search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / krb5 / krb5.h
blob28ebcbc2592f8f374135581c32ddb897c7461f09
1 /*
2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /* $Heimdal: krb5.h 22100 2007-12-03 17:15:00Z lha $
35 $NetBSD$ */
36
37 #ifndef __KRB5_H__
38 #define __KRB5_H__
39
40 #include <time.h>
41 #ifndef __krb5_types_h__
42 #define __krb5_types_h__
43 #include <sys/types.h>
44 #include <inttypes.h>
45 #include <sys/socket.h>
46 typedef socklen_t krb5_socklen_t;
47 typedef ssize_t krb5_ssize_t;
48 #endif
49
50 #include <krb5/asn1_err.h>
51 #include <krb5/krb5_err.h>
52 #include <krb5/heim_err.h>
53 #include <krb5/k524_err.h>
54
55 #include <krb5/krb5_asn1.h>
56
57 /* name confusion with MIT */
58 #ifndef KRB5KDC_ERR_KEY_EXP
59 #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
60 #endif
61
62 /* simple constants */
63
64 #ifndef TRUE
65 #define TRUE 1
66 #define FALSE 0
67 #endif
68
69 typedef int krb5_boolean;
70
71 typedef int32_t krb5_error_code;
72
73 typedef int krb5_kvno;
74
75 typedef uint32_t krb5_flags;
76
77 typedef void *krb5_pointer;
78 typedef const void *krb5_const_pointer;
79
80 struct krb5_crypto_data;
81 typedef struct krb5_crypto_data *krb5_crypto;
82
83 struct krb5_get_creds_opt_data;
84 typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt;
85
86 struct krb5_digest_data;
87 typedef struct krb5_digest_data *krb5_digest;
88 struct krb5_ntlm_data;
89 typedef struct krb5_ntlm_data *krb5_ntlm;
90
91 struct krb5_pac_data;
92 typedef struct krb5_pac_data *krb5_pac;
93
94 typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx;
95 typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx;
96
97 typedef CKSUMTYPE krb5_cksumtype;
98
99 typedef Checksum krb5_checksum;
100
101 typedef ENCTYPE krb5_enctype;
102
103 typedef heim_octet_string krb5_data;
104
105 /* PKINIT related forward declarations */
106 struct ContentInfo;
107 struct krb5_pk_identity;
108 struct krb5_pk_cert;
109
110 /* krb5_enc_data is a mit compat structure */
111 typedef struct krb5_enc_data {
112 krb5_enctype enctype;
113 krb5_kvno kvno;
114 krb5_data ciphertext;
115 } krb5_enc_data;
116
117 /* alternative names */
118 enum {
119 ENCTYPE_NULL = ETYPE_NULL,
120 ENCTYPE_DES_CBC_CRC = ETYPE_DES_CBC_CRC,
121 ENCTYPE_DES_CBC_MD4 = ETYPE_DES_CBC_MD4,
122 ENCTYPE_DES_CBC_MD5 = ETYPE_DES_CBC_MD5,
123 ENCTYPE_DES3_CBC_MD5 = ETYPE_DES3_CBC_MD5,
124 ENCTYPE_OLD_DES3_CBC_SHA1 = ETYPE_OLD_DES3_CBC_SHA1,
125 ENCTYPE_SIGN_DSA_GENERATE = ETYPE_SIGN_DSA_GENERATE,
126 ENCTYPE_ENCRYPT_RSA_PRIV = ETYPE_ENCRYPT_RSA_PRIV,
127 ENCTYPE_ENCRYPT_RSA_PUB = ETYPE_ENCRYPT_RSA_PUB,
128 ENCTYPE_DES3_CBC_SHA1 = ETYPE_DES3_CBC_SHA1,
129 ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96,
130 ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96,
131 ENCTYPE_ARCFOUR_HMAC = ETYPE_ARCFOUR_HMAC_MD5,
132 ENCTYPE_ARCFOUR_HMAC_MD5 = ETYPE_ARCFOUR_HMAC_MD5,
133 ENCTYPE_ARCFOUR_HMAC_MD5_56 = ETYPE_ARCFOUR_HMAC_MD5_56,
134 ENCTYPE_ENCTYPE_PK_CROSS = ETYPE_ENCTYPE_PK_CROSS,
135 ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE,
136 ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE,
137 ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE,
138 ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE
139 };
140
141 typedef PADATA_TYPE krb5_preauthtype;
142
143 typedef enum krb5_key_usage {
144 KRB5_KU_PA_ENC_TIMESTAMP = 1,
145 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
146 client key (section 5.4.1) */
147 KRB5_KU_TICKET = 2,
148 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
