1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
|
/*
* include/kerberosIV/krb.h
*
* Copyright 1987, 1988, 1994, 2001, 2002 by the Massachusetts
* Institute of Technology. All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* Include file for the Kerberos V4 library.
*/
/* Only one time, please */
#ifndef KRB_DEFS
#define KRB_DEFS
/*
* For MacOS, don't expose prototypes of various private functions.
* Unfortuantely, they've leaked out everywhere else.
*/
#if defined(__MACH__) && defined(__APPLE__)
#include <TargetConditionals.h>
#include <AvailabilityMacros.h>
#if TARGET_RT_MAC_CFM
#error "Use KfM 4.0 SDK headers for CFM compilation."
#endif
#ifndef KRB_PRIVATE
#define KRB_PRIVATE 0
#endif
#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS)
#define KRB5INT_KRB4_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5
#endif
#else
#ifndef KRB_PRIVATE
#define KRB_PRIVATE 1
#endif
#endif /* defined(__MACH__) && defined(__APPLE__) */
/* Macro to add deprecated attribute to KRB4 types and functions */
/* Currently only defined on Mac OS X 10.5 and later. */
#ifndef KRB5INT_KRB4_DEPRECATED
#define KRB5INT_KRB4_DEPRECATED
#endif
/* Define u_char, u_short, u_int, and u_long. */
/* XXX these typdef names are not standardized! */
#include <sys/types.h>
/* Need some defs from des.h */
#include <kerberosIV/des.h>
#include <kerberosIV/krb_err.h>
#include <profile.h>
#ifdef _WIN32
#include <time.h>
#endif /* _WIN32 */
#ifdef __cplusplus
#ifndef KRBINT_BEGIN_DECLS
#define KRBINT_BEGIN_DECLS extern "C" {
#define KRBINT_END_DECLS }
#endif
#else
#define KRBINT_BEGIN_DECLS
#define KRBINT_END_DECLS
#endif
KRBINT_BEGIN_DECLS
#if TARGET_OS_MAC
# pragma pack(push,2)
#endif
#define KRB4_32 DES_INT32
#define KRB_INT32 DES_INT32
#define KRB_UINT32 DES_UINT32
#define MAX_KRB_ERRORS 256
#if TARGET_OS_MAC
/* ABI divergence on Mac for backwards compatibility. */
extern const char * const * const krb_err_txt
KRB5INT_KRB4_DEPRECATED;
#else
extern const char * const krb_err_txt[MAX_KRB_ERRORS]
KRB5INT_KRB4_DEPRECATED;
#endif
/* General definitions */
#define KSUCCESS 0
#define KFAILURE 255
/*
* Kerberos specific definitions
*
* KRBLOG is the log file for the kerberos master server. KRB_CONF is
* the configuration file where different host machines running master
* and slave servers can be found. KRB_MASTER is the name of the
* machine with the master database. The admin_server runs on this
* machine, and all changes to the db (as opposed to read-only
* requests, which can go to slaves) must go to it. KRB_HOST is the
* default machine * when looking for a kerberos slave server. Other
* possibilities are * in the KRB_CONF file. KRB_REALM is the name of
* the realm.
*/
#define KRB_CONF "/etc/krb.conf"
#define KRB_RLM_TRANS "/etc/krb.realms"
#define KRB_MASTER "kerberos"
#define KRB_HOST KRB_MASTER
#define KRB_REALM "ATHENA.MIT.EDU"
/* The maximum sizes for aname, realm, sname, and instance +1 */
#define ANAME_SZ 40
#define REALM_SZ 40
#define SNAME_SZ 40
#define INST_SZ 40
#define ADDR_SZ 40
/*
* NB: This overcounts due to NULs.
