xref: /illumos-gate/usr/src/uts/common/gssapi/mechs/krb5/include/krb5.h (revision ba7b222e36bac28710a7f43739283302b617e7f5)
1 /*
2  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /* This is the prologue to krb5.h */
7 /* Unfortunately some of these defines are compiler dependent */
8 #ifndef _KRB5_H
9 #define _KRB5_H
10 
11 
12 #define SIZEOF_INT 4
13 
14 #ifdef _LP64
15 #define SIZEOF_LONG 8
16 #else
17 #define SIZEOF_LONG 4
18 #endif
19 
20 #define SIZEOF_SHORT 2
21 #define HAVE_STDARG_H 1
22 #define HAVE_SYS_TYPES_H 1
23 /* End of prologue section */
24 /*
25  * include/krb5.h
26  *
27  * Copyright 1989,1990,1995,2001, 2003  by the Massachusetts Institute of Technology.
28  * All Rights Reserved.
29  *
30  * Export of this software from the United States of America may
31  *   require a specific license from the United States Government.
32  *   It is the responsibility of any person or organization contemplating
33  *   export to obtain such a license before exporting.
34  *
35  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
36  * distribute this software and its documentation for any purpose and
37  * without fee is hereby granted, provided that the above copyright
38  * notice appear in all copies and that both that copyright notice and
39  * this permission notice appear in supporting documentation, and that
40  * the name of M.I.T. not be used in advertising or publicity pertaining
41  * to distribution of the software without specific, written prior
42  * permission.	Furthermore if you modify this software you must label
43  * your software as modified software and not distribute it in such a
44  * fashion that it might be confused with the original M.I.T. software.
45  * M.I.T. makes no representations about the suitability of
46  * this software for any purpose.  It is provided "as is" without express
47  * or implied warranty.
48  *
49  *
50  * General definitions for Kerberos version 5.
51  */
52 
53 /*
54  * Copyright (C) 1998 by the FundsXpress, INC.
55  *
56  * All rights reserved.
57  *
58  * Export of this software from the United States of America may require
59  * a specific license from the United States Government.  It is the
60  * responsibility of any person or organization contemplating export to
61  * obtain such a license before exporting.
62  *
63  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
64  * distribute this software and its documentation for any purpose and
65  * without fee is hereby granted, provided that the above copyright
66  * notice appear in all copies and that both that copyright notice and
67  * this permission notice appear in supporting documentation, and that
68  * the name of FundsXpress. not be used in advertising or publicity pertaining
69  * to distribution of the software without specific, written prior
70  * permission.  FundsXpress makes no representations about the suitability of
71  * this software for any purpose.  It is provided "as is" without express
72  * or implied warranty.
73  *
74  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
75  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
76  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
77  */
78 
79 #ifndef KRB5_GENERAL__
80 #define KRB5_GENERAL__
81 
82 #ifdef	_KERNEL
83 #include <sys/systm.h>
84 #include <sys/kmem.h>
85 
86 #include <sys/crypto/common.h>
87 #include <sys/crypto/api.h>
88 
89 /*
90  * Just to be safe lets make sure the buffers are zero'ed after
91  * malloc() as some code assumes this is the case.  To avoid warnings
92  * of duplicated defines let remove the old one if present.
93  */
94 #ifdef MALLOC
95 #undef MALLOC
96 #endif
97 #define MALLOC(n) kmem_zalloc((n), KM_SLEEP)
98 
99 #define	FREE(x, n) kmem_free((x), (n))
100 #define CALLOC(n, s) kmem_zalloc((n)*(s), KM_SLEEP)
101 #define strcpy(dst,src,n) bcopy((src),(dst),(n))
102 #define mutex_lock(lck)  mutex_enter(lck)
103 #define mutex_unlock(lck)  mutex_exit(lck)
104 
105 #else /* !_KERNEL */
106 #define	MALLOC(n) malloc(n)
107 #define	FREE(x, n) free(x)
108 #define CALLOC(n, s) calloc((n), (s))
109 #include <stdlib.h>
110 #include <thread.h>
111 #include <synch.h>
112 #include <security/cryptoki.h>
113 #include <limits.h>    /* for *_MAX */
114 #endif /* _KERNEL */
115 
116 /* By default, do not expose deprecated interfaces. */
117 /* SUNW14resync - we need to enable this for rlogind and such */
118 #ifndef KRB5_DEPRECATED
119 #define KRB5_DEPRECATED 1
120 #endif
121 /* Do not expose private interfaces.  Build system will override. */
122 /* SUNW14resync - for the Solaris build we set it to 1 here */
123 #ifndef KRB5_PRIVATE
124 #define KRB5_PRIVATE 1
125 #endif
126 
127 #if defined(__MACH__) && defined(__APPLE__)
128 #	include <TargetConditionals.h>
129 #    if TARGET_RT_MAC_CFM
130 #	error "Use KfM 4.0 SDK headers for CFM compilation."
131 #    endif
132 #endif
133 
134 #if defined(_MSDOS) || defined(_WIN32)
135 #include <win-mac.h>
136 #endif
137 
138 #ifndef KRB5_CONFIG__
139 #ifndef KRB5_CALLCONV
140 #define KRB5_CALLCONV
141 #define KRB5_CALLCONV_C
142 #endif /* !KRB5_CALLCONV */
143 #endif /* !KRB5_CONFIG__ */
144 
145 #ifndef KRB5_CALLCONV_WRONG
146 #define KRB5_CALLCONV_WRONG
147 #endif
148 
149 /* SUNW14resync XXX */
150 #include <sys/types.h>
151 #include <sys/socket.h>
152 
153 #ifndef THREEPARAMOPEN
154 #define THREEPARAMOPEN(x,y,z) open(x,y,z)
155 #endif
156 
157 
158 /*
159  * Solaris Kerberos:
160  *   Samba needs a couple of these interfaces so old crypto is enabled.
161  */
162 #define KRB5_OLD_CRYPTO
163 
164 
165 #ifndef KRB5INT_BEGIN_DECLS
166 #if defined(__cplusplus)
167 #define KRB5INT_BEGIN_DECLS	extern "C" {
168 #define KRB5INT_END_DECLS	}
169 #else
170 #define KRB5INT_BEGIN_DECLS
171 #define KRB5INT_END_DECLS
172 #endif
173 #endif
174 
175 KRB5INT_BEGIN_DECLS
176 
177 #if TARGET_OS_MAC
178 #    pragma options align=mac68k
179 #endif
180 
181 /* from profile.h */
182 struct _profile_t;
183 /* typedef struct _profile_t *profile_t; */
184 
185 /*
186  * begin wordsize.h
187  */
188 
189 /*
190  * Word-size related definition.
191  */
192 
193 typedef	unsigned char	krb5_octet;
194 
195 #if INT_MAX == 0x7fff
196 typedef	int	krb5_int16;
197 typedef	unsigned int	krb5_ui_2;
198 #elif SHRT_MAX == 0x7fff
199 typedef	short	krb5_int16;
200 typedef	unsigned short	krb5_ui_2;
201 #else
202 #error undefined 16 bit type
203 #endif
204 
205 #if INT_MAX == 0x7fffffffL
206 typedef	int	krb5_int32;
207 typedef	unsigned int	krb5_ui_4;
208 #elif LONG_MAX == 0x7fffffffL
209 typedef	long	krb5_int32;
210 typedef	unsigned long	krb5_ui_4;
211 #elif SHRT_MAX == 0x7fffffffL
212 typedef	short	krb5_int32;
213 typedef	unsigned short	krb5_ui_4;
214 #else
215 #error: undefined 32 bit type
216 #endif
217 
218 #define VALID_INT_BITS	  INT_MAX
219 #define VALID_UINT_BITS	  UINT_MAX
220 
221 #define KRB5_INT32_MAX	2147483647
222 /* this strange form is necessary since - is a unary operator, not a sign
223    indicator */
224 #define KRB5_INT32_MIN	(-KRB5_INT32_MAX-1)
225 
226 #define KRB5_INT16_MAX 65535
227 /* this strange form is necessary since - is a unary operator, not a sign
228    indicator */
229 #define KRB5_INT16_MIN	(-KRB5_INT16_MAX-1)
230 
231 /*
232  * end wordsize.h
233  */
234 
235 /*
236  * begin "base-defs.h"
237  */
238 
239 /*
240  * Basic definitions for Kerberos V5 library
241  */
242 
243 #ifndef FALSE
244 #define	FALSE	0
245 #endif
246 #ifndef TRUE
247 #define	TRUE	1
248 #endif
249 
250 typedef	unsigned int krb5_boolean;
251 typedef	unsigned int krb5_msgtype;
252 typedef	unsigned int krb5_kvno;
253 
254 typedef	krb5_int32 krb5_addrtype;
255 typedef krb5_int32 krb5_enctype;
256 typedef krb5_int32 krb5_cksumtype;
257 typedef krb5_int32 krb5_authdatatype;
258 typedef krb5_int32 krb5_keyusage;
259 
260 typedef krb5_int32	krb5_preauthtype; /* This may change, later on */
261 typedef	krb5_int32	krb5_flags;
262 typedef krb5_int32	krb5_timestamp;
263 typedef	krb5_int32	krb5_error_code;
264 typedef krb5_int32	krb5_deltat;
265 
266 typedef krb5_error_code	krb5_magic;
267 
268 typedef struct _krb5_data {
269 	krb5_magic magic;
270 	unsigned int length;
271 	char *data;
272 } krb5_data;
273 
274 typedef struct _krb5_octet_data {
275 	krb5_magic magic;
276 	unsigned int length;
277 	krb5_octet *data;
278 } krb5_octet_data;
279 
280 /*
281  * Hack length for crypto library to use the afs_string_to_key It is
282  * equivalent to -1 without possible sign extension
283  * We also overload for an unset salt type length - which is also -1, but
284  * hey, why not....
285 */
286 #define SALT_TYPE_AFS_LENGTH UINT_MAX
287 #define SALT_TYPE_NO_LENGTH  UINT_MAX
288 
289 typedef	void * krb5_pointer;
290 typedef void const * krb5_const_pointer;
291 
292 typedef struct krb5_principal_data {
293     krb5_magic magic;
294     krb5_data realm;
295     krb5_data *data;		/* An array of strings */
296     krb5_int32 length;
297     krb5_int32 type;
298 } krb5_principal_data;
299 
300 typedef	krb5_principal_data * krb5_principal;
301 
302 /*
303  * Per V5 spec on definition of principal types
304  */
305 
306 /* Name type not known */
307 #define KRB5_NT_UNKNOWN		0
308 /* Just the name of the principal as in DCE, or for users */
309 #define KRB5_NT_PRINCIPAL	1
310 /* Service and other unique instance (krbtgt) */
311 #define KRB5_NT_SRV_INST	2
312 /* Service with host name as instance (telnet, rcommands) */
313 #define KRB5_NT_SRV_HST		3
314 /* Service with host as remaining components */
315 #define KRB5_NT_SRV_XHST	4
316 /* Unique ID */
317 #define KRB5_NT_UID		5
318 /* PKINIT */
319 #define KRB5_NT_X500_PRINCIPAL          6
320 /* Name in form of SMTP email name */
321 #define KRB5_NT_SMTP_NAME               7
322 /* Windows 2000 UPN */
323 #define KRB5_NT_ENTERPRISE_PRINCIPAL    10
324 /* Windows 2000 UPN and SID */
325 #define KRB5_NT_MS_PRINCIPAL            -128
326 /* NT 4 style name */
327 #define KRB5_NT_MS_PRINCIPAL_AND_ID     -129
328 /* NT 4 style name and SID */
329 #define KRB5_NT_ENT_PRINCIPAL_AND_ID    -130
330 
331 /* constant version thereof: */
332 typedef const krb5_principal_data *krb5_const_principal;
333 
334 #define krb5_princ_realm(context, princ) (&(princ)->realm)
335 #define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value))
336 #define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value)
337 #define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value)
338 #define	krb5_princ_size(context, princ) (princ)->length
339 #define	krb5_princ_type(context, princ) (princ)->type
340 #define	krb5_princ_name(context, princ) (princ)->data
341 #define	krb5_princ_component(context, princ,i)		\
342 	    (((i) < krb5_princ_size(context, princ))	\
343 	     ? (princ)->data + (i)			\
344 	     : NULL)
345 
346 /*
347  * Constants for realm referrals.
348  */
349 #define        KRB5_REFERRAL_REALM	""
350 
351 /*
352  * Referral-specific functions.
353  */
354 krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *);
355 
356 /*
357  * end "base-defs.h"
358  */
359 
360 /*
361  * begin "hostaddr.h"
362  */
363 
364 /* structure for address */
365 typedef struct _krb5_address {
366     krb5_magic magic;
367     krb5_addrtype addrtype;
368     unsigned int length;
369     krb5_octet *contents;
370 } krb5_address;
371 
372 /* per Kerberos v5 protocol spec */
373 #define	ADDRTYPE_INET		0x0002
374 #define	ADDRTYPE_CHAOS		0x0005
375 #define	ADDRTYPE_XNS		0x0006
376 #define	ADDRTYPE_ISO		0x0007
377 #define ADDRTYPE_DDP		0x0010
378 #define ADDRTYPE_INET6		0x0018
379 /* not yet in the spec... */
380 #define ADDRTYPE_ADDRPORT	0x0100
381 #define ADDRTYPE_IPPORT		0x0101
382 
383 /* macros to determine if a type is a local type */
384 #define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000)
385 
386 /*
387  * end "hostaddr.h"
388  */
389 
390 
391 struct _krb5_context;
392 typedef struct _krb5_context * krb5_context;
393 
394 struct _krb5_auth_context;
395 typedef struct _krb5_auth_context * krb5_auth_context;
396 
397 struct _krb5_cryptosystem_entry;
398 
399 /* SUNW EF (I assume) crypto mods ... */
400 struct _krb5_keyblock;
401 
402 /*
403  * keyblocks will contain a list of derived keys,
404  * this  structure will contain the derived key data.
405  */
406 typedef struct _dk_node {
407     krb5_keyusage   usage;
408     struct _krb5_keyblock   *derived_key;
409     uchar_t         dkid; /* derived key identifier byte */
410     struct _dk_node *next;
411 } krb5_dk_node;
412 
413 /*
414  * begin "encryption.h"
415  */
416 
417 typedef struct _krb5_keyblock {
418     krb5_magic magic;
419     krb5_enctype enctype;
420     unsigned int length;
421     krb5_octet *contents;
422     krb5_dk_node   *dk_list; /* list of keys derived from this key */
423 #ifdef _KERNEL
424     crypto_mech_type_t     kef_mt;
425     crypto_key_t           kef_key;
426     crypto_ctx_template_t  key_tmpl;
427 #else
428     CK_OBJECT_HANDLE       hKey; /* PKCS#11 key object handle */
429     pid_t	pid; /* fork safety */
430 #endif /* _KERNEL */
431 } krb5_keyblock;
432 
433 typedef struct _krb5_checksum {
434     krb5_magic magic;
435     krb5_cksumtype checksum_type;	/* checksum type */
436     unsigned int length;
437     krb5_octet *contents;
438 } krb5_checksum;
439 
440 typedef struct _krb5_encrypt_block {
441     krb5_magic magic;
442     krb5_enctype crypto_entry;		/* to call krb5_encrypt_size, you need
443 					   this.  it was a pointer, but it
444 					   doesn't have to be.  gross. */
445     krb5_keyblock *key;
446 } krb5_encrypt_block;
447 
448 typedef struct _krb5_enc_data {
449     krb5_magic magic;
450     krb5_enctype enctype;
451     krb5_kvno kvno;
452     krb5_data ciphertext;
453 } krb5_enc_data;
454 
455 /* per Kerberos v5 protocol spec */
456 #define	ENCTYPE_NULL		0x0000
457 #define	ENCTYPE_DES_CBC_CRC	0x0001	/* DES cbc mode with CRC-32 */
458 #define	ENCTYPE_DES_CBC_MD4	0x0002	/* DES cbc mode with RSA-MD4 */
459 #define	ENCTYPE_DES_CBC_MD5	0x0003	/* DES cbc mode with RSA-MD5 */
460 #define	ENCTYPE_DES_CBC_RAW	0x0004	/* DES cbc mode raw */
461 /* XXX deprecated? */
462 #define	ENCTYPE_DES3_CBC_SHA	0x0005	/* DES-3 cbc mode with NIST-SHA */
463 #define	ENCTYPE_DES3_CBC_RAW	0x0006	/* DES-3 cbc mode raw */
464 #define ENCTYPE_DES_HMAC_SHA1	0x0008
465 #define ENCTYPE_DES3_CBC_SHA1	0x0010
466 #define ENCTYPE_AES128_CTS_HMAC_SHA1_96	0x0011
467 #define ENCTYPE_AES256_CTS_HMAC_SHA1_96	0x0012
468 #define ENCTYPE_ARCFOUR_HMAC	0x0017
469 #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
470 #define ENCTYPE_UNKNOWN		0x01ff
471 
472 #define	CKSUMTYPE_CRC32		0x0001
473 #define	CKSUMTYPE_RSA_MD4	0x0002
474 #define	CKSUMTYPE_RSA_MD4_DES	0x0003
475 #define	CKSUMTYPE_DESCBC	0x0004
476 /* des-mac-k */
477 /* rsa-md4-des-k */
478 #define	CKSUMTYPE_RSA_MD5	0x0007
479 #define	CKSUMTYPE_RSA_MD5_DES	0x0008
480 #define CKSUMTYPE_NIST_SHA	0x0009
481 #define CKSUMTYPE_HMAC_SHA1_DES3	0x000c
482 #define CKSUMTYPE_HMAC_SHA1_96_AES128	0x000f
483 #define CKSUMTYPE_HMAC_SHA1_96_AES256	0x0010
484 #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
485 
486 /* The following are entropy source designations. Whenever
487  * krb5_C_random_add_entropy is called, one of these source  ids is passed
488  * in.  This  allows the library  to better estimate bits of
489  * entropy in the sample and to keep track of what sources of entropy have
490  * contributed enough entropy.  Sources marked internal MUST NOT be
491  * used by applications outside the Kerberos library
492 */
493 
494 enum {
495   KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/
496   KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/
497   KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/
498   /*This source should be used carefully; data in this category
499    * should be from a third party trusted to give random bits
500    * For example keys issued by the KDC in the application server.
