17c478bd9Sstevel@tonic-gate /*
25e01956fSGlenn Barry * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
37c478bd9Sstevel@tonic-gate */
47c478bd9Sstevel@tonic-gate /*
5fe598cdcSmp * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006 by the Massachusetts Institute of Technology,
67c478bd9Sstevel@tonic-gate * Cambridge, MA, USA. All Rights Reserved.
7*55fea89dSDan Cross *
8*55fea89dSDan Cross * This software is being provided to you, the LICENSEE, by the
9*55fea89dSDan Cross * Massachusetts Institute of Technology (M.I.T.) under the following
10*55fea89dSDan Cross * license. By obtaining, using and/or copying this software, you agree
11*55fea89dSDan Cross * that you have read, understood, and will comply with these terms and
12*55fea89dSDan Cross * conditions:
13*55fea89dSDan Cross *
147c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may
157c478bd9Sstevel@tonic-gate * require a specific license from the United States Government.
167c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating
177c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting.
18*55fea89dSDan Cross *
19*55fea89dSDan Cross * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
20*55fea89dSDan Cross * this software and its documentation for any purpose and without fee or
21*55fea89dSDan Cross * royalty is hereby granted, provided that you agree to comply with the
22*55fea89dSDan Cross * following copyright notice and statements, including the disclaimer, and
23*55fea89dSDan Cross * that the same appear on ALL copies of the software and documentation,
24*55fea89dSDan Cross * including modifications that you make for internal use or for
257c478bd9Sstevel@tonic-gate * distribution:
26*55fea89dSDan Cross *
27*55fea89dSDan Cross * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
28*55fea89dSDan Cross * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not
29*55fea89dSDan Cross * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
30*55fea89dSDan Cross * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
31*55fea89dSDan Cross * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
32*55fea89dSDan Cross * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
33*55fea89dSDan Cross *
34*55fea89dSDan Cross * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
35*55fea89dSDan Cross * be used in advertising or publicity pertaining to distribution of the
36*55fea89dSDan Cross * software. Title to copyright in this software and any associated
37*55fea89dSDan Cross * documentation shall at all times remain with M.I.T., and USER agrees to
387c478bd9Sstevel@tonic-gate * preserve same.
39fe598cdcSmp *
40fe598cdcSmp * Furthermore if you modify this software you must label
41fe598cdcSmp * your software as modified software and not distribute it in such a
42*55fea89dSDan Cross * fashion that it might be confused with the original M.I.T. software.
43ab9b2e15Sgtb */
44159d09a2SMark Phalan
457c478bd9Sstevel@tonic-gate /*
467c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC.
47*55fea89dSDan Cross *
487c478bd9Sstevel@tonic-gate * All rights reserved.
49*55fea89dSDan Cross *
507c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require
517c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the
527c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to
537c478bd9Sstevel@tonic-gate * obtain such a license before exporting.
54*55fea89dSDan Cross *
557c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
567c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and
577c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
587c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
597c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that
607c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining
617c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior
627c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of
637c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express
647c478bd9Sstevel@tonic-gate * or implied warranty.
65*55fea89dSDan Cross *
667c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
677c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
687c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
697c478bd9Sstevel@tonic-gate */
707c478bd9Sstevel@tonic-gate
717c478bd9Sstevel@tonic-gate /*
727c478bd9Sstevel@tonic-gate * This prototype for k5-int.h (Krb5 internals include file)
737c478bd9Sstevel@tonic-gate * includes the user-visible definitions from krb5.h and then
747c478bd9Sstevel@tonic-gate * includes other definitions that are not user-visible but are
757c478bd9Sstevel@tonic-gate * required for compiling Kerberos internal routines.
767c478bd9Sstevel@tonic-gate *
777c478bd9Sstevel@tonic-gate * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995
787c478bd9Sstevel@tonic-gate */
797c478bd9Sstevel@tonic-gate
807c478bd9Sstevel@tonic-gate #ifndef _KRB5_INT_H
817c478bd9Sstevel@tonic-gate #define _KRB5_INT_H
827c478bd9Sstevel@tonic-gate
83159d09a2SMark Phalan #ifdef KRB5_GENERAL__
84159d09a2SMark Phalan #error krb5.h included before k5-int.h
85159d09a2SMark Phalan #endif /* KRB5_GENERAL__ */
867c478bd9Sstevel@tonic-gate
877c478bd9Sstevel@tonic-gate #ifndef _KERNEL
887c478bd9Sstevel@tonic-gate #include <osconf.h>
897c478bd9Sstevel@tonic-gate #include <security/cryptoki.h>
907c478bd9Sstevel@tonic-gate #else
917c478bd9Sstevel@tonic-gate #include <sys/crypto/common.h>
927c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h>
937c478bd9Sstevel@tonic-gate #endif
947c478bd9Sstevel@tonic-gate
957c478bd9Sstevel@tonic-gate #ifdef DEBUG
967c478bd9Sstevel@tonic-gate #if !defined(KRB5_DEBUG)
977c478bd9Sstevel@tonic-gate #define KRB5_DEBUG
987c478bd9Sstevel@tonic-gate #endif
997c478bd9Sstevel@tonic-gate #ifndef KRB5_LOG_LVL
1007c478bd9Sstevel@tonic-gate #define KRB5_LOG_LVL KRB5_ERR
1017c478bd9Sstevel@tonic-gate #endif
1027c478bd9Sstevel@tonic-gate #endif /* DEBUG */
1037c478bd9Sstevel@tonic-gate
1047c478bd9Sstevel@tonic-gate #ifdef _KERNEL
1057c478bd9Sstevel@tonic-gate
1067c478bd9Sstevel@tonic-gate #ifdef DEBUG
1077c478bd9Sstevel@tonic-gate #include <sys/types.h>
1087c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h>
1097c478bd9Sstevel@tonic-gate extern void prom_printf();
1107c478bd9Sstevel@tonic-gate #endif /* DEBUG */
1117c478bd9Sstevel@tonic-gate
1127c478bd9Sstevel@tonic-gate #else /* !_KERNEL */
1137c478bd9Sstevel@tonic-gate
1147c478bd9Sstevel@tonic-gate #define prom_printf printf
1157c478bd9Sstevel@tonic-gate
1167c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
1177c478bd9Sstevel@tonic-gate
1187c478bd9Sstevel@tonic-gate #ifdef KRB5_LOG_LVL
1197c478bd9Sstevel@tonic-gate
1207c478bd9Sstevel@tonic-gate /* krb5_log is used to set the logging level to determine what class of messages
1217c478bd9Sstevel@tonic-gate * are output by the mech. Note, more than one logging level can be used by
1227c478bd9Sstevel@tonic-gate * bit or'ing the log values together.
1237c478bd9Sstevel@tonic-gate *
1247c478bd9Sstevel@tonic-gate * All log messages are captured by syslog.
1257c478bd9Sstevel@tonic-gate */
1267c478bd9Sstevel@tonic-gate
1277c478bd9Sstevel@tonic-gate extern unsigned int krb5_log;
1287c478bd9Sstevel@tonic-gate
1297c478bd9Sstevel@tonic-gate /* Note, these defines should be mutually exclusive bit fields */
1307c478bd9Sstevel@tonic-gate #define KRB5_ERR 1 /* Use this debug log level for error path logging. */
1317c478bd9Sstevel@tonic-gate #define KRB5_INFO 2 /* Use this debug log level for informational messages. */
1327c478bd9Sstevel@tonic-gate
1337c478bd9Sstevel@tonic-gate #ifdef _KERNEL
1347c478bd9Sstevel@tonic-gate
1357c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \
1367c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C), (D)), TRUE)))
1377c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \
1387c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C)), TRUE)))
1397c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \
1407c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B)), TRUE)))
1417c478bd9Sstevel@tonic-gate
1427c478bd9Sstevel@tonic-gate #else /* !_KERNEL */
1437c478bd9Sstevel@tonic-gate
1447c478bd9Sstevel@tonic-gate #include <syslog.h>
1457c478bd9Sstevel@tonic-gate
1467c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \
1477c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \
1487c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C), (D)), TRUE)))
1497c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \
1507c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \
1517c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C)), TRUE)))
1527c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \
1537c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \
1547c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, B), TRUE)))
1557c478bd9Sstevel@tonic-gate
1567c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
1577c478bd9Sstevel@tonic-gate
1587c478bd9Sstevel@tonic-gate #else /* ! KRB5_LOG_LVL */
1597c478bd9Sstevel@tonic-gate
1607c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D)
1617c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C)
1627c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B)
1637c478bd9Sstevel@tonic-gate
1647c478bd9Sstevel@tonic-gate #endif /* KRB5_LOG_LVL */
1657c478bd9Sstevel@tonic-gate
1667c478bd9Sstevel@tonic-gate #ifdef POSIX_TYPES
1677c478bd9Sstevel@tonic-gate #define timetype time_t
1687c478bd9Sstevel@tonic-gate #else
1697c478bd9Sstevel@tonic-gate #define timetype long
1707c478bd9Sstevel@tonic-gate #endif
1717c478bd9Sstevel@tonic-gate
1727c478bd9Sstevel@tonic-gate /*
1737c478bd9Sstevel@tonic-gate * Begin "k5-config.h"
1747c478bd9Sstevel@tonic-gate */
1757c478bd9Sstevel@tonic-gate #ifndef KRB5_CONFIG__
1767c478bd9Sstevel@tonic-gate #define KRB5_CONFIG__
1777c478bd9Sstevel@tonic-gate
178*55fea89dSDan Cross /*
179159d09a2SMark Phalan * Machine-type definitions: PC Clone 386 running Microloss Windows
1807c478bd9Sstevel@tonic-gate */
1817c478bd9Sstevel@tonic-gate
182159d09a2SMark Phalan #if defined(_MSDOS) || defined(_WIN32)
1837c478bd9Sstevel@tonic-gate #include "win-mac.h"
1847c478bd9Sstevel@tonic-gate
1857c478bd9Sstevel@tonic-gate /* Kerberos Windows initialization file */
186159d09a2SMark Phalan #define KERBEROS_INI "kerberos.ini"
187159d09a2SMark Phalan #define INI_FILES "Files"
188159d09a2SMark Phalan #define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */
189159d09a2SMark Phalan #define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */
1907c478bd9Sstevel@tonic-gate #define ANSI_STDIO
1917c478bd9Sstevel@tonic-gate #endif
1927c478bd9Sstevel@tonic-gate
1937c478bd9Sstevel@tonic-gate #ifndef _KERNEL
1947c478bd9Sstevel@tonic-gate #ifndef KRB5_AUTOCONF__
1957c478bd9Sstevel@tonic-gate #define KRB5_AUTOCONF__
196159d09a2SMark Phalan #include "autoconf.h"
1977c478bd9Sstevel@tonic-gate #endif
1987c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
1997c478bd9Sstevel@tonic-gate
2007c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__
2017c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__
2027c478bd9Sstevel@tonic-gate
203159d09a2SMark Phalan #ifndef _KERNEL
2047c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TYPES_H /* From autoconf.h */
2057c478bd9Sstevel@tonic-gate #include <sys/types.h>
2067c478bd9Sstevel@tonic-gate #else /* HAVE_SYS_TYPES_H */
207159d09a2SMark Phalan typedef unsigned long u_long;
208159d09a2SMark Phalan typedef unsigned int u_int;
209159d09a2SMark Phalan typedef unsigned short u_short;
210159d09a2SMark Phalan typedef unsigned char u_char;
2117c478bd9Sstevel@tonic-gate #endif /* HAVE_SYS_TYPES_H */
2127c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */
213159d09a2SMark Phalan #endif /* !_KERNEL */
214159d09a2SMark Phalan
2157c478bd9Sstevel@tonic-gate
216505d05c7Sgtb /* #include "k5-platform.h" SUNW XXX */
217*55fea89dSDan Cross /* not used in krb5.h (yet) */
2187c478bd9Sstevel@tonic-gate typedef uint64_t krb5_ui_8;
2197c478bd9Sstevel@tonic-gate typedef int64_t krb5_int64;
2207c478bd9Sstevel@tonic-gate
221159d09a2SMark Phalan
222159d09a2SMark Phalan
2237c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING1 "Enter password:"
2247c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING2 "Re-enter password for verification:"
2257c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */
2267c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_RLIFE (60*60*24*365) /* one year */
2277c478bd9Sstevel@tonic-gate #define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */
2287c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */
2297c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_RENEW_LIFE 7*24*60*60 /* 7 Days */
2307c478bd9Sstevel@tonic-gate
231*55fea89dSDan Cross /*
2327c478bd9Sstevel@tonic-gate * Windows requires a different api interface to each function. Here
2337c478bd9Sstevel@tonic-gate * just define it as NULL.