*/
/* include space for '.' and '@' */
#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
#define KKEY_SZ 100
#define VERSION_SZ 1
#define MSG_TYPE_SZ 1
#define DATE_SZ 26 /* RTI date output */
#define MAX_HSTNM 100
#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
#define DEFAULT_TKT_LIFE 120 /* default lifetime for krb_mk_req */
#endif
#define KRB_TICKET_GRANTING_TICKET "krbtgt"
/* Definition of text structure used to pass text around */
#define MAX_KTXT_LEN 1250
struct ktext {
int length; /* Length of the text */
unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
unsigned long mbz; /* zero to catch runaway strings */
} KRB5INT_KRB4_DEPRECATED;
typedef struct ktext *KTEXT KRB5INT_KRB4_DEPRECATED;
typedef struct ktext KTEXT_ST KRB5INT_KRB4_DEPRECATED;
/* Definitions for send_to_kdc */
#define CLIENT_KRB_TIMEOUT 4 /* time between retries */
#define CLIENT_KRB_RETRY 5 /* retry this many times */
#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */
/* Definitions for ticket file utilities */
#define R_TKT_FIL 0
#define W_TKT_FIL 1
/* Definitions for cl_get_tgt */
#ifdef PC
#define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts"
#else
#define CL_GTGT_INIT_FILE "/etc/k_in_tkts"
#endif /* PC */
/* Parameters for rd_ap_req */
/* Maximum allowable clock skew in seconds */
#define CLOCK_SKEW 5*60
/* Filename for readservkey */
#define KEYFILE ((char*)krb__get_srvtabname("/etc/srvtab"))
/* Structure definition for rd_ap_req */
struct auth_dat {
unsigned char k_flags; /* Flags from ticket */
char pname[ANAME_SZ]; /* Principal's name */
char pinst[INST_SZ]; /* His Instance */
char prealm[REALM_SZ]; /* His Realm */
unsigned KRB4_32 checksum; /* Data checksum (opt) */
C_Block session; /* Session Key */
int life; /* Life of ticket */
unsigned KRB4_32 time_sec; /* Time ticket issued */
unsigned KRB4_32 address; /* Address in ticket */
KTEXT_ST reply; /* Auth reply (opt) */
} KRB5INT_KRB4_DEPRECATED;
typedef struct auth_dat AUTH_DAT KRB5INT_KRB4_DEPRECATED;
/* Structure definition for credentials returned by get_cred */
struct credentials {
char service[ANAME_SZ]; /* Service name */
char instance[INST_SZ]; /* Instance */
char realm[REALM_SZ]; /* Auth domain */
C_Block session; /* Session key */
int lifetime; /* Lifetime */
int kvno; /* Key version number */
KTEXT_ST ticket_st; /* The ticket itself */
KRB4_32 issue_date; /* The issue time */
char pname[ANAME_SZ]; /* Principal's name */
char pinst[INST_SZ]; /* Principal's instance */
#if TARGET_OS_MAC
KRB_UINT32 address; /* Address in ticket */
KRB_UINT32 stk_type; /* string_to_key function needed */
#endif
#ifdef _WIN32
char address[ADDR_SZ]; /* Address in ticket */
#endif
} KRB5INT_KRB4_DEPRECATED;
typedef struct credentials CREDENTIALS KRB5INT_KRB4_DEPRECATED;
/* Structure definition for rd_private_msg and rd_safe_msg */
struct msg_dat {
unsigned char *app_data; /* pointer to appl data */
unsigned KRB4_32 app_length; /* length of appl data */
unsigned KRB4_32 hash; /* hash to lookup replay */
int swap; /* swap bytes? */
KRB4_32 time_sec; /* msg timestamp seconds */
unsigned char time_5ms; /* msg timestamp 5ms units */
} KRB5INT_KRB4_DEPRECATED;
typedef struct msg_dat MSG_DAT KRB5INT_KRB4_DEPRECATED;
/* Location of ticket file for save_cred and get_cred */
#ifdef _WIN32
#define TKT_FILE "\\kerberos\\ticket.ses"
#else
#define TKT_FILE tkt_string()
#define TKT_ROOT "/tmp/tkt"
#endif /* _WIN32 */
/*
* Error codes are now defined as offsets from com_err (krb_err.et)
* values.
