1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 3*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 4*7c478bd9Sstevel@tonic-gate */ 5*7c478bd9Sstevel@tonic-gate 6*7c478bd9Sstevel@tonic-gate /* 7*7c478bd9Sstevel@tonic-gate * Copyright (C) 1989-1995 by the Massachusetts Institute of Technology, 8*7c478bd9Sstevel@tonic-gate * Cambridge, MA, USA. All Rights Reserved. 9*7c478bd9Sstevel@tonic-gate * 10*7c478bd9Sstevel@tonic-gate * This software is being provided to you, the LICENSEE, by the 11*7c478bd9Sstevel@tonic-gate * Massachusetts Institute of Technology (M.I.T.) under the following 12*7c478bd9Sstevel@tonic-gate * license. By obtaining, using and/or copying this software, you agree 13*7c478bd9Sstevel@tonic-gate * that you have read, understood, and will comply with these terms and 14*7c478bd9Sstevel@tonic-gate * conditions: 15*7c478bd9Sstevel@tonic-gate * 16*7c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 17*7c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 18*7c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 19*7c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 20*7c478bd9Sstevel@tonic-gate * 21*7c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 22*7c478bd9Sstevel@tonic-gate * this software and its documentation for any purpose and without fee or 23*7c478bd9Sstevel@tonic-gate * royalty is hereby granted, provided that you agree to comply with the 24*7c478bd9Sstevel@tonic-gate * following copyright notice and statements, including the disclaimer, and 25*7c478bd9Sstevel@tonic-gate * that the same appear on ALL copies of the software and documentation, 26*7c478bd9Sstevel@tonic-gate * including modifications that you make for internal use or for 27*7c478bd9Sstevel@tonic-gate * distribution: 28*7c478bd9Sstevel@tonic-gate * 29*7c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 30*7c478bd9Sstevel@tonic-gate * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not 31*7c478bd9Sstevel@tonic-gate * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 32*7c478bd9Sstevel@tonic-gate * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 33*7c478bd9Sstevel@tonic-gate * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 34*7c478bd9Sstevel@tonic-gate * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. 35*7c478bd9Sstevel@tonic-gate * 36*7c478bd9Sstevel@tonic-gate * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 37*7c478bd9Sstevel@tonic-gate * be used in advertising or publicity pertaining to distribution of the 38*7c478bd9Sstevel@tonic-gate * software. Title to copyright in this software and any associated 39*7c478bd9Sstevel@tonic-gate * documentation shall at all times remain with M.I.T., and USER agrees to 40*7c478bd9Sstevel@tonic-gate * preserve same. 41*7c478bd9Sstevel@tonic-gate */ 42*7c478bd9Sstevel@tonic-gate /* 43*7c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC. 44*7c478bd9Sstevel@tonic-gate * 45*7c478bd9Sstevel@tonic-gate * All rights reserved. 46*7c478bd9Sstevel@tonic-gate * 47*7c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require 48*7c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the 49*7c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to 50*7c478bd9Sstevel@tonic-gate * obtain such a license before exporting. 51*7c478bd9Sstevel@tonic-gate * 52*7c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 53*7c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 54*7c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 55*7c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 56*7c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 57*7c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining 58*7c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 59*7c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of 60*7c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 61*7c478bd9Sstevel@tonic-gate * or implied warranty. 62*7c478bd9Sstevel@tonic-gate * 63*7c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 64*7c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 65*7c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 66*7c478bd9Sstevel@tonic-gate */ 67*7c478bd9Sstevel@tonic-gate 68*7c478bd9Sstevel@tonic-gate /* 69*7c478bd9Sstevel@tonic-gate * This prototype for k5-int.h (Krb5 internals include file) 70*7c478bd9Sstevel@tonic-gate * includes the user-visible definitions from krb5.h and then 71*7c478bd9Sstevel@tonic-gate * includes other definitions that are not user-visible but are 72*7c478bd9Sstevel@tonic-gate * required for compiling Kerberos internal routines. 73*7c478bd9Sstevel@tonic-gate * 74*7c478bd9Sstevel@tonic-gate * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995 75*7c478bd9Sstevel@tonic-gate */ 76*7c478bd9Sstevel@tonic-gate 77*7c478bd9Sstevel@tonic-gate #ifndef _KRB5_INT_H 78*7c478bd9Sstevel@tonic-gate #define _KRB5_INT_H 79*7c478bd9Sstevel@tonic-gate 80*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 81*7c478bd9Sstevel@tonic-gate 82*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 83*7c478bd9Sstevel@tonic-gate #include <osconf.h> 84*7c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 85*7c478bd9Sstevel@tonic-gate #else 86*7c478bd9Sstevel@tonic-gate #include <sys/crypto/common.h> 87*7c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h> 88*7c478bd9Sstevel@tonic-gate #endif 89*7c478bd9Sstevel@tonic-gate 90*7c478bd9Sstevel@tonic-gate #ifdef DEBUG 91*7c478bd9Sstevel@tonic-gate #if !defined(KRB5_DEBUG) 92*7c478bd9Sstevel@tonic-gate #define KRB5_DEBUG 93*7c478bd9Sstevel@tonic-gate #endif 94*7c478bd9Sstevel@tonic-gate #ifndef KRB5_LOG_LVL 95*7c478bd9Sstevel@tonic-gate #define KRB5_LOG_LVL KRB5_ERR 96*7c478bd9Sstevel@tonic-gate #endif 97*7c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 98*7c478bd9Sstevel@tonic-gate 99*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 100*7c478bd9Sstevel@tonic-gate 101*7c478bd9Sstevel@tonic-gate #ifdef DEBUG 102*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 103*7c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h> 104*7c478bd9Sstevel@tonic-gate extern void prom_printf(); 105*7c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 106*7c478bd9Sstevel@tonic-gate 107*7c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 108*7c478bd9Sstevel@tonic-gate 109*7c478bd9Sstevel@tonic-gate #define prom_printf printf 110*7c478bd9Sstevel@tonic-gate 111*7c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 112*7c478bd9Sstevel@tonic-gate 113*7c478bd9Sstevel@tonic-gate #ifdef KRB5_LOG_LVL 114*7c478bd9Sstevel@tonic-gate 115*7c478bd9Sstevel@tonic-gate /* krb5_log is used to set the logging level to determine what class of messages 116*7c478bd9Sstevel@tonic-gate * are output by the mech. Note, more than one logging level can be used by 117*7c478bd9Sstevel@tonic-gate * bit or'ing the log values together. 118*7c478bd9Sstevel@tonic-gate * 119*7c478bd9Sstevel@tonic-gate * All log messages are captured by syslog. 120*7c478bd9Sstevel@tonic-gate */ 121*7c478bd9Sstevel@tonic-gate 122*7c478bd9Sstevel@tonic-gate extern unsigned int krb5_log; 123*7c478bd9Sstevel@tonic-gate 124*7c478bd9Sstevel@tonic-gate /* Note, these defines should be mutually exclusive bit fields */ 125*7c478bd9Sstevel@tonic-gate #define KRB5_ERR 1 /* Use this debug log level for error path logging. */ 126*7c478bd9Sstevel@tonic-gate #define KRB5_INFO 2 /* Use this debug log level for informational messages. */ 127*7c478bd9Sstevel@tonic-gate 128*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 129*7c478bd9Sstevel@tonic-gate 130*7c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \ 131*7c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C), (D)), TRUE))) 132*7c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \ 133*7c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C)), TRUE))) 134*7c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \ 135*7c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B)), TRUE))) 136*7c478bd9Sstevel@tonic-gate 137*7c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 138*7c478bd9Sstevel@tonic-gate 139*7c478bd9Sstevel@tonic-gate #include <syslog.h> 140*7c478bd9Sstevel@tonic-gate 141*7c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \ 142*7c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 143*7c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C), (D)), TRUE))) 144*7c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \ 145*7c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 146*7c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C)), TRUE))) 147*7c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \ 148*7c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 149*7c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, B), TRUE))) 150*7c478bd9Sstevel@tonic-gate 151*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 152*7c478bd9Sstevel@tonic-gate 153*7c478bd9Sstevel@tonic-gate #else /* ! KRB5_LOG_LVL */ 154*7c478bd9Sstevel@tonic-gate 155*7c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) 156*7c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) 157*7c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) 158*7c478bd9Sstevel@tonic-gate 159*7c478bd9Sstevel@tonic-gate #endif /* KRB5_LOG_LVL */ 160*7c478bd9Sstevel@tonic-gate 161*7c478bd9Sstevel@tonic-gate /* Compatibility switch for SAM preauth */ 162*7c478bd9Sstevel@tonic-gate #define AS_REP_105_SAM_COMPAT 163*7c478bd9Sstevel@tonic-gate 164*7c478bd9Sstevel@tonic-gate #ifdef POSIX_TYPES 165*7c478bd9Sstevel@tonic-gate #define timetype time_t 166*7c478bd9Sstevel@tonic-gate #else 167*7c478bd9Sstevel@tonic-gate #define timetype long 168*7c478bd9Sstevel@tonic-gate #endif 169*7c478bd9Sstevel@tonic-gate 170*7c478bd9Sstevel@tonic-gate /* 171*7c478bd9Sstevel@tonic-gate * Begin "k5-config.h" 172*7c478bd9Sstevel@tonic-gate */ 173*7c478bd9Sstevel@tonic-gate #ifndef KRB5_CONFIG__ 174*7c478bd9Sstevel@tonic-gate #define KRB5_CONFIG__ 175*7c478bd9Sstevel@tonic-gate 176*7c478bd9Sstevel@tonic-gate /* 177*7c478bd9Sstevel@tonic-gate * Machine-type definitions: PC Clone 386 running Microsoft Windows 178*7c478bd9Sstevel@tonic-gate */ 179*7c478bd9Sstevel@tonic-gate 180*7c478bd9Sstevel@tonic-gate #if defined(_MSDOS) || defined(_WIN32) || defined(macintosh) 181*7c478bd9Sstevel@tonic-gate #include "win-mac.h" 182*7c478bd9Sstevel@tonic-gate #if defined(macintosh) && defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) 183*7c478bd9Sstevel@tonic-gate #pragma import on 184*7c478bd9Sstevel@tonic-gate #endif 185*7c478bd9Sstevel@tonic-gate #endif 186*7c478bd9Sstevel@tonic-gate 187*7c478bd9Sstevel@tonic-gate #if defined(_MSDOS) || defined(_WIN32) 188*7c478bd9Sstevel@tonic-gate /* Kerberos Windows initialization file */ 189*7c478bd9Sstevel@tonic-gate #define KERBEROS_INI "kerberos.ini" 190*7c478bd9Sstevel@tonic-gate #define INI_FILES "Files" 191*7c478bd9Sstevel@tonic-gate #define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */ 192*7c478bd9Sstevel@tonic-gate #define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */ 193*7c478bd9Sstevel@tonic-gate #define HAVE_LABS 194*7c478bd9Sstevel@tonic-gate #define ANSI_STDIO 195*7c478bd9Sstevel@tonic-gate #endif 196*7c478bd9Sstevel@tonic-gate 197*7c478bd9Sstevel@tonic-gate 198*7c478bd9Sstevel@tonic-gate #ifndef macintosh 199*7c478bd9Sstevel@tonic-gate #if defined(__MWERKS__) || defined(applec) || defined(THINK_C) 200*7c478bd9Sstevel@tonic-gate #define macintosh 201*7c478bd9Sstevel@tonic-gate #define SIZEOF_INT 4 202*7c478bd9Sstevel@tonic-gate #define SIZEOF_SHORT 2 203*7c478bd9Sstevel@tonic-gate #define HAVE_SRAND 204*7c478bd9Sstevel@tonic-gate #define NO_PASSWORD 205*7c478bd9Sstevel@tonic-gate #define HAVE_LABS 206*7c478bd9Sstevel@tonic-gate /*#define ENOMEM -1*/ 207*7c478bd9Sstevel@tonic-gate #define ANSI_STDIO 208*7c478bd9Sstevel@tonic-gate #ifndef _SIZET 209*7c478bd9Sstevel@tonic-gate typedef unsigned int size_t; 210*7c478bd9Sstevel@tonic-gate #define _SIZET 211*7c478bd9Sstevel@tonic-gate #endif 212*7c478bd9Sstevel@tonic-gate #include <unix.h> 213*7c478bd9Sstevel@tonic-gate #include <ctype.h> 214*7c478bd9Sstevel@tonic-gate #endif 215*7c478bd9Sstevel@tonic-gate #endif 216*7c478bd9Sstevel@tonic-gate 217*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 218*7c478bd9Sstevel@tonic-gate #ifndef KRB5_AUTOCONF__ 219*7c478bd9Sstevel@tonic-gate #define KRB5_AUTOCONF__ 220*7c478bd9Sstevel@tonic-gate #include <autoconf.h> 221*7c478bd9Sstevel@tonic-gate #endif 222*7c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 223*7c478bd9Sstevel@tonic-gate 224*7c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__ 225*7c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__ 226*7c478bd9Sstevel@tonic-gate 227*7c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TYPES_H /* From autoconf.h */ 228*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 229*7c478bd9Sstevel@tonic-gate #else /* HAVE_SYS_TYPES_H */ 230*7c478bd9Sstevel@tonic-gate #endif /* HAVE_SYS_TYPES_H */ 231*7c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */ 232*7c478bd9Sstevel@tonic-gate 233*7c478bd9Sstevel@tonic-gate #ifdef SYSV 234*7c478bd9Sstevel@tonic-gate /* Change srandom and random to use rand and srand */ 235*7c478bd9Sstevel@tonic-gate /* Taken from the Sandia changes. XXX We should really just include */ 236*7c478bd9Sstevel@tonic-gate /* srandom and random into Kerberos release, since rand() is a really */ 237*7c478bd9Sstevel@tonic-gate /* bad random number generator.... [tytso:19920616.2231EDT] */ 238*7c478bd9Sstevel@tonic-gate #define random() rand() 239*7c478bd9Sstevel@tonic-gate #define srandom(a) srand(a) 240*7c478bd9Sstevel@tonic-gate #endif /* SYSV */ 241*7c478bd9Sstevel@tonic-gate 242*7c478bd9Sstevel@tonic-gate typedef uint64_t krb5_ui_8; 