501    */
502   KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/
503   KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/
504   KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/
505 };
506 
507 #ifndef krb5_roundup
508 /* round x up to nearest multiple of y */
509 #define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y))
510 #endif /* roundup */
511 
512 /* macro function definitions to help clean up code */
513 
514 #ifndef _KERNEL
515 #define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
516 #define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
517 #else
518 #define krb5_x(ptr,args) ((*(ptr)) args)
519 #define krb5_xc(ptr,args) ((*(ptr)) args)
520 #endif
521 
522 krb5_error_code KRB5_CALLCONV
523     krb5_c_encrypt
524     (krb5_context context, const krb5_keyblock *key,
525 		    krb5_keyusage usage, const krb5_data *cipher_state,
526 		    const krb5_data *input, krb5_enc_data *output);
527 
528 krb5_error_code KRB5_CALLCONV
529     krb5_c_decrypt
530     (krb5_context context, const krb5_keyblock *key,
531 		    krb5_keyusage usage, const krb5_data *cipher_state,
532 		    const krb5_enc_data *input, krb5_data *output);
533 
534 krb5_error_code KRB5_CALLCONV
535     krb5_c_encrypt_length
536     (krb5_context context, krb5_enctype enctype,
537 		    size_t inputlen, size_t *length);
538 
539 krb5_error_code KRB5_CALLCONV
540     krb5_c_block_size
541     (krb5_context context, krb5_enctype enctype,
542 		    size_t *blocksize);
543 
544 krb5_error_code KRB5_CALLCONV
545     krb5_c_keylengths
546     (krb5_context context, krb5_enctype enctype,
547                     size_t *keybytes, size_t *keylength);
548 
549 krb5_error_code KRB5_CALLCONV
550 	krb5_c_init_state(krb5_context,
551 		const krb5_keyblock *, krb5_keyusage,
552 		krb5_data *);
553 
554 krb5_error_code KRB5_CALLCONV
555 	krb5_c_free_state(krb5_context,
556 		const krb5_keyblock *, krb5_data *);
557 
558 krb5_error_code KRB5_CALLCONV
559     krb5_c_make_random_key
560     (krb5_context context, krb5_enctype enctype,
561 		    krb5_keyblock *random_key);
562 
563 krb5_error_code KRB5_CALLCONV
564     krb5_c_random_to_key
565     (krb5_context context, krb5_enctype enctype,
566                     krb5_data *random_data, krb5_keyblock *k5_random_key);
567 
568 /* Register a new entropy sample  with the PRNG. may cause
569 * the PRNG to be reseeded, although this is not guaranteed.  See previous randsource definitions
570 * for information on how each source should be used.
571 */
572 krb5_error_code KRB5_CALLCONV
573         krb5_c_random_add_entropy
574 (krb5_context context, unsigned int  randsource_id, const krb5_data *data);
575 
576 krb5_error_code KRB5_CALLCONV
577     krb5_c_random_make_octets
578     (krb5_context context, krb5_data *data);
579 
580 /*
581 * Collect entropy from the OS if possible. strong requests that as strong
582 * of a source of entropy  as available be used.  Setting strong may
583 * increase the probability of blocking and should not  be used for normal
584 * applications.  Good uses include seeding the PRNG for kadmind
585 * and realm setup.
586 * If successful is non-null, then successful is set to 1 if the OS provided
587 * entropy else zero.
588 */
589 #if 0 /* SUNW14resync - not used in Solaris */
590 krb5_error_code KRB5_CALLCONV
591 krb5_c_random_os_entropy
592 (krb5_context context, int strong, int *success);
593 #endif
594 
595 /*deprecated*/ krb5_error_code KRB5_CALLCONV
596     krb5_c_random_seed
597     (krb5_context context, krb5_data *data);
598 
599 krb5_error_code KRB5_CALLCONV
600     krb5_c_string_to_key
601     (krb5_context context, krb5_enctype enctype,
602 		    const krb5_data *string, const krb5_data *salt,
603 		    krb5_keyblock *key);
604 krb5_error_code KRB5_CALLCONV
605 krb5_c_string_to_key_with_params(krb5_context context,
606 				 krb5_enctype enctype,
607 				 const krb5_data *string,
608 				 const krb5_data *salt,
609 				 const krb5_data *params,
610 				 krb5_keyblock *key);
611 
612 krb5_error_code KRB5_CALLCONV
613     krb5_c_enctype_compare
614     (krb5_context context, krb5_enctype e1, krb5_enctype e2,
615 		    krb5_boolean *similar);
616 
617 krb5_error_code KRB5_CALLCONV
618     krb5_c_make_checksum
619     (krb5_context context, krb5_cksumtype cksumtype,
620 		    const krb5_keyblock *key, krb5_keyusage usage,
621 		    const krb5_data *input, krb5_checksum *cksum);
622 
623 krb5_error_code KRB5_CALLCONV
624     krb5_c_verify_checksum
625     (krb5_context context,
626 		    const krb5_keyblock *key, krb5_keyusage usage,
627 		    const krb5_data *data,
628 		    const krb5_checksum *cksum,
629 		    krb5_boolean *valid);
630 
631 krb5_error_code KRB5_CALLCONV
632     krb5_c_checksum_length
633     (krb5_context context, krb5_cksumtype cksumtype,
634 		    size_t *length);
635 
636 krb5_error_code KRB5_CALLCONV
637     krb5_c_keyed_checksum_types
638     (krb5_context context, krb5_enctype enctype,
639 		    unsigned int *count, krb5_cksumtype **cksumtypes);
640 
641 #define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS		1
642 #define KRB5_KEYUSAGE_KDC_REP_TICKET		2
643 #define KRB5_KEYUSAGE_AS_REP_ENCPART		3
644 #define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY	4
645 #define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY		5
646 #define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM	6
647 #define KRB5_KEYUSAGE_TGS_REQ_AUTH		7
648 #define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY	8
649 #define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY	9
650 #define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM		10
651 #define KRB5_KEYUSAGE_AP_REQ_AUTH		11
652 #define KRB5_KEYUSAGE_AP_REP_ENCPART		12
653 #define KRB5_KEYUSAGE_KRB_PRIV_ENCPART		13
654 #define KRB5_KEYUSAGE_KRB_CRED_ENCPART		14
655 #define KRB5_KEYUSAGE_KRB_SAFE_CKSUM		15
656 #define KRB5_KEYUSAGE_APP_DATA_ENCRYPT		16
657 #define KRB5_KEYUSAGE_APP_DATA_CKSUM		17
658 #define KRB5_KEYUSAGE_KRB_ERROR_CKSUM		18
659 #define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM	19
660 #define KRB5_KEYUSAGE_AD_MTE			20
661 #define KRB5_KEYUSAGE_AD_ITE			21
662 
663 /* XXX need to register these */
664 
665 #define KRB5_KEYUSAGE_GSS_TOK_MIC		22
666 #define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG	23
667 #define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV		24
668 
669 /* Defined in hardware preauth draft */
670 
671 #define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM	25
672 #define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID	26
673 #define KRB5_KEYUSAGE_PA_SAM_RESPONSE		27
674 
675 /* Defined in KDC referrals draft */
676 #define KRB5_KEYUSAGE_PA_REFERRAL		26 /* XXX note conflict with above */
677 
678 krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype
679 	(krb5_enctype ktype);
680 krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype
681 	(krb5_cksumtype ctype);
682 krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum
683 	(krb5_cksumtype ctype);
684 krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum
685 	(krb5_cksumtype ctype);
686 
687 #if KRB5_PRIVATE
688 /* Use the above four instead.  */
689 krb5_boolean KRB5_CALLCONV valid_enctype
690 	(krb5_enctype ktype);
691 krb5_boolean KRB5_CALLCONV valid_cksumtype
692 	(krb5_cksumtype ctype);
693 krb5_boolean KRB5_CALLCONV is_coll_proof_cksum
694 	(krb5_cksumtype ctype);
695 krb5_boolean KRB5_CALLCONV is_keyed_cksum
696 	(krb5_cksumtype ctype);
697 #endif
698 
699 #ifdef KRB5_OLD_CRYPTO
700 /*
701  * old cryptosystem routine prototypes.  These are now layered
702  * on top of the functions above.
703  */
704 krb5_error_code KRB5_CALLCONV krb5_encrypt
705 	(krb5_context context,
706 		krb5_const_pointer inptr,
707 		krb5_pointer outptr,
708 		size_t size,
709 		krb5_encrypt_block * eblock,
710 		krb5_pointer ivec);
711 krb5_error_code KRB5_CALLCONV krb5_decrypt
712 	(krb5_context context,
713 		krb5_const_pointer inptr,
714 		krb5_pointer outptr,
715 		size_t size,
716 		krb5_encrypt_block * eblock,
717 		krb5_pointer ivec);
718 krb5_error_code KRB5_CALLCONV krb5_process_key
719 	(krb5_context context,
720 		krb5_encrypt_block * eblock,
721 		const krb5_keyblock * key);
722 krb5_error_code KRB5_CALLCONV krb5_finish_key
723 	(krb5_context context,
724 		krb5_encrypt_block * eblock);
725 krb5_error_code KRB5_CALLCONV krb5_string_to_key
726 	(krb5_context context,
727 		const krb5_encrypt_block * eblock,
728 		krb5_keyblock * keyblock,
729 		const krb5_data * data,
730 		const krb5_data * salt);
731 krb5_error_code KRB5_CALLCONV krb5_init_random_key
732 	(krb5_context context,
733 		const krb5_encrypt_block * eblock,
734 		const krb5_keyblock * keyblock,
735 		krb5_pointer * ptr);
736 krb5_error_code KRB5_CALLCONV krb5_finish_random_key
737 	(krb5_context context,
738 		const krb5_encrypt_block * eblock,
739 		krb5_pointer * ptr);
740 krb5_error_code KRB5_CALLCONV krb5_random_key
741 	(krb5_context context,
742 		const krb5_encrypt_block * eblock,
743 		krb5_pointer ptr,
744 		krb5_keyblock ** keyblock);
745 krb5_enctype KRB5_CALLCONV krb5_eblock_enctype
746 	(krb5_context context,
747 		const krb5_encrypt_block * eblock);
748 krb5_error_code KRB5_CALLCONV krb5_use_enctype
749 	(krb5_context context,
750 		krb5_encrypt_block * eblock,
751 		krb5_enctype enctype);
752 size_t KRB5_CALLCONV krb5_encrypt_size
753 	(size_t length,
754 		krb5_enctype crypto);
755 size_t KRB5_CALLCONV krb5_checksum_size
756 	(krb5_context context,
757 		krb5_cksumtype ctype);
758 krb5_error_code KRB5_CALLCONV krb5_calculate_checksum
759 	(krb5_context context,
760 		krb5_cksumtype ctype,
761 		krb5_const_pointer in, size_t in_length,
762 		krb5_const_pointer seed, size_t seed_length,
763 		krb5_checksum * outcksum);
764 krb5_error_code KRB5_CALLCONV krb5_verify_checksum
765 	(krb5_context context,
766 		krb5_cksumtype ctype,
767 		const krb5_checksum * cksum,
768 		krb5_const_pointer in, size_t in_length,
769 		krb5_const_pointer seed, size_t seed_length);
770 
771 #if KRB5_PRIVATE
772 krb5_error_code KRB5_CALLCONV krb5_random_confounder
773 	(size_t, krb5_pointer);
774 
775 krb5_error_code krb5_encrypt_data
776 	(krb5_context context, krb5_keyblock *key,
777 		krb5_pointer ivec, krb5_data *data,
778 		krb5_enc_data *enc_data);
779 
780 krb5_error_code krb5_decrypt_data
781 	(krb5_context context, krb5_keyblock *key,
782 		krb5_pointer ivec, krb5_enc_data *data,
783 		krb5_data *enc_data);
784 #endif
785 
786 #endif /* KRB5_OLD_CRYPTO */
787 
788 /*
789  * end "encryption.h"
790  */
791 
792 /*
793  * begin "fieldbits.h"
794  */
795 
796 /* kdc_options for kdc_request */
797 /* options is 32 bits; each host is responsible to put the 4 bytes
798    representing these bits into net order before transmission */
799 /* #define	KDC_OPT_RESERVED	0x80000000 */
800 #define	KDC_OPT_FORWARDABLE		0x40000000
801 #define	KDC_OPT_FORWARDED		0x20000000
802 #define	KDC_OPT_PROXIABLE		0x10000000
803 #define	KDC_OPT_PROXY			0x08000000
804 #define	KDC_OPT_ALLOW_POSTDATE		0x04000000
805 #define	KDC_OPT_POSTDATED		0x02000000
806 /* #define	KDC_OPT_UNUSED		0x01000000 */
807 #define	KDC_OPT_RENEWABLE		0x00800000
808 /* #define	KDC_OPT_UNUSED		0x00400000 */
809 /* #define	KDC_OPT_RESERVED	0x00200000 */
810 /* #define	KDC_OPT_RESERVED	0x00100000 */
811 /* #define	KDC_OPT_RESERVED	0x00080000 */
812 /* #define	KDC_OPT_RESERVED	0x00040000 */
813 #define	KDC_OPT_REQUEST_ANONYMOUS	0x00020000
814 #define	KDC_OPT_CANONICALIZE		0x00010000
815 /* #define	KDC_OPT_RESERVED	0x00008000 */
816 /* #define	KDC_OPT_RESERVED	0x00004000 */
817 /* #define	KDC_OPT_RESERVED	0x00002000 */
818 /* #define	KDC_OPT_RESERVED	0x00001000 */
819 /* #define	KDC_OPT_RESERVED	0x00000800 */
820 /* #define	KDC_OPT_RESERVED	0x00000400 */
821 /* #define	KDC_OPT_RESERVED	0x00000200 */
822 /* #define	KDC_OPT_RESERVED	0x00000100 */
823 /* #define	KDC_OPT_RESERVED	0x00000080 */
824 /* #define	KDC_OPT_RESERVED	0x00000040 */
825 #define	KDC_OPT_DISABLE_TRANSITED_CHECK	0x00000020
826 #define	KDC_OPT_RENEWABLE_OK		0x00000010
827 #define	KDC_OPT_ENC_TKT_IN_SKEY		0x00000008
828 /* #define	KDC_OPT_UNUSED		0x00000004 */
829 #define	KDC_OPT_RENEW			0x00000002
830 #define	KDC_OPT_VALIDATE		0x00000001
831 
832 /*
833  * Mask of ticket flags in the TGT which should be converted into KDC
834  * options when using the TGT to get derivitive tickets.