*/
#define KRB_ET(x) ((KRBET_ ## x) - ERROR_TABLE_BASE_krb)
/* Error codes returned from the KDC */
#define KDC_OK KRB_ET(KSUCCESS) /* 0 - Request OK */
#define KDC_NAME_EXP KRB_ET(KDC_NAME_EXP) /* 1 - Principal expired */
#define KDC_SERVICE_EXP KRB_ET(KDC_SERVICE_EXP) /* 2 - Service expired */
#define KDC_AUTH_EXP KRB_ET(KDC_AUTH_EXP) /* 3 - Auth expired */
#define KDC_PKT_VER KRB_ET(KDC_PKT_VER) /* 4 - Prot version unknown */
#define KDC_P_MKEY_VER KRB_ET(KDC_P_MKEY_VER) /* 5 - Wrong mkey version */
#define KDC_S_MKEY_VER KRB_ET(KDC_S_MKEY_VER) /* 6 - Wrong mkey version */
#define KDC_BYTE_ORDER KRB_ET(KDC_BYTE_ORDER) /* 7 - Byte order unknown */
#define KDC_PR_UNKNOWN KRB_ET(KDC_PR_UNKNOWN) /* 8 - Princ unknown */
#define KDC_PR_N_UNIQUE KRB_ET(KDC_PR_N_UNIQUE) /* 9 - Princ not unique */
#define KDC_NULL_KEY KRB_ET(KDC_NULL_KEY) /* 10 - Princ has null key */
#define KDC_GEN_ERR KRB_ET(KDC_GEN_ERR) /* 20 - Generic err frm KDC */
/* Values returned by get_credentials */
#define GC_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */
#define RET_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */
#define GC_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */
#define RET_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */
#define GC_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */
#define RET_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */
/* Values returned by mk_ap_req */
#define MK_AP_OK KRB_ET(KSUCCESS) /* 0 - Success */
#define MK_AP_TGTEXP KRB_ET(MK_AP_TGTEXP) /* 26 - TGT Expired */
/* Values returned by rd_ap_req */
#define RD_AP_OK KRB_ET(KSUCCESS) /* 0 - Request authentic */
#define RD_AP_UNDEC KRB_ET(RD_AP_UNDEC) /* 31 - Can't decode authent */
#define RD_AP_EXP KRB_ET(RD_AP_EXP) /* 32 - Ticket expired */
#define RD_AP_NYV KRB_ET(RD_AP_NYV) /* 33 - Ticket not yet valid */
#define RD_AP_REPEAT KRB_ET(RD_AP_REPEAT) /* 34 - Repeated request */
#define RD_AP_NOT_US KRB_ET(RD_AP_NOT_US) /* 35 - Ticket isn't for us */
#define RD_AP_INCON KRB_ET(RD_AP_INCON) /* 36 - Request inconsistent */
#define RD_AP_TIME KRB_ET(RD_AP_TIME) /* 37 - delta_t too big */
#define RD_AP_BADD KRB_ET(RD_AP_BADD) /* 38 - Incorrect net addr */
#define RD_AP_VERSION KRB_ET(RD_AP_VERSION) /* 39 - prot vers mismatch */
#define RD_AP_MSG_TYPE KRB_ET(RD_AP_MSG_TYPE) /* 40 - invalid msg type */
#define RD_AP_MODIFIED KRB_ET(RD_AP_MODIFIED) /* 41 - msg stream modified */
#define RD_AP_ORDER KRB_ET(RD_AP_ORDER) /* 42 - message out of order */
#define RD_AP_UNAUTHOR KRB_ET(RD_AP_UNAUTHOR) /* 43 - unauthorized request */
/* Values returned by get_pw_tkt */
#define GT_PW_OK KRB_ET(KSUCCESS) /* 0 - Got passwd chg tkt */
#define GT_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */
#define GT_PW_BADPW KRB_ET(GT_PW_BADPW) /* 52 - Wrong passwd */
#define GT_PW_PROT KRB_ET(GT_PW_PROT) /* 53 - Protocol Error */
#define GT_PW_KDCERR KRB_ET(GT_PW_KDCERR) /* 54 - Error ret by KDC */
#define GT_PW_NULLTKT KRB_ET(GT_PW_NULLTKT) /* 55 - Null tkt ret by KDC */
/* Values returned by send_to_kdc */
#define SKDC_OK KRB_ET(KSUCCESS) /* 0 - Response received */
#define SKDC_RETRY KRB_ET(SKDC_RETRY) /* 56 - Retry count exceeded */
#define SKDC_CANT KRB_ET(SKDC_CANT) /* 57 - Can't send request */
/*
* Values returned by get_intkt
* (can also return SKDC_* and KDC errors)
*/
#define INTK_OK KRB_ET(KSUCCESS) /* 0 - Ticket obtained */
#define INTK_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */
#define INTK_W_NOTALL KRB_ET(INTK_W_NOTALL) /* 61 - Not ALL tkts retd */
#define INTK_BADPW KRB_ET(INTK_BADPW) /* 62 - Incorrect password */
#define INTK_PROT KRB_ET(INTK_PROT) /* 63 - Protocol Error */
#define INTK_ERR KRB_ET(INTK_ERR) /* 70 - Other error */
/* Values returned by get_adtkt */
#define AD_OK KRB_ET(KSUCCESS) /* 0 - Ticket Obtained */
#define AD_NOTGT KRB_ET(AD_NOTGT) /* 71 - Don't have tgt */
/* Error codes returned by ticket file utilities */
#define NO_TKT_FIL KRB_ET(NO_TKT_FIL) /* 76 - No ticket file found */
#define TKT_FIL_ACC KRB_ET(TKT_FIL_ACC) /* 77 - Can't acc tktfile */
