Fix DES_INT32 definition

Intial merge of KfM des library API.

Update krb.h to use offsets from krb_err.et constants as error codes.
Fix up definitions of KRB4_32, KRB_INT32, KRB_UINT32.

ticket: 1189
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14904 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 234 insertions, 138 deletions

diff --git a/src/include/kerberosIV/ChangeLog b/src/include/kerberosIV/ChangeLog
index 46ea0826a..b4cd422c1 100644
--- a/src/include/kerberosIV/ChangeLog
+++ b/src/include/kerberosIV/ChangeLog
@@ -1,3 +1,14 @@
+2002-09-26  Tom Yu  <tlyu@mit.edu>
+
+	* des.h: Some initial work for KfM integration.  Clean up
+	DES_INT32 selection.  Set up for inclusion by
+	lib/crypto/des/des_int.h, which will define a special macro to
+	prevent the krb4-specific stuff from being declared.
+
+	* krb.h: Initial work for KfM integration.  Fix up KRB4_32, and
+	add KRB_INT32, KRB_UINT32.  Change all error code macros to be
+	offsets from krb_err.et symbols.
+
 2002-09-18  Ken Raeburn  <raeburn@mit.edu>
 
 	* krb.h: Add extern "C" markers in case a C++ compiler is used.
diff --git a/src/include/kerberosIV/des.h b/src/include/kerberosIV/des.h
index 8ec32da2e..46a4f527d 100644
--- a/src/include/kerberosIV/des.h
+++ b/src/include/kerberosIV/des.h
@@ -1,8 +1,8 @@
 /*
  * include/kerberosIV/des.h
  *
- * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
+ * Copyright 1987, 1988, 1994, 2002 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
@@ -26,10 +26,82 @@
  * Include file for the Data Encryption Standard library.
  */
 
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+	#include <TargetConditionals.h>
+    #if TARGET_RT_MAC_CFM
+        #error "Use KfM 4.0 SDK headers for CFM compilation."
+    #endif
+#endif
+
+#ifndef KRB5INT_DES_TYPES_DEFINED
+#define KRB5INT_DES_TYPES_DEFINED
+
+#if TARGET_OS_MAC
+    #if defined(__MWERKS__)
+        #pragma import on
+        #pragma enumsalwaysint on
+    #endif
+    #pragma options align=mac68k
+#endif
+
+#include <limits.h>
+
+#if UINT_MAX >= 0xFFFFFFFFUL
+#define DES_INT32 int
+#define DES_UINT32 unsigned int
+#else
+#define DES_INT32 long
+#define DES_UINT32 unsigned long
+#endif
+
+typedef unsigned char des_cblock[8];	/* crypto-block size */
+/*
+ * Key schedule.
+ *
+ * This used to be
+ *
+ * typedef struct des_ks_struct { union { DES_INT32 pad; des_cblock _;} __; } des_key_schedule[16];
+ *
+ * but it would cause trouble if DES_INT32 is ever more than 4 bytes.
+ * The reason is that all the encryption functions cast it to
+ * (DES_INT32 *), and treat it as if it were DES_INT32[32].  If
+ * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the
+ * caller-allocated des_key_schedule will be overflowed by the key
+ * scheduling functions.  We can't assume that every platform will
+ * have an exact 32-bit int, and nothing should be looking inside a
+ * des_key_schedule anyway.
+ */
+typedef struct des_ks_struct {  DES_INT32 _[2]; } des_key_schedule[16];
+
+#if TARGET_OS_MAC
+    #if defined(__MWERKS__)
+        #pragma enumsalwaysint reset
+        #pragma import reset
+    #endif
+	#pragma options align=reset
+#endif
+
+#endif /* KRB5INT_DES_TYPES_DEFINED */
+
 /* only do the whole thing once	 */
 #ifndef DES_DEFS
+/*
+ * lib/crypto/des/des_int.h defines KRB5INT_CRYPTO_DES_INT temporarily
+ * to avoid including the defintions and declarations below.  The
+ * reason that the crypto library needs to include this file is that
+ * it needs to have its types aligned with krb4's types.
+ */
+#ifndef KRB5INT_CRYPTO_DES_INT
 #define DES_DEFS
 