149 application session key), encrypted with the service key
150 (section 5.4.2) */
151 KRB5_KU_AS_REP_ENC_PART = 3,
152 /* AS-REP encrypted part (includes tgs session key or application
153 session key), encrypted with the client key (section 5.4.2) */
154 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
155 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
156 session key (section 5.4.1) */
157 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
158 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
159 authenticator subkey (section 5.4.1) */
160 KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
161 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
162 with the tgs session key (sections 5.3.2, 5.4.1) */
163 KRB5_KU_TGS_REQ_AUTH = 7,
164 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
165 authenticator subkey), encrypted with the tgs session key
166 (section 5.3.2) */
167 KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
168 /* TGS-REP encrypted part (includes application session key),
169 encrypted with the tgs session key (section 5.4.2) */
170 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
171 /* TGS-REP encrypted part (includes application session key),
172 encrypted with the tgs authenticator subkey (section 5.4.2) */
173 KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
174 /* AP-REQ Authenticator cksum, keyed with the application session
175 key (section 5.3.2) */
176 KRB5_KU_AP_REQ_AUTH = 11,
177 /* AP-REQ Authenticator (includes application authenticator
178 subkey), encrypted with the application session key (section
179 5.3.2) */
180 KRB5_KU_AP_REQ_ENC_PART = 12,
181 /* AP-REP encrypted part (includes application session subkey),
182 encrypted with the application session key (section 5.5.2) */
183 KRB5_KU_KRB_PRIV = 13,
184 /* KRB-PRIV encrypted part, encrypted with a key chosen by the
185 application (section 5.7.1) */
186 KRB5_KU_KRB_CRED = 14,
187 /* KRB-CRED encrypted part, encrypted with a key chosen by the
188 application (section 5.8.1) */
189 KRB5_KU_KRB_SAFE_CKSUM = 15,
190 /* KRB-SAFE cksum, keyed with a key chosen by the application
191 (section 5.6.1) */
192 KRB5_KU_OTHER_ENCRYPTED = 16,
193 /* Data which is defined in some specification outside of
194 Kerberos to be encrypted using an RFC1510 encryption type. */
195 KRB5_KU_OTHER_CKSUM = 17,
196 /* Data which is defined in some specification outside of
197 Kerberos to be checksummed using an RFC1510 checksum type. */
198 KRB5_KU_KRB_ERROR = 18,
199 /* Krb-error checksum */
200 KRB5_KU_AD_KDC_ISSUED = 19,
201 /* AD-KDCIssued checksum */
202 KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
203 /* Checksum for Mandatory Ticket Extensions */
204 KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
205 /* Checksum in Authorization Data in Ticket Extensions */
206 KRB5_KU_USAGE_SEAL = 22,
207 /* seal in GSSAPI krb5 mechanism */
208 KRB5_KU_USAGE_SIGN = 23,
209 /* sign in GSSAPI krb5 mechanism */
210 KRB5_KU_USAGE_SEQ = 24,
211 /* SEQ in GSSAPI krb5 mechanism */
212 KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
213 /* acceptor sign in GSSAPI CFX krb5 mechanism */
214 KRB5_KU_USAGE_ACCEPTOR_SIGN = 23,
215 /* acceptor seal in GSSAPI CFX krb5 mechanism */
216 KRB5_KU_USAGE_INITIATOR_SEAL = 24,
217 /* initiator sign in GSSAPI CFX krb5 mechanism */
218 KRB5_KU_USAGE_INITIATOR_SIGN = 25,
219 /* initiator seal in GSSAPI CFX krb5 mechanism */
220 KRB5_KU_PA_SERVER_REFERRAL_DATA = 22,
221 /* encrypted server referral data */
222 KRB5_KU_SAM_CHECKSUM = 25,
