1/* 2* Copyright 2008 Massachusetts Institute of Technology. 3* All Rights Reserved. 4* 5* Export of this software from the United States of America may 6* require a specific license from the United States Government. 7* It is the responsibility of any person or organization contemplating 8* export to obtain such a license before exporting. 9* 10* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 11* distribute this software and its documentation for any purpose and 12* without fee is hereby granted, provided that the above copyright 13* notice appear in all copies and that both that copyright notice and 14* this permission notice appear in supporting documentation, and that 15* the name of M.I.T. not be used in advertising or publicity pertaining 16* to distribution of the software without specific, written prior 17* permission. Furthermore if you modify this software you must label 18* your software as modified software and not distribute it in such a 19* fashion that it might be confused with the original M.I.T. software. 20* M.I.T. makes no representations about the suitability of 21* this software for any purpose. It is provided "as is" without express 22* or implied warranty. 23*/ 24 25#ifndef __KERBEROSLOGIN__ 26#define __KERBEROSLOGIN__ 27 28#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) 29# include <TargetConditionals.h> 30# if TARGET_RT_MAC_CFM 31# error "Use KfM 4.0 SDK headers for CFM compilation." 32# endif 33#endif 34 35#ifndef __has_extension 36#define __has_extension(x) 0 37#endif 38 39#ifndef KERBEROS_APPLE_DEPRECATED 40#if __has_extension(attribute_deprecated_with_message) 41#define KERBEROS_APPLE_DEPRECATED(x) __attribute__((deprecated(x))) 42#elif __has_extension(deprecated) 43#define KERBEROS_APPLE_DEPRECATED(x) __attribute__((deprecated)) 44#else 45#define KERBEROS_APPLE_DEPRECATED(x) 46#endif 47#endif 48 49 50 51#include <sys/types.h> 52#include <Kerberos/krb5.h> 53 54#ifdef __cplusplus 55extern "C" { 56#endif 57 58#if TARGET_OS_MAC 59# pragma pack(push,2) 60#endif 61 62/* 63 * Kerberos version constants 64 */ 65enum { 66 kerberosVersion_Any = 0, 67 kerberosVersion_V4 = 1, 68 kerberosVersion_V5 = 2, 69 kerberosVersion_All = 0xFFFFFFFF 70}; 71typedef int32_t KLEKerberosVersion; 72 73/* 74 * Dialog identifier constants 75 */ 76enum { 77 loginLibrary_LoginDialog, 78 loginLibrary_OptionsDialog, 79 loginLibrary_ChangePasswordDialog, 80 loginLibrary_ProgressDialog, 81 loginLibrary_PrompterDialog, 82 loginLibrary_UnknownDialog = -1 83}; 84typedef int32_t KLEDialogIdentifiers; 85 86 87/* 88 * Option identifier constants 89 */ 90enum { 91 /* Initial values and ranges */ 92 loginOption_LoginName = 'name', 93 loginOption_LoginInstance = 'inst', 94 95 loginOption_RememberPrincipal = 'prin', 96 loginOption_RememberExtras = 'extr', 97 98 loginOption_MinimalTicketLifetime = '-lif', 99 loginOption_MaximalTicketLifetime = '+lif', 100 loginOption_DefaultTicketLifetime = '0lif', 101 102 loginOption_DefaultRenewableTicket = '0rtx', 103 loginOption_MinimalRenewableLifetime = '-rlf', 104 loginOption_MaximalRenewableLifetime = '+rlf', 105 loginOption_DefaultRenewableLifetime = '0rlf', 106 107 loginOption_DefaultForwardableTicket = '0fwd', 108 loginOption_DefaultProxiableTicket = '0prx', 109 loginOption_DefaultAddresslessTicket = '0adr' 110}; 111typedef int32_t KLEDefaultLoginOptions; 112 113 114/* 115 * Realm list constants 116 */ 117enum { 118 realmList_Start = 0, 119 