krb5/include/k5-int.h

7c478bd9Sstevel@tonic-gate/*
*ba7b222eSGlenn Barry * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
7c478bd9Sstevel@tonic-gate * Use is subject to license terms.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
fe598cdcSmp * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006 by the Massachusetts Institute of Technology,
7c478bd9Sstevel@tonic-gate * Cambridge, MA, USA.  All Rights Reserved.
159d09a2SMark Phalan *
159d09a2SMark Phalan * This software is being provided to you, the LICENSEE, by the
159d09a2SMark Phalan * Massachusetts Institute of Technology (M.I.T.) under the following
159d09a2SMark Phalan * license.  By obtaining, using and/or copying this software, you agree
159d09a2SMark Phalan * that you have read, understood, and will comply with these terms and
159d09a2SMark Phalan * conditions:
159d09a2SMark Phalan *
7c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may
7c478bd9Sstevel@tonic-gate * require a specific license from the United States Government.
7c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating
7c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting.
159d09a2SMark Phalan *
159d09a2SMark Phalan * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
159d09a2SMark Phalan * this software and its documentation for any purpose and without fee or
159d09a2SMark Phalan * royalty is hereby granted, provided that you agree to comply with the
159d09a2SMark Phalan * following copyright notice and statements, including the disclaimer, and
159d09a2SMark Phalan * that the same appear on ALL copies of the software and documentation,
159d09a2SMark Phalan * including modifications that you make for internal use or for
7c478bd9Sstevel@tonic-gate * distribution:
159d09a2SMark Phalan *
159d09a2SMark Phalan * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
159d09a2SMark Phalan * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
159d09a2SMark Phalan * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
159d09a2SMark Phalan * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
159d09a2SMark Phalan * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
159d09a2SMark Phalan * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
159d09a2SMark Phalan *
159d09a2SMark Phalan * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
159d09a2SMark Phalan * be used in advertising or publicity pertaining to distribution of the
159d09a2SMark Phalan * software.  Title to copyright in this software and any associated
159d09a2SMark Phalan * documentation shall at all times remain with M.I.T., and USER agrees to
7c478bd9Sstevel@tonic-gate * preserve same.
fe598cdcSmp *
fe598cdcSmp * Furthermore if you modify this software you must label
fe598cdcSmp * your software as modified software and not distribute it in such a
fe598cdcSmp * fashion that it might be confused with the original M.I.T. software.
ab9b2e15Sgtb */
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC.
159d09a2SMark Phalan *
7c478bd9Sstevel@tonic-gate * All rights reserved.
159d09a2SMark Phalan *
7c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require
7c478bd9Sstevel@tonic-gate * a specific license from the United States Government.  It is the
7c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to
7c478bd9Sstevel@tonic-gate * obtain such a license before exporting.
159d09a2SMark Phalan *
7c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
7c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and
7c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
7c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
7c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that
7c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining
7c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior
7c478bd9Sstevel@tonic-gate * permission.  FundsXpress makes no representations about the suitability of
7c478bd9Sstevel@tonic-gate * this software for any purpose.  It is provided "as is" without express
7c478bd9Sstevel@tonic-gate * or implied warranty.
159d09a2SMark Phalan *
7c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
7c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
7c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * This prototype for k5-int.h (Krb5 internals include file)
7c478bd9Sstevel@tonic-gate * includes the user-visible definitions from krb5.h and then
7c478bd9Sstevel@tonic-gate * includes other definitions that are not user-visible but are
7c478bd9Sstevel@tonic-gate * required for compiling Kerberos internal routines.
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef _KRB5_INT_H
7c478bd9Sstevel@tonic-gate#define _KRB5_INT_H
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan#ifdef KRB5_GENERAL__
159d09a2SMark Phalan#error krb5.h included before k5-int.h
159d09a2SMark Phalan#endif /* KRB5_GENERAL__ */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef	_KERNEL
7c478bd9Sstevel@tonic-gate#include <osconf.h>
7c478bd9Sstevel@tonic-gate#include <security/cryptoki.h>
7c478bd9Sstevel@tonic-gate#else
7c478bd9Sstevel@tonic-gate#include <sys/crypto/common.h>
7c478bd9Sstevel@tonic-gate#include <sys/crypto/api.h>
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef  DEBUG
7c478bd9Sstevel@tonic-gate#if !defined(KRB5_DEBUG)
7c478bd9Sstevel@tonic-gate#define KRB5_DEBUG
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate#ifndef  KRB5_LOG_LVL
7c478bd9Sstevel@tonic-gate#define KRB5_LOG_LVL KRB5_ERR
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate#endif  /* DEBUG */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef  _KERNEL
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef  DEBUG
7c478bd9Sstevel@tonic-gate#include        <sys/types.h>
7c478bd9Sstevel@tonic-gate#include        <sys/cmn_err.h>
7c478bd9Sstevel@tonic-gate extern  void prom_printf();
7c478bd9Sstevel@tonic-gate#endif  /* DEBUG */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#else   /* !_KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#define prom_printf printf
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* !_KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef KRB5_LOG_LVL
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* krb5_log is used to set the logging level to determine what class of messages
7c478bd9Sstevel@tonic-gate * are output by the mech.  Note, more than one logging level can be used by
7c478bd9Sstevel@tonic-gate * bit or'ing the log values together.
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * All log messages are captured by syslog.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gateextern unsigned int krb5_log;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Note, these defines should be mutually exclusive bit fields */
7c478bd9Sstevel@tonic-gate#define KRB5_ERR  1   /* Use this debug log level for error path logging. */
7c478bd9Sstevel@tonic-gate#define KRB5_INFO 2   /* Use this debug log level for informational messages. */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef  _KERNEL
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#define KRB5_LOG1(A, B, C, D) \
7c478bd9Sstevel@tonic-gate     ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C), (D)), TRUE)))
7c478bd9Sstevel@tonic-gate#define KRB5_LOG(A, B, C) \
7c478bd9Sstevel@tonic-gate     ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C)), TRUE)))
7c478bd9Sstevel@tonic-gate#define KRB5_LOG0(A, B)   \
7c478bd9Sstevel@tonic-gate     ((void)((krb5_log) && (krb5_log & (A)) && (printf((B)), TRUE)))
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#else	/* !_KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#include <syslog.h>
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#define KRB5_LOG1(A, B, C, D) \
7c478bd9Sstevel@tonic-gate        ((void)((krb5_log) && (krb5_log & (A)) && \
7c478bd9Sstevel@tonic-gate		(syslog(LOG_DEBUG, (B), (C), (D)), TRUE)))
7c478bd9Sstevel@tonic-gate#define KRB5_LOG(A, B, C) \
7c478bd9Sstevel@tonic-gate        ((void)((krb5_log) && (krb5_log & (A)) && \
7c478bd9Sstevel@tonic-gate		(syslog(LOG_DEBUG, (B), (C)), TRUE)))
7c478bd9Sstevel@tonic-gate#define KRB5_LOG0(A, B)   \
7c478bd9Sstevel@tonic-gate        ((void)((krb5_log) && (krb5_log & (A)) && \
7c478bd9Sstevel@tonic-gate	       	(syslog(LOG_DEBUG, B), TRUE)))
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif	/* _KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#else /* ! KRB5_LOG_LVL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#define KRB5_LOG1(A, B, C, D)
7c478bd9Sstevel@tonic-gate#define KRB5_LOG(A, B, C)
7c478bd9Sstevel@tonic-gate#define KRB5_LOG0(A, B)
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* KRB5_LOG_LVL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef POSIX_TYPES
7c478bd9Sstevel@tonic-gate#define timetype time_t
7c478bd9Sstevel@tonic-gate#else
7c478bd9Sstevel@tonic-gate#define timetype long
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Begin "k5-config.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#ifndef KRB5_CONFIG__
7c478bd9Sstevel@tonic-gate#define KRB5_CONFIG__
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan/*
159d09a2SMark Phalan * Machine-type definitions: PC Clone 386 running Microloss Windows
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan#if defined(_MSDOS) || defined(_WIN32)
7c478bd9Sstevel@tonic-gate#include "win-mac.h"
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Kerberos Windows initialization file */
159d09a2SMark Phalan#define KERBEROS_INI	"kerberos.ini"
159d09a2SMark Phalan#define INI_FILES	"Files"
159d09a2SMark Phalan#define INI_KRB_CCACHE	"krb5cc"	/* Location of the ccache */
159d09a2SMark Phalan#define INI_KRB5_CONF	"krb5.ini"	/* Location of krb5.conf file */
7c478bd9Sstevel@tonic-gate#define ANSI_STDIO
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef _KERNEL
7c478bd9Sstevel@tonic-gate#ifndef KRB5_AUTOCONF__
7c478bd9Sstevel@tonic-gate#define KRB5_AUTOCONF__
159d09a2SMark Phalan#include "autoconf.h"
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate#endif 		/* !_KERNEL  */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef KRB5_SYSTYPES__
7c478bd9Sstevel@tonic-gate#define KRB5_SYSTYPES__
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan#ifndef _KERNEL
7c478bd9Sstevel@tonic-gate#ifdef HAVE_SYS_TYPES_H		/* From autoconf.h */
7c478bd9Sstevel@tonic-gate#include <sys/types.h>
7c478bd9Sstevel@tonic-gate#else /* HAVE_SYS_TYPES_H */
159d09a2SMark Phalantypedef unsigned long 	u_long;
159d09a2SMark Phalantypedef unsigned int	u_int;
159d09a2SMark Phalantypedef unsigned short	u_short;
159d09a2SMark Phalantypedef unsigned char	u_char;
7c478bd9Sstevel@tonic-gate#endif /* HAVE_SYS_TYPES_H */
7c478bd9Sstevel@tonic-gate#endif /* KRB5_SYSTYPES__ */
159d09a2SMark Phalan#endif 		/* !_KERNEL  */
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate
505d05c7Sgtb/* #include "k5-platform.h" SUNW XXX */
505d05c7Sgtb/* not used in krb5.h (yet) */
7c478bd9Sstevel@tonic-gatetypedef uint64_t krb5_ui_8;
7c478bd9Sstevel@tonic-gatetypedef int64_t krb5_int64;
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate#define DEFAULT_PWD_STRING1 "Enter password:"
7c478bd9Sstevel@tonic-gate#define DEFAULT_PWD_STRING2 "Re-enter password for verification:"
7c478bd9Sstevel@tonic-gate#define	KRB5_KDB_MAX_LIFE	(60*60*24) /* one day */
7c478bd9Sstevel@tonic-gate#define	KRB5_KDB_MAX_RLIFE	(60*60*24*365) /* one year */
7c478bd9Sstevel@tonic-gate#define	KRB5_KDB_EXPIRATION	2145830400 /* Thu Jan  1 00:00:00 2038 UTC */
7c478bd9Sstevel@tonic-gate#define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */
7c478bd9Sstevel@tonic-gate#define KRB5_DEFAULT_RENEW_LIFE 7*24*60*60 /* 7 Days */
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan/*
7c478bd9Sstevel@tonic-gate * Windows requires a different api interface to each function. Here
7c478bd9Sstevel@tonic-gate * just define it as NULL.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#ifndef KRB5_CALLCONV
7c478bd9Sstevel@tonic-gate#define KRB5_CALLCONV
7c478bd9Sstevel@tonic-gate#define KRB5_CALLCONV_C
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate#ifndef O_BINARY
7c478bd9Sstevel@tonic-gate#define O_BINARY 0
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* KRB5_CONFIG__ */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * End "k5-config.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * After loading the configuration definitions, load the Kerberos definitions.
7c478bd9Sstevel@tonic-gate */
505d05c7Sgtb#ifndef _KERNEL
505d05c7Sgtb#include <errno.h>
505d05c7Sgtb#include "profile.h"
505d05c7Sgtb#endif
505d05c7Sgtb
7c478bd9Sstevel@tonic-gate#include <krb5.h>
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef _KERNEL
505d05c7Sgtb#if 1 /* def NEED_SOCKETS */
7c478bd9Sstevel@tonic-gate#include <port-sockets.h>
7c478bd9Sstevel@tonic-gate#include <socket-utils.h>
7c478bd9Sstevel@tonic-gate#else
7c478bd9Sstevel@tonic-gate#ifndef SOCK_DGRAM
7c478bd9Sstevel@tonic-gatestruct sockaddr;
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
505d05c7Sgtb/* Get mutex support; currently used only for the replay cache.  */
505d05c7Sgtb#include "k5-thread.h"
505d05c7Sgtb
505d05c7Sgtb
7c478bd9Sstevel@tonic-gate/* krb5/krb5.h includes many other .h files in the krb5 subdirectory.
7c478bd9Sstevel@tonic-gate   The ones that it doesn't include, we include below.  */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Begin "k5-errors.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#ifndef KRB5_ERRORS__
7c478bd9Sstevel@tonic-gate#define KRB5_ERRORS__
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Error codes used in KRB_ERROR protocol messages.
7c478bd9Sstevel@tonic-gate   Return values of library routines are based on a different error table
7c478bd9Sstevel@tonic-gate   (which allows non-ambiguous error codes between subsystems) */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* KDC errors */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_NONE			0 /* No error */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_NAME_EXP		1 /* Client's entry in DB expired */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_SERVICE_EXP		2 /* Server's entry in DB expired */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_BAD_PVNO		3 /* Requested pvno not supported */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_C_OLD_MAST_KVNO		4 /* C's key encrypted in old master */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_S_OLD_MAST_KVNO		5 /* S's key encrypted in old master */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_C_PRINCIPAL_UNKNOWN	6 /* Client not found in Kerberos DB */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_S_PRINCIPAL_UNKNOWN	7 /* Server not found in Kerberos DB */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_PRINCIPAL_NOT_UNIQUE	8 /* Multiple entries in Kerberos DB */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_NULL_KEY		9 /* The C or S has a null key */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_CANNOT_POSTDATE		10 /* Tkt ineligible for postdating */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_NEVER_VALID		11 /* Requested starttime > endtime */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_POLICY			12 /* KDC policy rejects request */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_BADOPTION		13 /* KDC can't do requested opt. */
7c478bd9Sstevel@tonic-gate#define	KDC_ERR_ENCTYPE_NOSUPP		14 /* No support for encryption type */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_SUMTYPE_NOSUPP		15 /* No support for checksum type */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_PADATA_TYPE_NOSUPP	16 /* No support for padata type */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_TRTYPE_NOSUPP		17 /* No support for transited type */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_CLIENT_REVOKED		18 /* C's creds have been revoked */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_SERVICE_REVOKED		19 /* S's creds have been revoked */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_TGT_REVOKED		20 /* TGT has been revoked */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_CLIENT_NOTYET		21 /* C not yet valid */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_SERVICE_NOTYET		22 /* S not yet valid */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_KEY_EXP			23 /* Password has expired */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_PREAUTH_FAILED		24 /* Preauthentication failed */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_PREAUTH_REQUIRED	25 /* Additional preauthentication */
7c478bd9Sstevel@tonic-gate					   /* required */
7c478bd9Sstevel@tonic-gate#define KDC_ERR_SERVER_NOMATCH		26 /* Requested server and */
7c478bd9Sstevel@tonic-gate					   /* ticket don't match*/
159d09a2SMark Phalan#define KDC_ERR_SVC_UNAVAILABLE		29 /* A service is not
159d09a2SMark Phalan					    * available that is
159d09a2SMark Phalan					    * required to process the
159d09a2SMark Phalan					    * request */
7c478bd9Sstevel@tonic-gate/* Application errors */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_BAD_INTEGRITY 31	/* Decrypt integrity check failed */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_TKT_EXPIRED	32	/* Ticket expired */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_TKT_NYV	33	/* Ticket not yet valid */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_REPEAT	34	/* Request is a replay */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_NOT_US	35	/* The ticket isn't for us */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_BADMATCH	36	/* Ticket/authenticator don't match */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_SKEW		37	/* Clock skew too great */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_BADADDR	38	/* Incorrect net address */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_BADVERSION	39	/* Protocol version mismatch */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_MSG_TYPE	40	/* Invalid message type */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_MODIFIED	41	/* Message stream modified */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_BADORDER	42	/* Message out of order */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_BADKEYVER	44	/* Key version is not available */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_NOKEY	45	/* Service key not available */
7c478bd9Sstevel@tonic-gate#define	KRB_AP_ERR_MUT_FAIL	46	/* Mutual authentication failed */
7c478bd9Sstevel@tonic-gate#define KRB_AP_ERR_BADDIRECTION	47 	/* Incorrect message direction */
7c478bd9Sstevel@tonic-gate#define KRB_AP_ERR_METHOD	48 	/* Alternative authentication */
7c478bd9Sstevel@tonic-gate					/* method required */
7c478bd9Sstevel@tonic-gate#define KRB_AP_ERR_BADSEQ	49 	/* Incorrect sequence numnber */
7c478bd9Sstevel@tonic-gate					/* in message */
7c478bd9Sstevel@tonic-gate#define KRB_AP_ERR_INAPP_CKSUM	50	/* Inappropriate type of */
7c478bd9Sstevel@tonic-gate					/* checksum in message */
159d09a2SMark Phalan#define KRB_AP_PATH_NOT_ACCEPTED 51	/* Policy rejects transited path */
159d09a2SMark Phalan#define KRB_ERR_RESPONSE_TOO_BIG 52	/* Response too big for UDP, */
159d09a2SMark Phalan					/*   retry with TCP */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* other errors */
7c478bd9Sstevel@tonic-gate#define KRB_ERR_GENERIC		60 	/* Generic error (description */
7c478bd9Sstevel@tonic-gate					/* in e-text) */
7c478bd9Sstevel@tonic-gate#define	KRB_ERR_FIELD_TOOLONG	61	/* Field is too long for impl. */
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan/* PKINIT server-reported errors */
159d09a2SMark Phalan#define KDC_ERR_CLIENT_NOT_TRUSTED		62 /* client cert not trusted */
159d09a2SMark Phalan#define KDC_ERR_INVALID_SIG			64 /* client signature verify failed */
159d09a2SMark Phalan#define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED	65 /* invalid Diffie-Hellman parameters */
159d09a2SMark Phalan#define KDC_ERR_CANT_VERIFY_CERTIFICATE		70 /* client cert not verifiable to */
159d09a2SMark Phalan						   /* trusted root cert */
159d09a2SMark Phalan#define KDC_ERR_INVALID_CERTIFICATE		71 /* client cert had invalid signature */
159d09a2SMark Phalan#define KDC_ERR_REVOKED_CERTIFICATE		72 /* client cert was revoked */
159d09a2SMark Phalan#define KDC_ERR_REVOCATION_STATUS_UNKNOWN	73 /* client cert revoked, reason unknown */
159d09a2SMark Phalan#define KDC_ERR_CLIENT_NAME_MISMATCH		75 /* mismatch between client cert and */
159d09a2SMark Phalan						   /* principal name */
159d09a2SMark Phalan#define KDC_ERR_INCONSISTENT_KEY_PURPOSE	77 /* bad extended key use */
159d09a2SMark Phalan#define KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED	78 /* bad digest algorithm in client cert */
159d09a2SMark Phalan#define KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED	79 /* missing paChecksum in PA-PK-AS-REQ */
159d09a2SMark Phalan#define KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED 80 /* bad digest algorithm in SignedData */
159d09a2SMark Phalan#define KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED 81
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate#endif /* KRB5_ERRORS__ */
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * End "k5-errors.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * This structure is returned in the e-data field of the KRB-ERROR
7c478bd9Sstevel@tonic-gate * message when the error calling for an alternative form of
7c478bd9Sstevel@tonic-gate * authentication is returned, KRB_AP_METHOD.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_alt_method {
7c478bd9Sstevel@tonic-gate	krb5_magic	magic;
7c478bd9Sstevel@tonic-gate	krb5_int32	method;
7c478bd9Sstevel@tonic-gate	unsigned int	length;
7c478bd9Sstevel@tonic-gate	krb5_octet	*data;
7c478bd9Sstevel@tonic-gate} krb5_alt_method;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * A null-terminated array of this structure is returned by the KDC as
7c478bd9Sstevel@tonic-gate * the data part of the ETYPE_INFO preauth type.  It informs the
7c478bd9Sstevel@tonic-gate * client which encryption types are supported.
