT_FLG_RESERVED 0x00000008 */ -/* #define TKT_FLG_RESERVED 0x00000004 */ -/* #define TKT_FLG_RESERVED 0x00000002 */ -/* #define TKT_FLG_RESERVED 0x00000001 */ +/* #define TKT_FLG_RESERVED 0x80000000 */ +#define TKT_FLG_FORWARDABLE 0x40000000 +#define TKT_FLG_FORWARDED 0x20000000 +#define TKT_FLG_PROXIABLE 0x10000000 +#define TKT_FLG_PROXY 0x08000000 +#define TKT_FLG_MAY_POSTDATE 0x04000000 +#define TKT_FLG_POSTDATED 0x02000000 +#define TKT_FLG_INVALID 0x01000000 +#define TKT_FLG_RENEWABLE 0x00800000 +#define TKT_FLG_INITIAL 0x00400000 +#define TKT_FLG_PRE_AUTH 0x00200000 +#define TKT_FLG_HW_AUTH 0x00100000 +#define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000 +#define TKT_FLG_OK_AS_DELEGATE 0x00040000 +#define TKT_FLG_ANONYMOUS 0x00020000 +/* #define TKT_FLG_RESERVED 0x00010000 */ +/* #define TKT_FLG_RESERVED 0x00008000 */ +/* #define TKT_FLG_RESERVED 0x00004000 */ +/* #define TKT_FLG_RESERVED 0x00002000 */ +/* #define TKT_FLG_RESERVED 0x00001000 */ +/* #define TKT_FLG_RESERVED 0x00000800 */ +/* #define TKT_FLG_RESERVED 0x00000400 */ +/* #define TKT_FLG_RESERVED 0x00000200 */ +/* #define TKT_FLG_RESERVED 0x00000100 */ +/* #define TKT_FLG_RESERVED 0x00000080 */ +/* #define TKT_FLG_RESERVED 0x00000040 */ +/* #define TKT_FLG_RESERVED 0x00000020 */ +/* #define TKT_FLG_RESERVED 0x00000010 */ +/* #define TKT_FLG_RESERVED 0x00000008 */ +/* #define TKT_FLG_RESERVED 0x00000004 */ +/* #define TKT_FLG_RESERVED 0x00000002 */ +/* #define TKT_FLG_RESERVED 0x00000001 */ /* definitions for lr_type fields. */ -#define LR_TYPE_THIS_SERVER_ONLY 0x8000 +#define LR_TYPE_THIS_SERVER_ONLY 0x8000 -#define LR_TYPE_INTERPRETATION_MASK 0x7fff +#define LR_TYPE_INTERPRETATION_MASK 0x7fff /* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */ -#define MSEC_DIRBIT 0x8000 -#define MSEC_VAL_MASK 0x7fff +#define MSEC_DIRBIT 0x8000 +#define MSEC_VAL_MASK 0x7fff /* * end "fieldbits.h" @@ -1003,111 +963,111 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum */ /* Protocol version number */ -#define KRB5_PVNO 5 +#define KRB5_PVNO 5 /* Message types */ -#define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */ -#define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */ -#define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */ -#define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */ -#define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */ -#define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */ -#define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */ -#define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */ -#define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */ -#define KRB5_ERROR ((krb5_msgtype)30) /* Error response */ +#define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */ +#define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */ +#define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */ +#define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */ +#define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */ +#define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */ +#define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */ +#define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */ +#define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */ +#define KRB5_ERROR ((krb5_msgtype)30) /* Error response */ /* LastReq types */ -#define KRB5_LRQ_NONE 0 -#define KRB5_LRQ_ALL_LAST_TGT 1 -#define KRB5_LRQ_ONE_LAST_TGT (-1) -#define KRB5_LRQ_ALL_LAST_INITIAL 2 -#define KRB5_LRQ_ONE_LAST_INITIAL (-2) -#define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3 -#define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3) -#define KRB5_LRQ_ALL_LAST_RENEWAL 4 -#define KRB5_LRQ_ONE_LAST_RENEWAL (-4) -#define KRB5_LRQ_ALL_LAST_REQ 5 -#define KRB5_LRQ_ONE_LAST_REQ (-5) -#define KRB5_LRQ_ALL_PW_EXPTIME 6 -#define KRB5_LRQ_ONE_PW_EXPTIME (-6) +#define KRB5_LRQ_NONE 0 +#define KRB5_LRQ_ALL_LAST_TGT 1 +#define KRB5_LRQ_ONE_LAST_TGT (-1) +#define KRB5_LRQ_ALL_LAST_INITIAL 2 +#define KRB5_LRQ_ONE_LAST_INITIAL (-2) +#define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3 +#define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3) +#define KRB5_LRQ_ALL_LAST_RENEWAL 4 +#define KRB5_LRQ_ONE_LAST_RENEWAL (-4) +#define KRB5_LRQ_ALL_LAST_REQ 5 +#define KRB5_LRQ_ONE_LAST_REQ (-5) +#define KRB5_LRQ_ALL_PW_EXPTIME 6 +#define KRB5_LRQ_ONE_PW_EXPTIME (-6) /* PADATA types */ -#define KRB5_PADATA_NONE 0 -#define KRB5_PADATA_AP_REQ 1 -#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ -#define KRB5_PADATA_ENC_TIMESTAMP 2 -#define KRB5_PADATA_PW_SALT 3 -#if 0 /* Not used */ -#define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */ +#define KRB5_PADATA_NONE 0 +#define KRB5_PADATA_AP_REQ 1 +#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ +#define KRB5_PADATA_ENC_TIMESTAMP 2 +#define KRB5_PADATA_PW_SALT 3 +#if 0 /* Not used */ +#define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */ #endif -#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */ -#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */ -#define KRB5_PADATA_SESAME 7 /* Sesame project */ -#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */ -#define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */ -#define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */ -#define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */ -#define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */ -#define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */ -#define KRB5_PADATA_PK_AS_REQ_OLD 14 /* PKINIT */ -#define KRB5_PADATA_PK_AS_REP_OLD 15 /* PKINIT */ -#define KRB5_PADATA_PK_AS_REQ 16 /* PKINIT */ -#define KRB5_PADATA_PK_AS_REP 17 /* PKINIT */ -#define KRB5_PADATA_ETYPE_INFO2 19 -#define KRB5_PADATA_USE_SPECIFIED_KVNO 20 -#define KRB5_PADATA_SVR_REFERRAL_INFO 20 /* Windows 2000 referrals */ -#define KRB5_PADATA_SAM_REDIRECT 21 -#define KRB5_PADATA_GET_FROM_TYPED_DATA 22 -#define KRB5_PADATA_REFERRAL 25 /* draft referral system */ -#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */ -#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */ -#define KRB5_PADATA_PAC_REQUEST 128 /* include Windows PAC */ -#define KRB5_PADATA_FOR_USER 129 /* username protocol transition request */ -#define KRB5_PADATA_S4U_X509_USER 130 /* certificate protocol transition request */ +#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */ +#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */ +#define KRB5_PADATA_SESAME 7 /* Sesame project */ +#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */ +#define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */ +#define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */ +#define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */ +#define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */ +#define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */ +#define KRB5_PADATA_PK_AS_REQ_OLD 14 /* PKINIT */ +#define KRB5_PADATA_PK_AS_REP_OLD 15 /* PKINIT */ +#define KRB5_PADATA_PK_AS_REQ 16 /* PKINIT */ +#define KRB5_PADATA_PK_AS_REP 17 /* PKINIT */ +#define KRB5_PADATA_ETYPE_INFO2 19 +#define KRB5_PADATA_USE_SPECIFIED_KVNO 20 +#define KRB5_PADATA_SVR_REFERRAL_INFO 20 /* Windows 2000 referrals */ +#define KRB5_PADATA_SAM_REDIRECT 21 +#define KRB5_PADATA_GET_FROM_TYPED_DATA 22 +#define KRB5_PADATA_REFERRAL 25 /* draft referral system */ +#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */ +#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */ +#define KRB5_PADATA_PAC_REQUEST 128 /* include Windows PAC */ +#define KRB5_PADATA_FOR_USER 129 /* username protocol transition request */ +#define KRB5_PADATA_S4U_X509_USER 130 /* certificate protocol transition request */ #define KRB5_PADATA_FX_COOKIE 133 #define KRB5_PADATA_FX_FAST 136 #define KRB5_PADATA_FX_ERROR 137 #define KRB5_PADATA_ENCRYPTED_CHALLENGE 138 -#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 -#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 -#define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */ +#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 +#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 +#define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */ /* Reserved for SPX pre-authentication. */ -#define KRB5_PADATA_DASS 16 +#define KRB5_PADATA_DASS 16 /* Transited encoding types */ -#define KRB5_DOMAIN_X500_COMPRESS 1 +#define KRB5_DOMAIN_X500_COMPRESS 1 /* alternate authentication types */ -#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64 +#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64 /* authorization data types */ #define KRB5_AUTHDATA_IF_RELEVANT 1 #define KRB5_AUTHDATA_KDC_ISSUED 4 -#define KRB5_AUTHDATA_AND_OR 5 -#define KRB5_AUTHDATA_MANDATORY_FOR_KDC 8 -#define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS 9 -#define KRB5_AUTHDATA_OSF_DCE 64 -#define KRB5_AUTHDATA_SESAME 65 -#define KRB5_AUTHDATA_WIN2K_PAC 128 -#define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */ -#define KRB5_AUTHDATA_SIGNTICKET 142 +#define KRB5_AUTHDATA_AND_OR 5 +#define KRB5_AUTHDATA_MANDATORY_FOR_KDC 8 +#define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS 9 +#define KRB5_AUTHDATA_OSF_DCE 64 +#define KRB5_AUTHDATA_SESAME 65 +#define KRB5_AUTHDATA_WIN2K_PAC 128 +#define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */ +#define KRB5_AUTHDATA_SIGNTICKET 142 #define KRB5_AUTHDATA_FX_ARMOR 71 /* password change constants */ -#define KRB5_KPASSWD_SUCCESS 0 -#define KRB5_KPASSWD_MALFORMED 1 -#define KRB5_KPASSWD_HARDERROR 2 -#define KRB5_KPASSWD_AUTHERROR 3 -#define KRB5_KPASSWD_SOFTERROR 4 +#define KRB5_KPASSWD_SUCCESS 0 +#define KRB5_KPASSWD_MALFORMED 1 +#define KRB5_KPASSWD_HARDERROR 2 +#define KRB5_KPASSWD_AUTHERROR 3 +#define KRB5_KPASSWD_SOFTERROR 4 /* These are Microsoft's extensions in RFC 3244, and it looks like they'll become standardized, possibly with other additions. */ -#define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */ -#define KRB5_KPASSWD_BAD_VERSION 6 -#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */ +#define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */ +#define KRB5_KPASSWD_BAD_VERSION 6 +#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */ /* * end "proto.h" @@ -1116,9 +1076,9 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum /* Time set */ typedef struct _krb5_ticket_times { krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime - in ticket? otherwise client can't get this */ - krb5_timestamp starttime; /* optional in ticket, if not present, - use authtime */ + in ticket? otherwise client can't get this */ + krb5_timestamp starttime; /* optional in ticket, if not present, + use authtime */ krb5_timestamp endtime; krb5_timestamp renew_till; } krb5_ticket_times; @@ -1141,34 +1101,34 @@ typedef struct _krb5_transited { typedef struct _krb5_enc_tkt_part { krb5_magic magic; /* to-be-encrypted portion */ - krb5_flags flags; /* flags */ - krb5_keyblock *session; /* session key: includes enctype */ - krb5_principal client; /* client name/realm */ - krb5_transited transited; /* list of transited realms */ - krb5_ticket_times times; /* auth, start, end, renew_till */ - krb5_address **caddrs; /* array of ptrs to addresses */ + krb5_flags flags; /* flags */ + krb5_keyblock *session; /* session key: includes enctype */ + krb5_principal client; /* client name/realm */ + krb5_transited transited; /* list of transited realms */ + krb5_ticket_times times; /* auth, start, end, renew_till */ + krb5_address **caddrs; /* array of ptrs to addresses */ krb5_authdata **authorization_data; /* auth data */ } krb5_enc_tkt_part; typedef struct _krb5_ticket { krb5_magic magic; /* cleartext portion */ - krb5_principal server; /* server name/realm */ - krb5_enc_data enc_part; /* encryption type, kvno, encrypted - encoding */ - krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if - available */ + krb5_principal server; /* server name/realm */ + krb5_enc_data enc_part; /* encryption type, kvno, encrypted + encoding */ + krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if + available */ } krb5_ticket; /* the unencrypted version */ typedef struct _krb5_authenticator { krb5_magic magic; - krb5_principal client; /* client name/realm */ - krb5_checksum *checksum; /* checksum, includes type, optional */ - krb5_int32 cusec; /* client usec portion */ - krb5_timestamp ctime; /* client sec portion */ - krb5_keyblock *subkey; /* true session key, optional */ - krb5_ui_4 seq_number; /* sequence #, optional */ + krb5_principal client; /* client name/realm */ + krb5_checksum *checksum; /* checksum, includes type, optional */ + krb5_int32 cusec; /* client usec portion */ + krb5_timestamp ctime; /* client sec portion */ + krb5_keyblock *subkey; /* true session key, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ krb5_authdata **authorization_data; /* New add by Ari, auth data */ } krb5_authenticator; @@ -1179,22 +1139,22 @@ typedef struct _krb5_tkt_authent { krb5_flags ap_options; } krb5_tkt_authent; -/* credentials: Ticket, session key, etc. */ +/* credentials: Ticket, session key, etc. */ typedef struct _krb5_creds { krb5_magic magic; - krb5_principal client; /* client's principal identifier */ - krb5_principal server; /* server's principal identifier */ - krb5_keyblock keyblock; /* session encryption key info */ - krb5_ticket_times times; /* lifetime info */ - krb5_boolean is_skey; /* true if ticket is encrypted in - another ticket's skey */ - krb5_flags ticket_flags; /* flags in ticket */ - krb5_address **addresses; /* addrs in ticket */ - krb5_data ticket; /* ticket string itself */ - krb5_data second_ticket; /* second ticket, if related to - ticket (via DUPLICATE-SKEY or - ENC-TKT-IN-SKEY) */ - krb5_authdata **authdata; /* authorization data */ + krb5_principal client; /* client's principal identifier */ + krb5_principal server; /* server's principal identifier */ + krb5_keyblock keyblock; /* session encryption key info */ + krb5_ticket_times times; /* lifetime info */ + krb5_boolean is_skey; /* true if ticket is encrypted in + another ticket's skey */ + krb5_flags ticket_flags; /* flags in ticket */ + krb5_address **addresses; /* addrs in ticket */ + krb5_data ticket; /* ticket string itself */ + krb5_data second_ticket; /* second ticket, if related to + ticket (via DUPLICATE-SKEY or + ENC-TKT-IN-SKEY) */ + krb5_authdata **authdata; /* authorization data */ } krb5_creds; /* Last request fields */ @@ -1214,23 +1174,23 @@ typedef struct _krb5_pa_data { typedef struct _krb5_kdc_req { krb5_magic magic; - krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */ - krb5_pa_data **padata; /* e.g. encoded AP_REQ */ + krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */ + krb5_pa_data **padata; /* e.g. encoded AP_REQ */ /* real body */ - krb5_flags kdc_options; /* requested options */ - krb5_principal client; /* includes realm; optional */ - krb5_principal server; /* includes realm (only used if no - client) */ - krb5_timestamp from; /* requested starttime */ - krb5_timestamp till; /* requested endtime */ - krb5_timestamp rtime; /* (optional) requested renew_till */ - krb5_int32 nonce; /* nonce to match request/response */ - int nktypes; /* # of ktypes, must be positive */ - krb5_enctype *ktype; /* requested enctype(s) */ - krb5_address **addresses; /* requested addresses, optional */ - krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */ + krb5_flags kdc_options; /* requested options */ + krb5_principal client; /* includes realm; optional */ + krb5_principal server; /* includes realm (only used if no + client) */ + krb5_timestamp from; /* requested starttime */ + krb5_timestamp till; /* requested endtime */ + krb5_timestamp rtime; /* (optional) requested renew_till */ + krb5_int32 nonce; /* nonce to match request/response */ + int nktypes; /* # of ktypes, must be positive */ + krb5_enctype *ktype; /* requested enctype(s) */ + krb5_address **addresses; /* requested addresses, optional */ + krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */ krb5_authdata **unenc_authdata; /* unencrypted auth data, - if available */ + if available */ krb5_ticket **second_ticket;/* second ticket array; OPTIONAL */ /* the following field is added in March 2009; it is a hack so * that FAST state can be carried to pre-authentication plugins. @@ -1244,28 +1204,28 @@ typedef struct _krb5_kdc_req { typedef struct _krb5_enc_kdc_rep_part { krb5_magic magic; /* encrypted part: */ - krb5_msgtype msg_type; /* krb5 message type */ - krb5_keyblock *session; /* session key */ + krb5_msgtype msg_type; /* krb5 message type */ + krb5_keyblock *session; /* session key */ krb5_last_req_entry **last_req; /* array of ptrs to entries */ - krb5_int32 nonce; /* nonce from request */ - krb5_timestamp key_exp; /* expiration date */ - krb5_flags flags; /* ticket flags */ - krb5_ticket_times times; /* lifetime info */ - krb5_principal server; /* server's principal identifier */ - krb5_address **caddrs; /* array of ptrs to addresses, - optional */ - krb5_pa_data **enc_padata; /* Windows 2000 compat */ + krb5_int32 nonce; /* nonce from request */ + krb5_timestamp key_exp; /* expiration date */ + krb5_flags flags; /* ticket flags */ + krb5_ticket_times times; /* lifetime info */ + krb5_principal server; /* server's principal identifier */ + krb5_address **caddrs; /* array of ptrs to addresses, + optional */ + krb5_pa_data **enc_padata; /* Windows 2000 compat */ } krb5_enc_kdc_rep_part; typedef struct _krb5_kdc_rep { krb5_magic magic; /* cleartext part: */ - krb5_msgtype msg_type; /* AS_REP or KDC_REP? */ - krb5_pa_data **padata; /* preauthentication data from KDC */ - krb5_principal client; /* client's principal identifier */ - krb5_ticket *ticket; /* ticket */ - krb5_enc_data enc_part; /* encryption type, kvno, encrypted - encoding */ + krb5_msgtype msg_type; /* AS_REP or KDC_REP? */ + krb5_pa_data **padata; /* preauthentication data from KDC */ + krb5_principal client; /* client's principal identifier */ + krb5_ticket *ticket; /* ticket */ + krb5_enc_data enc_part; /* encryption type, kvno, encrypted + encoding */ krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */ } krb5_kdc_rep; @@ -1273,23 +1233,23 @@ typedef struct _krb5_kdc_rep { typedef struct _krb5_error { krb5_magic magic; /* some of these may be meaningless in certain contexts */ - krb5_timestamp ctime; /* client sec portion; optional */ - krb5_int32 cusec; /* client usec portion; optional */ - krb5_int32 susec; /* server usec portion */ - krb5_timestamp stime; /* server sec portion */ - krb5_ui_4 error; /* error code (protocol error #'s) */ - krb5_principal client; /* client's principal identifier; - optional */ - krb5_principal server; /* server's principal identifier */ - krb5_data text; /* descriptive text */ - krb5_data e_data; /* additional error-describing data */ + krb5_timestamp ctime; /* client sec portion; optional */ + krb5_int32 cusec; /* client usec portion; optional */ + krb5_int32 susec; /* server usec portion */ + krb5_timestamp stime; /* server sec portion */ + krb5_ui_4 error; /* error code (protocol error #'s) */ + krb5_principal client; /* client's principal identifier; + optional */ + krb5_principal server; /* server's principal identifier */ + krb5_data text; /* descriptive text */ + krb5_data e_data; /* additional error-describing data */ } krb5_error; typedef struct _krb5_ap_req { krb5_magic magic; - krb5_flags ap_options; /* requested options */ - krb5_ticket *ticket; /* ticket */ - krb5_enc_data authenticator; /* authenticator (already encrypted) */ + krb5_flags ap_options; /* requested options */ + krb5_ticket *ticket; /* ticket */ + krb5_enc_data authenticator; /* authenticator (already encrypted) */ } krb5_ap_req; typedef struct _krb5_ap_rep { @@ -1299,47 +1259,47 @@ typedef struct _krb5_ap_rep { typedef struct _krb5_ap_rep_enc_part { krb5_magic magic; - krb5_timestamp ctime; /* client time, seconds portion */ - krb5_int32 cusec; /* client time, microseconds portion */ - krb5_keyblock *subkey; /* true session key, optional */ - krb5_ui_4 seq_number; /* sequence #, optional */ + krb5_timestamp ctime; /* client time, seconds portion */ + krb5_int32 cusec; /* client time, microseconds portion */ + krb5_keyblock *subkey; /* true session key, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ } krb5_ap_rep_enc_part; typedef struct _krb5_response { krb5_magic magic; krb5_octet message_type; krb5_data response; - krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */ + krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */ krb5_timestamp request_time; /* When we made the request */ } krb5_response; typedef struct _krb5_cred_info { krb5_magic magic; - krb5_keyblock *session; /* session key used to encrypt */ - /* ticket */ - krb5_principal client; /* client name/realm, optional */ - krb5_principal server; /* server name/realm, optional */ - krb5_flags flags; /* ticket flags, optional */ - krb5_ticket_times times; /* auth, start, end, renew_till, */ - /* optional */ - krb5_address **caddrs; /* array of ptrs to addresses */ + krb5_keyblock *session; /* session key used to encrypt */ + /* ticket */ + krb5_principal client; /* client name/realm, optional */ + krb5_principal server; /* server name/realm, optional */ + krb5_flags flags; /* ticket flags, optional */ + krb5_ticket_times times; /* auth, start, end, renew_till, */ + /* optional */ + krb5_address **caddrs; /* array of ptrs to addresses */ } krb5_cred_info; typedef struct _krb5_cred_enc_part { krb5_magic magic; - krb5_int32 nonce; /* nonce, optional */ - krb5_timestamp timestamp; /* client time */ - krb5_int32 usec; /* microsecond portion of time */ - krb5_address *s_address; /* sender address, optional */ - krb5_address *r_address; /* recipient address, optional */ + krb5_int32 nonce; /* nonce, optional */ + krb5_timestamp timestamp; /* client time */ + krb5_int32 usec; /* microsecond portion of time */ + krb5_address *s_address; /* sender address, optional */ + krb5_address *r_address; /* recipient address, optional */ krb5_cred_info **ticket_info; } krb5_cred_enc_part; typedef struct _krb5_cred { krb5_magic magic; - krb5_ticket **tickets; /* tickets */ - krb5_enc_data enc_part; /* encrypted part */ - krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/ + krb5_ticket **tickets; /* tickets */ + krb5_enc_data enc_part; /* encrypted part */ + krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/ } krb5_cred; /* Sandia password generation structures */ @@ -1382,31 +1342,31 @@ typedef struct _krb5_pa_pac_req { * begin "safepriv.h" */ -#define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001 -#define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002 -#define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004 -#define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008 -#define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010 -#define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020 +#define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001 +#define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002 +#define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004 +#define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008 +#define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010 +#define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020 typedef struct krb5_replay_data { - krb5_timestamp timestamp; - krb5_int32 usec; - krb5_ui_4 seq; + krb5_timestamp timestamp; + krb5_int32 usec; + krb5_ui_4 seq; } krb5_replay_data; /* flags for krb5_auth_con_genaddrs() */ -#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001 -#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002 -#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004 -#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008 +#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001 +#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002 +#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004 +#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008 /* type of function used as a callback to generate checksum data for * mk_req */ typedef krb5_error_code (KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *, - krb5_data **); + krb5_data **); /* * end "safepriv.h" @@ -1417,7 +1377,7 @@ typedef krb5_error_code * begin "ccache.h" */ -typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ +typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ struct _krb5_ccache; typedef struct _krb5_ccache *krb5_ccache; @@ -1431,99 +1391,93 @@ struct _krb5_cccol_cursor; typedef struct _krb5_cccol_cursor *krb5_cccol_cursor; /* for retrieve_cred */ -#define KRB5_TC_MATCH_TIMES 0x00000001 -#define KRB5_TC_MATCH_IS_SKEY 0x00000002 -#define KRB5_TC_MATCH_FLAGS 0x00000004 -#define KRB5_TC_MATCH_TIMES_EXACT 0x00000008 -#define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010 -#define KRB5_TC_MATCH_AUTHDATA 0x00000020 -#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040 -#define KRB5_TC_MATCH_2ND_TKT 0x00000080 -#define KRB5_TC_MATCH_KTYPE 0x00000100 -#define KRB5_TC_SUPPORTED_KTYPES 0x00000200 +#define KRB5_TC_MATCH_TIMES 0x00000001 +#define KRB5_TC_MATCH_IS_SKEY 0x00000002 +#define KRB5_TC_MATCH_FLAGS 0x00000004 +#define KRB5_TC_MATCH_TIMES_EXACT 0x00000008 +#define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010 +#define KRB5_TC_MATCH_AUTHDATA 0x00000020 +#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040 +#define KRB5_TC_MATCH_2ND_TKT 0x00000080 +#define KRB5_TC_MATCH_KTYPE 0x00000100 +#define KRB5_TC_SUPPORTED_KTYPES 0x00000200 /* for set_flags and other functions */ -#define KRB5_TC_OPENCLOSE 0x00000001 +#define KRB5_TC_OPENCLOSE 0x00000001 #define KRB5_TC_NOTICKET 0x00000002 const char * KRB5_CALLCONV -krb5_cc_get_name (krb5_context context, krb5_ccache cache); +krb5_cc_get_name(krb5_context context, krb5_ccache cache); krb5_error_code KRB5_CALLCONV krb5_cc_gen_new (krb5_context context, krb5_ccache *cache); krb5_error_code KRB5_CALLCONV krb5_cc_initialize(krb5_context context, krb5_ccache cache, - krb5_principal principal); + krb5_principal principal); krb5_error_code KRB5_CALLCONV -krb5_cc_destroy (krb5_context context, krb5_ccache cache); +krb5_cc_destroy(krb5_context context, krb5_ccache cache); krb5_error_code KRB5_CALLCONV -krb5_cc_close (krb5_context context, krb5_ccache cache); +krb5_cc_close(krb5_context context, krb5_ccache cache); krb5_error_code KRB5_CALLCONV -krb5_cc_store_cred (krb5_context context, krb5_ccache cache, - krb5_creds *creds); +krb5_cc_store_cred(krb5_context context, krb5_ccache cache, krb5_creds *creds); krb5_error_code KRB5_CALLCONV -krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache, - krb5_flags flags, krb5_creds *mcreds, - krb5_creds *creds); +krb5_cc_retrieve_cred(krb5_context context, krb5_ccache cache, + krb5_flags flags, krb5_creds *mcreds, + krb5_creds *creds); krb5_error_code KRB5_CALLCONV -krb5_cc_get_principal (krb5_context context, krb5_ccache cache, - krb5_principal *principal); +krb5_cc_get_principal(krb5_context context, krb5_ccache cache, + krb5_principal *principal); krb5_error_code KRB5_CALLCONV -krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor); +krb5_cc_start_seq_get(krb5_context context, krb5_ccache cache, + krb5_cc_cursor *cursor); krb5_error_code KRB5_CALLCONV -krb5_cc_next_cred (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor, krb5_creds *creds); +krb5_cc_next_cred(krb5_context context, krb5_ccache cache, + krb5_cc_cursor *cursor, krb5_creds *creds); krb5_error_code KRB5_CALLCONV -krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor); +krb5_cc_end_seq_get(krb5_context context, krb5_ccache cache, + krb5_cc_cursor *cursor); krb5_error_code KRB5_CALLCONV -krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags, - krb5_creds *creds); +krb5_cc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, + krb5_creds *creds); krb5_error_code KRB5_CALLCONV -krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags); +krb5_cc_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags); krb5_error_code KRB5_CALLCONV -krb5_cc_get_flags (krb5_context context, krb5_ccache cache, krb5_flags *flags); +krb5_cc_get_flags(krb5_context context, krb5_ccache cache, krb5_flags *flags); const char * KRB5_CALLCONV -krb5_cc_get_type (krb5_context context, krb5_ccache cache); +krb5_cc_get_type(krb5_context context, krb5_ccache cache); krb5_error_code KRB5_CALLCONV -krb5_cc_move (krb5_context context, krb5_ccache src, krb5_ccache dst); +krb5_cc_move(krb5_context context, krb5_ccache src, krb5_ccache dst); krb5_error_code KRB5_CALLCONV -krb5_cc_last_change_time ( - krb5_context context, - krb5_ccache ccache, - krb5_timestamp *change_time); +krb5_cc_last_change_time(krb5_context context, krb5_ccache ccache, + krb5_timestamp *change_time); krb5_error_code KRB5_CALLCONV -krb5_cc_lock (krb5_context context, krb5_ccache ccache); +krb5_cc_lock(krb5_context context, krb5_ccache ccache); krb5_error_code KRB5_CALLCONV -krb5_cc_unlock (krb5_context context, krb5_ccache ccache); - +krb5_cc_unlock(krb5_context context, krb5_ccache ccache); krb5_error_code KRB5_CALLCONV krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor); krb5_error_code KRB5_CALLCONV -krb5_cccol_cursor_next( - krb5_context context, - krb5_cccol_cursor cursor, - krb5_ccache *ccache); +krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, + krb5_ccache *ccache); krb5_error_code KRB5_CALLCONV krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor); @@ -1538,11 +1492,8 @@ krb5_error_code KRB5_CALLCONV krb5_cccol_unlock(krb5_context context); krb5_error_code KRB5_CALLCONV -krb5_cc_new_unique( - krb5_context context, - const char *type, - const char *hint, - krb5_ccache *id); +krb5_cc_new_unique(krb5_context context, const char *type, const char *hint, + krb5_ccache *id); /* * end "ccache.h" @@ -1567,39 +1518,45 @@ typedef struct krb5_rc_st *krb5_rcache; /* XXX */ #define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */ -typedef krb5_pointer krb5_kt_cursor; /* XXX */ +typedef krb5_pointer krb5_kt_cursor; /* XXX */ typedef struct krb5_keytab_entry_st { krb5_magic magic; - krb5_principal principal; /* principal of this key */ - krb5_timestamp timestamp; /* time entry written to keytable */ - krb5_kvno vno; /* key version number */ - krb5_keyblock key; /* the secret key */ + krb5_principal principal; /* principal of this key */ + krb5_timestamp timestamp; /* time entry written to keytable */ + krb5_kvno vno; /* key version number */ + krb5_keyblock key; /* the secret key */ } krb5_keytab_entry; struct _krb5_kt; typedef struct _krb5_kt *krb5_keytab; const char * KRB5_CALLCONV -krb5_kt_get_type (krb5_context, krb5_keytab keytab); +krb5_kt_get_type(krb5_context, krb5_keytab keytab); + krb5_error_code KRB5_CALLCONV krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, - unsigned int namelen); + unsigned int namelen); + krb5_error_code KRB5_CALLCONV krb5_kt_close(krb5_context context, krb5_keytab keytab); + krb5_error_code KRB5_CALLCONV krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, - krb5_const_principal principal, krb5_kvno vno, - krb5_enctype enctype, krb5_keytab_entry *entry); + krb5_const_principal principal, krb5_kvno vno, + krb5_enctype enctype, krb5_keytab_entry *entry); + krb5_error_code KRB5_CALLCONV krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, - krb5_kt_cursor *cursor); + krb5_kt_cursor *cursor); + krb5_error_code KRB5_CALLCONV krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, - krb5_keytab_entry *entry, krb5_kt_cursor *cursor); + krb5_keytab_entry *entry, krb5_kt_cursor *cursor); + krb5_error_code KRB5_CALLCONV krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, - krb5_kt_cursor *cursor); + krb5_kt_cursor *cursor); /* * end "keytab.h" @@ -1609,675 +1566,493 @@ krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, * begin "func-proto.h" */ -krb5_error_code KRB5_CALLCONV krb5_init_context - (krb5_context *); -krb5_error_code KRB5_CALLCONV krb5_init_secure_context - (krb5_context *); -void KRB5_CALLCONV krb5_free_context - (krb5_context); -krb5_error_code KRB5_CALLCONV krb5_copy_context - (krb5_context, krb5_context *); +krb5_error_code KRB5_CALLCONV krb5_init_context(krb5_context *); +krb5_error_code KRB5_CALLCONV krb5_init_secure_context(krb5_context *); +void KRB5_CALLCONV krb5_free_context(krb5_context); +krb5_error_code KRB5_CALLCONV krb5_copy_context(krb5_context, krb5_context *); krb5_error_code KRB5_CALLCONV -krb5_set_default_tgs_enctypes - (krb5_context, - const krb5_enctype *); +krb5_set_default_tgs_enctypes(krb5_context, const krb5_enctype *); -krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes - (krb5_context, krb5_enctype **); +krb5_error_code KRB5_CALLCONV +krb5_get_permitted_enctypes(krb5_context, krb5_enctype **); krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void); /* libkrb.spec */ krb5_error_code KRB5_CALLCONV -krb5_server_decrypt_ticket_keytab - (krb5_context context, - const krb5_keytab kt, - krb5_ticket *ticket); - -void KRB5_CALLCONV krb5_free_tgt_creds - (krb5_context, - krb5_creds **); /* XXX too hard to do with const */ - -#define KRB5_GC_USER_USER 1 /* want user-user ticket */ -#define KRB5_GC_CACHED 2 /* want cached ticket only */ -#define KRB5_GC_CANONICALIZE 4 /* set canonicalize KDC option */ -#define KRB5_GC_NO_STORE 8 /* do not store in credentials cache */ -#define KRB5_GC_FORWARDABLE 16 /* acquire forwardable tickets */ -#define KRB5_GC_NO_TRANSIT_CHECK 32 /* disable transited check */ -#define KRB5_GC_CONSTRAINED_DELEGATION 64 /* constrained delegation */ - -krb5_error_code KRB5_CALLCONV krb5_get_credentials - (krb5_context, - krb5_flags, - krb5_ccache, - krb5_creds *, - krb5_creds **); -krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate - (krb5_context, - krb5_flags, - krb5_ccache, - krb5_creds *, - krb5_creds **); -krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew - (krb5_context, - krb5_flags, - krb5_ccache, - krb5_creds *, - krb5_creds **); -krb5_error_code KRB5_CALLCONV krb5_mk_req - (krb5_context, - krb5_auth_context *, - krb5_flags, - char *, - char *, - krb5_data *, - krb5_ccache, - krb5_data * ); -krb5_error_code KRB5_CALLCONV krb5_mk_req_extended - (krb5_context, - krb5_auth_context *, - krb5_flags, - krb5_data *, - krb5_creds *, - krb5_data * ); -krb5_error_code KRB5_CALLCONV krb5_mk_rep - (krb5_context, - krb5_auth_context, - krb5_data *); -krb5_error_code KRB5_CALLCONV krb5_mk_rep_dce - (krb5_context, - krb5_auth_context, - krb5_data *); -krb5_error_code KRB5_CALLCONV krb5_rd_rep - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_ap_rep_enc_part **); -krb5_error_code KRB5_CALLCONV krb5_rd_rep_dce - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_ui_4 *); -krb5_error_code KRB5_CALLCONV krb5_mk_error - (krb5_context, - const krb5_error *, - krb5_data * ); -krb5_error_code KRB5_CALLCONV krb5_rd_error - (krb5_context, - const krb5_data *, - krb5_error ** ); -krb5_error_code KRB5_CALLCONV krb5_rd_safe - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); -krb5_error_code KRB5_CALLCONV krb5_rd_priv - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); -krb5_error_code KRB5_CALLCONV krb5_parse_name - (krb5_context, - const char *, - krb5_principal * ); -#define KRB5_PRINCIPAL_PARSE_NO_REALM 0x1 -#define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM 0x2 -#define KRB5_PRINCIPAL_PARSE_ENTERPRISE 0x4 -krb5_error_code KRB5_CALLCONV krb5_parse_name_flags - (krb5_context, - const char *, - int, - krb5_principal * ); -krb5_error_code KRB5_CALLCONV krb5_unparse_name - (krb5_context, - krb5_const_principal, - char ** ); -krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext - (krb5_context, - krb5_const_principal, - char **, - unsigned int *); -#define KRB5_PRINCIPAL_UNPARSE_SHORT 0x1 -#define KRB5_PRINCIPAL_UNPARSE_NO_REALM 0x2 -#define KRB5_PRINCIPAL_UNPARSE_DISPLAY 0x4 -krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags - (krb5_context, - krb5_const_principal, - int, - char **); -krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags_ext - (krb5_context, - krb5_const_principal, - int, - char **, - unsigned int *); - -krb5_error_code KRB5_CALLCONV krb5_set_principal_realm - (krb5_context, krb5_principal, const char *); - -krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search - (krb5_context, - const krb5_address *, - krb5_address * const *); -krb5_boolean KRB5_CALLCONV krb5_address_compare - (krb5_context, - const krb5_address *, - const krb5_address *); -int KRB5_CALLCONV krb5_address_order - (krb5_context, - const krb5_address *, - const krb5_address *); -krb5_boolean KRB5_CALLCONV krb5_realm_compare - (krb5_context, - krb5_const_principal, - krb5_const_principal); -krb5_boolean KRB5_CALLCONV krb5_principal_compare - (krb5_context, - krb5_const_principal, - krb5_const_principal); -krb5_boolean KRB5_CALLCONV krb5_principal_compare_any_realm - (krb5_context, - krb5_const_principal, - krb5_const_principal); -#define KRB5_PRINCIPAL_COMPARE_IGNORE_REALM 1 -#define KRB5_PRINCIPAL_COMPARE_ENTERPRISE 2 /* compare UPNs as real principals */ -#define KRB5_PRINCIPAL_COMPARE_CASEFOLD 4 /* case-insensitive comparison */ -#define KRB5_PRINCIPAL_COMPARE_UTF8 8 /* treat principals as UTF-8 */ - -krb5_boolean KRB5_CALLCONV krb5_principal_compare_flags - (krb5_context, - krb5_const_principal, - krb5_const_principal, - int); -krb5_error_code KRB5_CALLCONV krb5_init_keyblock - (krb5_context, krb5_enctype enctype, - size_t length, krb5_keyblock **out); - /* Initialize a new keyblock and allocate storage - * for the contents of the key, which will be freed along - * with the keyblock when krb5_free_keyblock is called. - * It is legal to pass in a length of 0, in which - * case contents are left unallocated. - */ -krb5_error_code KRB5_CALLCONV krb5_copy_keyblock - (krb5_context, - const krb5_keyblock *, - krb5_keyblock **); -krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents - (krb5_context, - const krb5_keyblock *, - krb5_keyblock *); -krb5_error_code KRB5_CALLCONV krb5_copy_creds - (krb5_context, - const krb5_creds *, - krb5_creds **); -krb5_error_code KRB5_CALLCONV krb5_copy_data - (krb5_context, - const krb5_data *, - krb5_data **); -krb5_error_code KRB5_CALLCONV krb5_copy_principal - (krb5_context, - krb5_const_principal, - krb5_principal *); -krb5_error_code KRB5_CALLCONV krb5_copy_addresses - (krb5_context, - krb5_address * const *, - krb5_address ***); -krb5_error_code KRB5_CALLCONV krb5_copy_ticket - (krb5_context, - const krb5_ticket *, - krb5_ticket **); -krb5_error_code KRB5_CALLCONV krb5_copy_authdata - (krb5_context, - krb5_authdata * const *, - krb5_authdata ***); -krb5_error_code KRB5_CALLCONV krb5_merge_authdata - (krb5_context, - krb5_authdata * const *, - krb5_authdata *const *, - krb5_authdata ***); +krb5_server_decrypt_ticket_keytab(krb5_context context, const krb5_keytab kt, + krb5_ticket *ticket); + +void KRB5_CALLCONV krb5_free_tgt_creds(krb5_context, krb5_creds **); + +#define KRB5_GC_USER_USER 1 /* want user-user ticket */ +#define KRB5_GC_CACHED 2 /* want cached ticket only */ +#define KRB5_GC_CANONICALIZE 4 /* set canonicalize KDC option */ +#define KRB5_GC_NO_STORE 8 /* do not store in credentials cache */ +#define KRB5_GC_FORWARDABLE 16 /* acquire forwardable tickets */ +#define KRB5_GC_NO_TRANSIT_CHECK 32 /* disable transited check */ +#define KRB5_GC_CONSTRAINED_DELEGATION 64 /* constrained delegation */ + +krb5_error_code KRB5_CALLCONV +krb5_get_credentials(krb5_context, krb5_flags, krb5_ccache, krb5_creds *, + krb5_creds **); + +krb5_error_code KRB5_CALLCONV +krb5_get_credentials_validate(krb5_context, krb5_flags, krb5_ccache, + krb5_creds *, krb5_creds **); + +krb5_error_code KRB5_CALLCONV +krb5_get_credentials_renew(krb5_context, krb5_flags, krb5_ccache, krb5_creds *, + krb5_creds **); + +krb5_error_code KRB5_CALLCONV +krb5_mk_req(krb5_context, krb5_auth_context *, krb5_flags, char *, char *, + krb5_data *, krb5_ccache, krb5_data *); + +krb5_error_code KRB5_CALLCONV +krb5_mk_req_extended(krb5_context, krb5_auth_context *, krb5_flags, + krb5_data *, krb5_creds *, krb5_data * ); + +krb5_error_code KRB5_CALLCONV +krb5_mk_rep(krb5_context, krb5_auth_context, krb5_data *); + +krb5_error_code KRB5_CALLCONV +krb5_mk_rep_dce(krb5_context, krb5_auth_context, krb5_data *); + +krb5_error_code KRB5_CALLCONV +krb5_rd_rep(krb5_context, krb5_auth_context, const krb5_data *, + krb5_ap_rep_enc_part **); + +krb5_error_code KRB5_CALLCONV +krb5_rd_rep_dce(krb5_context, krb5_auth_context, const krb5_data *, + krb5_ui_4 *); + +krb5_error_code KRB5_CALLCONV +krb5_mk_error(krb5_context, const krb5_error *, krb5_data *); + +krb5_error_code KRB5_CALLCONV +krb5_rd_error(krb5_context, const krb5_data *, krb5_error **); + +krb5_error_code KRB5_CALLCONV +krb5_rd_safe(krb5_context, krb5_auth_context, const krb5_data *, krb5_data *, + krb5_replay_data *); + +krb5_error_code KRB5_CALLCONV +krb5_rd_priv(krb5_context, krb5_auth_context, const krb5_data *, krb5_data *, + krb5_replay_data *); + +krb5_error_code KRB5_CALLCONV +krb5_parse_name(krb5_context, const char *, krb5_principal *); + +#define KRB5_PRINCIPAL_PARSE_NO_REALM 0x1 +#define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM 0x2 +#define KRB5_PRINCIPAL_PARSE_ENTERPRISE 0x4 +krb5_error_code KRB5_CALLCONV +krb5_parse_name_flags(krb5_context, const char *, int, krb5_principal *); + +krb5_error_code KRB5_CALLCONV +krb5_unparse_name(krb5_context, krb5_const_principal, char **); + +krb5_error_code KRB5_CALLCONV +krb5_unparse_name_ext(krb5_context, krb5_const_principal, char **, + unsigned int *); + +#define KRB5_PRINCIPAL_UNPARSE_SHORT 0x1 +#define KRB5_PRINCIPAL_UNPARSE_NO_REALM 0x2 +#define KRB5_PRINCIPAL_UNPARSE_DISPLAY 0x4 +krb5_error_code KRB5_CALLCONV +krb5_unparse_name_flags(krb5_context, krb5_const_principal, int, char **); + +krb5_error_code KRB5_CALLCONV +krb5_unparse_name_flags_ext(krb5_context, krb5_const_principal, int, + char **, unsigned int *); + +krb5_error_code KRB5_CALLCONV +krb5_set_principal_realm(krb5_context, krb5_principal, const char *); + +krb5_boolean KRB5_CALLCONV_WRONG +krb5_address_search(krb5_context, const krb5_address *, krb5_address *const *); + +krb5_boolean KRB5_CALLCONV +krb5_address_compare(krb5_context, const krb5_address *, const krb5_address *); + +int KRB5_CALLCONV +krb5_address_order(krb5_context, const krb5_address *, const krb5_address *); + +krb5_boolean KRB5_CALLCONV +krb5_realm_compare(krb5_context, krb5_const_principal, krb5_const_principal); + +krb5_boolean KRB5_CALLCONV +krb5_principal_compare(krb5_context, krb5_const_principal, + krb5_const_principal); + +krb5_boolean KRB5_CALLCONV +krb5_principal_compare_any_realm(krb5_context, krb5_const_principal, + krb5_const_principal); + +#define KRB5_PRINCIPAL_COMPARE_IGNORE_REALM 1 +#define KRB5_PRINCIPAL_COMPARE_ENTERPRISE 2 /* UPNs as real principals */ +#define KRB5_PRINCIPAL_COMPARE_CASEFOLD 4 /* case-insensitive */ +#define KRB5_PRINCIPAL_COMPARE_UTF8 8 /* treat principals as UTF-8 */ + +krb5_boolean KRB5_CALLCONV +krb5_principal_compare_flags(krb5_context, krb5_const_principal, + krb5_const_principal, int); + +krb5_error_code KRB5_CALLCONV +krb5_init_keyblock(krb5_context, krb5_enctype enctype, size_t length, + krb5_keyblock **out); + +/* Initialize a new keyblock and allocate storage + * for the contents of the key, which will be freed along + * with the keyblock when krb5_free_keyblock is called. + * It is legal to pass in a length of 0, in which + * case contents are left unallocated. + */ +krb5_error_code KRB5_CALLCONV +krb5_copy_keyblock(krb5_context, const krb5_keyblock *, krb5_keyblock **); + +krb5_error_code KRB5_CALLCONV +krb5_copy_keyblock_contents(krb5_context, const krb5_keyblock *, + krb5_keyblock *); + +krb5_error_code KRB5_CALLCONV +krb5_copy_creds(krb5_context, const krb5_creds *, krb5_creds **); + +krb5_error_code KRB5_CALLCONV +krb5_copy_data(krb5_context, const krb5_data *, krb5_data **); + +krb5_error_code KRB5_CALLCONV +krb5_copy_principal(krb5_context, krb5_const_principal, krb5_principal *); + +krb5_error_code KRB5_CALLCONV +krb5_copy_addresses(krb5_context, krb5_address * const *, krb5_address ***); + +krb5_error_code KRB5_CALLCONV +krb5_copy_ticket(krb5_context, const krb5_ticket *, krb5_ticket **); + +krb5_error_code KRB5_CALLCONV +krb5_copy_authdata(krb5_context, krb5_authdata * const *, krb5_authdata ***); + /* Merge two authdata arrays, such as the array from a ticket - * and authenticator */ - -krb5_error_code KRB5_CALLCONV krb5_copy_authenticator - (krb5_context, - const krb5_authenticator *, - krb5_authenticator **); -krb5_error_code KRB5_CALLCONV krb5_copy_checksum - (krb5_context, - const krb5_checksum *, - krb5_checksum **); -krb5_error_code KRB5_CALLCONV krb5_get_server_rcache - (krb5_context, - const krb5_data *, krb5_rcache *); -krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext - (krb5_context, krb5_principal *, unsigned int, const char *, ...); -krb5_error_code KRB5_CALLCONV_C krb5_build_principal - (krb5_context, krb5_principal *, unsigned int, const char *, ...) + * and authenticator. */ +krb5_error_code KRB5_CALLCONV +krb5_merge_authdata(krb5_context, krb5_authdata * const *, + krb5_authdata *const *, krb5_authdata ***); + +krb5_error_code KRB5_CALLCONV +krb5_copy_authenticator(krb5_context, const krb5_authenticator *, + krb5_authenticator **); + +krb5_error_code KRB5_CALLCONV +krb5_copy_checksum(krb5_context, const krb5_checksum *, krb5_checksum **); + +krb5_error_code KRB5_CALLCONV +krb5_get_server_rcache(krb5_context, const krb5_data *, krb5_rcache *); + +krb5_error_code KRB5_CALLCONV_C +krb5_build_principal_ext(krb5_context, krb5_principal *, unsigned int, + const char *, ...); + +krb5_error_code KRB5_CALLCONV_C +krb5_build_principal(krb5_context, krb5_principal *, unsigned int, + const char *, ...) #if __GNUC__ >= 4 __attribute__ ((sentinel)) #endif ; #if KRB5_DEPRECATED -KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_build_principal_va - (krb5_context, - krb5_principal, unsigned int, const char *, va_list); +KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV +krb5_build_principal_va(krb5_context, krb5_principal, unsigned int, + const char *, va_list); #endif /* Version of krb5_build_principal_va which allocates krb5_principal_data */ -krb5_error_code KRB5_CALLCONV krb5_build_principal_alloc_va - (krb5_context, krb5_principal *, unsigned int, const char *, va_list); +krb5_error_code KRB5_CALLCONV +krb5_build_principal_alloc_va(krb5_context, krb5_principal *, unsigned int, + const char *, va_list); -krb5_error_code KRB5_CALLCONV krb5_425_conv_principal - (krb5_context, - const char *name, - const char *instance, const char *realm, - krb5_principal *princ); +krb5_error_code KRB5_CALLCONV +krb5_425_conv_principal(krb5_context, const char *name, const char *instance, + const char *realm, krb5_principal *princ); -krb5_error_code KRB5_CALLCONV krb5_524_conv_principal - (krb5_context context, krb5_const_principal princ, - char *name, char *inst, char *realm); +krb5_error_code KRB5_CALLCONV +krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, + char *name, char *inst, char *realm); struct credentials; -int KRB5_CALLCONV krb5_524_convert_creds - (krb5_context context, krb5_creds *v5creds, - struct credentials *v4creds); +int KRB5_CALLCONV +krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds, + struct credentials *v4creds); #if KRB5_DEPRECATED #define krb524_convert_creds_kdc krb5_524_convert_creds #define krb524_init_ets(x) (0) #endif /* libkt.spec */ -krb5_error_code KRB5_CALLCONV krb5_kt_resolve - (krb5_context, - const char *, - krb5_keytab * ); -krb5_error_code KRB5_CALLCONV krb5_kt_default_name - (krb5_context, - char *, - int ); -krb5_error_code KRB5_CALLCONV krb5_kt_default - (krb5_context, - krb5_keytab * ); -krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents - (krb5_context, - krb5_keytab_entry * ); +krb5_error_code KRB5_CALLCONV +krb5_kt_resolve(krb5_context, const char *, krb5_keytab *); + +krb5_error_code KRB5_CALLCONV +krb5_kt_default_name(krb5_context, char *, int); + +krb5_error_code KRB5_CALLCONV +krb5_kt_default(krb5_context, krb5_keytab * ); + +krb5_error_code KRB5_CALLCONV +krb5_free_keytab_entry_contents(krb5_context, krb5_keytab_entry *); + /* remove and add are functions, so that they can return NOWRITE if not a writable keytab */ -krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry * ); -krb5_error_code KRB5_CALLCONV krb5_kt_add_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry * ); -krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt - (krb5_context, - krb5_const_principal, krb5_data *); +krb5_error_code KRB5_CALLCONV +krb5_kt_remove_entry(krb5_context, krb5_keytab, krb5_keytab_entry *); + +krb5_error_code KRB5_CALLCONV +krb5_kt_add_entry(krb5_context, krb5_keytab, krb5_keytab_entry *); + +krb5_error_code KRB5_CALLCONV_WRONG +krb5_principal2salt(krb5_context, krb5_const_principal, krb5_data *); /* librc.spec--see rcache.h */ /* libcc.spec */ -krb5_error_code KRB5_CALLCONV krb5_cc_resolve - (krb5_context, - const char *, - krb5_ccache * ); -const char * KRB5_CALLCONV krb5_cc_default_name - (krb5_context); -krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name - (krb5_context, const char *); -krb5_error_code KRB5_CALLCONV krb5_cc_default - (krb5_context, - krb5_ccache *); - -krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds - (krb5_context context, - krb5_ccache incc, - krb5_ccache outcc); +krb5_error_code KRB5_CALLCONV +krb5_cc_resolve(krb5_context, const char *, krb5_ccache *); + +const char *KRB5_CALLCONV +krb5_cc_default_name(krb5_context); + +krb5_error_code KRB5_CALLCONV +krb5_cc_set_default_name(krb5_context, const char *); + +krb5_error_code KRB5_CALLCONV +krb5_cc_default(krb5_context, krb5_ccache *); +krb5_error_code KRB5_CALLCONV +krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc); /* krb5_free.c */ -void KRB5_CALLCONV krb5_free_principal - (krb5_context, krb5_principal ); -void KRB5_CALLCONV krb5_free_authenticator - (krb5_context, krb5_authenticator * ); -void KRB5_CALLCONV krb5_free_addresses - (krb5_context, krb5_address ** ); -void KRB5_CALLCONV krb5_free_authdata - (krb5_context, krb5_authdata ** ); -void KRB5_CALLCONV krb5_free_ticket - (krb5_context, krb5_ticket * ); -void KRB5_CALLCONV krb5_free_error - (krb5_context, krb5_error * ); -void KRB5_CALLCONV krb5_free_creds - (krb5_context, krb5_creds *); -void KRB5_CALLCONV krb5_free_cred_contents - (krb5_context, krb5_creds *); -void KRB5_CALLCONV krb5_free_checksum - (krb5_context, krb5_checksum *); -void KRB5_CALLCONV krb5_free_checksum_contents - (krb5_context, krb5_checksum *); -void KRB5_CALLCONV krb5_free_keyblock - (krb5_context, krb5_keyblock *); -void KRB5_CALLCONV krb5_free_keyblock_contents - (krb5_context, krb5_keyblock *); -void KRB5_CALLCONV krb5_free_ap_rep_enc_part - (krb5_context, krb5_ap_rep_enc_part *); -void KRB5_CALLCONV krb5_free_data - (krb5_context, krb5_data *); -void KRB5_CALLCONV krb5_free_data_contents - (krb5_context, krb5_data *); -void KRB5_CALLCONV krb5_free_unparsed_name - (krb5_context, char *); -void KRB5_CALLCONV krb5_free_cksumtypes - (krb5_context, krb5_cksumtype *); +void KRB5_CALLCONV krb5_free_principal(krb5_context, krb5_principal ); +void KRB5_CALLCONV krb5_free_authenticator(krb5_context, + krb5_authenticator * ); +void KRB5_CALLCONV krb5_free_addresses(krb5_context, krb5_address ** ); +void KRB5_CALLCONV krb5_free_authdata(krb5_context, krb5_authdata ** ); +void KRB5_CALLCONV krb5_free_ticket(krb5_context, krb5_ticket * ); +void KRB5_CALLCONV krb5_free_error(krb5_context, krb5_error * ); +void KRB5_CALLCONV krb5_free_creds(krb5_context, krb5_creds *); +void KRB5_CALLCONV krb5_free_cred_contents(krb5_context, krb5_creds *); +void KRB5_CALLCONV krb5_free_checksum(krb5_context, krb5_checksum *); +void KRB5_CALLCONV krb5_free_checksum_contents(krb5_context, krb5_checksum *); +void KRB5_CALLCONV krb5_free_keyblock(krb5_context, krb5_keyblock *); +void KRB5_CALLCONV krb5_free_keyblock_contents(krb5_context, krb5_keyblock *); +void KRB5_CALLCONV krb5_free_ap_rep_enc_part(krb5_context, + krb5_ap_rep_enc_part *); +void KRB5_CALLCONV krb5_free_data(krb5_context, krb5_data *); +void KRB5_CALLCONV krb5_free_data_contents(krb5_context, krb5_data *); +void KRB5_CALLCONV krb5_free_unparsed_name(krb5_context, char *); +void KRB5_CALLCONV krb5_free_cksumtypes(krb5_context, krb5_cksumtype *); /* From krb5/os but needed but by the outside world */ -krb5_error_code KRB5_CALLCONV krb5_us_timeofday - (krb5_context, - krb5_timestamp *, - krb5_int32 * ); -krb5_error_code KRB5_CALLCONV krb5_timeofday - (krb5_context, - krb5_timestamp * ); - /* get all the addresses of this host */ -krb5_error_code KRB5_CALLCONV krb5_os_localaddr - (krb5_context, - krb5_address ***); -krb5_error_code KRB5_CALLCONV krb5_get_default_realm - (krb5_context, - char ** ); -krb5_error_code KRB5_CALLCONV krb5_set_default_realm - (krb5_context, - const char * ); -void KRB5_CALLCONV krb5_free_default_realm - (krb5_context, - char * ); -krb5_error_code KRB5_CALLCONV krb5_sname_to_principal - (krb5_context, - const char *, - const char *, - krb5_int32, - krb5_principal *); -krb5_error_code KRB5_CALLCONV -krb5_change_password - (krb5_context context, krb5_creds *creds, char *newpw, - int *result_code, krb5_data *result_code_string, - krb5_data *result_string); -krb5_error_code KRB5_CALLCONV -krb5_set_password - (krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for, - int *result_code, krb5_data *result_code_string, krb5_data *result_string); -krb5_error_code KRB5_CALLCONV -krb5_set_password_using_ccache - (krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for, - int *result_code, krb5_data *result_code_string, krb5_data *result_string); - -krb5_error_code KRB5_CALLCONV -krb5_get_profile - (krb5_context, struct _profile_t * /* profile_t */ *); +krb5_error_code KRB5_CALLCONV +krb5_us_timeofday(krb5_context, krb5_timestamp *, krb5_int32 *); + +krb5_error_code KRB5_CALLCONV +krb5_timeofday(krb5_context, krb5_timestamp *); + +/* get all the addresses of this host */ +krb5_error_code KRB5_CALLCONV +krb5_os_localaddr(krb5_context, krb5_address ***); + +krb5_error_code KRB5_CALLCONV +krb5_get_default_realm(krb5_context, char **); + +krb5_error_code KRB5_CALLCONV +krb5_set_default_realm(krb5_context, const char * ); + +void KRB5_CALLCONV +krb5_free_default_realm(krb5_context, char * ); + +krb5_error_code KRB5_CALLCONV +krb5_sname_to_principal(krb5_context, const char *, const char *, krb5_int32, + krb5_principal *); + +krb5_error_code KRB5_CALLCONV +krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, + int *result_code, krb5_data *result_code_string, + krb5_data *result_string); + +krb5_error_code KRB5_CALLCONV +krb5_set_password(krb5_context context, krb5_creds *creds, char *newpw, + krb5_principal change_password_for, int *result_code, + krb5_data *result_code_string, krb5_data *result_string); + +krb5_error_code KRB5_CALLCONV +krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache, + char *newpw, krb5_principal change_password_for, + int *result_code, krb5_data *result_code_string, + krb5_data *result_string); + +krb5_error_code KRB5_CALLCONV +krb5_get_profile(krb5_context, struct _profile_t * /* profile_t */ *); #if KRB5_DEPRECATED -KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - krb5_error_code ( * )(krb5_context, - krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_error_code ( * )(krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ), - krb5_const_pointer, - krb5_creds *, - krb5_ccache, - krb5_kdc_rep ** ); - -KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - const char *, - krb5_ccache, - krb5_creds *, - krb5_kdc_rep ** ); - -KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - const krb5_keyblock *, - krb5_ccache, - krb5_creds *, - krb5_kdc_rep ** ); - -KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - krb5_keytab, - krb5_ccache, - krb5_creds *, - krb5_kdc_rep ** ); +KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV +krb5_get_in_tkt(krb5_context, krb5_flags, krb5_address *const *, + krb5_enctype *, krb5_preauthtype *, + krb5_error_code (*)(krb5_context, krb5_enctype, krb5_data *, + krb5_const_pointer, krb5_keyblock **), + krb5_const_pointer, + krb5_error_code (*)(krb5_context, const krb5_keyblock *, + krb5_const_pointer, krb5_kdc_rep * ), + krb5_const_pointer, krb5_creds *, krb5_ccache, + krb5_kdc_rep **); + +KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV +krb5_get_in_tkt_with_password(krb5_context, krb5_flags, krb5_address *const *, + krb5_enctype *, krb5_preauthtype *, const char *, + krb5_ccache, krb5_creds *, krb5_kdc_rep **); + +KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV +krb5_get_in_tkt_with_skey(krb5_context, krb5_flags, krb5_address *const *, + krb5_enctype *, krb5_preauthtype *, + const krb5_keyblock *, krb5_ccache, krb5_creds *, + krb5_kdc_rep **); + +KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV +krb5_get_in_tkt_with_keytab(krb5_context, krb5_flags, krb5_address *const *, + krb5_enctype *, krb5_preauthtype *, krb5_keytab, + krb5_ccache, krb5_creds *, krb5_kdc_rep ** ); #endif /* KRB5_DEPRECATED */ -krb5_error_code KRB5_CALLCONV krb5_rd_req - (krb5_context, - krb5_auth_context *, - const krb5_data *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **); - -krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key - (krb5_context, - krb5_pointer, - krb5_principal, - krb5_kvno, - krb5_enctype, - krb5_keyblock **); -krb5_error_code KRB5_CALLCONV krb5_mk_safe - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); -krb5_error_code KRB5_CALLCONV krb5_mk_priv - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); - -krb5_error_code KRB5_CALLCONV krb5_sendauth - (krb5_context, - krb5_auth_context *, - krb5_pointer, - char *, - krb5_principal, - krb5_principal, - krb5_flags, - krb5_data *, - krb5_creds *, - krb5_ccache, - krb5_error **, - krb5_ap_rep_enc_part **, - krb5_creds **); - -krb5_error_code KRB5_CALLCONV krb5_recvauth - (krb5_context, - krb5_auth_context *, - krb5_pointer, - char *, - krb5_principal, - krb5_int32, - krb5_keytab, - krb5_ticket **); -krb5_error_code KRB5_CALLCONV krb5_recvauth_version - (krb5_context, - krb5_auth_context *, - krb5_pointer, - krb5_principal, - krb5_int32, - krb5_keytab, - krb5_ticket **, - krb5_data *); - -krb5_error_code KRB5_CALLCONV krb5_mk_ncred - (krb5_context, - krb5_auth_context, - krb5_creds **, - krb5_data **, - krb5_replay_data *); - -krb5_error_code KRB5_CALLCONV krb5_mk_1cred - (krb5_context, - krb5_auth_context, - krb5_creds *, - krb5_data **, - krb5_replay_data *); - -krb5_error_code KRB5_CALLCONV krb5_rd_cred - (krb5_context, - krb5_auth_context, - krb5_data *, - krb5_creds ***, - krb5_replay_data *); - -krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds - (krb5_context, - krb5_auth_context, - char *, - krb5_principal, - krb5_principal, - krb5_ccache, - int forwardable, - krb5_data *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_init - (krb5_context, - krb5_auth_context *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_free - (krb5_context, - krb5_auth_context); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags - (krb5_context, - krb5_auth_context, - krb5_int32); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags - (krb5_context, - krb5_auth_context, - krb5_int32 *); - -krb5_error_code KRB5_CALLCONV -krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context, - krb5_mk_req_checksum_func, void *); - -krb5_error_code KRB5_CALLCONV -krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context, - krb5_mk_req_checksum_func *, void **); - -krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs - (krb5_context, - krb5_auth_context, - krb5_address *, - krb5_address *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs - (krb5_context, - krb5_auth_context, - krb5_address **, - krb5_address **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setports - (krb5_context, - krb5_auth_context, - krb5_address *, - krb5_address *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey - (krb5_context, - krb5_auth_context, - krb5_keyblock *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey - (krb5_context, - krb5_auth_context, - krb5_keyblock **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey( - krb5_context, krb5_auth_context, krb5_keyblock **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey( - krb5_context, krb5_auth_context, krb5_keyblock **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey( - krb5_context, krb5_auth_context, krb5_keyblock *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey( - krb5_context, krb5_auth_context, krb5_keyblock *); +krb5_error_code KRB5_CALLCONV +krb5_rd_req(krb5_context, krb5_auth_context *, const krb5_data *, + krb5_const_principal, krb5_keytab, krb5_flags *, krb5_ticket **); + +krb5_error_code KRB5_CALLCONV +krb5_kt_read_service_key(krb5_context, krb5_pointer, krb5_principal, krb5_kvno, + krb5_enctype, krb5_keyblock **); + +krb5_error_code KRB5_CALLCONV +krb5_mk_safe(krb5_context, krb5_auth_context, const krb5_data *, krb5_data *, + krb5_replay_data *); + +krb5_error_code KRB5_CALLCONV +krb5_mk_priv(krb5_context, krb5_auth_context, const krb5_data *, krb5_data *, + krb5_replay_data *); + +krb5_error_code KRB5_CALLCONV +krb5_sendauth(krb5_context, krb5_auth_context *, krb5_pointer, char *, + krb5_principal, krb5_principal, krb5_flags, krb5_data *, + krb5_creds *, krb5_ccache, krb5_error **, + krb5_ap_rep_enc_part **, krb5_creds **); + +krb5_error_code KRB5_CALLCONV +krb5_recvauth(krb5_context, krb5_auth_context *, krb5_pointer, char *, + krb5_principal, krb5_int32, krb5_keytab, krb5_ticket **); + +krb5_error_code KRB5_CALLCONV +krb5_recvauth_version(krb5_context, krb5_auth_context *, krb5_pointer, + krb5_principal, krb5_int32, krb5_keytab, krb5_ticket **, + krb5_data *); + +krb5_error_code KRB5_CALLCONV +krb5_mk_ncred(krb5_context, krb5_auth_context, krb5_creds **, krb5_data **, + krb5_replay_data *); + +krb5_error_code KRB5_CALLCONV +krb5_mk_1cred(krb5_context, krb5_auth_context, krb5_creds *, krb5_data **, + krb5_replay_data *); + +krb5_error_code KRB5_CALLCONV +krb5_rd_cred(krb5_context, krb5_auth_context, krb5_data *, krb5_creds ***, + krb5_replay_data *); + +krb5_error_code KRB5_CALLCONV +krb5_fwd_tgt_creds(krb5_context, krb5_auth_context, char *, krb5_principal, + krb5_principal, krb5_ccache, int forwardable, krb5_data *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_init(krb5_context, krb5_auth_context *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_free(krb5_context, krb5_auth_context); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_setflags(krb5_context, krb5_auth_context, krb5_int32); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_getflags(krb5_context, krb5_auth_context, krb5_int32 *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_set_checksum_func(krb5_context, krb5_auth_context, + krb5_mk_req_checksum_func, void *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_get_checksum_func(krb5_context, krb5_auth_context, + krb5_mk_req_checksum_func *, void **); + +krb5_error_code KRB5_CALLCONV_WRONG +krb5_auth_con_setaddrs(krb5_context, krb5_auth_context, krb5_address *, + krb5_address *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_getaddrs(krb5_context, krb5_auth_context, krb5_address **, + krb5_address **); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_setports(krb5_context, krb5_auth_context, krb5_address *, + krb5_address *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_setuseruserkey(krb5_context, krb5_auth_context, krb5_keyblock *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_getkey(krb5_context, krb5_auth_context, krb5_keyblock **); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_getsendsubkey(krb5_context, krb5_auth_context, krb5_keyblock **); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_getrecvsubkey(krb5_context, krb5_auth_context, krb5_keyblock **); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_setsendsubkey(krb5_context, krb5_auth_context, krb5_keyblock *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_setrecvsubkey(krb5_context, krb5_auth_context, krb5_keyblock *); #if KRB5_DEPRECATED -KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey - (krb5_context, - krb5_auth_context, - krb5_keyblock **); - -KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey - (krb5_context, - krb5_auth_context, - krb5_keyblock **); +KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV +krb5_auth_con_getlocalsubkey(krb5_context, krb5_auth_context, + krb5_keyblock **); + +KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV +krb5_auth_con_getremotesubkey(krb5_context, krb5_auth_context, + krb5_keyblock **); #endif -krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber - (krb5_context, - krb5_auth_context, - krb5_int32 *); +krb5_error_code KRB5_CALLCONV +krb5_auth_con_getlocalseqnumber(krb5_context, krb5_auth_context, krb5_int32 *); -krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber - (krb5_context, - krb5_auth_context, - krb5_int32 *); +krb5_error_code KRB5_CALLCONV +krb5_auth_con_getremoteseqnumber(krb5_context, krb5_auth_context, + krb5_int32 *); #if KRB5_DEPRECATED -KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector - (krb5_context, - krb5_auth_context); +KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV +krb5_auth_con_initivector(krb5_context, krb5_auth_context); #endif -krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache - (krb5_context, - krb5_auth_context, - krb5_rcache); +krb5_error_code KRB5_CALLCONV +krb5_auth_con_setrcache(krb5_context, krb5_auth_context, krb5_rcache); -krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache - (krb5_context, - krb5_auth_context, - krb5_rcache *); +krb5_error_code KRB5_CALLCONV_WRONG +krb5_auth_con_getrcache(krb5_context, krb5_auth_context, krb5_rcache *); -krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator - (krb5_context, - krb5_auth_context, - krb5_authenticator **); +krb5_error_code KRB5_CALLCONV +krb5_auth_con_getauthenticator(krb5_context, krb5_auth_context, + krb5_authenticator **); #define KRB5_REALM_BRANCH_CHAR '.' @@ -2289,74 +2064,65 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator * begin stuff from libos.h */ -krb5_error_code KRB5_CALLCONV krb5_read_password - (krb5_context, - const char *, - const char *, - char *, - unsigned int * ); -krb5_error_code KRB5_CALLCONV krb5_aname_to_localname - (krb5_context, - krb5_const_principal, - int, - char * ); -krb5_error_code KRB5_CALLCONV krb5_get_host_realm - (krb5_context, - const char *, - char *** ); -krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm - (krb5_context, - krb5_data *, - char *** ); -krb5_error_code KRB5_CALLCONV krb5_free_host_realm - (krb5_context, - char * const * ); -krb5_boolean KRB5_CALLCONV krb5_kuserok - (krb5_context, - krb5_principal, const char *); -krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs - (krb5_context, - krb5_auth_context, - int, int); -krb5_error_code KRB5_CALLCONV krb5_set_real_time - (krb5_context, krb5_timestamp, krb5_int32); - -krb5_error_code KRB5_CALLCONV krb5_get_time_offsets - (krb5_context, krb5_timestamp *, krb5_int32 *); +krb5_error_code KRB5_CALLCONV +krb5_read_password(krb5_context, const char *, const char *, char *, + unsigned int * ); + +krb5_error_code KRB5_CALLCONV +krb5_aname_to_localname(krb5_context, krb5_const_principal, int, char *); + +krb5_error_code KRB5_CALLCONV +krb5_get_host_realm(krb5_context, const char *, char ***); + +krb5_error_code KRB5_CALLCONV +krb5_get_fallback_host_realm(krb5_context, krb5_data *, char ***); + +krb5_error_code KRB5_CALLCONV +krb5_free_host_realm(krb5_context, char * const * ); + +krb5_boolean KRB5_CALLCONV +krb5_kuserok(krb5_context, krb5_principal, const char *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_genaddrs(krb5_context, krb5_auth_context, int, int); + +krb5_error_code KRB5_CALLCONV +krb5_set_real_time(krb5_context, krb5_timestamp, krb5_int32); + +krb5_error_code KRB5_CALLCONV +krb5_get_time_offsets(krb5_context, krb5_timestamp *, krb5_int32 *); /* str_conv.c */ -krb5_error_code KRB5_CALLCONV krb5_string_to_enctype - (char *, krb5_enctype *); -krb5_error_code KRB5_CALLCONV krb5_string_to_salttype - (char *, krb5_int32 *); -krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype - (char *, krb5_cksumtype *); -krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp - (char *, krb5_timestamp *); -krb5_error_code KRB5_CALLCONV krb5_string_to_deltat - (char *, krb5_deltat *); -krb5_error_code KRB5_CALLCONV krb5_enctype_to_string - (krb5_enctype, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_salttype_to_string - (krb5_int32, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string - (krb5_cksumtype, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string - (krb5_timestamp, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring - (krb5_timestamp, char *, size_t, char *); -krb5_error_code KRB5_CALLCONV krb5_deltat_to_string - (krb5_deltat, char *, size_t); +krb5_error_code KRB5_CALLCONV krb5_string_to_enctype(char *, krb5_enctype *); +krb5_error_code KRB5_CALLCONV krb5_string_to_salttype(char *, krb5_int32 *); +krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype(char *, + krb5_cksumtype *); +krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp(char *, + krb5_timestamp *); +krb5_error_code KRB5_CALLCONV krb5_string_to_deltat(char *, krb5_deltat *); +krb5_error_code KRB5_CALLCONV krb5_enctype_to_string(krb5_enctype, char *, + size_t); +krb5_error_code KRB5_CALLCONV krb5_salttype_to_string(krb5_int32, char *, + size_t); +krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string(krb5_cksumtype, char *, + size_t); +krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string(krb5_timestamp, char *, + size_t); +krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring(krb5_timestamp, + char *, size_t, + char *); +krb5_error_code KRB5_CALLCONV krb5_deltat_to_string(krb5_deltat, char *, + size_t); /* The name of the Kerberos ticket granting service... and its size */ -#define KRB5_TGS_NAME "krbtgt" -#define KRB5_TGS_NAME_SIZE 6 +#define KRB5_TGS_NAME "krbtgt" +#define KRB5_TGS_NAME_SIZE 6 /* flags for recvauth */ -#define KRB5_RECVAUTH_SKIP_VERSION 0x0001 -#define KRB5_RECVAUTH_BADAUTHVERS 0x0002 +#define KRB5_RECVAUTH_SKIP_VERSION 0x0001 +#define KRB5_RECVAUTH_BADAUTHVERS 0x0002 /* initial ticket api functions */ typedef struct _krb5_prompt { @@ -2365,21 +2131,15 @@ typedef struct _krb5_prompt { krb5_data *reply; } krb5_prompt; -typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]); - +typedef krb5_error_code +(KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context, void *data, + const char *name, const char *banner, + int num_prompts, krb5_prompt prompts[]); krb5_error_code KRB5_CALLCONV -krb5_prompter_posix (krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]); +krb5_prompter_posix(krb5_context context, void *data, const char *name, + const char *banner, int num_prompts, + krb5_prompt prompts[]); typedef struct _krb5_get_init_creds_opt { krb5_flags flags; @@ -2395,83 +2155,70 @@ typedef struct _krb5_get_init_creds_opt { krb5_data *salt; } krb5_get_init_creds_opt; -#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 -#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 -#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 -#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 -#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 -#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 -#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 -#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 -#define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100 -#define KRB5_GET_INIT_CREDS_OPT_CANONICALIZE 0x0200 +#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 +#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 +#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 +#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 +#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 +#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 +#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 +#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 +#define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100 +#define KRB5_GET_INIT_CREDS_OPT_CANONICALIZE 0x0200 krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_opt_alloc -(krb5_context context, - krb5_get_init_creds_opt **opt); +krb5_get_init_creds_opt_alloc(krb5_context context, + krb5_get_init_creds_opt **opt); void KRB5_CALLCONV -krb5_get_init_creds_opt_free -(krb5_context context, - krb5_get_init_creds_opt *opt); +krb5_get_init_creds_opt_free(krb5_context context, + krb5_get_init_creds_opt *opt); void KRB5_CALLCONV -krb5_get_init_creds_opt_init -(krb5_get_init_creds_opt *opt); +krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt); void KRB5_CALLCONV -krb5_get_init_creds_opt_set_tkt_life -(krb5_get_init_creds_opt *opt, - krb5_deltat tkt_life); +krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, + krb5_deltat tkt_life); void KRB5_CALLCONV -krb5_get_init_creds_opt_set_renew_life -(krb5_get_init_creds_opt *opt, - krb5_deltat renew_life); +krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, + krb5_deltat renew_life); void KRB5_CALLCONV -krb5_get_init_creds_opt_set_forwardable -(krb5_get_init_creds_opt *opt, - int forwardable); +krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, + int forwardable); void KRB5_CALLCONV -krb5_get_init_creds_opt_set_proxiable -(krb5_get_init_creds_opt *opt, - int proxiable); +krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, + int proxiable); void KRB5_CALLCONV -krb5_get_init_creds_opt_set_canonicalize -(krb5_get_init_creds_opt *opt, - int canonicalize); +krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opt, + int canonicalize); void KRB5_CALLCONV -krb5_get_init_creds_opt_set_etype_list -(krb5_get_init_creds_opt *opt, - krb5_enctype *etype_list, - int etype_list_length); +krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, + krb5_enctype *etype_list, + int etype_list_length); void KRB5_CALLCONV -krb5_get_init_creds_opt_set_address_list -(krb5_get_init_creds_opt *opt, - krb5_address **addresses); +krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, + krb5_address **addresses); void KRB5_CALLCONV -krb5_get_init_creds_opt_set_preauth_list -(krb5_get_init_creds_opt *opt, - krb5_preauthtype *preauth_list, - int preauth_list_length); +krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, + krb5_preauthtype *preauth_list, + int preauth_list_length); void KRB5_CALLCONV -krb5_get_init_creds_opt_set_salt -(krb5_get_init_creds_opt *opt, - krb5_data *salt); +krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, + krb5_data *salt); void KRB5_CALLCONV -krb5_get_init_creds_opt_set_change_password_prompt -(krb5_get_init_creds_opt *opt, - int prompt); +krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt + *opt, int prompt); /* Generic preauth option attribute/value pairs */ typedef struct _krb5_gic_opt_pa_data { @@ -2488,105 +2235,77 @@ typedef struct _krb5_gic_opt_pa_data { * obtained using krb5_get_init_creds_opt_alloc() */ krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_opt_set_pa - (krb5_context context, - krb5_get_init_creds_opt *opt, - const char *attr, - const char *value); - -krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_set_fast_ccache_name -(krb5_context context, krb5_get_init_creds_opt *opt, - const char * fast_ccache_name); - /* This API sets a ccache name that will contain some TGT on - calls to get_init_creds functions. If set, this ccache will - be used for FAST (draft-ietf-krb-wg-preauth-framework) to - protect the AS-REQ from observation and active attack. If - the fast_ccache_name is set, then FAST may be required by the - client library. In this version FAST is required.*/ -krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_password -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - char *password, - krb5_prompter_fct prompter, - void *data, - krb5_deltat start_time, - char *in_tkt_service, - krb5_get_init_creds_opt *k5_gic_options); - -krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_keytab -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_keytab arg_keytab, - krb5_deltat start_time, - char *in_tkt_service, - krb5_get_init_creds_opt *k5_gic_options); +krb5_get_init_creds_opt_set_pa(krb5_context context, + krb5_get_init_creds_opt *opt, const char *attr, + const char *value); + +krb5_error_code KRB5_CALLCONV +krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context, + krb5_get_init_creds_opt *opt, + const char *fast_ccache_name); + +/* This API sets a ccache name that will contain some TGT on + calls to get_init_creds functions. If set, this ccache will + be used for FAST (draft-ietf-krb-wg-preauth-framework) to + protect the AS-REQ from observation and active attack. If + the fast_ccache_name is set, then FAST may be required by the + client library. In this version FAST is required.*/ +krb5_error_code KRB5_CALLCONV +krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, + krb5_principal client, char *password, + krb5_prompter_fct prompter, void *data, + krb5_deltat start_time, char *in_tkt_service, + krb5_get_init_creds_opt *k5_gic_options); + +krb5_error_code KRB5_CALLCONV +krb5_get_init_creds_keytab(krb5_context context, krb5_creds *creds, + krb5_principal client, krb5_keytab arg_keytab, + krb5_deltat start_time, char *in_tkt_service, + krb5_get_init_creds_opt *k5_gic_options); typedef struct _krb5_verify_init_creds_opt { krb5_flags flags; int ap_req_nofail; } krb5_verify_init_creds_opt; -#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 +#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 void KRB5_CALLCONV -krb5_verify_init_creds_opt_init -(krb5_verify_init_creds_opt *k5_vic_options); +krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *k5_vic_options); + void KRB5_CALLCONV -krb5_verify_init_creds_opt_set_ap_req_nofail -(krb5_verify_init_creds_opt *k5_vic_options, - int ap_req_nofail); +krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt * + k5_vic_options, + int ap_req_nofail); krb5_error_code KRB5_CALLCONV -krb5_verify_init_creds -(krb5_context context, - krb5_creds *creds, - krb5_principal ap_req_server, - krb5_keytab ap_req_keytab, - krb5_ccache *ccache, - krb5_verify_init_creds_opt *k5_vic_options); +krb5_verify_init_creds(krb5_context context, krb5_creds *creds, + krb5_principal ap_req_server, krb5_keytab ap_req_keytab, + krb5_ccache *ccache, + krb5_verify_init_creds_opt *k5_vic_options); krb5_error_code KRB5_CALLCONV -krb5_get_validated_creds -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_ccache ccache, - char *in_tkt_service); +krb5_get_validated_creds(krb5_context context, krb5_creds *creds, + krb5_principal client, krb5_ccache ccache, + char *in_tkt_service); krb5_error_code KRB5_CALLCONV -krb5_get_renewed_creds -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_ccache ccache, - char *in_tkt_service); +krb5_get_renewed_creds(krb5_context context, krb5_creds *creds, + krb5_principal client, krb5_ccache ccache, + char *in_tkt_service); krb5_error_code KRB5_CALLCONV -krb5_decode_ticket -(const krb5_data *code, - krb5_ticket **rep); +krb5_decode_ticket(const krb5_data *code, krb5_ticket **rep); void KRB5_CALLCONV -krb5_appdefault_string -(krb5_context context, - const char *appname, - const krb5_data *realm, - const char *option, - const char *default_value, - char ** ret_value); +krb5_appdefault_string(krb5_context context, const char *appname, + const krb5_data *realm, const char *option, + const char *default_value, char ** ret_value); void KRB5_CALLCONV -krb5_appdefault_boolean -(krb5_context context, - const char *appname, - const krb5_data *realm, - const char *option, - int default_value, - int *ret_value); +krb5_appdefault_boolean(krb5_context context, const char *appname, + const krb5_data *realm, const char *option, + int default_value, int *ret_value); /* * Prompter enhancements @@ -2599,24 +2318,23 @@ krb5_appdefault_boolean typedef krb5_int32 krb5_prompt_type; -krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types - (krb5_context context); +krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types(krb5_context context); /* Error reporting */ void KRB5_CALLCONV_C -krb5_set_error_message (krb5_context, krb5_error_code, const char *, ...) +krb5_set_error_message(krb5_context, krb5_error_code, const char *, ...) #if !defined(__cplusplus) && (__GNUC__ > 2) __attribute__((__format__(__printf__, 3, 4))) #endif ; void KRB5_CALLCONV -krb5_vset_error_message (krb5_context, krb5_error_code, const char *, va_list) +krb5_vset_error_message(krb5_context, krb5_error_code, const char *, va_list) #if !defined(__cplusplus) && (__GNUC__ > 2) __attribute__((__format__(__printf__, 3, 0))) #endif ; void KRB5_CALLCONV -krb5_copy_error_message (krb5_context, krb5_context); +krb5_copy_error_message(krb5_context, krb5_context); /* * The behavior of krb5_get_error_message is only defined the first @@ -2629,38 +2347,40 @@ krb5_copy_error_message (krb5_context, krb5_context); * krb5_free_error_message. */ const char * KRB5_CALLCONV -krb5_get_error_message (krb5_context, krb5_error_code); +krb5_get_error_message(krb5_context, krb5_error_code); void KRB5_CALLCONV -krb5_free_error_message (krb5_context, const char *); +krb5_free_error_message(krb5_context, const char *); void KRB5_CALLCONV -krb5_clear_error_message (krb5_context); +krb5_clear_error_message(krb5_context); krb5_error_code KRB5_CALLCONV krb5_decode_authdata_container(krb5_context context, - krb5_authdatatype type, - const krb5_authdata *container, - krb5_authdata ***authdata); + krb5_authdatatype type, + const krb5_authdata *container, + krb5_authdata ***authdata); + krb5_error_code KRB5_CALLCONV krb5_encode_authdata_container(krb5_context context, - krb5_authdatatype type, - krb5_authdata * const*authdata, - krb5_authdata ***container); + krb5_authdatatype type, + krb5_authdata * const*authdata, + krb5_authdata ***container); /* * AD-KDCIssued */ krb5_error_code KRB5_CALLCONV krb5_make_authdata_kdc_issued(krb5_context context, - const krb5_keyblock *key, - krb5_const_principal issuer, - krb5_authdata *const *authdata, - krb5_authdata ***ad_kdcissued); + const krb5_keyblock *key, + krb5_const_principal issuer, + krb5_authdata *const *authdata, + krb5_authdata ***ad_kdcissued); + krb5_error_code KRB5_CALLCONV krb5_verify_authdata_kdc_issued(krb5_context context, - const krb5_keyblock *key, - const krb5_authdata *ad_kdcissued, - krb5_principal *issuer, - krb5_authdata ***authdata); + const krb5_keyblock *key, + const krb5_authdata *ad_kdcissued, + krb5_principal *issuer, + krb5_authdata ***authdata); /* * Windows PAC @@ -2669,51 +2389,31 @@ struct krb5_pac_data; typedef struct krb5_pac_data *krb5_pac; krb5_error_code KRB5_CALLCONV -krb5_pac_add_buffer -(krb5_context context, - krb5_pac pac, - krb5_ui_4 type, - const krb5_data *data); +krb5_pac_add_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type, + const krb5_data *data); void KRB5_CALLCONV -krb5_pac_free -(krb5_context context, - krb5_pac pac); +krb5_pac_free(krb5_context context, krb5_pac pac); krb5_error_code KRB5_CALLCONV -krb5_pac_get_buffer -(krb5_context context, - krb5_pac pac, - krb5_ui_4 type, - krb5_data *data); +krb5_pac_get_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type, + krb5_data *data); krb5_error_code KRB5_CALLCONV -krb5_pac_get_types -(krb5_context context, - krb5_pac pac, - size_t *len, - krb5_ui_4 **types); +krb5_pac_get_types(krb5_context context, krb5_pac pac, size_t *len, + krb5_ui_4 **types); krb5_error_code KRB5_CALLCONV -krb5_pac_init -(krb5_context context, - krb5_pac *pac); +krb5_pac_init(krb5_context context, krb5_pac *pac); krb5_error_code KRB5_CALLCONV -krb5_pac_parse -(krb5_context context, - const void *ptr, - size_t len, - krb5_pac *pac); +krb5_pac_parse(krb5_context context, const void *ptr, size_t len, + krb5_pac *pac); krb5_error_code KRB5_CALLCONV -krb5_pac_verify -(krb5_context context, - const krb5_pac pac, - krb5_timestamp authtime, - krb5_const_principal principal, - const krb5_keyblock *server, - const krb5_keyblock *privsvr); +krb5_pac_verify(krb5_context context, const krb5_pac pac, + krb5_timestamp authtime, krb5_const_principal principal, + const krb5_keyblock *server, const krb5_keyblock *privsvr); #if TARGET_OS_MAC # pragma pack(pop) diff --git a/src/include/krb5/locate_plugin.h b/src/include/krb5/locate_plugin.h index 8496f276bb..3bdac348cd 100644 --- a/src/include/krb5/locate_plugin.h +++ b/src/include/krb5/locate_plugin.