2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 #include <krb5-types.h>
49 #include <krb5_asn1.h>
51 /* name confusion with MIT */
52 #ifndef KRB5KDC_ERR_KEY_EXP
53 #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
56 #ifndef KRB5_DEPRECATED
57 #if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
58 #define KRB5_DEPRECATED __attribute__((deprecated))
59 #elif defined(_MSC_VER) && (_MSC_VER>1200)
60 #define KRB5_DEPRECATED __declspec(deprecated)
62 #define KRB5_DEPRECATED
67 #define KRB5_CALLCONV __stdcall
72 /* simple constants */
79 typedef int krb5_boolean
;
81 typedef int32_t krb5_error_code
;
83 typedef int krb5_kvno
;
85 typedef uint32_t krb5_flags
;
87 typedef void *krb5_pointer
;
88 typedef const void *krb5_const_pointer
;
90 struct krb5_crypto_data
;
91 typedef struct krb5_crypto_data
*krb5_crypto
;
93 struct krb5_get_creds_opt_data
;
94 typedef struct krb5_get_creds_opt_data
*krb5_get_creds_opt
;
96 struct krb5_digest_data
;
97 typedef struct krb5_digest_data
*krb5_digest
;
98 struct krb5_ntlm_data
;
99 typedef struct krb5_ntlm_data
*krb5_ntlm
;
101 struct krb5_pac_data
;
102 typedef struct krb5_pac_data
*krb5_pac
;
104 typedef struct krb5_rd_req_in_ctx_data
*krb5_rd_req_in_ctx
;
105 typedef struct krb5_rd_req_out_ctx_data
*krb5_rd_req_out_ctx
;
107 typedef CKSUMTYPE krb5_cksumtype
;
109 typedef Checksum krb5_checksum
;
111 typedef ENCTYPE krb5_enctype
;
113 typedef struct krb5_get_init_creds_ctx
*krb5_init_creds_context
;
115 typedef heim_octet_string krb5_data
;
117 /* PKINIT related forward declarations */
119 struct krb5_pk_identity
;
122 /* krb5_enc_data is a mit compat structure */
123 typedef struct krb5_enc_data
{
124 krb5_enctype enctype
;
126 krb5_data ciphertext
;
129 /* alternative names */
131 ENCTYPE_NULL
= ETYPE_NULL
,
132 ENCTYPE_DES_CBC_CRC
= ETYPE_DES_CBC_CRC
,
133 ENCTYPE_DES_CBC_MD4
= ETYPE_DES_CBC_MD4
,
134 ENCTYPE_DES_CBC_MD5
= ETYPE_DES_CBC_MD5
,
135 ENCTYPE_DES3_CBC_MD5
= ETYPE_DES3_CBC_MD5
,
136 ENCTYPE_OLD_DES3_CBC_SHA1
= ETYPE_OLD_DES3_CBC_SHA1
,
137 ENCTYPE_SIGN_DSA_GENERATE
= ETYPE_SIGN_DSA_GENERATE
,
138 ENCTYPE_ENCRYPT_RSA_PRIV
= ETYPE_ENCRYPT_RSA_PRIV
,
139 ENCTYPE_ENCRYPT_RSA_PUB
= ETYPE_ENCRYPT_RSA_PUB
,
140 ENCTYPE_DES3_CBC_SHA1
= ETYPE_DES3_CBC_SHA1
,
141 ENCTYPE_AES128_CTS_HMAC_SHA1_96
= ETYPE_AES128_CTS_HMAC_SHA1_96
,
142 ENCTYPE_AES256_CTS_HMAC_SHA1_96
= ETYPE_AES256_CTS_HMAC_SHA1_96
,
143 ENCTYPE_ARCFOUR_HMAC
= ETYPE_ARCFOUR_HMAC_MD5
,
144 ENCTYPE_ARCFOUR_HMAC_MD5
= ETYPE_ARCFOUR_HMAC_MD5
,
145 ENCTYPE_ARCFOUR_HMAC_MD5_56
= ETYPE_ARCFOUR_HMAC_MD5_56
,
146 ENCTYPE_ENCTYPE_PK_CROSS
= ETYPE_ENCTYPE_PK_CROSS
,
147 ENCTYPE_DES_CBC_NONE
= ETYPE_DES_CBC_NONE
,
148 ENCTYPE_DES3_CBC_NONE
= ETYPE_DES3_CBC_NONE
,
149 ENCTYPE_DES_CFB64_NONE
= ETYPE_DES_CFB64_NONE
,
150 ENCTYPE_DES_PCBC_NONE
= ETYPE_DES_PCBC_NONE
153 typedef PADATA_TYPE krb5_preauthtype
;
155 typedef enum krb5_key_usage
{
156 KRB5_KU_PA_ENC_TIMESTAMP
= 1,
157 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
158 client key (section 5.4.1) */
160 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
161 application session key), encrypted with the service key
163 KRB5_KU_AS_REP_ENC_PART
= 3,
164 /* AS-REP encrypted part (includes tgs session key or application