realmList_End = 0xFFFF 120}; 121typedef int32_t KLERealmListIndexes; 122 123#define klFirstError 19276 124#define klLastError 19876 125 126/* 127 * Error codes 128 */ 129enum { 130 klNoErr = 0, 131 132 /* Parameter errors */ 133 klParameterErr = 19276, 134 klBadPrincipalErr, 135 klBadPasswordErr, 136 klBadLoginOptionsErr, 137 klInvalidVersionErr, 138 klCapsLockErr, 139 klBadV5ContextErr, 140 141 /* Get/SetKerberosOption errors */ 142 klBufferTooSmallErr = 19376, 143 klBufferTooLargeErr, 144 klInvalidOptionErr, 145 klBadOptionValueErr, 146 147 /* Runtime Login errors */ 148 klUserCanceledErr = 19476, 149 klMemFullErr, 150 klPreferencesReadErr, 151 klPreferencesWriteErr, 152 klV5InitializationFailedErr, 153 klPrincipalDoesNotExistErr, 154 klSystemDefaultDoesNotExistErr, 155 klCredentialsExpiredErr, 156 klNoRealmsErr, 157 klRealmDoesNotExistErr, 158 klNoCredentialsErr, 159 klCredentialsBadAddressErr, 160 klCacheDoesNotExistErr, 161 klNoHostnameErr, 162 klCredentialsNeedValidationErr, 163 164 /* Password changing errors */ 165 klPasswordMismatchErr = 19576, 166 klInsecurePasswordErr, 167 klPasswordChangeFailedErr, 168 169 /* Login IPC errors */ 170 klCantContactServerErr = 19776, 171 klCantDisplayUIErr, 172 klServerInsecureErr 173 174}; 175typedef int32_t KLEStatus; 176 177/* 178 * Types 179 */ 180 181typedef int32_t KLStatus; /* one of KLEStatus */ 182typedef u_int32_t KLKerberosVersion; /* one of KLEKerberosVersion */ 183typedef u_int32_t KLDefaultLoginOption; /* one of KLEDefaultLoginOptions */ 184typedef u_int32_t KLLoginMode; /* one of KLELoginMode */ 185typedef u_int32_t KLDialogIdentifier; /* one of KLEDialogIdentifiers */ 186typedef u_int32_t KLIndex; /* index (used for the realm list) */ 187typedef u_int32_t KLLifetime; /* Lifetime in seconds */ 188typedef u_int32_t KLTime; /* Unix time (seconds since 1/1/1970 00:00:00 GMT) */ 189typedef u_int32_t KLSize; /* size of a buffer */ 190typedef u_int32_t KLRefCon; /* application ref con */ 191typedef int8_t KLBoolean; /* true or false! (unsigned 8 byte value to match Boolean) */ 192typedef int16_t KLSInt16; /* used for Darwin-compat for KLApplicationOptions */ 193 194/* Callback API for Kerberos Login Mach IPC idle filter */ 195typedef void (*KLIdleCallback) (KLRefCon appData); 196#define CallKLIdleCallback(userRoutine, appData) ((userRoutine) (appData)) 197 198/* Principal information */ 199typedef struct kim_identity_opaque *KLPrincipal; 200 201/* Login Options */ 202typedef struct kim_options_opaque *KLLoginOptions; 203 204/* 205 * 206 * Functions 207 * 208 */ 209 210/* Deprecated functions -- provided for compatibility with KfM 4.0 */ 211 212KLStatus KLAcquireTickets (KLPrincipal inPrincipal, 213 KLPrincipal *outPrincipal, 214 char **outCredCacheName) 215 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 216 217KLStatus KLAcquireNewTickets (KLPrincipal inPrincipal, 218 KLPrincipal *outPrincipal, 219 char **outCredCacheName) 220 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 221 222KLStatus KLAcquireTicketsWithPassword (KLPrincipal inPrincipal, 223 KLLoginOptions inLoginOptions, 224 const char *inPassword, 225 char **outCredCacheName) 226 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 227 228KLStatus KLAcquireNewTicketsWithPassword (KLPrincipal inPrincipal, 229 KLLoginOptions inLoginOptions, 230 const char *inPassword, 231 char **outCredCacheName) 232 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 233 234KLStatus