| 1 | /* $NetBSD: krb5.h,v 1.2 2017/01/28 21:31:49 christos Exp $ */ |
|---|---|
| 2 | |
| 3 | /* |
| 4 | * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan |
| 5 | * (Royal Institute of Technology, Stockholm, Sweden). |
| 6 | * All rights reserved. |
| 7 | * |
| 8 | * Portions Copyright (c) 2009 Apple Inc. All rights reserved. |
| 9 | * |
| 10 | * Redistribution and use in source and binary forms, with or without |
| 11 | * modification, are permitted provided that the following conditions |
| 12 | * are met: |
| 13 | * |
| 14 | * 1. Redistributions of source code must retain the above copyright |
| 15 | * notice, this list of conditions and the following disclaimer. |
| 16 | * |
| 17 | * 2. Redistributions in binary form must reproduce the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer in the |
| 19 | * documentation and/or other materials provided with the distribution. |
| 20 | * |
| 21 | * 3. Neither the name of the Institute nor the names of its contributors |
| 22 | * may be used to endorse or promote products derived from this software |
| 23 | * without specific prior written permission. |
| 24 | * |
| 25 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND |
| 26 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 27 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 28 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE |
| 29 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 30 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 31 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 32 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 33 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 34 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 35 | * SUCH DAMAGE. |
| 36 | */ |
| 37 | |
| 38 | /* Id */ |
| 39 | |
| 40 | #ifndef __KRB5_H__ |
| 41 | #define __KRB5_H__ |
| 42 | |
| 43 | #include <time.h> |
| 44 | #include <krb5/krb5-types.h> |
| 45 | |
| 46 | #include <krb5/asn1_err.h> |
| 47 | #include <krb5/krb5_err.h> |
| 48 | #include <krb5/heim_err.h> |
| 49 | #include <krb5/k524_err.h> |
| 50 | |
| 51 | #include <krb5/krb5_asn1.h> |
| 52 | |
| 53 | /* name confusion with MIT */ |
| 54 | #ifndef KRB5KDC_ERR_KEY_EXP |
| 55 | #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED |
| 56 | #endif |
| 57 | |
| 58 | #ifdef _WIN32 |
| 59 | #define KRB5_CALLCONV __stdcall |
| 60 | #else |
| 61 | #define KRB5_CALLCONV |
| 62 | #endif |
| 63 | |
| 64 | /* simple constants */ |
| 65 | |
| 66 | #ifndef TRUE |
| 67 | #define TRUE 1 |
| 68 | #define FALSE 0 |
| 69 | #endif |
| 70 | |
| 71 | typedef int krb5_boolean; |
| 72 | |
| 73 | typedef int32_t krb5_error_code; |
| 74 | |
| 75 | typedef int32_t krb5_kvno; |
| 76 | |
| 77 | typedef uint32_t krb5_flags; |
| 78 | |
| 79 | typedef void *krb5_pointer; |
| 80 | typedef const void *krb5_const_pointer; |
| 81 | |
| 82 | struct krb5_crypto_data; |
| 83 | typedef struct krb5_crypto_data *krb5_crypto; |
| 84 | |
| 85 | struct krb5_get_creds_opt_data; |
| 86 | typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt; |
| 87 | |
| 88 | struct krb5_digest_data; |
| 89 | typedef struct krb5_digest_data *krb5_digest; |
| 90 | struct krb5_ntlm_data; |
| 91 | typedef struct krb5_ntlm_data *krb5_ntlm; |
| 92 | |
| 93 | struct krb5_pac_data; |
| 94 | typedef struct krb5_pac_data *krb5_pac; |
| 95 | |
| 96 | typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx; |
| 97 | typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx; |
| 98 | |
| 99 | typedef CKSUMTYPE krb5_cksumtype; |
| 100 | |
| 101 | typedef Checksum krb5_checksum; |
| 102 | |
| 103 | typedef ENCTYPE krb5_enctype; |
| 104 | |
| 105 | typedef struct krb5_get_init_creds_ctx *krb5_init_creds_context; |
| 106 | |
| 107 | typedef heim_octet_string krb5_data; |
| 108 | |
| 109 | /* PKINIT related forward declarations */ |
| 110 | struct ContentInfo; |
| 111 | struct krb5_pk_identity; |
| 112 | struct krb5_pk_cert; |
| 113 | |
| 114 | /* krb5_enc_data is a mit compat structure */ |
| 115 | typedef struct krb5_enc_data { |
| 116 | krb5_enctype enctype; |
| 117 | krb5_kvno kvno; |
| 118 | krb5_data ciphertext; |
| 119 | } krb5_enc_data; |
| 120 | |
| 121 | /* alternative names */ |
| 122 | enum { |
| 123 | ENCTYPE_NULL = KRB5_ENCTYPE_NULL, |
| 124 | ENCTYPE_DES_CBC_CRC = KRB5_ENCTYPE_DES_CBC_CRC, |
| 125 | ENCTYPE_DES_CBC_MD4 = KRB5_ENCTYPE_DES_CBC_MD4, |
| 126 | ENCTYPE_DES_CBC_MD5 = KRB5_ENCTYPE_DES_CBC_MD5, |
| 127 | ENCTYPE_DES3_CBC_MD5 = KRB5_ENCTYPE_DES3_CBC_MD5, |
| 128 | ENCTYPE_OLD_DES3_CBC_SHA1 = KRB5_ENCTYPE_OLD_DES3_CBC_SHA1, |
| 129 | ENCTYPE_SIGN_DSA_GENERATE = KRB5_ENCTYPE_SIGN_DSA_GENERATE, |
| 130 | ENCTYPE_ENCRYPT_RSA_PRIV = KRB5_ENCTYPE_ENCRYPT_RSA_PRIV, |
| 131 | ENCTYPE_ENCRYPT_RSA_PUB = KRB5_ENCTYPE_ENCRYPT_RSA_PUB, |
| 132 | ENCTYPE_DES3_CBC_SHA1 = KRB5_ENCTYPE_DES3_CBC_SHA1, |
| 133 | ENCTYPE_AES128_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96, |
| 134 | ENCTYPE_AES256_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, |
| 135 | ENCTYPE_ARCFOUR_HMAC = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, |
| 136 | ENCTYPE_ARCFOUR_HMAC_MD5 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, |