223 /* Checksum for the SAM-CHECKSUM field */
224 KRB5_KU_SAM_ENC_TRACK_ID = 26,
225 /* Encryption of the SAM-TRACK-ID field */
226 KRB5_KU_PA_SERVER_REFERRAL = 26,
227 /* Keyusage for the server referral in a TGS req */
228 KRB5_KU_SAM_ENC_NONCE_SAD = 27,
229 /* Encryption of the SAM-NONCE-OR-SAD field */
230 KRB5_KU_DIGEST_ENCRYPT = -18,
231 /* Encryption key usage used in the digest encryption field */
232 KRB5_KU_DIGEST_OPAQUE = -19,
233 /* Checksum key usage used in the digest opaque field */
234 KRB5_KU_KRB5SIGNEDPATH = -21,
235 /* Checksum key usage on KRB5SignedPath */
236 KRB5_KU_CANONICALIZED_NAMES = -23
237 /* Checksum key usage on PA-CANONICALIZED */
238 } krb5_key_usage;
239
240 typedef krb5_key_usage krb5_keyusage;
241
242 typedef enum krb5_salttype {
243 KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
244 KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
245 }krb5_salttype;
246
247 typedef struct krb5_salt {
248 krb5_salttype salttype;
249 krb5_data saltvalue;
250 } krb5_salt;
251
252 typedef ETYPE_INFO krb5_preauthinfo;
253
254 typedef struct {
255 krb5_preauthtype type;
256 krb5_preauthinfo info; /* list of preauthinfo for this type */
257 } krb5_preauthdata_entry;
258
259 typedef struct krb5_preauthdata {
260 unsigned len;
261 krb5_preauthdata_entry *val;
262 }krb5_preauthdata;
263
264 typedef enum krb5_address_type {
265 KRB5_ADDRESS_INET = 2,
266 KRB5_ADDRESS_NETBIOS = 20,
267 KRB5_ADDRESS_INET6 = 24,
268 KRB5_ADDRESS_ADDRPORT = 256,
269 KRB5_ADDRESS_IPPORT = 257
270 } krb5_address_type;
271
272 enum {
273 AP_OPTS_USE_SESSION_KEY = 1,
274 AP_OPTS_MUTUAL_REQUIRED = 2,
275 AP_OPTS_USE_SUBKEY = 4 /* library internal */
276 };
277
278 typedef HostAddress krb5_address;
279
280 typedef HostAddresses krb5_addresses;
281
282 typedef enum krb5_keytype {
283 KEYTYPE_NULL = 0,
284 KEYTYPE_DES = 1,
285 KEYTYPE_DES3 = 7,
286 KEYTYPE_AES128 = 17,
287 KEYTYPE_AES256 = 18,
288 KEYTYPE_ARCFOUR = 23,
289 KEYTYPE_ARCFOUR_56 = 24
290 } krb5_keytype;
291
292 typedef EncryptionKey krb5_keyblock;
293
294 typedef AP_REQ krb5_ap_req;
295
296 struct krb5_cc_ops;
297
298 #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
299
300 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
301
302 #define KRB5_ACCEPT_NULL_ADDRESSES(C) \
303 krb5_config_get_bool_default((C), NULL, TRUE, \
304 "libdefaults", "accept_null_addresses", \
305 NULL)
306
307 typedef void *krb5_cc_cursor;
308
309 typedef struct krb5_ccache_data {
310 const struct krb5_cc_ops *ops;
311 krb5_data data;
312 }krb5_ccache_data;
313
314 typedef struct krb5_ccache_data *krb5_ccache;
315
316 typedef struct krb5_context_data *krb5_context;
317
318 typedef Realm krb5_realm;
319 typedef const char *krb5_const_realm; /* stupid language */
320
321 #define krb5_realm_length(r) strlen(r)
322 #define krb5_realm_data(r) (r)
323
324 typedef Principal krb5_principal_data;
325 typedef struct Principal *krb5_principal;
326 typedef const struct Principal *krb5_const_principal;
327
328 typedef time_t krb5_deltat;
329 typedef time_t krb5_timestamp;
330
331 typedef struct krb5_times {
332 krb5_timestamp authtime;
333 krb5_timestamp starttime;
334 krb5_timestamp endtime;
335 krb5_timestamp renew_till;
336 } krb5_times;
337
338 typedef union {
339 TicketFlags b;
340 krb5_flags i;
341 } krb5_ticket_flags;
342
343 /* options for krb5_get_in_tkt() */
344 #define KDC_OPT_FORWARDABLE (1 << 1)
345 #define KDC_OPT_FORWARDED (1 << 2)
346 #define KDC_OPT_PROXIABLE (1 << 3)
347 #define KDC_OPT_PROXY (1 << 4)
348 #define KDC_OPT_ALLOW_POSTDATE (1 << 5)
