1/*	$NetBSD$	*/
2
3/*
4 * Copyright (c) 1997 - 2007 Kungliga Tekniska H��gskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * 1. Redistributions of source code must retain the above copyright
15 *    notice, this list of conditions and the following disclaimer.
16 *
17 * 2. Redistributions in binary form must reproduce the above copyright
18 *    notice, this list of conditions and the following disclaimer in the
19 *    documentation and/or other materials provided with the distribution.
20 *
21 * 3. Neither the name of the Institute nor the names of its contributors
22 *    may be used to endorse or promote products derived from this software
23 *    without specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 */
37
38/* Id */
39
40#ifndef __KRB5_H__
41#define __KRB5_H__
42
43#include <time.h>
44#include <krb5/krb5-types.h>
45
46#include <krb5/asn1_err.h>
47#include <krb5/krb5_err.h>
48#include <krb5/heim_err.h>
49#include <krb5/k524_err.h>
50
51#include <krb5/krb5_asn1.h>
52
53/* name confusion with MIT */
54#ifndef KRB5KDC_ERR_KEY_EXP
55#define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
56#endif
57
58#ifndef KRB5_DEPRECATED
59#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
60#define KRB5_DEPRECATED __attribute__((deprecated))
61#elif defined(_MSC_VER) && (_MSC_VER>1200)
62#define KRB5_DEPRECATED __declspec(deprecated)
63#else
64#define KRB5_DEPRECATED
65#endif
66#endif
67
68#ifdef _WIN32
69#define KRB5_CALLCONV __stdcall
70#else
71#define KRB5_CALLCONV
72#endif
73
74/* simple constants */
75
76#ifndef TRUE
77#define TRUE  1
78#define FALSE 0
79#endif
80
81typedef int krb5_boolean;
82
83typedef int32_t krb5_error_code;
84
85typedef int32_t krb5_kvno;
86
87typedef uint32_t krb5_flags;
88
89typedef void *krb5_pointer;
90typedef const void *krb5_const_pointer;
91
92struct krb5_crypto_data;
93typedef struct krb5_crypto_data *krb5_crypto;
94
95struct krb5_get_creds_opt_data;
96typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt;
97
98struct krb5_digest_data;
99typedef struct krb5_digest_data *krb5_digest;
100struct krb5_ntlm_data;
101typedef struct krb5_ntlm_data *krb5_ntlm;
102
103struct krb5_pac_data;
104typedef struct krb5_pac_data *krb5_pac;
105
106typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx;
107typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx;
108
109typedef CKSUMTYPE krb5_cksumtype;
110
111typedef Checksum krb5_checksum;
112
113typedef ENCTYPE krb5_enctype;
114
115typedef struct krb5_get_init_creds_ctx *krb5_init_creds_context;
116
117typedef heim_octet_string krb5_data;
118
119/* PKINIT related forward declarations */
120struct ContentInfo;
121struct krb5_pk_identity;
122struct krb5_pk_cert;
123
124/* krb5_enc_data is a mit compat structure */
125typedef struct krb5_enc_data {
126    krb5_enctype enctype;
127    krb5_kvno kvno;
128    krb5_data ciphertext;
129} krb5_enc_data;
130
131/* alternative names */
132enum {
133    ENCTYPE_NULL		= ETYPE_NULL,
134    ENCTYPE_DES_CBC_CRC		= ETYPE_DES_CBC_CRC,
135    ENCTYPE_DES_CBC_MD4		= ETYPE_DES_CBC_MD4,
136    ENCTYPE_DES_CBC_MD5		= ETYPE_DES_CBC_MD5,
137    ENCTYPE_DES3_CBC_MD5	= ETYPE_DES3_CBC_MD5,
138    ENCTYPE_OLD_DES3_CBC_SHA1	= ETYPE_OLD_DES3_CBC_SHA1,
139    ENCTYPE_SIGN_DSA_GENERATE	= ETYPE_SIGN_DSA_GENERATE,
140    ENCTYPE_ENCRYPT_RSA_PRIV	= ETYPE_ENCRYPT_RSA_PRIV,
141    ENCTYPE_ENCRYPT_RSA_PUB	= ETYPE_ENCRYPT_RSA_PUB,
142    ENCTYPE_DES3_CBC_SHA1	= ETYPE_DES3_CBC_SHA1,
143    ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96,
144    ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96,
145    ENCTYPE_ARCFOUR_HMAC	= ETYPE_ARCFOUR_HMAC_MD5,
146    ENCTYPE_ARCFOUR_HMAC_MD5	= ETYPE_ARCFOUR_HMAC_MD5,
147    ENCTYPE_ARCFOUR_HMAC_MD5_56	= ETYPE_ARCFOUR_HMAC_MD5_56,
148    ENCTYPE_ENCTYPE_PK_CROSS	= ETYPE_ENCTYPE_PK_CROSS,
149    ENCTYPE_DES_CBC_NONE	= ETYPE_DES_CBC_NONE,