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * * @@ -16,7 +17,7 @@ * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label + * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of @@ -40,7 +41,7 @@ enum locate_service_type { }; typedef struct krb5plugin_service_locate_ftable { - int minor_version; /* currently 0 */ + int minor_version; /* currently 0 */ /* Per-context setup and teardown. Returned void* blob is private to the plugin. */ krb5_error_code (*init)(krb5_context, void **); @@ -51,10 +52,10 @@ typedef struct krb5plugin_service_locate_ftable { lookup function should only return an error if it detects a problem, not if the callback function tells it to quit. */ krb5_error_code (*lookup)(void *, - enum locate_service_type svc, const char *realm, - int socktype, int family, - int (*cbfunc)(void *,int,struct sockaddr *), - void *cbdata); + enum locate_service_type svc, const char *realm, + int socktype, int family, + int (*cbfunc)(void *,int,struct sockaddr *), + void *cbdata); } krb5plugin_service_locate_ftable; /* extern krb5plugin_service_locate_ftable service_locator; */ #endif diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h index dd0820af18..6271316140 100644 --- a/src/include/krb5/preauth_plugin.h +++ b/src/include/krb5/preauth_plugin.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * * @@ -53,45 +54,45 @@ struct _krb5_preauth_client_rock; /* Provides a real answer which we can send back to the KDC (client-only). The * client assumes that one real answer will be enough. */ -#define PA_REAL 0x00000001 +#define PA_REAL 0x00000001 /* Doesn't provide a real answer, but must be given a chance to run before any * REAL mechanism callbacks (client-only). */ -#define PA_INFO 0x00000002 +#define PA_INFO 0x00000002 /* Causes the KDC to include this mechanism in a list of supported preauth * types if the user's DB entry flags the user as requiring hardware-based * preauthentication (server-only). */ -#define PA_HARDWARE 0x00000004 +#define PA_HARDWARE 0x00000004 /* Causes the KDC to include this mechanism in a list of supported preauth * types if the user's DB entry flags the user as requiring preauthentication, * and to fail preauthentication if we can't verify the client data. The * flipside of PA_SUFFICIENT (server-only). */ -#define PA_REQUIRED 0x00000008 +#define PA_REQUIRED 0x00000008 /* Causes the KDC to include this mechanism in a list of supported preauth * types if the user's DB entry flags the user as requiring preauthentication, * and to mark preauthentication as successful if we can verify the client * data. The flipside of PA_REQUIRED (server-only). */ -#define PA_SUFFICIENT 0x00000010 +#define PA_SUFFICIENT 0x00000010 /* Marks this preauthentication mechanism as one which changes the key which is * used for encrypting the response to the client. Modules which have this * flag have their server_return_proc called before modules which do not, and * are passed over if a previously-called module has modified the encrypting * key (server-only). */ -#define PA_REPLACES_KEY 0x00000020 +#define PA_REPLACES_KEY 0x00000020 /* Causes the KDC to check with this preauthentication module even if the * client has no entry in the realm database. If the module returns a success * code, continue processing and assume that its return_padata callback will * supply us with a key for encrypting the AS reply (server-only). */ -/* #define PA_VIRTUAL (0x00000040 | PA_REPLACES_KEY) */ +/* #define PA_VIRTUAL (0x00000040 | PA_REPLACES_KEY) */ /* Not really a padata type, so don't include it in any list of preauth types * which gets sent over the wire. */ -#define PA_PSEUDO 0x00000080 +#define PA_PSEUDO 0x00000080 /*************************************************************************** @@ -109,14 +110,14 @@ struct _krb5_preauth_client_rock; */ typedef krb5_error_code (*preauth_get_as_key_proc)(krb5_context, - krb5_principal, - krb5_enctype, - krb5_prompter_fct, - void *prompter_data, - krb5_data *salt, - krb5_data *s2kparams, - krb5_keyblock *as_key, - void *gak_data); + krb5_principal, + krb5_enctype, + krb5_prompter_fct, + void *prompter_data, + krb5_data *salt, + krb5_data *s2kparams, + krb5_keyblock *as_key, + void *gak_data); /* * A client module's callback functions are allowed to request various @@ -138,13 +139,13 @@ enum krb5plugin_preauth_client_request_type { * acceptable to set data to NULL and free the keyblock using * krb5_free_keyblock; in that case, this frees the krb5_data * only.*/ -krb5plugin_preauth_client_free_fast_armor = 4, + krb5plugin_preauth_client_free_fast_armor = 4, }; typedef krb5_error_code (*preauth_get_client_data_proc)(krb5_context, - struct _krb5_preauth_client_rock *, - krb5_int32 request_type, - krb5_data **); + struct _krb5_preauth_client_rock *, + krb5_int32 request_type, + krb5_data **); /* Per-plugin initialization/cleanup. The init function is called * by libkrb5 when the plugin is loaded, and the fini function is @@ -154,17 +155,17 @@ typedef krb5_error_code * the krb5_context */ typedef krb5_error_code (*preauth_client_plugin_init_proc)(krb5_context context, - void **plugin_context); + void **plugin_context); typedef void (*preauth_client_plugin_fini_proc)(krb5_context context, - void *plugin_context); + void *plugin_context); /* A callback which returns flags indicating if the module is a "real" or * an "info" mechanism, and so on. This function is called for each entry * in the client_pa_type_list. */ typedef int (*preauth_client_get_flags_proc)(krb5_context context, - krb5_preauthtype pa_type); + krb5_preauthtype pa_type); /* Per-request initialization/cleanup. The request_init function is * called when beginning to process a get_init_creds request and the @@ -173,12 +174,12 @@ typedef int * the lifetime of a krb5_context. */ typedef void (*preauth_client_request_init_proc)(krb5_context context, - void *plugin_context, - void **request_context); + void *plugin_context, + void **request_context); typedef void (*preauth_client_request_fini_proc)(krb5_context context, - void *plugin_context, - void *request_context); + void *plugin_context, + void *request_context); /* Client function which processes server-supplied data in pa_data, * returns created data in out_pa_data, storing any of its own state in @@ -190,23 +191,23 @@ typedef void * obtained from a previous call to this function. */ typedef krb5_error_code (*preauth_client_process_proc)(krb5_context context, - void *plugin_context, - void *request_context, - krb5_get_init_creds_opt *opt, - preauth_get_client_data_proc get_data_proc, - struct _krb5_preauth_client_rock *rock, - krb5_kdc_req *request, - krb5_data *encoded_request_body, - krb5_data *encoded_previous_request, - krb5_pa_data *pa_data, - krb5_prompter_fct prompter, - void *prompter_data, - preauth_get_as_key_proc gak_fct, - void *gak_data, - krb5_data *salt, - krb5_data *s2kparams, - krb5_keyblock *as_key, - krb5_pa_data ***out_pa_data); + void *plugin_context, + void *request_context, + krb5_get_init_creds_opt *opt, + preauth_get_client_data_proc get_data_proc, + struct _krb5_preauth_client_rock *rock, + krb5_kdc_req *request, + krb5_data *encoded_request_body, + krb5_data *encoded_previous_request, + krb5_pa_data *pa_data, + krb5_prompter_fct prompter, + void *prompter_data, + preauth_get_as_key_proc gak_fct, + void *gak_data, + krb5_data *salt, + krb5_data *s2kparams, + krb5_keyblock *as_key, + krb5_pa_data ***out_pa_data); /* Client function which can attempt to use e-data in the error response to * try to recover from the given error. If this function is not NULL, and @@ -214,24 +215,24 @@ typedef krb5_error_code * of in_pa_data, then the client library will retransmit the request. */ typedef krb5_error_code (*preauth_client_tryagain_proc)(krb5_context context, - void *plugin_context, - void *request_context, - krb5_get_init_creds_opt *opt, - preauth_get_client_data_proc get_data_proc, - struct _krb5_preauth_client_rock *rock, - krb5_kdc_req *request, - krb5_data *encoded_request_body, - krb5_data *encoded_previous_request, - krb5_pa_data *in_pa_data, - krb5_error *error, - krb5_prompter_fct prompter, - void *prompter_data, - preauth_get_as_key_proc gak_fct, - void *gak_data, - krb5_data *salt, - krb5_data *s2kparams, - krb5_keyblock *as_key, - krb5_pa_data ***out_pa_data); + void *plugin_context, + void *request_context, + krb5_get_init_creds_opt *opt, + preauth_get_client_data_proc get_data_proc, + struct _krb5_preauth_client_rock *rock, + krb5_kdc_req *request, + krb5_data *encoded_request_body, + krb5_data *encoded_previous_request, + krb5_pa_data *in_pa_data, + krb5_error *error, + krb5_prompter_fct prompter, + void *prompter_data, + preauth_get_as_key_proc gak_fct, + void *gak_data, + krb5_data *salt, + krb5_data *s2kparams, + krb5_keyblock *as_key, + krb5_pa_data ***out_pa_data); /* * Client function which receives krb5_get_init_creds_opt information. @@ -240,10 +241,10 @@ typedef krb5_error_code */ typedef krb5_error_code (*preauth_client_supply_gic_opts_proc)(krb5_context context, - void *plugin_context, - krb5_get_init_creds_opt *opt, - const char *attr, - const char *value); + void *plugin_context, + krb5_get_init_creds_opt *opt, + const char *attr, + const char *value); /* * The function table / structure which a preauth client module must export as @@ -346,20 +347,20 @@ enum krb5plugin_preauth_entry_request_type { and free the keyblock using krb5_free_keyblock; in that case, this function simply frees the data*/ krb5plugin_preauth_free_fast_armor = 6, - }; +}; typedef krb5_error_code (*preauth_get_entry_data_proc)(krb5_context, - krb5_kdc_req *, - struct _krb5_db_entry_new *, - krb5_int32 request_type, - krb5_data **); + krb5_kdc_req *, + struct _krb5_db_entry_new *, + krb5_int32 request_type, + krb5_data **); /* Preauth plugin initialization function */ typedef krb5_error_code (*preauth_server_init_proc)(krb5_context context, - void **plugin_context, - const char** realmnames); + void **plugin_context, + const char** realmnames); /* Preauth plugin cleanup function */ typedef void @@ -385,12 +386,12 @@ typedef int * case a context might otherwise hang around forever. */ typedef krb5_error_code (*preauth_server_edata_proc)(krb5_context, - krb5_kdc_req *request, - struct _krb5_db_entry_new *client, - struct _krb5_db_entry_new *server, - preauth_get_entry_data_proc, - void *pa_module_context, - krb5_pa_data *data); + krb5_kdc_req *request, + struct _krb5_db_entry_new *client, + struct _krb5_db_entry_new *server, + preauth_get_entry_data_proc, + void *pa_module_context, + krb5_pa_data *data); /* Verify preauthentication data sent by the client, setting the * TKT_FLG_PRE_AUTH or TKT_FLG_HW_AUTH flag in the enc_tkt_reply's "flags" @@ -398,16 +399,16 @@ typedef krb5_error_code * context data for consumption by the return_proc or freepa_proc below. */ typedef krb5_error_code (*preauth_server_verify_proc)(krb5_context context, - struct _krb5_db_entry_new *client, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_enc_tkt_part *enc_tkt_reply, - krb5_pa_data *data, - preauth_get_entry_data_proc, - void *pa_module_context, - void **pa_request_context, - krb5_data **e_data, - krb5_authdata ***authz_data); + struct _krb5_db_entry_new *client, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_enc_tkt_part *enc_tkt_reply, + krb5_pa_data *data, + preauth_get_entry_data_proc, + void *pa_module_context, + void **pa_request_context, + krb5_data **e_data, + krb5_authdata ***authz_data); /* Generate preauthentication response data to send to the client as part * of the AS-REP. If it needs to override the key which is used to encrypt @@ -416,25 +417,25 @@ typedef krb5_error_code * context data it saved in "pa_request_context". */ typedef krb5_error_code (*preauth_server_return_proc)(krb5_context context, - krb5_pa_data * padata, - struct _krb5_db_entry_new *client, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_kdc_rep *reply, - struct _krb5_key_data *client_keys, - krb5_keyblock *encrypting_key, - krb5_pa_data **send_pa, - preauth_get_entry_data_proc, - void *pa_module_context, - void **pa_request_context); + krb5_pa_data * padata, + struct _krb5_db_entry_new *client, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_kdc_rep *reply, + struct _krb5_key_data *client_keys, + krb5_keyblock *encrypting_key, + krb5_pa_data **send_pa, + preauth_get_entry_data_proc, + void *pa_module_context, + void **pa_request_context); /* Free up the server-side per-request context, in cases where * server_return_proc() didn't or for whatever reason was not called. * Can be NULL. */ typedef krb5_error_code (*preauth_server_free_reqcontext_proc)(krb5_context, - void *pa_module_context, - void **request_pa_context); + void *pa_module_context, + void **request_pa_context); /* * The function table / structure which a preauth server module must export as @@ -507,20 +508,18 @@ typedef struct krb5plugin_preauth_server_ftable_v1 { * obtained using krb5_get_init_creds_opt_alloc() */ krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_opt_get_pa - (krb5_context context, - krb5_get_init_creds_opt *opt, - int *num_preauth_data, - krb5_gic_opt_pa_data **preauth_data); +krb5_get_init_creds_opt_get_pa(krb5_context context, + krb5_get_init_creds_opt *opt, + int *num_preauth_data, + krb5_gic_opt_pa_data **preauth_data); /* * This function frees the preauth_data that was returned by * krb5_get_init_creds_opt_get_pa(). */ void KRB5_CALLCONV -krb5_get_init_creds_opt_free_pa - (krb5_context context, - int num_preauth_data, - krb5_gic_opt_pa_data *preauth_data); +krb5_get_init_creds_opt_free_pa(krb5_context context, + int num_preauth_data, + krb5_gic_opt_pa_data *preauth_data); #endif /* KRB5_PREAUTH_PLUGIN_H_INCLUDED */ diff --git a/src/include/osconf.hin b/src/include/osconf.hin index dd3f976c79..6d0e7bc091 100644 --- a/src/include/osconf.hin +++ b/src/include/osconf.hin @@ -1,5 +1,5 @@ -/* -*- c -*- - * include/krb5/stock/osconf.h +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* include/krb5/stock/osconf.h * * Copyright 1990,1991,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -31,7 +31,7 @@ #define KRB5_OSCONF__ #if !defined(_WIN32) - /* Don't try to pull in autoconf.h for Windows, since it's not used */ +/* Don't try to pull in autoconf.h for Windows, since it's not used */ #ifndef KRB5_AUTOCONF__ #define KRB5_AUTOCONF__ #include "autoconf.h" @@ -44,8 +44,8 @@ #if defined(_WIN32) #define DEFAULT_PROFILE_FILENAME "krb5.ini" -#define DEFAULT_LNAME_FILENAME "/aname" -#define DEFAULT_KEYTAB_NAME "FILE:%s\\krb5kt" +#define DEFAULT_LNAME_FILENAME "/aname" +#define DEFAULT_KEYTAB_NAME "FILE:%s\\krb5kt" #else /* !