2347c478bd9Sstevel@tonic-gate */
2357c478bd9Sstevel@tonic-gate #ifndef KRB5_CALLCONV
2367c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV
2377c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV_C
2387c478bd9Sstevel@tonic-gate #endif
2397c478bd9Sstevel@tonic-gate #ifndef O_BINARY
2407c478bd9Sstevel@tonic-gate #define O_BINARY 0
2417c478bd9Sstevel@tonic-gate #endif
2427c478bd9Sstevel@tonic-gate
2437c478bd9Sstevel@tonic-gate #endif /* KRB5_CONFIG__ */
2447c478bd9Sstevel@tonic-gate
2457c478bd9Sstevel@tonic-gate /*
2467c478bd9Sstevel@tonic-gate * End "k5-config.h"
2477c478bd9Sstevel@tonic-gate */
2487c478bd9Sstevel@tonic-gate
2497c478bd9Sstevel@tonic-gate /*
2507c478bd9Sstevel@tonic-gate * After loading the configuration definitions, load the Kerberos definitions.
2517c478bd9Sstevel@tonic-gate */
252505d05c7Sgtb #ifndef _KERNEL
253505d05c7Sgtb #include <errno.h>
254505d05c7Sgtb #include "profile.h"
255505d05c7Sgtb #endif
256505d05c7Sgtb
2577c478bd9Sstevel@tonic-gate #include <krb5.h>
2587c478bd9Sstevel@tonic-gate
2597c478bd9Sstevel@tonic-gate #ifndef _KERNEL
260505d05c7Sgtb #if 1 /* def NEED_SOCKETS */
2617c478bd9Sstevel@tonic-gate #include <port-sockets.h>
2627c478bd9Sstevel@tonic-gate #include <socket-utils.h>
2637c478bd9Sstevel@tonic-gate #else
2647c478bd9Sstevel@tonic-gate #ifndef SOCK_DGRAM
2657c478bd9Sstevel@tonic-gate struct sockaddr;
2667c478bd9Sstevel@tonic-gate #endif
2677c478bd9Sstevel@tonic-gate #endif
2687c478bd9Sstevel@tonic-gate #endif
2697c478bd9Sstevel@tonic-gate
270505d05c7Sgtb /* Get mutex support; currently used only for the replay cache. */
271505d05c7Sgtb #include "k5-thread.h"
272505d05c7Sgtb
273505d05c7Sgtb
2747c478bd9Sstevel@tonic-gate /* krb5/krb5.h includes many other .h files in the krb5 subdirectory.
2757c478bd9Sstevel@tonic-gate The ones that it doesn't include, we include below. */
2767c478bd9Sstevel@tonic-gate
2777c478bd9Sstevel@tonic-gate /*
2787c478bd9Sstevel@tonic-gate * Begin "k5-errors.h"
2797c478bd9Sstevel@tonic-gate */
2807c478bd9Sstevel@tonic-gate #ifndef KRB5_ERRORS__
2817c478bd9Sstevel@tonic-gate #define KRB5_ERRORS__
2827c478bd9Sstevel@tonic-gate
2837c478bd9Sstevel@tonic-gate
2847c478bd9Sstevel@tonic-gate /* Error codes used in KRB_ERROR protocol messages.
2857c478bd9Sstevel@tonic-gate Return values of library routines are based on a different error table
2867c478bd9Sstevel@tonic-gate (which allows non-ambiguous error codes between subsystems) */
2877c478bd9Sstevel@tonic-gate
2887c478bd9Sstevel@tonic-gate /* KDC errors */
2897c478bd9Sstevel@tonic-gate #define KDC_ERR_NONE 0 /* No error */
2907c478bd9Sstevel@tonic-gate #define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */
2917c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */
2927c478bd9Sstevel@tonic-gate #define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */
2937c478bd9Sstevel@tonic-gate #define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */
2947c478bd9Sstevel@tonic-gate #define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */
2957c478bd9Sstevel@tonic-gate #define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */
2967c478bd9Sstevel@tonic-gate #define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */
2977c478bd9Sstevel@tonic-gate #define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */
2987c478bd9Sstevel@tonic-gate #define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */
2997c478bd9Sstevel@tonic-gate #define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */
3007c478bd9Sstevel@tonic-gate #define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */
3017c478bd9Sstevel@tonic-gate #define KDC_ERR_POLICY 12 /* KDC policy rejects request */
3027c478bd9Sstevel@tonic-gate #define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */
3037c478bd9Sstevel@tonic-gate #define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */
3047c478bd9Sstevel@tonic-gate #define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */
3057c478bd9Sstevel@tonic-gate #define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */
3067c478bd9Sstevel@tonic-gate #define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */
3077c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */
3087c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */
3097c478bd9Sstevel@tonic-gate #define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */
3107c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */
3117c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */
3127c478bd9Sstevel@tonic-gate #define KDC_ERR_KEY_EXP 23 /* Password has expired */
3137c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */
3147c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */
3157c478bd9Sstevel@tonic-gate /* required */
3167c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */
3177c478bd9Sstevel@tonic-gate /* ticket don't match*/
3185e01956fSGlenn Barry #define KDC_ERR_MUST_USE_USER2USER 27 /* Server principal valid for */
3195e01956fSGlenn Barry /* user2user only */
3205e01956fSGlenn Barry #define KDC_ERR_PATH_NOT_ACCEPTED 28 /* KDC policy rejected transited */
3215e01956fSGlenn Barry /* path */
322159d09a2SMark Phalan #define KDC_ERR_SVC_UNAVAILABLE 29 /* A service is not
323159d09a2SMark Phalan * available that is
324159d09a2SMark Phalan * required to process the
325159d09a2SMark Phalan * request */
3267c478bd9Sstevel@tonic-gate /* Application errors */
3277c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */
3287c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */
3297c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */
3307c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_REPEAT 34 /* Request is a replay */
3317c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */
3327c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */
3337c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_SKEW 37 /* Clock skew too great */
3347c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */
3357c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */
3367c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */
3377c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */
3387c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADORDER 42 /* Message out of order */
3397c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */
3407c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOKEY 45 /* Service key not available */
3417c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */
3427c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */
3437c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_METHOD 48 /* Alternative authentication */
3447c478bd9Sstevel@tonic-gate /* method required */
3457c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */
3467c478bd9Sstevel@tonic-gate /* in message */
3477c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */
3487c478bd9Sstevel@tonic-gate /* checksum in message */
349159d09a2SMark Phalan #define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */
350159d09a2SMark Phalan #define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */
351159d09a2SMark Phalan /* retry with TCP */
3527c478bd9Sstevel@tonic-gate
3537c478bd9Sstevel@tonic-gate /* other errors */
3547c478bd9Sstevel@tonic-gate #define KRB_ERR_GENERIC 60 /* Generic error (description */
3557c478bd9Sstevel@tonic-gate /* in e-text) */
3567c478bd9Sstevel@tonic-gate #define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */
3577c478bd9Sstevel@tonic-gate
358159d09a2SMark Phalan /* PKINIT server-reported errors */
359159d09a2SMark Phalan #define KDC_ERR_CLIENT_NOT_TRUSTED 62 /* client cert not trusted */
360159d09a2SMark Phalan #define KDC_ERR_INVALID_SIG 64 /* client signature verify failed */
361159d09a2SMark Phalan #define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED 65 /* invalid Diffie-Hellman parameters */
3625e01956fSGlenn Barry #define KDC_ERR_CERTIFICATE_MISMATCH 66
3635e01956fSGlenn Barry #define KRB_AP_ERR_NO_TGT 67
3645e01956fSGlenn Barry #define KDC_ERR_WRONG_REALM 68
3655e01956fSGlenn Barry #define KRB_AP_ERR_USER_TO_USER_REQUIRED 69
3665e01956fSGlenn Barry #define KDC_ERR_CANT_VERIFY_CERTIFICATE 70 /* client cert not verifiable
3675e01956fSGlenn Barry to */
368159d09a2SMark Phalan /* trusted root cert */
369159d09a2SMark Phalan #define KDC_ERR_INVALID_CERTIFICATE 71 /* client cert had invalid signature */
370159d09a2SMark Phalan #define KDC_ERR_REVOKED_CERTIFICATE 72 /* client cert was revoked */
371159d09a2SMark Phalan #define KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 /* client cert revoked, reason unknown */
372159d09a2SMark Phalan #define KDC_ERR_CLIENT_NAME_MISMATCH 75 /* mismatch between client cert and */
373159d09a2SMark Phalan /* principal name */
374159d09a2SMark Phalan #define KDC_ERR_INCONSISTENT_KEY_PURPOSE 77 /* bad extended key use */
375159d09a2SMark Phalan #define KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED 78 /* bad digest algorithm in client cert */
376159d09a2SMark Phalan #define KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED 79 /* missing paChecksum in PA-PK-AS-REQ */
377159d09a2SMark Phalan #define KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED 80 /* bad digest algorithm in SignedData */
378159d09a2SMark Phalan #define KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED 81
379159d09a2SMark Phalan
3807c478bd9Sstevel@tonic-gate #endif /* KRB5_ERRORS__ */
3817c478bd9Sstevel@tonic-gate /*
3827c478bd9Sstevel@tonic-gate * End "k5-errors.h"
3837c478bd9Sstevel@tonic-gate */
3847c478bd9Sstevel@tonic-gate
3857c478bd9Sstevel@tonic-gate /*
3867c478bd9Sstevel@tonic-gate * This structure is returned in the e-data field of the KRB-ERROR
3877c478bd9Sstevel@tonic-gate * message when the error calling for an alternative form of
3887c478bd9Sstevel@tonic-gate * authentication is returned, KRB_AP_METHOD.
3897c478bd9Sstevel@tonic-gate */
3907c478bd9Sstevel@tonic-gate typedef struct _krb5_alt_method {
3917c478bd9Sstevel@tonic-gate krb5_magic magic;
3927c478bd9Sstevel@tonic-gate krb5_int32 method;
3937c478bd9Sstevel@tonic-gate unsigned int length;
3947c478bd9Sstevel@tonic-gate krb5_octet *data;
3957c478bd9Sstevel@tonic-gate } krb5_alt_method;
3967c478bd9Sstevel@tonic-gate
3977c478bd9Sstevel@tonic-gate /*
3987c478bd9Sstevel@tonic-gate * A null-terminated array of this structure is returned by the KDC as
3997c478bd9Sstevel@tonic-gate * the data part of the ETYPE_INFO preauth type. It informs the
4007c478bd9Sstevel@tonic-gate * client which encryption types are supported.
401159d09a2SMark Phalan * The same data structure is used by both etype-info and etype-info2
4027c478bd9Sstevel@tonic-gate * but s2kparams must be null when encoding etype-info.
4037c478bd9Sstevel@tonic-gate */
4047c478bd9Sstevel@tonic-gate typedef struct _krb5_etype_info_entry {
4057c478bd9Sstevel@tonic-gate krb5_magic magic;
4067c478bd9Sstevel@tonic-gate krb5_enctype etype;
4077c478bd9Sstevel@tonic-gate unsigned int length;
4087c478bd9Sstevel@tonic-gate krb5_octet *salt;
409159d09a2SMark Phalan krb5_data s2kparams;
4107c478bd9Sstevel@tonic-gate } krb5_etype_info_entry;
4117c478bd9Sstevel@tonic-gate
412*55fea89dSDan Cross /*
4137c478bd9Sstevel@tonic-gate * This is essentially -1 without sign extension which can screw up
4147c478bd9Sstevel@tonic-gate * comparisons on 64 bit machines. If the length is this value, then
4157c478bd9Sstevel@tonic-gate * the salt data is not present. This is to distinguish between not
416*55fea89dSDan Cross * being set and being of 0 length.