+#if TARGET_OS_MAC
+    #if defined(__MWERKS__)
+        #pragma import on
+        #pragma enumsalwaysint on
+    #endif
+    #pragma options align=mac68k
+#endif
+
 #if defined(_WIN32) && !defined(_WINDOWS)
 #define _WINDOWS
 #endif
@@ -40,9 +112,6 @@
 #endif
 #include <win-mac.h>
 #endif
-#ifdef __STDC__
-#include <limits.h>
-#endif
 #include <stdio.h> /* need FILE for des_cblock_print_file */
 
 /* Windows declarations */
@@ -51,50 +120,6 @@
 #define KRB5_CALLCONV_C
 #endif
 
-#ifndef KRB4_32
-#ifdef SIZEOF_INT
-#if SIZEOF_INT >= 4
-#define KRB4_32 int
-#else  /* !(SIZEOF_INT >= 4) */
-#define KRB4_32 long
-#endif /* !(SIZEOF_INT >= 4) */
-#else  /* !defined(SIZEOF_INT) */
-#ifdef __STDC__
-#if INT_MAX >= 0x7fffffff
-#define KRB4_32 int
-#else  /* !(INT_MAX >= 0x7ffffff) */
-#define KRB4_32 long
-#endif /* !(INT_MAX >= 0x7ffffff) */
-#else  /* !defined(__STDC__) */
-#define KRB4_32 long		/* worst case */
-#endif /* !defined(__STDC__) */
-#endif /* !defined(SIZEOF_INT) */
-#endif /* !defined(KRB4_32) */
-
-/* Key schedule */
-/* Ick.  We need this in here unfortunately... */
-#ifndef DES_INT32
-#define DES_INT32 KRB4_32
-#endif
-
-/*
- *
- * NOTE WELL:
- *
- * This section must be kept in sync with lib/crypto/des/des_int.h,
- * until we get around to actually combining them at the source level.
- * We can't right now, because both the Mac and Windows platforms are
- * using their own versions of krb4 des.h, and that's the one that
- * would have to have the definitions because we install it under UNIX.
- *
- */
-#ifndef KRB5INT_DES_TYPES_DEFINED
-#define KRB5INT_DES_TYPES_DEFINED
-typedef unsigned char des_cblock[8];	/* crypto-block size */
-typedef struct des_ks_struct {  DES_INT32 _[2]; } des_key_schedule[16];
-#endif
-/* end sync */
-
 #define DES_KEY_SZ 	(sizeof(des_cblock))
 #define DES_ENCRYPT	1
 #define DES_DECRYPT	0
@@ -119,7 +144,6 @@ typedef struct des_ks_struct bit_64;
 
 #define des_cblock_print(x) des_cblock_print_file(x, stdout)
 
-
 /*
  * Function Prototypes
  */
@@ -132,25 +156,24 @@ des_pcbc_encrypt (C_Block *in, C_Block *out, long length,
 		  int enc);
 
 unsigned long KRB5_CALLCONV
-des_quad_cksum (const unsigned char *in, unsigned KRB4_32 *out,
+des_quad_cksum (const unsigned char *in, unsigned DES_INT32 *out,
 		long length, int out_count, C_Block *seed);
-
+/*
+ * XXX ABI change: used to return void; also, cns/kfm have signed long
+ * instead of unsigned long length.
+ */
+unsigned long KRB5_CALLCONV
+des_cbc_cksum(const des_cblock *, des_cblock *, unsigned long,
+	      const des_key_schedule, const des_cblock *);
 int KRB5_CALLCONV des_string_to_key (const char *, C_Block);
 
-/* new */
-#ifdef KRB5_GENERAL__
-/* Why are we using krb5 types as part of this API?  */
-void KRB5_CALLCONV
-des_cbc_cksum(const krb5_octet *, krb5_octet *, unsigned long,
-	      const des_key_schedule, const krb5_octet *);
-int des_cbc_encrypt(krb5_octet *, krb5_octet *, unsigned long,
-		    const des_key_schedule, const krb5_octet *, int);
-krb5_error_code des_read_password(des_cblock *, char *, int);
-#endif
-/* The unsigned long pointers are indicative of the desired alignment;
-   the values there aren't really treated as long values.  */
-int KRB5_CALLCONV des_ecb_encrypt(unsigned long *, unsigned long *,
-					      const des_key_schedule, int);
+/* XXX ABI change: used to return krb5_error_code */
+int KRB5_CALLCONV des_read_password(des_cblock *, char *, int);
+int KRB5_CALLCONV des_ecb_encrypt(des_cblock *, des_cblock *,
+				  const des_key_schedule, int);
+/* XXX kfm/cns have signed long length */
+int des_cbc_encrypt(des_cblock *, des_cblock *, unsigned long,
+		    const des_key_schedule, const des_cblock *, int);
 void des_fixup_key_parity(des_cblock);
 int des_check_key_parity(des_cblock);
 int KRB5_CALLCONV des_new_random_key(des_cblock);
@@ -159,4 +182,51 @@ int des_random_key(des_cblock *);
 int des_is_weak_key(des_cblock);
 void des_cblock_print_file(des_cblock *, FILE *fp);
 
