17c478bd9Sstevel@tonic-gate /* 2*5e01956fSGlenn Barry * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 37c478bd9Sstevel@tonic-gate */ 47c478bd9Sstevel@tonic-gate /* 5fe598cdcSmp * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006 by the Massachusetts Institute of Technology, 67c478bd9Sstevel@tonic-gate * Cambridge, MA, USA. All Rights Reserved. 7159d09a2SMark Phalan * 8159d09a2SMark Phalan * This software is being provided to you, the LICENSEE, by the 9159d09a2SMark Phalan * Massachusetts Institute of Technology (M.I.T.) under the following 10159d09a2SMark Phalan * license. By obtaining, using and/or copying this software, you agree 11159d09a2SMark Phalan * that you have read, understood, and will comply with these terms and 12159d09a2SMark Phalan * conditions: 13159d09a2SMark Phalan * 147c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 157c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 167c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 177c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 18159d09a2SMark Phalan * 19159d09a2SMark Phalan * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 20159d09a2SMark Phalan * this software and its documentation for any purpose and without fee or 21159d09a2SMark Phalan * royalty is hereby granted, provided that you agree to comply with the 22159d09a2SMark Phalan * following copyright notice and statements, including the disclaimer, and 23159d09a2SMark Phalan * that the same appear on ALL copies of the software and documentation, 24159d09a2SMark Phalan * including modifications that you make for internal use or for 257c478bd9Sstevel@tonic-gate * distribution: 26159d09a2SMark Phalan * 27159d09a2SMark Phalan * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 28159d09a2SMark Phalan * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not 29159d09a2SMark Phalan * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 30159d09a2SMark Phalan * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 31159d09a2SMark Phalan * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 32159d09a2SMark Phalan * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. 33159d09a2SMark Phalan * 34159d09a2SMark Phalan * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 35159d09a2SMark Phalan * be used in advertising or publicity pertaining to distribution of the 36159d09a2SMark Phalan * software. Title to copyright in this software and any associated 37159d09a2SMark Phalan * documentation shall at all times remain with M.I.T., and USER agrees to 387c478bd9Sstevel@tonic-gate * preserve same. 39fe598cdcSmp * 40fe598cdcSmp * Furthermore if you modify this software you must label 41fe598cdcSmp * your software as modified software and not distribute it in such a 42fe598cdcSmp * fashion that it might be confused with the original M.I.T. software. 43ab9b2e15Sgtb */ 44159d09a2SMark Phalan 457c478bd9Sstevel@tonic-gate /* 467c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC. 47159d09a2SMark Phalan * 487c478bd9Sstevel@tonic-gate * All rights reserved. 49159d09a2SMark Phalan * 507c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require 517c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the 527c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to 537c478bd9Sstevel@tonic-gate * obtain such a license before exporting. 54159d09a2SMark Phalan * 557c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 567c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 577c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 587c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 597c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 607c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining 617c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 627c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of 637c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 647c478bd9Sstevel@tonic-gate * or implied warranty. 65159d09a2SMark Phalan * 667c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 677c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 687c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 697c478bd9Sstevel@tonic-gate */ 707c478bd9Sstevel@tonic-gate 717c478bd9Sstevel@tonic-gate /* 727c478bd9Sstevel@tonic-gate * This prototype for k5-int.h (Krb5 internals include file) 737c478bd9Sstevel@tonic-gate * includes the user-visible definitions from krb5.h and then 747c478bd9Sstevel@tonic-gate * includes other definitions that are not user-visible but are 757c478bd9Sstevel@tonic-gate * required for compiling Kerberos internal routines. 767c478bd9Sstevel@tonic-gate * 777c478bd9Sstevel@tonic-gate * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995 787c478bd9Sstevel@tonic-gate */ 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate #ifndef _KRB5_INT_H 817c478bd9Sstevel@tonic-gate #define _KRB5_INT_H 827c478bd9Sstevel@tonic-gate 83159d09a2SMark Phalan #ifdef KRB5_GENERAL__ 84159d09a2SMark Phalan #error krb5.h included before k5-int.h 85159d09a2SMark Phalan #endif /* KRB5_GENERAL__ */ 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate #ifndef _KERNEL 887c478bd9Sstevel@tonic-gate #include <osconf.h> 897c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 907c478bd9Sstevel@tonic-gate #else 917c478bd9Sstevel@tonic-gate #include <sys/crypto/common.h> 927c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h> 937c478bd9Sstevel@tonic-gate #endif 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate #ifdef DEBUG 967c478bd9Sstevel@tonic-gate #if !defined(KRB5_DEBUG) 977c478bd9Sstevel@tonic-gate #define KRB5_DEBUG 987c478bd9Sstevel@tonic-gate #endif 997c478bd9Sstevel@tonic-gate #ifndef KRB5_LOG_LVL 1007c478bd9Sstevel@tonic-gate #define KRB5_LOG_LVL KRB5_ERR 1017c478bd9Sstevel@tonic-gate #endif 1027c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 1037c478bd9Sstevel@tonic-gate 1047c478bd9Sstevel@tonic-gate #ifdef _KERNEL 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate #ifdef DEBUG 1077c478bd9Sstevel@tonic-gate #include <sys/types.h> 1087c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h> 1097c478bd9Sstevel@tonic-gate extern void prom_printf(); 1107c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate #define prom_printf printf 1157c478bd9Sstevel@tonic-gate 1167c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate #ifdef KRB5_LOG_LVL 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate /* krb5_log is used to set the logging level to determine what class of messages 1217c478bd9Sstevel@tonic-gate * are output by the mech. Note, more than one logging level can be used by 1227c478bd9Sstevel@tonic-gate * bit or'ing the log values together. 1237c478bd9Sstevel@tonic-gate * 1247c478bd9Sstevel@tonic-gate * All log messages are captured by syslog. 1257c478bd9Sstevel@tonic-gate */ 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate extern unsigned int krb5_log; 1287c478bd9Sstevel@tonic-gate 1297c478bd9Sstevel@tonic-gate /* Note, these defines should be mutually exclusive bit fields */ 1307c478bd9Sstevel@tonic-gate #define KRB5_ERR 1 /* Use this debug log level for error path logging. */ 1317c478bd9Sstevel@tonic-gate #define KRB5_INFO 2 /* Use this debug log level for informational messages. */ 1327c478bd9Sstevel@tonic-gate 1337c478bd9Sstevel@tonic-gate #ifdef _KERNEL 1347c478bd9Sstevel@tonic-gate 1357c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \ 1367c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C), (D)), TRUE))) 1377c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \ 1387c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C)), TRUE))) 1397c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \ 1407c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B)), TRUE))) 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate #include <syslog.h> 1457c478bd9Sstevel@tonic-gate 1467c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \ 1477c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1487c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C), (D)), TRUE))) 1497c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \ 1507c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1517c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C)), TRUE))) 1527c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \ 1537c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1547c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, B), TRUE))) 1557c478bd9Sstevel@tonic-gate 1567c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 1577c478bd9Sstevel@tonic-gate 1587c478bd9Sstevel@tonic-gate #else /* ! KRB5_LOG_LVL */ 1597c478bd9Sstevel@tonic-gate 1607c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) 1617c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) 1627c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) 1637c478bd9Sstevel@tonic-gate 1647c478bd9Sstevel@tonic-gate #endif /* KRB5_LOG_LVL */ 1657c478bd9Sstevel@tonic-gate 1667c478bd9Sstevel@tonic-gate #ifdef POSIX_TYPES 1677c478bd9Sstevel@tonic-gate #define timetype time_t 1687c478bd9Sstevel@tonic-gate #else 1697c478bd9Sstevel@tonic-gate #define timetype long 1707c478bd9Sstevel@tonic-gate #endif 1717c478bd9Sstevel@tonic-gate 1727c478bd9Sstevel@tonic-gate /* 1737c478bd9Sstevel@tonic-gate * Begin "k5-config.h" 1747c478bd9Sstevel@tonic-gate */ 1757c478bd9Sstevel@tonic-gate #ifndef KRB5_CONFIG__ 1767c478bd9Sstevel@tonic-gate #define KRB5_CONFIG__ 1777c478bd9Sstevel@tonic-gate 178159d09a2SMark Phalan /* 179159d09a2SMark Phalan * Machine-type definitions: PC Clone 386 running Microloss Windows 1807c478bd9Sstevel@tonic-gate */ 1817c478bd9Sstevel@tonic-gate 182159d09a2SMark Phalan #if defined(_MSDOS) || defined(_WIN32) 1837c478bd9Sstevel@tonic-gate #include "win-mac.h" 1847c478bd9Sstevel@tonic-gate 1857c478bd9Sstevel@tonic-gate /* Kerberos Windows initialization file */ 186159d09a2SMark Phalan #define KERBEROS_INI "kerberos.ini" 187159d09a2SMark Phalan #define INI_FILES "Files" 188159d09a2SMark Phalan #define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */ 189159d09a2SMark Phalan #define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */ 1907c478bd9Sstevel@tonic-gate #define ANSI_STDIO 1917c478bd9Sstevel@tonic-gate #endif 1927c478bd9Sstevel@tonic-gate 1937c478bd9Sstevel@tonic-gate #ifndef _KERNEL 1947c478bd9Sstevel@tonic-gate #ifndef KRB5_AUTOCONF__ 1957c478bd9Sstevel@tonic-gate #define KRB5_AUTOCONF__ 196159d09a2SMark Phalan #include "autoconf.h" 1977c478bd9Sstevel@tonic-gate #endif 1987c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 1997c478bd9Sstevel@tonic-gate 2007c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__ 2017c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__ 2027c478bd9Sstevel@tonic-gate 203159d09a2SMark Phalan #ifndef _KERNEL 2047c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TYPES_H /* From autoconf.h */ 2057c478bd9Sstevel@tonic-gate #include <sys/types.h> 2067c478bd9Sstevel@tonic-gate #else /* HAVE_SYS_TYPES_H */ 207159d09a2SMark Phalan typedef unsigned long u_long; 208159d09a2SMark Phalan typedef unsigned int u_int; 209159d09a2SMark Phalan typedef unsigned short u_short; 210159d09a2SMark Phalan typedef unsigned char u_char; 2117c478bd9Sstevel@tonic-gate #endif /* HAVE_SYS_TYPES_H */ 2127c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */ 213159d09a2SMark Phalan #endif /* !_KERNEL */ 214159d09a2SMark Phalan 2157c478bd9Sstevel@tonic-gate 216505d05c7Sgtb /* #include "k5-platform.h" SUNW XXX */ 217505d05c7Sgtb /* not used in krb5.h (yet) */ 2187c478bd9Sstevel@tonic-gate typedef uint64_t krb5_ui_8; 2197c478bd9Sstevel@tonic-gate typedef int64_t krb5_int64; 2207c478bd9Sstevel@tonic-gate 221159d09a2SMark Phalan 222159d09a2SMark Phalan 2237c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING1 "Enter password:" 2247c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING2 "Re-enter password for verification:" 2257c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ 2267c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_RLIFE (60*60*24*365) /* one year */ 2277c478bd9Sstevel@tonic-gate #define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */ 2287c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */ 2297c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_RENEW_LIFE 7*24*60*60 /* 7 Days */ 2307c478bd9Sstevel@tonic-gate 231159d09a2SMark Phalan /* 2327c478bd9Sstevel@tonic-gate * Windows requires a different api interface to each function. Here 2337c478bd9Sstevel@tonic-gate * just define it as NULL. 2347c478bd9Sstevel@tonic-gate */ 2357c478bd9Sstevel@tonic-gate #ifndef KRB5_CALLCONV 2367c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV 2377c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV_C 2387c478bd9Sstevel@tonic-gate #endif 2397c478bd9Sstevel@tonic-gate #ifndef O_BINARY 2407c478bd9Sstevel@tonic-gate #define O_BINARY 0 2417c478bd9Sstevel@tonic-gate #endif 2427c478bd9Sstevel@tonic-gate 2437c478bd9Sstevel@tonic-gate #endif /* KRB5_CONFIG__ */ 2447c478bd9Sstevel@tonic-gate 2457c478bd9Sstevel@tonic-gate /* 2467c478bd9Sstevel@tonic-gate * End "k5-config.h" 2477c478bd9Sstevel@tonic-gate */ 2487c478bd9Sstevel@tonic-gate 2497c478bd9Sstevel@tonic-gate /* 2507c478bd9Sstevel@tonic-gate * After loading the configuration definitions, load the Kerberos definitions. 2517c478bd9Sstevel@tonic-gate */ 252505d05c7Sgtb #ifndef _KERNEL 253505d05c7Sgtb #include <errno.h> 254505d05c7Sgtb #include "profile.h" 255505d05c7Sgtb #endif 256505d05c7Sgtb 2577c478bd9Sstevel@tonic-gate #include <krb5.h> 2587c478bd9Sstevel@tonic-gate 2597c478bd9Sstevel@tonic-gate #ifndef _KERNEL 260505d05c7Sgtb #if 1 /* def NEED_SOCKETS */ 2617c478bd9Sstevel@tonic-gate #include <port-sockets.h> 2627c478bd9Sstevel@tonic-gate #include <socket-utils.h> 2637c478bd9Sstevel@tonic-gate #else 2647c478bd9Sstevel@tonic-gate #ifndef SOCK_DGRAM 2657c478bd9Sstevel@tonic-gate struct sockaddr; 2667c478bd9Sstevel@tonic-gate #endif 2677c478bd9Sstevel@tonic-gate #endif 2687c478bd9Sstevel@tonic-gate #endif 2697c478bd9Sstevel@tonic-gate 270505d05c7Sgtb /* Get mutex support; currently used only for the replay cache. */ 271505d05c7Sgtb #include "k5-thread.h" 272505d05c7Sgtb 273505d05c7Sgtb 2747c478bd9Sstevel@tonic-gate /* krb5/krb5.h includes many other .h files in the krb5 subdirectory. 2757c478bd9Sstevel@tonic-gate The ones that it doesn't include, we include below. */ 2767c478bd9Sstevel@tonic-gate 2777c478bd9Sstevel@tonic-gate /* 2787c478bd9Sstevel@tonic-gate * Begin "k5-errors.h" 2797c478bd9Sstevel@tonic-gate */ 2807c478bd9Sstevel@tonic-gate #ifndef KRB5_ERRORS__ 2817c478bd9Sstevel@tonic-gate #define KRB5_ERRORS__ 2827c478bd9Sstevel@tonic-gate 2837c478bd9Sstevel@tonic-gate 2847c478bd9Sstevel@tonic-gate /* Error codes used in KRB_ERROR protocol messages. 2857c478bd9Sstevel@tonic-gate Return values of library routines are based on a different error table 2867c478bd9Sstevel@tonic-gate (which allows non-ambiguous error codes between subsystems) */ 2877c478bd9Sstevel@tonic-gate 2887c478bd9Sstevel@tonic-gate /* KDC errors */ 2897c478bd9Sstevel@tonic-gate #define KDC_ERR_NONE 0 /* No error */ 2907c478bd9Sstevel@tonic-gate #define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */ 2917c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */ 2927c478bd9Sstevel@tonic-gate #define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */ 2937c478bd9Sstevel@tonic-gate #define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */ 2947c478bd9Sstevel@tonic-gate #define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */ 2957c478bd9Sstevel@tonic-gate #define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */ 2967c478bd9Sstevel@tonic-gate #define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */ 2977c478bd9Sstevel@tonic-gate #define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */ 2987c478bd9Sstevel@tonic-gate #define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */ 2997c478bd9Sstevel@tonic-gate #define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */ 3007c478bd9Sstevel@tonic-gate #define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */ 3017c478bd9Sstevel@tonic-gate #define KDC_ERR_POLICY 12 /* KDC policy rejects request */ 3027c478bd9Sstevel@tonic-gate #define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */ 3037c478bd9Sstevel@tonic-gate #define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */ 3047c478bd9Sstevel@tonic-gate #define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */ 3057c478bd9Sstevel@tonic-gate #define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */ 3067c478bd9Sstevel@tonic-gate #define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */ 3077c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */ 3087c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */ 3097c478bd9Sstevel@tonic-gate #define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */ 3107c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */ 3117c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */ 3127c478bd9Sstevel@tonic-gate #define KDC_ERR_KEY_EXP 23 /* Password has expired */ 3137c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */ 3147c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */ 3157c478bd9Sstevel@tonic-gate /* required */ 3167c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */ 3177c478bd9Sstevel@tonic-gate /* ticket don't match*/ 318*5e01956fSGlenn Barry #define KDC_ERR_MUST_USE_USER2USER 27 /* Server principal valid for */ 319*5e01956fSGlenn Barry /* user2user only */ 320*5e01956fSGlenn Barry #define KDC_ERR_PATH_NOT_ACCEPTED 28 /* KDC policy rejected transited */ 321*5e01956fSGlenn Barry /* path */ 322159d09a2SMark Phalan #define KDC_ERR_SVC_UNAVAILABLE 29 /* A service is not 323159d09a2SMark Phalan * available that is 324159d09a2SMark Phalan * required to process the 325159d09a2SMark Phalan * request */ 3267c478bd9Sstevel@tonic-gate /* Application errors */ 3277c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */ 3287c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */ 3297c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */ 3307c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_REPEAT 34 /* Request is a replay */ 3317c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */ 3327c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */ 3337c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_SKEW 37 /* Clock skew too great */ 3347c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */ 3357c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */ 3367c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */ 3377c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */ 3387c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADORDER 42 /* Message out of order */ 3397c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */ 3407c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOKEY 45 /* Service key not available */ 3417c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */ 3427c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */ 3437c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_METHOD 48 /* Alternative authentication */ 3447c478bd9Sstevel@tonic-gate /* method required */ 3457c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */ 3467c478bd9Sstevel@tonic-gate /* in message */ 3477c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */ 3487c478bd9Sstevel@tonic-gate /* checksum in message */ 349159d09a2SMark Phalan #define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */ 350159d09a2SMark Phalan #define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */ 351159d09a2SMark Phalan /* retry with TCP */ 3527c478bd9Sstevel@tonic-gate 3537c478bd9Sstevel@tonic-gate /* other errors */ 3547c478bd9Sstevel@tonic-gate #define KRB_ERR_GENERIC 60 /* Generic error (description */ 3557c478bd9Sstevel@tonic-gate /* in e-text) */ 3567c478bd9Sstevel@tonic-gate #define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */ 3577c478bd9Sstevel@tonic-gate 358159d09a2SMark Phalan /* PKINIT server-reported errors */ 359159d09a2SMark Phalan #define KDC_ERR_CLIENT_NOT_TRUSTED 62 /* client cert not trusted */ 360159d09a2SMark Phalan #define KDC_ERR_INVALID_SIG 64 /* client signature verify failed */ 361159d09a2SMark Phalan #define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED 65 /* invalid Diffie-Hellman parameters */ 362*5e01956fSGlenn Barry #define KDC_ERR_CERTIFICATE_MISMATCH 66 363*5e01956fSGlenn Barry #define KRB_AP_ERR_NO_TGT 67 364*5e01956fSGlenn Barry #define KDC_ERR_WRONG_REALM 68 365*5e01956fSGlenn Barry #define KRB_AP_ERR_USER_TO_USER_REQUIRED 69 366*5e01956fSGlenn Barry #define KDC_ERR_CANT_VERIFY_CERTIFICATE 70 /* client cert not verifiable 367*5e01956fSGlenn Barry to */ 368159d09a2SMark Phalan /* trusted root cert */ 369159d09a2SMark Phalan #define KDC_ERR_INVALID_CERTIFICATE 71 /* client cert had invalid signature */ 370159d09a2SMark Phalan #define KDC_ERR_REVOKED_CERTIFICATE 72 /* client cert was revoked */ 371159d09a2SMark Phalan #define KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 /* client cert revoked, reason unknown */ 372159d09a2SMark Phalan #define KDC_ERR_CLIENT_NAME_MISMATCH 75 /* mismatch between client cert and */ 373159d09a2SMark Phalan /* principal name */ 374159d09a2SMark Phalan #define KDC_ERR_INCONSISTENT_KEY_PURPOSE 77 /* bad extended key use */ 375159d09a2SMark Phalan #define KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED 78 /* bad digest algorithm in client cert */ 376159d09a2SMark Phalan #define KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED 79 /* missing paChecksum in PA-PK-AS-REQ */ 377159d09a2SMark Phalan #define KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED 80 /* bad digest algorithm in SignedData */ 378159d09a2SMark Phalan #define KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED 81 379159d09a2SMark Phalan 3807c478bd9Sstevel@tonic-gate #endif /* KRB5_ERRORS__ */ 3817c478bd9Sstevel@tonic-gate /* 3827c478bd9Sstevel@tonic-gate * End "k5-errors.h" 3837c478bd9Sstevel@tonic-gate */ 3847c478bd9Sstevel@tonic-gate 3857c478bd9Sstevel@tonic-gate /* 3867c478bd9Sstevel@tonic-gate * This structure is returned in the e-data field of the KRB-ERROR 3877c478bd9Sstevel@tonic-gate * message when the error calling for an alternative form of 3887c478bd9Sstevel@tonic-gate * authentication is returned, KRB_AP_METHOD. 3897c478bd9Sstevel@tonic-gate */ 3907c478bd9Sstevel@tonic-gate typedef struct _krb5_alt_method { 3917c478bd9Sstevel@tonic-gate krb5_magic magic; 3927c478bd9Sstevel@tonic-gate krb5_int32 method; 3937c478bd9Sstevel@tonic-gate unsigned int length; 3947c478bd9Sstevel@tonic-gate krb5_octet *data; 3957c478bd9Sstevel@tonic-gate } krb5_alt_method; 3967c478bd9Sstevel@tonic-gate 3977c478bd9Sstevel@tonic-gate /* 3987c478bd9Sstevel@tonic-gate * A null-terminated array of this structure is returned by the KDC as 3997c478bd9Sstevel@tonic-gate * the data part of the ETYPE_INFO preauth type. It informs the 4007c478bd9Sstevel@tonic-gate * client which encryption types are supported. 401159d09a2SMark Phalan * The same data structure is used by both etype-info and etype-info2 4027c478bd9Sstevel@tonic-gate * but s2kparams must be null when encoding etype-info. 4037c478bd9Sstevel@tonic-gate */ 4047c478bd9Sstevel@tonic-gate typedef struct _krb5_etype_info_entry { 4057c478bd9Sstevel@tonic-gate krb5_magic magic; 4067c478bd9Sstevel@tonic-gate krb5_enctype etype; 4077c478bd9Sstevel@tonic-gate unsigned int length; 4087c478bd9Sstevel@tonic-gate krb5_octet *salt; 409159d09a2SMark Phalan krb5_data s2kparams; 4107c478bd9Sstevel@tonic-gate } krb5_etype_info_entry; 4117c478bd9Sstevel@tonic-gate 412159d09a2SMark Phalan /* 4137c478bd9Sstevel@tonic-gate * This is essentially -1 without sign extension which can screw up 4147c478bd9Sstevel@tonic-gate * comparisons on 64 bit machines. If the length is this value, then 4157c478bd9Sstevel@tonic-gate * the salt data is not present. This is to distinguish between not 416159d09a2SMark Phalan * being set and being of 0 length. 4177c478bd9Sstevel@tonic-gate */ 4187c478bd9Sstevel@tonic-gate #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS 4197c478bd9Sstevel@tonic-gate 4207c478bd9Sstevel@tonic-gate typedef krb5_etype_info_entry ** krb5_etype_info; 4217c478bd9Sstevel@tonic-gate 422ba7b222eSGlenn Barry /* RFC 4537 */ 423ba7b222eSGlenn Barry typedef struct _krb5_etype_list { 424ba7b222eSGlenn Barry int length; 425ba7b222eSGlenn Barry krb5_enctype *etypes; 426ba7b222eSGlenn Barry } krb5_etype_list; 427ba7b222eSGlenn Barry 4287c478bd9Sstevel@tonic-gate /* 429159d09a2SMark Phalan * a sam_challenge is returned for alternate preauth 4307c478bd9Sstevel@tonic-gate */ 4317c478bd9Sstevel@tonic-gate /* 4327c478bd9Sstevel@tonic-gate SAMFlags ::= BIT STRING { 4337c478bd9Sstevel@tonic-gate use-sad-as-key[0], 4347c478bd9Sstevel@tonic-gate send-encrypted-sad[1], 4357c478bd9Sstevel@tonic-gate must-pk-encrypt-sad[2] 4367c478bd9Sstevel@tonic-gate } 4377c478bd9Sstevel@tonic-gate */ 4387c478bd9Sstevel@tonic-gate /* 4397c478bd9Sstevel@tonic-gate PA-SAM-CHALLENGE ::= SEQUENCE { 4407c478bd9Sstevel@tonic-gate sam-type[0] INTEGER, 4417c478bd9Sstevel@tonic-gate sam-flags[1] SAMFlags, 4427c478bd9Sstevel@tonic-gate sam-type-name[2] GeneralString OPTIONAL, 4437c478bd9Sstevel@tonic-gate sam-track-id[3] GeneralString OPTIONAL, 4447c478bd9Sstevel@tonic-gate sam-challenge-label[4] GeneralString OPTIONAL, 4457c478bd9Sstevel@tonic-gate sam-challenge[5] GeneralString OPTIONAL, 4467c478bd9Sstevel@tonic-gate sam-response-prompt[6] GeneralString OPTIONAL, 4477c478bd9Sstevel@tonic-gate sam-pk-for-sad[7] EncryptionKey OPTIONAL, 4487c478bd9Sstevel@tonic-gate sam-nonce[8] INTEGER OPTIONAL, 4497c478bd9Sstevel@tonic-gate sam-cksum[9] Checksum OPTIONAL 4507c478bd9Sstevel@tonic-gate } 4517c478bd9Sstevel@tonic-gate */ 4527c478bd9Sstevel@tonic-gate /* sam_type values -- informational only */ 4537c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ENIGMA 1 /* Enigma Logic */ 4547c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH 2 /* Digital Pathways */ 4557c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY_K0 3 /* S/key where KDC has key 0 */ 4567c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY 4 /* Traditional S/Key */ 4577c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID 5 /* Security Dynamics */ 4587c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_CRYPTOCARD 6 /* CRYPTOCard */ 4597c478bd9Sstevel@tonic-gate #if 1 /* XXX need to figure out who has which numbers assigned */ 4607c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_DEC 6 /* ActivCard decimal mode */ 4617c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_HEX 7 /* ActivCard hex mode */ 4627c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH_HEX 8 /* Digital Pathways hex mode */ 4637c478bd9Sstevel@tonic-gate #endif 4647c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_EXP_BASE 128 /* experimental */ 4657c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */ 4667c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */ 4677c478bd9Sstevel@tonic-gate 4687c478bd9Sstevel@tonic-gate typedef struct _krb5_predicted_sam_response { 4697c478bd9Sstevel@tonic-gate krb5_magic magic; 4707c478bd9Sstevel@tonic-gate krb5_keyblock sam_key; 471159d09a2SMark Phalan krb5_flags sam_flags; /* Makes key munging easier */ 472159d09a2SMark Phalan krb5_timestamp stime; /* time on server, for replay detection */ 473159d09a2SMark Phalan krb5_int32 susec; 474159d09a2SMark Phalan krb5_principal client; 475159d09a2SMark Phalan krb5_data msd; /* mechanism specific data */ 4767c478bd9Sstevel@tonic-gate } krb5_predicted_sam_response; 4777c478bd9Sstevel@tonic-gate 4787c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge { 4797c478bd9Sstevel@tonic-gate krb5_magic magic; 4807c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */ 4817c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 4827c478bd9Sstevel@tonic-gate krb5_data sam_type_name; 4837c478bd9Sstevel@tonic-gate krb5_data sam_track_id; 4847c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label; 4857c478bd9Sstevel@tonic-gate krb5_data sam_challenge; 4867c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt; 4877c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad; 4887c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4897c478bd9Sstevel@tonic-gate krb5_checksum sam_cksum; 4907c478bd9Sstevel@tonic-gate } krb5_sam_challenge; 4917c478bd9Sstevel@tonic-gate 4927c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_key { /* reserved for future use */ 4937c478bd9Sstevel@tonic-gate krb5_magic magic; 4947c478bd9Sstevel@tonic-gate krb5_keyblock sam_key; 4957c478bd9Sstevel@tonic-gate } krb5_sam_key; 4967c478bd9Sstevel@tonic-gate 4977c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc { 4987c478bd9Sstevel@tonic-gate krb5_magic magic; 4997c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5007c478bd9Sstevel@tonic-gate krb5_timestamp sam_timestamp; 5017c478bd9Sstevel@tonic-gate krb5_int32 sam_usec; 5027c478bd9Sstevel@tonic-gate krb5_data sam_sad; 5037c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc; 5047c478bd9Sstevel@tonic-gate 5057c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response { 5067c478bd9Sstevel@tonic-gate krb5_magic magic; 5077c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */ 5087c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 5097c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */ 5107c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */ 5117c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */ 5127c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5137c478bd9Sstevel@tonic-gate krb5_timestamp sam_patimestamp; 5147c478bd9Sstevel@tonic-gate } krb5_sam_response; 5157c478bd9Sstevel@tonic-gate 5167c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2 { 5177c478bd9Sstevel@tonic-gate krb5_data sam_challenge_2_body; 5187c478bd9Sstevel@tonic-gate krb5_checksum **sam_cksum; /* Array of checksums */ 5197c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2; 5207c478bd9Sstevel@tonic-gate 5217c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2_body { 5227c478bd9Sstevel@tonic-gate krb5_magic magic; 5237c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */ 5247c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 5257c478bd9Sstevel@tonic-gate krb5_data sam_type_name; 5267c478bd9Sstevel@tonic-gate krb5_data sam_track_id; 5277c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label; 5287c478bd9Sstevel@tonic-gate krb5_data sam_challenge; 5297c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt; 5307c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad; 5317c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5327c478bd9Sstevel@tonic-gate krb5_enctype sam_etype; 5337c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2_body; 5347c478bd9Sstevel@tonic-gate 5357c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response_2 { 5367c478bd9Sstevel@tonic-gate krb5_magic magic; 5377c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */ 5387c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 5397c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */ 5407c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */ 5417c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5427c478bd9Sstevel@tonic-gate } krb5_sam_response_2; 5437c478bd9Sstevel@tonic-gate 5447c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc_2 { 5457c478bd9Sstevel@tonic-gate krb5_magic magic; 5467c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5477c478bd9Sstevel@tonic-gate krb5_data sam_sad; 5487c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc_2; 5497c478bd9Sstevel@tonic-gate 550159d09a2SMark Phalan /* 551159d09a2SMark Phalan * Keep the pkinit definitions in a separate file so that the plugin 552159d09a2SMark Phalan * only has to include k5-int-pkinit.h rather than k5-int.h 553159d09a2SMark Phalan */ 554159d09a2SMark Phalan 555159d09a2SMark Phalan #include "k5-int-pkinit.h" 556159d09a2SMark Phalan 5577c478bd9Sstevel@tonic-gate /* 5587c478bd9Sstevel@tonic-gate * Begin "dbm.h" 5597c478bd9Sstevel@tonic-gate */ 5607c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5617c478bd9Sstevel@tonic-gate 5627c478bd9Sstevel@tonic-gate /* 5637c478bd9Sstevel@tonic-gate * Since we are always using db, use the db-ndbm include header file. 5647c478bd9Sstevel@tonic-gate */ 5657c478bd9Sstevel@tonic-gate 5667c478bd9Sstevel@tonic-gate #include "db-ndbm.h" 5677c478bd9Sstevel@tonic-gate 5687c478bd9Sstevel@tonic-gate #endif /* !KERNEL */ 5697c478bd9Sstevel@tonic-gate /* 5707c478bd9Sstevel@tonic-gate * End "dbm.h" 5717c478bd9Sstevel@tonic-gate */ 5727c478bd9Sstevel@tonic-gate 5737c478bd9Sstevel@tonic-gate /* 5747c478bd9Sstevel@tonic-gate * Begin "ext-proto.h" 5757c478bd9Sstevel@tonic-gate */ 5767c478bd9Sstevel@tonic-gate #ifndef KRB5_EXT_PROTO__ 5777c478bd9Sstevel@tonic-gate #define KRB5_EXT_PROTO__ 5787c478bd9Sstevel@tonic-gate 5797c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5807c478bd9Sstevel@tonic-gate #include <stdlib.h> 5817c478bd9Sstevel@tonic-gate #include <string.h> 5827c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 5837c478bd9Sstevel@tonic-gate 5847c478bd9Sstevel@tonic-gate #ifndef HAVE_STRDUP 5857c478bd9Sstevel@tonic-gate extern char *strdup (const char *); 5867c478bd9Sstevel@tonic-gate #endif 5877c478bd9Sstevel@tonic-gate 5887c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5897c478bd9Sstevel@tonic-gate #ifdef HAVE_UNISTD_H 5907c478bd9Sstevel@tonic-gate #include <unistd.h> 5917c478bd9Sstevel@tonic-gate #endif 5927c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 5937c478bd9Sstevel@tonic-gate 5947c478bd9Sstevel@tonic-gate #endif /* KRB5_EXT_PROTO__ */ 5957c478bd9Sstevel@tonic-gate /* 5967c478bd9Sstevel@tonic-gate * End "ext-proto.h" 5977c478bd9Sstevel@tonic-gate */ 5987c478bd9Sstevel@tonic-gate 5997c478bd9Sstevel@tonic-gate /* 6007c478bd9Sstevel@tonic-gate * Begin "sysincl.h" 6017c478bd9Sstevel@tonic-gate */ 6027c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSINCL__ 6037c478bd9Sstevel@tonic-gate #define KRB5_SYSINCL__ 6047c478bd9Sstevel@tonic-gate 6057c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__ 6067c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__ 6077c478bd9Sstevel@tonic-gate /* needed for much of the rest -- but already handled in krb5.h? */ 6087c478bd9Sstevel@tonic-gate /* #include <sys/types.h> */ 6097c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */ 6107c478bd9Sstevel@tonic-gate 6117c478bd9Sstevel@tonic-gate #ifdef _KERNEL 6127c478bd9Sstevel@tonic-gate #include <sys/time.h> 6137c478bd9Sstevel@tonic-gate #else 6147c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TIME_H 6157c478bd9Sstevel@tonic-gate #include <sys/time.h> 6167c478bd9Sstevel@tonic-gate #ifdef TIME_WITH_SYS_TIME 6177c478bd9Sstevel@tonic-gate #include <time.h> 6187c478bd9Sstevel@tonic-gate #endif 6197c478bd9Sstevel@tonic-gate #else 6207c478bd9Sstevel@tonic-gate #include <time.h> 6217c478bd9Sstevel@tonic-gate #endif 6227c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 6237c478bd9Sstevel@tonic-gate 6247c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_STAT_H 6257c478bd9Sstevel@tonic-gate #include <sys/stat.h> /* struct stat, stat() */ 6267c478bd9Sstevel@tonic-gate #endif 6277c478bd9Sstevel@tonic-gate 6287c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_PARAM_H 6297c478bd9Sstevel@tonic-gate #include <sys/param.h> /* MAXPATHLEN */ 6307c478bd9Sstevel@tonic-gate #endif 6317c478bd9Sstevel@tonic-gate 6327c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_FILE_H 6337c478bd9Sstevel@tonic-gate #include <sys/file.h> /* prototypes for file-related 6347c478bd9Sstevel@tonic-gate syscalls; flags for open & 6357c478bd9Sstevel@tonic-gate friends */ 6367c478bd9Sstevel@tonic-gate #endif 6377c478bd9Sstevel@tonic-gate 6387c478bd9Sstevel@tonic-gate #ifdef _KERNEL 6397c478bd9Sstevel@tonic-gate #include <sys/fcntl.h> 6407c478bd9Sstevel@tonic-gate #else 6417c478bd9Sstevel@tonic-gate #include <fcntl.h> 6427c478bd9Sstevel@tonic-gate #endif 6437c478bd9Sstevel@tonic-gate 6447c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSINCL__ */ 6457c478bd9Sstevel@tonic-gate /* 6467c478bd9Sstevel@tonic-gate * End "sysincl.h" 6477c478bd9Sstevel@tonic-gate */ 6487c478bd9Sstevel@tonic-gate 6497c478bd9Sstevel@tonic-gate /* 6507c478bd9Sstevel@tonic-gate * Begin "los-proto.h" 6517c478bd9Sstevel@tonic-gate */ 6527c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS_PROTO__ 6537c478bd9Sstevel@tonic-gate #define KRB5_LIBOS_PROTO__ 654159d09a2SMark Phalan #endif 6557c478bd9Sstevel@tonic-gate 6567c478bd9Sstevel@tonic-gate #ifndef _KERNEL 6577c478bd9Sstevel@tonic-gate #include <stdio.h> 6587c478bd9Sstevel@tonic-gate 6597c478bd9Sstevel@tonic-gate struct addrlist; 660159d09a2SMark Phalan struct sendto_callback_info; 6617c478bd9Sstevel@tonic-gate #endif 6627c478bd9Sstevel@tonic-gate 6637c478bd9Sstevel@tonic-gate /* libos.spec */ 664159d09a2SMark Phalan krb5_error_code krb5_lock_file (krb5_context, int, int); 665159d09a2SMark Phalan krb5_error_code krb5_unlock_file (krb5_context, int); 666159d09a2SMark Phalan krb5_error_code krb5_sendto_kdc (krb5_context, const krb5_data *, 667159d09a2SMark Phalan const krb5_data *, krb5_data *, int *, int); 668*5e01956fSGlenn Barry /* Solaris Kerberos */ 669*5e01956fSGlenn Barry krb5_error_code krb5_sendto_kdc2 (krb5_context, const krb5_data *, 670*5e01956fSGlenn Barry const krb5_data *, krb5_data *, int *, int, 671*5e01956fSGlenn Barry char **); 672159d09a2SMark Phalan 6737c478bd9Sstevel@tonic-gate 674159d09a2SMark Phalan krb5_error_code krb5_get_krbhst (krb5_context, const krb5_data *, char *** ); 675159d09a2SMark Phalan krb5_error_code krb5_free_krbhst (krb5_context, char * const * ); 676159d09a2SMark Phalan krb5_error_code krb5_create_secure_file (krb5_context, const char * pathname); 6777c478bd9Sstevel@tonic-gate 678159d09a2SMark Phalan int krb5_net_read (krb5_context, int , char *, int); 6797c478bd9Sstevel@tonic-gate 6807c478bd9Sstevel@tonic-gate int krb5_net_write 6817c478bd9Sstevel@tonic-gate (krb5_context, int , const char *, int); 6827c478bd9Sstevel@tonic-gate 6837c478bd9Sstevel@tonic-gate 6847c478bd9Sstevel@tonic-gate krb5_error_code krb5_gen_replay_name 6857c478bd9Sstevel@tonic-gate (krb5_context, const krb5_address *, const char *, char **); 6867c478bd9Sstevel@tonic-gate 6877c478bd9Sstevel@tonic-gate 6887c478bd9Sstevel@tonic-gate #ifndef _KERNEL 689159d09a2SMark Phalan 690159d09a2SMark