4177c478bd9Sstevel@tonic-gate */
4187c478bd9Sstevel@tonic-gate #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS
4197c478bd9Sstevel@tonic-gate
4207c478bd9Sstevel@tonic-gate typedef krb5_etype_info_entry ** krb5_etype_info;
4217c478bd9Sstevel@tonic-gate
422ba7b222eSGlenn Barry /* RFC 4537 */
423ba7b222eSGlenn Barry typedef struct _krb5_etype_list {
424ba7b222eSGlenn Barry int length;
425ba7b222eSGlenn Barry krb5_enctype *etypes;
426ba7b222eSGlenn Barry } krb5_etype_list;
427ba7b222eSGlenn Barry
4287c478bd9Sstevel@tonic-gate /*
429*55fea89dSDan Cross * a sam_challenge is returned for alternate preauth
4307c478bd9Sstevel@tonic-gate */
4317c478bd9Sstevel@tonic-gate /*
4327c478bd9Sstevel@tonic-gate SAMFlags ::= BIT STRING {
4337c478bd9Sstevel@tonic-gate use-sad-as-key[0],
4347c478bd9Sstevel@tonic-gate send-encrypted-sad[1],
4357c478bd9Sstevel@tonic-gate must-pk-encrypt-sad[2]
4367c478bd9Sstevel@tonic-gate }
4377c478bd9Sstevel@tonic-gate */
4387c478bd9Sstevel@tonic-gate /*
4397c478bd9Sstevel@tonic-gate PA-SAM-CHALLENGE ::= SEQUENCE {
4407c478bd9Sstevel@tonic-gate sam-type[0] INTEGER,
4417c478bd9Sstevel@tonic-gate sam-flags[1] SAMFlags,
4427c478bd9Sstevel@tonic-gate sam-type-name[2] GeneralString OPTIONAL,
4437c478bd9Sstevel@tonic-gate sam-track-id[3] GeneralString OPTIONAL,
4447c478bd9Sstevel@tonic-gate sam-challenge-label[4] GeneralString OPTIONAL,
4457c478bd9Sstevel@tonic-gate sam-challenge[5] GeneralString OPTIONAL,
4467c478bd9Sstevel@tonic-gate sam-response-prompt[6] GeneralString OPTIONAL,
4477c478bd9Sstevel@tonic-gate sam-pk-for-sad[7] EncryptionKey OPTIONAL,
4487c478bd9Sstevel@tonic-gate sam-nonce[8] INTEGER OPTIONAL,
4497c478bd9Sstevel@tonic-gate sam-cksum[9] Checksum OPTIONAL
4507c478bd9Sstevel@tonic-gate }
4517c478bd9Sstevel@tonic-gate */
4527c478bd9Sstevel@tonic-gate /* sam_type values -- informational only */
4537c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ENIGMA 1 /* Enigma Logic */
4547c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH 2 /* Digital Pathways */
4557c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY_K0 3 /* S/key where KDC has key 0 */
4567c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY 4 /* Traditional S/Key */
4577c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID 5 /* Security Dynamics */
4587c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_CRYPTOCARD 6 /* CRYPTOCard */
4597c478bd9Sstevel@tonic-gate #if 1 /* XXX need to figure out who has which numbers assigned */
4607c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_DEC 6 /* ActivCard decimal mode */
4617c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_HEX 7 /* ActivCard hex mode */
4627c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH_HEX 8 /* Digital Pathways hex mode */
4637c478bd9Sstevel@tonic-gate #endif
4647c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_EXP_BASE 128 /* experimental */
4657c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */
4667c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */
4677c478bd9Sstevel@tonic-gate
4687c478bd9Sstevel@tonic-gate typedef struct _krb5_predicted_sam_response {
4697c478bd9Sstevel@tonic-gate krb5_magic magic;
4707c478bd9Sstevel@tonic-gate krb5_keyblock sam_key;
471159d09a2SMark Phalan krb5_flags sam_flags; /* Makes key munging easier */
472159d09a2SMark Phalan krb5_timestamp stime; /* time on server, for replay detection */
473159d09a2SMark Phalan krb5_int32 susec;
474159d09a2SMark Phalan krb5_principal client;
475159d09a2SMark Phalan krb5_data msd; /* mechanism specific data */
4767c478bd9Sstevel@tonic-gate } krb5_predicted_sam_response;
4777c478bd9Sstevel@tonic-gate
4787c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge {
4797c478bd9Sstevel@tonic-gate krb5_magic magic;
4807c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */
4817c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */
4827c478bd9Sstevel@tonic-gate krb5_data sam_type_name;
4837c478bd9Sstevel@tonic-gate krb5_data sam_track_id;
4847c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label;
4857c478bd9Sstevel@tonic-gate krb5_data sam_challenge;
4867c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt;
4877c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad;
4887c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce;
4897c478bd9Sstevel@tonic-gate krb5_checksum sam_cksum;
4907c478bd9Sstevel@tonic-gate } krb5_sam_challenge;
4917c478bd9Sstevel@tonic-gate
4927c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_key { /* reserved for future use */
4937c478bd9Sstevel@tonic-gate krb5_magic magic;
4947c478bd9Sstevel@tonic-gate krb5_keyblock sam_key;
4957c478bd9Sstevel@tonic-gate } krb5_sam_key;
4967c478bd9Sstevel@tonic-gate
4977c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc {
4987c478bd9Sstevel@tonic-gate krb5_magic magic;
4997c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce;
5007c478bd9Sstevel@tonic-gate krb5_timestamp sam_timestamp;
5017c478bd9Sstevel@tonic-gate krb5_int32 sam_usec;
5027c478bd9Sstevel@tonic-gate krb5_data sam_sad;
5037c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc;
5047c478bd9Sstevel@tonic-gate
5057c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response {
5067c478bd9Sstevel@tonic-gate krb5_magic magic;
5077c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */
5087c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */
5097c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */
5107c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */
5117c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */
5127c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce;
5137c478bd9Sstevel@tonic-gate krb5_timestamp sam_patimestamp;
5147c478bd9Sstevel@tonic-gate } krb5_sam_response;
5157c478bd9Sstevel@tonic-gate
5167c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2 {
5177c478bd9Sstevel@tonic-gate krb5_data sam_challenge_2_body;
5187c478bd9Sstevel@tonic-gate krb5_checksum **sam_cksum; /* Array of checksums */
5197c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2;
5207c478bd9Sstevel@tonic-gate
5217c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2_body {
5227c478bd9Sstevel@tonic-gate krb5_magic magic;
5237c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */
5247c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */
5257c478bd9Sstevel@tonic-gate krb5_data sam_type_name;
5267c478bd9Sstevel@tonic-gate krb5_data sam_track_id;
5277c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label;
5287c478bd9Sstevel@tonic-gate krb5_data sam_challenge;
5297c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt;
5307c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad;
5317c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce;
5327c478bd9Sstevel@tonic-gate krb5_enctype sam_etype;
5337c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2_body;
5347c478bd9Sstevel@tonic-gate
5357c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response_2 {
5367c478bd9Sstevel@tonic-gate krb5_magic magic;
5377c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */
5387c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */
5397c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */
5407c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */
5417c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce;
5427c478bd9Sstevel@tonic-gate } krb5_sam_response_2;
5437c478bd9Sstevel@tonic-gate
5447c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc_2 {
5457c478bd9Sstevel@tonic-gate krb5_magic magic;
5467c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce;
5477c478bd9Sstevel@tonic-gate krb5_data sam_sad;
5487c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc_2;
5497c478bd9Sstevel@tonic-gate
550159d09a2SMark Phalan /*
551159d09a2SMark Phalan * Keep the pkinit definitions in a separate file so that the plugin
552159d09a2SMark Phalan * only has to include k5-int-pkinit.h rather than k5-int.h
553159d09a2SMark Phalan */
554159d09a2SMark Phalan
555159d09a2SMark Phalan #include "k5-int-pkinit.h"
556159d09a2SMark Phalan
5577c478bd9Sstevel@tonic-gate /*
5587c478bd9Sstevel@tonic-gate * Begin "dbm.h"
5597c478bd9Sstevel@tonic-gate */
5607c478bd9Sstevel@tonic-gate #ifndef _KERNEL
5617c478bd9Sstevel@tonic-gate
5627c478bd9Sstevel@tonic-gate /*
5637c478bd9Sstevel@tonic-gate * Since we are always using db, use the db-ndbm include header file.
564*55fea89dSDan Cross */
5657c478bd9Sstevel@tonic-gate
5667c478bd9Sstevel@tonic-gate #include "db-ndbm.h"
567*55fea89dSDan Cross
5687c478bd9Sstevel@tonic-gate #endif /* !KERNEL */
5697c478bd9Sstevel@tonic-gate /*
5707c478bd9Sstevel@tonic-gate * End "dbm.h"
5717c478bd9Sstevel@tonic-gate */
5727c478bd9Sstevel@tonic-gate
5737c478bd9Sstevel@tonic-gate /*
5747c478bd9Sstevel@tonic-gate * Begin "ext-proto.h"
5757c478bd9Sstevel@tonic-gate */
5767c478bd9Sstevel@tonic-gate #ifndef KRB5_EXT_PROTO__
5777c478bd9Sstevel@tonic-gate #define KRB5_EXT_PROTO__
5787c478bd9Sstevel@tonic-gate
5797c478bd9Sstevel@tonic-gate #ifndef _KERNEL
5807c478bd9Sstevel@tonic-gate #include <stdlib.h>
5817c478bd9Sstevel@tonic-gate #include <string.h>
5827c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
5837c478bd9Sstevel@tonic-gate
5847c478bd9Sstevel@tonic-gate #ifndef HAVE_STRDUP
5857c478bd9Sstevel@tonic-gate extern char *strdup (const char *);
5867c478bd9Sstevel@tonic-gate #endif
5877c478bd9Sstevel@tonic-gate
5887c478bd9Sstevel@tonic-gate #ifndef _KERNEL
5897c478bd9Sstevel@tonic-gate #ifdef HAVE_UNISTD_H
5907c478bd9Sstevel@tonic-gate #include <unistd.h>
5917c478bd9Sstevel@tonic-gate #endif
5927c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
5937c478bd9Sstevel@tonic-gate
5947c478bd9Sstevel@tonic-gate #endif /* KRB5_EXT_PROTO__ */
5957c478bd9Sstevel@tonic-gate /*
5967c478bd9Sstevel@tonic-gate * End "ext-proto.h"
5977c478bd9Sstevel@tonic-gate */
5987c478bd9Sstevel@tonic-gate
5997c478bd9Sstevel@tonic-gate /*
6007c478bd9Sstevel@tonic-gate * Begin "sysincl.h"
6017c478bd9Sstevel@tonic-gate */
6027c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSINCL__
6037c478bd9Sstevel@tonic-gate #define KRB5_SYSINCL__
6047c478bd9Sstevel@tonic-gate
6057c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__
6067c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__
6077c478bd9Sstevel@tonic-gate /* needed for much of the rest -- but already handled in krb5.h? */
6087c478bd9Sstevel@tonic-gate /* #include <sys/types.h> */
6097c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */
6107c478bd9Sstevel@tonic-gate
6117c478bd9Sstevel@tonic-gate #ifdef _KERNEL
6127c478bd9Sstevel@tonic-gate #include <sys/time.h>
6137c478bd9Sstevel@tonic-gate #else
6147c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TIME_H
6157c478bd9Sstevel@tonic-gate #include <sys/time.h>
6167c478bd9Sstevel@tonic-gate #ifdef TIME_WITH_SYS_TIME
6177c478bd9Sstevel@tonic-gate #include <time.h>
6187c478bd9Sstevel@tonic-gate #endif
6197c478bd9Sstevel@tonic-gate #else
6207c478bd9Sstevel@tonic-gate #include <time.h>
6217c478bd9Sstevel@tonic-gate #endif
6227c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
6237c478bd9Sstevel@tonic-gate
6247c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_STAT_H
6257c478bd9Sstevel@tonic-gate #include <sys/stat.h> /* struct stat, stat() */
6267c478bd9Sstevel@tonic-gate #endif
6277c478bd9Sstevel@tonic-gate
6287c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_PARAM_H
6297c478bd9Sstevel@tonic-gate #include <sys/param.h> /* MAXPATHLEN */
6307c478bd9Sstevel@tonic-gate #endif
6317c478bd9Sstevel@tonic-gate
6327c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_FILE_H
6337c478bd9Sstevel@tonic-gate #include <sys/file.h> /* prototypes for file-related
6347c478bd9Sstevel@tonic-gate syscalls; flags for open &
6357c478bd9Sstevel@tonic-gate friends */
6367c478bd9Sstevel@tonic-gate #endif
6377c478bd9Sstevel@tonic-gate
6387c478bd9Sstevel@tonic-gate #ifdef _KERNEL
6397c478bd9Sstevel@tonic-gate #include <sys/fcntl.h>
6407c478bd9Sstevel@tonic-gate #else
6417c478bd9Sstevel@tonic-gate #include <fcntl.h>
6427c478bd9Sstevel@tonic-gate #endif
6437c478bd9Sstevel@tonic-gate
6447c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSINCL__ */
6457c478bd9Sstevel@tonic-gate /*
6467c478bd9Sstevel@tonic-gate * End "sysincl.h"
6477c478bd9Sstevel@tonic-gate */
6487c478bd9Sstevel@tonic-gate
6497c478bd9Sstevel@tonic-gate /*
6507c478bd9Sstevel@tonic-gate * Begin "los-proto.h"
6517c478bd9Sstevel@tonic-gate */
6527c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS_PROTO__
6537c478bd9Sstevel@tonic-gate #define KRB5_LIBOS_PROTO__
654159d09a2SMark Phalan #endif
6557c478bd9Sstevel@tonic-gate
6567c478bd9Sstevel@tonic-gate #ifndef _KERNEL