| 137 | ENCTYPE_ARCFOUR_HMAC_MD5_56 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56, |
| 138 | ENCTYPE_ENCTYPE_PK_CROSS = KRB5_ENCTYPE_ENCTYPE_PK_CROSS, |
| 139 | ENCTYPE_DES_CBC_NONE = KRB5_ENCTYPE_DES_CBC_NONE, |
| 140 | ENCTYPE_DES3_CBC_NONE = KRB5_ENCTYPE_DES3_CBC_NONE, |
| 141 | ENCTYPE_DES_CFB64_NONE = KRB5_ENCTYPE_DES_CFB64_NONE, |
| 142 | ENCTYPE_DES_PCBC_NONE = KRB5_ENCTYPE_DES_PCBC_NONE, |
| 143 | ETYPE_NULL = KRB5_ENCTYPE_NULL, |
| 144 | ETYPE_DES_CBC_CRC = KRB5_ENCTYPE_DES_CBC_CRC, |
| 145 | ETYPE_DES_CBC_MD4 = KRB5_ENCTYPE_DES_CBC_MD4, |
| 146 | ETYPE_DES_CBC_MD5 = KRB5_ENCTYPE_DES_CBC_MD5, |
| 147 | ETYPE_DES3_CBC_MD5 = KRB5_ENCTYPE_DES3_CBC_MD5, |
| 148 | ETYPE_OLD_DES3_CBC_SHA1 = KRB5_ENCTYPE_OLD_DES3_CBC_SHA1, |
| 149 | ETYPE_SIGN_DSA_GENERATE = KRB5_ENCTYPE_SIGN_DSA_GENERATE, |
| 150 | ETYPE_ENCRYPT_RSA_PRIV = KRB5_ENCTYPE_ENCRYPT_RSA_PRIV, |
| 151 | ETYPE_ENCRYPT_RSA_PUB = KRB5_ENCTYPE_ENCRYPT_RSA_PUB, |
| 152 | ETYPE_DES3_CBC_SHA1 = KRB5_ENCTYPE_DES3_CBC_SHA1, |
| 153 | ETYPE_AES128_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96, |
| 154 | ETYPE_AES256_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, |
| 155 | ETYPE_AES128_CTS_HMAC_SHA256_128 = KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, |
| 156 | ETYPE_AES256_CTS_HMAC_SHA384_192 = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192, |
| 157 | ETYPE_ARCFOUR_HMAC_MD5 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, |
| 158 | ETYPE_ARCFOUR_HMAC_MD5_56 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56, |
| 159 | ETYPE_ENCTYPE_PK_CROSS = KRB5_ENCTYPE_ENCTYPE_PK_CROSS, |
| 160 | ETYPE_ARCFOUR_MD4 = KRB5_ENCTYPE_ARCFOUR_MD4, |
| 161 | ETYPE_ARCFOUR_HMAC_OLD = KRB5_ENCTYPE_ARCFOUR_HMAC_OLD, |
| 162 | ETYPE_ARCFOUR_HMAC_OLD_EXP = KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP, |
| 163 | ETYPE_DES_CBC_NONE = KRB5_ENCTYPE_DES_CBC_NONE, |
| 164 | ETYPE_DES3_CBC_NONE = KRB5_ENCTYPE_DES3_CBC_NONE, |
| 165 | ETYPE_DES_CFB64_NONE = KRB5_ENCTYPE_DES_CFB64_NONE, |
| 166 | ETYPE_DES_PCBC_NONE = KRB5_ENCTYPE_DES_PCBC_NONE, |
| 167 | ETYPE_DIGEST_MD5_NONE = KRB5_ENCTYPE_DIGEST_MD5_NONE, |
| 168 | ETYPE_CRAM_MD5_NONE = KRB5_ENCTYPE_CRAM_MD5_NONE |
| 169 | |
| 170 | }; |
| 171 | |
| 172 | /* PDU types */ |
| 173 | typedef enum krb5_pdu { |
| 174 | KRB5_PDU_ERROR = 0, |
| 175 | KRB5_PDU_TICKET = 1, |
| 176 | KRB5_PDU_AS_REQUEST = 2, |
| 177 | KRB5_PDU_AS_REPLY = 3, |
| 178 | KRB5_PDU_TGS_REQUEST = 4, |
| 179 | KRB5_PDU_TGS_REPLY = 5, |
| 180 | KRB5_PDU_AP_REQUEST = 6, |
| 181 | KRB5_PDU_AP_REPLY = 7, |
| 182 | KRB5_PDU_KRB_SAFE = 8, |
| 183 | KRB5_PDU_KRB_PRIV = 9, |
| 184 | KRB5_PDU_KRB_CRED = 10, |
| 185 | KRB5_PDU_NONE = 11 /* See krb5_get_permitted_enctypes() */ |
| 186 | } krb5_pdu; |
| 187 | |
| 188 | typedef PADATA_TYPE krb5_preauthtype; |
| 189 | |
| 190 | typedef enum krb5_key_usage { |
| 191 | KRB5_KU_PA_ENC_TIMESTAMP = 1, |
| 192 | /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the |
| 193 | client key (section 5.4.1) */ |
| 194 | KRB5_KU_TICKET = 2, |
| 195 | /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or |
| 196 | application session key), encrypted with the service key |
| 197 | (section 5.4.2) */ |
| 198 | KRB5_KU_AS_REP_ENC_PART = 3, |
| 199 | /* AS-REP encrypted part (includes tgs session key or application |
| 200 | session key), encrypted with the client key (section 5.4.2) */ |
| 201 | KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4, |
| 202 | /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs |
| 203 | session key (section 5.4.1) */ |
| 204 | KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5, |
| 205 | /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs |
| 206 | authenticator subkey (section 5.4.1) */ |
| 207 | KRB5_KU_TGS_REQ_AUTH_CKSUM = 6, |
| 208 | /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed |
| 209 | with the tgs session key (sections 5.3.2, 5.4.1) */ |
| 210 | KRB5_KU_TGS_REQ_AUTH = 7, |
| 211 | /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs |
| 212 | authenticator subkey), encrypted with the tgs session key |
| 213 | (section 5.3.2) */ |
| 214 | KRB5_KU_TGS_REP_ENC_PART_SESSION = 8, |
| 215 | /* TGS-REP encrypted part (includes application session key), |
| 216 | encrypted with the tgs session key (section 5.4.2) */ |
| 217 | KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9, |
| 218 | /* TGS-REP encrypted part (includes application session key), |
| 219 | encrypted with the tgs authenticator subkey (section 5.4.2) */ |
| 220 | KRB5_KU_AP_REQ_AUTH_CKSUM = 10, |
| 221 | /* AP-REQ Authenticator cksum, keyed with the application session |
| 222 | key (section 5.3.2) */ |
| 223 | KRB5_KU_AP_REQ_AUTH = 11, |
| 224 | /* AP-REQ Authenticator (includes application authenticator |
| 225 | subkey), encrypted with the application session key (section |
| 226 | 5.3.2) */ |
| 227 | KRB5_KU_AP_REQ_ENC_PART = 12, |
| 228 | /* AP-REP encrypted part (includes application session subkey), |
| 229 | encrypted with the application session key (section 5.5.2) */ |
| 230 | KRB5_KU_KRB_PRIV = 13, |
