2 * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 /* $Id: krb5.h,v 1.255 2006/11/12 08:33:07 lha Exp $ */
40 #include <krb5-types.h>
47 #include <krb5_asn1.h>
49 /* name confusion with MIT */
50 #ifndef KRB5KDC_ERR_KEY_EXP
51 #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
54 /* simple constants */
61 typedef int krb5_boolean
;
63 typedef int32_t krb5_error_code
;
65 typedef int krb5_kvno
;
67 typedef uint32_t krb5_flags
;
69 typedef void *krb5_pointer
;
70 typedef const void *krb5_const_pointer
;
72 struct krb5_crypto_data
;
73 typedef struct krb5_crypto_data
*krb5_crypto
;
75 struct krb5_get_creds_opt_data
;
76 typedef struct krb5_get_creds_opt_data
*krb5_get_creds_opt
;
79 typedef struct krb5_digest
*krb5_digest
;
83 typedef struct krb5_rd_req_in_ctx
*krb5_rd_req_in_ctx
;
84 typedef struct krb5_rd_req_out_ctx
*krb5_rd_req_out_ctx
;
86 typedef CKSUMTYPE krb5_cksumtype
;
88 typedef Checksum krb5_checksum
;
90 typedef ENCTYPE krb5_enctype
;
92 typedef heim_octet_string krb5_data
;
94 /* PKINIT related forward declarations */
96 struct krb5_pk_identity
;
99 /* krb5_enc_data is a mit compat structure */
100 typedef struct krb5_enc_data
{
101 krb5_enctype enctype
;
103 krb5_data ciphertext
;
106 /* alternative names */
108 ENCTYPE_NULL
= ETYPE_NULL
,
109 ENCTYPE_DES_CBC_CRC
= ETYPE_DES_CBC_CRC
,
110 ENCTYPE_DES_CBC_MD4
= ETYPE_DES_CBC_MD4
,
111 ENCTYPE_DES_CBC_MD5
= ETYPE_DES_CBC_MD5
,
112 ENCTYPE_DES3_CBC_MD5
= ETYPE_DES3_CBC_MD5
,
113 ENCTYPE_OLD_DES3_CBC_SHA1
= ETYPE_OLD_DES3_CBC_SHA1
,
114 ENCTYPE_SIGN_DSA_GENERATE
= ETYPE_SIGN_DSA_GENERATE
,
115 ENCTYPE_ENCRYPT_RSA_PRIV
= ETYPE_ENCRYPT_RSA_PRIV
,
116 ENCTYPE_ENCRYPT_RSA_PUB
= ETYPE_ENCRYPT_RSA_PUB
,
117 ENCTYPE_DES3_CBC_SHA1
= ETYPE_DES3_CBC_SHA1
,
118 ENCTYPE_AES128_CTS_HMAC_SHA1_96
= ETYPE_AES128_CTS_HMAC_SHA1_96
,
119 ENCTYPE_AES256_CTS_HMAC_SHA1_96
= ETYPE_AES256_CTS_HMAC_SHA1_96
,
120 ENCTYPE_ARCFOUR_HMAC
= ETYPE_ARCFOUR_HMAC_MD5
,
121 ENCTYPE_ARCFOUR_HMAC_MD5
= ETYPE_ARCFOUR_HMAC_MD5
,
122 ENCTYPE_ARCFOUR_HMAC_MD5_56
= ETYPE_ARCFOUR_HMAC_MD5_56
,
123 ENCTYPE_ENCTYPE_PK_CROSS
= ETYPE_ENCTYPE_PK_CROSS
,
124 ENCTYPE_DES_CBC_NONE
= ETYPE_DES_CBC_NONE
,
125 ENCTYPE_DES3_CBC_NONE
= ETYPE_DES3_CBC_NONE
,
126 ENCTYPE_DES_CFB64_NONE
= ETYPE_DES_CFB64_NONE
,
127 ENCTYPE_DES_PCBC_NONE
= ETYPE_DES_PCBC_NONE
130 typedef PADATA_TYPE krb5_preauthtype
;
132 typedef enum krb5_key_usage
{
133 KRB5_KU_PA_ENC_TIMESTAMP
= 1,
134 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
135 client key (section 5.4.1) */
137 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
138 application session key), encrypted with the service key
140 KRB5_KU_AS_REP_ENC_PART
= 3,
141 /* AS-REP encrypted part (includes tgs session key or application
142 session key), encrypted with the client key (section 5.4.2) */
143 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION
= 4,
144 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
145 session key (section 5.4.1) */