835  *
836  *  New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE |
837  *	       KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE
838  */
839 #define KDC_TKT_COMMON_MASK		0x54800000
840 
841 /* definitions for ap_options fields */
842 /* ap_options are 32 bits; each host is responsible to put the 4 bytes
843    representing these bits into net order before transmission */
844 #define	AP_OPTS_RESERVED		0x80000000
845 #define	AP_OPTS_USE_SESSION_KEY		0x40000000
846 #define	AP_OPTS_MUTUAL_REQUIRED		0x20000000
847 /* #define	AP_OPTS_RESERVED	0x10000000 */
848 /* #define	AP_OPTS_RESERVED	0x08000000 */
849 /* #define	AP_OPTS_RESERVED	0x04000000 */
850 /* #define	AP_OPTS_RESERVED	0x02000000 */
851 /* #define	AP_OPTS_RESERVED	0x01000000 */
852 /* #define	AP_OPTS_RESERVED	0x00800000 */
853 /* #define	AP_OPTS_RESERVED	0x00400000 */
854 /* #define	AP_OPTS_RESERVED	0x00200000 */
855 /* #define	AP_OPTS_RESERVED	0x00100000 */
856 /* #define	AP_OPTS_RESERVED	0x00080000 */
857 /* #define	AP_OPTS_RESERVED	0x00040000 */
858 /* #define	AP_OPTS_RESERVED	0x00020000 */
859 /* #define	AP_OPTS_RESERVED	0x00010000 */
860 /* #define	AP_OPTS_RESERVED	0x00008000 */
861 /* #define	AP_OPTS_RESERVED	0x00004000 */
862 /* #define	AP_OPTS_RESERVED	0x00002000 */
863 /* #define	AP_OPTS_RESERVED	0x00001000 */
864 /* #define	AP_OPTS_RESERVED	0x00000800 */
865 /* #define	AP_OPTS_RESERVED	0x00000400 */
866 /* #define	AP_OPTS_RESERVED	0x00000200 */
867 /* #define	AP_OPTS_RESERVED	0x00000100 */
868 /* #define	AP_OPTS_RESERVED	0x00000080 */
869 /* #define	AP_OPTS_RESERVED	0x00000040 */
870 /* #define	AP_OPTS_RESERVED	0x00000020 */
871 /* #define	AP_OPTS_RESERVED	0x00000010 */
872 /* #define	AP_OPTS_RESERVED	0x00000008 */
873 /* #define	AP_OPTS_RESERVED	0x00000004 */
874 /* #define	AP_OPTS_RESERVED	0x00000002 */
875 #define AP_OPTS_USE_SUBKEY	0x00000001
876 
877 #define AP_OPTS_WIRE_MASK	0xfffffff0
878 
879 /* definitions for ad_type fields. */
880 #define	AD_TYPE_RESERVED	0x8000
881 #define	AD_TYPE_EXTERNAL	0x4000
882 #define	AD_TYPE_REGISTERED	0x2000
883 
884 #define AD_TYPE_FIELD_TYPE_MASK	0x1fff
885 
886 /* Ticket flags */
887 /* flags are 32 bits; each host is responsible to put the 4 bytes
888    representing these bits into net order before transmission */
889 /* #define	TKT_FLG_RESERVED	0x80000000 */
890 #define	TKT_FLG_FORWARDABLE		0x40000000
891 #define	TKT_FLG_FORWARDED		0x20000000
892 #define	TKT_FLG_PROXIABLE		0x10000000
893 #define	TKT_FLG_PROXY			0x08000000
894 #define	TKT_FLG_MAY_POSTDATE		0x04000000
895 #define	TKT_FLG_POSTDATED		0x02000000
896 #define	TKT_FLG_INVALID			0x01000000
897 #define	TKT_FLG_RENEWABLE		0x00800000
898 #define	TKT_FLG_INITIAL			0x00400000
899 #define	TKT_FLG_PRE_AUTH		0x00200000
900 #define	TKT_FLG_HW_AUTH			0x00100000
901 #define	TKT_FLG_TRANSIT_POLICY_CHECKED	0x00080000
902 #define	TKT_FLG_OK_AS_DELEGATE		0x00040000
903 #define	TKT_FLG_ANONYMOUS		0x00020000
904 /* #define	TKT_FLG_RESERVED	0x00010000 */
905 /* #define	TKT_FLG_RESERVED	0x00008000 */
906 /* #define	TKT_FLG_RESERVED	0x00004000 */
907 /* #define	TKT_FLG_RESERVED	0x00002000 */
908 /* #define	TKT_FLG_RESERVED	0x00001000 */
909 /* #define	TKT_FLG_RESERVED	0x00000800 */
910 /* #define	TKT_FLG_RESERVED	0x00000400 */
911 /* #define	TKT_FLG_RESERVED	0x00000200 */
912 /* #define	TKT_FLG_RESERVED	0x00000100 */
913 /* #define	TKT_FLG_RESERVED	0x00000080 */
914 /* #define	TKT_FLG_RESERVED	0x00000040 */
915 /* #define	TKT_FLG_RESERVED	0x00000020 */
916 /* #define	TKT_FLG_RESERVED	0x00000010 */
917 /* #define	TKT_FLG_RESERVED	0x00000008 */
918 /* #define	TKT_FLG_RESERVED	0x00000004 */
919 /* #define	TKT_FLG_RESERVED	0x00000002 */
920 /* #define	TKT_FLG_RESERVED	0x00000001 */
921 
922 /* definitions for lr_type fields. */
923 #define	LR_TYPE_THIS_SERVER_ONLY	0x8000
924 
925 #define LR_TYPE_INTERPRETATION_MASK	0x7fff
926 
927 /* definitions for ad_type fields. */
928 #define	AD_TYPE_EXTERNAL	0x4000
929 #define	AD_TYPE_REGISTERED	0x2000
930 
931 #define AD_TYPE_FIELD_TYPE_MASK	0x1fff
932 #define AD_TYPE_INTERNAL_MASK	0x3fff
933 
934 /* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */
935 #define	MSEC_DIRBIT		0x8000
936 #define	MSEC_VAL_MASK		0x7fff
937 
938 /*
939  * end "fieldbits.h"
940  */
941 
942 /*
943  * begin "proto.h"
944  */
945 
946 /* Protocol version number */
947 #define	KRB5_PVNO	5
948 
949 /* Message types */
950 
951 #define	KRB5_AS_REQ	((krb5_msgtype)10) /* Req for initial authentication */
952 #define	KRB5_AS_REP	((krb5_msgtype)11) /* Response to KRB_AS_REQ request */
953 #define	KRB5_TGS_REQ	((krb5_msgtype)12) /* TGS request to server */
954 #define	KRB5_TGS_REP	((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */
955 #define	KRB5_AP_REQ	((krb5_msgtype)14) /* application request to server */
956 #define	KRB5_AP_REP	((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */
957 #define	KRB5_SAFE	((krb5_msgtype)20) /* Safe application message */
958 #define	KRB5_PRIV	((krb5_msgtype)21) /* Private application message */
959 #define	KRB5_CRED	((krb5_msgtype)22) /* Credential forwarding message */
960 #define	KRB5_ERROR	((krb5_msgtype)30) /* Error response */
961 
962 /* LastReq types */
963 #define KRB5_LRQ_NONE			0
964 #define KRB5_LRQ_ALL_LAST_TGT		1
965 #define KRB5_LRQ_ONE_LAST_TGT		(-1)
966 #define KRB5_LRQ_ALL_LAST_INITIAL	2
967 #define KRB5_LRQ_ONE_LAST_INITIAL	(-2)
968 #define KRB5_LRQ_ALL_LAST_TGT_ISSUED	3
969 #define KRB5_LRQ_ONE_LAST_TGT_ISSUED	(-3)
970 #define KRB5_LRQ_ALL_LAST_RENEWAL	4
971 #define KRB5_LRQ_ONE_LAST_RENEWAL	(-4)
972 #define KRB5_LRQ_ALL_LAST_REQ		5
973 #define KRB5_LRQ_ONE_LAST_REQ		(-5)
974 #define KRB5_LRQ_ALL_PW_EXPTIME		6
975 #define KRB5_LRQ_ONE_PW_EXPTIME		(-6)
976 
977 /* PADATA types */
978 #define KRB5_PADATA_NONE		0
979 #define	KRB5_PADATA_AP_REQ		1
980 #define	KRB5_PADATA_TGS_REQ		KRB5_PADATA_AP_REQ
981 #define KRB5_PADATA_ENC_TIMESTAMP	2
982 #define	KRB5_PADATA_PW_SALT		3
983 #if 0				/* Not used */
984 #define KRB5_PADATA_ENC_ENCKEY		4  /* Key encrypted within itself */
985 #endif
986 #define KRB5_PADATA_ENC_UNIX_TIME	5  /* timestamp encrypted in key */
987 #define KRB5_PADATA_ENC_SANDIA_SECURID	6  /* SecurId passcode */
988 #define KRB5_PADATA_SESAME		7  /* Sesame project */
989 #define KRB5_PADATA_OSF_DCE		8  /* OSF DCE */
990 #define KRB5_CYBERSAFE_SECUREID		9  /* Cybersafe */
991 #define	KRB5_PADATA_AFS3_SALT		10 /* Cygnus */
992 #define KRB5_PADATA_ETYPE_INFO		11 /* Etype info for preauth */
993 #define KRB5_PADATA_SAM_CHALLENGE	12 /* draft challenge system */
994 #define KRB5_PADATA_SAM_RESPONSE	13 /* draft challenge system response */
995 #define KRB5_PADATA_PK_AS_REQ_OLD	14 /* PKINIT */
996 #define KRB5_PADATA_PK_AS_REP_OLD	15 /* PKINIT */
997 #define KRB5_PADATA_PK_AS_REQ		16 /* PKINIT */
998 #define KRB5_PADATA_PK_AS_REP		17 /* PKINIT */
999 #define KRB5_PADATA_ETYPE_INFO2 	19
1000 #define KRB5_PADATA_REFERRAL		25 /* draft referral system */
1001 #define KRB5_PADATA_SAM_CHALLENGE_2	30 /* draft challenge system, updated */
1002 #define KRB5_PADATA_SAM_RESPONSE_2	31 /* draft challenge system, updated */
1003 
1004 #define	KRB5_SAM_USE_SAD_AS_KEY		0x80000000
1005 #define	KRB5_SAM_SEND_ENCRYPTED_SAD	0x40000000
1006 #define	KRB5_SAM_MUST_PK_ENCRYPT_SAD	0x20000000 /* currently must be zero */
1007 
1008 /* Reserved for SPX pre-authentication. */
1009 #define KRB5_PADATA_DASS		16
1010 
1011 /* Transited encoding types */
1012 #define	KRB5_DOMAIN_X500_COMPRESS	1
1013 
1014 /* alternate authentication types */
1015 #define	KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE	64
1016 
1017 /* authorization data types */
1018 #define KRB5_AUTHDATA_IF_RELEVANT   1
1019 #define KRB5_AUTHDATA_KDC_ISSUED    4
1020 #define KRB5_AUTHDATA_AND_OR        5
1021 #define KRB5_AUTHDATA_MANDATORY_FOR_KDC 8
1022 #define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS      9
1023 #define	KRB5_AUTHDATA_OSF_DCE	64
1024 #define KRB5_AUTHDATA_SESAME	65
1025 #define KRB5_AUTHDATA_WIN2K_PAC 128
1026 #define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129     /* RFC 4537 */
1027 #define KRB5_AUTHDATA_FX_ARMOR 71
1028 
1029 /* password change constants */
1030 
1031 #define KRB5_KPASSWD_SUCCESS		0
1032 #define KRB5_KPASSWD_MALFORMED		1
1033 #define KRB5_KPASSWD_HARDERROR		2
1034 #define KRB5_KPASSWD_AUTHERROR		3
1035 #define KRB5_KPASSWD_SOFTERROR		4
1036 /* These are Microsoft's extensions in RFC 3244, and it looks like
1037    they'll become standardized, possibly with other additions.  */
1038 #define KRB5_KPASSWD_ACCESSDENIED	5	/* unused */
1039 #define KRB5_KPASSWD_BAD_VERSION	6
1040 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7	/* unused */
1041 
1042 /*
1043  * end "proto.h"
1044  */
1045 
1046 /* Time set */
1047 typedef struct _krb5_ticket_times {
1048     krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
1049 				in ticket? otherwise client can't get this */
1050     krb5_timestamp starttime;		/* optional in ticket, if not present,
1051 					   use authtime */
1052     krb5_timestamp endtime;
1053     krb5_timestamp renew_till;
1054 } krb5_ticket_times;
1055 
1056 /* structure for auth data */
1057 typedef struct _krb5_authdata {
1058     krb5_magic magic;
1059     krb5_authdatatype ad_type;
1060     unsigned int length;
1061     krb5_octet *contents;
1062 } krb5_authdata;
1063 
1064 /* structure for transited encoding */
1065 typedef struct _krb5_transited {
1066     krb5_magic magic;
1067     krb5_octet tr_type;
1068     krb5_data tr_contents;
1069 } krb5_transited;
1070 
1071 typedef struct _krb5_enc_tkt_part {
1072     krb5_magic magic;
1073     /* to-be-encrypted portion */
1074     krb5_flags flags;			/* flags */
1075     krb5_keyblock *session;		/* session key: includes enctype */
1076     krb5_principal client;		/* client name/realm */
1077     krb5_transited transited;		/* list of transited realms */
1078     krb5_ticket_times times;		/* auth, start, end, renew_till */
1079     krb5_address **caddrs;	/* array of ptrs to addresses */
1080     krb5_authdata **authorization_data; /* auth data */
1081 } krb5_enc_tkt_part;
1082 
1083 typedef struct _krb5_ticket {
1084     krb5_magic magic;
1085     /* cleartext portion */
1086     krb5_principal server;		/* server name/realm */
1087     krb5_enc_data enc_part;		/* encryption type, kvno, encrypted
1088 					   encoding */
1089     krb5_enc_tkt_part *enc_part2;	/* ptr to decrypted version, if
1090 					   available */
1091 } krb5_ticket;
1092 
1093 /* the unencrypted version */
1094 typedef struct _krb5_authenticator {
1095     krb5_magic magic;
1096     krb5_principal client;		/* client name/realm */
1097     krb5_checksum *checksum;	/* checksum, includes type, optional */
1098     krb5_int32 cusec;			/* client usec portion */
1099     krb5_timestamp ctime;		/* client sec portion */
1100     krb5_keyblock *subkey;		/* true session key, optional */
1101     krb5_ui_4 seq_number;		/* sequence #, optional */
1102     krb5_authdata **authorization_data; /* New add by Ari, auth data */
1103 } krb5_authenticator;
1104 
1105 typedef struct _krb5_tkt_authent {
1106     krb5_magic magic;
1107     krb5_ticket *ticket;
1108     krb5_authenticator *authenticator;
1109     krb5_flags ap_options;
1110 } krb5_tkt_authent;
1111 
1112 /* credentials:	 Ticket, session key, etc. */
1113 typedef struct _krb5_creds {
1114     krb5_magic magic;
1115     krb5_principal client;		/* client's principal identifier */
1116     krb5_principal server;		/* server's principal identifier */
1117     krb5_keyblock keyblock;		/* session encryption key info */
1118     krb5_ticket_times times;		/* lifetime info */
1119     krb5_boolean is_skey;		/* true if ticket is encrypted in
1120 					   another ticket's skey */
1121     krb5_flags ticket_flags;		/* flags in ticket */
1122     krb5_address * *addresses;	/* addrs in ticket */
1123     krb5_data ticket;			/* ticket string itself */
1124     krb5_data second_ticket;		/* second ticket, if related to
1125 					   ticket (via DUPLICATE-SKEY or
1126 					   ENC-TKT-IN-SKEY) */
1127     krb5_authdata **authdata;	/* authorization data */
1128 } krb5_creds;
1129 
1130 /* Last request fields */
1131 typedef struct _krb5_last_req_entry {
1132     krb5_magic magic;
1133     krb5_int32 lr_type;
1134     krb5_timestamp value;
1135 } krb5_last_req_entry;
1136 
1137 /* pre-authentication data */
1138 typedef struct _krb5_pa_data {
1139     krb5_magic magic;
1140     krb5_preauthtype  pa_type;
1141     unsigned int length;
1142     krb5_octet *contents;
1143 } krb5_pa_data;
1144 
1145 typedef struct _krb5_kdc_req {
1146     krb5_magic magic;
1147     krb5_msgtype msg_type;		/* AS_REQ or TGS_REQ? */
1148     krb5_pa_data **padata;	/* e.g. encoded AP_REQ */
1149     /* real body */
1150     krb5_flags kdc_options;		/* requested options */
1151     krb5_principal client;		/* includes realm; optional */
1152     krb5_principal server;		/* includes realm (only used if no
1153 					   client) */
1154     krb5_timestamp from;		/* requested starttime */
1155     krb5_timestamp till;		/* requested endtime */
1156     krb5_timestamp rtime;		/* (optional) requested renew_till */
1157     krb5_int32 nonce;			/* nonce to match request/response */
1158     int nktypes;			/* # of ktypes, must be positive */
1159     krb5_enctype *ktype;		/* requested enctype(s) */
1160     krb5_address **addresses;	/* requested addresses, optional */
1161     krb5_enc_data authorization_data;	/* encrypted auth data; OPTIONAL */
1162     krb5_authdata **unenc_authdata; /* unencrypted auth data,
1163 					   if available */
1164     krb5_ticket **second_ticket;/* second ticket array; OPTIONAL */
1165 } krb5_kdc_req;
1166 
1167 typedef struct _krb5_enc_kdc_rep_part {
1168     krb5_magic magic;
1169     /* encrypted part: */
1170     krb5_msgtype msg_type;		/* krb5 message type */
1171     krb5_keyblock *session;		/* session key */
1172     krb5_last_req_entry **last_req; /* array of ptrs to entries */
1173     krb5_int32 nonce;			/* nonce from request */
1174     krb5_timestamp key_exp;		/* expiration date */
1175     krb5_flags flags;			/* ticket flags */
1176     krb5_ticket_times times;		/* lifetime info */
1177     krb5_principal server;		/* server's principal identifier */
1178     krb5_address **caddrs;	/* array of ptrs to addresses,
1179 					   optional */
1180     krb5_pa_data **enc_padata;          /* Windows 2000 compat */
1181 } krb5_enc_kdc_rep_part;
1182 
1183 typedef struct _krb5_kdc_rep {
1184     krb5_magic magic;
1185     /* cleartext part: */
1186     krb5_msgtype msg_type;		/* AS_REP or KDC_REP? */
1187     krb5_pa_data **padata;	/* preauthentication data from KDC */
1188     krb5_principal client;		/* client's principal identifier */
1189     krb5_ticket *ticket;		/* ticket */
1190     krb5_enc_data enc_part;		/* encryption type, kvno, encrypted
1191 					   encoding */
1192     krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */
1193 } krb5_kdc_rep;
1194 
1195 /* error message structure */
1196 typedef struct _krb5_error {
1197     krb5_magic magic;
1198     /* some of these may be meaningless in certain contexts */
1199     krb5_timestamp ctime;		/* client sec portion; optional */
1200     krb5_int32 cusec;			/* client usec portion; optional */
1201     krb5_int32 susec;			/* server usec portion */
1202     krb5_timestamp stime;		/* server sec portion */
1203     krb5_ui_4 error;			/* error code (protocol error #'s) */
1204     krb5_principal client;		/* client's principal identifier;
1205 					   optional */
1206     krb5_principal server;		/* server's principal identifier */
1207     krb5_data text;			/* descriptive text */
1208     krb5_data e_data;			/* additional error-describing data */
1209 } krb5_error;
1210 
1211 typedef struct _krb5_ap_req {
1212     krb5_magic magic;
1213     krb5_flags ap_options;		/* requested options */
1214     krb5_ticket *ticket;		/* ticket */
1215     krb5_enc_data authenticator;	/* authenticator (already encrypted) */
1216 } krb5_ap_req;
1217 
1218 typedef struct _krb5_ap_rep {
1219     krb5_magic magic;
1220     krb5_enc_data enc_part;
1221 } krb5_ap_rep;
1222 
1223 typedef struct _krb5_ap_rep_enc_part {
1224     krb5_magic magic;
1225     krb5_timestamp ctime;		/* client time, seconds portion */
1226     krb5_int32 cusec;			/* client time, microseconds portion */
1227     krb5_keyblock *subkey;		/* true session key, optional */
1228     krb5_ui_4 seq_number;		/* sequence #, optional */
1229 } krb5_ap_rep_enc_part;
1230 
1231 typedef struct _krb5_response {
1232     krb5_magic magic;
1233     krb5_octet message_type;
1234     krb5_data response;
1235     krb5_int32 expected_nonce;	/* The expected nonce for KDC_REP messages */
1236     krb5_timestamp request_time;   /* When we made the request */
1237 } krb5_response;