#define TKT_FIL_LCK KRB_ET(TKT_FIL_LCK) /* 78 - Can't lck tkt file */
#define TKT_FIL_FMT KRB_ET(TKT_FIL_FMT) /* 79 - Bad tkt file format */
#define TKT_FIL_INI KRB_ET(TKT_FIL_INI) /* 80 - tf_init not called */
/* Error code returned by kparse_name */
#define KNAME_FMT KRB_ET(KNAME_FMT) /* 81 - Bad krb name fmt */
/* Error code returned by krb_mk_safe */
#define SAFE_PRIV_ERROR (-1) /* syscall error */
/* Kerberos ticket flag field bit definitions */
#define K_FLAG_ORDER 0 /* bit 0 --> lsb */
#define K_FLAG_1 /* reserved */
#define K_FLAG_2 /* reserved */
#define K_FLAG_3 /* reserved */
#define K_FLAG_4 /* reserved */
#define K_FLAG_5 /* reserved */
#define K_FLAG_6 /* reserved */
#define K_FLAG_7 /* reserved, bit 7 --> msb */
/* Are these needed anymore? */
#ifdef OLDNAMES
#define krb_mk_req mk_ap_req
#define krb_rd_req rd_ap_req
#define krb_kntoln an_to_ln
#define krb_set_key set_serv_key
#define krb_get_cred get_credentials
#define krb_mk_priv mk_private_msg
#define krb_rd_priv rd_private_msg
#define krb_mk_safe mk_safe_msg
#define krb_rd_safe rd_safe_msg
#define krb_mk_err mk_appl_err_msg
#define krb_rd_err rd_appl_err_msg
#define krb_ck_repl check_replay
#define krb_get_pw_in_tkt get_in_tkt
#define krb_get_svc_in_tkt get_svc_in_tkt
#define krb_get_pw_tkt get_pw_tkt
#define krb_realmofhost krb_getrealm
#define krb_get_phost get_phost
#define krb_get_krbhst get_krbhst
#define krb_get_lrealm get_krbrlm
#endif /* OLDNAMES */
/* Defines for krb_sendauth and krb_recvauth */
#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */
#define KOPT_DONT_CANON 0x00000004 /* don't canonicalize inst as a host */
#define KRB_SENDAUTH_VLEN 8 /* length for version strings */
#ifdef ATHENA_COMPAT
#define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */
#endif /* ATHENA_COMPAT */
#ifdef _WIN32
#define TIME_GMT_UNIXSEC win_time_gmt_unixsec((unsigned KRB4_32 *)0)
#define TIME_GMT_UNIXSEC_US(us) win_time_gmt_unixsec((us))
#define CONVERT_TIME_EPOCH win_time_get_epoch()
#else
/* until we do V4 compat under DOS, just turn this off */
#define _fmemcpy memcpy
#define _fstrncpy strncpy
#define far_fputs fputs
/* and likewise, just drag in the unix time interface */
#define TIME_GMT_UNIXSEC unix_time_gmt_unixsec((unsigned KRB4_32 *)0)
#define TIME_GMT_UNIXSEC_US(us) unix_time_gmt_unixsec((us))
#define CONVERT_TIME_EPOCH ((long)0) /* Unix epoch is Krb epoch */
#endif /* _WIN32 */
/* Constants for KerberosProfileLib */
#define REALMS_V4_PROF_REALMS_SECTION "v4 realms"
#define REALMS_V4_PROF_KDC "kdc"
#define REALMS_V4_PROF_ADMIN_KDC "admin_server"
#define REALMS_V4_PROF_KPASSWD_KDC "kpasswd_server"
#define REALMS_V4_PROF_DOMAIN_SECTION "v4 domain_realm"
#define REALMS_V4_PROF_LIBDEFAULTS_SECTION "libdefaults"
#define REALMS_V4_PROF_LOCAL_REALM "default_realm"
#define REALMS_V4_PROF_STK "string_to_key_type"
#define REALMS_V4_MIT_STK "mit_string_to_key"
#define REALMS_V4_AFS_STK "afs_string_to_key"
#define REALMS_V4_COLUMBIA_STK "columbia_string_to_key"
#define REALMS_V4_DEFAULT_REALM "default_realm"
#define REALMS_V4_NO_ADDRESSES "noaddresses"
/* ask to disable IP address checking in the library */
extern int krb_ignore_ip_address;
/* Debugging printfs shouldn't even be compiled on many systems that don't
support printf! Use it like DEB (("Oops - %s\n", string)); */
#ifdef DEBUG
#define DEB(x) if (krb_debug) printf x
extern int krb_debug;
#else
#define DEB(x) /* nothing */
#endif
/* Define a couple of function types including parameters. These
are needed on MS-Windows to convert arguments of the function pointers
to the proper types during calls. */
typedef int (KRB5_CALLCONV *key_proc_type)
(char *, char *, char *,
char *, C_Block)
KRB5INT_KRB4_DEPRECATED;
#define KEY_PROC_TYPE_DEFINED
typedef int (KRB5_CALLCONV *decrypt_tkt_type)
(char *, char *, char *,
char *, key_proc_type, KTEXT *)
KRB5INT_KRB4_DEPRECATED;
#define DECRYPT_TKT_TYPE_DEFINED
extern struct _krb5_context * krb5__krb4_context;
/*
* Function Prototypes for Kerberos V4.