Phalan krb5_error_code krb5_sync_disk_file (krb5_context, FILE *fp); 6917c478bd9Sstevel@tonic-gate 6927c478bd9Sstevel@tonic-gate krb5_error_code 6937c478bd9Sstevel@tonic-gate krb5_open_pkcs11_session(CK_SESSION_HANDLE *); 6947c478bd9Sstevel@tonic-gate 6957c478bd9Sstevel@tonic-gate 6967c478bd9Sstevel@tonic-gate krb5_error_code krb5_read_message 6977c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *); 6987c478bd9Sstevel@tonic-gate 6997c478bd9Sstevel@tonic-gate krb5_error_code krb5_write_message 7007c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *); 701159d09a2SMark Phalan krb5_error_code krb5int_sendto (krb5_context context, const krb5_data *message, 702159d09a2SMark Phalan const struct addrlist *addrs, struct sendto_callback_info* callback_info, 703159d09a2SMark Phalan krb5_data *reply, struct sockaddr *localaddr, socklen_t *localaddrlen, 704159d09a2SMark Phalan struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, int *addr_used, 705159d09a2SMark Phalan int (*msg_handler)(krb5_context, const krb5_data *, void *), 706159d09a2SMark Phalan void *msg_handler_data); 70754925bf6Swillf 7087c478bd9Sstevel@tonic-gate krb5_error_code krb5int_get_fq_local_hostname (char *, size_t); 709ba7b222eSGlenn Barry 710ba7b222eSGlenn Barry krb5_error_code krb5_set_debugging_time 711ba7b222eSGlenn Barry (krb5_context, krb5_timestamp, krb5_int32); 712ba7b222eSGlenn Barry krb5_error_code krb5_use_natural_time 713ba7b222eSGlenn Barry (krb5_context); 714ba7b222eSGlenn Barry krb5_error_code krb5_set_time_offsets 715ba7b222eSGlenn Barry (krb5_context, krb5_timestamp, krb5_int32); 716ba7b222eSGlenn Barry krb5_error_code krb5int_check_clockskew(krb5_context, krb5_timestamp); 71754925bf6Swillf #endif 7187c478bd9Sstevel@tonic-gate 719fe598cdcSmp /* 720fe598cdcSmp * Solaris Kerberos 721fe598cdcSmp * The following two functions are needed for better realm 722fe598cdcSmp * determination based on the DNS domain name. 723fe598cdcSmp */ 724fe598cdcSmp krb5_error_code krb5int_lookup_host(int , const char *, char **); 725fe598cdcSmp 726fe598cdcSmp krb5_error_code krb5int_domain_get_realm(krb5_context, const char *, 727fe598cdcSmp char **); 728fe598cdcSmp krb5_error_code krb5int_fqdn_get_realm(krb5_context, const char *, 729fe598cdcSmp char **); 730fe598cdcSmp 73154925bf6Swillf krb5_error_code krb5int_init_context_kdc(krb5_context *); 73254925bf6Swillf 733159d09a2SMark Phalan krb5_error_code krb5_os_init_context (krb5_context, krb5_boolean); 7347c478bd9Sstevel@tonic-gate 7357c478bd9Sstevel@tonic-gate void krb5_os_free_context (krb5_context); 7367c478bd9Sstevel@tonic-gate 737159d09a2SMark Phalan /* This function is needed by KfM's KerberosPreferences API 738159d09a2SMark Phalan * because it needs to be able to specify "secure" */ 739505d05c7Sgtb #ifndef _KERNEL 740159d09a2SMark Phalan krb5_error_code os_get_default_config_files 741159d09a2SMark Phalan (profile_filespec_t **pfiles, krb5_boolean secure); 742505d05c7Sgtb #endif 743505d05c7Sgtb 744159d09a2SMark Phalan krb5_error_code krb5_os_hostaddr 745159d09a2SMark Phalan (krb5_context, const char *, krb5_address ***); 746505d05c7Sgtb 7477c478bd9Sstevel@tonic-gate #ifndef _KERNEL 7487c478bd9Sstevel@tonic-gate /* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're 749159d09a2SMark Phalan going to use this structure. */ 7507c478bd9Sstevel@tonic-gate struct addrlist { 751159d09a2SMark Phalan struct { 752159d09a2SMark Phalan #ifdef FAI_DEFINED 753159d09a2SMark Phalan struct addrinfo *ai; 754159d09a2SMark Phalan #else 755159d09a2SMark Phalan struct undefined_addrinfo *ai; 756159d09a2SMark Phalan #endif 757159d09a2SMark Phalan void (*freefn)(void *); 758159d09a2SMark Phalan void *data; 759159d09a2SMark Phalan } *addrs; 760159d09a2SMark Phalan int naddrs; 761159d09a2SMark Phalan int space; 7627c478bd9Sstevel@tonic-gate }; 763159d09a2SMark Phalan #define ADDRLIST_INIT { 0, 0, 0 } 7647c478bd9Sstevel@tonic-gate extern void krb5int_free_addrlist (struct addrlist *); 7657c478bd9Sstevel@tonic-gate extern int krb5int_grow_addrlist (struct addrlist *, int); 7667c478bd9Sstevel@tonic-gate extern int krb5int_add_host_to_list (struct addrlist *, const char *, 767159d09a2SMark Phalan int, int, int, int); 7687c478bd9Sstevel@tonic-gate 769159d09a2SMark Phalan #include <locate_plugin.h> 77010db1377Sgtb krb5_error_code 771159d09a2SMark Phalan krb5int_locate_server (krb5_context, const krb5_data *realm, 772159d09a2SMark Phalan struct addrlist *, enum locate_service_type svc, 773159d09a2SMark Phalan int sockettype, int family); 77410db1377Sgtb 7757c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 7767c478bd9Sstevel@tonic-gate 7777c478bd9Sstevel@tonic-gate /* new encryption provider api */ 7787c478bd9Sstevel@tonic-gate 7797c478bd9Sstevel@tonic-gate struct krb5_enc_provider { 780159d09a2SMark Phalan /* keybytes is the input size to make_key; 7817c478bd9Sstevel@tonic-gate keylength is the output size */ 782505d05c7Sgtb size_t block_size, keybytes, keylength; 7837c478bd9Sstevel@tonic-gate 784505d05c7Sgtb /* cipher-state == 0 fresh state thrown away at end */ 7857c478bd9Sstevel@tonic-gate krb5_error_code (*encrypt) ( 7867c478bd9Sstevel@tonic-gate krb5_context context, 7877c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 7887c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 7897c478bd9Sstevel@tonic-gate 7907c478bd9Sstevel@tonic-gate krb5_error_code (*decrypt) ( 7917c478bd9Sstevel@tonic-gate krb5_context context, 7927c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 7937c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 7947c478bd9Sstevel@tonic-gate 7957c478bd9Sstevel@tonic-gate krb5_error_code (*make_key) 7967c478bd9Sstevel@tonic-gate (krb5_context, krb5_const krb5_data *, krb5_keyblock *); 7977c478bd9Sstevel@tonic-gate 7987c478bd9Sstevel@tonic-gate krb5_error_code (*init_state) (krb5_context, 7997c478bd9Sstevel@tonic-gate const krb5_keyblock *, 8007c478bd9Sstevel@tonic-gate krb5_keyusage, krb5_data *); 8017c478bd9Sstevel@tonic-gate krb5_error_code (*free_state) (krb5_context, krb5_data *); 8027c478bd9Sstevel@tonic-gate 8037c478bd9Sstevel@tonic-gate }; 8047c478bd9Sstevel@tonic-gate 8057c478bd9Sstevel@tonic-gate struct krb5_hash_provider { 806159d09a2SMark Phalan size_t hashsize, blocksize; 8077c478bd9Sstevel@tonic-gate 8087c478bd9Sstevel@tonic-gate /* this takes multiple inputs to avoid lots of copying. */ 8097c478bd9Sstevel@tonic-gate krb5_error_code (*hash) (krb5_context context, 8107c478bd9Sstevel@tonic-gate unsigned int icount, krb5_const krb5_data *input, 8117c478bd9Sstevel@tonic-gate krb5_data *output); 8127c478bd9Sstevel@tonic-gate }; 8137c478bd9Sstevel@tonic-gate 8147c478bd9Sstevel@tonic-gate struct krb5_keyhash_provider { 815505d05c7Sgtb size_t hashsize; 8167c478bd9Sstevel@tonic-gate 8177c478bd9Sstevel@tonic-gate krb5_error_code (*hash) ( 8187c478bd9Sstevel@tonic-gate krb5_context context, 8197c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, 8207c478bd9Sstevel@tonic-gate krb5_keyusage keyusage, 8217c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 8227c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 8237c478bd9Sstevel@tonic-gate 8247c478bd9Sstevel@tonic-gate krb5_error_code (*verify) ( 8257c478bd9Sstevel@tonic-gate krb5_context context, 8267c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, 8277c478bd9Sstevel@tonic-gate krb5_keyusage keyusage, 8287c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 8297c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, 8307c478bd9Sstevel@tonic-gate krb5_const krb5_data *hash, 8317c478bd9Sstevel@tonic-gate krb5_boolean *valid); 8327c478bd9Sstevel@tonic-gate 8337c478bd9Sstevel@tonic-gate }; 8347c478bd9Sstevel@tonic-gate 835159d09a2SMark Phalan typedef void (*krb5_encrypt_length_func) (const struct krb5_enc_provider *enc, 836159d09a2SMark Phalan const struct krb5_hash_provider *hash, 8377c478bd9Sstevel@tonic-gate size_t inputlen, size_t *length); 8387c478bd9Sstevel@tonic-gate 8397c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_crypt_func) ( 8407c478bd9Sstevel@tonic-gate krb5_context context, 8417c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, 8427c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *hash, 8437c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_keyusage usage, 8447c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 8457c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 8467c478bd9Sstevel@tonic-gate 8477c478bd9Sstevel@tonic-gate #ifndef _KERNEL 8487c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_str2key_func) ( 8497c478bd9Sstevel@tonic-gate krb5_context context, 8507c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, krb5_const krb5_data *string, 8517c478bd9Sstevel@tonic-gate krb5_const krb5_data *salt, krb5_const krb5_data *params, 8527c478bd9Sstevel@tonic-gate krb5_keyblock *key); 8537c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 8547c478bd9Sstevel@tonic-gate 855159d09a2SMark Phalan typedef krb5_error_code (*krb5_prf_func)( 856159d09a2SMark Phalan const struct krb5_enc_provider *enc, 857159d09a2SMark Phalan const struct krb5_hash_provider *hash, 858159d09a2SMark Phalan const krb5_keyblock *key, 859159d09a2SMark Phalan const krb5_data *in, krb5_data *out); 860159d09a2SMark Phalan 8617c478bd9Sstevel@tonic-gate struct krb5_keytypes { 8627c478bd9Sstevel@tonic-gate krb5_enctype etype; 8637c478bd9Sstevel@tonic-gate char *in_string; 8647c478bd9Sstevel@tonic-gate char *out_string; 8657c478bd9Sstevel@tonic-gate const struct krb5_enc_provider *enc; 8667c478bd9Sstevel@tonic-gate const struct krb5_hash_provider *hash; 8677c478bd9Sstevel@tonic-gate krb5_encrypt_length_func encrypt_len; 8687c478bd9Sstevel@tonic-gate krb5_crypt_func encrypt; 8697c478bd9Sstevel@tonic-gate krb5_crypt_func decrypt; 8707c478bd9Sstevel@tonic-gate krb5_cksumtype required_ctype; 8717c478bd9Sstevel@tonic-gate #ifndef _KERNEL 8727c478bd9Sstevel@tonic-gate /* Solaris Kerberos: strings to key conversion not done in the kernel */ 8737c478bd9Sstevel@tonic-gate krb5_str2key_func str2key; 8747c478bd9Sstevel@tonic-gate #else /* _KERNEL */ 8757c478bd9Sstevel@tonic-gate char *mt_e_name; 8767c478bd9Sstevel@tonic-gate char *mt_h_name; 8777c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cipher_mt; 8787c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_hash_mt; 8797c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 8807c478bd9Sstevel@tonic-gate }; 8817c478bd9Sstevel@tonic-gate 8827c478bd9Sstevel@tonic-gate struct krb5_cksumtypes { 8837c478bd9Sstevel@tonic-gate krb5_cksumtype ctype; 8847c478bd9Sstevel@tonic-gate unsigned int flags; 8857c478bd9Sstevel@tonic-gate char *in_string; 8867c478bd9Sstevel@tonic-gate char *out_string; 8877c478bd9Sstevel@tonic-gate /* if the hash is keyed, this is the etype it is keyed with. 8887c478bd9Sstevel@tonic-gate Actually, it can be keyed by any etype which has the same 8897c478bd9Sstevel@tonic-gate enc_provider as the specified etype. DERIVE checksums can 8907c478bd9Sstevel@tonic-gate be keyed with any valid etype. */ 8917c478bd9Sstevel@tonic-gate krb5_enctype keyed_etype; 8927c478bd9Sstevel@tonic-gate /* I can't statically initialize a union, so I'm just going to use 8937c478bd9Sstevel@tonic-gate two pointers here. The keyhash is used if non-NULL. If NULL, 8947c478bd9Sstevel@tonic-gate then HMAC/hash with derived keys is used if the relevant flag 8957c478bd9Sstevel@tonic-gate is set. Otherwise, a non-keyed hash is computed. This is all 8967c478bd9Sstevel@tonic-gate kind of messy, but so is the krb5 api. */ 8977c478bd9Sstevel@tonic-gate const struct krb5_keyhash_provider *keyhash; 8987c478bd9Sstevel@tonic-gate const struct krb5_hash_provider *hash; 8997c478bd9Sstevel@tonic-gate /* This just gets uglier and uglier. In the key derivation case, 900159d09a2SMark Phalan we produce an hmac. To make the hmac code work, we can't hack 901159d09a2SMark Phalan the output size indicated by the hash provider, but we may want 902159d09a2SMark Phalan a truncated hmac. If we want truncation, this is the number of 903159d09a2SMark Phalan bytes we truncate to; it should be 0 otherwise. */ 9047c478bd9Sstevel@tonic-gate unsigned int trunc_size; 9057c478bd9Sstevel@tonic-gate #ifdef _KERNEL 9067c478bd9Sstevel@tonic-gate char *mt_c_name; 9077c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cksum_mt; 9087c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 9097c478bd9Sstevel@tonic-gate }; 9107c478bd9Sstevel@tonic-gate 9117c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_DERIVE 0x0001 9127c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002 9137c478bd9Sstevel@tonic-gate 914159d09a2SMark Phalan /* 915159d09a2SMark Phalan * in here to deal with stuff from lib/crypto 916159d09a2SMark Phalan */ 917159d09a2SMark Phalan 918159d09a2SMark Phalan void krb5_nfold 919159d09a2SMark Phalan (unsigned int inbits, const unsigned char *in, 920159d09a2SMark Phalan unsigned int outbits, unsigned char *out); 921159d09a2SMark Phalan 922159d09a2SMark Phalan krb5_error_code krb5int_pbkdf2_hmac_sha1 (krb5_context, 923159d09a2SMark Phalan const krb5_data *, 924159d09a2SMark Phalan unsigned long, 925159d09a2SMark Phalan krb5_enctype, 926159d09a2SMark Phalan const krb5_data *, 927159d09a2SMark Phalan const krb5_data *); 928159d09a2SMark Phalan 929159d09a2SMark Phalan /* Make this a function eventually? */ 930159d09a2SMark Phalan #ifdef _WIN32 931159d09a2SMark Phalan # define krb5int_zap_data(ptr, len) SecureZeroMemory(ptr, len) 932159d09a2SMark Phalan #elif defined(__palmos__) && !defined(__GNUC__) 933159d09a2SMark Phalan /* CodeWarrior 8.3 complains about passing a pointer to volatile in to 934159d09a2SMark Phalan memset. On the other hand, we probably want it for gcc. */ 935159d09a2SMark Phalan # define krb5int_zap_data(ptr, len) memset(ptr, 0, len) 936159d09a2SMark Phalan #else 937159d09a2SMark Phalan # define krb5int_zap_data(ptr, len) memset((void *)ptr, 0, len) 938159d09a2SMark Phalan # if defined(__GNUC__) && defined(__GLIBC__) 939159d09a2SMark Phalan /* GNU libc generates multiple bogus initialization warnings if we 940159d09a2SMark Phalan pass memset a volatile pointer. The compiler should do well enough 941159d09a2SMark Phalan with memset even without GNU libc's attempt at optimization. */ 942159d09a2SMark Phalan # undef memset 943159d09a2SMark Phalan # endif 944159d09a2SMark Phalan #endif /* WIN32 */ 945159d09a2SMark Phalan #define zap(p,l) krb5int_zap_data(p,l) 946159d09a2SMark Phalan 947159d09a2SMark Phalan 948159d09a2SMark Phalan krb5_error_code krb5int_des_init_state 949159d09a2SMark Phalan ( krb5_context, 9507c478bd9Sstevel@tonic-gate const krb5_keyblock *, 9517c478bd9Sstevel@tonic-gate krb5_keyusage, krb5_data *); 9527c478bd9Sstevel@tonic-gate 9537c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_mandatory_cksumtype( 9547c478bd9Sstevel@tonic-gate krb5_context, 9557c478bd9Sstevel@tonic-gate krb5_enctype, 9567c478bd9Sstevel@tonic-gate krb5_cksumtype *); 9577c478bd9Sstevel@tonic-gate 958159d09a2SMark Phalan /* 9597c478bd9Sstevel@tonic-gate * normally to free a cipher_state you can just memset the length to zero and 9607c478bd9Sstevel@tonic-gate * free it. 9617c478bd9Sstevel@tonic-gate */ 962159d09a2SMark Phalan krb5_error_code krb5int_default_free_state 963159d09a2SMark Phalan (krb5_context, krb5_data *); 964159d09a2SMark Phalan 9657c478bd9Sstevel@tonic-gate 9667c478bd9Sstevel@tonic-gate /* 9677c478bd9Sstevel@tonic-gate * Combine two keys (normally used by the hardware preauth mechanism) 9687c478bd9Sstevel@tonic-gate */ 9697c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_combine_keys 9707c478bd9Sstevel@tonic-gate (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2, 9717c478bd9Sstevel@tonic-gate krb5_keyblock *outkey); 9727c478bd9Sstevel@tonic-gate 9737c478bd9Sstevel@tonic-gate 9747c478bd9Sstevel@tonic-gate #ifdef _KERNEL 9757c478bd9Sstevel@tonic-gate 9767c478bd9Sstevel@tonic-gate int k5_ef_crypto( 9777c478bd9Sstevel@tonic-gate const char *, char *, 9787c478bd9Sstevel@tonic-gate long, krb5_keyblock *, 979c54c769dSwillf const krb5_data *, int); 9807c478bd9Sstevel@tonic-gate 9817c478bd9Sstevel@tonic-gate krb5_error_code 9827c478bd9Sstevel@tonic-gate krb5_hmac(krb5_context, const krb5_keyblock *, 9837c478bd9Sstevel@tonic-gate krb5_const krb5_data *, krb5_data *); 9847c478bd9Sstevel@tonic-gate 9857c478bd9Sstevel@tonic-gate #else 9867c478bd9Sstevel@tonic-gate krb5_error_code krb5_hmac 9877c478bd9Sstevel@tonic-gate (krb5_context, 9887c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *, 9897c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, krb5_const unsigned int, 9907c478bd9Sstevel@tonic-gate krb5_const krb5_data *, krb5_data *); 9917c478bd9Sstevel@tonic-gate 9927c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 9937c478bd9Sstevel@tonic-gate 994505d05c7Sgtb 995505d05c7Sgtb /* 996505d05c7Sgtb * These declarations are here, so both krb5 and k5crypto 997505d05c7Sgtb * can get to them. 998505d05c7Sgtb * krb5 needs to get to them so it can make them available to libgssapi. 999505d05c7Sgtb */ 1000505d05c7Sgtb extern const struct krb5_enc_provider krb5int_enc_arcfour; 1001505d05c7Sgtb extern const struct krb5_hash_provider krb5int_hash_md5; 1002505d05c7Sgtb 1003505d05c7Sgtb 1004505d05c7Sgtb /* #ifdef KRB5_OLD_CRYPTO XXX SUNW14resync */ 1005505d05c7Sgtb 10067c478bd9Sstevel@tonic-gate krb5_error_code krb5_crypto_us_timeofday 1007159d09a2SMark Phalan (krb5_int32 *, 1008159d09a2SMark Phalan krb5_int32 *); 10097c478bd9Sstevel@tonic-gate 101054925bf6Swillf #ifndef _KERNEL 101154925bf6Swillf /* Solaris kerberos: for convenience */ 1012159d09a2SMark Phalan time_t krb5int_gmt_mktime (struct tm *); 101354925bf6Swillf #endif /* ! _KERNEL */ 101454925bf6Swillf 1015505d05c7Sgtb /* #endif KRB5_OLD_CRYPTO */ 1016505d05c7Sgtb 10177c478bd9Sstevel@tonic-gate /* this helper fct is in libkrb5, but it makes sense declared here. */ 10187c478bd9Sstevel@tonic-gate 10197c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_helper 1020159d09a2SMark Phalan (krb5_context context, const krb5_keyblock *key, 1021159d09a2SMark Phalan krb5_keyusage keyusage, const krb5_data *plain, 1022159d09a2SMark Phalan krb5_enc_data *cipher); 10237c478bd9Sstevel@tonic-gate 10247c478bd9Sstevel@tonic-gate /* 10257c478bd9Sstevel@tonic-gate * End "los-proto.h" 10267c478bd9Sstevel@tonic-gate */ 10277c478bd9Sstevel@tonic-gate 10287c478bd9Sstevel@tonic-gate /* 10297c478bd9Sstevel@tonic-gate * Begin "libos.h" 10307c478bd9Sstevel@tonic-gate */ 10317c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS__ 10327c478bd9Sstevel@tonic-gate #define KRB5_LIBOS__ 10337c478bd9Sstevel@tonic-gate 10347c478bd9Sstevel@tonic-gate typedef struct _krb5_os_context { 1035159d09a2SMark Phalan krb5_magic magic; 1036159d09a2SMark Phalan krb5_int32 time_offset; 1037159d09a2SMark Phalan krb5_int32 usec_offset; 1038159d09a2SMark Phalan krb5_int32 os_flags; 1039159d09a2SMark Phalan char * default_ccname; 10407c478bd9Sstevel@tonic-gate } *krb5_os_context; 10417c478bd9Sstevel@tonic-gate 10427c478bd9Sstevel@tonic-gate /* 10437c478bd9Sstevel@tonic-gate * Flags for the os_flags field 10447c478bd9Sstevel@tonic-gate * 10457c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_VALID means that the time offset fields are valid. 