6577c478bd9Sstevel@tonic-gate #include <stdio.h>
6587c478bd9Sstevel@tonic-gate
6597c478bd9Sstevel@tonic-gate struct addrlist;
660159d09a2SMark Phalan struct sendto_callback_info;
6617c478bd9Sstevel@tonic-gate #endif
6627c478bd9Sstevel@tonic-gate
6637c478bd9Sstevel@tonic-gate /* libos.spec */
664159d09a2SMark Phalan krb5_error_code krb5_lock_file (krb5_context, int, int);
665159d09a2SMark Phalan krb5_error_code krb5_unlock_file (krb5_context, int);
666159d09a2SMark Phalan krb5_error_code krb5_sendto_kdc (krb5_context, const krb5_data *,
667159d09a2SMark Phalan const krb5_data *, krb5_data *, int *, int);
6685e01956fSGlenn Barry /* Solaris Kerberos */
6695e01956fSGlenn Barry krb5_error_code krb5_sendto_kdc2 (krb5_context, const krb5_data *,
6705e01956fSGlenn Barry const krb5_data *, krb5_data *, int *, int,
6715e01956fSGlenn Barry char **);
672159d09a2SMark Phalan
6737c478bd9Sstevel@tonic-gate
674159d09a2SMark Phalan krb5_error_code krb5_get_krbhst (krb5_context, const krb5_data *, char *** );
675159d09a2SMark Phalan krb5_error_code krb5_free_krbhst (krb5_context, char * const * );
676159d09a2SMark Phalan krb5_error_code krb5_create_secure_file (krb5_context, const char * pathname);
6777c478bd9Sstevel@tonic-gate
678159d09a2SMark Phalan int krb5_net_read (krb5_context, int , char *, int);
6797c478bd9Sstevel@tonic-gate
6807c478bd9Sstevel@tonic-gate int krb5_net_write
6817c478bd9Sstevel@tonic-gate (krb5_context, int , const char *, int);
6827c478bd9Sstevel@tonic-gate
6837c478bd9Sstevel@tonic-gate
6847c478bd9Sstevel@tonic-gate krb5_error_code krb5_gen_replay_name
6857c478bd9Sstevel@tonic-gate (krb5_context, const krb5_address *, const char *, char **);
6867c478bd9Sstevel@tonic-gate
6877c478bd9Sstevel@tonic-gate
6887c478bd9Sstevel@tonic-gate #ifndef _KERNEL
689159d09a2SMark Phalan
690159d09a2SMark Phalan krb5_error_code krb5_sync_disk_file (krb5_context, FILE *fp);
6917c478bd9Sstevel@tonic-gate
6927c478bd9Sstevel@tonic-gate krb5_error_code
6937c478bd9Sstevel@tonic-gate krb5_open_pkcs11_session(CK_SESSION_HANDLE *);
6947c478bd9Sstevel@tonic-gate
6957c478bd9Sstevel@tonic-gate
6967c478bd9Sstevel@tonic-gate krb5_error_code krb5_read_message
6977c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *);
6987c478bd9Sstevel@tonic-gate
6997c478bd9Sstevel@tonic-gate krb5_error_code krb5_write_message
7007c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *);
701159d09a2SMark Phalan krb5_error_code krb5int_sendto (krb5_context context, const krb5_data *message,
702159d09a2SMark Phalan const struct addrlist *addrs, struct sendto_callback_info* callback_info,
703159d09a2SMark Phalan krb5_data *reply, struct sockaddr *localaddr, socklen_t *localaddrlen,
704159d09a2SMark Phalan struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, int *addr_used,
705159d09a2SMark Phalan int (*msg_handler)(krb5_context, const krb5_data *, void *),
706159d09a2SMark Phalan void *msg_handler_data);
70754925bf6Swillf
7087c478bd9Sstevel@tonic-gate krb5_error_code krb5int_get_fq_local_hostname (char *, size_t);
709ba7b222eSGlenn Barry
710ba7b222eSGlenn Barry krb5_error_code krb5_set_debugging_time
711ba7b222eSGlenn Barry (krb5_context, krb5_timestamp, krb5_int32);
712ba7b222eSGlenn Barry krb5_error_code krb5_use_natural_time
713ba7b222eSGlenn Barry (krb5_context);
714ba7b222eSGlenn Barry krb5_error_code krb5_set_time_offsets
715ba7b222eSGlenn Barry (krb5_context, krb5_timestamp, krb5_int32);
716ba7b222eSGlenn Barry krb5_error_code krb5int_check_clockskew(krb5_context, krb5_timestamp);
71754925bf6Swillf #endif
7187c478bd9Sstevel@tonic-gate
719fe598cdcSmp /*
720fe598cdcSmp * Solaris Kerberos
721fe598cdcSmp * The following two functions are needed for better realm
722fe598cdcSmp * determination based on the DNS domain name.
723fe598cdcSmp */
724fe598cdcSmp krb5_error_code krb5int_lookup_host(int , const char *, char **);
725fe598cdcSmp
726fe598cdcSmp krb5_error_code krb5int_domain_get_realm(krb5_context, const char *,
727fe598cdcSmp char **);
728fe598cdcSmp krb5_error_code krb5int_fqdn_get_realm(krb5_context, const char *,
729fe598cdcSmp char **);
730fe598cdcSmp
73154925bf6Swillf krb5_error_code krb5int_init_context_kdc(krb5_context *);
73254925bf6Swillf
733159d09a2SMark Phalan krb5_error_code krb5_os_init_context (krb5_context, krb5_boolean);
7347c478bd9Sstevel@tonic-gate
7357c478bd9Sstevel@tonic-gate void krb5_os_free_context (krb5_context);
7367c478bd9Sstevel@tonic-gate
737*55fea89dSDan Cross /* This function is needed by KfM's KerberosPreferences API
738159d09a2SMark Phalan * because it needs to be able to specify "secure" */
739505d05c7Sgtb #ifndef _KERNEL
740*55fea89dSDan Cross krb5_error_code os_get_default_config_files
741159d09a2SMark Phalan (profile_filespec_t **pfiles, krb5_boolean secure);
742505d05c7Sgtb #endif
743505d05c7Sgtb
744159d09a2SMark Phalan krb5_error_code krb5_os_hostaddr
745159d09a2SMark Phalan (krb5_context, const char *, krb5_address ***);
746505d05c7Sgtb
7477c478bd9Sstevel@tonic-gate #ifndef _KERNEL
7487c478bd9Sstevel@tonic-gate /* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're
749159d09a2SMark Phalan going to use this structure. */
7507c478bd9Sstevel@tonic-gate struct addrlist {
751159d09a2SMark Phalan struct {
752159d09a2SMark Phalan #ifdef FAI_DEFINED
753159d09a2SMark Phalan struct addrinfo *ai;
754159d09a2SMark Phalan #else
755159d09a2SMark Phalan struct undefined_addrinfo *ai;
756159d09a2SMark Phalan #endif
757159d09a2SMark Phalan void (*freefn)(void *);
758159d09a2SMark Phalan void *data;
759159d09a2SMark Phalan } *addrs;
760159d09a2SMark Phalan int naddrs;
761159d09a2SMark Phalan int space;
7627c478bd9Sstevel@tonic-gate };
763159d09a2SMark Phalan #define ADDRLIST_INIT { 0, 0, 0 }
7647c478bd9Sstevel@tonic-gate extern void krb5int_free_addrlist (struct addrlist *);
7657c478bd9Sstevel@tonic-gate extern int krb5int_grow_addrlist (struct addrlist *, int);
7667c478bd9Sstevel@tonic-gate extern int krb5int_add_host_to_list (struct addrlist *, const char *,
767159d09a2SMark Phalan int, int, int, int);
7687c478bd9Sstevel@tonic-gate
769159d09a2SMark Phalan #include <locate_plugin.h>
77010db1377Sgtb krb5_error_code
771159d09a2SMark Phalan krb5int_locate_server (krb5_context, const krb5_data *realm,
772159d09a2SMark Phalan struct addrlist *, enum locate_service_type svc,
773159d09a2SMark Phalan int sockettype, int family);
77410db1377Sgtb
7757c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
7767c478bd9Sstevel@tonic-gate
7777c478bd9Sstevel@tonic-gate /* new encryption provider api */
7787c478bd9Sstevel@tonic-gate
7797c478bd9Sstevel@tonic-gate struct krb5_enc_provider {
780*55fea89dSDan Cross /* keybytes is the input size to make_key;
7817c478bd9Sstevel@tonic-gate keylength is the output size */
782505d05c7Sgtb size_t block_size, keybytes, keylength;
7837c478bd9Sstevel@tonic-gate
784505d05c7Sgtb /* cipher-state == 0 fresh state thrown away at end */
7857c478bd9Sstevel@tonic-gate krb5_error_code (*encrypt) (
7867c478bd9Sstevel@tonic-gate krb5_context context,
7877c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec,
7887c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output);
7897c478bd9Sstevel@tonic-gate
7907c478bd9Sstevel@tonic-gate krb5_error_code (*decrypt) (
7917c478bd9Sstevel@tonic-gate krb5_context context,
7927c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec,
7937c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output);
7947c478bd9Sstevel@tonic-gate
7957c478bd9Sstevel@tonic-gate krb5_error_code (*make_key)
7967c478bd9Sstevel@tonic-gate (krb5_context, krb5_const krb5_data *, krb5_keyblock *);
7977c478bd9Sstevel@tonic-gate
7987c478bd9Sstevel@tonic-gate krb5_error_code (*init_state) (krb5_context,
7997c478bd9Sstevel@tonic-gate const krb5_keyblock *,
8007c478bd9Sstevel@tonic-gate krb5_keyusage, krb5_data *);
8017c478bd9Sstevel@tonic-gate krb5_error_code (*free_state) (krb5_context, krb5_data *);
8027c478bd9Sstevel@tonic-gate
8037c478bd9Sstevel@tonic-gate };
8047c478bd9Sstevel@tonic-gate
8057c478bd9Sstevel@tonic-gate struct krb5_hash_provider {
806159d09a2SMark Phalan size_t hashsize, blocksize;
8077c478bd9Sstevel@tonic-gate
8087c478bd9Sstevel@tonic-gate /* this takes multiple inputs to avoid lots of copying. */
8097c478bd9Sstevel@tonic-gate krb5_error_code (*hash) (krb5_context context,
8107c478bd9Sstevel@tonic-gate unsigned int icount, krb5_const krb5_data *input,
8117c478bd9Sstevel@tonic-gate krb5_data *output);
8127c478bd9Sstevel@tonic-gate };
8137c478bd9Sstevel@tonic-gate
8147c478bd9Sstevel@tonic-gate struct krb5_keyhash_provider {
815505d05c7Sgtb size_t hashsize;
8167c478bd9Sstevel@tonic-gate
8177c478bd9Sstevel@tonic-gate krb5_error_code (*hash) (
8187c478bd9Sstevel@tonic-gate krb5_context context,
8197c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key,
8207c478bd9Sstevel@tonic-gate krb5_keyusage keyusage,
8217c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec,
8227c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output);
8237c478bd9Sstevel@tonic-gate
8247c478bd9Sstevel@tonic-gate krb5_error_code (*verify) (
8257c478bd9Sstevel@tonic-gate krb5_context context,
8267c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key,
8277c478bd9Sstevel@tonic-gate krb5_keyusage keyusage,
8287c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec,
8297c478bd9Sstevel@tonic-gate krb5_const krb5_data *input,
8307c478bd9Sstevel@tonic-gate krb5_const krb5_data *hash,
8317c478bd9Sstevel@tonic-gate krb5_boolean *valid);
8327c478bd9Sstevel@tonic-gate
8337c478bd9Sstevel@tonic-gate };
8347c478bd9Sstevel@tonic-gate
835159d09a2SMark Phalan typedef void (*krb5_encrypt_length_func) (const struct krb5_enc_provider *enc,
836159d09a2SMark Phalan const struct krb5_hash_provider *hash,
8377c478bd9Sstevel@tonic-gate size_t inputlen, size_t *length);
8387c478bd9Sstevel@tonic-gate
8397c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_crypt_func) (
8407c478bd9Sstevel@tonic-gate krb5_context context,
8417c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc,
8427c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *hash,
8437c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_keyusage usage,
8447c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec,
8457c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output);
8467c478bd9Sstevel@tonic-gate
8477c478bd9Sstevel@tonic-gate #ifndef _KERNEL
8487c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_str2key_func) (
8497c478bd9Sstevel@tonic-gate krb5_context context,
8507c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, krb5_const krb5_data *string,
8517c478bd9Sstevel@tonic-gate krb5_const krb5_data *salt, krb5_const krb5_data *params,
8527c478bd9Sstevel@tonic-gate krb5_keyblock *key);
8537c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
8547c478bd9Sstevel@tonic-gate
855159d09a2SMark Phalan typedef krb5_error_code (*krb5_prf_func)(
856159d09a2SMark Phalan const struct krb5_enc_provider *enc,
857159d09a2SMark Phalan const struct krb5_hash_provider *hash,
858159d09a2SMark Phalan const krb5_keyblock *key,
859159d09a2SMark Phalan const krb5_data *in, krb5_data *out);
860159d09a2SMark Phalan
8617c478bd9Sstevel@tonic-gate struct krb5_keytypes {
8627c478bd9Sstevel@tonic-gate krb5_enctype etype;
8637c478bd9Sstevel@tonic-gate char *in_string;
8647c478bd9Sstevel@tonic-gate char *out_string;
8657c478bd9Sstevel@tonic-gate const struct krb5_enc_provider *enc;
8667c478bd9Sstevel@tonic-gate const struct krb5_hash_provider *hash;
8677c478bd9Sstevel@tonic-gate krb5_encrypt_length_func encrypt_len;
8687c478bd9Sstevel@tonic-gate krb5_crypt_func encrypt;
8697c478bd9Sstevel@tonic-gate krb5_crypt_func decrypt;
8707c478bd9Sstevel@tonic-gate krb5_cksumtype required_ctype;
8717c478bd9Sstevel@tonic-gate #ifndef _KERNEL
8727c478bd9Sstevel@tonic-gate /* Solaris Kerberos: strings to key conversion not done in the kernel */
8737c478bd9Sstevel@tonic-gate krb5_str2key_func str2key;
8747c478bd9Sstevel@tonic-gate #else /* _KERNEL */
8757c478bd9Sstevel@tonic-gate char *mt_e_name;
8767c478bd9Sstevel@tonic-gate char *mt_h_name;
8777c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cipher_mt;
8787c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_hash_mt;
8797c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
8807c478bd9Sstevel@tonic-gate };
8817c478bd9Sstevel@tonic-gate
8827c478bd9Sstevel@tonic-gate struct krb5_cksumtypes {
8837c478bd9Sstevel@tonic-gate krb5_cksumtype ctype;
8847c478bd9Sstevel@tonic-gate unsigned int flags;
8857c478bd9Sstevel@tonic-gate char *in_string;
8867c478bd9Sstevel@tonic-gate char *out_string;
8877c478bd9Sstevel@tonic-gate /* if the hash is keyed, this is the etype it is keyed with.
