1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
|
/*
* $Id$
*
* Copyright 1997 by the Regents of the University of Michigan
*
* This software is being provided to you, the LICENSEE, by the
* Regents of the University of Michigan (UM) under the following
* license. By obtaining, using and/or copying this software, you agree
* that you have read, understood, and will comply with these terms and
* conditions:
*
* Permission to use, copy, modify and distribute this software and its
* documentation for any purpose and without fee or royalty is hereby
* granted, provided that you agree to comply with the following copyright
* notice and statements, including the disclaimer, and that the same
* appear on ALL copies of the software and documentation, including
* modifications that you make for internal use or for distribution:
*
* Copyright 1997 by the Regents of the University of Michigan.
* All rights reserved.
*
* THIS SOFTWARE IS PROVIDED "AS IS", AND UM MAKES NO REPRESENTATIONS
* OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not
* limitation, UM MAKES NO REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY
* OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE LICENSED
* SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY PATENTS,
* COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
*
* The name of the University of Michigan or UM may NOT be used in
* advertising or publicity pertaining to distribution of the software.
* Title to copyright in this software and any associated documentation
* shall at all times remain with UM, and USER agrees to preserve same.
*
* The University of Michigan
* c/o Steve Rothwell <sgr@umich.edu>
* 535 W. William Street
* Ann Arbor, Michigan 48013-4943
* U.S.A.
*/
/*
** CacheAPI.h
**
** The externally visible functions and data structures
** for the Kerberos Common Cache DLL
** This should be the ONLY externally visible file.
** This is ALL anyone should need to call the API.
**
**
*/
#include <krb5.h>
#ifndef Krb_CCacheAPI_h_
#define Krb_CCacheAPI_h_
#include <windows.h>
#define CC_API_VER_1 1
#define CCACHE_API __declspec(dllexport) cc_int32
//#define CCACHE_API __declspec( dllexport ) cc_int32 __stdcall
/*
** Decisions I haven't nailed down yet
*/
// determines if cred_type precedes ptrs to creds in cred_union
//#define CRED_TYPE_IN_UNION
//
// JENNYEXT - modifications Jenny made to cacheapi for MIT code
// not blessed, but reproduced temporarily
#ifndef JENNYEXT
#define JENNYEXT
#endif
/*
** The Official Error Codes
*/
#define CC_NOERROR 0
#define CC_BADNAME 1
#define CC_NOTFOUND 2
#define CC_END 3
#define CC_IO 4
#define CC_WRITE 5
#define CC_NOMEM 6
#define CC_FORMAT 7
#define CC_LOCKED 8
#define CC_BAD_API_VERSION 9
#define CC_NO_EXIST 10
#define CC_NOT_SUPP 11
#define CC_BAD_PARM 12
#define CC_ERR_CACHE_ATTACH 13
#define CC_ERR_CACHE_RELEASE 14
#define CC_ERR_CACHE_FULL 15
#define CC_ERR_CRED_VERSION 16
�
/*
** types, structs, & constants
*/
typedef int cc_int32;
typedef cc_int32 cc_time_t;
// Flag bits promised by Ted "RSN"
#define CC_FLAGS_RESERVED 0xFFFFFFFF
typedef cc_int32 cc_nc_flags; // set via constants above
typedef struct opaque_ccache_pointer_type* ccache_p;
typedef struct opaque_dll_control_block_type* apiCB;
typedef struct opaque_credential_iterator_type* ccache_cit;
enum { KRB5_CLIENT_SZ = 256};
enum { KRB5_SERVER_SZ = 256};
enum { KRB5_DATA_SZ = 1024};
enum { KRB5_DATA_CNT = 20};
enum _cc_data_type {
type_ticket = 0, // 0 for ticket, second_ticket
/* Ted's draft spec says these are to be
"as defined in the Kerberos V5 protocol"
all I can find are typdefs,
can't find an enumerated type or #define
*/
type_address, /* = <"as defined in the Kerberos V5 protocol"> */
type_authdata, /* = <"as defined in the Kerberos V5 protocol"> */
type_encryption, /* = <"as defined in the Kerberos V5 protocol"> */
cc_data_type_max }; // for validation
typedef struct _cc_data
{
cc_int32 type; // should be one of _cc_data_type
cc_int32 length;
unsigned char* data; // the proverbial bag-o-bits
} cc_data;
typedef struct _cc_data1
{
cc_int32 type; // should be one of _cc_data_type
cc_int32 length;
unsigned char data[KRB5_DATA_SZ]; // the proverbial bag-o-bits
} cc_data1;
// V5 Credentials
typedef struct _cc_creds {
char* client;
char* server;
cc_data keyblock;
cc_time_t authtime;
cc_time_t starttime;
cc_time_t endtime;
cc_time_t renew_till;
cc_int32 is_skey;
cc_int32 ticket_flags;
cc_data FAR ** addresses;
cc_data ticket;
cc_data second_ticket;
cc_data FAR ** authdata;
} cc_creds;
typedef struct _cc_cache_creds {
char client[KRB5_CLIENT_SZ];
char server[KRB5_SERVER_SZ];
cc_data1 keyblock;
cc_time_t authtime;
cc_time_t starttime;
cc_time_t endtime;
cc_time_t renew_till;
cc_int32 is_skey;
cc_int32 ticket_flags;
cc_data1 addresses[KRB5_DATA_CNT];
cc_data1 ticket;
cc_data1 second_ticket;
cc_data1 authdata[KRB5_DATA_CNT];
} cc_cache_creds;
�
// begin V4 stuff
enum { KRB_PRINCIPAL_SZ = 40 };
enum { KRB_SERVICE_SZ = 40};
enum { KRB_INSTANCE_SZ = 40};
enum { KRB_REALM_SZ = 40};
#ifndef ADDR_SZ
enum { ADDR_SZ = 16};
#endif
// use an enumerated type so all callers infer the same meaning
// these values are what krbv4win uses internally.
