search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r19633: Merge to lorikeet-heimdal, removing krb5_rd_req_return_keyblock in favour...
[Samba.git] / source / heimdal / lib / krb5 / krb5.h
blobf5c8b069de156d6110cec091acedec7d563b4c0a
1 /*
2 * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /* $Id: krb5.h,v 1.254 2006/11/07 00:17:42 lha Exp $ */
35
36 #ifndef __KRB5_H__
37 #define __KRB5_H__
38
39 #include <time.h>
40 #include <krb5-types.h>
41
42 #include <asn1_err.h>
43 #include <krb5_err.h>
44 #include <heim_err.h>
45 #include <k524_err.h>
46
47 #include <krb5_asn1.h>
48
49 /* name confusion with MIT */
50 #ifndef KRB5KDC_ERR_KEY_EXP
51 #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
52 #endif
53
54 /* simple constants */
55
56 #ifndef TRUE
57 #define TRUE 1
58 #define FALSE 0
59 #endif
60
61 typedef int krb5_boolean;
62
63 typedef int32_t krb5_error_code;
64
65 typedef int krb5_kvno;
66
67 typedef uint32_t krb5_flags;
68
69 typedef void *krb5_pointer;
70 typedef const void *krb5_const_pointer;
71
72 struct krb5_crypto_data;
73 typedef struct krb5_crypto_data *krb5_crypto;
74
75 struct krb5_get_creds_opt_data;
76 typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt;
77
78 struct krb5_digest;
79 typedef struct krb5_digest *krb5_digest;
80
81 typedef struct krb5_rd_req_in_ctx *krb5_rd_req_in_ctx;
82 typedef struct krb5_rd_req_out_ctx *krb5_rd_req_out_ctx;
83
84 typedef CKSUMTYPE krb5_cksumtype;
85
86 typedef Checksum krb5_checksum;
87
88 typedef ENCTYPE krb5_enctype;
89
90 typedef heim_octet_string krb5_data;
91
92 /* PKINIT related forward declarations */
93 struct ContentInfo;
94 struct krb5_pk_identity;
95 struct krb5_pk_cert;
96
97 /* krb5_enc_data is a mit compat structure */
98 typedef struct krb5_enc_data {
99 krb5_enctype enctype;
100 krb5_kvno kvno;
101 krb5_data ciphertext;
102 } krb5_enc_data;
103
104 /* alternative names */
105 enum {
106 ENCTYPE_NULL = ETYPE_NULL,
107 ENCTYPE_DES_CBC_CRC = ETYPE_DES_CBC_CRC,
108 ENCTYPE_DES_CBC_MD4 = ETYPE_DES_CBC_MD4,
109 ENCTYPE_DES_CBC_MD5 = ETYPE_DES_CBC_MD5,
110 ENCTYPE_DES3_CBC_MD5 = ETYPE_DES3_CBC_MD5,
111 ENCTYPE_OLD_DES3_CBC_SHA1 = ETYPE_OLD_DES3_CBC_SHA1,
112 ENCTYPE_SIGN_DSA_GENERATE = ETYPE_SIGN_DSA_GENERATE,
113 ENCTYPE_ENCRYPT_RSA_PRIV = ETYPE_ENCRYPT_RSA_PRIV,
114 ENCTYPE_ENCRYPT_RSA_PUB = ETYPE_ENCRYPT_RSA_PUB,
115 ENCTYPE_DES3_CBC_SHA1 = ETYPE_DES3_CBC_SHA1,
116 ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96,
117 ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96,
118 ENCTYPE_ARCFOUR_HMAC = ETYPE_ARCFOUR_HMAC_MD5,
119 ENCTYPE_ARCFOUR_HMAC_MD5 = ETYPE_ARCFOUR_HMAC_MD5,
120 ENCTYPE_ARCFOUR_HMAC_MD5_56 = ETYPE_ARCFOUR_HMAC_MD5_56,
121 ENCTYPE_ENCTYPE_PK_CROSS = ETYPE_ENCTYPE_PK_CROSS,
122 ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE,
123 ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE,
124 ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE,
125 ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE
126 };
127
128 typedef PADATA_TYPE krb5_preauthtype;
129
130 typedef enum krb5_key_usage {
131 KRB5_KU_PA_ENC_TIMESTAMP = 1,
132 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
133 client key (section 5.4.1) */
134 KRB5_KU_TICKET = 2,
135 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
136 application session key), encrypted with the service key
137 (section 5.4.2) */
138 KRB5_KU_AS_REP_ENC_PART = 3,
139 /* AS-REP encrypted part (includes tgs session key or application