159d09a2SMark Phalan * The  same data structure is used by both etype-info and etype-info2
7c478bd9Sstevel@tonic-gate * but s2kparams must be null when encoding etype-info.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_etype_info_entry {
7c478bd9Sstevel@tonic-gate	krb5_magic	magic;
7c478bd9Sstevel@tonic-gate	krb5_enctype	etype;
7c478bd9Sstevel@tonic-gate	unsigned int	length;
7c478bd9Sstevel@tonic-gate	krb5_octet	*salt;
159d09a2SMark Phalan    krb5_data s2kparams;
7c478bd9Sstevel@tonic-gate} krb5_etype_info_entry;
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan/*
7c478bd9Sstevel@tonic-gate *  This is essentially -1 without sign extension which can screw up
7c478bd9Sstevel@tonic-gate *  comparisons on 64 bit machines. If the length is this value, then
7c478bd9Sstevel@tonic-gate *  the salt data is not present. This is to distinguish between not
159d09a2SMark Phalan *  being set and being of 0 length.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define KRB5_ETYPE_NO_SALT VALID_UINT_BITS
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef krb5_etype_info_entry ** krb5_etype_info;
7c478bd9Sstevel@tonic-gate
*ba7b222eSGlenn Barry/* RFC 4537 */
*ba7b222eSGlenn Barrytypedef struct _krb5_etype_list {
*ba7b222eSGlenn Barry        int             length;
*ba7b222eSGlenn Barry        krb5_enctype    *etypes;
*ba7b222eSGlenn Barry} krb5_etype_list;
*ba7b222eSGlenn Barry
7c478bd9Sstevel@tonic-gate/*
159d09a2SMark Phalan * a sam_challenge is returned for alternate preauth
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate          SAMFlags ::= BIT STRING {
7c478bd9Sstevel@tonic-gate              use-sad-as-key[0],
7c478bd9Sstevel@tonic-gate              send-encrypted-sad[1],
7c478bd9Sstevel@tonic-gate              must-pk-encrypt-sad[2]
7c478bd9Sstevel@tonic-gate          }
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate          PA-SAM-CHALLENGE ::= SEQUENCE {
7c478bd9Sstevel@tonic-gate              sam-type[0]                 INTEGER,
7c478bd9Sstevel@tonic-gate              sam-flags[1]                SAMFlags,
7c478bd9Sstevel@tonic-gate              sam-type-name[2]            GeneralString OPTIONAL,
7c478bd9Sstevel@tonic-gate              sam-track-id[3]             GeneralString OPTIONAL,
7c478bd9Sstevel@tonic-gate              sam-challenge-label[4]      GeneralString OPTIONAL,
7c478bd9Sstevel@tonic-gate              sam-challenge[5]            GeneralString OPTIONAL,
7c478bd9Sstevel@tonic-gate              sam-response-prompt[6]      GeneralString OPTIONAL,
7c478bd9Sstevel@tonic-gate              sam-pk-for-sad[7]           EncryptionKey OPTIONAL,
7c478bd9Sstevel@tonic-gate              sam-nonce[8]                INTEGER OPTIONAL,
7c478bd9Sstevel@tonic-gate              sam-cksum[9]                Checksum OPTIONAL
7c478bd9Sstevel@tonic-gate          }
7c478bd9Sstevel@tonic-gate*/
7c478bd9Sstevel@tonic-gate/* sam_type values -- informational only */
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_ENIGMA     1   /*  Enigma Logic */
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_DIGI_PATH  2   /*  Digital Pathways */
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_SKEY_K0    3   /*  S/key where  KDC has key 0 */
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_SKEY       4   /*  Traditional S/Key */
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_SECURID    5   /*  Security Dynamics */
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_CRYPTOCARD 6   /*  CRYPTOCard */
7c478bd9Sstevel@tonic-gate#if 1 /* XXX need to figure out who has which numbers assigned */
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_ACTIVCARD_DEC  6   /*  ActivCard decimal mode */
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_ACTIVCARD_HEX  7   /*  ActivCard hex mode */
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_DIGI_PATH_HEX  8   /*  Digital Pathways hex mode */
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_EXP_BASE    128 /* experimental */
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_GRAIL		(PA_SAM_TYPE_EXP_BASE+0) /* testing */
7c478bd9Sstevel@tonic-gate#define PA_SAM_TYPE_SECURID_PREDICT	(PA_SAM_TYPE_EXP_BASE+1) /* special */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_predicted_sam_response {
7c478bd9Sstevel@tonic-gate	krb5_magic	magic;
7c478bd9Sstevel@tonic-gate	krb5_keyblock	sam_key;
159d09a2SMark Phalan	krb5_flags	sam_flags; /* Makes key munging easier */
159d09a2SMark Phalan	krb5_timestamp  stime;	/* time on server, for replay detection */
159d09a2SMark Phalan	krb5_int32      susec;
159d09a2SMark Phalan	krb5_principal  client;
159d09a2SMark Phalan	krb5_data       msd;	/* mechanism specific data */
7c478bd9Sstevel@tonic-gate} krb5_predicted_sam_response;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_sam_challenge {
7c478bd9Sstevel@tonic-gate	krb5_magic	magic;
7c478bd9Sstevel@tonic-gate	krb5_int32	sam_type; /* information */
7c478bd9Sstevel@tonic-gate	krb5_flags	sam_flags; /* KRB5_SAM_* values */
7c478bd9Sstevel@tonic-gate	krb5_data	sam_type_name;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_track_id;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_challenge_label;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_challenge;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_response_prompt;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_pk_for_sad;
7c478bd9Sstevel@tonic-gate	krb5_int32	sam_nonce;
7c478bd9Sstevel@tonic-gate	krb5_checksum	sam_cksum;
7c478bd9Sstevel@tonic-gate} krb5_sam_challenge;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_sam_key {	/* reserved for future use */
7c478bd9Sstevel@tonic-gate	krb5_magic	magic;
7c478bd9Sstevel@tonic-gate	krb5_keyblock	sam_key;
7c478bd9Sstevel@tonic-gate} krb5_sam_key;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_enc_sam_response_enc {
7c478bd9Sstevel@tonic-gate	krb5_magic	magic;
7c478bd9Sstevel@tonic-gate	krb5_int32	sam_nonce;
7c478bd9Sstevel@tonic-gate	krb5_timestamp	sam_timestamp;
7c478bd9Sstevel@tonic-gate	krb5_int32	sam_usec;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_sad;
7c478bd9Sstevel@tonic-gate} krb5_enc_sam_response_enc;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_sam_response {
7c478bd9Sstevel@tonic-gate	krb5_magic	magic;
7c478bd9Sstevel@tonic-gate	krb5_int32	sam_type; /* informational */
7c478bd9Sstevel@tonic-gate	krb5_flags	sam_flags; /* KRB5_SAM_* values */
7c478bd9Sstevel@tonic-gate	krb5_data	sam_track_id; /* copied */
7c478bd9Sstevel@tonic-gate	krb5_enc_data	sam_enc_key; /* krb5_sam_key - future use */
7c478bd9Sstevel@tonic-gate	krb5_enc_data	sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */
7c478bd9Sstevel@tonic-gate	krb5_int32	sam_nonce;
7c478bd9Sstevel@tonic-gate	krb5_timestamp	sam_patimestamp;
7c478bd9Sstevel@tonic-gate} krb5_sam_response;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_sam_challenge_2 {
7c478bd9Sstevel@tonic-gate	krb5_data	sam_challenge_2_body;
7c478bd9Sstevel@tonic-gate	krb5_checksum	**sam_cksum;		/* Array of checksums */
7c478bd9Sstevel@tonic-gate} krb5_sam_challenge_2;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_sam_challenge_2_body {
7c478bd9Sstevel@tonic-gate	krb5_magic	magic;
7c478bd9Sstevel@tonic-gate	krb5_int32	sam_type; /* information */
7c478bd9Sstevel@tonic-gate	krb5_flags	sam_flags; /* KRB5_SAM_* values */
7c478bd9Sstevel@tonic-gate	krb5_data	sam_type_name;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_track_id;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_challenge_label;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_challenge;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_response_prompt;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_pk_for_sad;
7c478bd9Sstevel@tonic-gate	krb5_int32	sam_nonce;
7c478bd9Sstevel@tonic-gate	krb5_enctype	sam_etype;
7c478bd9Sstevel@tonic-gate} krb5_sam_challenge_2_body;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_sam_response_2 {
7c478bd9Sstevel@tonic-gate	krb5_magic	magic;
7c478bd9Sstevel@tonic-gate	krb5_int32	sam_type; /* informational */
7c478bd9Sstevel@tonic-gate	krb5_flags	sam_flags; /* KRB5_SAM_* values */
7c478bd9Sstevel@tonic-gate	krb5_data	sam_track_id; /* copied */
7c478bd9Sstevel@tonic-gate	krb5_enc_data	sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */
7c478bd9Sstevel@tonic-gate	krb5_int32	sam_nonce;
7c478bd9Sstevel@tonic-gate} krb5_sam_response_2;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_enc_sam_response_enc_2 {
7c478bd9Sstevel@tonic-gate	krb5_magic	magic;
7c478bd9Sstevel@tonic-gate	krb5_int32	sam_nonce;
7c478bd9Sstevel@tonic-gate	krb5_data	sam_sad;
7c478bd9Sstevel@tonic-gate} krb5_enc_sam_response_enc_2;
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan/*
159d09a2SMark Phalan * Keep the pkinit definitions in a separate file so that the plugin
159d09a2SMark Phalan * only has to include k5-int-pkinit.h rather than k5-int.h
159d09a2SMark Phalan */
159d09a2SMark Phalan
159d09a2SMark Phalan#include "k5-int-pkinit.h"
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Begin "dbm.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#ifndef _KERNEL
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Since we are always using db, use the db-ndbm include header file.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#include "db-ndbm.h"
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* !KERNEL */
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * End "dbm.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Begin "ext-proto.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#ifndef KRB5_EXT_PROTO__
7c478bd9Sstevel@tonic-gate#define KRB5_EXT_PROTO__
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef _KERNEL
7c478bd9Sstevel@tonic-gate#include <stdlib.h>
7c478bd9Sstevel@tonic-gate#include <string.h>
7c478bd9Sstevel@tonic-gate#endif /* !_KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef HAVE_STRDUP
7c478bd9Sstevel@tonic-gateextern char *strdup (const char *);
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef _KERNEL
7c478bd9Sstevel@tonic-gate#ifdef HAVE_UNISTD_H
7c478bd9Sstevel@tonic-gate#include <unistd.h>
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate#endif /* !_KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* KRB5_EXT_PROTO__ */
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * End "ext-proto.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Begin "sysincl.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#ifndef KRB5_SYSINCL__
7c478bd9Sstevel@tonic-gate#define KRB5_SYSINCL__
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef KRB5_SYSTYPES__
7c478bd9Sstevel@tonic-gate#define KRB5_SYSTYPES__
7c478bd9Sstevel@tonic-gate/* needed for much of the rest -- but already handled in krb5.h? */
7c478bd9Sstevel@tonic-gate/* #include <sys/types.h> */
7c478bd9Sstevel@tonic-gate#endif /* KRB5_SYSTYPES__ */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef	_KERNEL
7c478bd9Sstevel@tonic-gate#include <sys/time.h>
7c478bd9Sstevel@tonic-gate#else
7c478bd9Sstevel@tonic-gate#ifdef HAVE_SYS_TIME_H
7c478bd9Sstevel@tonic-gate#include <sys/time.h>
7c478bd9Sstevel@tonic-gate#ifdef TIME_WITH_SYS_TIME
7c478bd9Sstevel@tonic-gate#include <time.h>
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate#else
7c478bd9Sstevel@tonic-gate#include <time.h>
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate#endif /* _KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef HAVE_SYS_STAT_H
7c478bd9Sstevel@tonic-gate#include <sys/stat.h>			/* struct stat, stat() */
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef HAVE_SYS_PARAM_H
7c478bd9Sstevel@tonic-gate#include <sys/param.h>			/* MAXPATHLEN */
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef HAVE_SYS_FILE_H
7c478bd9Sstevel@tonic-gate#include <sys/file.h>			/* prototypes for file-related
7c478bd9Sstevel@tonic-gate					   syscalls; flags for open &
7c478bd9Sstevel@tonic-gate					   friends */
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef _KERNEL
7c478bd9Sstevel@tonic-gate#include <sys/fcntl.h>
7c478bd9Sstevel@tonic-gate#else
7c478bd9Sstevel@tonic-gate#include <fcntl.h>
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* KRB5_SYSINCL__ */
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * End "sysincl.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Begin "los-proto.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#ifndef KRB5_LIBOS_PROTO__
7c478bd9Sstevel@tonic-gate#define KRB5_LIBOS_PROTO__
159d09a2SMark Phalan#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef	_KERNEL
7c478bd9Sstevel@tonic-gate#include <stdio.h>
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatestruct addrlist;
159d09a2SMark Phalanstruct sendto_callback_info;
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* libos.spec */
159d09a2SMark Phalankrb5_error_code krb5_lock_file (krb5_context, int, int);
159d09a2SMark Phalankrb5_error_code krb5_unlock_file (krb5_context, int);
159d09a2SMark Phalankrb5_error_code krb5_sendto_kdc (krb5_context, const krb5_data *,
159d09a2SMark Phalan				 const krb5_data *, krb5_data *, int *, int);
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalankrb5_error_code krb5_get_krbhst (krb5_context, const krb5_data *, char *** );
159d09a2SMark Phalankrb5_error_code krb5_free_krbhst (krb5_context, char * const * );
159d09a2SMark Phalankrb5_error_code krb5_create_secure_file (krb5_context, const char * pathname);
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalanint krb5_net_read (krb5_context, int , char *, int);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gateint krb5_net_write
7c478bd9Sstevel@tonic-gate	(krb5_context, int , const char *, int);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5_gen_replay_name
7c478bd9Sstevel@tonic-gate    (krb5_context, const krb5_address *, const char *, char **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef	_KERNEL
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code krb5_sync_disk_file (krb5_context, FILE *fp);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code
7c478bd9Sstevel@tonic-gatekrb5_open_pkcs11_session(CK_SESSION_HANDLE *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5_read_message
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_pointer, krb5_data *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5_write_message
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_pointer, krb5_data *);
159d09a2SMark Phalankrb5_error_code krb5int_sendto (krb5_context context, const krb5_data *message,
159d09a2SMark Phalan                const struct addrlist *addrs, struct sendto_callback_info* callback_info,
159d09a2SMark Phalan				krb5_data *reply, struct sockaddr *localaddr, socklen_t *localaddrlen,
159d09a2SMark Phalan                struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, int *addr_used,
159d09a2SMark Phalan		int (*msg_handler)(krb5_context, const krb5_data *, void *),
159d09a2SMark Phalan		void *msg_handler_data);
54925bf6Swillf
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5int_get_fq_local_hostname (char *, size_t);
*ba7b222eSGlenn Barry
*ba7b222eSGlenn Barrykrb5_error_code krb5_set_debugging_time
*ba7b222eSGlenn Barry        (krb5_context, krb5_timestamp, krb5_int32);
*ba7b222eSGlenn Barrykrb5_error_code krb5_use_natural_time
*ba7b222eSGlenn Barry        (krb5_context);
*ba7b222eSGlenn Barrykrb5_error_code krb5_set_time_offsets
*ba7b222eSGlenn Barry        (krb5_context, krb5_timestamp, krb5_int32);
*ba7b222eSGlenn Barrykrb5_error_code krb5int_check_clockskew(krb5_context, krb5_timestamp);
54925bf6Swillf#endif
7c478bd9Sstevel@tonic-gate
fe598cdcSmp/*
fe598cdcSmp * Solaris Kerberos
fe598cdcSmp * The following two functions are needed for better realm
fe598cdcSmp * determination based on the DNS domain name.