enum StringToKey_Type { STK_AFS = 0, STK_DES = 1 };
// K4 uses a MAX_KTXT_LEN of 1250 to hold a ticket
// K95 uses 256
// To be safe I'll use the larger number, but a factor of 5!!!
enum { MAX_V4_CRED_LEN = 1250 };
// V4 Credentials
typedef struct cc_V4credential {
unsigned char kversion;
char principal[KRB_PRINCIPAL_SZ];
char principal_instance[KRB_INSTANCE_SZ];
char service[KRB_SERVICE_SZ];
char service_instance[KRB_INSTANCE_SZ];
char realm[KRB_REALM_SZ];
unsigned char session_key[8];
cc_int32 kvno; // k95 used BYTE skvno
enum StringToKey_Type
str_to_key; // k4 infers dynamically, k95 stores
long issue_date; // k95 called this issue_time
cc_int32 lifetime; // k95 used LONG expiration_time
char address[ADDR_SZ]; // IP Address of local host
cc_int32 ticket_sz; // k95 used BYTE, k4 ktext uses int to hold up to 1250
unsigned char ticket[MAX_V4_CRED_LEN];
unsigned long oops; // zero to catch runaways
} V4Cred_type;
#ifdef JENNYEXT
typedef struct cc_V4credential CCV4CREDENTIALS; // JENNYEXT
#endif
enum cc_cred_vers {
CC_CRED_VUNKNOWN = 0, // For validation
CC_CRED_V4 = 1,
CC_CRED_V5 = 2,
CC_CRED_VMAX = 3 // For validation
};
typedef union cred_ptr_union_type {
V4Cred_type* pV4Cred;
cc_creds* pV5Cred;
} cred_ptr_union;
typedef struct cred_union_type {
//#ifdef CRED_TYPE_IN_UNION
enum cc_cred_vers cred_type;
//#endif
cred_ptr_union cred;
} cred_union;
�
/*
** The official (externally visible) API
*/
#ifdef __cplusplus
extern "C" /* this entire list of functions */
{
#endif /* __cplusplus */
/*
** Main cache routines : initialize, shutdown, get_cache_names, & get_change_time
*/
CCACHE_API
cc_initialize(apiCB** cc_ctx, // < DLL's primary control structure.
// returned here, passed everywhere else
const cc_int32 api_version,// > ver supported by caller (use CC_API_VER_1)
cc_int32* api_supported, // < if ~NULL, max ver supported by DLL
const char** vendor); // < if ~NULL, vendor name in read only C string
CCACHE_API
cc_shutdown(apiCB** cc_ctx); // <> DLL's primary control structure. NULL after call.
CCACHE_API
cc_get_change_time(apiCB* cc_ctx, // > DLL's primary control structure
cc_time_t* time); // < time of last change to main cache
�
/*
** Named Cache (NC) routines
** create, open, close, destroy, get_principal, get_cred_version, & lock_request
**
** Multiple NCs are allowed within the main cache. Each has a Name and kerberos
** version # (V4 or V5). Caller gets "ccache_ptr"s for NCs.
*/
CCACHE_API
cc_create(apiCB* cc_ctx, // > DLL's primary control structure
const char* name, // > name of cache to be [destroyed if exists, then] created
const char* principal, // > name of principal associated with NC
const enum cc_cred_vers vers, // > ticket version (CC_CRED_V4 or CC_CRED_V5)
const cc_int32 cc_flags, // > options
ccache_p** ccache_ptr); // < NC control structure
CCACHE_API
cc_open(apiCB* cc_ctx, // > DLL's primary control structure
const char* name, // > name of pre-created cache
const enum cc_cred_vers vers, // > ticket version (CC_CRED_V4 or CC_CRED_V5)
const cc_int32 cc_flags, // > options
ccache_p** ccache_ptr); // < NC control structure
CCACHE_API
cc_close(apiCB* cc_ctx, // > DLL's primary control structure
ccache_p** ccache_ptr); // <> NC control structure. NULL after call.
CCACHE_API
cc_destroy(apiCB* cc_ctx, // > DLL's primary control structure
ccache_p** ccache_ptr); // <> NC control structure. NULL after call.