165 session key), encrypted with the client key (section 5.4.2) */
166 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION
= 4,
167 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
168 session key (section 5.4.1) */
169 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY
= 5,
170 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
171 authenticator subkey (section 5.4.1) */
172 KRB5_KU_TGS_REQ_AUTH_CKSUM
= 6,
173 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
174 with the tgs session key (sections 5.3.2, 5.4.1) */
175 KRB5_KU_TGS_REQ_AUTH
= 7,
176 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
177 authenticator subkey), encrypted with the tgs session key
179 KRB5_KU_TGS_REP_ENC_PART_SESSION
= 8,
180 /* TGS-REP encrypted part (includes application session key),
181 encrypted with the tgs session key (section 5.4.2) */
182 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY
= 9,
183 /* TGS-REP encrypted part (includes application session key),
184 encrypted with the tgs authenticator subkey (section 5.4.2) */
185 KRB5_KU_AP_REQ_AUTH_CKSUM
= 10,
186 /* AP-REQ Authenticator cksum, keyed with the application session
187 key (section 5.3.2) */
188 KRB5_KU_AP_REQ_AUTH
= 11,
189 /* AP-REQ Authenticator (includes application authenticator
190 subkey), encrypted with the application session key (section
192 KRB5_KU_AP_REQ_ENC_PART
= 12,
193 /* AP-REP encrypted part (includes application session subkey),
194 encrypted with the application session key (section 5.5.2) */
195 KRB5_KU_KRB_PRIV
= 13,
196 /* KRB-PRIV encrypted part, encrypted with a key chosen by the
197 application (section 5.7.1) */
198 KRB5_KU_KRB_CRED
= 14,
199 /* KRB-CRED encrypted part, encrypted with a key chosen by the
200 application (section 5.8.1) */
201 KRB5_KU_KRB_SAFE_CKSUM
= 15,
202 /* KRB-SAFE cksum, keyed with a key chosen by the application
204 KRB5_KU_OTHER_ENCRYPTED
= 16,
205 /* Data which is defined in some specification outside of
206 Kerberos to be encrypted using an RFC1510 encryption type. */
207 KRB5_KU_OTHER_CKSUM
= 17,
208 /* Data which is defined in some specification outside of
209 Kerberos to be checksummed using an RFC1510 checksum type. */
210 KRB5_KU_KRB_ERROR
= 18,
211 /* Krb-error checksum */
212 KRB5_KU_AD_KDC_ISSUED
= 19,
213 /* AD-KDCIssued checksum */
214 KRB5_KU_MANDATORY_TICKET_EXTENSION
= 20,
215 /* Checksum for Mandatory Ticket Extensions */
216 KRB5_KU_AUTH_DATA_TICKET_EXTENSION
= 21,
217 /* Checksum in Authorization Data in Ticket Extensions */
218 KRB5_KU_USAGE_SEAL
= 22,
219 /* seal in GSSAPI krb5 mechanism */
220 KRB5_KU_USAGE_SIGN
= 23,
221 /* sign in GSSAPI krb5 mechanism */
222 KRB5_KU_USAGE_SEQ
= 24,
223 /* SEQ in GSSAPI krb5 mechanism */
224 KRB5_KU_USAGE_ACCEPTOR_SEAL
= 22,
225 /* acceptor sign in GSSAPI CFX krb5 mechanism */
226 KRB5_KU_USAGE_ACCEPTOR_SIGN
= 23,
227 /* acceptor seal in GSSAPI CFX krb5 mechanism */
228 KRB5_KU_USAGE_INITIATOR_SEAL
= 24,
229 /* initiator sign in GSSAPI CFX krb5 mechanism */
230 KRB5_KU_USAGE_INITIATOR_SIGN
= 25,
231 /* initiator seal in GSSAPI CFX krb5 mechanism */
232 KRB5_KU_PA_SERVER_REFERRAL_DATA
= 22,
233 /* encrypted server referral data */