146 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY
= 5,
147 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
148 authenticator subkey (section 5.4.1) */
149 KRB5_KU_TGS_REQ_AUTH_CKSUM
= 6,
150 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
151 with the tgs session key (sections 5.3.2, 5.4.1) */
152 KRB5_KU_TGS_REQ_AUTH
= 7,
153 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
154 authenticator subkey), encrypted with the tgs session key
156 KRB5_KU_TGS_REP_ENC_PART_SESSION
= 8,
157 /* TGS-REP encrypted part (includes application session key),
158 encrypted with the tgs session key (section 5.4.2) */
159 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY
= 9,
160 /* TGS-REP encrypted part (includes application session key),
161 encrypted with the tgs authenticator subkey (section 5.4.2) */
162 KRB5_KU_AP_REQ_AUTH_CKSUM
= 10,
163 /* AP-REQ Authenticator cksum, keyed with the application session
164 key (section 5.3.2) */
165 KRB5_KU_AP_REQ_AUTH
= 11,
166 /* AP-REQ Authenticator (includes application authenticator
167 subkey), encrypted with the application session key (section
169 KRB5_KU_AP_REQ_ENC_PART
= 12,
170 /* AP-REP encrypted part (includes application session subkey),
171 encrypted with the application session key (section 5.5.2) */
172 KRB5_KU_KRB_PRIV
= 13,
173 /* KRB-PRIV encrypted part, encrypted with a key chosen by the
174 application (section 5.7.1) */
175 KRB5_KU_KRB_CRED
= 14,
176 /* KRB-CRED encrypted part, encrypted with a key chosen by the
177 application (section 5.8.1) */
178 KRB5_KU_KRB_SAFE_CKSUM
= 15,
179 /* KRB-SAFE cksum, keyed with a key chosen by the application
181 KRB5_KU_OTHER_ENCRYPTED
= 16,
182 /* Data which is defined in some specification outside of
183 Kerberos to be encrypted using an RFC1510 encryption type. */
184 KRB5_KU_OTHER_CKSUM
= 17,
185 /* Data which is defined in some specification outside of
186 Kerberos to be checksummed using an RFC1510 checksum type. */
187 KRB5_KU_KRB_ERROR
= 18,
188 /* Krb-error checksum */
189 KRB5_KU_AD_KDC_ISSUED
= 19,
190 /* AD-KDCIssued checksum */
191 KRB5_KU_MANDATORY_TICKET_EXTENSION
= 20,
192 /* Checksum for Mandatory Ticket Extensions */
193 KRB5_KU_AUTH_DATA_TICKET_EXTENSION
= 21,
194 /* Checksum in Authorization Data in Ticket Extensions */
195 KRB5_KU_USAGE_SEAL
= 22,
196 /* seal in GSSAPI krb5 mechanism */
197 KRB5_KU_USAGE_SIGN
= 23,
198 /* sign in GSSAPI krb5 mechanism */
199 KRB5_KU_USAGE_SEQ
= 24,
200 /* SEQ in GSSAPI krb5 mechanism */
201 KRB5_KU_USAGE_ACCEPTOR_SEAL
= 22,
202 /* acceptor sign in GSSAPI CFX krb5 mechanism */
203 KRB5_KU_USAGE_ACCEPTOR_SIGN
= 23,
204 /* acceptor seal in GSSAPI CFX krb5 mechanism */
205 KRB5_KU_USAGE_INITIATOR_SEAL
= 24,
206 /* initiator sign in GSSAPI CFX krb5 mechanism */
207 KRB5_KU_USAGE_INITIATOR_SIGN
= 25,
208 /* initiator seal in GSSAPI CFX krb5 mechanism */
209 KRB5_KU_PA_SERVER_REFERRAL_DATA
= 22,
210 /* encrypted server referral data */
211 KRB5_KU_SAM_CHECKSUM
= 25,