10467c478bd9Sstevel@tonic-gate * The intention is that this facility to correct the system clocks so 10477c478bd9Sstevel@tonic-gate * that they reflect the "real" time, for systems where for some 10487c478bd9Sstevel@tonic-gate * reason we can't set the system clock. Instead we calculate the 10497c478bd9Sstevel@tonic-gate * offset between the system time and real time, and store the offset 10507c478bd9Sstevel@tonic-gate * in the os context so that we can correct the system clock as necessary. 10517c478bd9Sstevel@tonic-gate * 10527c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_TIME means that the time offset fields should be 10537c478bd9Sstevel@tonic-gate * returned as the time by the krb5 time routines. This should only 10547c478bd9Sstevel@tonic-gate * be used for testing purposes (obviously!) 10557c478bd9Sstevel@tonic-gate */ 10567c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_VALID 1 10577c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_TIME 2 10587c478bd9Sstevel@tonic-gate 10597c478bd9Sstevel@tonic-gate /* lock mode flags */ 10607c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_SHARED 0x0001 10617c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_EXCLUSIVE 0x0002 10627c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_DONTBLOCK 0x0004 10637c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_UNLOCK 0x0008 10647c478bd9Sstevel@tonic-gate 10657c478bd9Sstevel@tonic-gate #endif /* KRB5_LIBOS__ */ 10667c478bd9Sstevel@tonic-gate /* 10677c478bd9Sstevel@tonic-gate * End "libos.h" 10687c478bd9Sstevel@tonic-gate */ 10697c478bd9Sstevel@tonic-gate 10707c478bd9Sstevel@tonic-gate /* 10717c478bd9Sstevel@tonic-gate * Define our view of the size of a DES key. 10727c478bd9Sstevel@tonic-gate */ 10737c478bd9Sstevel@tonic-gate #define KRB5_MIT_DES_KEYSIZE 8 10747c478bd9Sstevel@tonic-gate /* 10757c478bd9Sstevel@tonic-gate * Define a couple of SHA1 constants 10767c478bd9Sstevel@tonic-gate */ 10777c478bd9Sstevel@tonic-gate #define SHS_DATASIZE 64 10787c478bd9Sstevel@tonic-gate #define SHS_DIGESTSIZE 20 10797c478bd9Sstevel@tonic-gate 10807c478bd9Sstevel@tonic-gate /* 10817c478bd9Sstevel@tonic-gate * Check if des_int.h has been included before us. If so, then check to see 10827c478bd9Sstevel@tonic-gate * that our view of the DES key size is the same as des_int.h's. 10837c478bd9Sstevel@tonic-gate */ 10847c478bd9Sstevel@tonic-gate #ifdef MIT_DES_KEYSIZE 10857c478bd9Sstevel@tonic-gate #if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE 10867c478bd9Sstevel@tonic-gate error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) 10877c478bd9Sstevel@tonic-gate #endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ 10887c478bd9Sstevel@tonic-gate #endif /* MIT_DES_KEYSIZE */ 10897c478bd9Sstevel@tonic-gate 10907c478bd9Sstevel@tonic-gate #ifndef _KERNEL 10917c478bd9Sstevel@tonic-gate /* Solaris Kerberos: only define PROVIDE_DES3_CBC_SHA if the following are 10927c478bd9Sstevel@tonic-gate * defined. 10937c478bd9Sstevel@tonic-gate */ 10947c478bd9Sstevel@tonic-gate #define PROVIDE_DES3_CBC_SHA 1 10957c478bd9Sstevel@tonic-gate #define PROVIDE_NIST_SHA 1 10967c478bd9Sstevel@tonic-gate 10977c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 10987c478bd9Sstevel@tonic-gate 10997c478bd9Sstevel@tonic-gate /* 11007c478bd9Sstevel@tonic-gate * Begin "preauth.h" 11017c478bd9Sstevel@tonic-gate * 11027c478bd9Sstevel@tonic-gate * (Originally written by Glen Machin at Sandia Labs.) 11037c478bd9Sstevel@tonic-gate */ 11047c478bd9Sstevel@tonic-gate /* 1105159d09a2SMark Phalan * Sandia National Laboratories also makes no representations about the 1106159d09a2SMark Phalan * suitability of the modifications, or additions to this software for 11077c478bd9Sstevel@tonic-gate * any purpose. It is provided "as is" without express or implied warranty. 1108159d09a2SMark Phalan * 11097c478bd9Sstevel@tonic-gate */ 11107c478bd9Sstevel@tonic-gate #ifndef KRB5_PREAUTH__ 11117c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH__ 11127c478bd9Sstevel@tonic-gate 1113159d09a2SMark Phalan #include <preauth_plugin.h> 1114159d09a2SMark Phalan 1115159d09a2SMark Phalan #define CLIENT_ROCK_MAGIC 0x4352434b 1116159d09a2SMark Phalan /* This structure is passed into the client preauth functions and passed 1117159d09a2SMark Phalan * back to the "get_data_proc" function so that it can locate the 1118159d09a2SMark Phalan * requested information. It is opaque to the plugin code and can be 1119159d09a2SMark Phalan * expanded in the future as new types of requests are defined which 1120159d09a2SMark Phalan * may require other things to be passed through. */ 1121159d09a2SMark Phalan typedef struct _krb5_preauth_client_rock { 1122159d09a2SMark Phalan krb5_magic magic; 1123159d09a2SMark Phalan krb5_kdc_rep *as_reply; 1124159d09a2SMark Phalan } krb5_preauth_client_rock; 1125159d09a2SMark Phalan 1126159d09a2SMark Phalan /* This structure lets us keep track of all of the modules which are loaded, 1127159d09a2SMark Phalan * turning the list of modules and their lists of implemented preauth types 1128159d09a2SMark Phalan * into a single list which we can walk easily. */ 1129159d09a2SMark Phalan typedef struct _krb5_preauth_context { 1130159d09a2SMark Phalan int n_modules; 1131159d09a2SMark Phalan struct _krb5_preauth_context_module { 1132159d09a2SMark Phalan /* Which of the possibly more than one preauth types which the 1133159d09a2SMark Phalan * module supports we're using at this point in the list. */ 1134159d09a2SMark Phalan krb5_preauthtype pa_type; 1135159d09a2SMark Phalan /* Encryption types which the client claims to support -- we 1136159d09a2SMark Phalan * copy them directly into the krb5_kdc_req structure during 1137159d09a2SMark Phalan * krb5_preauth_prepare_request(). */ 1138159d09a2SMark Phalan krb5_enctype *enctypes; 1139159d09a2SMark Phalan /* The plugin's per-plugin context and a function to clear it. */ 1140159d09a2SMark Phalan void *plugin_context; 1141159d09a2SMark Phalan preauth_client_plugin_fini_proc client_fini; 1142159d09a2SMark Phalan /* The module's table, and some of its members, copied here for 1143159d09a2SMark Phalan * convenience when we populated the list. */ 1144159d09a2SMark Phalan struct krb5plugin_preauth_client_ftable_v1 *ftable; 1145159d09a2SMark Phalan const char *name; 1146159d09a2SMark Phalan int flags, use_count; 1147159d09a2SMark Phalan preauth_client_process_proc client_process; 1148159d09a2SMark Phalan preauth_client_tryagain_proc client_tryagain; 1149159d09a2SMark Phalan preauth_client_supply_gic_opts_proc client_supply_gic_opts; 1150159d09a2SMark Phalan preauth_client_request_init_proc client_req_init; 1151159d09a2SMark Phalan preauth_client_request_fini_proc client_req_fini; 1152159d09a2SMark Phalan /* The per-request context which the client_req_init() function 1153159d09a2SMark Phalan * might allocate, which we'll need to clean up later by 1154159d09a2SMark Phalan * calling the client_req_fini() function. */ 1155159d09a2SMark Phalan void *request_context; 1156159d09a2SMark Phalan /* A pointer to the request_context pointer. All modules within 1157159d09a2SMark Phalan * a plugin will point at the request_context of the first 1158159d09a2SMark Phalan * module within the plugin. */ 1159159d09a2SMark Phalan void **request_context_pp; 1160159d09a2SMark Phalan } *modules; 1161159d09a2SMark Phalan } krb5_preauth_context; 1162159d09a2SMark Phalan 11637c478bd9Sstevel@tonic-gate typedef struct _krb5_pa_enc_ts { 11647c478bd9Sstevel@tonic-gate krb5_timestamp patimestamp; 11657c478bd9Sstevel@tonic-gate krb5_int32 pausec; 11667c478bd9Sstevel@tonic-gate } krb5_pa_enc_ts; 11677c478bd9Sstevel@tonic-gate 1168ba7b222eSGlenn Barry typedef struct _krb5_pa_for_user { 1169ba7b222eSGlenn Barry krb5_principal user; 1170ba7b222eSGlenn Barry krb5_checksum cksum; 1171ba7b222eSGlenn Barry krb5_data auth_package; 1172ba7b222eSGlenn Barry } krb5_pa_for_user; 1173ba7b222eSGlenn Barry 1174ba7b222eSGlenn Barry enum { 1175ba7b222eSGlenn Barry KRB5_FAST_ARMOR_AP_REQUEST = 0x1 1176ba7b222eSGlenn Barry }; 1177ba7b222eSGlenn Barry 1178ba7b222eSGlenn Barry typedef struct _krb5_fast_armor { 1179ba7b222eSGlenn Barry krb5_int32 armor_type; 1180ba7b222eSGlenn Barry krb5_data armor_value; 1181ba7b222eSGlenn Barry } krb5_fast_armor; 1182ba7b222eSGlenn Barry typedef struct _krb5_fast_armored_req { 1183ba7b222eSGlenn Barry krb5_magic magic; 1184ba7b222eSGlenn Barry krb5_fast_armor *armor; 1185ba7b222eSGlenn Barry krb5_checksum req_checksum; 1186ba7b222eSGlenn Barry krb5_enc_data enc_part; 1187ba7b222eSGlenn Barry } krb5_fast_armored_req; 1188ba7b222eSGlenn Barry 1189ba7b222eSGlenn Barry typedef struct _krb5_fast_req { 1190ba7b222eSGlenn Barry krb5_magic magic; 1191ba7b222eSGlenn Barry krb5_flags fast_options; 1192ba7b222eSGlenn Barry /* padata from req_body is used*/ 1193ba7b222eSGlenn Barry krb5_kdc_req *req_body; 1194ba7b222eSGlenn Barry } krb5_fast_req; 1195ba7b222eSGlenn Barry 1196ba7b222eSGlenn Barry 1197ba7b222eSGlenn Barry /* Bits 0-15 are critical in fast options.*/ 1198ba7b222eSGlenn Barry #define UNSUPPORTED_CRITICAL_FAST_OPTIONS 0x00ff 1199ba7b222eSGlenn Barry #define KRB5_FAST_OPTION_HIDE_CLIENT_NAMES 0x01 1200ba7b222eSGlenn Barry 1201ba7b222eSGlenn Barry typedef struct _krb5_fast_finished { 1202ba7b222eSGlenn Barry krb5_timestamp timestamp; 1203ba7b222eSGlenn Barry krb5_int32 usec; 1204ba7b222eSGlenn Barry krb5_principal client; 1205ba7b222eSGlenn Barry krb5_checksum ticket_checksum; 1206ba7b222eSGlenn Barry } krb5_fast_finished; 1207ba7b222eSGlenn Barry 1208ba7b222eSGlenn Barry typedef struct _krb5_fast_response { 1209ba7b222eSGlenn Barry krb5_magic magic; 1210ba7b222eSGlenn Barry krb5_pa_data **padata; 1211ba7b222eSGlenn Barry krb5_keyblock *strengthen_key; 1212ba7b222eSGlenn Barry krb5_fast_finished *finished; 1213ba7b222eSGlenn Barry krb5_int32 nonce; 1214ba7b222eSGlenn Barry } krb5_fast_response; 1215ba7b222eSGlenn Barry 12167c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_obtain_proc) 12177c478bd9Sstevel@tonic-gate (krb5_context, 1218159d09a2SMark Phalan krb5_pa_data *, 1219159d09a2SMark Phalan krb5_etype_info, 1220159d09a2SMark Phalan krb5_keyblock *, 1221159d09a2SMark Phalan krb5_error_code ( * )(krb5_context, 1222159d09a2SMark Phalan const krb5_enctype, 1223159d09a2SMark Phalan krb5_data *, 1224159d09a2SMark Phalan krb5_const_pointer, 1225159d09a2SMark Phalan krb5_keyblock **), 1226159d09a2SMark Phalan krb5_const_pointer, 1227159d09a2SMark Phalan krb5_creds *, 1228159d09a2SMark Phalan krb5_kdc_req *, 1229159d09a2SMark Phalan krb5_pa_data **); 12307c478bd9Sstevel@tonic-gate 12317c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_process_proc) 12327c478bd9Sstevel@tonic-gate (krb5_context, 1233159d09a2SMark Phalan krb5_pa_data *, 1234159d09a2SMark Phalan krb5_kdc_req *, 1235159d09a2SMark Phalan krb5_kdc_rep *, 1236159d09a2SMark Phalan krb5_error_code ( * )(krb5_context, 1237159d09a2SMark Phalan const krb5_enctype, 1238159d09a2SMark Phalan krb5_data *, 1239159d09a2SMark Phalan krb5_const_pointer, 1240159d09a2SMark Phalan krb5_keyblock **), 1241159d09a2SMark Phalan krb5_const_pointer, 1242159d09a2SMark Phalan krb5_error_code ( * )(krb5_context, 1243159d09a2SMark Phalan const krb5_keyblock *, 1244159d09a2SMark Phalan krb5_const_pointer, 1245159d09a2SMark Phalan krb5_kdc_rep * ), 1246159d09a2SMark Phalan krb5_keyblock **, 1247159d09a2SMark Phalan krb5_creds *, 1248159d09a2SMark Phalan krb5_int32 *, 1249159d09a2SMark Phalan krb5_int32 *); 12507c478bd9Sstevel@tonic-gate 12517c478bd9Sstevel@tonic-gate typedef struct _krb5_preauth_ops { 12527c478bd9Sstevel@tonic-gate krb5_magic magic; 12537c478bd9Sstevel@tonic-gate int type; 12547c478bd9Sstevel@tonic-gate int flags; 12557c478bd9Sstevel@tonic-gate krb5_preauth_obtain_proc obtain; 12567c478bd9Sstevel@tonic-gate krb5_preauth_process_proc process; 12577c478bd9Sstevel@tonic-gate } krb5_preauth_ops; 12587c478bd9Sstevel@tonic-gate 1259159d09a2SMark Phalan 1260159d09a2SMark Phalan krb5_error_code krb5_obtain_padata 1261159d09a2SMark Phalan (krb5_context, 1262159d09a2SMark Phalan krb5_pa_data **, 1263159d09a2SMark Phalan krb5_error_code ( * )(krb5_context, 1264159d09a2SMark Phalan const krb5_enctype, 1265159d09a2SMark Phalan krb5_data *, 1266159d09a2SMark Phalan krb5_const_pointer, 1267159d09a2SMark Phalan krb5_keyblock **), 1268159d09a2SMark Phalan krb5_const_pointer, 1269159d09a2SMark Phalan krb5_creds *, 1270159d09a2SMark Phalan krb5_kdc_req *); 1271159d09a2SMark Phalan 1272159d09a2SMark Phalan krb5_error_code krb5_process_padata 1273159d09a2SMark Phalan (krb5_context, 1274159d09a2SMark Phalan krb5_kdc_req *, 1275159d09a2SMark Phalan krb5_kdc_rep *, 1276159d09a2SMark Phalan krb5_error_code ( * )(krb5_context, 1277159d09a2SMark Phalan const krb5_enctype, 1278159d09a2SMark Phalan krb5_data *, 1279159d09a2SMark Phalan krb5_const_pointer, 1280159d09a2SMark Phalan krb5_keyblock **), 1281159d09a2SMark Phalan krb5_const_pointer, 1282159d09a2SMark Phalan krb5_error_code ( * )(krb5_context, 1283159d09a2SMark Phalan const krb5_keyblock *, 1284159d09a2SMark Phalan krb5_const_pointer, 1285159d09a2SMark Phalan krb5_kdc_rep * ), 1286159d09a2SMark Phalan krb5_keyblock **, 1287159d09a2SMark Phalan krb5_creds *, 1288159d09a2SMark Phalan krb5_int32 *); 1289159d09a2SMark Phalan 12907c478bd9Sstevel@tonic-gate void krb5_free_etype_info (krb5_context, krb5_etype_info); 12917c478bd9Sstevel@tonic-gate 12927c478bd9Sstevel@tonic-gate /* 12937c478bd9Sstevel@tonic-gate * Preauthentication property flags 12947c478bd9Sstevel@tonic-gate */ 12957c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001 12967c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002 12977c478bd9Sstevel@tonic-gate 12987c478bd9Sstevel@tonic-gate #endif /* KRB5_PREAUTH__ */ 12997c478bd9Sstevel@tonic-gate /* 13007c478bd9Sstevel@tonic-gate * End "preauth.h" 13017c478bd9Sstevel@tonic-gate */ 13027c478bd9Sstevel@tonic-gate 1303159d09a2SMark Phalan /* 1304159d09a2SMark Phalan * Extending the krb5_get_init_creds_opt structure. The original 1305159d09a2SMark Phalan * krb5_get_init_creds_opt structure is defined publicly. The 1306159d09a2SMark Phalan * new extended version is private. The original interface 1307159d09a2SMark Phalan * assumed a pre-allocated structure which was passed to 1308159d09a2SMark Phalan * krb5_get_init_creds_init(). The new interface assumes that 1309159d09a2SMark Phalan * the caller will call krb5_get_init_creds_alloc() and 1310159d09a2SMark Phalan * krb5_get_init_creds_free(). 1311159d09a2SMark Phalan * 1312159d09a2SMark Phalan * Callers MUST NOT call krb5_get_init_creds_init() after allocating an 1313159d09a2SMark Phalan * opts structure using krb5_get_init_creds_alloc(). To do so will 1314159d09a2SMark Phalan * introduce memory leaks. Unfortunately, there is no way to enforce 1315159d09a2SMark Phalan * this behavior. 1316159d09a2SMark Phalan * 1317159d09a2SMark Phalan * Two private flags are added for backward compatibility. 1318159d09a2SMark Phalan * KRB5_GET_INIT_CREDS_OPT_EXTENDED says that the structure was allocated 1319159d09a2SMark Phalan * with the new krb5_get_init_creds_opt_alloc() function. 1320159d09a2SMark Phalan * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended 1321159d09a2SMark Phalan * structure is a shadow copy of an original krb5_get_init_creds_opt 1322159d09a2SMark Phalan * structure. 1323159d09a2SMark Phalan * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to 1324159d09a2SMark Phalan * krb5int_gic_opt_to_opte(), the resulting extended structure should be 1325159d09a2SMark Phalan * freed (using krb5_get_init_creds_free). Otherwise, the original 1326159d09a2SMark Phalan * structure was already extended and there is no need to free it. 1327159d09a2SMark Phalan */ 1328159d09a2SMark Phalan 1329159d09a2SMark Phalan #define KRB5_GET_INIT_CREDS_OPT_EXTENDED 0x80000000 1330159d09a2SMark Phalan #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000 1331159d09a2SMark Phalan 1332159d09a2SMark Phalan #define krb5_gic_opt_is_extended(s) \ 1333159d09a2SMark Phalan ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0) 1334159d09a2SMark Phalan #define krb5_gic_opt_is_shadowed(s) \ 1335159d09a2SMark Phalan ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0) 1336159d09a2SMark Phalan 1337159d09a2SMark Phalan 1338159d09a2SMark Phalan typedef struct _krb5_gic_opt_private { 1339159d09a2SMark Phalan int num_preauth_data; 1340159d09a2SMark Phalan krb5_gic_opt_pa_data *preauth_data; 1341159d09a2SMark Phalan } krb5_gic_opt_private; 1342159d09a2SMark Phalan 1343159d09a2SMark Phalan typedef struct _krb5_gic_opt_ext { 1344159d09a2SMark Phalan krb5_flags flags; 1345159d09a2SMark Phalan krb5_deltat tkt_life; 1346159d09a2SMark Phalan krb5_deltat renew_life; 1347159d09a2SMark Phalan int forwardable; 1348159d09a2SMark Phalan int proxiable; 1349159d09a2SMark Phalan krb5_enctype *etype_list; 1350159d09a2SMark Phalan int etype_list_length; 1351159d09a2SMark Phalan krb5_address **address_list; 1352159d09a2SMark Phalan krb5_preauthtype *preauth_list; 1353159d09a2SMark Phalan int preauth_list_length; 1354159d09a2SMark Phalan krb5_data *salt; 1355159d09a2SMark Phalan /* 1356159d09a2SMark Phalan * Do not change anything above this point in this structure. 1357159d09a2SMark Phalan * It is identical to the public krb5_get_init_creds_opt structure. 1358159d09a2SMark Phalan * New members must be added below. 