search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Define KRB5_TC_OPENCLOSE and KRB5_TC_NOTICKET in krb5.h
[heimdal.git] / lib / krb5 / krb5.h
blob8f4210e19b01e90bbf3b3bc269d42cedfc11ca58
1 /*
2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 /* $Id$ */
37
38 #ifndef __KRB5_H__
39 #define __KRB5_H__
40
41 #include <time.h>
42 #include <krb5-types.h>
43
44 #include <asn1_err.h>
45 #include <krb5_err.h>
46 #include <heim_err.h>
47 #include <k524_err.h>
48
49 #include <krb5_asn1.h>
50
51 /* name confusion with MIT */
52 #ifndef KRB5KDC_ERR_KEY_EXP
53 #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
54 #endif
55
56 #ifndef KRB5_DEPRECATED
57 #if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
58 #define KRB5_DEPRECATED __attribute__((deprecated))
59 #elif defined(_MSC_VER) && (_MSC_VER>1200)
60 #define KRB5_DEPRECATED __declspec(deprecated)
61 #else
62 #define KRB5_DEPRECATED
63 #endif
64 #endif
65
66 #ifdef _WIN32
67 #define KRB5_CALLCONV __stdcall
68 #else
69 #define KRB5_CALLCONV
70 #endif
71
72 /* simple constants */
73
74 #ifndef TRUE
75 #define TRUE 1
76 #define FALSE 0
77 #endif
78
79 typedef int krb5_boolean;
80
81 typedef int32_t krb5_error_code;
82
83 typedef int krb5_kvno;
84
85 typedef uint32_t krb5_flags;
86
87 typedef void *krb5_pointer;
88 typedef const void *krb5_const_pointer;
89
90 struct krb5_crypto_data;
91 typedef struct krb5_crypto_data *krb5_crypto;
92
93 struct krb5_get_creds_opt_data;
94 typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt;
95
96 struct krb5_digest_data;
97 typedef struct krb5_digest_data *krb5_digest;
98 struct krb5_ntlm_data;
99 typedef struct krb5_ntlm_data *krb5_ntlm;
100
101 struct krb5_pac_data;
102 typedef struct krb5_pac_data *krb5_pac;
103
104 typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx;
105 typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx;
106
107 typedef CKSUMTYPE krb5_cksumtype;
108
109 typedef Checksum krb5_checksum;
110
111 typedef ENCTYPE krb5_enctype;
112
113 typedef struct krb5_get_init_creds_ctx *krb5_init_creds_context;
114
115 typedef heim_octet_string krb5_data;
116
117 /* PKINIT related forward declarations */
118 struct ContentInfo;
119 struct krb5_pk_identity;
120 struct krb5_pk_cert;
121
122 /* krb5_enc_data is a mit compat structure */
123 typedef struct krb5_enc_data {
124 krb5_enctype enctype;
125 krb5_kvno kvno;
126 krb5_data ciphertext;
127 } krb5_enc_data;
128
129 /* alternative names */
130 enum {
131 ENCTYPE_NULL = ETYPE_NULL,
132 ENCTYPE_DES_CBC_CRC = ETYPE_DES_CBC_CRC,
133 ENCTYPE_DES_CBC_MD4 = ETYPE_DES_CBC_MD4,
134 ENCTYPE_DES_CBC_MD5 = ETYPE_DES_CBC_MD5,
135 ENCTYPE_DES3_CBC_MD5 = ETYPE_DES3_CBC_MD5,
136 ENCTYPE_OLD_DES3_CBC_SHA1 = ETYPE_OLD_DES3_CBC_SHA1,
137 ENCTYPE_SIGN_DSA_GENERATE = ETYPE_SIGN_DSA_GENERATE,
138 ENCTYPE_ENCRYPT_RSA_PRIV = ETYPE_ENCRYPT_RSA_PRIV,
139 ENCTYPE_ENCRYPT_RSA_PUB = ETYPE_ENCRYPT_RSA_PUB,
140 ENCTYPE_DES3_CBC_SHA1 = ETYPE_DES3_CBC_SHA1,
141 ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96,
142 ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96,
143 ENCTYPE_ARCFOUR_HMAC = ETYPE_ARCFOUR_HMAC_MD5,
144 ENCTYPE_ARCFOUR_HMAC_MD5 = ETYPE_ARCFOUR_HMAC_MD5,
145 ENCTYPE_ARCFOUR_HMAC_MD5_56 = ETYPE_ARCFOUR_HMAC_MD5_56,
146 ENCTYPE_ENCTYPE_PK_CROSS = ETYPE_ENCTYPE_PK_CROSS,
147 ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE,
148 ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE,
149 ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE,
150 ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE
151 };
152
153 typedef PADATA_TYPE krb5_preauthtype;
154
155 typedef enum krb5_key_usage {
156 KRB5_KU_PA_ENC_TIMESTAMP = 1,