234 KRB5_KU_SAM_CHECKSUM
= 25,
235 /* Checksum for the SAM-CHECKSUM field */
236 KRB5_KU_SAM_ENC_TRACK_ID
= 26,
237 /* Encryption of the SAM-TRACK-ID field */
238 KRB5_KU_PA_SERVER_REFERRAL
= 26,
239 /* Keyusage for the server referral in a TGS req */
240 KRB5_KU_SAM_ENC_NONCE_SAD
= 27,
241 /* Encryption of the SAM-NONCE-OR-SAD field */
242 KRB5_KU_PA_PKINIT_KX
= 44,
243 /* Encryption type of the kdc session contribution in pk-init */
244 KRB5_KU_DIGEST_ENCRYPT
= -18,
245 /* Encryption key usage used in the digest encryption field */
246 KRB5_KU_DIGEST_OPAQUE
= -19,
247 /* Checksum key usage used in the digest opaque field */
248 KRB5_KU_KRB5SIGNEDPATH
= -21,
249 /* Checksum key usage on KRB5SignedPath */
250 KRB5_KU_CANONICALIZED_NAMES
= -23
251 /* Checksum key usage on PA-CANONICALIZED */
254 typedef krb5_key_usage krb5_keyusage
;
256 typedef enum krb5_salttype
{
257 KRB5_PW_SALT
= KRB5_PADATA_PW_SALT
,
258 KRB5_AFS3_SALT
= KRB5_PADATA_AFS3_SALT
261 typedef struct krb5_salt
{
262 krb5_salttype salttype
;
266 typedef ETYPE_INFO krb5_preauthinfo
;
269 krb5_preauthtype type
;
270 krb5_preauthinfo info
; /* list of preauthinfo for this type */
271 } krb5_preauthdata_entry
;
273 typedef struct krb5_preauthdata
{
275 krb5_preauthdata_entry
*val
;
278 typedef enum krb5_address_type
{
279 KRB5_ADDRESS_INET
= 2,
280 KRB5_ADDRESS_NETBIOS
= 20,
281 KRB5_ADDRESS_INET6
= 24,
282 KRB5_ADDRESS_ADDRPORT
= 256,
283 KRB5_ADDRESS_IPPORT
= 257
287 AP_OPTS_USE_SESSION_KEY
= 1,
288 AP_OPTS_MUTUAL_REQUIRED
= 2,
289 AP_OPTS_USE_SUBKEY
= 4 /* library internal */
292 typedef HostAddress krb5_address
;
294 typedef HostAddresses krb5_addresses
;
296 typedef enum krb5_keytype
{
297 KEYTYPE_NULL
= ETYPE_NULL
,
298 KEYTYPE_DES
= ETYPE_DES_CBC_CRC
,
299 KEYTYPE_DES3
= ETYPE_OLD_DES3_CBC_SHA1
,
300 KEYTYPE_AES128
= ETYPE_AES128_CTS_HMAC_SHA1_96
,
301 KEYTYPE_AES256
= ETYPE_AES256_CTS_HMAC_SHA1_96
,
302 KEYTYPE_ARCFOUR
= ETYPE_ARCFOUR_HMAC_MD5
,
303 KEYTYPE_ARCFOUR_56
= ETYPE_ARCFOUR_HMAC_MD5_56
306 typedef EncryptionKey krb5_keyblock
;
308 typedef AP_REQ krb5_ap_req
;
313 #define KRB5_USE_PATH_TOKENS 1
316 #ifdef KRB5_USE_PATH_TOKENS
317 #define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_"
319 #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
322 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
324 #define KRB5_ACCEPT_NULL_ADDRESSES(C) \
325 krb5_config_get_bool_default((C), NULL, TRUE, \
326 "libdefaults", "accept_null_addresses", \
329 typedef void *krb5_cc_cursor
;
330 typedef struct krb5_cccol_cursor_data
*krb5_cccol_cursor
;
332 typedef struct krb5_ccache_data
{
333 const struct krb5_cc_ops
*ops
;
337 typedef struct krb5_ccache_data
*krb5_ccache
;
339 typedef struct krb5_context_data
*krb5_context
;
341 typedef Realm krb5_realm
;
342 typedef const char *krb5_const_realm
; /* stupid language */
344 #define krb5_realm_length(r) strlen(r)
345 #define krb5_realm_data(r) (r)
347 typedef Principal krb5_principal_data
;
348 typedef struct Principal
*krb5_principal
;
349 typedef const struct Principal
*krb5_const_principal
;
350 typedef struct Principals
*krb5_principals
;
352 typedef time_t krb5_deltat
;
353 typedef time_t krb5_timestamp
;
355 typedef struct krb5_times