fe598cdcSmp */
fe598cdcSmpkrb5_error_code krb5int_lookup_host(int , const char *, char **);
fe598cdcSmp
fe598cdcSmpkrb5_error_code krb5int_domain_get_realm(krb5_context, const char *,
fe598cdcSmp    char **);
fe598cdcSmpkrb5_error_code krb5int_fqdn_get_realm(krb5_context, const char *,
fe598cdcSmp    char **);
fe598cdcSmp
54925bf6Swillfkrb5_error_code krb5int_init_context_kdc(krb5_context *);
54925bf6Swillf
159d09a2SMark Phalankrb5_error_code krb5_os_init_context (krb5_context, krb5_boolean);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatevoid krb5_os_free_context (krb5_context);
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan/* This function is needed by KfM's KerberosPreferences API
159d09a2SMark Phalan * because it needs to be able to specify "secure" */
505d05c7Sgtb#ifndef _KERNEL
159d09a2SMark Phalankrb5_error_code os_get_default_config_files
159d09a2SMark Phalan    (profile_filespec_t **pfiles, krb5_boolean secure);
505d05c7Sgtb#endif
505d05c7Sgtb
159d09a2SMark Phalankrb5_error_code krb5_os_hostaddr
159d09a2SMark Phalan	(krb5_context, const char *, krb5_address ***);
505d05c7Sgtb
7c478bd9Sstevel@tonic-gate#ifndef _KERNEL
7c478bd9Sstevel@tonic-gate/* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're
159d09a2SMark Phalan   going to use this structure.  */
7c478bd9Sstevel@tonic-gatestruct addrlist {
159d09a2SMark Phalan    struct {
159d09a2SMark Phalan#ifdef FAI_DEFINED
159d09a2SMark Phalan	struct addrinfo *ai;
159d09a2SMark Phalan#else
159d09a2SMark Phalan	struct undefined_addrinfo *ai;
159d09a2SMark Phalan#endif
159d09a2SMark Phalan	void (*freefn)(void *);
159d09a2SMark Phalan	void *data;
159d09a2SMark Phalan    } *addrs;
159d09a2SMark Phalan    int naddrs;
159d09a2SMark Phalan    int space;
7c478bd9Sstevel@tonic-gate};
159d09a2SMark Phalan#define ADDRLIST_INIT { 0, 0, 0 }
7c478bd9Sstevel@tonic-gateextern void krb5int_free_addrlist (struct addrlist *);
7c478bd9Sstevel@tonic-gateextern int krb5int_grow_addrlist (struct addrlist *, int);
7c478bd9Sstevel@tonic-gateextern int krb5int_add_host_to_list (struct addrlist *, const char *,
159d09a2SMark Phalan				     int, int, int, int);
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan#include <locate_plugin.h>
10db1377Sgtbkrb5_error_code
159d09a2SMark Phalankrb5int_locate_server (krb5_context, const krb5_data *realm,
159d09a2SMark Phalan		       struct addrlist *, enum locate_service_type svc,
159d09a2SMark Phalan		       int sockettype, int family);
10db1377Sgtb
7c478bd9Sstevel@tonic-gate#endif /* _KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* new encryption provider api */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatestruct krb5_enc_provider {
159d09a2SMark Phalan    /* keybytes is the input size to make_key;
7c478bd9Sstevel@tonic-gate       keylength is the output size */
505d05c7Sgtb    size_t block_size, keybytes, keylength;
7c478bd9Sstevel@tonic-gate
505d05c7Sgtb    /* cipher-state == 0 fresh state thrown away at end */
7c478bd9Sstevel@tonic-gate    krb5_error_code (*encrypt) (
7c478bd9Sstevel@tonic-gate	krb5_context context,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_data *input, krb5_data *output);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    krb5_error_code (*decrypt) (
7c478bd9Sstevel@tonic-gate	krb5_context context,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_data *input, krb5_data *output);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    krb5_error_code (*make_key)
7c478bd9Sstevel@tonic-gate    (krb5_context, krb5_const krb5_data *, krb5_keyblock *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    krb5_error_code (*init_state) (krb5_context,
7c478bd9Sstevel@tonic-gate			const krb5_keyblock *,
7c478bd9Sstevel@tonic-gate			krb5_keyusage, krb5_data *);
7c478bd9Sstevel@tonic-gate    krb5_error_code (*free_state) (krb5_context, krb5_data *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate};
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatestruct krb5_hash_provider {
159d09a2SMark Phalan    size_t hashsize, blocksize;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    /* this takes multiple inputs to avoid lots of copying. */
7c478bd9Sstevel@tonic-gate    krb5_error_code (*hash) (krb5_context context,
7c478bd9Sstevel@tonic-gate	unsigned int icount, krb5_const krb5_data *input,
7c478bd9Sstevel@tonic-gate	krb5_data *output);
7c478bd9Sstevel@tonic-gate};
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatestruct krb5_keyhash_provider {
505d05c7Sgtb    size_t hashsize;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    krb5_error_code (*hash) (
7c478bd9Sstevel@tonic-gate	krb5_context context,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_keyblock *key,
7c478bd9Sstevel@tonic-gate	krb5_keyusage keyusage,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_data *ivec,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_data *input, krb5_data *output);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate    krb5_error_code (*verify) (
7c478bd9Sstevel@tonic-gate	krb5_context context,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_keyblock *key,
7c478bd9Sstevel@tonic-gate	krb5_keyusage keyusage,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_data *ivec,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_data *input,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_data *hash,
7c478bd9Sstevel@tonic-gate	krb5_boolean *valid);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate};
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalantypedef void (*krb5_encrypt_length_func) (const struct krb5_enc_provider *enc,
159d09a2SMark Phalan  const struct krb5_hash_provider *hash,
7c478bd9Sstevel@tonic-gate  size_t inputlen, size_t *length);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef krb5_error_code (*krb5_crypt_func) (
7c478bd9Sstevel@tonic-gate  krb5_context context,
7c478bd9Sstevel@tonic-gate  krb5_const struct krb5_enc_provider *enc,
7c478bd9Sstevel@tonic-gate  krb5_const struct krb5_hash_provider *hash,
7c478bd9Sstevel@tonic-gate  krb5_const krb5_keyblock *key, krb5_keyusage usage,
7c478bd9Sstevel@tonic-gate  krb5_const krb5_data *ivec,
7c478bd9Sstevel@tonic-gate  krb5_const krb5_data *input, krb5_data *output);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef	_KERNEL
7c478bd9Sstevel@tonic-gatetypedef krb5_error_code (*krb5_str2key_func) (
7c478bd9Sstevel@tonic-gate  krb5_context context,
7c478bd9Sstevel@tonic-gate  krb5_const struct krb5_enc_provider *enc, krb5_const krb5_data *string,
7c478bd9Sstevel@tonic-gate  krb5_const krb5_data *salt, krb5_const krb5_data *params,
7c478bd9Sstevel@tonic-gate  krb5_keyblock *key);
7c478bd9Sstevel@tonic-gate#endif	/* _KERNEL */
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalantypedef krb5_error_code (*krb5_prf_func)(
159d09a2SMark Phalan					 const struct krb5_enc_provider *enc,
159d09a2SMark Phalan					 const struct krb5_hash_provider *hash,
159d09a2SMark Phalan					 const krb5_keyblock *key,
159d09a2SMark Phalan					 const krb5_data *in, krb5_data *out);
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gatestruct krb5_keytypes {
7c478bd9Sstevel@tonic-gate    krb5_enctype etype;
7c478bd9Sstevel@tonic-gate    char *in_string;
7c478bd9Sstevel@tonic-gate    char *out_string;
7c478bd9Sstevel@tonic-gate    const struct krb5_enc_provider *enc;
7c478bd9Sstevel@tonic-gate    const struct krb5_hash_provider *hash;
7c478bd9Sstevel@tonic-gate    krb5_encrypt_length_func encrypt_len;
7c478bd9Sstevel@tonic-gate    krb5_crypt_func encrypt;
7c478bd9Sstevel@tonic-gate    krb5_crypt_func decrypt;
7c478bd9Sstevel@tonic-gate    krb5_cksumtype required_ctype;
7c478bd9Sstevel@tonic-gate#ifndef	_KERNEL
7c478bd9Sstevel@tonic-gate    /* Solaris Kerberos:  strings to key conversion not done in the kernel */
7c478bd9Sstevel@tonic-gate    krb5_str2key_func str2key;
7c478bd9Sstevel@tonic-gate#else	/* _KERNEL */
7c478bd9Sstevel@tonic-gate    char *mt_e_name;
7c478bd9Sstevel@tonic-gate    char *mt_h_name;
7c478bd9Sstevel@tonic-gate    crypto_mech_type_t kef_cipher_mt;
7c478bd9Sstevel@tonic-gate    crypto_mech_type_t kef_hash_mt;
7c478bd9Sstevel@tonic-gate#endif	/* _KERNEL */
7c478bd9Sstevel@tonic-gate};
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatestruct krb5_cksumtypes {
7c478bd9Sstevel@tonic-gate    krb5_cksumtype ctype;
7c478bd9Sstevel@tonic-gate    unsigned int flags;
7c478bd9Sstevel@tonic-gate    char *in_string;
7c478bd9Sstevel@tonic-gate    char *out_string;
7c478bd9Sstevel@tonic-gate    /* if the hash is keyed, this is the etype it is keyed with.
7c478bd9Sstevel@tonic-gate       Actually, it can be keyed by any etype which has the same
7c478bd9Sstevel@tonic-gate       enc_provider as the specified etype.  DERIVE checksums can
7c478bd9Sstevel@tonic-gate       be keyed with any valid etype. */
7c478bd9Sstevel@tonic-gate    krb5_enctype keyed_etype;
7c478bd9Sstevel@tonic-gate    /* I can't statically initialize a union, so I'm just going to use
7c478bd9Sstevel@tonic-gate       two pointers here.  The keyhash is used if non-NULL.  If NULL,
7c478bd9Sstevel@tonic-gate       then HMAC/hash with derived keys is used if the relevant flag
7c478bd9Sstevel@tonic-gate       is set.  Otherwise, a non-keyed hash is computed.  This is all
7c478bd9Sstevel@tonic-gate       kind of messy, but so is the krb5 api. */
7c478bd9Sstevel@tonic-gate    const struct krb5_keyhash_provider *keyhash;
7c478bd9Sstevel@tonic-gate    const struct krb5_hash_provider *hash;
7c478bd9Sstevel@tonic-gate    /* This just gets uglier and uglier.  In the key derivation case,
159d09a2SMark Phalan       we produce an hmac.  To make the hmac code work, we can't hack
159d09a2SMark Phalan       the output size indicated by the hash provider, but we may want
159d09a2SMark Phalan       a truncated hmac.  If we want truncation, this is the number of
159d09a2SMark Phalan       bytes we truncate to; it should be 0 otherwise.  */
7c478bd9Sstevel@tonic-gate    unsigned int trunc_size;
7c478bd9Sstevel@tonic-gate#ifdef _KERNEL
7c478bd9Sstevel@tonic-gate    char *mt_c_name;
7c478bd9Sstevel@tonic-gate    crypto_mech_type_t kef_cksum_mt;
7c478bd9Sstevel@tonic-gate#endif /* _KERNEL */
7c478bd9Sstevel@tonic-gate};
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#define KRB5_CKSUMFLAG_DERIVE		0x0001
7c478bd9Sstevel@tonic-gate#define KRB5_CKSUMFLAG_NOT_COLL_PROOF	0x0002
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan/*
159d09a2SMark Phalan * in here to deal with stuff from lib/crypto
159d09a2SMark Phalan */
159d09a2SMark Phalan
159d09a2SMark Phalanvoid krb5_nfold
159d09a2SMark Phalan(unsigned int inbits, const unsigned char *in,
159d09a2SMark Phalan		unsigned int outbits, unsigned char *out);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code krb5int_pbkdf2_hmac_sha1 (krb5_context,
159d09a2SMark Phalan					   const krb5_data *,
159d09a2SMark Phalan					   unsigned long,
159d09a2SMark Phalan					   krb5_enctype,
159d09a2SMark Phalan					   const krb5_data *,
159d09a2SMark Phalan					   const krb5_data *);
159d09a2SMark Phalan
159d09a2SMark Phalan/* Make this a function eventually?  */
159d09a2SMark Phalan#ifdef _WIN32
159d09a2SMark Phalan# define krb5int_zap_data(ptr, len) SecureZeroMemory(ptr, len)
159d09a2SMark Phalan#elif defined(__palmos__) && !defined(__GNUC__)
159d09a2SMark Phalan/* CodeWarrior 8.3 complains about passing a pointer to volatile in to
159d09a2SMark Phalan   memset.  On the other hand, we probably want it for gcc.  */
159d09a2SMark Phalan# define krb5int_zap_data(ptr, len) memset(ptr, 0, len)
159d09a2SMark Phalan#else
159d09a2SMark Phalan# define krb5int_zap_data(ptr, len) memset((void *)ptr, 0, len)
159d09a2SMark Phalan# if defined(__GNUC__) && defined(__GLIBC__)
159d09a2SMark Phalan/* GNU libc generates multiple bogus initialization warnings if we
159d09a2SMark Phalan   pass memset a volatile pointer.  The compiler should do well enough
159d09a2SMark Phalan   with memset even without GNU libc's attempt at optimization.  */
159d09a2SMark Phalan# undef memset
159d09a2SMark Phalan# endif
159d09a2SMark Phalan#endif /* WIN32 */
159d09a2SMark Phalan#define zap(p,l) krb5int_zap_data(p,l)
159d09a2SMark Phalan
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code krb5int_des_init_state
159d09a2SMark Phalan( krb5_context,
7c478bd9Sstevel@tonic-gate	const krb5_keyblock *,
7c478bd9Sstevel@tonic-gate	krb5_keyusage, krb5_data *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5int_c_mandatory_cksumtype(
7c478bd9Sstevel@tonic-gate	krb5_context,
7c478bd9Sstevel@tonic-gate	krb5_enctype,
7c478bd9Sstevel@tonic-gate	krb5_cksumtype *);
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan/*
7c478bd9Sstevel@tonic-gate * normally to free a cipher_state you can just memset the length to zero and
7c478bd9Sstevel@tonic-gate * free it.
7c478bd9Sstevel@tonic-gate */
159d09a2SMark Phalankrb5_error_code krb5int_default_free_state
159d09a2SMark Phalan(krb5_context, krb5_data *);
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Combine two keys (normally used by the hardware preauth mechanism)
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5int_c_combine_keys
7c478bd9Sstevel@tonic-gate(krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2,
7c478bd9Sstevel@tonic-gate		krb5_keyblock *outkey);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef _KERNEL
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gateint k5_ef_crypto(
7c478bd9Sstevel@tonic-gate	const char *, char *,
7c478bd9Sstevel@tonic-gate	long, krb5_keyblock *,
c54c769dSwillf	const krb5_data *, int);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code
7c478bd9Sstevel@tonic-gatekrb5_hmac(krb5_context, const krb5_keyblock *,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_data *, krb5_data *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#else
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5_hmac
7c478bd9Sstevel@tonic-gate	(krb5_context,
7c478bd9Sstevel@tonic-gate	krb5_const struct krb5_hash_provider *,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_keyblock *, krb5_const unsigned int,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_data *, krb5_data *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* _KERNEL */
7c478bd9Sstevel@tonic-gate
505d05c7Sgtb
505d05c7Sgtb/*
505d05c7Sgtb * These declarations are here, so both krb5 and k5crypto
505d05c7Sgtb * can get to them.
505d05c7Sgtb * krb5 needs to get to them so it can  make them available to libgssapi.
505d05c7Sgtb */
505d05c7Sgtbextern const struct krb5_enc_provider krb5int_enc_arcfour;
505d05c7Sgtbextern const struct krb5_hash_provider krb5int_hash_md5;
505d05c7Sgtb
505d05c7Sgtb
505d05c7Sgtb/* #ifdef KRB5_OLD_CRYPTO XXX SUNW14resync */
505d05c7Sgtb
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5_crypto_us_timeofday
159d09a2SMark Phalan	(krb5_int32 *,
159d09a2SMark Phalan		krb5_int32 *);
7c478bd9Sstevel@tonic-gate
54925bf6Swillf#ifndef _KERNEL
54925bf6Swillf/* Solaris kerberos: for convenience */
159d09a2SMark Phalantime_t krb5int_gmt_mktime (struct tm *);
54925bf6Swillf#endif /* ! _KERNEL */
54925bf6Swillf
505d05c7Sgtb/* #endif KRB5_OLD_CRYPTO */
505d05c7Sgtb
7c478bd9Sstevel@tonic-gate/* this helper fct is in libkrb5, but it makes sense declared here. */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5_encrypt_helper
159d09a2SMark Phalan(krb5_context context, const krb5_keyblock *key,
159d09a2SMark Phalan		krb5_keyusage keyusage, const krb5_data *plain,
159d09a2SMark Phalan		krb5_enc_data *cipher);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * End "los-proto.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Begin "libos.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#ifndef KRB5_LIBOS__
7c478bd9Sstevel@tonic-gate#define KRB5_LIBOS__
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_os_context {
159d09a2SMark Phalan	krb5_magic		magic;
159d09a2SMark Phalan	krb5_int32		time_offset;
159d09a2SMark Phalan	krb5_int32		usec_offset;
159d09a2SMark Phalan	krb5_int32		os_flags;
159d09a2SMark Phalan	char *			default_ccname;
7c478bd9Sstevel@tonic-gate} *krb5_os_context;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Flags for the os_flags field
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_VALID means that the time offset fields are valid.