KLSetApplicationOptions (const void *inAppOptions) 235 KERBEROS_APPLE_DEPRECATED("no replacement"); 236 237KLStatus KLGetApplicationOptions (void *outAppOptions) 238 KERBEROS_APPLE_DEPRECATED("no replacement"); 239 240 241/* Kerberos Login high-level API */ 242KLStatus KLAcquireInitialTickets (KLPrincipal inPrincipal, 243 KLLoginOptions inLoginOptions, 244 KLPrincipal *outPrincipal, 245 char **outCredCacheName) 246 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 247 248KLStatus KLAcquireNewInitialTickets (KLPrincipal inPrincipal, 249 KLLoginOptions inLoginOptions, 250 KLPrincipal *outPrincipal, 251 char **outCredCacheName) 252 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 253 254 255KLStatus KLDestroyTickets (KLPrincipal inPrincipal) 256 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_destroy_cred)"); 257 258 259KLStatus KLChangePassword (KLPrincipal inPrincipal) 260 KERBEROS_APPLE_DEPRECATED("no replacement"); 261 262 263 264/* Kerberos Login dialog low level functions */ 265 266KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal inPrincipal, 267 KLLoginOptions inLoginOptions, 268 const char *inPassword, 269 char **outCredCacheName) 270 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 271 272 273KLStatus KLAcquireNewInitialTicketsWithPassword (KLPrincipal inPrincipal, 274 KLLoginOptions inLoginOptions, 275 const char *inPassword, 276 char **outCredCacheName) 277 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 278 279 280KLStatus KLAcquireNewInitialTicketCredentialsWithPassword (KLPrincipal inPrincipal, 281 KLLoginOptions inLoginOptions, 282 const char *inPassword, 283 krb5_context inV5Context, 284 KLBoolean *outGotV4Credentials, 285 KLBoolean *outGotV5Credentials, 286 void *outV4Credentials, 287 krb5_creds *outV5Credentials) 288 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 289 290 291KLStatus KLStoreNewInitialTicketCredentials (KLPrincipal inPrincipal, 292 krb5_context inV5Context, 293 void *inV4Credentials, 294 krb5_creds *inV5Credentials, 295 char **outCredCacheName) 296 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 297 298 299KLStatus KLVerifyInitialTickets (KLPrincipal inPrincipal, 300 KLBoolean inFailIfNoHostKey, 301 char **outCredCacheName) 302 KERBEROS_APPLE_DEPRECATED("no replacement"); 303 304 305KLStatus KLVerifyInitialTicketCredentials (void *inV4Credentials, 306 krb5_creds *inV5Credentials, 307 KLBoolean inFailIfNoHostKey) 308 KERBEROS_APPLE_DEPRECATED("no replacement"); 309 310KLStatus KLAcquireNewInitialTicketsWithKeytab (KLPrincipal inPrincipal, 311 KLLoginOptions inLoginOptions, 312 const char *inKeytabName, 313 char **outCredCacheName) 314 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_acquire_cred)"); 315 316KLStatus KLRenewInitialTickets (KLPrincipal inPrincipal, 317 KLLoginOptions inLoginOptions, 318 KLPrincipal *outPrincipal, 319 char **outCredCacheName) 320 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 321 322KLStatus KLValidateInitialTickets (KLPrincipal inPrincipal, 323 KLLoginOptions inLoginOptions, 324 char **outCredCacheName) 325 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_aapl_initial_cred)"); 326 327 328KLStatus KLLastChangedTime (KLTime *outLastChangedTime) 329 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_inquire_cred)"); 330 331 332KLStatus KLCacheHasValidTickets (KLPrincipal inPrincipal, 333 KLKerberosVersion inKerberosVersion, 334 KLBoolean *outFoundValidTickets, 