search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:utils: Fix 'Usage:' for 'net ads enctypes'
[samba4-gss.git] / third_party / heimdal / lib / krb5 / krb5.h
blobc291f3d711cafe20dcea3d52c5a850f2c22d9a1a
1 /*
2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 /* $Id$ */
37
38 #ifndef __KRB5_H__
39 #define __KRB5_H__
40
41 #include <time.h>
42 #include <krb5-types.h>
43
44 #include <asn1_err.h>
45 #include <krb5_err.h>
46 #include <heim_err.h>
47 #include <k524_err.h>
48 #include <k5e1_err.h>
49
50 #include <krb5_asn1.h>
51 typedef Krb5Int32 krb5int32;
52 typedef Krb5UInt32 krb5uint32;
53
54 /* name confusion with MIT */
55 #ifndef KRB5KDC_ERR_KEY_EXP
56 #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
57 #endif
58
59 #ifdef _WIN32
60 #define KRB5_CALLCONV __stdcall
61 #define KRB5_LIB_CALL __stdcall
62 #else
63 #define KRB5_CALLCONV
64 #define KRB5_LIB_CALL
65 #endif
66
67 /* simple constants */
68
69 #ifndef TRUE
70 #define TRUE 1
71 #define FALSE 0
72 #endif
73
74 typedef int krb5_boolean;
75
76 typedef int32_t krb5_error_code;
77
78 typedef int32_t krb5_kvno;
79
80 typedef uint32_t krb5_flags;
81
82 typedef void *krb5_pointer;
83 typedef const void *krb5_const_pointer;
84
85 struct krb5_crypto_data;
86 typedef struct krb5_crypto_data *krb5_crypto;
87
88 struct krb5_get_creds_opt_data;
89 typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt;
90
91 struct krb5_digest_data;
92 typedef struct krb5_digest_data *krb5_digest;
93 struct krb5_ntlm_data;
94 typedef struct krb5_ntlm_data *krb5_ntlm;
95
96 struct krb5_pac_data;
97 typedef struct krb5_pac_data *krb5_pac;
98 typedef const struct krb5_pac_data *krb5_const_pac;
99
100 typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx;
101 typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx;
102
103 typedef CKSUMTYPE krb5_cksumtype;
104
105 typedef Checksum krb5_checksum;
106
107 typedef ENCTYPE krb5_enctype;
108
109 typedef struct krb5_get_init_creds_ctx *krb5_init_creds_context;
110
111 typedef heim_octet_string krb5_data;
112
113 /* PKINIT related forward declarations */
114 struct ContentInfo;
115 struct krb5_pk_identity;
116 struct krb5_pk_cert;
117
118 /* krb5_enc_data is a mit compat structure */
119 typedef struct krb5_enc_data {
120 krb5_enctype enctype;
121 krb5_kvno kvno;
122 krb5_data ciphertext;
123 } krb5_enc_data;
124
125 /* alternative names */
126 #define ENCTYPE_NULL KRB5_ENCTYPE_NULL
127 #define ENCTYPE_DES_CBC_CRC KRB5_ENCTYPE_DES_CBC_CRC
128 #define ENCTYPE_DES_CBC_MD4 KRB5_ENCTYPE_DES_CBC_MD4
129 #define ENCTYPE_DES_CBC_MD5 KRB5_ENCTYPE_DES_CBC_MD5
130 #define ENCTYPE_DES3_CBC_MD5 KRB5_ENCTYPE_DES3_CBC_MD5
131 #define ENCTYPE_OLD_DES3_CBC_SHA1 KRB5_ENCTYPE_OLD_DES3_CBC_SHA1
132 #define ENCTYPE_SIGN_DSA_GENERATE KRB5_ENCTYPE_SIGN_DSA_GENERATE
133 #define ENCTYPE_ENCRYPT_RSA_PRIV KRB5_ENCTYPE_ENCRYPT_RSA_PRIV
134 #define ENCTYPE_ENCRYPT_RSA_PUB KRB5_ENCTYPE_ENCRYPT_RSA_PUB
135 #define ENCTYPE_DES3_CBC_SHA1 KRB5_ENCTYPE_DES3_CBC_SHA1
136 #define ENCTYPE_AES128_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96
137 #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96
138 #define ENCTYPE_ARCFOUR_HMAC KRB5_ENCTYPE_ARCFOUR_HMAC_MD5
139 #define ENCTYPE_ARCFOUR_HMAC_MD5 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5
140 #define ENCTYPE_ARCFOUR_HMAC_MD5_56 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56
141 #define ENCTYPE_ENCTYPE_PK_CROSS KRB5_ENCTYPE_ENCTYPE_PK_CROSS
142 #define ENCTYPE_DES_CBC_NONE KRB5_ENCTYPE_DES_CBC_NONE
143 #define ENCTYPE_DES3_CBC_NONE KRB5_ENCTYPE_DES3_CBC_NONE
144 #define ENCTYPE_DES_CFB64_NONE KRB5_ENCTYPE_DES_CFB64_NONE
145 #define ENCTYPE_DES_PCBC_NONE KRB5_ENCTYPE_DES_PCBC_NONE
146 #define ETYPE_NULL KRB5_ENCTYPE_NULL
147 #define ETYPE_DES_CBC_CRC KRB5_ENCTYPE_DES_CBC_CRC
148 #define ETYPE_DES_CBC_MD4 KRB5_ENCTYPE_DES_CBC_MD4
149 #define ETYPE_DES_CBC_MD5 KRB5_ENCTYPE_DES_CBC_MD5
150 #define ETYPE_DES3_CBC_MD5 KRB5_ENCTYPE_DES3_CBC_MD5
151 #define ETYPE_OLD_DES3_CBC_SHA1 KRB5_ENCTYPE_OLD_DES3_CBC_SHA1
152 #define ETYPE_SIGN_DSA_GENERATE KRB5_ENCTYPE_SIGN_DSA_GENERATE
153 #define ETYPE_ENCRYPT_RSA_PRIV KRB5_ENCTYPE_ENCRYPT_RSA_PRIV
154 #define ETYPE_ENCRYPT_RSA_PUB KRB5_ENCTYPE_ENCRYPT_RSA_PUB
155 #define ETYPE_DES3_CBC_SHA1 KRB5_ENCTYPE_DES3_CBC_SHA1
156 #define ETYPE_AES128_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96
157 #define ETYPE_AES256_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96
158 #define ETYPE_AES128_CTS_HMAC_SHA256_128 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128
159 #define ETYPE_AES256_CTS_HMAC_SHA384_192 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192
160 #define ETYPE_ARCFOUR_HMAC_MD5 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5