157 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
158 client key (section 5.4.1) */
159 KRB5_KU_TICKET = 2,
160 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
161 application session key), encrypted with the service key
162 (section 5.4.2) */
163 KRB5_KU_AS_REP_ENC_PART = 3,
164 /* AS-REP encrypted part (includes tgs session key or application
165 session key), encrypted with the client key (section 5.4.2) */
166 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
167 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
168 session key (section 5.4.1) */
169 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
170 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
171 authenticator subkey (section 5.4.1) */
172 KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
173 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
174 with the tgs session key (sections 5.3.2, 5.4.1) */
175 KRB5_KU_TGS_REQ_AUTH = 7,
176 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
177 authenticator subkey), encrypted with the tgs session key
178 (section 5.3.2) */
179 KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
180 /* TGS-REP encrypted part (includes application session key),
181 encrypted with the tgs session key (section 5.4.2) */
182 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
183 /* TGS-REP encrypted part (includes application session key),
184 encrypted with the tgs authenticator subkey (section 5.4.2) */
185 KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
186 /* AP-REQ Authenticator cksum, keyed with the application session
187 key (section 5.3.2) */
188 KRB5_KU_AP_REQ_AUTH = 11,
189 /* AP-REQ Authenticator (includes application authenticator
190 subkey), encrypted with the application session key (section
191 5.3.2) */
192 KRB5_KU_AP_REQ_ENC_PART = 12,
193 /* AP-REP encrypted part (includes application session subkey),
194 encrypted with the application session key (section 5.5.2) */
195 KRB5_KU_KRB_PRIV = 13,
196 /* KRB-PRIV encrypted part, encrypted with a key chosen by the
197 application (section 5.7.1) */
198 KRB5_KU_KRB_CRED = 14,
199 /* KRB-CRED encrypted part, encrypted with a key chosen by the
200 application (section 5.8.1) */
201 KRB5_KU_KRB_SAFE_CKSUM = 15,
202 /* KRB-SAFE cksum, keyed with a key chosen by the application
203 (section 5.6.1) */
204 KRB5_KU_OTHER_ENCRYPTED = 16,
205 /* Data which is defined in some specification outside of
206 Kerberos to be encrypted using an RFC1510 encryption type. */
207 KRB5_KU_OTHER_CKSUM = 17,
208 /* Data which is defined in some specification outside of
209 Kerberos to be checksummed using an RFC1510 checksum type. */
210 KRB5_KU_KRB_ERROR = 18,
211 /* Krb-error checksum */
212 KRB5_KU_AD_KDC_ISSUED = 19,
213 /* AD-KDCIssued checksum */
214 KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
215 /* Checksum for Mandatory Ticket Extensions */
216 KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
217 /* Checksum in Authorization Data in Ticket Extensions */
218 KRB5_KU_USAGE_SEAL = 22,
219 /* seal in GSSAPI krb5 mechanism */
220 KRB5_KU_USAGE_SIGN = 23,
221 /* sign in GSSAPI krb5 mechanism */
222 KRB5_KU_USAGE_SEQ = 24,
223 /* SEQ in GSSAPI krb5 mechanism */
224 KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
225 /* acceptor sign in GSSAPI CFX krb5 mechanism */
226 KRB5_KU_USAGE_ACCEPTOR_SIGN = 23,
227 /* acceptor seal in GSSAPI CFX krb5 mechanism */
228 KRB5_KU_USAGE_INITIATOR_SEAL = 24,
229 /* initiator sign in GSSAPI CFX krb5 mechanism */
230 KRB5_KU_USAGE_INITIATOR_SIGN = 25,
231 /* initiator seal in GSSAPI CFX krb5 mechanism */
232 KRB5_KU_PA_SERVER_REFERRAL_DATA = 22,