140 session key), encrypted with the client key (section 5.4.2) */
141 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
142 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
143 session key (section 5.4.1) */
144 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
145 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
146 authenticator subkey (section 5.4.1) */
147 KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
148 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
149 with the tgs session key (sections 5.3.2, 5.4.1) */
150 KRB5_KU_TGS_REQ_AUTH = 7,
151 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
152 authenticator subkey), encrypted with the tgs session key
153 (section 5.3.2) */
154 KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
155 /* TGS-REP encrypted part (includes application session key),
156 encrypted with the tgs session key (section 5.4.2) */
157 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
158 /* TGS-REP encrypted part (includes application session key),
159 encrypted with the tgs authenticator subkey (section 5.4.2) */
160 KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
161 /* AP-REQ Authenticator cksum, keyed with the application session
162 key (section 5.3.2) */
163 KRB5_KU_AP_REQ_AUTH = 11,
164 /* AP-REQ Authenticator (includes application authenticator
165 subkey), encrypted with the application session key (section
166 5.3.2) */
167 KRB5_KU_AP_REQ_ENC_PART = 12,
168 /* AP-REP encrypted part (includes application session subkey),
169 encrypted with the application session key (section 5.5.2) */
170 KRB5_KU_KRB_PRIV = 13,
171 /* KRB-PRIV encrypted part, encrypted with a key chosen by the
172 application (section 5.7.1) */
173 KRB5_KU_KRB_CRED = 14,
174 /* KRB-CRED encrypted part, encrypted with a key chosen by the
175 application (section 5.8.1) */
176 KRB5_KU_KRB_SAFE_CKSUM = 15,
177 /* KRB-SAFE cksum, keyed with a key chosen by the application
178 (section 5.6.1) */
179 KRB5_KU_OTHER_ENCRYPTED = 16,
180 /* Data which is defined in some specification outside of
181 Kerberos to be encrypted using an RFC1510 encryption type. */
182 KRB5_KU_OTHER_CKSUM = 17,
183 /* Data which is defined in some specification outside of
184 Kerberos to be checksummed using an RFC1510 checksum type. */
185 KRB5_KU_KRB_ERROR = 18,
186 /* Krb-error checksum */
187 KRB5_KU_AD_KDC_ISSUED = 19,
188 /* AD-KDCIssued checksum */
189 KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
190 /* Checksum for Mandatory Ticket Extensions */
191 KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
192 /* Checksum in Authorization Data in Ticket Extensions */
193 KRB5_KU_USAGE_SEAL = 22,
194 /* seal in GSSAPI krb5 mechanism */
195 KRB5_KU_USAGE_SIGN = 23,
196 /* sign in GSSAPI krb5 mechanism */
197 KRB5_KU_USAGE_SEQ = 24,
198 /* SEQ in GSSAPI krb5 mechanism */
199 KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
200 /* acceptor sign in GSSAPI CFX krb5 mechanism */
201 KRB5_KU_USAGE_ACCEPTOR_SIGN = 23,
202 /* acceptor seal in GSSAPI CFX krb5 mechanism */
203 KRB5_KU_USAGE_INITIATOR_SEAL = 24,
204 /* initiator sign in GSSAPI CFX krb5 mechanism */
205 KRB5_KU_USAGE_INITIATOR_SIGN = 25,
206 /* initiator seal in GSSAPI CFX krb5 mechanism */
207 KRB5_KU_PA_SERVER_REFERRAL_DATA = 22,
208 /* encrypted server referral data */
209 KRB5_KU_SAM_CHECKSUM = 25,
210 /* Checksum for the SAM-CHECKSUM field */