161 #define ETYPE_ARCFOUR_HMAC_MD5_56 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56
162 #define ETYPE_ENCTYPE_PK_CROSS KRB5_ENCTYPE_ENCTYPE_PK_CROSS
163 #define ETYPE_ARCFOUR_MD4 KRB5_ENCTYPE_ARCFOUR_MD4
164 #define ETYPE_ARCFOUR_HMAC_OLD KRB5_ENCTYPE_ARCFOUR_HMAC_OLD
165 #define ETYPE_ARCFOUR_HMAC_OLD_EXP KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP
166 #define ETYPE_DES_CBC_NONE KRB5_ENCTYPE_DES_CBC_NONE
167 #define ETYPE_DES3_CBC_NONE KRB5_ENCTYPE_DES3_CBC_NONE
168 #define ETYPE_DES_CFB64_NONE KRB5_ENCTYPE_DES_CFB64_NONE
169 #define ETYPE_DES_PCBC_NONE KRB5_ENCTYPE_DES_PCBC_NONE
170 #define ETYPE_DIGEST_MD5_NONE KRB5_ENCTYPE_DIGEST_MD5_NONE
171 #define ETYPE_CRAM_MD5_NONE KRB5_ENCTYPE_CRAM_MD5_NONE
172 #define DOMAIN_X500_COMPRESS domain_X500_Compress
173
174 /* PDU types */
175 typedef enum krb5_pdu {
176 KRB5_PDU_ERROR = 0,
177 KRB5_PDU_TICKET = 1,
178 KRB5_PDU_AS_REQUEST = 2,
179 KRB5_PDU_AS_REPLY = 3,
180 KRB5_PDU_TGS_REQUEST = 4,
181 KRB5_PDU_TGS_REPLY = 5,
182 KRB5_PDU_AP_REQUEST = 6,
183 KRB5_PDU_AP_REPLY = 7,
184 KRB5_PDU_KRB_SAFE = 8,
185 KRB5_PDU_KRB_PRIV = 9,
186 KRB5_PDU_KRB_CRED = 10,
187 KRB5_PDU_NONE = 11 /* See krb5_get_permitted_enctypes() */
188 } krb5_pdu;
189
190 typedef PADATA_TYPE krb5_preauthtype;
191
192 typedef enum krb5_key_usage {
193 KRB5_KU_PA_ENC_TIMESTAMP = 1,
194 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
195 client key (section 5.4.1) */
196 KRB5_KU_TICKET = 2,
197 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
198 application session key), encrypted with the service key
199 (section 5.4.2) */
200 KRB5_KU_AS_REP_ENC_PART = 3,
201 /* AS-REP encrypted part (includes tgs session key or application
202 session key), encrypted with the client key (section 5.4.2) */
203 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
204 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
205 session key (section 5.4.1) */
206 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
207 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
208 authenticator subkey (section 5.4.1) */
209 KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
210 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
211 with the tgs session key (sections 5.3.2, 5.4.1) */
212 KRB5_KU_TGS_REQ_AUTH = 7,
213 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
214 authenticator subkey), encrypted with the tgs session key
215 (section 5.3.2) */
216 KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
217 /* TGS-REP encrypted part (includes application session key),
218 encrypted with the tgs session key (section 5.4.2) */
219 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
220 /* TGS-REP encrypted part (includes application session key),
221 encrypted with the tgs authenticator subkey (section 5.4.2) */
222 KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
223 /* AP-REQ Authenticator cksum, keyed with the application session
224 key (section 5.3.2) */
225 KRB5_KU_AP_REQ_AUTH = 11,
226 /* AP-REQ Authenticator (includes application authenticator
227 subkey), encrypted with the application session key (section
228 5.3.2) */
229 KRB5_KU_AP_REQ_ENC_PART = 12,
230 /* AP-REP encrypted part (includes application session subkey),
231 encrypted with the application session key (section 5.5.2) */
232 KRB5_KU_KRB_PRIV = 13,
233 /* KRB-PRIV encrypted part, encrypted with a key chosen by the
234 application (section 5.7.1) */
235 KRB5_KU_KRB_CRED = 14,
236 /* KRB-CRED encrypted part, encrypted with a key chosen by the
237 application (section 5.8.1) */
238 KRB5_KU_KRB_SAFE_CKSUM = 15,
239 /* KRB-SAFE cksum, keyed with a key chosen by the application
240 (section 5.6.1) */
241 KRB5_KU_OTHER_ENCRYPTED = 16,
242 /* Data which is defined in some specification outside of
243 Kerberos to be encrypted using an RFC1510 encryption type. */
244 KRB5_KU_OTHER_CKSUM = 17,
245 /* Data which is defined in some specification outside of
246 Kerberos to be checksummed using an RFC1510 checksum type. */
247 KRB5_KU_KRB_ERROR = 18,
248 /* Krb-error checksum */
249 KRB5_KU_AD_KDC_ISSUED = 19,
250 /* AD-KDCIssued checksum */
251 KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
252 /* Checksum for Mandatory Ticket Extensions */
253 KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
254 /* Checksum in Authorization Data in Ticket Extensions */
255 KRB5_KU_USAGE_SEAL = 22,
256 /* seal in GSSAPI krb5 mechanism */
257 KRB5_KU_USAGE_SIGN = 23,
258 /* sign in GSSAPI krb5 mechanism */
259 KRB5_KU_USAGE_SEQ = 24,
260 /* SEQ in GSSAPI krb5 mechanism */
261 KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
262 /* acceptor sign in GSSAPI CFX krb5 mechanism */
