diff options
| author | John Kohl <jtkohl@mit.edu> | 1990-12-14 23:52:07 +0000 |
|---|---|---|
| committer | John Kohl <jtkohl@mit.edu> | 1990-12-14 23:52:07 +0000 |
| commit | 1bc0aafd4ba3baa32e69ee9ad0d6271e14cb5ba7 (patch) | |
| tree | 15473d71c5ca29d2432fef1dbb959ad0b3e7a330 /src/include | |
| parent | e1772c824f6bd353311dab839c7f985a86004cb4 (diff) | |
| download | krb5-1bc0aafd4ba3baa32e69ee9ad0d6271e14cb5ba7.tar.gz krb5-1bc0aafd4ba3baa32e69ee9ad0d6271e14cb5ba7.tar.xz krb5-1bc0aafd4ba3baa32e69ee9ad0d6271e14cb5ba7.zip | |
RFC draft protocol changes and related cleanups
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1554 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/krb5/asn.1/KRB5-types-aux.h | 34 | ||||
| -rw-r--r-- | src/include/krb5/asn.1/asn1defs.h | 30 | ||||
| -rw-r--r-- | src/include/krb5/asn.1/encode.h | 11 | ||||
| -rw-r--r-- | src/include/krb5/encryption.h | 11 | ||||
| -rw-r--r-- | src/include/krb5/free.h | 2 | ||||
| -rw-r--r-- | src/include/krb5/func-proto.h | 35 | ||||
| -rw-r--r-- | src/include/krb5/krb5.h | 66 | ||||
| -rw-r--r-- | src/include/krb5/los-proto.h | 4 | ||||
| -rw-r--r-- | src/include/krb5/proto.h | 14 | ||||
| -rw-r--r-- | src/include/krb5/stock/osconf.h | 2 |
10 files changed, 141 insertions, 68 deletions
diff --git a/src/include/krb5/asn.1/KRB5-types-aux.h b/src/include/krb5/asn.1/KRB5-types-aux.h index a2431478f..099be13d4 100644 --- a/src/include/krb5/asn.1/KRB5-types-aux.h +++ b/src/include/krb5/asn.1/KRB5-types-aux.h @@ -8,23 +8,20 @@ /* KRB5-types.c */ int encode_KRB5_Realm P((PE *, int , integer , char *, struct type_KRB5_Realm *)); int encode_KRB5_PrincipalName P((PE *, int , integer , char *, struct type_KRB5_PrincipalName *)); -int encode_KRB5_MessageType P((PE *, int , integer , char *, struct type_KRB5_MessageType *)); -int encode_KRB5_AddressType P((PE *, int , integer , char *, struct type_KRB5_AddressType *)); int encode_KRB5_HostAddress P((PE *, int , integer , char *, struct type_KRB5_HostAddress *)); int encode_KRB5_HostAddresses P((PE *, int , integer , char *, struct type_KRB5_HostAddresses *)); -int encode_KRB5_AdType P((PE *, int , integer , char *, struct type_KRB5_AdType *)); int encode_KRB5_AuthorizationData P((PE *, int , integer , char *, struct type_KRB5_AuthorizationData *)); int encode_KRB5_KDCOptions P((PE *, int , integer , char *, struct type_KRB5_KDCOptions *)); -int encode_KRB5_LastReqType P((PE *, int , integer , char *, struct type_KRB5_LastReqType *)); int encode_KRB5_LastReq P((PE *, int , integer , char *, struct type_KRB5_LastReq *)); int encode_KRB5_KerberosTime P((PE *, int , integer , char *, struct type_KRB5_KerberosTime *)); int encode_KRB5_Ticket P((PE *, int , integer , char *, struct type_KRB5_Ticket *)); +int encode_KRB5_TransitedEncoding P((PE *, int , integer , char *, struct type_KRB5_TransitedEncoding *)); int encode_KRB5_EncTicketPart P((PE *, int , integer , char *, struct type_KRB5_EncTicketPart *)); int encode_KRB5_Authenticator P((PE *, int , integer , char *, struct type_KRB5_Authenticator *)); -int encode_KRB5_AuthenticatorVersion P((PE *, int , integer , char *, struct type_KRB5_AuthenticatorVersion *)); int encode_KRB5_TicketFlags P((PE *, int , integer , char *, struct type_KRB5_TicketFlags *)); int encode_KRB5_AS__REQ P((PE *, int , integer , char *, struct type_KRB5_AS__REQ *)); int encode_KRB5_TGS__REQ P((PE *, int , integer , char *, struct type_KRB5_TGS__REQ *)); +int encode_KRB5_PA__DATA P((PE *, int , integer , char *, struct type_KRB5_PA__DATA *)); int encode_KRB5_KDC__REQ__BODY P((PE *, int , integer , char *, struct type_KRB5_KDC__REQ__BODY *)); int encode_KRB5_AS__REP P((PE *, int , integer , char *, struct type_KRB5_AS__REP *)); int encode_KRB5_TGS__REP P((PE *, int , integer , char *, struct type_KRB5_TGS__REP *)); @@ -35,34 +32,30 @@ int encode_KRB5_APOptions P((PE *, int , integer , char *, struct type_KRB5_APOp int encode_KRB5_AP__REP P((PE *, int , integer , char *, struct type_KRB5_AP__REP *)); int encode_KRB5_EncAPRepPart P((PE *, int , integer , char *, struct type_KRB5_EncAPRepPart *)); int encode_KRB5_KRB__SAFE P((PE *, int , integer , char *, struct type_KRB5_KRB__SAFE *)); +int encode_KRB5_KRB__SAFE__BODY P((PE *, int , integer , char *, struct type_KRB5_KRB__SAFE__BODY *)); int encode_KRB5_KRB__PRIV P((PE *, int , integer , char *, struct type_KRB5_KRB__PRIV *)); int encode_KRB5_EncKrbPrivPart P((PE *, int , integer , char *, struct type_KRB5_EncKrbPrivPart *)); int encode_KRB5_KRB__ERROR P((PE *, int , integer , char *, struct type_KRB5_KRB__ERROR *)); int encode_KRB5_EncryptedData P((PE *, int , integer , char *, struct type_KRB5_EncryptedData *)); -int encode_KRB5_EncryptionType P((PE *, int , integer , char *, struct type_KRB5_EncryptionType *)); int encode_KRB5_EncryptionKey P((PE *, int , integer , char *, struct type_KRB5_EncryptionKey *)); -int encode_KRB5_KeyType P((PE *, int , integer , char *, struct type_KRB5_KeyType *)); int encode_KRB5_Checksum P((PE *, int , integer , char *, struct type_KRB5_Checksum *)); -int encode_KRB5_ChecksumType P((PE *, int , integer , char *, struct type_KRB5_ChecksumType *)); +int encode_KRB5_METHOD__DATA P((PE *, int , integer , char *, struct type_KRB5_METHOD__DATA *)); int decode_KRB5_Realm P((PE , int , integer *, char **, struct type_KRB5_Realm **)); int decode_KRB5_PrincipalName P((PE , int , integer *, char **, struct type_KRB5_PrincipalName **)); -int decode_KRB5_MessageType P((PE , int , integer *, char **, struct type_KRB5_MessageType **)); -int decode_KRB5_AddressType P((PE , int , integer *, char **, struct type_KRB5_AddressType **)); int decode_KRB5_HostAddress P((PE , int , integer *, char **, struct type_KRB5_HostAddress **)); int decode_KRB5_HostAddresses P((PE , int , integer *, char **, struct type_KRB5_HostAddresses **)); -int decode_KRB5_AdType P((PE , int , integer *, char **, struct type_KRB5_AdType **)); int decode_KRB5_AuthorizationData P((PE , int , integer *, char **, struct type_KRB5_AuthorizationData **)); int decode_KRB5_KDCOptions P((PE , int , integer *, char **, struct type_KRB5_KDCOptions **)); -int decode_KRB5_LastReqType P((PE , int , integer *, char **, struct type_KRB5_LastReqType **)); int decode_KRB5_LastReq P((PE , int , integer *, char **, struct type_KRB5_LastReq **)); int decode_KRB5_KerberosTime P((PE , int , integer *, char **, struct type_KRB5_KerberosTime **)); int decode_KRB5_Ticket P((PE , int , integer *, char **, struct type_KRB5_Ticket **)); +int decode_KRB5_TransitedEncoding P((PE , int , integer *, char **, struct type_KRB5_TransitedEncoding **)); int