+#if TARGET_OS_MAC
+
+/*
+ * Stuff ported from KfM follows...
+ */
+
+void afs_string_to_key(char *, char *, des_cblock);
+
+/*
+ * AFS string2key support; they should be considered internal, but KfM
+ * exposes them.
+ */
+char *des_crypt(const char *, const char *);
+char *des_fcrypt(const char *, const char *, char *);
+int des_set_key(des_cblock *, des_key_schedule);
+
+/*
+ * internal used by des_read_password, but kfm exposes it
+ */
+int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int);
+
+void des_3cbc_encrypt(des_cblock *, des_cblock *, long, des_key_schedule, des_key_schedule, des_key_schedule, des_cblock *, int);
+void des_3ecb_encrypt(des_cblock *, des_cblock *, des_key_schedule, des_key_schedule, des_key_schedule, int);
+
+/*
+ * Should be internal to crypto/des/f_sched.c, but KfM exposes it.
+ */
+int make_key_sched(des_cblock *, des_key_schedule);
+
+/*
+ * XXX need to implement the following three:
+ */
+void des_generate_random_block(des_cblock);
+void des_set_random_generator_seed(des_cblock);
+void des_set_sequence_number(des_cblock);
+
+#endif /* TARGET_OS_MAC */
+
+#if TARGET_OS_MAC
+    #if defined(__MWERKS__)
+        #pragma enumsalwaysint reset
+        #pragma import reset
+    #endif
+	#pragma options align=reset
+#endif
+
+#endif /* KRB5INT_CRYPTO_DES_INT */
 #endif	/* DES_DEFS */
diff --git a/src/include/kerberosIV/krb.h b/src/include/kerberosIV/krb.h
index 8e22835c1..30376bcfd 100644
--- a/src/include/kerberosIV/krb.h
+++ b/src/include/kerberosIV/krb.h
@@ -33,6 +33,10 @@
 /* Need some defs from des.h	 */
 #include <kerberosIV/des.h>
 
+#define KRB4_32		DES_INT32
+#define KRB_INT32	DES_INT32
+#define KRB_UINT32	DES_UINT32
+
 #ifdef _WINDOWS
 #include <time.h>
 #endif /* _WINDOWS */
@@ -41,22 +45,10 @@
 #define		MAX_KRB_ERRORS	256
 extern const char *const krb_err_txt[MAX_KRB_ERRORS];
 
-/* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */
-#if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)
-#define FD_ZERO(p)  ((p)->fds_bits[0] = 0)
-#define FD_SET(n, p)   ((p)->fds_bits[0] |= (1 << (n)))
-#define FD_ISSET(n, p)   ((p)->fds_bits[0] & (1 << (n)))
-#endif /* ULTRIX022 || SunOS */
-
 /* General definitions */
 #define		KSUCCESS	0
 #define		KFAILURE	255
 
-#ifdef NO_UIDGID_T
-typedef unsigned short uid_t;
-typedef unsigned short gid_t;
-#endif /* NO_UIDGID_T */
-
 /*
  * Kerberos specific definitions 
  *
@@ -92,7 +84,7 @@ typedef unsigned short gid_t;
 #define		MAX_HSTNM	100
 
 #ifndef DEFAULT_TKT_LIFE		/* allow compile-time override */
-#define DEFAULT_TKT_LIFE	255	/* default lifetime for krb_mk_req */
+#define DEFAULT_TKT_LIFE	120	/* default lifetime for krb_mk_req */
 #endif
 
