From ee330a2d8d97e705bcdbb89670b81c09eb692e10 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Tue, 23 May 2006 00:03:06 +0000 Subject: install headers into include/krb5 Create include/krb5 directory, and put krb5.h and (k5-)locate.h there in the build tree. Stub krb5.h in main include directory just includes krb5/krb5.h. Update dependencies, and add dependencies in a couple Makefiles that didn't have them. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18030 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/Makefile.in | 23 +- src/include/k5-int.h | 2 +- src/include/k5-locate.h | 30 - src/include/krb5.h | 7 + src/include/krb5.hin | 2565 --------------------------------------------- src/include/krb5/krb5.hin | 2565 +++++++++++++++++++++++++++++++++++++++++++++ src/include/krb5/locate.h | 30 + 7 files changed, 2617 insertions(+), 2605 deletions(-) delete mode 100644 src/include/k5-locate.h create mode 100644 src/include/krb5.h delete mode 100644 src/include/krb5.hin create mode 100644 src/include/krb5/krb5.hin create mode 100644 src/include/krb5/locate.h (limited to 'src/include') diff --git a/src/include/Makefile.in b/src/include/Makefile.in index e13fca61f6..7e0c3a1ec2 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -7,11 +7,11 @@ KRB5RCTMPDIR= @KRB5_RCTMPDIR@ ##DOSBUILDTOP = .. NO_OUTPRE=1 -all-unix:: krb5.h +all-unix:: krb5/krb5.h all-unix:: maybe-make-db.h-@DB_HEADER_VERSION@ -generate-files-mac: krb5.h +generate-files-mac: krb5/krb5.h maybe-make-db.h-k5: : db.h will be installed by util/db2 @@ -71,10 +71,14 @@ osconf.h: $(OSCONFSRC) Makefile ##DOS##!endif ############################################################################### -krb5.h: $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h asn1_err.h - echo "/* This file is generated, please don't edit it directly. */" > krb5.h - cat $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ - asn1_err.h >> krb5.h +krb5/krb5.h: $(srcdir)/krb5/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h asn1_err.h + test -d krb5 || mkdir krb5 + if test -r krb5.h; then \ + if cmp -s krb5.h $(srcdir)/krb5.h; then :; else rm -f krb5.h; fi; \ + else :; fi + echo "/* This file is generated, please don't edit it directly. */" > krb5/krb5.h + cat $(srcdir)/krb5/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ + asn1_err.h >> krb5/krb5.h # # Build the error table include files: @@ -95,7 +99,7 @@ kv5m_err.h: $(SRCTOP)/lib/krb5/error_tables/kv5m_err.et krb524_err.h: $(SRCTOP)/lib/krb5/error_tables/krb524_err.et clean-unix:: - $(RM) krb5.h krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ + $(RM) krb5/krb5.h krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ asn1_err.h $(RM) $(ET_HEADERS) autoconf.stamp @@ -109,6 +113,7 @@ clean-windows:: clean:: $(RM) osconf.new $(BUILT_HEADERS) -install-headers-unix install:: krb5.h profile.h - $(INSTALL_DATA) krb5.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5.h +install-headers-unix install:: krb5/krb5.h profile.h + $(INSTALL_DATA) $(srcdir)/krb5.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5.h + $(INSTALL_DATA) krb5/krb5.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)krb5.h $(INSTALL_DATA) profile.h $(DESTDIR)$(KRB5_INCDIR)$(S)profile.h diff --git a/src/include/k5-int.h b/src/include/k5-int.h index da7c3ae09c..da5d8b5eba 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -538,7 +538,7 @@ extern int krb5int_grow_addrlist (struct addrlist *, int); extern int krb5int_add_host_to_list (struct addrlist *, const char *, int, int, int, int); -#include "k5-locate.h" +#include krb5_error_code krb5int_locate_server (krb5_context, const krb5_data *realm, struct addrlist *, enum locate_service_type svc, diff --git a/src/include/k5-locate.h b/src/include/k5-locate.h deleted file mode 100644 index a49c79ad24..0000000000 --- a/src/include/k5-locate.h +++ /dev/null @@ -1,30 +0,0 @@ -#ifndef K5_PLUGIN_H_INCLUDED -#define K5_PLUGIN_H_INCLUDED -#include "krb5.h" - -enum locate_service_type { - locate_service_kdc = 1, - locate_service_master_kdc, - locate_service_kadmin, - locate_service_krb524, - locate_service_kpasswd -}; - -struct krb5plugin_service_locate_ftable { - int vmajor, vminor; - /* Per-context setup and teardown. Returned void* blob is - private to the plugin. */ - krb5_error_code (*init)(krb5_context, void **); - void (*fini)(void *); - /* Callback function returns non-zero if the plugin function - should quit and return; this may be because of an error, or may - indicate we've already contacted the service, whatever. The - lookup function should only return an error if it detects a - problem, not if the callback function tells it to quit. */ - krb5_error_code (*lookup)(void *, - enum locate_service_type svc, const char *realm, - int socktype, int family, - int (*cbfunc)(void *,int,struct sockaddr *), - void *cbdata); -}; -#endif diff --git a/src/include/krb5.h b/src/include/krb5.h new file mode 100644 index 0000000000..d689651550 --- /dev/null +++ b/src/include/krb5.h @@ -0,0 +1,7 @@ +/* The MIT Kerberos header file krb5.h used to live here. + + As of the 1.5 release, we're installing multiple Kerberos headers, + so they're all moving to a krb5/ subdirectory. This file is + present just to keep old software still compiling. Please update + your code to use the new path for the header. */ +#include diff --git a/src/include/krb5.hin b/src/include/krb5.hin deleted file mode 100644 index d786e6770c..0000000000 --- a/src/include/krb5.hin +++ /dev/null @@ -1,2565 +0,0 @@ -/* - * include/krb5.h - * - * Copyright 1989,1990,1995,2001, 2003 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * General definitions for Kerberos version 5. - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#ifndef KRB5_GENERAL__ -#define KRB5_GENERAL__ - -/* By default, do not expose deprecated interfaces. */ -#ifndef KRB5_DEPRECATED -#define KRB5_DEPRECATED 0 -#endif -/* Do not expose private interfaces. Build system will override. */ -#ifndef KRB5_PRIVATE -#define KRB5_PRIVATE 0 -#endif - -#if defined(__MACH__) && defined(__APPLE__) -# include -# if TARGET_RT_MAC_CFM -# error "Use KfM 4.0 SDK headers for CFM compilation." -# endif -#endif - -#if defined(_MSDOS) || defined(_WIN32) -#include -#endif - -#ifndef KRB5_CONFIG__ -#ifndef KRB5_CALLCONV -#define KRB5_CALLCONV -#define KRB5_CALLCONV_C -#endif /* !KRB5_CALLCONV */ -#endif /* !KRB5_CONFIG__ */ - -#ifndef KRB5_CALLCONV_WRONG -#define KRB5_CALLCONV_WRONG -#endif - -#ifndef THREEPARAMOPEN -#define THREEPARAMOPEN(x,y,z) open(x,y,z) -#endif - -#define KRB5_OLD_CRYPTO - -#include -#include /* for *_MAX */ - -#ifndef KRB5INT_BEGIN_DECLS -#if defined(__cplusplus) -#define KRB5INT_BEGIN_DECLS extern "C" { -#define KRB5INT_END_DECLS } -#else -#define KRB5INT_BEGIN_DECLS -#define KRB5INT_END_DECLS -#endif -#endif - -KRB5INT_BEGIN_DECLS - -#if TARGET_OS_MAC -# pragma options align=mac68k -#endif - -/* from profile.h */ -struct _profile_t; -/* typedef struct _profile_t *profile_t; */ - -/* - * begin wordsize.h - */ - -/* - * Word-size related definition. - */ - -typedef unsigned char krb5_octet; - -#if INT_MAX == 0x7fff -typedef int krb5_int16; -typedef unsigned int krb5_ui_2; -#elif SHRT_MAX == 0x7fff -typedef short krb5_int16; -typedef unsigned short krb5_ui_2; -#else -#error undefined 16 bit type -#endif - -#if INT_MAX == 0x7fffffffL -typedef int krb5_int32; -typedef unsigned int krb5_ui_4; -#elif LONG_MAX == 0x7fffffffL -typedef long krb5_int32; -typedef unsigned long krb5_ui_4; -#elif SHRT_MAX == 0x7fffffffL -typedef short krb5_int32; -typedef unsigned short krb5_ui_4; -#else -#error: undefined 32 bit type -#endif - -#define VALID_INT_BITS INT_MAX -#define VALID_UINT_BITS UINT_MAX - -#define KRB5_INT32_MAX 2147483647 -/* this strange form is necessary since - is a unary operator, not a sign - indicator */ -#define KRB5_INT32_MIN (-KRB5_INT32_MAX-1) - -#define KRB5_INT16_MAX 65535 -/* this strange form is necessary since - is a unary operator, not a sign - indicator */ -#define KRB5_INT16_MIN (-KRB5_INT16_MAX-1) - -/* - * end wordsize.h - */ - -/* - * begin "base-defs.h" - */ - -/* - * Basic definitions for Kerberos V5 library - */ - -#ifndef FALSE -#define FALSE 0 -#endif -#ifndef TRUE -#define TRUE 1 -#endif - -typedef unsigned int krb5_boolean; -typedef unsigned int krb5_msgtype; -typedef unsigned int krb5_kvno; - -typedef krb5_int32 krb5_addrtype; -typedef krb5_int32 krb5_enctype; -typedef krb5_int32 krb5_cksumtype; -typedef krb5_int32 krb5_authdatatype; -typedef krb5_int32 krb5_keyusage; - -typedef krb5_int32 krb5_preauthtype; /* This may change, later on */ -typedef krb5_int32 krb5_flags; -typedef krb5_int32 krb5_timestamp; -typedef krb5_int32 krb5_error_code; -typedef krb5_int32 krb5_deltat; - -typedef krb5_error_code krb5_magic; - -typedef struct _krb5_data { - krb5_magic magic; - unsigned int length; - char *data; -} krb5_data; - -/* - * Hack length for crypto library to use the afs_string_to_key It is - * equivalent to -1 without possible sign extension - * We also overload for an unset salt type length - which is also -1, but - * hey, why not.... -*/ -#define SALT_TYPE_AFS_LENGTH UINT_MAX -#define SALT_TYPE_NO_LENGTH UINT_MAX - -typedef void * krb5_pointer; -typedef void const * krb5_const_pointer; - -typedef struct krb5_principal_data { - krb5_magic magic; - krb5_data realm; - krb5_data *data; /* An array of strings */ - krb5_int32 length; - krb5_int32 type; -} krb5_principal_data; - -typedef krb5_principal_data * krb5_principal; - -/* - * Per V5 spec on definition of principal types - */ - -/* Name type not known */ -#define KRB5_NT_UNKNOWN 0 -/* Just the name of the principal as in DCE, or for users */ -#define KRB5_NT_PRINCIPAL 1 -/* Service and other unique instance (krbtgt) */ -#define KRB5_NT_SRV_INST 2 -/* Service with host name as instance (telnet, rcommands) */ -#define KRB5_NT_SRV_HST 3 -/* Service with host as remaining components */ -#define KRB5_NT_SRV_XHST 4 -/* Unique ID */ -#define KRB5_NT_UID 5 - -/* constant version thereof: */ -typedef const krb5_principal_data *krb5_const_principal; - -#define krb5_princ_realm(context, princ) (&(princ)->realm) -#define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value)) -#define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value) -#define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value) -#define krb5_princ_size(context, princ) (princ)->length -#define krb5_princ_type(context, princ) (princ)->type -#define krb5_princ_name(context, princ) (princ)->data -#define krb5_princ_component(context, princ,i) \ - (((i) < krb5_princ_size(context, princ)) \ - ? (princ)->data + (i) \ - : NULL) - -/* - * end "base-defs.h" - */ - -/* - * begin "hostaddr.h" - */ - -/* structure for address */ -typedef struct _krb5_address { - krb5_magic magic; - krb5_addrtype addrtype; - unsigned int length; - krb5_octet *contents; -} krb5_address; - -/* per Kerberos v5 protocol spec */ -#define ADDRTYPE_INET 0x0002 -#define ADDRTYPE_CHAOS 0x0005 -#define ADDRTYPE_XNS 0x0006 -#define ADDRTYPE_ISO 0x0007 -#define ADDRTYPE_DDP 0x0010 -#define ADDRTYPE_INET6 0x0018 -/* not yet in the spec... */ -#define ADDRTYPE_ADDRPORT 0x0100 -#define ADDRTYPE_IPPORT 0x0101 - -/* macros to determine if a type is a local type */ -#define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000) - -/* - * end "hostaddr.h" - */ - - -struct _krb5_context; -typedef struct _krb5_context * krb5_context; - -struct _krb5_auth_context; -typedef struct _krb5_auth_context * krb5_auth_context; - -struct _krb5_cryptosystem_entry; - -/* - * begin "encryption.h" - */ - -typedef struct _krb5_keyblock { - krb5_magic magic; - krb5_enctype enctype; - unsigned int length; - krb5_octet *contents; -} krb5_keyblock; - -#ifdef KRB5_OLD_CRYPTO -typedef struct _krb5_encrypt_block { - krb5_magic magic; - krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need - this. it was a pointer, but it - doesn't have to be. gross. */ - krb5_keyblock *key; -} krb5_encrypt_block; -#endif - -typedef struct _krb5_checksum { - krb5_magic magic; - krb5_cksumtype checksum_type; /* checksum type */ - unsigned int length; - krb5_octet *contents; -} krb5_checksum; - -typedef struct _krb5_enc_data { - krb5_magic magic; - krb5_enctype enctype; - krb5_kvno kvno; - krb5_data ciphertext; -} krb5_enc_data; - -/* per Kerberos v5 protocol spec */ -#define ENCTYPE_NULL 0x0000 -#define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ -#define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ -#define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ -#define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */ -/* XXX deprecated? */ -#define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */ -#define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */ -#define ENCTYPE_DES_HMAC_SHA1 0x0008 -#define ENCTYPE_DES3_CBC_SHA1 0x0010 -#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 -#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 -#define ENCTYPE_ARCFOUR_HMAC 0x0017 -#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 -#define ENCTYPE_UNKNOWN 0x01ff - -#define CKSUMTYPE_CRC32 0x0001 -#define CKSUMTYPE_RSA_MD4 0x0002 -#define CKSUMTYPE_RSA_MD4_DES 0x0003 -#define CKSUMTYPE_DESCBC 0x0004 -/* des-mac-k */ -/* rsa-md4-des-k */ -#define CKSUMTYPE_RSA_MD5 0x0007 -#define CKSUMTYPE_RSA_MD5_DES 0x0008 -#define CKSUMTYPE_NIST_SHA 0x0009 -#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c -#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f -#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 -#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ - -/* The following are entropy source designations. Whenever - * krb5_C_random_add_entropy is called, one of these source ids is passed - * in. This allows the library to better estimate bits of - * entropy in the sample and to keep track of what sources of entropy have - * contributed enough entropy. Sources marked internal MUST NOT be - * used by applications outside the Kerberos library -*/ - -enum { - KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/ - KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/ - KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/ - /*This source should be used carefully; data in this category - * should be from a third party trusted to give random bits - * For example keys issued by the KDC in the application server. - */ - KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/ - KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/ - KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/ -}; - -#ifndef krb5_roundup -/* round x up to nearest multiple of y */ -#define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y)) -#endif /* roundup */ - -/* macro function definitions to help clean up code */ - -#if 1 -#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) -#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) -#else -#define krb5_x(ptr,args) ((*(ptr)) args) -#define krb5_xc(ptr,args) ((*(ptr)) args) -#endif - -krb5_error_code KRB5_CALLCONV - krb5_c_encrypt - (krb5_context context, const krb5_keyblock *key, - krb5_keyusage usage, const krb5_data *cipher_state, - const krb5_data *input, krb5_enc_data *output); - -krb5_error_code KRB5_CALLCONV - krb5_c_decrypt - (krb5_context context, const krb5_keyblock *key, - krb5_keyusage usage, const krb5_data *cipher_state, - const krb5_enc_data *input, krb5_data *output); - -krb5_error_code KRB5_CALLCONV - krb5_c_encrypt_length - (krb5_context context, krb5_enctype enctype, - size_t inputlen, size_t *length); - -krb5_error_code KRB5_CALLCONV - krb5_c_block_size - (krb5_context context, krb5_enctype enctype, - size_t *blocksize); - -krb5_error_code KRB5_CALLCONV - krb5_c_init_state -(krb5_context context, -const krb5_keyblock *key, krb5_keyusage usage, -krb5_data *new_state); - -krb5_error_code KRB5_CALLCONV - krb5_c_free_state -(krb5_context context, const krb5_keyblock *key, krb5_data *state); - -krb5_error_code KRB5_CALLCONV - krb5_c_prf (krb5_context, const krb5_keyblock *, - krb5_data *in, krb5_data *out); - -krb5_error_code KRB5_CALLCONV - krb5_c_prf_length (krb5_context, krb5_enctype, size_t *outlen); - -krb5_error_code KRB5_CALLCONV - krb5_c_make_random_key - (krb5_context context, krb5_enctype enctype, - krb5_keyblock *k5_random_key); - -/* Register a new entropy sample with the PRNG. may cause -* the PRNG to be reseeded, although this is not guaranteed. See previous randsource definitions -* for information on how each source should be used. -*/ -krb5_error_code KRB5_CALLCONV - krb5_c_random_add_entropy -(krb5_context context, unsigned int randsource_id, const krb5_data *data); - - -krb5_error_code KRB5_CALLCONV - krb5_c_random_make_octets - (krb5_context context, krb5_data *data); - -/* -* Collect entropy from the OS if possible. strong requests that as strong -* of a source of entropy as available be used. Setting strong may -* increase the probability of blocking and should not be used for normal -* applications. Good uses include seeding the PRNG for kadmind -* and realm setup. -* If successful is non-null, then successful is set to 1 if the OS provided -* entropy else zero. -*/ -krb5_error_code KRB5_CALLCONV -krb5_c_random_os_entropy -(krb5_context context, int strong, int *success); - -/*deprecated*/ krb5_error_code KRB5_CALLCONV - krb5_c_random_seed - (krb5_context context, krb5_data *data); - -krb5_error_code KRB5_CALLCONV - krb5_c_string_to_key - (krb5_context context, krb5_enctype enctype, - const krb5_data *string, const krb5_data *salt, - krb5_keyblock *key); -krb5_error_code KRB5_CALLCONV -krb5_c_string_to_key_with_params(krb5_context context, - krb5_enctype enctype, - const krb5_data *string, - const krb5_data *salt, - const krb5_data *params, - krb5_keyblock *key); - -krb5_error_code KRB5_CALLCONV - krb5_c_enctype_compare - (krb5_context context, krb5_enctype e1, krb5_enctype e2, - krb5_boolean *similar); - -krb5_error_code KRB5_CALLCONV - krb5_c_make_checksum - (krb5_context context, krb5_cksumtype cksumtype, - const krb5_keyblock *key, krb5_keyusage usage, - const krb5_data *input, krb5_checksum *cksum); - -krb5_error_code KRB5_CALLCONV - krb5_c_verify_checksum - (krb5_context context, - const krb5_keyblock *key, krb5_keyusage usage, - const krb5_data *data, - const krb5_checksum *cksum, - krb5_boolean *valid); - -krb5_error_code KRB5_CALLCONV - krb5_c_checksum_length - (krb5_context context, krb5_cksumtype cksumtype, - size_t *length); - -krb5_error_code KRB5_CALLCONV - krb5_c_keyed_checksum_types - (krb5_context context, krb5_enctype enctype, - unsigned int *count, krb5_cksumtype **cksumtypes); - -#define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1 -#define KRB5_KEYUSAGE_KDC_REP_TICKET 2 -#define KRB5_KEYUSAGE_AS_REP_ENCPART 3 -#define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4 -#define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5 -#define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6 -#define KRB5_KEYUSAGE_TGS_REQ_AUTH 7 -#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8 -#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9 -#define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10 -#define KRB5_KEYUSAGE_AP_REQ_AUTH 11 -#define KRB5_KEYUSAGE_AP_REP_ENCPART 12 -#define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13 -#define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14 -#define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15 -#define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16 -#define KRB5_KEYUSAGE_APP_DATA_CKSUM 17 -#define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18 -#define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19 -#define KRB5_KEYUSAGE_AD_MTE 20 -#define KRB5_KEYUSAGE_AD_ITE 21 - -/* XXX need to register these */ - -#define KRB5_KEYUSAGE_GSS_TOK_MIC 22 -#define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23 -#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24 - -/* Defined in hardware preauth draft */ - -#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25 -#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26 -#define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27 - -krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype - (krb5_enctype ktype); -krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum - (krb5_cksumtype ctype); - -#if KRB5_PRIVATE -/* Use the above four instead. */ -krb5_boolean KRB5_CALLCONV valid_enctype - (krb5_enctype ktype); -krb5_boolean KRB5_CALLCONV valid_cksumtype - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV is_coll_proof_cksum - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV is_keyed_cksum - (krb5_cksumtype ctype); -#endif - -#ifdef KRB5_OLD_CRYPTO -/* - * old cryptosystem routine prototypes. These are now layered - * on top of the functions above. - */ -krb5_error_code KRB5_CALLCONV krb5_encrypt - (krb5_context context, - krb5_const_pointer inptr, - krb5_pointer outptr, - size_t size, - krb5_encrypt_block * eblock, - krb5_pointer ivec); -krb5_error_code KRB5_CALLCONV krb5_decrypt - (krb5_context context, - krb5_const_pointer inptr, - krb5_pointer outptr, - size_t size, - krb5_encrypt_block * eblock, - krb5_pointer ivec); -krb5_error_code KRB5_CALLCONV krb5_process_key - (krb5_context context, - krb5_encrypt_block * eblock, - const krb5_keyblock * key); -krb5_error_code KRB5_CALLCONV krb5_finish_key - (krb5_context context, - krb5_encrypt_block * eblock); -krb5_error_code KRB5_CALLCONV krb5_string_to_key - (krb5_context context, - const krb5_encrypt_block * eblock, - krb5_keyblock * keyblock, - const krb5_data * data, - const krb5_data * salt); -krb5_error_code KRB5_CALLCONV krb5_init_random_key - (krb5_context context, - const krb5_encrypt_block * eblock, - const krb5_keyblock * keyblock, - krb5_pointer * ptr); -krb5_error_code KRB5_CALLCONV krb5_finish_random_key - (krb5_context context, - const krb5_encrypt_block * eblock, - krb5_pointer * ptr); -krb5_error_code KRB5_CALLCONV krb5_random_key - (krb5_context context, - const krb5_encrypt_block * eblock, - krb5_pointer ptr, - krb5_keyblock ** keyblock); -krb5_enctype KRB5_CALLCONV krb5_eblock_enctype - (krb5_context context, - const krb5_encrypt_block * eblock); -krb5_error_code KRB5_CALLCONV krb5_use_enctype - (krb5_context context, - krb5_encrypt_block * eblock, - krb5_enctype enctype); -size_t KRB5_CALLCONV krb5_encrypt_size - (size_t length, - krb5_enctype crypto); -size_t KRB5_CALLCONV krb5_checksum_size - (krb5_context context, - krb5_cksumtype ctype); -krb5_error_code KRB5_CALLCONV krb5_calculate_checksum - (krb5_context context, - krb5_cksumtype ctype, - krb5_const_pointer in, size_t in_length, - krb5_const_pointer seed, size_t seed_length, - krb5_checksum * outcksum); -krb5_error_code KRB5_CALLCONV krb5_verify_checksum - (krb5_context context, - krb5_cksumtype ctype, - const krb5_checksum * cksum, - krb5_const_pointer in, size_t in_length, - krb5_const_pointer seed, size_t seed_length); - -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_random_confounder - (size_t, krb5_pointer); - -krb5_error_code krb5_encrypt_data - (krb5_context context, krb5_keyblock *key, - krb5_pointer ivec, krb5_data *data, - krb5_enc_data *enc_data); - -krb5_error_code krb5_decrypt_data - (krb5_context context, krb5_keyblock *key, - krb5_pointer ivec, krb5_enc_data *data, - krb5_data *enc_data); -#endif - -#endif /* KRB5_OLD_CRYPTO */ - -/* - * end "encryption.h" - */ - -/* - * begin "fieldbits.h" - */ - -/* kdc_options for kdc_request */ -/* options is 32 bits; each host is responsible to put the 4 bytes - representing these bits into net order before transmission */ -/* #define KDC_OPT_RESERVED 0x80000000 */ -#define KDC_OPT_FORWARDABLE 0x40000000 -#define KDC_OPT_FORWARDED 0x20000000 -#define KDC_OPT_PROXIABLE 0x10000000 -#define KDC_OPT_PROXY 0x08000000 -#define KDC_OPT_ALLOW_POSTDATE 0x04000000 -#define KDC_OPT_POSTDATED 0x02000000 -/* #define KDC_OPT_UNUSED 0x01000000 */ -#define KDC_OPT_RENEWABLE 0x00800000 -/* #define KDC_OPT_UNUSED 0x00400000 */ -/* #define KDC_OPT_RESERVED 0x00200000 */ -/* #define KDC_OPT_RESERVED 0x00100000 */ -/* #define KDC_OPT_RESERVED 0x00080000 */ -/* #define KDC_OPT_RESERVED 0x00040000 */ -#define KDC_OPT_REQUEST_ANONYMOUS 0x00020000 -/* #define KDC_OPT_RESERVED 0x00010000 */ -/* #define KDC_OPT_RESERVED 0x00008000 */ -/* #define KDC_OPT_RESERVED 0x00004000 */ -/* #define KDC_OPT_RESERVED 0x00002000 */ -/* #define KDC_OPT_RESERVED 0x00001000 */ -/* #define KDC_OPT_RESERVED 0x00000800 */ -/* #define KDC_OPT_RESERVED 0x00000400 */ -/* #define KDC_OPT_RESERVED 0x00000200 */ -/* #define KDC_OPT_RESERVED 0x00000100 */ -/* #define KDC_OPT_RESERVED 0x00000080 */ -/* #define KDC_OPT_RESERVED 0x00000040 */ -#define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020 -#define KDC_OPT_RENEWABLE_OK 0x00000010 -#define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008 -/* #define KDC_OPT_UNUSED 0x00000004 */ -#define KDC_OPT_RENEW 0x00000002 -#define KDC_OPT_VALIDATE 0x00000001 - -/* - * Mask of ticket flags in the TGT which should be converted into KDC - * options when using the TGT to get derivitive tickets. - * - * New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE | - * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE - */ -#define KDC_TKT_COMMON_MASK 0x54800000 - -/* definitions for ap_options fields */ -/* ap_options are 32 bits; each host is responsible to put the 4 bytes - representing these bits into net order before transmission */ -#define AP_OPTS_RESERVED 0x80000000 -#define AP_OPTS_USE_SESSION_KEY 0x40000000 -#define AP_OPTS_MUTUAL_REQUIRED 0x20000000 -/* #define AP_OPTS_RESERVED 0x10000000 */ -/* #define AP_OPTS_RESERVED 0x08000000 */ -/* #define AP_OPTS_RESERVED 0x04000000 */ -/* #define AP_OPTS_RESERVED 0x02000000 */ -/* #define AP_OPTS_RESERVED 0x01000000 */ -/* #define AP_OPTS_RESERVED 0x00800000 */ -/* #define AP_OPTS_RESERVED 0x00400000 */ -/* #define AP_OPTS_RESERVED 0x00200000 */ -/* #define AP_OPTS_RESERVED 0x00100000 */ -/* #define AP_OPTS_RESERVED 0x00080000 */ -/* #define AP_OPTS_RESERVED 0x00040000 */ -/* #define AP_OPTS_RESERVED 0x00020000 */ -/* #define AP_OPTS_RESERVED 0x00010000 */ -/* #define AP_OPTS_RESERVED 0x00008000 */ -/* #define AP_OPTS_RESERVED 0x00004000 */ -/* #define AP_OPTS_RESERVED 0x00002000 */ -/* #define AP_OPTS_RESERVED 0x00001000 */ -/* #define AP_OPTS_RESERVED 0x00000800 */ -/* #define AP_OPTS_RESERVED 0x00000400 */ -/* #define AP_OPTS_RESERVED 0x00000200 */ -/* #define AP_OPTS_RESERVED 0x00000100 */ -/* #define AP_OPTS_RESERVED 0x00000080 */ -/* #define AP_OPTS_RESERVED 0x00000040 */ -/* #define AP_OPTS_RESERVED 0x00000020 */ -/* #define AP_OPTS_RESERVED 0x00000010 */ -/* #define AP_OPTS_RESERVED 0x00000008 */ -/* #define AP_OPTS_RESERVED 0x00000004 */ -/* #define AP_OPTS_RESERVED 0x00000002 */ -#define AP_OPTS_USE_SUBKEY 0x00000001 - -#define AP_OPTS_WIRE_MASK 0xfffffff0 - -/* definitions for ad_type fields. */ -#define AD_TYPE_RESERVED 0x8000 -#define AD_TYPE_EXTERNAL 0x4000 -#define AD_TYPE_REGISTERED 0x2000 - -#define AD_TYPE_FIELD_TYPE_MASK 0x1fff - -/* Ticket flags */ -/* flags are 32 bits; each host is responsible to put the 4 bytes - representing these bits into net order before transmission */ -/* #define TKT_FLG_RESERVED 0x80000000 */ -#define TKT_FLG_FORWARDABLE 0x40000000 -#define TKT_FLG_FORWARDED 0x20000000 -#define TKT_FLG_PROXIABLE 0x10000000 -#define TKT_FLG_PROXY 0x08000000 -#define TKT_FLG_MAY_POSTDATE 0x04000000 -#define TKT_FLG_POSTDATED 0x02000000 -#define TKT_FLG_INVALID 0x01000000 -#define TKT_FLG_RENEWABLE 0x00800000 -#define TKT_FLG_INITIAL 0x00400000 -#define TKT_FLG_PRE_AUTH 0x00200000 -#define TKT_FLG_HW_AUTH 0x00100000 -#define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000 -#define TKT_FLG_OK_AS_DELEGATE 0x00040000 -#define TKT_FLG_ANONYMOUS 0x00020000 -/* #define TKT_FLG_RESERVED 0x00010000 */ -/* #define TKT_FLG_RESERVED 0x00008000 */ -/* #define TKT_FLG_RESERVED 0x00004000 */ -/* #define TKT_FLG_RESERVED 0x00002000 */ -/* #define TKT_FLG_RESERVED 0x00001000 */ -/* #define TKT_FLG_RESERVED 0x00000800 */ -/* #define TKT_FLG_RESERVED 0x00000400 */ -/* #define TKT_FLG_RESERVED 0x00000200 */ -/* #define TKT_FLG_RESERVED 0x00000100 */ -/* #define TKT_FLG_RESERVED 0x00000080 */ -/* #define TKT_FLG_RESERVED 0x00000040 */ -/* #define TKT_FLG_RESERVED 0x00000020 */ -/* #define TKT_FLG_RESERVED 0x00000010 */ -/* #define TKT_FLG_RESERVED 0x00000008 */ -/* #define TKT_FLG_RESERVED 0x00000004 */ -/* #define TKT_FLG_RESERVED 0x00000002 */ -/* #define TKT_FLG_RESERVED 0x00000001 */ - -/* definitions for lr_type fields. */ -#define LR_TYPE_THIS_SERVER_ONLY 0x8000 - -#define LR_TYPE_INTERPRETATION_MASK 0x7fff - -/* definitions for ad_type fields. */ -#define AD_TYPE_EXTERNAL 0x4000 -#define AD_TYPE_REGISTERED 0x2000 - -#define AD_TYPE_FIELD_TYPE_MASK 0x1fff -#define AD_TYPE_INTERNAL_MASK 0x3fff - -/* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */ -#define MSEC_DIRBIT 0x8000 -#define MSEC_VAL_MASK 0x7fff - -/* - * end "fieldbits.h" - */ - -/* - * begin "proto.h" - */ - -/* Protocol version number */ -#define KRB5_PVNO 5 - -/* Message types */ - -#define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */ -#define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */ -#define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */ -#define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */ -#define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */ -#define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */ -#define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */ -#define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */ -#define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */ -#define KRB5_ERROR ((krb5_msgtype)30) /* Error response */ - -/* LastReq types */ -#define KRB5_LRQ_NONE 0 -#define KRB5_LRQ_ALL_LAST_TGT 1 -#define KRB5_LRQ_ONE_LAST_TGT (-1) -#define KRB5_LRQ_ALL_LAST_INITIAL 2 -#define KRB5_LRQ_ONE_LAST_INITIAL (-2) -#define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3 -#define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3) -#define KRB5_LRQ_ALL_LAST_RENEWAL 4 -#define KRB5_LRQ_ONE_LAST_RENEWAL (-4) -#define KRB5_LRQ_ALL_LAST_REQ 5 -#define KRB5_LRQ_ONE_LAST_REQ (-5) -#define KRB5_LRQ_ALL_PW_EXPTIME 6 -#define KRB5_LRQ_ONE_PW_EXPTIME (-6) - -/* PADATA types */ -#define KRB5_PADATA_NONE 0 -#define KRB5_PADATA_AP_REQ 1 -#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ -#define KRB5_PADATA_ENC_TIMESTAMP 2 -#define KRB5_PADATA_PW_SALT 3 -#if 0 /* Not used */ -#define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */ -#endif -#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */ -#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */ -#define KRB5_PADATA_SESAME 7 /* Sesame project */ -#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */ -#define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */ -#define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */ -#define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */ -#define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */ -#define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */ -#define KRB5_PADATA_PK_AS_REQ 14 /* PKINIT */ -#define KRB5_PADATA_PK_AS_REP 15 /* PKINIT */ -#define KRB5_PADATA_ETYPE_INFO2 19 -#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */ -#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */ - -#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 -#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 -#define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */ - -/* Reserved for SPX pre-authentication. */ -#define KRB5_PADATA_DASS 16 - -/* Transited encoding types */ -#define KRB5_DOMAIN_X500_COMPRESS 1 - -/* alternate authentication types */ -#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64 - -/* authorization data types */ -#define KRB5_AUTHDATA_OSF_DCE 64 -#define KRB5_AUTHDATA_SESAME 65 - -/* password change constants */ - -#define KRB5_KPASSWD_SUCCESS 0 -#define KRB5_KPASSWD_MALFORMED 1 -#define KRB5_KPASSWD_HARDERROR 2 -#define KRB5_KPASSWD_AUTHERROR 3 -#define KRB5_KPASSWD_SOFTERROR 4 -/* These are Microsoft's extensions in RFC 3244, and it looks like - they'll become standardized, possibly with other additions. */ -#define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */ -#define KRB5_KPASSWD_BAD_VERSION 6 -#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */ - -/* - * end "proto.h" - */ - -/* Time set */ -typedef struct _krb5_ticket_times { - krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime - in ticket? otherwise client can't get this */ - krb5_timestamp starttime; /* optional in ticket, if not present, - use authtime */ - krb5_timestamp endtime; - krb5_timestamp renew_till; -} krb5_ticket_times; - -/* structure for auth data */ -typedef struct _krb5_authdata { - krb5_magic magic; - krb5_authdatatype ad_type; - unsigned int length; - krb5_octet *contents; -} krb5_authdata; - -/* structure for transited encoding */ -typedef struct _krb5_transited { - krb5_magic magic; - krb5_octet tr_type; - krb5_data tr_contents; -} krb5_transited; - -typedef struct _krb5_enc_tkt_part { - krb5_magic magic; - /* to-be-encrypted portion */ - krb5_flags flags; /* flags */ - krb5_keyblock *session; /* session key: includes enctype */ - krb5_principal client; /* client name/realm */ - krb5_transited transited; /* list of transited realms */ - krb5_ticket_times times; /* auth, start, end, renew_till */ - krb5_address **caddrs; /* array of ptrs to addresses */ - krb5_authdata **authorization_data; /* auth data */ -} krb5_enc_tkt_part; - -typedef struct _krb5_ticket { - krb5_magic magic; - /* cleartext portion */ - krb5_principal server; /* server name/realm */ - krb5_enc_data enc_part; /* encryption type, kvno, encrypted - encoding */ - krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if - available */ -} krb5_ticket; - -/* the unencrypted version */ -typedef struct _krb5_authenticator { - krb5_magic magic; - krb5_principal client; /* client name/realm */ - krb5_checksum *checksum; /* checksum, includes type, optional */ - krb5_int32 cusec; /* client usec portion */ - krb5_timestamp ctime; /* client sec portion */ - krb5_keyblock *subkey; /* true session key, optional */ - krb5_ui_4 seq_number; /* sequence #, optional */ - krb5_authdata **authorization_data; /* New add by Ari, auth data */ -} krb5_authenticator; - -typedef struct _krb5_tkt_authent { - krb5_magic magic; - krb5_ticket *ticket; - krb5_authenticator *authenticator; - krb5_flags ap_options; -} krb5_tkt_authent; - -/* credentials: Ticket, session key, etc. */ -typedef struct _krb5_creds { - krb5_magic magic; - krb5_principal client; /* client's principal identifier */ - krb5_principal server; /* server's principal identifier */ - krb5_keyblock keyblock; /* session encryption key info */ - krb5_ticket_times times; /* lifetime info */ - krb5_boolean is_skey; /* true if ticket is encrypted in - another ticket's skey */ - krb5_flags ticket_flags; /* flags in ticket */ - krb5_address **addresses; /* addrs in ticket */ - krb5_data ticket; /* ticket string itself */ - krb5_data second_ticket; /* second ticket, if related to - ticket (via DUPLICATE-SKEY or - ENC-TKT-IN-SKEY) */ - krb5_authdata **authdata; /* authorization data */ -} krb5_creds; - -/* Last request fields */ -typedef struct _krb5_last_req_entry { - krb5_magic magic; - krb5_int32 lr_type; - krb5_timestamp value; -} krb5_last_req_entry; - -/* pre-authentication data */ -typedef struct _krb5_pa_data { - krb5_magic magic; - krb5_preauthtype pa_type; - unsigned int length; - krb5_octet *contents; -} krb5_pa_data; - -typedef struct _krb5_kdc_req { - krb5_magic magic; - krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */ - krb5_pa_data **padata; /* e.g. encoded AP_REQ */ - /* real body */ - krb5_flags kdc_options; /* requested options */ - krb5_principal client; /* includes realm; optional */ - krb5_principal server; /* includes realm (only used if no - client) */ - krb5_timestamp from; /* requested starttime */ - krb5_timestamp till; /* requested endtime */ - krb5_timestamp rtime; /* (optional) requested renew_till */ - krb5_int32 nonce; /* nonce to match request/response */ - int nktypes; /* # of ktypes, must be positive */ - krb5_enctype *ktype; /* requested enctype(s) */ - krb5_address **addresses; /* requested addresses, optional */ - krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */ - krb5_authdata **unenc_authdata; /* unencrypted auth data, - if available */ - krb5_ticket **second_ticket;/* second ticket array; OPTIONAL */ -} krb5_kdc_req; - -typedef struct _krb5_enc_kdc_rep_part { - krb5_magic magic; - /* encrypted part: */ - krb5_msgtype msg_type; /* krb5 message type */ - krb5_keyblock *session; /* session key */ - krb5_last_req_entry **last_req; /* array of ptrs to entries */ - krb5_int32 nonce; /* nonce from request */ - krb5_timestamp key_exp; /* expiration date */ - krb5_flags flags; /* ticket flags */ - krb5_ticket_times times; /* lifetime info */ - krb5_principal server; /* server's principal identifier */ - krb5_address **caddrs; /* array of ptrs to addresses, - optional */ -} krb5_enc_kdc_rep_part; - -typedef struct _krb5_kdc_rep { - krb5_magic magic; - /* cleartext part: */ - krb5_msgtype msg_type; /* AS_REP or KDC_REP? */ - krb5_pa_data **padata; /* preauthentication data from KDC */ - krb5_principal client; /* client's principal identifier */ - krb5_ticket *ticket; /* ticket */ - krb5_enc_data enc_part; /* encryption type, kvno, encrypted - encoding */ - krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */ -} krb5_kdc_rep; - -/* error message structure */ -typedef struct _krb5_error { - krb5_magic magic; - /* some of these may be meaningless in certain contexts */ - krb5_timestamp ctime; /* client sec portion; optional */ - krb5_int32 cusec; /* client usec portion; optional */ - krb5_int32 susec; /* server usec portion */ - krb5_timestamp stime; /* server sec portion */ - krb5_ui_4 error; /* error code (protocol error #'s) */ - krb5_principal client; /* client's principal identifier; - optional */ - krb5_principal server; /* server's principal identifier */ - krb5_data text; /* descriptive text */ - krb5_data e_data; /* additional error-describing data */ -} krb5_error; - -typedef struct _krb5_ap_req { - krb5_magic magic; - krb5_flags ap_options; /* requested options */ - krb5_ticket *ticket; /* ticket */ - krb5_enc_data authenticator; /* authenticator (already encrypted) */ -} krb5_ap_req; - -typedef struct _krb5_ap_rep { - krb5_magic magic; - krb5_enc_data enc_part; -} krb5_ap_rep; - -typedef struct _krb5_ap_rep_enc_part { - krb5_magic magic; - krb5_timestamp ctime; /* client time, seconds portion */ - krb5_int32 cusec; /* client time, microseconds portion */ - krb5_keyblock *subkey; /* true session key, optional */ - krb5_ui_4 seq_number; /* sequence #, optional */ -} krb5_ap_rep_enc_part; - -typedef struct _krb5_response { - krb5_magic magic; - krb5_octet message_type; - krb5_data response; - krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */ - krb5_timestamp request_time; /* When we made the request */ -} krb5_response; - -typedef struct _krb5_cred_info { - krb5_magic magic; - krb5_keyblock *session; /* session key used to encrypt */ - /* ticket */ - krb5_principal client; /* client name/realm, optional */ - krb5_principal server; /* server name/realm, optional */ - krb5_flags flags; /* ticket flags, optional */ - krb5_ticket_times times; /* auth, start, end, renew_till, */ - /* optional */ - krb5_address **caddrs; /* array of ptrs to addresses */ -} krb5_cred_info; - -typedef struct _krb5_cred_enc_part { - krb5_magic magic; - krb5_int32 nonce; /* nonce, optional */ - krb5_timestamp timestamp; /* client time */ - krb5_int32 usec; /* microsecond portion of time */ - krb5_address *s_address; /* sender address, optional */ - krb5_address *r_address; /* recipient address, optional */ - krb5_cred_info **ticket_info; -} krb5_cred_enc_part; - -typedef struct _krb5_cred { - krb5_magic magic; - krb5_ticket **tickets; /* tickets */ - krb5_enc_data enc_part; /* encrypted part */ - krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/ -} krb5_cred; - -/* Sandia password generation structures */ -typedef struct _passwd_phrase_element { - krb5_magic magic; - krb5_data *passwd; - krb5_data *phrase; -} passwd_phrase_element; - -typedef struct _krb5_pwd_data { - krb5_magic magic; - int sequence_count; - passwd_phrase_element **element; -} krb5_pwd_data; - -/* these need to be here so the typedefs are available for the prototypes */ - -/* - * begin "safepriv.h" - */ - -#define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001 -#define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002 -#define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004 -#define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008 -#define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010 -#define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020 - -typedef struct krb5_replay_data { - krb5_timestamp timestamp; - krb5_int32 usec; - krb5_ui_4 seq; -} krb5_replay_data; - -/* flags for krb5_auth_con_genaddrs() */ -#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001 -#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002 -#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004 -#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008 - -/* type of function used as a callback to generate checksum data for - * mk_req */ - -typedef krb5_error_code -(KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *, - krb5_data **); - -/* - * end "safepriv.h" - */ - - -/* - * begin "ccache.h" - */ - -typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ - -struct _krb5_ccache; -typedef struct _krb5_ccache *krb5_ccache; -struct _krb5_cc_ops; -typedef struct _krb5_cc_ops krb5_cc_ops; - -/* for retrieve_cred */ -#define KRB5_TC_MATCH_TIMES 0x00000001 -#define KRB5_TC_MATCH_IS_SKEY 0x00000002 -#define KRB5_TC_MATCH_FLAGS 0x00000004 -#define KRB5_TC_MATCH_TIMES_EXACT 0x00000008 -#define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010 -#define KRB5_TC_MATCH_AUTHDATA 0x00000020 -#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040 -#define KRB5_TC_MATCH_2ND_TKT 0x00000080 -#define KRB5_TC_MATCH_KTYPE 0x00000100 -#define KRB5_TC_SUPPORTED_KTYPES 0x00000200 - -/* for set_flags and other functions */ -#define KRB5_TC_OPENCLOSE 0x00000001 -#define KRB5_TC_NOTICKET 0x00000002 - -const char * KRB5_CALLCONV -krb5_cc_get_name (krb5_context context, krb5_ccache cache); - -krb5_error_code KRB5_CALLCONV -krb5_cc_gen_new (krb5_context context, krb5_ccache *cache); - -krb5_error_code KRB5_CALLCONV -krb5_cc_initialize(krb5_context context, krb5_ccache cache, - krb5_principal principal); - -krb5_error_code KRB5_CALLCONV -krb5_cc_destroy (krb5_context context, krb5_ccache cache); - -krb5_error_code KRB5_CALLCONV -krb5_cc_close (krb5_context context, krb5_ccache cache); - -krb5_error_code KRB5_CALLCONV -krb5_cc_store_cred (krb5_context context, krb5_ccache cache, - krb5_creds *creds); - -krb5_error_code KRB5_CALLCONV -krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache, - krb5_flags flags, krb5_creds *mcreds, - krb5_creds *creds); - -krb5_error_code KRB5_CALLCONV -krb5_cc_get_principal (krb5_context context, krb5_ccache cache, - krb5_principal *principal); - -krb5_error_code KRB5_CALLCONV -krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor); - -krb5_error_code KRB5_CALLCONV -krb5_cc_next_cred (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor, krb5_creds *creds); - -krb5_error_code KRB5_CALLCONV -krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor); - -krb5_error_code KRB5_CALLCONV -krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags, - krb5_creds *creds); - -krb5_error_code KRB5_CALLCONV -krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags); - -krb5_error_code KRB5_CALLCONV -krb5_cc_get_flags (krb5_context context, krb5_ccache cache, krb5_flags *flags); - -const char * KRB5_CALLCONV -krb5_cc_get_type (krb5_context context, krb5_ccache cache); - -/* - * end "ccache.h" - */ - -/* - * begin "rcache.h" - */ - -struct krb5_rc_st; -typedef struct krb5_rc_st *krb5_rcache; - -/* - * end "rcache.h" - */ - -/* - * begin "keytab.h" - */ - - -/* XXX */ -#define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */ - -typedef krb5_pointer krb5_kt_cursor; /* XXX */ - -typedef struct krb5_keytab_entry_st { - krb5_magic magic; - krb5_principal principal; /* principal of this key */ - krb5_timestamp timestamp; /* time entry written to keytable */ - krb5_kvno vno; /* key version number */ - krb5_keyblock key; /* the secret key */ -} krb5_keytab_entry; - -#if KRB5_PRIVATE -struct _krb5_kt_ops; -typedef struct _krb5_kt { /* should move into k5-int.h */ - krb5_magic magic; - const struct _krb5_kt_ops *ops; - krb5_pointer data; -} *krb5_keytab; -#else -struct _krb5_kt; -typedef struct _krb5_kt *krb5_keytab; -#endif - -char * KRB5_CALLCONV -krb5_kt_get_type (krb5_context, krb5_keytab keytab); -krb5_error_code KRB5_CALLCONV -krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, - unsigned int namelen); -krb5_error_code KRB5_CALLCONV -krb5_kt_close(krb5_context context, krb5_keytab keytab); -krb5_error_code KRB5_CALLCONV -krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, - krb5_const_principal principal, krb5_kvno vno, - krb5_enctype enctype, krb5_keytab_entry *entry); -krb5_error_code KRB5_CALLCONV -krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, - krb5_kt_cursor *cursor); -krb5_error_code KRB5_CALLCONV -krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, - krb5_keytab_entry *entry, krb5_kt_cursor *cursor); -krb5_error_code KRB5_CALLCONV -krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, - krb5_kt_cursor *cursor); - -/* - * end "keytab.h" - */ - -/* - * begin "func-proto.h" - */ - -krb5_error_code KRB5_CALLCONV krb5_init_context - (krb5_context *); -krb5_error_code KRB5_CALLCONV krb5_init_secure_context - (krb5_context *); -void KRB5_CALLCONV krb5_free_context - (krb5_context); - -#if KRB5_PRIVATE -krb5_error_code krb5_set_default_in_tkt_ktypes - (krb5_context, - const krb5_enctype *); -krb5_error_code krb5_get_default_in_tkt_ktypes - (krb5_context, - krb5_enctype **); - -krb5_error_code krb5_set_default_tgs_ktypes - (krb5_context, - const krb5_enctype *); -#endif - -krb5_error_code KRB5_CALLCONV -krb5_set_default_tgs_enctypes - (krb5_context, - const krb5_enctype *); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes - (krb5_context, - krb5_const_principal, - krb5_enctype **); -#endif - -krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes - (krb5_context, krb5_enctype **); - -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_ktypes - (krb5_context, krb5_enctype *); - -krb5_boolean krb5_is_permitted_enctype - (krb5_context, krb5_enctype); -#endif - -krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void); - -/* libkrb.spec */ -#if KRB5_PRIVATE -krb5_error_code krb5_kdc_rep_decrypt_proc - (krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ); -krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part - (krb5_context, - const krb5_keyblock *, - krb5_ticket * ); -krb5_error_code krb5_get_cred_from_kdc - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); -krb5_error_code krb5_get_cred_from_kdc_validate - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); -krb5_error_code krb5_get_cred_from_kdc_renew - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); -#endif - -void KRB5_CALLCONV krb5_free_tgt_creds - (krb5_context, - krb5_creds **); /* XXX too hard to do with const */ - -#define KRB5_GC_USER_USER 1 /* want user-user ticket */ -#define KRB5_GC_CACHED 2 /* want cached ticket only */ - -krb5_error_code KRB5_CALLCONV krb5_get_credentials - (krb5_context, - krb5_flags, - krb5_ccache, - krb5_creds *, - krb5_creds **); -krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate - (krb5_context, - krb5_flags, - krb5_ccache, - krb5_creds *, - krb5_creds **); -krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew - (krb5_context, - krb5_flags, - krb5_ccache, - krb5_creds *, - krb5_creds **); -#if KRB5_PRIVATE -krb5_error_code krb5_get_cred_via_tkt - (krb5_context, - krb5_creds *, - krb5_flags, - krb5_address * const *, - krb5_creds *, - krb5_creds **); -#endif -krb5_error_code KRB5_CALLCONV krb5_mk_req - (krb5_context, - krb5_auth_context *, - krb5_flags, - char *, - char *, - krb5_data *, - krb5_ccache, - krb5_data * ); -krb5_error_code KRB5_CALLCONV krb5_mk_req_extended - (krb5_context, - krb5_auth_context *, - krb5_flags, - krb5_data *, - krb5_creds *, - krb5_data * ); -krb5_error_code KRB5_CALLCONV krb5_mk_rep - (krb5_context, - krb5_auth_context, - krb5_data *); -krb5_error_code KRB5_CALLCONV krb5_rd_rep - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_ap_rep_enc_part **); -krb5_error_code KRB5_CALLCONV krb5_mk_error - (krb5_context, - const krb5_error *, - krb5_data * ); -krb5_error_code KRB5_CALLCONV krb5_rd_error - (krb5_context, - const krb5_data *, - krb5_error ** ); -krb5_error_code KRB5_CALLCONV krb5_rd_safe - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); -krb5_error_code KRB5_CALLCONV krb5_rd_priv - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); -krb5_error_code KRB5_CALLCONV krb5_parse_name - (krb5_context, - const char *, - krb5_principal * ); -krb5_error_code KRB5_CALLCONV krb5_unparse_name - (krb5_context, - krb5_const_principal, - char ** ); -krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext - (krb5_context, - krb5_const_principal, - char **, - unsigned int *); - -krb5_error_code KRB5_CALLCONV krb5_set_principal_realm - (krb5_context, krb5_principal, const char *); - -krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search - (krb5_context, - const krb5_address *, - krb5_address * const *); -krb5_boolean KRB5_CALLCONV krb5_address_compare - (krb5_context, - const krb5_address *, - const krb5_address *); -int KRB5_CALLCONV krb5_address_order - (krb5_context, - const krb5_address *, - const krb5_address *); -krb5_boolean KRB5_CALLCONV krb5_realm_compare - (krb5_context, - krb5_const_principal, - krb5_const_principal); -krb5_boolean KRB5_CALLCONV krb5_principal_compare - (krb5_context, - krb5_const_principal, - krb5_const_principal); -krb5_error_code KRB5_CALLCONV krb5_init_keyblock - (krb5_context, krb5_enctype enctype, - size_t length, krb5_keyblock **out); - /* Initialize a new keyblock and allocate storage - * for the contents of the key, which will be freed along - * with the keyblock when krb5_free_keyblock is called. - * It is legal to pass in a length of 0, in which - * case contents are left unallocated. - */ -krb5_error_code KRB5_CALLCONV krb5_copy_keyblock - (krb5_context, - const krb5_keyblock *, - krb5_keyblock **); -krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents - (krb5_context, - const krb5_keyblock *, - krb5_keyblock *); -krb5_error_code KRB5_CALLCONV krb5_copy_creds - (krb5_context, - const krb5_creds *, - krb5_creds **); -krb5_error_code KRB5_CALLCONV krb5_copy_data - (krb5_context, - const krb5_data *, - krb5_data **); -krb5_error_code KRB5_CALLCONV krb5_copy_principal - (krb5_context, - krb5_const_principal, - krb5_principal *); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_copy_addr - (krb5_context, - const krb5_address *, - krb5_address **); -#endif -krb5_error_code KRB5_CALLCONV krb5_copy_addresses - (krb5_context, - krb5_address * const *, - krb5_address ***); -krb5_error_code KRB5_CALLCONV krb5_copy_ticket - (krb5_context, - const krb5_ticket *, - krb5_ticket **); -krb5_error_code KRB5_CALLCONV krb5_copy_authdata - (krb5_context, - krb5_authdata * const *, - krb5_authdata ***); -krb5_error_code KRB5_CALLCONV krb5_copy_authenticator - (krb5_context, - const krb5_authenticator *, - krb5_authenticator **); -krb5_error_code KRB5_CALLCONV krb5_copy_checksum - (krb5_context, - const krb5_checksum *, - krb5_checksum **); -#if KRB5_PRIVATE -void krb5_init_ets - (krb5_context); -void krb5_free_ets - (krb5_context); -krb5_error_code krb5_generate_subkey - (krb5_context, - const krb5_keyblock *, krb5_keyblock **); -krb5_error_code krb5_generate_seq_number - (krb5_context, - const krb5_keyblock *, krb5_ui_4 *); -#endif -krb5_error_code KRB5_CALLCONV krb5_get_server_rcache - (krb5_context, - const krb5_data *, krb5_rcache *); -krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext - (krb5_context, krb5_principal *, unsigned int, const char *, ...); -krb5_error_code KRB5_CALLCONV_C krb5_build_principal - (krb5_context, krb5_principal *, unsigned int, const char *, ...); -#ifdef va_start -/* XXX depending on varargs include file defining va_start... */ -krb5_error_code KRB5_CALLCONV krb5_build_principal_va - (krb5_context, - krb5_principal, unsigned int, const char *, va_list); -#endif - -krb5_error_code KRB5_CALLCONV krb5_425_conv_principal - (krb5_context, - const char *name, - const char *instance, const char *realm, - krb5_principal *princ); - -krb5_error_code KRB5_CALLCONV krb5_524_conv_principal - (krb5_context context, krb5_const_principal princ, - char *name, char *inst, char *realm); - -struct credentials; -int KRB5_CALLCONV krb5_524_convert_creds - (krb5_context context, krb5_creds *v5creds, - struct credentials *v4creds); -#if KRB5_DEPRECATED -#define krb524_convert_creds_kdc krb5_524_convert_creds -#define krb524_init_ets(x) (0) -#endif - -/* libkt.spec */ -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_kt_register - (krb5_context, - const struct _krb5_kt_ops * ); -#endif - -krb5_error_code KRB5_CALLCONV krb5_kt_resolve - (krb5_context, - const char *, - krb5_keytab * ); -krb5_error_code KRB5_CALLCONV krb5_kt_default_name - (krb5_context, - char *, - int ); -krb5_error_code KRB5_CALLCONV krb5_kt_default - (krb5_context, - krb5_keytab * ); -krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents - (krb5_context, - krb5_keytab_entry * ); -#if KRB5_PRIVATE -/* use krb5_free_keytab_entry_contents instead */ -krb5_error_code KRB5_CALLCONV krb5_kt_free_entry - (krb5_context, - krb5_keytab_entry * ); -#endif -/* remove and add are functions, so that they can return NOWRITE - if not a writable keytab */ -krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry * ); -krb5_error_code KRB5_CALLCONV krb5_kt_add_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry * ); -krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt - (krb5_context, - krb5_const_principal, krb5_data *); -#if KRB5_PRIVATE -krb5_error_code krb5_principal2salt_norealm - (krb5_context, - krb5_const_principal, krb5_data *); -#endif -/* librc.spec--see rcache.h */ - -/* libcc.spec */ -krb5_error_code KRB5_CALLCONV krb5_cc_resolve - (krb5_context, - const char *, - krb5_ccache * ); -const char * KRB5_CALLCONV krb5_cc_default_name - (krb5_context); -krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name - (krb5_context, const char *); -krb5_error_code KRB5_CALLCONV krb5_cc_default - (krb5_context, - krb5_ccache *); -#if KRB5_PRIVATE -unsigned int KRB5_CALLCONV krb5_get_notification_message - (void); -#endif - -krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds - (krb5_context context, - krb5_ccache incc, - krb5_ccache outcc); - - -/* chk_trans.c */ -#if KRB5_PRIVATE -krb5_error_code krb5_check_transited_list - (krb5_context, const krb5_data *trans, - const krb5_data *realm1, const krb5_data *realm2); -#endif - -/* free_rtree.c */ -#if KRB5_PRIVATE -void krb5_free_realm_tree - (krb5_context, - krb5_principal *); -#endif - -/* krb5_free.c */ -void KRB5_CALLCONV krb5_free_principal - (krb5_context, krb5_principal ); -void KRB5_CALLCONV krb5_free_authenticator - (krb5_context, krb5_authenticator * ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_authenticator_contents - (krb5_context, krb5_authenticator * ); -#endif -void KRB5_CALLCONV krb5_free_addresses - (krb5_context, krb5_address ** ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_address - (krb5_context, krb5_address * ); -#endif -void KRB5_CALLCONV krb5_free_authdata - (krb5_context, krb5_authdata ** ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_enc_tkt_part - (krb5_context, krb5_enc_tkt_part * ); -#endif -void KRB5_CALLCONV krb5_free_ticket - (krb5_context, krb5_ticket * ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_tickets - (krb5_context, krb5_ticket ** ); -void KRB5_CALLCONV krb5_free_kdc_req - (krb5_context, krb5_kdc_req * ); -void KRB5_CALLCONV krb5_free_kdc_rep - (krb5_context, krb5_kdc_rep * ); -void KRB5_CALLCONV krb5_free_last_req - (krb5_context, krb5_last_req_entry ** ); -void KRB5_CALLCONV krb5_free_enc_kdc_rep_part - (krb5_context, krb5_enc_kdc_rep_part * ); -#endif -void KRB5_CALLCONV krb5_free_error - (krb5_context, krb5_error * ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_ap_req - (krb5_context, krb5_ap_req * ); -void KRB5_CALLCONV krb5_free_ap_rep - (krb5_context, krb5_ap_rep * ); -void KRB5_CALLCONV krb5_free_cred - (krb5_context, krb5_cred *); -#endif -void KRB5_CALLCONV krb5_free_creds - (krb5_context, krb5_creds *); -void KRB5_CALLCONV krb5_free_cred_contents - (krb5_context, krb5_creds *); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_cred_enc_part - (krb5_context, krb5_cred_enc_part *); -#endif -void KRB5_CALLCONV krb5_free_checksum - (krb5_context, krb5_checksum *); -void KRB5_CALLCONV krb5_free_checksum_contents - (krb5_context, krb5_checksum *); -void KRB5_CALLCONV krb5_free_keyblock - (krb5_context, krb5_keyblock *); -void KRB5_CALLCONV krb5_free_keyblock_contents - (krb5_context, krb5_keyblock *); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_pa_data - (krb5_context, krb5_pa_data **); -#endif -void KRB5_CALLCONV krb5_free_ap_rep_enc_part - (krb5_context, krb5_ap_rep_enc_part *); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_tkt_authent - (krb5_context, krb5_tkt_authent *); -void KRB5_CALLCONV krb5_free_pwd_data - (krb5_context, krb5_pwd_data *); -void KRB5_CALLCONV krb5_free_pwd_sequences - (krb5_context, passwd_phrase_element **); -#endif -void KRB5_CALLCONV krb5_free_data - (krb5_context, krb5_data *); -void KRB5_CALLCONV krb5_free_data_contents - (krb5_context, krb5_data *); -void KRB5_CALLCONV krb5_free_unparsed_name - (krb5_context, char *); -void KRB5_CALLCONV krb5_free_cksumtypes - (krb5_context, krb5_cksumtype *); - -/* From krb5/os but needed but by the outside world */ -krb5_error_code KRB5_CALLCONV krb5_us_timeofday - (krb5_context, - krb5_timestamp *, - krb5_int32 * ); -krb5_error_code KRB5_CALLCONV krb5_timeofday - (krb5_context, - krb5_timestamp * ); - /* get all the addresses of this host */ -krb5_error_code KRB5_CALLCONV krb5_os_localaddr - (krb5_context, - krb5_address ***); -krb5_error_code KRB5_CALLCONV krb5_get_default_realm - (krb5_context, - char ** ); -krb5_error_code KRB5_CALLCONV krb5_set_default_realm - (krb5_context, - const char * ); -void KRB5_CALLCONV krb5_free_default_realm - (krb5_context, - char * ); -krb5_error_code KRB5_CALLCONV krb5_sname_to_principal - (krb5_context, - const char *, - const char *, - krb5_int32, - krb5_principal *); -krb5_error_code KRB5_CALLCONV -krb5_change_password - (krb5_context context, krb5_creds *creds, char *newpw, - int *result_code, krb5_data *result_code_string, - krb5_data *result_string); -krb5_error_code KRB5_CALLCONV -krb5_set_password - (krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for, - int *result_code, krb5_data *result_code_string, krb5_data *result_string); -krb5_error_code KRB5_CALLCONV -krb5_set_password_using_ccache - (krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for, - int *result_code, krb5_data *result_code_string, krb5_data *result_string); - -#if KRB5_PRIVATE -krb5_error_code krb5_set_config_files - (krb5_context, const char **); - -krb5_error_code KRB5_CALLCONV krb5_get_default_config_files - (char ***filenames); - -void KRB5_CALLCONV krb5_free_config_files - (char **filenames); -#endif - -krb5_error_code KRB5_CALLCONV -krb5_get_profile - (krb5_context, struct _profile_t * /* profile_t */ *); - -#if KRB5_PRIVATE -krb5_error_code krb5_send_tgs - (krb5_context, - krb5_flags, - const krb5_ticket_times *, - const krb5_enctype *, - krb5_const_principal, - krb5_address * const *, - krb5_authdata * const *, - krb5_pa_data * const *, - const krb5_data *, - krb5_creds *, - krb5_response * ); -#endif - -#if KRB5_DEPRECATED -krb5_error_code KRB5_CALLCONV krb5_get_in_tkt - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - krb5_error_code ( * )(krb5_context, - krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_error_code ( * )(krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ), - krb5_const_pointer, - krb5_creds *, - krb5_ccache, - krb5_kdc_rep ** ); - -krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - const char *, - krb5_ccache, - krb5_creds *, - krb5_kdc_rep ** ); - -krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - const krb5_keyblock *, - krb5_ccache, - krb5_creds *, - krb5_kdc_rep ** ); - -krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - krb5_keytab, - krb5_ccache, - krb5_creds *, - krb5_kdc_rep ** ); -#endif /* KRB5_DEPRECATED */ - -#if KRB5_PRIVATE -krb5_error_code krb5_decode_kdc_rep - (krb5_context, - krb5_data *, - const krb5_keyblock *, - krb5_kdc_rep ** ); -#endif - -krb5_error_code KRB5_CALLCONV krb5_rd_req - (krb5_context, - krb5_auth_context *, - const krb5_data *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **); - -#if KRB5_PRIVATE -krb5_error_code krb5_rd_req_decoded - (krb5_context, - krb5_auth_context *, - const krb5_ap_req *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **); - -krb5_error_code krb5_rd_req_decoded_anyflag - (krb5_context, - krb5_auth_context *, - const krb5_ap_req *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **); -#endif - -krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key - (krb5_context, - krb5_pointer, - krb5_principal, - krb5_kvno, - krb5_enctype, - krb5_keyblock **); -krb5_error_code KRB5_CALLCONV krb5_mk_safe - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); -krb5_error_code KRB5_CALLCONV krb5_mk_priv - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_cc_register - (krb5_context, - krb5_cc_ops *, - krb5_boolean ); -#endif - -krb5_error_code KRB5_CALLCONV krb5_sendauth - (krb5_context, - krb5_auth_context *, - krb5_pointer, - char *, - krb5_principal, - krb5_principal, - krb5_flags, - krb5_data *, - krb5_creds *, - krb5_ccache, - krb5_error **, - krb5_ap_rep_enc_part **, - krb5_creds **); - -krb5_error_code KRB5_CALLCONV krb5_recvauth - (krb5_context, - krb5_auth_context *, - krb5_pointer, - char *, - krb5_principal, - krb5_int32, - krb5_keytab, - krb5_ticket **); -krb5_error_code KRB5_CALLCONV krb5_recvauth_version - (krb5_context, - krb5_auth_context *, - krb5_pointer, - krb5_principal, - krb5_int32, - krb5_keytab, - krb5_ticket **, - krb5_data *); - -#if KRB5_PRIVATE -krb5_error_code krb5_walk_realm_tree - (krb5_context, - const krb5_data *, - const krb5_data *, - krb5_principal **, - int); -#endif - -krb5_error_code KRB5_CALLCONV krb5_mk_ncred - (krb5_context, - krb5_auth_context, - krb5_creds **, - krb5_data **, - krb5_replay_data *); - -krb5_error_code KRB5_CALLCONV krb5_mk_1cred - (krb5_context, - krb5_auth_context, - krb5_creds *, - krb5_data **, - krb5_replay_data *); - -krb5_error_code KRB5_CALLCONV krb5_rd_cred - (krb5_context, - krb5_auth_context, - krb5_data *, - krb5_creds ***, - krb5_replay_data *); - -krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds - (krb5_context, - krb5_auth_context, - char *, - krb5_principal, - krb5_principal, - krb5_ccache, - int forwardable, - krb5_data *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_init - (krb5_context, - krb5_auth_context *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_free - (krb5_context, - krb5_auth_context); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags - (krb5_context, - krb5_auth_context, - krb5_int32); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags - (krb5_context, - krb5_auth_context, - krb5_int32 *); - -krb5_error_code KRB5_CALLCONV -krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context, - krb5_mk_req_checksum_func, void *); - -krb5_error_code KRB5_CALLCONV -krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context, - krb5_mk_req_checksum_func *, void **); - -krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs - (krb5_context, - krb5_auth_context, - krb5_address *, - krb5_address *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs - (krb5_context, - krb5_auth_context, - krb5_address **, - krb5_address **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setports - (krb5_context, - krb5_auth_context, - krb5_address *, - krb5_address *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey - (krb5_context, - krb5_auth_context, - krb5_keyblock *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey - (krb5_context, - krb5_auth_context, - krb5_keyblock **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey( - krb5_context, krb5_auth_context, krb5_keyblock **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey( - krb5_context, krb5_auth_context, krb5_keyblock **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey( - krb5_context, krb5_auth_context, krb5_keyblock *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey( - krb5_context, krb5_auth_context, krb5_keyblock *); - -#if KRB5_DEPRECATED -krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey - (krb5_context, - krb5_auth_context, - krb5_keyblock **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey - (krb5_context, - krb5_auth_context, - krb5_keyblock **); -#endif - -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype - (krb5_context, - krb5_auth_context, - krb5_cksumtype); - -krb5_error_code krb5_auth_con_set_safe_cksumtype - (krb5_context, - krb5_auth_context, - krb5_cksumtype); -#endif - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber - (krb5_context, - krb5_auth_context, - krb5_int32 *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber - (krb5_context, - krb5_auth_context, - krb5_int32 *); - -#if KRB5_DEPRECATED -krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector - (krb5_context, - krb5_auth_context); -#endif - -#if KRB5_PRIVATE -krb5_error_code krb5_auth_con_setivector - (krb5_context, - krb5_auth_context, - krb5_pointer); - -krb5_error_code krb5_auth_con_getivector - (krb5_context, - krb5_auth_context, - krb5_pointer *); -#endif - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache - (krb5_context, - krb5_auth_context, - krb5_rcache); - -krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache - (krb5_context, - krb5_auth_context, - krb5_rcache *); - -#if KRB5_PRIVATE -krb5_error_code krb5_auth_con_setpermetypes - (krb5_context, - krb5_auth_context, - const krb5_enctype *); - -krb5_error_code krb5_auth_con_getpermetypes - (krb5_context, - krb5_auth_context, - krb5_enctype **); -#endif - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator - (krb5_context, - krb5_auth_context, - krb5_authenticator **); - -#define KRB5_REALM_BRANCH_CHAR '.' - -/* - * end "func-proto.h" - */ - -/* - * begin stuff from libos.h - */ - -#if KRB5_PRIVATE -krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *); -krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *); -int krb5_net_read (krb5_context, int , char *, int); -int krb5_net_write (krb5_context, int , const char *, int); -#endif - -krb5_error_code KRB5_CALLCONV krb5_read_password - (krb5_context, - const char *, - const char *, - char *, - unsigned int * ); -krb5_error_code KRB5_CALLCONV krb5_aname_to_localname - (krb5_context, - krb5_const_principal, - int, - char * ); -krb5_error_code KRB5_CALLCONV krb5_get_host_realm - (krb5_context, - const char *, - char *** ); -krb5_error_code KRB5_CALLCONV krb5_free_host_realm - (krb5_context, - char * const * ); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_get_realm_domain - (krb5_context, - const char *, - char ** ); -#endif -krb5_boolean KRB5_CALLCONV krb5_kuserok - (krb5_context, - krb5_principal, const char *); -krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs - (krb5_context, - krb5_auth_context, - int, int); -#if KRB5_PRIVATE -krb5_error_code krb5_gen_portaddr - (krb5_context, - const krb5_address *, - krb5_const_pointer, - krb5_address **); -krb5_error_code krb5_gen_replay_name - (krb5_context, - const krb5_address *, - const char *, - char **); -krb5_error_code krb5_make_fulladdr - (krb5_context, - krb5_address *, - krb5_address *, - krb5_address *); -#endif - -krb5_error_code KRB5_CALLCONV krb5_set_real_time - (krb5_context, krb5_timestamp, krb5_int32); - -#if KRB5_PRIVATE -krb5_error_code krb5_set_debugging_time - (krb5_context, krb5_timestamp, krb5_int32); -krb5_error_code krb5_use_natural_time - (krb5_context); -#endif -krb5_error_code KRB5_CALLCONV krb5_get_time_offsets - (krb5_context, krb5_timestamp *, krb5_int32 *); -#if KRB5_PRIVATE -krb5_error_code krb5_set_time_offsets - (krb5_context, krb5_timestamp, krb5_int32); -#endif - -/* str_conv.c */ -krb5_error_code KRB5_CALLCONV krb5_string_to_enctype - (char *, krb5_enctype *); -krb5_error_code KRB5_CALLCONV krb5_string_to_salttype - (char *, krb5_int32 *); -krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype - (char *, krb5_cksumtype *); -krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp - (char *, krb5_timestamp *); -krb5_error_code KRB5_CALLCONV krb5_string_to_deltat - (char *, krb5_deltat *); -krb5_error_code KRB5_CALLCONV krb5_enctype_to_string - (krb5_enctype, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_salttype_to_string - (krb5_int32, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string - (krb5_cksumtype, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string - (krb5_timestamp, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring - (krb5_timestamp, char *, size_t, char *); -krb5_error_code KRB5_CALLCONV krb5_deltat_to_string - (krb5_deltat, char *, size_t); - - - -/* The name of the Kerberos ticket granting service... and its size */ -#define KRB5_TGS_NAME "krbtgt" -#define KRB5_TGS_NAME_SIZE 6 - -/* flags for recvauth */ -#define KRB5_RECVAUTH_SKIP_VERSION 0x0001 -#define KRB5_RECVAUTH_BADAUTHVERS 0x0002 -/* initial ticket api functions */ - -typedef struct _krb5_prompt { - char *prompt; - int hidden; - krb5_data *reply; -} krb5_prompt; - -typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]); - - -krb5_error_code KRB5_CALLCONV -krb5_prompter_posix (krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]); - -typedef struct _krb5_get_init_creds_opt { - krb5_flags flags; - krb5_deltat tkt_life; - krb5_deltat renew_life; - int forwardable; - int proxiable; - krb5_enctype *etype_list; - int etype_list_length; - krb5_address **address_list; - krb5_preauthtype *preauth_list; - int preauth_list_length; - krb5_data *salt; -} krb5_get_init_creds_opt; - -#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 -#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 -#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 -#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 -#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 -#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 -#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 -#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 - - -void KRB5_CALLCONV -krb5_get_init_creds_opt_init -(krb5_get_init_creds_opt *opt); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_tkt_life -(krb5_get_init_creds_opt *opt, - krb5_deltat tkt_life); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_renew_life -(krb5_get_init_creds_opt *opt, - krb5_deltat renew_life); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_forwardable -(krb5_get_init_creds_opt *opt, - int forwardable); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_proxiable -(krb5_get_init_creds_opt *opt, - int proxiable); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_etype_list -(krb5_get_init_creds_opt *opt, - krb5_enctype *etype_list, - int etype_list_length); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_address_list -(krb5_get_init_creds_opt *opt, - krb5_address **addresses); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_preauth_list -(krb5_get_init_creds_opt *opt, - krb5_preauthtype *preauth_list, - int preauth_list_length); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_salt -(krb5_get_init_creds_opt *opt, - krb5_data *salt); - - - -krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_password -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - char *password, - krb5_prompter_fct prompter, - void *data, - krb5_deltat start_time, - char *in_tkt_service, - krb5_get_init_creds_opt *k5_gic_options); - -krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_keytab -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_keytab arg_keytab, - krb5_deltat start_time, - char *in_tkt_service, - krb5_get_init_creds_opt *k5_gic_options); - -typedef struct _krb5_verify_init_creds_opt { - krb5_flags flags; - int ap_req_nofail; -} krb5_verify_init_creds_opt; - -#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 - -void KRB5_CALLCONV -krb5_verify_init_creds_opt_init -(krb5_verify_init_creds_opt *k5_vic_options); -void KRB5_CALLCONV -krb5_verify_init_creds_opt_set_ap_req_nofail -(krb5_verify_init_creds_opt *k5_vic_options, - int ap_req_nofail); - -krb5_error_code KRB5_CALLCONV -krb5_verify_init_creds -(krb5_context context, - krb5_creds *creds, - krb5_principal ap_req_server, - krb5_keytab ap_req_keytab, - krb5_ccache *ccache, - krb5_verify_init_creds_opt *k5_vic_options); - -krb5_error_code KRB5_CALLCONV -krb5_get_validated_creds -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_ccache ccache, - char *in_tkt_service); - -krb5_error_code KRB5_CALLCONV -krb5_get_renewed_creds -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_ccache ccache, - char *in_tkt_service); - -krb5_error_code KRB5_CALLCONV -krb5_decode_ticket -(const krb5_data *code, - krb5_ticket **rep); - -void KRB5_CALLCONV -krb5_appdefault_string -(krb5_context context, - const char *appname, - const krb5_data *realm, - const char *option, - const char *default_value, - char ** ret_value); - -void KRB5_CALLCONV -krb5_appdefault_boolean -(krb5_context context, - const char *appname, - const krb5_data *realm, - const char *option, - int default_value, - int *ret_value); - -#if KRB5_PRIVATE -/* - * The