* krb5.hin: Add constants and prototypes for the Cygnus password

changing API. Add krb5_cc_copy_creds. Add support for Cygnus initial credentials API. * k5-int.h: Add additional preauth types. Add additional parameter to krb5_sendto_kdc for designating whether to use the master. Add functions to support Cygnus initial credentials API. Add prototypes for sam functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10318 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 1997-12-06 07:58:22 +0000
committer: Tom Yu <tlyu@mit.edu> 1997-12-06 07:58:22 +0000
commit: 4185cec91422e9daabc0bc0a1eca6955889a021b (patch)
tree: 7d583b6e37808b03f22b4715729201ab8b690c8b /src
parent: 1c19e9f07aacf52c9775e0613cccca650b3268df (diff)
download: krb5-4185cec91422e9daabc0bc0a1eca6955889a021b.tar.gz
krb5-4185cec91422e9daabc0bc0a1eca6955889a021b.tar.xz
krb5-4185cec91422e9daabc0bc0a1eca6955889a021b.zip
3 files changed, 273 insertions, 2 deletions
diff --git a/src/include/ChangeLog b/src/include/ChangeLog
index 7853a60d0..6ba9ccfa3 100644
--- a/src/include/ChangeLog
+++ b/src/include/ChangeLog
@@ -1,3 +1,14 @@
+Sat Dec  6 02:20:11 1997  Tom Yu  <tlyu@mit.edu>
+
+	* krb5.hin: Add constants and prototypes for the Cygnus password
+	changing API.  Add krb5_cc_copy_creds.  Add support for Cygnus
+	initial credentials API.
+
+	* k5-int.h: Add additional preauth types.  Add additional
+	parameter to krb5_sendto_kdc for designating whether to use the
+	master.  Add functions to support Cygnus initial credentials API.
+	Add prototypes for sam functions.
+
 Tue Sep 30 18:56:05 1997  Tom Yu  <tlyu@mit.edu>
 
 	* win-mac.h: Replace HAS_STDLIB_H with something more sane.
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 7ce040901..ab30d14fd 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -298,7 +298,12 @@ typedef krb5_etype_info_entry ** krb5_etype_info;
 #define PA_SAM_TYPE_SKEY_K0    3   /*  S/key where  KDC has key 0 */
 #define PA_SAM_TYPE_SKEY       4   /*  Traditional S/Key */
 #define PA_SAM_TYPE_SECURID    5   /*  Security Dynamics */
-#define PA_SAM_TYPE_GRAIL    128 /* experimental */
+#define PA_SAM_TYPE_ACTIVCARD_DEC  6   /*  ActivCard decimal mode */
+#define PA_SAM_TYPE_ACTIVCARD_HEX  7   /*  ActivCard hex mode */
+#define PA_SAM_TYPE_DIGI_PATH_HEX  8   /*  Digital Pathways hex mode */
+#define PA_SAM_TYPE_EXP_BASE    128 /* experimental */
+#define PA_SAM_TYPE_GRAIL		(PA_SAM_TYPE_EXP_BASE+0) /* testing */
+#define PA_SAM_TYPE_SECURID_PREDICT	(PA_SAM_TYPE_EXP_BASE+1) /* special */
 
 typedef struct _krb5_predicted_sam_response {
 	krb5_magic	magic;
@@ -452,7 +457,8 @@ krb5_error_code krb5_sendto_kdc
 	KRB5_PROTOTYPE((krb5_context,
 		const krb5_data *,
 		const krb5_data *,
-		krb5_data * ));
+		krb5_data *,
+		int *));
 krb5_error_code krb5_get_krbhst
 	KRB5_PROTOTYPE((krb5_context,
 		const krb5_data *,
@@ -761,6 +767,41 @@ void krb5_free_etype_info
  * End "preauth.h"
  */
 
+
+typedef krb5_error_code (*krb5_gic_get_as_key_fct)
+    KRB5_NPROTOTYPE((krb5_context,
+		     krb5_principal,
+		     krb5_enctype,
+		     krb5_prompter_fct,
+		     void *prompter_data,
+		     krb5_data *salt,
+		     krb5_keyblock *as_key,
+		     void *gak_data));
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds
+KRB5_PROTOTYPE((krb5_context context,
+		krb5_creds *creds,
+		krb5_principal client,
+		krb5_prompter_fct prompter,
+		void *prompter_data,
+		krb5_deltat start_time,
+		char *in_tkt_service,
+		krb5_get_init_creds_opt *options,
+		krb5_gic_get_as_key_fct gak,
+		void *gak_data,
+		int *master,
+		krb5_kdc_rep **as_reply));
+
+
+krb5_error_code krb5_do_preauth
+KRB5_PROTOTYPE((krb5_context, krb5_kdc_req *,
+		krb5_pa_data **, krb5_pa_data ***,
+		krb5_data *, krb5_keyblock *,
+		krb5_prompter_fct, void *,
+		krb5_gic_get_as_key_fct, void *));
+
+
 /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
 #include "profile.h"
 