8887c478bd9Sstevel@tonic-gate Actually, it can be keyed by any etype which has the same
8897c478bd9Sstevel@tonic-gate enc_provider as the specified etype. DERIVE checksums can
8907c478bd9Sstevel@tonic-gate be keyed with any valid etype. */
8917c478bd9Sstevel@tonic-gate krb5_enctype keyed_etype;
8927c478bd9Sstevel@tonic-gate /* I can't statically initialize a union, so I'm just going to use
8937c478bd9Sstevel@tonic-gate two pointers here. The keyhash is used if non-NULL. If NULL,
8947c478bd9Sstevel@tonic-gate then HMAC/hash with derived keys is used if the relevant flag
8957c478bd9Sstevel@tonic-gate is set. Otherwise, a non-keyed hash is computed. This is all
8967c478bd9Sstevel@tonic-gate kind of messy, but so is the krb5 api. */
8977c478bd9Sstevel@tonic-gate const struct krb5_keyhash_provider *keyhash;
8987c478bd9Sstevel@tonic-gate const struct krb5_hash_provider *hash;
8997c478bd9Sstevel@tonic-gate /* This just gets uglier and uglier. In the key derivation case,
900159d09a2SMark Phalan we produce an hmac. To make the hmac code work, we can't hack
901159d09a2SMark Phalan the output size indicated by the hash provider, but we may want
902159d09a2SMark Phalan a truncated hmac. If we want truncation, this is the number of
903159d09a2SMark Phalan bytes we truncate to; it should be 0 otherwise. */
9047c478bd9Sstevel@tonic-gate unsigned int trunc_size;
9057c478bd9Sstevel@tonic-gate #ifdef _KERNEL
9067c478bd9Sstevel@tonic-gate char *mt_c_name;
9077c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cksum_mt;
9087c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
9097c478bd9Sstevel@tonic-gate };
9107c478bd9Sstevel@tonic-gate
9117c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_DERIVE 0x0001
9127c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002
9137c478bd9Sstevel@tonic-gate
914159d09a2SMark Phalan /*
915159d09a2SMark Phalan * in here to deal with stuff from lib/crypto
916159d09a2SMark Phalan */
917159d09a2SMark Phalan
918159d09a2SMark Phalan void krb5_nfold
919159d09a2SMark Phalan (unsigned int inbits, const unsigned char *in,
920159d09a2SMark Phalan unsigned int outbits, unsigned char *out);
921159d09a2SMark Phalan
922159d09a2SMark Phalan krb5_error_code krb5int_pbkdf2_hmac_sha1 (krb5_context,
923159d09a2SMark Phalan const krb5_data *,
924159d09a2SMark Phalan unsigned long,
925159d09a2SMark Phalan krb5_enctype,
926159d09a2SMark Phalan const krb5_data *,
927159d09a2SMark Phalan const krb5_data *);
928159d09a2SMark Phalan
929*55fea89dSDan Cross /* Make this a function eventually? */
930159d09a2SMark Phalan #ifdef _WIN32
931159d09a2SMark Phalan # define krb5int_zap_data(ptr, len) SecureZeroMemory(ptr, len)
932159d09a2SMark Phalan #elif defined(__palmos__) && !defined(__GNUC__)
933159d09a2SMark Phalan /* CodeWarrior 8.3 complains about passing a pointer to volatile in to
934159d09a2SMark Phalan memset. On the other hand, we probably want it for gcc. */
935159d09a2SMark Phalan # define krb5int_zap_data(ptr, len) memset(ptr, 0, len)
936159d09a2SMark Phalan #else
937159d09a2SMark Phalan # define krb5int_zap_data(ptr, len) memset((void *)ptr, 0, len)
938159d09a2SMark Phalan # if defined(__GNUC__) && defined(__GLIBC__)
939159d09a2SMark Phalan /* GNU libc generates multiple bogus initialization warnings if we
940159d09a2SMark Phalan pass memset a volatile pointer. The compiler should do well enough
941159d09a2SMark Phalan with memset even without GNU libc's attempt at optimization. */
942159d09a2SMark Phalan # undef memset
943159d09a2SMark Phalan # endif
944159d09a2SMark Phalan #endif /* WIN32 */
945159d09a2SMark Phalan #define zap(p,l) krb5int_zap_data(p,l)
946159d09a2SMark Phalan
947159d09a2SMark Phalan
948159d09a2SMark Phalan krb5_error_code krb5int_des_init_state
949159d09a2SMark Phalan ( krb5_context,
9507c478bd9Sstevel@tonic-gate const krb5_keyblock *,
9517c478bd9Sstevel@tonic-gate krb5_keyusage, krb5_data *);
9527c478bd9Sstevel@tonic-gate
9537c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_mandatory_cksumtype(
9547c478bd9Sstevel@tonic-gate krb5_context,
9557c478bd9Sstevel@tonic-gate krb5_enctype,
9567c478bd9Sstevel@tonic-gate krb5_cksumtype *);
9577c478bd9Sstevel@tonic-gate
958*55fea89dSDan Cross /*
9597c478bd9Sstevel@tonic-gate * normally to free a cipher_state you can just memset the length to zero and
9607c478bd9Sstevel@tonic-gate * free it.
9617c478bd9Sstevel@tonic-gate */
962159d09a2SMark Phalan krb5_error_code krb5int_default_free_state
963159d09a2SMark Phalan (krb5_context, krb5_data *);
964159d09a2SMark Phalan
9657c478bd9Sstevel@tonic-gate
9667c478bd9Sstevel@tonic-gate /*
9677c478bd9Sstevel@tonic-gate * Combine two keys (normally used by the hardware preauth mechanism)
9687c478bd9Sstevel@tonic-gate */
9697c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_combine_keys
9707c478bd9Sstevel@tonic-gate (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2,
9717c478bd9Sstevel@tonic-gate krb5_keyblock *outkey);
9727c478bd9Sstevel@tonic-gate
9737c478bd9Sstevel@tonic-gate
9747c478bd9Sstevel@tonic-gate #ifdef _KERNEL
9757c478bd9Sstevel@tonic-gate
9767c478bd9Sstevel@tonic-gate int k5_ef_crypto(
9777c478bd9Sstevel@tonic-gate const char *, char *,
9787c478bd9Sstevel@tonic-gate long, krb5_keyblock *,
979c54c769dSwillf const krb5_data *, int);
9807c478bd9Sstevel@tonic-gate
9817c478bd9Sstevel@tonic-gate krb5_error_code
9827c478bd9Sstevel@tonic-gate krb5_hmac(krb5_context, const krb5_keyblock *,
9837c478bd9Sstevel@tonic-gate krb5_const krb5_data *, krb5_data *);
9847c478bd9Sstevel@tonic-gate
9857c478bd9Sstevel@tonic-gate #else
9867c478bd9Sstevel@tonic-gate krb5_error_code krb5_hmac
9877c478bd9Sstevel@tonic-gate (krb5_context,
9887c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *,
9897c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, krb5_const unsigned int,
9907c478bd9Sstevel@tonic-gate krb5_const krb5_data *, krb5_data *);
9917c478bd9Sstevel@tonic-gate
9927c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
9937c478bd9Sstevel@tonic-gate
994505d05c7Sgtb
995*55fea89dSDan Cross /*
996505d05c7Sgtb * These declarations are here, so both krb5 and k5crypto
997505d05c7Sgtb * can get to them.
998505d05c7Sgtb * krb5 needs to get to them so it can make them available to libgssapi.
999505d05c7Sgtb */
1000505d05c7Sgtb extern const struct krb5_enc_provider krb5int_enc_arcfour;
1001505d05c7Sgtb extern const struct krb5_hash_provider krb5int_hash_md5;
1002505d05c7Sgtb
1003505d05c7Sgtb
1004505d05c7Sgtb /* #ifdef KRB5_OLD_CRYPTO XXX SUNW14resync */
1005505d05c7Sgtb
10067c478bd9Sstevel@tonic-gate krb5_error_code krb5_crypto_us_timeofday
1007159d09a2SMark Phalan (krb5_int32 *,
1008159d09a2SMark Phalan krb5_int32 *);
10097c478bd9Sstevel@tonic-gate
101054925bf6Swillf #ifndef _KERNEL
101154925bf6Swillf /* Solaris kerberos: for convenience */
1012159d09a2SMark Phalan time_t krb5int_gmt_mktime (struct tm *);
101354925bf6Swillf #endif /* ! _KERNEL */
101454925bf6Swillf
1015505d05c7Sgtb /* #endif KRB5_OLD_CRYPTO */
1016505d05c7Sgtb
10177c478bd9Sstevel@tonic-gate /* this helper fct is in libkrb5, but it makes sense declared here. */
10187c478bd9Sstevel@tonic-gate
10197c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_helper
1020159d09a2SMark Phalan (krb5_context context, const krb5_keyblock *key,
1021159d09a2SMark Phalan krb5_keyusage keyusage, const krb5_data *plain,
1022159d09a2SMark Phalan krb5_enc_data *cipher);
10237c478bd9Sstevel@tonic-gate
10247c478bd9Sstevel@tonic-gate /*
10257c478bd9Sstevel@tonic-gate * End "los-proto.h"
10267c478bd9Sstevel@tonic-gate */
10277c478bd9Sstevel@tonic-gate
10287c478bd9Sstevel@tonic-gate /*
10297c478bd9Sstevel@tonic-gate * Begin "libos.h"
10307c478bd9Sstevel@tonic-gate */
10317c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS__
10327c478bd9Sstevel@tonic-gate #define KRB5_LIBOS__
10337c478bd9Sstevel@tonic-gate
10347c478bd9Sstevel@tonic-gate typedef struct _krb5_os_context {
1035159d09a2SMark Phalan krb5_magic magic;
1036159d09a2SMark Phalan krb5_int32 time_offset;
1037159d09a2SMark Phalan krb5_int32 usec_offset;
1038159d09a2SMark Phalan krb5_int32 os_flags;
1039159d09a2SMark Phalan char * default_ccname;
10407c478bd9Sstevel@tonic-gate } *krb5_os_context;
10417c478bd9Sstevel@tonic-gate
10427c478bd9Sstevel@tonic-gate /*
10437c478bd9Sstevel@tonic-gate * Flags for the os_flags field
10447c478bd9Sstevel@tonic-gate *
10457c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_VALID means that the time offset fields are valid.
10467c478bd9Sstevel@tonic-gate * The intention is that this facility to correct the system clocks so
10477c478bd9Sstevel@tonic-gate * that they reflect the "real" time, for systems where for some
10487c478bd9Sstevel@tonic-gate * reason we can't set the system clock. Instead we calculate the
10497c478bd9Sstevel@tonic-gate * offset between the system time and real time, and store the offset
10507c478bd9Sstevel@tonic-gate * in the os context so that we can correct the system clock as necessary.
10517c478bd9Sstevel@tonic-gate *
10527c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_TIME means that the time offset fields should be
10537c478bd9Sstevel@tonic-gate * returned as the time by the krb5 time routines. This should only
10547c478bd9Sstevel@tonic-gate * be used for testing purposes (obviously!)
10557c478bd9Sstevel@tonic-gate */
10567c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_VALID 1
10577c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_TIME 2
10587c478bd9Sstevel@tonic-gate
10597c478bd9Sstevel@tonic-gate /* lock mode flags */
10607c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_SHARED 0x0001
10617c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_EXCLUSIVE 0x0002
10627c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_DONTBLOCK 0x0004
10637c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_UNLOCK 0x0008
10647c478bd9Sstevel@tonic-gate
10657c478bd9Sstevel@tonic-gate #endif /* KRB5_LIBOS__ */
10667c478bd9Sstevel@tonic-gate /*
10677c478bd9Sstevel@tonic-gate * End "libos.h"
10687c478bd9Sstevel@tonic-gate */
10697c478bd9Sstevel@tonic-gate
10707c478bd9Sstevel@tonic-gate /*
10717c478bd9Sstevel@tonic-gate * Define our view of the size of a DES key.