1359159d09a2SMark Phalan */ 1360159d09a2SMark Phalan krb5_gic_opt_private *opt_private; 1361159d09a2SMark Phalan } krb5_gic_opt_ext; 1362159d09a2SMark Phalan 1363159d09a2SMark Phalan krb5_error_code 1364159d09a2SMark Phalan krb5int_gic_opt_to_opte(krb5_context context, 1365159d09a2SMark Phalan krb5_get_init_creds_opt *opt, 1366159d09a2SMark Phalan krb5_gic_opt_ext **opte, 1367159d09a2SMark Phalan unsigned int force, 1368159d09a2SMark Phalan const char *where); 1369159d09a2SMark Phalan 13707c478bd9Sstevel@tonic-gate krb5_error_code 13717c478bd9Sstevel@tonic-gate krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *); 13727c478bd9Sstevel@tonic-gate 13737c478bd9Sstevel@tonic-gate #ifndef _KERNEL /* needed for lib/krb5/krb/ */ 13747c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_gic_get_as_key_fct) 13757c478bd9Sstevel@tonic-gate (krb5_context, 1376159d09a2SMark Phalan krb5_principal, 1377159d09a2SMark Phalan krb5_enctype, 1378159d09a2SMark Phalan krb5_prompter_fct, 1379159d09a2SMark Phalan void *prompter_data, 1380159d09a2SMark Phalan krb5_data *salt, 13817c478bd9Sstevel@tonic-gate krb5_data *s2kparams, 1382159d09a2SMark Phalan krb5_keyblock *as_key, 1383159d09a2SMark Phalan void *gak_data); 13847c478bd9Sstevel@tonic-gate 13857c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV 13867c478bd9Sstevel@tonic-gate krb5_get_init_creds 13877c478bd9Sstevel@tonic-gate (krb5_context context, 1388159d09a2SMark Phalan krb5_creds *creds, 1389159d09a2SMark Phalan krb5_principal client, 1390159d09a2SMark Phalan krb5_prompter_fct prompter, 1391159d09a2SMark Phalan void *prompter_data, 1392159d09a2SMark Phalan krb5_deltat start_time, 1393159d09a2SMark Phalan char *in_tkt_service, 1394159d09a2SMark Phalan krb5_gic_opt_ext *gic_options, 1395159d09a2SMark Phalan krb5_gic_get_as_key_fct gak, 1396159d09a2SMark Phalan void *gak_data, 1397159d09a2SMark Phalan int *master, 1398159d09a2SMark Phalan krb5_kdc_rep **as_reply); 1399159d09a2SMark Phalan 1400159d09a2SMark Phalan krb5_error_code krb5int_populate_gic_opt ( 1401159d09a2SMark Phalan krb5_context, krb5_gic_opt_ext **, 1402159d09a2SMark Phalan krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes, 1403159d09a2SMark Phalan krb5_preauthtype *pre_auth_types, krb5_creds *creds); 1404159d09a2SMark Phalan 1405159d09a2SMark Phalan 1406159d09a2SMark Phalan krb5_error_code KRB5_CALLCONV krb5_do_preauth 1407159d09a2SMark Phalan (krb5_context context, 1408159d09a2SMark Phalan krb5_kdc_req *request, 1409159d09a2SMark Phalan krb5_data *encoded_request_body, 1410159d09a2SMark Phalan krb5_data *encoded_previous_request, 1411159d09a2SMark Phalan krb5_pa_data **in_padata, krb5_pa_data ***out_padata, 1412159d09a2SMark Phalan krb5_data *salt, krb5_data *s2kparams, 1413159d09a2SMark Phalan krb5_enctype *etype, krb5_keyblock *as_key, 1414159d09a2SMark Phalan krb5_prompter_fct prompter, void *prompter_data, 1415159d09a2SMark Phalan krb5_gic_get_as_key_fct gak_fct, void *gak_data, 1416159d09a2SMark Phalan krb5_preauth_client_rock *get_data_rock, 1417159d09a2SMark Phalan krb5_gic_opt_ext *opte); 1418159d09a2SMark Phalan krb5_error_code KRB5_CALLCONV krb5_do_preauth_tryagain 1419159d09a2SMark Phalan (krb5_context context, 1420159d09a2SMark Phalan krb5_kdc_req *request, 1421159d09a2SMark Phalan krb5_data *encoded_request_body, 1422159d09a2SMark Phalan krb5_data *encoded_previous_request, 1423159d09a2SMark Phalan krb5_pa_data **in_padata, krb5_pa_data ***out_padata, 1424159d09a2SMark Phalan krb5_error *err_reply, 1425159d09a2SMark Phalan krb5_data *salt, krb5_data *s2kparams, 1426159d09a2SMark Phalan krb5_enctype *etype, krb5_keyblock *as_key, 1427159d09a2SMark Phalan krb5_prompter_fct prompter, void *prompter_data, 1428159d09a2SMark Phalan krb5_gic_get_as_key_fct gak_fct, void *gak_data, 1429159d09a2SMark Phalan krb5_preauth_client_rock *get_data_rock, 1430159d09a2SMark Phalan krb5_gic_opt_ext *opte); 1431159d09a2SMark Phalan void KRB5_CALLCONV krb5_init_preauth_context 1432159d09a2SMark Phalan (krb5_context); 1433159d09a2SMark Phalan void KRB5_CALLCONV krb5_free_preauth_context 1434159d09a2SMark Phalan (krb5_context); 1435159d09a2SMark Phalan void KRB5_CALLCONV krb5_clear_preauth_context_use_counts 1436159d09a2SMark Phalan (krb5_context); 1437159d09a2SMark Phalan void KRB5_CALLCONV krb5_preauth_prepare_request 1438159d09a2SMark Phalan (krb5_context, krb5_gic_opt_ext *, krb5_kdc_req *); 1439159d09a2SMark Phalan void KRB5_CALLCONV krb5_preauth_request_context_init 1440159d09a2SMark Phalan (krb5_context); 1441159d09a2SMark Phalan void KRB5_CALLCONV krb5_preauth_request_context_fini 1442159d09a2SMark Phalan (krb5_context); 14437c478bd9Sstevel@tonic-gate 1444159d09a2SMark Phalan #endif /* _KERNEL */ 14457c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge 14467c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge * ); 14477c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2 14487c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2 * ); 14497c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body 14507c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2_body *); 14517c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response 14527c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response * ); 14537c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2 14547c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response_2 * ); 14557c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response 14567c478bd9Sstevel@tonic-gate (krb5_context, krb5_predicted_sam_response * ); 14577c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc 14587c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc * ); 14597c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2 14607c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc_2 * ); 14617c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_contents 14627c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge * ); 14637c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_contents 14647c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2 * ); 14657c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents 14667c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2_body * ); 14677c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_contents 14687c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response * ); 14697c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2_contents 14707c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response_2 *); 14717c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response_contents 14727c478bd9Sstevel@tonic-gate (krb5_context, krb5_predicted_sam_response * ); 14737c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents 14747c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc * ); 14757c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents 14767c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc_2 * ); 1477159d09a2SMark Phalan 14787c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_pa_enc_ts 14797c478bd9Sstevel@tonic-gate (krb5_context, krb5_pa_enc_ts *); 14807c478bd9Sstevel@tonic-gate 14817c478bd9Sstevel@tonic-gate /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ 1482505d05c7Sgtb #ifndef _KERNEL 1483505d05c7Sgtb #include "com_err.h" 148454925bf6Swillf #include <krb5/k5-plugin.h> 1485505d05c7Sgtb #endif /* _KERNEL */ 1486505d05c7Sgtb 14877c478bd9Sstevel@tonic-gate /* 14887c478bd9Sstevel@tonic-gate * Solaris Kerberos: moved from sendto_kdc.c so other code can reference 14897c478bd9Sstevel@tonic-gate */ 14907c478bd9Sstevel@tonic-gate #define DEFAULT_UDP_PREF_LIMIT 1465 14917c478bd9Sstevel@tonic-gate 14927c478bd9Sstevel@tonic-gate #ifndef _KERNEL 14937c478bd9Sstevel@tonic-gate #include "profile.h" 14947c478bd9Sstevel@tonic-gate #include <strings.h> 14957c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 14967c478bd9Sstevel@tonic-gate 14977c478bd9Sstevel@tonic-gate #define KEY_CHANGED(k1, k2) \ 14987c478bd9Sstevel@tonic-gate (k1 == NULL || \ 14997c478bd9Sstevel@tonic-gate k1 != k2 || \ 15007c478bd9Sstevel@tonic-gate k1->enctype != k2->enctype || \ 15017c478bd9Sstevel@tonic-gate k1->length != k2->length || \ 15027c478bd9Sstevel@tonic-gate bcmp(k1->contents, k2->contents, k1->length)) 15037c478bd9Sstevel@tonic-gate 15047c478bd9Sstevel@tonic-gate #ifndef _KERNEL 15057c478bd9Sstevel@tonic-gate typedef struct _arcfour_ctx { 15067c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE eSession; /* encrypt session handle */ 15077c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE dSession; /* decrypt session handle */ 15087c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE eKey; /* encrypt key object */ 15097c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE dKey; /* decrype key object */ 15107c478bd9Sstevel@tonic-gate uchar_t initialized; 15117c478bd9Sstevel@tonic-gate }arcfour_ctx_rec; 15127c478bd9Sstevel@tonic-gate 15137c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 15147c478bd9Sstevel@tonic-gate 15157c478bd9Sstevel@tonic-gate struct _krb5_context { 15167c478bd9Sstevel@tonic-gate krb5_magic magic; 15177c478bd9Sstevel@tonic-gate krb5_enctype *in_tkt_ktypes; 1518159d09a2SMark Phalan unsigned int in_tkt_ktype_count; 15197c478bd9Sstevel@tonic-gate krb5_enctype *tgs_ktypes; 1520159d09a2SMark Phalan unsigned int tgs_ktype_count; 1521159d09a2SMark Phalan /* This used to be a void*, but since we always allocate them 1522159d09a2SMark Phalan together (though in different source files), and the types 1523159d09a2SMark Phalan are declared in the same header, might as well just combine 1524159d09a2SMark Phalan them. 1525159d09a2SMark Phalan 1526159d09a2SMark Phalan The array[1] is so the existing code treating the field as 1527159d09a2SMark Phalan a pointer will still work. For cleanliness, it should 1528159d09a2SMark Phalan eventually get changed to a single element instead of an 1529159d09a2SMark Phalan array. */ 1530159d09a2SMark Phalan struct _krb5_os_context os_context[1]; 15317c478bd9Sstevel@tonic-gate char *default_realm; 15327c478bd9Sstevel@tonic-gate int ser_ctx_count; 15337c478bd9Sstevel@tonic-gate krb5_boolean profile_secure; 15347c478bd9Sstevel@tonic-gate void *ser_ctx; 15357c478bd9Sstevel@tonic-gate #ifndef _KERNEL 15367c478bd9Sstevel@tonic-gate profile_t profile; 15377c478bd9Sstevel@tonic-gate void *db_context; 15387c478bd9Sstevel@tonic-gate void *kdblog_context; 15397c478bd9Sstevel@tonic-gate /* allowable clock skew */ 15407c478bd9Sstevel@tonic-gate krb5_deltat clockskew; 15417c478bd9Sstevel@tonic-gate krb5_cksumtype kdc_req_sumtype; 15427c478bd9Sstevel@tonic-gate krb5_cksumtype default_ap_req_sumtype; 15437c478bd9Sstevel@tonic-gate krb5_cksumtype default_safe_sumtype; 15447c478bd9Sstevel@tonic-gate krb5_flags kdc_default_options; 15457c478bd9Sstevel@tonic-gate krb5_flags library_options; 15467c478bd9Sstevel@tonic-gate int fcc_default_format; 15477c478bd9Sstevel@tonic-gate int scc_default_format; 15487c478bd9Sstevel@tonic-gate krb5_prompt_type *prompt_types; 15497c478bd9Sstevel@tonic-gate /* Message size above which we'll try TCP first in send-to-kdc 15507c478bd9Sstevel@tonic-gate type code. Aside from the 2**16 size limit, we put no 15517c478bd9Sstevel@tonic-gate absolute limit on the UDP packet size. */ 15527c478bd9Sstevel@tonic-gate int udp_pref_limit; 15537c478bd9Sstevel@tonic-gate 15547c478bd9Sstevel@tonic-gate /* This is the tgs_ktypes list as read from the profile, or 15557c478bd9Sstevel@tonic-gate set to compiled-in defaults. The application code cannot 15567c478bd9Sstevel@tonic-gate override it. This is used for session keys for 15577c478bd9Sstevel@tonic-gate intermediate ticket-granting tickets used to acquire the 15587c478bd9Sstevel@tonic-gate requested ticket (the session key of which may be 15597c478bd9Sstevel@tonic-gate constrained by tgs_ktypes above). */ 15607c478bd9Sstevel@tonic-gate krb5_enctype *conf_tgs_ktypes; 15617c478bd9Sstevel@tonic-gate int conf_tgs_ktypes_count; 15627c478bd9Sstevel@tonic-gate 15637c478bd9Sstevel@tonic-gate /* Use the _configured version? */ 15647c478bd9Sstevel@tonic-gate krb5_boolean use_conf_ktypes; 1565159d09a2SMark Phalan 15667c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 1567159d09a2SMark Phalan krb5_boolean profile_in_memory; 15687c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 15697c478bd9Sstevel@tonic-gate 1570159d09a2SMark Phalan /* locate_kdc module stuff */ 1571159d09a2SMark Phalan struct plugin_dir_handle libkrb5_plugins; 1572159d09a2SMark Phalan struct krb5plugin_service_locate_ftable *vtbl; 1573159d09a2SMark Phalan void (**locate_fptrs)(void); 1574159d09a2SMark Phalan 15757c478bd9Sstevel@tonic-gate pid_t pid; /* fork safety: PID of process that did last PKCS11 init */ 15767c478bd9Sstevel@tonic-gate 15777c478bd9Sstevel@tonic-gate /* Solaris Kerberos: handles for PKCS#11 crypto */ 15787c478bd9Sstevel@tonic-gate /* 15797c478bd9Sstevel@tonic-gate * Warning, do not access hSession directly as this is not fork() safe. 15807c478bd9Sstevel@tonic-gate * Instead use the krb_ctx_hSession() macro below. 15817c478bd9Sstevel@tonic-gate */ 15827c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE hSession; 15837c478bd9Sstevel@tonic-gate int cryptoki_initialized; 15847c478bd9Sstevel@tonic-gate 15857c478bd9Sstevel@tonic-gate /* arcfour_ctx: used only for rcmd stuff so no fork safety issues apply */ 15867c478bd9Sstevel@tonic-gate arcfour_ctx_rec arcfour_ctx; 158754925bf6Swillf 1588159d09a2SMark Phalan /* preauth module stuff */ 1589159d09a2SMark Phalan struct plugin_dir_handle preauth_plugins; 1590159d09a2SMark Phalan krb5_preauth_context *preauth_context; 1591159d09a2SMark Phalan 159254925bf6Swillf /* error detail info */ 159354925bf6Swillf struct errinfo err; 15947c478bd9Sstevel@tonic-gate #else /* ! KERNEL */ 15957c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cipher_mt; 15967c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_hash_mt; 15977c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cksum_mt; 15987c478bd9Sstevel@tonic-gate #endif /* ! KERNEL */ 15997c478bd9Sstevel@tonic-gate }; 16007c478bd9Sstevel@tonic-gate 16017c478bd9Sstevel@tonic-gate #ifndef _KERNEL 16027c478bd9Sstevel@tonic-gate extern pid_t __krb5_current_pid; 16037c478bd9Sstevel@tonic-gate 16047c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE krb5_reinit_ef_handle(krb5_context); 16057c478bd9Sstevel@tonic-gate 16067c478bd9Sstevel@tonic-gate /* 16077c478bd9Sstevel@tonic-gate * fork safety: barring the ef_init code, every other function must use the 16087c478bd9Sstevel@tonic-gate * krb_ctx_hSession() macro to access the hSession field in a krb context. 16097c478bd9Sstevel@tonic-gate * Note, if the pid of the krb ctx == the current global pid then it is safe to 16107c478bd9Sstevel@tonic-gate * use the ctx hSession otherwise it needs to be re-inited before it is returned 16117c478bd9Sstevel@tonic-gate * to the caller. 16127c478bd9Sstevel@tonic-gate */ 16137c478bd9Sstevel@tonic-gate #define krb_ctx_hSession(ctx) \ 16147c478bd9Sstevel@tonic-gate ((ctx)->pid == __krb5_current_pid) ? (ctx)->hSession : krb5_reinit_ef_handle((ctx)) 16157c478bd9Sstevel@tonic-gate #endif 16167c478bd9Sstevel@tonic-gate 16177c478bd9Sstevel@tonic-gate #define MD5_CKSUM_LENGTH 16 16187c478bd9Sstevel@tonic-gate #define RSA_MD5_CKSUM_LENGTH 16 16197c478bd9Sstevel@tonic-gate #define MD5_BLOCKSIZE 64 16207c478bd9Sstevel@tonic-gate 16217c478bd9Sstevel@tonic-gate 16227c478bd9Sstevel@tonic-gate /* 16237c478bd9Sstevel@tonic-gate * Solaris Kerberos: 16247c478bd9Sstevel@tonic-gate * This next section of prototypes and constants 16257c478bd9Sstevel@tonic-gate * are all unique to the Solaris Kerberos implementation. 16267c478bd9Sstevel@tonic-gate * Because Solaris uses the native encryption framework 16277c478bd9Sstevel@tonic-gate * to provide crypto support, the following routines 16287c478bd9Sstevel@tonic-gate * are needed to support this system. 16297c478bd9Sstevel@tonic-gate */ 16307c478bd9Sstevel@tonic-gate 16317c478bd9Sstevel@tonic-gate /* 16327c478bd9Sstevel@tonic-gate * Begin Solaris Crypto Prototypes 16337c478bd9Sstevel@tonic-gate */ 16347c478bd9Sstevel@tonic-gate 16357c478bd9Sstevel@tonic-gate /* 16367c478bd9Sstevel@tonic-gate * define constants that are used for creating the constant 16377c478bd9Sstevel@tonic-gate * which is used to make derived keys. 16387c478bd9Sstevel@tonic-gate */ 16397c478bd9Sstevel@tonic-gate #define DK_ENCR_KEY_BYTE 0xAA 16407c478bd9Sstevel@tonic-gate #define DK_HASH_KEY_BYTE 0x55 16417c478bd9Sstevel@tonic-gate #define DK_CKSUM_KEY_BYTE 0x99 16427c478bd9Sstevel@tonic-gate 16437c478bd9Sstevel@tonic-gate int init_derived_keydata(krb5_context, const struct krb5_enc_provider *, 16447c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyusage, 16457c478bd9Sstevel@tonic-gate krb5_keyblock **, krb5_keyblock **); 16467c478bd9Sstevel@tonic-gate 16477c478bd9Sstevel@tonic-gate krb5_error_code add_derived_key(krb5_keyblock *, krb5_keyusage, uchar_t, 16487c478bd9Sstevel@tonic-gate krb5_keyblock *); 16497c478bd9Sstevel@tonic-gate 16507c478bd9Sstevel@tonic-gate krb5_keyblock *find_derived_key(krb5_keyusage, uchar_t, krb5_keyblock *); 16517c478bd9Sstevel@tonic-gate krb5_keyblock *krb5_create_derived_keyblock(int); 16527c478bd9Sstevel@tonic-gate 16537c478bd9Sstevel@tonic-gate #ifdef _KERNEL 16547c478bd9Sstevel@tonic-gate int k5_ef_hash(krb5_context, int, const krb5_data *, krb5_data *); 16557c478bd9Sstevel@tonic-gate 16567c478bd9Sstevel@tonic-gate int k5_ef_mac(krb5_context, krb5_keyblock *, krb5_data *, 16577c478bd9Sstevel@tonic-gate const krb5_data *, krb5_data *); 16587c478bd9Sstevel@tonic-gate 16597c478bd9Sstevel@tonic-gate void make_kef_key(krb5_keyblock *); 16607c478bd9Sstevel@tonic-gate int init_key_kef(crypto_mech_type_t, krb5_keyblock *); 16617c478bd9Sstevel@tonic-gate int update_key_template(krb5_keyblock *); 16627c478bd9Sstevel@tonic-gate void setup_kef_keytypes(); 16637c478bd9Sstevel@tonic-gate void setup_kef_cksumtypes(); 16647c478bd9Sstevel@tonic-gate crypto_mech_type_t get_cipher_mech_type(krb5_context, krb5_keyblock *); 16657c478bd9Sstevel@tonic-gate crypto_mech_type_t get_hash_mech_type(krb5_context, krb5_keyblock *); 16667c478bd9Sstevel@tonic-gate 16677c478bd9Sstevel@tonic-gate #else 16687c478bd9Sstevel@tonic-gate /* 16697c478bd9Sstevel@tonic-gate * This structure is used to map Kerberos supported OID's, 16707c478bd9Sstevel@tonic-gate * to PKCS11 mechanisms 16717c478bd9Sstevel@tonic-gate */ 16727c478bd9Sstevel@tonic-gate #define USE_ENCR 0x01 16737c478bd9Sstevel@tonic-gate #define USE_HASH 0x02 16747c478bd9Sstevel@tonic-gate 16757c478bd9Sstevel@tonic-gate typedef struct krb5_mech_2_pkcs { 16767c478bd9Sstevel@tonic-gate uchar_t flags; 16777c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE enc_algo; 16787c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE hash_algo; 16797c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE str2key_algo; 16807c478bd9Sstevel@tonic-gate } KRB5_MECH_TO_PKCS; 16817c478bd9Sstevel@tonic-gate 16827c478bd9Sstevel@tonic-gate #define ENC_DEFINED(x) (((x).flags & USE_ENCR)) 16837c478bd9Sstevel@tonic-gate #define HASH_DEFINED(x) (((x).flags & USE_HASH)) 16847c478bd9Sstevel@tonic-gate 16857c478bd9Sstevel@tonic-gate extern CK_RV get_algo(krb5_enctype etype, KRB5_MECH_TO_PKCS * algos); 16867c478bd9Sstevel@tonic-gate extern CK_RV get_key_type (krb5_enctype etype, CK_KEY_TYPE * keyType); 16877c478bd9Sstevel@tonic-gate extern krb5_error_code slot_supports_krb5 (CK_SLOT_ID_PTR slotid); 16887c478bd9Sstevel@tonic-gate 16897c478bd9Sstevel@tonic-gate krb5_error_code init_key_uef(CK_SESSION_HANDLE, krb5_keyblock *); 16907c478bd9Sstevel@tonic-gate 16917c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_hash(krb5_context, CK_MECHANISM *, 16927c478bd9Sstevel@tonic-gate unsigned int, const krb5_data *, krb5_data *); 16937c478bd9Sstevel@tonic-gate 16947c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_mac(krb5_context context, 16957c478bd9Sstevel@tonic-gate krb5_keyblock *key, krb5_data *ivec, 16967c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 16977c478bd9Sstevel@tonic-gate 16987c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 16997c478bd9Sstevel@tonic-gate 17007c478bd9Sstevel@tonic-gate krb5_error_code 17017c478bd9Sstevel@tonic-gate derive_3des_keys(krb5_context, struct krb5_enc_provider *, 17027c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyusage, 17037c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyblock *); 17047c478bd9Sstevel@tonic-gate 17057c478bd9Sstevel@tonic-gate /* 17067c478bd9Sstevel@tonic-gate * End Solaris Crypto Prototypes 17077c478bd9Sstevel@tonic-gate */ 17087c478bd9Sstevel@tonic-gate 17097c478bd9Sstevel@tonic-gate #define KRB5_LIBOPT_SYNC_KDCTIME 0x0001 17107c478bd9Sstevel@tonic-gate 1711505d05c7Sgtb /* internal message representations */ 1712505d05c7Sgtb 1713505d05c7Sgtb typedef struct _krb5_safe { 1714505d05c7Sgtb krb5_magic magic; 1715159d09a2SMark Phalan krb5_data user_data; /* user data */ 1716159d09a2SMark Phalan krb5_timestamp timestamp; /* client time, optional */ 1717159d09a2SMark Phalan krb5_int32 usec; /* microsecond portion of time, 1718159d09a2SMark Phalan optional */ 1719159d09a2SMark Phalan krb5_ui_4 seq_number; /* sequence #, optional */ 1720159d09a2SMark Phalan krb5_address *s_address; /* sender address */ 1721159d09a2SMark Phalan krb5_address *r_address; /* recipient address, optional */ 1722159d09a2SMark Phalan krb5_checksum *checksum; /* data integrity checksum */ 1723505d05c7Sgtb } krb5_safe; 1724505d05c7Sgtb 1725505d05c7Sgtb typedef struct _krb5_priv { 1726505d05c7Sgtb krb5_magic magic; 1727159d09a2SMark Phalan krb5_enc_data enc_part; /* encrypted part */ 1728505d05c7Sgtb } krb5_priv; 1729505d05c7Sgtb 1730505d05c7Sgtb typedef struct _krb5_priv_enc_part { 1731505d05c7Sgtb krb5_magic magic; 1732159d09a2SMark Phalan krb5_data user_data; /* user data */ 1733159d09a2SMark Phalan krb5_timestamp timestamp; /* client time, optional */ 1734159d09a2SMark Phalan krb5_int32 usec; /* microsecond portion of time, opt. */ 1735159d09a2SMark Phalan krb5_ui_4 seq_number; /* sequence #, optional */ 1736159d09a2SMark Phalan krb5_address *s_address; /* sender address */ 1737159d09a2SMark Phalan krb5_address *r_address; /* recipient address, optional */ 1738505d05c7Sgtb } krb5_priv_enc_part; 1739505d05c7Sgtb 1740505d05c7Sgtb void KRB5_CALLCONV krb5_free_safe 1741159d09a2SMark Phalan (krb5_context, krb5_safe * ); 1742505d05c7Sgtb void KRB5_CALLCONV krb5_free_priv 1743159d09a2SMark Phalan (krb5_context, krb5_priv * ); 1744505d05c7Sgtb void KRB5_CALLCONV krb5_free_priv_enc_part 1745159d09a2SMark Phalan (krb5_context, krb5_priv_enc_part * ); 1746505d05c7Sgtb 17477c478bd9Sstevel@tonic-gate /* 17487c478bd9Sstevel@tonic-gate * Begin "asn1.h" 17497c478bd9Sstevel@tonic-gate */ 17507c478bd9Sstevel@tonic-gate #ifndef KRB5_ASN1__ 17517c478bd9Sstevel@tonic-gate #define KRB5_ASN1__ 17527c478bd9Sstevel@tonic-gate 17537c478bd9Sstevel@tonic-gate /* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */ 17547c478bd9Sstevel@tonic-gate /* here we use some knowledge of ASN.1 encodings */ 1755159d09a2SMark Phalan /* 17567c478bd9Sstevel@tonic-gate Ticket is APPLICATION 1. 