*/
struct sockaddr_in;
/* dest_tkt.c */
int KRB5_CALLCONV dest_tkt
(void)
KRB5INT_KRB4_DEPRECATED;
/* err_txt.c */
const char * KRB5_CALLCONV krb_get_err_text
(int errnum)
KRB5INT_KRB4_DEPRECATED;
/* g_ad_tkt.c */
/* Previously not KRB5_CALLCONV */
int KRB5_CALLCONV get_ad_tkt
(char *service, char *sinst, char *realm, int lifetime)
KRB5INT_KRB4_DEPRECATED;
/* g_admhst.c */
int KRB5_CALLCONV krb_get_admhst
(char *host, char *realm, int idx)
KRB5INT_KRB4_DEPRECATED;
/* g_cred.c */
int KRB5_CALLCONV krb_get_cred
(char *service, char *instance, char *realm,
CREDENTIALS *c)
KRB5INT_KRB4_DEPRECATED;
/* g_in_tkt.c */
/* Previously not KRB5_CALLCONV */
int KRB5_CALLCONV krb_get_in_tkt
(char *k_user, char *instance, char *realm,
char *service, char *sinst, int life,
key_proc_type, decrypt_tkt_type, char *arg)
KRB5INT_KRB4_DEPRECATED;
#if KRB_PRIVATE
/* Previously not KRB5_CALLCONV */
int KRB5_CALLCONV krb_get_in_tkt_preauth
(char *k_user, char *instance, char *realm,
char *service, char *sinst, int life,
key_proc_type, decrypt_tkt_type, char *arg,
char *preauth_p, int preauth_len)
KRB5INT_KRB4_DEPRECATED;
#endif
/* From KfM */
int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *,
int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *)
KRB5INT_KRB4_DEPRECATED;
/* g_krbhst.c */
int KRB5_CALLCONV krb_get_krbhst
(char *host, const char *realm, int idx)
KRB5INT_KRB4_DEPRECATED;
/* g_krbrlm.c */
int KRB5_CALLCONV krb_get_lrealm
(char *realm, int idx)
KRB5INT_KRB4_DEPRECATED;
/* g_phost.c */
char * KRB5_CALLCONV krb_get_phost
(char * alias)
KRB5INT_KRB4_DEPRECATED;
/* get_pw_tkt */
int KRB5_CALLCONV get_pw_tkt
(char *, char *, char *, char *)
KRB5INT_KRB4_DEPRECATED;
/* g_pw_in_tkt.c */
int KRB5_CALLCONV krb_get_pw_in_tkt
(char *k_user, char *instance, char *realm,
char *service, char *sinstance,
int life, char *password)
KRB5INT_KRB4_DEPRECATED;
#if KRB_PRIVATE
int KRB5_CALLCONV krb_get_pw_in_tkt_preauth
(char *k_user, char *instance, char *realm,
char *service, char *sinstance,
int life, char *password)
KRB5INT_KRB4_DEPRECATED;
#endif
int KRB5_CALLCONV
krb_get_pw_in_tkt_creds(char *, char *, char *,
char *, char *, int, char *, CREDENTIALS *)
KRB5INT_KRB4_DEPRECATED;
/* g_svc_in_tkt.c */
int KRB5_CALLCONV krb_get_svc_in_tkt
(char *k_user, char *instance, char *realm,
char *service, char *sinstance,
int life, char *srvtab)
KRB5INT_KRB4_DEPRECATED;
/* g_tf_fname.c */
int KRB5_CALLCONV krb_get_tf_fullname
(const char *ticket_file, char *name, char *inst, char *realm)
KRB5INT_KRB4_DEPRECATED;
/* g_tf_realm.c */
int KRB5_CALLCONV krb_get_tf_realm
(const char *ticket_file, char *realm)
KRB5INT_KRB4_DEPRECATED;
/* g_tkt_svc.c */
int KRB5_CALLCONV krb_get_ticket_for_service
(char *serviceName,
char *buf, unsigned KRB4_32 *buflen,
int checksum, des_cblock, Key_schedule,