decode_KRB5_EncTicketPart P((PE , int , integer *, char **, struct type_KRB5_EncTicketPart **)); int decode_KRB5_Authenticator P((PE , int , integer *, char **, struct type_KRB5_Authenticator **)); -int decode_KRB5_AuthenticatorVersion P((PE , int , integer *, char **, struct type_KRB5_AuthenticatorVersion **)); int decode_KRB5_TicketFlags P((PE , int , integer *, char **, struct type_KRB5_TicketFlags **)); int decode_KRB5_AS__REQ P((PE , int , integer *, char **, struct type_KRB5_AS__REQ **)); int decode_KRB5_TGS__REQ P((PE , int , integer *, char **, struct type_KRB5_TGS__REQ **)); +int decode_KRB5_PA__DATA P((PE , int , integer *, char **, struct type_KRB5_PA__DATA **)); int decode_KRB5_KDC__REQ__BODY P((PE , int , integer *, char **, struct type_KRB5_KDC__REQ__BODY **)); int decode_KRB5_AS__REP P((PE , int , integer *, char **, struct type_KRB5_AS__REP **)); int decode_KRB5_TGS__REP P((PE , int , integer *, char **, struct type_KRB5_TGS__REP **)); @@ -73,28 +66,26 @@ int decode_KRB5_APOptions P((PE , int , integer *, char **, struct type_KRB5_APO int decode_KRB5_AP__REP P((PE , int , integer *, char **, struct type_KRB5_AP__REP **)); int decode_KRB5_EncAPRepPart P((PE , int , integer *, char **, struct type_KRB5_EncAPRepPart **)); int decode_KRB5_KRB__SAFE P((PE , int , integer *, char **, struct type_KRB5_KRB__SAFE **)); +int decode_KRB5_KRB__SAFE__BODY P((PE , int , integer *, char **, struct type_KRB5_KRB__SAFE__BODY **)); int decode_KRB5_KRB__PRIV P((PE , int , integer *, char **, struct type_KRB5_KRB__PRIV **)); int decode_KRB5_EncKrbPrivPart P((PE , int , integer *, char **, struct type_KRB5_EncKrbPrivPart **)); int decode_KRB5_KRB__ERROR P((PE , int , integer *, char **, struct type_KRB5_KRB__ERROR **)); int decode_KRB5_EncryptedData P((PE , int , integer *, char **, struct type_KRB5_EncryptedData **)); -int decode_KRB5_EncryptionType P((PE , int , integer *, char **, struct type_KRB5_EncryptionType **)); int decode_KRB5_EncryptionKey P((PE , int , integer *, char **, struct type_KRB5_EncryptionKey **)); -int decode_KRB5_KeyType P((PE , int , integer *, char **, struct type_KRB5_KeyType **)); int decode_KRB5_Checksum P((PE , int , integer *, char **, struct type_KRB5_Checksum **)); -int decode_KRB5_ChecksumType P((PE , int , integer *, char **, struct type_KRB5_ChecksumType **)); +int decode_KRB5_METHOD__DATA P((PE , int , integer *, char **, struct type_KRB5_METHOD__DATA **)); int free_KRB5_PrincipalName P((struct type_KRB5_PrincipalName *)); -int free_KRB5_MessageType P((struct type_KRB5_MessageType *)); -int free_KRB5_AddressType P((struct type_KRB5_AddressType *)); int free_KRB5_HostAddress P((struct type_KRB5_HostAddress *)); int free_KRB5_HostAddresses P((struct type_KRB5_HostAddresses *)); int free_KRB5_AuthorizationData P((struct type_KRB5_AuthorizationData *)); int free_KRB5_LastReq P((struct type_KRB5_LastReq *)); int free_KRB5_Ticket P((struct type_KRB5_Ticket *)); +int free_KRB5_TransitedEncoding P((struct type_KRB5_TransitedEncoding *)); int free_KRB5_EncTicketPart P((struct type_KRB5_EncTicketPart *)); int free_KRB5_Authenticator P((struct type_KRB5_Authenticator *)); -int free_KRB5_AuthenticatorVersion P((struct type_KRB5_AuthenticatorVersion *)); int free_KRB5_AS__REQ P((struct type_KRB5_AS__REQ *)); int free_KRB5_TGS__REQ P((struct