@@ -984,15 +1025,49 @@ krb5_error_code encode_krb5_sam_response
 krb5_error_code encode_krb5_predicted_sam_response
 	KRB5_PROTOTYPE((const krb5_predicted_sam_response * , krb5_data **));
 
+krb5_error_code encode_krb5_sam_challenge
+       KRB5_PROTOTYPE((const krb5_sam_challenge * , krb5_data **));
+
+krb5_error_code encode_krb5_sam_key
+       KRB5_PROTOTYPE((const krb5_sam_key * , krb5_data **));
+
+krb5_error_code encode_krb5_enc_sam_response_enc
+       KRB5_PROTOTYPE((const krb5_enc_sam_response_enc * , krb5_data **));
+
+krb5_error_code encode_krb5_sam_response
+       KRB5_PROTOTYPE((const krb5_sam_response * , krb5_data **));
+
+krb5_error_code encode_krb5_predicted_sam_response
+       KRB5_PROTOTYPE((const krb5_predicted_sam_response * , krb5_data **));
+
 /*************************************************************************
  * End of prototypes for krb5_encode.c
  *************************************************************************/
 
+krb5_error_code decode_krb5_sam_challenge
+       KRB5_PROTOTYPE((const krb5_data *, krb5_sam_challenge **));
+
+krb5_error_code decode_krb5_sam_key
+       KRB5_PROTOTYPE((const krb5_data *, krb5_sam_key **));
+
+krb5_error_code decode_krb5_enc_sam_response_enc
+       KRB5_PROTOTYPE((const krb5_data *, krb5_enc_sam_response_enc **));
+
+krb5_error_code decode_krb5_sam_response
+       KRB5_PROTOTYPE((const krb5_data *, krb5_sam_response **));
+
+krb5_error_code decode_krb5_predicted_sam_response
+       KRB5_PROTOTYPE((const krb5_data *, krb5_predicted_sam_response **));
+
 
 /*************************************************************************
  * Prototypes for krb5_decode.c
  *************************************************************************/
 
+krb5_error_code krb5_validate_times
+       KRB5_PROTOTYPE((krb5_context, 
+		       krb5_ticket_times *));
+
 /*
    krb5_error_code decode_krb5_structure(const krb5_data *code,
                                          krb5_structure **rep);
diff --git a/src/include/krb5.hin b/src/include/krb5.hin
index 884281b50..0e58be1be 100644
--- a/src/include/krb5.hin
+++ b/src/include/krb5.hin
@@ -663,6 +663,14 @@ krb5_error_code krb5_decrypt_data
 #define	KRB5_AUTHDATA_OSF_DCE	64
 #define KRB5_AUTHDATA_SESAME	65
 
+/* password change constants */
+
+#define KRB5_KPASSWD_SUCCESS		0
+#define KRB5_KPASSWD_MALFORMED		1
+#define KRB5_KPASSWD_HARDERROR		2
+#define KRB5_KPASSWD_AUTHERROR		3
+#define KRB5_KPASSWD_SOFTERROR		4
+
 /*
  * end "proto.h"
  */
@@ -1478,6 +1486,17 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_524_conv_principal
 	KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_principal princ, 
 		char FAR *name, char FAR *inst, char FAR *realm));
 
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_mk_chpw_req
+	KRB5_PROTOTYPE((krb5_context context, krb5_auth_context auth_context,
+ 			krb5_data *ap_req, char *passwd, krb5_data *packet));
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_rd_chpw_rep
+	KRB5_PROTOTYPE((krb5_context context, krb5_auth_context auth_context,
+		       krb5_data *packet, int *result_code,
+		       krb5_data *result_data));
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string
+	KRB5_PROTOTYPE((krb5_context context, int result_code,
+			char **result_codestr));
+
 /* libkt.spec */
 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_kt_register
 	KRB5_PROTOTYPE((krb5_context,
@@ -1528,6 +1547,12 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_default
 KRB5_DLLIMP unsigned int KRB5_CALLCONV krb5_get_notification_message
 	KRB5_PROTOTYPE((void));
 