243*7c478bd9Sstevel@tonic-gate typedef int64_t krb5_int64; 244*7c478bd9Sstevel@tonic-gate 245*7c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING1 "Enter password:" 246*7c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING2 "Re-enter password for verification:" 247*7c478bd9Sstevel@tonic-gate 248*7c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ 249*7c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_RLIFE (60*60*24*365) /* one year */ 250*7c478bd9Sstevel@tonic-gate #define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */ 251*7c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */ 252*7c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_RENEW_LIFE 7*24*60*60 /* 7 Days */ 253*7c478bd9Sstevel@tonic-gate 254*7c478bd9Sstevel@tonic-gate /* 255*7c478bd9Sstevel@tonic-gate * Windows requires a different api interface to each function. Here 256*7c478bd9Sstevel@tonic-gate * just define it as NULL. 257*7c478bd9Sstevel@tonic-gate */ 258*7c478bd9Sstevel@tonic-gate #ifndef KRB5_CALLCONV 259*7c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV 260*7c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV_C 261*7c478bd9Sstevel@tonic-gate #define KRB5_DLLIMP 262*7c478bd9Sstevel@tonic-gate #define GSS_DLLIMP 263*7c478bd9Sstevel@tonic-gate #define KRB5_EXPORTVAR 264*7c478bd9Sstevel@tonic-gate #define FAR 265*7c478bd9Sstevel@tonic-gate #define NEAR 266*7c478bd9Sstevel@tonic-gate #endif 267*7c478bd9Sstevel@tonic-gate #ifndef O_BINARY 268*7c478bd9Sstevel@tonic-gate #define O_BINARY 0 269*7c478bd9Sstevel@tonic-gate #endif 270*7c478bd9Sstevel@tonic-gate 271*7c478bd9Sstevel@tonic-gate #ifndef HAVE_LABS 272*7c478bd9Sstevel@tonic-gate #define labs(x) abs(x) 273*7c478bd9Sstevel@tonic-gate #endif 274*7c478bd9Sstevel@tonic-gate 275*7c478bd9Sstevel@tonic-gate #endif /* KRB5_CONFIG__ */ 276*7c478bd9Sstevel@tonic-gate 277*7c478bd9Sstevel@tonic-gate /* 278*7c478bd9Sstevel@tonic-gate * End "k5-config.h" 279*7c478bd9Sstevel@tonic-gate */ 280*7c478bd9Sstevel@tonic-gate 281*7c478bd9Sstevel@tonic-gate /* 282*7c478bd9Sstevel@tonic-gate * After loading the configuration definitions, load the Kerberos definitions. 283*7c478bd9Sstevel@tonic-gate */ 284*7c478bd9Sstevel@tonic-gate #include <krb5.h> 285*7c478bd9Sstevel@tonic-gate 286*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 287*7c478bd9Sstevel@tonic-gate #ifdef NEED_SOCKETS 288*7c478bd9Sstevel@tonic-gate #include <port-sockets.h> 289*7c478bd9Sstevel@tonic-gate #include <socket-utils.h> 290*7c478bd9Sstevel@tonic-gate #else 291*7c478bd9Sstevel@tonic-gate #ifndef SOCK_DGRAM 292*7c478bd9Sstevel@tonic-gate struct sockaddr; 293*7c478bd9Sstevel@tonic-gate #endif 294*7c478bd9Sstevel@tonic-gate #endif 295*7c478bd9Sstevel@tonic-gate #endif 296*7c478bd9Sstevel@tonic-gate 297*7c478bd9Sstevel@tonic-gate /* krb5/krb5.h includes many other .h files in the krb5 subdirectory. 298*7c478bd9Sstevel@tonic-gate The ones that it doesn't include, we include below. */ 299*7c478bd9Sstevel@tonic-gate 300*7c478bd9Sstevel@tonic-gate /* 301*7c478bd9Sstevel@tonic-gate * Begin "k5-errors.h" 302*7c478bd9Sstevel@tonic-gate */ 303*7c478bd9Sstevel@tonic-gate #ifndef KRB5_ERRORS__ 304*7c478bd9Sstevel@tonic-gate #define KRB5_ERRORS__ 305*7c478bd9Sstevel@tonic-gate 306*7c478bd9Sstevel@tonic-gate 307*7c478bd9Sstevel@tonic-gate /* Error codes used in KRB_ERROR protocol messages. 308*7c478bd9Sstevel@tonic-gate Return values of library routines are based on a different error table 309*7c478bd9Sstevel@tonic-gate (which allows non-ambiguous error codes between subsystems) */ 310*7c478bd9Sstevel@tonic-gate 311*7c478bd9Sstevel@tonic-gate /* KDC errors */ 312*7c478bd9Sstevel@tonic-gate #define KDC_ERR_NONE 0 /* No error */ 313*7c478bd9Sstevel@tonic-gate #define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */ 314*7c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */ 315*7c478bd9Sstevel@tonic-gate #define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */ 316*7c478bd9Sstevel@tonic-gate #define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */ 317*7c478bd9Sstevel@tonic-gate #define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */ 318*7c478bd9Sstevel@tonic-gate #define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */ 319*7c478bd9Sstevel@tonic-gate #define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */ 320*7c478bd9Sstevel@tonic-gate #define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */ 321*7c478bd9Sstevel@tonic-gate #define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */ 322*7c478bd9Sstevel@tonic-gate #define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */ 323*7c478bd9Sstevel@tonic-gate #define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */ 324*7c478bd9Sstevel@tonic-gate #define KDC_ERR_POLICY 12 /* KDC policy rejects request */ 325*7c478bd9Sstevel@tonic-gate #define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */ 326*7c478bd9Sstevel@tonic-gate #define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */ 327*7c478bd9Sstevel@tonic-gate #define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */ 328*7c478bd9Sstevel@tonic-gate #define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */ 329*7c478bd9Sstevel@tonic-gate #define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */ 330*7c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */ 331*7c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */ 332*7c478bd9Sstevel@tonic-gate #define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */ 333*7c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */ 334*7c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */ 335*7c478bd9Sstevel@tonic-gate #define KDC_ERR_KEY_EXP 23 /* Password has expired */ 336*7c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */ 337*7c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */ 338*7c478bd9Sstevel@tonic-gate /* required */ 339*7c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */ 340*7c478bd9Sstevel@tonic-gate /* ticket don't match*/ 341*7c478bd9Sstevel@tonic-gate /* Application errors */ 342*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */ 343*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */ 344*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */ 345*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_REPEAT 34 /* Request is a replay */ 346*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */ 347*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */ 348*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_SKEW 37 /* Clock skew too great */ 349*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */ 350*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */ 351*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */ 352*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */ 353*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADORDER 42 /* Message out of order */ 354*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */ 355*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOKEY 45 /* Service key not available */ 356*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */ 357*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */ 358*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_METHOD 48 /* Alternative authentication */ 359*7c478bd9Sstevel@tonic-gate /* method required */ 360*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */ 361*7c478bd9Sstevel@tonic-gate /* in message */ 362*7c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */ 363*7c478bd9Sstevel@tonic-gate /* checksum in message */ 364*7c478bd9Sstevel@tonic-gate #define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */ 365*7c478bd9Sstevel@tonic-gate #define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */ 366*7c478bd9Sstevel@tonic-gate /* retry with TCP */ 367*7c478bd9Sstevel@tonic-gate 368*7c478bd9Sstevel@tonic-gate /* other errors */ 369*7c478bd9Sstevel@tonic-gate #define KRB_ERR_GENERIC 60 /* Generic error (description */ 370*7c478bd9Sstevel@tonic-gate /* in e-text) */ 371*7c478bd9Sstevel@tonic-gate #define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */ 372*7c478bd9Sstevel@tonic-gate 373*7c478bd9Sstevel@tonic-gate #endif /* KRB5_ERRORS__ */ 374*7c478bd9Sstevel@tonic-gate /* 375*7c478bd9Sstevel@tonic-gate * End "k5-errors.h" 376*7c478bd9Sstevel@tonic-gate */ 377*7c478bd9Sstevel@tonic-gate 378*7c478bd9Sstevel@tonic-gate /* 379*7c478bd9Sstevel@tonic-gate * This structure is returned in the e-data field of the KRB-ERROR 380*7c478bd9Sstevel@tonic-gate * message when the error calling for an alternative form of 381*7c478bd9Sstevel@tonic-gate * authentication is returned, KRB_AP_METHOD. 382*7c478bd9Sstevel@tonic-gate */ 383*7c478bd9Sstevel@tonic-gate typedef struct _krb5_alt_method { 384*7c478bd9Sstevel@tonic-gate krb5_magic magic; 385*7c478bd9Sstevel@tonic-gate krb5_int32 method; 386*7c478bd9Sstevel@tonic-gate unsigned int length; 387*7c478bd9Sstevel@tonic-gate krb5_octet *data; 388*7c478bd9Sstevel@tonic-gate } krb5_alt_method; 389*7c478bd9Sstevel@tonic-gate 390*7c478bd9Sstevel@tonic-gate /* 391*7c478bd9Sstevel@tonic-gate * A null-terminated array of this structure is returned by the KDC as 392*7c478bd9Sstevel@tonic-gate * the data part of the ETYPE_INFO preauth type. It informs the 393*7c478bd9Sstevel@tonic-gate * client which encryption types are supported. 394*7c478bd9Sstevel@tonic-gate * The same data structure is used by both etype-info and etype-info2 395*7c478bd9Sstevel@tonic-gate * but s2kparams must be null when encoding etype-info. 396*7c478bd9Sstevel@tonic-gate */ 397*7c478bd9Sstevel@tonic-gate typedef struct _krb5_etype_info_entry { 398*7c478bd9Sstevel@tonic-gate krb5_magic magic; 399*7c478bd9Sstevel@tonic-gate krb5_enctype etype; 400*7c478bd9Sstevel@tonic-gate unsigned int length; 401*7c478bd9Sstevel@tonic-gate krb5_octet *salt; 402*7c478bd9Sstevel@tonic-gate krb5_data s2kparams; 403*7c478bd9Sstevel@tonic-gate } krb5_etype_info_entry; 404*7c478bd9Sstevel@tonic-gate 405*7c478bd9Sstevel@tonic-gate /* 406*7c478bd9Sstevel@tonic-gate * This is essentially -1 without sign extension which can screw up 407*7c478bd9Sstevel@tonic-gate * comparisons on 64 bit machines. If the length is this value, then 408*7c478bd9Sstevel@tonic-gate * the salt data is not present. This is to distinguish between not 409*7c478bd9Sstevel@tonic-gate * being set and being of 0 length. 410*7c478bd9Sstevel@tonic-gate */ 411*7c478bd9Sstevel@tonic-gate #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS 412*7c478bd9Sstevel@tonic-gate 413*7c478bd9Sstevel@tonic-gate typedef krb5_etype_info_entry ** krb5_etype_info; 414*7c478bd9Sstevel@tonic-gate 415*7c478bd9Sstevel@tonic-gate /* 416*7c478bd9Sstevel@tonic-gate * a sam_challenge is returned for alternate preauth 417*7c478bd9Sstevel@tonic-gate */ 418*7c478bd9Sstevel@tonic-gate /* 419*7c478bd9Sstevel@tonic-gate SAMFlags ::= BIT STRING { 420*7c478bd9Sstevel@tonic-gate use-sad-as-key[0], 421*7c478bd9Sstevel@tonic-gate send-encrypted-sad[1], 422*7c478bd9Sstevel@tonic-gate must-pk-encrypt-sad[2] 423*7c478bd9Sstevel@tonic-gate } 424*7c478bd9Sstevel@tonic-gate */ 425*7c478bd9Sstevel@tonic-gate /* 426*7c478bd9Sstevel@tonic-gate PA-SAM-CHALLENGE ::= SEQUENCE { 427*7c478bd9Sstevel@tonic-gate sam-type[0] INTEGER, 428*7c478bd9Sstevel@tonic-gate sam-flags[1] SAMFlags, 429*7c478bd9Sstevel@tonic-gate sam-type-name[2] GeneralString OPTIONAL, 430*7c478bd9Sstevel@tonic-gate sam-track-id[3] GeneralString OPTIONAL, 431*7c478bd9Sstevel@tonic-gate sam-challenge-label[4] GeneralString OPTIONAL, 432*7c478bd9Sstevel@tonic-gate sam-challenge[5] GeneralString OPTIONAL, 433*7c478bd9Sstevel@tonic-gate sam-response-prompt[6] GeneralString OPTIONAL, 434*7c478bd9Sstevel@tonic-gate sam-pk-for-sad[7] EncryptionKey OPTIONAL, 435*7c478bd9Sstevel@tonic-gate sam-nonce[8] INTEGER OPTIONAL, 436*7c478bd9Sstevel@tonic-gate sam-cksum[9] Checksum OPTIONAL 437*7c478bd9Sstevel@tonic-gate } 438*7c478bd9Sstevel@tonic-gate */ 439*7c478bd9Sstevel@tonic-gate /* sam_type values -- informational only */ 440*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ENIGMA 1 /* Enigma Logic */ 441*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH 2 /* Digital Pathways */ 442*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY_K0 3 /* S/key where KDC has key 0 */ 443*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY 4 /* Traditional S/Key */ 444*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID 5 /* Security Dynamics */ 445*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_CRYPTOCARD 6 /* CRYPTOCard */ 446*7c478bd9Sstevel@tonic-gate #if 1 /* XXX need to figure out who has which numbers assigned */ 447*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_DEC 6 /* ActivCard decimal mode */ 448*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_HEX 7 /* ActivCard hex mode */ 449*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH_HEX 8 /* Digital Pathways hex mode */ 450*7c478bd9Sstevel@tonic-gate #endif 451*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_EXP_BASE 128 /* experimental */ 452*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */ 453*7c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */ 454*7c478bd9Sstevel@tonic-gate 455*7c478bd9Sstevel@tonic-gate typedef struct _krb5_predicted_sam_response { 456*7c478bd9Sstevel@tonic-gate krb5_magic magic; 457*7c478bd9Sstevel@tonic-gate krb5_keyblock sam_key; 458*7c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* Makes key munging easier */ 459*7c478bd9Sstevel@tonic-gate krb5_timestamp stime; /* time on server, for replay detection */ 460*7c478bd9Sstevel@tonic-gate krb5_int32 susec; 461*7c478bd9Sstevel@tonic-gate krb5_principal client; 462*7c478bd9Sstevel@tonic-gate krb5_data