233 /* encrypted server referral data */
234 KRB5_KU_SAM_CHECKSUM = 25,
235 /* Checksum for the SAM-CHECKSUM field */
236 KRB5_KU_SAM_ENC_TRACK_ID = 26,
237 /* Encryption of the SAM-TRACK-ID field */
238 KRB5_KU_PA_SERVER_REFERRAL = 26,
239 /* Keyusage for the server referral in a TGS req */
240 KRB5_KU_SAM_ENC_NONCE_SAD = 27,
241 /* Encryption of the SAM-NONCE-OR-SAD field */
242 KRB5_KU_PA_PKINIT_KX = 44,
243 /* Encryption type of the kdc session contribution in pk-init */
244 KRB5_KU_DIGEST_ENCRYPT = -18,
245 /* Encryption key usage used in the digest encryption field */
246 KRB5_KU_DIGEST_OPAQUE = -19,
247 /* Checksum key usage used in the digest opaque field */
248 KRB5_KU_KRB5SIGNEDPATH = -21,
249 /* Checksum key usage on KRB5SignedPath */
250 KRB5_KU_CANONICALIZED_NAMES = -23
251 /* Checksum key usage on PA-CANONICALIZED */
252 } krb5_key_usage;
253
254 typedef krb5_key_usage krb5_keyusage;
255
256 typedef enum krb5_salttype {
257 KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
258 KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
259 }krb5_salttype;
260
261 typedef struct krb5_salt {
262 krb5_salttype salttype;
263 krb5_data saltvalue;
264 } krb5_salt;
265
266 typedef ETYPE_INFO krb5_preauthinfo;
267
268 typedef struct {
269 krb5_preauthtype type;
270 krb5_preauthinfo info; /* list of preauthinfo for this type */
271 } krb5_preauthdata_entry;
272
273 typedef struct krb5_preauthdata {
274 unsigned len;
275 krb5_preauthdata_entry *val;
276 }krb5_preauthdata;
277
278 typedef enum krb5_address_type {
279 KRB5_ADDRESS_INET = 2,
280 KRB5_ADDRESS_NETBIOS = 20,
281 KRB5_ADDRESS_INET6 = 24,
282 KRB5_ADDRESS_ADDRPORT = 256,
283 KRB5_ADDRESS_IPPORT = 257
284 } krb5_address_type;
285
286 enum {
287 AP_OPTS_USE_SESSION_KEY = 1,
288 AP_OPTS_MUTUAL_REQUIRED = 2,
289 AP_OPTS_USE_SUBKEY = 4 /* library internal */
290 };
291
292 typedef HostAddress krb5_address;
293
294 typedef HostAddresses krb5_addresses;
295
296 typedef enum krb5_keytype {
297 KEYTYPE_NULL = ETYPE_NULL,
298 KEYTYPE_DES = ETYPE_DES_CBC_CRC,
299 KEYTYPE_DES3 = ETYPE_OLD_DES3_CBC_SHA1,
300 KEYTYPE_AES128 = ETYPE_AES128_CTS_HMAC_SHA1_96,
301 KEYTYPE_AES256 = ETYPE_AES256_CTS_HMAC_SHA1_96,
302 KEYTYPE_ARCFOUR = ETYPE_ARCFOUR_HMAC_MD5,
303 KEYTYPE_ARCFOUR_56 = ETYPE_ARCFOUR_HMAC_MD5_56
304 } krb5_keytype;
305
306 typedef EncryptionKey krb5_keyblock;
307
308 typedef AP_REQ krb5_ap_req;
309
310 struct krb5_cc_ops;
311
312 #ifdef _WIN32
313 #define KRB5_USE_PATH_TOKENS 1
314 #endif
315
316 #ifdef KRB5_USE_PATH_TOKENS
317 #define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_"
318 #else
319 #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
320 #endif
321
322 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
323
324 #define KRB5_ACCEPT_NULL_ADDRESSES(C) \
325 krb5_config_get_bool_default((C), NULL, TRUE, \
326 "libdefaults", "accept_null_addresses", \
327 NULL)
328
329 typedef void *krb5_cc_cursor;
330 typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor;
331
332 typedef struct krb5_ccache_data {
333 const struct krb5_cc_ops *ops;
334 krb5_data data;
335 }krb5_ccache_data;
336
337 typedef struct krb5_ccache_data *krb5_ccache;
338
339 typedef struct krb5_context_data *krb5_context;
340
341 typedef Realm krb5_realm;
342 typedef const char *krb5_const_realm; /* stupid language */
343
344 #define krb5_realm_length(r) strlen(r)
345 #define krb5_realm_data(r) (r)
346
347 typedef Principal krb5_principal_data;
348 typedef struct Principal *krb5_principal;
349 typedef const struct Principal *krb5_const_principal;
350 typedef struct Principals *krb5_principals;
351
352 typedef time_t krb5_deltat;
353 typedef time_t krb5_timestamp;