| 231 | /* KRB-PRIV encrypted part, encrypted with a key chosen by the |
| 232 | application (section 5.7.1) */ |
| 233 | KRB5_KU_KRB_CRED = 14, |
| 234 | /* KRB-CRED encrypted part, encrypted with a key chosen by the |
| 235 | application (section 5.8.1) */ |
| 236 | KRB5_KU_KRB_SAFE_CKSUM = 15, |
| 237 | /* KRB-SAFE cksum, keyed with a key chosen by the application |
| 238 | (section 5.6.1) */ |
| 239 | KRB5_KU_OTHER_ENCRYPTED = 16, |
| 240 | /* Data which is defined in some specification outside of |
| 241 | Kerberos to be encrypted using an RFC1510 encryption type. */ |
| 242 | KRB5_KU_OTHER_CKSUM = 17, |
| 243 | /* Data which is defined in some specification outside of |
| 244 | Kerberos to be checksummed using an RFC1510 checksum type. */ |
| 245 | KRB5_KU_KRB_ERROR = 18, |
| 246 | /* Krb-error checksum */ |
| 247 | KRB5_KU_AD_KDC_ISSUED = 19, |
| 248 | /* AD-KDCIssued checksum */ |
| 249 | KRB5_KU_MANDATORY_TICKET_EXTENSION = 20, |
| 250 | /* Checksum for Mandatory Ticket Extensions */ |
| 251 | KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21, |
| 252 | /* Checksum in Authorization Data in Ticket Extensions */ |
| 253 | KRB5_KU_USAGE_SEAL = 22, |
| 254 | /* seal in GSSAPI krb5 mechanism */ |
| 255 | KRB5_KU_USAGE_SIGN = 23, |
| 256 | /* sign in GSSAPI krb5 mechanism */ |
| 257 | KRB5_KU_USAGE_SEQ = 24, |
| 258 | /* SEQ in GSSAPI krb5 mechanism */ |
| 259 | KRB5_KU_USAGE_ACCEPTOR_SEAL = 22, |
| 260 | /* acceptor sign in GSSAPI CFX krb5 mechanism */ |
| 261 | KRB5_KU_USAGE_ACCEPTOR_SIGN = 23, |
| 262 | /* acceptor seal in GSSAPI CFX krb5 mechanism */ |
| 263 | KRB5_KU_USAGE_INITIATOR_SEAL = 24, |
| 264 | /* initiator sign in GSSAPI CFX krb5 mechanism */ |
| 265 | KRB5_KU_USAGE_INITIATOR_SIGN = 25, |
| 266 | /* initiator seal in GSSAPI CFX krb5 mechanism */ |
| 267 | KRB5_KU_PA_SERVER_REFERRAL_DATA = 22, |
| 268 | /* encrypted server referral data */ |
| 269 | KRB5_KU_SAM_CHECKSUM = 25, |
| 270 | /* Checksum for the SAM-CHECKSUM field */ |
| 271 | KRB5_KU_SAM_ENC_TRACK_ID = 26, |
| 272 | /* Encryption of the SAM-TRACK-ID field */ |
| 273 | KRB5_KU_PA_SERVER_REFERRAL = 26, |
| 274 | /* Keyusage for the server referral in a TGS req */ |
| 275 | KRB5_KU_SAM_ENC_NONCE_SAD = 27, |
| 276 | /* Encryption of the SAM-NONCE-OR-SAD field */ |
| 277 | KRB5_KU_PA_PKINIT_KX = 44, |
| 278 | /* Encryption type of the kdc session contribution in pk-init */ |
| 279 | KRB5_KU_AS_REQ = 56, |
| 280 | /* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */ |
| 281 | KRB5_KU_FAST_REQ_CHKSUM = 50, |
| 282 | /* FAST armor checksum */ |
| 283 | KRB5_KU_FAST_ENC = 51, |
| 284 | /* FAST armor encryption */ |
| 285 | KRB5_KU_FAST_REP = 52, |
| 286 | /* FAST armor reply */ |
| 287 | KRB5_KU_FAST_FINISHED = 53, |
| 288 | /* FAST finished checksum */ |
| 289 | KRB5_KU_ENC_CHALLENGE_CLIENT = 54, |
| 290 | /* fast challenge from client */ |
| 291 | KRB5_KU_ENC_CHALLENGE_KDC = 55, |
| 292 | /* fast challenge from kdc */ |
| 293 | KRB5_KU_DIGEST_ENCRYPT = -18, |
| 294 | /* Encryption key usage used in the digest encryption field */ |
| 295 | KRB5_KU_DIGEST_OPAQUE = -19, |
| 296 | /* Checksum key usage used in the digest opaque field */ |
| 297 | KRB5_KU_KRB5SIGNEDPATH = -21, |
| 298 | /* Checksum key usage on KRB5SignedPath */ |
| 299 | KRB5_KU_CANONICALIZED_NAMES = -23, |
| 300 | /* Checksum key usage on PA-CANONICALIZED */ |
| 301 | KRB5_KU_H5L_COOKIE = -25 |
| 302 | /* encrypted foo */ |
| 303 | } krb5_key_usage; |
| 304 | |
| 305 | typedef krb5_key_usage krb5_keyusage; |
| 306 | |
| 307 | typedef enum krb5_salttype { |
| 308 | KRB5_PW_SALT = KRB5_PADATA_PW_SALT, |
| 309 | KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT |
| 310 | }krb5_salttype; |
| 311 | |
| 312 | typedef struct krb5_salt { |
| 313 | krb5_salttype salttype; |
| 314 | krb5_data saltvalue; |
| 315 | } krb5_salt; |
| 316 | |
| 317 | typedef ETYPE_INFO krb5_preauthinfo; |
| 318 | |
| 319 | typedef struct { |
| 320 | krb5_preauthtype type; |
| 321 | krb5_preauthinfo info; /* list of preauthinfo for this type */ |
| 322 | } krb5_preauthdata_entry; |
| 323 | |
| 324 | typedef struct krb5_preauthdata { |
| 325 | unsigned len; |
| 326 | krb5_preauthdata_entry *val; |
| 327 | }krb5_preauthdata; |
| 328 | |
| 329 | typedef enum krb5_address_type { |
| 330 | KRB5_ADDRESS_INET = 2, |
| 331 | KRB5_ADDRESS_NETBIOS = 20, |
| 332 | KRB5_ADDRESS_INET6 = 24, |
| 333 | KRB5_ADDRESS_ADDRPORT = 256, |
| 334 | KRB5_ADDRESS_IPPORT = 257 |
| 335 | } krb5_address_type; |
| 336 | |
| 337 | enum { |
| 338 | AP_OPTS_USE_SESSION_KEY = 1, |
| 339 | AP_OPTS_MUTUAL_REQUIRED = 2, |
| 340 | AP_OPTS_USE_SUBKEY = 4 /* library internal */ |
| 341 | }; |
| 342 | |
| 343 | typedef HostAddress krb5_address; |
| 344 | |
| 345 | typedef HostAddresses krb5_addresses; |
| 346 | |
| 347 | typedef krb5_enctype krb5_keytype; |
| 348 | |
| 349 | enum krb5_keytype_old { |
| 350 | KEYTYPE_NULL = ETYPE_NULL, |
| 351 | KEYTYPE_DES = ETYPE_DES_CBC_CRC, |
| 352 | KEYTYPE_DES3 = ETYPE_OLD_DES3_CBC_SHA1, |
| 353 | KEYTYPE_AES128 = ETYPE_AES128_CTS_HMAC_SHA1_96, |
| 354 | KEYTYPE_AES256 = ETYPE_AES256_CTS_HMAC_SHA1_96, |
| 355 | KEYTYPE_ARCFOUR = ETYPE_ARCFOUR_HMAC_MD5, |