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds
+	KRB5_PROTOTYPE((krb5_context context,
+			krb5_ccache incc,
+			krb5_ccache outcc));
+
+
 /* chk_trans.c */
 krb5_error_code krb5_check_transited_list
 	KRB5_PROTOTYPE((krb5_context,
@@ -1632,6 +1657,11 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_sname_to_principal
 		   krb5_const char FAR *,
 		   krb5_int32,
 		   krb5_principal FAR *));
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_change_password
+	KRB5_PROTOTYPE((krb5_context context, krb5_creds *creds, char *newpw,
+			int *result_code, krb5_data *result_code_string,
+			krb5_data *result_string));
 
 krb5_error_code krb5_set_config_files
 	KRB5_PROTOTYPE ((krb5_context, krb5_const char FAR * FAR *));
@@ -2037,5 +2067,160 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_deltat_to_string
 /* flags for recvauth */
 #define KRB5_RECVAUTH_SKIP_VERSION	0x0001
 #define KRB5_RECVAUTH_BADAUTHVERS	0x0002
+/* initial ticket api functions */
+
+typedef struct _krb5_prompt {
+    char *prompt;
+    int hidden;
+    krb5_data *reply;
+} krb5_prompt;
+
+typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context,
+					     void *data,
+					     const char *banner,
+					     int num_prompts,
+					     krb5_prompt prompts[]);
+
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_prompter_posix
+KRB5_PROTOTYPE((krb5_context context,
+		void *data,
+		const char *banner,
+		int num_prompts,
+		krb5_prompt prompts[]));
+
+typedef struct _krb5_get_init_creds_opt {
+    krb5_flags flags;
+    krb5_deltat tkt_life;
+    krb5_deltat renew_life;
+    int forwardable;
+    int proxiable;
+    krb5_enctype *etype_list;
+    int etype_list_length;
+    krb5_address **address_list;
+    krb5_preauthtype *preauth_list;
+    int preauth_list_length;
+    krb5_data *salt;
+} krb5_get_init_creds_opt;
+
+#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE	0x0001
+#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE	0x0002
+#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE	0x0004
+#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE	0x0008
+#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST	0x0010
+#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST	0x0020
+#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST	0x0040
+#define KRB5_GET_INIT_CREDS_OPT_SALT		0x0080
+
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_get_init_creds_opt_init
+KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt));
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_tkt_life
+KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt,
+		krb5_deltat tkt_life));
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_renew_life
+KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt,
+		krb5_deltat renew_life));
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_forwardable
+KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt,
+		int forwardable));
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_proxiable
+KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt,
+		int proxiable));
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_etype_list
+KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt,
+		krb5_enctype *etype_list,
+		int etype_list_length));
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_address_list
+KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt,
+		krb5_address **addresses));
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_preauth_list
+KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt,
+		krb5_preauthtype *preauth_list,
+		int preauth_list_length));
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_salt
+KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt,
+		krb5_data *salt));
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_password
+KRB5_PROTOTYPE((krb5_context context,
+		krb5_creds *creds,
+		krb5_principal client,
+		char *password,
+		krb5_prompter_fct prompter,
+		void *data,
+		krb5_deltat start_time,
+		char *in_tkt_service,
+		krb5_get_init_creds_opt *options));
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_keytab
+KRB5_PROTOTYPE((krb5_context context,
+		krb5_creds *creds,
+		krb5_principal client,
+		krb5_keytab arg_keytab,
+		krb5_deltat start_time,
+		char *in_tkt_service,
+		krb5_get_init_creds_opt *options));
+
+typedef struct _krb5_verify_init_creds_opt {
+    krb5_flags flags;
+    int ap_req_nofail;
+} krb5_verify_init_creds_opt;
+
+#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
+
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_verify_init_creds_opt_init
+KRB5_PROTOTYPE((krb5_verify_init_creds_opt *options));
+KRB5_DLLIMP void KRB5_CALLCONV
+krb5_verify_init_creds_opt_set_ap_req_nofail
+KRB5_PROTOTYPE((krb5_verify_init_creds_opt *options,
+		int ap_req_nofail));
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_verify_init_creds
+KRB5_PROTOTYPE((krb5_context context,
+		krb5_creds *creds,
+		krb5_principal ap_req_server,
+		krb5_keytab ap_req_keytab,
+		krb5_ccache *ccache,
+		krb5_verify_init_creds_opt *options));
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_get_validated_creds
+KRB5_PROTOTYPE((krb5_context context,
+		krb5_creds *creds,
+		krb5_principal client,
+		krb5_ccache ccache,
+		char *in_tkt_service));
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_get_renewed_creds
+KRB5_PROTOTYPE((krb5_context context,
+		krb5_creds *creds,
+		krb5_principal client,
+		krb5_ccache ccache,
+		char *in_tkt_service));
+
 
 #endif /* KRB5_GENERAL__ */
author	Tom Yu <tlyu@mit.edu>	1997-12-06 07:58:22 +0000
committer	Tom Yu <tlyu@mit.edu>	1997-12-06 07:58:22 +0000
commit	4185cec91422e9daabc0bc0a1eca6955889a021b (patch)
tree	7d583b6e37808b03f22b4715729201ab8b690c8b /src
parent	1c19e9f07aacf52c9775e0613cccca650b3268df (diff)
download	krb5-4185cec91422e9daabc0bc0a1eca6955889a021b.tar.gz krb5-4185cec91422e9daabc0bc0a1eca6955889a021b.tar.xz krb5-4185cec91422e9daabc0bc0a1eca6955889a021b.zip