150    ENCTYPE_DES3_CBC_NONE	= ETYPE_DES3_CBC_NONE,
151    ENCTYPE_DES_CFB64_NONE	= ETYPE_DES_CFB64_NONE,
152    ENCTYPE_DES_PCBC_NONE	= ETYPE_DES_PCBC_NONE
153};
154
155typedef PADATA_TYPE krb5_preauthtype;
156
157typedef enum krb5_key_usage {
158    KRB5_KU_PA_ENC_TIMESTAMP = 1,
159    /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
160       client key (section 5.4.1) */
161    KRB5_KU_TICKET = 2,
162    /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
163       application session key), encrypted with the service key
164       (section 5.4.2) */
165    KRB5_KU_AS_REP_ENC_PART = 3,
166    /* AS-REP encrypted part (includes tgs session key or application
167       session key), encrypted with the client key (section 5.4.2) */
168    KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
169    /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
170       session key (section 5.4.1) */
171    KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
172    /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
173          authenticator subkey (section 5.4.1) */
174    KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
175    /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
176       with the tgs session key (sections 5.3.2, 5.4.1) */
177    KRB5_KU_TGS_REQ_AUTH = 7,
178    /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
179       authenticator subkey), encrypted with the tgs session key
180       (section 5.3.2) */
181    KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
182    /* TGS-REP encrypted part (includes application session key),
183       encrypted with the tgs session key (section 5.4.2) */
184    KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
185    /* TGS-REP encrypted part (includes application session key),
186       encrypted with the tgs authenticator subkey (section 5.4.2) */
187    KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
188    /* AP-REQ Authenticator cksum, keyed with the application session
189       key (section 5.3.2) */
190    KRB5_KU_AP_REQ_AUTH = 11,
191    /* AP-REQ Authenticator (includes application authenticator
192       subkey), encrypted with the application session key (section
193       5.3.2) */
194    KRB5_KU_AP_REQ_ENC_PART = 12,
195    /* AP-REP encrypted part (includes application session subkey),
196       encrypted with the application session key (section 5.5.2) */
197    KRB5_KU_KRB_PRIV = 13,
198    /* KRB-PRIV encrypted part, encrypted with a key chosen by the
199       application (section 5.7.1) */
200    KRB5_KU_KRB_CRED = 14,
201    /* KRB-CRED encrypted part, encrypted with a key chosen by the
202       application (section 5.8.1) */
203    KRB5_KU_KRB_SAFE_CKSUM = 15,
204    /* KRB-SAFE cksum, keyed with a key chosen by the application
205       (section 5.6.1) */
206    KRB5_KU_OTHER_ENCRYPTED = 16,
207    /* Data which is defined in some specification outside of
208       Kerberos to be encrypted using an RFC1510 encryption type. */
209    KRB5_KU_OTHER_CKSUM = 17,
210    /* Data which is defined in some specification outside of
211       Kerberos to be checksummed using an RFC1510 checksum type. */
212    KRB5_KU_KRB_ERROR = 18,
213    /* Krb-error checksum */
214    KRB5_KU_AD_KDC_ISSUED = 19,
215    /* AD-KDCIssued checksum */
216    KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
217    /* Checksum for Mandatory Ticket Extensions */
218    KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
219    /* Checksum in Authorization Data in Ticket Extensions */
220    KRB5_KU_USAGE_SEAL = 22,
221    /* seal in GSSAPI krb5 mechanism */
222    KRB5_KU_USAGE_SIGN = 23,
223    /* sign in GSSAPI krb5 mechanism */
224    KRB5_KU_USAGE_SEQ = 24,
225    /* SEQ in GSSAPI krb5 mechanism */
226    KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