212 /* Checksum for the SAM-CHECKSUM field */
213 KRB5_KU_SAM_ENC_TRACK_ID
= 26,
214 /* Encryption of the SAM-TRACK-ID field */
215 KRB5_KU_PA_SERVER_REFERRAL
= 26,
216 /* Keyusage for the server referral in a TGS req */
217 KRB5_KU_SAM_ENC_NONCE_SAD
= 27,
218 /* Encryption of the SAM-NONCE-OR-SAD field */
219 KRB5_KU_TGS_IMPERSONATE
= -17,
220 /* Checksum type used in the impersonate field */
221 KRB5_KU_DIGEST_ENCRYPT
= -18,
222 /* Encryption key usage used in the digest encryption field */
223 KRB5_KU_DIGEST_OPAQUE
= -19,
224 /* Checksum key usage used in the digest opaque field */
225 KRB5_KU_KRB5SIGNEDPATH
= -21
226 /* Checksum key usage on KRB5SignedPath */
229 typedef krb5_key_usage krb5_keyusage
;
231 typedef enum krb5_salttype
{
232 KRB5_PW_SALT
= KRB5_PADATA_PW_SALT
,
233 KRB5_AFS3_SALT
= KRB5_PADATA_AFS3_SALT
236 typedef struct krb5_salt
{
237 krb5_salttype salttype
;
241 typedef ETYPE_INFO krb5_preauthinfo
;
244 krb5_preauthtype type
;
245 krb5_preauthinfo info
; /* list of preauthinfo for this type */
246 } krb5_preauthdata_entry
;
248 typedef struct krb5_preauthdata
{
250 krb5_preauthdata_entry
*val
;
253 typedef enum krb5_address_type
{
254 KRB5_ADDRESS_INET
= 2,
255 KRB5_ADDRESS_NETBIOS
= 20,
256 KRB5_ADDRESS_INET6
= 24,
257 KRB5_ADDRESS_ADDRPORT
= 256,
258 KRB5_ADDRESS_IPPORT
= 257
262 AP_OPTS_USE_SESSION_KEY
= 1,
263 AP_OPTS_MUTUAL_REQUIRED
= 2,
264 AP_OPTS_USE_SUBKEY
= 4 /* library internal */
267 typedef HostAddress krb5_address
;
269 typedef HostAddresses krb5_addresses
;
271 typedef enum krb5_keytype
{
277 KEYTYPE_ARCFOUR
= 23,
278 KEYTYPE_ARCFOUR_56
= 24
281 typedef EncryptionKey krb5_keyblock
;
283 typedef AP_REQ krb5_ap_req
;
287 #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
289 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
291 #define KRB5_ACCEPT_NULL_ADDRESSES(C) \
292 krb5_config_get_bool_default((C), NULL, TRUE, \
293 "libdefaults", "accept_null_addresses", \
296 typedef void *krb5_cc_cursor
;
298 typedef struct krb5_ccache_data
{
299 const struct krb5_cc_ops
*ops
;
303 typedef struct krb5_ccache_data
*krb5_ccache
;
305 typedef struct krb5_context_data
*krb5_context
;
307 typedef Realm krb5_realm
;
308 typedef const char *krb5_const_realm
; /* stupid language */
310 #define krb5_realm_length(r) strlen(r)
311 #define krb5_realm_data(r) (r)
313 typedef Principal krb5_principal_data
;
314 typedef struct Principal
*krb5_principal
;
315 typedef const struct Principal
*krb5_const_principal
;
317 typedef time_t krb5_deltat
;
318 typedef time_t krb5_timestamp
;
320 typedef struct krb5_times
{
321 krb5_timestamp authtime
;
322 krb5_timestamp starttime
;
323 krb5_timestamp endtime
;
324 krb5_timestamp renew_till
;
332 /* options for krb5_get_in_tkt() */
333 #define KDC_OPT_FORWARDABLE (1 << 1)
334 #define KDC_OPT_FORWARDED (1 << 2)
335 #define KDC_OPT_PROXIABLE (1 << 3)
336 #define KDC_OPT_PROXY (1 << 4)
337 #define KDC_OPT_ALLOW_POSTDATE (1 << 5)
338 #define KDC_OPT_POSTDATED (1 << 6)
339 #define KDC_OPT_RENEWABLE (1 << 8)