10727c478bd9Sstevel@tonic-gate */
10737c478bd9Sstevel@tonic-gate #define KRB5_MIT_DES_KEYSIZE 8
10747c478bd9Sstevel@tonic-gate /*
10757c478bd9Sstevel@tonic-gate * Define a couple of SHA1 constants
10767c478bd9Sstevel@tonic-gate */
10777c478bd9Sstevel@tonic-gate #define SHS_DATASIZE 64
10787c478bd9Sstevel@tonic-gate #define SHS_DIGESTSIZE 20
10797c478bd9Sstevel@tonic-gate
10807c478bd9Sstevel@tonic-gate /*
10817c478bd9Sstevel@tonic-gate * Check if des_int.h has been included before us. If so, then check to see
10827c478bd9Sstevel@tonic-gate * that our view of the DES key size is the same as des_int.h's.
10837c478bd9Sstevel@tonic-gate */
10847c478bd9Sstevel@tonic-gate #ifdef MIT_DES_KEYSIZE
10857c478bd9Sstevel@tonic-gate #if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
10867c478bd9Sstevel@tonic-gate error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
10877c478bd9Sstevel@tonic-gate #endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
10887c478bd9Sstevel@tonic-gate #endif /* MIT_DES_KEYSIZE */
10897c478bd9Sstevel@tonic-gate
10907c478bd9Sstevel@tonic-gate #ifndef _KERNEL
10917c478bd9Sstevel@tonic-gate /* Solaris Kerberos: only define PROVIDE_DES3_CBC_SHA if the following are
10927c478bd9Sstevel@tonic-gate * defined.
10937c478bd9Sstevel@tonic-gate */
10947c478bd9Sstevel@tonic-gate #define PROVIDE_DES3_CBC_SHA 1
10957c478bd9Sstevel@tonic-gate #define PROVIDE_NIST_SHA 1
10967c478bd9Sstevel@tonic-gate
10977c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
10987c478bd9Sstevel@tonic-gate
10997c478bd9Sstevel@tonic-gate /*
11007c478bd9Sstevel@tonic-gate * Begin "preauth.h"
11017c478bd9Sstevel@tonic-gate *
11027c478bd9Sstevel@tonic-gate * (Originally written by Glen Machin at Sandia Labs.)
11037c478bd9Sstevel@tonic-gate */
11047c478bd9Sstevel@tonic-gate /*
1105*55fea89dSDan Cross * Sandia National Laboratories also makes no representations about the
1106*55fea89dSDan Cross * suitability of the modifications, or additions to this software for
11077c478bd9Sstevel@tonic-gate * any purpose. It is provided "as is" without express or implied warranty.
1108*55fea89dSDan Cross *
11097c478bd9Sstevel@tonic-gate */
11107c478bd9Sstevel@tonic-gate #ifndef KRB5_PREAUTH__
11117c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH__
11127c478bd9Sstevel@tonic-gate
1113159d09a2SMark Phalan #include <preauth_plugin.h>
1114159d09a2SMark Phalan
1115159d09a2SMark Phalan #define CLIENT_ROCK_MAGIC 0x4352434b
1116159d09a2SMark Phalan /* This structure is passed into the client preauth functions and passed
1117159d09a2SMark Phalan * back to the "get_data_proc" function so that it can locate the
1118159d09a2SMark Phalan * requested information. It is opaque to the plugin code and can be
1119159d09a2SMark Phalan * expanded in the future as new types of requests are defined which
1120159d09a2SMark Phalan * may require other things to be passed through. */
1121159d09a2SMark Phalan typedef struct _krb5_preauth_client_rock {
1122159d09a2SMark Phalan krb5_magic magic;
1123159d09a2SMark Phalan krb5_kdc_rep *as_reply;
1124159d09a2SMark Phalan } krb5_preauth_client_rock;
1125159d09a2SMark Phalan
1126159d09a2SMark Phalan /* This structure lets us keep track of all of the modules which are loaded,
1127159d09a2SMark Phalan * turning the list of modules and their lists of implemented preauth types
1128159d09a2SMark Phalan * into a single list which we can walk easily. */
1129159d09a2SMark Phalan typedef struct _krb5_preauth_context {
1130159d09a2SMark Phalan int n_modules;
1131159d09a2SMark Phalan struct _krb5_preauth_context_module {
1132159d09a2SMark Phalan /* Which of the possibly more than one preauth types which the
1133159d09a2SMark Phalan * module supports we're using at this point in the list. */
1134159d09a2SMark Phalan krb5_preauthtype pa_type;
1135159d09a2SMark Phalan /* Encryption types which the client claims to support -- we
1136159d09a2SMark Phalan * copy them directly into the krb5_kdc_req structure during
1137159d09a2SMark Phalan * krb5_preauth_prepare_request(). */
1138159d09a2SMark Phalan krb5_enctype *enctypes;
1139159d09a2SMark Phalan /* The plugin's per-plugin context and a function to clear it. */
1140159d09a2SMark Phalan void *plugin_context;
1141159d09a2SMark Phalan preauth_client_plugin_fini_proc client_fini;
1142159d09a2SMark Phalan /* The module's table, and some of its members, copied here for
1143159d09a2SMark Phalan * convenience when we populated the list. */
1144159d09a2SMark Phalan struct krb5plugin_preauth_client_ftable_v1 *ftable;
1145159d09a2SMark Phalan const char *name;
1146159d09a2SMark Phalan int flags, use_count;
1147159d09a2SMark Phalan preauth_client_process_proc client_process;
1148159d09a2SMark Phalan preauth_client_tryagain_proc client_tryagain;
1149159d09a2SMark Phalan preauth_client_supply_gic_opts_proc client_supply_gic_opts;
1150159d09a2SMark Phalan preauth_client_request_init_proc client_req_init;
1151159d09a2SMark Phalan preauth_client_request_fini_proc client_req_fini;
1152159d09a2SMark Phalan /* The per-request context which the client_req_init() function
1153159d09a2SMark Phalan * might allocate, which we'll need to clean up later by
1154159d09a2SMark Phalan * calling the client_req_fini() function. */
1155159d09a2SMark Phalan void *request_context;
1156159d09a2SMark Phalan /* A pointer to the request_context pointer. All modules within
1157159d09a2SMark Phalan * a plugin will point at the request_context of the first
1158159d09a2SMark Phalan * module within the plugin. */
1159159d09a2SMark Phalan void **request_context_pp;
1160159d09a2SMark Phalan } *modules;
1161159d09a2SMark Phalan } krb5_preauth_context;
1162159d09a2SMark Phalan
11637c478bd9Sstevel@tonic-gate typedef struct _krb5_pa_enc_ts {
11647c478bd9Sstevel@tonic-gate krb5_timestamp patimestamp;
11657c478bd9Sstevel@tonic-gate krb5_int32 pausec;
11667c478bd9Sstevel@tonic-gate } krb5_pa_enc_ts;
11677c478bd9Sstevel@tonic-gate
1168ba7b222eSGlenn Barry typedef struct _krb5_pa_for_user {
1169ba7b222eSGlenn Barry krb5_principal user;
1170ba7b222eSGlenn Barry krb5_checksum cksum;
1171ba7b222eSGlenn Barry krb5_data auth_package;
1172ba7b222eSGlenn Barry } krb5_pa_for_user;
1173ba7b222eSGlenn Barry
1174ba7b222eSGlenn Barry enum {
1175ba7b222eSGlenn Barry KRB5_FAST_ARMOR_AP_REQUEST = 0x1
1176ba7b222eSGlenn Barry };
1177ba7b222eSGlenn Barry
1178ba7b222eSGlenn Barry typedef struct _krb5_fast_armor {
1179ba7b222eSGlenn Barry krb5_int32 armor_type;
1180ba7b222eSGlenn Barry krb5_data armor_value;
1181ba7b222eSGlenn Barry } krb5_fast_armor;
1182ba7b222eSGlenn Barry typedef struct _krb5_fast_armored_req {
1183ba7b222eSGlenn Barry krb5_magic magic;
1184ba7b222eSGlenn Barry krb5_fast_armor *armor;
1185ba7b222eSGlenn Barry krb5_checksum req_checksum;
1186ba7b222eSGlenn Barry krb5_enc_data enc_part;
1187ba7b222eSGlenn Barry } krb5_fast_armored_req;
1188ba7b222eSGlenn Barry
1189ba7b222eSGlenn Barry typedef struct _krb5_fast_req {
1190ba7b222eSGlenn Barry krb5_magic magic;
1191ba7b222eSGlenn Barry krb5_flags fast_options;
1192ba7b222eSGlenn Barry /* padata from req_body is used*/
1193ba7b222eSGlenn Barry krb5_kdc_req *req_body;
1194ba7b222eSGlenn Barry } krb5_fast_req;
1195ba7b222eSGlenn Barry
1196ba7b222eSGlenn Barry
1197ba7b222eSGlenn Barry /* Bits 0-15 are critical in fast options.*/
1198ba7b222eSGlenn Barry #define UNSUPPORTED_CRITICAL_FAST_OPTIONS 0x00ff
1199ba7b222eSGlenn Barry #define KRB5_FAST_OPTION_HIDE_CLIENT_NAMES 0x01
1200ba7b222eSGlenn Barry
1201ba7b222eSGlenn Barry typedef struct _krb5_fast_finished {
1202ba7b222eSGlenn Barry krb5_timestamp timestamp;
1203ba7b222eSGlenn Barry krb5_int32 usec;
1204ba7b222eSGlenn Barry krb5_principal client;
1205ba7b222eSGlenn Barry krb5_checksum ticket_checksum;
1206ba7b222eSGlenn Barry } krb5_fast_finished;
1207ba7b222eSGlenn Barry
1208ba7b222eSGlenn Barry typedef struct _krb5_fast_response {
1209ba7b222eSGlenn Barry krb5_magic magic;
1210ba7b222eSGlenn Barry krb5_pa_data **padata;
1211ba7b222eSGlenn Barry krb5_keyblock *strengthen_key;
1212ba7b222eSGlenn Barry krb5_fast_finished *finished;
1213ba7b222eSGlenn Barry krb5_int32 nonce;
1214ba7b222eSGlenn Barry } krb5_fast_response;
1215ba7b222eSGlenn Barry
12167c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_obtain_proc)
12177c478bd9Sstevel@tonic-gate (krb5_context,
1218159d09a2SMark Phalan krb5_pa_data *,
1219159d09a2SMark Phalan krb5_etype_info,
1220*55fea89dSDan Cross krb5_keyblock *,
1221159d09a2SMark Phalan krb5_error_code ( * )(krb5_context,
1222159d09a2SMark Phalan const krb5_enctype,
1223159d09a2SMark Phalan krb5_data *,
1224159d09a2SMark Phalan krb5_const_pointer,
1225159d09a2SMark Phalan krb5_keyblock **),
1226159d09a2SMark Phalan krb5_const_pointer,
1227159d09a2SMark Phalan krb5_creds *,
1228159d09a2SMark Phalan krb5_kdc_req *,
1229159d09a2SMark Phalan krb5_pa_data **);
12307c478bd9Sstevel@tonic-gate
12317c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_process_proc)
12327c478bd9Sstevel@tonic-gate (krb5_context,
1233159d09a2SMark Phalan krb5_pa_data *,
1234159d09a2SMark Phalan krb5_kdc_req *,
1235159d09a2SMark Phalan krb5_kdc_rep *,
1236159d09a2SMark Phalan krb5_error_code ( * )(krb5_context,
1237159d09a2SMark Phalan const krb5_enctype,
1238159d09a2SMark Phalan krb5_data *,
1239159d09a2SMark Phalan krb5_const_pointer,
1240159d09a2SMark Phalan krb5_keyblock **),
1241159d09a2SMark Phalan krb5_const_pointer,
1242159d09a2SMark Phalan krb5_error_code ( * )(krb5_context,
1243159d09a2SMark Phalan const krb5_keyblock *,
1244159d09a2SMark Phalan krb5_const_pointer,
1245159d09a2SMark Phalan krb5_kdc_rep * ),
1246159d09a2SMark Phalan krb5_keyblock **,
1247*55fea89dSDan Cross krb5_creds *,
1248159d09a2SMark Phalan krb5_int32 *,
1249159d09a2SMark Phalan krb5_int32 *);
12507c478bd9Sstevel@tonic-gate
12517c478bd9Sstevel@tonic-gate typedef struct _krb5_preauth_ops {
12527c478bd9Sstevel@tonic-gate krb5_magic magic;
12537c478bd9Sstevel@tonic-gate int type;
12547c478bd9Sstevel@tonic-gate int flags;
12557c478bd9Sstevel@tonic-gate krb5_preauth_obtain_proc obtain;
12567c478bd9Sstevel@tonic-gate krb5_preauth_process_proc process;
12577c478bd9Sstevel@tonic-gate } krb5_preauth_ops;
12587c478bd9Sstevel@tonic-gate
1259159d09a2SMark Phalan
1260159d09a2SMark Phalan krb5_error_code krb5_obtain_padata
1261159d09a2SMark Phalan (krb5_context,
1262159d09a2SMark Phalan krb5_pa_data **,
1263159d09a2SMark Phalan krb5_error_code ( * )(krb5_context,
1264159d09a2SMark Phalan const krb5_enctype,
1265159d09a2SMark Phalan krb5_data *,
1266159d09a2SMark Phalan krb5_const_pointer,
1267159d09a2SMark Phalan krb5_keyblock **),
1268*55fea89dSDan Cross krb5_const_pointer,
1269159d09a2SMark Phalan krb5_creds *,
1270159d09a2SMark Phalan krb5_kdc_req *);
1271159d09a2SMark Phalan
1272159d09a2SMark Phalan krb5_error_code krb5_process_padata
1273159d09a2SMark Phalan (krb5_context,
1274159d09a2SMark Phalan krb5_kdc_req *,
1275159d09a2SMark Phalan krb5_kdc_rep *,
1276159d09a2SMark Phalan krb5_error_code ( * )(krb5_context,
1277159d09a2SMark Phalan const krb5_enctype,
1278159d09a2SMark Phalan krb5_data *,
1279159d09a2SMark Phalan krb5_const_pointer,
1280159d09a2SMark Phalan krb5_keyblock **),
1281159d09a2SMark Phalan krb5_const_pointer,
1282159d09a2SMark Phalan krb5_error_code ( * )(krb5_context,
1283159d09a2SMark Phalan const krb5_keyblock *,
1284159d09a2SMark Phalan krb5_const_pointer,
1285159d09a2SMark Phalan krb5_kdc_rep * ),
1286*55fea89dSDan Cross krb5_keyblock **,
1287*55fea89dSDan Cross krb5_creds *,
1288*55fea89dSDan Cross krb5_int32 *);
1289159d09a2SMark Phalan
12907c478bd9Sstevel@tonic-gate void krb5_free_etype_info (krb5_context, krb5_etype_info);
12917c478bd9Sstevel@tonic-gate
12927c478bd9Sstevel@tonic-gate /*
12937c478bd9Sstevel@tonic-gate * Preauthentication property flags
12947c478bd9Sstevel@tonic-gate */
12957c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001
12967c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002
12977c478bd9Sstevel@tonic-gate
12987c478bd9Sstevel@tonic-gate #endif /* KRB5_PREAUTH__ */
12997c478bd9Sstevel@tonic-gate /*
13007c478bd9Sstevel@tonic-gate * End "preauth.h"
13017c478bd9Sstevel@tonic-gate */
13027c478bd9Sstevel@tonic-gate
1303159d09a2SMark Phalan /*
1304159d09a2SMark Phalan * Extending the krb5_get_init_creds_opt structure. The original
1305159d09a2SMark Phalan * krb5_get_init_creds_opt structure is defined publicly. The
1306159d09a2SMark Phalan * new extended version is private. The original interface
1307159d09a2SMark Phalan * assumed a pre-allocated structure which was passed to
1308159d09a2SMark Phalan * krb5_get_init_creds_init(). The new interface assumes that
1309159d09a2SMark Phalan * the caller will call krb5_get_init_creds_alloc() and
1310159d09a2SMark Phalan * krb5_get_init_creds_free().