7c478bd9Sstevel@tonic-gate * The intention is that this facility to correct the system clocks so
7c478bd9Sstevel@tonic-gate * that they reflect the "real" time, for systems where for some
7c478bd9Sstevel@tonic-gate * reason we can't set the system clock.  Instead we calculate the
7c478bd9Sstevel@tonic-gate * offset between the system time and real time, and store the offset
7c478bd9Sstevel@tonic-gate * in the os context so that we can correct the system clock as necessary.
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_TIME means that the time offset fields should be
7c478bd9Sstevel@tonic-gate * returned as the time by the krb5 time routines.  This should only
7c478bd9Sstevel@tonic-gate * be used for testing purposes (obviously!)
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define KRB5_OS_TOFFSET_VALID	1
7c478bd9Sstevel@tonic-gate#define KRB5_OS_TOFFSET_TIME	2
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* lock mode flags */
7c478bd9Sstevel@tonic-gate#define	KRB5_LOCKMODE_SHARED	0x0001
7c478bd9Sstevel@tonic-gate#define	KRB5_LOCKMODE_EXCLUSIVE	0x0002
7c478bd9Sstevel@tonic-gate#define	KRB5_LOCKMODE_DONTBLOCK	0x0004
7c478bd9Sstevel@tonic-gate#define	KRB5_LOCKMODE_UNLOCK	0x0008
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* KRB5_LIBOS__ */
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * End "libos.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Define our view of the size of a DES key.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define	KRB5_MIT_DES_KEYSIZE		8
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Define a couple of SHA1 constants
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define	SHS_DATASIZE	64
7c478bd9Sstevel@tonic-gate#define	SHS_DIGESTSIZE	20
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Check if des_int.h has been included before us.  If so, then check to see
7c478bd9Sstevel@tonic-gate * that our view of the DES key size is the same as des_int.h's.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#ifdef	MIT_DES_KEYSIZE
7c478bd9Sstevel@tonic-gate#if	MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
7c478bd9Sstevel@tonic-gateerror(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
7c478bd9Sstevel@tonic-gate#endif	/* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
7c478bd9Sstevel@tonic-gate#endif	/* MIT_DES_KEYSIZE */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef _KERNEL
7c478bd9Sstevel@tonic-gate/* Solaris Kerberos: only define PROVIDE_DES3_CBC_SHA if the following are
7c478bd9Sstevel@tonic-gate * defined.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define PROVIDE_DES3_CBC_SHA 1
7c478bd9Sstevel@tonic-gate#define PROVIDE_NIST_SHA 1
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* !_KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Begin "preauth.h"
7c478bd9Sstevel@tonic-gate *
7c478bd9Sstevel@tonic-gate * (Originally written by Glen Machin at Sandia Labs.)
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate/*
159d09a2SMark Phalan * Sandia National Laboratories also makes no representations about the
159d09a2SMark Phalan * suitability of the modifications, or additions to this software for
7c478bd9Sstevel@tonic-gate * any purpose.  It is provided "as is" without express or implied warranty.
159d09a2SMark Phalan *
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#ifndef KRB5_PREAUTH__
7c478bd9Sstevel@tonic-gate#define KRB5_PREAUTH__
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan#include <preauth_plugin.h>
159d09a2SMark Phalan
159d09a2SMark Phalan#define CLIENT_ROCK_MAGIC 0x4352434b
159d09a2SMark Phalan/* This structure is passed into the client preauth functions and passed
159d09a2SMark Phalan * back to the "get_data_proc" function so that it can locate the
159d09a2SMark Phalan * requested information.  It is opaque to the plugin code and can be
159d09a2SMark Phalan * expanded in the future as new types of requests are defined which
159d09a2SMark Phalan * may require other things to be passed through. */
159d09a2SMark Phalantypedef struct _krb5_preauth_client_rock {
159d09a2SMark Phalan	krb5_magic	magic;
159d09a2SMark Phalan	krb5_kdc_rep	*as_reply;
159d09a2SMark Phalan} krb5_preauth_client_rock;
159d09a2SMark Phalan
159d09a2SMark Phalan/* This structure lets us keep track of all of the modules which are loaded,
159d09a2SMark Phalan * turning the list of modules and their lists of implemented preauth types
159d09a2SMark Phalan * into a single list which we can walk easily. */
159d09a2SMark Phalantypedef struct _krb5_preauth_context {
159d09a2SMark Phalan    int n_modules;
159d09a2SMark Phalan    struct _krb5_preauth_context_module {
159d09a2SMark Phalan	/* Which of the possibly more than one preauth types which the
159d09a2SMark Phalan	 * module supports we're using at this point in the list. */
159d09a2SMark Phalan	krb5_preauthtype pa_type;
159d09a2SMark Phalan	/* Encryption types which the client claims to support -- we
159d09a2SMark Phalan	 * copy them directly into the krb5_kdc_req structure during
159d09a2SMark Phalan	 * krb5_preauth_prepare_request(). */
159d09a2SMark Phalan	krb5_enctype *enctypes;
159d09a2SMark Phalan	/* The plugin's per-plugin context and a function to clear it. */
159d09a2SMark Phalan	void *plugin_context;
159d09a2SMark Phalan	preauth_client_plugin_fini_proc client_fini;
159d09a2SMark Phalan	/* The module's table, and some of its members, copied here for
159d09a2SMark Phalan	 * convenience when we populated the list. */
159d09a2SMark Phalan	struct krb5plugin_preauth_client_ftable_v1 *ftable;
159d09a2SMark Phalan	const char *name;
159d09a2SMark Phalan	int flags, use_count;
159d09a2SMark Phalan	preauth_client_process_proc client_process;
159d09a2SMark Phalan	preauth_client_tryagain_proc client_tryagain;
159d09a2SMark Phalan	preauth_client_supply_gic_opts_proc client_supply_gic_opts;
159d09a2SMark Phalan	preauth_client_request_init_proc client_req_init;
159d09a2SMark Phalan	preauth_client_request_fini_proc client_req_fini;
159d09a2SMark Phalan	/* The per-request context which the client_req_init() function
159d09a2SMark Phalan	 * might allocate, which we'll need to clean up later by
159d09a2SMark Phalan	 * calling the client_req_fini() function. */
159d09a2SMark Phalan	void *request_context;
159d09a2SMark Phalan	/* A pointer to the request_context pointer.  All modules within
159d09a2SMark Phalan	 * a plugin will point at the request_context of the first
159d09a2SMark Phalan	 * module within the plugin. */
159d09a2SMark Phalan	void **request_context_pp;
159d09a2SMark Phalan    } *modules;
159d09a2SMark Phalan} krb5_preauth_context;
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_pa_enc_ts {
7c478bd9Sstevel@tonic-gate    krb5_timestamp	patimestamp;
7c478bd9Sstevel@tonic-gate    krb5_int32		pausec;
7c478bd9Sstevel@tonic-gate} krb5_pa_enc_ts;
7c478bd9Sstevel@tonic-gate
*ba7b222eSGlenn Barrytypedef struct _krb5_pa_for_user {
*ba7b222eSGlenn Barry    krb5_principal      user;
*ba7b222eSGlenn Barry    krb5_checksum       cksum;
*ba7b222eSGlenn Barry    krb5_data           auth_package;
*ba7b222eSGlenn Barry} krb5_pa_for_user;
*ba7b222eSGlenn Barry
*ba7b222eSGlenn Barryenum {
*ba7b222eSGlenn Barry  KRB5_FAST_ARMOR_AP_REQUEST = 0x1
*ba7b222eSGlenn Barry};
*ba7b222eSGlenn Barry
*ba7b222eSGlenn Barrytypedef struct _krb5_fast_armor {
*ba7b222eSGlenn Barry    krb5_int32 armor_type;
*ba7b222eSGlenn Barry    krb5_data armor_value;
*ba7b222eSGlenn Barry} krb5_fast_armor;
*ba7b222eSGlenn Barrytypedef struct _krb5_fast_armored_req {
*ba7b222eSGlenn Barry    krb5_magic magic;
*ba7b222eSGlenn Barry    krb5_fast_armor *armor;
*ba7b222eSGlenn Barry    krb5_checksum req_checksum;
*ba7b222eSGlenn Barry    krb5_enc_data enc_part;
*ba7b222eSGlenn Barry} krb5_fast_armored_req;
*ba7b222eSGlenn Barry
*ba7b222eSGlenn Barrytypedef struct _krb5_fast_req {
*ba7b222eSGlenn Barry    krb5_magic magic;
*ba7b222eSGlenn Barry    krb5_flags fast_options;
*ba7b222eSGlenn Barry    /* padata from req_body is used*/
*ba7b222eSGlenn Barry   krb5_kdc_req *req_body;
*ba7b222eSGlenn Barry} krb5_fast_req;
*ba7b222eSGlenn Barry
*ba7b222eSGlenn Barry
*ba7b222eSGlenn Barry/* Bits 0-15 are critical in fast options.*/
*ba7b222eSGlenn Barry#define UNSUPPORTED_CRITICAL_FAST_OPTIONS 0x00ff
*ba7b222eSGlenn Barry#define KRB5_FAST_OPTION_HIDE_CLIENT_NAMES 0x01
*ba7b222eSGlenn Barry
*ba7b222eSGlenn Barrytypedef struct _krb5_fast_finished {
*ba7b222eSGlenn Barry    krb5_timestamp timestamp;
*ba7b222eSGlenn Barry    krb5_int32 usec;
*ba7b222eSGlenn Barry    krb5_principal client;
*ba7b222eSGlenn Barry    krb5_checksum ticket_checksum;
*ba7b222eSGlenn Barry} krb5_fast_finished;
*ba7b222eSGlenn Barry
*ba7b222eSGlenn Barrytypedef struct _krb5_fast_response {
*ba7b222eSGlenn Barry    krb5_magic magic;
*ba7b222eSGlenn Barry    krb5_pa_data **padata;
*ba7b222eSGlenn Barry    krb5_keyblock *strengthen_key;
*ba7b222eSGlenn Barry    krb5_fast_finished *finished;
*ba7b222eSGlenn Barry    krb5_int32 nonce;
*ba7b222eSGlenn Barry} krb5_fast_response;
*ba7b222eSGlenn Barry
7c478bd9Sstevel@tonic-gatetypedef krb5_error_code (*krb5_preauth_obtain_proc)
7c478bd9Sstevel@tonic-gate    (krb5_context,
159d09a2SMark Phalan		    krb5_pa_data *,
159d09a2SMark Phalan		    krb5_etype_info,
159d09a2SMark Phalan		    krb5_keyblock *,
159d09a2SMark Phalan		    krb5_error_code ( * )(krb5_context,
159d09a2SMark Phalan					  const krb5_enctype,
159d09a2SMark Phalan					  krb5_data *,
159d09a2SMark Phalan					  krb5_const_pointer,
159d09a2SMark Phalan					  krb5_keyblock **),
159d09a2SMark Phalan		    krb5_const_pointer,
159d09a2SMark Phalan		    krb5_creds *,
159d09a2SMark Phalan		    krb5_kdc_req *,
159d09a2SMark Phalan		    krb5_pa_data **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef krb5_error_code (*krb5_preauth_process_proc)
7c478bd9Sstevel@tonic-gate    (krb5_context,
159d09a2SMark Phalan		    krb5_pa_data *,
159d09a2SMark Phalan		    krb5_kdc_req *,
159d09a2SMark Phalan		    krb5_kdc_rep *,
159d09a2SMark Phalan		    krb5_error_code ( * )(krb5_context,
159d09a2SMark Phalan					  const krb5_enctype,
159d09a2SMark Phalan					  krb5_data *,
159d09a2SMark Phalan					  krb5_const_pointer,
159d09a2SMark Phalan					  krb5_keyblock **),
159d09a2SMark Phalan		    krb5_const_pointer,
159d09a2SMark Phalan		    krb5_error_code ( * )(krb5_context,
159d09a2SMark Phalan					  const krb5_keyblock *,
159d09a2SMark Phalan					  krb5_const_pointer,
159d09a2SMark Phalan					  krb5_kdc_rep * ),
159d09a2SMark Phalan		    krb5_keyblock **,
159d09a2SMark Phalan		    krb5_creds *,
159d09a2SMark Phalan		    krb5_int32 *,
159d09a2SMark Phalan		    krb5_int32 *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct _krb5_preauth_ops {
7c478bd9Sstevel@tonic-gate    krb5_magic magic;
7c478bd9Sstevel@tonic-gate    int     type;
7c478bd9Sstevel@tonic-gate    int	flags;
7c478bd9Sstevel@tonic-gate    krb5_preauth_obtain_proc	obtain;
7c478bd9Sstevel@tonic-gate    krb5_preauth_process_proc	process;
7c478bd9Sstevel@tonic-gate} krb5_preauth_ops;
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code krb5_obtain_padata
159d09a2SMark Phalan    	(krb5_context,
159d09a2SMark Phalan		krb5_pa_data **,
159d09a2SMark Phalan		krb5_error_code ( * )(krb5_context,
159d09a2SMark Phalan						      const krb5_enctype,
159d09a2SMark Phalan						      krb5_data *,
159d09a2SMark Phalan						      krb5_const_pointer,
159d09a2SMark Phalan						      krb5_keyblock **),
159d09a2SMark Phalan		krb5_const_pointer,
159d09a2SMark Phalan		krb5_creds *,
159d09a2SMark Phalan		krb5_kdc_req *);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code krb5_process_padata
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		krb5_kdc_req *,
159d09a2SMark Phalan		krb5_kdc_rep *,
159d09a2SMark Phalan		krb5_error_code ( * )(krb5_context,
159d09a2SMark Phalan						      const krb5_enctype,
159d09a2SMark Phalan						      krb5_data *,
159d09a2SMark Phalan						      krb5_const_pointer,
159d09a2SMark Phalan						      krb5_keyblock **),
159d09a2SMark Phalan		krb5_const_pointer,
159d09a2SMark Phalan		krb5_error_code ( * )(krb5_context,
159d09a2SMark Phalan						      const krb5_keyblock *,
159d09a2SMark Phalan						      krb5_const_pointer,
159d09a2SMark Phalan						      krb5_kdc_rep * ),
159d09a2SMark Phalan		krb5_keyblock **,
159d09a2SMark Phalan		krb5_creds *,
159d09a2SMark Phalan		krb5_int32 *);
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gatevoid krb5_free_etype_info (krb5_context, krb5_etype_info);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Preauthentication property flags
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define KRB5_PREAUTH_FLAGS_ENCRYPT	0x00000001
7c478bd9Sstevel@tonic-gate#define KRB5_PREAUTH_FLAGS_HARDWARE	0x00000002
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* KRB5_PREAUTH__ */
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * End "preauth.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan/*
159d09a2SMark Phalan * Extending the krb5_get_init_creds_opt structure.  The original
159d09a2SMark Phalan * krb5_get_init_creds_opt structure is defined publicly.  The
159d09a2SMark Phalan * new extended version is private.  The original interface
159d09a2SMark Phalan * assumed a pre-allocated structure which was passed to
159d09a2SMark Phalan * krb5_get_init_creds_init().  The new interface assumes that
159d09a2SMark Phalan * the caller will call krb5_get_init_creds_alloc() and
159d09a2SMark Phalan * krb5_get_init_creds_free().
159d09a2SMark Phalan *
159d09a2SMark Phalan * Callers MUST NOT call krb5_get_init_creds_init() after allocating an
159d09a2SMark Phalan * opts structure using krb5_get_init_creds_alloc().  To do so will
159d09a2SMark Phalan * introduce memory leaks.  Unfortunately, there is no way to enforce
159d09a2SMark Phalan * this behavior.
159d09a2SMark Phalan *
159d09a2SMark Phalan * Two private flags are added for backward compatibility.
159d09a2SMark Phalan * KRB5_GET_INIT_CREDS_OPT_EXTENDED says that the structure was allocated
159d09a2SMark Phalan * with the new krb5_get_init_creds_opt_alloc() function.
159d09a2SMark Phalan * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended
159d09a2SMark Phalan * structure is a shadow copy of an original krb5_get_init_creds_opt
159d09a2SMark Phalan * structure.
159d09a2SMark Phalan * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to
159d09a2SMark Phalan * krb5int_gic_opt_to_opte(), the resulting extended structure should be
159d09a2SMark Phalan * freed (using krb5_get_init_creds_free).  Otherwise, the original
159d09a2SMark Phalan * structure was already extended and there is no need to free it.
