17c478bdstevel@tonic-gate/*
25e01956Glenn Barry * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
37c478bdstevel@tonic-gate */
47c478bdstevel@tonic-gate
57c478bdstevel@tonic-gate/* This is the prologue to krb5.h */
67c478bdstevel@tonic-gate/* Unfortunately some of these defines are compiler dependent */
77c478bdstevel@tonic-gate#ifndef _KRB5_H
87c478bdstevel@tonic-gate#define _KRB5_H
97c478bdstevel@tonic-gate
107c478bdstevel@tonic-gate
117c478bdstevel@tonic-gate#define SIZEOF_INT 4
127c478bdstevel@tonic-gate
137c478bdstevel@tonic-gate#ifdef _LP64
147c478bdstevel@tonic-gate#define SIZEOF_LONG 8
157c478bdstevel@tonic-gate#else
167c478bdstevel@tonic-gate#define SIZEOF_LONG 4
177c478bdstevel@tonic-gate#endif
187c478bdstevel@tonic-gate
197c478bdstevel@tonic-gate#define SIZEOF_SHORT 2
207c478bdstevel@tonic-gate#define HAVE_STDARG_H 1
217c478bdstevel@tonic-gate#define HAVE_SYS_TYPES_H 1
227c478bdstevel@tonic-gate/* End of prologue section */
237c478bdstevel@tonic-gate/*
247c478bdstevel@tonic-gate * include/krb5.h
257c478bdstevel@tonic-gate *
26fe598cdmp * Copyright 1989,1990,1995,2001, 2003  by the Massachusetts Institute of Technology.
277c478bdstevel@tonic-gate * All Rights Reserved.
287c478bdstevel@tonic-gate *
297c478bdstevel@tonic-gate * Export of this software from the United States of America may
307c478bdstevel@tonic-gate *   require a specific license from the United States Government.
317c478bdstevel@tonic-gate *   It is the responsibility of any person or organization contemplating
327c478bdstevel@tonic-gate *   export to obtain such a license before exporting.
33fe598cdmp *
347c478bdstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
357c478bdstevel@tonic-gate * distribute this software and its documentation for any purpose and
367c478bdstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
377c478bdstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
387c478bdstevel@tonic-gate * this permission notice appear in supporting documentation, and that
397c478bdstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining
407c478bdstevel@tonic-gate * to distribution of the software without specific, written prior
417c478bdstevel@tonic-gate * permission.	Furthermore if you modify this software you must label
427c478bdstevel@tonic-gate * your software as modified software and not distribute it in such a
437c478bdstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software.
447c478bdstevel@tonic-gate * M.I.T. makes no representations about the suitability of
457c478bdstevel@tonic-gate * this software for any purpose.  It is provided "as is" without express
467c478bdstevel@tonic-gate * or implied warranty.
47159d09aMark Phalan *
487c478bdstevel@tonic-gate *
497c478bdstevel@tonic-gate * General definitions for Kerberos version 5.
507c478bdstevel@tonic-gate */
517c478bdstevel@tonic-gate
527c478bdstevel@tonic-gate/*
537c478bdstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC.
54159d09aMark Phalan *
557c478bdstevel@tonic-gate * All rights reserved.
56159d09aMark Phalan *
577c478bdstevel@tonic-gate * Export of this software from the United States of America may require
587c478bdstevel@tonic-gate * a specific license from the United States Government.  It is the
597c478bdstevel@tonic-gate * responsibility of any person or organization contemplating export to
607c478bdstevel@tonic-gate * obtain such a license before exporting.
61159d09aMark Phalan *
627c478bdstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
637c478bdstevel@tonic-gate * distribute this software and its documentation for any purpose and
647c478bdstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
657c478bdstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
667c478bdstevel@tonic-gate * this permission notice appear in supporting documentation, and that
677c478bdstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining
687c478bdstevel@tonic-gate * to distribution of the software without specific, written prior
697c478bdstevel@tonic-gate * permission.  FundsXpress makes no representations about the suitability of
707c478bdstevel@tonic-gate * this software for any purpose.  It is provided "as is" without express
717c478bdstevel@tonic-gate * or implied warranty.
