search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r13121: Tag 4.0.0TP1
[Samba/gbeck.git] / source / heimdal / lib / krb5 / krb5.h
blobadee4708e6fac08b87ec7e6f0da51889b5f0a7f2
1 /*
2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /* $Id: krb5.h,v 1.240 2005/11/30 15:20:32 lha Exp $ */
35
36 #ifndef __KRB5_H__
37 #define __KRB5_H__
38
39 #include <time.h>
40 #include <krb5-types.h>
41
42 #include <asn1_err.h>
43 #include <krb5_err.h>
44 #include <heim_err.h>
45 #include <k524_err.h>
46
47 #include <krb5_asn1.h>
48
49 /* name confusion with MIT */
50 #ifndef KRB5KDC_ERR_KEY_EXP
51 #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
52 #endif
53
54 /* simple constants */
55
56 #ifndef TRUE
57 #define TRUE 1
58 #define FALSE 0
59 #endif
60
61 typedef int krb5_boolean;
62
63 typedef int32_t krb5_error_code;
64
65 typedef int krb5_kvno;
66
67 typedef u_int32_t krb5_flags;
68
69 typedef void *krb5_pointer;
70 typedef const void *krb5_const_pointer;
71
72 struct krb5_crypto_data;
73 typedef struct krb5_crypto_data *krb5_crypto;
74
75 typedef CKSUMTYPE krb5_cksumtype;
76
77 typedef Checksum krb5_checksum;
78
79 typedef ENCTYPE krb5_enctype;
80
81 typedef heim_octet_string krb5_data;
82
83 /* PKINIT related forward declarations */
84 struct ContentInfo;
85 struct krb5_pk_identity;
86 struct krb5_pk_cert;
87
88 /* krb5_enc_data is a mit compat structure */
89 typedef struct krb5_enc_data {
90 krb5_enctype enctype;
91 krb5_kvno kvno;
92 krb5_data ciphertext;
93 } krb5_enc_data;
94
95 /* alternative names */
96 enum {
97 ENCTYPE_NULL = ETYPE_NULL,
98 ENCTYPE_DES_CBC_CRC = ETYPE_DES_CBC_CRC,
99 ENCTYPE_DES_CBC_MD4 = ETYPE_DES_CBC_MD4,
100 ENCTYPE_DES_CBC_MD5 = ETYPE_DES_CBC_MD5,
101 ENCTYPE_DES3_CBC_MD5 = ETYPE_DES3_CBC_MD5,
102 ENCTYPE_OLD_DES3_CBC_SHA1 = ETYPE_OLD_DES3_CBC_SHA1,
103 ENCTYPE_SIGN_DSA_GENERATE = ETYPE_SIGN_DSA_GENERATE,
104 ENCTYPE_ENCRYPT_RSA_PRIV = ETYPE_ENCRYPT_RSA_PRIV,
105 ENCTYPE_ENCRYPT_RSA_PUB = ETYPE_ENCRYPT_RSA_PUB,
106 ENCTYPE_DES3_CBC_SHA1 = ETYPE_DES3_CBC_SHA1,
107 ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96,
108 ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96,
109 ENCTYPE_ARCFOUR_HMAC = ETYPE_ARCFOUR_HMAC_MD5,
110 ENCTYPE_ARCFOUR_HMAC_MD5 = ETYPE_ARCFOUR_HMAC_MD5,
111 ENCTYPE_ARCFOUR_HMAC_MD5_56 = ETYPE_ARCFOUR_HMAC_MD5_56,
112 ENCTYPE_ENCTYPE_PK_CROSS = ETYPE_ENCTYPE_PK_CROSS,
113 ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE,
114 ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE,
115 ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE,
116 ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE
117 };
118
119 typedef PADATA_TYPE krb5_preauthtype;
120
121 typedef enum krb5_key_usage {
122 KRB5_KU_PA_ENC_TIMESTAMP = 1,
123 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
124 client key (section 5.4.1) */
125 KRB5_KU_TICKET = 2,
126 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
127 application session key), encrypted with the service key
128 (section 5.4.2) */
129 KRB5_KU_AS_REP_ENC_PART = 3,
130 /* AS-REP encrypted part (includes tgs session key or application
131 session key), encrypted with the client key (section 5.4.2) */
132 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
133 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
134 session key (section 5.4.1) */
135 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
136 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
137 authenticator subkey (section 5.4.1) */