 /* Definition of text structure used to pass text around */
@@ -160,6 +152,10 @@ struct credentials {
     KRB4_32 issue_date;		/* The issue time */
     char    pname[ANAME_SZ];	/* Principal's name */
     char    pinst[INST_SZ];	/* Principal's instance */
+#if TARGET_OS_MAC
+    KRB_UINT32 address;			/* Address in ticket */
+    KRB_UINT32 stk_type;		/* string_to_key function needed */
+#endif
 };
 
 typedef struct credentials CREDENTIALS;
@@ -186,88 +182,89 @@ typedef struct msg_dat MSG_DAT;
 #define TKT_ROOT        "/tmp/tkt"
 #endif /* PC */
 
-/* Error codes returned from the KDC */
-#define		KDC_OK		0	/* Request OK */
-#define		KDC_NAME_EXP	1	/* Principal expired */
-#define		KDC_SERVICE_EXP	2	/* Service expired */
-#define		KDC_AUTH_EXP	3	/* Auth expired */
-#define		KDC_PKT_VER	4	/* Protocol version unknown */
-#define		KDC_P_MKEY_VER	5	/* Wrong master key version */
-#define		KDC_S_MKEY_VER 	6	/* Wrong master key version */
-#define		KDC_BYTE_ORDER	7	/* Byte order unknown */
-#define		KDC_PR_UNKNOWN	8	/* Principal unknown */
-#define		KDC_PR_N_UNIQUE 9	/* Principal not unique */
-#define		KDC_NULL_KEY   10	/* Principal has null key */
-#define		KDC_GEN_ERR    20	/* Generic error from KDC */
+#include "kerberosIV/krb_err.h"		/* XXX FIXME! */
+#define KRB_ET(x)	((KRBET_ ## x) - ERROR_TABLE_BASE_krb)
 
+/* Error codes returned from the KDC */
+#define	KDC_OK		KRB_ET(KSUCCESS)	/*  0 - Request OK */
+#define	KDC_NAME_EXP	KRB_ET(KDC_NAME_EXP)	/*  1 - Principal expired */
+#define	KDC_SERVICE_EXP	KRB_ET(KDC_SERVICE_EXP)	/*  2 - Service expired */
+#define	KDC_AUTH_EXP	KRB_ET(KDC_AUTH_EXP)	/*  3 - Auth expired */
+#define	KDC_PKT_VER	KRB_ET(KDC_PKT_VER)	/*  4 - Prot version unknown */
+#define	KDC_P_MKEY_VER	KRB_ET(KDC_P_MKEY_VER)	/*  5 - Wrong mkey version */
+#define	KDC_S_MKEY_VER 	KRB_ET(KDC_S_MKEY_VER)	/*  6 - Wrong mkey version */
+#define	KDC_BYTE_ORDER	KRB_ET(KDC_BYTE_ORDER)	/*  7 - Byte order unknown */
+#define	KDC_PR_UNKNOWN	KRB_ET(KDC_PR_UNKNOWN)	/*  8 - Princ unknown */
+#define	KDC_PR_N_UNIQUE KRB_ET(KDC_PR_N_UNIQUE)	/*  9 - Princ not unique */
+#define	KDC_NULL_KEY	KRB_ET(KDC_NULL_KEY)	/* 10 - Princ has null key */
+#define	KDC_GEN_ERR	KRB_ET(KDC_GEN_ERR)	/* 20 - Generic err frm KDC */
 
 /* Values returned by get_credentials */
-#define		GC_OK		0	/* Retrieve OK */
-#define		RET_OK		0	/* Retrieve OK */
-#define		GC_TKFIL       21	/* Can't read ticket file */
-#define		RET_TKFIL      21	/* Can't read ticket file */
-#define		GC_NOTKT       22	/* Can't find ticket or TGT */
-#define		RET_NOTKT      22	/* Can't find ticket or TGT */
-
+#define	GC_OK		KRB_ET(KSUCCESS)	/*  0 - Retrieve OK */
+#define	RET_OK		KRB_ET(KSUCCESS)	/*  0 - Retrieve OK */
+#define	GC_TKFIL	KRB_ET(GC_TKFIL)	/* 21 - Can't rd tkt file */
+#define	RET_TKFIL	KRB_ET(GC_TKFIL)	/* 21 - Can't rd tkt file */
+#define	GC_NOTKT	KRB_ET(GC_NOTKT)	/* 22 - Can't find tkt|TGT */
+#define	RET_NOTKT	KRB_ET(GC_NOTKT)	/* 22 - Can't find tkt|TGT */
 
