17c478bd9Sstevel@tonic-gate /* 2c54c769dSwillf * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate /* 7fe598cdcSmp * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006 by the Massachusetts Institute of Technology, 87c478bd9Sstevel@tonic-gate * Cambridge, MA, USA. All Rights Reserved. 9*ab9b2e15Sgtb * 10*ab9b2e15Sgtb * This software is being provided to you, the LICENSEE, by the 11*ab9b2e15Sgtb * Massachusetts Institute of Technology (M.I.T.) under the following 12*ab9b2e15Sgtb * license. By obtaining, using and/or copying this software, you agree 13*ab9b2e15Sgtb * that you have read, understood, and will comply with these terms and 14*ab9b2e15Sgtb * conditions: 15*ab9b2e15Sgtb * 167c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 177c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 187c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 197c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 20*ab9b2e15Sgtb * 21*ab9b2e15Sgtb * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 22*ab9b2e15Sgtb * this software and its documentation for any purpose and without fee or 23*ab9b2e15Sgtb * royalty is hereby granted, provided that you agree to comply with the 24*ab9b2e15Sgtb * following copyright notice and statements, including the disclaimer, and 25*ab9b2e15Sgtb * that the same appear on ALL copies of the software and documentation, 26*ab9b2e15Sgtb * including modifications that you make for internal use or for 277c478bd9Sstevel@tonic-gate * distribution: 28*ab9b2e15Sgtb * 29*ab9b2e15Sgtb * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 30*ab9b2e15Sgtb * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not 31*ab9b2e15Sgtb * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 32*ab9b2e15Sgtb * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 33*ab9b2e15Sgtb * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 34*ab9b2e15Sgtb * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. 35*ab9b2e15Sgtb * 36*ab9b2e15Sgtb * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 37*ab9b2e15Sgtb * be used in advertising or publicity pertaining to distribution of the 38*ab9b2e15Sgtb * software. Title to copyright in this software and any associated 39*ab9b2e15Sgtb * documentation shall at all times remain with M.I.T., and USER agrees to 407c478bd9Sstevel@tonic-gate * preserve same. 41fe598cdcSmp * 42fe598cdcSmp * Furthermore if you modify this software you must label 43fe598cdcSmp * your software as modified software and not distribute it in such a 44fe598cdcSmp * fashion that it might be confused with the original M.I.T. software. 45fe598cdcSmp 46*ab9b2e15Sgtb */ 477c478bd9Sstevel@tonic-gate /* 487c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC. 497c478bd9Sstevel@tonic-gate * 507c478bd9Sstevel@tonic-gate * All rights reserved. 517c478bd9Sstevel@tonic-gate * 527c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require 537c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the 547c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to 557c478bd9Sstevel@tonic-gate * obtain such a license before exporting. 567c478bd9Sstevel@tonic-gate * 577c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 587c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 597c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 607c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 617c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 627c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining 637c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 647c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of 657c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 667c478bd9Sstevel@tonic-gate * or implied warranty. 677c478bd9Sstevel@tonic-gate * 687c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 697c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 707c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 717c478bd9Sstevel@tonic-gate */ 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate /* 747c478bd9Sstevel@tonic-gate * This prototype for k5-int.h (Krb5 internals include file) 757c478bd9Sstevel@tonic-gate * includes the user-visible definitions from krb5.h and then 767c478bd9Sstevel@tonic-gate * includes other definitions that are not user-visible but are 777c478bd9Sstevel@tonic-gate * required for compiling Kerberos internal routines. 787c478bd9Sstevel@tonic-gate * 797c478bd9Sstevel@tonic-gate * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995 807c478bd9Sstevel@tonic-gate */ 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate #ifndef _KRB5_INT_H 837c478bd9Sstevel@tonic-gate #define _KRB5_INT_H 847c478bd9Sstevel@tonic-gate 857c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate #ifndef _KERNEL 887c478bd9Sstevel@tonic-gate #include <osconf.h> 897c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 907c478bd9Sstevel@tonic-gate #else 917c478bd9Sstevel@tonic-gate #include <sys/crypto/common.h> 927c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h> 937c478bd9Sstevel@tonic-gate #endif 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate #ifdef DEBUG 967c478bd9Sstevel@tonic-gate #if !defined(KRB5_DEBUG) 977c478bd9Sstevel@tonic-gate #define KRB5_DEBUG 987c478bd9Sstevel@tonic-gate #endif 997c478bd9Sstevel@tonic-gate #ifndef KRB5_LOG_LVL 1007c478bd9Sstevel@tonic-gate #define KRB5_LOG_LVL KRB5_ERR 1017c478bd9Sstevel@tonic-gate #endif 1027c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 1037c478bd9Sstevel@tonic-gate 1047c478bd9Sstevel@tonic-gate #ifdef _KERNEL 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate #ifdef DEBUG 1077c478bd9Sstevel@tonic-gate #include <sys/types.h> 1087c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h> 1097c478bd9Sstevel@tonic-gate extern void prom_printf(); 1107c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate #define prom_printf printf 1157c478bd9Sstevel@tonic-gate 1167c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate #ifdef KRB5_LOG_LVL 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate /* krb5_log is used to set the logging level to determine what class of messages 1217c478bd9Sstevel@tonic-gate * are output by the mech. Note, more than one logging level can be used by 1227c478bd9Sstevel@tonic-gate * bit or'ing the log values together. 1237c478bd9Sstevel@tonic-gate * 1247c478bd9Sstevel@tonic-gate * All log messages are captured by syslog. 1257c478bd9Sstevel@tonic-gate */ 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate extern unsigned int krb5_log; 1287c478bd9Sstevel@tonic-gate 1297c478bd9Sstevel@tonic-gate /* Note, these defines should be mutually exclusive bit fields */ 1307c478bd9Sstevel@tonic-gate #define KRB5_ERR 1 /* Use this debug log level for error path logging. */ 1317c478bd9Sstevel@tonic-gate #define KRB5_INFO 2 /* Use this debug log level for informational messages. */ 1327c478bd9Sstevel@tonic-gate 1337c478bd9Sstevel@tonic-gate #ifdef _KERNEL 1347c478bd9Sstevel@tonic-gate 1357c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \ 1367c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C), (D)), TRUE))) 1377c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \ 1387c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C)), TRUE))) 1397c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \ 1407c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B)), TRUE))) 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate #include <syslog.h> 1457c478bd9Sstevel@tonic-gate 1467c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \ 1477c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1487c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C), (D)), TRUE))) 1497c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \ 1507c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1517c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C)), TRUE))) 1527c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \ 1537c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1547c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, B), TRUE))) 1557c478bd9Sstevel@tonic-gate 1567c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 1577c478bd9Sstevel@tonic-gate 1587c478bd9Sstevel@tonic-gate #else /* ! KRB5_LOG_LVL */ 1597c478bd9Sstevel@tonic-gate 1607c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) 1617c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) 1627c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) 1637c478bd9Sstevel@tonic-gate 1647c478bd9Sstevel@tonic-gate #endif /* KRB5_LOG_LVL */ 1657c478bd9Sstevel@tonic-gate 1667c478bd9Sstevel@tonic-gate #ifdef POSIX_TYPES 1677c478bd9Sstevel@tonic-gate #define timetype time_t 1687c478bd9Sstevel@tonic-gate #else 1697c478bd9Sstevel@tonic-gate #define timetype long 1707c478bd9Sstevel@tonic-gate #endif 1717c478bd9Sstevel@tonic-gate 1727c478bd9Sstevel@tonic-gate /* 1737c478bd9Sstevel@tonic-gate * Begin "k5-config.h" 1747c478bd9Sstevel@tonic-gate */ 1757c478bd9Sstevel@tonic-gate #ifndef KRB5_CONFIG__ 1767c478bd9Sstevel@tonic-gate #define KRB5_CONFIG__ 1777c478bd9Sstevel@tonic-gate 1787c478bd9Sstevel@tonic-gate /* 1797c478bd9Sstevel@tonic-gate * Machine-type definitions: PC Clone 386 running Microsoft Windows 1807c478bd9Sstevel@tonic-gate */ 1817c478bd9Sstevel@tonic-gate 182505d05c7Sgtb #if defined(_MSDOS) || defined(_WIN32) 1837c478bd9Sstevel@tonic-gate #include "win-mac.h" 1847c478bd9Sstevel@tonic-gate 1857c478bd9Sstevel@tonic-gate /* Kerberos Windows initialization file */ 1867c478bd9Sstevel@tonic-gate #define KERBEROS_INI "kerberos.ini" 1877c478bd9Sstevel@tonic-gate #define INI_FILES "Files" 1887c478bd9Sstevel@tonic-gate #define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */ 1897c478bd9Sstevel@tonic-gate #define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */ 1907c478bd9Sstevel@tonic-gate #define ANSI_STDIO 1917c478bd9Sstevel@tonic-gate #endif 1927c478bd9Sstevel@tonic-gate 1937c478bd9Sstevel@tonic-gate #ifndef _KERNEL 1947c478bd9Sstevel@tonic-gate #ifndef KRB5_AUTOCONF__ 1957c478bd9Sstevel@tonic-gate #define KRB5_AUTOCONF__ 1967c478bd9Sstevel@tonic-gate #include <autoconf.h> 1977c478bd9Sstevel@tonic-gate #endif 1987c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 1997c478bd9Sstevel@tonic-gate 2007c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__ 2017c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__ 2027c478bd9Sstevel@tonic-gate 2037c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TYPES_H /* From autoconf.h */ 2047c478bd9Sstevel@tonic-gate #include <sys/types.h> 2057c478bd9Sstevel@tonic-gate #else /* HAVE_SYS_TYPES_H */ 2067c478bd9Sstevel@tonic-gate #endif /* HAVE_SYS_TYPES_H */ 2077c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */ 2087c478bd9Sstevel@tonic-gate 209505d05c7Sgtb /* #include "k5-platform.h" SUNW XXX */ 210505d05c7Sgtb /* not used in krb5.h (yet) */ 2117c478bd9Sstevel@tonic-gate typedef uint64_t krb5_ui_8; 2127c478bd9Sstevel@tonic-gate typedef int64_t krb5_int64; 2137c478bd9Sstevel@tonic-gate 2147c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING1 "Enter password:" 2157c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING2 "Re-enter password for verification:" 2167c478bd9Sstevel@tonic-gate 2177c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ 2187c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_RLIFE (60*60*24*365) /* one year */ 2197c478bd9Sstevel@tonic-gate #define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */ 2207c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */ 2217c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_RENEW_LIFE 7*24*60*60 /* 7 Days */ 2227c478bd9Sstevel@tonic-gate 2237c478bd9Sstevel@tonic-gate /* 2247c478bd9Sstevel@tonic-gate * Windows requires a different api interface to each function. Here 2257c478bd9Sstevel@tonic-gate * just define it as NULL. 2267c478bd9Sstevel@tonic-gate */ 2277c478bd9Sstevel@tonic-gate #ifndef KRB5_CALLCONV 2287c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV 2297c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV_C 2307c478bd9Sstevel@tonic-gate #endif 2317c478bd9Sstevel@tonic-gate #ifndef O_BINARY 2327c478bd9Sstevel@tonic-gate #define O_BINARY 0 2337c478bd9Sstevel@tonic-gate #endif 2347c478bd9Sstevel@tonic-gate 2357c478bd9Sstevel@tonic-gate #endif /* KRB5_CONFIG__ */ 2367c478bd9Sstevel@tonic-gate 2377c478bd9Sstevel@tonic-gate /* 2387c478bd9Sstevel@tonic-gate * End "k5-config.h" 2397c478bd9Sstevel@tonic-gate */ 2407c478bd9Sstevel@tonic-gate 2417c478bd9Sstevel@tonic-gate /* 2427c478bd9Sstevel@tonic-gate * After loading the configuration definitions, load the Kerberos definitions. 2437c478bd9Sstevel@tonic-gate */ 244505d05c7Sgtb #ifndef _KERNEL 245505d05c7Sgtb #include <errno.h> 246505d05c7Sgtb #include "profile.h" 247505d05c7Sgtb #endif 248505d05c7Sgtb 2497c478bd9Sstevel@tonic-gate #include <krb5.h> 2507c478bd9Sstevel@tonic-gate 2517c478bd9Sstevel@tonic-gate #ifndef _KERNEL 252505d05c7Sgtb #if 1 /* def NEED_SOCKETS */ 2537c478bd9Sstevel@tonic-gate #include <port-sockets.h> 2547c478bd9Sstevel@tonic-gate #include <socket-utils.h> 2557c478bd9Sstevel@tonic-gate #else 2567c478bd9Sstevel@tonic-gate #ifndef SOCK_DGRAM 2577c478bd9Sstevel@tonic-gate struct sockaddr; 2587c478bd9Sstevel@tonic-gate #endif 2597c478bd9Sstevel@tonic-gate #endif 2607c478bd9Sstevel@tonic-gate #endif 2617c478bd9Sstevel@tonic-gate 262505d05c7Sgtb /* Get mutex support; currently used only for the replay cache. */ 263505d05c7Sgtb #include "k5-thread.h" 264505d05c7Sgtb 265fe598cdcSmp /* 266fe598cdcSmp * Solaris Kerberos: 267fe598cdcSmp * Define whether or not to do a reverse lookup when looking up a host in DNS. 268fe598cdcSmp */ 269fe598cdcSmp #define REV_LOOKUP 1 270fe598cdcSmp #define NO_REV_LOOKUP 0 271fe598cdcSmp 272505d05c7Sgtb 2737c478bd9Sstevel@tonic-gate /* krb5/krb5.h includes many other .h files in the krb5 subdirectory. 2747c478bd9Sstevel@tonic-gate The ones that it doesn't include, we include below. */ 2757c478bd9Sstevel@tonic-gate 2767c478bd9Sstevel@tonic-gate /* 2777c478bd9Sstevel@tonic-gate * Begin "k5-errors.h" 2787c478bd9Sstevel@tonic-gate */ 2797c478bd9Sstevel@tonic-gate #ifndef KRB5_ERRORS__ 2807c478bd9Sstevel@tonic-gate #define KRB5_ERRORS__ 2817c478bd9Sstevel@tonic-gate 2827c478bd9Sstevel@tonic-gate 2837c478bd9Sstevel@tonic-gate /* Error codes used in KRB_ERROR protocol messages. 