227    /* acceptor sign in GSSAPI CFX krb5 mechanism */
228    KRB5_KU_USAGE_ACCEPTOR_SIGN = 23,
229    /* acceptor seal in GSSAPI CFX krb5 mechanism */
230    KRB5_KU_USAGE_INITIATOR_SEAL = 24,
231    /* initiator sign in GSSAPI CFX krb5 mechanism */
232    KRB5_KU_USAGE_INITIATOR_SIGN = 25,
233    /* initiator seal in GSSAPI CFX krb5 mechanism */
234    KRB5_KU_PA_SERVER_REFERRAL_DATA = 22,
235    /* encrypted server referral data */
236    KRB5_KU_SAM_CHECKSUM = 25,
237    /* Checksum for the SAM-CHECKSUM field */
238    KRB5_KU_SAM_ENC_TRACK_ID = 26,
239    /* Encryption of the SAM-TRACK-ID field */
240    KRB5_KU_PA_SERVER_REFERRAL = 26,
241    /* Keyusage for the server referral in a TGS req */
242    KRB5_KU_SAM_ENC_NONCE_SAD = 27,
243    /* Encryption of the SAM-NONCE-OR-SAD field */
244    KRB5_KU_PA_PKINIT_KX = 44,
245    /* Encryption type of the kdc session contribution in pk-init */
246    KRB5_KU_AS_REQ = 56,
247    /* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */
248    KRB5_KU_DIGEST_ENCRYPT = -18,
249    /* Encryption key usage used in the digest encryption field */
250    KRB5_KU_DIGEST_OPAQUE = -19,
251    /* Checksum key usage used in the digest opaque field */
252    KRB5_KU_KRB5SIGNEDPATH = -21,
253    /* Checksum key usage on KRB5SignedPath */
254    KRB5_KU_CANONICALIZED_NAMES = -23
255    /* Checksum key usage on PA-CANONICALIZED */
256} krb5_key_usage;
257
258typedef krb5_key_usage krb5_keyusage;
259
260typedef enum krb5_salttype {
261    KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
262    KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
263}krb5_salttype;
264
265typedef struct krb5_salt {
266    krb5_salttype salttype;
267    krb5_data saltvalue;
268} krb5_salt;
269
270typedef ETYPE_INFO krb5_preauthinfo;
271
272typedef struct {
273    krb5_preauthtype type;
274    krb5_preauthinfo info; /* list of preauthinfo for this type */
275} krb5_preauthdata_entry;
276
277typedef struct krb5_preauthdata {
278    unsigned len;
279    krb5_preauthdata_entry *val;
280}krb5_preauthdata;
281
282typedef enum krb5_address_type {
283    KRB5_ADDRESS_INET     =   2,
284    KRB5_ADDRESS_NETBIOS  =  20,
285    KRB5_ADDRESS_INET6    =  24,
286    KRB5_ADDRESS_ADDRPORT = 256,
287    KRB5_ADDRESS_IPPORT   = 257
288} krb5_address_type;
289
290enum {
291  AP_OPTS_USE_SESSION_KEY = 1,
292  AP_OPTS_MUTUAL_REQUIRED = 2,
293  AP_OPTS_USE_SUBKEY = 4		/* library internal */
294};
295
296typedef HostAddress krb5_address;
297
298typedef HostAddresses krb5_addresses;
299
300typedef enum krb5_keytype {
301    KEYTYPE_NULL	= ETYPE_NULL,
302    KEYTYPE_DES		= ETYPE_DES_CBC_CRC,
303    KEYTYPE_DES3	= ETYPE_OLD_DES3_CBC_SHA1,
304    KEYTYPE_AES128	= ETYPE_AES128_CTS_HMAC_SHA1_96,
305    KEYTYPE_AES256	= ETYPE_AES256_CTS_HMAC_SHA1_96,
306    KEYTYPE_ARCFOUR	= ETYPE_ARCFOUR_HMAC_MD5,
307    KEYTYPE_ARCFOUR_56	= ETYPE_ARCFOUR_HMAC_MD5_56
308} krb5_keytype;
309
310typedef EncryptionKey krb5_keyblock;
311
312typedef AP_REQ krb5_ap_req;
313
314struct krb5_cc_ops;
315
316#ifdef _WIN32
317#define KRB5_USE_PATH_TOKENS 1
318#endif
319
320#ifdef KRB5_USE_PATH_TOKENS
321#define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_"
322#else
323#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
324#endif
325
326#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
327
328#define KRB5_ACCEPT_NULL_ADDRESSES(C) 					 \
329    krb5_config_get_bool_default((C), NULL, TRUE, 			 \
330				 "libdefaults", "accept_null_addresses", \
331				 NULL)
332
333typedef void *krb5_cc_cursor;
334typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor;
335
336typedef struct krb5_ccache_data {
337    const struct krb5_cc_ops *ops;
338    krb5_data data;
339}krb5_ccache_data;
340
341typedef struct krb5_ccache_data *krb5_ccache;
342
343typedef struct krb5_context_data *krb5_context;
344
345typedef Realm krb5_realm;