138 KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
139 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
140 with the tgs session key (sections 5.3.2, 5.4.1) */
141 KRB5_KU_TGS_REQ_AUTH = 7,
142 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
143 authenticator subkey), encrypted with the tgs session key
144 (section 5.3.2) */
145 KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
146 /* TGS-REP encrypted part (includes application session key),
147 encrypted with the tgs session key (section 5.4.2) */
148 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
149 /* TGS-REP encrypted part (includes application session key),
150 encrypted with the tgs authenticator subkey (section 5.4.2) */
151 KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
152 /* AP-REQ Authenticator cksum, keyed with the application session
153 key (section 5.3.2) */
154 KRB5_KU_AP_REQ_AUTH = 11,
155 /* AP-REQ Authenticator (includes application authenticator
156 subkey), encrypted with the application session key (section
157 5.3.2) */
158 KRB5_KU_AP_REQ_ENC_PART = 12,
159 /* AP-REP encrypted part (includes application session subkey),
160 encrypted with the application session key (section 5.5.2) */
161 KRB5_KU_KRB_PRIV = 13,
162 /* KRB-PRIV encrypted part, encrypted with a key chosen by the
163 application (section 5.7.1) */
164 KRB5_KU_KRB_CRED = 14,
165 /* KRB-CRED encrypted part, encrypted with a key chosen by the
166 application (section 5.8.1) */
167 KRB5_KU_KRB_SAFE_CKSUM = 15,
168 /* KRB-SAFE cksum, keyed with a key chosen by the application
169 (section 5.6.1) */
170 KRB5_KU_OTHER_ENCRYPTED = 16,
171 /* Data which is defined in some specification outside of
172 Kerberos to be encrypted using an RFC1510 encryption type. */
173 KRB5_KU_OTHER_CKSUM = 17,
174 /* Data which is defined in some specification outside of
175 Kerberos to be checksummed using an RFC1510 checksum type. */
176 KRB5_KU_KRB_ERROR = 18,
177 /* Krb-error checksum */
178 KRB5_KU_AD_KDC_ISSUED = 19,
179 /* AD-KDCIssued checksum */
180 KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
181 /* Checksum for Mandatory Ticket Extensions */
182 KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
183 /* Checksum in Authorization Data in Ticket Extensions */
184 KRB5_KU_USAGE_SEAL = 22,
185 /* seal in GSSAPI krb5 mechanism */
186 KRB5_KU_USAGE_SIGN = 23,
187 /* sign in GSSAPI krb5 mechanism */
188 KRB5_KU_USAGE_SEQ = 24,
189 /* SEQ in GSSAPI krb5 mechanism */
190 KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
191 /* acceptor sign in GSSAPI CFX krb5 mechanism */
192 KRB5_KU_USAGE_ACCEPTOR_SIGN = 23,
193 /* acceptor seal in GSSAPI CFX krb5 mechanism */
194 KRB5_KU_USAGE_INITIATOR_SEAL = 24,
195 /* initiator sign in GSSAPI CFX krb5 mechanism */
196 KRB5_KU_USAGE_INITIATOR_SIGN = 25,
197 /* initiator seal in GSSAPI CFX krb5 mechanism */
198 KRB5_KU_PA_SERVER_REFERRAL_DATA = 22,
199 /* encrypted server referral data */
200 KRB5_KU_SAM_CHECKSUM = 25,
201 /* Checksum for the SAM-CHECKSUM field */
202 KRB5_KU_SAM_ENC_TRACK_ID = 26,
203 /* Encryption of the SAM-TRACK-ID field */
204 KRB5_KU_PA_SERVER_REFERRAL = 26,
205 /* Keyusage for the server referral in a TGS req */
206 KRB5_KU_SAM_ENC_NONCE_SAD = 27
207 /* Encryption of the SAM-NONCE-OR-SAD field */
208 } krb5_key_usage;
209
210 typedef krb5_key_usage krb5_keyusage;
211
212 typedef enum krb5_salttype {
213 KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