72159d09aMark Phalan *
737c478bdstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
747c478bdstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
757c478bdstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
767c478bdstevel@tonic-gate */
777c478bdstevel@tonic-gate
787c478bdstevel@tonic-gate#ifndef KRB5_GENERAL__
797c478bdstevel@tonic-gate#define KRB5_GENERAL__
807c478bdstevel@tonic-gate
817c478bdstevel@tonic-gate#ifdef	_KERNEL
827c478bdstevel@tonic-gate#include <sys/systm.h>
837c478bdstevel@tonic-gate#include <sys/kmem.h>
847c478bdstevel@tonic-gate
857c478bdstevel@tonic-gate#include <sys/crypto/common.h>
867c478bdstevel@tonic-gate#include <sys/crypto/api.h>
877c478bdstevel@tonic-gate
887c478bdstevel@tonic-gate/*
897c478bdstevel@tonic-gate * Just to be safe lets make sure the buffers are zero'ed after
907c478bdstevel@tonic-gate * malloc() as some code assumes this is the case.  To avoid warnings
917c478bdstevel@tonic-gate * of duplicated defines let remove the old one if present.
927c478bdstevel@tonic-gate */
937c478bdstevel@tonic-gate#ifdef MALLOC
947c478bdstevel@tonic-gate#undef MALLOC
957c478bdstevel@tonic-gate#endif
967c478bdstevel@tonic-gate#define MALLOC(n) kmem_zalloc((n), KM_SLEEP)
977c478bdstevel@tonic-gate
987c478bdstevel@tonic-gate#define	FREE(x, n) kmem_free((x), (n))
997c478bdstevel@tonic-gate#define CALLOC(n, s) kmem_zalloc((n)*(s), KM_SLEEP)
1007c478bdstevel@tonic-gate#define strcpy(dst,src,n) bcopy((src),(dst),(n))
1017c478bdstevel@tonic-gate#define mutex_lock(lck)  mutex_enter(lck)
1027c478bdstevel@tonic-gate#define mutex_unlock(lck)  mutex_exit(lck)
1037c478bdstevel@tonic-gate
1047c478bdstevel@tonic-gate#else /* !_KERNEL */
1057c478bdstevel@tonic-gate#define	MALLOC(n) malloc(n)
1067c478bdstevel@tonic-gate#define	FREE(x, n) free(x)
1077c478bdstevel@tonic-gate#define CALLOC(n, s) calloc((n), (s))
1087c478bdstevel@tonic-gate#include <stdlib.h>
1097c478bdstevel@tonic-gate#include <thread.h>
1107c478bdstevel@tonic-gate#include <synch.h>
1117c478bdstevel@tonic-gate#include <security/cryptoki.h>
112505d05cgtb#include <limits.h>    /* for *_MAX */
1137c478bdstevel@tonic-gate#endif /* _KERNEL */
1147c478bdstevel@tonic-gate
115505d05cgtb/* By default, do not expose deprecated interfaces. */
116505d05cgtb/* SUNW14resync - we need to enable this for rlogind and such */
117505d05cgtb#ifndef KRB5_DEPRECATED
118505d05cgtb#define KRB5_DEPRECATED 1
119505d05cgtb#endif
120505d05cgtb/* Do not expose private interfaces.  Build system will override. */
121505d05cgtb/* SUNW14resync - for the Solaris build we set it to 1 here */
122505d05cgtb#ifndef KRB5_PRIVATE
123505d05cgtb#define KRB5_PRIVATE 1
124505d05cgtb#endif
125505d05cgtb
126159d09aMark Phalan#if defined(__MACH__) && defined(__APPLE__)
127159d09aMark Phalan#	include <TargetConditionals.h>
128159d09aMark Phalan#    if TARGET_RT_MAC_CFM
129159d09aMark Phalan#	error "Use KfM 4.0 SDK headers for CFM compilation."