{
356 krb5_timestamp authtime
;
357 krb5_timestamp starttime
;
358 krb5_timestamp endtime
;
359 krb5_timestamp renew_till
;
367 /* options for krb5_get_in_tkt() */
368 #define KDC_OPT_FORWARDABLE (1 << 1)
369 #define KDC_OPT_FORWARDED (1 << 2)
370 #define KDC_OPT_PROXIABLE (1 << 3)
371 #define KDC_OPT_PROXY (1 << 4)
372 #define KDC_OPT_ALLOW_POSTDATE (1 << 5)
373 #define KDC_OPT_POSTDATED (1 << 6)
374 #define KDC_OPT_RENEWABLE (1 << 8)
375 #define KDC_OPT_REQUEST_ANONYMOUS (1 << 14)
376 #define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26)
377 #define KDC_OPT_RENEWABLE_OK (1 << 27)
378 #define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28)
379 #define KDC_OPT_RENEW (1 << 30)
380 #define KDC_OPT_VALIDATE (1 << 31)
387 /* flags for krb5_verify_ap_req */
389 #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0)
391 #define KRB5_GC_CACHED (1U << 0)
392 #define KRB5_GC_USER_USER (1U << 1)
393 #define KRB5_GC_EXPIRED_OK (1U << 2)
394 #define KRB5_GC_NO_STORE (1U << 3)
395 #define KRB5_GC_FORWARDABLE (1U << 4)
396 #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5)
397 #define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6)
398 #define KRB5_GC_CANONICALIZE (1U << 7)
400 /* constants for compare_creds (and cc_retrieve_cred) */
401 #define KRB5_TC_DONT_MATCH_REALM (1U << 31)
402 #define KRB5_TC_MATCH_KEYTYPE (1U << 30)
403 #define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */
404 #define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
405 #define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
406 #define KRB5_TC_MATCH_FLAGS (1 << 27)
407 #define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
408 #define KRB5_TC_MATCH_TIMES (1 << 25)
409 #define KRB5_TC_MATCH_AUTHDATA (1 << 24)
410 #define KRB5_TC_MATCH_2ND_TKT (1 << 23)
411 #define KRB5_TC_MATCH_IS_SKEY (1 << 22)
413 /* constants for get_flags and set_flags */
414 #define KRB5_TC_OPENCLOSE 0x00000001
415 #define KRB5_TC_NOTICKET 0x00000002
417 typedef AuthorizationData krb5_authdata
;
419 typedef KRB_ERROR krb5_error
;
421 typedef struct krb5_creds
{
422 krb5_principal client
;
423 krb5_principal server
;
424 krb5_keyblock session
;
427 krb5_data second_ticket
;
428 krb5_authdata authdata
;
429 krb5_addresses addresses
;
430 krb5_ticket_flags flags
;
433 typedef struct krb5_cc_cache_cursor_data
*krb5_cc_cache_cursor
;
435 #define KRB5_CC_OPS_VERSION 3
437 typedef struct krb5_cc_ops
{
440 const char* (KRB5_CALLCONV
* get_name
)(krb5_context
, krb5_ccache
);
441 krb5_error_code (KRB5_CALLCONV
* resolve
)(krb5_context
, krb5_ccache
*, const char *);
442 krb5_error_code (KRB5_CALLCONV
* gen_new
)(krb5_context
, krb5_ccache
*);
443 krb5_error_code (KRB5_CALLCONV
* init
)(krb5_context
, krb5_ccache
, krb5_principal
);
444 krb5_error_code (KRB5_CALLCONV
* destroy
)(krb5_context
, krb5_ccache
);
445 krb5_error_code (KRB5_CALLCONV
* close
)(krb5_context
, krb5_ccache
);
446 krb5_error_code (KRB5_CALLCONV
* store
)(krb5_context
, krb5_ccache
, krb5_creds
*);
447 krb5_error_code (KRB5_CALLCONV
* retrieve
)(krb5_context
, krb5_ccache
,
448 krb5_flags
, const krb5_creds
*, krb5_creds
*);
449 krb5_error_code (KRB5_CALLCONV
* get_princ
)(krb5_context
