1/* $NetBSD$ */ 2 3/* 4 * Copyright (c) 1997 - 2007 Kungliga Tekniska H��gskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 21 * 3. Neither the name of the Institute nor the names of its contributors 22 * may be used to endorse or promote products derived from this software 23 * without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38/* Id */ 39 40#ifndef __KRB5_H__ 41#define __KRB5_H__ 42 43#include <time.h> 44#include <krb5/krb5-types.h> 45 46#include <krb5/asn1_err.h> 47#include <krb5/krb5_err.h> 48#include <krb5/heim_err.h> 49#include <krb5/k524_err.h> 50 51#include <krb5/krb5_asn1.h> 52 53/* name confusion with MIT */ 54#ifndef KRB5KDC_ERR_KEY_EXP 55#define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED 56#endif 57 58#ifndef KRB5_DEPRECATED 59#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 ))) 60#define KRB5_DEPRECATED __attribute__((deprecated)) 61#elif defined(_MSC_VER) && (_MSC_VER>1200) 62#define KRB5_DEPRECATED __declspec(deprecated) 63#else 64#define KRB5_DEPRECATED 65#endif 66#endif 67 68#ifdef _WIN32 69#define KRB5_CALLCONV __stdcall 70#else 71#define KRB5_CALLCONV 72#endif 73 74/* simple constants */ 75 76#ifndef TRUE 77#define TRUE 1 78#define FALSE 0 79#endif 80 81typedef int krb5_boolean; 82 83typedef int32_t krb5_error_code; 84 85typedef int32_t krb5_kvno; 86 87typedef uint32_t krb5_flags; 88 89typedef void *krb5_pointer; 90typedef const void *krb5_const_pointer; 91 92struct krb5_crypto_data; 93typedef struct krb5_crypto_data *krb5_crypto; 94 95struct krb5_get_creds_opt_data; 96typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt; 97 98struct krb5_digest_data; 99typedef struct krb5_digest_data *krb5_digest; 100struct krb5_ntlm_data; 101typedef struct krb5_ntlm_data *krb5_ntlm; 102 103struct krb5_pac_data; 104typedef struct krb5_pac_data *krb5_pac; 105 106typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx; 107typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx; 108 109typedef CKSUMTYPE krb5_cksumtype; 110 111typedef Checksum krb5_checksum; 112 113typedef ENCTYPE krb5_enctype; 114 115typedef struct krb5_get_init_creds_ctx *krb5_init_creds_context; 116 117typedef heim_octet_string krb5_data; 118 119/* PKINIT related forward declarations */ 120struct ContentInfo; 121struct krb5_pk_identity; 122struct krb5_pk_cert; 123 124/* krb5_enc_data is a mit compat structure */ 125typedef struct krb5_enc_data { 126 krb5_enctype enctype; 127 krb5_kvno kvno; 128 krb5_data ciphertext; 129} krb5_enc_data; 130 131/* alternative names */ 132enum { 133 ENCTYPE_NULL = ETYPE_NULL, 134 ENCTYPE_DES_CBC_CRC = ETYPE_DES_CBC_CRC, 135 ENCTYPE_DES_CBC_MD4 = ETYPE_DES_CBC_MD4, 136 ENCTYPE_DES_CBC_MD5 = ETYPE_DES_CBC_MD5, 137 ENCTYPE_DES3_CBC_MD5 = ETYPE_DES3_CBC_MD5, 138 ENCTYPE_OLD_DES3_CBC_SHA1 = ETYPE_OLD_DES3_CBC_SHA1, 139 ENCTYPE_SIGN_DSA_GENERATE = ETYPE_SIGN_DSA_GENERATE, 140 ENCTYPE_ENCRYPT_RSA_PRIV = ETYPE_ENCRYPT_RSA_PRIV, 141 ENCTYPE_ENCRYPT_RSA_PUB = ETYPE_ENCRYPT_RSA_PUB, 142 ENCTYPE_DES3_CBC_SHA1 = ETYPE_DES3_CBC_SHA1, 143 ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96, 144 ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96, 145 ENCTYPE_ARCFOUR_HMAC = ETYPE_ARCFOUR_HMAC_MD5, 146 ENCTYPE_ARCFOUR_HMAC_MD5 = ETYPE_ARCFOUR_HMAC_MD5, 147 ENCTYPE_ARCFOUR_HMAC_MD5_56 = ETYPE_ARCFOUR_HMAC_MD5_56, 148 ENCTYPE_ENCTYPE_PK_CROSS = ETYPE_ENCTYPE_PK_CROSS, 149 ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE, 150 ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, 151 ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, 152 ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE 153}; 154 155typedef PADATA_TYPE krb5_preauthtype; 