130159d09aMark Phalan#    endif
131505d05cgtb#endif
1327c478bdstevel@tonic-gate
133159d09aMark Phalan#if defined(_MSDOS) || defined(_WIN32)
1347c478bdstevel@tonic-gate#include <win-mac.h>
1357c478bdstevel@tonic-gate#endif
1367c478bdstevel@tonic-gate
1377c478bdstevel@tonic-gate#ifndef KRB5_CONFIG__
1387c478bdstevel@tonic-gate#ifndef KRB5_CALLCONV
1397c478bdstevel@tonic-gate#define KRB5_CALLCONV
1407c478bdstevel@tonic-gate#define KRB5_CALLCONV_C
1417c478bdstevel@tonic-gate#endif /* !KRB5_CALLCONV */
1427c478bdstevel@tonic-gate#endif /* !KRB5_CONFIG__ */
1437c478bdstevel@tonic-gate
144505d05cgtb#ifndef KRB5_CALLCONV_WRONG
145505d05cgtb#define KRB5_CALLCONV_WRONG
146505d05cgtb#endif
147505d05cgtb
148505d05cgtb/* SUNW14resync XXX */
1497c478bdstevel@tonic-gate#include <sys/types.h>
1507c478bdstevel@tonic-gate#include <sys/socket.h>
1517c478bdstevel@tonic-gate
1527c478bdstevel@tonic-gate#ifndef THREEPARAMOPEN
1537c478bdstevel@tonic-gate#define THREEPARAMOPEN(x,y,z) open(x,y,z)
1547c478bdstevel@tonic-gate#endif
1557c478bdstevel@tonic-gate
156505d05cgtb
1577c478bdstevel@tonic-gate/*
1587c478bdstevel@tonic-gate * Solaris Kerberos:
15910db137gtb *   Samba needs a couple of these interfaces so old crypto is enabled.
1607c478bdstevel@tonic-gate */
16110db137gtb#define KRB5_OLD_CRYPTO
1627c478bdstevel@tonic-gate
1637c478bdstevel@tonic-gate
164159d09aMark Phalan#ifndef KRB5INT_BEGIN_DECLS
165159d09aMark Phalan#if defined(__cplusplus)
166159d09aMark Phalan#define KRB5INT_BEGIN_DECLS	extern "C" {
167159d09aMark Phalan#define KRB5INT_END_DECLS	}
168159d09aMark Phalan#else
169159d09aMark Phalan#define KRB5INT_BEGIN_DECLS
170159d09aMark Phalan#define KRB5INT_END_DECLS
171159d09aMark Phalan#endif
172159d09aMark Phalan#endif
1737c478bdstevel@tonic-gate
174eb42280Will FiveashKRB5INT_BEGIN_DECLS
175eb42280Will Fiveash
176505d05cgtb#if TARGET_OS_MAC
177505d05cgtb#    pragma options align=mac68k
1787c478bdstevel@tonic-gate#endif
1797c478bdstevel@tonic-gate
180505d05cgtb/* from profile.h */
181505d05cgtbstruct _profile_t;
182505d05cgtb/* typedef struct _profile_t *profile_t; */
183505d05cgtb
1847c478bdstevel@tonic-gate/*
1857c478bdstevel@tonic-gate * begin wordsize.h
1867c478bdstevel@tonic-gate */
1877c478bdstevel@tonic-gate
1887c478bdstevel@tonic-gate/*
1897c478bdstevel@tonic-gate * Word-size related definition.