214 KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
215 }krb5_salttype;
216
217 typedef struct krb5_salt {
218 krb5_salttype salttype;
219 krb5_data saltvalue;
220 } krb5_salt;
221
222 typedef ETYPE_INFO krb5_preauthinfo;
223
224 typedef struct {
225 krb5_preauthtype type;
226 krb5_preauthinfo info; /* list of preauthinfo for this type */
227 } krb5_preauthdata_entry;
228
229 typedef struct krb5_preauthdata {
230 unsigned len;
231 krb5_preauthdata_entry *val;
232 }krb5_preauthdata;
233
234 typedef enum krb5_address_type {
235 KRB5_ADDRESS_INET = 2,
236 KRB5_ADDRESS_NETBIOS = 20,
237 KRB5_ADDRESS_INET6 = 24,
238 KRB5_ADDRESS_ADDRPORT = 256,
239 KRB5_ADDRESS_IPPORT = 257
240 } krb5_address_type;
241
242 enum {
243 AP_OPTS_USE_SESSION_KEY = 1,
244 AP_OPTS_MUTUAL_REQUIRED = 2,
245 AP_OPTS_USE_SUBKEY = 4 /* library internal */
246 };
247
248 typedef HostAddress krb5_address;
249
250 typedef HostAddresses krb5_addresses;
251
252 typedef enum krb5_keytype {
253 KEYTYPE_NULL = 0,
254 KEYTYPE_DES = 1,
255 KEYTYPE_DES3 = 7,
256 KEYTYPE_AES128 = 17,
257 KEYTYPE_AES256 = 18,
258 KEYTYPE_ARCFOUR = 23,
259 KEYTYPE_ARCFOUR_56 = 24,
260 KEYTYPE_RC2 = -0x1005,
261 KEYTYPE_AES192 = -0x1006
262 } krb5_keytype;
263
264 typedef EncryptionKey krb5_keyblock;
265
266 typedef AP_REQ krb5_ap_req;
267
268 struct krb5_cc_ops;
269
270 #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
271
272 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
273
274 #define KRB5_ACCEPT_NULL_ADDRESSES(C) \
275 krb5_config_get_bool_default((C), NULL, TRUE, \
276 "libdefaults", "accept_null_addresses", \
277 NULL)
278
279 typedef void *krb5_cc_cursor;
280
281 typedef struct krb5_ccache_data {
282 const struct krb5_cc_ops *ops;
283 krb5_data data;
284 }krb5_ccache_data;
285
286 typedef struct krb5_ccache_data *krb5_ccache;
287
288 typedef struct krb5_context_data *krb5_context;
289
290 typedef Realm krb5_realm;
291 typedef const char *krb5_const_realm; /* stupid language */
292
293 #define krb5_realm_length(r) strlen(r)
294 #define krb5_realm_data(r) (r)
295
296 typedef Principal krb5_principal_data;
297 typedef struct Principal *krb5_principal;
298 typedef const struct Principal *krb5_const_principal;
299
300 typedef time_t krb5_deltat;
301 typedef time_t krb5_timestamp;
302
303 typedef struct krb5_times {
304 krb5_timestamp authtime;
305 krb5_timestamp starttime;
306 krb5_timestamp endtime;
307 krb5_timestamp renew_till;
308 } krb5_times;
309
310 typedef union {
311 TicketFlags b;
312 krb5_flags i;
313 } krb5_ticket_flags;
314
315 /* options for krb5_get_in_tkt() */
316 #define KDC_OPT_FORWARDABLE (1 << 1)
317 #define KDC_OPT_FORWARDED (1 << 2)
318 #define KDC_OPT_PROXIABLE (1 << 3)
319 #define KDC_OPT_PROXY (1 << 4)
320 #define KDC_OPT_ALLOW_POSTDATE (1 << 5)
321 #define KDC_OPT_POSTDATED (1 << 6)
322 #define KDC_OPT_RENEWABLE (1 << 8)
323 #define KDC_OPT_REQUEST_ANONYMOUS (1 << 14)
324 #define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26)
325 #define KDC_OPT_RENEWABLE_OK (1 << 27)
326 #define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28)
327 #define KDC_OPT_RENEW (1 << 30)
328 #define KDC_OPT_VALIDATE (1 << 31)
329
330 typedef union {
331 KDCOptions b;
332 krb5_flags i;
333 } krb5_kdc_flags;
334
335 /* flags for krb5_verify_ap_req */
336
337 #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0)
338
339 #define KRB5_GC_CACHED (1U << 0)
340 #define KRB5_GC_USER_USER (1U << 1)
341 #define KRB5_GC_EXPIRED_OK (1U << 2)
342