| 356 | KEYTYPE_ARCFOUR_56 = ETYPE_ARCFOUR_HMAC_MD5_56 |
| 357 | }; |
| 358 | |
| 359 | typedef EncryptionKey krb5_keyblock; |
| 360 | |
| 361 | typedef AP_REQ krb5_ap_req; |
| 362 | |
| 363 | struct krb5_cc_ops; |
| 364 | |
| 365 | #ifdef _WIN32 |
| 366 | #define KRB5_USE_PATH_TOKENS 1 |
| 367 | #endif |
| 368 | |
| 369 | #ifdef KRB5_USE_PATH_TOKENS |
| 370 | #define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_" |
| 371 | #else |
| 372 | #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_" |
| 373 | #endif |
| 374 | |
| 375 | #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT |
| 376 | |
| 377 | #define KRB5_ACCEPT_NULL_ADDRESSES(C) \ |
| 378 | krb5_config_get_bool_default((C), NULL, TRUE, \ |
| 379 | "libdefaults", "accept_null_addresses", \ |
| 380 | NULL) |
| 381 | |
| 382 | typedef void *krb5_cc_cursor; |
| 383 | typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor; |
| 384 | |
| 385 | typedef struct krb5_ccache_data { |
| 386 | const struct krb5_cc_ops *ops; |
| 387 | krb5_data data; |
| 388 | int initialized; /* if non-zero: krb5_cc_initialize() called, now empty */ |
| 389 | }krb5_ccache_data; |
| 390 | |
| 391 | typedef struct krb5_ccache_data *krb5_ccache; |
| 392 | |
| 393 | typedef struct krb5_context_data *krb5_context; |
| 394 | |
| 395 | typedef Realm krb5_realm; |
| 396 | typedef const char *krb5_const_realm; /* stupid language */ |
| 397 | |
| 398 | #define krb5_realm_length(r) strlen(r) |
| 399 | #define krb5_realm_data(r) (r) |
| 400 | |
| 401 | typedef Principal krb5_principal_data; |
| 402 | typedef struct Principal *krb5_principal; |
| 403 | typedef const struct Principal *krb5_const_principal; |
| 404 | typedef struct Principals *krb5_principals; |
| 405 | |
| 406 | typedef time_t krb5_deltat; |
| 407 | typedef time_t krb5_timestamp; |
| 408 | |
| 409 | typedef struct krb5_times { |
| 410 | krb5_timestamp authtime; |
| 411 | krb5_timestamp starttime; |
| 412 | krb5_timestamp endtime; |
| 413 | krb5_timestamp renew_till; |
| 414 | } krb5_times; |
| 415 | |
| 416 | typedef union { |
| 417 | TicketFlags b; |
| 418 | krb5_flags i; |
| 419 | } krb5_ticket_flags; |
| 420 | |
| 421 | /* options for krb5_get_in_tkt() */ |
| 422 | #define KDC_OPT_FORWARDABLE (1 << 1) |
| 423 | #define KDC_OPT_FORWARDED (1 << 2) |
| 424 | #define KDC_OPT_PROXIABLE (1 << 3) |
| 425 | #define KDC_OPT_PROXY (1 << 4) |
| 426 | #define KDC_OPT_ALLOW_POSTDATE (1 << 5) |
| 427 | #define KDC_OPT_POSTDATED (1 << 6) |
| 428 | #define KDC_OPT_RENEWABLE (1 << 8) |
| 429 | #define KDC_OPT_REQUEST_ANONYMOUS (1 << 14) |
| 430 | #define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26) |
| 431 | #define KDC_OPT_RENEWABLE_OK (1 << 27) |
| 432 | #define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28) |
| 433 | #define KDC_OPT_RENEW (1 << 30) |
| 434 | #define KDC_OPT_VALIDATE (1 << 31) |
| 435 | |
| 436 | typedef union { |
| 437 | KDCOptions b; |
| 438 | krb5_flags i; |
| 439 | } krb5_kdc_flags; |
| 440 | |
| 441 | /* flags for krb5_verify_ap_req */ |
| 442 | |
| 443 | #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0) |
| 444 | |
| 445 | #define KRB5_GC_CACHED (1U << 0) |
| 446 | #define KRB5_GC_USER_USER (1U << 1) |
| 447 | #define KRB5_GC_EXPIRED_OK (1U << 2) |
| 448 | #define KRB5_GC_NO_STORE (1U << 3) |
| 449 | #define KRB5_GC_FORWARDABLE (1U << 4) |
| 450 | #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5) |
| 451 | #define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6) |
| 452 | #define KRB5_GC_CANONICALIZE (1U << 7) |
| 453 | |
| 454 | /* constants for compare_creds (and cc_retrieve_cred) */ |
| 455 | #define KRB5_TC_DONT_MATCH_REALM (1U << 31) |
| 456 | #define KRB5_TC_MATCH_KEYTYPE (1U << 30) |
| 457 | #define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */ |
| 458 | #define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29) |
| 459 | #define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28) |
| 460 | #define KRB5_TC_MATCH_FLAGS (1 << 27) |
| 461 | #define KRB5_TC_MATCH_TIMES_EXACT (1 << 26) |
| 462 | #define KRB5_TC_MATCH_TIMES (1 << 25) |
| 463 | #define KRB5_TC_MATCH_AUTHDATA (1 << 24) |
| 464 | #define KRB5_TC_MATCH_2ND_TKT (1 << 23) |
| 465 | #define KRB5_TC_MATCH_IS_SKEY (1 << 22) |
| 466 | |
| 467 | /* constants for get_flags and set_flags */ |
| 468 | #define KRB5_TC_OPENCLOSE 0x00000001 |
| 469 | #define KRB5_TC_NOTICKET 0x00000002 |
| 470 | |
| 471 | typedef AuthorizationData krb5_authdata; |
| 472 | |
| 473 | typedef KRB_ERROR krb5_error; |
| 474 | |
| 475 | typedef struct krb5_creds { |
| 476 | krb5_principal client; |
| 477 | krb5_principal server; |
| 478 | krb5_keyblock session; |
| 479 | krb5_times times; |
| 480 | krb5_data ticket; |
| 481 | krb5_data second_ticket; |
| 482 | krb5_authdata authdata; |
| 483 | krb5_addresses addresses; |
| 484 | krb5_ticket_flags flags; |
| 485 | } krb5_creds; |
| 486 | |
| 487 | typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor; |
| 488 | |
| 489 | #define KRB5_CC_OPS_VERSION 3 |
| 490 | |
| 491 | typedef struct krb5_cc_ops { |
| 492 | int version; |
| 493 | const char *prefix; |
| 494 | const char* (KRB5_CALLCONV * get_name)(krb5_context, krb5_ccache); |