346typedef const char *krb5_const_realm; /* stupid language */
347
348#define krb5_realm_length(r) strlen(r)
349#define krb5_realm_data(r) (r)
350
351typedef Principal krb5_principal_data;
352typedef struct Principal *krb5_principal;
353typedef const struct Principal *krb5_const_principal;
354typedef struct Principals *krb5_principals;
355
356typedef time_t krb5_deltat;
357typedef time_t krb5_timestamp;
358
359typedef struct krb5_times {
360  krb5_timestamp authtime;
361  krb5_timestamp starttime;
362  krb5_timestamp endtime;
363  krb5_timestamp renew_till;
364} krb5_times;
365
366typedef union {
367    TicketFlags b;
368    krb5_flags i;
369} krb5_ticket_flags;
370
371/* options for krb5_get_in_tkt() */
372#define KDC_OPT_FORWARDABLE		(1 << 1)
373#define KDC_OPT_FORWARDED		(1 << 2)
374#define KDC_OPT_PROXIABLE		(1 << 3)
375#define KDC_OPT_PROXY			(1 << 4)
376#define KDC_OPT_ALLOW_POSTDATE		(1 << 5)
377#define KDC_OPT_POSTDATED		(1 << 6)
378#define KDC_OPT_RENEWABLE		(1 << 8)
379#define KDC_OPT_REQUEST_ANONYMOUS	(1 << 14)
380#define KDC_OPT_DISABLE_TRANSITED_CHECK	(1 << 26)
381#define KDC_OPT_RENEWABLE_OK		(1 << 27)
382#define KDC_OPT_ENC_TKT_IN_SKEY		(1 << 28)
383#define KDC_OPT_RENEW			(1 << 30)
384#define KDC_OPT_VALIDATE		(1 << 31)
385
386typedef union {
387    KDCOptions b;
388    krb5_flags i;
389} krb5_kdc_flags;
390
391/* flags for krb5_verify_ap_req */
392
393#define KRB5_VERIFY_AP_REQ_IGNORE_INVALID	(1 << 0)
394
395#define KRB5_GC_CACHED			(1U << 0)
396#define KRB5_GC_USER_USER		(1U << 1)
397#define KRB5_GC_EXPIRED_OK		(1U << 2)
398#define KRB5_GC_NO_STORE		(1U << 3)
399#define KRB5_GC_FORWARDABLE		(1U << 4)
400#define KRB5_GC_NO_TRANSIT_CHECK	(1U << 5)
401#define KRB5_GC_CONSTRAINED_DELEGATION	(1U << 6)
402#define KRB5_GC_CANONICALIZE		(1U << 7)
403
404/* constants for compare_creds (and cc_retrieve_cred) */
405#define KRB5_TC_DONT_MATCH_REALM	(1U << 31)
406#define KRB5_TC_MATCH_KEYTYPE		(1U << 30)
407#define KRB5_TC_MATCH_KTYPE		KRB5_TC_MATCH_KEYTYPE    /* MIT name */
408#define KRB5_TC_MATCH_SRV_NAMEONLY	(1 << 29)
409#define KRB5_TC_MATCH_FLAGS_EXACT	(1 << 28)
410#define KRB5_TC_MATCH_FLAGS		(1 << 27)
411#define KRB5_TC_MATCH_TIMES_EXACT	(1 << 26)
412#define KRB5_TC_MATCH_TIMES		(1 << 25)
413#define KRB5_TC_MATCH_AUTHDATA		(1 << 24)
414#define KRB5_TC_MATCH_2ND_TKT		(1 << 23)
415#define KRB5_TC_MATCH_IS_SKEY		(1 << 22)
416
417/* constants for get_flags and set_flags */
418#define KRB5_TC_OPENCLOSE 0x00000001
419#define KRB5_TC_NOTICKET  0x00000002
420
421typedef AuthorizationData krb5_authdata;
422
423typedef KRB_ERROR krb5_error;
424
425typedef struct krb5_creds {
426    krb5_principal client;
427    krb5_principal server;
428    krb5_keyblock session;
429    krb5_times times;
430    krb5_data ticket;
431    krb5_data second_ticket;
432    krb5_authdata authdata;
433    krb5_addresses addresses;
434    krb5_ticket_flags flags;
435} krb5_creds;
436
437typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
438
439#define KRB5_CC_OPS_VERSION 3
440
441typedef struct krb5_cc_ops {
442    int version;
443    const char *prefix;
444    const char* (KRB5_CALLCONV * get_name)(krb5_context, krb5_ccache);
445    krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, krb5_ccache *, const char *);
446    krb5_error_code (KRB5_CALLCONV * gen_new)(krb5_context, krb5_ccache *);
447    krb5_error_code (KRB5_CALLCONV * init)(krb5_context, krb5_ccache, krb5_principal);
448    krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_ccache);
449    krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_ccache);
450    krb5_error_code (KRB5_CALLCONV * store)(krb5_context, krb5_ccache, krb5_creds*);
451    krb5_error_code (KRB5_CALLCONV * retrieve)(krb5_context, krb5_ccache,
452					       krb5_flags, const krb5_creds*, krb5_creds *);