_WINDOWS */ #if TARGET_OS_MAC #define DEFAULT_SECURE_PROFILE_PATH "/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:@SYSCONFDIR/krb5.conf" @@ -54,41 +54,41 @@ #define KDB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosDatabasePlugins" #define KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosAuthDataPlugins" #else -#define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf:@SYSCONFDIR/krb5.conf" +#define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf:@SYSCONFDIR/krb5.conf" #define DEFAULT_PROFILE_PATH DEFAULT_SECURE_PROFILE_PATH #endif -#define DEFAULT_KEYTAB_NAME "FILE:/etc/krb5.keytab" -#define DEFAULT_LNAME_FILENAME "@PREFIX/lib/krb5.aname" +#define DEFAULT_KEYTAB_NAME "FILE:/etc/krb5.keytab" +#define DEFAULT_LNAME_FILENAME "@PREFIX/lib/krb5.aname" #endif /* _WINDOWS */ #define DEFAULT_KDB_FILE "@LOCALSTATEDIR/krb5kdc/principal" -#define DEFAULT_KEYFILE_STUB "@LOCALSTATEDIR/krb5kdc/.k5." -#define KRB5_DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/krb5_adm.acl" +#define DEFAULT_KEYFILE_STUB "@LOCALSTATEDIR/krb5kdc/.k5." +#define KRB5_DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/krb5_adm.acl" /* Used by old admin server */ -#define DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/kadm_old.acl" +#define DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/kadm_old.acl" /* Location of KDC profile */ -#define DEFAULT_KDC_PROFILE "@LOCALSTATEDIR/krb5kdc/kdc.conf" -#define KDC_PROFILE_ENV "KRB5_KDC_PROFILE" +#define DEFAULT_KDC_PROFILE "@LOCALSTATEDIR/krb5kdc/kdc.conf" +#define KDC_PROFILE_ENV "KRB5_KDC_PROFILE" #if TARGET_OS_MAC -#define DEFAULT_KDB_LIB_PATH { KDB5_PLUGIN_BUNDLE_DIR, "@MODULEDIR/kdb", NULL } +#define DEFAULT_KDB_LIB_PATH { KDB5_PLUGIN_BUNDLE_DIR, "@MODULEDIR/kdb", NULL } #else -#define DEFAULT_KDB_LIB_PATH { "@MODULEDIR/kdb", NULL } +#define DEFAULT_KDB_LIB_PATH { "@MODULEDIR/kdb", NULL } #endif -#define DEFAULT_KDC_ENCTYPE ENCTYPE_DES3_CBC_SHA1 -#define KDCRCACHE "dfl:krb5kdc_rcache" +#define DEFAULT_KDC_ENCTYPE ENCTYPE_DES3_CBC_SHA1 +#define KDCRCACHE "dfl:krb5kdc_rcache" -#define KDC_PORTNAME "kerberos" /* for /etc/services or equiv. */ -#define KDC_SECONDARY_PORTNAME "kerberos-sec" /* For backwards */ - /* compatibility with */ - /* port 750 clients */ +#define KDC_PORTNAME "kerberos" /* for /etc/services or equiv. */ +#define KDC_SECONDARY_PORTNAME "kerberos-sec" /* For backwards */ +/* compatibility with */ +/* port 750 clients */ -#define KRB5_DEFAULT_PORT 88 -#define KRB5_DEFAULT_SEC_PORT 750 +#define KRB5_DEFAULT_PORT 88 +#define KRB5_DEFAULT_SEC_PORT 750 -#define DEFAULT_KPASSWD_PORT 464 +#define DEFAULT_KPASSWD_PORT 464 #define KPASSWD_PORTNAME "kpasswd" #define DEFAULT_KDC_UDP_PORTLIST "88,750" @@ -97,27 +97,27 @@ /* * Defaults for the KADM5 admin system. */ -#define DEFAULT_KADM5_KEYTAB "@LOCALSTATEDIR/krb5kdc/kadm5.keytab" -#define DEFAULT_KADM5_ACL_FILE "@LOCALSTATEDIR/krb5kdc/kadm5.acl" -#define DEFAULT_KADM5_PORT 749 /* assigned by IANA */ +#define DEFAULT_KADM5_KEYTAB "@LOCALSTATEDIR/krb5kdc/kadm5.keytab" +#define DEFAULT_KADM5_ACL_FILE "@LOCALSTATEDIR/krb5kdc/kadm5.acl" +#define DEFAULT_KADM5_PORT 749 /* assigned by IANA */ -#define KRB5_DEFAULT_SUPPORTED_ENCTYPES \ - "aes256-cts-hmac-sha1-96:normal " \ - "aes128-cts-hmac-sha1-96:normal " \ - "des3-cbc-sha1:normal arcfour-hmac-md5:normal" +#define KRB5_DEFAULT_SUPPORTED_ENCTYPES \ + "aes256-cts-hmac-sha1-96:normal " \ + "aes128-cts-hmac-sha1-96:normal " \ + "des3-cbc-sha1:normal arcfour-hmac-md5:normal" -#define MAX_DGRAM_SIZE 4096 +#define MAX_DGRAM_SIZE 4096 #define MAX_SKDC_TIMEOUT 30 -#define SKDC_TIMEOUT_SHIFT 2 /* left shift of timeout for backoff */ -#define SKDC_TIMEOUT_1 1 /* seconds for first timeout */ +#define SKDC_TIMEOUT_SHIFT 2 /* left shift of timeout for backoff */ +#define SKDC_TIMEOUT_1 1 /* seconds for first timeout */ -#define RCTMPDIR "@KRB5RCTMPDIR" /* directory to store replay caches */ +#define RCTMPDIR "@KRB5RCTMPDIR" /* directory to store replay caches */ -#define KRB5_PATH_TTY "/dev/tty" -#define KRB5_PATH_LOGIN "@SBINDIR/login.krb5" +#define KRB5_PATH_TTY "/dev/tty" +#define KRB5_PATH_LOGIN "@SBINDIR/login.krb5" #define KRB5_PATH_RLOGIN "@BINDIR/rlogin" -#define KRB5_ENV_CCNAME "KRB5CCNAME" +#define KRB5_ENV_CCNAME "KRB5CCNAME" /* * krb5 slave support follows diff --git a/src/include/pkinit_apple_utils.h b/src/include/pkinit_apple_utils.h index 857b1685cb..11751095c6 100644 --- a/src/include/pkinit_apple_utils.h +++ b/src/include/pkinit_apple_utils.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2004-2008 Apple Inc. All Rights Reserved. * @@ -29,7 +30,7 @@ * Created 19 May 2004 by Doug Mitchell. */ -#ifndef _PKINIT_APPLE_UTILS_H_ +#ifndef _PKINIT_APPLE_UTILS_H_ #define _PKINIT_APPLE_UTILS_H_ #include @@ -45,7 +46,7 @@ extern "C" { #define PKI_DEBUG 0 #endif -#if PKI_DEBUG +#if PKI_DEBUG #include @@ -54,7 +55,7 @@ extern "C" { #else #define pkiDebug(args...) #define pkiCssmErr(str, rtn) -#endif /* PKI_DEBUG */ +#endif /* PKI_DEBUG */ /* * Macros used to initialize a declared CSSM_DATA and krb5_data to zero/NULL values. @@ -71,10 +72,10 @@ CSSM_CL_HANDLE pkiClStartup(void); */ krb5_error_code pkiDataToInt( const CSSM_DATA *cdata, - krb5_int32 *i); /* RETURNED */ + krb5_int32 *i); /* RETURNED */ krb5_error_code pkiIntToData( - krb5_int32 num, + krb5_int32 num, CSSM_DATA *cdata, /* allocated in coder space and RETURNED */ SecAsn1CoderRef coder); @@ -84,7 +85,7 @@ krb5_error_code pkiIntToData( krb5_error_code pkiDataToKrb5Data( const void *data, unsigned dataLen, - krb5_data *kd); /* content mallocd and RETURNED */ + krb5_data *kd); /* content mallocd and RETURNED */ /* * CSSM_DATA <--> krb5_data @@ -93,7 +94,7 @@ krb5_error_code pkiDataToKrb5Data( */ krb5_error_code pkiCssmDataToKrb5Data( const CSSM_DATA *cd, - krb5_data *kd); /* content mallocd and RETURNED */ + krb5_data *kd); /* content mallocd and RETURNED */ krb5_error_code pkiKrb5DataToCssm( @@ -105,19 +106,19 @@ krb5_error_code pkiKrb5DataToCssm( * CFDataRef --> krb5_data, mallocing the destination contents. */ krb5_error_code pkiCfDataToKrb5Data( - CFDataRef cfData, - krb5_data *kd); /* content mallocd and RETURNED */ + CFDataRef cfData, + krb5_data *kd); /* content mallocd and RETURNED */ /* * Non-mallocing conversion between CSSM_DATA and krb5_data */ -#define PKI_CSSM_TO_KRB_DATA(cd, kd) \ - (kd)->data = (char *)(cd)->Data; \ - (kd)->length = (cd)->Length; +#define PKI_CSSM_TO_KRB_DATA(cd, kd) \ + (kd)->data = (char *)(cd)->Data; \ + (kd)->length = (cd)->Length; -#define PKI_KRB_TO_CSSM_DATA(kd, cd) \ - (cd)->Data = (uint8 *)(kd)->data; \ - (cd)->Length = (kd)->length; +#define PKI_KRB_TO_CSSM_DATA(kd, cd) \ + (cd)->Data = (uint8 *)(kd)->data; \ + (cd)->Length = (kd)->length; /* * Compare to CSSM_DATAs. Return TRUE if they're the same else FALSE. @@ -131,12 +132,12 @@ krb5_boolean pkiCompareCssmData( */ krb5_error_code pkiKrbTimestampToStr( krb5_timestamp kts, - char **str); /* mallocd and RETURNED */ + char **str); /* mallocd and RETURNED */ krb5_error_code pkiTimeStrToKrbTimestamp( - const char *str, - unsigned len, - krb5_timestamp *kts); /* RETURNED */ + const char *str, + unsigned len, + krb5_timestamp *kts); /* RETURNED */ /* * How many items in a NULL-terminated array of pointers? diff --git a/src/include/pkinit_asn1.h b/src/include/pkinit_asn1.h index 8e33a69a60..44b01e9664 100644 --- a/src/include/pkinit_asn1.h +++ b/src/include/pkinit_asn1.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2004-2008 Apple Inc. All Rights Reserved. * @@ -29,7 +30,7 @@ * Created 18 May 2004 by Doug Mitchell. */ -#ifndef _PKINIT_ASN1_H_ +#ifndef _PKINIT_ASN1_H_ #define _PKINIT_ASN1_H_ #include @@ -40,31 +41,31 @@ extern "C" { /* RFC 3280 AlgorithmIdentifier */ typedef struct { - krb5_data algorithm; /* OID */ - krb5_data parameters; /* ASN_ANY, defined by algorithm */ + krb5_data algorithm; /* OID */ + krb5_data parameters; /* ASN_ANY, defined by algorithm */ } krb5int_algorithm_id; /* * Encode and decode AuthPack, public key version (no Diffie-Hellman components). */ krb5_error_code krb5int_pkinit_auth_pack_encode( - krb5_timestamp kctime, - krb5_int32 cusec, /* microseconds */ - krb5_ui_4 nonce, - const krb5_checksum *pa_checksum, - const krb5int_algorithm_id *cms_types, /* optional */ - krb5_ui_4 num_cms_types, - krb5_data *auth_pack); /* mallocd and RETURNED */ + krb5_timestamp kctime, + krb5_int32 cusec, /* microseconds */ + krb5_ui_4 nonce, + const krb5_checksum *pa_checksum, + const krb5int_algorithm_id *cms_types, /* optional */ + krb5_ui_4 num_cms_types, + krb5_data *auth_pack); /* mallocd and RETURNED */ /* all returned values are optional - pass NULL if you don't want them */ krb5_error_code krb5int_pkinit_auth_pack_decode( - const krb5_data *auth_pack, /* DER encoded */ - krb5_timestamp *kctime, /* RETURNED */ - krb5_ui_4 *cusec, /* microseconds, RETURNED */ - krb5_ui_4 *nonce, /* RETURNED */ - krb5_checksum *pa_checksum, /* contents mallocd and RETURNED */ - krb5int_algorithm_id **cms_types, /* mallocd and RETURNED */ - krb5_ui_4 *num_cms_types); /* RETURNED */ + const krb5_data *auth_pack, /* DER encoded */ + krb5_timestamp *kctime, /* RETURNED */ + krb5_ui_4 *cusec, /* microseconds, RETURNED */ + krb5_ui_4 *nonce, /* RETURNED */ + krb5_checksum *pa_checksum, /* contents mallocd and RETURNED */ + krb5int_algorithm_id **cms_types, /* mallocd and RETURNED */ + krb5_ui_4 *num_cms_types); /* RETURNED */ /* @@ -72,7 +73,7 @@ krb5_error_code krb5int_pkinit_auth_pack_decode( * IssuerAndSerialNumber. */ krb5_error_code krb5int_pkinit_issuer_serial_encode( - const krb5_data *issuer, /* DER encoded */ + const krb5_data *issuer, /* DER encoded */ const krb5_data *serial_num, krb5_data *issuer_and_serial); /* content mallocd and RETURNED */ @@ -81,8 +82,8 @@ krb5_error_code krb5int_pkinit_issuer_serial_encode( */ krb5_error_code krb5int_pkinit_issuer_serial_decode( const krb5_data *issuer_and_serial, /* DER encoded */ - krb5_data *issuer, /* DER encoded, RETURNED */ - krb5_data *serial_num); /* RETURNED */ + krb5_data *issuer, /* DER encoded, RETURNED */ + krb5_data *serial_num); /* RETURNED */ /* * Top-level encode for PA-PK-AS-REQ. @@ -90,12 +91,12 @@ krb5_error_code krb5int_pkinit_issuer_serial_decode( * specific tag 0, during encode. */ krb5_error_code krb5int_pkinit_pa_pk_as_req_encode( - const krb5_data *signed_auth_pack, /* DER encoded ContentInfo */ - const krb5_data *trusted_CAs, /* optional: trustedCertifiers. Contents are - * DER-encoded issuer/serialNumbers. */ - krb5_ui_4 num_trusted_CAs, - const krb5_data *kdc_cert, /* optional kdcPkId, DER encoded issuer/serial */ - krb5_data *pa_pk_as_req); /* mallocd and RETURNED */ + const krb5_data *signed_auth_pack, /* DER encoded ContentInfo */ + const krb5_data *trusted_CAs, /* optional: trustedCertifiers. Contents are + * DER-encoded issuer/serialNumbers. */ + krb5_ui_4 num_trusted_CAs, + const krb5_data *kdc_cert, /* optional kdcPkId, DER encoded issuer/serial */ + krb5_data *pa_pk_as_req); /* mallocd and RETURNED */ /* * Top-level decode for PA-PK-AS-REQ. Does not perform cert verification on the @@ -105,15 +106,15 @@ krb5_error_code krb5int_pkinit_pa_pk_as_req_encode( */ krb5_error_code krb5int_pkinit_pa_pk_as_req_decode( const krb5_data *pa_pk_as_req, - krb5_data *signed_auth_pack, /* DER encoded ContentInfo, RETURNED */ + krb5_data *signed_auth_pack, /* DER encoded ContentInfo, RETURNED */ /* * Remainder are optionally RETURNED (specify NULL for pointers to * items you're not interested in). */ - krb5_ui_4 *num_trusted_CAs, /* sizeof trusted_CAs */ - krb5_data **trusted_CAs, /* mallocd array of DER-encoded TrustedCAs - * issuer/serial */ - krb5_data *kdc_cert); /* DER encoded issuer/serial */ + krb5_ui_4 *num_trusted_CAs, /* sizeof trusted_CAs */ + krb5_data **trusted_CAs, /* mallocd array of DER-encoded TrustedCAs + * issuer/serial */ + krb5_data *kdc_cert); /* DER encoded issuer/serial */ /* * Encode a ReplyKeyPack. The result is used as the Content of a SignedData. @@ -121,15 +122,15 @@ krb5_error_code krb5int_pkinit_pa_pk_as_req_decode( krb5_error_code krb5int_pkinit_reply_key_pack_encode( const krb5_keyblock *key_block, const krb5_checksum *checksum, - krb5_data *reply_key_pack); /* mallocd and RETURNED */ + krb5_data *reply_key_pack); /* mallocd and RETURNED */ /* * Decode a ReplyKeyPack. */ krb5_error_code krb5int_pkinit_reply_key_pack_decode( - const krb5_data *reply_key_pack, - krb5_keyblock *key_block, /* RETURNED */ - krb5_checksum *checksum); /* contents mallocd and RETURNED */ + const krb5_data *reply_key_pack, + krb5_keyblock *key_block, /* RETURNED */ + krb5_checksum *checksum); /* contents mallocd and RETURNED */ /* * Encode a PA-PK-AS-REP. @@ -141,8 +142,8 @@ krb5_error_code krb5int_pkinit_reply_key_pack_decode( */ krb5_error_code krb5int_pkinit_pa_pk_as_rep_encode( const krb5_data *dh_signed_data, - const krb5_data *enc_key_pack, /* EnvelopedData(signedData(ReplyKeyPack) */ - krb5_data *pa_pk_as_rep); /* mallocd and RETURNED */ + const krb5_data *enc_key_pack, /* EnvelopedData(signedData(ReplyKeyPack) */ + krb5_data *pa_pk_as_rep); /* mallocd and RETURNED */ /* * Decode a PA-PK-AS-REP. @@ -155,18 +156,18 @@ krb5_error_code krb5int_pkinit_pa_pk_as_rep_encode( */ krb5_error_code krb5int_pkinit_pa_pk_as_rep_decode( const krb5_data *pa_pk_as_rep, - krb5_data *dh_signed_data, - krb5_data *enc_key_pack); + krb5_data *dh_signed_data, + krb5_data *enc_key_pack); /* * Given a DER encoded certificate, obtain the associated IssuerAndSerialNumber. */ krb5_error_code krb5int_pkinit_get_issuer_serial( - const krb5_data *cert, - krb5_data *issuer_and_serial); + const krb5_data *cert, + krb5_data *issuer_and_serial); #ifdef __cplusplus } #endif -#endif /* _PKINIT_ASN1_H_ */ +#endif /* _PKINIT_ASN1_H_ */ diff --git a/src/include/pkinit_cert_store.h b/src/include/pkinit_cert_store.h index b7f70d3889..1524f1c0cd 100644 --- a/src/include/pkinit_cert_store.h +++ b/src/include/pkinit_cert_store.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2004-2008 Apple Inc. All Rights Reserved. * @@ -29,7 +30,7 @@ * Created 26 May 2004 by Doug Mitchell at Apple. */ -#ifndef _PKINIT_CERT_STORE_H_ +#ifndef _PKINIT_CERT_STORE_H_ #define _PKINIT_CERT_STORE_H_ #ifdef __cplusplus @@ -62,15 +63,15 @@ typedef void *krb5_pkinit_cert_db_t; * Returns KRB5_PRINC_NOMATCH if client cert not found. */ krb5_error_code krb5_pkinit_get_client_cert( - const char *principal, /* full principal string */ - krb5_pkinit_signing_cert_t *client_cert); /* RETURNED */ + const char *principal, /* full principal string */ + krb5_pkinit_signing_cert_t *client_cert); /* RETURNED */ /* * Determine if the specified client has a signing cert. Returns TRUE * if so, else returns FALSE. */ krb5_boolean krb5_pkinit_have_client_cert( - const char *principal); /* full principal string */ + const char *principal); /* full principal string */ /* * Store the specified certificate (or, more likely, some platform-dependent @@ -79,20 +80,20 @@ krb5_boolean krb5_pkinit_have_client_cert( * in the cert storage. */ krb5_error_code krb5_pkinit_set_client_cert_from_signing_cert( - const char *principal, /* full principal string */ - krb5_pkinit_signing_cert_t client_cert); + const char *principal, /* full principal string */ + krb5_pkinit_signing_cert_t client_cert); krb5_error_code krb5_pkinit_set_client_cert( - const char *principal, /* full principal string */ - krb5_pkinit_cert_t client_cert); + const char *principal, /* full principal string */ + krb5_pkinit_cert_t client_cert); /* * Obtain a reference to the client's cert database. Specify either principal * name or client_cert as obtained from krb5_pkinit_get_client_cert(). */ krb5_error_code krb5_pkinit_get_client_cert_db( - const char *principal, /* optional, full principal string */ - krb5_pkinit_signing_cert_t client_cert, /* optional, from krb5_pkinit_get_client_cert() */ - krb5_pkinit_cert_db_t *client_cert_db); /* RETURNED */ + const char *principal, /* optional, full principal string */ + krb5_pkinit_signing_cert_t client_cert, /* optional, from krb5_pkinit_get_client_cert() */ + krb5_pkinit_cert_db_t *client_cert_db); /* RETURNED */ /* * Obtain the KDC signing cert, with optional CA and specific cert specifiers. @@ -110,16 +111,16 @@ krb5_error_code krb5_pkinit_get_client_cert_db( * */ krb5_error_code krb5_pkinit_get_kdc_cert( - krb5_ui_4 num_trusted_CAs, /* sizeof *trusted_CAs */ - krb5_data *trusted_CAs, /* optional */ - krb5_data *client_spec, /* optional */ - krb5_pkinit_signing_cert_t *kdc_cert); /* RETURNED */ + krb5_ui_4 num_trusted_CAs, /* sizeof *trusted_CAs */ + krb5_data *trusted_CAs, /* optional */ + krb5_data *client_spec, /* optional */ + krb5_pkinit_signing_cert_t *kdc_cert); /* RETURNED */ /* * Obtain a reference to the KDC's cert database. */ krb5_error_code krb5_pkinit_get_kdc_cert_db( - krb5_pkinit_cert_db_t *kdc_cert_db); /* RETURNED */ + krb5_pkinit_cert_db_t *kdc_cert_db); /* RETURNED */ /* * Release certificate references obtained via krb5_pkinit_get_client_cert() and @@ -133,7 +134,7 @@ extern void krb5_pkinit_release_cert( * krb5_pkinit_get_kdc_cert_db(). */ extern void krb5_pkinit_release_cert_db( - krb5_pkinit_cert_db_t cert_db); + krb5_pkinit_cert_db_t cert_db); /* * Obtain a mallocd C-string representation of a certificate's SHA1 digest. @@ -152,9 +153,9 @@ char *krb5_pkinit_cert_hash_str( krb5_error_code krb5_pkinit_get_server_certs( const char *client_principal, const char *server_principal, - krb5_data **trusted_CAs, /* RETURNED, though return value may be NULL */ - krb5_ui_4 *num_trusted_CAs, /* RETURNED */ - krb5_data *kdc_cert); /* RETURNED, though may be 0/NULL */ + krb5_data **trusted_CAs, /* RETURNED, though return value may be NULL */ + krb5_ui_4 *num_trusted_CAs, /* RETURNED */ + krb5_data *kdc_cert); /* RETURNED, though may be 0/NULL */ #ifdef __cplusplus } diff --git a/src/include/pkinit_client.h b/src/include/pkinit_client.h index 3b9a841baf..d3182cc84b 100644 --- a/src/include/pkinit_client.h +++ b/src/include/pkinit_client.