| 495 | krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, krb5_ccache *, const char *); |
| 496 | krb5_error_code (KRB5_CALLCONV * gen_new)(krb5_context, krb5_ccache *); |
| 497 | krb5_error_code (KRB5_CALLCONV * init)(krb5_context, krb5_ccache, krb5_principal); |
| 498 | krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_ccache); |
| 499 | krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_ccache); |
| 500 | krb5_error_code (KRB5_CALLCONV * store)(krb5_context, krb5_ccache, krb5_creds*); |
| 501 | krb5_error_code (KRB5_CALLCONV * retrieve)(krb5_context, krb5_ccache, |
| 502 | krb5_flags, const krb5_creds*, krb5_creds *); |
| 503 | krb5_error_code (KRB5_CALLCONV * get_princ)(krb5_context, krb5_ccache, krb5_principal*); |
| 504 | krb5_error_code (KRB5_CALLCONV * get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *); |
| 505 | krb5_error_code (KRB5_CALLCONV * get_next)(krb5_context, krb5_ccache, |
| 506 | krb5_cc_cursor*, krb5_creds*); |
| 507 | krb5_error_code (KRB5_CALLCONV * end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*); |
| 508 | krb5_error_code (KRB5_CALLCONV * remove_cred)(krb5_context, krb5_ccache, |
| 509 | krb5_flags, krb5_creds*); |
| 510 | krb5_error_code (KRB5_CALLCONV * set_flags)(krb5_context, krb5_ccache, krb5_flags); |
| 511 | int (KRB5_CALLCONV * get_version)(krb5_context, krb5_ccache); |
| 512 | krb5_error_code (KRB5_CALLCONV * get_cache_first)(krb5_context, krb5_cc_cursor *); |
| 513 | krb5_error_code (KRB5_CALLCONV * get_cache_next)(krb5_context, krb5_cc_cursor, |
| 514 | krb5_ccache *); |
| 515 | krb5_error_code (KRB5_CALLCONV * end_cache_get)(krb5_context, krb5_cc_cursor); |
| 516 | krb5_error_code (KRB5_CALLCONV * move)(krb5_context, krb5_ccache, krb5_ccache); |
| 517 | krb5_error_code (KRB5_CALLCONV * get_default_name)(krb5_context, char **); |
| 518 | krb5_error_code (KRB5_CALLCONV * set_default)(krb5_context, krb5_ccache); |
| 519 | krb5_error_code (KRB5_CALLCONV * lastchange)(krb5_context, krb5_ccache, krb5_timestamp *); |
| 520 | krb5_error_code (KRB5_CALLCONV * set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat); |
| 521 | krb5_error_code (KRB5_CALLCONV * get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *); |
| 522 | } krb5_cc_ops; |
| 523 | |
| 524 | struct krb5_log_facility; |
| 525 | |
| 526 | struct krb5_config_binding { |
| 527 | enum { krb5_config_string, krb5_config_list } type; |
| 528 | char *name; |
| 529 | struct krb5_config_binding *next; |
| 530 | union { |
| 531 | char *string; |
| 532 | struct krb5_config_binding *list; |
| 533 | void *generic; |
| 534 | } u; |
| 535 | }; |
| 536 | |
| 537 | typedef struct krb5_config_binding krb5_config_binding; |
| 538 | |
| 539 | typedef krb5_config_binding krb5_config_section; |
| 540 | |
| 541 | typedef struct krb5_ticket { |
| 542 | EncTicketPart ticket; |
| 543 | krb5_principal client; |
| 544 | krb5_principal server; |
| 545 | } krb5_ticket; |
| 546 | |
| 547 | typedef Authenticator krb5_authenticator_data; |
| 548 | |
| 549 | typedef krb5_authenticator_data *krb5_authenticator; |
| 550 | |
| 551 | struct krb5_rcache_data; |
| 552 | typedef struct krb5_rcache_data *krb5_rcache; |
| 553 | typedef Authenticator krb5_donot_replay; |
| 554 | |
| 555 | #define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */ |
| 556 | #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02 |
| 557 | #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04 |
| 558 | #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08 |
| 559 | #define KRB5_STORAGE_BYTEORDER_MASK 0x60 |
| 560 | #define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */ |
| 561 | #define KRB5_STORAGE_BYTEORDER_LE 0x20 |
| 562 | #define KRB5_STORAGE_BYTEORDER_HOST 0x40 |
| 563 | #define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80 |
| 564 | |
| 565 | struct krb5_storage_data; |
| 566 | typedef struct krb5_storage_data krb5_storage; |
| 567 | |
| 568 | typedef struct krb5_keytab_entry { |
| 569 | krb5_principal principal; |
| 570 | krb5_kvno vno; |
| 571 | krb5_keyblock keyblock; |
| 572 | uint32_t timestamp; |
| 573 | uint32_t flags; |
| 574 | krb5_principals aliases; |
| 575 | } krb5_keytab_entry; |
| 576 | |
| 577 | typedef struct krb5_kt_cursor { |
| 578 | int fd; |
| 579 | krb5_storage *sp; |
| 580 | void *data; |
| 581 | } krb5_kt_cursor; |
| 582 | |
| 583 | struct krb5_keytab_data; |
| 584 | |
| 585 | typedef struct krb5_keytab_data *krb5_keytab; |
| 586 | |
| 587 | #define KRB5_KT_PREFIX_MAX_LEN 30 |
| 588 | |
| 589 | struct krb5_keytab_data { |
| 590 | const char *prefix; |
| 591 | krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, const char*, krb5_keytab); |
| 592 | krb5_error_code (KRB5_CALLCONV * get_name)(krb5_context, krb5_keytab, char*, size_t); |
| 593 | krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_keytab); |
| 594 | krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_keytab); |
| 595 | krb5_error_code (KRB5_CALLCONV * get)(krb5_context, krb5_keytab, krb5_const_principal, |
| 596 | krb5_kvno, krb5_enctype, krb5_keytab_entry*); |