2847c478bd9Sstevel@tonic-gate Return values of library routines are based on a different error table 2857c478bd9Sstevel@tonic-gate (which allows non-ambiguous error codes between subsystems) */ 2867c478bd9Sstevel@tonic-gate 2877c478bd9Sstevel@tonic-gate /* KDC errors */ 2887c478bd9Sstevel@tonic-gate #define KDC_ERR_NONE 0 /* No error */ 2897c478bd9Sstevel@tonic-gate #define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */ 2907c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */ 2917c478bd9Sstevel@tonic-gate #define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */ 2927c478bd9Sstevel@tonic-gate #define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */ 2937c478bd9Sstevel@tonic-gate #define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */ 2947c478bd9Sstevel@tonic-gate #define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */ 2957c478bd9Sstevel@tonic-gate #define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */ 2967c478bd9Sstevel@tonic-gate #define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */ 2977c478bd9Sstevel@tonic-gate #define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */ 2987c478bd9Sstevel@tonic-gate #define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */ 2997c478bd9Sstevel@tonic-gate #define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */ 3007c478bd9Sstevel@tonic-gate #define KDC_ERR_POLICY 12 /* KDC policy rejects request */ 3017c478bd9Sstevel@tonic-gate #define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */ 3027c478bd9Sstevel@tonic-gate #define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */ 3037c478bd9Sstevel@tonic-gate #define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */ 3047c478bd9Sstevel@tonic-gate #define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */ 3057c478bd9Sstevel@tonic-gate #define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */ 3067c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */ 3077c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */ 3087c478bd9Sstevel@tonic-gate #define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */ 3097c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */ 3107c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */ 3117c478bd9Sstevel@tonic-gate #define KDC_ERR_KEY_EXP 23 /* Password has expired */ 3127c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */ 3137c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */ 3147c478bd9Sstevel@tonic-gate /* required */ 3157c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */ 3167c478bd9Sstevel@tonic-gate /* ticket don't match*/ 3177c478bd9Sstevel@tonic-gate /* Application errors */ 3187c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */ 3197c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */ 3207c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */ 3217c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_REPEAT 34 /* Request is a replay */ 3227c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */ 3237c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */ 3247c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_SKEW 37 /* Clock skew too great */ 3257c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */ 3267c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */ 3277c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */ 3287c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */ 3297c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADORDER 42 /* Message out of order */ 3307c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */ 3317c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOKEY 45 /* Service key not available */ 3327c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */ 3337c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */ 3347c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_METHOD 48 /* Alternative authentication */ 3357c478bd9Sstevel@tonic-gate /* method required */ 3367c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */ 3377c478bd9Sstevel@tonic-gate /* in message */ 3387c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */ 3397c478bd9Sstevel@tonic-gate /* checksum in message */ 3407c478bd9Sstevel@tonic-gate #define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */ 3417c478bd9Sstevel@tonic-gate #define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */ 3427c478bd9Sstevel@tonic-gate /* retry with TCP */ 3437c478bd9Sstevel@tonic-gate 3447c478bd9Sstevel@tonic-gate /* other errors */ 3457c478bd9Sstevel@tonic-gate #define KRB_ERR_GENERIC 60 /* Generic error (description */ 3467c478bd9Sstevel@tonic-gate /* in e-text) */ 3477c478bd9Sstevel@tonic-gate #define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */ 3487c478bd9Sstevel@tonic-gate 3497c478bd9Sstevel@tonic-gate #endif /* KRB5_ERRORS__ */ 3507c478bd9Sstevel@tonic-gate /* 3517c478bd9Sstevel@tonic-gate * End "k5-errors.h" 3527c478bd9Sstevel@tonic-gate */ 3537c478bd9Sstevel@tonic-gate 3547c478bd9Sstevel@tonic-gate /* 3557c478bd9Sstevel@tonic-gate * This structure is returned in the e-data field of the KRB-ERROR 3567c478bd9Sstevel@tonic-gate * message when the error calling for an alternative form of 3577c478bd9Sstevel@tonic-gate * authentication is returned, KRB_AP_METHOD. 3587c478bd9Sstevel@tonic-gate */ 3597c478bd9Sstevel@tonic-gate typedef struct _krb5_alt_method { 3607c478bd9Sstevel@tonic-gate krb5_magic magic; 3617c478bd9Sstevel@tonic-gate krb5_int32 method; 3627c478bd9Sstevel@tonic-gate unsigned int length; 3637c478bd9Sstevel@tonic-gate krb5_octet *data; 3647c478bd9Sstevel@tonic-gate } krb5_alt_method; 3657c478bd9Sstevel@tonic-gate 3667c478bd9Sstevel@tonic-gate /* 3677c478bd9Sstevel@tonic-gate * A null-terminated array of this structure is returned by the KDC as 3687c478bd9Sstevel@tonic-gate * the data part of the ETYPE_INFO preauth type. It informs the 3697c478bd9Sstevel@tonic-gate * client which encryption types are supported. 3707c478bd9Sstevel@tonic-gate * The same data structure is used by both etype-info and etype-info2 3717c478bd9Sstevel@tonic-gate * but s2kparams must be null when encoding etype-info. 3727c478bd9Sstevel@tonic-gate */ 3737c478bd9Sstevel@tonic-gate typedef struct _krb5_etype_info_entry { 3747c478bd9Sstevel@tonic-gate krb5_magic magic; 3757c478bd9Sstevel@tonic-gate krb5_enctype etype; 3767c478bd9Sstevel@tonic-gate unsigned int length; 3777c478bd9Sstevel@tonic-gate krb5_octet *salt; 3787c478bd9Sstevel@tonic-gate krb5_data s2kparams; 3797c478bd9Sstevel@tonic-gate } krb5_etype_info_entry; 3807c478bd9Sstevel@tonic-gate 3817c478bd9Sstevel@tonic-gate /* 3827c478bd9Sstevel@tonic-gate * This is essentially -1 without sign extension which can screw up 3837c478bd9Sstevel@tonic-gate * comparisons on 64 bit machines. If the length is this value, then 3847c478bd9Sstevel@tonic-gate * the salt data is not present. This is to distinguish between not 3857c478bd9Sstevel@tonic-gate * being set and being of 0 length. 3867c478bd9Sstevel@tonic-gate */ 3877c478bd9Sstevel@tonic-gate #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS 3887c478bd9Sstevel@tonic-gate 3897c478bd9Sstevel@tonic-gate typedef krb5_etype_info_entry ** krb5_etype_info; 3907c478bd9Sstevel@tonic-gate 3917c478bd9Sstevel@tonic-gate /* 3927c478bd9Sstevel@tonic-gate * a sam_challenge is returned for alternate preauth 3937c478bd9Sstevel@tonic-gate */ 3947c478bd9Sstevel@tonic-gate /* 3957c478bd9Sstevel@tonic-gate SAMFlags ::= BIT STRING { 3967c478bd9Sstevel@tonic-gate use-sad-as-key[0], 3977c478bd9Sstevel@tonic-gate send-encrypted-sad[1], 3987c478bd9Sstevel@tonic-gate must-pk-encrypt-sad[2] 3997c478bd9Sstevel@tonic-gate } 4007c478bd9Sstevel@tonic-gate */ 4017c478bd9Sstevel@tonic-gate /* 4027c478bd9Sstevel@tonic-gate PA-SAM-CHALLENGE ::= SEQUENCE { 4037c478bd9Sstevel@tonic-gate sam-type[0] INTEGER, 4047c478bd9Sstevel@tonic-gate sam-flags[1] SAMFlags, 4057c478bd9Sstevel@tonic-gate sam-type-name[2] GeneralString OPTIONAL, 4067c478bd9Sstevel@tonic-gate sam-track-id[3] GeneralString OPTIONAL, 4077c478bd9Sstevel@tonic-gate sam-challenge-label[4] GeneralString OPTIONAL, 4087c478bd9Sstevel@tonic-gate sam-challenge[5] GeneralString OPTIONAL, 4097c478bd9Sstevel@tonic-gate sam-response-prompt[6] GeneralString OPTIONAL, 4107c478bd9Sstevel@tonic-gate sam-pk-for-sad[7] EncryptionKey OPTIONAL, 4117c478bd9Sstevel@tonic-gate sam-nonce[8] INTEGER OPTIONAL, 4127c478bd9Sstevel@tonic-gate sam-cksum[9] Checksum OPTIONAL 4137c478bd9Sstevel@tonic-gate } 4147c478bd9Sstevel@tonic-gate */ 4157c478bd9Sstevel@tonic-gate /* sam_type values -- informational only */ 4167c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ENIGMA 1 /* Enigma Logic */ 4177c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH 2 /* Digital Pathways */ 4187c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY_K0 3 /* S/key where KDC has key 0 */ 4197c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY 4 /* Traditional S/Key */ 4207c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID 5 /* Security Dynamics */ 4217c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_CRYPTOCARD 6 /* CRYPTOCard */ 4227c478bd9Sstevel@tonic-gate #if 1 /* XXX need to figure out who has which numbers assigned */ 4237c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_DEC 6 /* ActivCard decimal mode */ 4247c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_HEX 7 /* ActivCard hex mode */ 4257c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH_HEX 8 /* Digital Pathways hex mode */ 4267c478bd9Sstevel@tonic-gate #endif 4277c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_EXP_BASE 128 /* experimental */ 4287c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */ 4297c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */ 4307c478bd9Sstevel@tonic-gate 4317c478bd9Sstevel@tonic-gate typedef struct _krb5_predicted_sam_response { 4327c478bd9Sstevel@tonic-gate krb5_magic magic; 4337c478bd9Sstevel@tonic-gate krb5_keyblock sam_key; 4347c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* Makes key munging easier */ 4357c478bd9Sstevel@tonic-gate krb5_timestamp stime; /* time on server, for replay detection */ 4367c478bd9Sstevel@tonic-gate krb5_int32 susec; 4377c478bd9Sstevel@tonic-gate krb5_principal client; 4387c478bd9Sstevel@tonic-gate krb5_data msd; /* mechanism specific data */ 4397c478bd9Sstevel@tonic-gate } krb5_predicted_sam_response; 4407c478bd9Sstevel@tonic-gate 4417c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge { 4427c478bd9Sstevel@tonic-gate krb5_magic magic; 4437c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */ 4447c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 4457c478bd9Sstevel@tonic-gate krb5_data sam_type_name; 4467c478bd9Sstevel@tonic-gate krb5_data sam_track_id; 4477c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label; 4487c478bd9Sstevel@tonic-gate krb5_data sam_challenge; 4497c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt; 4507c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad; 4517c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4527c478bd9Sstevel@tonic-gate krb5_checksum sam_cksum; 4537c478bd9Sstevel@tonic-gate } krb5_sam_challenge; 4547c478bd9Sstevel@tonic-gate 4557c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_key { /* reserved for future use */ 4567c478bd9Sstevel@tonic-gate krb5_magic magic; 4577c478bd9Sstevel@tonic-gate krb5_keyblock sam_key; 4587c478bd9Sstevel@tonic-gate } krb5_sam_key; 4597c478bd9Sstevel@tonic-gate 4607c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc { 4617c478bd9Sstevel@tonic-gate krb5_magic magic; 4627c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4637c478bd9Sstevel@tonic-gate krb5_timestamp sam_timestamp; 4647c478bd9Sstevel@tonic-gate krb5_int32 sam_usec; 4657c478bd9Sstevel@tonic-gate krb5_data sam_sad; 4667c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc; 4677c478bd9Sstevel@tonic-gate 4687c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response { 4697c478bd9Sstevel@tonic-gate krb5_magic magic; 4707c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */ 4717c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 4727c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */ 4737c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */ 4747c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */ 4757c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4767c478bd9Sstevel@tonic-gate krb5_timestamp sam_patimestamp; 4777c478bd9Sstevel@tonic-gate } krb5_sam_response; 4787c478bd9Sstevel@tonic-gate 4797c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2 { 4807c478bd9Sstevel@tonic-gate krb5_data sam_challenge_2_body; 4817c478bd9Sstevel@tonic-gate krb5_checksum **sam_cksum; /* Array of checksums */ 4827c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2; 4837c478bd9Sstevel@tonic-gate 4847c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2_body { 4857c478bd9Sstevel@tonic-gate krb5_magic magic; 4867c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */ 4877c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 4887c478bd9Sstevel@tonic-gate krb5_data sam_type_name; 4897c478bd9Sstevel@tonic-gate krb5_data sam_track_id; 4907c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label; 4917c478bd9Sstevel@tonic-gate krb5_data sam_challenge; 4927c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt; 4937c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad; 4947c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4957c478bd9Sstevel@tonic-gate krb5_enctype sam_etype; 4967c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2_body; 4977c478bd9Sstevel@tonic-gate 4987c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response_2 { 4997c478bd9Sstevel@tonic-gate krb5_magic magic; 5007c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */ 5017c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 5027c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */ 5037c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */ 5047c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5057c478bd9Sstevel@tonic-gate } krb5_sam_response_2; 5067c478bd9Sstevel@tonic-gate 5077c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc_2 { 5087c478bd9Sstevel@tonic-gate krb5_magic magic; 5097c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5107c478bd9Sstevel@tonic-gate krb5_data sam_sad; 5117c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc_2; 5127c478bd9Sstevel@tonic-gate 5137c478bd9Sstevel@tonic-gate /* 5147c478bd9Sstevel@tonic-gate * Begin "dbm.h" 5157c478bd9Sstevel@tonic-gate */ 5167c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5177c478bd9Sstevel@tonic-gate 5187c478bd9Sstevel@tonic-gate /* 5197c478bd9Sstevel@tonic-gate * Since we are always using db, use the db-ndbm include header file. 5207c478bd9Sstevel@tonic-gate */ 5217c478bd9Sstevel@tonic-gate 5227c478bd9Sstevel@tonic-gate #include "db-ndbm.h" 5237c478bd9Sstevel@tonic-gate 5247c478bd9Sstevel@tonic-gate #endif /* !KERNEL */ 5257c478bd9Sstevel@tonic-gate /* 5267c478bd9Sstevel@tonic-gate * End "dbm.h" 5277c478bd9Sstevel@tonic-gate */ 5287c478bd9Sstevel@tonic-gate 5297c478bd9Sstevel@tonic-gate /* 5307c478bd9Sstevel@tonic-gate * Begin "ext-proto.h" 5317c478bd9Sstevel@tonic-gate */ 5327c478bd9Sstevel@tonic-gate #ifndef KRB5_EXT_PROTO__ 5337c478bd9Sstevel@tonic-gate #define KRB5_EXT_PROTO__ 5347c478bd9Sstevel@tonic-gate 5357c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5367c478bd9Sstevel@tonic-gate #include <stdlib.h> 5377c478bd9Sstevel@tonic-gate #include <string.h> 5387c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 5397c478bd9Sstevel@tonic-gate 5407c478bd9Sstevel@tonic-gate #ifndef HAVE_STRDUP 5417c478bd9Sstevel@tonic-gate extern char *strdup (const char *); 5427c478bd9Sstevel@tonic-gate #endif 5437c478bd9Sstevel@tonic-gate 5447c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5457c478bd9Sstevel@tonic-gate #ifdef HAVE_UNISTD_H 5467c478bd9Sstevel@tonic-gate #include <unistd.h> 5477c478bd9Sstevel@tonic-gate #endif 5487c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 5497c478bd9Sstevel@tonic-gate 5507c478bd9Sstevel@tonic-gate #endif /* KRB5_EXT_PROTO__ */ 5517c478bd9Sstevel@tonic-gate /* 5527c478bd9Sstevel@tonic-gate * End "ext-proto.h" 5537c478bd9Sstevel@tonic-gate */ 5547c478bd9Sstevel@tonic-gate 5557c478bd9Sstevel@tonic-gate /* 5567c478bd9Sstevel@tonic-gate * Begin "sysincl.h" 5577c478bd9Sstevel@tonic-gate */ 5587c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSINCL__ 5597c478bd9Sstevel@tonic-gate #define KRB5_SYSINCL__ 5607c478bd9Sstevel@tonic-gate 5617c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__ 5627c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__ 5637c478bd9Sstevel@tonic-gate /* needed for much of the rest -- but already handled in krb5.h? */ 5647c478bd9Sstevel@tonic-gate /* #include <sys/types.h> */ 5657c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */ 5667c478bd9Sstevel@tonic-gate 5677c478bd9Sstevel@tonic-gate #ifdef _KERNEL 5687c478bd9Sstevel@tonic-gate #include <sys/time.h> 5697c478bd9Sstevel@tonic-gate #else 5707c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TIME_H 