 /* Values returned by mk_ap_req	 */
-#define		MK_AP_OK	0	/* Success */
-#define		MK_AP_TGTEXP   26	/* TGT Expired */
+#define	MK_AP_OK	KRB_ET(KSUCCESS)	/*  0 - Success */
+#define	MK_AP_TGTEXP	KRB_ET(MK_AP_TGTEXP)	/* 26 - TGT Expired */
 
 /* Values returned by rd_ap_req */
-#define		RD_AP_OK	0	/* Request authentic */
-#define		RD_AP_UNDEC    31	/* Can't decode authenticator */
-#define		RD_AP_EXP      32	/* Ticket expired */
-#define		RD_AP_NYV      33	/* Ticket not yet valid */
-#define		RD_AP_REPEAT   34	/* Repeated request */
-#define		RD_AP_NOT_US   35	/* The ticket isn't for us */
-#define		RD_AP_INCON    36	/* Request is inconsistent */
-#define		RD_AP_TIME     37	/* delta_t too big */
-#define		RD_AP_BADD     38	/* Incorrect net address */
-#define		RD_AP_VERSION  39	/* protocol version mismatch */
-#define		RD_AP_MSG_TYPE 40	/* invalid msg type */
-#define		RD_AP_MODIFIED 41	/* message stream modified */
-#define		RD_AP_ORDER    42	/* message out of order */
-#define		RD_AP_UNAUTHOR 43	/* unauthorized request */
+#define	RD_AP_OK	KRB_ET(KSUCCESS)	/*  0 - Request authentic */
+#define	RD_AP_UNDEC	KRB_ET(RD_AP_UNDEC)	/* 31 - Can't decode authent */
+#define	RD_AP_EXP	KRB_ET(RD_AP_EXP)	/* 32 - Ticket expired */
+#define	RD_AP_NYV	KRB_ET(RD_AP_NYV)	/* 33 - Ticket not yet valid */
+#define	RD_AP_REPEAT	KRB_ET(RD_AP_REPEAT)	/* 34 - Repeated request */
+#define	RD_AP_NOT_US	KRB_ET(RD_AP_NOT_US)	/* 35 - Ticket isn't for us */
+#define	RD_AP_INCON	KRB_ET(RD_AP_INCON)	/* 36 - Request inconsistent */
+#define	RD_AP_TIME	KRB_ET(RD_AP_TIME)	/* 37 - delta_t too big */
+#define	RD_AP_BADD	KRB_ET(RD_AP_BADD)	/* 38 - Incorrect net addr */
+#define	RD_AP_VERSION	KRB_ET(RD_AP_VERSION)	/* 39 - prot vers mismatch */
+#define	RD_AP_MSG_TYPE	KRB_ET(RD_AP_MSG_TYPE)	/* 40 - invalid msg type */
+#define	RD_AP_MODIFIED	KRB_ET(RD_AP_MODIFIED)	/* 41 - msg stream modified */
+#define	RD_AP_ORDER	KRB_ET(RD_AP_ORDER)	/* 42 - message out of order */
+#define	RD_AP_UNAUTHOR	KRB_ET(RD_AP_UNAUTHOR)	/* 43 - unauthorized request */
 
 /* Values returned by get_pw_tkt */
-#define		GT_PW_OK	0	/* Got password changing tkt */
-#define		GT_PW_NULL     51	/* Current PW is null */
-#define		GT_PW_BADPW    52	/* Incorrect current password */
-#define		GT_PW_PROT     53	/* Protocol Error */
-#define		GT_PW_KDCERR   54	/* Error returned by KDC */
-#define		GT_PW_NULLTKT  55	/* Null tkt returned by KDC */
-
+#define	GT_PW_OK	KRB_ET(KSUCCESS)	/*  0 - Got passwd chg tkt */
+#define	GT_PW_NULL	KRB_ET(GT_PW_NULL)	/* 51 - Current PW is null */
+#define	GT_PW_BADPW	KRB_ET(GT_PW_BADPW)	/* 52 - Wrong passwd */
+#define	GT_PW_PROT	KRB_ET(GT_PW_PROT)	/* 53 - Protocol Error */
+#define	GT_PW_KDCERR	KRB_ET(GT_PW_KDCERR)	/* 54 - Error ret by KDC */
+#define	GT_PW_NULLTKT	KRB_ET(GT_PW_NULLTKT)	/* 55 - Null tkt ret by KDC */
 