type_KRB5_TGS__REQ *)); +int free_KRB5_PA__DATA P((struct type_KRB5_PA__DATA *)); int free_KRB5_KDC__REQ__BODY P((struct type_KRB5_KDC__REQ__BODY *)); int free_KRB5_AS__REP P((struct type_KRB5_AS__REP *)); int free_KRB5_TGS__REP P((struct type_KRB5_TGS__REP *)); @@ -104,14 +95,13 @@ int free_KRB5_AP__REQ P((struct type_KRB5_AP__REQ *)); int free_KRB5_AP__REP P((struct type_KRB5_AP__REP *)); int free_KRB5_EncAPRepPart P((struct type_KRB5_EncAPRepPart *)); int free_KRB5_KRB__SAFE P((struct type_KRB5_KRB__SAFE *)); +int free_KRB5_KRB__SAFE__BODY P((struct type_KRB5_KRB__SAFE__BODY *)); int free_KRB5_KRB__PRIV P((struct type_KRB5_KRB__PRIV *)); int free_KRB5_EncKrbPrivPart P((struct type_KRB5_EncKrbPrivPart *)); int free_KRB5_KRB__ERROR P((struct type_KRB5_KRB__ERROR *)); int free_KRB5_EncryptedData P((struct type_KRB5_EncryptedData *)); -int free_KRB5_EncryptionType P((struct type_KRB5_EncryptionType *)); int free_KRB5_EncryptionKey P((struct type_KRB5_EncryptionKey *)); -int free_KRB5_KeyType P((struct type_KRB5_KeyType *)); int free_KRB5_Checksum P((struct type_KRB5_Checksum *)); -int free_KRB5_ChecksumType P((struct type_KRB5_ChecksumType *)); +int free_KRB5_METHOD__DATA P((struct type_KRB5_METHOD__DATA *)); #undef P diff --git a/src/include/krb5/asn.1/asn1defs.h b/src/include/krb5/asn.1/asn1defs.h index eb7a80b54..eafe71de3 100644 --- a/src/include/krb5/asn.1/asn1defs.h +++ b/src/include/krb5/asn.1/asn1defs.h @@ -116,7 +116,7 @@ krb5_kdc_rep *KRB5_KDC__REP2krb5_as_rep /* kdcr2kkdcr.c */ krb5_kdc_rep *KRB5_KDC__REP2krb5_kdc_rep - PROTOTYPE((const struct type_KRB5_TGS__REP *, krb5_msgtype *, int *)); + PROTOTYPE((const struct type_KRB5_TGS__REP *, int *)); /* kdcr2ktgsr.c */ krb5_kdc_rep *KRB5_KDC__REP2krb5_tgs_rep @@ -220,17 +220,31 @@ struct type_KRB5_TicketFlags *krb5_flags2KRB5_TicketFlags krb5_flags KRB5_TicketFlags2krb5_flags PROTOTYPE((const struct type_KRB5_TicketFlags *,int *)); -#include <krb5/widen.h> +/* kpadt2padt.c */ +struct type_KRB5_PA__DATA *krb5_pa_data2KRB5_PA__DATA + PROTOTYPE((krb5_pa_data **, int *)); -/* Only put things which don't have pointers to the narrow types in this - section */ +/* ktran2tran.c */ +struct type_KRB5_TransitedEncoding *krb5_transited2KRB5_TransitedEncoding + PROTOTYPE((const krb5_transited *, int *)); + +/* padt2kpadt.c */ +krb5_pa_data **KRB5_PA__DATA2krb5_pa_data + PROTOTYPE((struct type_KRB5_PA__DATA *, int *)); + +/* tran2ktran.c */ +krb5_transited *KRB5_TransitedEncoding2krb5_transited + PROTOTYPE((const struct type_KRB5_TransitedEncoding *, int *)); /* kkdcr2kdcr.c */ struct type_KRB5_TGS__REP *krb5_kdc_rep2KRB5_KDC__REP - PROTOTYPE((const krb5_kdc_rep *, - const krb5_msgtype, - int *)); + PROTOTYPE((const krb5_kdc_rep *, int *)); + +/* #include <krb5/widen.h> */ + +/* Only put things which don't have pointers to the narrow types in this + section */ -#include <krb5/narrow.h> +/* #include <krb5/narrow.h> */ #endif /* KRB5_ASN1DEFS__ */ diff --git a/src/include/krb5/asn.1/encode.h b/src/include/krb5/asn.1/encode.h index 3ef7e599e..3c2f24c55 100644 --- a/src/include/krb5/asn.1/encode.h +++ b/src/include/krb5/asn.1/encode.h @@ -209,6 +209,17 @@ krb5_error_code encode_krb5_as_req (translator_func) KRB5_KRB__ERROR2krb5_error, \ (free_func) free_KRB5_KRB__ERROR) +#define encode_krb5_authdata(pauth, output) \ + krb5_encode_generic((krb5_const_pointer)pauth, output, \ + (encoder_func) encode_KRB5_AuthorizationData, \ + (translator_func) krb5_authdata2KRB5_AuthorizationData, \ + (free_func) free_KRB5_AuthorizationData) +#define decode_krb5_authdata(pauth, output) \ + krb5_decode_generic(pauth, (krb5_pointer *) output, \ + (decoder_func) decode_KRB5_AuthorizationData, \ + (translator_func) KRB5_AuthorizationData2krb5_authdata, \ + (free_func) free_KRB5_AuthorizationData) + /* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */ /* here we use some knowledge of ASN.1 encodings */ /* diff --git a/src/include/krb5/encryption.h b/src/include/krb5/encryption.h index cf6ee7399..0bdaa5ff6 100644 --- a/src/include/krb5/encryption.h +++ b/src/include/krb5/encryption.h @@ -47,6 +47,8 @@ typedef struct _krb5_enc_data { krb5_data ciphertext; } krb5_enc_data; +#include <krb5/widen.h> + /* could be used in a table to find an etype and initialize a block */ typedef struct _krb5_cryptosystem_entry { krb5_error_code (*encrypt_func) PROTOTYPE((krb5_const_pointer /* in */, @@ -65,7 +67,7 @@ typedef struct _krb5_cryptosystem_entry { krb5_error_code (*string_to_key) PROTOTYPE((const krb5_keytype, krb5_keyblock *, const krb5_data *, - krb5_const_principal)); + const krb5_data *)); krb5_error_code (*init_random_key) PROTOTYPE((const krb5_keyblock *, krb5_pointer *)); krb5_error_code (*finish_random_key) PROTOTYPE((krb5_pointer *)); @@ -82,6 +84,8 @@ typedef struct _krb5_cryptosystem_entry { table index) */ } krb5_cryptosystem_entry; +#include <krb5/narrow.h> + typedef struct _krb5_cs_table_entry { krb5_cryptosystem_entry *system; krb5_pointer random_sequence; /* from init_random_key() */ @@ -96,6 +100,8 @@ typedef struct _krb5_checksum_entry { krb5_checksum * /* out_cksum */)); int checksum_length; /* length of stuff returned by sum_func */ + unsigned int is_collision_proof:1; + unsigned int uses_key:1; } krb5_checksum_entry; /* per Kerberos v5 protocol spec */ @@ -145,6 +151,9 @@ extern int krb5_max_cksum; /* max entry in array */ #define valid_cksumtype(cktype) ((cktype <= krb5_max_cksum) && (cktype > 0) && krb5_cksumarray[cktype]) +#define is_coll_proof_cksum(cktype) (krb5_cksumarray[cktype]->is_collision_proof) +#define is_keyed_cksum(cktype) (krb5_cksumarray[cktype]->uses_key) + /* set up *eblockp to use etype */ #define krb5_use_cstype(eblockp, etype) (eblockp)->crypto_entry = krb5_csarray[(etype)]->system diff --git a/src/include/krb5/free.h b/src/include/krb5/free.h index af2482624..6a7f9b5ee 100644 --- a/src/include/krb5/free.h +++ b/src/include/krb5/free.h @@ -21,6 +21,4 @@ #define krb5_free_data(val) { xfree((val)->data); xfree(val);} -#define krb5_free_ap_rep_enc_part xfree - #endif /* KRB5_FREE__ */ diff --git a/src/include/krb5/func-proto.h b/src/include/krb5/func-proto.h index ee6173a49..ca83d2f15 100644 --- a/src/include/krb5/func-proto.h +++ b/src/include/krb5/func-proto.h @@ -53,6 +53,8 @@ krb5_error_code krb5_mk_req_extended const krb5_checksum *, const krb5_ticket_times *, const krb5_flags, + krb5_int32, + krb5_keyblock *, krb5_ccache, krb5_creds *, krb5_authenticator *, @@ -79,14 +81,16 @@ krb5_error_code krb5_rd_error krb5_error_code krb5_rd_safe PROTOTYPE((const krb5_data *, const krb5_keyblock *, - const krb5_fulladdr *, - const krb5_fulladdr *, + const