340 #define KDC_OPT_REQUEST_ANONYMOUS (1 << 14)
341 #define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26)
342 #define KDC_OPT_RENEWABLE_OK (1 << 27)
343 #define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28)
344 #define KDC_OPT_RENEW (1 << 30)
345 #define KDC_OPT_VALIDATE (1 << 31)
352 /* flags for krb5_verify_ap_req */
354 #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0)
356 #define KRB5_GC_CACHED (1U << 0)
357 #define KRB5_GC_USER_USER (1U << 1)
358 #define KRB5_GC_EXPIRED_OK (1U << 2)
359 #define KRB5_GC_NO_STORE (1U << 3)
360 #define KRB5_GC_FORWARDABLE (1U << 4)
361 #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5)
363 /* constants for compare_creds (and cc_retrieve_cred) */
364 #define KRB5_TC_DONT_MATCH_REALM (1U << 31)
365 #define KRB5_TC_MATCH_KEYTYPE (1U << 30)
366 #define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */
367 #define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
368 #define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
369 #define KRB5_TC_MATCH_FLAGS (1 << 27)
370 #define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
371 #define KRB5_TC_MATCH_TIMES (1 << 25)
372 #define KRB5_TC_MATCH_AUTHDATA (1 << 24)
373 #define KRB5_TC_MATCH_2ND_TKT (1 << 23)
374 #define KRB5_TC_MATCH_IS_SKEY (1 << 22)
376 typedef AuthorizationData krb5_authdata
;
378 typedef KRB_ERROR krb5_error
;
380 typedef struct krb5_creds
{
381 krb5_principal client
;
382 krb5_principal server
;
383 krb5_keyblock session
;
386 krb5_data second_ticket
;
387 krb5_authdata authdata
;
388 krb5_addresses addresses
;
389 krb5_ticket_flags flags
;
392 typedef struct krb5_cc_cache_cursor_data
*krb5_cc_cache_cursor
;
394 typedef struct krb5_cc_ops
{
396 const char* (*get_name
)(krb5_context
, krb5_ccache
);
397 krb5_error_code (*resolve
)(krb5_context
, krb5_ccache
*, const char *);
398 krb5_error_code (*gen_new
)(krb5_context
, krb5_ccache
*);
399 krb5_error_code (*init
)(krb5_context
, krb5_ccache
, krb5_principal
);
400 krb5_error_code (*destroy
)(krb5_context
, krb5_ccache
);
401 krb5_error_code (*close
)(krb5_context
, krb5_ccache
);
402 krb5_error_code (*store
)(krb5_context
, krb5_ccache
, krb5_creds
*);
403 krb5_error_code (*retrieve
)(krb5_context
, krb5_ccache
,
404 krb5_flags
, const krb5_creds
*, krb5_creds
*);
405 krb5_error_code (*get_princ
)(krb5_context
, krb5_ccache
, krb5_principal
*);
406 krb5_error_code (*get_first
)(krb5_context
, krb5_ccache
, krb5_cc_cursor
*);
407 krb5_error_code (*get_next
)(krb5_context
, krb5_ccache
,
408 krb5_cc_cursor
*, krb5_creds
*);
409 krb5_error_code (*end_get
)(krb5_context
, krb5_ccache
, krb5_cc_cursor
*);
410 krb5_error_code (*remove_cred
)(krb5_context
, krb5_ccache
,
411 krb5_flags
, krb5_creds
*);
412 krb5_error_code (*set_flags
)(krb5_context
, krb5_ccache
, krb5_flags
);
413 int (*get_version
)(krb5_context
, krb5_ccache
);
414 krb5_error_code (*get_cache_first
)(krb5_context
, krb5_cc_cursor
*);
415 krb5_error_code (*get_cache_next
