1/*
2* Copyright 2008 Massachusetts Institute of Technology.
3* All Rights Reserved.
4*
5* Export of this software from the United States of America may
6* require a specific license from the United States Government.
7* It is the responsibility of any person or organization contemplating
8* export to obtain such a license before exporting.
9*
10* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
11* distribute this software and its documentation for any purpose and
12* without fee is hereby granted, provided that the above copyright
13* notice appear in all copies and that both that copyright notice and
14* this permission notice appear in supporting documentation, and that
15* the name of M.I.T. not be used in advertising or publicity pertaining
16* to distribution of the software without specific, written prior
17* permission.  Furthermore if you modify this software you must label
18* your software as modified software and not distribute it in such a
19* fashion that it might be confused with the original M.I.T. software.
20* M.I.T. makes no representations about the suitability of
21* this software for any purpose.  It is provided "as is" without express
22* or implied warranty.
23*/
24
25#ifndef __KERBEROSLOGIN__
26#define __KERBEROSLOGIN__
27
28#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
29#    include <TargetConditionals.h>
30#    if TARGET_RT_MAC_CFM
31#        error "Use KfM 4.0 SDK headers for CFM compilation."
32#    endif
33#endif
34
35#ifndef __has_extension
36#define __has_extension(x) 0
37#endif
38
39#ifndef KERBEROS_APPLE_DEPRECATED
40#if __has_extension(attribute_deprecated_with_message)
41#define KERBEROS_APPLE_DEPRECATED(x) __attribute__((deprecated(x)))
42#elif __has_extension(deprecated)
43#define KERBEROS_APPLE_DEPRECATED(x) __attribute__((deprecated))
44#else
45#define KERBEROS_APPLE_DEPRECATED(x)
46#endif
47#endif
48
49
50
51#include <sys/types.h>
52#include <Kerberos/krb5.h>
53
54#ifdef __cplusplus
55extern "C" {
56#endif
57
58#if TARGET_OS_MAC
59#    pragma pack(push,2)
60#endif
61
62/*
63 * Kerberos version constants
64 */
65enum {
66    kerberosVersion_Any		= 0,
67    kerberosVersion_V4		= 1,
68    kerberosVersion_V5		= 2,
69    kerberosVersion_All		= 0xFFFFFFFF
70};
71typedef int32_t KLEKerberosVersion;
72
73/*
74 * Dialog identifier constants
75 */
76enum {
77    loginLibrary_LoginDialog,
78    loginLibrary_OptionsDialog,
79    loginLibrary_ChangePasswordDialog,
80    loginLibrary_ProgressDialog,
81    loginLibrary_PrompterDialog,
82    loginLibrary_UnknownDialog = -1
83};
84typedef int32_t KLEDialogIdentifiers;
85
86
87/*
88 * Option identifier constants
89 */
90enum {
91    /* Initial values and ranges */
92    loginOption_LoginName                  = 'name',
93    loginOption_LoginInstance              = 'inst',
94
95    loginOption_RememberPrincipal          = 'prin',
96    loginOption_RememberExtras             = 'extr',
97
98    loginOption_MinimalTicketLifetime      = '-lif',
99    loginOption_MaximalTicketLifetime      = '+lif',
100    loginOption_DefaultTicketLifetime      = '0lif',
101
102    loginOption_DefaultRenewableTicket     = '0rtx',
103    loginOption_MinimalRenewableLifetime   = '-rlf',
104    loginOption_MaximalRenewableLifetime   = '+rlf',
105    loginOption_DefaultRenewableLifetime   = '0rlf',
106
107    loginOption_DefaultForwardableTicket   = '0fwd',
108    loginOption_DefaultProxiableTicket     = '0prx',
109    loginOption_DefaultAddresslessTicket   = '0adr'
110};
111typedef int32_t KLEDefaultLoginOptions;
112
113
114/*
115 * Realm list constants
116 */
117enum {
118    realmList_Start  = 0,
119    realmList_End    = 0xFFFF
120};
121typedef int32_t KLERealmListIndexes;
122
123#define klFirstError 19276
124#define klLastError  19876
125
126/*
127 * Error codes
128 */
129enum {
130    klNoErr                             = 0,
131
132    /* Parameter errors */
133    klParameterErr                      = 19276,
134    klBadPrincipalErr,
135    klBadPasswordErr,
136    klBadLoginOptionsErr,
137    klInvalidVersionErr,
138    klCapsLockErr,
139    klBadV5ContextErr,
140
141    /* Get/SetKerberosOption errors */
142    klBufferTooSmallErr                 = 19376,
143    klBufferTooLargeErr,
144    klInvalidOptionErr,
145    klBadOptionValueErr,
146
147    /* Runtime Login errors */
148    klUserCanceledErr                   = 19476,
149    klMemFullErr,
150    klPreferencesReadErr,