krb5_address *, + const krb5_address *, + krb5_int32, krb5_int32, krb5_data * )); krb5_error_code krb5_rd_priv PROTOTYPE((const krb5_data *, const krb5_keyblock *, - const krb5_fulladdr *, - const krb5_fulladdr *, + const krb5_address *, + const krb5_address *, + krb5_int32, krb5_int32, krb5_pointer, krb5_data * )); krb5_error_code krb5_parse_name @@ -157,6 +161,8 @@ krb5_error_code krb5_kt_remove_entry krb5_error_code krb5_kt_add_entry PROTOTYPE((krb5_keytab, krb5_keytab_entry * )); +krb5_error_code krb5_principal2salt + PROTOTYPE((krb5_const_principal, krb5_data *)); /* librc.spec--see rcache.h */ @@ -220,7 +226,10 @@ void krb5_free_checksum PROTOTYPE((krb5_checksum *)); void krb5_free_keyblock PROTOTYPE((krb5_keyblock *)); - +void krb5_free_pa_data + PROTOTYPE((krb5_pa_data **)); +void krb5_free_ap_rep_enc_part + PROTOTYPE((krb5_ap_rep_enc_part *)); #include <krb5/widen.h> @@ -242,6 +251,7 @@ krb5_error_code krb5_send_tgs krb5_const_principal, krb5_address * const *, krb5_authdata * const *, + krb5_pa_data * const *, const krb5_data *, krb5_creds *, krb5_response * )); @@ -252,8 +262,9 @@ krb5_error_code krb5_get_in_tkt const krb5_enctype, const krb5_keytype, krb5_error_code (* )(const krb5_keytype, - krb5_keyblock **, - krb5_const_pointer ), + krb5_keyblock **, + krb5_const_pointer, + krb5_pa_data **), krb5_const_pointer, krb5_error_code (* )(const krb5_keyblock *, krb5_const_pointer, @@ -317,15 +328,17 @@ krb5_error_code krb5_mk_safe PROTOTYPE((const krb5_data *, const krb5_cksumtype , const krb5_keyblock *, - const krb5_fulladdr *, - const krb5_fulladdr *, + const krb5_address *, + const krb5_address *, + krb5_int32, krb5_int32, krb5_data * )); krb5_error_code krb5_mk_priv PROTOTYPE((const krb5_data *, const krb5_enctype, const krb5_keyblock *, - const krb5_fulladdr *, - const krb5_fulladdr *, + const krb5_address *, + const krb5_address *, + krb5_int32, krb5_int32, krb5_pointer, krb5_data * )); krb5_error_code krb5_cc_register diff --git a/src/include/krb5/krb5.h b/src/include/krb5/krb5.h index e51d742c3..de19ffd3b 100644 --- a/src/include/krb5/krb5.h +++ b/src/include/krb5/krb5.h @@ -36,7 +36,8 @@ typedef struct _krb5_ticket_times { krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime in ticket? otherwise client can't get this */ - krb5_timestamp starttime; + krb5_timestamp starttime; /* optional in ticket, if not present, + use authtime */ krb5_timestamp endtime; krb5_timestamp renew_till; } krb5_ticket_times; @@ -48,12 +49,18 @@ typedef struct _krb5_authdata { krb5_octet *contents; } krb5_authdata; +/* structure for transited encoding */ +typedef struct _krb5_transited { + krb5_octet tr_type; + krb5_data tr_contents; +} krb5_transited; + typedef struct _krb5_enc_tkt_part { /* to-be-encrypted portion */ krb5_flags flags; /* flags */ krb5_keyblock *session; /* session key: includes keytype */ krb5_principal client; /* client name/realm */ - krb5_data transited; /* list of transited realms */ + krb5_transited transited; /* list of transited realms */ krb5_ticket_times times; /* auth, start, end, renew_till */ krb5_address **caddrs; /* array of ptrs to addresses */ krb5_authdata **authorization_data; /* auth data */ @@ -71,9 +78,11 @@ typedef struct _krb5_ticket { /* the unencrypted version */ typedef struct _krb5_authenticator { krb5_principal client; /* client name/realm */ - krb5_checksum *checksum; /* checksum, includes type */ - krb5_ui_2 cmsec; /* client msec portion */ + krb5_checksum *checksum; /* checksum, includes type, optional */ + krb5_int32 cusec; /* client usec portion */ krb5_timestamp ctime; /* client sec portion */ + krb5_keyblock *subkey; /* true session key, optional */ + krb5_int32 seq_number; /* sequence #, optional */ } krb5_authenticator; typedef struct _krb5_tkt_authent { @@ -105,10 +114,16 @@ typedef struct _krb5_last_req_entry { krb5_timestamp value; } krb5_last_req_entry; +/* pre-authentication data */ +typedef struct _krb5_pa_data { + krb5_ui_2 pa_type; + int length; + krb5_octet *contents; +} krb5_pa_data; + typedef struct _krb5_kdc_req { krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */ - krb5_octet padata_type; - krb5_data padata; /* e.g. encoded AP_REQ */ + krb5_pa_data **padata; /* e.g. encoded AP_REQ */ /* real body */ krb5_flags kdc_options; /* requested options */ krb5_principal client; /* includes realm; optional */ @@ -117,11 +132,13 @@ typedef struct _krb5_kdc_req { krb5_timestamp from; /* requested starttime */ krb5_timestamp till; /* requested endtime */ krb5_timestamp rtime; /* (optional) requested renew_till */ - krb5_timestamp ctime; /* client's time */ krb5_int32 nonce; /* nonce to match request/response */ - krb5_enctype etype; /* requested encryption type */ - krb5_address **addresses; /* requested addresses */ - krb5_authdata **authorization_data; /* auth data; OPTIONAL */ + int netypes; /* # of etypes, must be positive */ + krb5_enctype *etype; /* requested encryption type(s) */ + krb5_address **addresses; /* requested addresses, optional */ + krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */ + krb5_authdata **unenc_authdata; /* unencrypted auth data, + if available */ krb5_ticket **second_ticket; /* second ticket array; OPTIONAL */ } krb5_kdc_req; @@ -134,11 +151,14 @@ typedef struct _krb5_enc_kdc_rep_part { krb5_flags flags; /* ticket flags */ krb5_ticket_times times; /* lifetime info */ krb5_principal server; /* server's principal identifier */ - krb5_address **caddrs; /* array of ptrs to addresses */ + krb5_address **caddrs; /* array of ptrs to addresses, + optional */ } krb5_enc_kdc_rep_part; typedef struct _krb5_kdc_rep { /* cleartext part: */ + krb5_msgtype msg_type; /* AS_REP or KDC_REP? */ + krb5_pa_data **padata; /* preauthentication data from KDC */ krb5_principal client; /* client's principal identifier */ krb5_ticket *ticket; /* ticket */ krb5_enc_data enc_part; /* encryption type, kvno, encrypted @@ -150,8 +170,8 @@ typedef struct _krb5_kdc_rep { typedef struct _krb5_error { /* some of these may be meaningless in certain contexts */ krb5_timestamp ctime; /* client sec portion; optional */ - krb5_ui_2 cmsec; /* client msec portion; optional */ - krb5_ui_2 smsec; /* server msec portion */ + krb5_int32 cusec; /* client usec portion; optional */ + krb5_int32 susec; /* server usec portion */ krb5_timestamp stime; /* server sec portion */ krb5_ui_4 error; /* error code (protocol error #'s) */ krb5_principal client; /* client's principal identifier; @@ -173,7 +193,9 @@ typedef struct _krb5_ap_rep { typedef struct _krb5_ap_rep_enc_part { krb5_timestamp ctime; /* client time, seconds portion */ - krb5_ui_2 