| 597 | krb5_error_code (KRB5_CALLCONV * start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); |
| 598 | krb5_error_code (KRB5_CALLCONV * next_entry)(krb5_context, krb5_keytab, |
| 599 | krb5_keytab_entry*, krb5_kt_cursor*); |
| 600 | krb5_error_code (KRB5_CALLCONV * end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); |
| 601 | krb5_error_code (KRB5_CALLCONV * add)(krb5_context, krb5_keytab, krb5_keytab_entry*); |
| 602 | krb5_error_code (KRB5_CALLCONV * remove)(krb5_context, krb5_keytab, krb5_keytab_entry*); |
| 603 | void *data; |
| 604 | int32_t version; |
| 605 | }; |
| 606 | |
| 607 | typedef struct krb5_keytab_data krb5_kt_ops; |
| 608 | |
| 609 | struct krb5_keytab_key_proc_args { |
| 610 | krb5_keytab keytab; |
| 611 | krb5_principal principal; |
| 612 | }; |
| 613 | |
| 614 | typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args; |
| 615 | |
| 616 | typedef struct krb5_replay_data { |
| 617 | krb5_timestamp timestamp; |
| 618 | int32_t usec; |
| 619 | uint32_t seq; |
| 620 | } krb5_replay_data; |
| 621 | |
| 622 | /* flags for krb5_auth_con_setflags */ |
| 623 | enum { |
| 624 | KRB5_AUTH_CONTEXT_DO_TIME = 1, |
| 625 | KRB5_AUTH_CONTEXT_RET_TIME = 2, |
| 626 | KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4, |
| 627 | KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8, |
| 628 | KRB5_AUTH_CONTEXT_PERMIT_ALL = 16, |
| 629 | KRB5_AUTH_CONTEXT_USE_SUBKEY = 32, |
| 630 | KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED = 64 |
| 631 | }; |
| 632 | |
| 633 | /* flags for krb5_auth_con_genaddrs */ |
| 634 | enum { |
| 635 | KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1, |
| 636 | KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3, |
| 637 | KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4, |
| 638 | KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12 |
| 639 | }; |
| 640 | |
| 641 | typedef struct krb5_auth_context_data { |
| 642 | unsigned int flags; |
| 643 | |
| 644 | krb5_address *local_address; |
| 645 | krb5_address *remote_address; |
| 646 | int16_t local_port; |
| 647 | int16_t remote_port; |
| 648 | krb5_keyblock *keyblock; |
| 649 | krb5_keyblock *local_subkey; |
| 650 | krb5_keyblock *remote_subkey; |
| 651 | |
| 652 | uint32_t local_seqnumber; |
| 653 | uint32_t remote_seqnumber; |
| 654 | |
| 655 | krb5_authenticator authenticator; |
| 656 | |
| 657 | krb5_pointer i_vector; |
| 658 | |
| 659 | krb5_rcache rcache; |
| 660 | |
| 661 | krb5_keytype keytype; /* ¿requested key type ? */ |
| 662 | krb5_cksumtype cksumtype; /* ¡requested checksum type! */ |
| 663 | |
| 664 | AuthorizationData *auth_data; |
| 665 | |
| 666 | }krb5_auth_context_data, *krb5_auth_context; |
| 667 | |
| 668 | typedef struct { |
| 669 | KDC_REP kdc_rep; |
| 670 | EncKDCRepPart enc_part; |
| 671 | KRB_ERROR error; |
| 672 | } krb5_kdc_rep; |
| 673 | |
| 674 | extern const char *heimdal_version, *heimdal_long_version; |
| 675 | |
| 676 | typedef void (KRB5_CALLCONV * krb5_log_log_func_t)(const char*, const char*, void*); |
| 677 | typedef void (KRB5_CALLCONV * krb5_log_close_func_t)(void*); |
| 678 | |
| 679 | typedef struct krb5_log_facility { |
| 680 | char *program; |
| 681 | int len; |
| 682 | struct facility *val; |
| 683 | } krb5_log_facility; |
| 684 | |
| 685 | typedef EncAPRepPart krb5_ap_rep_enc_part; |
| 686 | |
| 687 | #define KRB5_RECVAUTH_IGNORE_VERSION 1 |
| 688 | |
| 689 | #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0" |
| 690 | |
| 691 | #define KRB5_TGS_NAME_SIZE (6) |
| 692 | #define KRB5_TGS_NAME ("krbtgt") |
| 693 | #define KRB5_WELLKNOWN_NAME ("WELLKNOWN") |
| 694 | #define KRB5_ANON_NAME ("ANONYMOUS") |
| 695 | #define KRB5_ANON_REALM ("WELLKNOWN:ANONYMOUS") |
| 696 | #define KRB5_WELLKNOWN_ORG_H5L_REALM ("WELLKNOWN:ORG.H5L") |
| 697 | #define KRB5_DIGEST_NAME ("digest") |
| 698 | |
| 699 | |
| 700 | #define KRB5_PKU2U_REALM_NAME ("WELLKNOWN:PKU2U") |
| 701 | #define KRB5_LKDC_REALM_NAME ("WELLKNOWN:COM.APPLE.LKDC") |
| 702 | |
| 703 | #define KRB5_GSS_HOSTBASED_SERVICE_NAME ("WELLKNOWN:ORG.H5L.HOSTBASED-SERVICE") |
| 704 | #define KRB5_GSS_REFERALS_REALM_NAME ("WELLKNOWN:ORG.H5L.REFERALS-REALM") |
| 705 | |
| 706 | typedef enum { |
| 707 | KRB5_PROMPT_TYPE_PASSWORD = 0x1, |
| 708 | KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2, |
| 709 | KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3, |
| 710 | KRB5_PROMPT_TYPE_PREAUTH = 0x4, |
| 711 | KRB5_PROMPT_TYPE_INFO = 0x5 |
| 712 | } krb5_prompt_type; |
| 713 | |
| 714 | typedef struct _krb5_prompt { |
| 715 | const char *prompt; |
| 716 | int hidden; |
| 717 | krb5_data *reply; |
| 718 | krb5_prompt_type type; |
| 719 | } krb5_prompt; |
| 720 | |
| 721 | typedef int (KRB5_CALLCONV * krb5_prompter_fct)(krb5_context /*context*/, |
| 722 | void * /*data*/, |
| 723 | const char * /*name*/, |
| 724 | const char * /*banner*/, |
| 725 | int /*num_prompts*/, |
| 726 | krb5_prompt /*prompts*/[]); |
| 727 | typedef krb5_error_code (KRB5_CALLCONV * krb5_key_proc)(krb5_context /*context*/, |
| 728 | krb5_enctype /*type*/, |
| 729 | krb5_salt /*salt*/, |
| 730 | krb5_const_pointer /*keyseed*/, |
| 731 | krb5_keyblock ** /*key*/); |
