1/* 2* Copyright 2008 Massachusetts Institute of Technology. 3* All Rights Reserved. 4* 5* Export of this software from the United States of America may 6* require a specific license from the United States Government. 7* It is the responsibility of any person or organization contemplating 8* export to obtain such a license before exporting. 9* 10* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 11* distribute this software and its documentation for any purpose and 12* without fee is hereby granted, provided that the above copyright 13* notice appear in all copies and that both that copyright notice and 14* this permission notice appear in supporting documentation, and that 15* the name of M.I.T. not be used in advertising or publicity pertaining 16* to distribution of the software without specific, written prior 17* permission. Furthermore if you modify this software you must label 18* your software as modified software and not distribute it in such a 19* fashion that it might be confused with the original M.I.T. software. 20* M.I.T. makes no representations about the suitability of 21* this software for any purpose. It is provided "as is" without express 22* or implied warranty. 23*/ 24 25#ifndef __KERBEROSLOGIN__ 26#define __KERBEROSLOGIN__ 27 28#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) 29# include <TargetConditionals.h> 30# if TARGET_RT_MAC_CFM 31# error "Use KfM 4.0 SDK headers for CFM compilation." 32# endif 33#endif 34 35#if (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) >= 30203 36# define KERBEROSLOGIN_DEPRECATED __attribute__((deprecated)) 37#else 38# define KERBEROSLOGIN_DEPRECATED 39#endif 40 41#include <sys/types.h> 42 43#ifdef __cplusplus 44extern "C" { 45#endif 46 47#if TARGET_OS_MAC 48# pragma pack(push,2) 49#endif 50 51/* 52 * Kerberos version constants 53 */ 54enum { 55 kerberosVersion_Any = 0, 56 kerberosVersion_V4 = 1, 57 kerberosVersion_V5 = 2, 58 kerberosVersion_All = 0xFFFFFFFF 59}; 60typedef int32_t KLEKerberosVersion; 61 62/* 63 * Dialog identifier constants 64 */ 65enum { 66 loginLibrary_LoginDialog, 67 loginLibrary_OptionsDialog, 68 loginLibrary_ChangePasswordDialog, 69 loginLibrary_ProgressDialog, 70 loginLibrary_PrompterDialog, 71 loginLibrary_UnknownDialog = -1 72}; 73typedef int32_t KLEDialogIdentifiers; 74 75 76/* 77 * Option identifier constants 78 */ 79enum { 80 /* Initial values and ranges */ 81 loginOption_LoginName = 'name', 82 loginOption_LoginInstance = 'inst', 83 84 loginOption_RememberPrincipal = 'prin', 85 loginOption_RememberExtras = 'extr', 86 87 loginOption_MinimalTicketLifetime = '-lif', 88 loginOption_MaximalTicketLifetime = '+lif', 89 loginOption_DefaultTicketLifetime = '0lif', 90 91 loginOption_DefaultRenewableTicket = '0rtx', 92 loginOption_MinimalRenewableLifetime = '-rlf', 93 loginOption_MaximalRenewableLifetime = '+rlf', 94 loginOption_DefaultRenewableLifetime = '0rlf', 95 96 loginOption_DefaultForwardableTicket = '0fwd', 97 loginOption_DefaultProxiableTicket = '0prx', 98 loginOption_DefaultAddresslessTicket = '0adr' 99}; 100typedef int32_t KLEDefaultLoginOptions; 101 102 103/* 104 * Realm list constants 105 */ 106enum { 107 realmList_Start = 0, 108 realmList_End = 0xFFFF 109}; 110typedef int32_t KLERealmListIndexes; 111 112#define klFirstError 19276 113#define klLastError 19876 114 115/* 116 * Error codes 117 */ 118enum { 119 klNoErr = 0, 120 121 /* Parameter