263 KRB5_KU_USAGE_ACCEPTOR_SIGN = 23,
264 /* acceptor seal in GSSAPI CFX krb5 mechanism */
265 KRB5_KU_USAGE_INITIATOR_SEAL = 24,
266 /* initiator sign in GSSAPI CFX krb5 mechanism */
267 KRB5_KU_USAGE_INITIATOR_SIGN = 25,
268 /* initiator seal in GSSAPI CFX krb5 mechanism */
269 KRB5_KU_PA_SERVER_REFERRAL_DATA = 22,
270 /* encrypted server referral data */
271 KRB5_KU_SAM_CHECKSUM = 25,
272 /* Checksum for the SAM-CHECKSUM field */
273 KRB5_KU_SAM_ENC_TRACK_ID = 26,
274 /* Encryption of the SAM-TRACK-ID field */
275 KRB5_KU_PA_SERVER_REFERRAL = 26,
276 /* Keyusage for the server referral in a TGS req */
277 KRB5_KU_SAM_ENC_NONCE_SAD = 27,
278 /* Defined in [MS-SFU] */
279 KRB5_KU_PA_S4U_X509_USER_REQUEST = 26,
280 /* Defined in [MS-SFU] */
281 KRB5_KU_PA_S4U_X509_USER_REPLY = 27,
282 /* Encryption of the SAM-NONCE-OR-SAD field */
283 KRB5_KU_PA_PKINIT_KX = 44,
284 /* Encryption type of the kdc session contribution in pk-init */
285 KRB5_KU_AS_REQ = 56,
286 /* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */
287 KRB5_KU_FAST_REQ_CHKSUM = 50,
288 /* FAST armor checksum */
289 KRB5_KU_FAST_ENC = 51,
290 /* FAST armor encryption */
291 KRB5_KU_FAST_REP = 52,
292 /* FAST armor reply */
293 KRB5_KU_FAST_FINISHED = 53,
294 /* FAST finished checksum */
295 KRB5_KU_ENC_CHALLENGE_CLIENT = 54,
296 /* fast challenge from client */
297 KRB5_KU_ENC_CHALLENGE_KDC = 55,
298 /* fast challenge from kdc */
299 KRB5_KU_AS_FRESHNESS = 60,
300 /* Freshness token from KDC */
301 KRB5_KU_DIGEST_ENCRYPT = -18,
302 /* Encryption key usage used in the digest encryption field */
303 KRB5_KU_DIGEST_OPAQUE = -19,
304 /* Checksum key usage used in the digest opaque field */
305 KRB5_KU_KRB5SIGNEDPATH = -21,
306 /* Checksum key usage on KRB5SignedPath */
307 KRB5_KU_CANONICALIZED_NAMES = -23,
308 /* Checksum key usage on PA-CANONICALIZED */
309 KRB5_KU_H5L_COOKIE = -25
310 /* encrypted foo */
311 } krb5_key_usage;
312
313 typedef krb5_key_usage krb5_keyusage;
314
315 typedef enum krb5_salttype {
316 KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
317 KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
318 }krb5_salttype;
319
320 typedef struct krb5_salt {
321 krb5_salttype salttype;
322 krb5_data saltvalue;
323 } krb5_salt;
324
325 typedef ETYPE_INFO krb5_preauthinfo;
326
327 typedef struct {
328 krb5_preauthtype type;
329 krb5_preauthinfo info; /* list of preauthinfo for this type */
330 } krb5_preauthdata_entry;
331
332 typedef struct krb5_preauthdata {
333 unsigned len;
334 krb5_preauthdata_entry *val;
335 }krb5_preauthdata;
336
337 typedef enum krb5_address_type {
338 KRB5_ADDRESS_INET = 2,
339 KRB5_ADDRESS_NETBIOS = 20,
340 KRB5_ADDRESS_INET6 = 24,
341 KRB5_ADDRESS_ADDRPORT = 256,
342 KRB5_ADDRESS_IPPORT = 257
343 } krb5_address_type;
344
345 enum {
346 AP_OPTS_USE_SESSION_KEY = 1,
347 AP_OPTS_MUTUAL_REQUIRED = 2,
348 AP_OPTS_USE_SUBKEY = 4 /* library internal */
349 };
350
351 typedef HostAddress krb5_address;
352
353 typedef HostAddresses krb5_addresses;
354
355 typedef krb5_enctype krb5_keytype;
356
357 enum krb5_keytype_old {
358 KEYTYPE_NULL = ETYPE_NULL,
359 KEYTYPE_DES = ETYPE_DES_CBC_CRC,
360 KEYTYPE_DES3 = ETYPE_OLD_DES3_CBC_SHA1,
361 KEYTYPE_AES128 = ETYPE_AES128_CTS_HMAC_SHA1_96,
362 KEYTYPE_AES256 = ETYPE_AES256_CTS_HMAC_SHA1_96,
363 KEYTYPE_ARCFOUR = ETYPE_ARCFOUR_HMAC_MD5,
364 KEYTYPE_ARCFOUR_56 = ETYPE_ARCFOUR_HMAC_MD5_56
365 };
366
367 typedef EncryptionKey krb5_keyblock;
368
369 typedef AP_REQ krb5_ap_req;
370
371 struct krb5_cc_ops;
372
373 #define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_"
374
375 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
376
377 #define KRB5_ACCEPT_NULL_ADDRESSES(C) \
378 krb5_config_get_bool_default((C), NULL, TRUE, \
379 "libdefaults", "accept_null_addresses", \
380 NULL)
381
382 typedef void *krb5_cc_cursor;
383 typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor;
384
385 typedef struct krb5_ccache_data {
386 const struct krb5_cc_ops *ops;
387 krb5_data data;
388 unsigned int cc_initialized:1; /* if 1: krb5_cc_initialize() called */
389 unsigned int cc_need_start_realm:1;
390 unsigned int cc_start_tgt_stored:1;
391 unsigned int cc_kx509_done:1;
392 }krb5_ccache_data;
393
394 typedef struct krb5_ccache_data *krb5_ccache;
395
396 typedef struct krb5_context_data *krb5_context;
397
398 typedef Realm krb5_realm;
399 typedef const char *krb5_const_realm; /* stupid language */
400
401 #define krb5_realm_length(r) strlen(r)
402 #define krb5_realm_data(r) (r)
403
404 typedef Principal krb5_principal_data;
405 typedef struct Principal *krb5_principal;
406 typedef const struct Principal *krb5_const_principal;