453    krb5_error_code (KRB5_CALLCONV * get_princ)(krb5_context, krb5_ccache, krb5_principal*);
454    krb5_error_code (KRB5_CALLCONV * get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
455    krb5_error_code (KRB5_CALLCONV * get_next)(krb5_context, krb5_ccache,
456					       krb5_cc_cursor*, krb5_creds*);
457    krb5_error_code (KRB5_CALLCONV * end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
458    krb5_error_code (KRB5_CALLCONV * remove_cred)(krb5_context, krb5_ccache,
459						  krb5_flags, krb5_creds*);
460    krb5_error_code (KRB5_CALLCONV * set_flags)(krb5_context, krb5_ccache, krb5_flags);
461    int (KRB5_CALLCONV * get_version)(krb5_context, krb5_ccache);
462    krb5_error_code (KRB5_CALLCONV * get_cache_first)(krb5_context, krb5_cc_cursor *);
463    krb5_error_code (KRB5_CALLCONV * get_cache_next)(krb5_context, krb5_cc_cursor,
464						     krb5_ccache *);
465    krb5_error_code (KRB5_CALLCONV * end_cache_get)(krb5_context, krb5_cc_cursor);
466    krb5_error_code (KRB5_CALLCONV * move)(krb5_context, krb5_ccache, krb5_ccache);
467    krb5_error_code (KRB5_CALLCONV * get_default_name)(krb5_context, char **);
468    krb5_error_code (KRB5_CALLCONV * set_default)(krb5_context, krb5_ccache);
469    krb5_error_code (KRB5_CALLCONV * lastchange)(krb5_context, krb5_ccache, krb5_timestamp *);
470    krb5_error_code (KRB5_CALLCONV * set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat);
471    krb5_error_code (KRB5_CALLCONV * get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *);
472} krb5_cc_ops;
473
474struct krb5_log_facility;
475
476struct krb5_config_binding {
477    enum { krb5_config_string, krb5_config_list } type;
478    char *name;
479    struct krb5_config_binding *next;
480    union {
481	char *string;
482	struct krb5_config_binding *list;
483	void *generic;
484    } u;
485};
486
487typedef struct krb5_config_binding krb5_config_binding;
488
489typedef krb5_config_binding krb5_config_section;
490
491typedef struct krb5_ticket {
492    EncTicketPart ticket;
493    krb5_principal client;
494    krb5_principal server;
495} krb5_ticket;
496
497typedef Authenticator krb5_authenticator_data;
498
499typedef krb5_authenticator_data *krb5_authenticator;
500
501struct krb5_rcache_data;
502typedef struct krb5_rcache_data *krb5_rcache;
503typedef Authenticator krb5_donot_replay;
504
505#define KRB5_STORAGE_HOST_BYTEORDER			0x01 /* old */
506#define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS	0x02
507#define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE		0x04
508#define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE		0x08
509#define KRB5_STORAGE_BYTEORDER_MASK			0x60
510#define KRB5_STORAGE_BYTEORDER_BE			0x00 /* default */
511#define KRB5_STORAGE_BYTEORDER_LE			0x20
512#define KRB5_STORAGE_BYTEORDER_HOST			0x40
513#define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER		0x80
514
515struct krb5_storage_data;
516typedef struct krb5_storage_data krb5_storage;
517
518typedef struct krb5_keytab_entry {
519    krb5_principal principal;
520    krb5_kvno vno;
521    krb5_keyblock keyblock;
522    uint32_t timestamp;
523    uint32_t flags;
524    krb5_principals aliases;
525} krb5_keytab_entry;
526
527typedef struct krb5_kt_cursor {
528    int fd;
529    krb5_storage *sp;
530    void *data;
531} krb5_kt_cursor;
532
533struct krb5_keytab_data;
534
535typedef struct krb5_keytab_data *krb5_keytab;
536
537#define KRB5_KT_PREFIX_MAX_LEN	30
538
539struct krb5_keytab_data {
540    const char *prefix;
541    krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, const char*, krb5_keytab);
542    krb5_error_code (KRB5_CALLCONV * get_name)(krb5_context, krb5_keytab, char*, size_t);
543    krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_keytab);
544    krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_keytab);
545    krb5_error_code (KRB5_CALLCONV * get)(krb5_context, krb5_keytab, krb5_const_principal,