343 /* constants for compare_creds (and cc_retrieve_cred) */
344 #define KRB5_TC_DONT_MATCH_REALM (1U << 31)
345 #define KRB5_TC_MATCH_KEYTYPE (1U << 30)
346 #define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */
347 #define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
348 #define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
349 #define KRB5_TC_MATCH_FLAGS (1 << 27)
350 #define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
351 #define KRB5_TC_MATCH_TIMES (1 << 25)
352 #define KRB5_TC_MATCH_AUTHDATA (1 << 24)
353 #define KRB5_TC_MATCH_2ND_TKT (1 << 23)
354 #define KRB5_TC_MATCH_IS_SKEY (1 << 22)
355
356 typedef AuthorizationData krb5_authdata;
357
358 typedef KRB_ERROR krb5_error;
359
360 typedef struct krb5_creds {
361 krb5_principal client;
362 krb5_principal server;
363 krb5_keyblock session;
364 krb5_times times;
365 krb5_data ticket;
366 krb5_data second_ticket;
367 krb5_authdata authdata;
368 krb5_addresses addresses;
369 krb5_ticket_flags flags;
370 } krb5_creds;
371
372 typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
373
374 typedef struct krb5_cc_ops {
375 const char *prefix;
376 const char* (*get_name)(krb5_context, krb5_ccache);
377 krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *);
378 krb5_error_code (*gen_new)(krb5_context, krb5_ccache *);
379 krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal);
380 krb5_error_code (*destroy)(krb5_context, krb5_ccache);
381 krb5_error_code (*close)(krb5_context, krb5_ccache);
382 krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*);
383 krb5_error_code (*retrieve)(krb5_context, krb5_ccache,
384 krb5_flags, const krb5_creds*, krb5_creds *);
385 krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*);
386 krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
387 krb5_error_code (*get_next)(krb5_context, krb5_ccache,
388 krb5_cc_cursor*, krb5_creds*);
389 krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
390 krb5_error_code (*remove_cred)(krb5_context, krb5_ccache,
391 krb5_flags, krb5_creds*);
392 krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags);
393 int (*get_version)(krb5_context, krb5_ccache);
394 krb5_error_code (*get_cache_first)(krb5_context, krb5_cc_cursor *);
395 krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *);
396 krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor);
397 } krb5_cc_ops;
398
399 struct krb5_log_facility;
400
401 struct krb5_config_binding {
402 enum { krb5_config_string, krb5_config_list } type;
403 char *name;
404 struct krb5_config_binding *next;
405 union {
406 char *string;
407 struct krb5_config_binding *list;
408 void *generic;
409 } u;
410 };
411
412 typedef struct krb5_config_binding krb5_config_binding;
413
414 typedef krb5_config_binding krb5_config_section;
415
416 typedef struct krb5_context_data {
417 krb5_enctype *etypes;
418 krb5_enctype *etypes_des;
419 char **default_realms;
420 time_t max_skew;
421 time_t kdc_timeout;
422 unsigned max_retries;
423 int32_t kdc_sec_offset;
424 int32_t kdc_usec_offset;
425 krb5_config_section *cf;
426 struct et_list *et_list;
427 struct krb5_log_facility *warn_dest;
428 krb5_cc_ops *cc_ops;
429 int num_cc_ops;
430 const char *http_proxy;
431 const char *time_fmt;
432 krb5_boolean log_utc;
433 const char *default_keytab;
434 const char *default_keytab_modify;
435 krb5_boolean use_admin_kdc;
436 krb5_addresses *extra_addresses;
437 krb5_boolean scan_interfaces; /* `ifconfig -a' */
438 krb5_boolean srv_lookup; /* do SRV lookups */