msd; /* mechanism specific data */ 463*7c478bd9Sstevel@tonic-gate } krb5_predicted_sam_response; 464*7c478bd9Sstevel@tonic-gate 465*7c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge { 466*7c478bd9Sstevel@tonic-gate krb5_magic magic; 467*7c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */ 468*7c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 469*7c478bd9Sstevel@tonic-gate krb5_data sam_type_name; 470*7c478bd9Sstevel@tonic-gate krb5_data sam_track_id; 471*7c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label; 472*7c478bd9Sstevel@tonic-gate krb5_data sam_challenge; 473*7c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt; 474*7c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad; 475*7c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 476*7c478bd9Sstevel@tonic-gate krb5_checksum sam_cksum; 477*7c478bd9Sstevel@tonic-gate } krb5_sam_challenge; 478*7c478bd9Sstevel@tonic-gate 479*7c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_key { /* reserved for future use */ 480*7c478bd9Sstevel@tonic-gate krb5_magic magic; 481*7c478bd9Sstevel@tonic-gate krb5_keyblock sam_key; 482*7c478bd9Sstevel@tonic-gate } krb5_sam_key; 483*7c478bd9Sstevel@tonic-gate 484*7c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc { 485*7c478bd9Sstevel@tonic-gate krb5_magic magic; 486*7c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 487*7c478bd9Sstevel@tonic-gate krb5_timestamp sam_timestamp; 488*7c478bd9Sstevel@tonic-gate krb5_int32 sam_usec; 489*7c478bd9Sstevel@tonic-gate krb5_data sam_sad; 490*7c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc; 491*7c478bd9Sstevel@tonic-gate 492*7c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response { 493*7c478bd9Sstevel@tonic-gate krb5_magic magic; 494*7c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */ 495*7c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 496*7c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */ 497*7c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */ 498*7c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */ 499*7c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 500*7c478bd9Sstevel@tonic-gate krb5_timestamp sam_patimestamp; 501*7c478bd9Sstevel@tonic-gate } krb5_sam_response; 502*7c478bd9Sstevel@tonic-gate 503*7c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2 { 504*7c478bd9Sstevel@tonic-gate krb5_data sam_challenge_2_body; 505*7c478bd9Sstevel@tonic-gate krb5_checksum **sam_cksum; /* Array of checksums */ 506*7c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2; 507*7c478bd9Sstevel@tonic-gate 508*7c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2_body { 509*7c478bd9Sstevel@tonic-gate krb5_magic magic; 510*7c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */ 511*7c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 512*7c478bd9Sstevel@tonic-gate krb5_data sam_type_name; 513*7c478bd9Sstevel@tonic-gate krb5_data sam_track_id; 514*7c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label; 515*7c478bd9Sstevel@tonic-gate krb5_data sam_challenge; 516*7c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt; 517*7c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad; 518*7c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 519*7c478bd9Sstevel@tonic-gate krb5_enctype sam_etype; 520*7c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2_body; 521*7c478bd9Sstevel@tonic-gate 522*7c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response_2 { 523*7c478bd9Sstevel@tonic-gate krb5_magic magic; 524*7c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */ 525*7c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 526*7c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */ 527*7c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */ 528*7c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 529*7c478bd9Sstevel@tonic-gate } krb5_sam_response_2; 530*7c478bd9Sstevel@tonic-gate 531*7c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc_2 { 532*7c478bd9Sstevel@tonic-gate krb5_magic magic; 533*7c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 534*7c478bd9Sstevel@tonic-gate krb5_data sam_sad; 535*7c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc_2; 536*7c478bd9Sstevel@tonic-gate 537*7c478bd9Sstevel@tonic-gate /* 538*7c478bd9Sstevel@tonic-gate * Begin "dbm.h" 539*7c478bd9Sstevel@tonic-gate */ 540*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 541*7c478bd9Sstevel@tonic-gate 542*7c478bd9Sstevel@tonic-gate /* 543*7c478bd9Sstevel@tonic-gate * Since we are always using db, use the db-ndbm include header file. 544*7c478bd9Sstevel@tonic-gate */ 545*7c478bd9Sstevel@tonic-gate 546*7c478bd9Sstevel@tonic-gate #include "db-ndbm.h" 547*7c478bd9Sstevel@tonic-gate 548*7c478bd9Sstevel@tonic-gate #endif /* !KERNEL */ 549*7c478bd9Sstevel@tonic-gate /* 550*7c478bd9Sstevel@tonic-gate * End "dbm.h" 551*7c478bd9Sstevel@tonic-gate */ 552*7c478bd9Sstevel@tonic-gate 553*7c478bd9Sstevel@tonic-gate /* 554*7c478bd9Sstevel@tonic-gate * Begin "ext-proto.h" 555*7c478bd9Sstevel@tonic-gate */ 556*7c478bd9Sstevel@tonic-gate #ifndef KRB5_EXT_PROTO__ 557*7c478bd9Sstevel@tonic-gate #define KRB5_EXT_PROTO__ 558*7c478bd9Sstevel@tonic-gate 559*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 560*7c478bd9Sstevel@tonic-gate #include <stdlib.h> 561*7c478bd9Sstevel@tonic-gate 562*7c478bd9Sstevel@tonic-gate #ifdef HAVE_STRING_H 563*7c478bd9Sstevel@tonic-gate #include <string.h> 564*7c478bd9Sstevel@tonic-gate #else 565*7c478bd9Sstevel@tonic-gate #include <strings.h> 566*7c478bd9Sstevel@tonic-gate #endif 567*7c478bd9Sstevel@tonic-gate 568*7c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 569*7c478bd9Sstevel@tonic-gate 570*7c478bd9Sstevel@tonic-gate #ifndef HAVE_STRDUP 571*7c478bd9Sstevel@tonic-gate extern char *strdup (const char *); 572*7c478bd9Sstevel@tonic-gate #endif 573*7c478bd9Sstevel@tonic-gate 574*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 575*7c478bd9Sstevel@tonic-gate #ifdef HAVE_UNISTD_H 576*7c478bd9Sstevel@tonic-gate #include <unistd.h> 577*7c478bd9Sstevel@tonic-gate #endif 578*7c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 579*7c478bd9Sstevel@tonic-gate 580*7c478bd9Sstevel@tonic-gate #endif /* KRB5_EXT_PROTO__ */ 581*7c478bd9Sstevel@tonic-gate /* 582*7c478bd9Sstevel@tonic-gate * End "ext-proto.h" 583*7c478bd9Sstevel@tonic-gate */ 584*7c478bd9Sstevel@tonic-gate 585*7c478bd9Sstevel@tonic-gate /* 586*7c478bd9Sstevel@tonic-gate * Begin "sysincl.h" 587*7c478bd9Sstevel@tonic-gate */ 588*7c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSINCL__ 589*7c478bd9Sstevel@tonic-gate #define KRB5_SYSINCL__ 590*7c478bd9Sstevel@tonic-gate 591*7c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__ 592*7c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__ 593*7c478bd9Sstevel@tonic-gate /* needed for much of the rest -- but already handled in krb5.h? */ 594*7c478bd9Sstevel@tonic-gate /* #include <sys/types.h> */ 595*7c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */ 596*7c478bd9Sstevel@tonic-gate 597*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 598*7c478bd9Sstevel@tonic-gate #include <sys/time.h> 599*7c478bd9Sstevel@tonic-gate #else 600*7c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TIME_H 601*7c478bd9Sstevel@tonic-gate #include <sys/time.h> 602*7c478bd9Sstevel@tonic-gate #ifdef TIME_WITH_SYS_TIME 603*7c478bd9Sstevel@tonic-gate #include <time.h> 604*7c478bd9Sstevel@tonic-gate #endif 605*7c478bd9Sstevel@tonic-gate #else 606*7c478bd9Sstevel@tonic-gate #include <time.h> 607*7c478bd9Sstevel@tonic-gate #endif 608*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 609*7c478bd9Sstevel@tonic-gate 610*7c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_STAT_H 611*7c478bd9Sstevel@tonic-gate #include <sys/stat.h> /* struct stat, stat() */ 612*7c478bd9Sstevel@tonic-gate #endif 613*7c478bd9Sstevel@tonic-gate 614*7c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_PARAM_H 615*7c478bd9Sstevel@tonic-gate #include <sys/param.h> /* MAXPATHLEN */ 616*7c478bd9Sstevel@tonic-gate #endif 617*7c478bd9Sstevel@tonic-gate 618*7c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_FILE_H 619*7c478bd9Sstevel@tonic-gate #include <sys/file.h> /* prototypes for file-related 620*7c478bd9Sstevel@tonic-gate syscalls; flags for open & 621*7c478bd9Sstevel@tonic-gate friends */ 622*7c478bd9Sstevel@tonic-gate #endif 623*7c478bd9Sstevel@tonic-gate 624*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 625*7c478bd9Sstevel@tonic-gate #include <sys/fcntl.h> 626*7c478bd9Sstevel@tonic-gate #else 627*7c478bd9Sstevel@tonic-gate #include <fcntl.h> 628*7c478bd9Sstevel@tonic-gate #endif 629*7c478bd9Sstevel@tonic-gate 630*7c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSINCL__ */ 631*7c478bd9Sstevel@tonic-gate /* 632*7c478bd9Sstevel@tonic-gate * End "sysincl.h" 633*7c478bd9Sstevel@tonic-gate */ 634*7c478bd9Sstevel@tonic-gate 635*7c478bd9Sstevel@tonic-gate /* 636*7c478bd9Sstevel@tonic-gate * Begin "los-proto.h" 637*7c478bd9Sstevel@tonic-gate */ 638*7c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS_PROTO__ 639*7c478bd9Sstevel@tonic-gate #define KRB5_LIBOS_PROTO__ 640*7c478bd9Sstevel@tonic-gate 641*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 642*7c478bd9Sstevel@tonic-gate #include <stdio.h> 643*7c478bd9Sstevel@tonic-gate 644*7c478bd9Sstevel@tonic-gate struct addrlist; 645*7c478bd9Sstevel@tonic-gate #endif 646*7c478bd9Sstevel@tonic-gate 647*7c478bd9Sstevel@tonic-gate /* libos.spec */ 648*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_lock_file 649*7c478bd9Sstevel@tonic-gate (krb5_context, int, int); 650*7c478bd9Sstevel@tonic-gate 651*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_unlock_file 652*7c478bd9Sstevel@tonic-gate (krb5_context, int); 653*7c478bd9Sstevel@tonic-gate 654*7c478bd9Sstevel@tonic-gate int krb5_net_read 655*7c478bd9Sstevel@tonic-gate (krb5_context, int , char *, int); 656*7c478bd9Sstevel@tonic-gate 657*7c478bd9Sstevel@tonic-gate int krb5_net_write 658*7c478bd9Sstevel@tonic-gate (krb5_context, int , const char *, int); 659*7c478bd9Sstevel@tonic-gate 660*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_sendto_kdc 661*7c478bd9Sstevel@tonic-gate (krb5_context, const krb5_data *, const krb5_data *, 662*7c478bd9Sstevel@tonic-gate krb5_data *, int, int); 663*7c478bd9Sstevel@tonic-gate 664*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_get_krbhst 665*7c478bd9Sstevel@tonic-gate (krb5_context, const krb5_data *, char ***); 666*7c478bd9Sstevel@tonic-gate 667*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_free_krbhst 668*7c478bd9Sstevel@tonic-gate (krb5_context, char * const *); 669*7c478bd9Sstevel@tonic-gate 670*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_gen_replay_name 671*7c478bd9Sstevel@tonic-gate (krb5_context, const krb5_address *, const char *, char **); 672*7c478bd9Sstevel@tonic-gate 673*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_create_secure_file 674*7c478bd9Sstevel@tonic-gate (krb5_context, const char * pathname); 675*7c478bd9Sstevel@tonic-gate 676*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 677*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_sync_disk_file 678*7c478bd9Sstevel@tonic-gate (krb5_context, FILE *fp); 679*7c478bd9Sstevel@tonic-gate 680*7c478bd9Sstevel@tonic-gate krb5_error_code 681*7c478bd9Sstevel@tonic-gate krb5_open_pkcs11_session(CK_SESSION_HANDLE *); 682*7c478bd9Sstevel@tonic-gate #endif 683*7c478bd9Sstevel@tonic-gate 684*7c478bd9Sstevel@tonic-gate 685*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_read_message 686*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *); 687*7c478bd9Sstevel@tonic-gate 688*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_write_message 689*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *); 690*7c478bd9Sstevel@tonic-gate 691*7c478bd9Sstevel@tonic-gate krb5_error_code krb5int_get_fq_local_hostname (char *, size_t); 692*7c478bd9Sstevel@tonic-gate 693*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_os_init_context 694*7c478bd9Sstevel@tonic-gate (krb5_context); 695*7c478bd9Sstevel@tonic-gate 696*7c478bd9Sstevel@tonic-gate void krb5_os_free_context (krb5_context); 697*7c478bd9Sstevel@tonic-gate 698*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_find_config_files(void); 699*7c478bd9Sstevel@tonic-gate 700*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 701*7c478bd9Sstevel@tonic-gate /* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're 702*7c478bd9Sstevel@tonic-gate * going to use this structure. */ 703*7c478bd9Sstevel@tonic-gate struct addrlist { 704*7c478bd9Sstevel@tonic-gate struct addrinfo **addrs; 705*7c478bd9Sstevel@tonic-gate int naddrs; 706*7c478bd9Sstevel@tonic-gate int space; 707*7c478bd9Sstevel@tonic-gate }; 708*7c478bd9Sstevel@tonic-gate 709*7c478bd9Sstevel@tonic-gate #define ADDRLIST_INIT { 0, 0, 0 } 710*7c478bd9Sstevel@tonic-gate extern void krb5int_free_addrlist (struct addrlist *); 711*7c478bd9Sstevel@tonic-gate extern int krb5int_grow_addrlist (struct addrlist *, int); 712*7c478bd9Sstevel@tonic-gate extern int krb5int_add_host_to_list (struct addrlist *, const char *, 713*7c478bd9Sstevel@tonic-gate int, int, int, int); 714*7c478bd9Sstevel@tonic-gate 715*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_locate_srv_conf 716*7c478bd9Sstevel@tonic-gate (krb5_context, const krb5_data *, const char *, 717*7c478bd9Sstevel@tonic-gate struct sockaddr **, int*, int); 718*7c478bd9Sstevel@tonic-gate 719*7c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 720*7c478bd9Sstevel@tonic-gate /* no context? */ 721*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_locate_srv_dns 722*7c478bd9Sstevel@tonic-gate (const krb5_data *, const char *, 723*7c478bd9Sstevel@tonic-gate