5717c478bd9Sstevel@tonic-gate #include <sys/time.h> 5727c478bd9Sstevel@tonic-gate #ifdef TIME_WITH_SYS_TIME 5737c478bd9Sstevel@tonic-gate #include <time.h> 5747c478bd9Sstevel@tonic-gate #endif 5757c478bd9Sstevel@tonic-gate #else 5767c478bd9Sstevel@tonic-gate #include <time.h> 5777c478bd9Sstevel@tonic-gate #endif 5787c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 5797c478bd9Sstevel@tonic-gate 5807c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_STAT_H 5817c478bd9Sstevel@tonic-gate #include <sys/stat.h> /* struct stat, stat() */ 5827c478bd9Sstevel@tonic-gate #endif 5837c478bd9Sstevel@tonic-gate 5847c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_PARAM_H 5857c478bd9Sstevel@tonic-gate #include <sys/param.h> /* MAXPATHLEN */ 5867c478bd9Sstevel@tonic-gate #endif 5877c478bd9Sstevel@tonic-gate 5887c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_FILE_H 5897c478bd9Sstevel@tonic-gate #include <sys/file.h> /* prototypes for file-related 5907c478bd9Sstevel@tonic-gate syscalls; flags for open & 5917c478bd9Sstevel@tonic-gate friends */ 5927c478bd9Sstevel@tonic-gate #endif 5937c478bd9Sstevel@tonic-gate 5947c478bd9Sstevel@tonic-gate #ifdef _KERNEL 5957c478bd9Sstevel@tonic-gate #include <sys/fcntl.h> 5967c478bd9Sstevel@tonic-gate #else 5977c478bd9Sstevel@tonic-gate #include <fcntl.h> 5987c478bd9Sstevel@tonic-gate #endif 5997c478bd9Sstevel@tonic-gate 6007c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSINCL__ */ 6017c478bd9Sstevel@tonic-gate /* 6027c478bd9Sstevel@tonic-gate * End "sysincl.h" 6037c478bd9Sstevel@tonic-gate */ 6047c478bd9Sstevel@tonic-gate 6057c478bd9Sstevel@tonic-gate /* 6067c478bd9Sstevel@tonic-gate * Begin "los-proto.h" 6077c478bd9Sstevel@tonic-gate */ 6087c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS_PROTO__ 6097c478bd9Sstevel@tonic-gate #define KRB5_LIBOS_PROTO__ 6107c478bd9Sstevel@tonic-gate 6117c478bd9Sstevel@tonic-gate #ifndef _KERNEL 6127c478bd9Sstevel@tonic-gate #include <stdio.h> 6137c478bd9Sstevel@tonic-gate 6147c478bd9Sstevel@tonic-gate struct addrlist; 6157c478bd9Sstevel@tonic-gate #endif 6167c478bd9Sstevel@tonic-gate 6177c478bd9Sstevel@tonic-gate /* libos.spec */ 6187c478bd9Sstevel@tonic-gate krb5_error_code krb5_lock_file 6197c478bd9Sstevel@tonic-gate (krb5_context, int, int); 6207c478bd9Sstevel@tonic-gate 6217c478bd9Sstevel@tonic-gate krb5_error_code krb5_unlock_file 6227c478bd9Sstevel@tonic-gate (krb5_context, int); 6237c478bd9Sstevel@tonic-gate 6247c478bd9Sstevel@tonic-gate int krb5_net_read 6257c478bd9Sstevel@tonic-gate (krb5_context, int , char *, int); 6267c478bd9Sstevel@tonic-gate 6277c478bd9Sstevel@tonic-gate int krb5_net_write 6287c478bd9Sstevel@tonic-gate (krb5_context, int , const char *, int); 6297c478bd9Sstevel@tonic-gate 6307c478bd9Sstevel@tonic-gate krb5_error_code krb5_sendto_kdc 6317c478bd9Sstevel@tonic-gate (krb5_context, const krb5_data *, const krb5_data *, 632505d05c7Sgtb krb5_data *, int *, int); 6337c478bd9Sstevel@tonic-gate 6347c478bd9Sstevel@tonic-gate krb5_error_code krb5_get_krbhst 6357c478bd9Sstevel@tonic-gate (krb5_context, const krb5_data *, char ***); 6367c478bd9Sstevel@tonic-gate 6377c478bd9Sstevel@tonic-gate krb5_error_code krb5_free_krbhst 6387c478bd9Sstevel@tonic-gate (krb5_context, char * const *); 6397c478bd9Sstevel@tonic-gate 6407c478bd9Sstevel@tonic-gate krb5_error_code krb5_gen_replay_name 6417c478bd9Sstevel@tonic-gate (krb5_context, const krb5_address *, const char *, char **); 6427c478bd9Sstevel@tonic-gate 6437c478bd9Sstevel@tonic-gate krb5_error_code krb5_create_secure_file 6447c478bd9Sstevel@tonic-gate (krb5_context, const char * pathname); 6457c478bd9Sstevel@tonic-gate 6467c478bd9Sstevel@tonic-gate #ifndef _KERNEL 6477c478bd9Sstevel@tonic-gate krb5_error_code krb5_sync_disk_file 6487c478bd9Sstevel@tonic-gate (krb5_context, FILE *fp); 6497c478bd9Sstevel@tonic-gate 6507c478bd9Sstevel@tonic-gate krb5_error_code 6517c478bd9Sstevel@tonic-gate krb5_open_pkcs11_session(CK_SESSION_HANDLE *); 6527c478bd9Sstevel@tonic-gate 6537c478bd9Sstevel@tonic-gate 6547c478bd9Sstevel@tonic-gate krb5_error_code krb5_read_message 6557c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *); 6567c478bd9Sstevel@tonic-gate 6577c478bd9Sstevel@tonic-gate krb5_error_code krb5_write_message 6587c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *); 6597c478bd9Sstevel@tonic-gate 66054925bf6Swillf krb5_error_code 66154925bf6Swillf krb5int_sendto (krb5_context context, const krb5_data *message, 66254925bf6Swillf const struct addrlist *addrs, krb5_data *reply, 66354925bf6Swillf struct sockaddr_storage *localaddr, socklen_t *localaddrlen, 66454925bf6Swillf int *addr_used); 66554925bf6Swillf 6667c478bd9Sstevel@tonic-gate krb5_error_code krb5int_get_fq_local_hostname (char *, size_t); 66754925bf6Swillf #endif 6687c478bd9Sstevel@tonic-gate 669fe598cdcSmp /* 670fe598cdcSmp * Solaris Kerberos 671fe598cdcSmp * The following two functions are needed for better realm 672fe598cdcSmp * determination based on the DNS domain name. 673fe598cdcSmp */ 674fe598cdcSmp krb5_error_code krb5int_lookup_host(int , const char *, char **); 675fe598cdcSmp 676fe598cdcSmp krb5_error_code krb5int_domain_get_realm(krb5_context, const char *, 677fe598cdcSmp char **); 678fe598cdcSmp krb5_error_code krb5int_fqdn_get_realm(krb5_context, const char *, 679fe598cdcSmp char **); 680fe598cdcSmp 68154925bf6Swillf krb5_error_code krb5int_init_context_kdc(krb5_context *); 68254925bf6Swillf 6837c478bd9Sstevel@tonic-gate krb5_error_code krb5_os_init_context 68454925bf6Swillf (krb5_context, krb5_boolean); 6857c478bd9Sstevel@tonic-gate 6867c478bd9Sstevel@tonic-gate void krb5_os_free_context (krb5_context); 6877c478bd9Sstevel@tonic-gate 688505d05c7Sgtb /* This function is needed by KfM's KerberosPreferences API 689505d05c7Sgtb * because it needs to be able to specify "secure" */ 690505d05c7Sgtb #ifndef _KERNEL 691505d05c7Sgtb krb5_error_code os_get_default_config_files 692505d05c7Sgtb (profile_filespec_t **pfiles, krb5_boolean secure); 693505d05c7Sgtb #endif 694505d05c7Sgtb 6957c478bd9Sstevel@tonic-gate krb5_error_code krb5_find_config_files(void); 6967c478bd9Sstevel@tonic-gate 697505d05c7Sgtb krb5_error_code krb5_os_hostaddr 698505d05c7Sgtb (krb5_context, const char *, krb5_address ***); 699505d05c7Sgtb 7007c478bd9Sstevel@tonic-gate #ifndef _KERNEL 7017c478bd9Sstevel@tonic-gate /* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're 7027c478bd9Sstevel@tonic-gate * going to use this structure. */ 7037c478bd9Sstevel@tonic-gate struct addrlist { 7047c478bd9Sstevel@tonic-gate struct addrinfo **addrs; 7057c478bd9Sstevel@tonic-gate int naddrs; 7067c478bd9Sstevel@tonic-gate int space; 7077c478bd9Sstevel@tonic-gate }; 7087c478bd9Sstevel@tonic-gate 7097c478bd9Sstevel@tonic-gate #define ADDRLIST_INIT { 0, 0, 0 } 7107c478bd9Sstevel@tonic-gate extern void krb5int_free_addrlist (struct addrlist *); 7117c478bd9Sstevel@tonic-gate extern int krb5int_grow_addrlist (struct addrlist *, int); 7127c478bd9Sstevel@tonic-gate extern int krb5int_add_host_to_list (struct addrlist *, const char *, 7137c478bd9Sstevel@tonic-gate int, int, int, int); 7147c478bd9Sstevel@tonic-gate 71510db1377Sgtb krb5_error_code 71610db1377Sgtb krb5int_locate_server (krb5_context, 71710db1377Sgtb const krb5_data *realm, 71810db1377Sgtb struct addrlist *, 71910db1377Sgtb /* Only meaningful for kdc, really... */ 72010db1377Sgtb int want_masters, 72110db1377Sgtb /* look up [realms]->$realm->$name in krb5.conf */ 72210db1377Sgtb const char *profilename, 72310db1377Sgtb /* SRV record lookup */ 72410db1377Sgtb const char *dnsname, 72510db1377Sgtb int is_stream_service, 72610db1377Sgtb /* Port numbers, in network order! For profile 72710db1377Sgtb version only, DNS code gets port numbers 72810db1377Sgtb itself. Use 0 for dflport2 if there's no 72910db1377Sgtb secondary port (most common, except kdc 73010db1377Sgtb case). */ 73110db1377Sgtb int dflport1, int dflport2, 73210db1377Sgtb int family); 73310db1377Sgtb 7347c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 7357c478bd9Sstevel@tonic-gate 7367c478bd9Sstevel@tonic-gate #endif /* KRB5_LIBOS_PROTO__ */ 7377c478bd9Sstevel@tonic-gate 7387c478bd9Sstevel@tonic-gate /* new encryption provider api */ 7397c478bd9Sstevel@tonic-gate 7407c478bd9Sstevel@tonic-gate struct krb5_enc_provider { 7417c478bd9Sstevel@tonic-gate 7427c478bd9Sstevel@tonic-gate /* keybytes is the input size to make_key; 7437c478bd9Sstevel@tonic-gate keylength is the output size */ 744505d05c7Sgtb size_t block_size, keybytes, keylength; 7457c478bd9Sstevel@tonic-gate 746505d05c7Sgtb /* cipher-state == 0 fresh state thrown away at end */ 7477c478bd9Sstevel@tonic-gate krb5_error_code (*encrypt) ( 7487c478bd9Sstevel@tonic-gate krb5_context context, 7497c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 7507c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 7517c478bd9Sstevel@tonic-gate 7527c478bd9Sstevel@tonic-gate krb5_error_code (*decrypt) ( 7537c478bd9Sstevel@tonic-gate krb5_context context, 7547c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 7557c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 7567c478bd9Sstevel@tonic-gate 7577c478bd9Sstevel@tonic-gate krb5_error_code (*make_key) 7587c478bd9Sstevel@tonic-gate (krb5_context, krb5_const krb5_data *, krb5_keyblock *); 7597c478bd9Sstevel@tonic-gate 7607c478bd9Sstevel@tonic-gate krb5_error_code (*init_state) (krb5_context, 7617c478bd9Sstevel@tonic-gate const krb5_keyblock *, 7627c478bd9Sstevel@tonic-gate krb5_keyusage, krb5_data *); 7637c478bd9Sstevel@tonic-gate krb5_error_code (*free_state) (krb5_context, krb5_data *); 7647c478bd9Sstevel@tonic-gate 7657c478bd9Sstevel@tonic-gate }; 7667c478bd9Sstevel@tonic-gate 7677c478bd9Sstevel@tonic-gate struct krb5_hash_provider { 768505d05c7Sgtb size_t hashsize, blocksize; 7697c478bd9Sstevel@tonic-gate 7707c478bd9Sstevel@tonic-gate /* this takes multiple inputs to avoid lots of copying. */ 7717c478bd9Sstevel@tonic-gate krb5_error_code (*hash) (krb5_context context, 7727c478bd9Sstevel@tonic-gate unsigned int icount, krb5_const krb5_data *input, 7737c478bd9Sstevel@tonic-gate krb5_data *output); 7747c478bd9Sstevel@tonic-gate }; 7757c478bd9Sstevel@tonic-gate 7767c478bd9Sstevel@tonic-gate struct krb5_keyhash_provider { 777505d05c7Sgtb size_t hashsize; 7787c478bd9Sstevel@tonic-gate 7797c478bd9Sstevel@tonic-gate krb5_error_code (*hash) ( 7807c478bd9Sstevel@tonic-gate krb5_context context, 7817c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, 7827c478bd9Sstevel@tonic-gate krb5_keyusage keyusage, 7837c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 7847c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 7857c478bd9Sstevel@tonic-gate 7867c478bd9Sstevel@tonic-gate krb5_error_code (*verify) ( 7877c478bd9Sstevel@tonic-gate krb5_context context, 7887c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, 7897c478bd9Sstevel@tonic-gate krb5_keyusage keyusage, 7907c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 7917c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, 7927c478bd9Sstevel@tonic-gate krb5_const krb5_data *hash, 7937c478bd9Sstevel@tonic-gate krb5_boolean *valid); 7947c478bd9Sstevel@tonic-gate 7957c478bd9Sstevel@tonic-gate }; 7967c478bd9Sstevel@tonic-gate 7977c478bd9Sstevel@tonic-gate typedef void (*krb5_encrypt_length_func) ( 7987c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, 7997c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *hash, 8007c478bd9Sstevel@tonic-gate size_t inputlen, size_t *length); 8017c478bd9Sstevel@tonic-gate 8027c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_crypt_func) ( 8037c478bd9Sstevel@tonic-gate krb5_context context, 8047c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, 8057c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *hash, 8067c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_keyusage usage, 8077c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 8087c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 8097c478bd9Sstevel@tonic-gate 8107c478bd9Sstevel@tonic-gate #ifndef _KERNEL 8117c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_str2key_func) ( 8127c478bd9Sstevel@tonic-gate krb5_context context, 8137c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, krb5_const krb5_data *string, 8147c478bd9Sstevel@tonic-gate krb5_const krb5_data *salt, krb5_const krb5_data *params, 8157c478bd9Sstevel@tonic-gate krb5_keyblock *key); 8167c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 8177c478bd9Sstevel@tonic-gate 8187c478bd9Sstevel@tonic-gate struct krb5_keytypes { 8197c478bd9Sstevel@tonic-gate krb5_enctype etype; 8207c478bd9Sstevel@tonic-gate char *in_string; 8217c478bd9Sstevel@tonic-gate char *out_string; 8227c478bd9Sstevel@tonic-gate const struct krb5_enc_provider *enc; 8237c478bd9Sstevel@tonic-gate const struct krb5_hash_provider *hash; 8247c478bd9Sstevel@tonic-gate krb5_encrypt_length_func encrypt_len; 8257c478bd9Sstevel@tonic-gate krb5_crypt_func encrypt; 8267c478bd9Sstevel@tonic-gate krb5_crypt_func decrypt; 8277c478bd9Sstevel@tonic-gate krb5_cksumtype required_ctype; 8287c478bd9Sstevel@tonic-gate #ifndef _KERNEL 8297c478bd9Sstevel@tonic-gate /* Solaris Kerberos: strings to key conversion not done in the kernel */ 8307c478bd9Sstevel@tonic-gate krb5_str2key_func str2key; 8317c478bd9Sstevel@tonic-gate #else /* _KERNEL */ 8327c478bd9Sstevel@tonic-gate char *mt_e_name; 8337c478bd9Sstevel@tonic-gate char *mt_h_name; 8347c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cipher_mt; 8357c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_hash_mt; 8367c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 8377c478bd9Sstevel@tonic-gate }; 8387c478bd9Sstevel@tonic-gate 8397c478bd9Sstevel@tonic-gate 8407c478bd9Sstevel@tonic-gate struct krb5_cksumtypes { 8417c478bd9Sstevel@tonic-gate krb5_cksumtype ctype; 8427c478bd9Sstevel@tonic-gate unsigned int flags; 8437c478bd9Sstevel@tonic-gate char *in_string; 8447c478bd9Sstevel@tonic-gate char *out_string; 8457c478bd9Sstevel@tonic-gate /* if the hash is keyed, this is the etype it is keyed with. 8467c478bd9Sstevel@tonic-gate Actually, it can be keyed by any etype which has the same 8477c478bd9Sstevel@tonic-gate enc_provider as the specified etype. DERIVE checksums can 8487c478bd9Sstevel@tonic-gate be keyed with any valid etype. */ 8497c478bd9Sstevel@tonic-gate krb5_enctype keyed_etype; 8507c478bd9Sstevel@tonic-gate /* I can't statically initialize a union, so I'm just going to use 8517c478bd9Sstevel@tonic-gate two pointers here. The keyhash is used if non-NULL. If NULL, 8527c478bd9Sstevel@tonic-gate then HMAC/hash with derived keys is used if the relevant flag 8537c478bd9Sstevel@tonic-gate is set. Otherwise, a non-keyed hash is computed. This is all 8547c478bd9Sstevel@tonic-gate kind of messy, but so is the krb5 api. */ 8557c478bd9Sstevel@tonic-gate const struct krb5_keyhash_provider *keyhash; 8567c478bd9Sstevel@tonic-gate const struct krb5_hash_provider *hash; 8577c478bd9Sstevel@tonic-gate /* This just gets uglier and uglier. In the key derivation case, 8587c478bd9Sstevel@tonic-gate we produce an hmac. To make the hmac code work, we can't hack 8597c478bd9Sstevel@tonic-gate the output size indicated by the hash provider, but we may want 8607c478bd9Sstevel@tonic-gate a truncated hmac. If we want truncation, this is the number of 8617c478bd9Sstevel@tonic-gate bytes we truncate to; it should be 0 otherwise. */ 8627c478bd9Sstevel@tonic-gate unsigned int trunc_size; 8637c478bd9Sstevel@tonic-gate #ifdef _KERNEL 8647c478bd9Sstevel@tonic-gate char *mt_c_name; 8657c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cksum_mt; 8667c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 8677c478bd9Sstevel@tonic-gate }; 8687c478bd9Sstevel@tonic-gate 8697c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_DERIVE 0x0001 8707c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002 8717c478bd9Sstevel@tonic-gate 8727c478bd9Sstevel@tonic-gate krb5_error_code krb5int_des_init_state( 8737c478bd9Sstevel@tonic-gate krb5_context, 8747c478bd9Sstevel@tonic-gate const krb5_keyblock *, 8757c478bd9Sstevel@tonic-gate krb5_keyusage, krb5_data *); 8767c478bd9Sstevel@tonic-gate 8777c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_mandatory_cksumtype( 8787c478bd9Sstevel@tonic-gate krb5_context, 8797c478bd9Sstevel@tonic-gate krb5_enctype, 8807c478bd9Sstevel@tonic-gate krb5_cksumtype *); 8817c478bd9Sstevel@tonic-gate 8827c478bd9Sstevel@tonic-gate /* 8837c478bd9Sstevel@tonic-gate * normally to free a cipher_state you can just memset the length to zero and 8847c478bd9Sstevel@tonic-gate * free it. 8857c478bd9Sstevel@tonic-gate */ 8867c478bd9Sstevel@tonic-gate krb5_error_code krb5int_default_free_state(krb5_context, krb5_data *); 8877c478bd9Sstevel@tonic-gate 8887c478bd9Sstevel@tonic-gate /* 8897c478bd9Sstevel@tonic-gate * Combine two keys (normally used by the hardware preauth mechanism) 8907c478bd9Sstevel@tonic-gate */ 8917c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_combine_keys 8927c478bd9Sstevel@tonic-gate (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2, 8937c478bd9Sstevel@tonic-gate krb5_keyblock *outkey); 8947c478bd9Sstevel@tonic-gate /* 8957c478bd9Sstevel@tonic-gate * in here to deal with stuff from lib/crypto 8967c478bd9Sstevel@tonic-gate */ 8977c478bd9Sstevel@tonic-gate 8987c478bd9Sstevel@tonic-gate void krb5_nfold (int inbits, krb5_const unsigned char *in, 8997c478bd9Sstevel@tonic-gate int outbits, unsigned char *out); 9007c478bd9Sstevel@tonic-gate 9017c478bd9Sstevel@tonic-gate #ifdef _KERNEL 9027c478bd9Sstevel@tonic-gate 9037c478bd9Sstevel@tonic-gate int k5_ef_crypto( 9047c478bd9Sstevel@tonic-gate const char *, char *, 9057c478bd9Sstevel@tonic-gate long, krb5_keyblock *, 906c54c769dSwillf const krb5_data *, int); 9077c478bd9Sstevel@tonic-gate 9087c478bd9Sstevel@tonic-gate krb5_error_code 9097c478bd9Sstevel@tonic-gate krb5_hmac(krb5_context, const krb5_keyblock *, 9107c478bd9Sstevel@tonic-gate krb5_const krb5_data *, krb5_data *); 9117c478bd9Sstevel@tonic-gate 9127c478bd9Sstevel@tonic-gate #else 9137c478bd9Sstevel@tonic-gate krb5_error_code krb5_hmac 9147c478bd9Sstevel@tonic-gate (krb5_context, 9157c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *, 9167c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, krb5_const unsigned int, 9177c478bd9Sstevel@tonic-gate krb5_const krb5_data *, krb5_data *); 9187c478bd9Sstevel@tonic-gate 9197c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 9207c478bd9Sstevel@tonic-gate 9217c478bd9Sstevel@tonic-gate krb5_error_code krb5int_pbkdf2_hmac_sha1 (krb5_context, 9227c478bd9Sstevel@tonic-gate const krb5_data *, 9237c478bd9Sstevel@tonic-gate unsigned long, 9247c478bd9Sstevel@tonic-gate krb5_enctype, 9257c478bd9Sstevel@tonic-gate const krb5_data *, 9267c478bd9Sstevel@tonic-gate const krb5_data *); 9277c478bd9Sstevel@tonic-gate 928505d05c7Sgtb /* Make this a function eventually? */ 929505d05c7Sgtb #ifdef WIN32 930505d05c7Sgtb # define krb5int_zap_data(ptr, len) SecureZeroMemory(ptr, len) 931505d05c7Sgtb #else 932505d05c7Sgtb # define krb5int_zap_data(ptr, len) memset((void *)ptr, 0, len) 933505d05c7Sgtb # if defined(__GNUC__) && defined(__GLIBC__) 934505d05c7Sgtb /* GNU libc generates multiple bogus initialization warnings if we 935505d05c7Sgtb pass memset a volatile pointer. The compiler should do well enough 936505d05c7Sgtb with memset even without GNU libc's attempt at optimization. */ 937505d05c7Sgtb # undef memset 938505d05c7Sgtb # endif 939505d05c7Sgtb #endif /* WIN32 */ 940505d05c7Sgtb #define zap(p,l) krb5int_zap_data(p,l) 941505d05c7Sgtb 942505d05c7Sgtb 943505d05c7Sgtb /* 944505d05c7Sgtb * These declarations are here, so both krb5 and k5crypto 945505d05c7Sgtb * can get to them. 946505d05c7Sgtb * krb5 needs to get to them so it can make them available to libgssapi. 947505d05c7Sgtb */ 948505d05c7Sgtb extern const struct krb5_enc_provider krb5int_enc_arcfour; 949505d05c7Sgtb extern const struct krb5_hash_provider krb5int_hash_md5; 950505d05c7Sgtb 951505d05c7Sgtb 952505d05c7Sgtb /* #ifdef KRB5_OLD_CRYPTO XXX SUNW14resync */ 953505d05c7Sgtb 9547c478bd9Sstevel@tonic-gate krb5_error_code krb5_crypto_us_timeofday 9557c478bd9Sstevel@tonic-gate (krb5_int32 *, krb5_int32 *); 9567c478bd9Sstevel@tonic-gate 95754925bf6Swillf #ifndef _KERNEL 95854925bf6Swillf /* Solaris kerberos: for convenience */ 95954925bf6Swillf time_t gmt_mktime (struct tm *); 96054925bf6Swillf #endif /* ! _KERNEL */ 96154925bf6Swillf 962505d05c7Sgtb /* #endif KRB5_OLD_CRYPTO */ 963505d05c7Sgtb 9647c478bd9Sstevel@tonic-gate /* this helper fct is in libkrb5, but it makes sense declared here. */ 9657c478bd9Sstevel@tonic-gate 9667c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_helper 9677c478bd9Sstevel@tonic-gate (krb5_context context, krb5_const krb5_keyblock *key, 9687c478bd9Sstevel@tonic-gate krb5_keyusage usage, krb5_const krb5_data *plain, 9697c478bd9Sstevel@tonic-gate krb5_enc_data *cipher); 9707c478bd9Sstevel@tonic-gate 9717c478bd9Sstevel@tonic-gate /* 9727c478bd9Sstevel@tonic-gate * End "los-proto.h" 9737c478bd9Sstevel@tonic-gate */ 9747c478bd9Sstevel@tonic-gate 9757c478bd9Sstevel@tonic-gate /* 9767c478bd9Sstevel@tonic-gate * Begin "libos.h" 9777c478bd9Sstevel@tonic-gate */ 9787c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS__ 9797c478bd9Sstevel@tonic-gate #define KRB5_LIBOS__ 9807c478bd9Sstevel@tonic-gate 9817c478bd9Sstevel@tonic-gate typedef struct _krb5_os_context { 9827c478bd9Sstevel@tonic-gate krb5_magic magic; 9837c478bd9Sstevel@tonic-gate krb5_int32 time_offset; 9847c478bd9Sstevel@tonic-gate krb5_int32 usec_offset; 9857c478bd9Sstevel@tonic-gate krb5_int32 os_flags; 9867c478bd9Sstevel@tonic-gate char * default_ccname; 9877c478bd9Sstevel@tonic-gate } *krb5_os_context; 9887c478bd9Sstevel@tonic-gate 9897c478bd9Sstevel@tonic-gate /* 9907c478bd9Sstevel@tonic-gate * Flags for the os_flags field 9917c478bd9Sstevel@tonic-gate * 9927c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_VALID means that the time offset fields are valid. 9937c478bd9Sstevel@tonic-gate * The intention is that this facility to correct the system clocks so 9947c478bd9Sstevel@tonic-gate * that they reflect the "real" time, for systems where for some 9957c478bd9Sstevel@tonic-gate * reason we can't set the system clock. Instead we calculate the 9967c478bd9Sstevel@tonic-gate * offset between the system time and real time, and store the offset 9977c478bd9Sstevel@tonic-gate * in the os context so that we can correct the system clock as necessary. 9987c478bd9Sstevel@tonic-gate * 9997c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_TIME means that the time offset fields should be 10007c478bd9Sstevel@tonic-gate * returned as the time by the krb5 time routines. This should only 10017c478bd9Sstevel@tonic-gate * be used for testing purposes (obviously!) 10027c478bd9Sstevel@tonic-gate */ 10037c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_VALID 1 10047c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_TIME 2 10057c478bd9Sstevel@tonic-gate 10067c478bd9Sstevel@tonic-gate /* lock mode flags */ 10077c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_SHARED 0x0001 10087c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_EXCLUSIVE 0x0002 10097c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_DONTBLOCK 0x0004 10107c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_UNLOCK 0x0008 10117c478bd9Sstevel@tonic-gate 10127c478bd9Sstevel@tonic-gate #endif /* KRB5_LIBOS__ */ 10137c478bd9Sstevel@tonic-gate /* 10147c478bd9Sstevel@tonic-gate * End "libos.h" 10157c478bd9Sstevel@tonic-gate */ 10167c478bd9Sstevel@tonic-gate 10177c478bd9Sstevel@tonic-gate /* 10187c478bd9Sstevel@tonic-gate * Define our view of the size of a DES key. 10197c478bd9Sstevel@tonic-gate */ 10207c478bd9Sstevel@tonic-gate #define KRB5_MIT_DES_KEYSIZE 8 10217c478bd9Sstevel@tonic-gate 10227c478bd9Sstevel@tonic-gate /* 10237c478bd9Sstevel@tonic-gate * Define a couple of SHA1 constants 10247c478bd9Sstevel@tonic-gate */ 10257c478bd9Sstevel@tonic-gate #define SHS_DATASIZE 64 10267c478bd9Sstevel@tonic-gate #define SHS_DIGESTSIZE 20 10277c478bd9Sstevel@tonic-gate 10287c478bd9Sstevel@tonic-gate /* 10297c478bd9Sstevel@tonic-gate * Check if des_int.h has been included before us. If so, then check to see 10307c478bd9Sstevel@tonic-gate * that our view of the DES key size is the same as des_int.h's. 10317c478bd9Sstevel@tonic-gate */ 10327c478bd9Sstevel@tonic-gate #ifdef MIT_DES_KEYSIZE 10337c478bd9Sstevel@tonic-gate #if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE 10347c478bd9Sstevel@tonic-gate error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) 10357c478bd9Sstevel@tonic-gate #endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ 10367c478bd9Sstevel@tonic-gate #endif /* MIT_DES_KEYSIZE */ 10377c478bd9Sstevel@tonic-gate 10387c478bd9Sstevel@tonic-gate #ifndef _KERNEL 10397c478bd9Sstevel@tonic-gate /* Solaris Kerberos: only define PROVIDE_DES3_CBC_SHA if the following are 10407c478bd9Sstevel@tonic-gate * defined. 10417c478bd9Sstevel@tonic-gate */ 10427c478bd9Sstevel@tonic-gate #define PROVIDE_DES3_CBC_SHA 1 10437c478bd9Sstevel@tonic-gate #define PROVIDE_NIST_SHA 1 10447c478bd9Sstevel@tonic-gate 10457c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 10467c478bd9Sstevel@tonic-gate 10477c478bd9Sstevel@tonic-gate /* 10487c478bd9Sstevel@tonic-gate * Begin "preauth.h" 10497c478bd9Sstevel@tonic-gate * 10507c478bd9Sstevel@tonic-gate * (Originally written by Glen Machin at Sandia Labs.) 10517c478bd9Sstevel@tonic-gate */ 10527c478bd9Sstevel@tonic-gate /* 10537c478bd9Sstevel@tonic-gate * Sandia National Laboratories also makes no representations about the 10547c478bd9Sstevel@tonic-gate * suitability of the modifications, or additions to this software for 10557c478bd9Sstevel@tonic-gate * any purpose. It is provided "as is" without express or implied warranty. 10567c478bd9Sstevel@tonic-gate * 10577c478bd9Sstevel@tonic-gate */ 10587c478bd9Sstevel@tonic-gate #ifndef KRB5_PREAUTH__ 10597c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH__ 10607c478bd9Sstevel@tonic-gate 10617c478bd9Sstevel@tonic-gate typedef struct _krb5_pa_enc_ts { 10627c478bd9Sstevel@tonic-gate krb5_timestamp patimestamp; 10637c478bd9Sstevel@tonic-gate krb5_int32 pausec; 10647c478bd9Sstevel@tonic-gate } krb5_pa_enc_ts; 10657c478bd9Sstevel@tonic-gate 10667c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_obtain_proc) 10677c478bd9Sstevel@tonic-gate (krb5_context, 10687c478bd9Sstevel@tonic-gate krb5_pa_data *, 10697c478bd9Sstevel@tonic-gate krb5_etype_info, 10707c478bd9Sstevel@tonic-gate krb5_keyblock *, 10717c478bd9Sstevel@tonic-gate krb5_error_code ( * )(krb5_context, 10727c478bd9Sstevel@tonic-gate krb5_const krb5_enctype, 10737c478bd9Sstevel@tonic-gate krb5_data *, 10747c478bd9Sstevel@tonic-gate krb5_const_pointer, 10757c478bd9Sstevel@tonic-gate krb5_keyblock **), 10767c478bd9Sstevel@tonic-gate krb5_const_pointer, 10777c478bd9Sstevel@tonic-gate krb5_creds *, 10787c478bd9Sstevel@tonic-gate krb5_kdc_req *, 10797c478bd9Sstevel@tonic-gate krb5_pa_data **); 10807c478bd9Sstevel@tonic-gate 10817c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_process_proc) 10827c478bd9Sstevel@tonic-gate (krb5_context, 10837c478bd9Sstevel@tonic-gate krb5_pa_data *, 10847c478bd9Sstevel@tonic-gate krb5_kdc_req *, 10857c478bd9Sstevel@tonic-gate krb5_kdc_rep *, 10867c478bd9Sstevel@tonic-gate krb5_error_code ( * )(krb5_context, 10877c478bd9Sstevel@tonic-gate krb5_const krb5_enctype, 10887c478bd9Sstevel@tonic-gate krb5_data *, 10897c478bd9Sstevel@tonic-gate krb5_const_pointer, 10907c478bd9Sstevel@tonic-gate krb5_keyblock **), 10917c478bd9Sstevel@tonic-gate krb5_const_pointer, 10927c478bd9Sstevel@tonic-gate krb5_error_code ( * )(krb5_context, 10937c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, 10947c478bd9Sstevel@tonic-gate krb5_const_pointer, 10957c478bd9Sstevel@tonic-gate krb5_kdc_rep * ), 10967c478bd9Sstevel@tonic-gate krb5_keyblock **, 10977c478bd9Sstevel@tonic-gate krb5_creds *, 10987c478bd9Sstevel@tonic-gate krb5_int32 *, 10997c478bd9Sstevel@tonic-gate krb5_int32 *); 11007c478bd9Sstevel@tonic-gate 11017c478bd9Sstevel@tonic-gate typedef struct _krb5_preauth_ops { 11027c478bd9Sstevel@tonic-gate krb5_magic magic; 11037c478bd9Sstevel@tonic-gate int type; 11047c478bd9Sstevel@tonic-gate int flags; 11057c478bd9Sstevel@tonic-gate krb5_preauth_obtain_proc obtain; 11067c478bd9Sstevel@tonic-gate krb5_preauth_process_proc process; 11077c478bd9Sstevel@tonic-gate } krb5_preauth_ops; 11087c478bd9Sstevel@tonic-gate 11097c478bd9Sstevel@tonic-gate void krb5_free_etype_info (krb5_context, krb5_etype_info); 11107c478bd9Sstevel@tonic-gate 11117c478bd9Sstevel@tonic-gate /* 11127c478bd9Sstevel@tonic-gate * Preauthentication property flags 11137c478bd9Sstevel@tonic-gate */ 11147c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001 11157c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002 11167c478bd9Sstevel@tonic-gate 11177c478bd9Sstevel@tonic-gate #endif /* KRB5_PREAUTH__ */ 11187c478bd9Sstevel@tonic-gate /* 11197c478bd9Sstevel@tonic-gate * End "preauth.h" 11207c478bd9Sstevel@tonic-gate */ 11217c478bd9Sstevel@tonic-gate 11227c478bd9Sstevel@tonic-gate krb5_error_code 11237c478bd9Sstevel@tonic-gate krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *); 11247c478bd9Sstevel@tonic-gate 11257c478bd9Sstevel@tonic-gate #ifndef _KERNEL /* needed for lib/krb5/krb/ */ 11267c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_gic_get_as_key_fct) 11277c478bd9Sstevel@tonic-gate (krb5_context, 11287c478bd9Sstevel@tonic-gate krb5_principal, 11297c478bd9Sstevel@tonic-gate krb5_enctype, 11307c478bd9Sstevel@tonic-gate krb5_prompter_fct, 11317c478bd9Sstevel@tonic-gate void *prompter_data, 11327c478bd9Sstevel@tonic-gate krb5_data *salt, 11337c478bd9Sstevel@tonic-gate krb5_data *s2kparams, 11347c478bd9Sstevel@tonic-gate krb5_keyblock *as_key, 11357c478bd9Sstevel@tonic-gate void *gak_data); 11367c478bd9Sstevel@tonic-gate 11377c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV 11387c478bd9Sstevel@tonic-gate krb5_get_init_creds 11397c478bd9Sstevel@tonic-gate (krb5_context context, 11407c478bd9Sstevel@tonic-gate krb5_creds *creds, 11417c478bd9Sstevel@tonic-gate krb5_principal client, 11427c478bd9Sstevel@tonic-gate krb5_prompter_fct prompter, 11437c478bd9Sstevel@tonic-gate void *prompter_data, 11447c478bd9Sstevel@tonic-gate krb5_deltat start_time, 11457c478bd9Sstevel@tonic-gate char *in_tkt_service, 11467c478bd9Sstevel@tonic-gate krb5_get_init_creds_opt *options, 11477c478bd9Sstevel@tonic-gate krb5_gic_get_as_key_fct gak, 11487c478bd9Sstevel@tonic-gate void *gak_data, 1149505d05c7Sgtb int *master, 11507c478bd9Sstevel@tonic-gate krb5_kdc_rep **as_reply); 11517c478bd9Sstevel@tonic-gate 1152505d05c7Sgtb void krb5int_populate_gic_opt ( 1153505d05c7Sgtb krb5_context, krb5_get_init_creds_opt *, 1154505d05c7Sgtb krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes, 1155505d05c7Sgtb krb5_preauthtype *pre_auth_types, krb5_creds *creds); 1156505d05c7Sgtb 11577c478bd9Sstevel@tonic-gate krb5_error_code krb5_do_preauth 11587c478bd9Sstevel@tonic-gate (krb5_context, krb5_kdc_req *, 11597c478bd9Sstevel@tonic-gate krb5_pa_data **, krb5_pa_data ***, 11607c478bd9Sstevel@tonic-gate krb5_data *, krb5_data *, krb5_enctype *, 11617c478bd9Sstevel@tonic-gate krb5_keyblock *, 11627c478bd9Sstevel@tonic-gate krb5_prompter_fct, void *, 