159d09a2SMark Phalan */
159d09a2SMark Phalan
159d09a2SMark Phalan#define KRB5_GET_INIT_CREDS_OPT_EXTENDED 0x80000000
159d09a2SMark Phalan#define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
159d09a2SMark Phalan
159d09a2SMark Phalan#define krb5_gic_opt_is_extended(s) \
159d09a2SMark Phalan    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
159d09a2SMark Phalan#define krb5_gic_opt_is_shadowed(s) \
159d09a2SMark Phalan    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
159d09a2SMark Phalan
159d09a2SMark Phalan
159d09a2SMark Phalantypedef struct _krb5_gic_opt_private {
159d09a2SMark Phalan    int num_preauth_data;
159d09a2SMark Phalan    krb5_gic_opt_pa_data *preauth_data;
159d09a2SMark Phalan} krb5_gic_opt_private;
159d09a2SMark Phalan
159d09a2SMark Phalantypedef struct _krb5_gic_opt_ext {
159d09a2SMark Phalan    krb5_flags flags;
159d09a2SMark Phalan    krb5_deltat tkt_life;
159d09a2SMark Phalan    krb5_deltat renew_life;
159d09a2SMark Phalan    int forwardable;
159d09a2SMark Phalan    int proxiable;
159d09a2SMark Phalan    krb5_enctype *etype_list;
159d09a2SMark Phalan    int etype_list_length;
159d09a2SMark Phalan    krb5_address **address_list;
159d09a2SMark Phalan    krb5_preauthtype *preauth_list;
159d09a2SMark Phalan    int preauth_list_length;
159d09a2SMark Phalan    krb5_data *salt;
159d09a2SMark Phalan    /*
159d09a2SMark Phalan     * Do not change anything above this point in this structure.
159d09a2SMark Phalan     * It is identical to the public krb5_get_init_creds_opt structure.
159d09a2SMark Phalan     * New members must be added below.
159d09a2SMark Phalan     */
159d09a2SMark Phalan    krb5_gic_opt_private *opt_private;
159d09a2SMark Phalan} krb5_gic_opt_ext;
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code
159d09a2SMark Phalankrb5int_gic_opt_to_opte(krb5_context context,
159d09a2SMark Phalan                        krb5_get_init_creds_opt *opt,
159d09a2SMark Phalan                        krb5_gic_opt_ext **opte,
159d09a2SMark Phalan                        unsigned int force,
159d09a2SMark Phalan                        const char *where);
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gatekrb5_error_code
7c478bd9Sstevel@tonic-gatekrb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef _KERNEL /* needed for lib/krb5/krb/ */
7c478bd9Sstevel@tonic-gatetypedef krb5_error_code (*krb5_gic_get_as_key_fct)
7c478bd9Sstevel@tonic-gate    (krb5_context,
159d09a2SMark Phalan		     krb5_principal,
159d09a2SMark Phalan		     krb5_enctype,
159d09a2SMark Phalan		     krb5_prompter_fct,
159d09a2SMark Phalan		     void *prompter_data,
159d09a2SMark Phalan		     krb5_data *salt,
7c478bd9Sstevel@tonic-gate     krb5_data *s2kparams,
159d09a2SMark Phalan		     krb5_keyblock *as_key,
159d09a2SMark Phalan		     void *gak_data);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code KRB5_CALLCONV
7c478bd9Sstevel@tonic-gatekrb5_get_init_creds
7c478bd9Sstevel@tonic-gate(krb5_context context,
159d09a2SMark Phalan		krb5_creds *creds,
159d09a2SMark Phalan		krb5_principal client,
159d09a2SMark Phalan		krb5_prompter_fct prompter,
159d09a2SMark Phalan		void *prompter_data,
159d09a2SMark Phalan		krb5_deltat start_time,
159d09a2SMark Phalan		char *in_tkt_service,
159d09a2SMark Phalan		krb5_gic_opt_ext *gic_options,
159d09a2SMark Phalan		krb5_gic_get_as_key_fct gak,
159d09a2SMark Phalan		void *gak_data,
159d09a2SMark Phalan		int *master,
159d09a2SMark Phalan		krb5_kdc_rep **as_reply);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code krb5int_populate_gic_opt (
159d09a2SMark Phalan    krb5_context, krb5_gic_opt_ext **,
159d09a2SMark Phalan    krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
159d09a2SMark Phalan    krb5_preauthtype *pre_auth_types, krb5_creds *creds);
159d09a2SMark Phalan
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code KRB5_CALLCONV krb5_do_preauth
159d09a2SMark Phalan	(krb5_context context,
159d09a2SMark Phalan	 krb5_kdc_req *request,
159d09a2SMark Phalan	 krb5_data *encoded_request_body,
159d09a2SMark Phalan	 krb5_data *encoded_previous_request,
159d09a2SMark Phalan	 krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
159d09a2SMark Phalan	 krb5_data *salt, krb5_data *s2kparams,
159d09a2SMark Phalan	 krb5_enctype *etype, krb5_keyblock *as_key,
159d09a2SMark Phalan	 krb5_prompter_fct prompter, void *prompter_data,
159d09a2SMark Phalan	 krb5_gic_get_as_key_fct gak_fct, void *gak_data,
159d09a2SMark Phalan	 krb5_preauth_client_rock *get_data_rock,
159d09a2SMark Phalan	 krb5_gic_opt_ext *opte);
159d09a2SMark Phalankrb5_error_code KRB5_CALLCONV krb5_do_preauth_tryagain
159d09a2SMark Phalan	(krb5_context context,
159d09a2SMark Phalan	 krb5_kdc_req *request,
159d09a2SMark Phalan	 krb5_data *encoded_request_body,
159d09a2SMark Phalan	 krb5_data *encoded_previous_request,
159d09a2SMark Phalan	 krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
159d09a2SMark Phalan	 krb5_error *err_reply,
159d09a2SMark Phalan	 krb5_data *salt, krb5_data *s2kparams,
159d09a2SMark Phalan	 krb5_enctype *etype, krb5_keyblock *as_key,
159d09a2SMark Phalan	 krb5_prompter_fct prompter, void *prompter_data,
159d09a2SMark Phalan	 krb5_gic_get_as_key_fct gak_fct, void *gak_data,
159d09a2SMark Phalan	 krb5_preauth_client_rock *get_data_rock,
159d09a2SMark Phalan	 krb5_gic_opt_ext *opte);
159d09a2SMark Phalanvoid KRB5_CALLCONV krb5_init_preauth_context
159d09a2SMark Phalan	(krb5_context);
159d09a2SMark Phalanvoid KRB5_CALLCONV krb5_free_preauth_context
159d09a2SMark Phalan	(krb5_context);
159d09a2SMark Phalanvoid KRB5_CALLCONV krb5_clear_preauth_context_use_counts
159d09a2SMark Phalan	(krb5_context);
159d09a2SMark Phalanvoid KRB5_CALLCONV krb5_preauth_prepare_request
159d09a2SMark Phalan	(krb5_context, krb5_gic_opt_ext *, krb5_kdc_req *);
159d09a2SMark Phalanvoid KRB5_CALLCONV krb5_preauth_request_context_init
159d09a2SMark Phalan	(krb5_context);
159d09a2SMark Phalanvoid KRB5_CALLCONV krb5_preauth_request_context_fini
159d09a2SMark Phalan	(krb5_context);
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan#endif /* _KERNEL */
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_sam_challenge
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_sam_challenge * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_sam_challenge_2
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_sam_challenge_2 * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_sam_challenge_2_body
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_sam_challenge_2_body *);
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_sam_response
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_sam_response * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_sam_response_2
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_sam_response_2 * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_predicted_sam_response
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_predicted_sam_response * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_enc_sam_response_enc
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_enc_sam_response_enc * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_enc_sam_response_enc_2
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_enc_sam_response_enc_2 * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_sam_challenge_contents
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_sam_challenge * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_sam_challenge_2_contents
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_sam_challenge_2 * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_sam_challenge_2_body * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_sam_response_contents
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_sam_response * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_sam_response_2_contents
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_sam_response_2 *);
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_predicted_sam_response_contents
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_predicted_sam_response * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_enc_sam_response_enc * );
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_enc_sam_response_enc_2 * );
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gatevoid KRB5_CALLCONV krb5_free_pa_enc_ts
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_pa_enc_ts *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
505d05c7Sgtb#ifndef	_KERNEL
505d05c7Sgtb#include "com_err.h"
54925bf6Swillf#include <krb5/k5-plugin.h>
505d05c7Sgtb#endif /* _KERNEL */
505d05c7Sgtb
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Solaris Kerberos: moved from sendto_kdc.c so other code can reference
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define	DEFAULT_UDP_PREF_LIMIT   1465
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef	_KERNEL
7c478bd9Sstevel@tonic-gate#include "profile.h"
7c478bd9Sstevel@tonic-gate#include <strings.h>
7c478bd9Sstevel@tonic-gate#endif /* _KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#define KEY_CHANGED(k1, k2) \
7c478bd9Sstevel@tonic-gate(k1 == NULL || \
7c478bd9Sstevel@tonic-gate k1 != k2 || \
7c478bd9Sstevel@tonic-gate k1->enctype != k2->enctype || \
7c478bd9Sstevel@tonic-gate k1->length != k2->length || \
7c478bd9Sstevel@tonic-gate bcmp(k1->contents, k2->contents, k1->length))
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef _KERNEL
7c478bd9Sstevel@tonic-gatetypedef struct _arcfour_ctx {
7c478bd9Sstevel@tonic-gate	CK_SESSION_HANDLE eSession; /* encrypt session handle */
7c478bd9Sstevel@tonic-gate	CK_SESSION_HANDLE dSession; /* decrypt session handle */
7c478bd9Sstevel@tonic-gate	CK_OBJECT_HANDLE  eKey; /* encrypt key object */
7c478bd9Sstevel@tonic-gate	CK_OBJECT_HANDLE  dKey; /* decrype key object */
7c478bd9Sstevel@tonic-gate	uchar_t           initialized;
7c478bd9Sstevel@tonic-gate}arcfour_ctx_rec;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* !_KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatestruct _krb5_context {
7c478bd9Sstevel@tonic-gate	krb5_magic	magic;
7c478bd9Sstevel@tonic-gate	krb5_enctype	*in_tkt_ktypes;
159d09a2SMark Phalan	unsigned int	in_tkt_ktype_count;
7c478bd9Sstevel@tonic-gate	krb5_enctype	*tgs_ktypes;
159d09a2SMark Phalan	unsigned int	tgs_ktype_count;
159d09a2SMark Phalan	/* This used to be a void*, but since we always allocate them
159d09a2SMark Phalan	   together (though in different source files), and the types
159d09a2SMark Phalan	   are declared in the same header, might as well just combine
159d09a2SMark Phalan	   them.
159d09a2SMark Phalan
159d09a2SMark Phalan	   The array[1] is so the existing code treating the field as
159d09a2SMark Phalan	   a pointer will still work.  For cleanliness, it should
159d09a2SMark Phalan	   eventually get changed to a single element instead of an
159d09a2SMark Phalan	   array.  */
159d09a2SMark Phalan	struct _krb5_os_context	os_context[1];
7c478bd9Sstevel@tonic-gate	char		*default_realm;
7c478bd9Sstevel@tonic-gate	int		ser_ctx_count;
7c478bd9Sstevel@tonic-gate	krb5_boolean	profile_secure;
7c478bd9Sstevel@tonic-gate	void	      	*ser_ctx;
7c478bd9Sstevel@tonic-gate#ifndef _KERNEL
7c478bd9Sstevel@tonic-gate	profile_t	profile;
7c478bd9Sstevel@tonic-gate	void		*db_context;
7c478bd9Sstevel@tonic-gate	void		*kdblog_context;
7c478bd9Sstevel@tonic-gate	/* allowable clock skew */
7c478bd9Sstevel@tonic-gate	krb5_deltat 	clockskew;
7c478bd9Sstevel@tonic-gate	krb5_cksumtype	kdc_req_sumtype;
7c478bd9Sstevel@tonic-gate	krb5_cksumtype	default_ap_req_sumtype;
7c478bd9Sstevel@tonic-gate	krb5_cksumtype	default_safe_sumtype;
7c478bd9Sstevel@tonic-gate	krb5_flags 	kdc_default_options;
7c478bd9Sstevel@tonic-gate	krb5_flags	library_options;
7c478bd9Sstevel@tonic-gate	int		fcc_default_format;
7c478bd9Sstevel@tonic-gate	int		scc_default_format;
7c478bd9Sstevel@tonic-gate	krb5_prompt_type *prompt_types;
7c478bd9Sstevel@tonic-gate	/* Message size above which we'll try TCP first in send-to-kdc
7c478bd9Sstevel@tonic-gate	   type code.  Aside from the 2**16 size limit, we put no
7c478bd9Sstevel@tonic-gate	   absolute limit on the UDP packet size.  */
7c478bd9Sstevel@tonic-gate	int		udp_pref_limit;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	/* This is the tgs_ktypes list as read from the profile, or
7c478bd9Sstevel@tonic-gate	   set to compiled-in defaults.	 The application code cannot
7c478bd9Sstevel@tonic-gate	   override it.	 This is used for session keys for
7c478bd9Sstevel@tonic-gate	   intermediate ticket-granting tickets used to acquire the
7c478bd9Sstevel@tonic-gate	   requested ticket (the session key of which may be
7c478bd9Sstevel@tonic-gate	   constrained by tgs_ktypes above).  */
7c478bd9Sstevel@tonic-gate	krb5_enctype	*conf_tgs_ktypes;
7c478bd9Sstevel@tonic-gate	int		conf_tgs_ktypes_count;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	/* Use the _configured version?	 */
7c478bd9Sstevel@tonic-gate	krb5_boolean	use_conf_ktypes;
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate#ifdef KRB5_DNS_LOOKUP
159d09a2SMark Phalan        krb5_boolean    profile_in_memory;
7c478bd9Sstevel@tonic-gate#endif /* KRB5_DNS_LOOKUP */
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan    /* locate_kdc module stuff */
159d09a2SMark Phalan    struct plugin_dir_handle libkrb5_plugins;
159d09a2SMark Phalan    struct krb5plugin_service_locate_ftable *vtbl;
159d09a2SMark Phalan    void (**locate_fptrs)(void);
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate	pid_t pid;  /* fork safety: PID of process that did last PKCS11 init */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	/* Solaris Kerberos: handles for PKCS#11 crypto */
7c478bd9Sstevel@tonic-gate	/*
7c478bd9Sstevel@tonic-gate	 * Warning, do not access hSession directly as this is not fork() safe.
7c478bd9Sstevel@tonic-gate	 * Instead use the krb_ctx_hSession() macro below.
7c478bd9Sstevel@tonic-gate	 */
7c478bd9Sstevel@tonic-gate	CK_SESSION_HANDLE hSession;
7c478bd9Sstevel@tonic-gate	int		cryptoki_initialized;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	/* arcfour_ctx: used only for rcmd stuff so no fork safety issues apply */
7c478bd9Sstevel@tonic-gate	arcfour_ctx_rec arcfour_ctx;
54925bf6Swillf
159d09a2SMark Phalan	/* preauth module stuff */
159d09a2SMark Phalan	struct plugin_dir_handle preauth_plugins;
159d09a2SMark Phalan	krb5_preauth_context *preauth_context;
159d09a2SMark Phalan
54925bf6Swillf	/* error detail info */
54925bf6Swillf	struct errinfo err;
7c478bd9Sstevel@tonic-gate#else /* ! KERNEL */
7c478bd9Sstevel@tonic-gate	crypto_mech_type_t kef_cipher_mt;
7c478bd9Sstevel@tonic-gate	crypto_mech_type_t kef_hash_mt;
7c478bd9Sstevel@tonic-gate	crypto_mech_type_t kef_cksum_mt;
7c478bd9Sstevel@tonic-gate#endif /* ! KERNEL */
7c478bd9Sstevel@tonic-gate};
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifndef  _KERNEL
7c478bd9Sstevel@tonic-gateextern pid_t __krb5_current_pid;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gateCK_SESSION_HANDLE krb5_reinit_ef_handle(krb5_context);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * fork safety: barring the ef_init code, every other function must use the
7c478bd9Sstevel@tonic-gate * krb_ctx_hSession() macro to access the hSession field in a krb context.
7c478bd9Sstevel@tonic-gate * Note, if the pid of the krb ctx == the current global pid then it is safe to
7c478bd9Sstevel@tonic-gate * use the ctx hSession otherwise it needs to be re-inited before it is returned
7c478bd9Sstevel@tonic-gate * to the caller.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define krb_ctx_hSession(ctx) \
7c478bd9Sstevel@tonic-gate    ((ctx)->pid == __krb5_current_pid) ? (ctx)->hSession : krb5_reinit_ef_handle((ctx))
7c478bd9Sstevel@tonic-gate#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#define MD5_CKSUM_LENGTH 16
7c478bd9Sstevel@tonic-gate#define RSA_MD5_CKSUM_LENGTH 16
7c478bd9Sstevel@tonic-gate#define MD5_BLOCKSIZE 64
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Solaris Kerberos:
7c478bd9Sstevel@tonic-gate * This next section of prototypes and constants
7c478bd9Sstevel@tonic-gate * are all unique to the Solaris Kerberos implementation.