1907c478bdstevel@tonic-gate */
1917c478bdstevel@tonic-gate
1927c478bdstevel@tonic-gatetypedef	unsigned char	krb5_octet;
1937c478bdstevel@tonic-gate
194505d05cgtb#if INT_MAX == 0x7fff
1957c478bdstevel@tonic-gatetypedef	int	krb5_int16;
1967c478bdstevel@tonic-gatetypedef	unsigned int	krb5_ui_2;
197505d05cgtb#elif SHRT_MAX == 0x7fff
1987c478bdstevel@tonic-gatetypedef	short	krb5_int16;
1997c478bdstevel@tonic-gatetypedef	unsigned short	krb5_ui_2;
2007c478bdstevel@tonic-gate#else
201505d05cgtb#error undefined 16 bit type
2027c478bdstevel@tonic-gate#endif
2037c478bdstevel@tonic-gate
204505d05cgtb#if INT_MAX == 0x7fffffffL
205159d09aMark Phalantypedef	int	krb5_int32;
2067c478bdstevel@tonic-gatetypedef	unsigned int	krb5_ui_4;
207505d05cgtb#elif LONG_MAX == 0x7fffffffL
2087c478bdstevel@tonic-gatetypedef	long	krb5_int32;
2097c478bdstevel@tonic-gatetypedef	unsigned long	krb5_ui_4;
210505d05cgtb#elif SHRT_MAX == 0x7fffffffL
2117c478bdstevel@tonic-gatetypedef	short	krb5_int32;
2127c478bdstevel@tonic-gatetypedef	unsigned short	krb5_ui_4;
2137c478bdstevel@tonic-gate#else
214505d05cgtb#error: undefined 32 bit type
2157c478bdstevel@tonic-gate#endif
2167c478bdstevel@tonic-gate
217159d09aMark Phalan#define VALID_INT_BITS	  INT_MAX
218159d09aMark Phalan#define VALID_UINT_BITS	  UINT_MAX
219505d05cgtb
2207c478bdstevel@tonic-gate#define KRB5_INT32_MAX	2147483647
2217c478bdstevel@tonic-gate/* this strange form is necessary since - is a unary operator, not a sign
2227c478bdstevel@tonic-gate   indicator */
2237c478bdstevel@tonic-gate#define KRB5_INT32_MIN	(-KRB5_INT32_MAX-1)
2247c478bdstevel@tonic-gate
2257c478bdstevel@tonic-gate#define KRB5_INT16_MAX 65535
2267c478bdstevel@tonic-gate/* this strange form is necessary since - is a unary operator, not a sign
2277c478bdstevel@tonic-gate   indicator */
2287c478bdstevel@tonic-gate#define KRB5_INT16_MIN	(-KRB5_INT16_MAX-1)
2297c478bdstevel@tonic-gate
2307c478bdstevel@tonic-gate/*
2317c478bdstevel@tonic-gate * end wordsize.h
2327c478bdstevel@tonic-gate */
2337c478bdstevel@tonic-gate
2347c478bdstevel@tonic-gate/*
2357c478bdstevel@tonic-gate * begin "base-defs.h"
2367c478bdstevel@tonic-gate */
2377c478bdstevel@tonic-gate
2387c478bdstevel@tonic-gate/*
2397c478bdstevel@tonic-gate * Basic definitions for Kerberos V5 library
2407c478bdstevel@tonic-gate */
2417c478bdstevel@tonic-gate
2427c478bdstevel@tonic-gate#ifndef FALSE
2437c478bdstevel@tonic-gate#define	FALSE	0
2447c478bdstevel@tonic-gate#endif
2457c478bdstevel@tonic-gate#ifndef TRUE
2467c478bdstevel@tonic-gate#define	TRUE	1
2477c478bdstevel@tonic-gate#endif
2487c478bdstevel@tonic-gate
2497c478bdstevel@tonic-gatetypedef	unsigned int krb5_boolean;
2507c478bdstevel@tonic-gatetypedef	unsigned int krb5_msgtype;
2517c478bdstevel@tonic-gatetypedef	unsigned int krb5_kvno;
2527c478bdstevel@tonic-gate
253159d09aMark Phalantypedef	krb5_int32 krb5_addrtype;
254159d09aMark Phalantypedef krb5_int32 krb5_enctype;
255159d09aMark Phalantypedef krb5_int32 krb5_cksumtype;
256159d09aMark Phalantypedef krb5_int32 krb5_authdatatype;
257159d09aMark Phalantypedef krb5_int32 krb5_keyusage;
2587c478bdstevel@tonic-gate
2597c478bdstevel@tonic-gatetypedef krb5_int32	krb5_preauthtype; /* This may change, later on */
2607c478bdstevel@tonic-gatetypedef	krb5_int32	krb5_flags;
2617c478bdstevel@tonic-gatetypedef krb5_int32	krb5_timestamp;
2627c478bdstevel@tonic-gatetypedef	krb5_int32	krb5_error_code;
2637c478bdstevel@tonic-gatetypedef krb5_int32	krb5_deltat;
2647c478bdstevel@tonic-gate
2657c478bdstevel@tonic-gatetypedef krb5_error_code	krb5_magic;
2667c478bdstevel@tonic-gate
2677c478bdstevel@tonic-gatetypedef struct _krb5_data {
268159d09aMark Phalan	krb5_magic magic;
269159d09aMark Phalan	unsigned int length;
270159d09aMark Phalan	char *data;
2717c478bdstevel@tonic-gate} krb5_data;
2727c478bdstevel@tonic-gate
273159d09aMark Phalantypedef struct _krb5_octet_data {
274159d09aMark Phalan	krb5_magic magic;
275159d09aMark Phalan	unsigned int length;
276159d09aMark Phalan	krb5_octet *data;
277159d09aMark Phalan} krb5_octet_data;
278159d09aMark Phalan
279505d05cgtb/*
280159d09aMark Phalan * Hack length for crypto library to use the afs_string_to_key It is
281159d09aMark Phalan * equivalent to -1 without possible sign extension
282159d09aMark Phalan * We also overload for an unset salt type length - which is also -1, but
283159d09aMark Phalan * hey, why not....