/*
** Ways to get information about the NCs
*/
CCACHE_API
cc_seq_fetch_NCs(apiCB* cc_ctx, // > DLL's primary control structure
ccache_p** ccache_ptr, // < NC control structure (free via cc_close())
ccache_cit** itNCs); // <> iterator used by DLL,
// set to NULL before first call
// returned NULL at CC_END
typedef struct _infoNC {
char* name;
enum cc_cred_vers vers;
} infoNC;
CCACHE_API
cc_get_NC_info(apiCB* cc_ctx, // > DLL's primary control structure
struct _infoNC*** ppNCi); // < (NULL before call) null terminated,
// list of a structs (free via cc_free_infoNC())
CCACHE_API
cc_free_NC_info(apiCB* cc_ctx,
struct _infoNC*** ppNCi); // < free list of structs returned by cc_get_cache_names()
// set to NULL on return
/*
** Functions that provide distinguishing characteristics of NCs.
*/
CCACHE_API
cc_get_name(apiCB* cc_ctx, // > DLL's primary control structure
const ccache_p* ccache_ptr, // > NC control structure
char** name); // < name of NC associated with ccache_ptr (free via cc_free_name())
CCACHE_API
cc_set_principal(apiCB* cc_ctx, // > DLL's primary control structure
const ccache_p* ccache_pointer,// < name of principal associated with NC
const enum cc_cred_vers vers, // Free via cc_free_principal()
const char* principal);
CCACHE_API
cc_get_principal(apiCB* cc_ctx, // > DLL's primary control structure
ccache_p* ccache_pointer, // < name of principal associated with NC
char** principal); // Free via cc_free_principal()
#ifdef JENNYEXT
CCACHE_API
cc_set_instance(apiCB* cc_ctx, // > DLL's primary control structure
const char* instance); // < name of principal_instance associated with NC
// Free via cc_free_instance()
CCACHE_API
cc_get_instance(apiCB* cc_ctx, // > DLL's primary control structure
char** instance); // < name of principal_instance associated with NC
// Free via cc_free_instance()
#endif /* JENNYEXT */
CCACHE_API
cc_get_cred_version(apiCB* cc_ctx, // > DLL's primary control structure
const ccache_p* ccache_ptr,// > NC control structure
enum cc_cred_vers* vers);// < ticket version associated with NC
#define CC_LOCK_UNLOCK 1
#define CC_LOCK_READER 2
#define CC_LOCK_WRITER 3
#define CC_LOCK_NOBLOCK 16
CCACHE_API
cc_lock_request(apiCB* cc_ctx, // > DLL's primary control structure
const ccache_p* ccache_ptr,// > NC control structure
const cc_int32 lock_type);// > one (or combination) of above defined lock types
�
/*
** Credentials routines (work within an NC)
** store, remove_cred, seq_fetch_creds
*/
CCACHE_API
cc_store(apiCB* cc_ctx, // > DLL's primary control structure
const ccache_p* ccache_ptr, // > NC control structure
const cred_union creds); // > credentials to be copied into NC
CCACHE_API
cc_remove_cred(apiCB* cc_ctx, // > DLL's primary control structure
const ccache_p* ccache_ptr, // > NC control structure
const cred_union cred); // > credentials to remove from NC
CCACHE_API
cc_seq_fetch_creds(apiCB* cc_ctx, // > DLL's primary control structure
const ccache_p* ccache_ptr, // > NC control structure
cred_union** creds, // < filled in by DLL, free via cc_free_creds()
ccache_cit** itCreds); // <> iterator used by DLL, set to NULL before first call
// Also NULL for final call if loop ends before CC_END
�
/*
** methods of liberation,
** or freeing space via the free that goes with the malloc used to get it
** It's important to use the free carried in the DLL, not the one supplied
** by your compiler vendor.
**
** freeing a NULL pointer is not treated as an error
*/
CCACHE_API
cc_free_principal(apiCB* cc_ctx, // > DLL's primary control structure
char** principal); // <> ptr to principal to be freed, returned as NULL
// (from cc_get_principal())
#ifdef JENNYEXT
CCACHE_API
cc_free_instance(apiCB* cc_ctx, // > DLL's primary control structure
char** instance); // <> ptr to instance to be freed, returned as NULL
// (from cc_get_instance())
#endif
CCACHE_API
cc_free_name(apiCB* cc_ctx, // > DLL's primary control structure
char** name); // <> ptr to name to be freed, returned as NULL
// (from cc_get_name())
CCACHE_API
cc_free_name_list(apiCB* cc_ctx, // > DLL's primary control structure
char*** name_list); // <> ptr to null terminated list of names to be freed
// (from cc_get_cache_names()), returned as NULL
CCACHE_API
cc_free_creds(apiCB* cc_ctx, // > DLL's primary control structure
cred_union** pCred); // <> cred (from cc_seq_fetch_creds()) to be freed
// Returned as NULL.
#ifdef __cplusplus
} /* end extern "C" */
#endif /* __cplusplus */
#endif /* Krb_CCacheAPI_h_ */
|