349 #define KDC_OPT_POSTDATED (1 << 6)
350 #define KDC_OPT_RENEWABLE (1 << 8)
351 #define KDC_OPT_REQUEST_ANONYMOUS (1 << 14)
352 #define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26)
353 #define KDC_OPT_RENEWABLE_OK (1 << 27)
354 #define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28)
355 #define KDC_OPT_RENEW (1 << 30)
356 #define KDC_OPT_VALIDATE (1 << 31)
357
358 typedef union {
359 KDCOptions b;
360 krb5_flags i;
361 } krb5_kdc_flags;
362
363 /* flags for krb5_verify_ap_req */
364
365 #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0)
366
367 #define KRB5_GC_CACHED (1U << 0)
368 #define KRB5_GC_USER_USER (1U << 1)
369 #define KRB5_GC_EXPIRED_OK (1U << 2)
370 #define KRB5_GC_NO_STORE (1U << 3)
371 #define KRB5_GC_FORWARDABLE (1U << 4)
372 #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5)
373 #define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6)
374
375 /* constants for compare_creds (and cc_retrieve_cred) */
376 #define KRB5_TC_DONT_MATCH_REALM (1U << 31)
377 #define KRB5_TC_MATCH_KEYTYPE (1U << 30)
378 #define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */
379 #define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
380 #define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
381 #define KRB5_TC_MATCH_FLAGS (1 << 27)
382 #define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
383 #define KRB5_TC_MATCH_TIMES (1 << 25)
384 #define KRB5_TC_MATCH_AUTHDATA (1 << 24)
385 #define KRB5_TC_MATCH_2ND_TKT (1 << 23)
386 #define KRB5_TC_MATCH_IS_SKEY (1 << 22)
387
388 typedef AuthorizationData krb5_authdata;
389
390 typedef KRB_ERROR krb5_error;
391
392 typedef struct krb5_creds {
393 krb5_principal client;
394 krb5_principal server;
395 krb5_keyblock session;
396 krb5_times times;
397 krb5_data ticket;
398 krb5_data second_ticket;
399 krb5_authdata authdata;
400 krb5_addresses addresses;
401 krb5_ticket_flags flags;
402 } krb5_creds;
403
404 typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
405
406 typedef struct krb5_cc_ops {
407 const char *prefix;
408 const char* (*get_name)(krb5_context, krb5_ccache);
409 krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *);
410 krb5_error_code (*gen_new)(krb5_context, krb5_ccache *);
411 krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal);
412 krb5_error_code (*destroy)(krb5_context, krb5_ccache);
413 krb5_error_code (*close)(krb5_context, krb5_ccache);
414 krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*);
415 krb5_error_code (*retrieve)(krb5_context, krb5_ccache,
416 krb5_flags, const krb5_creds*, krb5_creds *);
417 krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*);
418 krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
419 krb5_error_code (*get_next)(krb5_context, krb5_ccache,
420 krb5_cc_cursor*, krb5_creds*);
421 krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
422 krb5_error_code (*remove_cred)(krb5_context, krb5_ccache,
423 krb5_flags, krb5_creds*);
424 krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags);
425 int (*get_version)(krb5_context, krb5_ccache);
426 krb5_error_code (*get_cache_first)(krb5_context, krb5_cc_cursor *);
427 krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *);
428 krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor);
429 krb5_error_code (*move)(krb5_context, krb5_ccache, krb5_ccache);
430 krb5_error_code (*default_name)(krb5_context, char **);
431 } krb5_cc_ops;
432
433 struct krb5_log_facility;
434
435 struct krb5_config_binding {
436 enum { krb5_config_string, krb5_config_list } type;
437 char *name;