546					  krb5_kvno, krb5_enctype, krb5_keytab_entry*);
547    krb5_error_code (KRB5_CALLCONV * start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
548    krb5_error_code (KRB5_CALLCONV * next_entry)(krb5_context, krb5_keytab,
549						 krb5_keytab_entry*, krb5_kt_cursor*);
550    krb5_error_code (KRB5_CALLCONV * end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
551    krb5_error_code (KRB5_CALLCONV * add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
552    krb5_error_code (KRB5_CALLCONV * remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
553    void *data;
554    int32_t version;
555};
556
557typedef struct krb5_keytab_data krb5_kt_ops;
558
559struct krb5_keytab_key_proc_args {
560    krb5_keytab keytab;
561    krb5_principal principal;
562};
563
564typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
565
566typedef struct krb5_replay_data {
567    krb5_timestamp timestamp;
568    int32_t usec;
569    uint32_t seq;
570} krb5_replay_data;
571
572/* flags for krb5_auth_con_setflags */
573enum {
574    KRB5_AUTH_CONTEXT_DO_TIME      		= 1,
575    KRB5_AUTH_CONTEXT_RET_TIME     		= 2,
576    KRB5_AUTH_CONTEXT_DO_SEQUENCE  		= 4,
577    KRB5_AUTH_CONTEXT_RET_SEQUENCE 		= 8,
578    KRB5_AUTH_CONTEXT_PERMIT_ALL   		= 16,
579    KRB5_AUTH_CONTEXT_USE_SUBKEY   		= 32,
580    KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED	= 64
581};
582
583/* flags for krb5_auth_con_genaddrs */
584enum {
585    KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR       = 1,
586    KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR  = 3,
587    KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR      = 4,
588    KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
589};
590
591typedef struct krb5_auth_context_data {
592    unsigned int flags;
593
594    krb5_address *local_address;
595    krb5_address *remote_address;
596    int16_t local_port;
597    int16_t remote_port;
598    krb5_keyblock *keyblock;
599    krb5_keyblock *local_subkey;
600    krb5_keyblock *remote_subkey;
601
602    uint32_t local_seqnumber;
603    uint32_t remote_seqnumber;
604
605    krb5_authenticator authenticator;
606
607    krb5_pointer i_vector;
608
609    krb5_rcache rcache;
610
611    krb5_keytype keytype;	/* ��requested key type ? */
612    krb5_cksumtype cksumtype;	/* ��requested checksum type! */
613
614}krb5_auth_context_data, *krb5_auth_context;
615
616typedef struct {
617    KDC_REP kdc_rep;
618    EncKDCRepPart enc_part;
619    KRB_ERROR error;
620} krb5_kdc_rep;
621
622extern const char *heimdal_version, *heimdal_long_version;
623
624typedef void (KRB5_CALLCONV * krb5_log_log_func_t)(const char*, const char*, void*);
625typedef void (KRB5_CALLCONV * krb5_log_close_func_t)(void*);
626
627typedef struct krb5_log_facility {
628    char *program;
629    int len;
630    struct facility *val;
631} krb5_log_facility;
632
633typedef EncAPRepPart krb5_ap_rep_enc_part;
634
635#define KRB5_RECVAUTH_IGNORE_VERSION 1
636
637#define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
638
639#define KRB5_TGS_NAME_SIZE (6)
640#define KRB5_TGS_NAME ("krbtgt")
641#define KRB5_WELLKNOWN_NAME ("WELLKNOWN")
642#define KRB5_ANON_NAME ("ANONYMOUS")
643#define KRB5_DIGEST_NAME ("digest")
644
645typedef enum {
646    KRB5_PROMPT_TYPE_PASSWORD		= 0x1,
647    KRB5_PROMPT_TYPE_NEW_PASSWORD	= 0x2,
648    KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
649    KRB5_PROMPT_TYPE_PREAUTH		= 0x4,
650    KRB5_PROMPT_TYPE_INFO		= 0x5
651} krb5_prompt_type;
652
653typedef struct _krb5_prompt {
654    const char *prompt;
655    int hidden;
656    krb5_data *reply;
657    krb5_prompt_type type;
658} krb5_prompt;
659
660typedef int (KRB5_CALLCONV * krb5_prompter_fct)(krb5_context /*context*/,
661						void * /*data*/,
662						const char * /*name*/,