151    klPreferencesWriteErr,
152    klV5InitializationFailedErr,
153    klPrincipalDoesNotExistErr,
154    klSystemDefaultDoesNotExistErr,
155    klCredentialsExpiredErr,
156    klNoRealmsErr,
157    klRealmDoesNotExistErr,
158    klNoCredentialsErr,
159    klCredentialsBadAddressErr,
160    klCacheDoesNotExistErr,
161    klNoHostnameErr,
162    klCredentialsNeedValidationErr,
163
164    /* Password changing errors */
165    klPasswordMismatchErr               = 19576,
166    klInsecurePasswordErr,
167    klPasswordChangeFailedErr,
168
169    /* Login IPC errors */
170    klCantContactServerErr              = 19776,
171    klCantDisplayUIErr,
172    klServerInsecureErr
173
174};
175typedef int32_t KLEStatus;
176
177/*
178 * Types
179 */
180
181typedef	int32_t   KLStatus;               /* one of KLEStatus */
182typedef	u_int32_t KLKerberosVersion;      /* one of KLEKerberosVersion */
183typedef	u_int32_t KLDefaultLoginOption;   /* one of KLEDefaultLoginOptions */
184typedef	u_int32_t KLLoginMode;            /* one of KLELoginMode */
185typedef	u_int32_t KLDialogIdentifier;     /* one of KLEDialogIdentifiers */
186typedef	u_int32_t KLIndex;                /* index (used for the realm list) */
187typedef	u_int32_t KLLifetime;             /* Lifetime in seconds */
188typedef	u_int32_t KLTime;                 /* Unix time (seconds since 1/1/1970 00:00:00 GMT) */
189typedef	u_int32_t KLSize;                 /* size of a buffer */
190typedef	u_int32_t KLRefCon;               /* application ref con */
191typedef int8_t    KLBoolean;              /* true or false! (unsigned 8 byte value to match Boolean) */
192typedef	int16_t   KLSInt16;               /* used for Darwin-compat for KLApplicationOptions */
193
194/* Callback API for Kerberos Login Mach IPC idle filter */
195typedef void (*KLIdleCallback) (KLRefCon appData);
196#define CallKLIdleCallback(userRoutine, appData) ((userRoutine) (appData))
197
198/* Principal information */
199typedef struct kim_identity_opaque *KLPrincipal;
200
201/* Login Options */
202typedef struct kim_options_opaque *KLLoginOptions;
203
204/*
205 *
206 * Functions
207 *
208 */
209
210/* Deprecated functions -- provided for compatibility with KfM 4.0 */
211
212KLStatus KLAcquireTickets (KLPrincipal   inPrincipal,
213                           KLPrincipal  *outPrincipal,
214                           char        **outCredCacheName)
215    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
216
217KLStatus KLAcquireNewTickets (KLPrincipal  inPrincipal,
218                              KLPrincipal  *outPrincipal,
219                              char        **outCredCacheName)
220    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
221
222KLStatus KLAcquireTicketsWithPassword (KLPrincipal      inPrincipal,
223                                       KLLoginOptions   inLoginOptions,
224                                       const char      *inPassword,
225                                       char           **outCredCacheName)
226    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
227
228KLStatus KLAcquireNewTicketsWithPassword (KLPrincipal      inPrincipal,
229                                          KLLoginOptions   inLoginOptions,
230                                          const char      *inPassword,
231                                          char           **outCredCacheName)
232    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
233
234KLStatus KLSetApplicationOptions (const void *inAppOptions)
235    KERBEROS_APPLE_DEPRECATED("no replacement");
236
237KLStatus KLGetApplicationOptions (void *outAppOptions)
238    KERBEROS_APPLE_DEPRECATED("no replacement");
239
240
241/* Kerberos Login high-level API */
242KLStatus KLAcquireInitialTickets (KLPrincipal      inPrincipal,
243                                  KLLoginOptions   inLoginOptions,
244                                  KLPrincipal     *outPrincipal,
245                                  char           **outCredCacheName)
246    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
247
248KLStatus KLAcquireNewInitialTickets (KLPrincipal      inPrincipal,
249                                     KLLoginOptions   inLoginOptions,
250                                     KLPrincipal     *outPrincipal,
251                                     char           **outCredCacheName)
252    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
253
254
255KLStatus KLDestroyTickets (KLPrincipal inPrincipal)