11637c478bd9Sstevel@tonic-gate krb5_gic_get_as_key_fct, void *); 11647c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 11657c478bd9Sstevel@tonic-gate 11667c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge 11677c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge * ); 11687c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2 11697c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2 * ); 11707c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body 11717c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2_body *); 11727c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response 11737c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response * ); 11747c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2 11757c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response_2 * ); 11767c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response 11777c478bd9Sstevel@tonic-gate (krb5_context, krb5_predicted_sam_response * ); 11787c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc 11797c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc * ); 11807c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2 11817c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc_2 * ); 11827c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_contents 11837c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge * ); 11847c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_contents 11857c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2 * ); 11867c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents 11877c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2_body * ); 11887c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_contents 11897c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response * ); 11907c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2_contents 11917c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response_2 *); 11927c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response_contents 11937c478bd9Sstevel@tonic-gate (krb5_context, krb5_predicted_sam_response * ); 11947c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents 11957c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc * ); 11967c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents 11977c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc_2 * ); 11987c478bd9Sstevel@tonic-gate 11997c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_pa_enc_ts 12007c478bd9Sstevel@tonic-gate (krb5_context, krb5_pa_enc_ts *); 12017c478bd9Sstevel@tonic-gate 12027c478bd9Sstevel@tonic-gate /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ 1203505d05c7Sgtb #ifndef _KERNEL 1204505d05c7Sgtb #include "com_err.h" 120554925bf6Swillf #include <krb5/k5-plugin.h> 1206505d05c7Sgtb #endif /* _KERNEL */ 1207505d05c7Sgtb 12087c478bd9Sstevel@tonic-gate /* 12097c478bd9Sstevel@tonic-gate * Solaris Kerberos: moved from sendto_kdc.c so other code can reference 12107c478bd9Sstevel@tonic-gate */ 12117c478bd9Sstevel@tonic-gate #define DEFAULT_UDP_PREF_LIMIT 1465 12127c478bd9Sstevel@tonic-gate 12137c478bd9Sstevel@tonic-gate #ifndef _KERNEL 12147c478bd9Sstevel@tonic-gate #include "profile.h" 12157c478bd9Sstevel@tonic-gate #include <strings.h> 12167c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 12177c478bd9Sstevel@tonic-gate 12187c478bd9Sstevel@tonic-gate #define KEY_CHANGED(k1, k2) \ 12197c478bd9Sstevel@tonic-gate (k1 == NULL || \ 12207c478bd9Sstevel@tonic-gate k1 != k2 || \ 12217c478bd9Sstevel@tonic-gate k1->enctype != k2->enctype || \ 12227c478bd9Sstevel@tonic-gate k1->length != k2->length || \ 12237c478bd9Sstevel@tonic-gate bcmp(k1->contents, k2->contents, k1->length)) 12247c478bd9Sstevel@tonic-gate 12257c478bd9Sstevel@tonic-gate #ifndef _KERNEL 12267c478bd9Sstevel@tonic-gate typedef struct _arcfour_ctx { 12277c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE eSession; /* encrypt session handle */ 12287c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE dSession; /* decrypt session handle */ 12297c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE eKey; /* encrypt key object */ 12307c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE dKey; /* decrype key object */ 12317c478bd9Sstevel@tonic-gate uchar_t initialized; 12327c478bd9Sstevel@tonic-gate }arcfour_ctx_rec; 12337c478bd9Sstevel@tonic-gate 12347c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 12357c478bd9Sstevel@tonic-gate 12367c478bd9Sstevel@tonic-gate struct _krb5_context { 12377c478bd9Sstevel@tonic-gate krb5_magic magic; 12387c478bd9Sstevel@tonic-gate krb5_enctype *in_tkt_ktypes; 12397c478bd9Sstevel@tonic-gate int in_tkt_ktype_count; 12407c478bd9Sstevel@tonic-gate krb5_enctype *tgs_ktypes; 12417c478bd9Sstevel@tonic-gate int tgs_ktype_count; 1242505d05c7Sgtb /* This used to be a void*, but since we always allocate them 1243505d05c7Sgtb together (though in different source files), and the types 1244505d05c7Sgtb are declared in the same header, might as well just combine 1245505d05c7Sgtb them. 1246505d05c7Sgtb 1247505d05c7Sgtb The array[1] is so the existing code treating the field as 1248505d05c7Sgtb a pointer will still work. For cleanliness, it should 1249505d05c7Sgtb eventually get changed to a single element instead of an 1250505d05c7Sgtb array. */ 1251505d05c7Sgtb struct _krb5_os_context os_context[1]; 12527c478bd9Sstevel@tonic-gate char *default_realm; 12537c478bd9Sstevel@tonic-gate int ser_ctx_count; 12547c478bd9Sstevel@tonic-gate krb5_boolean profile_secure; 12557c478bd9Sstevel@tonic-gate void *ser_ctx; 12567c478bd9Sstevel@tonic-gate #ifndef _KERNEL 12577c478bd9Sstevel@tonic-gate profile_t profile; 12587c478bd9Sstevel@tonic-gate void *db_context; 12597c478bd9Sstevel@tonic-gate void *kdblog_context; 12607c478bd9Sstevel@tonic-gate /* allowable clock skew */ 12617c478bd9Sstevel@tonic-gate krb5_deltat clockskew; 12627c478bd9Sstevel@tonic-gate krb5_cksumtype kdc_req_sumtype; 12637c478bd9Sstevel@tonic-gate krb5_cksumtype default_ap_req_sumtype; 12647c478bd9Sstevel@tonic-gate krb5_cksumtype default_safe_sumtype; 12657c478bd9Sstevel@tonic-gate krb5_flags kdc_default_options; 12667c478bd9Sstevel@tonic-gate krb5_flags library_options; 12677c478bd9Sstevel@tonic-gate int fcc_default_format; 12687c478bd9Sstevel@tonic-gate int scc_default_format; 12697c478bd9Sstevel@tonic-gate krb5_prompt_type *prompt_types; 12707c478bd9Sstevel@tonic-gate /* Message size above which we'll try TCP first in send-to-kdc 12717c478bd9Sstevel@tonic-gate type code. Aside from the 2**16 size limit, we put no 12727c478bd9Sstevel@tonic-gate absolute limit on the UDP packet size. */ 12737c478bd9Sstevel@tonic-gate int udp_pref_limit; 12747c478bd9Sstevel@tonic-gate 12757c478bd9Sstevel@tonic-gate /* This is the tgs_ktypes list as read from the profile, or 12767c478bd9Sstevel@tonic-gate set to compiled-in defaults. The application code cannot 12777c478bd9Sstevel@tonic-gate override it. This is used for session keys for 12787c478bd9Sstevel@tonic-gate intermediate ticket-granting tickets used to acquire the 12797c478bd9Sstevel@tonic-gate requested ticket (the session key of which may be 12807c478bd9Sstevel@tonic-gate constrained by tgs_ktypes above). */ 12817c478bd9Sstevel@tonic-gate krb5_enctype *conf_tgs_ktypes; 12827c478bd9Sstevel@tonic-gate int conf_tgs_ktypes_count; 12837c478bd9Sstevel@tonic-gate 12847c478bd9Sstevel@tonic-gate /* Use the _configured version? */ 12857c478bd9Sstevel@tonic-gate krb5_boolean use_conf_ktypes; 12867c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 12877c478bd9Sstevel@tonic-gate krb5_boolean profile_in_memory; 12887c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 12897c478bd9Sstevel@tonic-gate 12907c478bd9Sstevel@tonic-gate pid_t pid; /* fork safety: PID of process that did last PKCS11 init */ 12917c478bd9Sstevel@tonic-gate 12927c478bd9Sstevel@tonic-gate /* Solaris Kerberos: handles for PKCS#11 crypto */ 12937c478bd9Sstevel@tonic-gate /* 12947c478bd9Sstevel@tonic-gate * Warning, do not access hSession directly as this is not fork() safe. 12957c478bd9Sstevel@tonic-gate * Instead use the krb_ctx_hSession() macro below. 12967c478bd9Sstevel@tonic-gate */ 12977c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE hSession; 12987c478bd9Sstevel@tonic-gate int cryptoki_initialized; 12997c478bd9Sstevel@tonic-gate 13007c478bd9Sstevel@tonic-gate /* arcfour_ctx: used only for rcmd stuff so no fork safety issues apply */ 13017c478bd9Sstevel@tonic-gate arcfour_ctx_rec arcfour_ctx; 130254925bf6Swillf 130354925bf6Swillf /* error detail info */ 130454925bf6Swillf struct errinfo err; 13057c478bd9Sstevel@tonic-gate #else /* ! KERNEL */ 13067c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cipher_mt; 13077c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_hash_mt; 13087c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cksum_mt; 13097c478bd9Sstevel@tonic-gate #endif /* ! KERNEL */ 13107c478bd9Sstevel@tonic-gate }; 13117c478bd9Sstevel@tonic-gate 13127c478bd9Sstevel@tonic-gate #ifndef _KERNEL 13137c478bd9Sstevel@tonic-gate extern pid_t __krb5_current_pid; 13147c478bd9Sstevel@tonic-gate 13157c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE krb5_reinit_ef_handle(krb5_context); 13167c478bd9Sstevel@tonic-gate 13177c478bd9Sstevel@tonic-gate /* 13187c478bd9Sstevel@tonic-gate * fork safety: barring the ef_init code, every other function must use the 13197c478bd9Sstevel@tonic-gate * krb_ctx_hSession() macro to access the hSession field in a krb context. 13207c478bd9Sstevel@tonic-gate * Note, if the pid of the krb ctx == the current global pid then it is safe to 13217c478bd9Sstevel@tonic-gate * use the ctx hSession otherwise it needs to be re-inited before it is returned 13227c478bd9Sstevel@tonic-gate * to the caller. 13237c478bd9Sstevel@tonic-gate */ 13247c478bd9Sstevel@tonic-gate #define krb_ctx_hSession(ctx) \ 13257c478bd9Sstevel@tonic-gate ((ctx)->pid == __krb5_current_pid) ? (ctx)->hSession : krb5_reinit_ef_handle((ctx)) 13267c478bd9Sstevel@tonic-gate #endif 13277c478bd9Sstevel@tonic-gate 13287c478bd9Sstevel@tonic-gate #define MD5_CKSUM_LENGTH 16 13297c478bd9Sstevel@tonic-gate #define RSA_MD5_CKSUM_LENGTH 16 13307c478bd9Sstevel@tonic-gate #define MD5_BLOCKSIZE 64 13317c478bd9Sstevel@tonic-gate 13327c478bd9Sstevel@tonic-gate 13337c478bd9Sstevel@tonic-gate /* 13347c478bd9Sstevel@tonic-gate * Solaris Kerberos: 13357c478bd9Sstevel@tonic-gate * This next section of prototypes and constants 13367c478bd9Sstevel@tonic-gate * are all unique to the Solaris Kerberos implementation. 13377c478bd9Sstevel@tonic-gate * Because Solaris uses the native encryption framework 13387c478bd9Sstevel@tonic-gate * to provide crypto support, the following routines 13397c478bd9Sstevel@tonic-gate * are needed to support this system. 13407c478bd9Sstevel@tonic-gate */ 13417c478bd9Sstevel@tonic-gate 13427c478bd9Sstevel@tonic-gate /* 13437c478bd9Sstevel@tonic-gate * Begin Solaris Crypto Prototypes 13447c478bd9Sstevel@tonic-gate */ 13457c478bd9Sstevel@tonic-gate 13467c478bd9Sstevel@tonic-gate /* 13477c478bd9Sstevel@tonic-gate * define constants that are used for creating the constant 13487c478bd9Sstevel@tonic-gate * which is used to make derived keys. 13497c478bd9Sstevel@tonic-gate */ 13507c478bd9Sstevel@tonic-gate #define DK_ENCR_KEY_BYTE 0xAA 13517c478bd9Sstevel@tonic-gate #define DK_HASH_KEY_BYTE 0x55 13527c478bd9Sstevel@tonic-gate #define DK_CKSUM_KEY_BYTE 0x99 13537c478bd9Sstevel@tonic-gate 13547c478bd9Sstevel@tonic-gate int init_derived_keydata(krb5_context, const struct krb5_enc_provider *, 13557c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyusage, 13567c478bd9Sstevel@tonic-gate krb5_keyblock **, krb5_keyblock **); 13577c478bd9Sstevel@tonic-gate 13587c478bd9Sstevel@tonic-gate krb5_error_code add_derived_key(krb5_keyblock *, krb5_keyusage, uchar_t, 13597c478bd9Sstevel@tonic-gate krb5_keyblock *); 13607c478bd9Sstevel@tonic-gate 13617c478bd9Sstevel@tonic-gate krb5_keyblock *find_derived_key(krb5_keyusage, uchar_t, krb5_keyblock *); 13627c478bd9Sstevel@tonic-gate krb5_keyblock *krb5_create_derived_keyblock(int); 13637c478bd9Sstevel@tonic-gate 13647c478bd9Sstevel@tonic-gate #ifdef _KERNEL 13657c478bd9Sstevel@tonic-gate int k5_ef_hash(krb5_context, int, const krb5_data *, krb5_data *); 13667c478bd9Sstevel@tonic-gate 13677c478bd9Sstevel@tonic-gate int k5_ef_mac(krb5_context, krb5_keyblock *, krb5_data *, 13687c478bd9Sstevel@tonic-gate const krb5_data *, krb5_data *); 13697c478bd9Sstevel@tonic-gate 13707c478bd9Sstevel@tonic-gate void make_kef_key(krb5_keyblock *); 13717c478bd9Sstevel@tonic-gate int init_key_kef(crypto_mech_type_t, krb5_keyblock *); 13727c478bd9Sstevel@tonic-gate int update_key_template(krb5_keyblock *); 13737c478bd9Sstevel@tonic-gate void setup_kef_keytypes(); 13747c478bd9Sstevel@tonic-gate void setup_kef_cksumtypes(); 13757c478bd9Sstevel@tonic-gate crypto_mech_type_t get_cipher_mech_type(krb5_context, krb5_keyblock *); 13767c478bd9Sstevel@tonic-gate crypto_mech_type_t get_hash_mech_type(krb5_context, krb5_keyblock *); 13777c478bd9Sstevel@tonic-gate 13787c478bd9Sstevel@tonic-gate #else 13797c478bd9Sstevel@tonic-gate /* 13807c478bd9Sstevel@tonic-gate * This structure is used to map Kerberos supported OID's, 13817c478bd9Sstevel@tonic-gate * to PKCS11 mechanisms 13827c478bd9Sstevel@tonic-gate */ 13837c478bd9Sstevel@tonic-gate #define USE_ENCR 0x01 13847c478bd9Sstevel@tonic-gate #define USE_HASH 0x02 13857c478bd9Sstevel@tonic-gate 13867c478bd9Sstevel@tonic-gate typedef struct krb5_mech_2_pkcs { 13877c478bd9Sstevel@tonic-gate uchar_t flags; 13887c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE enc_algo; 13897c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE hash_algo; 13907c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE str2key_algo; 13917c478bd9Sstevel@tonic-gate } KRB5_MECH_TO_PKCS; 13927c478bd9Sstevel@tonic-gate 13937c478bd9Sstevel@tonic-gate #define ENC_DEFINED(x) (((x).flags & USE_ENCR)) 13947c478bd9Sstevel@tonic-gate #define HASH_DEFINED(x) (((x).flags & USE_HASH)) 13957c478bd9Sstevel@tonic-gate 13967c478bd9Sstevel@tonic-gate extern CK_RV get_algo(krb5_enctype etype, KRB5_MECH_TO_PKCS * algos); 13977c478bd9Sstevel@tonic-gate extern CK_RV get_key_type (krb5_enctype etype, CK_KEY_TYPE * keyType); 13987c478bd9Sstevel@tonic-gate extern krb5_error_code slot_supports_krb5 (CK_SLOT_ID_PTR slotid); 13997c478bd9Sstevel@tonic-gate 14007c478bd9Sstevel@tonic-gate krb5_error_code init_key_uef(CK_SESSION_HANDLE, krb5_keyblock *); 14017c478bd9Sstevel@tonic-gate 14027c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_hash(krb5_context, CK_MECHANISM *, 14037c478bd9Sstevel@tonic-gate unsigned int, const krb5_data *, krb5_data *); 14047c478bd9Sstevel@tonic-gate 14057c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_mac(krb5_context context, 14067c478bd9Sstevel@tonic-gate krb5_keyblock *key, krb5_data *ivec, 14077c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 14087c478bd9Sstevel@tonic-gate 14097c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 14107c478bd9Sstevel@tonic-gate 14117c478bd9Sstevel@tonic-gate krb5_error_code 14127c478bd9Sstevel@tonic-gate derive_3des_keys(krb5_context, struct krb5_enc_provider *, 14137c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyusage, 14147c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyblock *); 14157c478bd9Sstevel@tonic-gate 14167c478bd9Sstevel@tonic-gate /* 14177c478bd9Sstevel@tonic-gate * End Solaris Crypto Prototypes 14187c478bd9Sstevel@tonic-gate */ 14197c478bd9Sstevel@tonic-gate 14207c478bd9Sstevel@tonic-gate #define KRB5_LIBOPT_SYNC_KDCTIME 0x0001 14217c478bd9Sstevel@tonic-gate 1422505d05c7Sgtb /* internal message representations */ 1423505d05c7Sgtb 1424505d05c7Sgtb typedef struct _krb5_safe { 1425505d05c7Sgtb krb5_magic magic; 1426505d05c7Sgtb krb5_data user_data; /* user data */ 1427505d05c7Sgtb krb5_timestamp timestamp; /* client time, optional */ 1428505d05c7Sgtb krb5_int32 usec; /* microsecond portion of time, 1429505d05c7Sgtb optional */ 1430505d05c7Sgtb krb5_ui_4 seq_number; /* sequence #, optional */ 1431505d05c7Sgtb krb5_address *s_address; /* sender address */ 1432505d05c7Sgtb krb5_address *r_address; /* recipient address, optional */ 1433505d05c7Sgtb krb5_checksum *checksum; /* data integrity checksum */ 1434505d05c7Sgtb } krb5_safe; 1435505d05c7Sgtb 1436505d05c7Sgtb typedef struct _krb5_priv { 1437505d05c7Sgtb krb5_magic magic; 1438505d05c7Sgtb krb5_enc_data enc_part; /* encrypted part */ 1439505d05c7Sgtb } krb5_priv; 1440505d05c7Sgtb 1441505d05c7Sgtb typedef struct _krb5_priv_enc_part { 1442505d05c7Sgtb krb5_magic magic; 1443505d05c7Sgtb krb5_data user_data; /* user data */ 1444505d05c7Sgtb krb5_timestamp timestamp; /* client time, optional */ 1445505d05c7Sgtb krb5_int32 usec; /* microsecond portion of time, opt. */ 1446505d05c7Sgtb krb5_ui_4 seq_number; /* sequence #, optional */ 1447505d05c7Sgtb krb5_address *s_address; /* sender address */ 1448505d05c7Sgtb krb5_address *r_address; /* recipient address, optional */ 1449505d05c7Sgtb } krb5_priv_enc_part; 1450505d05c7Sgtb 1451505d05c7Sgtb void KRB5_CALLCONV krb5_free_safe 1452505d05c7Sgtb (krb5_context, krb5_safe * ); 1453505d05c7Sgtb void KRB5_CALLCONV krb5_free_priv 1454505d05c7Sgtb (krb5_context, krb5_priv * ); 1455505d05c7Sgtb void KRB5_CALLCONV krb5_free_priv_enc_part 1456505d05c7Sgtb (krb5_context, krb5_priv_enc_part * ); 1457505d05c7Sgtb 14587c478bd9Sstevel@tonic-gate /* 14597c478bd9Sstevel@tonic-gate * Begin "asn1.h" 14607c478bd9Sstevel@tonic-gate */ 14617c478bd9Sstevel@tonic-gate #ifndef KRB5_ASN1__ 14627c478bd9Sstevel@tonic-gate #define KRB5_ASN1__ 14637c478bd9Sstevel@tonic-gate 14647c478bd9Sstevel@tonic-gate /* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */ 14657c478bd9Sstevel@tonic-gate /* here we use some knowledge of ASN.1 encodings */ 14667c478bd9Sstevel@tonic-gate /* 14677c478bd9Sstevel@tonic-gate Ticket is APPLICATION 1. 