211 KRB5_KU_SAM_ENC_TRACK_ID = 26,
212 /* Encryption of the SAM-TRACK-ID field */
213 KRB5_KU_PA_SERVER_REFERRAL = 26,
214 /* Keyusage for the server referral in a TGS req */
215 KRB5_KU_SAM_ENC_NONCE_SAD = 27,
216 /* Encryption of the SAM-NONCE-OR-SAD field */
217 KRB5_KU_TGS_IMPERSONATE = -17,
218 /* Checksum type used in the impersonate field */
219 KRB5_KU_DIGEST_ENCRYPT = -18,
220 /* Encryption key usage used in the digest encryption field */
221 KRB5_KU_DIGEST_OPAQUE = -19,
222 /* Checksum key usage used in the digest opaque field */
223 KRB5_KU_KRB5SIGNEDPATH = -21
224 /* Checksum key usage on KRB5SignedPath */
225 } krb5_key_usage;
226
227 typedef krb5_key_usage krb5_keyusage;
228
229 typedef enum krb5_salttype {
230 KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
231 KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
232 }krb5_salttype;
233
234 typedef struct krb5_salt {
235 krb5_salttype salttype;
236 krb5_data saltvalue;
237 } krb5_salt;
238
239 typedef ETYPE_INFO krb5_preauthinfo;
240
241 typedef struct {
242 krb5_preauthtype type;
243 krb5_preauthinfo info; /* list of preauthinfo for this type */
244 } krb5_preauthdata_entry;
245
246 typedef struct krb5_preauthdata {
247 unsigned len;
248 krb5_preauthdata_entry *val;
249 }krb5_preauthdata;
250
251 typedef enum krb5_address_type {
252 KRB5_ADDRESS_INET = 2,
253 KRB5_ADDRESS_NETBIOS = 20,
254 KRB5_ADDRESS_INET6 = 24,
255 KRB5_ADDRESS_ADDRPORT = 256,
256 KRB5_ADDRESS_IPPORT = 257
257 } krb5_address_type;
258
259 enum {
260 AP_OPTS_USE_SESSION_KEY = 1,
261 AP_OPTS_MUTUAL_REQUIRED = 2,
262 AP_OPTS_USE_SUBKEY = 4 /* library internal */
263 };
264
265 typedef HostAddress krb5_address;
266
267 typedef HostAddresses krb5_addresses;
268
269 typedef enum krb5_keytype {
270 KEYTYPE_NULL = 0,
271 KEYTYPE_DES = 1,
272 KEYTYPE_DES3 = 7,
273 KEYTYPE_AES128 = 17,
274 KEYTYPE_AES256 = 18,
275 KEYTYPE_ARCFOUR = 23,
276 KEYTYPE_ARCFOUR_56 = 24
277 } krb5_keytype;
278
279 typedef EncryptionKey krb5_keyblock;
280
281 typedef AP_REQ krb5_ap_req;
282
283 struct krb5_cc_ops;
284
285 #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
286
287 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
288
289 #define KRB5_ACCEPT_NULL_ADDRESSES(C) \
290 krb5_config_get_bool_default((C), NULL, TRUE, \
291 "libdefaults", "accept_null_addresses", \
292 NULL)
293
294 typedef void *krb5_cc_cursor;
295
296 typedef struct krb5_ccache_data {
297 const struct krb5_cc_ops *ops;
298 krb5_data data;
299 }krb5_ccache_data;
300
301 typedef struct krb5_ccache_data *krb5_ccache;
302
303 typedef struct krb5_context_data *krb5_context;
304
305 typedef Realm krb5_realm;
306 typedef const char *krb5_const_realm; /* stupid language */
307
308 #define krb5_realm_length(r) strlen(r)
309 #define krb5_realm_data(r) (r)
310
311 typedef Principal krb5_principal_data;
312 typedef struct Principal *krb5_principal;
313 typedef const struct Principal *krb5_const_principal;
314
315 typedef time_t krb5_deltat;
316 typedef time_t krb5_timestamp;
317
318 typedef struct krb5_times {
319 krb5_timestamp authtime;
320 krb5_timestamp starttime;
321 krb5_timestamp endtime;
322 krb5_timestamp renew_till;
323 } krb5_times;
324
325 typedef union {
326 TicketFlags b;
327 krb5_flags i;
328 } krb5_ticket_flags;
329
330 /* options for krb5_get_in_tkt() */
331 #define KDC_OPT_FORWARDABLE (1 << 1)
332 #define KDC_OPT_FORWARDED (1 << 2)
333 #define KDC_OPT_PROXIABLE (1 << 3)
