summaryrefslogtreecommitdiffstats
path: root/src/include/krb5/krb5.h
blob: 01ac108e3af03bcf8a11a278ae01b7a6e25837b2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
/*
 * $Source$
 * $Author$
 * $Id$
 *
 * Copyright 1989 by the Massachusetts Institute of Technology.
 *
 * For copying and distribution information, please see the file
 * <krb5/mit-copyright.h>.
 *
 * General definitions for Kerberos version 5.
 */

#include <krb5/copyright.h>

#ifndef __KRB5_GENERAL__
#define __KRB5_GENERAL__

#include <sys/types.h>

#include <krb5/config.h>

#include <krb5/base-defs.h>
#include <krb5/hostaddr.h>
#include <krb5/encryption.h>
#include <krb5/fieldbits.h>
#include <krb5/errors.h>
#include <krb5/proto.h>
#include <krb5/tcache.h>

/* Time set */
typedef struct _krb5_ticket_times {
    krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
				in ticket? otherwise client can't get this */ 
    krb5_timestamp starttime;
    krb5_timestamp endtime;
    krb5_timestamp renew_till;
} krb5_ticket_times;

/* structure for auth data */
typedef struct _krb5_authdata {
    krb5_authdatatype ad_type;
    int length;
    krb5_octet contents[1];			/* actually can be more, depending
					   on length */
} krb5_authdata;

typedef struct _krb5_enc_tkt_part {
    /* to-be-encrypted portion */
    krb5_confounder confounder;		/* confounder */
    krb5_flags flags;			/* flags */
    krb5_keyblock *session;		/* session key: includes keytype */
    krb5_principal client;		/* client name/realm */
    krb5_data transited;		/* list of transited realms */
    krb5_ticket_times times;		/* auth, start, end, renew_till */
    krb5_address **caddrs;		/* array of ptrs to addresses */
    krb5_authdata **authorization_data;	/* auth data */
} krb5_enc_tkt_part;

typedef struct _krb5_ticket {
    /* cleartext portion */
    krb5_principal server;		/* server name/realm */
    krb5_enctype etype;			/* ticket encryption type */
    krb5_kvno skvno;			/* server kvno */
    krb5_data enc_part;			/* encrypted encoding,
					   see above for hidden contents */
} krb5_ticket;

/* the unencrypted version */
typedef struct _krb5_authenticator {
    krb5_principal client;		/* client name/realm */
    krb5_checksum *checksum;		/* checksum, includes type */
    krb5_ui_2 cmsec;			/* client msec portion */
    krb5_timestamp ctime;		/* client sec portion */
} krb5_authenticator;

typedef struct _krb5_tkt_authent {
    krb5_ticket *ticket;
    krb5_authenticator *authenticator;
} krb5_tkt_authent;

/* credentials:  Ticket, session key, etc. */
typedef struct _krb5_credentials {
    krb5_principal client;		/* client's principal identifier */
    krb5_principal server;		/* server's principal identifier */
    krb5_encrypt_block keyblock;	/* session encryption key info */
    krb5_ticket_times times;		/* lifetime info */
    krb5_boolean is_skey;		/* true if ticket is encrypted in
					   another ticket's skey */
    krb5_flags ticket_flags;		/* flags in ticket */
    krb5_data ticket;			/* ticket string itself */
    krb5_data second_ticket;		/* second ticket, if related to
					   ticket (via DUPLICATE-SKEY or
					   ENC-TKT-IN-SKEY) */
} krb5_credentials;

/* Last request fields */
typedef struct _krb5_last_req_entry {
    krb5_ui_4 value;
    krb5_octet lr_type;
} krb5_last_req_entry;

typedef struct _krb5_as_req {
    krb5_flags kdc_options;		/* requested options */
    krb5_timestamp ctime;		/* client's time */
    krb5_timestamp from;		/* requested starttime */
    krb5_timestamp till;		/* requested endtime */
    krb5_timestamp rtime;		/* (optional) requested renew_till */
    krb5_enctype etype;			/* requested encryption type */
    krb5_principal client;		/* includes realm */
    krb5_address **addresses;		/* requested addresses */
    krb5_principal server;		/* includes realm (but not used) */
} krb5_as_req;