const char *, struct sockaddr **, int *, 724*7c478bd9Sstevel@tonic-gate char *, unsigned short *, boolean_t); 725*7c478bd9Sstevel@tonic-gate 726*7c478bd9Sstevel@tonic-gate int _krb5_conf_boolean(char *); 727*7c478bd9Sstevel@tonic-gate int _krb5_use_dns_kdc(krb5_context); 728*7c478bd9Sstevel@tonic-gate int _krb5_use_dns_realm(krb5_context); 729*7c478bd9Sstevel@tonic-gate 730*7c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 731*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 732*7c478bd9Sstevel@tonic-gate 733*7c478bd9Sstevel@tonic-gate #endif /* KRB5_LIBOS_PROTO__ */ 734*7c478bd9Sstevel@tonic-gate 735*7c478bd9Sstevel@tonic-gate /* new encryption provider api */ 736*7c478bd9Sstevel@tonic-gate 737*7c478bd9Sstevel@tonic-gate struct krb5_enc_provider { 738*7c478bd9Sstevel@tonic-gate void (*block_size) (size_t *output); 739*7c478bd9Sstevel@tonic-gate 740*7c478bd9Sstevel@tonic-gate /* keybytes is the input size to make_key; 741*7c478bd9Sstevel@tonic-gate keylength is the output size */ 742*7c478bd9Sstevel@tonic-gate void (*keysize) (size_t *keybytes, size_t *keylength); 743*7c478bd9Sstevel@tonic-gate 744*7c478bd9Sstevel@tonic-gate /* ivec == 0 is an all-zeros ivec */ 745*7c478bd9Sstevel@tonic-gate krb5_error_code (*encrypt) ( 746*7c478bd9Sstevel@tonic-gate krb5_context context, 747*7c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 748*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 749*7c478bd9Sstevel@tonic-gate 750*7c478bd9Sstevel@tonic-gate krb5_error_code (*decrypt) ( 751*7c478bd9Sstevel@tonic-gate krb5_context context, 752*7c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 753*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 754*7c478bd9Sstevel@tonic-gate 755*7c478bd9Sstevel@tonic-gate krb5_error_code (*make_key) 756*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_const krb5_data *, krb5_keyblock *); 757*7c478bd9Sstevel@tonic-gate 758*7c478bd9Sstevel@tonic-gate krb5_error_code (*init_state) (krb5_context, 759*7c478bd9Sstevel@tonic-gate const krb5_keyblock *, 760*7c478bd9Sstevel@tonic-gate krb5_keyusage, krb5_data *); 761*7c478bd9Sstevel@tonic-gate krb5_error_code (*free_state) (krb5_context, krb5_data *); 762*7c478bd9Sstevel@tonic-gate 763*7c478bd9Sstevel@tonic-gate }; 764*7c478bd9Sstevel@tonic-gate 765*7c478bd9Sstevel@tonic-gate struct krb5_hash_provider { 766*7c478bd9Sstevel@tonic-gate void (*hash_size) (size_t *output); 767*7c478bd9Sstevel@tonic-gate 768*7c478bd9Sstevel@tonic-gate void (*block_size) (size_t *output); 769*7c478bd9Sstevel@tonic-gate 770*7c478bd9Sstevel@tonic-gate /* this takes multiple inputs to avoid lots of copying. */ 771*7c478bd9Sstevel@tonic-gate krb5_error_code (*hash) (krb5_context context, 772*7c478bd9Sstevel@tonic-gate unsigned int icount, krb5_const krb5_data *input, 773*7c478bd9Sstevel@tonic-gate krb5_data *output); 774*7c478bd9Sstevel@tonic-gate }; 775*7c478bd9Sstevel@tonic-gate 776*7c478bd9Sstevel@tonic-gate struct krb5_keyhash_provider { 777*7c478bd9Sstevel@tonic-gate void (*hash_size) (size_t *output); 778*7c478bd9Sstevel@tonic-gate 779*7c478bd9Sstevel@tonic-gate krb5_error_code (*hash) ( 780*7c478bd9Sstevel@tonic-gate krb5_context context, 781*7c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, 782*7c478bd9Sstevel@tonic-gate krb5_keyusage keyusage, 783*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 784*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 785*7c478bd9Sstevel@tonic-gate 786*7c478bd9Sstevel@tonic-gate krb5_error_code (*verify) ( 787*7c478bd9Sstevel@tonic-gate krb5_context context, 788*7c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, 789*7c478bd9Sstevel@tonic-gate krb5_keyusage keyusage, 790*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 791*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, 792*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *hash, 793*7c478bd9Sstevel@tonic-gate krb5_boolean *valid); 794*7c478bd9Sstevel@tonic-gate 795*7c478bd9Sstevel@tonic-gate }; 796*7c478bd9Sstevel@tonic-gate 797*7c478bd9Sstevel@tonic-gate typedef void (*krb5_encrypt_length_func) ( 798*7c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, 799*7c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *hash, 800*7c478bd9Sstevel@tonic-gate size_t inputlen, size_t *length); 801*7c478bd9Sstevel@tonic-gate 802*7c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_crypt_func) ( 803*7c478bd9Sstevel@tonic-gate krb5_context context, 804*7c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, 805*7c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *hash, 806*7c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_keyusage usage, 807*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 808*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 809*7c478bd9Sstevel@tonic-gate 810*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 811*7c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_str2key_func) ( 812*7c478bd9Sstevel@tonic-gate krb5_context context, 813*7c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, krb5_const krb5_data *string, 814*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *salt, krb5_const krb5_data *params, 815*7c478bd9Sstevel@tonic-gate krb5_keyblock *key); 816*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 817*7c478bd9Sstevel@tonic-gate 818*7c478bd9Sstevel@tonic-gate struct krb5_keytypes { 819*7c478bd9Sstevel@tonic-gate krb5_enctype etype; 820*7c478bd9Sstevel@tonic-gate char *in_string; 821*7c478bd9Sstevel@tonic-gate char *out_string; 822*7c478bd9Sstevel@tonic-gate const struct krb5_enc_provider *enc; 823*7c478bd9Sstevel@tonic-gate const struct krb5_hash_provider *hash; 824*7c478bd9Sstevel@tonic-gate krb5_encrypt_length_func encrypt_len; 825*7c478bd9Sstevel@tonic-gate krb5_crypt_func encrypt; 826*7c478bd9Sstevel@tonic-gate krb5_crypt_func decrypt; 827*7c478bd9Sstevel@tonic-gate krb5_cksumtype required_ctype; 828*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 829*7c478bd9Sstevel@tonic-gate /* Solaris Kerberos: strings to key conversion not done in the kernel */ 830*7c478bd9Sstevel@tonic-gate krb5_str2key_func str2key; 831*7c478bd9Sstevel@tonic-gate #else /* _KERNEL */ 832*7c478bd9Sstevel@tonic-gate char *mt_e_name; 833*7c478bd9Sstevel@tonic-gate char *mt_h_name; 834*7c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cipher_mt; 835*7c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_hash_mt; 836*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 837*7c478bd9Sstevel@tonic-gate }; 838*7c478bd9Sstevel@tonic-gate 839*7c478bd9Sstevel@tonic-gate 840*7c478bd9Sstevel@tonic-gate struct krb5_cksumtypes { 841*7c478bd9Sstevel@tonic-gate krb5_cksumtype ctype; 842*7c478bd9Sstevel@tonic-gate unsigned int flags; 843*7c478bd9Sstevel@tonic-gate char *in_string; 844*7c478bd9Sstevel@tonic-gate char *out_string; 845*7c478bd9Sstevel@tonic-gate /* if the hash is keyed, this is the etype it is keyed with. 846*7c478bd9Sstevel@tonic-gate Actually, it can be keyed by any etype which has the same 847*7c478bd9Sstevel@tonic-gate enc_provider as the specified etype. DERIVE checksums can 848*7c478bd9Sstevel@tonic-gate be keyed with any valid etype. */ 849*7c478bd9Sstevel@tonic-gate krb5_enctype keyed_etype; 850*7c478bd9Sstevel@tonic-gate /* I can't statically initialize a union, so I'm just going to use 851*7c478bd9Sstevel@tonic-gate two pointers here. The keyhash is used if non-NULL. If NULL, 852*7c478bd9Sstevel@tonic-gate then HMAC/hash with derived keys is used if the relevant flag 853*7c478bd9Sstevel@tonic-gate is set. Otherwise, a non-keyed hash is computed. This is all 854*7c478bd9Sstevel@tonic-gate kind of messy, but so is the krb5 api. */ 855*7c478bd9Sstevel@tonic-gate const struct krb5_keyhash_provider *keyhash; 856*7c478bd9Sstevel@tonic-gate const struct krb5_hash_provider *hash; 857*7c478bd9Sstevel@tonic-gate /* This just gets uglier and uglier. In the key derivation case, 858*7c478bd9Sstevel@tonic-gate we produce an hmac. To make the hmac code work, we can't hack 859*7c478bd9Sstevel@tonic-gate the output size indicated by the hash provider, but we may want 860*7c478bd9Sstevel@tonic-gate a truncated hmac. If we want truncation, this is the number of 861*7c478bd9Sstevel@tonic-gate bytes we truncate to; it should be 0 otherwise. */ 862*7c478bd9Sstevel@tonic-gate unsigned int trunc_size; 863*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 864*7c478bd9Sstevel@tonic-gate char *mt_c_name; 865*7c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cksum_mt; 866*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 867*7c478bd9Sstevel@tonic-gate }; 868*7c478bd9Sstevel@tonic-gate 869*7c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_DERIVE 0x0001 870*7c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002 871*7c478bd9Sstevel@tonic-gate 872*7c478bd9Sstevel@tonic-gate krb5_error_code krb5int_des_init_state( 873*7c478bd9Sstevel@tonic-gate krb5_context, 874*7c478bd9Sstevel@tonic-gate const krb5_keyblock *, 875*7c478bd9Sstevel@tonic-gate krb5_keyusage, krb5_data *); 876*7c478bd9Sstevel@tonic-gate 877*7c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_mandatory_cksumtype( 878*7c478bd9Sstevel@tonic-gate krb5_context, 879*7c478bd9Sstevel@tonic-gate krb5_enctype, 880*7c478bd9Sstevel@tonic-gate krb5_cksumtype *); 881*7c478bd9Sstevel@tonic-gate 882*7c478bd9Sstevel@tonic-gate /* 883*7c478bd9Sstevel@tonic-gate * normally to free a cipher_state you can just memset the length to zero and 884*7c478bd9Sstevel@tonic-gate * free it. 885*7c478bd9Sstevel@tonic-gate */ 886*7c478bd9Sstevel@tonic-gate krb5_error_code krb5int_default_free_state(krb5_context, krb5_data *); 887*7c478bd9Sstevel@tonic-gate 888*7c478bd9Sstevel@tonic-gate /* 889*7c478bd9Sstevel@tonic-gate * Combine two keys (normally used by the hardware preauth mechanism) 890*7c478bd9Sstevel@tonic-gate */ 891*7c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_combine_keys 892*7c478bd9Sstevel@tonic-gate (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2, 893*7c478bd9Sstevel@tonic-gate krb5_keyblock *outkey); 894*7c478bd9Sstevel@tonic-gate /* 895*7c478bd9Sstevel@tonic-gate * in here to deal with stuff from lib/crypto 896*7c478bd9Sstevel@tonic-gate */ 897*7c478bd9Sstevel@tonic-gate 898*7c478bd9Sstevel@tonic-gate void krb5_nfold (int inbits, krb5_const unsigned char *in, 899*7c478bd9Sstevel@tonic-gate int outbits, unsigned char *out); 900*7c478bd9Sstevel@tonic-gate 901*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 902*7c478bd9Sstevel@tonic-gate 903*7c478bd9Sstevel@tonic-gate int k5_ef_crypto( 904*7c478bd9Sstevel@tonic-gate const char *, char *, 905*7c478bd9Sstevel@tonic-gate long, krb5_keyblock *, 906*7c478bd9Sstevel@tonic-gate krb5_data *, int); 907*7c478bd9Sstevel@tonic-gate 908*7c478bd9Sstevel@tonic-gate krb5_error_code 909*7c478bd9Sstevel@tonic-gate krb5_hmac(krb5_context, const krb5_keyblock *, 910*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *, krb5_data *); 911*7c478bd9Sstevel@tonic-gate 912*7c478bd9Sstevel@tonic-gate #else 913*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_hmac 914*7c478bd9Sstevel@tonic-gate (krb5_context, 915*7c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *, 916*7c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, krb5_const unsigned int, 917*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *, krb5_data *); 918*7c478bd9Sstevel@tonic-gate 919*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 920*7c478bd9Sstevel@tonic-gate 921*7c478bd9Sstevel@tonic-gate krb5_error_code krb5int_pbkdf2_hmac_sha1 (krb5_context, 922*7c478bd9Sstevel@tonic-gate const krb5_data *, 923*7c478bd9Sstevel@tonic-gate unsigned long, 924*7c478bd9Sstevel@tonic-gate krb5_enctype, 925*7c478bd9Sstevel@tonic-gate const krb5_data *, 926*7c478bd9Sstevel@tonic-gate const krb5_data *); 927*7c478bd9Sstevel@tonic-gate 928*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_crypto_us_timeofday 929*7c478bd9Sstevel@tonic-gate (krb5_int32 *, krb5_int32 *); 930*7c478bd9Sstevel@tonic-gate 931*7c478bd9Sstevel@tonic-gate /* this helper fct is in libkrb5, but it makes sense declared here. */ 932*7c478bd9Sstevel@tonic-gate 933*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_helper 934*7c478bd9Sstevel@tonic-gate (krb5_context context, krb5_const krb5_keyblock *key, 935*7c478bd9Sstevel@tonic-gate krb5_keyusage usage, krb5_const krb5_data *plain, 936*7c478bd9Sstevel@tonic-gate krb5_enc_data *cipher); 937*7c478bd9Sstevel@tonic-gate 938*7c478bd9Sstevel@tonic-gate /* 939*7c478bd9Sstevel@tonic-gate * End "los-proto.h" 940*7c478bd9Sstevel@tonic-gate */ 941*7c478bd9Sstevel@tonic-gate 942*7c478bd9Sstevel@tonic-gate /* 943*7c478bd9Sstevel@tonic-gate * Include the KDB definitions. 944*7c478bd9Sstevel@tonic-gate */ 945*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 946*7c478bd9Sstevel@tonic-gate #include <krb5/kdb.h> 947*7c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 948*7c478bd9Sstevel@tonic-gate /* 949*7c478bd9Sstevel@tonic-gate * Begin "libos.h" 950*7c478bd9Sstevel@tonic-gate */ 951*7c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS__ 952*7c478bd9Sstevel@tonic-gate #define KRB5_LIBOS__ 953*7c478bd9Sstevel@tonic-gate 954*7c478bd9Sstevel@tonic-gate typedef struct _krb5_os_context { 955*7c478bd9Sstevel@tonic-gate krb5_magic magic; 956*7c478bd9Sstevel@tonic-gate krb5_int32 time_offset; 957*7c478bd9Sstevel@tonic-gate krb5_int32 usec_offset; 958*7c478bd9Sstevel@tonic-gate krb5_int32 os_flags; 959*7c478bd9Sstevel@tonic-gate char * default_ccname; 960*7c478bd9Sstevel@tonic-gate krb5_principal default_ccprincipal; 961*7c478bd9Sstevel@tonic-gate } *krb5_os_context; 962*7c478bd9Sstevel@tonic-gate 963*7c478bd9Sstevel@tonic-gate /* 964*7c478bd9Sstevel@tonic-gate * Flags for the os_flags field 965*7c478bd9Sstevel@tonic-gate * 966*7c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_VALID means that the time offset fields are valid. 