156 157typedef enum krb5_key_usage { 158 KRB5_KU_PA_ENC_TIMESTAMP = 1, 159 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the 160 client key (section 5.4.1) */ 161 KRB5_KU_TICKET = 2, 162 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or 163 application session key), encrypted with the service key 164 (section 5.4.2) */ 165 KRB5_KU_AS_REP_ENC_PART = 3, 166 /* AS-REP encrypted part (includes tgs session key or application 167 session key), encrypted with the client key (section 5.4.2) */ 168 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4, 169 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs 170 session key (section 5.4.1) */ 171 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5, 172 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs 173 authenticator subkey (section 5.4.1) */ 174 KRB5_KU_TGS_REQ_AUTH_CKSUM = 6, 175 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed 176 with the tgs session key (sections 5.3.2, 5.4.1) */ 177 KRB5_KU_TGS_REQ_AUTH = 7, 178 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs 179 authenticator subkey), encrypted with the tgs session key 180 (section 5.3.2) */ 181 KRB5_KU_TGS_REP_ENC_PART_SESSION = 8, 182 /* TGS-REP encrypted part (includes application session key), 183 encrypted with the tgs session key (section 5.4.2) */ 184 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9, 185 /* TGS-REP encrypted part (includes application session key), 186 encrypted with the tgs authenticator subkey (section 5.4.2) */ 187 KRB5_KU_AP_REQ_AUTH_CKSUM = 10, 188 /* AP-REQ Authenticator cksum, keyed with the application session 189 key (section 5.3.2) */ 190 KRB5_KU_AP_REQ_AUTH = 11, 191 /* AP-REQ Authenticator (includes application authenticator 192 subkey), encrypted with the application session key (section 193 5.3.2) */ 194 KRB5_KU_AP_REQ_ENC_PART = 12, 195 /* AP-REP encrypted part (includes application session subkey), 196 encrypted with the application session key (section 5.5.2) */ 197 KRB5_KU_KRB_PRIV = 13, 198 /* KRB-PRIV encrypted part, encrypted with a key chosen by the 199 application (section 5.7.1) */ 200 KRB5_KU_KRB_CRED = 14, 201 /* KRB-CRED encrypted part, encrypted with a key chosen by the 202 application (section 5.8.1) */ 203 KRB5_KU_KRB_SAFE_CKSUM = 15, 204 /* KRB-SAFE cksum, keyed with a key chosen by the application 205 (section 5.6.1) */ 206 KRB5_KU_OTHER_ENCRYPTED = 16, 207 /* Data which is defined in some specification outside of 208 Kerberos to be encrypted using an RFC1510 encryption type. */ 209 KRB5_KU_OTHER_CKSUM = 17, 210 /* Data which is defined in some specification outside of 211 Kerberos to be checksummed using an RFC1510 checksum type. */ 212 KRB5_KU_KRB_ERROR = 18, 213 /* Krb-error checksum */ 214 KRB5_KU_AD_KDC_ISSUED = 19, 215 /* AD-KDCIssued checksum */ 216 KRB5_KU_MANDATORY_TICKET_EXTENSION = 20, 217 /* Checksum for Mandatory Ticket Extensions */ 218 KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21, 219 /* Checksum in Authorization Data in Ticket Extensions */ 220 KRB5_KU_USAGE_SEAL = 22, 221 /* seal in GSSAPI krb5 mechanism */ 222 KRB5_KU_USAGE_SIGN = 23, 223 /* sign in GSSAPI krb5 mechanism */ 224 KRB5_KU_USAGE_SEQ = 24, 225 /* SEQ in GSSAPI krb5 mechanism */ 226 KRB5_KU_USAGE_ACCEPTOR_SEAL = 22, 227 /* acceptor sign in GSSAPI CFX krb5 mechanism */ 228 KRB5_KU_USAGE_ACCEPTOR_SIGN = 23, 229 /* acceptor seal in GSSAPI CFX krb5 mechanism */ 230 KRB5_KU_USAGE_INITIATOR_SEAL = 24, 231 /* initiator sign in GSSAPI CFX krb5 mechanism */ 232 KRB5_KU_USAGE_INITIATOR_SIGN = 25, 233 /* initiator seal in GSSAPI CFX krb5 mechanism */ 234 KRB5_KU_PA_SERVER_REFERRAL_DATA = 22, 