typedef struct _krb5_enc_kdc_rep_part {
    /* encrypted part: */
    krb5_confounder confounder;		/* confounder */
    krb5_keyblock *session;		/* session key */
    krb5_last_req_entry **last_req;	/* array of ptrs to entries */
    krb5_timestamp ctime;		/* client timestamp */
    krb5_timestamp key_exp;		/* expiration date */
    krb5_flags flags;			/* ticket flags */
    krb5_ticket_times times;		/* lifetime info */
    krb5_principal server;		/* server's principal identifier */
    krb5_address **caddrs;		/* array of ptrs to addresses */
} krb5_enc_kdc_rep_part;

typedef struct _krb5_kdc_rep {
    /* cleartext part: */
    krb5_principal client;		/* client's principal identifier */
    krb5_enctype etype;			/* encryption type */
    krb5_kvno ckvno;			/* client key version */
    krb5_ticket *ticket;		/* ticket */
    krb5_data enc_part;			/* encrypted part */
} krb5_kdc_rep;

/* error message structure */
typedef struct _krb5_error {
    /* some of these may be meaningless in certain contexts */
    krb5_timestamp ctime;		/* client sec portion */
    krb5_ui_2 cmsec;			/* client msec portion */
    krb5_ui_2 smsec;			/* server msec portion */
    krb5_timestamp stime;		/* server sec portion */
    krb5_ui_4 error;			/* error code (protocol error #'s) */
    krb5_principal client;		/* client's principal identifier */
    krb5_principal server;		/* server's principal identifier */
    krb5_data text;			/* descriptive text */
} krb5_error;

typedef struct _krb5_ap_req {
    krb5_flags ap_options;		/* requested options */
    krb5_ticket *ticket;		/* ticket */
    krb5_data authenticator;		/* authenticator (already encrypted) */
} krb5_ap_req;

typedef struct _krb5_ap_rep {
    krb5_data enc_part;
} krb5_ap_rep;

typedef struct _krb5_ap_rep_enc_part {
    krb5_timestamp ctime;		/* client time, seconds portion */
    krb5_ui_2 cmsec;			/* client time, milliseconds portion */
} krb5_ap_rep_enc_part;

typedef struct _krb5_response {
    krb5_octet message_type;
    krb5_data *response;
} krb5_response;

typedef struct _krb5_tgs_req {
    krb5_ap_req *header;		/* AP-REQ */
    krb5_flags kdc_options;		/* requested options */
    krb5_timestamp from;		/* requested starttime */
    krb5_timestamp till;		/* requested endtime */
    krb5_timestamp rtime;		/* (optional) requested renew_till */
    krb5_timestamp ctime;		/* client's time */
    krb5_enctype etype;			/* encryption type */
    krb5_principal server;		/* server's principal identifier */
    krb5_address **addresses;		/* array of ptrs to addresses */
    krb5_data enc_part;			/* (optional) encrypted part */
} krb5_tgs_req;

typedef struct _krb5_tgs_req_enc_part {
    krb5_authdata **authorization_data;	/* auth data */
    krb5_ticket *second_ticket;		/* second ticket */
} krb5_tgs_req_enc_part;

typedef struct _krb5_safe {
    krb5_data user_data;		/* user data */
    krb5_timestamp timestamp;		/* client time */
    krb5_ui_2 msec;			/* millisecond portion of time */
    krb5_address **addresses;		/* array of ptrs to addresses */
    krb5_checksum *checksum;		/* data integrity checksum */
} krb5_safe;

typedef struct _krb5_priv {
    krb5_enctype etype;			/* encryption type */
    krb5_data enc_part;			/* encrypted part */
} krb5_priv;

typedef struct _krb5_priv_enc_part {
    krb5_data user_data;		/* user data */
    krb5_timestamp timestamp;		/* client time */
    krb5_ui_2 msec;			/* millisecond portion of time */
    krb5_address **addresses;		/* array of ptrs to addresses */
} krb5_priv_enc_part;
#endif /* __KRB5_GENERAL__ */