284159d09aMark Phalan*/
285159d09aMark Phalan#define SALT_TYPE_AFS_LENGTH UINT_MAX
286159d09aMark Phalan#define SALT_TYPE_NO_LENGTH  UINT_MAX
2877c478bdstevel@tonic-gate
288159d09aMark Phalantypedef	void * krb5_pointer;
289159d09aMark Phalantypedef void const * krb5_const_pointer;
2907c478bdstevel@tonic-gate
2917c478bdstevel@tonic-gatetypedef struct krb5_principal_data {
2927c478bdstevel@tonic-gate    krb5_magic magic;
2937c478bdstevel@tonic-gate    krb5_data realm;
2947c478bdstevel@tonic-gate    krb5_data *data;		/* An array of strings */
2957c478bdstevel@tonic-gate    krb5_int32 length;
2967c478bdstevel@tonic-gate    krb5_int32 type;
2977c478bdstevel@tonic-gate} krb5_principal_data;
2987c478bdstevel@tonic-gate
2997c478bdstevel@tonic-gatetypedef	krb5_principal_data * krb5_principal;
3007c478bdstevel@tonic-gate
3017c478bdstevel@tonic-gate/*
3027c478bdstevel@tonic-gate * Per V5 spec on definition of principal types
3037c478bdstevel@tonic-gate */
3047c478bdstevel@tonic-gate
3057c478bdstevel@tonic-gate/* Name type not known */
3067c478bdstevel@tonic-gate#define KRB5_NT_UNKNOWN		0
3077c478bdstevel@tonic-gate/* Just the name of the principal as in DCE, or for users */
3087c478bdstevel@tonic-gate#define KRB5_NT_PRINCIPAL	1
3097c478bdstevel@tonic-gate/* Service and other unique instance (krbtgt) */
3107c478bdstevel@tonic-gate#define KRB5_NT_SRV_INST	2
3117c478bdstevel@tonic-gate/* Service with host name as instance (telnet, rcommands) */
3127c478bdstevel@tonic-gate#define KRB5_NT_SRV_HST		3
3137c478bdstevel@tonic-gate/* Service with host as remaining components */
3147c478bdstevel@tonic-gate#define KRB5_NT_SRV_XHST	4
3157c478bdstevel@tonic-gate/* Unique ID */
3167c478bdstevel@tonic-gate#define KRB5_NT_UID		5
317ba7b222Glenn Barry/* PKINIT */
318ba7b222Glenn Barry#define KRB5_NT_X500_PRINCIPAL          6
319ba7b222Glenn Barry/* Name in form of SMTP email name */
320ba7b222Glenn Barry#define KRB5_NT_SMTP_NAME               7
321ba7b222Glenn Barry/* Windows 2000 UPN */
322ba7b222Glenn Barry#define KRB5_NT_ENTERPRISE_PRINCIPAL    10
323ba7b222Glenn Barry/* Windows 2000 UPN and SID */
324ba7b222Glenn Barry#define KRB5_NT_MS_PRINCIPAL            -128
325ba7b222Glenn Barry/* NT 4 style name */
326ba7b222Glenn Barry#define KRB5_NT_MS_PRINCIPAL_AND_ID     -129
327ba7b222Glenn Barry/* NT 4 style name and SID */
328ba7b222Glenn Barry#define KRB5_NT_ENT_PRINCIPAL_AND_ID    -130
3297c478bdstevel@tonic-gate
3307c478bdstevel@tonic-gate/* constant version thereof: */
331505d05cgtbtypedef const krb5_principal_data *krb5_const_principal;
3327c478bdstevel@tonic-gate
3337c478bdstevel@tonic-gate#define krb5_princ_realm(context, princ) (&(princ)->realm)
3347c478bdstevel@tonic-gate#define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value))
3357c478bdstevel@tonic-gate#define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value)
3367c478bdstevel@tonic-gate#define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value)
3377c478bdstevel@tonic-gate#define	krb5_princ_size(context, princ) (princ)->length