, krb5_ccache
, krb5_principal
*);
450 krb5_error_code (KRB5_CALLCONV
* get_first
)(krb5_context
, krb5_ccache
, krb5_cc_cursor
*);
451 krb5_error_code (KRB5_CALLCONV
* get_next
)(krb5_context
, krb5_ccache
,
452 krb5_cc_cursor
*, krb5_creds
*);
453 krb5_error_code (KRB5_CALLCONV
* end_get
)(krb5_context
, krb5_ccache
, krb5_cc_cursor
*);
454 krb5_error_code (KRB5_CALLCONV
* remove_cred
)(krb5_context
, krb5_ccache
,
455 krb5_flags
, krb5_creds
*);
456 krb5_error_code (KRB5_CALLCONV
* set_flags
)(krb5_context
, krb5_ccache
, krb5_flags
);
457 int (KRB5_CALLCONV
* get_version
)(krb5_context
, krb5_ccache
);
458 krb5_error_code (KRB5_CALLCONV
* get_cache_first
)(krb5_context
, krb5_cc_cursor
*);
459 krb5_error_code (KRB5_CALLCONV
* get_cache_next
)(krb5_context
, krb5_cc_cursor
,
461 krb5_error_code (KRB5_CALLCONV
* end_cache_get
)(krb5_context
, krb5_cc_cursor
);
462 krb5_error_code (KRB5_CALLCONV
* move
)(krb5_context
, krb5_ccache
, krb5_ccache
);
463 krb5_error_code (KRB5_CALLCONV
* get_default_name
)(krb5_context
, char **);
464 krb5_error_code (KRB5_CALLCONV
* set_default
)(krb5_context
, krb5_ccache
);
465 krb5_error_code (KRB5_CALLCONV
* lastchange
)(krb5_context
, krb5_ccache
, krb5_timestamp
*);
466 krb5_error_code (KRB5_CALLCONV
* set_kdc_offset
)(krb5_context
, krb5_ccache
, krb5_deltat
);
467 krb5_error_code (KRB5_CALLCONV
* get_kdc_offset
)(krb5_context
, krb5_ccache
, krb5_deltat
*);
470 struct krb5_log_facility
;
472 struct krb5_config_binding
{
473 enum { krb5_config_string
, krb5_config_list
} type
;
475 struct krb5_config_binding
*next
;
478 struct krb5_config_binding
*list
;
483 typedef struct krb5_config_binding krb5_config_binding
;
485 typedef krb5_config_binding krb5_config_section
;
487 typedef struct krb5_ticket
{
488 EncTicketPart ticket
;
489 krb5_principal client
;
490 krb5_principal server
;
493 typedef Authenticator krb5_authenticator_data
;
495 typedef krb5_authenticator_data
*krb5_authenticator
;
497 struct krb5_rcache_data
;
498 typedef struct krb5_rcache_data
*krb5_rcache
;
499 typedef Authenticator krb5_donot_replay
;
501 #define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */
502 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02
503 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04
504 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08
505 #define KRB5_STORAGE_BYTEORDER_MASK 0x60
506 #define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */
507 #define KRB5_STORAGE_BYTEORDER_LE 0x20
508 #define KRB5_STORAGE_BYTEORDER_HOST 0x40
509 #define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80
511 struct krb5_storage_data
;
512 typedef struct krb5_storage_data krb5_storage
;
514 typedef struct krb5_keytab_entry
{
515 krb5_principal principal
;
517 krb5_keyblock keyblock
;
520 krb5_principals aliases
;
523 typedef struct krb5_kt_cursor
{
529 struct krb5_keytab_data
;
531 typedef struct krb5_keytab_data
*krb5_keytab
;
533 #define KRB5_KT_PREFIX_MAX_LEN 30
535 struct krb5_keytab_data
{
537 krb5_error_code (KRB5_CALLCONV
* resolve
)(krb5_context
, const char*, krb5_keytab
);
538 krb5_error_code (KRB5_CALLCONV
* get_name
)(krb5_context
, krb5_keytab
, char*, size_t);
539 krb5_error_code (KRB5_CALLCONV