407 typedef struct Principals *krb5_principals;
408
409 typedef time_t krb5_deltat;
410 typedef time_t krb5_timestamp;
411
412 typedef struct krb5_times {
413 krb5_timestamp authtime;
414 krb5_timestamp starttime;
415 krb5_timestamp endtime;
416 krb5_timestamp renew_till;
417 } krb5_times;
418
419 typedef union {
420 TicketFlags b;
421 krb5_flags i;
422 } krb5_ticket_flags;
423
424 /* options for krb5_get_in_tkt() */
425 #define KDC_OPT_FORWARDABLE (1 << 1)
426 #define KDC_OPT_FORWARDED (1 << 2)
427 #define KDC_OPT_PROXIABLE (1 << 3)
428 #define KDC_OPT_PROXY (1 << 4)
429 #define KDC_OPT_ALLOW_POSTDATE (1 << 5)
430 #define KDC_OPT_POSTDATED (1 << 6)
431 #define KDC_OPT_RENEWABLE (1 << 8)
432 #define KDC_OPT_REQUEST_ANONYMOUS (1 << 14)
433 #define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26)
434 #define KDC_OPT_RENEWABLE_OK (1 << 27)
435 #define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28)
436 #define KDC_OPT_RENEW (1 << 30)
437 #define KDC_OPT_VALIDATE (1 << 31)
438
439 typedef union {
440 KDCOptions b;
441 krb5_flags i;
442 } krb5_kdc_flags;
443
444 /* flags for krb5_verify_ap_req */
445
446 #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0)
447 #define KRB5_VERIFY_AP_REQ_IGNORE_ADDRS (1 << 1)
448
449 #define KRB5_GC_CACHED (1U << 0)
450 #define KRB5_GC_USER_USER (1U << 1)
451 #define KRB5_GC_EXPIRED_OK (1U << 2)
452 #define KRB5_GC_NO_STORE (1U << 3)
453 #define KRB5_GC_FORWARDABLE (1U << 4)
454 #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5)
455 #define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6)
456 #define KRB5_GC_CANONICALIZE (1U << 7)
457 #define KRB5_GC_ANONYMOUS (1U << 8)
458
459 /* constants for compare_creds (and cc_retrieve_cred) */
460 #define KRB5_TC_DONT_MATCH_REALM (1U << 31)
461 #define KRB5_TC_MATCH_KEYTYPE (1U << 30)
462 #define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */
463 #define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
464 #define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
465 #define KRB5_TC_MATCH_FLAGS (1 << 27)
466 #define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
467 #define KRB5_TC_MATCH_TIMES (1 << 25)
468 #define KRB5_TC_MATCH_AUTHDATA (1 << 24)
469 #define KRB5_TC_MATCH_2ND_TKT (1 << 23)
470 #define KRB5_TC_MATCH_IS_SKEY (1 << 22)
471
472 /* constants for get_flags and set_flags */
473 #define KRB5_TC_OPENCLOSE 0x00000001
474 #define KRB5_TC_NOTICKET 0x00000002
475
476 typedef AuthorizationData krb5_authdata;
477
478 typedef KRB_ERROR krb5_error;
479
480 typedef struct krb5_creds {
481 krb5_principal client;
482 krb5_principal server;
483 krb5_keyblock session;
484 krb5_times times;
485 krb5_data ticket;
486 krb5_data second_ticket;
487 krb5_authdata authdata;
488 krb5_addresses addresses;
489 krb5_ticket_flags flags;
490 } krb5_creds;
491
492 typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
493
494 #define KRB5_CC_OPS_VERSION_0 0
495 #define KRB5_CC_OPS_VERSION_1 1
496 #define KRB5_CC_OPS_VERSION_2 2
497 #define KRB5_CC_OPS_VERSION_3 3
498 #define KRB5_CC_OPS_VERSION_5 5
499
500 /* Only extend the structure. Do not change signatures. */
501 typedef struct krb5_cc_ops {
502 /* Version 0 */
503 int version;
504 const char *prefix;
505 const char* (KRB5_CALLCONV * get_name)(krb5_context, krb5_ccache);
506 krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, krb5_ccache *, const char *);
507 krb5_error_code (KRB5_CALLCONV * gen_new)(krb5_context, krb5_ccache *);
508 krb5_error_code (KRB5_CALLCONV * init)(krb5_context, krb5_ccache, krb5_principal);
509 krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_ccache);
510 krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_ccache);
511 krb5_error_code (KRB5_CALLCONV * store)(krb5_context, krb5_ccache, krb5_creds*);
512 krb5_error_code (KRB5_CALLCONV * retrieve)(krb5_context, krb5_ccache,
513 krb5_flags, const krb5_creds*, krb5_creds *);
514 krb5_error_code (KRB5_CALLCONV * get_princ)(krb5_context, krb5_ccache, krb5_principal*);
515 krb5_error_code (KRB5_CALLCONV * get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
516 krb5_error_code (KRB5_CALLCONV * get_next)(krb5_context, krb5_ccache,
517 krb5_cc_cursor*, krb5_creds*);
518 krb5_error_code (KRB5_CALLCONV * end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
519 krb5_error_code (KRB5_CALLCONV * remove_cred)(krb5_context, krb5_ccache,
520 krb5_flags, krb5_creds*);
521 krb5_error_code (KRB5_CALLCONV * set_flags)(krb5_context, krb5_ccache, krb5_flags);
522 int (KRB5_CALLCONV * get_version)(krb5_context, krb5_ccache);
523 krb5_error_code (KRB5_CALLCONV * get_cache_first)(krb5_context, krb5_cc_cursor *);
524 krb5_error_code (KRB5_CALLCONV * get_cache_next)(krb5_context, krb5_cc_cursor,