realm iterator functions - */ - -krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create - (krb5_context context, void **iter_p); - -krb5_error_code KRB5_CALLCONV krb5_realm_iterator - (krb5_context context, void **iter_p, char **ret_realm); - -void KRB5_CALLCONV krb5_realm_iterator_free - (krb5_context context, void **iter_p); - -void KRB5_CALLCONV krb5_free_realm_string - (krb5_context context, char *str); -#endif - -/* - * Prompter enhancements - */ - -#define KRB5_PROMPT_TYPE_PASSWORD 0x1 -#define KRB5_PROMPT_TYPE_NEW_PASSWORD 0x2 -#define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN 0x3 -#define KRB5_PROMPT_TYPE_PREAUTH 0x4 - -typedef krb5_int32 krb5_prompt_type; - -krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types - (krb5_context context); - -/* Error reporting */ -void -krb5_set_error_message (krb5_context, krb5_error_code, const char *, ...); -#ifdef va_start -void -krb5_vset_error_message (krb5_context, krb5_error_code, const char *, va_list); -#endif -char * -krb5_get_error_message (krb5_context, krb5_error_code); -void -krb5_free_error_message (krb5_context, char *); -void -krb5_clear_error_message (krb5_context); - - -#if TARGET_OS_MAC -# pragma options align=reset -#endif - -KRB5INT_END_DECLS - -/* Don't use this! We're going to phase it out. It's just here to keep - applications from breaking right away. */ -#define krb5_const const - -#endif /* KRB5_GENERAL__ */ - diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin new file mode 100644 index 0000000000..d786e6770c --- /dev/null +++ b/src/include/krb5/krb5.hin @@ -0,0 +1,2565 @@ +/* + * include/krb5.h + * + * Copyright 1989,1990,1995,2001, 2003 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * General definitions for Kerberos version 5. + */ + +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#ifndef KRB5_GENERAL__ +#define KRB5_GENERAL__ + +/* By default, do not expose deprecated interfaces. */ +#ifndef KRB5_DEPRECATED +#define KRB5_DEPRECATED 0 +#endif +/* Do not expose private interfaces. Build system will override. */ +#ifndef KRB5_PRIVATE +#define KRB5_PRIVATE 0 +#endif + +#if defined(__MACH__) && defined(__APPLE__) +# include +# if TARGET_RT_MAC_CFM +# error "Use KfM 4.0 SDK headers for CFM compilation." +# endif +#endif + +#if defined(_MSDOS) || defined(_WIN32) +#include +#endif + +#ifndef KRB5_CONFIG__ +#ifndef KRB5_CALLCONV +#define KRB5_CALLCONV +#define KRB5_CALLCONV_C +#endif /* !KRB5_CALLCONV */ +#endif /* !KRB5_CONFIG__ */ + +#ifndef KRB5_CALLCONV_WRONG +#define KRB5_CALLCONV_WRONG +#endif + +#ifndef THREEPARAMOPEN +#define THREEPARAMOPEN(x,y,z) open(x,y,z) +#endif + +#define KRB5_OLD_CRYPTO + +#include +#include /* for *_MAX */ + +#ifndef KRB5INT_BEGIN_DECLS +#if defined(__cplusplus) +#define KRB5INT_BEGIN_DECLS extern "C" { +#define KRB5INT_END_DECLS } +#else +#define KRB5INT_BEGIN_DECLS +#define KRB5INT_END_DECLS +#endif +#endif + +KRB5INT_BEGIN_DECLS + +#if TARGET_OS_MAC +# pragma options align=mac68k +#endif + +/* from profile.h */ +struct _profile_t; +/* typedef struct _profile_t *profile_t; */ + +/* + * begin wordsize.h + */ + +/* + * Word-size related definition. + */ + +typedef unsigned char krb5_octet; + +#if INT_MAX == 0x7fff +typedef int krb5_int16; +typedef unsigned int krb5_ui_2; +#elif SHRT_MAX == 0x7fff +typedef short krb5_int16; +typedef unsigned short krb5_ui_2; +#else +#error undefined 16 bit type +#endif + +#if INT_MAX == 0x7fffffffL +typedef int krb5_int32; +typedef unsigned int krb5_ui_4; +#elif LONG_MAX == 0x7fffffffL +typedef long krb5_int32; +typedef unsigned long krb5_ui_4; +#elif SHRT_MAX == 0x7fffffffL +typedef short krb5_int32; +typedef unsigned short krb5_ui_4; +#else +#error: undefined 32 bit type +#endif + +#define VALID_INT_BITS INT_MAX +#define VALID_UINT_BITS UINT_MAX + +#define KRB5_INT32_MAX 2147483647 +/* this strange form is necessary since - is a unary operator, not a sign + indicator */ +#define KRB5_INT32_MIN (-KRB5_INT32_MAX-1) + +#define KRB5_INT16_MAX 65535 +/* this strange form is necessary since - is a unary operator, not a sign + indicator */ +#define KRB5_INT16_MIN (-KRB5_INT16_MAX-1) + +/* + * end wordsize.h + */ + +/* + * begin "base-defs.h" + */ + +/* + * Basic definitions for Kerberos V5 library + */ + +#ifndef FALSE +#define FALSE 0 +#endif +#ifndef TRUE +#define TRUE 1 +#endif + +typedef unsigned int krb5_boolean; +typedef unsigned int krb5_msgtype; +typedef unsigned int krb5_kvno; + +typedef krb5_int32 krb5_addrtype; +typedef krb5_int32 krb5_enctype; +typedef krb5_int32 krb5_cksumtype; +typedef krb5_int32 krb5_authdatatype; +typedef krb5_int32 krb5_keyusage; + +typedef krb5_int32 krb5_preauthtype; /* This may change, later on */ +typedef krb5_int32 krb5_flags; +typedef krb5_int32 krb5_timestamp; +typedef krb5_int32 krb5_error_code; +typedef krb5_int32 krb5_deltat; + +typedef krb5_error_code krb5_magic; + +typedef struct _krb5_data { + krb5_magic magic; + unsigned int length; + char *data; +} krb5_data; + +/* + * Hack length for crypto library to use the afs_string_to_key It is + * equivalent to -1 without possible sign extension + * We also overload for an unset salt type length - which is also -1, but + * hey, why not.... +*/ +#define SALT_TYPE_AFS_LENGTH UINT_MAX +#define SALT_TYPE_NO_LENGTH UINT_MAX + +typedef void * krb5_pointer; +typedef void const * krb5_const_pointer; + +typedef struct krb5_principal_data { + krb5_magic magic; + krb5_data realm; + krb5_data *data; /* An array of strings */ + krb5_int32 length; + krb5_int32 type; +} krb5_principal_data; + +typedef krb5_principal_data * krb5_principal; + +/* + * Per V5 spec on definition of principal types + */ + +/* Name type not known */ +#define KRB5_NT_UNKNOWN 0 +/* Just the name of the principal as in DCE, or for users */ +#define KRB5_NT_PRINCIPAL 1 +/* Service and other unique instance (krbtgt) */ +#define KRB5_NT_SRV_INST 2 +/* Service with host name as instance (telnet, rcommands) */ +#define KRB5_NT_SRV_HST 3 +/* Service with host as remaining components */ +#define KRB5_NT_SRV_XHST 4 +/* Unique ID */ +#define KRB5_NT_UID 5 + +/* constant version thereof: */ +typedef const krb5_principal_data *krb5_const_principal; + +#define krb5_princ_realm(context, princ) (&(princ)->realm) +#define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value)) +#define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value) +#define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value) +#define krb5_princ_size(context, princ) (princ)->length +#define krb5_princ_type(context, princ) (princ)->type +#define krb5_princ_name(context, princ) (princ)->data +#define krb5_princ_component(context, princ,i) \ + (((i) < krb5_princ_size(context, princ)) \ + ? (princ)->data + (i) \ + : NULL) + +/* + * end "base-defs.h" + */ + +/* + * begin "hostaddr.h" + */ + +/* structure for address */ +typedef struct _krb5_address { + krb5_magic magic; + krb5_addrtype addrtype; + unsigned int length; + krb5_octet *contents; +} krb5_address; + +/* per Kerberos v5 protocol spec */ +#define ADDRTYPE_INET 0x0002 +#define ADDRTYPE_CHAOS 0x0005 +#define ADDRTYPE_XNS 0x0006 +#define ADDRTYPE_ISO 0x0007 +#define ADDRTYPE_DDP 0x0010 +#define ADDRTYPE_INET6 0x0018 +/* not yet in the spec... */ +#define ADDRTYPE_ADDRPORT 0x0100 +#define ADDRTYPE_IPPORT 0x0101 + +/* macros to determine if a type is a local type */ +#define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000) + +/* + * end "hostaddr.h" + */ + + +struct _krb5_context; +typedef struct _krb5_context * krb5_context; + +struct _krb5_auth_context; +typedef struct _krb5_auth_context * krb5_auth_context; + +struct _krb5_cryptosystem_entry; + +/* + * begin "encryption.h" + */ + +typedef struct _krb5_keyblock { + krb5_magic magic; + krb5_enctype enctype; + unsigned int length; + krb5_octet *contents; +} krb5_keyblock; + +#ifdef KRB5_OLD_CRYPTO +typedef struct _krb5_encrypt_block { + krb5_magic magic; + krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need + this. it was a pointer, but it + doesn't have to be. gross. */ + krb5_keyblock *key; +} krb5_encrypt_block; +#endif + +typedef struct _krb5_checksum { + krb5_magic magic; + krb5_cksumtype checksum_type; /* checksum type */ + unsigned int length; + krb5_octet *contents; +} krb5_checksum; + +typedef struct _krb5_enc_data { + krb5_magic magic; + krb5_enctype enctype; + krb5_kvno kvno; + krb5_data ciphertext; +} krb5_enc_data; + +/* per Kerberos v5 protocol spec */ +#define ENCTYPE_NULL 0x0000 +#define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ +#define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ +#define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ +#define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */ +/* XXX deprecated? */ +#define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */ +#define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */ +#define ENCTYPE_DES_HMAC_SHA1 0x0008 +#define ENCTYPE_DES3_CBC_SHA1 0x0010 +#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 +#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 +#define ENCTYPE_ARCFOUR_HMAC 0x0017 +#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 +#define ENCTYPE_UNKNOWN 0x01ff + +#define CKSUMTYPE_CRC32 0x0001 +#define CKSUMTYPE_RSA_MD4 0x0002 +#define CKSUMTYPE_RSA_MD4_DES 0x0003 +#define CKSUMTYPE_DESCBC 0x0004 +/* des-mac-k */ +/* rsa-md4-des-k */ +#define CKSUMTYPE_RSA_MD5 0x0007 +#define CKSUMTYPE_RSA_MD5_DES 0x0008 +#define CKSUMTYPE_NIST_SHA 0x0009 +#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c +#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f +#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 +#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ + +/* The following are entropy source designations. Whenever + * krb5_C_random_add_entropy is called, one of these source ids is passed + * in. This allows the library to better estimate bits of + * entropy in the sample and to keep track of what sources of entropy have + * contributed enough entropy. Sources marked internal MUST NOT be + * used by applications outside the Kerberos library +*/ + +enum { + KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/ + KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/ + KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/ + /*This source should be used carefully; data in this category + * should be from a third party trusted to give random bits + * For example keys issued by the KDC in the application server. + */ + KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/ + KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/ + KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/ +}; + +#ifndef krb5_roundup +/* round x up to nearest multiple of y */ +#define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y)) +#endif /* roundup */ + +/* macro function definitions to help clean up code */ + +#if 1 +#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) +#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) +#else +#define krb5_x(ptr,args) ((*(ptr)) args) +#define krb5_xc(ptr,args) ((*(ptr)) args) +#endif + +krb5_error_code KRB5_CALLCONV + krb5_c_encrypt + (krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *cipher_state, + const krb5_data *input, krb5_enc_data *output); + +krb5_error_code KRB5_CALLCONV + krb5_c_decrypt + (krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *cipher_state, + const krb5_enc_data *input, krb5_data *output); + +krb5_error_code KRB5_CALLCONV + krb5_c_encrypt_length + (krb5_context context, krb5_enctype enctype, + size_t inputlen, size_t *length); + +krb5_error_code KRB5_CALLCONV + krb5_c_block_size + (krb5_context context, krb5_enctype enctype, + size_t *blocksize); + +krb5_error_code KRB5_CALLCONV + krb5_c_init_state +(krb5_context context, +const krb5_keyblock *key, krb5_keyusage usage, +krb5_data *new_state); + +krb5_error_code KRB5_CALLCONV + krb5_c_free_state +(krb5_context context, const krb5_keyblock *key, krb5_data *state); + +krb5_error_code KRB5_CALLCONV + krb5_c_prf (krb5_context, const krb5_keyblock *, + krb5_data *in, krb5_data *out); + +krb5_error_code KRB5_CALLCONV + krb5_c_prf_length (krb5_context, krb5_enctype, size_t *outlen); + +krb5_error_code KRB5_CALLCONV + krb5_c_make_random_key + (krb5_context context, krb5_enctype enctype, + krb5_keyblock *k5_random_key); + +/* Register a new entropy sample with the PRNG. may cause +* the PRNG to be reseeded, although this is not guaranteed. See previous randsource definitions +* for information on how each source should be used. +*/ +krb5_error_code KRB5_CALLCONV + krb5_c_random_add_entropy +(krb5_context context, unsigned int randsource_id, const krb5_data *data); + + +krb5_error_code KRB5_CALLCONV + krb5_c_random_make_octets + (krb5_context context, krb5_data *data); + +/* +* Collect entropy from the OS if possible. strong requests that as strong +* of a source of entropy as available be used. Setting strong may +* increase the probability of blocking and should not be used for normal +* applications. Good uses include seeding the PRNG for kadmind +* and realm setup. +* If successful is non-null, then successful is set to 1 if the OS provided +* entropy else zero. +*/ +krb5_error_code KRB5_CALLCONV +krb5_c_random_os_entropy +(krb5_context context, int strong, int *success); + +/*deprecated*/ krb5_error_code KRB5_CALLCONV + krb5_c_random_seed + (krb5_context context, krb5_data *data); + +krb5_error_code KRB5_CALLCONV + krb5_c_string_to_key + (krb5_context context, krb5_enctype enctype, + const krb5_data *string, const krb5_data *salt, + krb5_keyblock *key); +krb5_error_code KRB5_CALLCONV +krb5_c_string_to_key_with_params(krb5_context context, + krb5_enctype enctype, + const krb5_data *string, + const krb5_data *salt, + const krb5_data *params, + krb5_keyblock *key); + +krb5_error_code KRB5_CALLCONV + krb5_c_enctype_compare + (krb5_context context, krb5_enctype e1, krb5_enctype e2, + krb5_boolean *similar); + +krb5_error_code KRB5_CALLCONV + krb5_c_make_checksum + (krb5_context context, krb5_cksumtype cksumtype, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *input, krb5_checksum *cksum); + +krb5_error_code KRB5_CALLCONV + krb5_c_verify_checksum + (krb5_context context, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *data, + const krb5_checksum *cksum, + krb5_boolean *valid); + +krb5_error_code KRB5_CALLCONV + krb5_c_checksum_length + (krb5_context context, krb5_cksumtype cksumtype, + size_t *length); + +krb5_error_code KRB5_CALLCONV + krb5_c_keyed_checksum_types + (krb5_context context, krb5_enctype enctype, + unsigned int *count, krb5_cksumtype **cksumtypes); + +#define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1 +#define KRB5_KEYUSAGE_KDC_REP_TICKET 2 +#define KRB5_KEYUSAGE_AS_REP_ENCPART 3 +#define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4 +#define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5 +#define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6 +#define KRB5_KEYUSAGE_TGS_REQ_AUTH 7 +#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8 +#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9 +#define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10 +#define KRB5_KEYUSAGE_AP_REQ_AUTH 11 +#define KRB5_KEYUSAGE_AP_REP_ENCPART 12 +#define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13 +#define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14 +#define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15 +#define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16 +#define KRB5_KEYUSAGE_APP_DATA_CKSUM 17 +#define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18 +#define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19 +#define KRB5_KEYUSAGE_AD_MTE 20 +#define KRB5_KEYUSAGE_AD_ITE 21 + +/* XXX need to register these */ + +#define KRB5_KEYUSAGE_GSS_TOK_MIC 22 +#define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23 +#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24 + +/* Defined in hardware preauth draft */ + +#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25 +#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26 +#define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27 + +krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype + (krb5_enctype ktype); +krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype + (krb5_cksumtype ctype); +krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum + (krb5_cksumtype ctype); +krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum + (krb5_cksumtype ctype); + +#if KRB5_PRIVATE +/* Use the above four instead. */ +krb5_boolean KRB5_CALLCONV valid_enctype + (krb5_enctype ktype); +krb5_boolean KRB5_CALLCONV valid_cksumtype + (krb5_cksumtype ctype); +krb5_boolean KRB5_CALLCONV is_coll_proof_cksum + (krb5_cksumtype ctype); +krb5_boolean KRB5_CALLCONV is_keyed_cksum + (krb5_cksumtype ctype); +#endif + +#ifdef KRB5_OLD_CRYPTO +/* + * old cryptosystem routine prototypes. These are now layered + * on top of the functions above. + */ +krb5_error_code KRB5_CALLCONV krb5_encrypt + (krb5_context context, + krb5_const_pointer inptr, + krb5_pointer outptr, + size_t size, + krb5_encrypt_block * eblock, + krb5_pointer ivec); +krb5_error_code KRB5_CALLCONV krb5_decrypt + (krb5_context context, + krb5_const_pointer inptr, + krb5_pointer outptr, + size_t size, + krb5_encrypt_block * eblock, + krb5_pointer ivec); +krb5_error_code KRB5_CALLCONV krb5_process_key + (krb5_context context, + krb5_encrypt_block * eblock, + const krb5_keyblock * key); +krb5_error_code KRB5_CALLCONV krb5_finish_key + (krb5_context context, + krb5_encrypt_block * eblock); +krb5_error_code KRB5_CALLCONV krb5_string_to_key + (krb5_context context, + const krb5_encrypt_block * eblock, + krb5_keyblock * keyblock, + const krb5_data * data, + const krb5_data * salt); +krb5_error_code KRB5_CALLCONV krb5_init_random_key + (krb5_context context, + const krb5_encrypt_block * eblock, + const krb5_keyblock * keyblock, + krb5_pointer * ptr); +krb5_error_code KRB5_CALLCONV krb5_finish_random_key + (krb5_context context, + const krb5_encrypt_block * eblock, + krb5_pointer * ptr); +krb5_error_code KRB5_CALLCONV krb5_random_key + (krb5_context context, + const krb5_encrypt_block * eblock, + krb5_pointer ptr, + krb5_keyblock ** keyblock); +krb5_enctype KRB5_CALLCONV krb5_eblock_enctype + (krb5_context context, + const krb5_encrypt_block * eblock); +krb5_error_code KRB5_CALLCONV krb5_use_enctype + (krb5_context context, + krb5_encrypt_block * eblock, + krb5_enctype enctype); +size_t KRB5_CALLCONV krb5_encrypt_size + (size_t length, + krb5_enctype crypto); +size_t KRB5_CALLCONV