235 /* encrypted server referral data */ 236 KRB5_KU_SAM_CHECKSUM = 25, 237 /* Checksum for the SAM-CHECKSUM field */ 238 KRB5_KU_SAM_ENC_TRACK_ID = 26, 239 /* Encryption of the SAM-TRACK-ID field */ 240 KRB5_KU_PA_SERVER_REFERRAL = 26, 241 /* Keyusage for the server referral in a TGS req */ 242 KRB5_KU_SAM_ENC_NONCE_SAD = 27, 243 /* Encryption of the SAM-NONCE-OR-SAD field */ 244 KRB5_KU_PA_PKINIT_KX = 44, 245 /* Encryption type of the kdc session contribution in pk-init */ 246 KRB5_KU_AS_REQ = 56, 247 /* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */ 248 KRB5_KU_DIGEST_ENCRYPT = -18, 249 /* Encryption key usage used in the digest encryption field */ 250 KRB5_KU_DIGEST_OPAQUE = -19, 251 /* Checksum key usage used in the digest opaque field */ 252 KRB5_KU_KRB5SIGNEDPATH = -21, 253 /* Checksum key usage on KRB5SignedPath */ 254 KRB5_KU_CANONICALIZED_NAMES = -23 255 /* Checksum key usage on PA-CANONICALIZED */ 256} krb5_key_usage; 257 258typedef krb5_key_usage krb5_keyusage; 259 260typedef enum krb5_salttype { 261 KRB5_PW_SALT = KRB5_PADATA_PW_SALT, 262 KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT 263}krb5_salttype; 264 265typedef struct krb5_salt { 266 krb5_salttype salttype; 267 krb5_data saltvalue; 268} krb5_salt; 269 270typedef ETYPE_INFO krb5_preauthinfo; 271 272typedef struct { 273 krb5_preauthtype type; 274 krb5_preauthinfo info; /* list of preauthinfo for this type */ 275} krb5_preauthdata_entry; 276 277typedef struct krb5_preauthdata { 278 unsigned len; 279 krb5_preauthdata_entry *val; 280}krb5_preauthdata; 281 282typedef enum krb5_address_type { 283 KRB5_ADDRESS_INET = 2, 284 KRB5_ADDRESS_NETBIOS = 20, 285 KRB5_ADDRESS_INET6 = 24, 286 KRB5_ADDRESS_ADDRPORT = 256, 287 KRB5_ADDRESS_IPPORT = 257 288} krb5_address_type; 289 290enum { 291 AP_OPTS_USE_SESSION_KEY = 1, 292 AP_OPTS_MUTUAL_REQUIRED = 2, 293 AP_OPTS_USE_SUBKEY = 4 /* library internal */ 294}; 295 296typedef HostAddress krb5_address; 297 298typedef HostAddresses krb5_addresses; 299 300typedef enum krb5_keytype { 301 KEYTYPE_NULL = ETYPE_NULL, 302 KEYTYPE_DES = ETYPE_DES_CBC_CRC, 303 KEYTYPE_DES3 = ETYPE_OLD_DES3_CBC_SHA1, 304 KEYTYPE_AES128 = ETYPE_AES128_CTS_HMAC_SHA1_96, 305 KEYTYPE_AES256 = ETYPE_AES256_CTS_HMAC_SHA1_96, 306 KEYTYPE_ARCFOUR = ETYPE_ARCFOUR_HMAC_MD5, 307 KEYTYPE_ARCFOUR_56 = ETYPE_ARCFOUR_HMAC_MD5_56 308} krb5_keytype; 309 310typedef EncryptionKey krb5_keyblock; 311 312typedef AP_REQ krb5_ap_req; 313 314struct krb5_cc_ops; 315 316#ifdef _WIN32 317#define KRB5_USE_PATH_TOKENS 1 318#endif 319 320#ifdef KRB5_USE_PATH_TOKENS 321#define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_" 322#else 323#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_" 324#endif 325 326#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT 327 328#define KRB5_ACCEPT_NULL_ADDRESSES(C) \ 329 krb5_config_get_bool_default((C), NULL, TRUE, \ 330 "libdefaults", "accept_null_addresses", \ 331 NULL) 332 333typedef void *krb5_cc_cursor; 334typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor; 335 336typedef struct krb5_ccache_data { 337 const struct krb5_cc_ops *ops; 338 krb5_data data; 339}krb5_ccache_data; 340 341typedef struct krb5_ccache_data *krb5_ccache; 342 343typedef struct krb5_context_data *krb5_context; 344 345typedef Realm krb5_realm; 346typedef const char *krb5_const_realm; /* stupid language */ 347 348#define krb5_realm_length(r) strlen(r) 349#define krb5_realm_data(r) (r) 350 351typedef Principal krb5_principal_data; 352typedef struct Principal *krb5_principal; 353typedef const struct Principal *krb5_const_principal; 354typedef struct Principals *krb5_principals; 355 356typedef