1311159d09a2SMark Phalan *
1312159d09a2SMark Phalan * Callers MUST NOT call krb5_get_init_creds_init() after allocating an
1313159d09a2SMark Phalan * opts structure using krb5_get_init_creds_alloc(). To do so will
1314159d09a2SMark Phalan * introduce memory leaks. Unfortunately, there is no way to enforce
1315159d09a2SMark Phalan * this behavior.
1316159d09a2SMark Phalan *
1317159d09a2SMark Phalan * Two private flags are added for backward compatibility.
1318159d09a2SMark Phalan * KRB5_GET_INIT_CREDS_OPT_EXTENDED says that the structure was allocated
1319159d09a2SMark Phalan * with the new krb5_get_init_creds_opt_alloc() function.
1320159d09a2SMark Phalan * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended
1321159d09a2SMark Phalan * structure is a shadow copy of an original krb5_get_init_creds_opt
1322*55fea89dSDan Cross * structure.
1323159d09a2SMark Phalan * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to
1324159d09a2SMark Phalan * krb5int_gic_opt_to_opte(), the resulting extended structure should be
1325159d09a2SMark Phalan * freed (using krb5_get_init_creds_free). Otherwise, the original
1326159d09a2SMark Phalan * structure was already extended and there is no need to free it.
1327159d09a2SMark Phalan */
1328159d09a2SMark Phalan
1329159d09a2SMark Phalan #define KRB5_GET_INIT_CREDS_OPT_EXTENDED 0x80000000
1330159d09a2SMark Phalan #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
1331159d09a2SMark Phalan
1332159d09a2SMark Phalan #define krb5_gic_opt_is_extended(s) \
1333159d09a2SMark Phalan ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
1334159d09a2SMark Phalan #define krb5_gic_opt_is_shadowed(s) \
1335159d09a2SMark Phalan ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
1336159d09a2SMark Phalan
1337159d09a2SMark Phalan
1338159d09a2SMark Phalan typedef struct _krb5_gic_opt_private {
1339159d09a2SMark Phalan int num_preauth_data;
1340159d09a2SMark Phalan krb5_gic_opt_pa_data *preauth_data;
1341159d09a2SMark Phalan } krb5_gic_opt_private;
1342159d09a2SMark Phalan
1343159d09a2SMark Phalan typedef struct _krb5_gic_opt_ext {
1344159d09a2SMark Phalan krb5_flags flags;
1345159d09a2SMark Phalan krb5_deltat tkt_life;
1346159d09a2SMark Phalan krb5_deltat renew_life;
1347159d09a2SMark Phalan int forwardable;
1348159d09a2SMark Phalan int proxiable;
1349159d09a2SMark Phalan krb5_enctype *etype_list;
1350159d09a2SMark Phalan int etype_list_length;
1351159d09a2SMark Phalan krb5_address **address_list;
1352159d09a2SMark Phalan krb5_preauthtype *preauth_list;
1353159d09a2SMark Phalan int preauth_list_length;
1354159d09a2SMark Phalan krb5_data *salt;
1355159d09a2SMark Phalan /*
1356159d09a2SMark Phalan * Do not change anything above this point in this structure.
1357159d09a2SMark Phalan * It is identical to the public krb5_get_init_creds_opt structure.
1358159d09a2SMark Phalan * New members must be added below.
1359159d09a2SMark Phalan */
1360159d09a2SMark Phalan krb5_gic_opt_private *opt_private;
1361159d09a2SMark Phalan } krb5_gic_opt_ext;
1362159d09a2SMark Phalan
1363159d09a2SMark Phalan krb5_error_code
1364159d09a2SMark Phalan krb5int_gic_opt_to_opte(krb5_context context,
1365159d09a2SMark Phalan krb5_get_init_creds_opt *opt,
1366159d09a2SMark Phalan krb5_gic_opt_ext **opte,
1367159d09a2SMark Phalan unsigned int force,
1368159d09a2SMark Phalan const char *where);
1369159d09a2SMark Phalan
13707c478bd9Sstevel@tonic-gate krb5_error_code
13717c478bd9Sstevel@tonic-gate krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *);
13727c478bd9Sstevel@tonic-gate
13737c478bd9Sstevel@tonic-gate #ifndef _KERNEL /* needed for lib/krb5/krb/ */
13747c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_gic_get_as_key_fct)
13757c478bd9Sstevel@tonic-gate (krb5_context,
1376159d09a2SMark Phalan krb5_principal,
1377159d09a2SMark Phalan krb5_enctype,
1378159d09a2SMark Phalan krb5_prompter_fct,
1379159d09a2SMark Phalan void *prompter_data,
1380159d09a2SMark Phalan krb5_data *salt,
13817c478bd9Sstevel@tonic-gate krb5_data *s2kparams,
1382159d09a2SMark Phalan krb5_keyblock *as_key,
1383159d09a2SMark Phalan void *gak_data);
13847c478bd9Sstevel@tonic-gate
13857c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV
13867c478bd9Sstevel@tonic-gate krb5_get_init_creds
13877c478bd9Sstevel@tonic-gate (krb5_context context,
1388159d09a2SMark Phalan krb5_creds *creds,
1389159d09a2SMark Phalan krb5_principal client,
1390159d09a2SMark Phalan krb5_prompter_fct prompter,
1391159d09a2SMark Phalan void *prompter_data,
1392159d09a2SMark Phalan krb5_deltat start_time,
1393159d09a2SMark Phalan char *in_tkt_service,
1394159d09a2SMark Phalan krb5_gic_opt_ext *gic_options,
1395159d09a2SMark Phalan krb5_gic_get_as_key_fct gak,
1396159d09a2SMark Phalan void *gak_data,
1397159d09a2SMark Phalan int *master,
1398159d09a2SMark Phalan krb5_kdc_rep **as_reply);
1399159d09a2SMark Phalan
1400159d09a2SMark Phalan krb5_error_code krb5int_populate_gic_opt (
1401159d09a2SMark Phalan krb5_context, krb5_gic_opt_ext **,
1402159d09a2SMark Phalan krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
1403159d09a2SMark Phalan krb5_preauthtype *pre_auth_types, krb5_creds *creds);
1404159d09a2SMark Phalan
1405159d09a2SMark Phalan
1406159d09a2SMark Phalan krb5_error_code KRB5_CALLCONV krb5_do_preauth
1407159d09a2SMark Phalan (krb5_context context,
1408159d09a2SMark Phalan krb5_kdc_req *request,
1409159d09a2SMark Phalan krb5_data *encoded_request_body,
1410159d09a2SMark Phalan krb5_data *encoded_previous_request,
1411159d09a2SMark Phalan krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
1412159d09a2SMark Phalan krb5_data *salt, krb5_data *s2kparams,
1413159d09a2SMark Phalan krb5_enctype *etype, krb5_keyblock *as_key,
1414159d09a2SMark Phalan krb5_prompter_fct prompter, void *prompter_data,
1415159d09a2SMark Phalan krb5_gic_get_as_key_fct gak_fct, void *gak_data,
1416159d09a2SMark Phalan krb5_preauth_client_rock *get_data_rock,
1417159d09a2SMark Phalan krb5_gic_opt_ext *opte);
1418159d09a2SMark Phalan krb5_error_code KRB5_CALLCONV krb5_do_preauth_tryagain
1419159d09a2SMark Phalan (krb5_context context,
1420159d09a2SMark Phalan krb5_kdc_req *request,
1421159d09a2SMark Phalan krb5_data *encoded_request_body,
1422159d09a2SMark Phalan krb5_data *encoded_previous_request,
1423159d09a2SMark Phalan krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
1424159d09a2SMark Phalan krb5_error *err_reply,
1425159d09a2SMark Phalan krb5_data *salt, krb5_data *s2kparams,
1426159d09a2SMark Phalan krb5_enctype *etype, krb5_keyblock *as_key,
1427159d09a2SMark Phalan krb5_prompter_fct prompter, void *prompter_data,
1428159d09a2SMark Phalan krb5_gic_get_as_key_fct gak_fct, void *gak_data,
1429159d09a2SMark Phalan krb5_preauth_client_rock *get_data_rock,
1430159d09a2SMark Phalan krb5_gic_opt_ext *opte);
1431159d09a2SMark Phalan void KRB5_CALLCONV krb5_init_preauth_context
1432159d09a2SMark Phalan (krb5_context);
1433159d09a2SMark Phalan void KRB5_CALLCONV krb5_free_preauth_context
1434159d09a2SMark Phalan (krb5_context);
1435159d09a2SMark Phalan void KRB5_CALLCONV krb5_clear_preauth_context_use_counts
1436159d09a2SMark Phalan (krb5_context);
1437159d09a2SMark Phalan void KRB5_CALLCONV krb5_preauth_prepare_request
1438159d09a2SMark Phalan (krb5_context, krb5_gic_opt_ext *, krb5_kdc_req *);
1439159d09a2SMark Phalan void KRB5_CALLCONV krb5_preauth_request_context_init
1440159d09a2SMark Phalan (krb5_context);
1441159d09a2SMark Phalan void KRB5_CALLCONV krb5_preauth_request_context_fini
1442159d09a2SMark Phalan (krb5_context);
14437c478bd9Sstevel@tonic-gate
1444159d09a2SMark Phalan #endif /* _KERNEL */
14457c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge
14467c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge * );
14477c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2
14487c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2 * );
14497c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body
14507c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2_body *);
14517c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response
14527c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response * );
14537c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2
14547c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response_2 * );
14557c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response
14567c478bd9Sstevel@tonic-gate (krb5_context, krb5_predicted_sam_response * );
14577c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc
14587c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc * );
14597c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2
14607c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc_2 * );
14617c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_contents
14627c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge * );
14637c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_contents
14647c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2 * );
14657c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents
14667c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2_body * );
14677c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_contents
14687c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response * );
14697c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2_contents
14707c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response_2 *);
14717c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response_contents
14727c478bd9Sstevel@tonic-gate (krb5_context, krb5_predicted_sam_response * );
14737c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents
14747c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc * );
14757c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents
14767c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc_2 * );
1477*55fea89dSDan Cross
14787c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_pa_enc_ts
14797c478bd9Sstevel@tonic-gate (krb5_context, krb5_pa_enc_ts *);
14807c478bd9Sstevel@tonic-gate
14817c478bd9Sstevel@tonic-gate /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
1482505d05c7Sgtb #ifndef _KERNEL
1483505d05c7Sgtb #include "com_err.h"
148454925bf6Swillf #include <krb5/k5-plugin.h>
1485505d05c7Sgtb #endif /* _KERNEL */
1486505d05c7Sgtb
14877c478bd9Sstevel@tonic-gate /*
14887c478bd9Sstevel@tonic-gate * Solaris Kerberos: moved from sendto_kdc.c so other code can reference
14897c478bd9Sstevel@tonic-gate */
14907c478bd9Sstevel@tonic-gate #define DEFAULT_UDP_PREF_LIMIT 1465
14917c478bd9Sstevel@tonic-gate
14927c478bd9Sstevel@tonic-gate #ifndef _KERNEL
14937c478bd9Sstevel@tonic-gate #include "profile.h"
14947c478bd9Sstevel@tonic-gate #include <strings.h>
14957c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
14967c478bd9Sstevel@tonic-gate
14977c478bd9Sstevel@tonic-gate #define KEY_CHANGED(k1, k2) \
14987c478bd9Sstevel@tonic-gate (k1 == NULL || \
14997c478bd9Sstevel@tonic-gate k1 != k2 || \
15007c478bd9Sstevel@tonic-gate k1->enctype != k2->enctype || \
15017c478bd9Sstevel@tonic-gate k1->length != k2->length || \
15027c478bd9Sstevel@tonic-gate bcmp(k1->contents, k2->contents, k1->length))
15037c478bd9Sstevel@tonic-gate
15047c478bd9Sstevel@tonic-gate #ifndef _KERNEL
15057c478bd9Sstevel@tonic-gate typedef struct _arcfour_ctx {
15067c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE eSession; /* encrypt session handle */
15077c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE dSession; /* decrypt session handle */
15087c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE eKey; /* encrypt key object */
15097c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE dKey; /* decrype key object */
15107c478bd9Sstevel@tonic-gate uchar_t initialized;
15117c478bd9Sstevel@tonic-gate }arcfour_ctx_rec;
15127c478bd9Sstevel@tonic-gate
15137c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
15147c478bd9Sstevel@tonic-gate
15157c478bd9Sstevel@tonic-gate struct _krb5_context {
15167c478bd9Sstevel@tonic-gate krb5_magic magic;
15177c478bd9Sstevel@tonic-gate krb5_enctype *in_tkt_ktypes;
1518159d09a2SMark Phalan unsigned int in_tkt_ktype_count;
15197c478bd9Sstevel@tonic-gate krb5_enctype *tgs_ktypes;
1520159d09a2SMark Phalan unsigned int tgs_ktype_count;
1521159d09a2SMark Phalan /* This used to be a void*, but since we always allocate them
1522159d09a2SMark Phalan together (though in different source files), and the types
1523159d09a2SMark Phalan are declared in the same header, might as well just combine
1524159d09a2SMark Phalan them.