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2004-2008 Apple Inc. All Rights Reserved. * @@ -44,37 +45,37 @@ extern "C" { * Create a PA-PK-AS-REQ message. */ krb5_error_code krb5int_pkinit_as_req_create( - krb5_context context, - krb5_timestamp kctime, - krb5_int32 cusec, /* microseconds */ - krb5_ui_4 nonce, - const krb5_checksum *cksum, - krb5_pkinit_signing_cert_t client_cert, /* required! */ + krb5_context context, + krb5_timestamp kctime, + krb5_int32 cusec, /* microseconds */ + krb5_ui_4 nonce, + const krb5_checksum *cksum, + krb5_pkinit_signing_cert_t client_cert, /* required! */ /* * trusted_CAs correponds to PA-PK-AS-REQ.trustedCertifiers. * Expressed here as an optional list of DER-encoded certs. */ - const krb5_data *trusted_CAs, - krb5_ui_4 num_trusted_CAs, + const krb5_data *trusted_CAs, + krb5_ui_4 num_trusted_CAs, /* optional PA-PK-AS-REQ.kdcPkId, expressed here as a * DER-encoded cert */ - const krb5_data *kdc_cert, - krb5_data *as_req); /* mallocd and RETURNED */ + const krb5_data *kdc_cert, + krb5_data *as_req); /* mallocd and RETURNED */ /* * Parse PA-PK-AS-REP message. Optionally evaluates the message's certificate chain. * Optionally returns various components. */ krb5_error_code krb5int_pkinit_as_rep_parse( - krb5_context context, - const krb5_data *as_rep, - krb5_pkinit_signing_cert_t client_cert, /* required for decryption */ - krb5_keyblock *key_block, /* RETURNED */ - krb5_checksum *checksum, /* checksum of corresponding AS-REQ */ - /* contents mallocd and RETURNED */ - krb5int_cert_sig_status *cert_status, /* RETURNED */ + krb5_context context, + const krb5_data *as_rep, + krb5_pkinit_signing_cert_t client_cert, /* required for decryption */ + krb5_keyblock *key_block, /* RETURNED */ + krb5_checksum *checksum, /* checksum of corresponding AS-REQ */ + /* contents mallocd and RETURNED */ + krb5int_cert_sig_status *cert_status, /* RETURNED */ /* * Cert fields, all optionally RETURNED. @@ -83,9 +84,9 @@ krb5_error_code krb5int_pkinit_as_rep_parse( * all_certs is an array of all of the certs in the incoming SignedData, * in full DER-encoded form. */ - krb5_data *signer_cert, /* content mallocd */ - unsigned *num_all_certs, /* sizeof *all_certs */ - krb5_data **all_certs); /* krb5_data's and their content mallocd */ + krb5_data *signer_cert, /* content mallocd */ + unsigned *num_all_certs, /* sizeof *all_certs */ + krb5_data **all_certs); /* krb5_data's and their content mallocd */ #ifdef __cplusplus } diff --git a/src/include/pkinit_cms.h b/src/include/pkinit_cms.h index accf8bfb32..d46358dd9d 100644 --- a/src/include/pkinit_cms.h +++ b/src/include/pkinit_cms.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2004-2008 Apple Inc. All Rights Reserved. * @@ -76,22 +77,22 @@ typedef krb5_int32 krb5int_cms_content_type; */ enum { pki_cs_good = 0, - pki_not_signed, /* message not signed */ - pki_not_evaluated, /* signed, but not evaluated per caller request */ + pki_not_signed, /* message not signed */ + pki_not_evaluated, /* signed, but not evaluated per caller request */ /* remainder imply good signature on the message proper, i.e., these * are all certificate errors. */ pki_cs_sig_verify_fail, /* signature verification failed */ - pki_cs_bad_leaf, /* leaf/subject cert itself is plain bad */ - pki_cs_no_root, /* looks good but not verifiable to any root */ + pki_cs_bad_leaf, /* leaf/subject cert itself is plain bad */ + pki_cs_no_root, /* looks good but not verifiable to any root */ pki_cs_unknown_root, /* verified to root we don't recognize */ - pki_cs_expired, /* expired */ + pki_cs_expired, /* expired */ pki_cs_not_valid_yet, /* cert not valid yet */ - pki_cs_revoked, /* revoked via CRL or OCSP */ - pki_cs_untrusted, /* marked by user as untrusted */ - pki_bad_cms, /* CMS Format precluded verification */ - pki_bad_key_use, /* Bad ExtendedKeyUse or KeyUsage extension */ - pki_bad_digest, /* unacceptable CMS digest algorithm */ - pki_cs_other_err /* other cert verify error */ + pki_cs_revoked, /* revoked via CRL or OCSP */ + pki_cs_untrusted, /* marked by user as untrusted */ + pki_bad_cms, /* CMS Format precluded verification */ + pki_bad_key_use, /* Bad ExtendedKeyUse or KeyUsage extension */ + pki_bad_digest, /* unacceptable CMS digest algorithm */ + pki_cs_other_err /* other cert verify error */ }; typedef krb5_int32 krb5int_cert_sig_status; @@ -111,13 +112,13 @@ typedef krb5_int32 krb5int_cert_sig_status; * creation of the CMS message. */ krb5_error_code krb5int_pkinit_create_cms_msg( - const krb5_data *content, /* Content */ - krb5_pkinit_signing_cert_t signing_cert, /* optional: signed by this cert */ - const krb5_data *recip_cert, /* optional: encrypted with this cert */ - krb5int_cms_content_type content_type, /* OID for EncapsulatedData */ - krb5_ui_4 num_cms_types, /* optional */ - const krb5int_algorithm_id *cms_types, /* optional */ - krb5_data *content_info); /* contents mallocd and RETURNED */ + const krb5_data *content, /* Content */ + krb5_pkinit_signing_cert_t signing_cert, /* optional: signed by this cert */ + const krb5_data *recip_cert, /* optional: encrypted with this cert */ + krb5int_cms_content_type content_type, /* OID for EncapsulatedData */ + krb5_ui_4 num_cms_types, /* optional */ + const krb5int_algorithm_id *cms_types, /* optional */ + krb5_data *content_info); /* contents mallocd and RETURNED */ /* * Parse a ContentInfo as best we can. All returned fields are optional - @@ -136,19 +137,19 @@ krb5_error_code krb5int_pkinit_create_cms_msg( */ krb5_error_code krb5int_pkinit_parse_cms_msg( const krb5_data *content_info, - krb5_pkinit_cert_db_t cert_db, /* may be required for SignedData */ - krb5_boolean is_client_msg, /* TRUE : msg is from client */ - krb5_boolean *is_signed, /* RETURNED */ - krb5_boolean *is_encrypted, /* RETURNED */ - krb5_data *raw_data, /* RETURNED */ - krb5int_cms_content_type *inner_content_type,/* Returned, ContentType of */ - /* EncapsulatedData if */ - /* *is_signed true */ + krb5_pkinit_cert_db_t cert_db, /* may be required for SignedData */ + krb5_boolean is_client_msg, /* TRUE : msg is from client */ + krb5_boolean *is_signed, /* RETURNED */ + krb5_boolean *is_encrypted, /* RETURNED */ + krb5_data *raw_data, /* RETURNED */ + krb5int_cms_content_type *inner_content_type,/* Returned, ContentType of + * EncapsulatedData if + * *is_signed true */ /* returned for type SignedData only */ - krb5_data *signer_cert, /* RETURNED */ + krb5_data *signer_cert, /* RETURNED */ krb5int_cert_sig_status *signer_cert_status,/* RETURNED */ - unsigned *num_all_certs, /* size of *all_certs RETURNED */ - krb5_data **all_certs); /* entire cert chain RETURNED */ + unsigned *num_all_certs, /* size of *all_certs RETURNED */ + krb5_data **all_certs); /* entire cert chain RETURNED */ /* * An AuthPack contains an optional set of AlgorithmIdentifiers @@ -165,12 +166,12 @@ krb5_error_code krb5int_pkinit_parse_cms_msg( * from krb5int_pkinit_get_cms_types() as necessary. */ krb5_error_code krb5int_pkinit_get_cms_types( - krb5int_algorithm_id **supported_cms_types, /* RETURNED */ - krb5_ui_4 *num_supported_cms_types); /* RETURNED */ + krb5int_algorithm_id **supported_cms_types, /* RETURNED */ + krb5_ui_4 *num_supported_cms_types); /* RETURNED */ krb5_error_code krb5int_pkinit_free_cms_types( krb5int_algorithm_id *supported_cms_types, - krb5_ui_4 num_supported_cms_types); + krb5_ui_4 num_supported_cms_types); #ifdef __cplusplus } diff --git a/src/include/port-sockets.h b/src/include/port-sockets.h index 35ed2b4c42..bb2b5173f9 100644 --- a/src/include/port-sockets.h +++ b/src/include/port-sockets.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #ifndef _PORT_SOCKET_H #define _PORT_SOCKET_H #if defined(_WIN32) @@ -10,14 +11,14 @@ typedef WSABUF sg_buf; -#define SG_ADVANCE(SG, N) \ - ((SG)->len < (N) \ - ? (abort(), 0) \ - : ((SG)->buf += (N), (SG)->len -= (N), 0)) +#define SG_ADVANCE(SG, N) \ + ((SG)->len < (N) \ + ? (abort(), 0) \ + : ((SG)->buf += (N), (SG)->len -= (N), 0)) -#define SG_LEN(SG) ((SG)->len + 0) -#define SG_BUF(SG) ((SG)->buf + 0) -#define SG_SET(SG, B, N) ((SG)->buf = (char *)(B),(SG)->len = (N)) +#define SG_LEN(SG) ((SG)->len + 0) +#define SG_BUF(SG) ((SG)->buf + 0) +#define SG_SET(SG, B, N) ((SG)->buf = (char *)(B),(SG)->len = (N)) #define SOCKET_INITIALIZE() 0 #define SOCKET_CLEANUP() @@ -26,9 +27,9 @@ typedef WSABUF sg_buf; #define SOCKET_NFDS(f) (0) /* select()'s first arg is ignored */ #define SOCKET_READ(fd, b, l) (recv(fd, b, l, 0)) #define SOCKET_WRITE(fd, b, l) (send(fd, b, l, 0)) -#define SOCKET_CONNECT connect /* XXX */ -#define SOCKET_GETSOCKNAME getsockname /* XXX */ -#define SOCKET_CLOSE close /* XXX */ +#define SOCKET_CONNECT connect /* XXX */ +#define SOCKET_GETSOCKNAME getsockname /* XXX */ +#define SOCKET_CLOSE close /* XXX */ #define SOCKET_EINTR WSAEINTR /* Return -1 for error or number of bytes written. @@ -36,12 +37,12 @@ typedef WSABUF sg_buf; must be used by this macro (to avoid compiler warnings). */ /* WSASend returns 0 or SOCKET_ERROR. */ #define SOCKET_WRITEV_TEMP DWORD -#define SOCKET_WRITEV(FD, SG, LEN, TMP) \ - (WSASend((FD), (SG), (LEN), &(TMP), 0, 0, 0) ? -1 : (TMP)) +#define SOCKET_WRITEV(FD, SG, LEN, TMP) \ + (WSASend((FD), (SG), (LEN), &(TMP), 0, 0, 0) ? -1 : (TMP)) -#define SHUTDOWN_READ SD_RECEIVE -#define SHUTDOWN_WRITE SD_SEND -#define SHUTDOWN_BOTH SD_BOTH +#define SHUTDOWN_READ SD_RECEIVE +#define SHUTDOWN_WRITE SD_SEND +#define SHUTDOWN_BOTH SD_BOTH #ifndef EINPROGRESS #define EINPROGRESS WSAEINPROGRESS @@ -79,23 +80,23 @@ typedef int socklen_t; #include "autoconf.h" #include -#include /* For struct sockaddr_in and in_addr */ -#include /* For inet_ntoa */ +#include /* For struct sockaddr_in and in_addr */ +#include /* For inet_ntoa */ #include #ifndef HAVE_NETDB_H_H_ERRNO -extern int h_errno; /* In case it's missing, e.g., HP-UX 10.20. */ +extern int h_errno; /* In case it's missing, e.g., HP-UX 10.20. */ #endif -#include /* For MAXHOSTNAMELEN */ -#include /* For SOCK_*, AF_*, etc */ -#include /* For struct timeval */ -#include /* For struct ifconf, for localaddr.c */ +#include /* For MAXHOSTNAMELEN */ +#include /* For SOCK_*, AF_*, etc */ +#include /* For struct timeval */ +#include /* For struct ifconf, for localaddr.c */ #ifdef HAVE_SYS_UIO_H -#include /* For struct iovec, for sg_buf */ +#include /* For struct iovec, for sg_buf */ #endif #ifdef HAVE_SYS_FILIO_H -#include /* For FIONBIO on Solaris. */ +#include /* For FIONBIO on Solaris. */ #endif /* Either size_t or int or unsigned int is probably right. Under @@ -118,59 +119,59 @@ struct krb5int_sockaddr_storage { /* * Compatability with WinSock calls on MS-Windows... */ -#define SOCKET int -#define INVALID_SOCKET ((SOCKET)~0) -#define closesocket close -#define ioctlsocket ioctl -#define SOCKET_ERROR (-1) +#define SOCKET int +#define INVALID_SOCKET ((SOCKET)~0) +#define closesocket close +#define ioctlsocket ioctl +#define SOCKET_ERROR (-1) typedef struct iovec sg_buf; -#define SG_ADVANCE(SG, N) \ - ((SG)->iov_len < (N) \ - ? (abort(), 0) \ - : ((SG)->iov_base = (char *) (SG)->iov_base + (N), \ - (SG)->iov_len -= (N), 0)) +#define SG_ADVANCE(SG, N) \ + ((SG)->iov_len < (N) \ + ? (abort(), 0) \ + : ((SG)->iov_base = (char *) (SG)->iov_base + (N), \ + (SG)->iov_len -= (N), 0)) -#define SG_LEN(SG) ((SG)->iov_len + 0) -#define SG_BUF(SG) ((char*)(SG)->iov_base + 0) -#define SG_SET(SG, B, L) ((SG)->iov_base = (char*)(B), (SG)->iov_len = (L)) +#define SG_LEN(SG) ((SG)->iov_len + 0) +#define SG_BUF(SG) ((char*)(SG)->iov_base + 0) +#define SG_SET(SG, B, L) ((SG)->iov_base = (char*)(B), (SG)->iov_len = (L)) /* Some of our own infrastructure where the WinSock stuff was too hairy to dump into a clean Unix program... */ -#define SOCKET_INITIALIZE() (0) /* No error (or anything else) */ -#define SOCKET_CLEANUP() /* nothing */ -#define SOCKET_ERRNO errno -#define SOCKET_SET_ERRNO(x) (errno = (x)) -#define SOCKET_NFDS(f) ((f)+1) /* select() arg for a single fd */ -#define SOCKET_READ read -#define SOCKET_WRITE write -#define SOCKET_CONNECT connect -#define SOCKET_GETSOCKNAME getsockname -#define SOCKET_CLOSE close -#define SOCKET_EINTR EINTR +#define SOCKET_INITIALIZE() (0) /* No error (or anything else) */ +#define SOCKET_CLEANUP() /* nothing */ +#define SOCKET_ERRNO errno +#define SOCKET_SET_ERRNO(x) (errno = (x)) +#define SOCKET_NFDS(f) ((f)+1) /* select() arg for a single fd */ +#define SOCKET_READ read +#define SOCKET_WRITE write +#define SOCKET_CONNECT connect +#define SOCKET_GETSOCKNAME getsockname +#define SOCKET_CLOSE close +#define SOCKET_EINTR EINTR #define SOCKET_WRITEV_TEMP int /* Use TMP to avoid compiler warnings and keep things consistent with Windoze version. */ -#define SOCKET_WRITEV(FD, SG, LEN, TMP) \ - ((TMP) = writev((FD), (SG), (LEN)), (TMP)) +#define SOCKET_WRITEV(FD, SG, LEN, TMP) \ + ((TMP) = writev((FD), (SG), (LEN)), (TMP)) -#define SHUTDOWN_READ 0 -#define SHUTDOWN_WRITE 1 -#define SHUTDOWN_BOTH 2 +#define SHUTDOWN_READ 0 +#define SHUTDOWN_WRITE 1 +#define SHUTDOWN_BOTH 2 #ifndef HAVE_INET_NTOP -#define inet_ntop(AF,SRC,DST,CNT) \ - ((AF) == AF_INET \ - ? ((CNT) < 16 \ - ? (SOCKET_SET_ERRNO(ENOSPC), (const char *)NULL) \ - : (sprintf((DST), "%d.%d.%d.%d", \ - ((const unsigned char *)(const void *)(SRC))[0] & 0xff, \ - ((const unsigned char *)(const void *)(SRC))[1] & 0xff, \ - ((const unsigned char *)(const void *)(SRC))[2] & 0xff, \ - ((const unsigned char *)(const void *)(SRC))[3] & 0xff), \ - (DST))) \ +#define inet_ntop(AF,SRC,DST,CNT) \ + ((AF) == AF_INET \ + ? ((CNT) < 16 \ + ? (SOCKET_SET_ERRNO(ENOSPC), (const char *)NULL) \ + : (sprintf((DST), "%d.%d.%d.%d", \ + ((const unsigned char *)(const void *)(SRC))[0] & 0xff, \ + ((const unsigned char *)(const void *)(SRC))[1] & 0xff, \ + ((const unsigned char *)(const void *)(SRC))[2] & 0xff, \ + ((const unsigned char *)(const void *)(SRC))[3] & 0xff), \ + (DST))) \ : (SOCKET_SET_ERRNO(EAFNOSUPPORT), (const char *)NULL)) #define HAVE_INET_NTOP #endif diff --git a/src/include/socket-utils.h b/src/include/socket-utils.h index d874058019..19145c85f8 100644 --- a/src/include/socket-utils.h +++ b/src/include/socket-utils.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (C) 2001,2005 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. diff --git a/src/include/spnego-asn1.h b/src/include/spnego-asn1.h index 211ba37d8b..35f446e522 100644 --- a/src/include/spnego-asn1.h +++ b/src/include/spnego-asn1.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * spnego-asn1.h * @@ -38,18 +39,18 @@ /* Context flags recognized by SPNEGO*/ enum { - SPNEGO_DELEG_FLAG = 0x80, - SPNEGO_MUTUAL_FLAG = 0x40, - SPNEGO_ANON_FLAG=0x20, - SPNEGO_CONF_FLAG = 0x10 + SPNEGO_DELEG_FLAG = 0x80, + SPNEGO_MUTUAL_FLAG = 0x40, + SPNEGO_ANON_FLAG=0x20, + SPNEGO_CONF_FLAG = 0x10 }; /* Results of a negotiation*/ enum { - SPNEGO_ACCEPT_COMPLETED = 0, - SPNEGO_ACCEPT_INCOMPLETE = 1, - SPNEGO_REJECT = 2, - SPNEGO_UNSPEC_RESULT = 3 + SPNEGO_ACCEPT_COMPLETED = 0, + SPNEGO_ACCEPT_INCOMPLETE = 1, + SPNEGO_REJECT = 2, + SPNEGO_UNSPEC_RESULT = 3 }; typedef krb5_data spnego_oid; @@ -79,7 +80,7 @@ typedef struct _spnego_acceptor_token { krb5_error_code krb5int_encode_spnego_acceptor_token (krb5_context , spnego_acceptor_token *, - krb5_data **); + krb5_data **); krb5_error_code krb5int_encode_spnego_initiator_token (krb5_context, spnego_initiator_token *, diff --git a/src/include/win-mac.h b/src/include/win-mac.h index 4086487657..85f7a376f6 100644 --- a/src/include/win-mac.h +++ b/src/include/win-mac.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * This file is now only used on Windows */ @@ -72,10 +73,10 @@ #ifndef KRB5_SYSTYPES__ #define KRB5_SYSTYPES__ #include -typedef unsigned long u_long; /* Not part of sys/types.h on the pc */ -typedef unsigned int u_int; -typedef unsigned short u_short; -typedef unsigned char u_char; +typedef unsigned long u_long; /* Not part of sys/types.h on the pc */ +typedef unsigned int u_int; +typedef unsigned short u_short; +typedef unsigned char u_char; typedef unsigned int uint32_t; typedef int int32_t; #if _INTEGRAL_MAX_BITS >= 64 @@ -87,9 +88,9 @@ typedef __int64 int64_t; #undef ssize_t #endif #ifdef _WIN64 -typedef __int64 ssize_t; +typedef __int64 ssize_t; #else -typedef _W64 int ssize_t; +typedef _W64 int ssize_t; #endif #define SSIZE_T_DEFINED #endif @@ -128,7 +129,7 @@ typedef _W64 int ssize_t; #ifdef CYGNUS #define KERBEROS_HLP "kerbnet.hlp" #else -#define KERBEROS_HLP "krb5clnt.hlp" +#define KERBEROS_HLP "krb5clnt.hlp" #endif #define INI_DEFAULTS "Defaults" #define INI_USER "User" /* Default user */ @@ -145,12 +146,12 @@ typedef _W64 int ssize_t; #define INI_KRB_CONF "krb.conf" /* Location of krb.conf file */ #define DEF_KRB_CONF "krb.conf" /* Default name for krb.conf file */ #else -#define INI_KRB5_CONF "krb5.ini" /* From k5-config.h */ -#define INI_KRB_CONF INI_KRB5_CONF /* Location of krb.conf file */ -#define DEF_KRB_CONF INI_KRB5_CONF /* Default name for krb.conf file */ +#define INI_KRB5_CONF "krb5.ini" /* From k5-config.h */ +#define INI_KRB_CONF INI_KRB5_CONF /* Location of krb.conf file */ +#define DEF_KRB_CONF INI_KRB5_CONF /* Default name for krb.conf file */ #define INI_TICKETOPTS "TicketOptions" /* Ticket options */ #define INI_FORWARDABLE "Forwardable" /* get forwardable tickets */ -#define INI_KRB_CCACHE "krb5cc" /* From k5-config.h */ +#define INI_KRB_CCACHE "krb5cc" /* From k5-config.h */ #endif #define INI_KRB_REALMS "krb.realms" /* Location of krb.realms file */ #define DEF_KRB_REALMS "krb.realms" /* Default name for krb.realms file */ @@ -207,10 +208,10 @@ typedef _W64 int ssize_t; HINSTANCE get_lib_instance(void); -#define GETSOCKNAME_ARG2_TYPE struct sockaddr -#define GETSOCKNAME_ARG3_TYPE size_t -#define GETPEERNAME_ARG2_TYPE GETSOCKNAME_ARG2_TYPE -#define GETPEERNAME_ARG3_TYPE GETSOCKNAME_ARG3_TYPE +#define GETSOCKNAME_ARG2_TYPE struct sockaddr +#define GETSOCKNAME_ARG3_TYPE size_t +#define GETPEERNAME_ARG2_TYPE GETSOCKNAME_ARG2_TYPE +#define GETPEERNAME_ARG3_TYPE GETSOCKNAME_ARG3_TYPE #endif /* !RES_ONLY */ -- cgit