256    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_destroy_cred)");
257
258
259KLStatus KLChangePassword (KLPrincipal inPrincipal)
260    KERBEROS_APPLE_DEPRECATED("no replacement");
261
262
263
264/* Kerberos Login dialog low level functions */
265
266KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal      inPrincipal,
267                                              KLLoginOptions   inLoginOptions,
268                                              const char      *inPassword,
269                                              char           **outCredCacheName)
270    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
271
272
273KLStatus KLAcquireNewInitialTicketsWithPassword (KLPrincipal      inPrincipal,
274                                                 KLLoginOptions   inLoginOptions,
275                                                 const char      *inPassword,
276                                                 char           **outCredCacheName)
277    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
278
279
280KLStatus KLAcquireNewInitialTicketCredentialsWithPassword (KLPrincipal      inPrincipal,
281                                                           KLLoginOptions   inLoginOptions,
282                                                           const char      *inPassword,
283                                                           krb5_context     inV5Context,
284                                                           KLBoolean       *outGotV4Credentials,
285                                                           KLBoolean       *outGotV5Credentials,
286                                                           void            *outV4Credentials,
287                                                           krb5_creds      *outV5Credentials)
288    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
289
290
291KLStatus KLStoreNewInitialTicketCredentials (KLPrincipal     inPrincipal,
292                                             krb5_context    inV5Context,
293                                             void           *inV4Credentials,
294                                             krb5_creds     *inV5Credentials,
295                                             char          **outCredCacheName)
296    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
297
298
299KLStatus KLVerifyInitialTickets (KLPrincipal   inPrincipal,
300                                 KLBoolean     inFailIfNoHostKey,
301                                 char        **outCredCacheName)
302    KERBEROS_APPLE_DEPRECATED("no replacement");
303
304
305KLStatus KLVerifyInitialTicketCredentials (void        *inV4Credentials,
306                                           krb5_creds  *inV5Credentials,
307                                           KLBoolean    inFailIfNoHostKey)
308    KERBEROS_APPLE_DEPRECATED("no replacement");
309
310KLStatus KLAcquireNewInitialTicketsWithKeytab (KLPrincipal      inPrincipal,
311                                               KLLoginOptions   inLoginOptions,
312                                               const char      *inKeytabName,
313                                               char           **outCredCacheName)
314    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_acquire_cred)");
315
316KLStatus KLRenewInitialTickets (KLPrincipal      inPrincipal,
317                                KLLoginOptions   inLoginOptions,
318                                KLPrincipal     *outPrincipal,
319                                char           **outCredCacheName)
320    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
321
322KLStatus KLValidateInitialTickets (KLPrincipal      inPrincipal,
323                                   KLLoginOptions   inLoginOptions,
324                                   char           **outCredCacheName)
325    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)");
326
327
328KLStatus KLLastChangedTime (KLTime *outLastChangedTime)
329    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_inquire_cred)");
330
331
332KLStatus KLCacheHasValidTickets (KLPrincipal         inPrincipal,
333                                 KLKerberosVersion   inKerberosVersion,
334                                 KLBoolean          *outFoundValidTickets,
335                                 KLPrincipal        *outPrincipal,
336                                 char              **outCredCacheName)