3387c478bdstevel@tonic-gate#define	krb5_princ_type(context, princ) (princ)->type
3397c478bdstevel@tonic-gate#define	krb5_princ_name(context, princ) (princ)->data
340159d09aMark Phalan#define	krb5_princ_component(context, princ,i)		\
341159d09aMark Phalan	    (((i) < krb5_princ_size(context, princ))	\
342159d09aMark Phalan	     ? (princ)->data + (i)			\
343159d09aMark Phalan	     : NULL)
3447c478bdstevel@tonic-gate
3457c478bdstevel@tonic-gate/*
346fe598cdmp * Constants for realm referrals.
347fe598cdmp */
348fe598cdmp#define        KRB5_REFERRAL_REALM	""
349fe598cdmp
350fe598cdmp/*
351fe598cdmp * Referral-specific functions.
352fe598cdmp */
353fe598cdmpkrb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *);
354fe598cdmp
355fe598cdmp/*
3567c478bdstevel@tonic-gate * end "base-defs.h"
3577c478bdstevel@tonic-gate */
3587c478bdstevel@tonic-gate
3597c478bdstevel@tonic-gate/*
3607c478bdstevel@tonic-gate * begin "hostaddr.h"
3617c478bdstevel@tonic-gate */
3627c478bdstevel@tonic-gate
3637c478bdstevel@tonic-gate/* structure for address */
3647c478bdstevel@tonic-gatetypedef struct _krb5_address {
3657c478bdstevel@tonic-gate    krb5_magic magic;
3667c478bdstevel@tonic-gate    krb5_addrtype addrtype;
3677c478bdstevel@tonic-gate    unsigned int length;
3687c478bdstevel@tonic-gate    krb5_octet *contents;
3697c478bdstevel@tonic-gate} krb5_address;
3707c478bdstevel@tonic-gate
3717c478bdstevel@tonic-gate/* per Kerberos v5 protocol spec */
3727c478bdstevel@tonic-gate#define	ADDRTYPE_INET		0x0002
3737c478bdstevel@tonic-gate#define	ADDRTYPE_CHAOS		0x0005
3747c478bdstevel@tonic-gate#define	ADDRTYPE_XNS		0x0006
3757c478bdstevel@tonic-gate#define	ADDRTYPE_ISO		0x0007
376159d09aMark Phalan#define ADDRTYPE_DDP		0x0010
377159d09aMark Phalan#define ADDRTYPE_INET6		0x0018
3787c478bdstevel@tonic-gate/* not yet in the spec... */
379159d09aMark Phalan#define ADDRTYPE_ADDRPORT	0x0100
380159d09aMark Phalan#define ADDRTYPE_IPPORT		0x0101
3817c478bdstevel@tonic-gate
3827c478bdstevel@tonic-gate/* macros to determine if a type is a local type */
3837c478bdstevel@tonic-gate#define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000)
3847c478bdstevel@tonic-gate
3857c478bdstevel@tonic-gate/*
3867c478bdstevel@tonic-gate * end "hostaddr.h"
3877c478bdstevel@tonic-gate */
3887c478bdstevel@tonic-gate
3897c478bdstevel@tonic-gate
3907c478bdstevel@tonic-gatestruct _krb5_context;
3917c478bdstevel@tonic-gatetypedef struct _krb5_context * krb5_context;
3927c478bdstevel@tonic-gate
3937c478bdstevel@tonic-gatestruct _krb5_auth_context;
3947c478bdstevel@tonic-gatetypedef struct _krb5_auth_context * krb5_auth_context;
3957c478bdstevel@tonic-gate
3967c478bdstevel@tonic-gatestruct _krb5_cryptosystem_entry;
3977c478bdstevel@tonic-gate
398505d05cgtb/* SUNW EF (I assume) crypto mods ... */
3997c478bdstevel@tonic-gatestruct _krb5_keyblock;
4007c478bdstevel@tonic-gate
4017c478bdstevel@tonic-gate/*
4027c478bdstevel@tonic-gate * keyblocks will contain a list of derived keys,
4037c478bdstevel@tonic-gate * this  structure will contain the derived key data.