1238 
1239 typedef struct _krb5_cred_info {
1240     krb5_magic magic;
1241     krb5_keyblock *session;		/* session key used to encrypt */
1242 					/* ticket */
1243     krb5_principal client;		/* client name/realm, optional */
1244     krb5_principal server;		/* server name/realm, optional */
1245     krb5_flags flags;			/* ticket flags, optional */
1246     krb5_ticket_times times;		/* auth, start, end, renew_till, */
1247 					/* optional */
1248     krb5_address **caddrs;	/* array of ptrs to addresses */
1249 } krb5_cred_info;
1250 
1251 typedef struct _krb5_cred_enc_part {
1252     krb5_magic magic;
1253     krb5_int32 nonce;			/* nonce, optional */
1254     krb5_timestamp timestamp;		/* client time */
1255     krb5_int32 usec;			/* microsecond portion of time */
1256     krb5_address *s_address;	/* sender address, optional */
1257     krb5_address *r_address;	/* recipient address, optional */
1258     krb5_cred_info **ticket_info;
1259 } krb5_cred_enc_part;
1260 
1261 typedef struct _krb5_cred {
1262     krb5_magic magic;
1263     krb5_ticket **tickets;	/* tickets */
1264     krb5_enc_data enc_part;		/* encrypted part */
1265     krb5_cred_enc_part *enc_part2;	/* unencrypted version, if available*/
1266 } krb5_cred;
1267 
1268 /* Sandia password generation structures */
1269 typedef struct _passwd_phrase_element {
1270     krb5_magic magic;
1271     krb5_data *passwd;
1272     krb5_data *phrase;
1273 } passwd_phrase_element;
1274 
1275 typedef struct _krb5_pwd_data {
1276     krb5_magic magic;
1277     int sequence_count;
1278     passwd_phrase_element **element;
1279 } krb5_pwd_data;
1280 
1281 /* these need to be here so the typedefs are available for the prototypes */
1282 
1283 typedef struct _krb5_pa_svr_referral_data {
1284     /* Referred name, only realm is required */
1285     krb5_principal     principal;
1286 } krb5_pa_svr_referral_data;
1287 
1288 typedef struct _krb5_pa_server_referral_data {
1289     krb5_data          *referred_realm;
1290     krb5_principal     true_principal_name;
1291     krb5_principal     requested_principal_name;
1292     krb5_timestamp     referral_valid_until;
1293     krb5_checksum      rep_cksum;
1294 } krb5_pa_server_referral_data;
1295 
1296 typedef struct _krb5_pa_pac_req {
1297     /* TRUE if a PAC should be included in TGS-REP */
1298     krb5_boolean       include_pac;
1299 } krb5_pa_pac_req;
1300 
1301 /*
1302  * begin "safepriv.h"
1303  */
1304 
1305 #define KRB5_AUTH_CONTEXT_DO_TIME	0x00000001
1306 #define KRB5_AUTH_CONTEXT_RET_TIME	0x00000002
1307 #define KRB5_AUTH_CONTEXT_DO_SEQUENCE	0x00000004
1308 #define KRB5_AUTH_CONTEXT_RET_SEQUENCE	0x00000008
1309 #define KRB5_AUTH_CONTEXT_PERMIT_ALL	0x00000010
1310 #define KRB5_AUTH_CONTEXT_USE_SUBKEY	0x00000020
1311 
1312 typedef struct krb5_replay_data {
1313     krb5_timestamp	timestamp;
1314     krb5_int32		usec;
1315     krb5_int32		seq;
1316 } krb5_replay_data;
1317 
1318 /* flags for krb5_auth_con_genaddrs() */
1319 #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR		0x00000001
1320 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR		0x00000002
1321 #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR	0x00000004
1322 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR	0x00000008
1323 
1324 /* type of function used as a callback to generate checksum data for
1325  * mk_req */
1326 
1327 typedef krb5_error_code
1328 (KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *,
1329 			       krb5_data **);
1330 
1331 /*
1332  * end "safepriv.h"
1333  */
1334 
1335 
1336 /*
1337  * begin "ccache.h"
1338  */
1339 
1340 typedef	krb5_pointer	krb5_cc_cursor;	/* cursor for sequential lookup */
1341 
1342 struct _krb5_ccache;
1343 typedef struct _krb5_ccache *krb5_ccache;
1344 struct _krb5_cc_ops;
1345 typedef struct _krb5_cc_ops krb5_cc_ops;
1346 
1347 /* for retrieve_cred */
1348 #define	KRB5_TC_MATCH_TIMES		0x00000001
1349 #define	KRB5_TC_MATCH_IS_SKEY		0x00000002
1350 #define	KRB5_TC_MATCH_FLAGS		0x00000004
1351 #define	KRB5_TC_MATCH_TIMES_EXACT	0x00000008
1352 #define	KRB5_TC_MATCH_FLAGS_EXACT	0x00000010
1353 #define	KRB5_TC_MATCH_AUTHDATA		0x00000020
1354 #define	KRB5_TC_MATCH_SRV_NAMEONLY	0x00000040
1355 #define	KRB5_TC_MATCH_2ND_TKT		0x00000080
1356 #define	KRB5_TC_MATCH_KTYPE		0x00000100
1357 #define KRB5_TC_SUPPORTED_KTYPES	0x00000200
1358 
1359 /* for set_flags and other functions */
1360 #define KRB5_TC_OPENCLOSE		0x00000001
1361 #define KRB5_TC_NOTICKET                0x00000002
1362 
1363 
1364 krb5_error_code KRB5_CALLCONV
1365 krb5_cc_gen_new (krb5_context context, krb5_ccache *cache);
1366 
1367 krb5_error_code KRB5_CALLCONV
1368 krb5_cc_initialize(krb5_context context, krb5_ccache cache,
1369 		   krb5_principal principal);
1370 
1371 krb5_error_code KRB5_CALLCONV
1372 krb5_cc_destroy (krb5_context context, krb5_ccache cache);
1373 
1374 krb5_error_code KRB5_CALLCONV
1375 krb5_cc_close (krb5_context context, krb5_ccache cache);
1376 
1377 krb5_error_code KRB5_CALLCONV
1378 krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
1379                     krb5_creds *creds);
1380 
1381 krb5_error_code KRB5_CALLCONV
1382 krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache,
1383 		       krb5_flags flags, krb5_creds *mcreds,
1384 		       krb5_creds *creds);
1385 
1386 krb5_error_code KRB5_CALLCONV
1387 krb5_cc_get_principal (krb5_context context, krb5_ccache cache,
1388 		       krb5_principal *principal);
1389 
1390 krb5_error_code KRB5_CALLCONV
1391 krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache,
1392 		       krb5_cc_cursor *cursor);
1393 
1394 krb5_error_code KRB5_CALLCONV
1395 krb5_cc_next_cred (krb5_context context, krb5_ccache cache,
1396 		   krb5_cc_cursor *cursor, krb5_creds *creds);
1397 
1398 krb5_error_code KRB5_CALLCONV
1399 krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache,
1400 		     krb5_cc_cursor *cursor);
1401 
1402 krb5_error_code KRB5_CALLCONV
1403 krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags,
1404 		     krb5_creds *creds);
1405 
1406 krb5_error_code KRB5_CALLCONV
1407 krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags);
1408 
1409 krb5_error_code KRB5_CALLCONV
1410 krb5_cc_get_flags (krb5_context context, krb5_ccache cache, krb5_flags *flags);
1411 
1412 const char * KRB5_CALLCONV
1413 krb5_cc_get_type (krb5_context context, krb5_ccache cache);
1414 
1415 /* SUNW14resync - add_cred.c needs this func */
1416 const char * KRB5_CALLCONV
1417 krb5_cc_get_name (krb5_context context, krb5_ccache cache);
1418 
1419 krb5_error_code KRB5_CALLCONV
1420 krb5_cc_new_unique(
1421     krb5_context context,
1422     const char *type,
1423     const char *hint,
1424     krb5_ccache *id);
1425 
1426 /*
1427  * end "ccache.h"
1428  */
1429 
1430 /*
1431  * begin "rcache.h"
1432  */
1433 
1434 struct krb5_rc_st;
1435 typedef struct krb5_rc_st *krb5_rcache;
1436 
1437 /*
1438  * end "rcache.h"
1439  */
1440 
1441 /*
1442  * begin "keytab.h"
1443  */
1444 
1445 
1446 /* XXX */
1447 #define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */
1448 
1449 typedef krb5_pointer krb5_kt_cursor;	/* XXX */
1450 
1451 typedef struct krb5_keytab_entry_st {
1452     krb5_magic magic;
1453     krb5_principal principal;	/* principal of this key */
1454     krb5_timestamp timestamp;	/* time entry written to keytable */
1455     krb5_kvno vno;		/* key version number */
1456     krb5_keyblock key;		/* the secret key */
1457 } krb5_keytab_entry;
1458 
1459 #if KRB5_PRIVATE
1460 struct _krb5_kt_ops;
1461 typedef struct _krb5_kt {	/* should move into k5-int.h */
1462     krb5_magic magic;
1463     const struct _krb5_kt_ops *ops;
1464     krb5_pointer data;
1465 } *krb5_keytab;
1466 #else
1467 struct _krb5_kt;
1468 typedef struct _krb5_kt *krb5_keytab;
1469 #endif
1470 
1471 char * KRB5_CALLCONV
1472 krb5_kt_get_type (krb5_context, krb5_keytab keytab);
1473 krb5_error_code KRB5_CALLCONV
1474 krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name,
1475 		 unsigned int namelen);
1476 krb5_error_code KRB5_CALLCONV
1477 krb5_kt_close(krb5_context context, krb5_keytab keytab);
1478 krb5_error_code KRB5_CALLCONV
1479 krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
1480 		  krb5_const_principal principal, krb5_kvno vno,
1481 		  krb5_enctype enctype, krb5_keytab_entry *entry);
1482 krb5_error_code KRB5_CALLCONV
1483 krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
1484 		      krb5_kt_cursor *cursor);
1485 krb5_error_code KRB5_CALLCONV
1486 krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
1487 		   krb5_keytab_entry *entry, krb5_kt_cursor *cursor);
1488 krb5_error_code KRB5_CALLCONV
1489 krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
1490 		    krb5_kt_cursor *cursor);
1491 /* Solaris Kerberos */
1492 krb5_error_code
1493 krb5_kt_find_realm(krb5_context context, krb5_keytab keytab,
1494 		  krb5_principal princ, krb5_data *realm);
1495 
1496 /*
1497  * end "keytab.h"
1498  */
1499 
1500 /*
1501  * begin "func-proto.h"
1502  */
1503 
1504 /* Solaris Kerberos */
1505 krb5_error_code krb5_init_ef_handle(krb5_context);
1506 krb5_error_code krb5_free_ef_handle(krb5_context);
1507 
1508 krb5_boolean krb5_privacy_allowed(void);
1509 
1510 /*
1511  * Solaris Kerberos:
1512  * krb5_copy_keyblock_data is a new routine to hide the details
1513  * of a keyblock copy operation.
1514  */
1515 krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_data
1516 	(krb5_context,
1517 		const krb5_keyblock *,
1518 		krb5_keyblock *);
1519 
1520 
1521 
1522 krb5_error_code KRB5_CALLCONV krb5_init_context
1523 	(krb5_context *);
1524 krb5_error_code KRB5_CALLCONV krb5_init_secure_context
1525 	(krb5_context *);
1526 void KRB5_CALLCONV krb5_free_context
1527 	(krb5_context);
1528 
1529 #if KRB5_PRIVATE
1530 krb5_error_code krb5_set_default_in_tkt_ktypes
1531 	(krb5_context,
1532 		const krb5_enctype *);
1533 krb5_error_code krb5_get_default_in_tkt_ktypes
1534 	(krb5_context,
1535 		krb5_enctype **);
1536 
1537 krb5_error_code krb5_set_default_tgs_ktypes
1538 	(krb5_context,
1539 		const krb5_enctype *);
1540 #endif
1541 
1542 krb5_error_code KRB5_CALLCONV
1543 krb5_set_default_tgs_enctypes
1544 	(krb5_context,
1545 		const krb5_enctype *);
1546 #if KRB5_PRIVATE
1547 krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes
1548 	(krb5_context,
1549 		krb5_const_principal,
1550 		krb5_enctype **);
1551 #endif
1552 
1553 krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes
1554 	(krb5_context, krb5_enctype **);
1555 
1556 #if KRB5_PRIVATE
1557 void KRB5_CALLCONV krb5_free_ktypes
1558 	(krb5_context, krb5_enctype *);
1559 
1560 krb5_boolean krb5_is_permitted_enctype
1561 	(krb5_context, krb5_enctype);
1562 #endif
1563 
1564 krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void);
1565 
1566 /* libkrb.spec */
1567 #if KRB5_PRIVATE
1568 krb5_error_code krb5_kdc_rep_decrypt_proc
1569 	(krb5_context,
1570 		const krb5_keyblock *,
1571 		krb5_const_pointer,
1572 		krb5_kdc_rep * );
1573 krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part
1574 	(krb5_context,
1575 		const krb5_keyblock *,
1576 		krb5_ticket * );
1577 krb5_error_code krb5_get_cred_from_kdc
1578 	(krb5_context,
1579 		krb5_ccache,		/* not const, as reading may save
1580 					   state */
1581 		krb5_creds *,
1582 		krb5_creds **,
1583 		krb5_creds *** );
1584 krb5_error_code krb5_get_cred_from_kdc_validate
1585 	(krb5_context,
1586 		krb5_ccache,		/* not const, as reading may save
1587 					   state */
1588 		krb5_creds *,
1589 		krb5_creds **,
1590 		krb5_creds *** );
1591 krb5_error_code krb5_get_cred_from_kdc_renew
1592 	(krb5_context,
1593 		krb5_ccache,		/* not const, as reading may save
1594 					   state */
1595 		krb5_creds *,
1596 		krb5_creds **,
1597 		krb5_creds *** );
1598 #endif
1599 
1600 void KRB5_CALLCONV krb5_free_tgt_creds
1601 	(krb5_context,
1602 	 krb5_creds **); /* XXX too hard to do with const */
1603 
1604 #define	KRB5_GC_USER_USER	1	/* want user-user ticket */
1605 #define	KRB5_GC_CACHED		2	/* want cached ticket only */
1606 
1607 krb5_error_code KRB5_CALLCONV krb5_get_credentials
1608 	(krb5_context,
1609 		krb5_flags,
1610 		krb5_ccache,
1611 		krb5_creds *,
1612 		krb5_creds **);
1613 krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate
1614 	(krb5_context,
1615 		krb5_flags,
1616 		krb5_ccache,
1617 		krb5_creds *,
1618 		krb5_creds **);
1619 krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew
1620 	(krb5_context,
1621 		krb5_flags,
1622 		krb5_ccache,
1623 		krb5_creds *,
1624 		krb5_creds **);
1625 #if KRB5_PRIVATE
1626 krb5_error_code krb5_get_cred_via_tkt
1627 	(krb5_context,
1628 		   krb5_creds *,
1629 		   krb5_flags,
1630 		   krb5_address * const *,
1631 		   krb5_creds *,
1632 		   krb5_creds **);
1633 #endif
1634 krb5_error_code KRB5_CALLCONV krb5_mk_req
1635 	(krb5_context,
1636 		krb5_auth_context *,
1637 		krb5_flags,
1638 		char *,
1639 		char *,
1640 		krb5_data *,
1641 		krb5_ccache,
1642 		krb5_data * );
1643 krb5_error_code KRB5_CALLCONV krb5_mk_req_extended
1644 	(krb5_context,
1645 		krb5_auth_context *,
1646 		krb5_flags,
1647 		krb5_data *,
1648 		krb5_creds *,
1649 		krb5_data * );
1650 krb5_error_code KRB5_CALLCONV krb5_mk_rep
1651 	(krb5_context,
1652 		krb5_auth_context,
1653 		krb5_data *);
1654 krb5_error_code KRB5_CALLCONV krb5_rd_rep
1655 	(krb5_context,
1656 		krb5_auth_context,
1657 		const krb5_data *,
1658 		krb5_ap_rep_enc_part **);
1659 krb5_error_code KRB5_CALLCONV krb5_mk_error
1660 	(krb5_context,
1661 		const krb5_error *,
1662 		krb5_data * );
1663 krb5_error_code KRB5_CALLCONV krb5_rd_error
1664 	(krb5_context,
1665 		const krb5_data *,
1666 		krb5_error ** );
1667 krb5_error_code KRB5_CALLCONV krb5_rd_safe
1668 	(krb5_context,
1669 		krb5_auth_context,
1670 		const krb5_data *,
1671 		krb5_data *,
1672 		krb5_replay_data *);
1673 krb5_error_code KRB5_CALLCONV krb5_rd_priv
1674 	(krb5_context,
1675 		krb5_auth_context,
1676 		const krb5_data *,
1677 		krb5_data *,
1678 		krb5_replay_data *);
1679 krb5_error_code KRB5_CALLCONV krb5_parse_name
1680 	(krb5_context,
1681 		const char *,
1682 		krb5_principal * );
1683 #define KRB5_PRINCIPAL_PARSE_NO_REALM           0x1
1684 #define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM      0x2
1685 #define KRB5_PRINCIPAL_PARSE_ENTERPRISE         0x4
1686 krb5_error_code KRB5_CALLCONV krb5_parse_name_flags
1687 	(krb5_context,
1688 	const char *,
1689 	int,
1690 	krb5_principal * );
1691 krb5_error_code KRB5_CALLCONV krb5_unparse_name
1692 	(krb5_context,
1693 		krb5_const_principal,
1694 		char ** );
1695 krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext
1696 	(krb5_context,
1697 		krb5_const_principal,
1698 		char **,
1699 		unsigned int *);
1700 #define KRB5_PRINCIPAL_UNPARSE_SHORT            0x1
1701 #define KRB5_PRINCIPAL_UNPARSE_NO_REALM         0x2
1702 #define KRB5_PRINCIPAL_UNPARSE_DISPLAY          0x4
1703 krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags
1704         (krb5_context,
1705                 krb5_const_principal,
1706                 int,
1707                 char **);
1708 krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags_ext
1709         (krb5_context,
1710                 krb5_const_principal,
1711                 int,
1712                 char **,
1713                 unsigned int *);
1714 
1715 krb5_error_code KRB5_CALLCONV krb5_set_principal_realm
1716 	(krb5_context, krb5_principal, const char *);
1717 
1718 krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search
1719 	(krb5_context,
1720 		const krb5_address *,
1721 		krb5_address * const *);
1722 krb5_boolean KRB5_CALLCONV krb5_address_compare
1723 	(krb5_context,
1724 		const krb5_address *,
1725 		const krb5_address *);
1726 int KRB5_CALLCONV krb5_address_order
1727 	(krb5_context,
1728 		const krb5_address *,
1729 		const krb5_address *);
1730 krb5_boolean KRB5_CALLCONV krb5_realm_compare
1731 	(krb5_context,
1732 		krb5_const_principal,
1733 		krb5_const_principal);
1734 krb5_boolean KRB5_CALLCONV krb5_principal_compare
1735 	(krb5_context,
1736 		krb5_const_principal,
1737 		krb5_const_principal);
1738 krb5_error_code KRB5_CALLCONV  krb5_init_keyblock
1739 		(krb5_context, krb5_enctype enctype,
1740 		size_t length, krb5_keyblock **out);
1741   		/* Initialize a new keyblock and allocate storage
1742 		 * for the contents of the key, which will be freed along
1743 		 * with the keyblock when krb5_free_keyblock is called.
1744 		 * It is legal to pass in a length of 0, in which
1745 		 * case contents are left unallocated.
1746 		 */
1747 
1748 /*
1749  * Solaris Kerberos
1750  * Start - keyblock API (MIT will ship this also in a future release)
1751  */
1752 /*
1753  * Similiar to krb5_init_keyblock but this routine expects the
1754  * keyblock to already be allocated.