334 #define KDC_OPT_PROXY (1 << 4)
335 #define KDC_OPT_ALLOW_POSTDATE (1 << 5)
336 #define KDC_OPT_POSTDATED (1 << 6)
337 #define KDC_OPT_RENEWABLE (1 << 8)
338 #define KDC_OPT_REQUEST_ANONYMOUS (1 << 14)
339 #define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26)
340 #define KDC_OPT_RENEWABLE_OK (1 << 27)
341 #define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28)
342 #define KDC_OPT_RENEW (1 << 30)
343 #define KDC_OPT_VALIDATE (1 << 31)
344
345 typedef union {
346 KDCOptions b;
347 krb5_flags i;
348 } krb5_kdc_flags;
349
350 /* flags for krb5_verify_ap_req */
351
352 #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0)
353
354 #define KRB5_GC_CACHED (1U << 0)
355 #define KRB5_GC_USER_USER (1U << 1)
356 #define KRB5_GC_EXPIRED_OK (1U << 2)
357 #define KRB5_GC_NO_STORE (1U << 3)
358 #define KRB5_GC_FORWARDABLE (1U << 4)
359 #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5)
360
361 /* constants for compare_creds (and cc_retrieve_cred) */
362 #define KRB5_TC_DONT_MATCH_REALM (1U << 31)
363 #define KRB5_TC_MATCH_KEYTYPE (1U << 30)
364 #define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */
365 #define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
366 #define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
367 #define KRB5_TC_MATCH_FLAGS (1 << 27)
368 #define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
369 #define KRB5_TC_MATCH_TIMES (1 << 25)
370 #define KRB5_TC_MATCH_AUTHDATA (1 << 24)
371 #define KRB5_TC_MATCH_2ND_TKT (1 << 23)
372 #define KRB5_TC_MATCH_IS_SKEY (1 << 22)
373
374 typedef AuthorizationData krb5_authdata;
375
376 typedef KRB_ERROR krb5_error;
377
378 typedef struct krb5_creds {
379 krb5_principal client;
380 krb5_principal server;
381 krb5_keyblock session;
382 krb5_times times;
383 krb5_data ticket;
384 krb5_data second_ticket;
385 krb5_authdata authdata;
386 krb5_addresses addresses;
387 krb5_ticket_flags flags;
388 } krb5_creds;
389
390 typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
391
392 typedef struct krb5_cc_ops {
393 const char *prefix;
394 const char* (*get_name)(krb5_context, krb5_ccache);
395 krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *);
396 krb5_error_code (*gen_new)(krb5_context, krb5_ccache *);
397 krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal);
398 krb5_error_code (*destroy)(krb5_context, krb5_ccache);
399 krb5_error_code (*close)(krb5_context, krb5_ccache);
400 krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*);
401 krb5_error_code (*retrieve)(krb5_context, krb5_ccache,
402 krb5_flags, const krb5_creds*, krb5_creds *);
403 krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*);
404 krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
405 krb5_error_code (*get_next)(krb5_context, krb5_ccache,
406 krb5_cc_cursor*, krb5_creds*);
407 krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
408 krb5_error_code (*remove_cred)(krb5_context, krb5_ccache,
409 krb5_flags, krb5_creds*);
410 krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags);
411 int (*get_version)(krb5_context, krb5_ccache);
412 krb5_error_code (*get_cache_first)(krb5_context, krb5_cc_cursor *);
413 krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *);
414 krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor);
415 } krb5_cc_ops;
416
417 struct krb5_log_facility;
418
419 struct krb5_config_binding {
420 enum { krb5_config_string, krb5_config_list } type;
421 char *name;