4047c478bdstevel@tonic-gate */
4057c478bdstevel@tonic-gatetypedef struct _dk_node {
4067c478bdstevel@tonic-gate    krb5_keyusage   usage;
4077c478bdstevel@tonic-gate    struct _krb5_keyblock   *derived_key;
4087c478bdstevel@tonic-gate    uchar_t         dkid; /* derived key identifier byte */
4097c478bdstevel@tonic-gate    struct _dk_node *next;
4107c478bdstevel@tonic-gate} krb5_dk_node;
4117c478bdstevel@tonic-gate
4127c478bdstevel@tonic-gate/*
4137c478bdstevel@tonic-gate * begin "encryption.h"
4147c478bdstevel@tonic-gate */
415159d09aMark Phalan
4167c478bdstevel@tonic-gatetypedef struct _krb5_keyblock {
4177c478bdstevel@tonic-gate    krb5_magic magic;
4187c478bdstevel@tonic-gate    krb5_enctype enctype;
4197c478bdstevel@tonic-gate    unsigned int length;
4207c478bdstevel@tonic-gate    krb5_octet *contents;
4217c478bdstevel@tonic-gate    krb5_dk_node   *dk_list; /* list of keys derived from this key */
4227c478bdstevel@tonic-gate#ifdef _KERNEL
4237c478bdstevel@tonic-gate    crypto_mech_type_t     kef_mt;
4247c478bdstevel@tonic-gate    crypto_key_t           kef_key;
4257c478bdstevel@tonic-gate    crypto_ctx_template_t  key_tmpl;
4267c478bdstevel@tonic-gate#else
4277c478bdstevel@tonic-gate    CK_OBJECT_HANDLE       hKey; /* PKCS#11 key object handle */
4287c478bdstevel@tonic-gate    pid_t	pid; /* fork safety */
4297c478bdstevel@tonic-gate#endif /* _KERNEL */
4307c478bdstevel@tonic-gate} krb5_keyblock;
4317c478bdstevel@tonic-gate
4327c478bdstevel@tonic-gatetypedef struct _krb5_checksum {
4337c478bdstevel@tonic-gate    krb5_magic magic;
4347c478bdstevel@tonic-gate    krb5_cksumtype checksum_type;	/* checksum type */
4357c478bdstevel@tonic-gate    unsigned int length;
4367c478bdstevel@tonic-gate    krb5_octet *contents;
4377c478bdstevel@tonic-gate} krb5_checksum;
4387c478bdstevel@tonic-gate
4397c478bdstevel@tonic-gatetypedef struct _krb5_encrypt_block {
4407c478bdstevel@tonic-gate    krb5_magic magic;
4417c478bdstevel@tonic-gate    krb5_enctype crypto_entry;		/* to call krb5_encrypt_size, you need
4427c478bdstevel@tonic-gate					   this.  it was a pointer, but it
4437c478bdstevel@tonic-gate					   doesn't have to be.  gross. */
4447c478bdstevel@tonic-gate    krb5_keyblock *key;
4457c478bdstevel@tonic-gate} krb5_encrypt_block;
4467c478bdstevel@tonic-gate
4477c478bdstevel@tonic-gatetypedef struct _krb5_enc_data {
4487c478bdstevel@tonic-gate    krb5_magic magic;
4497c478bdstevel@tonic-gate    krb5_enctype enctype;
4507c478bdstevel@tonic-gate    krb5_kvno kvno;
4517c478bdstevel@tonic-gate    krb5_data ciphertext;
4527c478bdstevel@tonic-gate} krb5_enc_data;
4537c478bdstevel@tonic-gate
4547c478bdstevel@tonic-gate/* per Kerberos v5 protocol spec */
4557c478bdstevel@tonic-gate#define	ENCTYPE_NULL		0x0000