* close
)(krb5_context
, krb5_keytab
);
540 krb5_error_code (KRB5_CALLCONV
* destroy
)(krb5_context
, krb5_keytab
);
541 krb5_error_code (KRB5_CALLCONV
* get
)(krb5_context
, krb5_keytab
, krb5_const_principal
,
542 krb5_kvno
, krb5_enctype
, krb5_keytab_entry
*);
543 krb5_error_code (KRB5_CALLCONV
* start_seq_get
)(krb5_context
, krb5_keytab
, krb5_kt_cursor
*);
544 krb5_error_code (KRB5_CALLCONV
* next_entry
)(krb5_context
, krb5_keytab
,
545 krb5_keytab_entry
*, krb5_kt_cursor
*);
546 krb5_error_code (KRB5_CALLCONV
* end_seq_get
)(krb5_context
, krb5_keytab
, krb5_kt_cursor
*);
547 krb5_error_code (KRB5_CALLCONV
* add
)(krb5_context
, krb5_keytab
, krb5_keytab_entry
*);
548 krb5_error_code (KRB5_CALLCONV
* remove
)(krb5_context
, krb5_keytab
, krb5_keytab_entry
*);
553 typedef struct krb5_keytab_data krb5_kt_ops
;
555 struct krb5_keytab_key_proc_args
{
557 krb5_principal principal
;
560 typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args
;
562 typedef struct krb5_replay_data
{
563 krb5_timestamp timestamp
;
568 /* flags for krb5_auth_con_setflags */
570 KRB5_AUTH_CONTEXT_DO_TIME
= 1,
571 KRB5_AUTH_CONTEXT_RET_TIME
= 2,
572 KRB5_AUTH_CONTEXT_DO_SEQUENCE
= 4,
573 KRB5_AUTH_CONTEXT_RET_SEQUENCE
= 8,
574 KRB5_AUTH_CONTEXT_PERMIT_ALL
= 16,
575 KRB5_AUTH_CONTEXT_USE_SUBKEY
= 32,
576 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
= 64
579 /* flags for krb5_auth_con_genaddrs */
581 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
= 1,
582 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR
= 3,
583 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
= 4,
584 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR
= 12
587 typedef struct krb5_auth_context_data
{
590 krb5_address
*local_address
;
591 krb5_address
*remote_address
;
594 krb5_keyblock
*keyblock
;
595 krb5_keyblock
*local_subkey
;
596 krb5_keyblock
*remote_subkey
;
598 uint32_t local_seqnumber
;
599 uint32_t remote_seqnumber
;
601 krb5_authenticator authenticator
;
603 krb5_pointer i_vector
;
607 krb5_keytype keytype
; /* ¿requested key type ? */
608 krb5_cksumtype cksumtype
; /* ¡requested checksum type! */
610 }krb5_auth_context_data
, *krb5_auth_context
;
614 EncKDCRepPart enc_part
;
618 extern const char *heimdal_version
, *heimdal_long_version
;
620 typedef void (KRB5_CALLCONV
* krb5_log_log_func_t
)(const char*, const char*, void*);
621 typedef void (KRB5_CALLCONV
* krb5_log_close_func_t
)(void*);
623 typedef struct krb5_log_facility
{
626 struct facility
*val
;
629 typedef EncAPRepPart krb5_ap_rep_enc_part
;
631 #define KRB5_RECVAUTH_IGNORE_VERSION 1
633 #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
635 #define KRB5_TGS_NAME_SIZE (6)
636 #define KRB5_TGS_NAME ("krbtgt")
637 #define KRB5_WELLKNOWN_NAME ("WELLKNOWN")
638 #define KRB5_ANON_NAME ("ANONYMOUS")
639 #define KRB5_DIGEST_NAME ("digest")
642 KRB5_PROMPT_TYPE_PASSWORD
= 0x1,
643 KRB5_PROMPT_TYPE_NEW_PASSWORD
= 0x2,
644 KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN
= 0x3,
645 KRB5_PROMPT_TYPE_PREAUTH
= 0x4,
646 KRB5_PROMPT_TYPE_INFO
= 0x5
649 typedef struct _krb5_prompt
{
653 krb5_prompt_type type
;
656 typedef int (KRB5_CALLCONV
* krb5_prompter_fct
)(krb5_context
/*context*/,