422 struct krb5_config_binding *next;
423 union {
424 char *string;
425 struct krb5_config_binding *list;
426 void *generic;
427 } u;
428 };
429
430 typedef struct krb5_config_binding krb5_config_binding;
431
432 typedef krb5_config_binding krb5_config_section;
433
434 enum {
435 KRB5_PKINIT_WIN2K = 1, /* wire compatible with Windows 2k */
436 KRB5_PKINIT_PACKET_CABLE = 2 /* use packet cable standard */
437 };
438
439 typedef struct krb5_ticket {
440 EncTicketPart ticket;
441 krb5_principal client;
442 krb5_principal server;
443 } krb5_ticket;
444
445 typedef Authenticator krb5_authenticator_data;
446
447 typedef krb5_authenticator_data *krb5_authenticator;
448
449 struct krb5_rcache_data;
450 typedef struct krb5_rcache_data *krb5_rcache;
451 typedef Authenticator krb5_donot_replay;
452
453 #define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */
454 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02
455 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04
456 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08
457 #define KRB5_STORAGE_BYTEORDER_MASK 0x60
458 #define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */
459 #define KRB5_STORAGE_BYTEORDER_LE 0x20
460 #define KRB5_STORAGE_BYTEORDER_HOST 0x40
461 #define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80
462
463 struct krb5_storage_data;
464 typedef struct krb5_storage_data krb5_storage;
465
466 typedef struct krb5_keytab_entry {
467 krb5_principal principal;
468 krb5_kvno vno;
469 krb5_keyblock keyblock;
470 uint32_t timestamp;
471 } krb5_keytab_entry;
472
473 typedef struct krb5_kt_cursor {
474 int fd;
475 krb5_storage *sp;
476 void *data;
477 } krb5_kt_cursor;
478
479 struct krb5_keytab_data;
480
481 typedef struct krb5_keytab_data *krb5_keytab;
482
483 #define KRB5_KT_PREFIX_MAX_LEN 30
484
485 struct krb5_keytab_data {
486 const char *prefix;
487 krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab);
488 krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t);
489 krb5_error_code (*close)(krb5_context, krb5_keytab);
490 krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal,
491 krb5_kvno, krb5_enctype, krb5_keytab_entry*);
492 krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
493 krb5_error_code (*next_entry)(krb5_context, krb5_keytab,
494 krb5_keytab_entry*, krb5_kt_cursor*);
495 krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
496 krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
497 krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
498 void *data;
499 int32_t version;
500 };
501
502 typedef struct krb5_keytab_data krb5_kt_ops;
503
504 struct krb5_keytab_key_proc_args {
505 krb5_keytab keytab;
506 krb5_principal principal;
507 };
508
509 typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
510
511 typedef struct krb5_replay_data {
512 krb5_timestamp timestamp;
513 int32_t usec;
514 uint32_t seq;
515 } krb5_replay_data;
516
517 /* flags for krb5_auth_con_setflags */
518 enum {
519 KRB5_AUTH_CONTEXT_DO_TIME = 1,
520 KRB5_AUTH_CONTEXT_RET_TIME = 2,
521 KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4,
522 KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8,
523 KRB5_AUTH_CONTEXT_PERMIT_ALL = 16,
524 KRB5_AUTH_CONTEXT_USE_SUBKEY = 32,
525 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED = 64
526 };
527
528 /* flags for krb5_auth_con_genaddrs */
529 enum {
530 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1,