14687c478bd9Sstevel@tonic-gate Authenticator is APPLICATION 2. 14697c478bd9Sstevel@tonic-gate AS_REQ is APPLICATION 10. 14707c478bd9Sstevel@tonic-gate AS_REP is APPLICATION 11. 14717c478bd9Sstevel@tonic-gate TGS_REQ is APPLICATION 12. 14727c478bd9Sstevel@tonic-gate TGS_REP is APPLICATION 13. 14737c478bd9Sstevel@tonic-gate AP_REQ is APPLICATION 14. 14747c478bd9Sstevel@tonic-gate AP_REP is APPLICATION 15. 14757c478bd9Sstevel@tonic-gate KRB_SAFE is APPLICATION 20. 14767c478bd9Sstevel@tonic-gate KRB_PRIV is APPLICATION 21. 14777c478bd9Sstevel@tonic-gate KRB_CRED is APPLICATION 22. 14787c478bd9Sstevel@tonic-gate EncASRepPart is APPLICATION 25. 14797c478bd9Sstevel@tonic-gate EncTGSRepPart is APPLICATION 26. 14807c478bd9Sstevel@tonic-gate EncAPRepPart is APPLICATION 27. 14817c478bd9Sstevel@tonic-gate EncKrbPrivPart is APPLICATION 28. 14827c478bd9Sstevel@tonic-gate EncKrbCredPart is APPLICATION 29. 14837c478bd9Sstevel@tonic-gate KRB_ERROR is APPLICATION 30. 14847c478bd9Sstevel@tonic-gate */ 14857c478bd9Sstevel@tonic-gate /* allow either constructed or primitive encoding, so check for bit 6 14867c478bd9Sstevel@tonic-gate set or reset */ 14877c478bd9Sstevel@tonic-gate #define krb5_is_krb_ticket(dat)\ 14887c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\ 14897c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x41)) 14907c478bd9Sstevel@tonic-gate #define krb5_is_krb_authenticator(dat)\ 14917c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\ 14927c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x42)) 14937c478bd9Sstevel@tonic-gate #define krb5_is_as_req(dat)\ 14947c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\ 14957c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4a)) 14967c478bd9Sstevel@tonic-gate #define krb5_is_as_rep(dat)\ 14977c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\ 14987c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4b)) 14997c478bd9Sstevel@tonic-gate #define krb5_is_tgs_req(dat)\ 15007c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\ 15017c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4c)) 15027c478bd9Sstevel@tonic-gate #define krb5_is_tgs_rep(dat)\ 15037c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\ 15047c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4d)) 15057c478bd9Sstevel@tonic-gate #define krb5_is_ap_req(dat)\ 15067c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\ 15077c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4e)) 15087c478bd9Sstevel@tonic-gate #define krb5_is_ap_rep(dat)\ 15097c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\ 15107c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4f)) 15117c478bd9Sstevel@tonic-gate #define krb5_is_krb_safe(dat)\ 15127c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\ 15137c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x54)) 15147c478bd9Sstevel@tonic-gate #define krb5_is_krb_priv(dat)\ 15157c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\ 15167c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x55)) 15177c478bd9Sstevel@tonic-gate #define krb5_is_krb_cred(dat)\ 15187c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\ 15197c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x56)) 15207c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_as_rep_part(dat)\ 15217c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\ 15227c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x59)) 15237c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_tgs_rep_part(dat)\ 15247c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\ 15257c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5a)) 15267c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_ap_rep_part(dat)\ 15277c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\ 15287c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5b)) 15297c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_priv_part(dat)\ 15307c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\ 15317c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5c)) 15327c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_cred_part(dat)\ 15337c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\ 15347c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5d)) 15357c478bd9Sstevel@tonic-gate #define krb5_is_krb_error(dat)\ 15367c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\ 15377c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5e)) 15387c478bd9Sstevel@tonic-gate 15397c478bd9Sstevel@tonic-gate /************************************************************************* 15407c478bd9Sstevel@tonic-gate * Prototypes for krb5_encode.c 15417c478bd9Sstevel@tonic-gate *************************************************************************/ 15427c478bd9Sstevel@tonic-gate 15437c478bd9Sstevel@tonic-gate /* 15447c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_structure(const krb5_structure *rep, 15457c478bd9Sstevel@tonic-gate krb5_data **code); 15467c478bd9Sstevel@tonic-gate modifies *code 15477c478bd9Sstevel@tonic-gate effects Returns the ASN.1 encoding of *rep in **code. 15487c478bd9Sstevel@tonic-gate Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep. 15497c478bd9Sstevel@tonic-gate Returns ENOMEM if memory runs out. 15507c478bd9Sstevel@tonic-gate */ 15517c478bd9Sstevel@tonic-gate 15527c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authenticator 15537c478bd9Sstevel@tonic-gate (const krb5_authenticator *rep, krb5_data **code); 15547c478bd9Sstevel@tonic-gate 15557c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ticket 15567c478bd9Sstevel@tonic-gate (const krb5_ticket *rep, krb5_data **code); 15577c478bd9Sstevel@tonic-gate 15587c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_encryption_key 15597c478bd9Sstevel@tonic-gate (const krb5_keyblock *rep, krb5_data **code); 15607c478bd9Sstevel@tonic-gate 15617c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_tkt_part 15627c478bd9Sstevel@tonic-gate (const krb5_enc_tkt_part *rep, krb5_data **code); 15637c478bd9Sstevel@tonic-gate 15647c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_kdc_rep_part 15657c478bd9Sstevel@tonic-gate (const krb5_enc_kdc_rep_part *rep, krb5_data **code); 15667c478bd9Sstevel@tonic-gate 15677c478bd9Sstevel@tonic-gate /* yes, the translation is identical to that used for KDC__REP */ 15687c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_rep 15697c478bd9Sstevel@tonic-gate (const krb5_kdc_rep *rep, krb5_data **code); 15707c478bd9Sstevel@tonic-gate 15717c478bd9Sstevel@tonic-gate /* yes, the translation is identical to that used for KDC__REP */ 15727c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_rep 15737c478bd9Sstevel@tonic-gate (const krb5_kdc_rep *rep, krb5_data **code); 15747c478bd9Sstevel@tonic-gate 15757c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_req 15767c478bd9Sstevel@tonic-gate (const krb5_ap_req *rep, krb5_data **code); 15777c478bd9Sstevel@tonic-gate 15787c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep 15797c478bd9Sstevel@tonic-gate (const krb5_ap_rep *rep, krb5_data **code); 15807c478bd9Sstevel@tonic-gate 15817c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep_enc_part 15827c478bd9Sstevel@tonic-gate (const krb5_ap_rep_enc_part *rep, krb5_data **code); 15837c478bd9Sstevel@tonic-gate 15847c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_req 15857c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 15867c478bd9Sstevel@tonic-gate 15877c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_req 15887c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 15897c478bd9Sstevel@tonic-gate 15907c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_kdc_req_body 15917c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 15927c478bd9Sstevel@tonic-gate 15937c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe 15947c478bd9Sstevel@tonic-gate (const krb5_safe *rep, krb5_data **code); 15957c478bd9Sstevel@tonic-gate 15967c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe_with_body 15977c478bd9Sstevel@tonic-gate (const krb5_safe *rep, const krb5_data *body, krb5_data **code); 15987c478bd9Sstevel@tonic-gate 15997c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_priv 16007c478bd9Sstevel@tonic-gate (const krb5_priv *rep, krb5_data **code); 16017c478bd9Sstevel@tonic-gate 16027c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_priv_part 16037c478bd9Sstevel@tonic-gate (const krb5_priv_enc_part *rep, krb5_data **code); 16047c478bd9Sstevel@tonic-gate 16057c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_cred 16067c478bd9Sstevel@tonic-gate (const krb5_cred *rep, krb5_data **code); 16077c478bd9Sstevel@tonic-gate 16087c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_cred_part 16097c478bd9Sstevel@tonic-gate (const krb5_cred_enc_part *rep, krb5_data **code); 16107c478bd9Sstevel@tonic-gate 16117c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_error 16127c478bd9Sstevel@tonic-gate (const krb5_error *rep, krb5_data **code); 16137c478bd9Sstevel@tonic-gate 16147c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authdata 16157c478bd9Sstevel@tonic-gate (const krb5_authdata **rep, krb5_data **code); 16167c478bd9Sstevel@tonic-gate 16177c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_sequence 16187c478bd9Sstevel@tonic-gate (const passwd_phrase_element *rep, krb5_data **code); 16197c478bd9Sstevel@tonic-gate 16207c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_data 16217c478bd9Sstevel@tonic-gate (const krb5_pwd_data *rep, krb5_data **code); 16227c478bd9Sstevel@tonic-gate 16237c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_padata_sequence 16247c478bd9Sstevel@tonic-gate (const krb5_pa_data ** rep, krb5_data **code); 16257c478bd9Sstevel@tonic-gate 16267c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_alt_method 16277c478bd9Sstevel@tonic-gate (const krb5_alt_method *, krb5_data **code); 16287c478bd9Sstevel@tonic-gate 16297c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info 16307c478bd9Sstevel@tonic-gate (const krb5_etype_info_entry **, krb5_data **code); 16317c478bd9Sstevel@tonic-gate 16327c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info2 16337c478bd9Sstevel@tonic-gate (const krb5_etype_info_entry **, krb5_data **code); 16347c478bd9Sstevel@tonic-gate 16357c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_data 16367c478bd9Sstevel@tonic-gate (const krb5_enc_data *, krb5_data **); 16377c478bd9Sstevel@tonic-gate 16387c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pa_enc_ts 16397c478bd9Sstevel@tonic-gate (const krb5_pa_enc_ts *, krb5_data **); 16407c478bd9Sstevel@tonic-gate 16417c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge 16427c478bd9Sstevel@tonic-gate (const krb5_sam_challenge * , krb5_data **); 16437c478bd9Sstevel@tonic-gate 16447c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_key 16457c478bd9Sstevel@tonic-gate (const krb5_sam_key * , krb5_data **); 16467c478bd9Sstevel@tonic-gate 16477c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc 16487c478bd9Sstevel@tonic-gate (const krb5_enc_sam_response_enc * , krb5_data **); 16497c478bd9Sstevel@tonic-gate 16507c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response 16517c478bd9Sstevel@tonic-gate (const krb5_sam_response * , krb5_data **); 16527c478bd9Sstevel@tonic-gate 16537c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_predicted_sam_response 16547c478bd9Sstevel@tonic-gate (const krb5_predicted_sam_response * , krb5_data **); 16557c478bd9Sstevel@tonic-gate 16567c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2 16577c478bd9Sstevel@tonic-gate (const krb5_sam_challenge_2 * , krb5_data **); 16587c478bd9Sstevel@tonic-gate 16597c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2_body 16607c478bd9Sstevel@tonic-gate (const krb5_sam_challenge_2_body * , krb5_data **); 16617c478bd9Sstevel@tonic-gate 16627c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc_2 16637c478bd9Sstevel@tonic-gate (const krb5_enc_sam_response_enc_2 * , krb5_data **); 16647c478bd9Sstevel@tonic-gate 16657c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response_2 16667c478bd9Sstevel@tonic-gate (const krb5_sam_response_2 * , krb5_data **); 16677c478bd9Sstevel@tonic-gate 166810db1377Sgtb krb5_error_code encode_krb5_setpw_req 166910db1377Sgtb (const krb5_principal target, char *password, krb5_data **code); 167010db1377Sgtb 16717c478bd9Sstevel@tonic-gate /************************************************************************* 16727c478bd9Sstevel@tonic-gate * End of prototypes for krb5_encode.c 16737c478bd9Sstevel@tonic-gate *************************************************************************/ 16747c478bd9Sstevel@tonic-gate 16757c478bd9Sstevel@tonic-gate /************************************************************************* 16767c478bd9Sstevel@tonic-gate * Prototypes for krb5_decode.c 16777c478bd9Sstevel@tonic-gate *************************************************************************/ 16787c478bd9Sstevel@tonic-gate 16797c478bd9Sstevel@tonic-gate /* 16807c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_structure(const krb5_data *code, 16817c478bd9Sstevel@tonic-gate krb5_structure **rep); 16827c478bd9Sstevel@tonic-gate 16837c478bd9Sstevel@tonic-gate requires Expects **rep to not have been allocated; 16847c478bd9Sstevel@tonic-gate a new *rep is allocated regardless of the old value. 16857c478bd9Sstevel@tonic-gate effects Decodes *code into **rep. 16867c478bd9Sstevel@tonic-gate Returns ENOMEM if memory is exhausted. 16877c478bd9Sstevel@tonic-gate Returns asn1 and krb5 errors. 