354
355 typedef struct krb5_times {
356 krb5_timestamp authtime;
357 krb5_timestamp starttime;
358 krb5_timestamp endtime;
359 krb5_timestamp renew_till;
360 } krb5_times;
361
362 typedef union {
363 TicketFlags b;
364 krb5_flags i;
365 } krb5_ticket_flags;
366
367 /* options for krb5_get_in_tkt() */
368 #define KDC_OPT_FORWARDABLE (1 << 1)
369 #define KDC_OPT_FORWARDED (1 << 2)
370 #define KDC_OPT_PROXIABLE (1 << 3)
371 #define KDC_OPT_PROXY (1 << 4)
372 #define KDC_OPT_ALLOW_POSTDATE (1 << 5)
373 #define KDC_OPT_POSTDATED (1 << 6)
374 #define KDC_OPT_RENEWABLE (1 << 8)
375 #define KDC_OPT_REQUEST_ANONYMOUS (1 << 14)
376 #define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26)
377 #define KDC_OPT_RENEWABLE_OK (1 << 27)
378 #define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28)
379 #define KDC_OPT_RENEW (1 << 30)
380 #define KDC_OPT_VALIDATE (1 << 31)
381
382 typedef union {
383 KDCOptions b;
384 krb5_flags i;
385 } krb5_kdc_flags;
386
387 /* flags for krb5_verify_ap_req */
388
389 #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0)
390
391 #define KRB5_GC_CACHED (1U << 0)
392 #define KRB5_GC_USER_USER (1U << 1)
393 #define KRB5_GC_EXPIRED_OK (1U << 2)
394 #define KRB5_GC_NO_STORE (1U << 3)
395 #define KRB5_GC_FORWARDABLE (1U << 4)
396 #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5)
397 #define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6)
398 #define KRB5_GC_CANONICALIZE (1U << 7)
399
400 /* constants for compare_creds (and cc_retrieve_cred) */
401 #define KRB5_TC_DONT_MATCH_REALM (1U << 31)
402 #define KRB5_TC_MATCH_KEYTYPE (1U << 30)
403 #define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */
404 #define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
405 #define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
406 #define KRB5_TC_MATCH_FLAGS (1 << 27)
407 #define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
408 #define KRB5_TC_MATCH_TIMES (1 << 25)
409 #define KRB5_TC_MATCH_AUTHDATA (1 << 24)
410 #define KRB5_TC_MATCH_2ND_TKT (1 << 23)
411 #define KRB5_TC_MATCH_IS_SKEY (1 << 22)
412
413 /* constants for get_flags and set_flags */
414 #define KRB5_TC_OPENCLOSE 0x00000001
415 #define KRB5_TC_NOTICKET 0x00000002
416
417 typedef AuthorizationData krb5_authdata;
418
419 typedef KRB_ERROR krb5_error;
420
421 typedef struct krb5_creds {
422 krb5_principal client;
423 krb5_principal server;
424 krb5_keyblock session;
425 krb5_times times;
426 krb5_data ticket;
427 krb5_data second_ticket;
428 krb5_authdata authdata;
429 krb5_addresses addresses;
430 krb5_ticket_flags flags;
431 } krb5_creds;
432
433 typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
434
435 #define KRB5_CC_OPS_VERSION 3
436
437 typedef struct krb5_cc_ops {
438 int version;
439 const char *prefix;
440 const char* (KRB5_CALLCONV * get_name)(krb5_context, krb5_ccache);
441 krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, krb5_ccache *, const char *);
442 krb5_error_code (KRB5_CALLCONV * gen_new)(krb5_context, krb5_ccache *);
443 krb5_error_code (KRB5_CALLCONV * init)(krb5_context, krb5_ccache, krb5_principal);
444 krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_ccache);
445 krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_ccache);
446 krb5_error_code (KRB5_CALLCONV * store)(krb5_context, krb5_ccache, krb5_creds*);
447 krb5_error_code (KRB5_CALLCONV * retrieve)(krb5_context, krb5_ccache,
448 krb5_flags, const krb5_creds*, krb5_creds *);
449 krb5_error_code (KRB5_CALLCONV * get_princ)(krb5_context, krb5_ccache, krb5_principal*);
450 krb5_error_code (KRB5_CALLCONV * get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