17577c478bd9Sstevel@tonic-gate Authenticator is APPLICATION 2. 17587c478bd9Sstevel@tonic-gate AS_REQ is APPLICATION 10. 17597c478bd9Sstevel@tonic-gate AS_REP is APPLICATION 11. 17607c478bd9Sstevel@tonic-gate TGS_REQ is APPLICATION 12. 17617c478bd9Sstevel@tonic-gate TGS_REP is APPLICATION 13. 17627c478bd9Sstevel@tonic-gate AP_REQ is APPLICATION 14. 17637c478bd9Sstevel@tonic-gate AP_REP is APPLICATION 15. 17647c478bd9Sstevel@tonic-gate KRB_SAFE is APPLICATION 20. 17657c478bd9Sstevel@tonic-gate KRB_PRIV is APPLICATION 21. 17667c478bd9Sstevel@tonic-gate KRB_CRED is APPLICATION 22. 17677c478bd9Sstevel@tonic-gate EncASRepPart is APPLICATION 25. 17687c478bd9Sstevel@tonic-gate EncTGSRepPart is APPLICATION 26. 17697c478bd9Sstevel@tonic-gate EncAPRepPart is APPLICATION 27. 17707c478bd9Sstevel@tonic-gate EncKrbPrivPart is APPLICATION 28. 17717c478bd9Sstevel@tonic-gate EncKrbCredPart is APPLICATION 29. 17727c478bd9Sstevel@tonic-gate KRB_ERROR is APPLICATION 30. 17737c478bd9Sstevel@tonic-gate */ 17747c478bd9Sstevel@tonic-gate /* allow either constructed or primitive encoding, so check for bit 6 17757c478bd9Sstevel@tonic-gate set or reset */ 17767c478bd9Sstevel@tonic-gate #define krb5_is_krb_ticket(dat)\ 17777c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\ 17787c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x41)) 17797c478bd9Sstevel@tonic-gate #define krb5_is_krb_authenticator(dat)\ 17807c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\ 17817c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x42)) 17827c478bd9Sstevel@tonic-gate #define krb5_is_as_req(dat)\ 17837c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\ 17847c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4a)) 17857c478bd9Sstevel@tonic-gate #define krb5_is_as_rep(dat)\ 17867c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\ 17877c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4b)) 17887c478bd9Sstevel@tonic-gate #define krb5_is_tgs_req(dat)\ 17897c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\ 17907c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4c)) 17917c478bd9Sstevel@tonic-gate #define krb5_is_tgs_rep(dat)\ 17927c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\ 17937c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4d)) 17947c478bd9Sstevel@tonic-gate #define krb5_is_ap_req(dat)\ 17957c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\ 17967c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4e)) 17977c478bd9Sstevel@tonic-gate #define krb5_is_ap_rep(dat)\ 17987c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\ 17997c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4f)) 18007c478bd9Sstevel@tonic-gate #define krb5_is_krb_safe(dat)\ 18017c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\ 18027c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x54)) 18037c478bd9Sstevel@tonic-gate #define krb5_is_krb_priv(dat)\ 18047c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\ 18057c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x55)) 18067c478bd9Sstevel@tonic-gate #define krb5_is_krb_cred(dat)\ 18077c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\ 18087c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x56)) 18097c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_as_rep_part(dat)\ 18107c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\ 18117c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x59)) 18127c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_tgs_rep_part(dat)\ 18137c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\ 18147c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5a)) 18157c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_ap_rep_part(dat)\ 18167c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\ 18177c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5b)) 18187c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_priv_part(dat)\ 18197c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\ 18207c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5c)) 18217c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_cred_part(dat)\ 18227c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\ 18237c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5d)) 18247c478bd9Sstevel@tonic-gate #define krb5_is_krb_error(dat)\ 18257c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\ 18267c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5e)) 18277c478bd9Sstevel@tonic-gate 18287c478bd9Sstevel@tonic-gate /************************************************************************* 18297c478bd9Sstevel@tonic-gate * Prototypes for krb5_encode.c 18307c478bd9Sstevel@tonic-gate *************************************************************************/ 18317c478bd9Sstevel@tonic-gate 18327c478bd9Sstevel@tonic-gate /* 18337c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_structure(const krb5_structure *rep, 18347c478bd9Sstevel@tonic-gate krb5_data **code); 18357c478bd9Sstevel@tonic-gate modifies *code 18367c478bd9Sstevel@tonic-gate effects Returns the ASN.1 encoding of *rep in **code. 18377c478bd9Sstevel@tonic-gate Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep. 18387c478bd9Sstevel@tonic-gate Returns ENOMEM if memory runs out. 18397c478bd9Sstevel@tonic-gate */ 18407c478bd9Sstevel@tonic-gate 18417c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authenticator 18427c478bd9Sstevel@tonic-gate (const krb5_authenticator *rep, krb5_data **code); 18437c478bd9Sstevel@tonic-gate 18447c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ticket 18457c478bd9Sstevel@tonic-gate (const krb5_ticket *rep, krb5_data **code); 18467c478bd9Sstevel@tonic-gate 18477c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_encryption_key 18487c478bd9Sstevel@tonic-gate (const krb5_keyblock *rep, krb5_data **code); 18497c478bd9Sstevel@tonic-gate 18507c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_tkt_part 18517c478bd9Sstevel@tonic-gate (const krb5_enc_tkt_part *rep, krb5_data **code); 18527c478bd9Sstevel@tonic-gate 18537c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_kdc_rep_part 18547c478bd9Sstevel@tonic-gate (const krb5_enc_kdc_rep_part *rep, krb5_data **code); 18557c478bd9Sstevel@tonic-gate 1856159d09a2SMark Phalan /* yes, the translation is identical to that used for KDC__REP */ 18577c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_rep 18587c478bd9Sstevel@tonic-gate (const krb5_kdc_rep *rep, krb5_data **code); 18597c478bd9Sstevel@tonic-gate 1860159d09a2SMark Phalan /* yes, the translation is identical to that used for KDC__REP */ 18617c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_rep 18627c478bd9Sstevel@tonic-gate (const krb5_kdc_rep *rep, krb5_data **code); 18637c478bd9Sstevel@tonic-gate 18647c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_req 18657c478bd9Sstevel@tonic-gate (const krb5_ap_req *rep, krb5_data **code); 18667c478bd9Sstevel@tonic-gate 18677c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep 18687c478bd9Sstevel@tonic-gate (const krb5_ap_rep *rep, krb5_data **code); 18697c478bd9Sstevel@tonic-gate 18707c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep_enc_part 18717c478bd9Sstevel@tonic-gate (const krb5_ap_rep_enc_part *rep, krb5_data **code); 18727c478bd9Sstevel@tonic-gate 18737c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_req 18747c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 18757c478bd9Sstevel@tonic-gate 18767c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_req 18777c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 18787c478bd9Sstevel@tonic-gate 18797c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_kdc_req_body 18807c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 18817c478bd9Sstevel@tonic-gate 18827c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe 18837c478bd9Sstevel@tonic-gate (const krb5_safe *rep, krb5_data **code); 18847c478bd9Sstevel@tonic-gate 1885ba7b222eSGlenn Barry struct krb5_safe_with_body { 1886ba7b222eSGlenn Barry krb5_safe *safe; 1887ba7b222eSGlenn Barry krb5_data *body; 1888ba7b222eSGlenn Barry }; 1889ba7b222eSGlenn Barry 18907c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe_with_body 1891ba7b222eSGlenn Barry (const struct krb5_safe_with_body *rep, krb5_data **code); 18927c478bd9Sstevel@tonic-gate 18937c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_priv 18947c478bd9Sstevel@tonic-gate (const krb5_priv *rep, krb5_data **code); 18957c478bd9Sstevel@tonic-gate 18967c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_priv_part 18977c478bd9Sstevel@tonic-gate (const krb5_priv_enc_part *rep, krb5_data **code); 18987c478bd9Sstevel@tonic-gate 18997c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_cred 19007c478bd9Sstevel@tonic-gate (const krb5_cred *rep, krb5_data **code); 19017c478bd9Sstevel@tonic-gate 19027c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_cred_part 19037c478bd9Sstevel@tonic-gate (const krb5_cred_enc_part *rep, krb5_data **code); 19047c478bd9Sstevel@tonic-gate 19057c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_error 19067c478bd9Sstevel@tonic-gate (const krb5_error *rep, krb5_data **code); 19077c478bd9Sstevel@tonic-gate 19087c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authdata 1909ba7b222eSGlenn Barry (krb5_authdata *const *rep, krb5_data **code); 19107c478bd9Sstevel@tonic-gate 1911159d09a2SMark Phalan krb5_error_code encode_krb5_authdata_elt 1912159d09a2SMark Phalan (const krb5_authdata *rep, krb5_data **code); 1913159d09a2SMark Phalan 19147c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_sequence 19157c478bd9Sstevel@tonic-gate (const passwd_phrase_element *rep, krb5_data **code); 19167c478bd9Sstevel@tonic-gate 19177c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_data 19187c478bd9Sstevel@tonic-gate (const krb5_pwd_data *rep, krb5_data **code); 19197c478bd9Sstevel@tonic-gate 19207c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_padata_sequence 1921ba7b222eSGlenn Barry (krb5_pa_data *const *rep, krb5_data **code); 19227c478bd9Sstevel@tonic-gate 19237c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_alt_method 19247c478bd9Sstevel@tonic-gate (const krb5_alt_method *, krb5_data **code); 19257c478bd9Sstevel@tonic-gate 19267c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info 1927ba7b222eSGlenn Barry (krb5_etype_info_entry *const *, krb5_data **code); 19287c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info2 1929ba7b222eSGlenn Barry (krb5_etype_info_entry *const *, krb5_data **code); 19307c478bd9Sstevel@tonic-gate 19317c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_data 19327c478bd9Sstevel@tonic-gate (const krb5_enc_data *, krb5_data **); 19337c478bd9Sstevel@tonic-gate 19347c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pa_enc_ts 19357c478bd9Sstevel@tonic-gate (const krb5_pa_enc_ts *, krb5_data **); 19367c478bd9Sstevel@tonic-gate 19377c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge 19387c478bd9Sstevel@tonic-gate (const krb5_sam_challenge * , krb5_data **); 19397c478bd9Sstevel@tonic-gate 19407c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_key 19417c478bd9Sstevel@tonic-gate (const krb5_sam_key * , krb5_data **); 19427c478bd9Sstevel@tonic-gate 19437c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc 19447c478bd9Sstevel@tonic-gate (const krb5_enc_sam_response_enc * , krb5_data **); 19457c478bd9Sstevel@tonic-gate 19467c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response 19477c478bd9Sstevel@tonic-gate (const krb5_sam_response * , krb5_data **); 19487c478bd9Sstevel@tonic-gate 19497c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2 19507c478bd9Sstevel@tonic-gate (const krb5_sam_challenge_2 * , krb5_data **); 19517c478bd9Sstevel@tonic-gate 19527c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2_body 19537c478bd9Sstevel@tonic-gate (const krb5_sam_challenge_2_body * , krb5_data **); 19547c478bd9Sstevel@tonic-gate 19557c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc_2 19567c478bd9Sstevel@tonic-gate (const krb5_enc_sam_response_enc_2 * , krb5_data **); 19577c478bd9Sstevel@tonic-gate 19587c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response_2 19597c478bd9Sstevel@tonic-gate (const krb5_sam_response_2 * , krb5_data **); 19607c478bd9Sstevel@tonic-gate 1961159d09a2SMark Phalan krb5_error_code encode_krb5_predicted_sam_response 1962159d09a2SMark Phalan (const krb5_predicted_sam_response * , krb5_data **); 1963159d09a2SMark Phalan 1964ba7b222eSGlenn Barry struct krb5_setpw_req { 1965ba7b222eSGlenn Barry krb5_principal target; 1966ba7b222eSGlenn Barry krb5_data password; 1967ba7b222eSGlenn Barry }; 196810db1377Sgtb krb5_error_code encode_krb5_setpw_req 1969ba7b222eSGlenn Barry (const struct krb5_setpw_req *rep, krb5_data **code); 197010db1377Sgtb 19717c478bd9Sstevel@tonic-gate /************************************************************************* 19727c478bd9Sstevel@tonic-gate * End of prototypes for krb5_encode.c 19737c478bd9Sstevel@tonic-gate *************************************************************************/ 19747c478bd9Sstevel@tonic-gate 1975159d09a2SMark Phalan krb5_error_code decode_krb5_sam_challenge 1976159d09a2SMark Phalan (const krb5_data *, krb5_sam_challenge **); 1977159d09a2SMark Phalan 1978159d09a2SMark Phalan krb5_error_code decode_krb5_enc_sam_key 1979159d09a2SMark Phalan (const krb5_data *, krb5_sam_key **); 1980159d09a2SMark Phalan 1981159d09a2SMark Phalan krb5_error_code decode_krb5_enc_sam_response_enc 1982159d09a2SMark Phalan (const krb5_data *, krb5_enc_sam_response_enc **); 1983159d09a2SMark Phalan 1984159d09a2SMark Phalan krb5_error_code decode_krb5_sam_response 1985159d09a2SMark Phalan (const krb5_data *, krb5_sam_response **); 1986159d09a2SMark Phalan 1987159d09a2SMark Phalan krb5_error_code decode_krb5_predicted_sam_response 1988159d09a2SMark Phalan (const krb5_data *, krb5_predicted_sam_response **); 1989159d09a2SMark Phalan 1990159d09a2SMark Phalan krb5_error_code decode_krb5_sam_challenge_2 1991159d09a2SMark Phalan (const krb5_data *, krb5_sam_challenge_2 **); 1992159d09a2SMark Phalan 1993159d09a2SMark Phalan krb5_error_code decode_krb5_sam_challenge_2_body 1994159d09a2SMark Phalan (const krb5_data *, krb5_sam_challenge_2_body **); 1995159d09a2SMark Phalan 1996159d09a2SMark Phalan krb5_error_code decode_krb5_enc_sam_response_enc_2 1997159d09a2SMark Phalan (const krb5_data *, krb5_enc_sam_response_enc_2 **); 1998159d09a2SMark Phalan 1999159d09a2SMark Phalan krb5_error_code decode_krb5_sam_response_2 2000159d09a2SMark Phalan (const krb5_data *, krb5_sam_response_2 **); 2001159d09a2SMark Phalan 2002159d09a2SMark Phalan 20037c478bd9Sstevel@tonic-gate /************************************************************************* 20047c478bd9Sstevel@tonic-gate * Prototypes for krb5_decode.c 20057c478bd9Sstevel@tonic-gate *************************************************************************/ 20067c478bd9Sstevel@tonic-gate 2007159d09a2SMark Phalan krb5_error_code krb5_validate_times 2008159d09a2SMark Phalan (krb5_context, 2009159d09a2SMark Phalan krb5_ticket_times *); 2010159d09a2SMark Phalan 20117c478bd9Sstevel@tonic-gate /* 20127c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_structure(const krb5_data *code, 20137c478bd9Sstevel@tonic-gate krb5_structure **rep); 2014159d09a2SMark Phalan 20157c478bd9Sstevel@tonic-gate requires Expects **rep to not have been allocated; 20167c478bd9Sstevel@tonic-gate a new *rep is allocated regardless of the old value. 20177c478bd9Sstevel@tonic-gate effects Decodes *code into **rep. 20187c478bd9Sstevel@tonic-gate Returns ENOMEM if memory is exhausted. 20197c478bd9Sstevel@tonic-gate Returns asn1 and krb5 errors. 