335 KLPrincipal *outPrincipal, 336 char **outCredCacheName) 337 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_inquire_cred)"); 338 339KLStatus KLTicketStartTime (KLPrincipal inPrincipal, 340 KLKerberosVersion inKerberosVersion, 341 KLTime *outStartTime) 342 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_inquire_cred)"); 343 344 345KLStatus KLTicketExpirationTime (KLPrincipal inPrincipal, 346 KLKerberosVersion inKerberosVersion, 347 KLTime *outExpirationTime) 348 KERBEROS_APPLE_DEPRECATED("use gssapi instead (gss_inquire_cred)"); 349 350 351KLStatus KLSetSystemDefaultCache (KLPrincipal inPrincipal) 352 KERBEROS_APPLE_DEPRECATED("use gssapi instead"); 353 354 355KLStatus KLHandleError (KLStatus inError, 356 KLDialogIdentifier inDialogIdentifier, 357 KLBoolean inShowAlert) 358 KERBEROS_APPLE_DEPRECATED("no replacement"); 359 360KLStatus KLGetErrorString (KLStatus inError, 361 char **outErrorString) 362 KERBEROS_APPLE_DEPRECATED("no replacement"); 363 364KLStatus KLCancelAllDialogs (void) 365 KERBEROS_APPLE_DEPRECATED("no replacement"); 366 367/* Kerberos change password dialog low level functions */ 368 369KLStatus KLChangePasswordWithPasswords (KLPrincipal inPrincipal, 370 const char *inOldPassword, 371 const char *inNewPassword, 372 KLBoolean *outRejected, 373 char **outRejectionError, 374 char **outRejectionDescription) 375 KERBEROS_APPLE_DEPRECATED("no replacement"); 376 377 378/* Application Configuration functions */ 379 380KLStatus KLSetIdleCallback (const KLIdleCallback inCallback, 381 const KLRefCon inRefCon) 382 KERBEROS_APPLE_DEPRECATED("no replacement"); 383 384 385KLStatus KLGetIdleCallback (KLIdleCallback* inCallback, 386 KLRefCon* inRefCon) 387 KERBEROS_APPLE_DEPRECATED("no replacement"); 388 389 390/* Library configuration functions */ 391 392KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption inOption, 393 void *ioBuffer, 394 KLSize *ioBufferSize) 395 KERBEROS_APPLE_DEPRECATED("no replacement"); 396 397 398KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption inOption, 399 const void *inBuffer, 400 const KLSize inBufferSize) 401 KERBEROS_APPLE_DEPRECATED("no replacement"); 402 403 404/* Realm configuration functions */ 405 406KLStatus KLFindKerberosRealmByName (const char *inRealmName, 407 KLIndex *outIndex) 408 KERBEROS_APPLE_DEPRECATED("no replacement"); 409 410 411KLStatus KLGetKerberosRealm (KLIndex inIndex, 412 char **outRealmName) 413 KERBEROS_APPLE_DEPRECATED("no replacement"); 414 415 416KLStatus KLSetKerberosRealm (KLIndex inIndex, 417 const char *inRealmName) 418 KERBEROS_APPLE_DEPRECATED("no replacement"); 419 420 421KLStatus KLRemoveKerberosRealm (KLIndex inIndex) 422 KERBEROS_APPLE_DEPRECATED("no replacement"); 423 424KLStatus KLInsertKerberosRealm (KLIndex inInsertBeforeIndex, 425 const char *inRealmName) 426 KERBEROS_APPLE_DEPRECATED("no replacement"); 427 428KLStatus KLRemoveAllKerberosRealms (void) 429 KERBEROS_APPLE_DEPRECATED("no replacement"); 430 431KLSize KLCountKerberosRealms (void) 432 KERBEROS_APPLE_DEPRECATED("no replacement"); 433 434KLStatus KLGetKerberosDefaultRealm(KLIndex *outIndex) 435 KERBEROS_APPLE_DEPRECATED("no replacement"); 436 437KLStatus KLGetKerberosDefaultRealmByName (char **outRealmName) 438 KERBEROS_APPLE_DEPRECATED("no replacement"); 439 440KLStatus KLSetKerberosDefaultRealm (KLIndex inIndex) 441 KERBEROS_APPLE_DEPRECATED("no replacement"); 442 443KLStatus KLSetKerberosDefaultRealmByName (const char *inRealm) 444 KERBEROS_APPLE_DEPRECATED("no replacement"); 445 446 447/* KLPrincipal functions */ 448 449KLStatus KLCreatePrincipalFromTriplet (const char *inName, 450 const char *inInstance, 451 const char *inRealm, 452 KLPrincipal *outPrincipal) 453 KERBEROS_APPLE_DEPRECATED("gss_import_name"); 454 455 456KLStatus KLCreatePrincipalFromString (const char *inFullPrincipal, 457 KLKerberosVersion inKerberosVersion, 458 KLPrincipal *outPrincipal) 459 KERBEROS_APPLE_DEPRECATED("gss_import_name"); 460 461 462KLStatus KLCreatePrincipalFromKerberos5Principal (krb5_principal inKerberos5Principal, 463 KLPrincipal *outPrincipal) 464 KERBEROS_APPLE_DEPRECATED("gss_import_name"); 465 466 467KLStatus KLCreatePrincipalFromPrincipal (KLPrincipal inPrincipal, 468 KLPrincipal *outPrincipal) 469 KERBEROS_APPLE_DEPRECATED("gss_import_name"); 470 471 472KLStatus KLGetTripletFromPrincipal (KLPrincipal inPrincipal, 473 char **outName, 474 char **outInstance, 475 char **outRealm) 476 KERBEROS_APPLE_DEPRECATED("gss_display_name"); 477 478KLStatus KLGetStringFromPrincipal (KLPrincipal inPrincipal, 479 KLKerberosVersion inKerberosVersion, 480 char **outFullPrincipal) 481 KERBEROS_APPLE_DEPRECATED("gss_display_name"); 482 483KLStatus KLGetDisplayStringFromPrincipal (KLPrincipal inPrincipal, 484 KLKerberosVersion inKerberosVersion, 485 char **outFullPrincipal) 486 KERBEROS_APPLE_DEPRECATED("gss_display_name"); 487 488KLStatus KLComparePrincipal (KLPrincipal inFirstPrincipal, 489 KLPrincipal inSecondPrincipal, 490 KLBoolean *outAreEquivalent) 491 KERBEROS_APPLE_DEPRECATED("gss_compare_name"); 492 493KLStatus KLDisposePrincipal (KLPrincipal inPrincipal) 494 KERBEROS_APPLE_DEPRECATED("gss_release_name"); 495 496/* KLLoginOptions functions */ 497 498KLStatus KLCreateLoginOptions (KLLoginOptions *outOptions) 499 KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred"); 500 501KLStatus KLLoginOptionsSetTicketLifetime (KLLoginOptions ioOptions, 502 KLLifetime inTicketLifetime) 503 KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred"); 504 505KLStatus KLLoginOptionsSetForwardable (KLLoginOptions ioOptions, 506 KLBoolean inForwardable) 507 KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred"); 508 509KLStatus KLLoginOptionsSetProxiable (KLLoginOptions ioOptions, 510 KLBoolean inProxiable) 511 KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred"); 512 513KLStatus KLLoginOptionsSetRenewableLifetime (KLLoginOptions ioOptions, 514 KLLifetime inRenewableLifetime) 515 KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred"); 516 517KLStatus KLLoginOptionsSetAddressless (KLLoginOptions ioOptions, 518 KLBoolean inAddressless) 519 KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred"); 520 521KLStatus KLLoginOptionsSetTicketStartTime (KLLoginOptions ioOptions, 522 KLTime inStartTime) 523 KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred"); 524 525KLStatus KLLoginOptionsSetServiceName (KLLoginOptions ioOptions, 526 const char *inServiceName) 527 KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred"); 528 529KLStatus KLDisposeLoginOptions(KLLoginOptions ioOptions) 530 KERBEROS_APPLE_DEPRECATED("gss_aapl_initial_cred"); 531 532 533/* Misc function */ 534 535KLStatus KLDisposeString (char *inStringToDispose) 536 KERBEROS_APPLE_DEPRECATED("no replacement"); 537 538#if TARGET_OS_MAC 539# pragma pack(pop) 540#endif 541 542#ifdef __cplusplus 543} 544#endif 545 546#endif /* __KERBEROSLOGIN__ */ 547