7c478bd9Sstevel@tonic-gate * Because Solaris uses the native encryption framework
7c478bd9Sstevel@tonic-gate * to provide crypto support, the following routines
7c478bd9Sstevel@tonic-gate * are needed to support this system.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Begin Solaris Crypto Prototypes
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * define constants that are used for creating the constant
7c478bd9Sstevel@tonic-gate * which is used to make derived keys.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define DK_ENCR_KEY_BYTE 0xAA
7c478bd9Sstevel@tonic-gate#define DK_HASH_KEY_BYTE 0x55
7c478bd9Sstevel@tonic-gate#define DK_CKSUM_KEY_BYTE 0x99
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gateint init_derived_keydata(krb5_context, const struct krb5_enc_provider *,
7c478bd9Sstevel@tonic-gate			krb5_keyblock *, krb5_keyusage,
7c478bd9Sstevel@tonic-gate			krb5_keyblock **, krb5_keyblock **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code add_derived_key(krb5_keyblock *, krb5_keyusage, uchar_t,
7c478bd9Sstevel@tonic-gate				krb5_keyblock *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_keyblock *find_derived_key(krb5_keyusage, uchar_t, krb5_keyblock *);
7c478bd9Sstevel@tonic-gatekrb5_keyblock *krb5_create_derived_keyblock(int);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#ifdef _KERNEL
7c478bd9Sstevel@tonic-gateint k5_ef_hash(krb5_context, int, const krb5_data *, krb5_data *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gateint k5_ef_mac(krb5_context, krb5_keyblock *, krb5_data *,
7c478bd9Sstevel@tonic-gate        const krb5_data *, krb5_data *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatevoid make_kef_key(krb5_keyblock *);
7c478bd9Sstevel@tonic-gateint init_key_kef(crypto_mech_type_t, krb5_keyblock *);
7c478bd9Sstevel@tonic-gateint update_key_template(krb5_keyblock *);
7c478bd9Sstevel@tonic-gatevoid setup_kef_keytypes();
7c478bd9Sstevel@tonic-gatevoid setup_kef_cksumtypes();
7c478bd9Sstevel@tonic-gatecrypto_mech_type_t get_cipher_mech_type(krb5_context, krb5_keyblock *);
7c478bd9Sstevel@tonic-gatecrypto_mech_type_t get_hash_mech_type(krb5_context, krb5_keyblock *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#else
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * This structure is used to map Kerberos supported OID's,
7c478bd9Sstevel@tonic-gate * to PKCS11 mechanisms
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define USE_ENCR	0x01
7c478bd9Sstevel@tonic-gate#define	USE_HASH	0x02
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatetypedef struct krb5_mech_2_pkcs {
7c478bd9Sstevel@tonic-gate	uchar_t		flags;
7c478bd9Sstevel@tonic-gate	CK_MECHANISM_TYPE enc_algo;
7c478bd9Sstevel@tonic-gate	CK_MECHANISM_TYPE hash_algo;
7c478bd9Sstevel@tonic-gate	CK_MECHANISM_TYPE str2key_algo;
7c478bd9Sstevel@tonic-gate} KRB5_MECH_TO_PKCS;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#define ENC_DEFINED(x)	(((x).flags & USE_ENCR))
7c478bd9Sstevel@tonic-gate#define HASH_DEFINED(x)	(((x).flags & USE_HASH))
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gateextern CK_RV get_algo(krb5_enctype etype, KRB5_MECH_TO_PKCS * algos);
7c478bd9Sstevel@tonic-gateextern CK_RV get_key_type (krb5_enctype etype, CK_KEY_TYPE * keyType);
7c478bd9Sstevel@tonic-gateextern krb5_error_code slot_supports_krb5 (CK_SLOT_ID_PTR slotid);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code init_key_uef(CK_SESSION_HANDLE, krb5_keyblock *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code k5_ef_hash(krb5_context, CK_MECHANISM *,
7c478bd9Sstevel@tonic-gate	unsigned int, const krb5_data *, krb5_data *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code k5_ef_mac(krb5_context context,
7c478bd9Sstevel@tonic-gate	krb5_keyblock *key, krb5_data *ivec,
7c478bd9Sstevel@tonic-gate	krb5_const krb5_data *input, krb5_data *output);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif	/* !_KERNEL */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code
7c478bd9Sstevel@tonic-gatederive_3des_keys(krb5_context, struct krb5_enc_provider *,
7c478bd9Sstevel@tonic-gate                krb5_keyblock *, krb5_keyusage,
7c478bd9Sstevel@tonic-gate                krb5_keyblock *, krb5_keyblock *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * End Solaris Crypto Prototypes
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#define KRB5_LIBOPT_SYNC_KDCTIME	0x0001
7c478bd9Sstevel@tonic-gate
505d05c7Sgtb/* internal message representations */
505d05c7Sgtb
505d05c7Sgtbtypedef struct _krb5_safe {
505d05c7Sgtb    krb5_magic magic;
159d09a2SMark Phalan    krb5_data user_data;		/* user data */
159d09a2SMark Phalan    krb5_timestamp timestamp;		/* client time, optional */
159d09a2SMark Phalan    krb5_int32 usec;			/* microsecond portion of time,
159d09a2SMark Phalan					   optional */
159d09a2SMark Phalan    krb5_ui_4 seq_number;		/* sequence #, optional */
159d09a2SMark Phalan    krb5_address *s_address;	/* sender address */
159d09a2SMark Phalan    krb5_address *r_address;	/* recipient address, optional */
159d09a2SMark Phalan    krb5_checksum *checksum;	/* data integrity checksum */
505d05c7Sgtb} krb5_safe;
505d05c7Sgtb
505d05c7Sgtbtypedef struct _krb5_priv {
505d05c7Sgtb    krb5_magic magic;
159d09a2SMark Phalan    krb5_enc_data enc_part;		/* encrypted part */
505d05c7Sgtb} krb5_priv;
505d05c7Sgtb
505d05c7Sgtbtypedef struct _krb5_priv_enc_part {
505d05c7Sgtb    krb5_magic magic;
159d09a2SMark Phalan    krb5_data user_data;		/* user data */
159d09a2SMark Phalan    krb5_timestamp timestamp;		/* client time, optional */
159d09a2SMark Phalan    krb5_int32 usec;			/* microsecond portion of time, opt. */
159d09a2SMark Phalan    krb5_ui_4 seq_number;		/* sequence #, optional */
159d09a2SMark Phalan    krb5_address *s_address;	/* sender address */
159d09a2SMark Phalan    krb5_address *r_address;	/* recipient address, optional */
505d05c7Sgtb} krb5_priv_enc_part;
505d05c7Sgtb
505d05c7Sgtbvoid KRB5_CALLCONV krb5_free_safe
159d09a2SMark Phalan	(krb5_context, krb5_safe * );
505d05c7Sgtbvoid KRB5_CALLCONV krb5_free_priv
159d09a2SMark Phalan	(krb5_context, krb5_priv * );
505d05c7Sgtbvoid KRB5_CALLCONV krb5_free_priv_enc_part
159d09a2SMark Phalan	(krb5_context, krb5_priv_enc_part * );
505d05c7Sgtb
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Begin "asn1.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#ifndef KRB5_ASN1__
7c478bd9Sstevel@tonic-gate#define KRB5_ASN1__
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */
7c478bd9Sstevel@tonic-gate/* here we use some knowledge of ASN.1 encodings */
159d09a2SMark Phalan/*
7c478bd9Sstevel@tonic-gate  Ticket is APPLICATION 1.
7c478bd9Sstevel@tonic-gate  Authenticator is APPLICATION 2.
7c478bd9Sstevel@tonic-gate  AS_REQ is APPLICATION 10.
7c478bd9Sstevel@tonic-gate  AS_REP is APPLICATION 11.
7c478bd9Sstevel@tonic-gate  TGS_REQ is APPLICATION 12.
7c478bd9Sstevel@tonic-gate  TGS_REP is APPLICATION 13.
7c478bd9Sstevel@tonic-gate  AP_REQ is APPLICATION 14.
7c478bd9Sstevel@tonic-gate  AP_REP is APPLICATION 15.
7c478bd9Sstevel@tonic-gate  KRB_SAFE is APPLICATION 20.
7c478bd9Sstevel@tonic-gate  KRB_PRIV is APPLICATION 21.
7c478bd9Sstevel@tonic-gate  KRB_CRED is APPLICATION 22.
7c478bd9Sstevel@tonic-gate  EncASRepPart is APPLICATION 25.
7c478bd9Sstevel@tonic-gate  EncTGSRepPart is APPLICATION 26.
7c478bd9Sstevel@tonic-gate  EncAPRepPart is APPLICATION 27.
7c478bd9Sstevel@tonic-gate  EncKrbPrivPart is APPLICATION 28.
7c478bd9Sstevel@tonic-gate  EncKrbCredPart is APPLICATION 29.
7c478bd9Sstevel@tonic-gate  KRB_ERROR is APPLICATION 30.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate/* allow either constructed or primitive encoding, so check for bit 6
7c478bd9Sstevel@tonic-gate   set or reset */
7c478bd9Sstevel@tonic-gate#define krb5_is_krb_ticket(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x41))
7c478bd9Sstevel@tonic-gate#define krb5_is_krb_authenticator(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x42))
7c478bd9Sstevel@tonic-gate#define krb5_is_as_req(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x4a))
7c478bd9Sstevel@tonic-gate#define krb5_is_as_rep(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x4b))
7c478bd9Sstevel@tonic-gate#define krb5_is_tgs_req(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x4c))
7c478bd9Sstevel@tonic-gate#define krb5_is_tgs_rep(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x4d))
7c478bd9Sstevel@tonic-gate#define krb5_is_ap_req(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x4e))
7c478bd9Sstevel@tonic-gate#define krb5_is_ap_rep(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x4f))
7c478bd9Sstevel@tonic-gate#define krb5_is_krb_safe(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x54))
7c478bd9Sstevel@tonic-gate#define krb5_is_krb_priv(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x55))
7c478bd9Sstevel@tonic-gate#define krb5_is_krb_cred(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x56))
7c478bd9Sstevel@tonic-gate#define krb5_is_krb_enc_as_rep_part(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x59))
7c478bd9Sstevel@tonic-gate#define krb5_is_krb_enc_tgs_rep_part(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x5a))
7c478bd9Sstevel@tonic-gate#define krb5_is_krb_enc_ap_rep_part(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x5b))
7c478bd9Sstevel@tonic-gate#define krb5_is_krb_enc_krb_priv_part(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x5c))
7c478bd9Sstevel@tonic-gate#define krb5_is_krb_enc_krb_cred_part(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x5d))
7c478bd9Sstevel@tonic-gate#define krb5_is_krb_error(dat)\
7c478bd9Sstevel@tonic-gate	((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\
7c478bd9Sstevel@tonic-gate				    (dat)->data[0] == 0x5e))
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*************************************************************************
7c478bd9Sstevel@tonic-gate * Prototypes for krb5_encode.c
7c478bd9Sstevel@tonic-gate *************************************************************************/
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate   krb5_error_code encode_krb5_structure(const krb5_structure *rep,
7c478bd9Sstevel@tonic-gate					 krb5_data **code);
7c478bd9Sstevel@tonic-gate   modifies  *code
7c478bd9Sstevel@tonic-gate   effects   Returns the ASN.1 encoding of *rep in **code.
7c478bd9Sstevel@tonic-gate             Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep.
7c478bd9Sstevel@tonic-gate             Returns ENOMEM if memory runs out.
7c478bd9Sstevel@tonic-gate*/
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_authenticator
7c478bd9Sstevel@tonic-gate	(const krb5_authenticator *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_ticket
7c478bd9Sstevel@tonic-gate	(const krb5_ticket *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_encryption_key
7c478bd9Sstevel@tonic-gate	(const krb5_keyblock *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_enc_tkt_part
7c478bd9Sstevel@tonic-gate	(const krb5_enc_tkt_part *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_enc_kdc_rep_part
7c478bd9Sstevel@tonic-gate	(const krb5_enc_kdc_rep_part *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan/* yes, the translation is identical to that used for KDC__REP */
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_as_rep
7c478bd9Sstevel@tonic-gate	(const krb5_kdc_rep *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalan/* yes, the translation is identical to that used for KDC__REP */
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_tgs_rep
7c478bd9Sstevel@tonic-gate	(const krb5_kdc_rep *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_ap_req
7c478bd9Sstevel@tonic-gate	(const krb5_ap_req *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_ap_rep
7c478bd9Sstevel@tonic-gate	(const krb5_ap_rep *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_ap_rep_enc_part
7c478bd9Sstevel@tonic-gate	(const krb5_ap_rep_enc_part *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_as_req
7c478bd9Sstevel@tonic-gate	(const krb5_kdc_req *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_tgs_req
7c478bd9Sstevel@tonic-gate	(const krb5_kdc_req *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_kdc_req_body
7c478bd9Sstevel@tonic-gate	(const krb5_kdc_req *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_safe
7c478bd9Sstevel@tonic-gate	(const krb5_safe *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
*ba7b222eSGlenn Barrystruct krb5_safe_with_body {
*ba7b222eSGlenn Barry	krb5_safe *safe;
*ba7b222eSGlenn Barry	krb5_data *body;
*ba7b222eSGlenn Barry};
*ba7b222eSGlenn Barry
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_safe_with_body
*ba7b222eSGlenn Barry	(const struct krb5_safe_with_body *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_priv
7c478bd9Sstevel@tonic-gate	(const krb5_priv *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_enc_priv_part
7c478bd9Sstevel@tonic-gate	(const krb5_priv_enc_part *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_cred
7c478bd9Sstevel@tonic-gate	(const krb5_cred *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_enc_cred_part
7c478bd9Sstevel@tonic-gate	(const krb5_cred_enc_part *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_error
7c478bd9Sstevel@tonic-gate	(const krb5_error *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_authdata
*ba7b222eSGlenn Barry	(krb5_authdata *const *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalankrb5_error_code encode_krb5_authdata_elt
159d09a2SMark Phalan	(const krb5_authdata *rep, krb5_data **code);
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_pwd_sequence
7c478bd9Sstevel@tonic-gate	(const passwd_phrase_element *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_pwd_data
7c478bd9Sstevel@tonic-gate	(const krb5_pwd_data *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_padata_sequence
*ba7b222eSGlenn Barry        (krb5_pa_data *const *rep, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_alt_method
7c478bd9Sstevel@tonic-gate	(const krb5_alt_method *, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_etype_info
*ba7b222eSGlenn Barry        (krb5_etype_info_entry *const *, krb5_data **code);
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_etype_info2
*ba7b222eSGlenn Barry        (krb5_etype_info_entry *const *, krb5_data **code);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_enc_data
7c478bd9Sstevel@tonic-gate    	(const krb5_enc_data *, krb5_data **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_pa_enc_ts
7c478bd9Sstevel@tonic-gate    	(const krb5_pa_enc_ts *, krb5_data **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_sam_challenge
7c478bd9Sstevel@tonic-gate	(const krb5_sam_challenge * , krb5_data **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_sam_key
7c478bd9Sstevel@tonic-gate	(const krb5_sam_key * , krb5_data **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_enc_sam_response_enc
7c478bd9Sstevel@tonic-gate	(const krb5_enc_sam_response_enc * , krb5_data **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_sam_response
7c478bd9Sstevel@tonic-gate	(const krb5_sam_response * , krb5_data **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_sam_challenge_2
7c478bd9Sstevel@tonic-gate	(const krb5_sam_challenge_2 * , krb5_data **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_sam_challenge_2_body
7c478bd9Sstevel@tonic-gate	(const krb5_sam_challenge_2_body * , krb5_data **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_enc_sam_response_enc_2
7c478bd9Sstevel@tonic-gate	(const krb5_enc_sam_response_enc_2 * , krb5_data **);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code encode_krb5_sam_response_2
7c478bd9Sstevel@tonic-gate	(const krb5_sam_response_2 * , krb5_data **);
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalankrb5_error_code encode_krb5_predicted_sam_response
159d09a2SMark Phalan	(const krb5_predicted_sam_response * , krb5_data **);
159d09a2SMark Phalan
*ba7b222eSGlenn Barrystruct krb5_setpw_req {
*ba7b222eSGlenn Barry    krb5_principal target;
*ba7b222eSGlenn Barry    krb5_data password;
*ba7b222eSGlenn Barry};
10db1377Sgtbkrb5_error_code encode_krb5_setpw_req
*ba7b222eSGlenn Barry        (const struct krb5_setpw_req *rep, krb5_data **code);
10db1377Sgtb
7c478bd9Sstevel@tonic-gate/*************************************************************************
7c478bd9Sstevel@tonic-gate * End of prototypes for krb5_encode.c
7c478bd9Sstevel@tonic-gate *************************************************************************/
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalankrb5_error_code decode_krb5_sam_challenge
159d09a2SMark Phalan       (const krb5_data *, krb5_sam_challenge **);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code decode_krb5_enc_sam_key
159d09a2SMark Phalan       (const krb5_data *, krb5_sam_key **);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code decode_krb5_enc_sam_response_enc
159d09a2SMark Phalan       (const krb5_data *, krb5_enc_sam_response_enc **);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code decode_krb5_sam_response
159d09a2SMark Phalan       (const krb5_data *, krb5_sam_response **);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code decode_krb5_predicted_sam_response
159d09a2SMark Phalan       (const krb5_data *, krb5_predicted_sam_response **);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code decode_krb5_sam_challenge_2
159d09a2SMark Phalan	(const krb5_data *, krb5_sam_challenge_2 **);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code decode_krb5_sam_challenge_2_body
159d09a2SMark Phalan	(const krb5_data *, krb5_sam_challenge_2_body **);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code decode_krb5_enc_sam_response_enc_2
159d09a2SMark Phalan	(const krb5_data *, krb5_enc_sam_response_enc_2 **);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code decode_krb5_sam_response_2
159d09a2SMark Phalan	(const krb5_data *, krb5_sam_response_2 **);
159d09a2SMark Phalan
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate/*************************************************************************
7c478bd9Sstevel@tonic-gate * Prototypes for krb5_decode.c
7c478bd9Sstevel@tonic-gate *************************************************************************/
7c478bd9Sstevel@tonic-gate
159d09a2SMark Phalankrb5_error_code krb5_validate_times
159d09a2SMark Phalan       (krb5_context,
159d09a2SMark Phalan		       krb5_ticket_times *);
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate   krb5_error_code decode_krb5_structure(const krb5_data *code,
7c478bd9Sstevel@tonic-gate                                         krb5_structure **rep);
159d09a2SMark Phalan
7c478bd9Sstevel@tonic-gate   requires  Expects **rep to not have been allocated;
7c478bd9Sstevel@tonic-gate              a new *rep is allocated regardless of the old value.