451 krb5_error_code (KRB5_CALLCONV * get_next)(krb5_context, krb5_ccache,
452 krb5_cc_cursor*, krb5_creds*);
453 krb5_error_code (KRB5_CALLCONV * end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
454 krb5_error_code (KRB5_CALLCONV * remove_cred)(krb5_context, krb5_ccache,
455 krb5_flags, krb5_creds*);
456 krb5_error_code (KRB5_CALLCONV * set_flags)(krb5_context, krb5_ccache, krb5_flags);
457 int (KRB5_CALLCONV * get_version)(krb5_context, krb5_ccache);
458 krb5_error_code (KRB5_CALLCONV * get_cache_first)(krb5_context, krb5_cc_cursor *);
459 krb5_error_code (KRB5_CALLCONV * get_cache_next)(krb5_context, krb5_cc_cursor,
460 krb5_ccache *);
461 krb5_error_code (KRB5_CALLCONV * end_cache_get)(krb5_context, krb5_cc_cursor);
462 krb5_error_code (KRB5_CALLCONV * move)(krb5_context, krb5_ccache, krb5_ccache);
463 krb5_error_code (KRB5_CALLCONV * get_default_name)(krb5_context, char **);
464 krb5_error_code (KRB5_CALLCONV * set_default)(krb5_context, krb5_ccache);
465 krb5_error_code (KRB5_CALLCONV * lastchange)(krb5_context, krb5_ccache, krb5_timestamp *);
466 krb5_error_code (KRB5_CALLCONV * set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat);
467 krb5_error_code (KRB5_CALLCONV * get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *);
468 } krb5_cc_ops;
469
470 struct krb5_log_facility;
471
472 struct krb5_config_binding {
473 enum { krb5_config_string, krb5_config_list } type;
474 char *name;
475 struct krb5_config_binding *next;
476 union {
477 char *string;
478 struct krb5_config_binding *list;
479 void *generic;
480 } u;
481 };
482
483 typedef struct krb5_config_binding krb5_config_binding;
484
485 typedef krb5_config_binding krb5_config_section;
486
487 typedef struct krb5_ticket {
488 EncTicketPart ticket;
489 krb5_principal client;
490 krb5_principal server;
491 } krb5_ticket;
492
493 typedef Authenticator krb5_authenticator_data;
494
495 typedef krb5_authenticator_data *krb5_authenticator;
496
497 struct krb5_rcache_data;
498 typedef struct krb5_rcache_data *krb5_rcache;
499 typedef Authenticator krb5_donot_replay;
500
501 #define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */
502 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02
503 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04
504 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08
505 #define KRB5_STORAGE_BYTEORDER_MASK 0x60
506 #define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */
507 #define KRB5_STORAGE_BYTEORDER_LE 0x20
508 #define KRB5_STORAGE_BYTEORDER_HOST 0x40
509 #define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80
510
511 struct krb5_storage_data;
512 typedef struct krb5_storage_data krb5_storage;
513
514 typedef struct krb5_keytab_entry {
515 krb5_principal principal;
516 krb5_kvno vno;
517 krb5_keyblock keyblock;
518 uint32_t timestamp;
519 uint32_t flags;
520 krb5_principals aliases;
521 } krb5_keytab_entry;
522
523 typedef struct krb5_kt_cursor {
524 int fd;
525 krb5_storage *sp;
526 void *data;
527 } krb5_kt_cursor;
528
529 struct krb5_keytab_data;
530
531 typedef struct krb5_keytab_data *krb5_keytab;
532
533 #define KRB5_KT_PREFIX_MAX_LEN 30
534
535 struct krb5_keytab_data {
536 const char *prefix;
537 krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, const char*, krb5_keytab);
538 krb5_error_code (KRB5_CALLCONV * get_name)(krb5_context, krb5_keytab, char*, size_t);
539 krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_keytab);
540 krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_keytab);
541 krb5_error_code (KRB5_CALLCONV * get)(krb5_context, krb5_keytab, krb5_const_principal,
542 krb5_kvno, krb5_enctype, krb5_keytab_entry*);