531 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3,
532 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4,
533 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
534 };
535
536 typedef struct krb5_auth_context_data {
537 unsigned int flags;
538
539 krb5_address *local_address;
540 krb5_address *remote_address;
541 int16_t local_port;
542 int16_t remote_port;
543 krb5_keyblock *keyblock;
544 krb5_keyblock *local_subkey;
545 krb5_keyblock *remote_subkey;
546
547 uint32_t local_seqnumber;
548 uint32_t remote_seqnumber;
549
550 krb5_authenticator authenticator;
551
552 krb5_pointer i_vector;
553
554 krb5_rcache rcache;
555
556 krb5_keytype keytype; /* ¿requested key type ? */
557 krb5_cksumtype cksumtype; /* ¡requested checksum type! */
558
559 }krb5_auth_context_data, *krb5_auth_context;
560
561 typedef struct {
562 KDC_REP kdc_rep;
563 EncKDCRepPart enc_part;
564 KRB_ERROR error;
565 } krb5_kdc_rep;
566
567 extern const char *heimdal_version, *heimdal_long_version;
568
569 typedef void (*krb5_log_log_func_t)(const char*, const char*, void*);
570 typedef void (*krb5_log_close_func_t)(void*);
571
572 typedef struct krb5_log_facility {
573 char *program;
574 int len;
575 struct facility *val;
576 } krb5_log_facility;
577
578 typedef EncAPRepPart krb5_ap_rep_enc_part;
579
580 #define KRB5_RECVAUTH_IGNORE_VERSION 1
581
582 #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
583
584 #define KRB5_TGS_NAME_SIZE (6)
585 #define KRB5_TGS_NAME ("krbtgt")
586
587 #define KRB5_DIGEST_NAME ("digest")
588
589 /* variables */
590
591 extern const char *krb5_config_file;
592 extern const char *krb5_defkeyname;
593
594 typedef enum {
595 KRB5_PROMPT_TYPE_PASSWORD = 0x1,
596 KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2,
597 KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
598 KRB5_PROMPT_TYPE_PREAUTH = 0x4,
599 KRB5_PROMPT_TYPE_INFO = 0x5
600 } krb5_prompt_type;
601
602 typedef struct _krb5_prompt {
603 const char *prompt;
604 int hidden;
605 krb5_data *reply;
606 krb5_prompt_type type;
607 } krb5_prompt;
608
609 typedef int (*krb5_prompter_fct)(krb5_context /*context*/,
610 void * /*data*/,
611 const char * /*name*/,
612 const char * /*banner*/,
613 int /*num_prompts*/,
614 krb5_prompt /*prompts*/[]);
615 typedef krb5_error_code (*krb5_key_proc)(krb5_context /*context*/,
616 krb5_enctype /*type*/,
617 krb5_salt /*salt*/,
618 krb5_const_pointer /*keyseed*/,
619 krb5_keyblock ** /*key*/);
620 typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context /*context*/,
621 krb5_keyblock * /*key*/,
622 krb5_key_usage /*usage*/,
623 krb5_const_pointer /*decrypt_arg*/,
624 krb5_kdc_rep * /*dec_rep*/);
625 typedef krb5_error_code (*krb5_s2k_proc)(krb5_context /*context*/,
626 krb5_enctype /*type*/,
627 krb5_const_pointer /*keyseed*/,
628 krb5_salt /*salt*/,
629 krb5_data * /*s2kparms*/,
630 krb5_keyblock ** /*key*/);
631
632 struct _krb5_get_init_creds_opt_private;
633
634 typedef struct _krb5_get_init_creds_opt {
635 krb5_flags flags;
636 krb5_deltat tkt_life;
637 krb5_deltat renew_life;
638 int forwardable;
639 int proxiable;
640 int anonymous;
641 krb5_enctype *etype_list;
642 int etype_list_length;
643 krb5_addresses *address_list;
644 /* XXX the next three should not be used, as they may be
645 removed later */
646 krb5_preauthtype *preauth_list;
647 int preauth_list_length;
648 krb5_data *salt;
649 struct _krb5_get_init_creds_opt_private *opt_private;