967*7c478bd9Sstevel@tonic-gate * The intention is that this facility to correct the system clocks so 968*7c478bd9Sstevel@tonic-gate * that they reflect the "real" time, for systems where for some 969*7c478bd9Sstevel@tonic-gate * reason we can't set the system clock. Instead we calculate the 970*7c478bd9Sstevel@tonic-gate * offset between the system time and real time, and store the offset 971*7c478bd9Sstevel@tonic-gate * in the os context so that we can correct the system clock as necessary. 972*7c478bd9Sstevel@tonic-gate * 973*7c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_TIME means that the time offset fields should be 974*7c478bd9Sstevel@tonic-gate * returned as the time by the krb5 time routines. This should only 975*7c478bd9Sstevel@tonic-gate * be used for testing purposes (obviously!) 976*7c478bd9Sstevel@tonic-gate */ 977*7c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_VALID 1 978*7c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_TIME 2 979*7c478bd9Sstevel@tonic-gate 980*7c478bd9Sstevel@tonic-gate /* lock mode flags */ 981*7c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_SHARED 0x0001 982*7c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_EXCLUSIVE 0x0002 983*7c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_DONTBLOCK 0x0004 984*7c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_UNLOCK 0x0008 985*7c478bd9Sstevel@tonic-gate 986*7c478bd9Sstevel@tonic-gate #endif /* KRB5_LIBOS__ */ 987*7c478bd9Sstevel@tonic-gate /* 988*7c478bd9Sstevel@tonic-gate * End "libos.h" 989*7c478bd9Sstevel@tonic-gate */ 990*7c478bd9Sstevel@tonic-gate 991*7c478bd9Sstevel@tonic-gate /* 992*7c478bd9Sstevel@tonic-gate * Define our view of the size of a DES key. 993*7c478bd9Sstevel@tonic-gate */ 994*7c478bd9Sstevel@tonic-gate #define KRB5_MIT_DES_KEYSIZE 8 995*7c478bd9Sstevel@tonic-gate 996*7c478bd9Sstevel@tonic-gate /* 997*7c478bd9Sstevel@tonic-gate * Define a couple of SHA1 constants 998*7c478bd9Sstevel@tonic-gate */ 999*7c478bd9Sstevel@tonic-gate #define SHS_DATASIZE 64 1000*7c478bd9Sstevel@tonic-gate #define SHS_DIGESTSIZE 20 1001*7c478bd9Sstevel@tonic-gate 1002*7c478bd9Sstevel@tonic-gate /* 1003*7c478bd9Sstevel@tonic-gate * Check if des_int.h has been included before us. If so, then check to see 1004*7c478bd9Sstevel@tonic-gate * that our view of the DES key size is the same as des_int.h's. 1005*7c478bd9Sstevel@tonic-gate */ 1006*7c478bd9Sstevel@tonic-gate #ifdef MIT_DES_KEYSIZE 1007*7c478bd9Sstevel@tonic-gate #if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE 1008*7c478bd9Sstevel@tonic-gate error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) 1009*7c478bd9Sstevel@tonic-gate #endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ 1010*7c478bd9Sstevel@tonic-gate #endif /* MIT_DES_KEYSIZE */ 1011*7c478bd9Sstevel@tonic-gate 1012*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 1013*7c478bd9Sstevel@tonic-gate /* Solaris Kerberos: only define PROVIDE_DES3_CBC_SHA if the following are 1014*7c478bd9Sstevel@tonic-gate * defined. 1015*7c478bd9Sstevel@tonic-gate */ 1016*7c478bd9Sstevel@tonic-gate #define PROVIDE_DES3_CBC_SHA 1 1017*7c478bd9Sstevel@tonic-gate #define PROVIDE_NIST_SHA 1 1018*7c478bd9Sstevel@tonic-gate 1019*7c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 1020*7c478bd9Sstevel@tonic-gate 1021*7c478bd9Sstevel@tonic-gate /* 1022*7c478bd9Sstevel@tonic-gate * Begin "preauth.h" 1023*7c478bd9Sstevel@tonic-gate * 1024*7c478bd9Sstevel@tonic-gate * (Originally written by Glen Machin at Sandia Labs.) 1025*7c478bd9Sstevel@tonic-gate */ 1026*7c478bd9Sstevel@tonic-gate /* 1027*7c478bd9Sstevel@tonic-gate * Sandia National Laboratories also makes no representations about the 1028*7c478bd9Sstevel@tonic-gate * suitability of the modifications, or additions to this software for 1029*7c478bd9Sstevel@tonic-gate * any purpose. It is provided "as is" without express or implied warranty. 1030*7c478bd9Sstevel@tonic-gate * 1031*7c478bd9Sstevel@tonic-gate */ 1032*7c478bd9Sstevel@tonic-gate #ifndef KRB5_PREAUTH__ 1033*7c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH__ 1034*7c478bd9Sstevel@tonic-gate 1035*7c478bd9Sstevel@tonic-gate typedef struct _krb5_pa_enc_ts { 1036*7c478bd9Sstevel@tonic-gate krb5_timestamp patimestamp; 1037*7c478bd9Sstevel@tonic-gate krb5_int32 pausec; 1038*7c478bd9Sstevel@tonic-gate } krb5_pa_enc_ts; 1039*7c478bd9Sstevel@tonic-gate 1040*7c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_obtain_proc) 1041*7c478bd9Sstevel@tonic-gate (krb5_context, 1042*7c478bd9Sstevel@tonic-gate krb5_pa_data *, 1043*7c478bd9Sstevel@tonic-gate krb5_etype_info, 1044*7c478bd9Sstevel@tonic-gate krb5_keyblock *, 1045*7c478bd9Sstevel@tonic-gate krb5_error_code ( * )(krb5_context, 1046*7c478bd9Sstevel@tonic-gate krb5_const krb5_enctype, 1047*7c478bd9Sstevel@tonic-gate krb5_data *, 1048*7c478bd9Sstevel@tonic-gate krb5_const_pointer, 1049*7c478bd9Sstevel@tonic-gate krb5_keyblock **), 1050*7c478bd9Sstevel@tonic-gate krb5_const_pointer, 1051*7c478bd9Sstevel@tonic-gate krb5_creds *, 1052*7c478bd9Sstevel@tonic-gate krb5_kdc_req *, 1053*7c478bd9Sstevel@tonic-gate krb5_pa_data **); 1054*7c478bd9Sstevel@tonic-gate 1055*7c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_process_proc) 1056*7c478bd9Sstevel@tonic-gate (krb5_context, 1057*7c478bd9Sstevel@tonic-gate krb5_pa_data *, 1058*7c478bd9Sstevel@tonic-gate krb5_kdc_req *, 1059*7c478bd9Sstevel@tonic-gate krb5_kdc_rep *, 1060*7c478bd9Sstevel@tonic-gate krb5_error_code ( * )(krb5_context, 1061*7c478bd9Sstevel@tonic-gate krb5_const krb5_enctype, 1062*7c478bd9Sstevel@tonic-gate krb5_data *, 1063*7c478bd9Sstevel@tonic-gate krb5_const_pointer, 1064*7c478bd9Sstevel@tonic-gate krb5_keyblock **), 1065*7c478bd9Sstevel@tonic-gate krb5_const_pointer, 1066*7c478bd9Sstevel@tonic-gate krb5_error_code ( * )(krb5_context, 1067*7c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, 1068*7c478bd9Sstevel@tonic-gate krb5_const_pointer, 1069*7c478bd9Sstevel@tonic-gate krb5_kdc_rep * ), 1070*7c478bd9Sstevel@tonic-gate krb5_keyblock **, 1071*7c478bd9Sstevel@tonic-gate krb5_creds *, 1072*7c478bd9Sstevel@tonic-gate krb5_int32 *, 1073*7c478bd9Sstevel@tonic-gate krb5_int32 *); 1074*7c478bd9Sstevel@tonic-gate 1075*7c478bd9Sstevel@tonic-gate typedef struct _krb5_preauth_ops { 1076*7c478bd9Sstevel@tonic-gate krb5_magic magic; 1077*7c478bd9Sstevel@tonic-gate int type; 1078*7c478bd9Sstevel@tonic-gate int flags; 1079*7c478bd9Sstevel@tonic-gate krb5_preauth_obtain_proc obtain; 1080*7c478bd9Sstevel@tonic-gate krb5_preauth_process_proc process; 1081*7c478bd9Sstevel@tonic-gate } krb5_preauth_ops; 1082*7c478bd9Sstevel@tonic-gate 1083*7c478bd9Sstevel@tonic-gate void krb5_free_etype_info (krb5_context, krb5_etype_info); 1084*7c478bd9Sstevel@tonic-gate 1085*7c478bd9Sstevel@tonic-gate /* 1086*7c478bd9Sstevel@tonic-gate * Preauthentication property flags 1087*7c478bd9Sstevel@tonic-gate */ 1088*7c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001 1089*7c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002 1090*7c478bd9Sstevel@tonic-gate 1091*7c478bd9Sstevel@tonic-gate #endif /* KRB5_PREAUTH__ */ 1092*7c478bd9Sstevel@tonic-gate /* 1093*7c478bd9Sstevel@tonic-gate * End "preauth.h" 1094*7c478bd9Sstevel@tonic-gate */ 1095*7c478bd9Sstevel@tonic-gate 1096*7c478bd9Sstevel@tonic-gate krb5_error_code 1097*7c478bd9Sstevel@tonic-gate krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *); 1098*7c478bd9Sstevel@tonic-gate 1099*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL /* needed for lib/krb5/krb/ */ 1100*7c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_gic_get_as_key_fct) 1101*7c478bd9Sstevel@tonic-gate (krb5_context, 1102*7c478bd9Sstevel@tonic-gate krb5_principal, 1103*7c478bd9Sstevel@tonic-gate krb5_enctype, 1104*7c478bd9Sstevel@tonic-gate krb5_prompter_fct, 1105*7c478bd9Sstevel@tonic-gate void *prompter_data, 1106*7c478bd9Sstevel@tonic-gate krb5_data *salt, 1107*7c478bd9Sstevel@tonic-gate krb5_data *s2kparams, 1108*7c478bd9Sstevel@tonic-gate krb5_keyblock *as_key, 1109*7c478bd9Sstevel@tonic-gate void *gak_data); 1110*7c478bd9Sstevel@tonic-gate 1111*7c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV 1112*7c478bd9Sstevel@tonic-gate krb5_get_init_creds 1113*7c478bd9Sstevel@tonic-gate (krb5_context context, 1114*7c478bd9Sstevel@tonic-gate krb5_creds *creds, 1115*7c478bd9Sstevel@tonic-gate krb5_principal client, 1116*7c478bd9Sstevel@tonic-gate krb5_prompter_fct prompter, 1117*7c478bd9Sstevel@tonic-gate void *prompter_data, 1118*7c478bd9Sstevel@tonic-gate krb5_deltat start_time, 1119*7c478bd9Sstevel@tonic-gate char *in_tkt_service, 1120*7c478bd9Sstevel@tonic-gate krb5_get_init_creds_opt *options, 1121*7c478bd9Sstevel@tonic-gate krb5_gic_get_as_key_fct gak, 1122*7c478bd9Sstevel@tonic-gate void *gak_data, 1123*7c478bd9Sstevel@tonic-gate int master, 1124*7c478bd9Sstevel@tonic-gate krb5_kdc_rep **as_reply); 1125*7c478bd9Sstevel@tonic-gate 1126*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_do_preauth 1127*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_kdc_req *, 1128*7c478bd9Sstevel@tonic-gate krb5_pa_data **, krb5_pa_data ***, 1129*7c478bd9Sstevel@tonic-gate krb5_data *, krb5_data *, krb5_enctype *, 1130*7c478bd9Sstevel@tonic-gate krb5_keyblock *, 1131*7c478bd9Sstevel@tonic-gate krb5_prompter_fct, void *, 1132*7c478bd9Sstevel@tonic-gate krb5_gic_get_as_key_fct, void *); 1133*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 1134*7c478bd9Sstevel@tonic-gate 1135*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge 1136*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge * ); 1137*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2 1138*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2 * ); 1139*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body 1140*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2_body *); 1141*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response 1142*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response * ); 1143*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2 1144*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response_2 * ); 1145*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response 1146*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_predicted_sam_response * ); 1147*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc 1148*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc * ); 1149*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2 1150*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc_2 * ); 1151*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_contents 1152*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge * ); 1153*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_contents 1154*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2 * ); 1155*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents 1156*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2_body * ); 1157*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_contents 1158*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response * ); 1159*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2_contents 1160*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response_2 *); 1161*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response_contents 1162*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_predicted_sam_response * ); 1163*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents 1164*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc * ); 1165*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents 1166*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc_2 * ); 1167*7c478bd9Sstevel@tonic-gate 1168*7c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_pa_enc_ts 1169*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_pa_enc_ts *); 1170*7c478bd9Sstevel@tonic-gate 1171*7c478bd9Sstevel@tonic-gate /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ 1172*7c478bd9Sstevel@tonic-gate /* 1173*7c478bd9Sstevel@tonic-gate * Solaris Kerberos: moved from sendto_kdc.c so other code can reference 1174*7c478bd9Sstevel@tonic-gate */ 1175*7c478bd9Sstevel@tonic-gate #define DEFAULT_UDP_PREF_LIMIT 1465 1176*7c478bd9Sstevel@tonic-gate 1177*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 1178*7c478bd9Sstevel@tonic-gate #include "profile.h" 1179*7c478bd9Sstevel@tonic-gate #include <strings.h> 1180*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 1181*7c478bd9Sstevel@tonic-gate 1182*7c478bd9Sstevel@tonic-gate #define KEY_CHANGED(k1, k2) \ 1183*7c478bd9Sstevel@tonic-gate (k1 == NULL || \ 1184*7c478bd9Sstevel@tonic-gate k1 != k2 || \ 1185*7c478bd9Sstevel@tonic-gate k1->enctype != k2->enctype || \ 1186*7c478bd9Sstevel@tonic-gate k1->length != k2->length || \ 1187*7c478bd9Sstevel@tonic-gate bcmp(k1->contents, k2->contents, k1->length)) 1188*7c478bd9Sstevel@tonic-gate 1189*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 1190*7c478bd9Sstevel@tonic-gate typedef struct _arcfour_ctx { 1191*7c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE eSession; /* encrypt session handle */ 1192*7c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE dSession; /* decrypt session handle */ 1193*7c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE eKey; /* encrypt key object */ 1194*7c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE dKey; /* decrype key object */ 1195*7c478bd9Sstevel@tonic-gate uchar_t initialized; 1196*7c478bd9Sstevel@tonic-gate }arcfour_ctx_rec; 1197*7c478bd9Sstevel@tonic-gate 1198*7c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 