337    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_inquire_cred)");
338
339KLStatus KLTicketStartTime (KLPrincipal        inPrincipal,
340                            KLKerberosVersion  inKerberosVersion,
341                            KLTime            *outStartTime)
342    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_inquire_cred)");
343
344
345KLStatus KLTicketExpirationTime (KLPrincipal        inPrincipal,
346                                 KLKerberosVersion  inKerberosVersion,
347                                 KLTime            *outExpirationTime)
348    KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_inquire_cred)");
349
350
351KLStatus KLSetSystemDefaultCache (KLPrincipal inPrincipal)
352    KERBEROS_APPLE_DEPRECATED("use gssapi instead");
353
354
355KLStatus KLHandleError (KLStatus           inError,
356                        KLDialogIdentifier inDialogIdentifier,
357                        KLBoolean          inShowAlert)
358    KERBEROS_APPLE_DEPRECATED("no replacement");
359
360KLStatus KLGetErrorString (KLStatus   inError,
361                           char     **outErrorString)
362    KERBEROS_APPLE_DEPRECATED("no replacement");
363
364KLStatus KLCancelAllDialogs (void)
365    KERBEROS_APPLE_DEPRECATED("no replacement");
366
367/* Kerberos change password dialog low level functions */
368
369KLStatus KLChangePasswordWithPasswords (KLPrincipal   inPrincipal,
370                                        const char   *inOldPassword,
371                                        const char   *inNewPassword,
372                                        KLBoolean    *outRejected,
373                                        char        **outRejectionError,
374                                        char        **outRejectionDescription)
375    KERBEROS_APPLE_DEPRECATED("no replacement");
376
377
378/* Application Configuration functions */
379
380KLStatus KLSetIdleCallback (const KLIdleCallback inCallback,
381                            const KLRefCon inRefCon)
382    KERBEROS_APPLE_DEPRECATED("no replacement");
383
384
385KLStatus KLGetIdleCallback (KLIdleCallback* inCallback,
386                            KLRefCon* inRefCon)
387    KERBEROS_APPLE_DEPRECATED("no replacement");
388
389
390/* Library configuration functions */
391
392KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption  inOption,
393                                  void                       *ioBuffer,
394                                  KLSize                     *ioBufferSize)
395    KERBEROS_APPLE_DEPRECATED("no replacement");
396
397
398KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption  inOption,
399                                  const void                 *inBuffer,
400                                  const KLSize                inBufferSize)
401    KERBEROS_APPLE_DEPRECATED("no replacement");
402
403
404/* Realm configuration functions */
405
406KLStatus KLFindKerberosRealmByName (const char *inRealmName,
407                                    KLIndex    *outIndex)
408    KERBEROS_APPLE_DEPRECATED("no replacement");
409
410
411KLStatus KLGetKerberosRealm (KLIndex   inIndex,
412                             char    **outRealmName)
413    KERBEROS_APPLE_DEPRECATED("no replacement");
414
415
416KLStatus KLSetKerberosRealm (KLIndex     inIndex,
417                             const char *inRealmName)
418    KERBEROS_APPLE_DEPRECATED("no replacement");
419
420
421KLStatus KLRemoveKerberosRealm (KLIndex inIndex)
422    KERBEROS_APPLE_DEPRECATED("no replacement");
423
424KLStatus KLInsertKerberosRealm (KLIndex     inInsertBeforeIndex,
425                                const char *inRealmName)
426    KERBEROS_APPLE_DEPRECATED("no replacement");
427
428KLStatus KLRemoveAllKerberosRealms (void)
429    KERBEROS_APPLE_DEPRECATED("no replacement");
430
431KLSize KLCountKerberosRealms (void)
432    KERBEROS_APPLE_DEPRECATED("no replacement");
433
434KLStatus KLGetKerberosDefaultRealm(KLIndex *outIndex)
435    KERBEROS_APPLE_DEPRECATED("no replacement");
436
437KLStatus KLGetKerberosDefaultRealmByName (char **outRealmName)
438    KERBEROS_APPLE_DEPRECATED("no replacement");
439
440KLStatus KLSetKerberosDefaultRealm (KLIndex inIndex)
441    KERBEROS_APPLE_DEPRECATED("no replacement");
442
443KLStatus KLSetKerberosDefaultRealmByName (const char *inRealm)
444    KERBEROS_APPLE_DEPRECATED("no replacement");
445
446