663						const char * /*banner*/,
664						int /*num_prompts*/,
665						krb5_prompt /*prompts*/[]);
666typedef krb5_error_code (KRB5_CALLCONV * krb5_key_proc)(krb5_context /*context*/,
667							krb5_enctype /*type*/,
668							krb5_salt /*salt*/,
669							krb5_const_pointer /*keyseed*/,
670							krb5_keyblock ** /*key*/);
671typedef krb5_error_code (KRB5_CALLCONV * krb5_decrypt_proc)(krb5_context /*context*/,
672							    krb5_keyblock * /*key*/,
673							    krb5_key_usage /*usage*/,
674							    krb5_const_pointer /*decrypt_arg*/,
675							    krb5_kdc_rep * /*dec_rep*/);
676typedef krb5_error_code (KRB5_CALLCONV * krb5_s2k_proc)(krb5_context /*context*/,
677							krb5_enctype /*type*/,
678							krb5_const_pointer /*keyseed*/,
679							krb5_salt /*salt*/,
680							krb5_data * /*s2kparms*/,
681							krb5_keyblock ** /*key*/);
682
683struct _krb5_get_init_creds_opt_private;
684
685struct _krb5_get_init_creds_opt {
686    krb5_flags flags;
687    krb5_deltat tkt_life;
688    krb5_deltat renew_life;
689    int forwardable;
690    int proxiable;
691    int anonymous;
692    krb5_enctype *etype_list;
693    int etype_list_length;
694    krb5_addresses *address_list;
695    /* XXX the next three should not be used, as they may be
696       removed later */
697    krb5_preauthtype *preauth_list;
698    int preauth_list_length;
699    krb5_data *salt;
700    struct _krb5_get_init_creds_opt_private *opt_private;
701};
702
703typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt;
704
705#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE	0x0001
706#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE	0x0002
707#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE	0x0004
708#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE	0x0008
709#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST	0x0010
710#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST	0x0020
711#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST	0x0040
712#define KRB5_GET_INIT_CREDS_OPT_SALT		0x0080 /* no supported */
713#define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS	0x0100
714#define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK	0x0200
715
716/* krb5_init_creds_step flags argument */
717#define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE	0x0001
718
719typedef struct _krb5_verify_init_creds_opt {
720    krb5_flags flags;
721    int ap_req_nofail;
722} krb5_verify_init_creds_opt;
723
724#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
725
726typedef struct krb5_verify_opt {
727    unsigned int flags;
728    krb5_ccache ccache;
729    krb5_keytab keytab;
730    krb5_boolean secure;
731    const char *service;
732} krb5_verify_opt;
733
734#define KRB5_VERIFY_LREALMS		1
735#define KRB5_VERIFY_NO_ADDRESSES	2
736
737#define KRB5_KPASSWD_VERS_CHANGEPW      1
738#define KRB5_KPASSWD_VERS_SETPW         0xff80
739
740#define KRB5_KPASSWD_SUCCESS	0
741#define KRB5_KPASSWD_MALFORMED	1
742#define KRB5_KPASSWD_HARDERROR	2
743#define KRB5_KPASSWD_AUTHERROR	3
744#define KRB5_KPASSWD_SOFTERROR	4
745#define KRB5_KPASSWD_ACCESSDENIED 5
746#define KRB5_KPASSWD_BAD_VERSION 6
747#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
748
749#define KPASSWD_PORT 464
750
751/* types for the new krbhst interface */
752struct krb5_krbhst_data;
753typedef struct krb5_krbhst_data *krb5_krbhst_handle;
754
755#define KRB5_KRBHST_KDC		1
756#define KRB5_KRBHST_ADMIN	2
757#define KRB5_KRBHST_CHANGEPW	3
758#define KRB5_KRBHST_KRB524	4
759#define KRB5_KRBHST_KCA		5
760
761typedef struct krb5_krbhst_info {
762    enum { KRB5_KRBHST_UDP,
763	   KRB5_KRBHST_TCP,
764	   KRB5_KRBHST_HTTP } proto;
765    unsigned short port;
766    unsigned short def_port;
767    struct addrinfo *ai;
768    struct krb5_krbhst_info *next;
769    char hostname[1]; /* has to come last */
770} krb5_krbhst_info;