525 krb5_ccache *);
526 krb5_error_code (KRB5_CALLCONV * end_cache_get)(krb5_context, krb5_cc_cursor);
527 krb5_error_code (KRB5_CALLCONV * move)(krb5_context, krb5_ccache, krb5_ccache);
528 krb5_error_code (KRB5_CALLCONV * get_default_name)(krb5_context, char **);
529 /* Version 1 */
530 krb5_error_code (KRB5_CALLCONV * set_default)(krb5_context, krb5_ccache);
531 /* Version 2 */
532 krb5_error_code (KRB5_CALLCONV * lastchange)(krb5_context, krb5_ccache, krb5_timestamp *);
533 /* Version 3 */
534 krb5_error_code (KRB5_CALLCONV * set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat);
535 krb5_error_code (KRB5_CALLCONV * get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *);
536 /* Version 5 */
537 krb5_error_code (KRB5_CALLCONV * get_name_2)(krb5_context, krb5_ccache,
538 const char **id, const char **res,
539 const char **sub);
540 krb5_error_code (KRB5_CALLCONV * resolve_2)(krb5_context, krb5_ccache *id, const char *res,
541 const char *sub);
542 /* Add new functions here for versions 6 and above */
543 } krb5_cc_ops;
544
545 /*
546 * krb5_config_binding is identical to struct heim_config_binding
547 * within heimbase.h. Its format is public and used by callers of
548 * krb5_config_get_list() and krb5_config_vget_list().
549 */
550 enum krb5_config_type {
551 krb5_config_string,
552 krb5_config_list,
553 };
554 struct krb5_config_binding {
555 enum krb5_config_type type;
556 char *name;
557 struct krb5_config_binding *next;
558 union {
559 char *string;
560 struct krb5_config_binding *list;
561 void *generic;
562 } u;
563 };
564
565 typedef struct krb5_config_binding krb5_config_binding;
566 typedef krb5_config_binding krb5_config_section;
567
568 typedef struct krb5_ticket {
569 EncTicketPart ticket;
570 krb5_principal client;
571 krb5_principal server;
572 } krb5_ticket;
573
574 typedef Authenticator krb5_authenticator_data;
575
576 typedef krb5_authenticator_data *krb5_authenticator;
577
578 struct krb5_rcache_data;
579 typedef struct krb5_rcache_data *krb5_rcache;
580 typedef Authenticator krb5_donot_replay;
581
582 #define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */
583 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02
584 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04
585 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08
586 #define KRB5_STORAGE_BYTEORDER_MASK 0x70
587 #define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */
588 #define KRB5_STORAGE_BYTEORDER_PACKED 0x10
589 #define KRB5_STORAGE_BYTEORDER_LE 0x20
590 #define KRB5_STORAGE_BYTEORDER_HOST 0x40
591 #define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80
592
593 struct krb5_storage_data;
594 typedef struct krb5_storage_data krb5_storage;
595
596 typedef struct krb5_keytab_entry {
597 krb5_principal principal;
598 krb5_kvno vno;
599 krb5_keyblock keyblock;
600 uint32_t timestamp;
601 uint32_t flags;
602 krb5_principals aliases;
603 } krb5_keytab_entry;
604
605 typedef struct krb5_kt_cursor {
606 int fd;
607 krb5_storage *sp;
608 void *data;
609 } krb5_kt_cursor;
610
611 struct krb5_keytab_data;
612
613 typedef struct krb5_keytab_data *krb5_keytab;
614
615 #define KRB5_KT_PREFIX_MAX_LEN 30
616
617 struct krb5_keytab_data {
618 const char *prefix;
619 krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, const char*, krb5_keytab);
620 krb5_error_code (KRB5_CALLCONV * get_name)(krb5_context, krb5_keytab, char*, size_t);
621 krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_keytab);
622 krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_keytab);
623 krb5_error_code (KRB5_CALLCONV * get)(krb5_context, krb5_keytab, krb5_const_principal,
624 krb5_kvno, krb5_enctype, krb5_keytab_entry*);
625 krb5_error_code (KRB5_CALLCONV * start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
626 krb5_error_code (KRB5_CALLCONV * next_entry)(krb5_context, krb5_keytab,
627 krb5_keytab_entry*, krb5_kt_cursor*);
628 krb5_error_code (KRB5_CALLCONV * end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
629 krb5_error_code (KRB5_CALLCONV * add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
630 krb5_error_code (KRB5_CALLCONV * remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
631 void *data;
632 int32_t version;
633 };
634
635 typedef struct krb5_keytab_data krb5_kt_ops;
636
637 struct krb5_keytab_key_proc_args {
638 krb5_keytab keytab;
639 krb5_principal principal;
640 };
641
642 typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
643
644 typedef struct krb5_replay_data {
645 krb5_timestamp timestamp;
646 int32_t usec;
647 uint32_t seq;
648 } krb5_replay_data;
649
650 /* flags for krb5_auth_con_setflags */
651 enum {
652 KRB5_AUTH_CONTEXT_DO_TIME = 1,