447/* KLPrincipal functions */
448
449KLStatus KLCreatePrincipalFromTriplet (const char  *inName,
450                                       const char  *inInstance,
451                                       const char  *inRealm,
452                                       KLPrincipal *outPrincipal)
453    KERBEROS_APPLE_DEPRECATED("gss_import_name");
454
455
456KLStatus KLCreatePrincipalFromString (const char        *inFullPrincipal,
457                                      KLKerberosVersion  inKerberosVersion,
458                                      KLPrincipal       *outPrincipal)
459    KERBEROS_APPLE_DEPRECATED("gss_import_name");
460
461
462KLStatus KLCreatePrincipalFromKerberos5Principal (krb5_principal  inKerberos5Principal,
463                                                  KLPrincipal    *outPrincipal)
464    KERBEROS_APPLE_DEPRECATED("gss_import_name");
465
466
467KLStatus KLCreatePrincipalFromPrincipal (KLPrincipal inPrincipal,
468                                         KLPrincipal *outPrincipal)
469    KERBEROS_APPLE_DEPRECATED("gss_import_name");
470
471
472KLStatus KLGetTripletFromPrincipal (KLPrincipal   inPrincipal,
473                                    char        **outName,
474                                    char        **outInstance,
475                                    char        **outRealm)
476    KERBEROS_APPLE_DEPRECATED("gss_display_name");
477
478KLStatus KLGetStringFromPrincipal (KLPrincipal         inPrincipal,
479                                   KLKerberosVersion   inKerberosVersion,
480                                   char              **outFullPrincipal)
481    KERBEROS_APPLE_DEPRECATED("gss_display_name");
482
483KLStatus KLGetDisplayStringFromPrincipal (KLPrincipal         inPrincipal,
484                                          KLKerberosVersion   inKerberosVersion,
485                                          char              **outFullPrincipal)
486    KERBEROS_APPLE_DEPRECATED("gss_display_name");
487
488KLStatus KLComparePrincipal (KLPrincipal  inFirstPrincipal,
489                             KLPrincipal  inSecondPrincipal,
490                             KLBoolean   *outAreEquivalent)
491    KERBEROS_APPLE_DEPRECATED("gss_compare_name");
492
493KLStatus KLDisposePrincipal (KLPrincipal inPrincipal)
494    KERBEROS_APPLE_DEPRECATED("gss_release_name");
495
496/* KLLoginOptions functions */
497
498KLStatus KLCreateLoginOptions (KLLoginOptions *outOptions)
499    KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred");
500
501KLStatus KLLoginOptionsSetTicketLifetime (KLLoginOptions ioOptions,
502                                          KLLifetime     inTicketLifetime)
503    KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred");
504
505KLStatus KLLoginOptionsSetForwardable (KLLoginOptions ioOptions,
506                                       KLBoolean      inForwardable)
507    KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred");
508
509KLStatus KLLoginOptionsSetProxiable (KLLoginOptions ioOptions,
510                                     KLBoolean      inProxiable)
511    KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred");
512
513KLStatus KLLoginOptionsSetRenewableLifetime (KLLoginOptions ioOptions,
514                                             KLLifetime     inRenewableLifetime)
515    KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred");
516
517KLStatus KLLoginOptionsSetAddressless (KLLoginOptions ioOptions,
518                                       KLBoolean      inAddressless)
519    KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred");
520
521KLStatus KLLoginOptionsSetTicketStartTime (KLLoginOptions ioOptions,
522                                           KLTime         inStartTime)
523    KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred");
524
525KLStatus KLLoginOptionsSetServiceName (KLLoginOptions  ioOptions,
526                                       const char     *inServiceName)
527    KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred");
528
529KLStatus KLDisposeLoginOptions(KLLoginOptions ioOptions)
530    KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred");
531
532
533/* Misc function */
534
535KLStatus KLDisposeString (char *inStringToDispose)
536    KERBEROS_APPLE_DEPRECATED("no replacement");
537
538#if TARGET_OS_MAC
539#    pragma pack(pop)
540#endif
541
542#ifdef __cplusplus
543}
544#endif
545
546#endif /* __KERBEROSLOGIN__ */
547