| 732 | typedef krb5_error_code (KRB5_CALLCONV * krb5_decrypt_proc)(krb5_context /*context*/, |
| 733 | krb5_keyblock * /*key*/, |
| 734 | krb5_key_usage /*usage*/, |
| 735 | krb5_const_pointer /*decrypt_arg*/, |
| 736 | krb5_kdc_rep * /*dec_rep*/); |
| 737 | typedef krb5_error_code (KRB5_CALLCONV * krb5_s2k_proc)(krb5_context /*context*/, |
| 738 | krb5_enctype /*type*/, |
| 739 | krb5_const_pointer /*keyseed*/, |
| 740 | krb5_salt /*salt*/, |
| 741 | krb5_data * /*s2kparms*/, |
| 742 | krb5_keyblock ** /*key*/); |
| 743 | |
| 744 | struct _krb5_get_init_creds_opt_private; |
| 745 | |
| 746 | struct _krb5_get_init_creds_opt { |
| 747 | krb5_flags flags; |
| 748 | krb5_deltat tkt_life; |
| 749 | krb5_deltat renew_life; |
| 750 | int forwardable; |
| 751 | int proxiable; |
| 752 | int anonymous; |
| 753 | int change_password_prompt; |
| 754 | krb5_enctype *etype_list; |
| 755 | int etype_list_length; |
| 756 | krb5_addresses *address_list; |
| 757 | /* XXX the next three should not be used, as they may be |
| 758 | removed later */ |
| 759 | krb5_preauthtype *preauth_list; |
| 760 | int preauth_list_length; |
| 761 | krb5_data *salt; |
| 762 | struct _krb5_get_init_creds_opt_private *opt_private; |
| 763 | }; |
| 764 | |
| 765 | typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt; |
| 766 | |
| 767 | #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 |
| 768 | #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 |
| 769 | #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 |
| 770 | #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 |
| 771 | #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 |
| 772 | #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 |
| 773 | #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 |
| 774 | #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 /* no supported */ |
| 775 | #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100 |
| 776 | #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200 |
| 777 | #define KRB5_GET_INIT_CREDS_OPT_CHANGE_PASSWORD_PROMPT 0x0400 |
| 778 | |
| 779 | /* krb5_init_creds_step flags argument */ |
| 780 | #define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x0001 |
| 781 | |
| 782 | typedef struct _krb5_verify_init_creds_opt { |
| 783 | krb5_flags flags; |
| 784 | int ap_req_nofail; |
| 785 | } krb5_verify_init_creds_opt; |
| 786 | |
| 787 | #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 |
| 788 | |
| 789 | typedef struct krb5_verify_opt { |
| 790 | unsigned int flags; |
| 791 | krb5_ccache ccache; |
| 792 | krb5_keytab keytab; |
| 793 | krb5_boolean secure; |
| 794 | const char *service; |
| 795 | } krb5_verify_opt; |
| 796 | |
| 797 | #define KRB5_VERIFY_LREALMS 1 |
| 798 | #define KRB5_VERIFY_NO_ADDRESSES 2 |
| 799 | |
| 800 | #define KRB5_KPASSWD_VERS_CHANGEPW 1 |
| 801 | #define KRB5_KPASSWD_VERS_SETPW 0xff80 |
| 802 | |
| 803 | #define KRB5_KPASSWD_SUCCESS 0 |
| 804 | #define KRB5_KPASSWD_MALFORMED 1 |
| 805 | #define KRB5_KPASSWD_HARDERROR 2 |
| 806 | #define KRB5_KPASSWD_AUTHERROR 3 |
| 807 | #define KRB5_KPASSWD_SOFTERROR 4 |
| 808 | #define KRB5_KPASSWD_ACCESSDENIED 5 |
| 809 | #define KRB5_KPASSWD_BAD_VERSION 6 |
| 810 | #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 |
| 811 | |
| 812 | #define KPASSWD_PORT 464 |
| 813 | |
| 814 | /* types for the new krbhst interface */ |
| 815 | struct krb5_krbhst_data; |
| 816 | typedef struct krb5_krbhst_data *krb5_krbhst_handle; |
| 817 | |
| 818 | #define KRB5_KRBHST_KDC 1 |
| 819 | #define KRB5_KRBHST_ADMIN 2 |
| 820 | #define KRB5_KRBHST_CHANGEPW 3 |
| 821 | #define KRB5_KRBHST_KRB524 4 |
| 822 | #define KRB5_KRBHST_KCA 5 |
| 823 | |
| 824 | typedef struct krb5_krbhst_info { |
| 825 | enum { KRB5_KRBHST_UDP, |
| 826 | KRB5_KRBHST_TCP, |
| 827 | KRB5_KRBHST_HTTP } proto; |
| 828 | unsigned short port; |
| 829 | unsigned short def_port; |
| 830 | struct addrinfo *ai; |
| 831 | struct krb5_krbhst_info *next; |
| 832 | char hostname[1]; /* has to come last */ |
| 833 | } krb5_krbhst_info; |
| 834 | |
| 835 | /* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */ |
| 836 | enum { |
| 837 | KRB5_KRBHST_FLAGS_MASTER = 1, |
| 838 | KRB5_KRBHST_FLAGS_LARGE_MSG = 2 |
| 839 | }; |
| 840 | |
| 841 | typedef krb5_error_code (*krb5_sendto_prexmit)(krb5_context, int, void *, int, krb5_data *); |
| 842 | typedef krb5_error_code |
| 843 | (KRB5_CALLCONV * krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, time_t, |
| 844 | const krb5_data *, krb5_data *); |
| 845 | |
| 846 | /** flags for krb5_parse_name_flags */ |
| 847 | enum { |
| 848 | KRB5_PRINCIPAL_PARSE_NO_REALM = 1, /**< Require that there are no realm */ |
| 849 | KRB5_PRINCIPAL_PARSE_REQUIRE_REALM = 2, /**< Require a realm present */ |
| 850 | KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4, /**< Parse as a NT-ENTERPRISE name */ |
| 851 | KRB5_PRINCIPAL_PARSE_IGNORE_REALM = 8, /**< Ignore realm if present */ |
| 852 | KRB5_PRINCIPAL_PARSE_NO_DEF_REALM = 16 /**< Don't default the realm */ |
| 853 | }; |
| 854 | |
| 855 | /** flags for krb5_unparse_name_flags */ |
| 856 | enum { |
| 857 | KRB5_PRINCIPAL_UNPARSE_SHORT = 1, /**< No realm if it is the default realm */ |