439 krb5_boolean srv_try_txt; /* try TXT records also */
440 int32_t fcache_vno; /* create cache files w/ this
441 version */
442 int num_kt_types; /* # of registered keytab types */
443 struct krb5_keytab_data *kt_types; /* registered keytab types */
444 const char *date_fmt;
445 char *error_string;
446 char error_buf[256];
447 krb5_addresses *ignore_addresses;
448 char *default_cc_name;
449 int pkinit_flags;
450 void *mutex; /* protects error_string/error_buf */
451 int large_msg_size;
452 krb5_boolean fdns; /* Lookup hostnames to find full name, or send as-is */
453 struct send_and_recv *send_and_recv; /* Alternate functions for KDC communication */
454 } krb5_context_data;
455
456 enum {
457 KRB5_PKINIT_WIN2K = 1, /* wire compatible with Windows 2k */
458 KRB5_PKINIT_PACKET_CABLE = 2 /* use packet cable standard */
459 };
460
461 typedef struct krb5_ticket {
462 EncTicketPart ticket;
463 krb5_principal client;
464 krb5_principal server;
465 } krb5_ticket;
466
467 typedef Authenticator krb5_authenticator_data;
468
469 typedef krb5_authenticator_data *krb5_authenticator;
470
471 struct krb5_rcache_data;
472 typedef struct krb5_rcache_data *krb5_rcache;
473 typedef Authenticator krb5_donot_replay;
474
475 #define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */
476 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02
477 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04
478 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08
479 #define KRB5_STORAGE_BYTEORDER_MASK 0x60
480 #define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */
481 #define KRB5_STORAGE_BYTEORDER_LE 0x20
482 #define KRB5_STORAGE_BYTEORDER_HOST 0x40
483 #define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80
484
485 struct krb5_storage_data;
486 typedef struct krb5_storage_data krb5_storage;
487
488 typedef struct krb5_keytab_entry {
489 krb5_principal principal;
490 krb5_kvno vno;
491 krb5_keyblock keyblock;
492 u_int32_t timestamp;
493 } krb5_keytab_entry;
494
495 typedef struct krb5_kt_cursor {
496 int fd;
497 krb5_storage *sp;
498 void *data;
499 } krb5_kt_cursor;
500
501 struct krb5_keytab_data;
502
503 typedef struct krb5_keytab_data *krb5_keytab;
504
505 #define KRB5_KT_PREFIX_MAX_LEN 30
506
507 struct krb5_keytab_data {
508 const char *prefix;
509 krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab);
510 krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t);
511 krb5_error_code (*close)(krb5_context, krb5_keytab);
512 krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal,
513 krb5_kvno, krb5_enctype, krb5_keytab_entry*);
514 krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
515 krb5_error_code (*next_entry)(krb5_context, krb5_keytab,
516 krb5_keytab_entry*, krb5_kt_cursor*);
517 krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
518 krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
519 krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
520 void *data;
521 int32_t version;
522 };
523
524 typedef struct krb5_keytab_data krb5_kt_ops;
525
526 struct krb5_keytab_key_proc_args {
527 krb5_keytab keytab;
528 krb5_principal principal;
529 };
530
531 typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
532
533 typedef struct krb5_replay_data {
534 krb5_timestamp timestamp;
535 int32_t usec;
536 u_int32_t seq;
537 } krb5_replay_data;
538
539 /* flags for krb5_auth_con_setflags */
540 enum {
541 KRB5_AUTH_CONTEXT_DO_TIME = 1,
542 KRB5_AUTH_CONTEXT_RET_TIME = 2,