char *version, int includeVersion)
KRB5INT_KRB4_DEPRECATED;
#if KRB_PRIVATE
/* in_tkt.c */
int KRB5_CALLCONV in_tkt
(char *name, char *inst)
KRB5INT_KRB4_DEPRECATED;
int KRB5_CALLCONV krb_in_tkt
(char *pname, char *pinst, char *realm)
KRB5INT_KRB4_DEPRECATED;
#endif
/* kname_parse.c */
int KRB5_CALLCONV kname_parse
(char *name, char *inst, char *realm,
char *fullname)
KRB5INT_KRB4_DEPRECATED;
/* Merged from KfM */
int KRB5_CALLCONV kname_unparse
(char *, const char *, const char *, const char *)
KRB5INT_KRB4_DEPRECATED;
int KRB5_CALLCONV k_isname
(char *)
KRB5INT_KRB4_DEPRECATED;
int KRB5_CALLCONV k_isinst
(char *)
KRB5INT_KRB4_DEPRECATED;
int KRB5_CALLCONV k_isrealm
(char *)
KRB5INT_KRB4_DEPRECATED;
/* kuserok.c */
int KRB5_CALLCONV kuserok
(AUTH_DAT *kdata, char *luser)
KRB5INT_KRB4_DEPRECATED;
/* lifetime.c */
KRB4_32 KRB5_CALLCONV krb_life_to_time
(KRB4_32 start, int life)
KRB5INT_KRB4_DEPRECATED;
int KRB5_CALLCONV krb_time_to_life
(KRB4_32 start, KRB4_32 end)
KRB5INT_KRB4_DEPRECATED;
/* mk_auth.c */
int KRB5_CALLCONV krb_check_auth
(KTEXT, unsigned KRB4_32 cksum, MSG_DAT *,
C_Block, Key_schedule,
struct sockaddr_in * local_addr,
struct sockaddr_in * foreign_addr)
KRB5INT_KRB4_DEPRECATED;
int KRB5_CALLCONV krb_mk_auth
(long k4_options, KTEXT ticket,
char *service, char *inst, char *realm,
unsigned KRB4_32 checksum, char *version, KTEXT buf)
KRB5INT_KRB4_DEPRECATED;
/* mk_err.c */
long KRB5_CALLCONV krb_mk_err
(u_char *out, KRB4_32 k4_code, char *text)
KRB5INT_KRB4_DEPRECATED;
#if KRB_PRIVATE
/* mk_preauth.c */
int krb_mk_preauth
(char **preauth_p, int *preauth_len, key_proc_type,
char *name, char *inst, char *realm, char *password,
C_Block)
KRB5INT_KRB4_DEPRECATED;
void krb_free_preauth
(char * preauth_p, int len)
KRB5INT_KRB4_DEPRECATED;
#endif
/* mk_priv.c */
long KRB5_CALLCONV krb_mk_priv
(u_char *in, u_char *out,
unsigned KRB4_32 length,
Key_schedule, C_Block *,
struct sockaddr_in * sender,
struct sockaddr_in * receiver)
KRB5INT_KRB4_DEPRECATED;
/* mk_req.c */
int KRB5_CALLCONV krb_mk_req
(KTEXT authent,
char *service, char *instance, char *realm,
KRB4_32 checksum)
KRB5INT_KRB4_DEPRECATED;
/* Merged from KfM */
int KRB5_CALLCONV krb_mk_req_creds(KTEXT, CREDENTIALS *, KRB_INT32)
KRB5INT_KRB4_DEPRECATED;
/* Added CALLCONV (KfM exports w/o INTERFACE, but KfW doesn't export?) */
int KRB5_CALLCONV krb_set_lifetime(int newval)
KRB5INT_KRB4_DEPRECATED;
/* mk_safe.c */
long KRB5_CALLCONV krb_mk_safe
(u_char *in, u_char *out, unsigned KRB4_32 length,
C_Block *,
struct sockaddr_in *sender,
struct sockaddr_in *receiver)
KRB5INT_KRB4_DEPRECATED;
#if KRB_PRIVATE
/* netread.c */
int krb_net_read
(int fd, char *buf, int len)
KRB5INT_KRB4_DEPRECATED;
/* netwrite.c */
int krb_net_write
(int fd, char *buf, int len)
KRB5INT_KRB4_DEPRECATED;
/* pkt_clen.c */
int pkt_clen
(KTEXT)