653 KRB5_AUTH_CONTEXT_RET_TIME = 2,
654 KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4,
655 KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8,
656 KRB5_AUTH_CONTEXT_PERMIT_ALL = 16,
657 KRB5_AUTH_CONTEXT_USE_SUBKEY = 32,
658 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED = 64
659 };
660
661 /* flags for krb5_auth_con_genaddrs */
662 enum {
663 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1,
664 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3,
665 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4,
666 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
667 };
668
669 typedef struct krb5_auth_context_data {
670 unsigned int flags;
671
672 krb5_address *local_address;
673 krb5_address *remote_address;
674 int16_t local_port;
675 int16_t remote_port;
676 krb5_keyblock *keyblock;
677 krb5_keyblock *local_subkey;
678 krb5_keyblock *remote_subkey;
679
680 uint32_t local_seqnumber;
681 uint32_t remote_seqnumber;
682
683 krb5_authenticator authenticator;
684
685 krb5_pointer i_vector;
686
687 krb5_rcache rcache;
688
689 krb5_keytype keytype; /* ¿requested key type ? */
690 krb5_cksumtype cksumtype; /* ¡requested checksum type! */
691
692 AuthorizationData *auth_data;
693
694 }krb5_auth_context_data, *krb5_auth_context;
695
696 typedef struct {
697 KDC_REP kdc_rep;
698 EncKDCRepPart enc_part;
699 KRB_ERROR error;
700 } krb5_kdc_rep;
701
702 extern const char *const heimdal_version, *const heimdal_long_version;
703
704 typedef void (KRB5_CALLCONV * krb5_log_log_func_t)(krb5_context,
705 const char*,
706 const char*,
707 void*);
708 typedef void (KRB5_CALLCONV * krb5_log_close_func_t)(void*);
709
710 typedef struct heim_log_facility_s krb5_log_facility;
711
712 typedef EncAPRepPart krb5_ap_rep_enc_part;
713
714 #define KRB5_RECVAUTH_IGNORE_VERSION 1
715
716 #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
717
718 #define KRB5_TGS_NAME_SIZE (6)
719 #define KRB5_TGS_NAME ("krbtgt")
720 #define KRB5_WELLKNOWN_NAME ("WELLKNOWN")
721 #define KRB5_ANON_NAME ("ANONYMOUS")
722 #define KRB5_ANON_REALM ("WELLKNOWN:ANONYMOUS")
723 #define KRB5_FEDERATED_NAME ("FEDERATED")
724 #define KRB5_FEDERATED_REALM ("WELLKNOWN:FEDERATED")
725 #define KRB5_WELLKNOWN_ORG_H5L_REALM ("WELLKNOWN:ORG.H5L")
726 #define KRB5_DIGEST_NAME ("digest")
727
728 #define KRB5_PKU2U_REALM_NAME ("WELLKNOWN:PKU2U")
729 #define KRB5_LKDC_REALM_NAME ("WELLKNOWN:COM.APPLE.LKDC")
730
731 #define KRB5_GSS_HOSTBASED_SERVICE_NAME ("WELLKNOWN:ORG.H5L.HOSTBASED-SERVICE")
732 #define KRB5_GSS_REFERALS_REALM_NAME ("WELLKNOWN:ORG.H5L.REFERALS-REALM")
733
734 typedef enum {
735 KRB5_PROMPT_TYPE_PASSWORD = 0x1,
736 KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2,
737 KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
738 KRB5_PROMPT_TYPE_PREAUTH = 0x4,
739 KRB5_PROMPT_TYPE_INFO = 0x5
740 } krb5_prompt_type;
741
742 typedef struct _krb5_prompt {
743 const char *prompt;
744 int hidden;
745 krb5_data *reply;
746 krb5_prompt_type type;
747 } krb5_prompt;
748
749 typedef int (KRB5_CALLCONV * krb5_prompter_fct)(krb5_context /*context*/,
750 void * /*data*/,
751 const char * /*name*/,
752 const char * /*banner*/,
753 int /*num_prompts*/,
754 krb5_prompt /*prompts*/[]);
755 typedef krb5_error_code (KRB5_CALLCONV * krb5_key_proc)(krb5_context /*context*/,
756 krb5_enctype /*type*/,
757 krb5_salt /*salt*/,
758 krb5_const_pointer /*keyseed*/,
759 krb5_keyblock ** /*key*/);
760 typedef krb5_error_code (KRB5_CALLCONV * krb5_decrypt_proc)(krb5_context /*context*/,
761 krb5_keyblock * /*key*/,
762 krb5_key_usage /*usage*/,
763 krb5_const_pointer /*decrypt_arg*/,
764 krb5_kdc_rep * /*dec_rep*/);
765 typedef krb5_error_code (KRB5_CALLCONV * krb5_s2k_proc)(krb5_context /*context*/,
766 krb5_enctype /*type*/,
767 krb5_const_pointer /*keyseed*/,
768 krb5_salt /*salt*/,
769 krb5_data * /*s2kparms*/,
770 krb5_keyblock ** /*key*/);
771
772 struct _krb5_get_init_creds_opt_private;
773
774 struct _krb5_get_init_creds_opt {
775 krb5_flags flags;
776 krb5_deltat tkt_life;
777 krb5_deltat renew_life;
778 int forwardable;
779 int proxiable;
780 int anonymous;
781 int change_password_prompt;
782 krb5_enctype *etype_list;
783 int etype_list_length;
784 krb5_addresses *address_list;
785 /* XXX the next three should not be used, as they may be
786 removed later */
787 krb5_preauthtype *preauth_list;
788 int preauth_list_length;
789 krb5_data *salt;
790 struct _krb5_get_init_creds_opt_private *opt_private;
791 };
792
793 typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt;
794
795 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
796 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
797 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