4567c478bdstevel@tonic-gate#define	ENCTYPE_DES_CBC_CRC	0x0001	/* DES cbc mode with CRC-32 */
4577c478bdstevel@tonic-gate#define	ENCTYPE_DES_CBC_MD4	0x0002	/* DES cbc mode with RSA-MD4 */
4587c478bdstevel@tonic-gate#define	ENCTYPE_DES_CBC_MD5	0x0003	/* DES cbc mode with RSA-MD5 */
459159d09aMark Phalan#define	ENCTYPE_DES_CBC_RAW	0x0004	/* DES cbc mode raw */
4607c478bdstevel@tonic-gate/* XXX deprecated? */
4617c478bdstevel@tonic-gate#define	ENCTYPE_DES3_CBC_SHA	0x0005	/* DES-3 cbc mode with NIST-SHA */
4627c478bdstevel@tonic-gate#define	ENCTYPE_DES3_CBC_RAW	0x0006	/* DES-3 cbc mode raw */
463159d09aMark Phalan#define ENCTYPE_DES_HMAC_SHA1	0x0008
464159d09aMark Phalan#define ENCTYPE_DES3_CBC_SHA1	0x0010
465159d09aMark Phalan#define ENCTYPE_AES128_CTS_HMAC_SHA1_96	0x0011
466159d09aMark Phalan#define ENCTYPE_AES256_CTS_HMAC_SHA1_96	0x0012
4677c478bdstevel@tonic-gate#define ENCTYPE_ARCFOUR_HMAC	0x0017
4687c478bdstevel@tonic-gate#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
469159d09aMark Phalan#define ENCTYPE_UNKNOWN		0x01ff
4707c478bdstevel@tonic-gate
4717c478bdstevel@tonic-gate#define	CKSUMTYPE_CRC32		0x0001
4727c478bdstevel@tonic-gate#define	CKSUMTYPE_RSA_MD4	0x0002
4737c478bdstevel@tonic-gate#define	CKSUMTYPE_RSA_MD4_DES	0x0003
4747c478bdstevel@tonic-gate#define	CKSUMTYPE_DESCBC	0x0004
4757c478bdstevel@tonic-gate/* des-mac-k */
4767c478bdstevel@tonic-gate/* rsa-md4-des-k */
4777c478bdstevel@tonic-gate#define	CKSUMTYPE_RSA_MD5	0x0007
4787c478bdstevel@tonic-gate#define	CKSUMTYPE_RSA_MD5_DES	0x0008
479159d09aMark Phalan#define CKSUMTYPE_NIST_SHA	0x0009
480159d09aMark Phalan#define CKSUMTYPE_HMAC_SHA1_DES3	0x000c
4817c478bdstevel@tonic-gate#define CKSUMTYPE_HMAC_SHA1_96_AES128	0x000f
4827c478bdstevel@tonic-gate#define CKSUMTYPE_HMAC_SHA1_96_AES256	0x0010
4837c478bdstevel@tonic-gate#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
4847c478bdstevel@tonic-gate
485505d05cgtb/* The following are entropy source designations. Whenever
486505d05cgtb * krb5_C_random_add_entropy is called, one of these source  ids is passed
487505d05cgtb * in.  This  allows the library  to better estimate bits of
488505d05cgtb * entropy in the sample and to keep track of what sources of entropy have
489505d05cgtb * contributed enough entropy.  Sources marked internal MUST NOT be
490505d05cgtb * used by applications outside the Kerberos library
491505d05cgtb*/
492505d05cgtb
493505d05cgtbenum {
494505d05cgtb  KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/
495505d05cgtb  KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/
496505d05cgtb  KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/
497505d05cgtb  /*This source should be used carefully; data in this category
498