)(krb5_context
, krb5_cc_cursor
, krb5_ccache
*);
416 krb5_error_code (*end_cache_get
)(krb5_context
, krb5_cc_cursor
);
419 struct krb5_log_facility
;
421 struct krb5_config_binding
{
422 enum { krb5_config_string
, krb5_config_list
} type
;
424 struct krb5_config_binding
*next
;
427 struct krb5_config_binding
*list
;
432 typedef struct krb5_config_binding krb5_config_binding
;
434 typedef krb5_config_binding krb5_config_section
;
437 KRB5_PKINIT_WIN2K
= 1, /* wire compatible with Windows 2k */
438 KRB5_PKINIT_PACKET_CABLE
= 2 /* use packet cable standard */
441 typedef struct krb5_ticket
{
442 EncTicketPart ticket
;
443 krb5_principal client
;
444 krb5_principal server
;
447 typedef Authenticator krb5_authenticator_data
;
449 typedef krb5_authenticator_data
*krb5_authenticator
;
451 struct krb5_rcache_data
;
452 typedef struct krb5_rcache_data
*krb5_rcache
;
453 typedef Authenticator krb5_donot_replay
;
455 #define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */
456 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02
457 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04
458 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08
459 #define KRB5_STORAGE_BYTEORDER_MASK 0x60
460 #define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */
461 #define KRB5_STORAGE_BYTEORDER_LE 0x20
462 #define KRB5_STORAGE_BYTEORDER_HOST 0x40
463 #define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80
465 struct krb5_storage_data
;
466 typedef struct krb5_storage_data krb5_storage
;
468 typedef struct krb5_keytab_entry
{
469 krb5_principal principal
;
471 krb5_keyblock keyblock
;
475 typedef struct krb5_kt_cursor
{
481 struct krb5_keytab_data
;
483 typedef struct krb5_keytab_data
*krb5_keytab
;
485 #define KRB5_KT_PREFIX_MAX_LEN 30
487 struct krb5_keytab_data
{
489 krb5_error_code (*resolve
)(krb5_context
, const char*, krb5_keytab
);
490 krb5_error_code (*get_name
)(krb5_context
, krb5_keytab
, char*, size_t);
491 krb5_error_code (*close
)(krb5_context
, krb5_keytab
);
492 krb5_error_code (*get
)(krb5_context
, krb5_keytab
, krb5_const_principal
,
493 krb5_kvno
, krb5_enctype
, krb5_keytab_entry
*);
494 krb5_error_code (*start_seq_get
)(krb5_context
, krb5_keytab
, krb5_kt_cursor
*);
495 krb5_error_code (*next_entry
)(krb5_context
, krb5_keytab
,
496 krb5_keytab_entry
*, krb5_kt_cursor
*);
497 krb5_error_code (*end_seq_get
)(krb5_context
, krb5_keytab
, krb5_kt_cursor
*);
498 krb5_error_code (*add
)(krb5_context
, krb5_keytab
, krb5_keytab_entry
*);
499 krb5_error_code (*remove
)(krb5_context
, krb5_keytab
, krb5_keytab_entry
*);
504 typedef struct krb5_keytab_data krb5_kt_ops
;
506 struct krb5_keytab_key_proc_args
{
508 krb5_principal principal
;
511 typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args
;
513 typedef struct krb5_replay_data
{
514 krb5_timestamp timestamp
;
519 /* flags for krb5_auth_con_setflags */
521 KRB5_AUTH_CONTEXT_DO_TIME
= 1,
522 KRB5_AUTH_CONTEXT_RET_TIME
= 2,