7c478bd9Sstevel@tonic-gate   effects   Decodes *code into **rep.
7c478bd9Sstevel@tonic-gate	     Returns ENOMEM if memory is exhausted.
7c478bd9Sstevel@tonic-gate             Returns asn1 and krb5 errors.
7c478bd9Sstevel@tonic-gate*/
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_authenticator
7c478bd9Sstevel@tonic-gate	(const krb5_data *code, krb5_authenticator **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_ticket
7c478bd9Sstevel@tonic-gate	(const krb5_data *code, krb5_ticket **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_encryption_key
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_keyblock **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_enc_tkt_part
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_enc_tkt_part **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_enc_kdc_rep_part
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_enc_kdc_rep_part **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_as_rep
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_kdc_rep **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_tgs_rep
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_kdc_rep **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_ap_req
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_ap_req **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_ap_rep
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_ap_rep **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_ap_rep_enc_part
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_ap_rep_enc_part **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_as_req
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_kdc_req **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_tgs_req
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_kdc_req **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_kdc_req_body
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_kdc_req **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_safe
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_safe **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_safe_with_body
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_safe **rep, krb5_data *body);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_priv
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_priv **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_enc_priv_part
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_priv_enc_part **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_cred
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_cred **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_enc_cred_part
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_cred_enc_part **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_error
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_error **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_authdata
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_authdata ***rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_pwd_sequence
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, passwd_phrase_element **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_pwd_data
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_pwd_data **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_padata_sequence
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_pa_data ***rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_alt_method
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_alt_method **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_etype_info
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_etype_info_entry ***rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_etype_info2
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_etype_info_entry ***rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_enc_data
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_enc_data **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_pa_enc_ts
7c478bd9Sstevel@tonic-gate	(const krb5_data *output, krb5_pa_enc_ts **rep);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code decode_krb5_sam_key
7c478bd9Sstevel@tonic-gate	(const krb5_data *, krb5_sam_key **);
7c478bd9Sstevel@tonic-gate
54925bf6Swillfstruct _krb5_key_data;		/* kdb.h */
54925bf6Swillfkrb5_error_code
54925bf6Swillfkrb5int_ldap_encode_sequence_of_keys (struct _krb5_key_data *key_data,
54925bf6Swillf				      krb5_int16 n_key_data,
54925bf6Swillf				      krb5_int32 mkvno,
54925bf6Swillf				      krb5_data **code);
54925bf6Swillf
54925bf6Swillfkrb5_error_code
54925bf6Swillfkrb5int_ldap_decode_sequence_of_keys (krb5_data *in,
54925bf6Swillf				      struct _krb5_key_data **out,
54925bf6Swillf				      krb5_int16 *n_key_data,
54925bf6Swillf				      int *mkvno);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*************************************************************************
7c478bd9Sstevel@tonic-gate * End of prototypes for krb5_decode.c
7c478bd9Sstevel@tonic-gate *************************************************************************/
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate#endif /* KRB5_ASN1__ */
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * End "asn1.h"
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Internal krb5 library routines
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5_encrypt_tkt_part
7c478bd9Sstevel@tonic-gate	(krb5_context,
159d09a2SMark Phalan		const krb5_keyblock *,
159d09a2SMark Phalan		krb5_ticket * );
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5_encode_kdc_rep
7c478bd9Sstevel@tonic-gate	(krb5_context,
159d09a2SMark Phalan		const krb5_msgtype,
159d09a2SMark Phalan		const krb5_enc_kdc_rep_part *,
159d09a2SMark Phalan		int using_subkey,
159d09a2SMark Phalan		const krb5_keyblock *,
159d09a2SMark Phalan		krb5_kdc_rep *,
159d09a2SMark Phalan		krb5_data ** );
7c478bd9Sstevel@tonic-gate
505d05c7Sgtbkrb5_boolean krb5int_auth_con_chkseqnum
505d05c7Sgtb	(krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq);
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * [De]Serialization Handle and operations.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gatestruct __krb5_serializer {
7c478bd9Sstevel@tonic-gate    krb5_magic		odtype;
7c478bd9Sstevel@tonic-gate    krb5_error_code	(*sizer) (krb5_context,
159d09a2SMark Phalan						  krb5_pointer,
159d09a2SMark Phalan						  size_t *);
7c478bd9Sstevel@tonic-gate    krb5_error_code	(*externalizer) (krb5_context,
159d09a2SMark Phalan							 krb5_pointer,
159d09a2SMark Phalan							 krb5_octet **,
159d09a2SMark Phalan							 size_t *);
7c478bd9Sstevel@tonic-gate    krb5_error_code	(*internalizer) (krb5_context,
159d09a2SMark Phalan							 krb5_pointer *,
159d09a2SMark Phalan							 krb5_octet **,
159d09a2SMark Phalan							 size_t *);
7c478bd9Sstevel@tonic-gate};
159d09a2SMark Phalantypedef const struct __krb5_serializer * krb5_ser_handle;
7c478bd9Sstevel@tonic-gatetypedef struct __krb5_serializer krb5_ser_entry;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_ser_handle krb5_find_serializer
505d05c7Sgtb	(krb5_context,
505d05c7Sgtb		krb5_magic);
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5_register_serializer
505d05c7Sgtb	(krb5_context,
505d05c7Sgtb			const krb5_ser_entry *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Determine the external size of a particular opaque structure */
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_size_opaque
505d05c7Sgtb	(krb5_context,
505d05c7Sgtb		krb5_magic,
505d05c7Sgtb		krb5_pointer,
505d05c7Sgtb		size_t *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Serialize the structure into a buffer */
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_externalize_opaque
7c478bd9Sstevel@tonic-gate	(krb5_context,
159d09a2SMark Phalan		krb5_magic,
159d09a2SMark Phalan		krb5_pointer,
159d09a2SMark Phalan		krb5_octet **,
159d09a2SMark Phalan		size_t *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Deserialize the structure from a buffer */
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_internalize_opaque
505d05c7Sgtb	(krb5_context,
505d05c7Sgtb		krb5_magic,
505d05c7Sgtb		krb5_pointer *,
505d05c7Sgtb		krb5_octet **,
505d05c7Sgtb		size_t *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Serialize data into a buffer */
7c478bd9Sstevel@tonic-gatekrb5_error_code krb5_externalize_data
505d05c7Sgtb	(krb5_context,
505d05c7Sgtb		krb5_pointer,
505d05c7Sgtb		krb5_octet **,
505d05c7Sgtb		size_t *);
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Initialization routines.
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Initialize serialization for krb5_[os_]context */
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_ser_context_init
7c478bd9Sstevel@tonic-gate	(krb5_context);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Initialize serialization for krb5_auth_context */
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init
7c478bd9Sstevel@tonic-gate	(krb5_context);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Initialize serialization for krb5_keytab */
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_ser_keytab_init
7c478bd9Sstevel@tonic-gate	(krb5_context);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Initialize serialization for krb5_ccache */
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_ser_ccache_init
7c478bd9Sstevel@tonic-gate	(krb5_context);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* Initialize serialization for krb5_rcache */
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_ser_rcache_init
7c478bd9Sstevel@tonic-gate	(krb5_context);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/* [De]serialize 4-byte integer */
7c478bd9Sstevel@tonic-gatekrb5_error_code KRB5_CALLCONV krb5_ser_pack_int32
505d05c7Sgtb	(krb5_int32,
505d05c7Sgtb		krb5_octet **,
505d05c7Sgtb		size_t *);
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32
505d05c7Sgtb	(krb5_int32 *,
505d05c7Sgtb		krb5_octet **,
505d05c7Sgtb		size_t *);
505d05c7Sgtb/* [De]serialize 8-byte integer */
7c478bd9Sstevel@tonic-gatekrb5_error_code KRB5_CALLCONV krb5_ser_pack_int64
159d09a2SMark Phalan	(krb5_int64, krb5_octet **, size_t *);
7c478bd9Sstevel@tonic-gatekrb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64
7c478bd9Sstevel@tonic-gate	(krb5_int64 *, krb5_octet **, size_t *);
7c478bd9Sstevel@tonic-gate/* [De]serialize byte string */
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes
7c478bd9Sstevel@tonic-gate	(krb5_octet *,
505d05c7Sgtb		size_t,
505d05c7Sgtb		krb5_octet **,
505d05c7Sgtb		size_t *);
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes
7c478bd9Sstevel@tonic-gate	(krb5_octet *,
505d05c7Sgtb		size_t,
505d05c7Sgtb		krb5_octet **,
505d05c7Sgtb		size_t *);
7c478bd9Sstevel@tonic-gate
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5int_cc_default
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_ccache *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default
159d09a2SMark Phalan	(krb5_context, krb5_ccache, krb5_flags,
159d09a2SMark Phalan			krb5_creds *, krb5_creds *);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_boolean KRB5_CALLCONV
159d09a2SMark Phalankrb5_creds_compare (krb5_context in_context,
159d09a2SMark Phalan                    krb5_creds *in_creds,
159d09a2SMark Phalan                    krb5_creds *in_compare_creds);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatevoid krb5int_set_prompt_types
7c478bd9Sstevel@tonic-gate	(krb5_context, krb5_prompt_type *);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatekrb5_error_code
7c478bd9Sstevel@tonic-gatekrb5int_generate_and_save_subkey (krb5_context, krb5_auth_context,
159d09a2SMark Phalan				  krb5_keyblock * /* Old keyblock, not new!  */);
7c478bd9Sstevel@tonic-gate
505d05c7Sgtb/* set and change password helpers */
505d05c7Sgtb
505d05c7Sgtbkrb5_error_code krb5int_mk_chpw_req
159d09a2SMark Phalan	(krb5_context context, krb5_auth_context auth_context,
159d09a2SMark Phalan 			krb5_data *ap_req, char *passwd, krb5_data *packet);
505d05c7Sgtbkrb5_error_code krb5int_rd_chpw_rep
159d09a2SMark Phalan	(krb5_context context, krb5_auth_context auth_context,
159d09a2SMark Phalan		       krb5_data *packet, int *result_code,
159d09a2SMark Phalan		       krb5_data *result_data);
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string
159d09a2SMark Phalan	(krb5_context context, int result_code,
159d09a2SMark Phalan			char **result_codestr);
505d05c7Sgtbkrb5_error_code  krb5int_mk_setpw_req
159d09a2SMark Phalan	(krb5_context context, krb5_auth_context auth_context,
159d09a2SMark Phalan 			krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet);
505d05c7Sgtbkrb5_error_code krb5int_rd_setpw_rep
159d09a2SMark Phalan	(krb5_context context, krb5_auth_context auth_context,
159d09a2SMark Phalan		       krb5_data *packet, int *result_code,
159d09a2SMark Phalan		       krb5_data *result_data);
505d05c7Sgtbkrb5_error_code krb5int_setpw_result_code_string
159d09a2SMark Phalan	(krb5_context context, int result_code,
159d09a2SMark Phalan			const char **result_codestr);
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatestruct srv_dns_entry {
159d09a2SMark Phalan    struct srv_dns_entry *next;
159d09a2SMark Phalan    int priority;
159d09a2SMark Phalan    int weight;
159d09a2SMark Phalan    unsigned short port;
159d09a2SMark Phalan    char *host;
7c478bd9Sstevel@tonic-gate};
159d09a2SMark Phalan#ifdef KRB5_DNS_LOOKUP
7c478bd9Sstevel@tonic-gatekrb5_error_code
7c478bd9Sstevel@tonic-gatekrb5int_make_srv_query_realm(const krb5_data *realm,
159d09a2SMark Phalan			     const char *service,
159d09a2SMark Phalan			     const char *protocol,
159d09a2SMark Phalan			     struct srv_dns_entry **answers);
7c478bd9Sstevel@tonic-gatevoid krb5int_free_srv_dns_data(struct srv_dns_entry *);
159d09a2SMark Phalan#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate/*
7c478bd9Sstevel@tonic-gate * Convenience function for structure magic number
7c478bd9Sstevel@tonic-gate */
7c478bd9Sstevel@tonic-gate#define KRB5_VERIFY_MAGIC(structure,magic_number) \
7c478bd9Sstevel@tonic-gate    if ((structure)->magic != (magic_number)) return (magic_number);
7c478bd9Sstevel@tonic-gate
505d05c7Sgtb
505d05c7Sgtb/* SUNW14resync XXX - see k5-util.h */
505d05c7Sgtb#if 0
7c478bd9Sstevel@tonic-gateint krb5_seteuid  (int);
505d05c7Sgtb#endif
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatechar * krb5_getenv(const char *);
7c478bd9Sstevel@tonic-gateint krb5_setenv  (const char *, const char *, int);
7c478bd9Sstevel@tonic-gatevoid krb5_unsetenv  (const char *);
7c478bd9Sstevel@tonic-gate
505d05c7Sgtb
505d05c7Sgtb/* SUNW14resync - (from here to EOF) not sure if we need this but will add it
505d05c7Sgtb   for future resync sake */
505d05c7Sgtb
505d05c7Sgtb/* To keep happy libraries which are (for now) accessing internal stuff */
505d05c7Sgtb
505d05c7Sgtb/* Make sure to increment by one when changing the struct */
159d09a2SMark Phalan#define KRB5INT_ACCESS_STRUCT_VERSION 12
505d05c7Sgtb
505d05c7Sgtb#ifndef ANAME_SZ
159d09a2SMark Phalanstruct ktext;			/* from krb.h, for krb524 support */
505d05c7Sgtb#endif
505d05c7Sgtbtypedef struct _krb5int_access {
505d05c7Sgtb    /* crypto stuff */
505d05c7Sgtb    const struct krb5_hash_provider *md5_hash_provider;
505d05c7Sgtb    const struct krb5_enc_provider *arcfour_enc_provider;
159d09a2SMark Phalan    krb5_error_code (* krb5_hmac) (krb5_context, const struct krb5_hash_provider *hash,
159d09a2SMark Phalan				   const krb5_keyblock *key,
159d09a2SMark Phalan				   unsigned int icount, const krb5_data *input,
159d09a2SMark Phalan				   krb5_data *output);
505d05c7Sgtb    /* service location and communication */
505d05c7Sgtb#ifndef _KERNEL
505d05c7Sgtb    krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg,
159d09a2SMark Phalan				   const struct addrlist *, struct sendto_callback_info*, krb5_data *reply,
159d09a2SMark Phalan				   struct sockaddr *, socklen_t *,struct sockaddr *,
159d09a2SMark Phalan				   socklen_t *, int *,
159d09a2SMark Phalan				   int (*msg_handler)(krb5_context, const krb5_data *, void *),
159d09a2SMark Phalan				   void *msg_handler_data);
505d05c7Sgtb    krb5_error_code (*add_host_to_list)(struct addrlist *lp,
159d09a2SMark Phalan					const char *hostname,
159d09a2SMark Phalan					int port, int secport,
159d09a2SMark Phalan					int socktype, int family);
505d05c7Sgtb    void (*free_addrlist) (struct addrlist *);
505d05c7Sgtb#endif /* _KERNEL */
505d05c7Sgtb
505d05c7Sgtb    krb5_error_code (*make_srv_query_realm)(const krb5_data *realm,
159d09a2SMark Phalan					    const char *service,
159d09a2SMark Phalan					    const char *protocol,
159d09a2SMark Phalan					    struct srv_dns_entry **answers);
505d05c7Sgtb    void (*free_srv_dns_data)(struct srv_dns_entry *);
505d05c7Sgtb    int (*use_dns_kdc)(krb5_context);
*ba7b222eSGlenn Barry    krb5_error_code (*clean_hostname)(krb5_context, const char *, char *, size_t);
505d05c7Sgtb
505d05c7Sgtb    /* krb4 compatibility stuff -- may be null if not enabled */
505d05c7Sgtb    krb5_int32 (*krb_life_to_time)(krb5_int32, int);
505d05c7Sgtb    int (*krb_time_to_life)(krb5_int32, krb5_int32);
505d05c7Sgtb    int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *);
505d05c7Sgtb    krb5_error_code (*krb5int_c_mandatory_cksumtype)
505d05c7Sgtb        (krb5_context, krb5_enctype, krb5_cksumtype *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *krb5_ser_pack_int64)
505d05c7Sgtb        (krb5_int64, krb5_octet **, size_t *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *krb5_ser_unpack_int64)