time_t krb5_deltat; 357typedef time_t krb5_timestamp; 358 359typedef struct krb5_times { 360 krb5_timestamp authtime; 361 krb5_timestamp starttime; 362 krb5_timestamp endtime; 363 krb5_timestamp renew_till; 364} krb5_times; 365 366typedef union { 367 TicketFlags b; 368 krb5_flags i; 369} krb5_ticket_flags; 370 371/* options for krb5_get_in_tkt() */ 372#define KDC_OPT_FORWARDABLE (1 << 1) 373#define KDC_OPT_FORWARDED (1 << 2) 374#define KDC_OPT_PROXIABLE (1 << 3) 375#define KDC_OPT_PROXY (1 << 4) 376#define KDC_OPT_ALLOW_POSTDATE (1 << 5) 377#define KDC_OPT_POSTDATED (1 << 6) 378#define KDC_OPT_RENEWABLE (1 << 8) 379#define KDC_OPT_REQUEST_ANONYMOUS (1 << 14) 380#define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26) 381#define KDC_OPT_RENEWABLE_OK (1 << 27) 382#define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28) 383#define KDC_OPT_RENEW (1 << 30) 384#define KDC_OPT_VALIDATE (1 << 31) 385 386typedef union { 387 KDCOptions b; 388 krb5_flags i; 389} krb5_kdc_flags; 390 391/* flags for krb5_verify_ap_req */ 392 393#define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0) 394 395#define KRB5_GC_CACHED (1U << 0) 396#define KRB5_GC_USER_USER (1U << 1) 397#define KRB5_GC_EXPIRED_OK (1U << 2) 398#define KRB5_GC_NO_STORE (1U << 3) 399#define KRB5_GC_FORWARDABLE (1U << 4) 400#define KRB5_GC_NO_TRANSIT_CHECK (1U << 5) 401#define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6) 402#define KRB5_GC_CANONICALIZE (1U << 7) 403 404/* constants for compare_creds (and cc_retrieve_cred) */ 405#define KRB5_TC_DONT_MATCH_REALM (1U << 31) 406#define KRB5_TC_MATCH_KEYTYPE (1U << 30) 407#define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */ 408#define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29) 409#define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28) 410#define KRB5_TC_MATCH_FLAGS (1 << 27) 411#define KRB5_TC_MATCH_TIMES_EXACT (1 << 26) 412#define KRB5_TC_MATCH_TIMES (1 << 25) 413#define KRB5_TC_MATCH_AUTHDATA (1 << 24) 414#define KRB5_TC_MATCH_2ND_TKT (1 << 23) 415#define KRB5_TC_MATCH_IS_SKEY (1 << 22) 416 417/* constants for get_flags and set_flags */ 418#define KRB5_TC_OPENCLOSE 0x00000001 419#define KRB5_TC_NOTICKET 0x00000002 420 421typedef AuthorizationData krb5_authdata; 422 423typedef KRB_ERROR krb5_error; 424 425typedef struct krb5_creds { 426 krb5_principal client; 427 krb5_principal server; 428 krb5_keyblock session; 429 krb5_times times; 430 krb5_data ticket; 431 krb5_data second_ticket; 432 krb5_authdata authdata; 433 krb5_addresses addresses; 434 krb5_ticket_flags flags; 435} krb5_creds; 436 437typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor; 438 439#define KRB5_CC_OPS_VERSION 3 440 441typedef struct krb5_cc_ops { 442 int version; 443 const char *prefix; 444 const char* (KRB5_CALLCONV * get_name)(krb5_context, krb5_ccache); 445 krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, krb5_ccache *, const char *); 446 krb5_error_code (KRB5_CALLCONV * gen_new)(krb5_context, krb5_ccache *); 447 krb5_error_code (KRB5_CALLCONV * init)(krb5_context, krb5_ccache, krb5_principal); 448 krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_ccache); 449 krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_ccache); 450 krb5_error_code (KRB5_CALLCONV * store)(krb5_context, krb5_ccache, krb5_creds*); 451 krb5_error_code (KRB5_CALLCONV * retrieve)(krb5_context, krb5_ccache, 452 krb5_flags, const krb5_creds*, krb5_creds *); 453 krb5_error_code (KRB5_CALLCONV * get_princ)(krb5_context, krb5_ccache, krb5_principal*); 454 krb5_error_code (KRB5_CALLCONV * get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *); 455 krb5_error_code (KRB5_CALLCONV * get_next)(krb5_context, krb5_ccache, 456 krb5_cc_cursor*, krb5_creds*); 457 krb5_error_code (KRB5_CALLCONV * end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*); 458 krb5_error_code (KRB5_CALLCONV * remove_cred)(krb5_context, krb5_ccache, 459 krb5_flags, krb5_creds*); 460 krb5_error_code (KRB5_CALLCONV * set_flags)(krb5_context, krb5_ccache, krb5_flags); 461 int (KRB5_CALLCONV * get_version)(krb5_context, krb5_ccache); 462 krb5_error_code (KRB5_CALLCONV * get_cache_first)(krb5_context, krb5_cc_cursor *); 463 krb5_error_code (KRB5_CALLCONV * get_cache_next)(krb5_context, krb5_cc_cursor, 464 krb5_ccache *); 465 krb5_error_code (KRB5_CALLCONV * end_cache_get)(krb5_context, krb5_cc_cursor); 466 krb5_error_code (KRB5_CALLCONV * move)(krb5_context, krb5_ccache, krb5_ccache); 467 krb5_error_code (KRB5_CALLCONV * get_default_name)(krb5_context, char **); 468 krb5_error_code (KRB5_CALLCONV * set_default)(krb5_context, krb5_ccache); 469 krb5_error_code (KRB5_CALLCONV * lastchange)(krb5_context, krb5_ccache, krb5_timestamp *); 470 krb5_error_code (KRB5_CALLCONV * set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat); 471 krb5_error_code (KRB5_CALLCONV * get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *); 472} krb5_cc_ops; 473 474struct krb5_log_facility; 475 476struct krb5_config_binding { 477 enum { krb5_config_string, krb5_config_list } type; 478 char *name; 479 struct krb5_config_binding *next; 480 union { 481 char *string; 482 struct krb5_config_binding *list; 483 void *generic; 484 } u; 485}; 486 487typedef struct krb5_config_binding krb5_config_binding; 488 489typedef krb5_config_binding krb5_config_section; 490 491typedef struct krb5_ticket { 492 EncTicketPart ticket; 493 krb5_principal client; 494 krb5_principal server; 495} krb5_ticket; 496 497typedef Authenticator krb5_authenticator_data; 498 499typedef krb5_authenticator_data *krb5_authenticator; 500 501struct krb5_rcache_data; 502typedef struct krb5_rcache_data *krb5_rcache; 503typedef Authenticator krb5_donot_replay; 504 505#define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */ 506#define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02 507#define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04 508#define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08 509#define KRB5_STORAGE_BYTEORDER_MASK 0x60 510#define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */ 511#define KRB5_STORAGE_BYTEORDER_LE 0x20 512#define KRB5_STORAGE_BYTEORDER_HOST 0x40 513#define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80 514 515struct krb5_storage_data; 516typedef struct krb5_storage_data krb5_storage; 517 518typedef struct krb5_keytab_entry { 519 krb5_principal principal; 520 krb5_kvno vno; 521 krb5_keyblock keyblock; 522 uint32_t timestamp; 523 uint32_t flags; 524 krb5_principals aliases; 525} krb5_keytab_entry; 526 527typedef struct krb5_kt_cursor { 528 int fd; 529 krb5_storage *sp; 530 void *data; 531} krb5_kt_cursor; 532 533struct krb5_keytab_data; 534 535typedef struct krb5_keytab_data *krb5_keytab; 536 537#define KRB5_KT_PREFIX_MAX_LEN 30 538 539struct krb5_keytab_data { 540 const char *prefix; 541 krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, const char*, krb5_keytab); 542 krb5_error_code (KRB5_CALLCONV * get_name)(krb5_context, krb5_keytab, char*, size_t); 543 krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_keytab); 544 krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_keytab); 545 krb5_error_code (KRB5_CALLCONV * get)(krb5_context, krb5_keytab, krb5_const_principal, 546 krb5_kvno, krb5_enctype, krb5_keytab_entry*); 547 krb5_error_code (KRB5_CALLCONV * start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); 548 krb5_error_code (KRB5_CALLCONV * next_entry)(krb5_context, krb5_keytab, 549 krb5_keytab_entry*, krb5_kt_cursor*); 550 krb5_error_code (KRB5_CALLCONV * end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); 551 krb5_error_code (KRB5_CALLCONV * add)(krb5_context, krb5_keytab, krb5_keytab_entry*); 552 krb5_error_code (KRB5_CALLCONV * remove)(krb5_context, krb5_keytab, krb5_keytab_entry*); 553 void *data; 554 int32_t version; 555}; 556 557typedef struct krb5_keytab_data krb5_kt_ops; 558 559struct krb5_keytab_key_proc_args { 560 krb5_keytab keytab; 561 krb5_principal principal; 562}; 563 564typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args; 565 566typedef struct krb5_replay_data { 567 krb5_timestamp timestamp; 568 int32_t usec; 569 uint32_t seq; 570} krb5_replay_data; 571 572/* flags for krb5_auth_con_setflags */ 573enum { 574 KRB5_AUTH_CONTEXT_DO_TIME = 1, 575 KRB5_AUTH_CONTEXT_RET_TIME = 2, 576 KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4, 577 KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8, 578 KRB5_AUTH_CONTEXT_PERMIT_ALL = 16, 579 KRB5_AUTH_CONTEXT_USE_SUBKEY = 32, 580 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED = 64 581}; 582 583/* flags for krb5_auth_con_genaddrs */ 584enum { 585 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1, 586 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3, 587 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4, 588 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12 589}; 590 591typedef struct krb5_auth_context_data { 592 unsigned int flags; 593 594 krb5_address *local_address; 595 krb5_address *remote_address; 596 int16_t local_port; 597 int16_t remote_port; 598 krb5_keyblock *keyblock; 599 krb5_keyblock *local_subkey; 600 krb5_keyblock *remote_subkey; 601 602 uint32_t local_seqnumber; 603 uint32_t remote_seqnumber; 604 605 krb5_authenticator authenticator; 606 607 krb5_pointer i_vector; 608 609 krb5_rcache rcache; 610 611 krb5_keytype keytype; /* ��requested key type ? */ 612 krb5_cksumtype cksumtype; /* ��requested checksum type! */ 613 614}krb5_auth_context_data, *krb5_auth_context; 615 616typedef struct { 617 KDC_REP kdc_rep; 618 EncKDCRepPart enc_part; 619 KRB_ERROR error; 620} krb5_kdc_rep; 621 622extern const char *heimdal_version, *heimdal_long_version; 623 624typedef void (KRB5_CALLCONV * krb5_log_log_func_t)(const char*, const char*, void*); 625typedef void (KRB5_CALLCONV * krb5_log_close_func_t)(void*); 626 627typedef struct krb5_log_facility { 628 char *program; 629 int len; 630 struct facility *val; 631} krb5_log_facility; 632 633typedef EncAPRepPart krb5_ap_rep_enc_part; 634 635#define KRB5_RECVAUTH_IGNORE_VERSION 1 636 637#define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0" 638 639#define KRB5_TGS_NAME_SIZE (6) 640#define KRB5_TGS_NAME ("krbtgt") 641#define KRB5_WELLKNOWN_NAME ("WELLKNOWN") 642#define KRB5_ANON_NAME ("ANONYMOUS") 643#define KRB5_DIGEST_NAME ("digest") 644 645typedef enum { 646 KRB5_PROMPT_TYPE_PASSWORD = 0x1, 647 KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2, 648 KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3, 649 KRB5_PROMPT_TYPE_PREAUTH = 0x4, 650 KRB5_PROMPT_TYPE_INFO = 0x5 651} krb5_prompt_type; 652 653typedef struct _krb5_prompt { 654 const char *prompt; 655 int hidden; 656 krb5_data *reply; 657 krb5_prompt_type type; 658} krb5_prompt; 659 660typedef int (KRB5_CALLCONV * krb5_prompter_fct)(krb5_context /*context*/, 661 void * /*data*/, 662 const char * /*name*/, 663 const char * /*banner*/, 664 int /*num_prompts*/, 665 krb5_prompt /*prompts*/[]); 666typedef krb5_error_code (KRB5_CALLCONV * krb5_key_proc)(krb5_context /*context*/, 667 krb5_enctype /*type*/, 668 krb5_salt /*salt*/, 669 krb5_const_pointer /*keyseed*/, 670 krb5_keyblock ** /*key*/); 671typedef krb5_error_code (KRB5_CALLCONV * krb5_decrypt_proc)(krb5_context /*context*/, 672 krb5_keyblock * /*key*/, 673 krb5_key_usage /*usage*/, 674 krb5_const_pointer /*decrypt_arg*/, 675 krb5_kdc_rep * /*dec_rep*/); 676typedef krb5_error_code (KRB5_CALLCONV * krb5_s2k_proc)(krb5_context /*context*/, 677 krb5_enctype /*type*/, 678 krb5_const_pointer /*keyseed*/, 679 krb5_salt /*salt*/, 680 krb5_data * /*s2kparms*/, 681 krb5_keyblock ** /*key*/); 682 683struct _krb5_get_init_creds_opt_private; 684 685struct _krb5_get_init_creds_opt { 686 krb5_flags flags; 687 krb5_deltat tkt_life; 688 krb5_deltat renew_life; 689 int forwardable; 690 int proxiable; 691 int anonymous; 692 krb5_enctype *etype_list; 693 int etype_list_length; 694 krb5_addresses *address_list; 695 /* XXX the next three should not be used, as they may be 696 removed later */ 697 krb5_preauthtype *preauth_list; 698 int preauth_list_length; 699 krb5_data *salt; 700 struct _krb5_get_init_creds_opt_private *opt_private; 701}; 702 703typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt; 704 705#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 706#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 707#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 708#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 709#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 710#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 711#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 712#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 /* no supported */ 713#define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100 714#define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200 715 716/* krb5_init_creds_step flags argument */ 717#define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x0001 718 719typedef struct _krb5_verify_init_creds_opt { 720 krb5_flags flags; 721 int ap_req_nofail; 722} krb5_verify_init_creds_opt; 723 724#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 725 726typedef struct krb5_verify_opt { 727 unsigned int flags; 728 krb5_ccache ccache; 729 krb5_keytab keytab; 730 krb5_boolean secure; 731 const char *service; 732} krb5_verify_opt; 733 734#define KRB5_VERIFY_LREALMS 1 735#define KRB5_VERIFY_NO_ADDRESSES 2 736 737#define KRB5_KPASSWD_VERS_CHANGEPW 1 738#define KRB5_KPASSWD_VERS_SETPW 0xff80 739 740#define KRB5_KPASSWD_SUCCESS 0 741#define KRB5_KPASSWD_MALFORMED 1 742#define KRB5_KPASSWD_HARDERROR 2 743#define KRB5_KPASSWD_AUTHERROR 3 744#define KRB5_KPASSWD_SOFTERROR 4 745#define KRB5_KPASSWD_ACCESSDENIED 5 746#define KRB5_KPASSWD_BAD_VERSION 6 747#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 748 749#define KPASSWD_PORT 464 750 751/* types for the new krbhst interface */ 752struct krb5_krbhst_data; 753typedef struct krb5_krbhst_data *krb5_krbhst_handle; 754 755#define KRB5_KRBHST_KDC 1 756#define KRB5_KRBHST_ADMIN 2 757#define KRB5_KRBHST_CHANGEPW 3 758#define KRB5_KRBHST_KRB524 4 759#define KRB5_KRBHST_KCA 5 760 761typedef struct krb5_krbhst_info { 762 enum { KRB5_KRBHST_UDP, 763 KRB5_KRBHST_TCP, 764 KRB5_KRBHST_HTTP } proto; 765 unsigned short port; 766 unsigned short def_port; 767 struct addrinfo *ai; 768 struct krb5_krbhst_info *next; 769 char hostname[1]; /* has to come last */ 770} krb5_krbhst_info; 771 772/* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */ 773enum { 774 KRB5_KRBHST_FLAGS_MASTER = 1, 775 KRB5_KRBHST_FLAGS_LARGE_MSG = 2 