1199*7c478bd9Sstevel@tonic-gate 1200*7c478bd9Sstevel@tonic-gate struct _krb5_context { 1201*7c478bd9Sstevel@tonic-gate krb5_magic magic; 1202*7c478bd9Sstevel@tonic-gate krb5_enctype *in_tkt_ktypes; 1203*7c478bd9Sstevel@tonic-gate int in_tkt_ktype_count; 1204*7c478bd9Sstevel@tonic-gate krb5_enctype *tgs_ktypes; 1205*7c478bd9Sstevel@tonic-gate int tgs_ktype_count; 1206*7c478bd9Sstevel@tonic-gate void *os_context; 1207*7c478bd9Sstevel@tonic-gate char *default_realm; 1208*7c478bd9Sstevel@tonic-gate int ser_ctx_count; 1209*7c478bd9Sstevel@tonic-gate krb5_boolean profile_secure; 1210*7c478bd9Sstevel@tonic-gate void *ser_ctx; 1211*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 1212*7c478bd9Sstevel@tonic-gate profile_t profile; 1213*7c478bd9Sstevel@tonic-gate void *db_context; 1214*7c478bd9Sstevel@tonic-gate void *kdblog_context; 1215*7c478bd9Sstevel@tonic-gate /* allowable clock skew */ 1216*7c478bd9Sstevel@tonic-gate krb5_deltat clockskew; 1217*7c478bd9Sstevel@tonic-gate krb5_cksumtype kdc_req_sumtype; 1218*7c478bd9Sstevel@tonic-gate krb5_cksumtype default_ap_req_sumtype; 1219*7c478bd9Sstevel@tonic-gate krb5_cksumtype default_safe_sumtype; 1220*7c478bd9Sstevel@tonic-gate krb5_flags kdc_default_options; 1221*7c478bd9Sstevel@tonic-gate krb5_flags library_options; 1222*7c478bd9Sstevel@tonic-gate int fcc_default_format; 1223*7c478bd9Sstevel@tonic-gate int scc_default_format; 1224*7c478bd9Sstevel@tonic-gate krb5_prompt_type *prompt_types; 1225*7c478bd9Sstevel@tonic-gate /* Message size above which we'll try TCP first in send-to-kdc 1226*7c478bd9Sstevel@tonic-gate type code. Aside from the 2**16 size limit, we put no 1227*7c478bd9Sstevel@tonic-gate absolute limit on the UDP packet size. */ 1228*7c478bd9Sstevel@tonic-gate int udp_pref_limit; 1229*7c478bd9Sstevel@tonic-gate 1230*7c478bd9Sstevel@tonic-gate /* This is the tgs_ktypes list as read from the profile, or 1231*7c478bd9Sstevel@tonic-gate set to compiled-in defaults. The application code cannot 1232*7c478bd9Sstevel@tonic-gate override it. This is used for session keys for 1233*7c478bd9Sstevel@tonic-gate intermediate ticket-granting tickets used to acquire the 1234*7c478bd9Sstevel@tonic-gate requested ticket (the session key of which may be 1235*7c478bd9Sstevel@tonic-gate constrained by tgs_ktypes above). */ 1236*7c478bd9Sstevel@tonic-gate krb5_enctype *conf_tgs_ktypes; 1237*7c478bd9Sstevel@tonic-gate int conf_tgs_ktypes_count; 1238*7c478bd9Sstevel@tonic-gate 1239*7c478bd9Sstevel@tonic-gate /* Use the _configured version? */ 1240*7c478bd9Sstevel@tonic-gate krb5_boolean use_conf_ktypes; 1241*7c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 1242*7c478bd9Sstevel@tonic-gate krb5_boolean profile_in_memory; 1243*7c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 1244*7c478bd9Sstevel@tonic-gate 1245*7c478bd9Sstevel@tonic-gate pid_t pid; /* fork safety: PID of process that did last PKCS11 init */ 1246*7c478bd9Sstevel@tonic-gate 1247*7c478bd9Sstevel@tonic-gate /* Solaris Kerberos: handles for PKCS#11 crypto */ 1248*7c478bd9Sstevel@tonic-gate /* 1249*7c478bd9Sstevel@tonic-gate * Warning, do not access hSession directly as this is not fork() safe. 1250*7c478bd9Sstevel@tonic-gate * Instead use the krb_ctx_hSession() macro below. 1251*7c478bd9Sstevel@tonic-gate */ 1252*7c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE hSession; 1253*7c478bd9Sstevel@tonic-gate int cryptoki_initialized; 1254*7c478bd9Sstevel@tonic-gate 1255*7c478bd9Sstevel@tonic-gate /* arcfour_ctx: used only for rcmd stuff so no fork safety issues apply */ 1256*7c478bd9Sstevel@tonic-gate arcfour_ctx_rec arcfour_ctx; 1257*7c478bd9Sstevel@tonic-gate #else /* ! KERNEL */ 1258*7c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cipher_mt; 1259*7c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_hash_mt; 1260*7c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cksum_mt; 1261*7c478bd9Sstevel@tonic-gate #endif /* ! KERNEL */ 1262*7c478bd9Sstevel@tonic-gate }; 1263*7c478bd9Sstevel@tonic-gate 1264*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 1265*7c478bd9Sstevel@tonic-gate extern pid_t __krb5_current_pid; 1266*7c478bd9Sstevel@tonic-gate 1267*7c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE krb5_reinit_ef_handle(krb5_context); 1268*7c478bd9Sstevel@tonic-gate 1269*7c478bd9Sstevel@tonic-gate /* 1270*7c478bd9Sstevel@tonic-gate * fork safety: barring the ef_init code, every other function must use the 1271*7c478bd9Sstevel@tonic-gate * krb_ctx_hSession() macro to access the hSession field in a krb context. 1272*7c478bd9Sstevel@tonic-gate * Note, if the pid of the krb ctx == the current global pid then it is safe to 1273*7c478bd9Sstevel@tonic-gate * use the ctx hSession otherwise it needs to be re-inited before it is returned 1274*7c478bd9Sstevel@tonic-gate * to the caller. 1275*7c478bd9Sstevel@tonic-gate */ 1276*7c478bd9Sstevel@tonic-gate #define krb_ctx_hSession(ctx) \ 1277*7c478bd9Sstevel@tonic-gate ((ctx)->pid == __krb5_current_pid) ? (ctx)->hSession : krb5_reinit_ef_handle((ctx)) 1278*7c478bd9Sstevel@tonic-gate #endif 1279*7c478bd9Sstevel@tonic-gate 1280*7c478bd9Sstevel@tonic-gate #define MD5_CKSUM_LENGTH 16 1281*7c478bd9Sstevel@tonic-gate #define RSA_MD5_CKSUM_LENGTH 16 1282*7c478bd9Sstevel@tonic-gate #define MD5_BLOCKSIZE 64 1283*7c478bd9Sstevel@tonic-gate 1284*7c478bd9Sstevel@tonic-gate 1285*7c478bd9Sstevel@tonic-gate /* 1286*7c478bd9Sstevel@tonic-gate * Solaris Kerberos: 1287*7c478bd9Sstevel@tonic-gate * This next section of prototypes and constants 1288*7c478bd9Sstevel@tonic-gate * are all unique to the Solaris Kerberos implementation. 1289*7c478bd9Sstevel@tonic-gate * Because Solaris uses the native encryption framework 1290*7c478bd9Sstevel@tonic-gate * to provide crypto support, the following routines 1291*7c478bd9Sstevel@tonic-gate * are needed to support this system. 1292*7c478bd9Sstevel@tonic-gate */ 1293*7c478bd9Sstevel@tonic-gate 1294*7c478bd9Sstevel@tonic-gate /* 1295*7c478bd9Sstevel@tonic-gate * Begin Solaris Crypto Prototypes 1296*7c478bd9Sstevel@tonic-gate */ 1297*7c478bd9Sstevel@tonic-gate 1298*7c478bd9Sstevel@tonic-gate /* 1299*7c478bd9Sstevel@tonic-gate * define constants that are used for creating the constant 1300*7c478bd9Sstevel@tonic-gate * which is used to make derived keys. 1301*7c478bd9Sstevel@tonic-gate */ 1302*7c478bd9Sstevel@tonic-gate #define DK_ENCR_KEY_BYTE 0xAA 1303*7c478bd9Sstevel@tonic-gate #define DK_HASH_KEY_BYTE 0x55 1304*7c478bd9Sstevel@tonic-gate #define DK_CKSUM_KEY_BYTE 0x99 1305*7c478bd9Sstevel@tonic-gate 1306*7c478bd9Sstevel@tonic-gate int init_derived_keydata(krb5_context, const struct krb5_enc_provider *, 1307*7c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyusage, 1308*7c478bd9Sstevel@tonic-gate krb5_keyblock **, krb5_keyblock **); 1309*7c478bd9Sstevel@tonic-gate 1310*7c478bd9Sstevel@tonic-gate krb5_error_code add_derived_key(krb5_keyblock *, krb5_keyusage, uchar_t, 1311*7c478bd9Sstevel@tonic-gate krb5_keyblock *); 1312*7c478bd9Sstevel@tonic-gate 1313*7c478bd9Sstevel@tonic-gate krb5_keyblock *find_derived_key(krb5_keyusage, uchar_t, krb5_keyblock *); 1314*7c478bd9Sstevel@tonic-gate krb5_keyblock *krb5_create_derived_keyblock(int); 1315*7c478bd9Sstevel@tonic-gate 1316*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 1317*7c478bd9Sstevel@tonic-gate int k5_ef_hash(krb5_context, int, const krb5_data *, krb5_data *); 1318*7c478bd9Sstevel@tonic-gate 1319*7c478bd9Sstevel@tonic-gate int k5_ef_mac(krb5_context, krb5_keyblock *, krb5_data *, 1320*7c478bd9Sstevel@tonic-gate const krb5_data *, krb5_data *); 1321*7c478bd9Sstevel@tonic-gate 1322*7c478bd9Sstevel@tonic-gate void make_kef_key(krb5_keyblock *); 1323*7c478bd9Sstevel@tonic-gate int init_key_kef(crypto_mech_type_t, krb5_keyblock *); 1324*7c478bd9Sstevel@tonic-gate int update_key_template(krb5_keyblock *); 1325*7c478bd9Sstevel@tonic-gate void setup_kef_keytypes(); 1326*7c478bd9Sstevel@tonic-gate void setup_kef_cksumtypes(); 1327*7c478bd9Sstevel@tonic-gate crypto_mech_type_t get_cipher_mech_type(krb5_context, krb5_keyblock *); 1328*7c478bd9Sstevel@tonic-gate crypto_mech_type_t get_hash_mech_type(krb5_context, krb5_keyblock *); 1329*7c478bd9Sstevel@tonic-gate 1330*7c478bd9Sstevel@tonic-gate #else 1331*7c478bd9Sstevel@tonic-gate /* 1332*7c478bd9Sstevel@tonic-gate * This structure is used to map Kerberos supported OID's, 1333*7c478bd9Sstevel@tonic-gate * to PKCS11 mechanisms 1334*7c478bd9Sstevel@tonic-gate */ 1335*7c478bd9Sstevel@tonic-gate #define USE_ENCR 0x01 1336*7c478bd9Sstevel@tonic-gate #define USE_HASH 0x02 1337*7c478bd9Sstevel@tonic-gate 1338*7c478bd9Sstevel@tonic-gate typedef struct krb5_mech_2_pkcs { 1339*7c478bd9Sstevel@tonic-gate uchar_t flags; 1340*7c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE enc_algo; 1341*7c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE hash_algo; 1342*7c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE str2key_algo; 1343*7c478bd9Sstevel@tonic-gate } KRB5_MECH_TO_PKCS; 1344*7c478bd9Sstevel@tonic-gate 1345*7c478bd9Sstevel@tonic-gate #define ENC_DEFINED(x) (((x).flags & USE_ENCR)) 1346*7c478bd9Sstevel@tonic-gate #define HASH_DEFINED(x) (((x).flags & USE_HASH)) 1347*7c478bd9Sstevel@tonic-gate 1348*7c478bd9Sstevel@tonic-gate extern CK_RV get_algo(krb5_enctype etype, KRB5_MECH_TO_PKCS * algos); 1349*7c478bd9Sstevel@tonic-gate extern CK_RV get_key_type (krb5_enctype etype, CK_KEY_TYPE * keyType); 1350*7c478bd9Sstevel@tonic-gate extern krb5_error_code slot_supports_krb5 (CK_SLOT_ID_PTR slotid); 1351*7c478bd9Sstevel@tonic-gate 1352*7c478bd9Sstevel@tonic-gate krb5_error_code init_key_uef(CK_SESSION_HANDLE, krb5_keyblock *); 1353*7c478bd9Sstevel@tonic-gate 1354*7c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_hash(krb5_context, CK_MECHANISM *, 1355*7c478bd9Sstevel@tonic-gate unsigned int, const krb5_data *, krb5_data *); 1356*7c478bd9Sstevel@tonic-gate 1357*7c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_mac(krb5_context context, 1358*7c478bd9Sstevel@tonic-gate krb5_keyblock *key, krb5_data *ivec, 1359*7c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 1360*7c478bd9Sstevel@tonic-gate 1361*7c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 1362*7c478bd9Sstevel@tonic-gate 1363*7c478bd9Sstevel@tonic-gate krb5_error_code 1364*7c478bd9Sstevel@tonic-gate derive_3des_keys(krb5_context, struct krb5_enc_provider *, 1365*7c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyusage, 1366*7c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyblock *); 1367*7c478bd9Sstevel@tonic-gate 1368*7c478bd9Sstevel@tonic-gate /* 1369*7c478bd9Sstevel@tonic-gate * End Solaris Crypto Prototypes 1370*7c478bd9Sstevel@tonic-gate */ 1371*7c478bd9Sstevel@tonic-gate 1372*7c478bd9Sstevel@tonic-gate #define KRB5_LIBOPT_SYNC_KDCTIME 0x0001 1373*7c478bd9Sstevel@tonic-gate 1374*7c478bd9Sstevel@tonic-gate /* 1375*7c478bd9Sstevel@tonic-gate * Begin "asn1.h" 1376*7c478bd9Sstevel@tonic-gate */ 1377*7c478bd9Sstevel@tonic-gate #ifndef KRB5_ASN1__ 1378*7c478bd9Sstevel@tonic-gate #define KRB5_ASN1__ 1379*7c478bd9Sstevel@tonic-gate 1380*7c478bd9Sstevel@tonic-gate /* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */ 1381*7c478bd9Sstevel@tonic-gate /* here we use some knowledge of ASN.1 encodings */ 1382*7c478bd9Sstevel@tonic-gate /* 1383*7c478bd9Sstevel@tonic-gate Ticket is APPLICATION 1. 1384*7c478bd9Sstevel@tonic-gate Authenticator is APPLICATION 2. 1385*7c478bd9Sstevel@tonic-gate AS_REQ is APPLICATION 10. 1386*7c478bd9Sstevel@tonic-gate AS_REP is APPLICATION 11. 1387*7c478bd9Sstevel@tonic-gate TGS_REQ is APPLICATION 12. 1388*7c478bd9Sstevel@tonic-gate TGS_REP is APPLICATION 13. 1389*7c478bd9Sstevel@tonic-gate AP_REQ is APPLICATION 14. 1390*7c478bd9Sstevel@tonic-gate AP_REP is APPLICATION 15. 1391*7c478bd9Sstevel@tonic-gate KRB_SAFE is APPLICATION 20. 1392*7c478bd9Sstevel@tonic-gate KRB_PRIV is APPLICATION 21. 1393*7c478bd9Sstevel@tonic-gate KRB_CRED is APPLICATION 22. 1394*7c478bd9Sstevel@tonic-gate EncASRepPart is APPLICATION 25. 1395*7c478bd9Sstevel@tonic-gate EncTGSRepPart is APPLICATION 26. 1396*7c478bd9Sstevel@tonic-gate EncAPRepPart is APPLICATION 27. 1397*7c478bd9Sstevel@tonic-gate EncKrbPrivPart is APPLICATION 28. 1398*7c478bd9Sstevel@tonic-gate EncKrbCredPart is APPLICATION 29. 1399*7c478bd9Sstevel@tonic-gate KRB_ERROR is APPLICATION 30. 