1755  */
1756 krb5_error_code KRB5_CALLCONV krb5_init_allocated_keyblock
1757         (krb5_context,
1758 	        krb5_enctype,
1759 	        unsigned int,
1760                 krb5_keyblock *);
1761 
1762 krb5_enctype KRB5_CALLCONV krb5_get_key_enctype
1763         (krb5_keyblock *);
1764 
1765 unsigned int KRB5_CALLCONV krb5_get_key_length
1766         (krb5_keyblock *);
1767 
1768 krb5_octet KRB5_CALLCONV *krb5_get_key_data
1769         (krb5_keyblock *);
1770 
1771 void KRB5_CALLCONV krb5_set_key_enctype
1772         (krb5_keyblock *,
1773                  krb5_enctype);
1774 
1775 void KRB5_CALLCONV krb5_set_key_data
1776         (krb5_keyblock *,
1777                  krb5_octet *);
1778 
1779 void KRB5_CALLCONV krb5_set_key_length
1780         (krb5_keyblock *,
1781                  unsigned int);
1782 /*
1783  * Solaris Kerberos
1784  * End - keyblock API
1785  */
1786 
1787 krb5_error_code KRB5_CALLCONV krb5_copy_keyblock
1788 	(krb5_context,
1789 		const krb5_keyblock *,
1790 		krb5_keyblock **);
1791 krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents
1792 	(krb5_context,
1793 		const krb5_keyblock *,
1794 		krb5_keyblock *);
1795 krb5_error_code KRB5_CALLCONV krb5_copy_creds
1796 	(krb5_context,
1797 		const krb5_creds *,
1798 		krb5_creds **);
1799 krb5_error_code KRB5_CALLCONV krb5_copy_data
1800 	(krb5_context,
1801 		const krb5_data *,
1802 		krb5_data **);
1803 krb5_error_code KRB5_CALLCONV krb5_copy_principal
1804 	(krb5_context,
1805 		krb5_const_principal,
1806 		krb5_principal *);
1807 #if KRB5_PRIVATE
1808 krb5_error_code KRB5_CALLCONV krb5_copy_addr
1809 	(krb5_context,
1810 		const krb5_address *,
1811 		krb5_address **);
1812 #endif
1813 krb5_error_code KRB5_CALLCONV krb5_copy_addresses
1814 	(krb5_context,
1815 		krb5_address * const *,
1816 		krb5_address ***);
1817 krb5_error_code KRB5_CALLCONV krb5_copy_ticket
1818 	(krb5_context,
1819 		const krb5_ticket *,
1820 		krb5_ticket **);
1821 krb5_error_code KRB5_CALLCONV krb5_copy_authdata
1822 	(krb5_context,
1823 		krb5_authdata * const *,
1824 		krb5_authdata ***);
1825 krb5_error_code KRB5_CALLCONV krb5_merge_authdata
1826 	(krb5_context,
1827 	krb5_authdata * const *,
1828 	krb5_authdata *const *,
1829 	krb5_authdata ***);
1830 /* Merge two authdata arrays, such as the array from a ticket
1831  * and authenticator */
1832 
1833 krb5_error_code KRB5_CALLCONV krb5_copy_authenticator
1834 	(krb5_context,
1835 		const krb5_authenticator *,
1836 		krb5_authenticator **);
1837 krb5_error_code KRB5_CALLCONV krb5_copy_checksum
1838 	(krb5_context,
1839 		const krb5_checksum *,
1840 		krb5_checksum **);
1841 #if KRB5_PRIVATE
1842 void krb5_init_ets
1843 	(krb5_context);
1844 void krb5_free_ets
1845 	(krb5_context);
1846 krb5_error_code krb5_generate_subkey
1847 	(krb5_context,
1848 		const krb5_keyblock *, krb5_keyblock **);
1849 krb5_error_code krb5_generate_seq_number
1850 	(krb5_context,
1851 		const krb5_keyblock *, krb5_ui_4 *);
1852 #endif
1853 krb5_error_code KRB5_CALLCONV krb5_get_server_rcache
1854 	(krb5_context,
1855 		const krb5_data *, krb5_rcache *);
1856 krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext
1857 	(krb5_context, krb5_principal *, unsigned int, const char *, ...);
1858 krb5_error_code KRB5_CALLCONV_C krb5_build_principal
1859 	(krb5_context, krb5_principal *, unsigned int, const char *, ...);
1860 #ifdef va_start
1861 /* XXX depending on varargs include file defining va_start... */
1862 krb5_error_code KRB5_CALLCONV krb5_build_principal_va
1863 	(krb5_context,
1864 		krb5_principal, unsigned int, const char *, va_list);
1865 #endif
1866 
1867 krb5_error_code KRB5_CALLCONV krb5_425_conv_principal
1868 	(krb5_context,
1869 		const char *name,
1870 		const char *instance, const char *realm,
1871 		krb5_principal *princ);
1872 
1873 krb5_error_code KRB5_CALLCONV krb5_524_conv_principal
1874 	(krb5_context context, krb5_const_principal princ,
1875 		char *name, char *inst, char *realm);
1876 
1877 struct credentials;
1878 int KRB5_CALLCONV krb5_524_convert_creds
1879 	(krb5_context context, krb5_creds *v5creds,
1880 	 struct credentials *v4creds);
1881 #if KRB5_DEPRECATED
1882 #define krb524_convert_creds_kdc krb5_524_convert_creds
1883 #define krb524_init_ets(x) (0)
1884 #endif
1885 
1886 /* libkt.spec */
1887 #if KRB5_PRIVATE
1888 krb5_error_code KRB5_CALLCONV krb5_kt_register
1889 	(krb5_context,
1890 		const struct _krb5_kt_ops * );
1891 #endif
1892 
1893 krb5_error_code KRB5_CALLCONV krb5_kt_resolve
1894 	(krb5_context,
1895 		const char *,
1896 		krb5_keytab * );
1897 krb5_error_code KRB5_CALLCONV krb5_kt_default_name
1898 	(krb5_context,
1899 		char *,
1900 		int );
1901 krb5_error_code KRB5_CALLCONV krb5_kt_default
1902 	(krb5_context,
1903 		krb5_keytab * );
1904 krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents
1905 	(krb5_context,
1906 		krb5_keytab_entry * );
1907 #if KRB5_PRIVATE
1908 /* use krb5_free_keytab_entry_contents instead */
1909 krb5_error_code KRB5_CALLCONV krb5_kt_free_entry
1910 	(krb5_context,
1911 		krb5_keytab_entry * );
1912 #endif
1913 /* remove and add are functions, so that they can return NOWRITE
1914    if not a writable keytab */
1915 krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry
1916 	(krb5_context,
1917 		krb5_keytab,
1918 		krb5_keytab_entry * );
1919 krb5_error_code KRB5_CALLCONV krb5_kt_add_entry
1920 	(krb5_context,
1921 		krb5_keytab,
1922 		krb5_keytab_entry * );
1923 krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt
1924 	(krb5_context,
1925 		krb5_const_principal, krb5_data *);
1926 #if KRB5_PRIVATE
1927 krb5_error_code krb5_principal2salt_norealm
1928 	(krb5_context,
1929 		krb5_const_principal, krb5_data *);
1930 #endif
1931 /* librc.spec--see rcache.h */
1932 
1933 /* libcc.spec */
1934 krb5_error_code KRB5_CALLCONV krb5_cc_resolve
1935 	(krb5_context,
1936 		const char *,
1937 		krb5_ccache * );
1938 const char * KRB5_CALLCONV krb5_cc_default_name
1939 	(krb5_context);
1940 krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name
1941 	(krb5_context, const char *);
1942 krb5_error_code KRB5_CALLCONV krb5_cc_default
1943 	(krb5_context,
1944 		krb5_ccache *);
1945 #if KRB5_PRIVATE
1946 unsigned int KRB5_CALLCONV krb5_get_notification_message
1947 	(void);
1948 #endif
1949 
1950 krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds
1951 	(krb5_context context,
1952 			krb5_ccache incc,
1953 			krb5_ccache outcc);
1954 
1955 
1956 /* chk_trans.c */
1957 #if KRB5_PRIVATE
1958 krb5_error_code krb5_check_transited_list
1959 	(krb5_context, const krb5_data *trans,
1960 	 const krb5_data *realm1, const krb5_data *realm2);
1961 #endif
1962 
1963 /* free_rtree.c */
1964 #if KRB5_PRIVATE
1965 void krb5_free_realm_tree
1966 	(krb5_context,
1967 		krb5_principal *);
1968 #endif
1969 
1970 /* krb5_free.c */
1971 void KRB5_CALLCONV krb5_free_principal
1972 	(krb5_context, krb5_principal );
1973 void KRB5_CALLCONV krb5_free_authenticator
1974 	(krb5_context, krb5_authenticator * );
1975 #if KRB5_PRIVATE
1976 void KRB5_CALLCONV krb5_free_authenticator_contents
1977 	(krb5_context, krb5_authenticator * );
1978 #endif
1979 void KRB5_CALLCONV krb5_free_addresses
1980 	(krb5_context, krb5_address ** );
1981 #if KRB5_PRIVATE
1982 void KRB5_CALLCONV krb5_free_address
1983 	(krb5_context, krb5_address * );
1984 #endif
1985 void KRB5_CALLCONV krb5_free_authdata
1986 	(krb5_context, krb5_authdata ** );
1987 #if KRB5_PRIVATE
1988 void KRB5_CALLCONV krb5_free_enc_tkt_part
1989 	(krb5_context, krb5_enc_tkt_part * );
1990 #endif
1991 void KRB5_CALLCONV krb5_free_ticket
1992 	(krb5_context, krb5_ticket * );
1993 #if KRB5_PRIVATE
1994 void KRB5_CALLCONV krb5_free_tickets
1995 	(krb5_context, krb5_ticket ** );
1996 void KRB5_CALLCONV krb5_free_kdc_req
1997 	(krb5_context, krb5_kdc_req * );
1998 void KRB5_CALLCONV krb5_free_kdc_rep
1999 	(krb5_context, krb5_kdc_rep * );
2000 void KRB5_CALLCONV krb5_free_last_req
2001 	(krb5_context, krb5_last_req_entry ** );
2002 void KRB5_CALLCONV krb5_free_enc_kdc_rep_part
2003 	(krb5_context, krb5_enc_kdc_rep_part * );
2004 #endif
2005 void KRB5_CALLCONV krb5_free_error
2006 	(krb5_context, krb5_error * );
2007 #if KRB5_PRIVATE
2008 void KRB5_CALLCONV krb5_free_ap_req
2009 	(krb5_context, krb5_ap_req * );
2010 void KRB5_CALLCONV krb5_free_ap_rep
2011 	(krb5_context, krb5_ap_rep * );
2012 void KRB5_CALLCONV krb5_free_cred
2013 	(krb5_context, krb5_cred *);
2014 #endif
2015 void KRB5_CALLCONV krb5_free_creds
2016 	(krb5_context, krb5_creds *);
2017 void KRB5_CALLCONV krb5_free_cred_contents
2018 	(krb5_context, krb5_creds *);
2019 #if KRB5_PRIVATE
2020 void KRB5_CALLCONV krb5_free_cred_enc_part
2021 	(krb5_context, krb5_cred_enc_part *);
2022 #endif
2023 void KRB5_CALLCONV krb5_free_checksum
2024 	(krb5_context, krb5_checksum *);
2025 void KRB5_CALLCONV krb5_free_checksum_contents
2026 	(krb5_context, krb5_checksum *);
2027 void KRB5_CALLCONV krb5_free_keyblock
2028 	(krb5_context, krb5_keyblock *);
2029 void KRB5_CALLCONV krb5_free_keyblock_contents
2030 	(krb5_context, krb5_keyblock *);
2031 #if KRB5_PRIVATE
2032 void KRB5_CALLCONV krb5_free_pa_data
2033 	(krb5_context, krb5_pa_data **);
2034 #endif
2035 void KRB5_CALLCONV krb5_free_ap_rep_enc_part
2036 	(krb5_context, krb5_ap_rep_enc_part *);
2037 #if KRB5_PRIVATE
2038 void KRB5_CALLCONV krb5_free_tkt_authent
2039 	(krb5_context, krb5_tkt_authent *);
2040 void KRB5_CALLCONV krb5_free_pwd_data
2041 	(krb5_context, krb5_pwd_data *);
2042 void KRB5_CALLCONV krb5_free_pwd_sequences
2043 	(krb5_context, passwd_phrase_element **);
2044 #endif
2045 void KRB5_CALLCONV krb5_free_data
2046 	(krb5_context, krb5_data *);
2047 void KRB5_CALLCONV krb5_free_data_contents
2048 	(krb5_context, krb5_data *);
2049 void KRB5_CALLCONV krb5_free_unparsed_name
2050 	(krb5_context, char *);
2051 void KRB5_CALLCONV krb5_free_cksumtypes
2052 	(krb5_context, krb5_cksumtype *);
2053 
2054 /* From krb5/os but needed but by the outside world */
2055 krb5_error_code KRB5_CALLCONV krb5_us_timeofday
2056 	(krb5_context,
2057 		krb5_int32 *,
2058 		krb5_int32 * );
2059 krb5_error_code KRB5_CALLCONV krb5_timeofday
2060 	(krb5_context,
2061 		krb5_int32 * );
2062 		 /* get all the addresses of this host */
2063 krb5_error_code KRB5_CALLCONV krb5_os_localaddr
2064 	(krb5_context,
2065 		krb5_address ***);
2066 krb5_error_code KRB5_CALLCONV krb5_get_default_realm
2067 	(krb5_context,
2068 		 char ** );
2069 krb5_error_code KRB5_CALLCONV krb5_set_default_realm
2070 	(krb5_context,
2071 		   const char * );
2072 void KRB5_CALLCONV krb5_free_default_realm
2073 	(krb5_context,
2074 		   char * );
2075 krb5_error_code KRB5_CALLCONV krb5_sname_to_principal
2076 	(krb5_context,
2077 		const char *,
2078 		   const char *,
2079 		   krb5_int32,
2080 		   krb5_principal *);
2081 krb5_error_code KRB5_CALLCONV
2082 krb5_change_password
2083 	(krb5_context context, krb5_creds *creds, char *newpw,
2084 			int *result_code, krb5_data *result_code_string,
2085 			krb5_data *result_string);
2086 krb5_error_code KRB5_CALLCONV
2087 krb5_set_password
2088 	(krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for,
2089 			int *result_code, krb5_data *result_code_string, krb5_data *result_string);
2090 krb5_error_code KRB5_CALLCONV
2091 krb5_set_password_using_ccache
2092 	(krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for,
2093 			int *result_code, krb5_data *result_code_string, krb5_data *result_string);
2094 
2095 #if KRB5_PRIVATE
2096 krb5_error_code krb5_set_config_files
2097 	(krb5_context, const char **);
2098 
2099 krb5_error_code KRB5_CALLCONV krb5_get_default_config_files
2100 	(char ***filenames);
2101 
2102 void KRB5_CALLCONV krb5_free_config_files
2103 	(char **filenames);
2104 #endif
2105 
2106 krb5_error_code KRB5_CALLCONV
2107 krb5_get_profile
2108 	(krb5_context, struct _profile_t * /* profile_t */ *);
2109 
2110 #if KRB5_PRIVATE
2111 krb5_error_code krb5_send_tgs
2112 	(krb5_context,
2113 		krb5_flags,
2114 		const krb5_ticket_times *,
2115 		const krb5_enctype *,
2116 		krb5_const_principal,
2117 		krb5_address * const *,
2118 		krb5_authdata * const *,
2119 		krb5_pa_data * const *,
2120 		const krb5_data *,
2121 		krb5_creds *,
2122 		krb5_response * );
2123 #endif
2124 
2125 #if KRB5_DEPRECATED
2126 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt
2127 	(krb5_context,
2128 		krb5_flags,
2129 		krb5_address * const *,
2130 		krb5_enctype *,
2131 		krb5_preauthtype *,
2132 		krb5_error_code ( * )(krb5_context,
2133 					krb5_enctype,
2134 					krb5_data *,
2135 					krb5_const_pointer,
2136 					krb5_keyblock **),
2137 		krb5_const_pointer,
2138 		krb5_error_code ( * )(krb5_context,
2139 					const krb5_keyblock *,
2140 					krb5_const_pointer,
2141 					krb5_kdc_rep * ),
2142 		krb5_const_pointer,
2143 		krb5_creds *,
2144 		krb5_ccache,
2145 		krb5_kdc_rep ** );
2146 
2147 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password
2148 	(krb5_context,
2149 		krb5_flags,
2150 		krb5_address * const *,
2151 		krb5_enctype *,
2152 		krb5_preauthtype *,
2153 		const char *,
2154 		krb5_ccache,
2155 		krb5_creds *,
2156 		krb5_kdc_rep ** );
2157 
2158 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey
2159 	(krb5_context,
2160 		krb5_flags,
2161 		krb5_address * const *,
2162 		krb5_enctype *,
2163 		krb5_preauthtype *,
2164 		const krb5_keyblock *,
2165 		krb5_ccache,
2166 		krb5_creds *,
2167 		krb5_kdc_rep ** );
2168 
2169 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab
2170 	(krb5_context,
2171 		krb5_flags,
2172 		krb5_address * const *,
2173 		krb5_enctype *,
2174 		krb5_preauthtype *,
2175 		krb5_keytab,
2176 		krb5_ccache,
2177 		krb5_creds *,
2178 		krb5_kdc_rep ** );
2179 #endif /* KRB5_DEPRECATED */
2180 
2181 #if KRB5_PRIVATE
2182 krb5_error_code krb5_decode_kdc_rep
2183 	(krb5_context,
2184 		krb5_data *,
2185 		const krb5_keyblock *,
2186 		krb5_kdc_rep ** );
2187 #endif
2188 
2189 krb5_error_code KRB5_CALLCONV krb5_rd_req
2190 	(krb5_context,
2191 		krb5_auth_context *,
2192 		const krb5_data *,
2193 		krb5_const_principal,
2194 		krb5_keytab,
2195 		krb5_flags *,
2196 		krb5_ticket **);
2197 
2198 #if KRB5_PRIVATE
2199 krb5_error_code krb5_rd_req_decoded
2200 	(krb5_context,
2201 		krb5_auth_context *,
2202 		const krb5_ap_req *,
2203 		krb5_const_principal,
2204 		krb5_keytab,
2205 		krb5_flags *,
2206 		krb5_ticket **);
2207 
2208 krb5_error_code krb5_rd_req_decoded_anyflag
2209 	(krb5_context,
2210 		krb5_auth_context *,
2211 		const krb5_ap_req *,
2212 		krb5_const_principal,
2213 		krb5_keytab,
2214 		krb5_flags *,
2215 		krb5_ticket **);
2216 #endif
2217 
2218 krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key
2219 	(krb5_context,