543 krb5_error_code (KRB5_CALLCONV * start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
544 krb5_error_code (KRB5_CALLCONV * next_entry)(krb5_context, krb5_keytab,
545 krb5_keytab_entry*, krb5_kt_cursor*);
546 krb5_error_code (KRB5_CALLCONV * end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
547 krb5_error_code (KRB5_CALLCONV * add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
548 krb5_error_code (KRB5_CALLCONV * remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
549 void *data;
550 int32_t version;
551 };
552
553 typedef struct krb5_keytab_data krb5_kt_ops;
554
555 struct krb5_keytab_key_proc_args {
556 krb5_keytab keytab;
557 krb5_principal principal;
558 };
559
560 typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
561
562 typedef struct krb5_replay_data {
563 krb5_timestamp timestamp;
564 int32_t usec;
565 uint32_t seq;
566 } krb5_replay_data;
567
568 /* flags for krb5_auth_con_setflags */
569 enum {
570 KRB5_AUTH_CONTEXT_DO_TIME = 1,
571 KRB5_AUTH_CONTEXT_RET_TIME = 2,
572 KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4,
573 KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8,
574 KRB5_AUTH_CONTEXT_PERMIT_ALL = 16,
575 KRB5_AUTH_CONTEXT_USE_SUBKEY = 32,
576 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED = 64
577 };
578
579 /* flags for krb5_auth_con_genaddrs */
580 enum {
581 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1,
582 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3,
583 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4,
584 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
585 };
586
587 typedef struct krb5_auth_context_data {
588 unsigned int flags;
589
590 krb5_address *local_address;
591 krb5_address *remote_address;
592 int16_t local_port;
593 int16_t remote_port;
594 krb5_keyblock *keyblock;
595 krb5_keyblock *local_subkey;
596 krb5_keyblock *remote_subkey;
597
598 uint32_t local_seqnumber;
599 uint32_t remote_seqnumber;
600
601 krb5_authenticator authenticator;
602
603 krb5_pointer i_vector;
604
605 krb5_rcache rcache;
606
607 krb5_keytype keytype; /* ¿requested key type ? */
608 krb5_cksumtype cksumtype; /* ¡requested checksum type! */
609
610 }krb5_auth_context_data, *krb5_auth_context;
611
612 typedef struct {
613 KDC_REP kdc_rep;
614 EncKDCRepPart enc_part;
615 KRB_ERROR error;
616 } krb5_kdc_rep;
617
618 extern const char *heimdal_version, *heimdal_long_version;
619
620 typedef void (KRB5_CALLCONV * krb5_log_log_func_t)(const char*, const char*, void*);
621 typedef void (KRB5_CALLCONV * krb5_log_close_func_t)(void*);
622
623 typedef struct krb5_log_facility {
624 char *program;
625 int len;
626 struct facility *val;
627 } krb5_log_facility;
628
629 typedef EncAPRepPart krb5_ap_rep_enc_part;
630
631 #define KRB5_RECVAUTH_IGNORE_VERSION 1
632
633 #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
634
635 #define KRB5_TGS_NAME_SIZE (6)
636 #define KRB5_TGS_NAME ("krbtgt")
637 #define KRB5_WELLKNOWN_NAME ("WELLKNOWN")
638 #define KRB5_ANON_NAME ("ANONYMOUS")
639 #define KRB5_DIGEST_NAME ("digest")
640
641 typedef enum {
642 KRB5_PROMPT_TYPE_PASSWORD = 0x1,
643 KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2,
644 KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
645 KRB5_PROMPT_TYPE_PREAUTH = 0x4,
646 KRB5_PROMPT_TYPE_INFO = 0x5
647 } krb5_prompt_type;
648
649 typedef struct _krb5_prompt {
650 const char *prompt;
651 int hidden;
652 krb5_data *reply;
653 krb5_prompt_type type;
654 } krb5_prompt;
655
656 typedef int (KRB5_CALLCONV * krb5_prompter_fct)(krb5_context /*context*/,
657 void * /*data*/,
658 const char * /*name*/,
659 const char * /*banner*/,
660 int /*num_prompts*/,