1400*7c478bd9Sstevel@tonic-gate */ 1401*7c478bd9Sstevel@tonic-gate /* allow either constructed or primitive encoding, so check for bit 6 1402*7c478bd9Sstevel@tonic-gate set or reset */ 1403*7c478bd9Sstevel@tonic-gate #define krb5_is_krb_ticket(dat)\ 1404*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\ 1405*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x41)) 1406*7c478bd9Sstevel@tonic-gate #define krb5_is_krb_authenticator(dat)\ 1407*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\ 1408*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x42)) 1409*7c478bd9Sstevel@tonic-gate #define krb5_is_as_req(dat)\ 1410*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\ 1411*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4a)) 1412*7c478bd9Sstevel@tonic-gate #define krb5_is_as_rep(dat)\ 1413*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\ 1414*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4b)) 1415*7c478bd9Sstevel@tonic-gate #define krb5_is_tgs_req(dat)\ 1416*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\ 1417*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4c)) 1418*7c478bd9Sstevel@tonic-gate #define krb5_is_tgs_rep(dat)\ 1419*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\ 1420*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4d)) 1421*7c478bd9Sstevel@tonic-gate #define krb5_is_ap_req(dat)\ 1422*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\ 1423*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4e)) 1424*7c478bd9Sstevel@tonic-gate #define krb5_is_ap_rep(dat)\ 1425*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\ 1426*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4f)) 1427*7c478bd9Sstevel@tonic-gate #define krb5_is_krb_safe(dat)\ 1428*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\ 1429*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x54)) 1430*7c478bd9Sstevel@tonic-gate #define krb5_is_krb_priv(dat)\ 1431*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\ 1432*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x55)) 1433*7c478bd9Sstevel@tonic-gate #define krb5_is_krb_cred(dat)\ 1434*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\ 1435*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x56)) 1436*7c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_as_rep_part(dat)\ 1437*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\ 1438*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x59)) 1439*7c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_tgs_rep_part(dat)\ 1440*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\ 1441*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5a)) 1442*7c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_ap_rep_part(dat)\ 1443*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\ 1444*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5b)) 1445*7c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_priv_part(dat)\ 1446*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\ 1447*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5c)) 1448*7c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_cred_part(dat)\ 1449*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\ 1450*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5d)) 1451*7c478bd9Sstevel@tonic-gate #define krb5_is_krb_error(dat)\ 1452*7c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\ 1453*7c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5e)) 1454*7c478bd9Sstevel@tonic-gate 1455*7c478bd9Sstevel@tonic-gate /************************************************************************* 1456*7c478bd9Sstevel@tonic-gate * Prototypes for krb5_encode.c 1457*7c478bd9Sstevel@tonic-gate *************************************************************************/ 1458*7c478bd9Sstevel@tonic-gate 1459*7c478bd9Sstevel@tonic-gate /* 1460*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_structure(const krb5_structure *rep, 1461*7c478bd9Sstevel@tonic-gate krb5_data **code); 1462*7c478bd9Sstevel@tonic-gate modifies *code 1463*7c478bd9Sstevel@tonic-gate effects Returns the ASN.1 encoding of *rep in **code. 1464*7c478bd9Sstevel@tonic-gate Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep. 1465*7c478bd9Sstevel@tonic-gate Returns ENOMEM if memory runs out. 1466*7c478bd9Sstevel@tonic-gate */ 1467*7c478bd9Sstevel@tonic-gate 1468*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authenticator 1469*7c478bd9Sstevel@tonic-gate (const krb5_authenticator *rep, krb5_data **code); 1470*7c478bd9Sstevel@tonic-gate 1471*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ticket 1472*7c478bd9Sstevel@tonic-gate (const krb5_ticket *rep, krb5_data **code); 1473*7c478bd9Sstevel@tonic-gate 1474*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_encryption_key 1475*7c478bd9Sstevel@tonic-gate (const krb5_keyblock *rep, krb5_data **code); 1476*7c478bd9Sstevel@tonic-gate 1477*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_tkt_part 1478*7c478bd9Sstevel@tonic-gate (const krb5_enc_tkt_part *rep, krb5_data **code); 1479*7c478bd9Sstevel@tonic-gate 1480*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_kdc_rep_part 1481*7c478bd9Sstevel@tonic-gate (const krb5_enc_kdc_rep_part *rep, krb5_data **code); 1482*7c478bd9Sstevel@tonic-gate 1483*7c478bd9Sstevel@tonic-gate /* yes, the translation is identical to that used for KDC__REP */ 1484*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_rep 1485*7c478bd9Sstevel@tonic-gate (const krb5_kdc_rep *rep, krb5_data **code); 1486*7c478bd9Sstevel@tonic-gate 1487*7c478bd9Sstevel@tonic-gate /* yes, the translation is identical to that used for KDC__REP */ 1488*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_rep 1489*7c478bd9Sstevel@tonic-gate (const krb5_kdc_rep *rep, krb5_data **code); 1490*7c478bd9Sstevel@tonic-gate 1491*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_req 1492*7c478bd9Sstevel@tonic-gate (const krb5_ap_req *rep, krb5_data **code); 1493*7c478bd9Sstevel@tonic-gate 1494*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep 1495*7c478bd9Sstevel@tonic-gate (const krb5_ap_rep *rep, krb5_data **code); 1496*7c478bd9Sstevel@tonic-gate 1497*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep_enc_part 1498*7c478bd9Sstevel@tonic-gate (const krb5_ap_rep_enc_part *rep, krb5_data **code); 1499*7c478bd9Sstevel@tonic-gate 1500*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_req 1501*7c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 1502*7c478bd9Sstevel@tonic-gate 1503*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_req 1504*7c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 1505*7c478bd9Sstevel@tonic-gate 1506*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_kdc_req_body 1507*7c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 1508*7c478bd9Sstevel@tonic-gate 1509*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe 1510*7c478bd9Sstevel@tonic-gate (const krb5_safe *rep, krb5_data **code); 1511*7c478bd9Sstevel@tonic-gate 1512*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe_with_body 1513*7c478bd9Sstevel@tonic-gate (const krb5_safe *rep, const krb5_data *body, krb5_data **code); 1514*7c478bd9Sstevel@tonic-gate 1515*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_priv 1516*7c478bd9Sstevel@tonic-gate (const krb5_priv *rep, krb5_data **code); 1517*7c478bd9Sstevel@tonic-gate 1518*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_priv_part 1519*7c478bd9Sstevel@tonic-gate (const krb5_priv_enc_part *rep, krb5_data **code); 1520*7c478bd9Sstevel@tonic-gate 1521*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_cred 1522*7c478bd9Sstevel@tonic-gate (const krb5_cred *rep, krb5_data **code); 1523*7c478bd9Sstevel@tonic-gate 1524*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_cred_part 1525*7c478bd9Sstevel@tonic-gate (const krb5_cred_enc_part *rep, krb5_data **code); 1526*7c478bd9Sstevel@tonic-gate 1527*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_error 1528*7c478bd9Sstevel@tonic-gate (const krb5_error *rep, krb5_data **code); 1529*7c478bd9Sstevel@tonic-gate 1530*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authdata 1531*7c478bd9Sstevel@tonic-gate (const krb5_authdata **rep, krb5_data **code); 1532*7c478bd9Sstevel@tonic-gate 1533*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_sequence 1534*7c478bd9Sstevel@tonic-gate (const passwd_phrase_element *rep, krb5_data **code); 1535*7c478bd9Sstevel@tonic-gate 1536*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_data 1537*7c478bd9Sstevel@tonic-gate (const krb5_pwd_data *rep, krb5_data **code); 1538*7c478bd9Sstevel@tonic-gate 1539*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_padata_sequence 1540*7c478bd9Sstevel@tonic-gate (const krb5_pa_data ** rep, krb5_data **code); 1541*7c478bd9Sstevel@tonic-gate 1542*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_alt_method 1543*7c478bd9Sstevel@tonic-gate (const krb5_alt_method *, krb5_data **code); 1544*7c478bd9Sstevel@tonic-gate 1545*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info 1546*7c478bd9Sstevel@tonic-gate (const krb5_etype_info_entry **, krb5_data **code); 1547*7c478bd9Sstevel@tonic-gate 1548*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info2 1549*7c478bd9Sstevel@tonic-gate (const krb5_etype_info_entry **, krb5_data **code); 1550*7c478bd9Sstevel@tonic-gate 1551*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_data 1552*7c478bd9Sstevel@tonic-gate (const krb5_enc_data *, krb5_data **); 1553*7c478bd9Sstevel@tonic-gate 1554*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pa_enc_ts 1555*7c478bd9Sstevel@tonic-gate (const krb5_pa_enc_ts *, krb5_data **); 1556*7c478bd9Sstevel@tonic-gate 1557*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge 1558*7c478bd9Sstevel@tonic-gate (const krb5_sam_challenge * , krb5_data **); 1559*7c478bd9Sstevel@tonic-gate 1560*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_key 1561*7c478bd9Sstevel@tonic-gate (const krb5_sam_key * , krb5_data **); 1562*7c478bd9Sstevel@tonic-gate 1563*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc 1564*7c478bd9Sstevel@tonic-gate (const krb5_enc_sam_response_enc * , krb5_data **); 1565*7c478bd9Sstevel@tonic-gate 1566*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response 1567*7c478bd9Sstevel@tonic-gate (const krb5_sam_response * , krb5_data **); 1568*7c478bd9Sstevel@tonic-gate 1569*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_predicted_sam_response 1570*7c478bd9Sstevel@tonic-gate (const krb5_predicted_sam_response * , krb5_data **); 1571*7c478bd9Sstevel@tonic-gate 1572*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2 1573*7c478bd9Sstevel@tonic-gate (const krb5_sam_challenge_2 * , krb5_data **); 1574*7c478bd9Sstevel@tonic-gate 1575*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2_body 1576*7c478bd9Sstevel@tonic-gate (const krb5_sam_challenge_2_body * , krb5_data **); 1577*7c478bd9Sstevel@tonic-gate 1578*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc_2 1579*7c478bd9Sstevel@tonic-gate (const krb5_enc_sam_response_enc_2 * , krb5_data **); 1580*7c478bd9Sstevel@tonic-gate 1581*7c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response_2 1582*7c478bd9Sstevel@tonic-gate (const krb5_sam_response_2 * , krb5_data **); 1583*7c478bd9Sstevel@tonic-gate 1584*7c478bd9Sstevel@tonic-gate /************************************************************************* 1585*7c478bd9Sstevel@tonic-gate * End of prototypes for krb5_encode.c 1586*7c478bd9Sstevel@tonic-gate *************************************************************************/ 1587*7c478bd9Sstevel@tonic-gate 1588*7c478bd9Sstevel@tonic-gate /************************************************************************* 1589*7c478bd9Sstevel@tonic-gate * Prototypes for krb5_decode.c 1590*7c478bd9Sstevel@tonic-gate *************************************************************************/ 1591*7c478bd9Sstevel@tonic-gate 1592*7c478bd9Sstevel@tonic-gate /* 1593*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_structure(const krb5_data *code, 1594*7c478bd9Sstevel@tonic-gate krb5_structure **rep); 1595*7c478bd9Sstevel@tonic-gate 1596*7c478bd9Sstevel@tonic-gate requires Expects **rep to not have been allocated; 1597*7c478bd9Sstevel@tonic-gate a new *rep is allocated regardless of the old value. 1598*7c478bd9Sstevel@tonic-gate effects Decodes *code into **rep. 1599*7c478bd9Sstevel@tonic-gate Returns ENOMEM if memory is exhausted. 1600*7c478bd9Sstevel@tonic-gate Returns asn1 and krb5 errors. 1601*7c478bd9Sstevel@tonic-gate */ 1602*7c478bd9Sstevel@tonic-gate 1603*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authenticator 1604*7c478bd9Sstevel@tonic-gate (const krb5_data *code, krb5_authenticator **rep); 1605*7c478bd9Sstevel@tonic-gate 1606*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ticket 1607*7c478bd9Sstevel@tonic-gate (const krb5_data *code, krb5_ticket **rep); 1608*7c478bd9Sstevel@tonic-gate 1609*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_encryption_key 1610*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_keyblock **rep); 1611*7c478bd9Sstevel@tonic-gate 1612*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_tkt_part 1613*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_tkt_part **rep); 1614*7c478bd9Sstevel@tonic-gate 1615*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_kdc_rep_part 1616*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_kdc_rep_part **rep); 1617*7c478bd9Sstevel@tonic-gate 1618*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_rep 1619*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_rep **rep); 1620*7c478bd9Sstevel@tonic-gate 1621*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_rep 1622*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_rep **rep); 1623*7c478bd9Sstevel@tonic-gate 1624*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_req 1625*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_req **rep); 1626*7c478bd9Sstevel@tonic-gate 1627*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep 1628*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_rep **rep); 1629*7c478bd9Sstevel@tonic-gate 1630*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep_enc_part 1631*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_rep_enc_part **rep); 1632*7c478bd9Sstevel@tonic-gate 1633*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_req 1634*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 1635*7c478bd9Sstevel@tonic-gate 1636*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_req 1637*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 1638*7c478bd9Sstevel@tonic-gate 1639*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_kdc_req_body 1640*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 1641*7c478bd9Sstevel@tonic-gate 1642*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe 1643*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_safe **rep); 1644*7c478bd9Sstevel@tonic-gate 1645*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe_with_body 1646*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_safe **rep, krb5_data *body); 1647*7c478bd9Sstevel@tonic-gate 1648*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_priv 1649*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_priv **rep); 1650*7c478bd9Sstevel@tonic-gate 1651*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_priv_part 1652*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_priv_enc_part **rep); 1653*7c478bd9Sstevel@tonic-gate 1654*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_cred 1655*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_cred **rep); 1656*7c478bd9Sstevel@tonic-gate 1657*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_cred_part 1658*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_cred_enc_part **rep); 1659*7c478bd9Sstevel@tonic-gate 1660*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_error 1661*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_error **rep); 1662*7c478bd9Sstevel@tonic-gate 1663*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authdata 1664*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_authdata ***rep); 1665*7c478bd9Sstevel@tonic-gate 1666*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_sequence 1667*7c478bd9Sstevel@tonic-gate (const krb5_data *output, passwd_phrase_element **rep); 1668*7c478bd9Sstevel@tonic-gate 1669*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_data 1670*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pwd_data **rep); 1671*7c478bd9Sstevel@tonic-gate 1672*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_padata_sequence 1673*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pa_data ***rep); 1674*7c478bd9Sstevel@tonic-gate 1675*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_alt_method 1676*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_alt_method **rep); 1677*7c478bd9Sstevel@tonic-gate 1678*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info 1679*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_etype_info_entry ***rep); 1680*7c478bd9Sstevel@tonic-gate 1681*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info2 1682*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_etype_info_entry ***rep); 1683*7c478bd9Sstevel@tonic-gate 1684*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_data 1685*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_data **rep); 1686*7c478bd9Sstevel@tonic-gate 1687*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pa_enc_ts 1688*7c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pa_enc_ts **rep); 1689*7c478bd9Sstevel@tonic-gate 1690*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge 1691*7c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_challenge **); 1692*7c478bd9Sstevel@tonic-gate 1693*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_key 1694*7c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_key **); 1695*7c478bd9Sstevel@tonic-gate 1696*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_sam_response_enc 1697*7c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_enc_sam_response_enc **); 1698*7c478bd9Sstevel@tonic-gate 1699*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_response 1700*7c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_response **); 1701*7c478bd9Sstevel@tonic-gate 1702*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_predicted_sam_response 1703*7c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_predicted_sam_response **); 1704*7c478bd9Sstevel@tonic-gate 1705*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge_2 1706*7c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_challenge_2 **); 1707*7c478bd9Sstevel@tonic-gate 1708*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge_2_body 1709*7c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_challenge_2_body **); 1710*7c478bd9Sstevel@tonic-gate 1711*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_sam_response_enc_2 1712*7c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_enc_sam_response_enc_2 **); 1713*7c478bd9Sstevel@tonic-gate 1714*7c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_response_2 1715*7c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_response_2 **); 1716*7c478bd9Sstevel@tonic-gate 1717*7c478bd9Sstevel@tonic-gate 1718*7c478bd9Sstevel@tonic-gate /************************************************************************* 1719*7c478bd9Sstevel@tonic-gate * End of prototypes for krb5_decode.c 1720*7c478bd9Sstevel@tonic-gate *************************************************************************/ 1721*7c478bd9Sstevel@tonic-gate 1722*7c478bd9Sstevel@tonic-gate #endif /* KRB5_ASN1__ */ 1723*7c478bd9Sstevel@tonic-gate /* 1724*7c478bd9Sstevel@tonic-gate * End "asn1.h" 1725*7c478bd9Sstevel@tonic-gate */ 1726*7c478bd9Sstevel@tonic-gate 1727*7c478bd9Sstevel@tonic-gate 1728*7c478bd9Sstevel@tonic-gate /* 1729*7c478bd9Sstevel@tonic-gate * Internal krb5 library routines 1730*7c478bd9Sstevel@tonic-gate */ 1731*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_tkt_part 1732*7c478bd9Sstevel@tonic-gate (krb5_context, 1733*7c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, 1734*7c478bd9Sstevel@tonic-gate krb5_ticket *); 1735*7c478bd9Sstevel@tonic-gate 1736*7c478bd9Sstevel@tonic-gate 1737*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_encode_kdc_rep 1738*7c478bd9Sstevel@tonic-gate (krb5_context, 1739*7c478bd9Sstevel@tonic-gate krb5_const krb5_msgtype, 1740*7c478bd9Sstevel@tonic-gate krb5_const krb5_enc_kdc_rep_part *, 1741*7c478bd9Sstevel@tonic-gate int using_subkey, 1742*7c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, 1743*7c478bd9Sstevel@tonic-gate krb5_kdc_rep *, 1744*7c478bd9Sstevel@tonic-gate krb5_data ** ); 1745*7c478bd9Sstevel@tonic-gate 1746*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_validate_times 1747*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_ticket_times *); 1748*7c478bd9Sstevel@tonic-gate 1749*7c478bd9Sstevel@tonic-gate /* 1750*7c478bd9Sstevel@tonic-gate * [De]Serialization Handle and operations. 1751*7c478bd9Sstevel@tonic-gate */ 1752*7c478bd9Sstevel@tonic-gate struct __krb5_serializer { 1753*7c478bd9Sstevel@tonic-gate krb5_magic odtype; 1754*7c478bd9Sstevel@tonic-gate krb5_error_code (*sizer) (krb5_context, 1755*7c478bd9Sstevel@tonic-gate krb5_pointer, 1756*7c478bd9Sstevel@tonic-gate size_t *); 1757*7c478bd9Sstevel@tonic-gate krb5_error_code (*externalizer) (krb5_context, 1758*7c478bd9Sstevel@tonic-gate krb5_pointer, 1759*7c478bd9Sstevel@tonic-gate krb5_octet **, 1760*7c478bd9Sstevel@tonic-gate size_t *); 1761*7c478bd9Sstevel@tonic-gate krb5_error_code (*internalizer) (krb5_context, 1762*7c478bd9Sstevel@tonic-gate krb5_pointer *, 1763*7c478bd9Sstevel@tonic-gate krb5_octet **, 1764*7c478bd9Sstevel@tonic-gate size_t *); 1765*7c478bd9Sstevel@tonic-gate }; 1766*7c478bd9Sstevel@tonic-gate typedef struct __krb5_serializer * krb5_ser_handle; 1767*7c478bd9Sstevel@tonic-gate typedef struct __krb5_serializer krb5_ser_entry; 1768*7c478bd9Sstevel@tonic-gate 1769*7c478bd9Sstevel@tonic-gate krb5_ser_handle krb5_find_serializer 1770*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_magic); 1771*7c478bd9Sstevel@tonic-gate 1772*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_register_serializer 1773*7c478bd9Sstevel@tonic-gate (krb5_context, const krb5_ser_entry *); 1774*7c478bd9Sstevel@tonic-gate 1775*7c478bd9Sstevel@tonic-gate /* Determine the external size of a particular opaque structure */ 1776*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_size_opaque 1777*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_magic, krb5_pointer, size_t *); 1778*7c478bd9Sstevel@tonic-gate 1779*7c478bd9Sstevel@tonic-gate /* Serialize the structure into a buffer */ 1780*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_externalize_opaque 1781*7c478bd9Sstevel@tonic-gate (krb5_context, 1782*7c478bd9Sstevel@tonic-gate krb5_magic, 1783*7c478bd9Sstevel@tonic-gate krb5_pointer, 1784*7c478bd9Sstevel@tonic-gate krb5_octet * *, 1785*7c478bd9Sstevel@tonic-gate size_t *); 1786*7c478bd9Sstevel@tonic-gate 1787*7c478bd9Sstevel@tonic-gate /* Deserialize the structure from a buffer */ 1788*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_internalize_opaque 1789*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_magic, krb5_pointer *, 1790*7c478bd9Sstevel@tonic-gate krb5_octet * *, size_t *); 1791*7c478bd9Sstevel@tonic-gate 1792*7c478bd9Sstevel@tonic-gate /* Serialize data into a buffer */ 1793*7c478bd9Sstevel@tonic-gate krb5_error_code krb5_externalize_data 1794*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_octet **, size_t *); 1795*7c478bd9Sstevel@tonic-gate /* 1796*7c478bd9Sstevel@tonic-gate * Initialization routines. 1797*7c478bd9Sstevel@tonic-gate */ 1798*7c478bd9Sstevel@tonic-gate 1799*7c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_[os_]context */ 1800*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_context_init 1801*7c478bd9Sstevel@tonic-gate (krb5_context); 1802*7c478bd9Sstevel@tonic-gate 1803*7c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_auth_context */ 1804*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init 1805*7c478bd9Sstevel@tonic-gate (krb5_context); 1806*7c478bd9Sstevel@tonic-gate 1807*7c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_keytab */ 1808*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init 1809*7c478bd9Sstevel@tonic-gate (krb5_context); 1810*7c478bd9Sstevel@tonic-gate 1811*7c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_ccache */ 1812*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init 1813*7c478bd9Sstevel@tonic-gate (krb5_context); 1814*7c478bd9Sstevel@tonic-gate 1815*7c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_rcache */ 1816*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init 1817*7c478bd9Sstevel@tonic-gate (krb5_context); 1818*7c478bd9Sstevel@tonic-gate 1819*7c478bd9Sstevel@tonic-gate /* [De]serialize 4-byte integer */ 1820*7c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32 1821*7c478bd9Sstevel@tonic-gate (krb5_int32, krb5_octet * *, size_t *); 1822*7c478bd9Sstevel@tonic-gate 1823*7c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64 1824*7c478bd9Sstevel@tonic-gate (krb5_int64, krb5_octet * *, size_t *); 1825*7c478bd9Sstevel@tonic-gate 1826*7c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32 1827*7c478bd9Sstevel@tonic-gate (krb5_int32 *, krb5_octet **, size_t *); 1828*7c478bd9Sstevel@tonic-gate 1829*7c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64 1830*7c478bd9Sstevel@tonic-gate (krb5_int64 *, krb5_octet **, size_t *); 1831*7c478bd9Sstevel@tonic-gate 1832*7c478bd9Sstevel@tonic-gate /* [De]serialize byte string */ 1833*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes 1834*7c478bd9Sstevel@tonic-gate (krb5_octet *, 1835*7c478bd9Sstevel@tonic-gate size_t, krb5_octet * *, size_t *); 1836*7c478bd9Sstevel@tonic-gate 1837*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes 1838*7c478bd9Sstevel@tonic-gate (krb5_octet *, 1839*7c478bd9Sstevel@tonic-gate size_t, krb5_octet * *, size_t *); 1840*7c478bd9Sstevel@tonic-gate 1841*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5int_cc_default 1842*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_ccache *); 1843*7c478bd9Sstevel@tonic-gate 1844*7c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default 1845*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *); 1846*7c478bd9Sstevel@tonic-gate 1847*7c478bd9Sstevel@tonic-gate void krb5int_set_prompt_types 1848*7c478bd9Sstevel@tonic-gate (krb5_context, krb5_prompt_type *); 1849*7c478bd9Sstevel@tonic-gate 1850*7c478bd9Sstevel@tonic-gate krb5_error_code 1851*7c478bd9Sstevel@tonic-gate krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context, 1852*7c478bd9Sstevel@tonic-gate krb5_keyblock * /* Old keyblock, not new! */); 1853*7c478bd9Sstevel@tonic-gate 1854*7c478bd9Sstevel@tonic-gate 1855*7c478bd9Sstevel@tonic-gate 1856*7c478bd9Sstevel@tonic-gate extern const struct krb5_hash_provider krb5int_hash_md5; 1857*7c478bd9Sstevel@tonic-gate extern const struct krb5_enc_provider krb5int_enc_arcfour; 1858*7c478bd9Sstevel@tonic-gate 1859*7c478bd9Sstevel@tonic-gate struct srv_dns_entry { 1860*7c478bd9Sstevel@tonic-gate struct srv_dns_entry *next; 1861*7c478bd9Sstevel@tonic-gate int priority; 1862*7c478bd9Sstevel@tonic-gate int weight; 1863*7c478bd9Sstevel@tonic-gate unsigned short port; 1864*7c478bd9Sstevel@tonic-gate char *host; 1865*7c478bd9Sstevel@tonic-gate }; 1866*7c478bd9Sstevel@tonic-gate 1867*7c478bd9Sstevel@tonic-gate krb5_error_code 1868*7c478bd9Sstevel@tonic-gate krb5int_make_srv_query_realm(const krb5_data *realm, 1869*7c478bd9Sstevel@tonic-gate const char *service, 1870*7c478bd9Sstevel@tonic-gate const char *protocol, 1871*7c478bd9Sstevel@tonic-gate struct srv_dns_entry **answers); 1872*7c478bd9Sstevel@tonic-gate void krb5int_free_srv_dns_data(struct srv_dns_entry *); 1873*7c478bd9Sstevel@tonic-gate 1874*7c478bd9Sstevel@tonic-gate /* 1875*7c478bd9Sstevel@tonic-gate * Convenience function for structure magic number 1876*7c478bd9Sstevel@tonic-gate */ 1877*7c478bd9Sstevel@tonic-gate #define KRB5_VERIFY_MAGIC(structure,magic_number) \ 1878*7c478bd9Sstevel@tonic-gate if ((structure)->magic != (magic_number)) return (magic_number); 1879*7c478bd9Sstevel@tonic-gate 1880*7c478bd9Sstevel@tonic-gate int krb5_seteuid (int); 1881*7c478bd9Sstevel@tonic-gate 1882*7c478bd9Sstevel@tonic-gate char * krb5_getenv(const char *); 1883*7c478bd9Sstevel@tonic-gate 1884*7c478bd9Sstevel@tonic-gate int krb5_setenv (const char *, const char *, int); 1885*7c478bd9Sstevel@tonic-gate 1886*7c478bd9Sstevel@tonic-gate void krb5_unsetenv (const char *); 1887*7c478bd9Sstevel@tonic-gate 1888*7c478bd9Sstevel@tonic-gate #endif /* _KRB5_INT_H */ 1889