523 KRB5_AUTH_CONTEXT_DO_SEQUENCE
= 4,
524 KRB5_AUTH_CONTEXT_RET_SEQUENCE
= 8,
525 KRB5_AUTH_CONTEXT_PERMIT_ALL
= 16,
526 KRB5_AUTH_CONTEXT_USE_SUBKEY
= 32,
527 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
= 64
530 /* flags for krb5_auth_con_genaddrs */
532 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
= 1,
533 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR
= 3,
534 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
= 4,
535 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR
= 12
538 typedef struct krb5_auth_context_data
{
541 krb5_address
*local_address
;
542 krb5_address
*remote_address
;
545 krb5_keyblock
*keyblock
;
546 krb5_keyblock
*local_subkey
;
547 krb5_keyblock
*remote_subkey
;
549 uint32_t local_seqnumber
;
550 uint32_t remote_seqnumber
;
552 krb5_authenticator authenticator
;
554 krb5_pointer i_vector
;
558 krb5_keytype keytype
; /* ¿requested key type ? */
559 krb5_cksumtype cksumtype
; /* ¡requested checksum type! */
561 }krb5_auth_context_data
, *krb5_auth_context
;
565 EncKDCRepPart enc_part
;
569 extern const char *heimdal_version
, *heimdal_long_version
;
571 typedef void (*krb5_log_log_func_t
)(const char*, const char*, void*);
572 typedef void (*krb5_log_close_func_t
)(void*);
574 typedef struct krb5_log_facility
{
577 struct facility
*val
;
580 typedef EncAPRepPart krb5_ap_rep_enc_part
;
582 #define KRB5_RECVAUTH_IGNORE_VERSION 1
584 #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
586 #define KRB5_TGS_NAME_SIZE (6)
587 #define KRB5_TGS_NAME ("krbtgt")
589 #define KRB5_DIGEST_NAME ("digest")
593 extern const char *krb5_config_file
;
594 extern const char *krb5_defkeyname
;
597 KRB5_PROMPT_TYPE_PASSWORD
= 0x1,
598 KRB5_PROMPT_TYPE_NEW_PASSWORD
= 0x2,
599 KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN
= 0x3,
600 KRB5_PROMPT_TYPE_PREAUTH
= 0x4,
601 KRB5_PROMPT_TYPE_INFO
= 0x5
604 typedef struct _krb5_prompt
{
608 krb5_prompt_type type
;
611 typedef int (*krb5_prompter_fct
)(krb5_context
/*context*/,
613 const char * /*name*/,
614 const char * /*banner*/,
616 krb5_prompt
/*prompts*/[]);
617 typedef krb5_error_code (*krb5_key_proc
)(krb5_context
/*context*/,
618 krb5_enctype
/*type*/,
620 krb5_const_pointer
/*keyseed*/,
621 krb5_keyblock
** /*key*/);
622 typedef krb5_error_code (*krb5_decrypt_proc
)(krb5_context
/*context*/,
623 krb5_keyblock
* /*key*/,
624 krb5_key_usage
/*usage*/,
625 krb5_const_pointer
/*decrypt_arg*/,
626 krb5_kdc_rep
* /*dec_rep*/);
627 typedef krb5_error_code (*krb5_s2k_proc
)(krb5_context
/*context*/,
628 krb5_enctype
/*type*/,
629 krb5_const_pointer
/*keyseed*/,
631 krb5_data
* /*s2kparms*/,
632 krb5_keyblock
** /*key*/);
634 struct _krb5_get_init_creds_opt_private
;
636 typedef struct _krb5_get_init_creds_opt
{
638 krb5_deltat tkt_life
;
639 krb5_deltat renew_life
;
643 krb5_enctype
*etype_list
;
644 int etype_list_length
;
645 krb5_addresses
*address_list
;
646 /* XXX the next three should not be used, as they may be
648 krb5_preauthtype
*preauth_list