438 struct krb5_config_binding *next;
439 union {
440 char *string;
441 struct krb5_config_binding *list;
442 void *generic;
443 } u;
444 };
445
446 typedef struct krb5_config_binding krb5_config_binding;
447
448 typedef krb5_config_binding krb5_config_section;
449
450 typedef struct krb5_ticket {
451 EncTicketPart ticket;
452 krb5_principal client;
453 krb5_principal server;
454 } krb5_ticket;
455
456 typedef Authenticator krb5_authenticator_data;
457
458 typedef krb5_authenticator_data *krb5_authenticator;
459
460 struct krb5_rcache_data;
461 typedef struct krb5_rcache_data *krb5_rcache;
462 typedef Authenticator krb5_donot_replay;
463
464 #define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */
465 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02
466 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04
467 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08
468 #define KRB5_STORAGE_BYTEORDER_MASK 0x60
469 #define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */
470 #define KRB5_STORAGE_BYTEORDER_LE 0x20
471 #define KRB5_STORAGE_BYTEORDER_HOST 0x40
472 #define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80
473
474 struct krb5_storage_data;
475 typedef struct krb5_storage_data krb5_storage;
476
477 typedef struct krb5_keytab_entry {
478 krb5_principal principal;
479 krb5_kvno vno;
480 krb5_keyblock keyblock;
481 uint32_t timestamp;
482 } krb5_keytab_entry;
483
484 typedef struct krb5_kt_cursor {
485 int fd;
486 krb5_storage *sp;
487 void *data;
488 } krb5_kt_cursor;
489
490 struct krb5_keytab_data;
491
492 typedef struct krb5_keytab_data *krb5_keytab;
493
494 #define KRB5_KT_PREFIX_MAX_LEN 30
495
496 struct krb5_keytab_data {
497 const char *prefix;
498 krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab);
499 krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t);
500 krb5_error_code (*close)(krb5_context, krb5_keytab);
501 krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal,
502 krb5_kvno, krb5_enctype, krb5_keytab_entry*);
503 krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
504 krb5_error_code (*next_entry)(krb5_context, krb5_keytab,
505 krb5_keytab_entry*, krb5_kt_cursor*);
506 krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
507 krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
508 krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
509 void *data;
510 int32_t version;
511 };
512
513 typedef struct krb5_keytab_data krb5_kt_ops;
514
515 struct krb5_keytab_key_proc_args {
516 krb5_keytab keytab;
517 krb5_principal principal;
518 };
519
520 typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
521
522 typedef struct krb5_replay_data {
523 krb5_timestamp timestamp;
524 int32_t usec;
525 uint32_t seq;
526 } krb5_replay_data;
527
528 /* flags for krb5_auth_con_setflags */
529 enum {
530 KRB5_AUTH_CONTEXT_DO_TIME = 1,
531 KRB5_AUTH_CONTEXT_RET_TIME = 2,
532 KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4,
533 KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8,
534 KRB5_AUTH_CONTEXT_PERMIT_ALL = 16,
535 KRB5_AUTH_CONTEXT_USE_SUBKEY = 32,
536 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED = 64
537 };
538
539 /* flags for krb5_auth_con_genaddrs */
540 enum {
541 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1,
542 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3,
543 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4,
544 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
545 };
546
547 typedef struct krb5_auth_context_data {
548 unsigned int flags;
549
550 krb5_address *local_address;