661 krb5_prompt /*prompts*/[]);
662 typedef krb5_error_code (KRB5_CALLCONV * krb5_key_proc)(krb5_context /*context*/,
663 krb5_enctype /*type*/,
664 krb5_salt /*salt*/,
665 krb5_const_pointer /*keyseed*/,
666 krb5_keyblock ** /*key*/);
667 typedef krb5_error_code (KRB5_CALLCONV * krb5_decrypt_proc)(krb5_context /*context*/,
668 krb5_keyblock * /*key*/,
669 krb5_key_usage /*usage*/,
670 krb5_const_pointer /*decrypt_arg*/,
671 krb5_kdc_rep * /*dec_rep*/);
672 typedef krb5_error_code (KRB5_CALLCONV * krb5_s2k_proc)(krb5_context /*context*/,
673 krb5_enctype /*type*/,
674 krb5_const_pointer /*keyseed*/,
675 krb5_salt /*salt*/,
676 krb5_data * /*s2kparms*/,
677 krb5_keyblock ** /*key*/);
678
679 struct _krb5_get_init_creds_opt_private;
680
681 struct _krb5_get_init_creds_opt {
682 krb5_flags flags;
683 krb5_deltat tkt_life;
684 krb5_deltat renew_life;
685 int forwardable;
686 int proxiable;
687 int anonymous;
688 krb5_enctype *etype_list;
689 int etype_list_length;
690 krb5_addresses *address_list;
691 /* XXX the next three should not be used, as they may be
692 removed later */
693 krb5_preauthtype *preauth_list;
694 int preauth_list_length;
695 krb5_data *salt;
696 struct _krb5_get_init_creds_opt_private *opt_private;
697 };
698
699 typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt;
700
701 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
702 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
703 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
704 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
705 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
706 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
707 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
708 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 /* no supported */
709 #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100
710 #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200
711
712 /* krb5_init_creds_step flags argument */
713 #define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x0001
714
715 typedef struct _krb5_verify_init_creds_opt {
716 krb5_flags flags;
717 int ap_req_nofail;
718 } krb5_verify_init_creds_opt;
719
720 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
721
722 typedef struct krb5_verify_opt {
723 unsigned int flags;
724 krb5_ccache ccache;
725 krb5_keytab keytab;
726 krb5_boolean secure;
727 const char *service;
728 } krb5_verify_opt;
729
730 #define KRB5_VERIFY_LREALMS 1
731 #define KRB5_VERIFY_NO_ADDRESSES 2
732
733 #define KRB5_KPASSWD_VERS_CHANGEPW 1
734 #define KRB5_KPASSWD_VERS_SETPW 0xff80
735
736 #define KRB5_KPASSWD_SUCCESS 0
737 #define KRB5_KPASSWD_MALFORMED 1
738 #define KRB5_KPASSWD_HARDERROR 2
739 #define KRB5_KPASSWD_AUTHERROR 3
740 #define KRB5_KPASSWD_SOFTERROR 4
741 #define KRB5_KPASSWD_ACCESSDENIED 5
742 #define KRB5_KPASSWD_BAD_VERSION 6
743 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
744
745 #define KPASSWD_PORT 464
746
747 /* types for the new krbhst interface */
748 struct krb5_krbhst_data;
749 typedef struct krb5_krbhst_data *krb5_krbhst_handle;
750
751 #define KRB5_KRBHST_KDC 1
752 #define KRB5_KRBHST_ADMIN 2
753 #define KRB5_KRBHST_CHANGEPW 3
754 #define KRB5_KRBHST_KRB524 4
755 #define KRB5_KRBHST_KCA 5
756
757 typedef struct krb5_krbhst_info {
758 enum { KRB5_KRBHST_UDP,
759 KRB5_KRBHST_TCP,
760 KRB5_KRBHST_HTTP } proto;
761 unsigned short port;
762 unsigned short def_port;
763 struct addrinfo *ai;
764 struct krb5_krbhst_info *next;
765 char hostname[1]; /* has to come last */
766 } krb5_krbhst_info;
767
768 /* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
769 enum {
770 KRB5_KRBHST_FLAGS_MASTER = 1,