| 858 | KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2, /**< No realm */ |
| 859 | KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 /**< No quoting */ |
| 860 | }; |
| 861 | |
| 862 | typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx; |
| 863 | |
| 864 | #define KRB5_SENDTO_DONE 0 |
| 865 | #define KRB5_SENDTO_RESET 1 |
| 866 | #define KRB5_SENDTO_CONTINUE 2 |
| 867 | #define KRB5_SENDTO_TIMEOUT 3 |
| 868 | #define KRB5_SENDTO_INITIAL 4 |
| 869 | #define KRB5_SENDTO_FILTER 5 |
| 870 | #define KRB5_SENDTO_FAILED 6 |
| 871 | #define KRB5_SENDTO_KRBHST 7 |
| 872 | |
| 873 | typedef krb5_error_code |
| 874 | (KRB5_CALLCONV * krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, |
| 875 | const krb5_data *, int *); |
| 876 | |
| 877 | struct krb5_plugin; |
| 878 | enum krb5_plugin_type { |
| 879 | PLUGIN_TYPE_DATA = 1, |
| 880 | PLUGIN_TYPE_FUNC |
| 881 | }; |
| 882 | |
| 883 | #define KRB5_PLUGIN_INVOKE_ALL 1 |
| 884 | |
| 885 | struct credentials; /* this is to keep the compiler happy */ |
| 886 | struct getargs; |
| 887 | struct sockaddr; |
| 888 | |
| 889 | /** |
| 890 | * Semi private, not stable yet |
| 891 | */ |
| 892 | |
| 893 | typedef struct krb5_crypto_iov { |
| 894 | unsigned int flags; |
| 895 | /* ignored */ |
| 896 | #define KRB5_CRYPTO_TYPE_EMPTY 0 |
| 897 | /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */ |
| 898 | #define KRB5_CRYPTO_TYPE_HEADER 1 |
| 899 | /* IN and OUT */ |
| 900 | #define KRB5_CRYPTO_TYPE_DATA 2 |
| 901 | /* IN */ |
| 902 | #define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 |
| 903 | /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ |
| 904 | #define KRB5_CRYPTO_TYPE_PADDING 4 |
| 905 | /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ |
| 906 | #define KRB5_CRYPTO_TYPE_TRAILER 5 |
| 907 | /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */ |
| 908 | #define KRB5_CRYPTO_TYPE_CHECKSUM 6 |
| 909 | krb5_data data; |
| 910 | } krb5_crypto_iov; |
| 911 | |
| 912 | |
| 913 | /* Glue for MIT */ |
| 914 | |
| 915 | typedef struct { |
| 916 | int32_t lr_type; |
| 917 | krb5_timestamp value; |
| 918 | } krb5_last_req_entry; |
| 919 | |
| 920 | typedef krb5_error_code |
| 921 | (KRB5_CALLCONV * krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *); |
| 922 | |
| 923 | typedef struct { |
| 924 | krb5_enctype ks_enctype; |
| 925 | krb5int32 ks_salttype; |
| 926 | }krb5_key_salt_tuple; |
| 927 | |
| 928 | /* |
| 929 | * Name canonicalization rule options |
| 930 | */ |
| 931 | |
| 932 | typedef enum krb5_name_canon_rule_options { |
| 933 | KRB5_NCRO_GC_ONLY = 1 << 0, |
| 934 | KRB5_NCRO_USE_REFERRALS = 1 << 1, |
| 935 | KRB5_NCRO_NO_REFERRALS = 1 << 2, |
| 936 | KRB5_NCRO_USE_FAST = 1 << 3, |
| 937 | KRB5_NCRO_USE_DNSSEC = 1 << 4, |
| 938 | KRB5_NCRO_LOOKUP_REALM = 1 << 5 |
| 939 | } krb5_name_canon_rule_options; |
| 940 | |
| 941 | typedef struct krb5_name_canon_rule_data *krb5_name_canon_rule; |
| 942 | typedef const struct krb5_name_canon_rule_data *krb5_const_name_canon_rule; |
| 943 | typedef struct krb5_name_canon_iterator_data *krb5_name_canon_iterator; |
| 944 | |
| 945 | /* |
| 946 | * |
| 947 | */ |
| 948 | |
| 949 | struct hx509_certs_data; |
| 950 | |
| 951 | #include <krb5/krb5-protos.h> |
| 952 | |
| 953 | /* variables */ |
| 954 | |
| 955 | extern KRB5_LIB_VARIABLE const char *krb5_config_file; |
| 956 | extern KRB5_LIB_VARIABLE const char *krb5_defkeyname; |
| 957 | |
| 958 | |
| 959 | extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops; |
| 960 | extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_dcc_ops; |
| 961 | extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops; |
| 962 | extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops; |
| 963 | extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops; |
| 964 | extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops; |
| 965 | extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops; |
| 966 | |
| 967 | extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops; |
| 968 | extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_wrfkt_ops; |
| 969 | extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_javakt_ops; |
| 970 | extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_mkt_ops; |
| 971 | extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_akf_ops; |
| 972 | extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_any_ops; |
| 973 | |
| 974 | extern KRB5_LIB_VARIABLE const char *krb5_cc_type_api; |
| 975 | extern KRB5_LIB_VARIABLE const char *krb5_cc_type_file; |
| 976 | extern KRB5_LIB_VARIABLE const char *krb5_cc_type_memory; |
| 977 | extern KRB5_LIB_VARIABLE const char *krb5_cc_type_kcm; |
| 978 | extern KRB5_LIB_VARIABLE const char *krb5_cc_type_scc; |
| 979 | extern KRB5_LIB_VARIABLE const char *krb5_cc_type_dcc; |
| 980 | |
| 981 | #endif /* __KRB5_H__ */ |
| 982 | |
| 983 |
Generated while processing netbsd/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/8003.c
Generated on 2019-Jul-19 from project netbsd revision f9da89e0d
Powered by 
Code Browser 2.1
Generator usage only permitted with license.