krb5_checksum_size + (krb5_context context, + krb5_cksumtype ctype); +krb5_error_code KRB5_CALLCONV krb5_calculate_checksum + (krb5_context context, + krb5_cksumtype ctype, + krb5_const_pointer in, size_t in_length, + krb5_const_pointer seed, size_t seed_length, + krb5_checksum * outcksum); +krb5_error_code KRB5_CALLCONV krb5_verify_checksum + (krb5_context context, + krb5_cksumtype ctype, + const krb5_checksum * cksum, + krb5_const_pointer in, size_t in_length, + krb5_const_pointer seed, size_t seed_length); + +#if KRB5_PRIVATE +krb5_error_code KRB5_CALLCONV krb5_random_confounder + (size_t, krb5_pointer); + +krb5_error_code krb5_encrypt_data + (krb5_context context, krb5_keyblock *key, + krb5_pointer ivec, krb5_data *data, + krb5_enc_data *enc_data); + +krb5_error_code krb5_decrypt_data + (krb5_context context, krb5_keyblock *key, + krb5_pointer ivec, krb5_enc_data *data, + krb5_data *enc_data); +#endif + +#endif /* KRB5_OLD_CRYPTO */ + +/* + * end "encryption.h" + */ + +/* + * begin "fieldbits.h" + */ + +/* kdc_options for kdc_request */ +/* options is 32 bits; each host is responsible to put the 4 bytes + representing these bits into net order before transmission */ +/* #define KDC_OPT_RESERVED 0x80000000 */ +#define KDC_OPT_FORWARDABLE 0x40000000 +#define KDC_OPT_FORWARDED 0x20000000 +#define KDC_OPT_PROXIABLE 0x10000000 +#define KDC_OPT_PROXY 0x08000000 +#define KDC_OPT_ALLOW_POSTDATE 0x04000000 +#define KDC_OPT_POSTDATED 0x02000000 +/* #define KDC_OPT_UNUSED 0x01000000 */ +#define KDC_OPT_RENEWABLE 0x00800000 +/* #define KDC_OPT_UNUSED 0x00400000 */ +/* #define KDC_OPT_RESERVED 0x00200000 */ +/* #define KDC_OPT_RESERVED 0x00100000 */ +/* #define KDC_OPT_RESERVED 0x00080000 */ +/* #define KDC_OPT_RESERVED 0x00040000 */ +#define KDC_OPT_REQUEST_ANONYMOUS 0x00020000 +/* #define KDC_OPT_RESERVED 0x00010000 */ +/* #define KDC_OPT_RESERVED 0x00008000 */ +/* #define KDC_OPT_RESERVED 0x00004000 */ +/* #define KDC_OPT_RESERVED 0x00002000 */ +/* #define KDC_OPT_RESERVED 0x00001000 */ +/* #define KDC_OPT_RESERVED 0x00000800 */ +/* #define KDC_OPT_RESERVED 0x00000400 */ +/* #define KDC_OPT_RESERVED 0x00000200 */ +/* #define KDC_OPT_RESERVED 0x00000100 */ +/* #define KDC_OPT_RESERVED 0x00000080 */ +/* #define KDC_OPT_RESERVED 0x00000040 */ +#define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020 +#define KDC_OPT_RENEWABLE_OK 0x00000010 +#define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008 +/* #define KDC_OPT_UNUSED 0x00000004 */ +#define KDC_OPT_RENEW 0x00000002 +#define KDC_OPT_VALIDATE 0x00000001 + +/* + * Mask of ticket flags in the TGT which should be converted into KDC + * options when using the TGT to get derivitive tickets. + * + * New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE | + * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE + */ +#define KDC_TKT_COMMON_MASK 0x54800000 + +/* definitions for ap_options fields */ +/* ap_options are 32 bits; each host is responsible to put the 4 bytes + representing these bits into net order before transmission */ +#define AP_OPTS_RESERVED 0x80000000 +#define AP_OPTS_USE_SESSION_KEY 0x40000000 +#define AP_OPTS_MUTUAL_REQUIRED 0x20000000 +/* #define AP_OPTS_RESERVED 0x10000000 */ +/* #define AP_OPTS_RESERVED 0x08000000 */ +/* #define AP_OPTS_RESERVED 0x04000000 */ +/* #define AP_OPTS_RESERVED 0x02000000 */ +/* #define AP_OPTS_RESERVED 0x01000000 */ +/* #define AP_OPTS_RESERVED 0x00800000 */ +/* #define AP_OPTS_RESERVED 0x00400000 */ +/* #define AP_OPTS_RESERVED 0x00200000 */ +/* #define AP_OPTS_RESERVED 0x00100000 */ +/* #define AP_OPTS_RESERVED 0x00080000 */ +/* #define AP_OPTS_RESERVED 0x00040000 */ +/* #define AP_OPTS_RESERVED 0x00020000 */ +/* #define AP_OPTS_RESERVED 0x00010000 */ +/* #define AP_OPTS_RESERVED 0x00008000 */ +/* #define AP_OPTS_RESERVED 0x00004000 */ +/* #define AP_OPTS_RESERVED 0x00002000 */ +/* #define AP_OPTS_RESERVED 0x00001000 */ +/* #define AP_OPTS_RESERVED 0x00000800 */ +/* #define AP_OPTS_RESERVED 0x00000400 */ +/* #define AP_OPTS_RESERVED 0x00000200 */ +/* #define AP_OPTS_RESERVED 0x00000100 */ +/* #define AP_OPTS_RESERVED 0x00000080 */ +/* #define AP_OPTS_RESERVED 0x00000040 */ +/* #define AP_OPTS_RESERVED 0x00000020 */ +/* #define AP_OPTS_RESERVED 0x00000010 */ +/* #define AP_OPTS_RESERVED 0x00000008 */ +/* #define AP_OPTS_RESERVED 0x00000004 */ +/* #define AP_OPTS_RESERVED 0x00000002 */ +#define AP_OPTS_USE_SUBKEY 0x00000001 + +#define AP_OPTS_WIRE_MASK 0xfffffff0 + +/* definitions for ad_type fields. */ +#define AD_TYPE_RESERVED 0x8000 +#define AD_TYPE_EXTERNAL 0x4000 +#define AD_TYPE_REGISTERED 0x2000 + +#define AD_TYPE_FIELD_TYPE_MASK 0x1fff + +/* Ticket flags */ +/* flags are 32 bits; each host is responsible to put the 4 bytes + representing these bits into net order before transmission */ +/* #define TKT_FLG_RESERVED 0x80000000 */ +#define TKT_FLG_FORWARDABLE 0x40000000 +#define TKT_FLG_FORWARDED 0x20000000 +#define TKT_FLG_PROXIABLE 0x10000000 +#define TKT_FLG_PROXY 0x08000000 +#define TKT_FLG_MAY_POSTDATE 0x04000000 +#define TKT_FLG_POSTDATED 0x02000000 +#define TKT_FLG_INVALID 0x01000000 +#define TKT_FLG_RENEWABLE 0x00800000 +#define TKT_FLG_INITIAL 0x00400000 +#define TKT_FLG_PRE_AUTH 0x00200000 +#define TKT_FLG_HW_AUTH 0x00100000 +#define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000 +#define TKT_FLG_OK_AS_DELEGATE 0x00040000 +#define TKT_FLG_ANONYMOUS 0x00020000 +/* #define TKT_FLG_RESERVED 0x00010000 */ +/* #define TKT_FLG_RESERVED 0x00008000 */ +/* #define TKT_FLG_RESERVED 0x00004000 */ +/* #define TKT_FLG_RESERVED 0x00002000 */ +/* #define TKT_FLG_RESERVED 0x00001000 */ +/* #define TKT_FLG_RESERVED 0x00000800 */ +/* #define TKT_FLG_RESERVED 0x00000400 */ +/* #define TKT_FLG_RESERVED 0x00000200 */ +/* #define TKT_FLG_RESERVED 0x00000100 */ +/* #define TKT_FLG_RESERVED 0x00000080 */ +/* #define TKT_FLG_RESERVED 0x00000040 */ +/* #define TKT_FLG_RESERVED 0x00000020 */ +/* #define TKT_FLG_RESERVED 0x00000010 */ +/* #define TKT_FLG_RESERVED 0x00000008 */ +/* #define TKT_FLG_RESERVED 0x00000004 */ +/* #define TKT_FLG_RESERVED 0x00000002 */ +/* #define TKT_FLG_RESERVED 0x00000001 */ + +/* definitions for lr_type fields. */ +#define LR_TYPE_THIS_SERVER_ONLY 0x8000 + +#define LR_TYPE_INTERPRETATION_MASK 0x7fff + +/* definitions for ad_type fields. */ +#define AD_TYPE_EXTERNAL 0x4000 +#define AD_TYPE_REGISTERED 0x2000 + +#define AD_TYPE_FIELD_TYPE_MASK 0x1fff +#define AD_TYPE_INTERNAL_MASK 0x3fff + +/* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */ +#define MSEC_DIRBIT 0x8000 +#define MSEC_VAL_MASK 0x7fff + +/* + * end "fieldbits.h" + */ + +/* + * begin "proto.h" + */ + +/* Protocol version number */ +#define KRB5_PVNO 5 + +/* Message types */ + +#define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */ +#define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */ +#define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */ +#define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */ +#define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */ +#define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */ +#define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */ +#define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */ +#define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */ +#define KRB5_ERROR ((krb5_msgtype)30) /* Error response */ + +/* LastReq types */ +#define KRB5_LRQ_NONE 0 +#define KRB5_LRQ_ALL_LAST_TGT 1 +#define KRB5_LRQ_ONE_LAST_TGT (-1) +#define KRB5_LRQ_ALL_LAST_INITIAL 2 +#define KRB5_LRQ_ONE_LAST_INITIAL (-2) +#define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3 +#define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3) +#define KRB5_LRQ_ALL_LAST_RENEWAL 4 +#define KRB5_LRQ_ONE_LAST_RENEWAL (-4) +#define KRB5_LRQ_ALL_LAST_REQ 5 +#define KRB5_LRQ_ONE_LAST_REQ (-5) +#define KRB5_LRQ_ALL_PW_EXPTIME 6 +#define KRB5_LRQ_ONE_PW_EXPTIME (-6) + +/* PADATA types */ +#define KRB5_PADATA_NONE 0 +#define KRB5_PADATA_AP_REQ 1 +#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ +#define KRB5_PADATA_ENC_TIMESTAMP 2 +#define KRB5_PADATA_PW_SALT 3 +#if 0 /* Not used */ +#define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */ +#endif +#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */ +#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */ +#define KRB5_PADATA_SESAME 7 /* Sesame project */ +#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */ +#define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */ +#define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */ +#define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */ +#define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */ +#define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */ +#define KRB5_PADATA_PK_AS_REQ 14 /* PKINIT */ +#define KRB5_PADATA_PK_AS_REP 15 /* PKINIT */ +#define KRB5_PADATA_ETYPE_INFO2 19 +#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */ +#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */ + +#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 +#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 +#define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */ + +/* Reserved for SPX pre-authentication. */ +#define KRB5_PADATA_DASS 16 + +/* Transited encoding types */ +#define KRB5_DOMAIN_X500_COMPRESS 1 + +/* alternate authentication types */ +#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64 + +/* authorization data types */ +#define KRB5_AUTHDATA_OSF_DCE 64 +#define KRB5_AUTHDATA_SESAME 65 + +/* password change constants */ + +#define KRB5_KPASSWD_SUCCESS 0 +#define KRB5_KPASSWD_MALFORMED 1 +#define KRB5_KPASSWD_HARDERROR 2 +#define KRB5_KPASSWD_AUTHERROR 3 +#define KRB5_KPASSWD_SOFTERROR 4 +/* These are Microsoft's extensions in RFC 3244, and it looks like + they'll become standardized, possibly with other additions. */ +#define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */ +#define KRB5_KPASSWD_BAD_VERSION 6 +#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */ + +/* + * end "proto.h" + */ + +/* Time set */ +typedef struct _krb5_ticket_times { + krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime + in ticket? otherwise client can't get this */ + krb5_timestamp starttime; /* optional in ticket, if not present, + use authtime */ + krb5_timestamp endtime; + krb5_timestamp renew_till; +} krb5_ticket_times; + +/* structure for auth data */ +typedef struct _krb5_authdata { + krb5_magic magic; + krb5_authdatatype ad_type; + unsigned int length; + krb5_octet *contents; +} krb5_authdata; + +/* structure for transited encoding */ +typedef struct _krb5_transited { + krb5_magic magic; + krb5_octet tr_type; + krb5_data tr_contents; +} krb5_transited; + +typedef struct _krb5_enc_tkt_part { + krb5_magic magic; + /* to-be-encrypted portion */ + krb5_flags flags; /* flags */ + krb5_keyblock *session; /* session key: includes enctype */ + krb5_principal client; /* client name/realm */ + krb5_transited transited; /* list of transited realms */ + krb5_ticket_times times; /* auth, start, end, renew_till */ + krb5_address **caddrs; /* array of ptrs to addresses */ + krb5_authdata **authorization_data; /* auth data */ +} krb5_enc_tkt_part; + +typedef struct _krb5_ticket { + krb5_magic magic; + /* cleartext portion */ + krb5_principal server; /* server name/realm */ + krb5_enc_data enc_part; /* encryption type, kvno, encrypted + encoding */ + krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if + available */ +} krb5_ticket; + +/* the unencrypted version */ +typedef struct _krb5_authenticator { + krb5_magic magic; + krb5_principal client; /* client name/realm */ + krb5_checksum *checksum; /* checksum, includes type, optional */ + krb5_int32 cusec; /* client usec portion */ + krb5_timestamp ctime; /* client sec portion */ + krb5_keyblock *subkey; /* true session key, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ + krb5_authdata **authorization_data; /* New add by Ari, auth data */ +} krb5_authenticator; + +typedef struct _krb5_tkt_authent { + krb5_magic magic; + krb5_ticket *ticket; + krb5_authenticator *authenticator; + krb5_flags ap_options; +} krb5_tkt_authent; + +/* credentials: Ticket, session key, etc. */ +typedef struct _krb5_creds { + krb5_magic magic; + krb5_principal client; /* client's principal identifier */ + krb5_principal server; /* server's principal identifier */ + krb5_keyblock keyblock; /* session encryption key info */ + krb5_ticket_times times; /* lifetime info */ + krb5_boolean is_skey; /* true if ticket is encrypted in + another ticket's skey */ + krb5_flags ticket_flags; /* flags in ticket */ + krb5_address **addresses; /* addrs in ticket */ + krb5_data ticket; /* ticket string itself */ + krb5_data second_ticket; /* second ticket, if related to + ticket (via DUPLICATE-SKEY or + ENC-TKT-IN-SKEY) */ + krb5_authdata **authdata; /* authorization data */ +} krb5_creds; + +/* Last request fields */ +typedef struct _krb5_last_req_entry { + krb5_magic magic; + krb5_int32 lr_type; + krb5_timestamp value; +} krb5_last_req_entry; + +/* pre-authentication data */ +typedef struct _krb5_pa_data { + krb5_magic magic; + krb5_preauthtype pa_type; + unsigned int length; + krb5_octet *contents; +} krb5_pa_data; + +typedef struct _krb5_kdc_req { + krb5_magic magic; + krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */ + krb5_pa_data **padata; /* e.g. encoded AP_REQ */ + /* real body */ + krb5_flags kdc_options; /* requested options */ + krb5_principal client; /* includes realm; optional */ + krb5_principal server; /* includes realm (only used if no + client) */ + krb5_timestamp from; /* requested starttime */ + krb5_timestamp till; /* requested endtime */ + krb5_timestamp rtime; /* (optional) requested renew_till */ + krb5_int32 nonce; /* nonce to match request/response */ + int nktypes; /* # of ktypes, must be positive */ + krb5_enctype *ktype; /* requested enctype(s) */ + krb5_address **addresses; /* requested addresses, optional */ + krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */ + krb5_authdata **unenc_authdata; /* unencrypted auth data, + if available */ + krb5_ticket **second_ticket;/* second ticket array; OPTIONAL */ +} krb5_kdc_req; + +typedef struct _krb5_enc_kdc_rep_part { + krb5_magic magic; + /* encrypted part: */ + krb5_msgtype msg_type; /* krb5 message type */ + krb5_keyblock *session; /* session key */ + krb5_last_req_entry **last_req; /* array of ptrs to entries */ + krb5_int32 nonce; /* nonce from request */ + krb5_timestamp key_exp; /* expiration date */ + krb5_flags flags; /* ticket flags */ + krb5_ticket_times times; /* lifetime info */ + krb5_principal server; /* server's principal identifier */ + krb5_address **caddrs; /* array of ptrs to addresses, + optional */ +} krb5_enc_kdc_rep_part; + +typedef struct _krb5_kdc_rep { + krb5_magic magic; + /* cleartext part: */ + krb5_msgtype msg_type; /* AS_REP or KDC_REP? */ + krb5_pa_data **padata; /* preauthentication data from KDC */ + krb5_principal client; /* client's principal identifier */ + krb5_ticket *ticket; /* ticket */ + krb5_enc_data enc_part; /* encryption type, kvno, encrypted + encoding */ + krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */ +} krb5_kdc_rep; + +/* error message structure */ +typedef struct _krb5_error { + krb5_magic magic; + /* some of these may be meaningless in certain contexts */ + krb5_timestamp ctime; /* client sec portion; optional */ + krb5_int32 cusec; /* client usec portion; optional */ + krb5_int32 susec; /* server usec portion */ + krb5_timestamp stime; /* server sec portion */ + krb5_ui_4 error; /* error code (protocol error #'s) */ + krb5_principal client; /* client's principal identifier; + optional */ + krb5_principal server; /* server's principal identifier */ + krb5_data text; /* descriptive text */ + krb5_data e_data; /* additional error-describing data */ +} krb5_error; + +typedef struct _krb5_ap_req { + krb5_magic magic; + krb5_flags ap_options; /* requested options */ + krb5_ticket *ticket; /* ticket */ + krb5_enc_data authenticator; /* authenticator (already encrypted) */ +} krb5_ap_req; + +typedef struct _krb5_ap_rep { + krb5_magic magic; + krb5_enc_data enc_part; +} krb5_ap_rep; + +typedef struct _krb5_ap_rep_enc_part { + krb5_magic magic; + krb5_timestamp ctime; /* client time, seconds portion */ + krb5_int32 cusec; /* client time, microseconds portion */ + krb5_keyblock *subkey; /* true session key, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ +} krb5_ap_rep_enc_part; + +typedef struct _krb5_response { + krb5_magic magic; + krb5_octet message_type; + krb5_data response; + krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */ + krb5_timestamp request_time; /* When we made the request */ +} krb5_response; + +typedef struct _krb5_cred_info { + krb5_magic magic; + krb5_keyblock *session; /* session key used to encrypt */ + /* ticket */ + krb5_principal client; /* client name/realm, optional */ + krb5_principal server; /* server name/realm, optional */ + krb5_flags flags; /* ticket flags, optional */ + krb5_ticket_times times; /* auth, start, end, renew_till, */ + /* optional */ + krb5_address **caddrs; /* array of ptrs to addresses */ +} krb5_cred_info; + +typedef struct _krb5_cred_enc_part { + krb5_magic magic; + krb5_int32 nonce; /* nonce, optional */ + krb5_timestamp timestamp; /* client time */ + krb5_int32 usec; /* microsecond portion of time */ + krb5_address *s_address; /* sender address, optional */ + krb5_address *r_address; /* recipient address, optional */ + krb5_cred_info **ticket_info; +} krb5_cred_enc_part; + +typedef struct _krb5_cred { + krb5_magic magic; + krb5_ticket **tickets; /* tickets */ + krb5_enc_data enc_part; /* encrypted part */ + krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/ +} krb5_cred; + +/* Sandia password generation structures */ +typedef struct _passwd_phrase_element { + krb5_magic magic; + krb5_data *passwd; + krb5_data *phrase; +} passwd_phrase_element; + +typedef struct _krb5_pwd_data { + krb5_magic magic; + int sequence_count; + passwd_phrase_element **element; +} krb5_pwd_data; + +/* these need to be here so the typedefs are available for the prototypes */ + +/* + * begin "safepriv.h" + */ + +#define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001 +#define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002 +#define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004 +#define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008 +#define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010 +#define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020 + +typedef struct krb5_replay_data { + krb5_timestamp timestamp; + krb5_int32 usec; + krb5_ui_4 seq; +} krb5_replay_data; + +/* flags for krb5_auth_con_genaddrs() */ +#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001 +#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002 +#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004 +#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008 + +/* type of function used as a callback to generate checksum data for + * mk_req */ + +typedef krb5_error_code +(KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *, + krb5_data **); + +/* + * end "safepriv.h" + */ + + +/* + * begin "ccache.h" + */ + +typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ + +struct _krb5_ccache; +typedef struct _krb5_ccache *krb5_ccache; +struct _krb5_cc_ops; +typedef struct _krb5_cc_ops krb5_cc_ops; + +/* for retrieve_cred */ +#define KRB5_TC_MATCH_TIMES 0x00000001 +#define KRB5_TC_MATCH_IS_SKEY 0x00000002 +#define KRB5_TC_MATCH_FLAGS 0x00000004 +#define KRB5_TC_MATCH_TIMES_EXACT 0x00000008 +#define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010 +#define KRB5_TC_MATCH_AUTHDATA 0x00000020 +#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040 +#define KRB5_TC_MATCH_2ND_TKT 0x00000080 +#define KRB5_TC_MATCH_KTYPE 0x00000100 +#define KRB5_TC_SUPPORTED_KTYPES 0x00000200 + +/* for set_flags and other functions */ +#define KRB5_TC_OPENCLOSE 0x00000001 +#define KRB5_TC_NOTICKET 0x00000002 + +const char * KRB5_CALLCONV +krb5_cc_get_name (krb5_context context, krb5_ccache cache); + +krb5_error_code KRB5_CALLCONV +krb5_cc_gen_new (krb5_context context, krb5_ccache *cache); + +krb5_error_code KRB5_CALLCONV +krb5_cc_initialize(krb5_context context, krb5_ccache cache, + krb5_principal principal); + +krb5_error_code KRB5_CALLCONV +krb5_cc_destroy (krb5_context context, krb5_ccache cache); + +krb5_error_code KRB5_CALLCONV +krb5_cc_close (krb5_context context, krb5_ccache cache); + +krb5_error_code KRB5_CALLCONV +krb5_cc_store_cred (krb5_context context, krb5_ccache cache, + krb5_creds *creds); + +krb5_error_code KRB5_CALLCONV +krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache, + krb5_flags flags, krb5_creds *mcreds, + krb5_creds *creds); + +krb5_error_code KRB5_CALLCONV +krb5_cc_get_principal (krb5_context context, krb5_ccache cache, + krb5_principal *principal); + +krb5_error_code KRB5_CALLCONV +krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache, + krb5_cc_cursor *cursor); + +krb5_error_code KRB5_CALLCONV +krb5_cc_next_cred (krb5_context context, krb5_ccache cache, + krb5_cc_cursor *cursor, krb5_creds *creds); + +krb5_error_code KRB5_CALLCONV +krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache, + krb5_cc_cursor *cursor); + +krb5_error_code KRB5_CALLCONV +krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags, + krb5_creds *creds); + +krb5_error_code KRB5_CALLCONV +krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags); + +krb5_error_code KRB5_CALLCONV +krb5_cc_get_flags (krb5_context context, krb5_ccache cache, krb5_flags *flags); + +const char * KRB5_CALLCONV +krb5_cc_get_type (krb5_context context, krb5_ccache cache); + +/* + * end "ccache.h" + */ + +/* + * begin "rcache.h" + */ + +struct krb5_rc_st; +typedef struct krb5_rc_st *krb5_rcache; + +/* + * end "rcache.h" + */ + +/* + * begin "keytab.h" + */ + + +/* XXX */ +#define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */ + +typedef krb5_pointer krb5_kt_cursor; /* XXX */ + +typedef struct krb5_keytab_entry_st { + krb5_magic magic; + krb5_principal principal; /* principal of this key */ + krb5_timestamp timestamp; /* time entry written to keytable */ + krb5_kvno vno; /* key version number */ + krb5_keyblock key; /* the secret key */ +} krb5_keytab_entry; + +#if KRB5_PRIVATE +struct _krb5_kt_ops; +typedef struct _krb5_kt { /* should move into k5-int.h */ + krb5_magic magic; + const struct _krb5_kt_ops *ops; + krb5_pointer data; +} *krb5_keytab; +#else +struct _krb5_kt; +typedef struct _krb5_kt *krb5_keytab; +#endif + +char * KRB5_CALLCONV +krb5_kt_get_type (krb5_context, krb5_keytab keytab); +krb5_error_code KRB5_CALLCONV +krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, + unsigned int namelen); +krb5_error_code KRB5_CALLCONV +krb5_kt_close(krb5_context context, krb5_keytab keytab); +krb5_error_code KRB5_CALLCONV +krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, + krb5_const_principal principal, krb5_kvno vno, + krb5_enctype enctype, krb5_keytab_entry *entry); +krb5_error_code KRB5_CALLCONV +krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, + krb5_kt_cursor *cursor); +krb5_error_code KRB5_CALLCONV +krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, + krb5_keytab_entry *entry, krb5_kt_cursor *cursor); +krb5_error_code KRB5_CALLCONV +krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, + krb5_kt_cursor *cursor); + +/* + * end "keytab.h" + */ + +/* + * begin "func-proto.h" + */ + +krb5_error_code KRB5_CALLCONV krb5_init_context + (krb5_context *); +krb5_error_code KRB5_CALLCONV krb5_init_secure_context + (krb5_context *); +void KRB5_CALLCONV krb5_free_context + (krb5_context); + +#if KRB5_PRIVATE +krb5_error_code krb5_set_default_in_tkt_ktypes + (krb5_context, + const krb5_enctype *); +krb5_error_code krb5_get_default_in_tkt_ktypes + (krb5_context, + krb5_enctype **); + +krb5_error_code krb5_set_default_tgs_ktypes + (krb5_context, + const krb5_enctype *); +#endif + +krb5_error_code KRB5_CALLCONV +krb5_set_default_tgs_enctypes + (krb5_context, + const krb5_enctype *); +#if KRB5_PRIVATE +krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes + (krb5_context, + krb5_const_principal, + krb5_enctype **); +#endif + +krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes + (krb5_context, krb5_enctype **); + +#if KRB5_PRIVATE +void KRB5_CALLCONV krb5_free_ktypes + (krb5_context, krb5_enctype *); + +krb5_boolean krb5_is_permitted_enctype + (krb5_context, krb5_enctype); +#endif + +krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void); + +/* libkrb.spec */ +#if KRB5_PRIVATE +krb5_error_code krb5_kdc_rep_decrypt_proc + (krb5_context, + const krb5_keyblock *, + krb5_const_pointer, + krb5_kdc_rep * ); +krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part + (krb5_context, + const krb5_keyblock *, + krb5_ticket * ); +krb5_error_code krb5_get_cred_from_kdc + (krb5_context, + krb5_ccache, /* not const, as reading may save + state */ + krb5_creds *, + krb5_creds **, + krb5_creds *** ); +krb5_error_code krb5_get_cred_from_kdc_validate + (krb5_context, + krb5_ccache, /* not const, as reading may save + state */ + krb5_creds *, + krb5_creds **, + krb5_creds *** ); +krb5_error_code krb5_get_cred_from_kdc_renew + (krb5_context, + krb5_ccache, /* not const, as reading may save + state */ + krb5_creds *, + krb5_creds **, + krb5_creds *** ); +#endif + +void KRB5_CALLCONV krb5_free_tgt_creds + (krb5_context, + krb5_creds **); /* XXX too hard to do with const */ + +#define KRB5_GC_USER_USER 1 /* want user-user ticket */ +#define KRB5_GC_CACHED 2 /* want cached ticket only */ + +krb5_error_code KRB5_CALLCONV krb5_get_credentials + (krb5_context, + krb5_flags, + krb5_ccache, + krb5_creds *, + krb5_creds **); +krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate + (krb5_context, + krb5_flags, + krb5_ccache, + krb5_creds *, + krb5_creds **); +krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew + (krb5_context, + krb5_flags, + krb5_ccache, + krb5_creds *, + krb5_creds **); +#if KRB5_PRIVATE +krb5_error_code krb5_get_cred_via_tkt + (krb5_context, + krb5_creds *, + krb5_flags, + krb5_address * const *, + krb5_creds *, + krb5_creds **); +#endif +krb5_error_code KRB5_CALLCONV krb5_mk_req + (krb5_context, + krb5_auth_context *, + krb5_flags, + char *, + char *, + krb5_data *, + krb5_ccache, + krb5_data * ); +krb5_error_code KRB5_CALLCONV krb5_mk_req_extended + (krb5_context, + krb5_auth_context *, + krb5_flags, + krb5_data *, + krb5_creds *, + krb5_data * ); +krb5_error_code KRB5_CALLCONV krb5_mk_rep + (krb5_context, + krb5_auth_context, + krb5_data *); +krb5_error_code KRB5_CALLCONV krb5_rd_rep + (krb5_context, + krb5_auth_context, + const krb5_data *, + krb5_ap_rep_enc_part **); +krb5_error_code KRB5_CALLCONV krb5_mk_error + (krb5_context, + const krb5_error *, + krb5_data * ); +krb5_error_code KRB5_CALLCONV krb5_rd_error + (krb5_context, + const krb5_data *, + krb5_error ** ); +krb5_error_code KRB5_CALLCONV krb5_rd_safe + (krb5_context, + krb5_auth_context, + const krb5_data *, + krb5_data *, + krb5_replay_data *); +krb5_error_code KRB5_CALLCONV krb5_rd_priv + (krb5_context, + krb5_auth_context, + const krb5_data *, + krb5_data *, + krb5_replay_data *); +krb5_error_code KRB5_CALLCONV krb5_parse_name + (krb5_context, + const char *, + krb5_principal * ); +krb5_error_code KRB5_CALLCONV krb5_unparse_name + (krb5_context, + krb5_const_principal, + char ** ); +krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext + (krb5_context, + krb5_const_principal, + char **, + unsigned int *); + +krb5_error_code KRB5_CALLCONV krb5_set_principal_realm + (krb5_context, krb5_principal, const char *); + +krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search + (krb5_context, + const krb5_address *, + krb5_address * const *); +krb5_boolean KRB5_CALLCONV krb5_address_compare + (krb5_context, + const krb5_address *, + const krb5_address *); +int KRB5_CALLCONV krb5_address_order + (krb5_context, + const krb5_address *, + const krb5_address *); +krb5_boolean KRB5_CALLCONV krb5_realm_compare + (krb5_context, + krb5_const_principal, + krb5_const_principal); +krb5_boolean KRB5_CALLCONV krb5_principal_compare + (krb5_context, + krb5_const_principal, + krb5_const_principal); +krb5_error_code KRB5_CALLCONV krb5_init_keyblock + (krb5_context, krb5_enctype enctype, + size_t length, krb5_keyblock **out); + /* Initialize a new keyblock and allocate storage + * for the contents of the key, which will be freed along + * with the keyblock when krb5_free_keyblock is called. + * It is legal to pass in a length of 0, in which + * case contents are left unallocated. + */ +krb5_error_code KRB5_CALLCONV krb5_copy_keyblock + (krb5_context, + const krb5_keyblock *, + krb5_keyblock **); +krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents + (krb5_context, + const krb5_keyblock *, + krb5_keyblock *); +krb5_error_code KRB5_CALLCONV krb5_copy_creds + (krb5_context, + const krb5_creds *, + krb5_creds **); +krb5_error_code KRB5_CALLCONV krb5_copy_data + (krb5_context, + const krb5_data *, + krb5_data **); +krb5_error_code KRB5_CALLCONV krb5_copy_principal + (krb5_context, + krb5_const_principal, + krb5_principal *); +#if KRB5_PRIVATE +krb5_error_code KRB5_CALLCONV krb5_copy_addr + (krb5_context, + const krb5_address *, + krb5_address **); +#endif +krb5_error_code KRB5_CALLCONV krb5_copy_addresses + (krb5_context, + krb5_address * const *, + krb5_address ***); +krb5_error_code KRB5_CALLCONV krb5_copy_ticket + (krb5_context, + const krb5_ticket *, + krb5_ticket **); +krb5_error_code KRB5_CALLCONV krb5_copy_authdata + (krb5_context, + krb5_authdata * const *, + krb5_authdata ***); +krb5_error_code KRB5_CALLCONV krb5_copy_authenticator + (krb5_context, + const krb5_authenticator *, + krb5_authenticator **); +krb5_error_code KRB5_CALLCONV krb5_copy_checksum + (krb5_context, + const krb5_checksum *, + krb5_checksum **); +#if KRB5_PRIVATE +void krb5_init_ets + (krb5_context); +void krb5_free_ets + (krb5_context); +krb5_error_code krb5_generate_subkey + (krb5_context, + const krb5_keyblock *, krb5_keyblock **); +krb5_error_code krb5_generate_seq_number + (krb5_context, + const krb5_keyblock *, krb5_ui_4 *); +#endif +krb5_error_code KRB5_CALLCONV krb5_get_server_rcache + (krb5_context, + const krb5_data *, krb5_rcache *); +krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext + (krb5_context, krb5_principal *, unsigned int, const char *, ...); +krb5_error_code KRB5_CALLCONV_C krb5_build_principal + (krb5_context, krb5_principal *, unsigned int, const char *, ...); +#ifdef va_start +/* XXX depending on varargs include file defining va_start... */ +krb5_error_code KRB5_CALLCONV krb5_build_principal_va + (krb5_context, + krb5_principal, unsigned int, const char *, va_list); +#endif + +krb5_error_code KRB5_CALLCONV krb5_425_conv_principal + (krb5_context, + const char *name, + const char *instance, const char *realm, + krb5_principal *princ); + +krb5_error_code KRB5_CALLCONV krb5_524_conv_principal + (krb5_context context, krb5_const_principal princ, + char *name, char *inst, char *realm); + +struct credentials; +int KRB5_CALLCONV krb5_524_convert_creds + (krb5_context context, krb5_creds *v5creds, + struct credentials *v4creds); +#if KRB5_DEPRECATED +#define krb524_convert_creds_kdc krb5_524_convert_creds +#define krb524_init_ets(x) (0) +#endif + +/* libkt.spec */ +#if KRB5_PRIVATE +krb5_error_code KRB5_CALLCONV krb5_kt_register + (krb5_context, + const struct _krb5_kt_ops * ); +#endif + +krb5_error_code KRB5_CALLCONV krb5_kt_resolve + (krb5_context, + const char *, + krb5_keytab * ); +krb5_error_code KRB5_CALLCONV krb5_kt_default_name + (krb5_context, + char *, + int ); +krb5_error_code KRB5_CALLCONV krb5_kt_default + (krb5_context, + krb5_keytab * ); +krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents + (krb5_context, + krb5_keytab_entry * ); +#if KRB5_PRIVATE +/* use krb5_free_keytab_entry_contents instead */ +krb5_error_code KRB5_CALLCONV krb5_kt_free_entry + (krb5_context, + krb5_keytab_entry * ); +#endif +/* remove and add are functions, so that they can return NOWRITE + if not a writable keytab */ +krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry + (krb5_context, + krb5_keytab, + krb5_keytab_entry * ); +krb5_error_code KRB5_CALLCONV krb5_kt_add_entry + (krb5_context, + krb5_keytab, + krb5_keytab_entry * ); +krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt + (krb5_context, + krb5_const_principal, krb5_data *); +#if KRB5_PRIVATE +krb5_error_code krb5_principal2salt_norealm + (krb5_context, + krb5_const_principal, krb5_data *); +#endif +/* librc.spec--see rcache.h */ + +/* libcc.spec */ +krb5_error_code KRB5_CALLCONV krb5_cc_resolve + (krb5_context, + const char *, + krb5_ccache * ); +const char * KRB5_CALLCONV krb5_cc_default_name + (krb5_context); +krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name + (krb5_context, const char *); +krb5_error_code KRB5_CALLCONV krb5_cc_default + (krb5_context, + krb5_ccache *); +#if KRB5_PRIVATE +unsigned int KRB5_CALLCONV krb5_get_notification_message + (void); +#endif + +krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds + (krb5_context context, + krb5_ccache incc, + krb5_ccache outcc); + + +/* chk_trans.c */ +#if KRB5_PRIVATE +krb5_error_code krb5_check_transited_list + (krb5_context, const krb5_data *trans, + const krb5_data *realm1, const krb5_data *realm2); +#endif + +/* free_rtree.c */ +#if KRB5_PRIVATE +void krb5_free_realm_tree + (krb5_context, + krb5_principal *); +#endif + +/* krb5_free.c */ +void KRB5_CALLCONV krb5_free_principal + (krb5_context, krb5_principal ); +void KRB5_CALLCONV krb5_free_authenticator + (krb5_context, krb5_authenticator * ); +#if KRB5_PRIVATE +void KRB5_CALLCONV krb5_free_authenticator_contents + (krb5_context, krb5_authenticator * ); +#endif +void KRB5_CALLCONV krb5_free_addresses + (krb5_context, krb5_address ** ); +#if KRB5_PRIVATE +void KRB5_CALLCONV krb5_free_address + (krb5_context, krb5_address * ); +#endif +void KRB5_CALLCONV krb5_free_authdata + (krb5_context, krb5_authdata ** ); +#if KRB5_PRIVATE +void KRB5_CALLCONV krb5_free_enc_tkt_part + (krb5_context, krb5_enc_tkt_part * ); +#endif +void KRB5_CALLCONV krb5_free_ticket + (krb5_context, krb5_ticket * ); +#if KRB5_PRIVATE +void KRB5_CALLCONV krb5_free_tickets + (krb5_context, krb5_ticket ** ); +void KRB5_CALLCONV krb5_free_kdc_req + (krb5_context, krb5_kdc_req * ); +void KRB5_CALLCONV krb5_free_kdc_rep + (krb5_context, krb5_kdc_rep * ); +void KRB5_CALLCONV krb5_free_last_req + (krb5_context, krb5_last_req_entry ** ); +void KRB5_CALLCONV krb5_free_enc_kdc_rep_part + (krb5_context, krb5_enc_kdc_rep_part * ); +#endif +void KRB5_CALLCONV krb5_free_error + (krb5_context, krb5_error * ); +#if KRB5_PRIVATE +void KRB5_CALLCONV krb5_free_ap_req + (krb5_context, krb5_ap_req * ); +void KRB5_CALLCONV krb5_free_ap_rep + (krb5_context, krb5_ap_rep * ); +void KRB5_CALLCONV krb5_free_cred + (krb5_context, krb5_cred *); +#endif +void KRB5_CALLCONV krb5_free_creds + (krb5_context, krb5_creds *); +void KRB5_CALLCONV krb5_free_cred_contents + (krb5_context, krb5_creds *); +#if KRB5_PRIVATE +void KRB5_CALLCONV krb5_free_cred_enc_part + (krb5_context, krb5_cred_enc_part *); +#endif +void KRB5_CALLCONV krb5_free_checksum + (krb5_context, krb5_checksum *); +void KRB5_CALLCONV krb5_free_checksum_contents + (krb5_context, krb5_checksum *); +void KRB5_CALLCONV krb5_free_keyblock + (krb5_context, krb5_keyblock *); +void KRB5_CALLCONV krb5_free_keyblock_contents + (krb5_context, krb5_keyblock *); +#if KRB5_PRIVATE +void KRB5_CALLCONV krb5_free_pa_data + (krb5_context, krb5_pa_data **); +#endif +void KRB5_CALLCONV krb5_free_ap_rep_enc_part + (krb5_context, krb5_ap_rep_enc_part *); +#if KRB5_PRIVATE +void KRB5_CALLCONV krb5_free_tkt_authent + (krb5_context, krb5_tkt_authent *); +void KRB5_CALLCONV krb5_free_pwd_data + (krb5_context, krb5_pwd_data *); +void KRB5_CALLCONV krb5_free_pwd_sequences + (krb5_context, passwd_phrase_element **); +#endif +void KRB5_CALLCONV krb5_free_data + (krb5_context, krb5_data *); +void KRB5_CALLCONV krb5_free_data_contents + (krb5_context, krb5_data *); +void KRB5_CALLCONV krb5_free_unparsed_name + (krb5_context, char *); +void KRB5_CALLCONV krb5_free_cksumtypes + (krb5_context, krb5_cksumtype *); + +/* From krb5/os but needed but by the outside world */ +krb5_error_code KRB5_CALLCONV krb5_us_timeofday + (krb5_context, + krb5_timestamp *, + krb5_int32 * ); +krb5_error_code KRB5_CALLCONV krb5_timeofday + (krb5_context, + krb5_timestamp * ); + /* get all the addresses of this host */ +krb5_error_code KRB5_CALLCONV krb5_os_localaddr + (krb5_context, + krb5_address ***); +krb5_error_code KRB5_CALLCONV krb5_get_default_realm + (krb5_context, + char ** ); +krb5_error_code KRB5_CALLCONV krb5_set_default_realm + (krb5_context, + const char * ); +void KRB5_CALLCONV krb5_free_default_realm + (krb5_context, + char * ); +krb5_error_code KRB5_CALLCONV krb5_sname_to_principal + (krb5_context, + const char *, + const char *, + krb5_int32, + krb5_principal *); +krb5_error_code KRB5_CALLCONV +krb5_change_password + (krb5_context context, krb5_creds *creds, char *newpw, + int *result_code, krb5_data *result_code_string, + krb5_data *result_string); +krb5_error_code KRB5_CALLCONV +krb5_set_password + (krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for, + int *result_code, krb5_data *result_code_string, krb5_data *result_string); +krb5_error_code KRB5_CALLCONV +krb5_set_password_using_ccache + (krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for, + int *result_code, krb5_data *result_code_string, krb5_data *result_string); + +#if KRB5_PRIVATE +krb5_error_code krb5_set_config_files + (krb5_context, const char **); + +krb5_error_code KRB5_CALLCONV krb5_get_default_config_files + (char ***filenames); + +void KRB5_CALLCONV krb5_free_config_files + (char **filenames); +#endif + +krb5_error_code KRB5_CALLCONV +krb5_get_profile + (krb5_context, struct _profile_t * /* profile_t */ *); + +#if KRB5_PRIVATE +krb5_error_code krb5_send_tgs + (krb5_context, + krb5_flags, + const krb5_ticket_times *, + const krb5_enctype *, + krb5_const_principal, + krb5_address * const *, + krb5_authdata * const *, + krb5_pa_data * const *, + const krb5_data *, + krb5_creds *, + krb5_response * ); +#endif + +#if KRB5_DEPRECATED +krb5_error_code KRB5_CALLCONV krb5_get_in_tkt + (krb5_context, + krb5_flags, + krb5_address * const *, + krb5_enctype *, + krb5_preauthtype *, + krb5_error_code ( * )(krb5_context, + krb5_enctype, + krb5_data *, + krb5_const_pointer, + krb5_keyblock **), + krb5_const_pointer, + krb5_error_code ( * )(krb5_context, + const krb5_keyblock *, + krb5_const_pointer, + krb5_kdc_rep * ), + krb5_const_pointer, + krb5_creds *, + krb5_ccache, + krb5_kdc_rep ** ); + +krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password + (krb5_context, + krb5_flags, + krb5_address * const *, + krb5_enctype *, + krb5_preauthtype *, + const char *, + krb5_ccache, + krb5_creds *, + krb5_kdc_rep ** ); + +krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey + (krb5_context, + krb5_flags, + krb5_address * const *, + krb5_enctype *, + krb5_preauthtype *, + const krb5_keyblock *, + krb5_ccache, + krb5_creds *, + krb5_kdc_rep ** ); + +krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab + (krb5_context, + krb5_flags, + krb5_address * const *, + krb5_enctype *, + krb5_preauthtype *, + krb5_keytab, + krb5_ccache, + krb5_creds *, + krb5_kdc_rep ** ); +#endif /* KRB5_DEPRECATED */ + +#if KRB5_PRIVATE +krb5_error_code krb5_decode_kdc_rep + (krb5_context, + krb5_data *, + const krb5_keyblock *, + krb5_kdc_rep ** ); +#endif + +krb5_error_code KRB5_CALLCONV krb5_rd_req + (krb5_context, + krb5_auth_context *, + const krb5_data *, + krb5_const_principal, + krb5_keytab, + krb5_flags *, + krb5_ticket **); + +#if KRB5_PRIVATE +krb5_error_code krb5_rd_req_decoded + (krb5_context, + krb5_auth_context *, + const krb5_ap_req *, + krb5_const_principal, + krb5_keytab, + krb5_flags *, + krb5_ticket **); + +krb5_error_code krb5_rd_req_decoded_anyflag + (krb5_context, + krb5_auth_context *, + const krb5_ap_req *, + krb5_const_principal, + krb5_keytab, + krb5_flags *, + krb5_ticket **); +#endif + +krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key + (krb5_context, + krb5_pointer, + krb5_principal, + krb5_kvno, + krb5_enctype, + krb5_keyblock **); +krb5_error_code KRB5_CALLCONV krb5_mk_safe + (krb5_context, + krb5_auth_context, + const krb5_data *, + krb5_data *, + krb5_replay_data *); +krb5_error_code KRB5_CALLCONV krb5_mk_priv + (krb5_context, + krb5_auth_context, + const krb5_data *, + krb5_data *, + krb5_replay_data *); +#if KRB5_PRIVATE +krb5_error_code KRB5_CALLCONV krb5_cc_register + (krb5_context, + krb5_cc_ops *, + krb5_boolean ); +#endif + +krb5_error_code KRB5_CALLCONV krb5_sendauth + (krb5_context, + krb5_auth_context *, + krb5_pointer, + char *, + krb5_principal, + krb5_principal, + krb5_flags, + krb5_data *, + krb5_creds *, + krb5_ccache, + krb5_error **, + krb5_ap_rep_enc_part **, + krb5_creds **); + +krb5_error_code KRB5_CALLCONV krb5_recvauth + (krb5_context, + krb5_auth_context *, + krb5_pointer, + char *, + krb5_principal, + krb5_int32, + krb5_keytab, + krb5_ticket **); +krb5_error_code KRB5_CALLCONV krb5_recvauth_version + (krb5_context, + krb5_auth_context *, + krb5_pointer, + krb5_principal, + krb5_int32, + krb5_keytab, + krb5_ticket **, + krb5_data *); + +#if KRB5_PRIVATE +krb5_error_code krb5_walk_realm_tree + (krb5_context, + const krb5_data *, + const krb5_data *, + krb5_principal **, + int); +#endif + +krb5_error_code KRB5_CALLCONV krb5_mk_ncred + (krb5_context, + krb5_auth_context, + krb5_creds **, + krb5_data **, + krb5_replay_data *); + +krb5_error_code KRB5_CALLCONV krb5_mk_1cred + (krb5_context, + krb5_auth_context, + krb5_creds *, + krb5_data **, + krb5_replay_data *); + +krb5_error_code KRB5_CALLCONV krb5_rd_cred + (krb5_context, + krb5_auth_context, + krb5_data *, + krb5_creds ***, + krb5_replay_data *); + +krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds + (krb5_context, + krb5_auth_context, + char *, + krb5_principal, + krb5_principal, + krb5_ccache, + int forwardable, + krb5_data *); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_init + (krb5_context, + krb5_auth_context *); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_free + (krb5_context, + krb5_auth_context); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags + (krb5_context, + krb5_auth_context, + krb5_int32); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags + (krb5_context, + krb5_auth_context, + krb5_int32 *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context, + krb5_mk_req_checksum_func, void *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context, + krb5_mk_req_checksum_func *, void **); + +krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs + (krb5_context, + krb5_auth_context, + krb5_address *, + krb5_address *); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs + (krb5_context, + krb5_auth_context, + krb5_address **, + krb5_address **); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_setports + (krb5_context, + krb5_auth_context, + krb5_address *, + krb5_address *); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey + (krb5_context, + krb5_auth_context, + krb5_keyblock *); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey + (krb5_context, + krb5_auth_context, + krb5_keyblock **); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey( + krb5_context, krb5_auth_context, krb5_keyblock **); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey( + krb5_context, krb5_auth_context, krb5_keyblock **); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey( + krb5_context, krb5_auth_context, krb5_keyblock *); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey( + krb5_context, krb5_auth_context, krb5_keyblock *); + +#if KRB5_DEPRECATED +krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey + (krb5_context, + krb5_auth_context, + krb5_keyblock **); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey + (krb5_context, + krb5_auth_context, + krb5_keyblock **); +#endif + +#if KRB5_PRIVATE +krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype + (krb5_context, + krb5_auth_context, + krb5_cksumtype); + +krb5_error_code krb5_auth_con_set_safe_cksumtype + (krb5_context, + krb5_auth_context, + krb5_cksumtype); +#endif + +krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber + (krb5_context, + krb5_auth_context, + krb5_int32 *); + +krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber + (krb5_context, + krb5_auth_context, + krb5_int32 *); + +#if KRB5_DEPRECATED +krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector + (krb5_context, + krb5_auth_context); +#endif + +#if KRB5_PRIVATE +krb5_error_code krb5_auth_con_setivector + (krb5_context, + krb5_auth_context, + krb5_pointer); + +krb5_error_code krb5_auth_con_getivector + (krb5_context, + krb5_auth_context, + krb5_pointer *); +#endif + +krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache + (krb5_context, + krb5_auth_context, + krb5_rcache); + +krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache + (krb5_context, + krb5_auth_context, + krb5_rcache *); + +#if KRB5_PRIVATE +krb5_error_code krb5_auth_con_setpermetypes + (krb5_context, + krb5_auth_context, + const krb5_enctype *); + +krb5_error_code krb5_auth_con_getpermetypes + (krb5_context, + krb5_auth_context, + krb5_enctype **); +#endif + +krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator + (krb5_context, + krb5_auth_context, + krb5_authenticator **); + +#define KRB5_REALM_BRANCH_CHAR '.' + +/* + * end "func-proto.h" + */ + +/* + * begin stuff from libos.h + */ + +#if KRB5_PRIVATE +krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *); +krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *); +int krb5_net_read (krb5_context, int , char *, int); +int krb5_net_write (krb5_context, int , const char *, int); +#endif + +krb5_error_code KRB5_CALLCONV krb5_read_password + (krb5_context, + const char *, + const char *, + char *, + unsigned int * ); +krb5_error_code KRB5_CALLCONV krb5_aname_to_localname + (krb5_context, + krb5_const_principal, + int, + char * ); +krb5_error_code KRB5_CALLCONV krb5_get_host_realm + (krb5_context, + const char *, + char *** ); +krb5_error_code KRB5_CALLCONV krb5_free_host_realm + (krb5_context, + char * const * ); +#if KRB5_PRIVATE +krb5_error_code KRB5_CALLCONV krb5_get_realm_domain + (krb5_context, + const char *, + char ** ); +#endif +krb5_boolean KRB5_CALLCONV krb5_kuserok + (krb5_context, + krb5_principal, const char *); +krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs + (krb5_context, + krb5_auth_context, + int, int); +#if KRB5_PRIVATE +krb5_error_code krb5_gen_portaddr + (krb5_context, + const krb5_address *, + krb5_const_pointer, + krb5_address **); +krb5_error_code krb5_gen_replay_name + (krb5_context, + const krb5_address *, + const char *, + char **); +krb5_error_code krb5_make_fulladdr + (krb5_context, + krb5_address *, + krb5_address *, + krb5_address *); +#endif + +krb5_error_code KRB5_CALLCONV krb5_set_real_time + (krb5_context, krb5_timestamp, krb5_int32); + +#if KRB5_PRIVATE +krb5_error_code krb5_set_debugging_time + (krb5_context, krb5_timestamp, krb5_int32); +krb5_error_code krb5_use_natural_time + (krb5_context); +#endif +krb5_error_code KRB5_CALLCONV krb5_get_time_offsets + (krb5_context, krb5_timestamp *, krb5_int32 *); +#if KRB5_PRIVATE +krb5_error_code krb5_set_time_offsets + (krb5_context, krb5_timestamp, krb5_int32); +#endif + +/* str_conv.c */ +krb5_error_code KRB5_CALLCONV krb5_string_to_enctype + (char *, krb5_enctype *); +krb5_error_code KRB5_CALLCONV krb5_string_to_salttype + (char *, krb5_int32 *); +krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype + (char *, krb5_cksumtype *); +krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp + (char *, krb5_timestamp *); +krb5_error_code KRB5_CALLCONV krb5_string_to_deltat + (char *, krb5_deltat *); +krb5_error_code KRB5_CALLCONV krb5_enctype_to_string + (krb5_enctype, char *, size_t); +krb5_error_code KRB5_CALLCONV krb5_salttype_to_string + (krb5_int32, char *, size_t); +krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string + (krb5_cksumtype, char *, size_t); +krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string + (krb5_timestamp, char *, size_t); +krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring + (krb5_timestamp, char *, size_t, char *); +krb5_error_code KRB5_CALLCONV krb5_deltat_to_string + (krb5_deltat, char *, size_t); + + + +/* The name of the Kerberos ticket granting service... and its size */ +#define KRB5_TGS_NAME "krbtgt" +#define KRB5_TGS_NAME_SIZE 6 + +/* flags for recvauth */ +#define KRB5_RECVAUTH_SKIP_VERSION 0x0001 +#define KRB5_RECVAUTH_BADAUTHVERS 0x0002 +/* initial ticket api functions */ + +typedef struct _krb5_prompt { + char *prompt; + int hidden; + krb5_data *reply; +} krb5_prompt; + +typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context, + void *data, + const char *name, + const char *banner, + int num_prompts, + krb5_prompt prompts[]); + + +krb5_error_code KRB5_CALLCONV +krb5_prompter_posix (krb5_context context, + void *data, + const char *name, + const char *banner, + int num_prompts, + krb5_prompt prompts[]); + +typedef struct _krb5_get_init_creds_opt { + krb5_flags flags; + krb5_deltat tkt_life; + krb5_deltat renew_life; + int forwardable; + int proxiable; + krb5_enctype *etype_list; + int etype_list_length; + krb5_address **address_list; + krb5_preauthtype *preauth_list; + int preauth_list_length; + krb5_data *salt; +} krb5_get_init_creds_opt; + +#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 +#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 +#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 +#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 +#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 +#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 +#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 +#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 + + +void KRB5_CALLCONV +krb5_get_init_creds_opt_init +(krb5_get_init_creds_opt *opt); + +void KRB5_CALLCONV +krb5_get_init_creds_opt_set_tkt_life +(krb5_get_init_creds_opt *opt, + krb5_deltat tkt_life); + +void KRB5_CALLCONV +krb5_get_init_creds_opt_set_renew_life +(krb5_get_init_creds_opt *opt, + krb5_deltat renew_life); + +void KRB5_CALLCONV +krb5_get_init_creds_opt_set_forwardable +(krb5_get_init_creds_opt *opt, + int forwardable); + +void KRB5_CALLCONV +krb5_get_init_creds_opt_set_proxiable +(krb5_get_init_creds_opt *opt, + int proxiable); + +void KRB5_CALLCONV +krb5_get_init_creds_opt_set_etype_list +(krb5_get_init_creds_opt *opt, + krb5_enctype *etype_list, + int etype_list_length); + +void KRB5_CALLCONV +krb5_get_init_creds_opt_set_address_list +(krb5_get_init_creds_opt *opt, + krb5_address **addresses); + +void KRB5_CALLCONV +krb5_get_init_creds_opt_set_preauth_list +(krb5_get_init_creds_opt *opt, + krb5_preauthtype *preauth_list, + int preauth_list_length); + +void KRB5_CALLCONV +krb5_get_init_creds_opt_set_salt +(krb5_get_init_creds_opt *opt, + krb5_data *salt); + + + +krb5_error_code KRB5_CALLCONV +krb5_get_init_creds_password +(krb5_context context, + krb5_creds *creds, + krb5_principal client, + char *password, + krb5_prompter_fct prompter, + void *data, + krb5_deltat start_time, + char *in_tkt_service, + krb5_get_init_creds_opt *k5_gic_options); + +krb5_error_code KRB5_CALLCONV +krb5_get_init_creds_keytab +(krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_keytab arg_keytab, + krb5_deltat start_time, + char *in_tkt_service, + krb5_get_init_creds_opt *k5_gic_options); + +typedef struct _krb5_verify_init_creds_opt { + krb5_flags flags; + int ap_req_nofail; +} krb5_verify_init_creds_opt; + +#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 + +void KRB5_CALLCONV +krb5_verify_init_creds_opt_init +(krb5_verify_init_creds_opt *k5_vic_options); +void KRB5_CALLCONV +krb5_verify_init_creds_opt_set_ap_req_nofail +(krb5_verify_init_creds_opt *k5_vic_options, + int ap_req_nofail); + +krb5_error_code KRB5_CALLCONV +krb5_verify_init_creds +(krb5_context context, + krb5_creds *creds, + krb5_principal ap_req_server, + krb5_keytab ap_req_keytab, + krb5_ccache *ccache, + krb5_verify_init_creds_opt *k5_vic_options); + +krb5_error_code KRB5_CALLCONV +krb5_get_validated_creds +(krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_ccache ccache, + char *in_tkt_service); + +krb5_error_code KRB5_CALLCONV +krb5_get_renewed_creds +(krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_ccache ccache, + char *in_tkt_service); + +krb5_error_code KRB5_CALLCONV +krb5_decode_ticket +(const krb5_data *code, + krb5_ticket **rep); + +void KRB5_CALLCONV +krb5_appdefault_string +(krb5_context context, + const char *appname, + const krb5_data *realm, + const char *option, + const char *default_value, + char ** ret_value); + +void KRB5_CALLCONV +krb5_appdefault_boolean +(krb5_context context, + const char *appname, + const krb5_data *realm, + const char *option, + int default_value, + int *ret_value); + +#if KRB5_PRIVATE +/* + * The realm iterator functions + */ + +krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create + (krb5_context context, void **iter_p); + +krb5_error_code KRB5_CALLCONV krb5_realm_iterator + (krb5_context context, void **iter_p, char **ret_realm); + +void KRB5_CALLCONV krb5_realm_iterator_free + (krb5_context context, void **iter_p); + +void KRB5_CALLCONV krb5_free_realm_string + (krb5_context context, char *str); +#endif + +/* + * Prompter enhancements + */ + +#define KRB5_PROMPT_TYPE_PASSWORD 0x1 +#define KRB5_PROMPT_TYPE_NEW_PASSWORD 0x2 +#define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN 0x3 +#define KRB5_PROMPT_TYPE_PREAUTH 0x4 + +typedef krb5_int32 krb5_prompt_type; + +krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types + (krb5_context context); + +/* Error reporting */ +void +krb5_set_error_message (krb5_context, krb5_error_code, const char *, ...); +#ifdef va_start +void +krb5_vset_error_message (krb5_context, krb5_error_code, const char *, va_list); +#endif +char * +krb5_get_error_message (krb5_context, krb5_error_code); +void +krb5_free_error_message (krb5_context, char *); +void +krb5_clear_error_message (krb5_context); + + +#if TARGET_OS_MAC +# pragma options align=reset +#endif + +KRB5INT_END_DECLS + +/* Don't use this! We're going to phase it out. It's just here to keep + applications from breaking right away. */ +#define krb5_const const + +#endif /* KRB5_GENERAL__ */ + diff --git a/src/include/krb5/locate.h b/src/include/krb5/locate.h new file mode 100644 index 0000000000..552369ca27 --- /dev/null +++ b/src/include/krb5/locate.h @@ -0,0 +1,30 @@ +#ifndef K5_PLUGIN_H_INCLUDED +#define K5_PLUGIN_H_INCLUDED +#include + +enum locate_service_type { + locate_service_kdc = 1, + locate_service_master_kdc, + locate_service_kadmin, + locate_service_krb524, + locate_service_kpasswd +}; + +struct krb5plugin_service_locate_ftable { + int vmajor, vminor; + /* Per-context setup and teardown. Returned void* blob is + private to the plugin. */ + krb5_error_code (*init)(krb5_context, void **); + void (*fini)(void *); + /* Callback function returns non-zero if the plugin function + should quit and return; this may be because of an error, or may + indicate we've already contacted the service, whatever. The + lookup function should only return an error if it detects a + problem, not if the callback function tells it to quit. */ + krb5_error_code (*lookup)(void *, + enum locate_service_type svc, const char *realm, + int socktype, int family, + int (*cbfunc)(void *,int,struct sockaddr *), + void *cbdata); +}; +#endif -- cgit