errors */ 122 klParameterErr = 19276, 123 klBadPrincipalErr, 124 klBadPasswordErr, 125 klBadLoginOptionsErr, 126 klInvalidVersionErr, 127 klCapsLockErr, 128 klBadV5ContextErr, 129 130 /* Get/SetKerberosOption errors */ 131 klBufferTooSmallErr = 19376, 132 klBufferTooLargeErr, 133 klInvalidOptionErr, 134 klBadOptionValueErr, 135 136 /* Runtime Login errors */ 137 klUserCanceledErr = 19476, 138 klMemFullErr, 139 klPreferencesReadErr, 140 klPreferencesWriteErr, 141 klV5InitializationFailedErr, 142 klPrincipalDoesNotExistErr, 143 klSystemDefaultDoesNotExistErr, 144 klCredentialsExpiredErr, 145 klNoRealmsErr, 146 klRealmDoesNotExistErr, 147 klNoCredentialsErr, 148 klCredentialsBadAddressErr, 149 klCacheDoesNotExistErr, 150 klNoHostnameErr, 151 klCredentialsNeedValidationErr, 152 153 /* Password changing errors */ 154 klPasswordMismatchErr = 19576, 155 klInsecurePasswordErr, 156 klPasswordChangeFailedErr, 157 158 /* Login IPC errors */ 159 klCantContactServerErr = 19776, 160 klCantDisplayUIErr, 161 klServerInsecureErr 162 163}; 164typedef int32_t KLEStatus; 165 166/* 167 * Types 168 */ 169 170typedef int32_t KLStatus; /* one of KLEStatus */ 171typedef u_int32_t KLKerberosVersion; /* one of KLEKerberosVersion */ 172typedef u_int32_t KLDefaultLoginOption; /* one of KLEDefaultLoginOptions */ 173typedef u_int32_t KLLoginMode; /* one of KLELoginMode */ 174typedef u_int32_t KLDialogIdentifier; /* one of KLEDialogIdentifiers */ 175typedef u_int32_t KLIndex; /* index (used for the realm list) */ 176typedef u_int32_t KLLifetime; /* Lifetime in seconds */ 177typedef u_int32_t KLTime; /* Unix time (seconds since 1/1/1970 00:00:00 GMT) */ 178typedef u_int32_t KLSize; /* size of a buffer */ 179typedef u_int32_t KLRefCon; /* application ref con */ 180typedef int8_t KLBoolean; /* true or false! (unsigned 8 byte value to match Boolean) */ 181typedef int16_t KLSInt16; /* used for Darwin-compat for KLApplicationOptions */ 182 183/* Callback API for Kerberos Login Mach IPC idle filter */ 184typedef void (*KLIdleCallback) (KLRefCon appData); 185#define CallKLIdleCallback(userRoutine, appData) ((userRoutine) (appData)) 186 187/* Principal information */ 188typedef struct Principal *KLPrincipal; 189 190/* Login Options */ 191typedef struct KLLoginOptions *KLLoginOptions; 192 193/* 194 * 195 * Functions 196 * 197 */ 198 199/* Deprecated functions -- provided for compatibility with KfM 4.0 */ 200 201KLStatus KLAcquireTickets (KLPrincipal inPrincipal, 202 KLPrincipal *outPrincipal, 203 char **outCredCacheName) 204 KERBEROSLOGIN_DEPRECATED; 205 206KLStatus KLAcquireNewTickets (KLPrincipal inPrincipal, 207 KLPrincipal *outPrincipal, 208 char **outCredCacheName) 209 KERBEROSLOGIN_DEPRECATED; 210 211KLStatus KLAcquireTicketsWithPassword (KLPrincipal inPrincipal, 212 KLLoginOptions inLoginOptions, 213 const char *inPassword, 214 char **outCredCacheName) 215 KERBEROSLOGIN_DEPRECATED; 216 217KLStatus KLAcquireNewTicketsWithPassword (KLPrincipal inPrincipal, 218 KLLoginOptions inLoginOptions, 219 const char *inPassword, 220 char **outCredCacheName) 221 KERBEROSLOGIN_DEPRECATED; 222 223KLStatus KLSetApplicationOptions (const void *inAppOptions) 224 KERBEROSLOGIN_DEPRECATED; 225 226KLStatus KLGetApplicationOptions (void *outAppOptions) 227 KERBEROSLOGIN_DEPRECATED; 228 229 230/* Kerberos Login high-level API */ 231KLStatus KLAcquireInitialTickets (KLPrincipal inPrincipal, 