543 KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4,
544 KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8,
545 KRB5_AUTH_CONTEXT_PERMIT_ALL = 16,
546 KRB5_AUTH_CONTEXT_USE_SUBKEY = 32,
547 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED = 64
548 };
549
550 /* flags for krb5_auth_con_genaddrs */
551 enum {
552 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1,
553 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3,
554 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4,
555 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
556 };
557
558 typedef struct krb5_auth_context_data {
559 unsigned int flags;
560
561 krb5_address *local_address;
562 krb5_address *remote_address;
563 int16_t local_port;
564 int16_t remote_port;
565 krb5_keyblock *keyblock;
566 krb5_keyblock *local_subkey;
567 krb5_keyblock *remote_subkey;
568
569 u_int32_t local_seqnumber;
570 u_int32_t remote_seqnumber;
571
572 krb5_authenticator authenticator;
573
574 krb5_pointer i_vector;
575
576 krb5_rcache rcache;
577
578 krb5_keytype keytype; /* ¿requested key type ? */
579 krb5_cksumtype cksumtype; /* ¡requested checksum type! */
580
581 }krb5_auth_context_data, *krb5_auth_context;
582
583 typedef struct {
584 KDC_REP kdc_rep;
585 EncKDCRepPart enc_part;
586 KRB_ERROR error;
587 } krb5_kdc_rep;
588
589 extern const char *heimdal_version, *heimdal_long_version;
590
591 typedef void (*krb5_log_log_func_t)(const char*, const char*, void*);
592 typedef void (*krb5_log_close_func_t)(void*);
593
594 typedef struct krb5_log_facility {
595 char *program;
596 int len;
597 struct facility *val;
598 } krb5_log_facility;
599
600 typedef EncAPRepPart krb5_ap_rep_enc_part;
601
602 #define KRB5_RECVAUTH_IGNORE_VERSION 1
603
604 #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
605
606 #define KRB5_TGS_NAME_SIZE (6)
607 #define KRB5_TGS_NAME ("krbtgt")
608
609 /* variables */
610
611 extern const char *krb5_config_file;
612 extern const char *krb5_defkeyname;
613
614 typedef enum {
615 KRB5_PROMPT_TYPE_PASSWORD = 0x1,
616 KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2,
617 KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
618 KRB5_PROMPT_TYPE_PREAUTH = 0x4
619 } krb5_prompt_type;
620
621 typedef struct _krb5_prompt {
622 const char *prompt;
623 int hidden;
624 krb5_data *reply;
625 krb5_prompt_type type;
626 } krb5_prompt;
627
628 typedef int (*krb5_prompter_fct)(krb5_context /*context*/,
629 void * /*data*/,
630 const char * /*name*/,
631 const char * /*banner*/,
632 int /*num_prompts*/,
633 krb5_prompt /*prompts*/[]);
634 typedef krb5_error_code (*krb5_key_proc)(krb5_context /*context*/,
635 krb5_enctype /*type*/,
636 krb5_salt /*salt*/,
637 krb5_const_pointer /*keyseed*/,
638 krb5_keyblock ** /*key*/);
639 typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context /*context*/,
640 krb5_keyblock * /*key*/,
641 krb5_key_usage /*usage*/,
642 krb5_const_pointer /*decrypt_arg*/,
643 krb5_kdc_rep * /*dec_rep*/);
644 typedef krb5_error_code (*krb5_s2k_proc)(krb5_context /*context*/,
645 krb5_enctype /*type*/,
646 krb5_const_pointer /*keyseed*/,
647 krb5_salt /*salt*/,
648 krb5_data * /*s2kparms*/,
649 krb5_keyblock ** /*key*/);
650
651 struct _krb5_get_init_creds_opt_private;
652
653 typedef struct _krb5_get_init_creds_opt {
654 krb5_flags flags;
655 krb5_deltat tkt_life;
656 krb5_deltat renew_life;
657 int forwardable;
658 int proxiable;
659 int anonymous;
660 krb5_enctype *etype_list;