16887c478bd9Sstevel@tonic-gate */ 16897c478bd9Sstevel@tonic-gate 16907c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authenticator 16917c478bd9Sstevel@tonic-gate (const krb5_data *code, krb5_authenticator **rep); 16927c478bd9Sstevel@tonic-gate 16937c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ticket 16947c478bd9Sstevel@tonic-gate (const krb5_data *code, krb5_ticket **rep); 16957c478bd9Sstevel@tonic-gate 16967c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_encryption_key 16977c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_keyblock **rep); 16987c478bd9Sstevel@tonic-gate 16997c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_tkt_part 17007c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_tkt_part **rep); 17017c478bd9Sstevel@tonic-gate 17027c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_kdc_rep_part 17037c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_kdc_rep_part **rep); 17047c478bd9Sstevel@tonic-gate 17057c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_rep 17067c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_rep **rep); 17077c478bd9Sstevel@tonic-gate 17087c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_rep 17097c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_rep **rep); 17107c478bd9Sstevel@tonic-gate 17117c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_req 17127c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_req **rep); 17137c478bd9Sstevel@tonic-gate 17147c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep 17157c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_rep **rep); 17167c478bd9Sstevel@tonic-gate 17177c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep_enc_part 17187c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_rep_enc_part **rep); 17197c478bd9Sstevel@tonic-gate 17207c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_req 17217c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 17227c478bd9Sstevel@tonic-gate 17237c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_req 17247c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 17257c478bd9Sstevel@tonic-gate 17267c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_kdc_req_body 17277c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 17287c478bd9Sstevel@tonic-gate 17297c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe 17307c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_safe **rep); 17317c478bd9Sstevel@tonic-gate 17327c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe_with_body 17337c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_safe **rep, krb5_data *body); 17347c478bd9Sstevel@tonic-gate 17357c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_priv 17367c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_priv **rep); 17377c478bd9Sstevel@tonic-gate 17387c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_priv_part 17397c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_priv_enc_part **rep); 17407c478bd9Sstevel@tonic-gate 17417c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_cred 17427c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_cred **rep); 17437c478bd9Sstevel@tonic-gate 17447c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_cred_part 17457c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_cred_enc_part **rep); 17467c478bd9Sstevel@tonic-gate 17477c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_error 17487c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_error **rep); 17497c478bd9Sstevel@tonic-gate 17507c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authdata 17517c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_authdata ***rep); 17527c478bd9Sstevel@tonic-gate 17537c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_sequence 17547c478bd9Sstevel@tonic-gate (const krb5_data *output, passwd_phrase_element **rep); 17557c478bd9Sstevel@tonic-gate 17567c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_data 17577c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pwd_data **rep); 17587c478bd9Sstevel@tonic-gate 17597c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_padata_sequence 17607c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pa_data ***rep); 17617c478bd9Sstevel@tonic-gate 17627c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_alt_method 17637c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_alt_method **rep); 17647c478bd9Sstevel@tonic-gate 17657c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info 17667c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_etype_info_entry ***rep); 17677c478bd9Sstevel@tonic-gate 17687c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info2 17697c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_etype_info_entry ***rep); 17707c478bd9Sstevel@tonic-gate 17717c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_data 17727c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_data **rep); 17737c478bd9Sstevel@tonic-gate 17747c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pa_enc_ts 17757c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pa_enc_ts **rep); 17767c478bd9Sstevel@tonic-gate 17777c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge 17787c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_challenge **); 17797c478bd9Sstevel@tonic-gate 17807c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_key 17817c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_key **); 17827c478bd9Sstevel@tonic-gate 17837c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_sam_response_enc 17847c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_enc_sam_response_enc **); 17857c478bd9Sstevel@tonic-gate 17867c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_response 17877c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_response **); 17887c478bd9Sstevel@tonic-gate 17897c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_predicted_sam_response 17907c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_predicted_sam_response **); 17917c478bd9Sstevel@tonic-gate 17927c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge_2 17937c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_challenge_2 **); 17947c478bd9Sstevel@tonic-gate 17957c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge_2_body 17967c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_challenge_2_body **); 17977c478bd9Sstevel@tonic-gate 17987c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_sam_response_enc_2 17997c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_enc_sam_response_enc_2 **); 18007c478bd9Sstevel@tonic-gate 18017c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_response_2 18027c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_response_2 **); 18037c478bd9Sstevel@tonic-gate 180454925bf6Swillf struct _krb5_key_data; /* kdb.h */ 180554925bf6Swillf krb5_error_code 180654925bf6Swillf krb5int_ldap_encode_sequence_of_keys (struct _krb5_key_data *key_data, 180754925bf6Swillf krb5_int16 n_key_data, 180854925bf6Swillf krb5_int32 mkvno, 180954925bf6Swillf krb5_data **code); 181054925bf6Swillf 181154925bf6Swillf krb5_error_code 181254925bf6Swillf krb5int_ldap_decode_sequence_of_keys (krb5_data *in, 181354925bf6Swillf struct _krb5_key_data **out, 181454925bf6Swillf krb5_int16 *n_key_data, 181554925bf6Swillf int *mkvno); 18167c478bd9Sstevel@tonic-gate 18177c478bd9Sstevel@tonic-gate /************************************************************************* 18187c478bd9Sstevel@tonic-gate * End of prototypes for krb5_decode.c 18197c478bd9Sstevel@tonic-gate *************************************************************************/ 18207c478bd9Sstevel@tonic-gate 18217c478bd9Sstevel@tonic-gate #endif /* KRB5_ASN1__ */ 18227c478bd9Sstevel@tonic-gate /* 18237c478bd9Sstevel@tonic-gate * End "asn1.h" 18247c478bd9Sstevel@tonic-gate */ 18257c478bd9Sstevel@tonic-gate 18267c478bd9Sstevel@tonic-gate 18277c478bd9Sstevel@tonic-gate /* 18287c478bd9Sstevel@tonic-gate * Internal krb5 library routines 18297c478bd9Sstevel@tonic-gate */ 18307c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_tkt_part 18317c478bd9Sstevel@tonic-gate (krb5_context, 18327c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, 18337c478bd9Sstevel@tonic-gate krb5_ticket *); 18347c478bd9Sstevel@tonic-gate 18357c478bd9Sstevel@tonic-gate 18367c478bd9Sstevel@tonic-gate krb5_error_code krb5_encode_kdc_rep 18377c478bd9Sstevel@tonic-gate (krb5_context, 18387c478bd9Sstevel@tonic-gate krb5_const krb5_msgtype, 18397c478bd9Sstevel@tonic-gate krb5_const krb5_enc_kdc_rep_part *, 18407c478bd9Sstevel@tonic-gate int using_subkey, 18417c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, 18427c478bd9Sstevel@tonic-gate krb5_kdc_rep *, 18437c478bd9Sstevel@tonic-gate krb5_data ** ); 18447c478bd9Sstevel@tonic-gate 18457c478bd9Sstevel@tonic-gate krb5_error_code krb5_validate_times 18467c478bd9Sstevel@tonic-gate (krb5_context, krb5_ticket_times *); 18477c478bd9Sstevel@tonic-gate 1848505d05c7Sgtb krb5_boolean krb5int_auth_con_chkseqnum 1849505d05c7Sgtb (krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq); 1850505d05c7Sgtb 18517c478bd9Sstevel@tonic-gate /* 18527c478bd9Sstevel@tonic-gate * [De]Serialization Handle and operations. 18537c478bd9Sstevel@tonic-gate */ 18547c478bd9Sstevel@tonic-gate struct __krb5_serializer { 18557c478bd9Sstevel@tonic-gate krb5_magic odtype; 18567c478bd9Sstevel@tonic-gate krb5_error_code (*sizer) (krb5_context, 18577c478bd9Sstevel@tonic-gate krb5_pointer, 18587c478bd9Sstevel@tonic-gate size_t *); 18597c478bd9Sstevel@tonic-gate krb5_error_code (*externalizer) (krb5_context, 18607c478bd9Sstevel@tonic-gate krb5_pointer, 18617c478bd9Sstevel@tonic-gate krb5_octet **, 18627c478bd9Sstevel@tonic-gate size_t *); 18637c478bd9Sstevel@tonic-gate krb5_error_code (*internalizer) (krb5_context, 18647c478bd9Sstevel@tonic-gate krb5_pointer *, 18657c478bd9Sstevel@tonic-gate krb5_octet **, 18667c478bd9Sstevel@tonic-gate size_t *); 18677c478bd9Sstevel@tonic-gate }; 18687c478bd9Sstevel@tonic-gate typedef struct __krb5_serializer * krb5_ser_handle; 18697c478bd9Sstevel@tonic-gate typedef struct __krb5_serializer krb5_ser_entry; 18707c478bd9Sstevel@tonic-gate 18717c478bd9Sstevel@tonic-gate krb5_ser_handle krb5_find_serializer 1872505d05c7Sgtb (krb5_context, 1873505d05c7Sgtb krb5_magic); 18747c478bd9Sstevel@tonic-gate krb5_error_code krb5_register_serializer 1875505d05c7Sgtb (krb5_context, 1876505d05c7Sgtb const krb5_ser_entry *); 18777c478bd9Sstevel@tonic-gate 18787c478bd9Sstevel@tonic-gate /* Determine the external size of a particular opaque structure */ 1879505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_size_opaque 1880505d05c7Sgtb (krb5_context, 1881505d05c7Sgtb krb5_magic, 1882505d05c7Sgtb krb5_pointer, 1883505d05c7Sgtb size_t *); 18847c478bd9Sstevel@tonic-gate 18857c478bd9Sstevel@tonic-gate /* Serialize the structure into a buffer */ 1886505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_externalize_opaque 18877c478bd9Sstevel@tonic-gate (krb5_context, 18887c478bd9Sstevel@tonic-gate krb5_magic, 18897c478bd9Sstevel@tonic-gate krb5_pointer, 18907c478bd9Sstevel@tonic-gate krb5_octet * *, 18917c478bd9Sstevel@tonic-gate size_t *); 18927c478bd9Sstevel@tonic-gate 18937c478bd9Sstevel@tonic-gate /* Deserialize the structure from a buffer */ 1894505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_internalize_opaque 1895505d05c7Sgtb (krb5_context, 1896505d05c7Sgtb krb5_magic, 1897505d05c7Sgtb krb5_pointer *, 1898505d05c7Sgtb krb5_octet **, 1899505d05c7Sgtb size_t *); 19007c478bd9Sstevel@tonic-gate 19017c478bd9Sstevel@tonic-gate /* Serialize data into a buffer */ 19027c478bd9Sstevel@tonic-gate krb5_error_code krb5_externalize_data 1903505d05c7Sgtb (krb5_context, 1904505d05c7Sgtb krb5_pointer, 1905505d05c7Sgtb krb5_octet **, 1906505d05c7Sgtb size_t *); 19077c478bd9Sstevel@tonic-gate /* 19087c478bd9Sstevel@tonic-gate * Initialization routines. 19097c478bd9Sstevel@tonic-gate */ 19107c478bd9Sstevel@tonic-gate 19117c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_[os_]context */ 1912505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_context_init 19137c478bd9Sstevel@tonic-gate (krb5_context); 19147c478bd9Sstevel@tonic-gate 19157c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_auth_context */ 1916505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init 19177c478bd9Sstevel@tonic-gate (krb5_context); 19187c478bd9Sstevel@tonic-gate 19197c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_keytab */ 1920505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init 19217c478bd9Sstevel@tonic-gate (krb5_context); 19227c478bd9Sstevel@tonic-gate 19237c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_ccache */ 1924505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init 19257c478bd9Sstevel@tonic-gate (krb5_context); 19267c478bd9Sstevel@tonic-gate 19277c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_rcache */ 1928505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init 19297c478bd9Sstevel@tonic-gate (krb5_context); 19307c478bd9Sstevel@tonic-gate 19317c478bd9Sstevel@tonic-gate /* [De]serialize 4-byte integer */ 19327c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32 1933505d05c7Sgtb (krb5_int32, 1934505d05c7Sgtb krb5_octet **, 1935505d05c7Sgtb size_t *); 1936505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32 1937505d05c7Sgtb (krb5_int32 *, 1938505d05c7Sgtb krb5_octet **, 1939505d05c7Sgtb size_t *); 1940505d05c7Sgtb /* [De]serialize 8-byte integer */ 19417c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64 19427c478bd9Sstevel@tonic-gate (krb5_int64, krb5_octet * *, size_t *); 19437c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64 19447c478bd9Sstevel@tonic-gate (krb5_int64 *, krb5_octet **, size_t *); 19457c478bd9Sstevel@tonic-gate /* [De]serialize byte string */ 1946505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes 19477c478bd9Sstevel@tonic-gate (krb5_octet *, 1948505d05c7Sgtb size_t, 1949505d05c7Sgtb krb5_octet **, 1950505d05c7Sgtb size_t *); 1951505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes 19527c478bd9Sstevel@tonic-gate (krb5_octet *, 1953505d05c7Sgtb size_t, 1954505d05c7Sgtb krb5_octet **, 1955505d05c7Sgtb size_t *); 19567c478bd9Sstevel@tonic-gate 1957505d05c7Sgtb 1958505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5int_cc_default 19597c478bd9Sstevel@tonic-gate (krb5_context, krb5_ccache *); 19607c478bd9Sstevel@tonic-gate 19617c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default 19627c478bd9Sstevel@tonic-gate (krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *); 19637c478bd9Sstevel@tonic-gate 19647c478bd9Sstevel@tonic-gate void krb5int_set_prompt_types 19657c478bd9Sstevel@tonic-gate (krb5_context, krb5_prompt_type *); 19667c478bd9Sstevel@tonic-gate 19677c478bd9Sstevel@tonic-gate krb5_error_code 19687c478bd9Sstevel@tonic-gate krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context, 19697c478bd9Sstevel@tonic-gate krb5_keyblock * /* Old keyblock, not new! */); 19707c478bd9Sstevel@tonic-gate 1971505d05c7Sgtb /* set and change password helpers */ 1972505d05c7Sgtb 1973505d05c7Sgtb krb5_error_code krb5int_mk_chpw_req 1974505d05c7Sgtb (krb5_context context, krb5_auth_context auth_context, 1975505d05c7Sgtb krb5_data *ap_req, char *passwd, krb5_data *packet); 1976505d05c7Sgtb krb5_error_code krb5int_rd_chpw_rep 1977505d05c7Sgtb (krb5_context context, krb5_auth_context auth_context, 1978505d05c7Sgtb krb5_data *packet, int *result_code, 1979505d05c7Sgtb krb5_data *result_data); 1980505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string 1981505d05c7Sgtb (krb5_context context, int result_code, 1982505d05c7Sgtb