232 KLLoginOptions inLoginOptions, 233 KLPrincipal *outPrincipal, 234 char **outCredCacheName); 235 236KLStatus KLAcquireNewInitialTickets (KLPrincipal inPrincipal, 237 KLLoginOptions inLoginOptions, 238 KLPrincipal *outPrincipal, 239 char **outCredCacheName); 240 241KLStatus KLDestroyTickets (KLPrincipal inPrincipal); 242 243KLStatus KLChangePassword (KLPrincipal inPrincipal); 244 245 246/* Kerberos Login dialog low level functions */ 247 248KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal inPrincipal, 249 KLLoginOptions inLoginOptions, 250 const char *inPassword, 251 char **outCredCacheName); 252 253KLStatus KLAcquireNewInitialTicketsWithPassword (KLPrincipal inPrincipal, 254 KLLoginOptions inLoginOptions, 255 const char *inPassword, 256 char **outCredCacheName); 257 258KLStatus KLAcquireNewInitialTicketCredentialsWithPassword (KLPrincipal inPrincipal, 259 KLLoginOptions inLoginOptions, 260 const char *inPassword, 261 void *inV5Context, 262 KLBoolean *outGotV4Credentials, 263 KLBoolean *outGotV5Credentials, 264 void *outV4Credentials, 265 void *outV5Credentials); 266 267KLStatus KLStoreNewInitialTicketCredentials (KLPrincipal inPrincipal, 268 void *inV5Context, 269 void *inV4Credentials, 270 void *inV5Credentials, 271 char **outCredCacheName); 272 273KLStatus KLVerifyInitialTickets (KLPrincipal inPrincipal, 274 KLBoolean inFailIfNoHostKey, 275 char **outCredCacheName); 276 277KLStatus KLVerifyInitialTicketCredentials (void *inV4Credentials, 278 void *inV5Credentials, 279 KLBoolean inFailIfNoHostKey); 280 281KLStatus KLAcquireNewInitialTicketsWithKeytab (KLPrincipal inPrincipal, 282 KLLoginOptions inLoginOptions, 283 const char *inKeytabName, 284 char **outCredCacheName); 285 286KLStatus KLRenewInitialTickets (KLPrincipal inPrincipal, 287 KLLoginOptions inLoginOptions, 288 KLPrincipal *outPrincipal, 289 char **outCredCacheName); 290 291KLStatus KLValidateInitialTickets (KLPrincipal inPrincipal, 292 KLLoginOptions inLoginOptions, 293 char **outCredCacheName); 294 295KLStatus KLLastChangedTime (KLTime *outLastChangedTime); 296 297KLStatus KLCacheHasValidTickets (KLPrincipal inPrincipal, 298 KLKerberosVersion inKerberosVersion, 299 KLBoolean *outFoundValidTickets, 300 KLPrincipal *outPrincipal, 301 char **outCredCacheName); 302 303KLStatus KLTicketStartTime (KLPrincipal inPrincipal, 304 KLKerberosVersion inKerberosVersion, 305 KLTime *outStartTime); 306 307KLStatus KLTicketExpirationTime (KLPrincipal inPrincipal, 308 KLKerberosVersion inKerberosVersion, 309 KLTime *outExpirationTime); 310 311KLStatus KLSetSystemDefaultCache (KLPrincipal inPrincipal); 312 313KLStatus KLHandleError (KLStatus inError, 314 KLDialogIdentifier inDialogIdentifier, 315 KLBoolean inShowAlert); 316 317KLStatus KLGetErrorString (KLStatus inError, 318 char **outErrorString); 319 320KLStatus KLCancelAllDialogs (void); 321 322/* Kerberos change password dialog low level functions */ 323 324KLStatus KLChangePasswordWithPasswords (KLPrincipal inPrincipal, 325 const char *inOldPassword, 326 const char *inNewPassword, 327 KLBoolean *outRejected, 328 char **outRejectionError, 329 char **outRejectionDescription); 330 331/* Application Configuration functions */ 332 333KLStatus KLSetIdleCallback (const KLIdleCallback inCallback, 334 const KLRefCon inRefCon); 335 336KLStatus KLGetIdleCallback (KLIdleCallback* inCallback, 337 KLRefCon* inRefCon); 338 339/* Library