;
649 int preauth_list_length
;
651 struct _krb5_get_init_creds_opt_private
*opt_private
;
652 } krb5_get_init_creds_opt
;
654 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
655 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
656 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
657 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
658 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
659 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
660 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
661 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
662 #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100
663 #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200
665 typedef struct _krb5_verify_init_creds_opt
{
668 } krb5_verify_init_creds_opt
;
670 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
672 typedef struct krb5_verify_opt
{
680 #define KRB5_VERIFY_LREALMS 1
681 #define KRB5_VERIFY_NO_ADDRESSES 2
683 extern const krb5_cc_ops krb5_acc_ops
;
684 extern const krb5_cc_ops krb5_fcc_ops
;
685 extern const krb5_cc_ops krb5_mcc_ops
;
686 extern const krb5_cc_ops krb5_kcm_ops
;
688 extern const krb5_kt_ops krb5_fkt_ops
;
689 extern const krb5_kt_ops krb5_wrfkt_ops
;
690 extern const krb5_kt_ops krb5_javakt_ops
;
691 extern const krb5_kt_ops krb5_mkt_ops
;
692 extern const krb5_kt_ops krb5_akf_ops
;
693 extern const krb5_kt_ops krb4_fkt_ops
;
694 extern const krb5_kt_ops krb5_srvtab_fkt_ops
;
695 extern const krb5_kt_ops krb5_any_ops
;
697 #define KRB5_KPASSWD_VERS_CHANGEPW 1
698 #define KRB5_KPASSWD_VERS_SETPW 0xff80
700 #define KRB5_KPASSWD_SUCCESS 0
701 #define KRB5_KPASSWD_MALFORMED 1
702 #define KRB5_KPASSWD_HARDERROR 2
703 #define KRB5_KPASSWD_AUTHERROR 3
704 #define KRB5_KPASSWD_SOFTERROR 4
705 #define KRB5_KPASSWD_ACCESSDENIED 5
706 #define KRB5_KPASSWD_BAD_VERSION 6
707 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
709 #define KPASSWD_PORT 464
711 /* types for the new krbhst interface */
712 struct krb5_krbhst_data
;
713 typedef struct krb5_krbhst_data
*krb5_krbhst_handle
;
715 #define KRB5_KRBHST_KDC 1
716 #define KRB5_KRBHST_ADMIN 2
717 #define KRB5_KRBHST_CHANGEPW 3
718 #define KRB5_KRBHST_KRB524 4
720 typedef struct krb5_krbhst_info
{
721 enum { KRB5_KRBHST_UDP
,
723 KRB5_KRBHST_HTTP
} proto
;
725 unsigned short def_port
;
727 struct krb5_krbhst_info
*next
;
728 char hostname
[1]; /* has to come last */
731 /* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
733 KRB5_KRBHST_FLAGS_MASTER
= 1,
734 KRB5_KRBHST_FLAGS_LARGE_MSG
= 2
737 typedef krb5_error_code (*krb5_send_to_kdc_func
)(krb5_context
,
743 /* flags for krb5_parse_name_flags */
745 KRB5_PRINCIPAL_PARSE_NO_REALM
= 1,
746 KRB5_PRINCIPAL_PARSE_MUST_REALM
= 2
749 /* flags for krb5_unparse_name_flags */
751 KRB5_PRINCIPAL_UNPARSE_SHORT
= 1,
752 KRB5_PRINCIPAL_UNPARSE_NO_REALM
= 2
755 struct credentials
; /* this is to keep the compiler happy */
759 #include <krb5-protos.h>
761 #endif /* __KRB5_H__ */