2220 		krb5_pointer,
2221 		krb5_principal,
2222 		krb5_kvno,
2223 		krb5_enctype,
2224 		krb5_keyblock **);
2225 krb5_error_code KRB5_CALLCONV krb5_mk_safe
2226 	(krb5_context,
2227 		krb5_auth_context,
2228 		const krb5_data *,
2229 		krb5_data *,
2230 		krb5_replay_data *);
2231 krb5_error_code KRB5_CALLCONV krb5_mk_priv
2232 	(krb5_context,
2233 		krb5_auth_context,
2234 		const krb5_data *,
2235 		krb5_data *,
2236 		krb5_replay_data *);
2237 #if KRB5_PRIVATE
2238 krb5_error_code KRB5_CALLCONV krb5_cc_register
2239 	(krb5_context,
2240 		krb5_cc_ops *,
2241 		krb5_boolean );
2242 #endif
2243 
2244 krb5_error_code KRB5_CALLCONV krb5_sendauth
2245 	(krb5_context,
2246 		krb5_auth_context *,
2247 		krb5_pointer,
2248 		char *,
2249 		krb5_principal,
2250 		krb5_principal,
2251 		krb5_flags,
2252 		krb5_data *,
2253 		krb5_creds *,
2254 		krb5_ccache,
2255 		krb5_error **,
2256 		krb5_ap_rep_enc_part **,
2257 		krb5_creds **);
2258 
2259 krb5_error_code KRB5_CALLCONV krb5_recvauth
2260 	(krb5_context,
2261 		krb5_auth_context *,
2262 		krb5_pointer,
2263 		char *,
2264 		krb5_principal,
2265 		krb5_int32,
2266 		krb5_keytab,
2267 		krb5_ticket **);
2268 krb5_error_code KRB5_CALLCONV krb5_recvauth_version
2269 	(krb5_context,
2270 		krb5_auth_context *,
2271 		krb5_pointer,
2272 		krb5_principal,
2273 		krb5_int32,
2274 		krb5_keytab,
2275 		krb5_ticket **,
2276 		krb5_data *);
2277 
2278 #if KRB5_PRIVATE
2279 krb5_error_code krb5_walk_realm_tree
2280 	(krb5_context,
2281 		const krb5_data *,
2282 		const krb5_data *,
2283 		krb5_principal **,
2284 		int);
2285 #endif
2286 
2287 krb5_error_code KRB5_CALLCONV krb5_mk_ncred
2288 	(krb5_context,
2289 		krb5_auth_context,
2290 		krb5_creds **,
2291 		krb5_data **,
2292 		krb5_replay_data *);
2293 
2294 krb5_error_code KRB5_CALLCONV krb5_mk_1cred
2295 	(krb5_context,
2296 		krb5_auth_context,
2297 		krb5_creds *,
2298 		krb5_data **,
2299 		krb5_replay_data *);
2300 
2301 krb5_error_code KRB5_CALLCONV krb5_rd_cred
2302 	(krb5_context,
2303 		krb5_auth_context,
2304 		krb5_data *,
2305 		krb5_creds ***,
2306 		krb5_replay_data *);
2307 
2308 krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds
2309 	(krb5_context,
2310 		krb5_auth_context,
2311 		char *,
2312 		krb5_principal,
2313 		krb5_principal,
2314 		krb5_ccache,
2315 		int forwardable,
2316 		krb5_data *);
2317 
2318 krb5_error_code KRB5_CALLCONV krb5_auth_con_init
2319 	(krb5_context,
2320 		krb5_auth_context *);
2321 
2322 krb5_error_code KRB5_CALLCONV krb5_auth_con_free
2323 	(krb5_context,
2324 		krb5_auth_context);
2325 
2326 krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags
2327 	(krb5_context,
2328 		krb5_auth_context,
2329 		krb5_int32);
2330 
2331 krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags
2332 	(krb5_context,
2333 		krb5_auth_context,
2334 		krb5_int32 *);
2335 
2336 krb5_error_code KRB5_CALLCONV
2337 krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context,
2338 				 krb5_mk_req_checksum_func, void *);
2339 
2340 krb5_error_code KRB5_CALLCONV
2341 krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context,
2342 				 krb5_mk_req_checksum_func *, void **);
2343 
2344 krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs
2345 	(krb5_context,
2346 		krb5_auth_context,
2347 		krb5_address *,
2348 		krb5_address *);
2349 
2350 krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs
2351 	(krb5_context,
2352 		krb5_auth_context,
2353 		krb5_address **,
2354 		krb5_address **);
2355 
2356 krb5_error_code KRB5_CALLCONV krb5_auth_con_setports
2357 	(krb5_context,
2358 		krb5_auth_context,
2359 		krb5_address *,
2360 		krb5_address *);
2361 
2362 krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey
2363 	(krb5_context,
2364 		krb5_auth_context,
2365 		krb5_keyblock *);
2366 
2367 krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey
2368 	(krb5_context,
2369 		krb5_auth_context,
2370 		krb5_keyblock **);
2371 
2372 krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey(
2373     krb5_context, krb5_auth_context, krb5_keyblock **);
2374 
2375 krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey(
2376     krb5_context, krb5_auth_context, krb5_keyblock **);
2377 
2378 krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey(
2379     krb5_context, krb5_auth_context, krb5_keyblock *);
2380 
2381 krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey(
2382     krb5_context, krb5_auth_context, krb5_keyblock *);
2383 
2384 #if KRB5_DEPRECATED
2385 krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey
2386 	(krb5_context,
2387 		krb5_auth_context,
2388 		krb5_keyblock **);
2389 
2390 krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey
2391 	(krb5_context,
2392 		krb5_auth_context,
2393 		krb5_keyblock **);
2394 #endif
2395 
2396 #if KRB5_PRIVATE
2397 krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype
2398 	(krb5_context,
2399 		krb5_auth_context,
2400 		krb5_cksumtype);
2401 
2402 krb5_error_code krb5_auth_con_set_safe_cksumtype
2403 	(krb5_context,
2404 		krb5_auth_context,
2405 		krb5_cksumtype);
2406 #endif
2407 
2408 krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber
2409 	(krb5_context,
2410 		krb5_auth_context,
2411 		krb5_int32 *);
2412 
2413 krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber
2414 	(krb5_context,
2415 		krb5_auth_context,
2416 		krb5_int32 *);
2417 
2418 #if KRB5_DEPRECATED
2419 krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector
2420 	(krb5_context,
2421 		krb5_auth_context);
2422 #endif
2423 
2424 #if KRB5_PRIVATE
2425 krb5_error_code krb5_auth_con_setivector
2426 	(krb5_context,
2427 		krb5_auth_context,
2428 		krb5_pointer);
2429 
2430 krb5_error_code krb5_auth_con_getivector
2431 	(krb5_context,
2432 		krb5_auth_context,
2433 		krb5_pointer *);
2434 #endif
2435 
2436 krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache
2437 	(krb5_context,
2438 		krb5_auth_context,
2439 		krb5_rcache);
2440 
2441 krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache
2442 	(krb5_context,
2443 		krb5_auth_context,
2444 		krb5_rcache *);
2445 
2446 #if KRB5_PRIVATE
2447 krb5_error_code krb5_auth_con_setpermetypes
2448 	(krb5_context,
2449 	    krb5_auth_context,
2450 	    const krb5_enctype *);
2451 
2452 krb5_error_code krb5_auth_con_getpermetypes
2453 	(krb5_context,
2454 	    krb5_auth_context,
2455 	    krb5_enctype **);
2456 #endif
2457 
2458 krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator
2459 	(krb5_context,
2460 		krb5_auth_context,
2461 		krb5_authenticator **);
2462 
2463 #define KRB5_REALM_BRANCH_CHAR '.'
2464 
2465 /*
2466  * end "func-proto.h"
2467  */
2468 
2469 /*
2470  * begin stuff from libos.h
2471  */
2472 
2473 #if KRB5_PRIVATE
2474 krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *);
2475 krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *);
2476 int krb5_net_read (krb5_context, int , char *, int);
2477 int krb5_net_write (krb5_context, int , const char *, int);
2478 #endif
2479 
2480 krb5_error_code KRB5_CALLCONV krb5_read_password
2481 	(krb5_context,
2482 		const char *,
2483 		const char *,
2484 		char *,
2485 		unsigned int * );
2486 krb5_error_code KRB5_CALLCONV krb5_aname_to_localname
2487 	(krb5_context,
2488 		krb5_const_principal,
2489 		int,
2490 		char * );
2491 krb5_error_code KRB5_CALLCONV krb5_get_host_realm
2492 	(krb5_context,
2493 		const char *,
2494 		char *** );
2495 krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm
2496 	(krb5_context,
2497 		krb5_data *,
2498 		char *** );
2499 krb5_error_code KRB5_CALLCONV krb5_free_host_realm
2500 	(krb5_context,
2501 		char * const * );
2502 #if KRB5_PRIVATE
2503 krb5_error_code KRB5_CALLCONV krb5_get_realm_domain
2504 	(krb5_context,
2505 		const char *,
2506 		char ** );
2507 #endif
2508 krb5_boolean KRB5_CALLCONV krb5_kuserok
2509 	(krb5_context,
2510 		krb5_principal, const char *);
2511 krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs
2512 	(krb5_context,
2513 		krb5_auth_context,
2514 		int, int);
2515 #if KRB5_PRIVATE
2516 krb5_error_code krb5_gen_portaddr
2517 	(krb5_context,
2518 		const krb5_address *,
2519 		krb5_const_pointer,
2520 		krb5_address **);
2521 krb5_error_code krb5_gen_replay_name
2522 	(krb5_context,
2523 		const krb5_address *,
2524 		const char *,
2525 		char **);
2526 krb5_error_code krb5_make_fulladdr
2527 	(krb5_context,
2528 		krb5_address *,
2529 		krb5_address *,
2530 		krb5_address *);
2531 #endif
2532 
2533 krb5_error_code KRB5_CALLCONV krb5_set_real_time
2534 	(krb5_context, krb5_int32, krb5_int32);
2535 
2536 #if KRB5_PRIVATE
2537 krb5_error_code krb5_set_debugging_time
2538 	(krb5_context, krb5_int32, krb5_int32);
2539 krb5_error_code krb5_use_natural_time
2540 	(krb5_context);
2541 #endif
2542 krb5_error_code KRB5_CALLCONV krb5_get_time_offsets
2543 	(krb5_context, krb5_int32 *, krb5_int32 *);
2544 #if KRB5_PRIVATE
2545 krb5_error_code krb5_set_time_offsets
2546 	(krb5_context, krb5_int32, krb5_int32);
2547 #endif
2548 
2549 /* str_conv.c */
2550 krb5_error_code KRB5_CALLCONV krb5_string_to_enctype
2551 	(char *, krb5_enctype *);
2552 krb5_error_code KRB5_CALLCONV krb5_string_to_salttype
2553 	(char *, krb5_int32 *);
2554 krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype
2555 	(char *, krb5_cksumtype *);
2556 krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp
2557 	(char *, krb5_timestamp *);
2558 krb5_error_code KRB5_CALLCONV krb5_string_to_deltat
2559 	(char *, krb5_deltat *);
2560 krb5_error_code KRB5_CALLCONV krb5_enctype_to_string
2561 	(krb5_enctype, char *, size_t);
2562 /* Solaris Kerberos */
2563 krb5_error_code KRB5_CALLCONV krb5_enctype_to_istring
2564 	(krb5_enctype, char *, size_t);
2565 krb5_error_code KRB5_CALLCONV krb5_salttype_to_string
2566 	(krb5_int32, char *, size_t);
2567 krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string
2568 	(krb5_cksumtype, char *, size_t);
2569 krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string
2570 	(krb5_timestamp, char *, size_t);
2571 krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring
2572 	(krb5_timestamp, char *, size_t, char *);
2573 krb5_error_code KRB5_CALLCONV krb5_deltat_to_string
2574 	(krb5_deltat, char *, size_t);
2575 
2576 
2577 /*
2578  * end stuff from libos.h
2579  */
2580 
2581 /*
2582  * begin "k5-free.h"
2583  */
2584 
2585 /* to keep lint happy */
2586 #ifdef _KERNEL
2587 #define krb5_xfree_wrap(val,n) kmem_free((char *)(val),n)
2588 #else
2589 #define krb5_xfree_wrap(val,n) free((char *)(val))
2590 #define krb5_xfree(val) free((char *)(val))
2591 #endif
2592 
2593 /*
2594  * end "k5-free.h"
2595  */
2596 
2597 /* The name of the Kerberos ticket granting service... and its size */
2598 #define	KRB5_TGS_NAME		"krbtgt"
2599 #define KRB5_TGS_NAME_SIZE	6
2600 
2601 /* flags for recvauth */
2602 #define KRB5_RECVAUTH_SKIP_VERSION	0x0001
2603 #define KRB5_RECVAUTH_BADAUTHVERS	0x0002
2604 /* initial ticket api functions */
2605 
2606 typedef struct _krb5_prompt {
2607     char *prompt;
2608     int hidden;
2609     krb5_data *reply;
2610 } krb5_prompt;
2611 
2612 typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context,
2613 					     void *data,
2614 					     const char *name,
2615 					     const char *banner,
2616 					     int num_prompts,
2617 					     krb5_prompt prompts[]);
2618 
2619 
2620 krb5_error_code KRB5_CALLCONV
2621 krb5_prompter_posix (krb5_context context,
2622 		void *data,
2623 		const char *name,
2624 		const char *banner,
2625 		int num_prompts,
2626 		krb5_prompt prompts[]);
2627 
2628 typedef struct _krb5_get_init_creds_opt {
2629     krb5_flags flags;
2630     krb5_deltat tkt_life;
2631     krb5_deltat renew_life;
2632     int forwardable;
2633     int proxiable;
2634     krb5_enctype *etype_list;
2635     int etype_list_length;
2636     krb5_address **address_list;
2637     krb5_preauthtype *preauth_list;
2638     int preauth_list_length;
2639     krb5_data *salt;
2640 } krb5_get_init_creds_opt;
2641 
2642 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE	0x0001
2643 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE	0x0002
2644 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE	0x0004
2645 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE	0x0008
2646 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST	0x0010
2647 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST	0x0020
2648 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST	0x0040
2649 #define KRB5_GET_INIT_CREDS_OPT_SALT		0x0080
2650 #define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT	0x0100
2651 
2652 krb5_error_code KRB5_CALLCONV
2653 krb5_get_init_creds_opt_alloc
2654 (krb5_context context,
2655 		krb5_get_init_creds_opt **opt);
2656 
2657 void KRB5_CALLCONV
2658 krb5_get_init_creds_opt_free
2659 (krb5_context context,
2660 		krb5_get_init_creds_opt *opt);
2661 
2662 void KRB5_CALLCONV
2663 krb5_get_init_creds_opt_init
2664 (krb5_get_init_creds_opt *opt);
2665 
2666 void KRB5_CALLCONV
2667 krb5_get_init_creds_opt_set_tkt_life
2668 (krb5_get_init_creds_opt *opt,
2669 		krb5_deltat tkt_life);
2670 
2671 void KRB5_CALLCONV
2672 krb5_get_init_creds_opt_set_renew_life
2673 (krb5_get_init_creds_opt *opt,
2674 		krb5_deltat renew_life);
2675 
2676 void KRB5_CALLCONV
2677 krb5_get_init_creds_opt_set_forwardable
2678 (krb5_get_init_creds_opt *opt,
2679 		int forwardable);
2680 
2681 void KRB5_CALLCONV
2682 krb5_get_init_creds_opt_set_proxiable
2683 (krb5_get_init_creds_opt *opt,
2684 		int proxiable);
2685 
2686 void KRB5_CALLCONV
2687 krb5_get_init_creds_opt_set_etype_list
2688 (krb5_get_init_creds_opt *opt,
2689 		krb5_enctype *etype_list,
2690 		int etype_list_length);
2691 
2692 void KRB5_CALLCONV
2693 krb5_get_init_creds_opt_set_address_list
2694 (krb5_get_init_creds_opt *opt,
2695 		krb5_address **addresses);
2696 
2697 void KRB5_CALLCONV
2698 krb5_get_init_creds_opt_set_preauth_list
2699 (krb5_get_init_creds_opt *opt,
2700 		krb5_preauthtype *preauth_list,
2701 		int preauth_list_length);
2702 
2703 void KRB5_CALLCONV
2704 krb5_get_init_creds_opt_set_salt
2705 (krb5_get_init_creds_opt *opt,
2706 		krb5_data *salt);
2707 
2708 void KRB5_CALLCONV
2709 krb5_get_init_creds_opt_set_change_password_prompt
2710 (krb5_get_init_creds_opt *opt,
2711 		int prompt);
2712 
2713 /* Generic preauth option attribute/value pairs */
2714 typedef struct _krb5_gic_opt_pa_data {
2715     char *attr;
2716     char *value;
2717 } krb5_gic_opt_pa_data;
2718 
2719 /*
2720  * This function allows the caller to supply options to preauth
2721  * plugins.  Preauth plugin modules are given a chance to look
2722  * at each option at the time this function is called in ordre
2723  * to check the validity of the option.