KRB5INT_KRB4_DEPRECATED;
#endif
/* put_svc_key.c */
int KRB5_CALLCONV put_svc_key
(char *sfile,
char *name, char *inst, char *realm,
int newvno, char *key)
KRB5INT_KRB4_DEPRECATED;
/* rd_err.c */
int KRB5_CALLCONV krb_rd_err
(u_char *in, u_long in_length,
long *k4_code, MSG_DAT *m_data)
KRB5INT_KRB4_DEPRECATED;
/* rd_priv.c */
long KRB5_CALLCONV krb_rd_priv
(u_char *in,unsigned KRB4_32 in_length,
Key_schedule, C_Block *,
struct sockaddr_in *sender,
struct sockaddr_in *receiver,
MSG_DAT *m_data)
KRB5INT_KRB4_DEPRECATED;
/* rd_req.c */
int KRB5_CALLCONV krb_rd_req
(KTEXT, char *service, char *inst,
unsigned KRB4_32 from_addr, AUTH_DAT *,
char *srvtab)
KRB5INT_KRB4_DEPRECATED;
/* Merged from KfM */
int KRB5_CALLCONV
krb_rd_req_int(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, C_Block)
KRB5INT_KRB4_DEPRECATED;
/* rd_safe.c */
long KRB5_CALLCONV krb_rd_safe
(u_char *in, unsigned KRB4_32 in_length,
C_Block *,
struct sockaddr_in *sender,
struct sockaddr_in *receiver,
MSG_DAT *m_data)
KRB5INT_KRB4_DEPRECATED;
/* rd_svc_key.c */
int KRB5_CALLCONV read_service_key
(char *service, char *instance, char *realm,
int kvno, char *file, char *key)
KRB5INT_KRB4_DEPRECATED;
int KRB5_CALLCONV get_service_key
(char *service, char *instance, char *realm,
int *kvno, char *file, char *key)
KRB5INT_KRB4_DEPRECATED;
/* realmofhost.c */
char * KRB5_CALLCONV krb_realmofhost
(char *host)
KRB5INT_KRB4_DEPRECATED;
/* recvauth.c */
int KRB5_CALLCONV krb_recvauth
(long k4_options, int fd, KTEXT ticket,
char *service, char *instance,
struct sockaddr_in *foreign_addr,
struct sockaddr_in *local_addr,
AUTH_DAT *kdata, char *srvtab,
Key_schedule schedule, char *version)
KRB5INT_KRB4_DEPRECATED;
/* sendauth.c */
int KRB5_CALLCONV krb_sendauth
(long k4_options, int fd, KTEXT ticket,
char *service, char *inst, char *realm,
unsigned KRB4_32 checksum, MSG_DAT *msg_data,
CREDENTIALS *cred, Key_schedule schedule,
struct sockaddr_in *laddr, struct sockaddr_in *faddr,
char *version)
KRB5INT_KRB4_DEPRECATED;
#if KRB_PRIVATE
/* save_creds.c */
int KRB5_CALLCONV krb_save_credentials
(char *service, char *instance, char *realm,
C_Block session, int lifetime, int kvno,
KTEXT ticket, long issue_date)
KRB5INT_KRB4_DEPRECATED;
/* send_to_kdc.c */
/* XXX PRIVATE? KfM doesn't export. */
int send_to_kdc
(KTEXT pkt, KTEXT rpkt, char *realm)
KRB5INT_KRB4_DEPRECATED;
#endif
/* tkt_string.c */
/* Used to return pointer to non-const char */
const char * KRB5_CALLCONV tkt_string
(void)
KRB5INT_KRB4_DEPRECATED;
/* Previously not KRB5_CALLCONV, and previously took pointer to non-const. */
void KRB5_CALLCONV krb_set_tkt_string
(const char *)
KRB5INT_KRB4_DEPRECATED;
#if KRB_PRIVATE
/* tf_util.c */
int KRB5_CALLCONV tf_init (const char *tf_name, int rw)
KRB5INT_KRB4_DEPRECATED;
int KRB5_CALLCONV tf_get_pname (char *p)