configuration functions */ 340 341KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption inOption, 342 void *ioBuffer, 343 KLSize *ioBufferSize); 344 345KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption inOption, 346 const void *inBuffer, 347 const KLSize inBufferSize); 348 349/* Realm configuration functions */ 350 351KLStatus KLFindKerberosRealmByName (const char *inRealmName, 352 KLIndex *outIndex); 353 354KLStatus KLGetKerberosRealm (KLIndex inIndex, 355 char **outRealmName); 356 357KLStatus KLSetKerberosRealm (KLIndex inIndex, 358 const char *inRealmName); 359 360KLStatus KLRemoveKerberosRealm (KLIndex inIndex); 361 362KLStatus KLInsertKerberosRealm (KLIndex inInsertBeforeIndex, 363 const char *inRealmName); 364 365KLStatus KLRemoveAllKerberosRealms (void); 366 367KLSize KLCountKerberosRealms (void); 368 369KLStatus KLGetKerberosDefaultRealm(KLIndex *outIndex); 370 371KLStatus KLGetKerberosDefaultRealmByName (char **outRealmName); 372 373KLStatus KLSetKerberosDefaultRealm (KLIndex inIndex); 374 375KLStatus KLSetKerberosDefaultRealmByName (const char *inRealm); 376 377/* KLPrincipal functions */ 378 379KLStatus KLCreatePrincipalFromTriplet (const char *inName, 380 const char *inInstance, 381 const char *inRealm, 382 KLPrincipal *outPrincipal); 383 384KLStatus KLCreatePrincipalFromString (const char *inFullPrincipal, 385 KLKerberosVersion inKerberosVersion, 386 KLPrincipal *outPrincipal); 387 388KLStatus KLCreatePrincipalFromKerberos5Principal (void *inKerberos5Principal, 389 KLPrincipal *outPrincipal); 390 391KLStatus KLCreatePrincipalFromPrincipal (KLPrincipal inPrincipal, 392 KLPrincipal *outPrincipal); 393 394KLStatus KLGetTripletFromPrincipal (KLPrincipal inPrincipal, 395 char **outName, 396 char **outInstance, 397 char **outRealm); 398 399KLStatus KLGetStringFromPrincipal (KLPrincipal inPrincipal, 400 KLKerberosVersion inKerberosVersion, 401 char **outFullPrincipal); 402 403KLStatus KLGetDisplayStringFromPrincipal (KLPrincipal inPrincipal, 404 KLKerberosVersion inKerberosVersion, 405 char **outFullPrincipal); 406 407KLStatus KLComparePrincipal (KLPrincipal inFirstPrincipal, 408 KLPrincipal inSecondPrincipal, 409 KLBoolean *outAreEquivalent); 410 411KLStatus KLDisposePrincipal (KLPrincipal inPrincipal); 412 413/* KLLoginOptions functions */ 414 415KLStatus KLCreateLoginOptions (KLLoginOptions *outOptions); 416 417KLStatus KLLoginOptionsSetTicketLifetime (KLLoginOptions ioOptions, 418 KLLifetime inTicketLifetime); 419 420KLStatus KLLoginOptionsSetForwardable (KLLoginOptions ioOptions, 421 KLBoolean inForwardable); 422 423KLStatus KLLoginOptionsSetProxiable (KLLoginOptions ioOptions, 424 KLBoolean inProxiable); 425 426KLStatus KLLoginOptionsSetRenewableLifetime (KLLoginOptions ioOptions, 427 KLLifetime inRenewableLifetime); 428 429KLStatus KLLoginOptionsSetAddressless (KLLoginOptions ioOptions, 430 KLBoolean inAddressless); 431 432KLStatus KLLoginOptionsSetTicketStartTime (KLLoginOptions ioOptions, 433 KLTime inStartTime); 434 435KLStatus KLLoginOptionsSetServiceName (KLLoginOptions ioOptions, 436 const char *inServiceName); 437 438KLStatus KLDisposeLoginOptions(KLLoginOptions ioOptions); 439 440 441/* Misc function */ 442 443KLStatus KLDisposeString (char *inStringToDispose); 444 445#if TARGET_OS_MAC 446# pragma pack(pop) 447#endif 448 449#ifdef __cplusplus 450} 451#endif 452 453#endif /* __KERBEROSLOGIN__ */ 454