798 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
799 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
800 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
801 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
802 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 /* no supported */
803 #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100
804 #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200
805 #define KRB5_GET_INIT_CREDS_OPT_CHANGE_PASSWORD_PROMPT 0x0400
806
807 #define KRB5_FAST_REQUIRED 0x0001 /* fast required by action of caller */
808
809 /* krb5_init_creds_step flags argument */
810 #define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x0001
811
812 typedef struct _krb5_verify_init_creds_opt {
813 krb5_flags flags;
814 int ap_req_nofail;
815 } krb5_verify_init_creds_opt;
816
817 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
818
819 typedef struct krb5_verify_opt {
820 unsigned int flags;
821 krb5_ccache ccache;
822 krb5_keytab keytab;
823 krb5_boolean secure;
824 const char *service;
825 } krb5_verify_opt;
826
827 #define KRB5_VERIFY_LREALMS 1
828 #define KRB5_VERIFY_NO_ADDRESSES 2
829
830 #define KRB5_KPASSWD_VERS_CHANGEPW 1
831 #define KRB5_KPASSWD_VERS_SETPW 0xff80
832
833 #define KRB5_KPASSWD_SUCCESS 0
834 #define KRB5_KPASSWD_MALFORMED 1
835 #define KRB5_KPASSWD_HARDERROR 2
836 #define KRB5_KPASSWD_AUTHERROR 3
837 #define KRB5_KPASSWD_SOFTERROR 4
838 #define KRB5_KPASSWD_ACCESSDENIED 5
839 #define KRB5_KPASSWD_BAD_VERSION 6
840 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
841
842 #define KPASSWD_PORT 464
843
844 /* types for the new krbhst interface */
845 struct krb5_krbhst_data;
846 typedef struct krb5_krbhst_data *krb5_krbhst_handle;
847
848 #define KRB5_KRBHST_KDC 1
849 #define KRB5_KRBHST_ADMIN 2
850 #define KRB5_KRBHST_CHANGEPW 3
851 #define KRB5_KRBHST_KRB524 4
852 #define KRB5_KRBHST_KCA 5
853 #define KRB5_KRBHST_READONLY_ADMIN 6
854 #define KRB5_KRBHST_TKTBRIDGEAP 7
855
856 typedef struct krb5_krbhst_info {
857 enum { KRB5_KRBHST_UDP,
858 KRB5_KRBHST_TCP,
859 KRB5_KRBHST_HTTP } proto;
860 unsigned short port;
861 unsigned short def_port;
862 struct addrinfo *ai;
863 struct krb5_krbhst_info *next;
864 char hostname[1]; /* has to come last */
865 } krb5_krbhst_info;
866
867 /* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
868 enum {
869 KRB5_KRBHST_FLAGS_MASTER = 1,
870 KRB5_KRBHST_FLAGS_LARGE_MSG = 2
871 };
872
873 typedef krb5_error_code (*krb5_sendto_prexmit)(krb5_context, int, void *, int, krb5_data *);
874 typedef krb5_error_code
875 (KRB5_CALLCONV * krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, time_t,
876 const krb5_data *, krb5_data *);
877
878 /** flags for krb5_parse_name_flags */
879 enum {
880 KRB5_PRINCIPAL_PARSE_NO_REALM = 1, /**< Require that there are no realm */
881 KRB5_PRINCIPAL_PARSE_REQUIRE_REALM = 2, /**< Require a realm present */
882 KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4, /**< Parse as a NT-ENTERPRISE name */
883 KRB5_PRINCIPAL_PARSE_IGNORE_REALM = 8, /**< Ignore realm if present */
884 KRB5_PRINCIPAL_PARSE_NO_DEF_REALM = 16 /**< Don't default the realm */
885 };
886
887 /** flags for krb5_unparse_name_flags */
888 enum {
889 KRB5_PRINCIPAL_UNPARSE_SHORT = 1, /**< No realm if it is the default realm */
890 KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2, /**< No realm */
891 KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 /**< No quoting */
892 };
893
894 typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx;
895
896 #define KRB5_SENDTO_DONE 0
897 #define KRB5_SENDTO_RESET 1
898 #define KRB5_SENDTO_CONTINUE 2
899 #define KRB5_SENDTO_TIMEOUT 3
900 #define KRB5_SENDTO_INITIAL 4
901 #define KRB5_SENDTO_FILTER 5
902 #define KRB5_SENDTO_FAILED 6
903 #define KRB5_SENDTO_KRBHST 7
904
905 typedef krb5_error_code
906 (KRB5_CALLCONV * krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *,
907 const krb5_data *, int *);
908
909 enum krb5_plugin_type {
910 PLUGIN_TYPE_DATA = 1,
911 PLUGIN_TYPE_FUNC /* no longer supported */
912 };
913
914 /*
915 * Since <krb5/common_plugin.h> is new with Heimdal 8, users looking to write
916 * portable plugins across Heimdal 7 and 8 need a conditional compilation
917 * predicate from a header file that does exist in both major releases. This
918 * is as good a place as any to define a plugin source-compatibility version
919 * number.
920 *
921 * When this macro is defined and is equal to 1, the Heimdal 8 plugin source
922 * API, and <krb5/common_plugin.h> header are available and should be used.
923 *
924 * In Heimdal 7, this macro is not defined, and <krb5/common_plugin.h> may not
925 * be available.