661 int etype_list_length;
662 krb5_addresses *address_list;
663 /* XXX the next three should not be used, as they may be
664 removed later */
665 krb5_preauthtype *preauth_list;
666 int preauth_list_length;
667 krb5_data *salt;
668 struct _krb5_get_init_creds_opt_private *opt_private;
669 } krb5_get_init_creds_opt;
670
671 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
672 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
673 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
674 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
675 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
676 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
677 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
678 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
679 #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100
680 #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200
681
682 typedef struct _krb5_verify_init_creds_opt {
683 krb5_flags flags;
684 int ap_req_nofail;
685 } krb5_verify_init_creds_opt;
686
687 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
688
689 typedef struct krb5_verify_opt {
690 unsigned int flags;
691 krb5_ccache ccache;
692 krb5_keytab keytab;
693 krb5_boolean secure;
694 const char *service;
695 } krb5_verify_opt;
696
697 #define KRB5_VERIFY_LREALMS 1
698 #define KRB5_VERIFY_NO_ADDRESSES 2
699
700 extern const krb5_cc_ops krb5_acc_ops;
701 extern const krb5_cc_ops krb5_fcc_ops;
702 extern const krb5_cc_ops krb5_mcc_ops;
703 extern const krb5_cc_ops krb5_kcm_ops;
704
705 extern const krb5_kt_ops krb5_fkt_ops;
706 extern const krb5_kt_ops krb5_wrfkt_ops;
707 extern const krb5_kt_ops krb5_javakt_ops;
708 extern const krb5_kt_ops krb5_mkt_ops;
709 extern const krb5_kt_ops krb5_akf_ops;
710 extern const krb5_kt_ops krb4_fkt_ops;
711 extern const krb5_kt_ops krb5_srvtab_fkt_ops;
712 extern const krb5_kt_ops krb5_any_ops;
713
714 #define KRB5_KPASSWD_VERS_CHANGEPW 1
715 #define KRB5_KPASSWD_VERS_SETPW 0xff80
716
717 #define KRB5_KPASSWD_SUCCESS 0
718 #define KRB5_KPASSWD_MALFORMED 1
719 #define KRB5_KPASSWD_HARDERROR 2
720 #define KRB5_KPASSWD_AUTHERROR 3
721 #define KRB5_KPASSWD_SOFTERROR 4
722 #define KRB5_KPASSWD_ACCESSDENIED 5
723 #define KRB5_KPASSWD_BAD_VERSION 6
724 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
725
726 #define KPASSWD_PORT 464
727
728 /* types for the new krbhst interface */
729 struct krb5_krbhst_data;
730 typedef struct krb5_krbhst_data *krb5_krbhst_handle;
731
732 #define KRB5_KRBHST_KDC 1
733 #define KRB5_KRBHST_ADMIN 2
734 #define KRB5_KRBHST_CHANGEPW 3
735 #define KRB5_KRBHST_KRB524 4
736
737 typedef struct krb5_krbhst_info {
738 enum { KRB5_KRBHST_UDP,
739 KRB5_KRBHST_TCP,
740 KRB5_KRBHST_HTTP } proto;
741 unsigned short port;
742 unsigned short def_port;
743 struct addrinfo *ai;
744 struct krb5_krbhst_info *next;
745 char hostname[1]; /* has to come last */
746 } krb5_krbhst_info;
747
748 /* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
749 enum {
750 KRB5_KRBHST_FLAGS_MASTER = 1,
751 KRB5_KRBHST_FLAGS_LARGE_MSG = 2
752 };
753
754 typedef int (*krb5_send_and_recv_func_t)(krb5_context,
755 void *,
756 krb5_krbhst_info *,
757 const krb5_data *,
758 krb5_data *);
759 typedef void (*krb5_send_and_recv_close_func_t)(krb5_context, void*);
760
761 struct credentials; /* this is to keep the compiler happy */
762 struct getargs;
763 struct sockaddr;
764
765 #include <krb5-protos.h>
766
767 #endif /* __KRB5_H__ */
768
WIP