658 const char * /*name*/,
659 const char * /*banner*/,
661 krb5_prompt
/*prompts*/[]);
662 typedef krb5_error_code (KRB5_CALLCONV
* krb5_key_proc
)(krb5_context
/*context*/,
663 krb5_enctype
/*type*/,
665 krb5_const_pointer
/*keyseed*/,
666 krb5_keyblock
** /*key*/);
667 typedef krb5_error_code (KRB5_CALLCONV
* krb5_decrypt_proc
)(krb5_context
/*context*/,
668 krb5_keyblock
* /*key*/,
669 krb5_key_usage
/*usage*/,
670 krb5_const_pointer
/*decrypt_arg*/,
671 krb5_kdc_rep
* /*dec_rep*/);
672 typedef krb5_error_code (KRB5_CALLCONV
* krb5_s2k_proc
)(krb5_context
/*context*/,
673 krb5_enctype
/*type*/,
674 krb5_const_pointer
/*keyseed*/,
676 krb5_data
* /*s2kparms*/,
677 krb5_keyblock
** /*key*/);
679 struct _krb5_get_init_creds_opt_private
;
681 struct _krb5_get_init_creds_opt
{
683 krb5_deltat tkt_life
;
684 krb5_deltat renew_life
;
688 krb5_enctype
*etype_list
;
689 int etype_list_length
;
690 krb5_addresses
*address_list
;
691 /* XXX the next three should not be used, as they may be
693 krb5_preauthtype
*preauth_list
;
694 int preauth_list_length
;
696 struct _krb5_get_init_creds_opt_private
*opt_private
;
699 typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt
;
701 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
702 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
703 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
704 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
705 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
706 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
707 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
708 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 /* no supported */
709 #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100
710 #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200
712 /* krb5_init_creds_step flags argument */
713 #define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x0001
715 typedef struct _krb5_verify_init_creds_opt
{
718 } krb5_verify_init_creds_opt
;
720 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
722 typedef struct krb5_verify_opt
{
730 #define KRB5_VERIFY_LREALMS 1
731 #define KRB5_VERIFY_NO_ADDRESSES 2
733 #define KRB5_KPASSWD_VERS_CHANGEPW 1
734 #define KRB5_KPASSWD_VERS_SETPW 0xff80
736 #define KRB5_KPASSWD_SUCCESS 0
737 #define KRB5_KPASSWD_MALFORMED 1
738 #define KRB5_KPASSWD_HARDERROR 2
739 #define KRB5_KPASSWD_AUTHERROR 3
740 #define KRB5_KPASSWD_SOFTERROR 4
741 #define KRB5_KPASSWD_ACCESSDENIED 5
742 #define KRB5_KPASSWD_BAD_VERSION 6
743 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
745 #define KPASSWD_PORT 464
747 /* types for the new krbhst interface */
748 struct krb5_krbhst_data
;
749 typedef struct krb5_krbhst_data
*krb5_krbhst_handle
;
751 #define KRB5_KRBHST_KDC 1
752 #define KRB5_KRBHST_ADMIN 2
753 #define KRB5_KRBHST_CHANGEPW 3
754 #define KRB5_KRBHST_KRB524 4
755 #define KRB5_KRBHST_KCA 5
757 typedef struct krb5_krbhst_info
{
758 enum { KRB5_KRBHST_UDP
,
760 KRB5_KRBHST_HTTP
} proto
;
762 unsigned short def_port
;
764 struct krb5_krbhst_info
*next
;
765 char hostname
[1]; /* has to come last */
768 /* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
770 KRB5_KRBHST_FLAGS_MASTER
= 1,