cmsec; /* client time, milliseconds portion */ + krb5_int32 cusec; /* client time, microseconds portion */ + krb5_keyblock *subkey; /* true session key, optional */ + krb5_int32 seq_number; /* sequence #, optional */ } krb5_ap_rep_enc_part; typedef struct _krb5_response { @@ -183,10 +205,12 @@ typedef struct _krb5_response { typedef struct _krb5_safe { krb5_data user_data; /* user data */ - krb5_timestamp timestamp; /* client time */ - krb5_ui_2 msec; /* millisecond portion of time */ + krb5_timestamp timestamp; /* client time, optional */ + krb5_int32 usec; /* microsecond portion of time, + optional */ + krb5_int32 seq_number; /* sequence #, optional */ krb5_address *s_address; /* sender address */ - krb5_address *r_address; /* recipient address */ + krb5_address *r_address; /* recipient address, optional */ krb5_checksum *checksum; /* data integrity checksum */ } krb5_safe; @@ -196,13 +220,15 @@ typedef struct _krb5_priv { typedef struct _krb5_priv_enc_part { krb5_data user_data; /* user data */ - krb5_timestamp timestamp; /* client time */ - krb5_ui_2 msec; /* millisecond portion of time */ + krb5_timestamp timestamp; /* client time, optional */ + krb5_int32 usec; /* microsecond portion of time, opt. */ + krb5_int32 seq_number; /* sequence #, optional */ krb5_address *s_address; /* sender address */ - krb5_address *r_address; /* recipient address */ + krb5_address *r_address; /* recipient address, optional */ } krb5_priv_enc_part; /* these need to be here so the typedefs are available for the prototypes */ +#include <krb5/safepriv.h> #include <krb5/ccache.h> #include <krb5/rcache.h> #include <krb5/keytab.h> diff --git a/src/include/krb5/los-proto.h b/src/include/krb5/los-proto.h index 6cf09508c..c85c7fc66 100644 --- a/src/include/krb5/los-proto.h +++ b/src/include/krb5/los-proto.h @@ -33,9 +33,9 @@ krb5_error_code krb5_unlock_file char * )); krb5_error_code krb5_timeofday PROTOTYPE((krb5_int32 * )); -krb5_error_code krb5_ms_timeofday +krb5_error_code krb5_us_timeofday PROTOTYPE((krb5_int32 *, - krb5_ui_2 * )); + krb5_int32 * )); int krb5_net_read PROTOTYPE((int , char *, diff --git a/src/include/krb5/proto.h b/src/include/krb5/proto.h index 1599b5652..5b9e5a41e 100644 --- a/src/include/krb5/proto.h +++ b/src/include/krb5/proto.h @@ -32,6 +32,18 @@ #define KRB5_ERROR ((krb5_msgtype)30) /* Error response */ /* PADATA types */ -#define KRB5_PADATA_AP_REQ ((krb5_octet)1) +#define KRB5_PADATA_AP_REQ 1 +#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ +#define KRB5_PADATA_ENC_TIMESTAMPS 2 +#define KRB5_PADATA_PW_SALT 3 + +/* Transited encoding types */ +#define KRB5_DOMAIN_X500_COMPRESS 1 + +/* alternate authentication types */ +#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64 + +/* authorization data types */ +#define KRB5_AUTHDATA_OSF_DCE 64 #endif /* KRB5_PROTO__ */ diff --git a/src/include/krb5/stock/osconf.h b/src/include/krb5/stock/osconf.h index 1e915040b..79d5f50a0 100644 --- a/src/include/krb5/stock/osconf.h +++ b/src/include/krb5/stock/osconf.h @@ -44,7 +44,7 @@ #define DEFAULT_KDC_ETYPE ETYPE_DES_CBC_CRC #define DEFAULT_KDC_KEYTYPE KEYTYPE_DES -#define KDC_PORTNAME "kerberos5" /* for /etc/services or equiv. */ +#define KDC_PORTNAME "kerberos" /* for /etc/services or equiv. */ #define MAX_DGRAM_SIZE 4096 #define MAX_SKDC_TIMEOUT 30 |