505d05c7Sgtb        (krb5_int64 *, krb5_octet **, size_t *);
54925bf6Swillf
54925bf6Swillf    /* Used for KDB LDAP back end.  */
54925bf6Swillf    krb5_error_code
54925bf6Swillf    (*asn1_ldap_encode_sequence_of_keys) (struct _krb5_key_data *key_data,
54925bf6Swillf					  krb5_int16 n_key_data,
54925bf6Swillf					  krb5_int32 mkvno,
54925bf6Swillf					  krb5_data **code);
54925bf6Swillf
54925bf6Swillf    krb5_error_code
54925bf6Swillf    (*asn1_ldap_decode_sequence_of_keys) (krb5_data *in,
54925bf6Swillf					  struct _krb5_key_data **out,
54925bf6Swillf					  krb5_int16 *n_key_data,
54925bf6Swillf					  int *mkvno);
159d09a2SMark Phalan
159d09a2SMark Phalan    /*
159d09a2SMark Phalan     * pkinit asn.1 encode/decode functions
159d09a2SMark Phalan     */
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_auth_pack)
159d09a2SMark Phalan        (const krb5_auth_pack *rep, krb5_data **code);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_auth_pack_draft9)
159d09a2SMark Phalan        (const krb5_auth_pack_draft9 *rep, krb5_data **code);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_kdc_dh_key_info)
159d09a2SMark Phalan        (const krb5_kdc_dh_key_info *rep, krb5_data **code);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_pa_pk_as_rep)
159d09a2SMark Phalan        (const krb5_pa_pk_as_rep *rep, krb5_data **code);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_pa_pk_as_rep_draft9)
159d09a2SMark Phalan        (const krb5_pa_pk_as_rep_draft9 *rep, krb5_data **code);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_pa_pk_as_req)
159d09a2SMark Phalan	(const krb5_pa_pk_as_req *rep, krb5_data **code);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_pa_pk_as_req_draft9)
159d09a2SMark Phalan	(const krb5_pa_pk_as_req_draft9 *rep, krb5_data **code);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_reply_key_pack)
159d09a2SMark Phalan        (const krb5_reply_key_pack *, krb5_data **code);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_reply_key_pack_draft9)
159d09a2SMark Phalan        (const krb5_reply_key_pack_draft9 *, krb5_data **code);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_td_dh_parameters)
159d09a2SMark Phalan        (const krb5_algorithm_identifier **, krb5_data **code);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_td_trusted_certifiers)
159d09a2SMark Phalan        (const krb5_external_principal_identifier **, krb5_data **code);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_typed_data)
159d09a2SMark Phalan        (const krb5_typed_data **, krb5_data **code);
159d09a2SMark Phalan
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_auth_pack)
159d09a2SMark Phalan        (const krb5_data *, krb5_auth_pack **);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_auth_pack_draft9)
159d09a2SMark Phalan        (const krb5_data *, krb5_auth_pack_draft9 **);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_pa_pk_as_req)
159d09a2SMark Phalan        (const krb5_data *, krb5_pa_pk_as_req **);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_pa_pk_as_req_draft9)
159d09a2SMark Phalan        (const krb5_data *, krb5_pa_pk_as_req_draft9 **);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_pa_pk_as_rep)
159d09a2SMark Phalan        (const krb5_data *, krb5_pa_pk_as_rep **);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_pa_pk_as_rep_draft9)
159d09a2SMark Phalan        (const krb5_data *, krb5_pa_pk_as_rep_draft9 **);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_kdc_dh_key_info)
159d09a2SMark Phalan        (const krb5_data *, krb5_kdc_dh_key_info **);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_principal_name)
159d09a2SMark Phalan        (const krb5_data *, krb5_principal_data **);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_reply_key_pack)
159d09a2SMark Phalan        (const krb5_data *, krb5_reply_key_pack **);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_reply_key_pack_draft9)
159d09a2SMark Phalan        (const krb5_data *, krb5_reply_key_pack_draft9 **);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_td_dh_parameters)
159d09a2SMark Phalan        (const krb5_data *, krb5_algorithm_identifier ***);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_td_trusted_certifiers)
159d09a2SMark Phalan        (const krb5_data *, krb5_external_principal_identifier ***);
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_typed_data)
159d09a2SMark Phalan        (const krb5_data *, krb5_typed_data ***);
159d09a2SMark Phalan
159d09a2SMark Phalan    krb5_error_code (*decode_krb5_as_req)
159d09a2SMark Phalan	(const krb5_data *output, krb5_kdc_req **rep);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_kdc_req_body)
159d09a2SMark Phalan	(const krb5_kdc_req *rep, krb5_data **code);
159d09a2SMark Phalan    void (KRB5_CALLCONV *krb5_free_kdc_req)
159d09a2SMark Phalan	(krb5_context, krb5_kdc_req * );
159d09a2SMark Phalan    void (*krb5int_set_prompt_types)
159d09a2SMark Phalan	(krb5_context, krb5_prompt_type *);
159d09a2SMark Phalan    krb5_error_code (*encode_krb5_authdata_elt)
159d09a2SMark Phalan	(const krb5_authdata *rep, krb5_data **code);
159d09a2SMark Phalan
505d05c7Sgtb} krb5int_access;
505d05c7Sgtb
505d05c7Sgtb#define KRB5INT_ACCESS_VERSION \
505d05c7Sgtb    (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \
159d09a2SMark Phalan		   (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF)
505d05c7Sgtb
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5int_accessor
159d09a2SMark Phalan	(krb5int_access*, krb5_int32);
505d05c7Sgtb
505d05c7Sgtb/* Ick -- some krb524 and krb4 support placed in the krb5 library,
505d05c7Sgtb   because AFS (and potentially other applications?) use the krb4
505d05c7Sgtb   object as an opaque token, which (in some implementations) is not
505d05c7Sgtb   in fact a krb4 ticket, so we don't want to drag in the krb4 support
505d05c7Sgtb   just to enable this.  */
505d05c7Sgtb
505d05c7Sgtb#define KRB524_SERVICE "krb524"
505d05c7Sgtb#define KRB524_PORT 4444
505d05c7Sgtb
505d05c7Sgtb/* v4lifetime.c */
505d05c7Sgtbextern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int);
505d05c7Sgtbextern int krb5int_krb_time_to_life(krb5_int32, krb5_int32);
505d05c7Sgtb
505d05c7Sgtb/* conv_creds.c */
505d05c7Sgtbint krb5int_encode_v4tkt
159d09a2SMark Phalan	(struct ktext *v4tkt, char *buf, unsigned int *encoded_len);
505d05c7Sgtb
505d05c7Sgtb/* send524.c */
505d05c7Sgtbint krb5int_524_sendto_kdc
505d05c7Sgtb        (krb5_context context, const krb5_data * message,
159d09a2SMark Phalan	 const krb5_data * realm, krb5_data * reply,
159d09a2SMark Phalan	 struct sockaddr *, socklen_t *);
505d05c7Sgtb
505d05c7Sgtb/* temporary -- this should be under lib/krb5/ccache somewhere */
505d05c7Sgtb
505d05c7Sgtbstruct _krb5_ccache {
505d05c7Sgtb    krb5_magic magic;
505d05c7Sgtb    const struct _krb5_cc_ops *ops;
505d05c7Sgtb    krb5_pointer data;
505d05c7Sgtb};
505d05c7Sgtb
159d09a2SMark Phalan/*
159d09a2SMark Phalan * Per-type ccache cursor.
159d09a2SMark Phalan */
159d09a2SMark Phalanstruct krb5_cc_ptcursor {
159d09a2SMark Phalan    const struct _krb5_cc_ops *ops;
159d09a2SMark Phalan    krb5_pointer data;
159d09a2SMark Phalan};
159d09a2SMark Phalantypedef struct krb5_cc_ptcursor *krb5_cc_ptcursor;
159d09a2SMark Phalan
505d05c7Sgtbstruct _krb5_cc_ops {
505d05c7Sgtb    krb5_magic magic;
505d05c7Sgtb    char *prefix;
505d05c7Sgtb    const char * (KRB5_CALLCONV *get_name) (krb5_context, krb5_ccache);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_ccache *,
159d09a2SMark Phalan					    const char *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *gen_new) (krb5_context, krb5_ccache *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_ccache,
159d09a2SMark Phalan					    krb5_principal);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_ccache);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_ccache);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_ccache,
159d09a2SMark Phalan					    krb5_creds *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *retrieve) (krb5_context, krb5_ccache,
159d09a2SMark Phalan					    krb5_flags, krb5_creds *,
159d09a2SMark Phalan					    krb5_creds *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *get_princ) (krb5_context, krb5_ccache,
159d09a2SMark Phalan					    krb5_principal *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *get_first) (krb5_context, krb5_ccache,
159d09a2SMark Phalan					    krb5_cc_cursor *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_ccache,
159d09a2SMark Phalan					    krb5_cc_cursor *, krb5_creds *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_ccache,
159d09a2SMark Phalan					    krb5_cc_cursor *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *remove_cred) (krb5_context, krb5_ccache,
159d09a2SMark Phalan					    krb5_flags, krb5_creds *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *set_flags) (krb5_context, krb5_ccache,
159d09a2SMark Phalan					    krb5_flags);
159d09a2SMark Phalan    krb5_error_code (KRB5_CALLCONV *get_flags) (krb5_context, krb5_ccache,
159d09a2SMark Phalan						krb5_flags *);
159d09a2SMark Phalan    krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context,
159d09a2SMark Phalan						  krb5_cc_ptcursor *);
159d09a2SMark Phalan    krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context,
159d09a2SMark Phalan						   krb5_cc_ptcursor,
159d09a2SMark Phalan						   krb5_ccache *);
159d09a2SMark Phalan    krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context,
159d09a2SMark Phalan						   krb5_cc_ptcursor *);
159d09a2SMark Phalan    krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache);
159d09a2SMark Phalan    krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
159d09a2SMark Phalan						krb5_ccache, krb5_timestamp *);
159d09a2SMark Phalan    krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
159d09a2SMark Phalan						krb5_timestamp *);
505d05c7Sgtb};
505d05c7Sgtb
505d05c7Sgtbextern const krb5_cc_ops *krb5_cc_dfl_ops;
505d05c7Sgtb
159d09a2SMark Phalankrb5_error_code
159d09a2SMark Phalankrb5int_cc_os_default_name(krb5_context context, char **name);
159d09a2SMark Phalan
159d09a2SMark Phalan/*
159d09a2SMark Phalan * Cursor for iterating over ccache types
159d09a2SMark Phalan */
159d09a2SMark Phalanstruct krb5_cc_typecursor;
159d09a2SMark Phalantypedef struct krb5_cc_typecursor *krb5_cc_typecursor;
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code
159d09a2SMark Phalankrb5int_cc_typecursor_new(krb5_context context, krb5_cc_typecursor *cursor);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code
159d09a2SMark Phalankrb5int_cc_typecursor_next(
159d09a2SMark Phalan    krb5_context context,
159d09a2SMark Phalan    krb5_cc_typecursor cursor,
159d09a2SMark Phalan    const struct _krb5_cc_ops **ops);
159d09a2SMark Phalan
159d09a2SMark Phalankrb5_error_code
159d09a2SMark Phalankrb5int_cc_typecursor_free(
159d09a2SMark Phalan    krb5_context context,
159d09a2SMark Phalan    krb5_cc_typecursor *cursor);
159d09a2SMark Phalan
505d05c7Sgtbtypedef struct _krb5_donot_replay {
505d05c7Sgtb    krb5_magic magic;
505d05c7Sgtb    krb5_ui_4 hash;
159d09a2SMark Phalan    char *server;			/* null-terminated */
159d09a2SMark Phalan    char *client;			/* null-terminated */
*ba7b222eSGlenn Barry    char *msghash;                      /* null-terminated */
505d05c7Sgtb    krb5_int32 cusec;
505d05c7Sgtb    krb5_timestamp ctime;
505d05c7Sgtb} krb5_donot_replay;
505d05c7Sgtb
505d05c7Sgtbkrb5_error_code krb5_rc_default
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		krb5_rcache *);
505d05c7Sgtbkrb5_error_code krb5_rc_resolve_type
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		krb5_rcache *,char *);
505d05c7Sgtbkrb5_error_code krb5_rc_resolve_full
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		krb5_rcache *,char *);
505d05c7Sgtbchar * krb5_rc_get_type
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		krb5_rcache);
505d05c7Sgtbchar * krb5_rc_default_type
159d09a2SMark Phalan	(krb5_context);
505d05c7Sgtbchar * krb5_rc_default_name
159d09a2SMark Phalan	(krb5_context);
505d05c7Sgtbkrb5_error_code krb5_auth_to_rep
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		krb5_tkt_authent *,
159d09a2SMark Phalan		krb5_donot_replay *);
159d09a2SMark Phalan
505d05c7Sgtb
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_rc_initialize
159d09a2SMark Phalan	(krb5_context, krb5_rcache,krb5_deltat);
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_rc_recover_or_initialize
159d09a2SMark Phalan	(krb5_context, krb5_rcache,krb5_deltat);
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_rc_recover
159d09a2SMark Phalan	(krb5_context, krb5_rcache);
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_rc_destroy
159d09a2SMark Phalan	(krb5_context, krb5_rcache);
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_rc_close
159d09a2SMark Phalan	(krb5_context, krb5_rcache);
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_rc_store
159d09a2SMark Phalan	(krb5_context, krb5_rcache,krb5_donot_replay *);
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_rc_expunge
159d09a2SMark Phalan	(krb5_context, krb5_rcache);
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan
159d09a2SMark Phalan	(krb5_context, krb5_rcache,krb5_deltat *);
505d05c7Sgtbchar *KRB5_CALLCONV krb5_rc_get_name
159d09a2SMark Phalan	(krb5_context, krb5_rcache);
505d05c7Sgtbkrb5_error_code KRB5_CALLCONV krb5_rc_resolve
159d09a2SMark Phalan	(krb5_context, krb5_rcache, char *);
505d05c7Sgtb
505d05c7Sgtbtypedef struct _krb5_kt_ops {
505d05c7Sgtb    krb5_magic magic;
505d05c7Sgtb    char *prefix;
505d05c7Sgtb    /* routines always present */
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *resolve)
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		 const char *,
159d09a2SMark Phalan		 krb5_keytab *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *get_name)
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		 krb5_keytab,
159d09a2SMark Phalan		 char *,
159d09a2SMark Phalan		 unsigned int);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *close)
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		 krb5_keytab);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *get)
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		 krb5_keytab,
159d09a2SMark Phalan		 krb5_const_principal,
159d09a2SMark Phalan		 krb5_kvno,
159d09a2SMark Phalan		 krb5_enctype,
159d09a2SMark Phalan		 krb5_keytab_entry *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *start_seq_get)
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		 krb5_keytab,
159d09a2SMark Phalan		 krb5_kt_cursor *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *get_next)
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		 krb5_keytab,
159d09a2SMark Phalan		 krb5_keytab_entry *,
159d09a2SMark Phalan		 krb5_kt_cursor *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *end_get)
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		 krb5_keytab,
159d09a2SMark Phalan		 krb5_kt_cursor *);
505d05c7Sgtb    /* routines to be included on extended version (write routines) */
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *add)
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		 krb5_keytab,
159d09a2SMark Phalan		 krb5_keytab_entry *);
505d05c7Sgtb    krb5_error_code (KRB5_CALLCONV *remove)
159d09a2SMark Phalan	(krb5_context,
159d09a2SMark Phalan		 krb5_keytab,
159d09a2SMark Phalan		  krb5_keytab_entry *);
505d05c7Sgtb
505d05c7Sgtb    /* Handle for serializer */
505d05c7Sgtb    const krb5_ser_entry *serializer;
505d05c7Sgtb} krb5_kt_ops;
505d05c7Sgtb
505d05c7Sgtbextern const krb5_kt_ops krb5_kt_dfl_ops;
505d05c7Sgtb
505d05c7Sgtbextern krb5_error_code krb5int_translate_gai_error (int);
505d05c7Sgtb
505d05c7Sgtb/* Not sure it's ready for exposure just yet.  */
505d05c7Sgtbextern krb5_error_code
505d05c7Sgtbkrb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *);
505d05c7Sgtb
505d05c7Sgtbextern int krb5int_crypto_init (void);
505d05c7Sgtbextern int krb5int_prng_init(void);
505d05c7Sgtb
505d05c7Sgtb/*
505d05c7Sgtb * SUNW14resync
505d05c7Sgtb * Hack (?) to neuter C99 "inline" which causes warnings w/our build.
505d05c7Sgtb */
505d05c7Sgtb#define inline
505d05c7Sgtb
505d05c7Sgtb/* Solaris kerberos */
505d05c7Sgtbkrb5_boolean KRB5_CALLCONV is_in_keytype
505d05c7Sgtb	(krb5_const krb5_enctype *keytype,
505d05c7Sgtb	int numkeytypes, krb5_enctype enctype);
505d05c7Sgtb
24da5b34Srie/*
24da5b34Srie * Solaris Kerberos
24da5b34Srie * Use krb5_getuid() to select the mechanism to obtain the uid.
24da5b34Srie */
24da5b34Srieextern uid_t	krb5_getuid();
ab9b2e15Sgtb
fe598cdcSmp/*
fe598cdcSmp * Referral definitions, debugging hooks, and subfunctions.
fe598cdcSmp */
fe598cdcSmp#define        KRB5_REFERRAL_MAXHOPS	5
fe598cdcSmp/* #define DEBUG_REFERRALS */
fe598cdcSmp
fe598cdcSmp#ifdef DEBUG_REFERRALS
fe598cdcSmpvoid krb5int_dbgref_dump_principal(char *, krb5_principal);
fe598cdcSmp#endif
fe598cdcSmp
fe598cdcSmp/* Common hostname-parsing code. */
fe598cdcSmpkrb5_error_code KRB5_CALLCONV krb5int_clean_hostname
fe598cdcSmp	(krb5_context,
fe598cdcSmp		const char *,
fe598cdcSmp		char *,
fe598cdcSmp		size_t);
505d05c7Sgtb
*ba7b222eSGlenn Barry/*
*ba7b222eSGlenn Barry * Solaris Kerberos
*ba7b222eSGlenn Barry * Kernel & user space realloc.
*ba7b222eSGlenn Barry */
*ba7b222eSGlenn Barryvoid *krb5int_realloc
*ba7b222eSGlenn Barry	(void *oldp,
*ba7b222eSGlenn Barry	 size_t new_size,
*ba7b222eSGlenn Barry	 size_t old_size);
7c478bd9Sstevel@tonic-gate#endif /* _KRB5_INT_H */