650 } krb5_get_init_creds_opt;
651
652 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
653 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
654 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
655 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
656 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
657 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
658 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
659 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
660 #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100
661 #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200
662
663 typedef struct _krb5_verify_init_creds_opt {
664 krb5_flags flags;
665 int ap_req_nofail;
666 } krb5_verify_init_creds_opt;
667
668 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
669
670 typedef struct krb5_verify_opt {
671 unsigned int flags;
672 krb5_ccache ccache;
673 krb5_keytab keytab;
674 krb5_boolean secure;
675 const char *service;
676 } krb5_verify_opt;
677
678 #define KRB5_VERIFY_LREALMS 1
679 #define KRB5_VERIFY_NO_ADDRESSES 2
680
681 extern const krb5_cc_ops krb5_acc_ops;
682 extern const krb5_cc_ops krb5_fcc_ops;
683 extern const krb5_cc_ops krb5_mcc_ops;
684 extern const krb5_cc_ops krb5_kcm_ops;
685
686 extern const krb5_kt_ops krb5_fkt_ops;
687 extern const krb5_kt_ops krb5_wrfkt_ops;
688 extern const krb5_kt_ops krb5_javakt_ops;
689 extern const krb5_kt_ops krb5_mkt_ops;
690 extern const krb5_kt_ops krb5_akf_ops;
691 extern const krb5_kt_ops krb4_fkt_ops;
692 extern const krb5_kt_ops krb5_srvtab_fkt_ops;
693 extern const krb5_kt_ops krb5_any_ops;
694
695 #define KRB5_KPASSWD_VERS_CHANGEPW 1
696 #define KRB5_KPASSWD_VERS_SETPW 0xff80
697
698 #define KRB5_KPASSWD_SUCCESS 0
699 #define KRB5_KPASSWD_MALFORMED 1
700 #define KRB5_KPASSWD_HARDERROR 2
701 #define KRB5_KPASSWD_AUTHERROR 3
702 #define KRB5_KPASSWD_SOFTERROR 4
703 #define KRB5_KPASSWD_ACCESSDENIED 5
704 #define KRB5_KPASSWD_BAD_VERSION 6
705 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
706
707 #define KPASSWD_PORT 464
708
709 /* types for the new krbhst interface */
710 struct krb5_krbhst_data;
711 typedef struct krb5_krbhst_data *krb5_krbhst_handle;
712
713 #define KRB5_KRBHST_KDC 1
714 #define KRB5_KRBHST_ADMIN 2
715 #define KRB5_KRBHST_CHANGEPW 3
716 #define KRB5_KRBHST_KRB524 4
717
718 typedef struct krb5_krbhst_info {
719 enum { KRB5_KRBHST_UDP,
720 KRB5_KRBHST_TCP,
721 KRB5_KRBHST_HTTP } proto;
722 unsigned short port;
723 unsigned short def_port;
724 struct addrinfo *ai;
725 struct krb5_krbhst_info *next;
726 char hostname[1]; /* has to come last */
727 } krb5_krbhst_info;
728
729 /* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
730 enum {
731 KRB5_KRBHST_FLAGS_MASTER = 1,
732 KRB5_KRBHST_FLAGS_LARGE_MSG = 2
733 };
734
735 typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context,
736 void *,
737 krb5_krbhst_info *,
738 const krb5_data *,
739 krb5_data *);
740
741 /* flags for krb5_parse_name_flags */
742 enum {
743 KRB5_PRINCIPAL_PARSE_NO_REALM = 1,
744 KRB5_PRINCIPAL_PARSE_MUST_REALM = 2
745 };
746
747 /* flags for krb5_unparse_name_flags */
748 enum {
749 KRB5_PRINCIPAL_UNPARSE_SHORT = 1,
750 KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2
751 };
752
753 struct credentials; /* this is to keep the compiler happy */
754 struct getargs;
755 struct sockaddr;
756
757 #include <krb5-protos.h>
758
759 #endif /* __KRB5_H__ */
760
Samba GIT mirror