771 KRB5_KRBHST_FLAGS_LARGE_MSG = 2
772 };
773
774 typedef krb5_error_code
775 (KRB5_CALLCONV * krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, time_t,
776 const krb5_data *, krb5_data *);
777
778 /** flags for krb5_parse_name_flags */
779 enum {
780 KRB5_PRINCIPAL_PARSE_NO_REALM = 1, /**< Require that there are no realm */
781 KRB5_PRINCIPAL_PARSE_REQUIRE_REALM = 2, /**< Require a realm present */
782 KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4 /**< Parse as a NT-ENTERPRISE name */
783 };
784
785 /** flags for krb5_unparse_name_flags */
786 enum {
787 KRB5_PRINCIPAL_UNPARSE_SHORT = 1, /**< No realm if it is the default realm */
788 KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2, /**< No realm */
789 KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 /**< No quoting */
790 };
791
792 typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx;
793
794 #define KRB5_SENDTO_DONE 0
795 #define KRB5_SENDTO_RESTART 1
796 #define KRB5_SENDTO_CONTINUE 2
797
798 typedef krb5_error_code
799 (KRB5_CALLCONV * krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *,
800 const krb5_data *, int *);
801
802 struct krb5_plugin;
803 enum krb5_plugin_type {
804 PLUGIN_TYPE_DATA = 1,
805 PLUGIN_TYPE_FUNC
806 };
807
808 struct credentials; /* this is to keep the compiler happy */
809 struct getargs;
810 struct sockaddr;
811
812 /**
813 * Semi private, not stable yet
814 */
815
816 typedef struct krb5_crypto_iov {
817 unsigned int flags;
818 /* ignored */
819 #define KRB5_CRYPTO_TYPE_EMPTY 0
820 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
821 #define KRB5_CRYPTO_TYPE_HEADER 1
822 /* IN and OUT */
823 #define KRB5_CRYPTO_TYPE_DATA 2
824 /* IN */
825 #define KRB5_CRYPTO_TYPE_SIGN_ONLY 3
826 /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
827 #define KRB5_CRYPTO_TYPE_PADDING 4
828 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
829 #define KRB5_CRYPTO_TYPE_TRAILER 5
830 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
831 #define KRB5_CRYPTO_TYPE_CHECKSUM 6
832 krb5_data data;
833 } krb5_crypto_iov;
834
835
836 /* Glue for MIT */
837
838 typedef struct {
839 int32_t lr_type;
840 krb5_timestamp value;
841 } krb5_last_req_entry;
842
843 typedef krb5_error_code
844 (KRB5_CALLCONV * krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *);
845
846 /*
847 *
848 */
849
850 #include <krb5-protos.h>
851
852 /* variables */
853
854 extern KRB5_LIB_VARIABLE const char *krb5_config_file;
855 extern KRB5_LIB_VARIABLE const char *krb5_defkeyname;
856
857
858 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops;
859 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops;
860 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops;
861 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops;
862 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops;
863 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops;
864
865 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops;
866 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_wrfkt_ops;
867 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_javakt_ops;
868 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_mkt_ops;
869 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_akf_ops;
870 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_any_ops;
871
872 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_api;
873 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_file;
874 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_memory;
875 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_kcm;
876 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_scc;
877
878 #endif /* __KRB5_H__ */
879
Heimdal