771 KRB5_KRBHST_FLAGS_LARGE_MSG
= 2
774 typedef krb5_error_code
775 (KRB5_CALLCONV
* krb5_send_to_kdc_func
)(krb5_context
, void *, krb5_krbhst_info
*, time_t,
776 const krb5_data
*, krb5_data
*);
778 /** flags for krb5_parse_name_flags */
780 KRB5_PRINCIPAL_PARSE_NO_REALM
= 1, /**< Require that there are no realm */
781 KRB5_PRINCIPAL_PARSE_REQUIRE_REALM
= 2, /**< Require a realm present */
782 KRB5_PRINCIPAL_PARSE_ENTERPRISE
= 4 /**< Parse as a NT-ENTERPRISE name */
785 /** flags for krb5_unparse_name_flags */
787 KRB5_PRINCIPAL_UNPARSE_SHORT
= 1, /**< No realm if it is the default realm */
788 KRB5_PRINCIPAL_UNPARSE_NO_REALM
= 2, /**< No realm */
789 KRB5_PRINCIPAL_UNPARSE_DISPLAY
= 4 /**< No quoting */
792 typedef struct krb5_sendto_ctx_data
*krb5_sendto_ctx
;
794 #define KRB5_SENDTO_DONE 0
795 #define KRB5_SENDTO_RESTART 1
796 #define KRB5_SENDTO_CONTINUE 2
798 typedef krb5_error_code
799 (KRB5_CALLCONV
* krb5_sendto_ctx_func
)(krb5_context
, krb5_sendto_ctx
, void *,
800 const krb5_data
*, int *);
803 enum krb5_plugin_type
{
804 PLUGIN_TYPE_DATA
= 1,
808 struct credentials
; /* this is to keep the compiler happy */
813 * Semi private, not stable yet
816 typedef struct krb5_crypto_iov
{
819 #define KRB5_CRYPTO_TYPE_EMPTY 0
820 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
821 #define KRB5_CRYPTO_TYPE_HEADER 1
823 #define KRB5_CRYPTO_TYPE_DATA 2
825 #define KRB5_CRYPTO_TYPE_SIGN_ONLY 3
826 /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
827 #define KRB5_CRYPTO_TYPE_PADDING 4
828 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
829 #define KRB5_CRYPTO_TYPE_TRAILER 5
830 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
831 #define KRB5_CRYPTO_TYPE_CHECKSUM 6
840 krb5_timestamp value
;
841 } krb5_last_req_entry
;
843 typedef krb5_error_code
844 (KRB5_CALLCONV
* krb5_gic_process_last_req
)(krb5_context
, krb5_last_req_entry
**, void *);
850 #include <krb5-protos.h>
854 extern KRB5_LIB_VARIABLE
const char *krb5_config_file
;
855 extern KRB5_LIB_VARIABLE
const char *krb5_defkeyname
;
858 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_acc_ops
;
859 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_fcc_ops
;
860 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_mcc_ops
;
861 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_kcm_ops
;
862 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_akcm_ops
;
863 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_scc_ops
;
865 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_fkt_ops
;
866 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_wrfkt_ops
;
867 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_javakt_ops
;
868 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_mkt_ops
;
869 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_akf_ops
;
870 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_any_ops
;
872 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_api
;
873 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_file
;
874 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_memory
;
875 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_kcm
;
876 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_scc
;
878 #endif /* __KRB5_H__ */