 /* Values returned by send_to_kdc */
-#define		SKDC_OK		0	/* Response received */
-#define		SKDC_RETRY     56	/* Retry count exceeded */
-#define		SKDC_CANT      57	/* Can't send request */
+#define	SKDC_OK		KRB_ET(KSUCCESS)	/*  0 - Response received */
+#define	SKDC_RETRY	KRB_ET(SKDC_RETRY)	/* 56 - Retry count exceeded */
+#define	SKDC_CANT	KRB_ET(SKDC_CANT)	/* 57 - Can't send request */
 
 /*
  * Values returned by get_intkt
  * (can also return SKDC_* and KDC errors)
  */
 
-#define		INTK_OK		0	/* Ticket obtained */
-#define		INTK_W_NOTALL  61	/* Not ALL tickets returned */
-#define		INTK_BADPW     62	/* Incorrect password */
-#define		INTK_PROT      63	/* Protocol Error */
-#define		INTK_ERR       70	/* Other error */
+#define	INTK_OK		KRB_ET(KSUCCESS)	/*  0 - Ticket obtained */
+#define	INTK_PW_NULL	KRB_ET(GT_PW_NULL)	/* 51 - Current PW is null */
+#define	INTK_W_NOTALL	KRB_ET(INTK_W_NOTALL)	/* 61 - Not ALL tkts retd */
+#define	INTK_BADPW	KRB_ET(INTK_BADPW)	/* 62 - Incorrect password */
+#define	INTK_PROT	KRB_ET(INTK_PROT)	/* 63 - Protocol Error */
+#define	INTK_ERR	KRB_ET(INTK_ERR)	/* 70 - Other error */
 
 /* Values returned by get_adtkt */
-#define         AD_OK           0	/* Ticket Obtained */
-#define         AD_NOTGT       71	/* Don't have tgt */
+#define AD_OK		KRB_ET(KSUCCESS)	/*  0 - Ticket Obtained */
+#define AD_NOTGT	KRB_ET(AD_NOTGT)	/* 71 - Don't have tgt */
 
 /* Error codes returned by ticket file utilities */
-#define		NO_TKT_FIL	76	/* No ticket file found */
-#define		TKT_FIL_ACC	77	/* Couldn't access tkt file */
-#define		TKT_FIL_LCK	78	/* Couldn't lock ticket file */
-#define		TKT_FIL_FMT	79	/* Bad ticket file format */
-#define		TKT_FIL_INI	80	/* tf_init not called first */
+#define	NO_TKT_FIL	KRB_ET(NO_TKT_FIL)	/* 76 - No ticket file found */
+#define	TKT_FIL_ACC	KRB_ET(TKT_FIL_ACC)	/* 77 - Can't acc tktfile */
+#define	TKT_FIL_LCK	KRB_ET(TKT_FIL_LCK)	/* 78 - Can't lck tkt file */
+#define	TKT_FIL_FMT	KRB_ET(TKT_FIL_FMT)	/* 79 - Bad tkt file format */
+#define	TKT_FIL_INI	KRB_ET(TKT_FIL_INI)	/* 80 - tf_init not called */
 
 /* Error code returned by kparse_name */
-#define		KNAME_FMT	81	/* Bad Kerberos name format */
+#define	KNAME_FMT	KRB_ET(KNAME_FMT)	/* 81 - Bad krb name fmt */
 
 /* Error code returned by krb_mk_safe */
 #define		SAFE_PRIV_ERROR	-1	/* syscall error */
@@ -648,6 +645,24 @@ extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key);
 
 #endif
 
+#if TARGET_OS_MAC
+/* The following functions are not part of the standard Kerberos v4 API. 
+ * They were created for Mac implementation, and used by admin tools 
+ * such as CNS-Config. */
+extern int KRB5_CALLCONV
+krb_get_num_cred(void);
+
+extern int INTERFACE
+krb_get_nth_cred(char *, char *, char *, int);
+
+extern int INTERFACE
+krb_delete_cred(char *, char *,char *);
+
+extern int INTERFACE
+dest_all_tkts(void);
+
+#endif /* TARGET_OS_MAC */
+
 #ifdef _WINDOWS
 HINSTANCE get_lib_instance(void);
 unsigned int krb_get_notification_message(void);