926 */
927 #define KRB5_PLUGIN_COMMON_SPI_VERSION 1
928
929 #define KRB5_PLUGIN_INVOKE_ALL 1
930
931 typedef uintptr_t
932 (KRB5_LIB_CALL *krb5_get_instance_func_t)(const char *);
933
934 struct credentials; /* this is to keep the compiler happy */
935 struct getargs;
936 struct sockaddr;
937
938 /**
939 * Semi private, not stable yet
940 */
941
942 typedef struct krb5_crypto_iov {
943 unsigned int flags;
944 /* ignored */
945 #define KRB5_CRYPTO_TYPE_EMPTY 0
946 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
947 #define KRB5_CRYPTO_TYPE_HEADER 1
948 /* IN and OUT */
949 #define KRB5_CRYPTO_TYPE_DATA 2
950 /* IN */
951 #define KRB5_CRYPTO_TYPE_SIGN_ONLY 3
952 /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
953 #define KRB5_CRYPTO_TYPE_PADDING 4
954 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
955 #define KRB5_CRYPTO_TYPE_TRAILER 5
956 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
957 #define KRB5_CRYPTO_TYPE_CHECKSUM 6
958 krb5_data data;
959 } krb5_crypto_iov;
960
961
962 /* Glue for MIT */
963
964 typedef struct {
965 int32_t lr_type;
966 krb5_timestamp value;
967 } krb5_last_req_entry;
968
969 typedef krb5_error_code
970 (KRB5_CALLCONV * krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *);
971
972 typedef struct {
973 krb5_enctype ks_enctype;
974 krb5int32 ks_salttype;
975 }krb5_key_salt_tuple;
976
977 /*
978 * Name canonicalization rule options
979 */
980
981 typedef enum krb5_name_canon_rule_options {
982 KRB5_NCRO_GC_ONLY = 1 << 0,
983 KRB5_NCRO_USE_REFERRALS = 1 << 1,
984 KRB5_NCRO_NO_REFERRALS = 1 << 2,
985 KRB5_NCRO_USE_FAST = 1 << 3,
986 KRB5_NCRO_USE_DNSSEC = 1 << 4,
987 KRB5_NCRO_LOOKUP_REALM = 1 << 5
988 } krb5_name_canon_rule_options;
989
990 typedef struct krb5_name_canon_rule_data *krb5_name_canon_rule;
991 typedef const struct krb5_name_canon_rule_data *krb5_const_name_canon_rule;
992 typedef struct krb5_name_canon_iterator_data *krb5_name_canon_iterator;
993
994 /*
995 * krb5_get_init_creds_opt_set_pkinit flags
996 */
997
998 #define KRB5_GIC_OPT_PKINIT_USE_ENCKEY 2 /* use RSA, not DH */
999 #define KRB5_GIC_OPT_PKINIT_ANONYMOUS 4 /* anonymous PKINIT */
1000 #define KRB5_GIC_OPT_PKINIT_BTMM 8 /* reserved by Apple */
1001 #define KRB5_GIC_OPT_PKINIT_NO_KDC_ANCHOR 16 /* do not authenticate KDC */
1002
1003 /*
1004 * _krb5_principal_is_anonymous() flags
1005 */
1006 #define KRB5_ANON_MATCH_AUTHENTICATED 1 /* authenticated with anon flag */
1007 #define KRB5_ANON_MATCH_UNAUTHENTICATED 2 /* anonymous PKINIT */
1008 #define KRB5_ANON_IGNORE_NAME_TYPE 4 /* don't check the name type */
1009 #define KRB5_ANON_MATCH_ANY ( KRB5_ANON_MATCH_AUTHENTICATED | \
1010 KRB5_ANON_MATCH_UNAUTHENTICATED )
1011 #define KRB5_ANON_MATCH_ANY_NONT ( KRB5_ANON_MATCH_ANY | \
1012 KRB5_ANON_IGNORE_NAME_TYPE )
1013
1014 /*
1015 *
1016 */
1017
1018 struct hx509_certs_data;
1019 typedef struct krb5_kx509_req_ctx_data *krb5_kx509_req_ctx;
1020
1021 #include <krb5-protos.h>
1022
1023 /* variables */
1024
1025 extern KRB5_LIB_VARIABLE const char *const krb5_config_file;
1026 extern KRB5_LIB_VARIABLE const char *const krb5_defkeyname;
1027
1028
1029 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops;
1030 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_dcc_ops;
1031 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops;
1032 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops;
1033 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops;
1034 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops;
1035 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops;
1036 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_krcc_ops;
1037
1038 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops;
1039 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_wrfkt_ops;
1040 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_javakt_ops;
1041 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_mkt_ops;
1042 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_akf_ops;
1043 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_any_ops;
1044
1045 extern KRB5_LIB_VARIABLE const char *const krb5_cc_type_api;
1046 extern KRB5_LIB_VARIABLE const char *const krb5_cc_type_file;
1047 extern KRB5_LIB_VARIABLE const char *const krb5_cc_type_memory;
1048 extern KRB5_LIB_VARIABLE const char *const krb5_cc_type_kcm;
1049 extern KRB5_LIB_VARIABLE const char *const krb5_cc_type_scc;
1050 extern KRB5_LIB_VARIABLE const char *const krb5_cc_type_dcc;
1051 extern KRB5_LIB_VARIABLE const char *const krb5_cc_type_keyring;
1052
1053 /* clang analyzer workarounds */
1054
1055 #ifdef __clang_analyzer__
1056 /*
1057 * The clang analyzer (lint) can't know that krb5_enomem() always returns
1058 * non-zero, so code like:
1059 *
1060 * if ((x = malloc(...)) == NULL)
1061 * ret = krb5_enomem(context)
1062 * if (ret == 0)
1063 * *x = ...;
1064 *
1065 * causes false positives.
1066 *
1067 * The fix is to make krb5_enomem() a macro that always evaluates to ENOMEM.
1068 */
1069 #define krb5_enomem(c) (krb5_enomem(c), ENOMEM)
1070 #endif
1071
1072 #endif /* __KRB5_H__ */
1073
GSS-enabled samba4