551 krb5_address *remote_address;
552 int16_t local_port;
553 int16_t remote_port;
554 krb5_keyblock *keyblock;
555 krb5_keyblock *local_subkey;
556 krb5_keyblock *remote_subkey;
557
558 uint32_t local_seqnumber;
559 uint32_t remote_seqnumber;
560
561 krb5_authenticator authenticator;
562
563 krb5_pointer i_vector;
564
565 krb5_rcache rcache;
566
567 krb5_keytype keytype; /* ¿requested key type ? */
568 krb5_cksumtype cksumtype; /* ¡requested checksum type! */
569
570 }krb5_auth_context_data, *krb5_auth_context;
571
572 typedef struct {
573 KDC_REP kdc_rep;
574 EncKDCRepPart enc_part;
575 KRB_ERROR error;
576 } krb5_kdc_rep;
577
578 extern const char *heimdal_version, *heimdal_long_version;
579
580 typedef void (*krb5_log_log_func_t)(const char*, const char*, void*);
581 typedef void (*krb5_log_close_func_t)(void*);
582
583 typedef struct krb5_log_facility {
584 char *program;
585 int len;
586 struct facility *val;
587 } krb5_log_facility;
588
589 typedef EncAPRepPart krb5_ap_rep_enc_part;
590
591 #define KRB5_RECVAUTH_IGNORE_VERSION 1
592
593 #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
594
595 #define KRB5_TGS_NAME_SIZE (6)
596 #define KRB5_TGS_NAME ("krbtgt")
597
598 #define KRB5_DIGEST_NAME ("digest")
599
600 /* variables */
601
602 extern const char *krb5_config_file;
603 extern const char *krb5_defkeyname;
604
605 typedef enum {
606 KRB5_PROMPT_TYPE_PASSWORD = 0x1,
607 KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2,
608 KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
609 KRB5_PROMPT_TYPE_PREAUTH = 0x4,
610 KRB5_PROMPT_TYPE_INFO = 0x5
611 } krb5_prompt_type;
612
613 typedef struct _krb5_prompt {
614 const char *prompt;
615 int hidden;
616 krb5_data *reply;
617 krb5_prompt_type type;
618 } krb5_prompt;
619
620 typedef int (*krb5_prompter_fct)(krb5_context /*context*/,
621 void * /*data*/,
622 const char * /*name*/,
623 const char * /*banner*/,
624 int /*num_prompts*/,
625 krb5_prompt /*prompts*/[]);
626 typedef krb5_error_code (*krb5_key_proc)(krb5_context /*context*/,
627 krb5_enctype /*type*/,
628 krb5_salt /*salt*/,
629 krb5_const_pointer /*keyseed*/,
630 krb5_keyblock ** /*key*/);
631 typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context /*context*/,
632 krb5_keyblock * /*key*/,
633 krb5_key_usage /*usage*/,
634 krb5_const_pointer /*decrypt_arg*/,
635 krb5_kdc_rep * /*dec_rep*/);
636 typedef krb5_error_code (*krb5_s2k_proc)(krb5_context /*context*/,
637 krb5_enctype /*type*/,
638 krb5_const_pointer /*keyseed*/,
639 krb5_salt /*salt*/,
640 krb5_data * /*s2kparms*/,
641 krb5_keyblock ** /*key*/);
642
643 struct _krb5_get_init_creds_opt_private;
644
645 typedef struct _krb5_get_init_creds_opt {
646 krb5_flags flags;
647 krb5_deltat tkt_life;
648 krb5_deltat renew_life;
649 int forwardable;
650 int proxiable;
651 int anonymous;
652 krb5_enctype *etype_list;
653 int etype_list_length;
654 krb5_addresses *address_list;
655 /* XXX the next three should not be used, as they may be
656 removed later */
657 krb5_preauthtype *preauth_list;
658 int preauth_list_length;
659 krb5_data *salt;
660 struct _krb5_get_init_creds_opt_private *opt_private;
661 } krb5_get_init_creds_opt;
662
663 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
664 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
665 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
666 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
667 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
668 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