KRB5INT_KRB4_DEPRECATED;
int KRB5_CALLCONV tf_get_pinst (char *p)
KRB5INT_KRB4_DEPRECATED;
int KRB5_CALLCONV tf_get_cred (CREDENTIALS *c)
KRB5INT_KRB4_DEPRECATED;
void KRB5_CALLCONV tf_close (void)
KRB5INT_KRB4_DEPRECATED;
#endif
#if KRB_PRIVATE
/* unix_time.c */
unsigned KRB4_32 KRB5_CALLCONV unix_time_gmt_unixsec
(unsigned KRB4_32 *)
KRB5INT_KRB4_DEPRECATED;
/*
* Internal prototypes
*/
extern int krb_set_key
(char *key, int cvt)
KRB5INT_KRB4_DEPRECATED;
/* This is exported by KfM. It was previously not KRB5_CALLCONV. */
extern int KRB5_CALLCONV decomp_ticket
(KTEXT tkt, unsigned char *flags, char *pname,
char *pinstance, char *prealm, unsigned KRB4_32 *paddress,
C_Block session, int *life, unsigned KRB4_32 *time_sec,
char *sname, char *sinstance, C_Block,
Key_schedule key_s)
KRB5INT_KRB4_DEPRECATED;
extern void cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm,
u_long time_ws, u_long e, char *e_string)
KRB5INT_KRB4_DEPRECATED;
extern int create_ciph(KTEXT c, C_Block session, char *service,
char *instance, char *realm, unsigned long life,
int kvno, KTEXT tkt, unsigned long kdc_time,
C_Block key)
KRB5INT_KRB4_DEPRECATED;
extern int krb_create_ticket(KTEXT tkt, unsigned int flags, char *pname,
char *pinstance, char *prealm, long paddress,
char *session, int life, long time_sec,
char *sname, char *sinstance, C_Block key)
KRB5INT_KRB4_DEPRECATED;
#endif /* KRB_PRIVATE */
/* This function is used by KEYFILE above. Do not call it directly */
extern char * krb__get_srvtabname(const char *)
KRB5INT_KRB4_DEPRECATED;
#if KRB_PRIVATE
extern int krb_kntoln(AUTH_DAT *, char *)
KRB5INT_KRB4_DEPRECATED;
#ifdef KRB5_GENERAL__
extern int krb_cr_tkt_krb5(KTEXT tkt, unsigned int flags, char *pname,
char *pinstance, char *prealm, long paddress,
char *session, int life, long time_sec,
char *sname, char *sinstance,
krb5_keyblock *k5key)
KRB5INT_KRB4_DEPRECATED;
extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key)
KRB5INT_KRB4_DEPRECATED;
#endif
#endif /* KRB_PRIVATE */
/*
* krb_change_password -- merged from KfM
*/
/* change_password.c */
int KRB5_CALLCONV krb_change_password(char *, char *, char *, char *, char *)
KRB5INT_KRB4_DEPRECATED;
/*
* RealmsConfig-glue.c -- merged from KfM
*/
int KRB5_CALLCONV krb_get_profile(profile_t *)
KRB5INT_KRB4_DEPRECATED;
#ifdef _WIN32
HINSTANCE get_lib_instance(void)
KRB5INT_KRB4_DEPRECATED;
unsigned int krb_get_notification_message(void)
KRB5INT_KRB4_DEPRECATED;
char * KRB5_CALLCONV krb_get_default_user(void)
KRB5INT_KRB4_DEPRECATED;
int KRB5_CALLCONV krb_set_default_user(char *)
KRB5INT_KRB4_DEPRECATED;
unsigned KRB4_32 win_time_gmt_unixsec(unsigned KRB4_32 *)
KRB5INT_KRB4_DEPRECATED;
long win_time_get_epoch(void)
KRB5INT_KRB4_DEPRECATED;
#endif
#if TARGET_OS_MAC
# pragma pack(pop)
#endif
KRBINT_END_DECLS
#endif /* KRB_DEFS */
|