2724  * The 'opt' pointer supplied to this function must have been
2725  * obtained using krb5_get_init_creds_opt_alloc()
2726  */
2727 krb5_error_code KRB5_CALLCONV
2728 krb5_get_init_creds_opt_set_pa
2729 		(krb5_context context,
2730 		krb5_get_init_creds_opt *opt,
2731 		const char *attr,
2732 		const char *value);
2733 
2734 krb5_error_code KRB5_CALLCONV
2735 krb5_get_init_creds_password
2736 (krb5_context context,
2737 		krb5_creds *creds,
2738 		krb5_principal client,
2739 		char *password,
2740 		krb5_prompter_fct prompter,
2741 		void *data,
2742 		krb5_deltat start_time,
2743 		char *in_tkt_service,
2744 		krb5_get_init_creds_opt *k5_gic_options);
2745 
2746 krb5_error_code KRB5_CALLCONV
2747 krb5_get_init_creds_keytab
2748 (krb5_context context,
2749 		krb5_creds *creds,
2750 		krb5_principal client,
2751 		krb5_keytab arg_keytab,
2752 		krb5_deltat start_time,
2753 		char *in_tkt_service,
2754 		krb5_get_init_creds_opt *k5_gic_options);
2755 
2756 typedef struct _krb5_verify_init_creds_opt {
2757     krb5_flags flags;
2758     int ap_req_nofail;
2759 } krb5_verify_init_creds_opt;
2760 
2761 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
2762 
2763 void KRB5_CALLCONV
2764 krb5_verify_init_creds_opt_init
2765 (krb5_verify_init_creds_opt *k5_vic_options);
2766 void KRB5_CALLCONV
2767 krb5_verify_init_creds_opt_set_ap_req_nofail
2768 (krb5_verify_init_creds_opt *k5_vic_options,
2769 		int ap_req_nofail);
2770 
2771 krb5_error_code KRB5_CALLCONV
2772 krb5_verify_init_creds
2773 (krb5_context context,
2774 		krb5_creds *creds,
2775 		krb5_principal ap_req_server,
2776 		krb5_keytab ap_req_keytab,
2777 		krb5_ccache *ccache,
2778 		krb5_verify_init_creds_opt *k5_vic_options);
2779 
2780 krb5_error_code KRB5_CALLCONV
2781 krb5_get_validated_creds
2782 (krb5_context context,
2783 		krb5_creds *creds,
2784 		krb5_principal client,
2785 		krb5_ccache ccache,
2786 		char *in_tkt_service);
2787 
2788 krb5_error_code KRB5_CALLCONV
2789 krb5_get_renewed_creds
2790 (krb5_context context,
2791 		krb5_creds *creds,
2792 		krb5_principal client,
2793 		krb5_ccache ccache,
2794 		char *in_tkt_service);
2795 
2796 krb5_error_code KRB5_CALLCONV
2797 krb5_decode_ticket
2798 (const krb5_data *code,
2799 		krb5_ticket **rep);
2800 
2801 void KRB5_CALLCONV
2802 krb5_appdefault_string
2803 (krb5_context context,
2804 		const char *appname,
2805 	        const krb5_data *realm,
2806  		const char *option,
2807 		const char *default_value,
2808 		char ** ret_value);
2809 
2810 void KRB5_CALLCONV
2811 krb5_appdefault_boolean
2812 (krb5_context context,
2813 		const char *appname,
2814 	        const krb5_data *realm,
2815  		const char *option,
2816 		int default_value,
2817 		int *ret_value);
2818 
2819 #if KRB5_PRIVATE
2820 /*
2821  * The realm iterator functions
2822  */
2823 
2824 krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create
2825 	(krb5_context context, void **iter_p);
2826 
2827 krb5_error_code KRB5_CALLCONV krb5_realm_iterator
2828 	(krb5_context context, void **iter_p, char **ret_realm);
2829 
2830 void KRB5_CALLCONV krb5_realm_iterator_free
2831 	(krb5_context context, void **iter_p);
2832 
2833 void KRB5_CALLCONV krb5_free_realm_string
2834 	(krb5_context context, char *str);
2835 #endif
2836 
2837 /*
2838  * The realm iterator functions
2839  */
2840 
2841 krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create
2842 	(krb5_context context, void **iter_p);
2843 
2844 krb5_error_code KRB5_CALLCONV krb5_realm_iterator
2845 	(krb5_context context, void **iter_p, char **ret_realm);
2846 
2847 void KRB5_CALLCONV krb5_realm_iterator_free
2848 	(krb5_context context, void **iter_p);
2849 
2850 void KRB5_CALLCONV krb5_free_realm_string
2851 	(krb5_context context, char *str);
2852 
2853 /*
2854  * Prompter enhancements
2855  */
2856 
2857 #define KRB5_PROMPT_TYPE_PASSWORD            0x1
2858 #define KRB5_PROMPT_TYPE_NEW_PASSWORD        0x2
2859 #define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN  0x3
2860 #define KRB5_PROMPT_TYPE_PREAUTH             0x4
2861 
2862 typedef krb5_int32 krb5_prompt_type;
2863 
2864 krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types
2865 	(krb5_context context);
2866 
2867 /* Error reporting */
2868 void KRB5_CALLCONV_C
2869 krb5_set_error_message (krb5_context, krb5_error_code, const char *, ...);
2870 #ifdef va_start
2871 void KRB5_CALLCONV
2872 krb5_vset_error_message (krb5_context, krb5_error_code, const char *, va_list);
2873 #endif
2874 /*
2875  * The behavior of krb5_get_error_message is only defined the first
2876  * time it is called after a failed call to a krb5 function using the
2877  * same context, and only when the error code passed in is the same as
2878  * that returned by the krb5 function.  Future versions may return the
2879  * same string for the second and following calls.
2880  *
2881  * The string returned by this function must be freed using
2882  * krb5_free_error_message.
2883  */
2884 const char * KRB5_CALLCONV
2885 krb5_get_error_message (krb5_context, krb5_error_code);
2886 void KRB5_CALLCONV
2887 krb5_free_error_message (krb5_context, const char *);
2888 void KRB5_CALLCONV
2889 krb5_clear_error_message (krb5_context);
2890 
2891 krb5_error_code KRB5_CALLCONV
2892 krb5_decode_authdata_container(krb5_context context,
2893     krb5_authdatatype type,
2894     const krb5_authdata *container,
2895     krb5_authdata ***authdata);
2896 krb5_error_code KRB5_CALLCONV
2897 krb5_encode_authdata_container(krb5_context context,
2898     krb5_authdatatype type,
2899     krb5_authdata * const*authdata,
2900     krb5_authdata ***container);
2901 
2902 /*
2903  * Windows PAC
2904  */
2905 struct krb5_pac_data;
2906 typedef struct krb5_pac_data *krb5_pac;
2907 
2908 krb5_error_code KRB5_CALLCONV
2909 krb5_pac_add_buffer
2910 (krb5_context context,
2911                 krb5_pac pac,
2912                 krb5_ui_4 type,
2913                 const krb5_data *data);
2914 
2915 void KRB5_CALLCONV
2916 krb5_pac_free
2917 (krb5_context context,
2918                 krb5_pac pac);
2919 
2920 krb5_error_code KRB5_CALLCONV
2921 krb5_pac_get_buffer
2922 (krb5_context context,
2923                 krb5_pac pac,
2924                 krb5_ui_4 type,
2925                 krb5_data *data);
2926 
2927 krb5_error_code KRB5_CALLCONV
2928 krb5_pac_get_types
2929 (krb5_context context,
2930                 krb5_pac pac,
2931                 size_t *len,
2932                 krb5_ui_4 **types);
2933 
2934 krb5_error_code KRB5_CALLCONV
2935 krb5_pac_init
2936 (krb5_context context,
2937                 krb5_pac *pac);
2938 
2939 krb5_error_code KRB5_CALLCONV
2940 krb5_pac_parse
2941 (krb5_context context,
2942                 const void *ptr,
2943                 size_t len,
2944                 krb5_pac *pac);
2945 
2946 krb5_error_code KRB5_CALLCONV
2947 krb5_pac_verify
2948 (krb5_context context,
2949                 const krb5_pac pac,
2950                 krb5_timestamp authtime,
2951                 krb5_const_principal principal,
2952                 const krb5_keyblock *server,
2953                 const krb5_keyblock *privsvr);
2954 
2955 
2956 #if TARGET_OS_MAC
2957 #    pragma pack(pop)
2958 #endif
2959 
2960 KRB5INT_END_DECLS
2961 
2962 /* Don't use this!  We're going to phase it out.  It's just here to keep
2963    applications from breaking right away.  */
2964 #define krb5_const const
2965 
2966 #endif /* KRB5_GENERAL__ */
2967 
2968 /*
2969  * Solaris Kerberos: the following differs from the MIT krb5.hin as that file is
2970  * processed to produce their krb5.h.  We do not process a krb5.hin so our
2971  * krb5.h is manually edited.
2972  */
2973 
2974 /*
2975  * krb5_err.h:
2976  * This file is automatically generated; please do not edit it.
2977  */
2978 
2979 #define KRB5KDC_ERR_NONE                         (-1765328384L)
2980 #define KRB5KDC_ERR_NAME_EXP                     (-1765328383L)
2981 #define KRB5KDC_ERR_SERVICE_EXP                  (-1765328382L)
2982 #define KRB5KDC_ERR_BAD_PVNO                     (-1765328381L)
2983 #define KRB5KDC_ERR_C_OLD_MAST_KVNO              (-1765328380L)
2984 #define KRB5KDC_ERR_S_OLD_MAST_KVNO              (-1765328379L)
2985 #define KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN          (-1765328378L)
2986 #define KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN          (-1765328377L)
2987 #define KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE         (-1765328376L)
2988 #define KRB5KDC_ERR_NULL_KEY                     (-1765328375L)
2989 #define KRB5KDC_ERR_CANNOT_POSTDATE              (-1765328374L)
2990 #define KRB5KDC_ERR_NEVER_VALID                  (-1765328373L)
2991 #define KRB5KDC_ERR_POLICY                       (-1765328372L)
2992 #define KRB5KDC_ERR_BADOPTION                    (-1765328371L)
2993 #define KRB5KDC_ERR_ETYPE_NOSUPP                 (-1765328370L)
2994 #define KRB5KDC_ERR_SUMTYPE_NOSUPP               (-1765328369L)
2995 #define KRB5KDC_ERR_PADATA_TYPE_NOSUPP           (-1765328368L)
2996 #define KRB5KDC_ERR_TRTYPE_NOSUPP                (-1765328367L)
2997 #define KRB5KDC_ERR_CLIENT_REVOKED               (-1765328366L)
2998 #define KRB5KDC_ERR_SERVICE_REVOKED              (-1765328365L)
2999 #define KRB5KDC_ERR_TGT_REVOKED                  (-1765328364L)
3000 #define KRB5KDC_ERR_CLIENT_NOTYET                (-1765328363L)
3001 #define KRB5KDC_ERR_SERVICE_NOTYET               (-1765328362L)
3002 #define KRB5KDC_ERR_KEY_EXP                      (-1765328361L)
3003 #define KRB5KDC_ERR_PREAUTH_FAILED               (-1765328360L)
3004 #define KRB5KDC_ERR_PREAUTH_REQUIRED             (-1765328359L)
3005 #define KRB5KDC_ERR_SERVER_NOMATCH               (-1765328358L)
3006 #define KRB5PLACEHOLD_27                         (-1765328357L)
3007 #define KRB5PLACEHOLD_28                         (-1765328356L)
3008 #define KRB5KDC_ERR_SVC_UNAVAILABLE              (-1765328355L)
3009 #define KRB5PLACEHOLD_30                         (-1765328354L)
3010 #define KRB5KRB_AP_ERR_BAD_INTEGRITY             (-1765328353L)
3011 #define KRB5KRB_AP_ERR_TKT_EXPIRED               (-1765328352L)
3012 #define KRB5KRB_AP_ERR_TKT_NYV                   (-1765328351L)
3013 #define KRB5KRB_AP_ERR_REPEAT                    (-1765328350L)
3014 #define KRB5KRB_AP_ERR_NOT_US                    (-1765328349L)
3015 #define KRB5KRB_AP_ERR_BADMATCH                  (-1765328348L)
3016 #define KRB5KRB_AP_ERR_SKEW                      (-1765328347L)
3017 #define KRB5KRB_AP_ERR_BADADDR                   (-1765328346L)
3018 #define KRB5KRB_AP_ERR_BADVERSION                (-1765328345L)
3019 #define KRB5KRB_AP_ERR_MSG_TYPE                  (-1765328344L)
3020 #define KRB5KRB_AP_ERR_MODIFIED                  (-1765328343L)
3021 #define KRB5KRB_AP_ERR_BADORDER                  (-1765328342L)
3022 #define KRB5KRB_AP_ERR_ILL_CR_TKT                (-1765328341L)
3023 #define KRB5KRB_AP_ERR_BADKEYVER                 (-1765328340L)
3024 #define KRB5KRB_AP_ERR_NOKEY                     (-1765328339L)
3025 #define KRB5KRB_AP_ERR_MUT_FAIL                  (-1765328338L)
3026 #define KRB5KRB_AP_ERR_BADDIRECTION              (-1765328337L)
3027 #define KRB5KRB_AP_ERR_METHOD                    (-1765328336L)
3028 #define KRB5KRB_AP_ERR_BADSEQ                    (-1765328335L)
3029 #define KRB5KRB_AP_ERR_INAPP_CKSUM               (-1765328334L)
3030 #define KRB5KRB_AP_PATH_NOT_ACCEPTED             (-1765328333L)
3031 #define KRB5KRB_ERR_RESPONSE_TOO_BIG             (-1765328332L)
3032 #define KRB5PLACEHOLD_53                         (-1765328331L)
3033 #define KRB5PLACEHOLD_54                         (-1765328330L)
3034 #define KRB5PLACEHOLD_55                         (-1765328329L)
3035 #define KRB5PLACEHOLD_56                         (-1765328328L)
3036 #define KRB5PLACEHOLD_57                         (-1765328327L)
3037 #define KRB5PLACEHOLD_58                         (-1765328326L)
3038 #define KRB5PLACEHOLD_59                         (-1765328325L)
3039 #define KRB5KRB_ERR_GENERIC                      (-1765328324L)
3040 #define KRB5KRB_ERR_FIELD_TOOLONG                (-1765328323L)
3041 #define KRB5KDC_ERR_CLIENT_NOT_TRUSTED           (-1765328322L)
3042 #define KRB5KDC_ERR_KDC_NOT_TRUSTED              (-1765328321L)
3043 #define KRB5KDC_ERR_INVALID_SIG                  (-1765328320L)
3044 #define KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED (-1765328319L)
3045 #define KRB5KDC_ERR_CERTIFICATE_MISMATCH         (-1765328318L)
3046 #define KRB5PLACEHOLD_67                         (-1765328317L)
3047 #define KRB5PLACEHOLD_68                         (-1765328316L)
3048 #define KRB5PLACEHOLD_69                         (-1765328315L)
3049 #define KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE      (-1765328314L)
3050 #define KRB5KDC_ERR_INVALID_CERTIFICATE          (-1765328313L)
3051 #define KRB5KDC_ERR_REVOKED_CERTIFICATE          (-1765328312L)
3052 #define KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN    (-1765328311L)
3053 #define KRB5KDC_ERR_REVOCATION_STATUS_UNAVAILABLE (-1765328310L)
3054 #define KRB5KDC_ERR_CLIENT_NAME_MISMATCH         (-1765328309L)
3055 #define KRB5KDC_ERR_KDC_NAME_MISMATCH            (-1765328308L)
3056 #define KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE     (-1765328307L)
3057 #define KRB5KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED  (-1765328306L)
3058 #define KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED (-1765328305L)
3059 #define KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED (-1765328304L)
3060 #define KRB5KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED (-1765328303L)
3061 #define KRB5PLACEHOLD_82                         (-1765328302L)
3062 #define KRB5PLACEHOLD_83                         (-1765328301L)
3063 #define KRB5PLACEHOLD_84                         (-1765328300L)
3064 #define KRB5PLACEHOLD_85                         (-1765328299L)
3065 #define KRB5PLACEHOLD_86                         (-1765328298L)
3066 #define KRB5PLACEHOLD_87                         (-1765328297L)
3067 #define KRB5PLACEHOLD_88                         (-1765328296L)
3068 #define KRB5PLACEHOLD_89                         (-1765328295L)
3069 #define KRB5PLACEHOLD_90                         (-1765328294L)
3070 #define KRB5PLACEHOLD_91                         (-1765328293L)
3071 #define KRB5PLACEHOLD_92                         (-1765328292L)
3072 #define KRB5PLACEHOLD_93                         (-1765328291L)
3073 #define KRB5PLACEHOLD_94                         (-1765328290L)
3074 #define KRB5PLACEHOLD_95                         (-1765328289L)
3075 #define KRB5PLACEHOLD_96                         (-1765328288L)
3076 #define KRB5PLACEHOLD_97                         (-1765328287L)
3077 #define KRB5PLACEHOLD_98                         (-1765328286L)
3078 #define KRB5PLACEHOLD_99                         (-1765328285L)
3079 #define KRB5PLACEHOLD_100                        (-1765328284L)
3080 #define KRB5PLACEHOLD_101                        (-1765328283L)
3081 #define KRB5PLACEHOLD_102                        (-1765328282L)
3082 #define KRB5PLACEHOLD_103                        (-1765328281L)
3083 #define KRB5PLACEHOLD_104                        (-1765328280L)
3084 #define KRB5PLACEHOLD_105                        (-1765328279L)
3085 #define KRB5PLACEHOLD_106                        (-1765328278L)
3086 #define KRB5PLACEHOLD_107                        (-1765328277L)
3087 #define KRB5PLACEHOLD_108                        (-1765328276L)
3088 #define KRB5PLACEHOLD_109                        (-1765328275L)
3089 #define KRB5PLACEHOLD_110                        (-1765328274L)
3090 #define KRB5PLACEHOLD_111                        (-1765328273L)
3091 #define KRB5PLACEHOLD_112                        (-1765328272L)
3092 #define KRB5PLACEHOLD_113                        (-1765328271L)
3093 #define KRB5PLACEHOLD_114                        (-1765328270L)
3094 #define KRB5PLACEHOLD_115                        (-1765328269L)
3095 #define KRB5PLACEHOLD_116                        (-1765328268L)
3096 #define KRB5PLACEHOLD_117                        (-1765328267L)
3097 #define KRB5PLACEHOLD_118                        (-1765328266L)
3098 #define KRB5PLACEHOLD_119                        (-1765328265L)
3099 #define KRB5PLACEHOLD_120                        (-1765328264L)
3100 #define KRB5PLACEHOLD_121                        (-1765328263L)
3101 #define KRB5PLACEHOLD_122                        (-1765328262L)
3102 #define KRB5PLACEHOLD_123                        (-1765328261L)
3103 #define KRB5PLACEHOLD_124                        (-1765328260L)
3104 #define KRB5PLACEHOLD_125                        (-1765328259L)
3105 #define KRB5PLACEHOLD_126                        (-1765328258L)
3106 #define KRB5PLACEHOLD_127                        (-1765328257L)
3107 #define KRB5_ERR_RCSID                           (-1765328256L)
3108 #define KRB5_LIBOS_BADLOCKFLAG                   (-1765328255L)
3109 #define KRB5_LIBOS_CANTREADPWD                   (-1765328254L)
3110 #define KRB5_LIBOS_BADPWDMATCH                   (-1765328253L)
3111 #define KRB5_LIBOS_PWDINTR                       (-1765328252L)