776}; 777 778typedef krb5_error_code 779(KRB5_CALLCONV * krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, time_t, 780 const krb5_data *, krb5_data *); 781 782/** flags for krb5_parse_name_flags */ 783enum { 784 KRB5_PRINCIPAL_PARSE_NO_REALM = 1, /**< Require that there are no realm */ 785 KRB5_PRINCIPAL_PARSE_REQUIRE_REALM = 2, /**< Require a realm present */ 786 KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4 /**< Parse as a NT-ENTERPRISE name */ 787}; 788 789/** flags for krb5_unparse_name_flags */ 790enum { 791 KRB5_PRINCIPAL_UNPARSE_SHORT = 1, /**< No realm if it is the default realm */ 792 KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2, /**< No realm */ 793 KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 /**< No quoting */ 794}; 795 796typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx; 797 798#define KRB5_SENDTO_DONE 0 799#define KRB5_SENDTO_RESTART 1 800#define KRB5_SENDTO_CONTINUE 2 801 802typedef krb5_error_code 803(KRB5_CALLCONV * krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, 804 const krb5_data *, int *); 805 806struct krb5_plugin; 807enum krb5_plugin_type { 808 PLUGIN_TYPE_DATA = 1, 809 PLUGIN_TYPE_FUNC 810}; 811 812struct credentials; /* this is to keep the compiler happy */ 813struct getargs; 814struct sockaddr; 815 816/** 817 * Semi private, not stable yet 818 */ 819 820typedef struct krb5_crypto_iov { 821 unsigned int flags; 822 /* ignored */ 823#define KRB5_CRYPTO_TYPE_EMPTY 0 824 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */ 825#define KRB5_CRYPTO_TYPE_HEADER 1 826 /* IN and OUT */ 827#define KRB5_CRYPTO_TYPE_DATA 2 828 /* IN */ 829#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 830 /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ 831#define KRB5_CRYPTO_TYPE_PADDING 4 832 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ 833#define KRB5_CRYPTO_TYPE_TRAILER 5 834 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */ 835#define KRB5_CRYPTO_TYPE_CHECKSUM 6 836 krb5_data data; 837} krb5_crypto_iov; 838 839 840/* Glue for MIT */ 841 842typedef struct { 843 int32_t lr_type; 844 krb5_timestamp value; 845} krb5_last_req_entry; 846 847typedef krb5_error_code 848(KRB5_CALLCONV * krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *); 849 850/* 851 * 852 */ 853 854struct hx509_certs_data; 855 856#include <krb5/krb5-protos.h> 857 858/* variables */ 859 860extern KRB5_LIB_VARIABLE const char *krb5_config_file; 861extern KRB5_LIB_VARIABLE const char *krb5_defkeyname; 862 863 864extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops; 865extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops; 866extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops; 867extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops; 868extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops; 869extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops; 870 871extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops; 872extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_wrfkt_ops; 873extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_javakt_ops; 874extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_mkt_ops; 875extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_akf_ops; 876extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_any_ops; 877 878extern KRB5_LIB_VARIABLE const char *krb5_cc_type_api; 879extern KRB5_LIB_VARIABLE const char *krb5_cc_type_file; 880extern KRB5_LIB_VARIABLE const char *krb5_cc_type_memory; 881extern KRB5_LIB_VARIABLE const char *krb5_cc_type_kcm; 882extern KRB5_LIB_VARIABLE const char *krb5_cc_type_scc; 883 884#endif /* __KRB5_H__ */ 885 886