669 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
670 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
671 #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100
672 #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200
673
674 typedef struct _krb5_verify_init_creds_opt {
675 krb5_flags flags;
676 int ap_req_nofail;
677 } krb5_verify_init_creds_opt;
678
679 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
680
681 typedef struct krb5_verify_opt {
682 unsigned int flags;
683 krb5_ccache ccache;
684 krb5_keytab keytab;
685 krb5_boolean secure;
686 const char *service;
687 } krb5_verify_opt;
688
689 #define KRB5_VERIFY_LREALMS 1
690 #define KRB5_VERIFY_NO_ADDRESSES 2
691
692 extern const krb5_cc_ops krb5_acc_ops;
693 extern const krb5_cc_ops krb5_fcc_ops;
694 extern const krb5_cc_ops krb5_mcc_ops;
695 extern const krb5_cc_ops krb5_kcm_ops;
696
697 extern const krb5_kt_ops krb5_fkt_ops;
698 extern const krb5_kt_ops krb5_wrfkt_ops;
699 extern const krb5_kt_ops krb5_javakt_ops;
700 extern const krb5_kt_ops krb5_mkt_ops;
701 extern const krb5_kt_ops krb5_akf_ops;
702 extern const krb5_kt_ops krb4_fkt_ops;
703 extern const krb5_kt_ops krb5_srvtab_fkt_ops;
704 extern const krb5_kt_ops krb5_any_ops;
705
706 #define KRB5_KPASSWD_VERS_CHANGEPW 1
707 #define KRB5_KPASSWD_VERS_SETPW 0xff80
708
709 #define KRB5_KPASSWD_SUCCESS 0
710 #define KRB5_KPASSWD_MALFORMED 1
711 #define KRB5_KPASSWD_HARDERROR 2
712 #define KRB5_KPASSWD_AUTHERROR 3
713 #define KRB5_KPASSWD_SOFTERROR 4
714 #define KRB5_KPASSWD_ACCESSDENIED 5
715 #define KRB5_KPASSWD_BAD_VERSION 6
716 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
717
718 #define KPASSWD_PORT 464
719
720 /* types for the new krbhst interface */
721 struct krb5_krbhst_data;
722 typedef struct krb5_krbhst_data *krb5_krbhst_handle;
723
724 #define KRB5_KRBHST_KDC 1
725 #define KRB5_KRBHST_ADMIN 2
726 #define KRB5_KRBHST_CHANGEPW 3
727 #define KRB5_KRBHST_KRB524 4
728 #define KRB5_KRBHST_KCA 5
729
730 typedef struct krb5_krbhst_info {
731 enum { KRB5_KRBHST_UDP,
732 KRB5_KRBHST_TCP,
733 KRB5_KRBHST_HTTP } proto;
734 unsigned short port;
735 unsigned short def_port;
736 struct addrinfo *ai;
737 struct krb5_krbhst_info *next;
738 char hostname[1]; /* has to come last */
739 } krb5_krbhst_info;
740
741 /* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
742 enum {
743 KRB5_KRBHST_FLAGS_MASTER = 1,
744 KRB5_KRBHST_FLAGS_LARGE_MSG = 2
745 };
746
747 typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context,
748 void *,
749 krb5_krbhst_info *,
750 const krb5_data *,
751 krb5_data *);
752
753 /* flags for krb5_parse_name_flags */
754 enum {
755 KRB5_PRINCIPAL_PARSE_NO_REALM = 1,
756 KRB5_PRINCIPAL_PARSE_MUST_REALM = 2,
757 KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4
758 };
759
760 /* flags for krb5_unparse_name_flags */
761 enum {
762 KRB5_PRINCIPAL_UNPARSE_SHORT = 1,
763 KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2,
764 KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4
765 };
766
767 typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx;
768
769 #define KRB5_SENDTO_DONE 0
770 #define KRB5_SENDTO_RESTART 1
771 #define KRB5_SENDTO_CONTINUE 2
772
773 typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *);
774
775 struct krb5_plugin;
776 enum krb5_plugin_type {
777 PLUGIN_TYPE_DATA = 1,
778 PLUGIN_TYPE_FUNC
779 };
780
781 struct credentials; /* this is to keep the compiler happy */
782 struct getargs;
783 struct sockaddr;
784
785 #include <krb5/krb5-protos.h>
786
787 #endif /* __KRB5_H__ */
788
NetBSD on the FriendlyARM MINI2440