3112 #define KRB5_PARSE_ILLCHAR                       (-1765328251L)
3113 #define KRB5_PARSE_MALFORMED                     (-1765328250L)
3114 #define KRB5_CONFIG_CANTOPEN                     (-1765328249L)
3115 #define KRB5_CONFIG_BADFORMAT                    (-1765328248L)
3116 #define KRB5_CONFIG_NOTENUFSPACE                 (-1765328247L)
3117 #define KRB5_BADMSGTYPE                          (-1765328246L)
3118 #define KRB5_CC_BADNAME                          (-1765328245L)
3119 #define KRB5_CC_UNKNOWN_TYPE                     (-1765328244L)
3120 #define KRB5_CC_NOTFOUND                         (-1765328243L)
3121 #define KRB5_CC_END                              (-1765328242L)
3122 #define KRB5_NO_TKT_SUPPLIED                     (-1765328241L)
3123 #define KRB5KRB_AP_WRONG_PRINC                   (-1765328240L)
3124 #define KRB5KRB_AP_ERR_TKT_INVALID               (-1765328239L)
3125 #define KRB5_PRINC_NOMATCH                       (-1765328238L)
3126 #define KRB5_KDCREP_MODIFIED                     (-1765328237L)
3127 #define KRB5_KDCREP_SKEW                         (-1765328236L)
3128 #define KRB5_IN_TKT_REALM_MISMATCH               (-1765328235L)
3129 #define KRB5_PROG_ETYPE_NOSUPP                   (-1765328234L)
3130 #define KRB5_PROG_KEYTYPE_NOSUPP                 (-1765328233L)
3131 #define KRB5_WRONG_ETYPE                         (-1765328232L)
3132 #define KRB5_PROG_SUMTYPE_NOSUPP                 (-1765328231L)
3133 #define KRB5_REALM_UNKNOWN                       (-1765328230L)
3134 #define KRB5_SERVICE_UNKNOWN                     (-1765328229L)
3135 #define KRB5_KDC_UNREACH                         (-1765328228L)
3136 #define KRB5_NO_LOCALNAME                        (-1765328227L)
3137 #define KRB5_MUTUAL_FAILED                       (-1765328226L)
3138 #define KRB5_RC_TYPE_EXISTS                      (-1765328225L)
3139 #define KRB5_RC_MALLOC                           (-1765328224L)
3140 #define KRB5_RC_TYPE_NOTFOUND                    (-1765328223L)
3141 #define KRB5_RC_UNKNOWN                          (-1765328222L)
3142 #define KRB5_RC_REPLAY                           (-1765328221L)
3143 #define KRB5_RC_IO                               (-1765328220L)
3144 #define KRB5_RC_NOIO                             (-1765328219L)
3145 #define KRB5_RC_PARSE                            (-1765328218L)
3146 #define KRB5_RC_IO_EOF                           (-1765328217L)
3147 #define KRB5_RC_IO_MALLOC                        (-1765328216L)
3148 #define KRB5_RC_IO_PERM                          (-1765328215L)
3149 #define KRB5_RC_IO_IO                            (-1765328214L)
3150 #define KRB5_RC_IO_UNKNOWN                       (-1765328213L)
3151 #define KRB5_RC_IO_SPACE                         (-1765328212L)
3152 #define KRB5_TRANS_CANTOPEN                      (-1765328211L)
3153 #define KRB5_TRANS_BADFORMAT                     (-1765328210L)
3154 #define KRB5_LNAME_CANTOPEN                      (-1765328209L)
3155 #define KRB5_LNAME_NOTRANS                       (-1765328208L)
3156 #define KRB5_LNAME_BADFORMAT                     (-1765328207L)
3157 #define KRB5_CRYPTO_INTERNAL                     (-1765328206L)
3158 #define KRB5_KT_BADNAME                          (-1765328205L)
3159 #define KRB5_KT_UNKNOWN_TYPE                     (-1765328204L)
3160 #define KRB5_KT_NOTFOUND                         (-1765328203L)
3161 #define KRB5_KT_END                              (-1765328202L)
3162 #define KRB5_KT_NOWRITE                          (-1765328201L)
3163 #define KRB5_KT_IOERR                            (-1765328200L)
3164 #define KRB5_NO_TKT_IN_RLM                       (-1765328199L)
3165 #define KRB5DES_BAD_KEYPAR                       (-1765328198L)
3166 #define KRB5DES_WEAK_KEY                         (-1765328197L)
3167 #define KRB5_BAD_ENCTYPE                         (-1765328196L)
3168 #define KRB5_BAD_KEYSIZE                         (-1765328195L)
3169 #define KRB5_BAD_MSIZE                           (-1765328194L)
3170 #define KRB5_CC_TYPE_EXISTS                      (-1765328193L)
3171 #define KRB5_KT_TYPE_EXISTS                      (-1765328192L)
3172 #define KRB5_CC_IO                               (-1765328191L)
3173 #define KRB5_FCC_PERM                            (-1765328190L)
3174 #define KRB5_FCC_NOFILE                          (-1765328189L)
3175 #define KRB5_FCC_INTERNAL                        (-1765328188L)
3176 #define KRB5_CC_WRITE                            (-1765328187L)
3177 #define KRB5_CC_NOMEM                            (-1765328186L)
3178 #define KRB5_CC_FORMAT                           (-1765328185L)
3179 #define KRB5_CC_NOT_KTYPE                        (-1765328184L)
3180 #define KRB5_INVALID_FLAGS                       (-1765328183L)
3181 #define KRB5_NO_2ND_TKT                          (-1765328182L)
3182 #define KRB5_NOCREDS_SUPPLIED                    (-1765328181L)
3183 #define KRB5_SENDAUTH_BADAUTHVERS                (-1765328180L)
3184 #define KRB5_SENDAUTH_BADAPPLVERS                (-1765328179L)
3185 #define KRB5_SENDAUTH_BADRESPONSE                (-1765328178L)
3186 #define KRB5_SENDAUTH_REJECTED                   (-1765328177L)
3187 #define KRB5_PREAUTH_BAD_TYPE                    (-1765328176L)
3188 #define KRB5_PREAUTH_NO_KEY                      (-1765328175L)
3189 #define KRB5_PREAUTH_FAILED                      (-1765328174L)
3190 #define KRB5_RCACHE_BADVNO                       (-1765328173L)
3191 #define KRB5_CCACHE_BADVNO                       (-1765328172L)
3192 #define KRB5_KEYTAB_BADVNO                       (-1765328171L)
3193 #define KRB5_PROG_ATYPE_NOSUPP                   (-1765328170L)
3194 #define KRB5_RC_REQUIRED                         (-1765328169L)
3195 #define KRB5_ERR_BAD_HOSTNAME                    (-1765328168L)
3196 #define KRB5_ERR_HOST_REALM_UNKNOWN              (-1765328167L)
3197 #define KRB5_SNAME_UNSUPP_NAMETYPE               (-1765328166L)
3198 #define KRB5KRB_AP_ERR_V4_REPLY                  (-1765328165L)
3199 #define KRB5_REALM_CANT_RESOLVE                  (-1765328164L)
3200 #define KRB5_TKT_NOT_FORWARDABLE                 (-1765328163L)
3201 #define KRB5_FWD_BAD_PRINCIPAL                   (-1765328162L)
3202 #define KRB5_GET_IN_TKT_LOOP                     (-1765328161L)
3203 #define KRB5_CONFIG_NODEFREALM                   (-1765328160L)
3204 #define KRB5_SAM_UNSUPPORTED                     (-1765328159L)
3205 #define KRB5_SAM_INVALID_ETYPE                   (-1765328158L)
3206 #define KRB5_SAM_NO_CHECKSUM                     (-1765328157L)
3207 #define KRB5_SAM_BAD_CHECKSUM                    (-1765328156L)
3208 #define KRB5_KT_NAME_TOOLONG                     (-1765328155L)
3209 #define KRB5_KT_KVNONOTFOUND                     (-1765328154L)
3210 #define KRB5_APPL_EXPIRED                        (-1765328153L)
3211 #define KRB5_LIB_EXPIRED                         (-1765328152L)
3212 #define KRB5_CHPW_PWDNULL                        (-1765328151L)
3213 #define KRB5_CHPW_FAIL                           (-1765328150L)
3214 #define KRB5_KT_FORMAT                           (-1765328149L)
3215 #define KRB5_NOPERM_ETYPE                        (-1765328148L)
3216 #define KRB5_CONFIG_ETYPE_NOSUPP                 (-1765328147L)
3217 #define KRB5_OBSOLETE_FN                         (-1765328146L)
3218 #define KRB5_EAI_FAIL                            (-1765328145L)
3219 #define KRB5_EAI_NODATA                          (-1765328144L)
3220 #define KRB5_EAI_NONAME                          (-1765328143L)
3221 #define KRB5_EAI_SERVICE                         (-1765328142L)
3222 #define KRB5_ERR_NUMERIC_REALM                   (-1765328141L)
3223 #define KRB5_ERR_BAD_S2K_PARAMS                  (-1765328140L)
3224 #define KRB5_ERR_NO_SERVICE                      (-1765328139L)
3225 #define KRB5_CC_READONLY                         (-1765328138L)
3226 #define KRB5_CC_NOSUPP                           (-1765328137L)
3227 
3228 /* NOTE! error values should not collide */
3229 /* XXX Note KRB5_RC_BADNAME and KRB5_CONF_NOT_CONFIGURED are Solaris specific */
3230 #define	KRB5_RC_BADNAME				(-1765328136L)
3231 #define	KRB5_CONF_NOT_CONFIGURED	 	 (-1765328135L)
3232 #ifdef _KERNEL
3233 /* XXX Note KRB5_KEF_ERROR and PKCS_ERR are Solaris specific */
3234 #define KRB5_KEF_ERROR                           (-1765328134L)
3235 #else
3236 #define PKCS_ERR				 (-1765328134L)
3237 #endif /* _KERNEL */
3238 
3239 #define KRB5_DELTAT_BADFORMAT			(-1765328133L)
3240 #define KRB5_PLUGIN_NO_HANDLE			(-1765328132L)
3241 #define KRB5_PLUGIN_OP_NOTSUPP			(-1765328131L)
3242 
3243 /* SUNW17PACresync */
3244 #define KRB5_ERR_INVALID_UTF8			(-1765328130L)
3245 #define KRB5_ERR_FAST_REQUIRED			(-1765328129L)
3246 #define KRB5_LOCAL_ADDR_REQUIRED		(-1765328128L)
3247 #define KRB5_REMOTE_ADDR_REQUIRED		(-1765328127L)
3248 
3249 
3250 #define ERROR_TABLE_BASE_krb5 (-1765328384L)
3251 
3252 /* for compatibility with older versions... */
3253 #define krb5_err_base ERROR_TABLE_BASE_krb5
3254 /*
3255  * kdb5_err.h:
3256  * This file is automatically generated; please do not edit it.
3257  */
3258 #define KRB5_KDB_RCSID                           (-1780008448L)
3259 #define KRB5_KDB_INUSE                           (-1780008447L)
3260 #define KRB5_KDB_UK_SERROR                       (-1780008446L)
3261 #define KRB5_KDB_UK_RERROR                       (-1780008445L)
3262 #define KRB5_KDB_UNAUTH                          (-1780008444L)
3263 #define KRB5_KDB_NOENTRY                         (-1780008443L)
3264 #define KRB5_KDB_ILL_WILDCARD                    (-1780008442L)
3265 #define KRB5_KDB_DB_INUSE                        (-1780008441L)
3266 #define KRB5_KDB_DB_CHANGED                      (-1780008440L)
3267 #define KRB5_KDB_TRUNCATED_RECORD                (-1780008439L)
3268 #define KRB5_KDB_RECURSIVELOCK                   (-1780008438L)
3269 #define KRB5_KDB_NOTLOCKED                       (-1780008437L)
3270 #define KRB5_KDB_BADLOCKMODE                     (-1780008436L)
3271 #define KRB5_KDB_DBNOTINITED                     (-1780008435L)
3272 #define KRB5_KDB_DBINITED                        (-1780008434L)
3273 #define KRB5_KDB_ILLDIRECTION                    (-1780008433L)
3274 #define KRB5_KDB_NOMASTERKEY                     (-1780008432L)
3275 #define KRB5_KDB_BADMASTERKEY                    (-1780008431L)
3276 #define KRB5_KDB_INVALIDKEYSIZE                  (-1780008430L)
3277 #define KRB5_KDB_CANTREAD_STORED                 (-1780008429L)
3278 #define KRB5_KDB_BADSTORED_MKEY                  (-1780008428L)
3279 #define KRB5_KDB_CANTLOCK_DB                     (-1780008427L)
3280 #define KRB5_KDB_DB_CORRUPT                      (-1780008426L)
3281 #define KRB5_KDB_BAD_VERSION                     (-1780008425L)
3282 #define KRB5_KDB_BAD_SALTTYPE                    (-1780008424L)
3283 #define KRB5_KDB_BAD_ENCTYPE                     (-1780008423L)
3284 #define KRB5_KDB_BAD_CREATEFLAGS                 (-1780008422L)
3285 #define KRB5_KDB_NO_PERMITTED_KEY                (-1780008421L)
3286 #define KRB5_KDB_NO_MATCHING_KEY                 (-1780008420L)
3287 /*
3288  * Incremental propagation error codes
3289  */
3290 #define	KRB5_LOG_CONV				(-1780008419L)
3291 #define	KRB5_LOG_UNSTABLE			(-1780008418L)
3292 #define	KRB5_LOG_CORRUPT			(-1780008417L)
3293 #define	KRB5_LOG_ERROR				(-1780008416L)
3294 #define KRB5_KDB_DBTYPE_NOTFOUND		(-1780008415L)
3295 #define KRB5_KDB_DBTYPE_NOSUP			(-1780008414L)
3296 #define KRB5_KDB_DBTYPE_INIT			(-1780008413L)
3297 #define KRB5_KDB_SERVER_INTERNAL_ERR		(-1780008412L)
3298 #define KRB5_KDB_ACCESS_ERROR			(-1780008411L)
3299 #define KRB5_KDB_INTERNAL_ERROR			(-1780008410L)
3300 #define KRB5_KDB_CONSTRAINT_VIOLATION		(-1780008409L)
3301 #define ERROR_TABLE_BASE_kdb5 (-1780008448L)
3302 
3303 /* for compatibility with older versions... */
3304 #define kdb5_err_base ERROR_TABLE_BASE_kdb5
3305 /*
3306  * kv5m_err.h:
3307  * This file is automatically generated; please do not edit it.
3308  */
3309 #define KV5M_NONE                                (-1760647424L)
3310 #define KV5M_PRINCIPAL                           (-1760647423L)
3311 #define KV5M_DATA                                (-1760647422L)
3312 #define KV5M_KEYBLOCK                            (-1760647421L)
3313 #define KV5M_CHECKSUM                            (-1760647420L)
3314 #define KV5M_ENCRYPT_BLOCK                       (-1760647419L)
3315 #define KV5M_ENC_DATA                            (-1760647418L)
3316 #define KV5M_CRYPTOSYSTEM_ENTRY                  (-1760647417L)
3317 #define KV5M_CS_TABLE_ENTRY                      (-1760647416L)
3318 #define KV5M_CHECKSUM_ENTRY                      (-1760647415L)
3319 #define KV5M_AUTHDATA                            (-1760647414L)
3320 #define KV5M_TRANSITED                           (-1760647413L)
3321 #define KV5M_ENC_TKT_PART                        (-1760647412L)
3322 #define KV5M_TICKET                              (-1760647411L)
3323 #define KV5M_AUTHENTICATOR                       (-1760647410L)
3324 #define KV5M_TKT_AUTHENT                         (-1760647409L)
3325 #define KV5M_CREDS                               (-1760647408L)
3326 #define KV5M_LAST_REQ_ENTRY                      (-1760647407L)
3327 #define KV5M_PA_DATA                             (-1760647406L)
3328 #define KV5M_KDC_REQ                             (-1760647405L)
3329 #define KV5M_ENC_KDC_REP_PART                    (-1760647404L)
3330 #define KV5M_KDC_REP                             (-1760647403L)
3331 #define KV5M_ERROR                               (-1760647402L)
3332 #define KV5M_AP_REQ                              (-1760647401L)
3333 #define KV5M_AP_REP                              (-1760647400L)
3334 #define KV5M_AP_REP_ENC_PART                     (-1760647399L)
3335 #define KV5M_RESPONSE                            (-1760647398L)
3336 #define KV5M_SAFE                                (-1760647397L)
3337 #define KV5M_PRIV                                (-1760647396L)
3338 #define KV5M_PRIV_ENC_PART                       (-1760647395L)
3339 #define KV5M_CRED                                (-1760647394L)
3340 #define KV5M_CRED_INFO                           (-1760647393L)
3341 #define KV5M_CRED_ENC_PART                       (-1760647392L)
3342 #define KV5M_PWD_DATA                            (-1760647391L)
3343 #define KV5M_ADDRESS                             (-1760647390L)
3344 #define KV5M_KEYTAB_ENTRY                        (-1760647389L)
3345 #define KV5M_CONTEXT                             (-1760647388L)
3346 #define KV5M_OS_CONTEXT                          (-1760647387L)
3347 #define KV5M_ALT_METHOD                          (-1760647386L)
3348 #define KV5M_ETYPE_INFO_ENTRY                    (-1760647385L)
3349 #define KV5M_DB_CONTEXT                          (-1760647384L)
3350 #define KV5M_AUTH_CONTEXT                        (-1760647383L)
3351 #define KV5M_KEYTAB                              (-1760647382L)
3352 #define KV5M_RCACHE                              (-1760647381L)
3353 #define KV5M_CCACHE                              (-1760647380L)
3354 #define KV5M_PREAUTH_OPS                         (-1760647379L)
3355 #define KV5M_SAM_CHALLENGE                       (-1760647378L)
3356 #define KV5M_SAM_KEY                             (-1760647377L)
3357 #define KV5M_ENC_SAM_RESPONSE_ENC                (-1760647376L)
3358 #define KV5M_ENC_SAM_RESPONSE_ENC_2              (-1760647374L)
3359 #define KV5M_SAM_RESPONSE                        (-1760647373L)
3360 #define KV5M_SAM_RESPONSE_2                      (-1760647372L)
3361 #define KV5M_PREDICTED_SAM_RESPONSE              (-1760647371L)
3362 #define KV5M_PASSWD_PHRASE_ELEMENT               (-1760647370L)
3363 #define KV5M_GSS_OID                             (-1760647369L)
3364 #define KV5M_GSS_QUEUE                           (-1760647368L)
3365 #define ERROR_TABLE_BASE_kv5m (-1760647424L)
3366 
3367 /* for compatibility with older versions... */
3368 #define kv5m_err_base ERROR_TABLE_BASE_kv5m
3369 /*
3370  * asn1_err.h:
3371  * This file is automatically generated; please do not edit it.
3372  */
3373 #define ASN1_BAD_TIMEFORMAT                      (1859794432L)
3374 #define ASN1_MISSING_FIELD                       (1859794433L)
3375 #define ASN1_MISPLACED_FIELD                     (1859794434L)
3376 #define ASN1_TYPE_MISMATCH                       (1859794435L)
3377 #define ASN1_OVERFLOW                            (1859794436L)
3378 #define ASN1_OVERRUN                             (1859794437L)
3379 #define ASN1_BAD_ID                              (1859794438L)
3380 #define ASN1_BAD_LENGTH                          (1859794439L)
3381 #define ASN1_BAD_FORMAT                          (1859794440L)
3382 #define ASN1_PARSE_ERROR                         (1859794441L)
3383 #define ASN1_BAD_GMTIME                          (1859794442L)
3384 #define ASN1_MISMATCH_INDEF			 (1859794443L)
3385 #define ASN1_MISSING_EOC			 (1859794444L)
3386 #define ERROR_TABLE_BASE_asn1 (1859794432L)
3387 
3388 /* for compatibility with older versions... */
3389 #define asn1_err_base ERROR_TABLE_BASE_asn1
3390 
3391 #endif		/* _KRB5_H */
3392