20207c478bd9Sstevel@tonic-gate */ 20217c478bd9Sstevel@tonic-gate 20227c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authenticator 20237c478bd9Sstevel@tonic-gate (const krb5_data *code, krb5_authenticator **rep); 20247c478bd9Sstevel@tonic-gate 20257c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ticket 20267c478bd9Sstevel@tonic-gate (const krb5_data *code, krb5_ticket **rep); 20277c478bd9Sstevel@tonic-gate 20287c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_encryption_key 20297c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_keyblock **rep); 20307c478bd9Sstevel@tonic-gate 20317c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_tkt_part 20327c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_tkt_part **rep); 20337c478bd9Sstevel@tonic-gate 20347c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_kdc_rep_part 20357c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_kdc_rep_part **rep); 20367c478bd9Sstevel@tonic-gate 20377c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_rep 20387c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_rep **rep); 20397c478bd9Sstevel@tonic-gate 20407c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_rep 20417c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_rep **rep); 20427c478bd9Sstevel@tonic-gate 20437c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_req 20447c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_req **rep); 20457c478bd9Sstevel@tonic-gate 20467c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep 20477c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_rep **rep); 20487c478bd9Sstevel@tonic-gate 20497c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep_enc_part 20507c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_rep_enc_part **rep); 20517c478bd9Sstevel@tonic-gate 20527c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_req 20537c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 20547c478bd9Sstevel@tonic-gate 20557c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_req 20567c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 20577c478bd9Sstevel@tonic-gate 20587c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_kdc_req_body 20597c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 20607c478bd9Sstevel@tonic-gate 20617c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe 20627c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_safe **rep); 20637c478bd9Sstevel@tonic-gate 20647c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe_with_body 20657c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_safe **rep, krb5_data *body); 20667c478bd9Sstevel@tonic-gate 20677c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_priv 20687c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_priv **rep); 20697c478bd9Sstevel@tonic-gate 20707c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_priv_part 20717c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_priv_enc_part **rep); 20727c478bd9Sstevel@tonic-gate 20737c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_cred 20747c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_cred **rep); 20757c478bd9Sstevel@tonic-gate 20767c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_cred_part 20777c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_cred_enc_part **rep); 20787c478bd9Sstevel@tonic-gate 20797c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_error 20807c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_error **rep); 20817c478bd9Sstevel@tonic-gate 20827c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authdata 20837c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_authdata ***rep); 20847c478bd9Sstevel@tonic-gate 20857c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_sequence 20867c478bd9Sstevel@tonic-gate (const krb5_data *output, passwd_phrase_element **rep); 20877c478bd9Sstevel@tonic-gate 20887c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_data 20897c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pwd_data **rep); 20907c478bd9Sstevel@tonic-gate 20917c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_padata_sequence 20927c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pa_data ***rep); 20937c478bd9Sstevel@tonic-gate 20947c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_alt_method 20957c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_alt_method **rep); 20967c478bd9Sstevel@tonic-gate 20977c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info 20987c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_etype_info_entry ***rep); 20997c478bd9Sstevel@tonic-gate 21007c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info2 21017c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_etype_info_entry ***rep); 21027c478bd9Sstevel@tonic-gate 21037c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_data 21047c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_data **rep); 21057c478bd9Sstevel@tonic-gate 21067c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pa_enc_ts 21077c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pa_enc_ts **rep); 21087c478bd9Sstevel@tonic-gate 21097c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_key 21107c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_key **); 21117c478bd9Sstevel@tonic-gate 211254925bf6Swillf struct _krb5_key_data; /* kdb.h */ 211354925bf6Swillf krb5_error_code 211454925bf6Swillf krb5int_ldap_encode_sequence_of_keys (struct _krb5_key_data *key_data, 211554925bf6Swillf krb5_int16 n_key_data, 211654925bf6Swillf krb5_int32 mkvno, 211754925bf6Swillf krb5_data **code); 211854925bf6Swillf 211954925bf6Swillf krb5_error_code 212054925bf6Swillf krb5int_ldap_decode_sequence_of_keys (krb5_data *in, 212154925bf6Swillf struct _krb5_key_data **out, 212254925bf6Swillf krb5_int16 *n_key_data, 212354925bf6Swillf int *mkvno); 21247c478bd9Sstevel@tonic-gate 21257c478bd9Sstevel@tonic-gate /************************************************************************* 21267c478bd9Sstevel@tonic-gate * End of prototypes for krb5_decode.c 21277c478bd9Sstevel@tonic-gate *************************************************************************/ 21287c478bd9Sstevel@tonic-gate 21297c478bd9Sstevel@tonic-gate #endif /* KRB5_ASN1__ */ 21307c478bd9Sstevel@tonic-gate /* 21317c478bd9Sstevel@tonic-gate * End "asn1.h" 21327c478bd9Sstevel@tonic-gate */ 21337c478bd9Sstevel@tonic-gate 21347c478bd9Sstevel@tonic-gate 21357c478bd9Sstevel@tonic-gate /* 21367c478bd9Sstevel@tonic-gate * Internal krb5 library routines 21377c478bd9Sstevel@tonic-gate */ 21387c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_tkt_part 21397c478bd9Sstevel@tonic-gate (krb5_context, 2140159d09a2SMark Phalan const krb5_keyblock *, 2141159d09a2SMark Phalan krb5_ticket * ); 21427c478bd9Sstevel@tonic-gate 21437c478bd9Sstevel@tonic-gate 21447c478bd9Sstevel@tonic-gate krb5_error_code krb5_encode_kdc_rep 21457c478bd9Sstevel@tonic-gate (krb5_context, 2146159d09a2SMark Phalan const krb5_msgtype, 2147159d09a2SMark Phalan const krb5_enc_kdc_rep_part *, 2148159d09a2SMark Phalan int using_subkey, 2149159d09a2SMark Phalan const krb5_keyblock *, 2150159d09a2SMark Phalan krb5_kdc_rep *, 2151159d09a2SMark Phalan krb5_data ** ); 21527c478bd9Sstevel@tonic-gate 2153505d05c7Sgtb krb5_boolean krb5int_auth_con_chkseqnum 2154505d05c7Sgtb (krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq); 21557c478bd9Sstevel@tonic-gate /* 21567c478bd9Sstevel@tonic-gate * [De]Serialization Handle and operations. 21577c478bd9Sstevel@tonic-gate */ 21587c478bd9Sstevel@tonic-gate struct __krb5_serializer { 21597c478bd9Sstevel@tonic-gate krb5_magic odtype; 21607c478bd9Sstevel@tonic-gate krb5_error_code (*sizer) (krb5_context, 2161159d09a2SMark Phalan krb5_pointer, 2162159d09a2SMark Phalan size_t *); 21637c478bd9Sstevel@tonic-gate krb5_error_code (*externalizer) (krb5_context, 2164159d09a2SMark Phalan krb5_pointer, 2165159d09a2SMark Phalan krb5_octet **, 2166159d09a2SMark Phalan size_t *); 21677c478bd9Sstevel@tonic-gate krb5_error_code (*internalizer) (krb5_context, 2168159d09a2SMark Phalan krb5_pointer *, 2169159d09a2SMark Phalan krb5_octet **, 2170159d09a2SMark Phalan size_t *); 21717c478bd9Sstevel@tonic-gate }; 2172159d09a2SMark Phalan typedef const struct __krb5_serializer * krb5_ser_handle; 21737c478bd9Sstevel@tonic-gate typedef struct __krb5_serializer krb5_ser_entry; 21747c478bd9Sstevel@tonic-gate 21757c478bd9Sstevel@tonic-gate krb5_ser_handle krb5_find_serializer 2176505d05c7Sgtb (krb5_context, 2177505d05c7Sgtb krb5_magic); 21787c478bd9Sstevel@tonic-gate krb5_error_code krb5_register_serializer 2179505d05c7Sgtb (krb5_context, 2180505d05c7Sgtb const krb5_ser_entry *); 21817c478bd9Sstevel@tonic-gate 21827c478bd9Sstevel@tonic-gate /* Determine the external size of a particular opaque structure */ 2183505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_size_opaque 2184505d05c7Sgtb (krb5_context, 2185505d05c7Sgtb krb5_magic, 2186505d05c7Sgtb krb5_pointer, 2187505d05c7Sgtb size_t *); 21887c478bd9Sstevel@tonic-gate 21897c478bd9Sstevel@tonic-gate /* Serialize the structure into a buffer */ 2190505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_externalize_opaque 21917c478bd9Sstevel@tonic-gate (krb5_context, 2192159d09a2SMark Phalan krb5_magic, 2193159d09a2SMark Phalan krb5_pointer, 2194159d09a2SMark Phalan krb5_octet **, 2195159d09a2SMark Phalan size_t *); 21967c478bd9Sstevel@tonic-gate 21977c478bd9Sstevel@tonic-gate /* Deserialize the structure from a buffer */ 2198505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_internalize_opaque 2199505d05c7Sgtb (krb5_context, 2200505d05c7Sgtb krb5_magic, 2201505d05c7Sgtb krb5_pointer *, 2202505d05c7Sgtb krb5_octet **, 2203505d05c7Sgtb size_t *); 22047c478bd9Sstevel@tonic-gate 22057c478bd9Sstevel@tonic-gate /* Serialize data into a buffer */ 22067c478bd9Sstevel@tonic-gate krb5_error_code krb5_externalize_data 2207505d05c7Sgtb (krb5_context, 2208505d05c7Sgtb krb5_pointer, 2209505d05c7Sgtb krb5_octet **, 2210505d05c7Sgtb size_t *); 22117c478bd9Sstevel@tonic-gate /* 22127c478bd9Sstevel@tonic-gate * Initialization routines. 22137c478bd9Sstevel@tonic-gate */ 22147c478bd9Sstevel@tonic-gate 22157c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_[os_]context */ 2216505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_context_init 22177c478bd9Sstevel@tonic-gate (krb5_context); 22187c478bd9Sstevel@tonic-gate 22197c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_auth_context */ 2220505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init 22217c478bd9Sstevel@tonic-gate (krb5_context); 22227c478bd9Sstevel@tonic-gate 22237c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_keytab */ 2224505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init 22257c478bd9Sstevel@tonic-gate (krb5_context); 22267c478bd9Sstevel@tonic-gate 22277c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_ccache */ 2228505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init 22297c478bd9Sstevel@tonic-gate (krb5_context); 22307c478bd9Sstevel@tonic-gate 22317c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_rcache */ 2232505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init 22337c478bd9Sstevel@tonic-gate (krb5_context); 22347c478bd9Sstevel@tonic-gate 22357c478bd9Sstevel@tonic-gate /* [De]serialize 4-byte integer */ 22367c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32 2237505d05c7Sgtb (krb5_int32, 2238505d05c7Sgtb krb5_octet **, 2239505d05c7Sgtb size_t *); 2240505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32 2241505d05c7Sgtb (krb5_int32 *, 2242505d05c7Sgtb krb5_octet **, 2243505d05c7Sgtb size_t *); 2244505d05c7Sgtb /* [De]serialize 8-byte integer */ 22457c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64 2246159d09a2SMark Phalan (krb5_int64, krb5_octet **, size_t *); 22477c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64 22487c478bd9Sstevel@tonic-gate (krb5_int64 *, krb5_octet **, size_t *); 22497c478bd9Sstevel@tonic-gate /* [De]serialize byte string */ 2250505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes 22517c478bd9Sstevel@tonic-gate (krb5_octet *, 2252505d05c7Sgtb size_t, 2253505d05c7Sgtb krb5_octet **, 2254505d05c7Sgtb size_t *); 2255505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes 22567c478bd9Sstevel@tonic-gate (krb5_octet *, 2257505d05c7Sgtb size_t, 2258505d05c7Sgtb krb5_octet **, 2259505d05c7Sgtb size_t *); 22607c478bd9Sstevel@tonic-gate 2261505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5int_cc_default 22627c478bd9Sstevel@tonic-gate (krb5_context, krb5_ccache *); 22637c478bd9Sstevel@tonic-gate 22647c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default 2265159d09a2SMark Phalan (krb5_context, krb5_ccache, krb5_flags, 2266159d09a2SMark Phalan krb5_creds *, krb5_creds *); 2267159d09a2SMark Phalan 2268159d09a2SMark Phalan krb5_boolean KRB5_CALLCONV 2269159d09a2SMark Phalan krb5_creds_compare (krb5_context in_context, 2270159d09a2SMark Phalan krb5_creds *in_creds, 2271159d09a2SMark Phalan krb5_creds *in_compare_creds); 22727c478bd9Sstevel@tonic-gate 22737c478bd9Sstevel@tonic-gate void krb5int_set_prompt_types 22747c478bd9Sstevel@tonic-gate (krb5_context, krb5_prompt_type *); 22757c478bd9Sstevel@tonic-gate 22767c478bd9Sstevel@tonic-gate krb5_error_code 22777c478bd9Sstevel@tonic-gate krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context, 2278159d09a2SMark Phalan krb5_keyblock * /* Old keyblock, not new! */); 22797c478bd9Sstevel@tonic-gate 2280505d05c7Sgtb /* set and change password helpers */ 2281505d05c7Sgtb 2282505d05c7Sgtb krb5_error_code krb5int_mk_chpw_req 2283159d09a2SMark Phalan (krb5_context context, krb5_auth_context auth_context, 2284159d09a2SMark Phalan krb5_data *ap_req, char *passwd, krb5_data *packet); 2285505d05c7Sgtb krb5_error_code krb5int_rd_chpw_rep 2286159d09a2SMark Phalan (krb5_context context, krb5_auth_context auth_context, 2287159d09a2SMark Phalan krb5_data *packet, int *result_code, 2288159d09a2SMark Phalan krb5_data *result_data); 2289505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string 2290159d09a2SMark Phalan (krb5_context context, int result_code, 2291159d09a2SMark Phalan char **result_codestr); 2292505d05c7Sgtb krb5_error_code krb5int_mk_setpw_req 2293159d09a2SMark Phalan (krb5_context context, krb5_auth_context auth_context, 2294159d09a2SMark Phalan krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet); 2295505d05c7Sgtb krb5_error_code krb5int_rd_setpw_rep 2296159d09a2SMark Phalan (krb5_context context, krb5_auth_context auth_context, 2297159d09a2SMark Phalan krb5_data *packet, int *result_code, 2298159d09a2SMark Phalan krb5_data *result_data); 2299505d05c7Sgtb krb5_error_code krb5int_setpw_result_code_string 2300159d09a2SMark Phalan (krb5_context context, int result_code, 2301159d09a2SMark Phalan const char **result_codestr); 23027c478bd9Sstevel@tonic-gate 23037c478bd9Sstevel@tonic-gate struct srv_dns_entry { 2304159d09a2SMark Phalan struct srv_dns_entry *next; 2305159d09a2SMark Phalan int priority; 2306159d09a2SMark Phalan int weight; 2307159d09a2SMark Phalan unsigned short port; 2308159d09a2SMark Phalan char *host; 23097c478bd9Sstevel@tonic-gate }; 2310159d09a2SMark Phalan #ifdef KRB5_DNS_LOOKUP 23117c478bd9Sstevel@tonic-gate krb5_error_code 23127c478bd9Sstevel@tonic-gate krb5int_make_srv_query_realm(const krb5_data *realm, 2313159d09a2SMark Phalan const char *service, 2314159d09a2SMark Phalan const char *protocol, 2315159d09a2SMark Phalan struct srv_dns_entry **answers); 23167c478bd9Sstevel@tonic-gate void krb5int_free_srv_dns_data(struct srv_dns_entry *); 2317159d09a2SMark Phalan #endif 23187c478bd9Sstevel@tonic-gate 23197c478bd9Sstevel@tonic-gate /* 23207c478bd9Sstevel@tonic-gate * Convenience function for structure magic number 23217c478bd9Sstevel@tonic-gate */ 23227c478bd9Sstevel@tonic-gate #define KRB5_VERIFY_MAGIC(structure,magic_number) \ 23237c478bd9Sstevel@tonic-gate if ((structure)->magic != (magic_number)) return (magic_number); 23247c478bd9Sstevel@tonic-gate 2325505d05c7Sgtb 2326505d05c7Sgtb /* SUNW14resync XXX - see k5-util.h */ 2327505d05c7Sgtb #if 0 23287c478bd9Sstevel@tonic-gate int krb5_seteuid (int); 2329505d05c7Sgtb #endif 23307c478bd9Sstevel@tonic-gate 23317c478bd9Sstevel@tonic-gate char * krb5_getenv(const char *); 23327c478bd9Sstevel@tonic-gate int krb5_setenv (const char *, const char *, int); 23337c478bd9Sstevel@tonic-gate void krb5_unsetenv (const char *); 23347c478bd9Sstevel@tonic-gate 2335505d05c7Sgtb 2336505d05c7Sgtb /* SUNW14resync - (from here to EOF) not sure if we need this but will add it 2337505d05c7Sgtb for future resync sake */ 2338505d05c7Sgtb 2339505d05c7Sgtb /* To keep happy libraries which are (for now) accessing internal stuff */ 2340505d05c7Sgtb 2341505d05c7Sgtb /* Make sure to increment by one when changing the struct */ 2342159d09a2SMark Phalan #define KRB5INT_ACCESS_STRUCT_VERSION 12 2343505d05c7Sgtb 2344505d05c7Sgtb #ifndef ANAME_SZ 2345159d09a2SMark Phalan struct ktext; /* from krb.h, for krb524 support */ 2346505d05c7Sgtb #endif 2347505d05c7Sgtb typedef struct _krb5int_access { 2348505d05c7Sgtb /* crypto stuff */ 2349505d05c7Sgtb const struct krb5_hash_provider *md5_hash_provider; 2350505d05c7Sgtb const struct krb5_enc_provider *arcfour_enc_provider; 2351159d09a2SMark Phalan krb5_error_code (* krb5_hmac) (krb5_context, const struct krb5_hash_provider *hash, 2352159d09a2SMark Phalan const krb5_keyblock *key, 2353159d09a2SMark Phalan unsigned int icount, const krb5_data *input, 2354159d09a2SMark Phalan krb5_data *output); 2355505d05c7Sgtb /* service location and communication */ 2356505d05c7Sgtb #ifndef _KERNEL 2357505d05c7Sgtb krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg, 2358159d09a2SMark Phalan const struct addrlist *, struct sendto_callback_info*, krb5_data *reply, 2359159d09a2SMark Phalan struct sockaddr *, socklen_t *,struct sockaddr *, 2360159d09a2SMark Phalan socklen_t *, int *, 2361159d09a2SMark Phalan int (*msg_handler)(krb5_context, const krb5_data *, void *), 2362159d09a2SMark Phalan void *msg_handler_data); 2363505d05c7Sgtb krb5_error_code (*add_host_to_list)(struct addrlist *lp, 2364159d09a2SMark Phalan const char *hostname, 2365159d09a2SMark Phalan int port, int secport, 2366159d09a2SMark Phalan int socktype, int family); 2367505d05c7Sgtb void (*free_addrlist) (struct addrlist *); 2368505d05c7Sgtb #endif /* _KERNEL */ 2369505d05c7Sgtb 2370505d05c7Sgtb krb5_error_code (*make_srv_query_realm)(const krb5_data *realm, 2371159d09a2SMark Phalan const char *service, 2372159d09a2SMark Phalan const char *protocol, 2373159d09a2SMark Phalan struct srv_dns_entry **answers); 2374505d05c7Sgtb void (*free_srv_dns_data)(struct srv_dns_entry *); 2375505d05c7Sgtb int (*use_dns_kdc)(krb5_context); 2376ba7b222eSGlenn Barry krb5_error_code (*clean_hostname)(krb5_context, const char *, char *, size_t); 2377505d05c7Sgtb 2378505d05c7Sgtb /* krb4 compatibility stuff -- may be null if not enabled */ 2379505d05c7Sgtb krb5_int32 (*krb_life_to_time)(krb5_int32, int); 2380505d05c7Sgtb int (*krb_time_to_life)(krb5_int32, krb5_int32); 2381505d05c7Sgtb int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *); 2382505d05c7Sgtb krb5_error_code (*krb5int_c_mandatory_cksumtype) 2383505d05c7Sgtb (krb5_context, krb5_enctype, krb5_cksumtype *); 2384505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *krb5_ser_pack_int64) 2385505d05c7Sgtb (krb5_int64, krb5_octet **, size_t *); 2386505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *krb5_ser_unpack_int64) 2387505d05c7Sgtb (krb5_int64 *, krb5_octet **, size_t *); 238854925bf6Swillf 238954925bf6Swillf /* Used for KDB LDAP back end. */ 239054925bf6Swillf krb5_error_code 239154925bf6Swillf (*asn1_ldap_encode_sequence_of_keys) (struct _krb5_key_data *key_data, 239254925bf6Swillf krb5_int16 n_key_data, 239354925bf6Swillf krb5_int32 mkvno, 239454925bf6Swillf krb5_data **code); 239554925bf6Swillf 239654925bf6Swillf krb5_error_code 239754925bf6Swillf (*asn1_ldap_decode_sequence_of_keys) (krb5_data *in, 239854925bf6Swillf struct _krb5_key_data **out, 239954925bf6Swillf krb5_int16 *n_key_data, 240054925bf6Swillf int *mkvno); 2401159d09a2SMark Phalan 2402159d09a2SMark Phalan /* 2403159d09a2SMark Phalan * pkinit asn.1 encode/decode functions 2404159d09a2SMark Phalan */ 2405159d09a2SMark Phalan krb5_error_code (*encode_krb5_auth_pack) 2406159d09a2SMark Phalan (const krb5_auth_pack *rep, krb5_data **code); 2407159d09a2SMark Phalan krb5_error_code (*encode_krb5_auth_pack_draft9) 2408159d09a2SMark Phalan (const krb5_auth_pack_draft9 *rep, krb5_data **code); 2409159d09a2SMark Phalan krb5_error_code (*encode_krb5_kdc_dh_key_info) 2410159d09a2SMark Phalan (const krb5_kdc_dh_key_info *rep, krb5_data **code); 2411159d09a2SMark Phalan krb5_error_code (*encode_krb5_pa_pk_as_rep) 2412159d09a2SMark Phalan (const krb5_pa_pk_as_rep *rep, krb5_data **code); 2413159d09a2SMark Phalan krb5_error_code (*encode_krb5_pa_pk_as_rep_draft9) 2414159d09a2SMark Phalan (const krb5_pa_pk_as_rep_draft9 *rep, krb5_data **code); 2415159d09a2SMark Phalan krb5_error_code (*encode_krb5_pa_pk_as_req) 2416159d09a2SMark Phalan (const krb5_pa_pk_as_req *rep, krb5_data **code); 2417159d09a2SMark Phalan krb5_error_code (*encode_krb5_pa_pk_as_req_draft9) 2418159d09a2SMark Phalan (const krb5_pa_pk_as_req_draft9 *rep, krb5_data **code); 2419159d09a2SMark Phalan krb5_error_code (*encode_krb5_reply_key_pack) 2420159d09a2SMark Phalan (const krb5_reply_key_pack *, krb5_data **code); 2421159d09a2SMark Phalan krb5_error_code (*encode_krb5_reply_key_pack_draft9) 2422159d09a2SMark Phalan (const krb5_reply_key_pack_draft9 *, krb5_data **code); 2423159d09a2SMark Phalan krb5_error_code (*encode_krb5_td_dh_parameters) 2424159d09a2SMark Phalan (const krb5_algorithm_identifier **, krb5_data **code); 2425159d09a2SMark Phalan krb5_error_code (*encode_krb5_td_trusted_certifiers) 2426159d09a2SMark Phalan (const krb5_external_principal_identifier **, krb5_data **code); 2427159d09a2SMark Phalan krb5_error_code (*encode_krb5_typed_data) 2428159d09a2SMark Phalan (const krb5_typed_data **, krb5_data **code); 2429159d09a2SMark Phalan 2430159d09a2SMark Phalan krb5_error_code (*decode_krb5_auth_pack) 2431159d09a2SMark Phalan (const krb5_data *, krb5_auth_pack **); 2432159d09a2SMark Phalan krb5_error_code (*decode_krb5_auth_pack_draft9) 2433159d09a2SMark Phalan (const krb5_data *, krb5_auth_pack_draft9 **); 2434159d09a2SMark Phalan krb5_error_code (*decode_krb5_pa_pk_as_req) 2435159d09a2SMark Phalan (const krb5_data *, krb5_pa_pk_as_req **); 2436159d09a2SMark Phalan krb5_error_code (*decode_krb5_pa_pk_as_req_draft9) 2437159d09a2SMark Phalan (const krb5_data *, krb5_pa_pk_as_req_draft9 **); 2438159d09a2SMark Phalan krb5_error_code (*decode_krb5_pa_pk_as_rep) 2439159d09a2SMark Phalan (const krb5_data *, krb5_pa_pk_as_rep **); 2440159d09a2SMark Phalan krb5_error_code (*decode_krb5_pa_pk_as_rep_draft9) 2441159d09a2SMark Phalan (const krb5_data *, krb5_pa_pk_as_rep_draft9 **); 2442159d09a2SMark Phalan krb5_error_code (*decode_krb5_kdc_dh_key_info) 2443159d09a2SMark Phalan (const krb5_data *, krb5_kdc_dh_key_info **); 2444159d09a2SMark Phalan krb5_error_code (*decode_krb5_principal_name) 2445159d09a2SMark Phalan (const krb5_data *, krb5_principal_data **); 2446159d09a2SMark Phalan krb5_error_code (*decode_krb5_reply_key_pack) 2447159d09a2SMark Phalan (const krb5_data *, krb5_reply_key_pack **); 2448159d09a2SMark Phalan krb5_error_code (*decode_krb5_reply_key_pack_draft9) 2449159d09a2SMark Phalan (const krb5_data *, krb5_reply_key_pack_draft9 **); 2450159d09a2SMark Phalan krb5_error_code (*decode_krb5_td_dh_parameters) 2451159d09a2SMark Phalan (const krb5_data *, krb5_algorithm_identifier ***); 2452159d09a2SMark Phalan krb5_error_code (*decode_krb5_td_trusted_certifiers) 2453159d09a2SMark Phalan (const krb5_data *, krb5_external_principal_identifier ***); 2454159d09a2SMark Phalan krb5_error_code (*decode_krb5_typed_data) 2455159d09a2SMark Phalan (const krb5_data *, krb5_typed_data ***); 2456159d09a2SMark Phalan 2457159d09a2SMark Phalan krb5_error_code (*decode_krb5_as_req) 2458159d09a2SMark Phalan (const krb5_data *output, krb5_kdc_req **rep); 2459159d09a2SMark Phalan krb5_error_code (*encode_krb5_kdc_req_body) 2460159d09a2SMark Phalan (const krb5_kdc_req *rep, krb5_data **code); 2461159d09a2SMark Phalan void (KRB5_CALLCONV *krb5_free_kdc_req) 2462159d09a2SMark Phalan (krb5_context, krb5_kdc_req * ); 2463159d09a2SMark Phalan void (*krb5int_set_prompt_types) 2464159d09a2SMark Phalan (krb5_context, krb5_prompt_type *); 2465159d09a2SMark Phalan krb5_error_code (*encode_krb5_authdata_elt) 2466159d09a2SMark Phalan (const krb5_authdata *rep, krb5_data **code); 2467159d09a2SMark Phalan 2468505d05c7Sgtb } krb5int_access; 2469505d05c7Sgtb 2470505d05c7Sgtb #define KRB5INT_ACCESS_VERSION \ 2471505d05c7Sgtb (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \ 2472159d09a2SMark Phalan (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF) 2473505d05c7Sgtb 2474505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5int_accessor 2475159d09a2SMark Phalan (krb5int_access*, krb5_int32); 2476505d05c7Sgtb 2477505d05c7Sgtb /* Ick -- some krb524 and krb4 support placed in the krb5 library, 2478505d05c7Sgtb because AFS (and potentially other applications?) use the krb4 2479505d05c7Sgtb object as an opaque token, which (in some implementations) is not 2480505d05c7Sgtb in fact a krb4 ticket, so we don't want to drag in the krb4 support 2481505d05c7Sgtb just to enable this. */ 2482505d05c7Sgtb 2483505d05c7Sgtb #define KRB524_SERVICE "krb524" 2484505d05c7Sgtb #define KRB524_PORT 4444 2485505d05c7Sgtb 2486505d05c7Sgtb /* v4lifetime.c */ 2487505d05c7Sgtb extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int); 2488505d05c7Sgtb extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32); 2489505d05c7Sgtb 2490505d05c7Sgtb /* conv_creds.c */ 2491505d05c7Sgtb int krb5int_encode_v4tkt 2492159d09a2SMark Phalan (struct ktext *v4tkt, char *buf, unsigned int *encoded_len); 2493505d05c7Sgtb 2494505d05c7Sgtb /* send524.c */ 2495505d05c7Sgtb int krb5int_524_sendto_kdc 2496505d05c7Sgtb (krb5_context context, const krb5_data * message, 2497159d09a2SMark Phalan const krb5_data * realm, krb5_data * reply, 2498159d09a2SMark Phalan struct sockaddr *, socklen_t *); 2499505d05c7Sgtb 2500505d05c7Sgtb /* temporary -- this should be under lib/krb5/ccache somewhere */ 2501505d05c7Sgtb 2502505d05c7Sgtb struct _krb5_ccache { 2503505d05c7Sgtb krb5_magic magic; 2504505d05c7Sgtb const struct _krb5_cc_ops *ops; 2505505d05c7Sgtb krb5_pointer data; 2506505d05c7Sgtb }; 2507505d05c7Sgtb 2508159d09a2SMark Phalan /* 2509159d09a2SMark Phalan * Per-type ccache cursor. 2510159d09a2SMark Phalan */ 2511159d09a2SMark Phalan struct krb5_cc_ptcursor { 2512159d09a2SMark Phalan const struct _krb5_cc_ops *ops; 2513159d09a2SMark Phalan krb5_pointer data; 2514159d09a2SMark Phalan }; 2515159d09a2SMark Phalan typedef struct krb5_cc_ptcursor *krb5_cc_ptcursor; 2516159d09a2SMark Phalan 2517505d05c7Sgtb struct _krb5_cc_ops { 2518505d05c7Sgtb krb5_magic magic; 2519505d05c7Sgtb char *prefix; 2520505d05c7Sgtb const char * (KRB5_CALLCONV *get_name) (krb5_context, krb5_ccache); 2521505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_ccache *, 2522159d09a2SMark Phalan const char *); 2523505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *gen_new) (krb5_context, krb5_ccache *); 2524505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_ccache, 2525159d09a2SMark Phalan krb5_principal); 2526505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_ccache); 2527505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_ccache); 2528505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_ccache, 2529159d09a2SMark Phalan krb5_creds *); 2530505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *retrieve) (krb5_context, krb5_ccache, 2531159d09a2SMark Phalan krb5_flags, krb5_creds *, 2532159d09a2SMark Phalan krb5_creds *); 2533505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_princ) (krb5_context, krb5_ccache, 2534159d09a2SMark Phalan krb5_principal *); 2535505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_first) (krb5_context, krb5_ccache, 2536159d09a2SMark Phalan krb5_cc_cursor *); 2537505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_ccache, 2538159d09a2SMark Phalan krb5_cc_cursor *, krb5_creds *); 2539505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_ccache, 2540159d09a2SMark Phalan krb5_cc_cursor *); 2541505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *remove_cred) (krb5_context, krb5_ccache, 2542159d09a2SMark Phalan krb5_flags, krb5_creds *); 2543505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *set_flags) (krb5_context, krb5_ccache, 2544159d09a2SMark Phalan krb5_flags); 2545159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *get_flags) (krb5_context, krb5_ccache, 2546159d09a2SMark Phalan krb5_flags *); 2547159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context, 2548159d09a2SMark Phalan krb5_cc_ptcursor *); 2549159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context, 2550159d09a2SMark Phalan krb5_cc_ptcursor, 2551159d09a2SMark Phalan krb5_ccache *); 2552159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context, 2553159d09a2SMark Phalan krb5_cc_ptcursor *); 2554159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache); 2555159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context, 2556159d09a2SMark Phalan krb5_ccache, krb5_timestamp *); 2557159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache, 2558159d09a2SMark Phalan krb5_timestamp *); 2559505d05c7Sgtb }; 2560505d05c7Sgtb 2561505d05c7Sgtb extern const krb5_cc_ops *krb5_cc_dfl_ops; 2562505d05c7Sgtb 2563159d09a2SMark Phalan krb5_error_code 2564159d09a2SMark Phalan krb5int_cc_os_default_name(krb5_context context, char **name); 2565159d09a2SMark Phalan 2566159d09a2SMark Phalan /* 2567159d09a2SMark Phalan * Cursor for iterating over ccache types 2568159d09a2SMark Phalan */ 2569159d09a2SMark Phalan struct krb5_cc_typecursor; 2570159d09a2SMark Phalan typedef struct krb5_cc_typecursor *krb5_cc_typecursor; 2571159d09a2SMark Phalan 2572159d09a2SMark Phalan krb5_error_code 2573159d09a2SMark Phalan krb5int_cc_typecursor_new(krb5_context context, krb5_cc_typecursor *cursor); 2574159d09a2SMark Phalan 2575159d09a2SMark Phalan krb5_error_code 2576159d09a2SMark Phalan krb5int_cc_typecursor_next( 2577159d09a2SMark Phalan krb5_context context, 2578159d09a2SMark Phalan krb5_cc_typecursor cursor, 2579159d09a2SMark Phalan const struct _krb5_cc_ops **ops); 2580159d09a2SMark Phalan 2581159d09a2SMark Phalan krb5_error_code 2582159d09a2SMark Phalan krb5int_cc_typecursor_free( 2583159d09a2SMark Phalan krb5_context context, 2584159d09a2SMark Phalan krb5_cc_typecursor *cursor); 2585159d09a2SMark Phalan 2586505d05c7Sgtb typedef struct _krb5_donot_replay { 2587505d05c7Sgtb krb5_magic magic; 2588505d05c7Sgtb krb5_ui_4 hash; 2589159d09a2SMark Phalan char *server; /* null-terminated */ 2590159d09a2SMark Phalan char *client; /* null-terminated */ 2591ba7b222eSGlenn Barry char *msghash; /* null-terminated */ 2592505d05c7Sgtb krb5_int32 cusec; 2593505d05c7Sgtb krb5_timestamp ctime; 2594505d05c7Sgtb } krb5_donot_replay; 2595505d05c7Sgtb 2596505d05c7Sgtb krb5_error_code krb5_rc_default 2597159d09a2SMark Phalan (krb5_context, 2598159d09a2SMark Phalan krb5_rcache *); 2599505d05c7Sgtb krb5_error_code krb5_rc_resolve_type 2600159d09a2SMark Phalan (krb5_context, 2601159d09a2SMark Phalan krb5_rcache *,char *); 2602505d05c7Sgtb krb5_error_code krb5_rc_resolve_full 2603159d09a2SMark Phalan (krb5_context, 2604159d09a2SMark Phalan krb5_rcache *,char *); 2605505d05c7Sgtb char * krb5_rc_get_type 2606159d09a2SMark Phalan (krb5_context, 2607159d09a2SMark Phalan krb5_rcache); 2608505d05c7Sgtb char * krb5_rc_default_type 2609159d09a2SMark Phalan (krb5_context); 2610505d05c7Sgtb char * krb5_rc_default_name 2611159d09a2SMark Phalan (krb5_context); 2612505d05c7Sgtb krb5_error_code krb5_auth_to_rep 2613159d09a2SMark Phalan (krb5_context, 2614159d09a2SMark Phalan krb5_tkt_authent *, 2615159d09a2SMark Phalan krb5_donot_replay *); 2616159d09a2SMark Phalan 2617505d05c7Sgtb 2618505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_initialize 2619159d09a2SMark Phalan (krb5_context, krb5_rcache,krb5_deltat); 2620505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_recover_or_initialize 2621159d09a2SMark Phalan (krb5_context, krb5_rcache,krb5_deltat); 2622505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_recover 2623159d09a2SMark Phalan (krb5_context, krb5_rcache); 2624505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_destroy 2625159d09a2SMark Phalan (krb5_context, krb5_rcache); 2626505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_close 2627159d09a2SMark Phalan (krb5_context, krb5_rcache); 2628505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_store 2629159d09a2SMark Phalan (krb5_context, krb5_rcache,krb5_donot_replay *); 2630505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_expunge 2631159d09a2SMark Phalan (krb5_context, krb5_rcache); 2632505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan 2633159d09a2SMark Phalan (krb5_context, krb5_rcache,krb5_deltat *); 2634505d05c7Sgtb char *KRB5_CALLCONV krb5_rc_get_name 2635159d09a2SMark Phalan (krb5_context, krb5_rcache); 2636505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_resolve 2637159d09a2SMark Phalan (krb5_context, krb5_rcache, char *); 2638505d05c7Sgtb 2639505d05c7Sgtb typedef struct _krb5_kt_ops { 2640505d05c7Sgtb krb5_magic magic; 2641505d05c7Sgtb char *prefix; 2642505d05c7Sgtb /* routines always present */ 2643505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *resolve) 2644159d09a2SMark Phalan (krb5_context, 2645159d09a2SMark Phalan const char *, 2646159d09a2SMark Phalan krb5_keytab *); 2647505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_name) 2648159d09a2SMark Phalan (krb5_context, 2649159d09a2SMark Phalan krb5_keytab, 2650159d09a2SMark Phalan char *, 2651159d09a2SMark Phalan unsigned int); 2652505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *close) 2653159d09a2SMark Phalan (krb5_context, 2654159d09a2SMark Phalan krb5_keytab); 2655505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get) 2656159d09a2SMark Phalan (krb5_context, 2657159d09a2SMark Phalan krb5_keytab, 2658159d09a2SMark Phalan krb5_const_principal, 2659159d09a2SMark Phalan krb5_kvno, 2660159d09a2SMark Phalan krb5_enctype, 2661159d09a2SMark Phalan krb5_keytab_entry *); 2662505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *start_seq_get) 2663159d09a2SMark Phalan (krb5_context, 2664159d09a2SMark Phalan krb5_keytab, 2665159d09a2SMark Phalan krb5_kt_cursor *); 2666505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_next) 2667159d09a2SMark Phalan (krb5_context, 2668159d09a2SMark Phalan krb5_keytab, 2669159d09a2SMark Phalan krb5_keytab_entry *, 2670159d09a2SMark Phalan krb5_kt_cursor *); 2671505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *end_get) 2672159d09a2SMark Phalan (krb5_context, 2673159d09a2SMark Phalan krb5_keytab, 2674159d09a2SMark Phalan krb5_kt_cursor *); 2675505d05c7Sgtb /* routines to be included on extended version (write routines) */ 2676505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *add) 2677159d09a2SMark Phalan (krb5_context, 2678159d09a2SMark Phalan krb5_keytab, 2679159d09a2SMark Phalan krb5_keytab_entry *); 2680505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *remove) 2681159d09a2SMark Phalan (krb5_context, 2682159d09a2SMark Phalan krb5_keytab, 2683159d09a2SMark Phalan krb5_keytab_entry *); 2684505d05c7Sgtb 2685505d05c7Sgtb /* Handle for serializer */ 2686505d05c7Sgtb const krb5_ser_entry *serializer; 2687505d05c7Sgtb } krb5_kt_ops; 2688505d05c7Sgtb 2689505d05c7Sgtb extern const krb5_kt_ops krb5_kt_dfl_ops; 2690505d05c7Sgtb 2691505d05c7Sgtb extern krb5_error_code krb5int_translate_gai_error (int); 2692505d05c7Sgtb 2693505d05c7Sgtb /* Not sure it's ready for exposure just yet. */ 2694505d05c7Sgtb extern krb5_error_code 2695505d05c7Sgtb krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *); 2696505d05c7Sgtb 2697505d05c7Sgtb extern int krb5int_crypto_init (void); 2698505d05c7Sgtb extern int krb5int_prng_init(void); 2699505d05c7Sgtb 2700*5e01956fSGlenn Barry 2701505d05c7Sgtb /* 2702505d05c7Sgtb * SUNW14resync 2703505d05c7Sgtb * Hack (?) to neuter C99 "inline" which causes warnings w/our build. 2704505d05c7Sgtb */ 2705505d05c7Sgtb #define inline 2706505d05c7Sgtb 2707*5e01956fSGlenn Barry /* Some data comparison and conversion functions. */ 2708*5e01956fSGlenn Barry #if 0 2709*5e01956fSGlenn Barry static inline int data_cmp(krb5_data d1, krb5_data d2) 2710*5e01956fSGlenn Barry { 2711*5e01956fSGlenn Barry if (d1.length < d2.length) return -1; 2712*5e01956fSGlenn Barry if (d1.length > d2.length) return 1; 2713*5e01956fSGlenn Barry return memcmp(d1.data, d2.data, d1.length); 2714*5e01956fSGlenn Barry } 2715*5e01956fSGlenn Barry static inline int data_eq (krb5_data d1, krb5_data d2) 2716*5e01956fSGlenn Barry { 2717*5e01956fSGlenn Barry return data_cmp(d1, d2) == 0; 2718*5e01956fSGlenn Barry } 2719*5e01956fSGlenn Barry #else 2720*5e01956fSGlenn Barry static inline int data_eq (krb5_data d1, krb5_data d2) 2721*5e01956fSGlenn Barry { 2722*5e01956fSGlenn Barry return (d1.length == d2.length 2723*5e01956fSGlenn Barry && !memcmp(d1.data, d2.data, d1.length)); 2724*5e01956fSGlenn Barry } 2725*5e01956fSGlenn Barry #endif 2726*5e01956fSGlenn Barry static inline krb5_data string2data (char *str) 2727*5e01956fSGlenn Barry { 2728*5e01956fSGlenn Barry krb5_data d; 2729*5e01956fSGlenn Barry d.magic = KV5M_DATA; 2730*5e01956fSGlenn Barry d.length = strlen(str); 2731*5e01956fSGlenn Barry d.data = str; 2732*5e01956fSGlenn Barry return d; 2733*5e01956fSGlenn Barry } 2734*5e01956fSGlenn Barry /*LINTED*/ 2735*5e01956fSGlenn Barry static inline int data_eq_string (krb5_data d, char *s) 2736*5e01956fSGlenn Barry { 2737*5e01956fSGlenn Barry return data_eq(d, string2data(s)); 2738*5e01956fSGlenn Barry } 2739*5e01956fSGlenn Barry /*LINTED*/ 2740*5e01956fSGlenn Barry static inline int authdata_eq (krb5_authdata a1, krb5_authdata a2) 2741*5e01956fSGlenn Barry { 2742*5e01956fSGlenn Barry return (a1.ad_type == a2.ad_type 2743*5e01956fSGlenn Barry && a1.length == a2.length 2744*5e01956fSGlenn Barry && !memcmp(a1.contents, a2.contents, a1.length)); 2745*5e01956fSGlenn Barry } 2746*5e01956fSGlenn Barry 2747*5e01956fSGlenn Barry 2748505d05c7Sgtb /* Solaris kerberos */ 2749505d05c7Sgtb krb5_boolean KRB5_CALLCONV is_in_keytype 2750505d05c7Sgtb (krb5_const krb5_enctype *keytype, 2751505d05c7Sgtb int numkeytypes, krb5_enctype enctype); 2752505d05c7Sgtb 275324da5b34Srie /* 275424da5b34Srie * Solaris Kerberos 275524da5b34Srie * Use krb5_getuid() to select the mechanism to obtain the uid. 275624da5b34Srie */ 275724da5b34Srie extern uid_t krb5_getuid(); 2758ab9b2e15Sgtb 2759fe598cdcSmp /* 2760fe598cdcSmp * Referral definitions, debugging hooks, and subfunctions. 2761fe598cdcSmp */ 2762fe598cdcSmp #define KRB5_REFERRAL_MAXHOPS 5 2763fe598cdcSmp /* #define DEBUG_REFERRALS */ 2764fe598cdcSmp 2765fe598cdcSmp #ifdef DEBUG_REFERRALS 2766fe598cdcSmp void krb5int_dbgref_dump_principal(char *, krb5_principal); 2767fe598cdcSmp #endif 2768fe598cdcSmp 2769fe598cdcSmp /* Common hostname-parsing code. */ 2770fe598cdcSmp krb5_error_code KRB5_CALLCONV krb5int_clean_hostname 2771fe598cdcSmp (krb5_context, 2772fe598cdcSmp const char *, 2773fe598cdcSmp char *, 2774fe598cdcSmp size_t); 2775505d05c7Sgtb 2776ba7b222eSGlenn Barry /* 2777ba7b222eSGlenn Barry * Solaris Kerberos 2778ba7b222eSGlenn Barry * Kernel & user space realloc. 2779ba7b222eSGlenn Barry */ 2780ba7b222eSGlenn Barry void *krb5int_realloc 2781ba7b222eSGlenn Barry (void *oldp, 2782ba7b222eSGlenn Barry size_t new_size, 2783ba7b222eSGlenn Barry size_t old_size); 27847c478bd9Sstevel@tonic-gate #endif /* _KRB5_INT_H */ 2785