771
772/* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
773enum {
774    KRB5_KRBHST_FLAGS_MASTER      = 1,
775    KRB5_KRBHST_FLAGS_LARGE_MSG	  = 2
776};
777
778typedef krb5_error_code
779(KRB5_CALLCONV * krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, time_t,
780					const krb5_data *, krb5_data *);
781
782/** flags for krb5_parse_name_flags */
783enum {
784    KRB5_PRINCIPAL_PARSE_NO_REALM = 1, /**< Require that there are no realm */
785    KRB5_PRINCIPAL_PARSE_REQUIRE_REALM = 2, /**< Require a realm present */
786    KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4 /**< Parse as a NT-ENTERPRISE name */
787};
788
789/** flags for krb5_unparse_name_flags */
790enum {
791    KRB5_PRINCIPAL_UNPARSE_SHORT = 1, /**< No realm if it is the default realm */
792    KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2, /**< No realm */
793    KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 /**< No quoting */
794};
795
796typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx;
797
798#define KRB5_SENDTO_DONE	0
799#define KRB5_SENDTO_RESTART	1
800#define KRB5_SENDTO_CONTINUE	2
801
802typedef krb5_error_code
803(KRB5_CALLCONV * krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *,
804				       const krb5_data *, int *);
805
806struct krb5_plugin;
807enum krb5_plugin_type {
808    PLUGIN_TYPE_DATA = 1,
809    PLUGIN_TYPE_FUNC
810};
811
812struct credentials; /* this is to keep the compiler happy */
813struct getargs;
814struct sockaddr;
815
816/**
817 * Semi private, not stable yet
818 */
819
820typedef struct krb5_crypto_iov {
821    unsigned int flags;
822    /* ignored */
823#define KRB5_CRYPTO_TYPE_EMPTY		0
824    /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
825#define KRB5_CRYPTO_TYPE_HEADER		1
826    /* IN and OUT */
827#define KRB5_CRYPTO_TYPE_DATA		2
828    /* IN */
829#define KRB5_CRYPTO_TYPE_SIGN_ONLY	3
830   /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
831#define KRB5_CRYPTO_TYPE_PADDING	4
832   /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
833#define KRB5_CRYPTO_TYPE_TRAILER	5
834   /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
835#define KRB5_CRYPTO_TYPE_CHECKSUM	6
836    krb5_data data;
837} krb5_crypto_iov;
838
839
840/* Glue for MIT */
841
842typedef struct {
843    int32_t lr_type;
844    krb5_timestamp value;
845} krb5_last_req_entry;
846
847typedef krb5_error_code
848(KRB5_CALLCONV * krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *);
849
850/*
851 *
852 */
853
854struct hx509_certs_data;
855
856#include <krb5/krb5-protos.h>
857
858/* variables */
859
860extern KRB5_LIB_VARIABLE const char *krb5_config_file;
861extern KRB5_LIB_VARIABLE const char *krb5_defkeyname;
862
863
864extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops;
865extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops;
866extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops;
867extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops;
868extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops;
869extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops;
870
871extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops;
872extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_wrfkt_ops;
873extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_javakt_ops;
874extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_mkt_ops;
875extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_akf_ops;
876extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_any_ops;
877
878extern KRB5_LIB_VARIABLE const char *krb5_cc_type_api;
879extern KRB5_LIB_VARIABLE const char *krb5_cc_type_file;
880extern KRB5_LIB_VARIABLE const char *krb5_cc_type_memory;
881extern KRB5_LIB_VARIABLE const char *krb5_cc_type_kcm;
882extern KRB5_LIB_VARIABLE const char *krb5_cc_type_scc;
883
884#endif /* __KRB5_H__ */
885
886