char **result_codestr); 1983505d05c7Sgtb krb5_error_code krb5int_mk_setpw_req 1984505d05c7Sgtb (krb5_context context, krb5_auth_context auth_context, 1985505d05c7Sgtb krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet); 1986505d05c7Sgtb krb5_error_code krb5int_rd_setpw_rep 1987505d05c7Sgtb (krb5_context context, krb5_auth_context auth_context, 1988505d05c7Sgtb krb5_data *packet, int *result_code, 1989505d05c7Sgtb krb5_data *result_data); 1990505d05c7Sgtb 1991505d05c7Sgtb krb5_error_code krb5int_setpw_result_code_string 1992505d05c7Sgtb (krb5_context context, int result_code, 1993505d05c7Sgtb const char **result_codestr); 19947c478bd9Sstevel@tonic-gate 19957c478bd9Sstevel@tonic-gate struct srv_dns_entry { 19967c478bd9Sstevel@tonic-gate struct srv_dns_entry *next; 19977c478bd9Sstevel@tonic-gate int priority; 19987c478bd9Sstevel@tonic-gate int weight; 19997c478bd9Sstevel@tonic-gate unsigned short port; 20007c478bd9Sstevel@tonic-gate char *host; 20017c478bd9Sstevel@tonic-gate }; 20027c478bd9Sstevel@tonic-gate 20037c478bd9Sstevel@tonic-gate krb5_error_code 20047c478bd9Sstevel@tonic-gate krb5int_make_srv_query_realm(const krb5_data *realm, 20057c478bd9Sstevel@tonic-gate const char *service, 20067c478bd9Sstevel@tonic-gate const char *protocol, 20077c478bd9Sstevel@tonic-gate struct srv_dns_entry **answers); 20087c478bd9Sstevel@tonic-gate void krb5int_free_srv_dns_data(struct srv_dns_entry *); 20097c478bd9Sstevel@tonic-gate 20107c478bd9Sstevel@tonic-gate /* 20117c478bd9Sstevel@tonic-gate * Convenience function for structure magic number 20127c478bd9Sstevel@tonic-gate */ 20137c478bd9Sstevel@tonic-gate #define KRB5_VERIFY_MAGIC(structure,magic_number) \ 20147c478bd9Sstevel@tonic-gate if ((structure)->magic != (magic_number)) return (magic_number); 20157c478bd9Sstevel@tonic-gate 2016505d05c7Sgtb 2017505d05c7Sgtb /* SUNW14resync XXX - see k5-util.h */ 2018505d05c7Sgtb #if 0 20197c478bd9Sstevel@tonic-gate int krb5_seteuid (int); 2020505d05c7Sgtb #endif 20217c478bd9Sstevel@tonic-gate 20227c478bd9Sstevel@tonic-gate char * krb5_getenv(const char *); 20237c478bd9Sstevel@tonic-gate int krb5_setenv (const char *, const char *, int); 20247c478bd9Sstevel@tonic-gate void krb5_unsetenv (const char *); 20257c478bd9Sstevel@tonic-gate 2026505d05c7Sgtb 2027505d05c7Sgtb /* SUNW14resync - (from here to EOF) not sure if we need this but will add it 2028505d05c7Sgtb for future resync sake */ 2029505d05c7Sgtb 2030505d05c7Sgtb /* To keep happy libraries which are (for now) accessing internal stuff */ 2031505d05c7Sgtb 2032505d05c7Sgtb /* Make sure to increment by one when changing the struct */ 2033505d05c7Sgtb #define KRB5INT_ACCESS_STRUCT_VERSION 9 2034505d05c7Sgtb 2035505d05c7Sgtb #ifndef ANAME_SZ 2036505d05c7Sgtb struct ktext; /* from krb.h, for krb524 support */ 2037505d05c7Sgtb #endif 2038505d05c7Sgtb typedef struct _krb5int_access { 2039505d05c7Sgtb /* crypto stuff */ 2040505d05c7Sgtb const struct krb5_hash_provider *md5_hash_provider; 2041505d05c7Sgtb const struct krb5_enc_provider *arcfour_enc_provider; 2042*ab9b2e15Sgtb krb5_error_code (* krb5_hmac) (krb5_context, 2043*ab9b2e15Sgtb const struct krb5_hash_provider *hash, 2044505d05c7Sgtb const krb5_keyblock *key, 2045505d05c7Sgtb unsigned int icount, const krb5_data *input, 2046505d05c7Sgtb krb5_data *output); 2047505d05c7Sgtb /* service location and communication */ 2048505d05c7Sgtb #ifndef _KERNEL 2049505d05c7Sgtb krb5_error_code (*locate_server) (krb5_context, const krb5_data *, 2050505d05c7Sgtb struct addrlist *, int, 2051505d05c7Sgtb const char *, const char *, 2052505d05c7Sgtb int, int, int, int); 2053505d05c7Sgtb krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg, 2054505d05c7Sgtb const struct addrlist *, krb5_data *reply, 205554925bf6Swillf struct sockaddr_storage *, socklen_t *, int *); 2056505d05c7Sgtb krb5_error_code (*add_host_to_list)(struct addrlist *lp, 2057505d05c7Sgtb const char *hostname, 2058505d05c7Sgtb int port, int secport, 2059505d05c7Sgtb int socktype, int family); 2060505d05c7Sgtb void (*free_addrlist) (struct addrlist *); 2061505d05c7Sgtb #endif /* _KERNEL */ 2062505d05c7Sgtb 2063505d05c7Sgtb 2064505d05c7Sgtb krb5_error_code (*make_srv_query_realm)(const krb5_data *realm, 2065505d05c7Sgtb const char *service, 2066505d05c7Sgtb const char *protocol, 2067505d05c7Sgtb struct srv_dns_entry **answers); 2068505d05c7Sgtb void (*free_srv_dns_data)(struct srv_dns_entry *); 2069505d05c7Sgtb int (*use_dns_kdc)(krb5_context); 2070505d05c7Sgtb 2071505d05c7Sgtb /* krb4 compatibility stuff -- may be null if not enabled */ 2072505d05c7Sgtb krb5_int32 (*krb_life_to_time)(krb5_int32, int); 2073505d05c7Sgtb int (*krb_time_to_life)(krb5_int32, krb5_int32); 2074505d05c7Sgtb int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *); 2075505d05c7Sgtb krb5_error_code (*krb5int_c_mandatory_cksumtype) 2076505d05c7Sgtb (krb5_context, krb5_enctype, krb5_cksumtype *); 2077505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *krb5_ser_pack_int64) 2078505d05c7Sgtb (krb5_int64, krb5_octet **, size_t *); 2079505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *krb5_ser_unpack_int64) 2080505d05c7Sgtb (krb5_int64 *, krb5_octet **, size_t *); 208154925bf6Swillf 208254925bf6Swillf /* Used for KDB LDAP back end. */ 208354925bf6Swillf krb5_error_code 208454925bf6Swillf (*asn1_ldap_encode_sequence_of_keys) (struct _krb5_key_data *key_data, 208554925bf6Swillf krb5_int16 n_key_data, 208654925bf6Swillf krb5_int32 mkvno, 208754925bf6Swillf krb5_data **code); 208854925bf6Swillf 208954925bf6Swillf krb5_error_code 209054925bf6Swillf (*asn1_ldap_decode_sequence_of_keys) (krb5_data *in, 209154925bf6Swillf struct _krb5_key_data **out, 209254925bf6Swillf krb5_int16 *n_key_data, 209354925bf6Swillf int *mkvno); 2094505d05c7Sgtb } krb5int_access; 2095505d05c7Sgtb 2096505d05c7Sgtb #define KRB5INT_ACCESS_VERSION \ 2097505d05c7Sgtb (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \ 2098505d05c7Sgtb (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF) 2099505d05c7Sgtb 2100505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5int_accessor 2101505d05c7Sgtb (krb5int_access*, krb5_int32); 2102505d05c7Sgtb 2103505d05c7Sgtb /* Ick -- some krb524 and krb4 support placed in the krb5 library, 2104505d05c7Sgtb because AFS (and potentially other applications?) use the krb4 2105505d05c7Sgtb object as an opaque token, which (in some implementations) is not 2106505d05c7Sgtb in fact a krb4 ticket, so we don't want to drag in the krb4 support 2107505d05c7Sgtb just to enable this. */ 2108505d05c7Sgtb 2109505d05c7Sgtb #define KRB524_SERVICE "krb524" 2110505d05c7Sgtb #define KRB524_PORT 4444 2111505d05c7Sgtb 2112505d05c7Sgtb /* v4lifetime.c */ 2113505d05c7Sgtb extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int); 2114505d05c7Sgtb extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32); 2115505d05c7Sgtb 2116505d05c7Sgtb /* conv_creds.c */ 2117505d05c7Sgtb int krb5int_encode_v4tkt 2118505d05c7Sgtb (struct ktext *v4tkt, char *buf, unsigned int *encoded_len); 2119505d05c7Sgtb 2120505d05c7Sgtb /* send524.c */ 2121505d05c7Sgtb int krb5int_524_sendto_kdc 2122505d05c7Sgtb (krb5_context context, const krb5_data * message, 2123505d05c7Sgtb const krb5_data * realm, krb5_data * reply, 2124505d05c7Sgtb struct sockaddr *, socklen_t *); 2125505d05c7Sgtb 2126505d05c7Sgtb /* temporary -- this should be under lib/krb5/ccache somewhere */ 2127505d05c7Sgtb 2128505d05c7Sgtb struct _krb5_ccache { 2129505d05c7Sgtb krb5_magic magic; 2130505d05c7Sgtb const struct _krb5_cc_ops *ops; 2131505d05c7Sgtb krb5_pointer data; 2132505d05c7Sgtb }; 2133505d05c7Sgtb 2134505d05c7Sgtb struct _krb5_cc_ops { 2135505d05c7Sgtb krb5_magic magic; 2136505d05c7Sgtb char *prefix; 2137505d05c7Sgtb const char * (KRB5_CALLCONV *get_name) (krb5_context, krb5_ccache); 2138505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_ccache *, 2139505d05c7Sgtb const char *); 2140505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *gen_new) (krb5_context, krb5_ccache *); 2141505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_ccache, 2142505d05c7Sgtb krb5_principal); 2143505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_ccache); 2144505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_ccache); 2145505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_ccache, 2146505d05c7Sgtb krb5_creds *); 2147505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *retrieve) (krb5_context, krb5_ccache, 2148505d05c7Sgtb krb5_flags, krb5_creds *, 2149505d05c7Sgtb krb5_creds *); 2150505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_princ) (krb5_context, krb5_ccache, 2151505d05c7Sgtb krb5_principal *); 2152505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_first) (krb5_context, krb5_ccache, 2153505d05c7Sgtb krb5_cc_cursor *); 2154505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_ccache, 2155505d05c7Sgtb krb5_cc_cursor *, krb5_creds *); 2156505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_ccache, 2157505d05c7Sgtb krb5_cc_cursor *); 2158505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *remove_cred) (krb5_context, krb5_ccache, 2159505d05c7Sgtb krb5_flags, krb5_creds *); 2160505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *set_flags) (krb5_context, krb5_ccache, 2161505d05c7Sgtb krb5_flags); 2162505d05c7Sgtb }; 2163505d05c7Sgtb 2164505d05c7Sgtb extern const krb5_cc_ops *krb5_cc_dfl_ops; 2165505d05c7Sgtb 2166505d05c7Sgtb typedef struct _krb5_donot_replay { 2167505d05c7Sgtb krb5_magic magic; 2168505d05c7Sgtb krb5_ui_4 hash; 2169505d05c7Sgtb char *server; /* null-terminated */ 2170505d05c7Sgtb char *client; /* null-terminated */ 2171505d05c7Sgtb krb5_int32 cusec; 2172505d05c7Sgtb krb5_timestamp ctime; 2173505d05c7Sgtb } krb5_donot_replay; 2174505d05c7Sgtb 2175505d05c7Sgtb krb5_error_code krb5_rc_default 2176505d05c7Sgtb (krb5_context, 2177505d05c7Sgtb krb5_rcache *); 2178505d05c7Sgtb krb5_error_code krb5_rc_resolve_type 2179505d05c7Sgtb (krb5_context, 2180505d05c7Sgtb krb5_rcache *,char *); 2181505d05c7Sgtb krb5_error_code krb5_rc_resolve_full 2182505d05c7Sgtb (krb5_context, 2183505d05c7Sgtb krb5_rcache *,char *); 2184505d05c7Sgtb char * krb5_rc_get_type 2185505d05c7Sgtb (krb5_context, 2186505d05c7Sgtb krb5_rcache); 2187505d05c7Sgtb char * krb5_rc_default_type 2188505d05c7Sgtb (krb5_context); 2189505d05c7Sgtb char * krb5_rc_default_name 2190505d05c7Sgtb (krb5_context); 2191505d05c7Sgtb krb5_error_code krb5_auth_to_rep 2192505d05c7Sgtb (krb5_context, 2193505d05c7Sgtb krb5_tkt_authent *, 2194505d05c7Sgtb krb5_donot_replay *); 2195505d05c7Sgtb 2196505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_initialize 2197505d05c7Sgtb (krb5_context, krb5_rcache,krb5_deltat); 2198505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_recover_or_initialize 2199505d05c7Sgtb (krb5_context, krb5_rcache,krb5_deltat); 2200505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_recover 2201505d05c7Sgtb (krb5_context, krb5_rcache); 2202505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_destroy 2203505d05c7Sgtb (krb5_context, krb5_rcache); 2204505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_close 2205505d05c7Sgtb (krb5_context, krb5_rcache); 2206505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_store 2207505d05c7Sgtb (krb5_context, krb5_rcache,krb5_donot_replay *); 2208505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_expunge 2209505d05c7Sgtb (krb5_context, krb5_rcache); 2210505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan 2211505d05c7Sgtb (krb5_context, krb5_rcache,krb5_deltat *); 2212505d05c7Sgtb char *KRB5_CALLCONV krb5_rc_get_name 2213505d05c7Sgtb (krb5_context, krb5_rcache); 2214505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_resolve 2215505d05c7Sgtb (krb5_context, krb5_rcache, char *); 2216505d05c7Sgtb 2217505d05c7Sgtb typedef struct _krb5_kt_ops { 2218505d05c7Sgtb krb5_magic magic; 2219505d05c7Sgtb char *prefix; 2220505d05c7Sgtb /* routines always present */ 2221505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *resolve) 2222505d05c7Sgtb (krb5_context, 2223505d05c7Sgtb const char *, 2224505d05c7Sgtb krb5_keytab *); 2225505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_name) 2226505d05c7Sgtb (krb5_context, 2227505d05c7Sgtb krb5_keytab, 2228505d05c7Sgtb char *, 2229505d05c7Sgtb unsigned int); 2230505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *close) 2231505d05c7Sgtb (krb5_context, 2232505d05c7Sgtb krb5_keytab); 2233505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get) 2234505d05c7Sgtb (krb5_context, 2235505d05c7Sgtb krb5_keytab, 2236505d05c7Sgtb krb5_const_principal, 2237505d05c7Sgtb krb5_kvno, 2238505d05c7Sgtb krb5_enctype, 2239505d05c7Sgtb krb5_keytab_entry *); 2240505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *start_seq_get) 2241505d05c7Sgtb (krb5_context, 2242505d05c7Sgtb krb5_keytab, 2243505d05c7Sgtb krb5_kt_cursor *); 2244505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_next) 2245505d05c7Sgtb (krb5_context, 2246505d05c7Sgtb krb5_keytab, 2247505d05c7Sgtb krb5_keytab_entry *, 2248505d05c7Sgtb krb5_kt_cursor *); 2249505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *end_get) 2250505d05c7Sgtb (krb5_context, 2251505d05c7Sgtb krb5_keytab, 2252505d05c7Sgtb krb5_kt_cursor *); 2253505d05c7Sgtb /* routines to be included on extended version (write routines) */ 2254505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *add) 2255505d05c7Sgtb (krb5_context, 2256505d05c7Sgtb krb5_keytab, 2257505d05c7Sgtb krb5_keytab_entry *); 2258505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *remove) 2259505d05c7Sgtb (krb5_context, 2260505d05c7Sgtb krb5_keytab, 2261505d05c7Sgtb krb5_keytab_entry *); 2262505d05c7Sgtb 2263505d05c7Sgtb /* Handle for serializer */ 2264505d05c7Sgtb const krb5_ser_entry *serializer; 2265505d05c7Sgtb } krb5_kt_ops; 2266505d05c7Sgtb 2267505d05c7Sgtb extern const krb5_kt_ops krb5_kt_dfl_ops; 2268505d05c7Sgtb 2269505d05c7Sgtb extern krb5_error_code krb5int_translate_gai_error (int); 2270505d05c7Sgtb 2271505d05c7Sgtb /* Not sure it's ready for exposure just yet. */ 2272505d05c7Sgtb extern krb5_error_code 2273505d05c7Sgtb krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *); 2274505d05c7Sgtb 2275505d05c7Sgtb extern int krb5int_crypto_init (void); 2276505d05c7Sgtb extern int krb5int_prng_init(void); 2277505d05c7Sgtb 2278505d05c7Sgtb /* 2279505d05c7Sgtb * SUNW14resync 2280505d05c7Sgtb * Hack (?) to neuter C99 "inline" which causes warnings w/our build. 2281505d05c7Sgtb */ 2282505d05c7Sgtb #define inline 2283505d05c7Sgtb 2284505d05c7Sgtb /* Solaris kerberos */ 2285505d05c7Sgtb krb5_boolean KRB5_CALLCONV is_in_keytype 2286505d05c7Sgtb (krb5_const krb5_enctype *keytype, 2287505d05c7Sgtb int numkeytypes, krb5_enctype enctype); 2288505d05c7Sgtb 228924da5b34Srie /* 229024da5b34Srie * Solaris Kerberos 229124da5b34Srie * Use krb5_getuid() to select the mechanism to obtain the uid. 229224da5b34Srie */ 229324da5b34Srie extern uid_t krb5_getuid(); 2294*ab9b2e15Sgtb 2295fe598cdcSmp /* 2296fe598cdcSmp * Referral definitions, debugging hooks, and subfunctions. 2297fe598cdcSmp */ 2298fe598cdcSmp #define KRB5_REFERRAL_MAXHOPS 5 2299fe598cdcSmp /* #define DEBUG_REFERRALS */ 2300fe598cdcSmp 2301fe598cdcSmp #ifdef DEBUG_REFERRALS 2302fe598cdcSmp void krb5int_dbgref_dump_principal(char *, krb5_principal); 2303fe598cdcSmp #endif 2304fe598cdcSmp 2305fe598cdcSmp /* Common hostname-parsing code. */ 2306fe598cdcSmp krb5_error_code KRB5_CALLCONV krb5int_clean_hostname 2307fe598cdcSmp (krb5_context, 2308fe598cdcSmp const char *, 2309fe598cdcSmp char *, 2310fe598cdcSmp size_t); 2311505d05c7Sgtb 23127c478bd9Sstevel@tonic-gate #endif /* _KRB5_INT_H */ 2313