1525159d09a2SMark Phalan
1526159d09a2SMark Phalan The array[1] is so the existing code treating the field as
1527159d09a2SMark Phalan a pointer will still work. For cleanliness, it should
1528159d09a2SMark Phalan eventually get changed to a single element instead of an
1529159d09a2SMark Phalan array. */
1530159d09a2SMark Phalan struct _krb5_os_context os_context[1];
15317c478bd9Sstevel@tonic-gate char *default_realm;
15327c478bd9Sstevel@tonic-gate int ser_ctx_count;
15337c478bd9Sstevel@tonic-gate krb5_boolean profile_secure;
15347c478bd9Sstevel@tonic-gate void *ser_ctx;
15357c478bd9Sstevel@tonic-gate #ifndef _KERNEL
15367c478bd9Sstevel@tonic-gate profile_t profile;
15377c478bd9Sstevel@tonic-gate void *db_context;
15387c478bd9Sstevel@tonic-gate void *kdblog_context;
15397c478bd9Sstevel@tonic-gate /* allowable clock skew */
15407c478bd9Sstevel@tonic-gate krb5_deltat clockskew;
15417c478bd9Sstevel@tonic-gate krb5_cksumtype kdc_req_sumtype;
15427c478bd9Sstevel@tonic-gate krb5_cksumtype default_ap_req_sumtype;
15437c478bd9Sstevel@tonic-gate krb5_cksumtype default_safe_sumtype;
15447c478bd9Sstevel@tonic-gate krb5_flags kdc_default_options;
15457c478bd9Sstevel@tonic-gate krb5_flags library_options;
15467c478bd9Sstevel@tonic-gate int fcc_default_format;
15477c478bd9Sstevel@tonic-gate int scc_default_format;
15487c478bd9Sstevel@tonic-gate krb5_prompt_type *prompt_types;
15497c478bd9Sstevel@tonic-gate /* Message size above which we'll try TCP first in send-to-kdc
15507c478bd9Sstevel@tonic-gate type code. Aside from the 2**16 size limit, we put no
15517c478bd9Sstevel@tonic-gate absolute limit on the UDP packet size. */
15527c478bd9Sstevel@tonic-gate int udp_pref_limit;
15537c478bd9Sstevel@tonic-gate
15547c478bd9Sstevel@tonic-gate /* This is the tgs_ktypes list as read from the profile, or
15557c478bd9Sstevel@tonic-gate set to compiled-in defaults. The application code cannot
15567c478bd9Sstevel@tonic-gate override it. This is used for session keys for
15577c478bd9Sstevel@tonic-gate intermediate ticket-granting tickets used to acquire the
15587c478bd9Sstevel@tonic-gate requested ticket (the session key of which may be
15597c478bd9Sstevel@tonic-gate constrained by tgs_ktypes above). */
15607c478bd9Sstevel@tonic-gate krb5_enctype *conf_tgs_ktypes;
15617c478bd9Sstevel@tonic-gate int conf_tgs_ktypes_count;
15627c478bd9Sstevel@tonic-gate
15637c478bd9Sstevel@tonic-gate /* Use the _configured version? */
15647c478bd9Sstevel@tonic-gate krb5_boolean use_conf_ktypes;
1565159d09a2SMark Phalan
15667c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP
1567159d09a2SMark Phalan krb5_boolean profile_in_memory;
15687c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */
15697c478bd9Sstevel@tonic-gate
1570159d09a2SMark Phalan /* locate_kdc module stuff */
1571159d09a2SMark Phalan struct plugin_dir_handle libkrb5_plugins;
1572159d09a2SMark Phalan struct krb5plugin_service_locate_ftable *vtbl;
1573159d09a2SMark Phalan void (**locate_fptrs)(void);
1574159d09a2SMark Phalan
15757c478bd9Sstevel@tonic-gate pid_t pid; /* fork safety: PID of process that did last PKCS11 init */
15767c478bd9Sstevel@tonic-gate
15777c478bd9Sstevel@tonic-gate /* Solaris Kerberos: handles for PKCS#11 crypto */
1578*55fea89dSDan Cross /*
15797c478bd9Sstevel@tonic-gate * Warning, do not access hSession directly as this is not fork() safe.
1580*55fea89dSDan Cross * Instead use the krb_ctx_hSession() macro below.
15817c478bd9Sstevel@tonic-gate */
1582*55fea89dSDan Cross CK_SESSION_HANDLE hSession;
15837c478bd9Sstevel@tonic-gate int cryptoki_initialized;
15847c478bd9Sstevel@tonic-gate
15857c478bd9Sstevel@tonic-gate /* arcfour_ctx: used only for rcmd stuff so no fork safety issues apply */
15867c478bd9Sstevel@tonic-gate arcfour_ctx_rec arcfour_ctx;
158754925bf6Swillf
1588159d09a2SMark Phalan /* preauth module stuff */
1589159d09a2SMark Phalan struct plugin_dir_handle preauth_plugins;
1590159d09a2SMark Phalan krb5_preauth_context *preauth_context;
1591159d09a2SMark Phalan
159254925bf6Swillf /* error detail info */
159354925bf6Swillf struct errinfo err;
15947c478bd9Sstevel@tonic-gate #else /* ! KERNEL */
15957c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cipher_mt;
15967c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_hash_mt;
15977c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cksum_mt;
15987c478bd9Sstevel@tonic-gate #endif /* ! KERNEL */
15997c478bd9Sstevel@tonic-gate };
16007c478bd9Sstevel@tonic-gate
16017c478bd9Sstevel@tonic-gate #ifndef _KERNEL
16027c478bd9Sstevel@tonic-gate extern pid_t __krb5_current_pid;
16037c478bd9Sstevel@tonic-gate
16047c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE krb5_reinit_ef_handle(krb5_context);
16057c478bd9Sstevel@tonic-gate
1606*55fea89dSDan Cross /*
16077c478bd9Sstevel@tonic-gate * fork safety: barring the ef_init code, every other function must use the
16087c478bd9Sstevel@tonic-gate * krb_ctx_hSession() macro to access the hSession field in a krb context.
16097c478bd9Sstevel@tonic-gate * Note, if the pid of the krb ctx == the current global pid then it is safe to
16107c478bd9Sstevel@tonic-gate * use the ctx hSession otherwise it needs to be re-inited before it is returned
16117c478bd9Sstevel@tonic-gate * to the caller.
16127c478bd9Sstevel@tonic-gate */
16137c478bd9Sstevel@tonic-gate #define krb_ctx_hSession(ctx) \
16147c478bd9Sstevel@tonic-gate ((ctx)->pid == __krb5_current_pid) ? (ctx)->hSession : krb5_reinit_ef_handle((ctx))
16157c478bd9Sstevel@tonic-gate #endif
16167c478bd9Sstevel@tonic-gate
16177c478bd9Sstevel@tonic-gate #define MD5_CKSUM_LENGTH 16
16187c478bd9Sstevel@tonic-gate #define RSA_MD5_CKSUM_LENGTH 16
16197c478bd9Sstevel@tonic-gate #define MD5_BLOCKSIZE 64
16207c478bd9Sstevel@tonic-gate
16217c478bd9Sstevel@tonic-gate
16227c478bd9Sstevel@tonic-gate /*
16237c478bd9Sstevel@tonic-gate * Solaris Kerberos:
16247c478bd9Sstevel@tonic-gate * This next section of prototypes and constants
16257c478bd9Sstevel@tonic-gate * are all unique to the Solaris Kerberos implementation.
16267c478bd9Sstevel@tonic-gate * Because Solaris uses the native encryption framework
16277c478bd9Sstevel@tonic-gate * to provide crypto support, the following routines
16287c478bd9Sstevel@tonic-gate * are needed to support this system.
16297c478bd9Sstevel@tonic-gate */
16307c478bd9Sstevel@tonic-gate
16317c478bd9Sstevel@tonic-gate /*
16327c478bd9Sstevel@tonic-gate * Begin Solaris Crypto Prototypes
16337c478bd9Sstevel@tonic-gate */
16347c478bd9Sstevel@tonic-gate
16357c478bd9Sstevel@tonic-gate /*
16367c478bd9Sstevel@tonic-gate * define constants that are used for creating the constant
16377c478bd9Sstevel@tonic-gate * which is used to make derived keys.
16387c478bd9Sstevel@tonic-gate */
16397c478bd9Sstevel@tonic-gate #define DK_ENCR_KEY_BYTE 0xAA
16407c478bd9Sstevel@tonic-gate #define DK_HASH_KEY_BYTE 0x55
16417c478bd9Sstevel@tonic-gate #define DK_CKSUM_KEY_BYTE 0x99
16427c478bd9Sstevel@tonic-gate
16437c478bd9Sstevel@tonic-gate int init_derived_keydata(krb5_context, const struct krb5_enc_provider *,
16447c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyusage,
16457c478bd9Sstevel@tonic-gate krb5_keyblock **, krb5_keyblock **);
16467c478bd9Sstevel@tonic-gate
16477c478bd9Sstevel@tonic-gate krb5_error_code add_derived_key(krb5_keyblock *, krb5_keyusage, uchar_t,
16487c478bd9Sstevel@tonic-gate krb5_keyblock *);
16497c478bd9Sstevel@tonic-gate
16507c478bd9Sstevel@tonic-gate krb5_keyblock *find_derived_key(krb5_keyusage, uchar_t, krb5_keyblock *);
16517c478bd9Sstevel@tonic-gate krb5_keyblock *krb5_create_derived_keyblock(int);
16527c478bd9Sstevel@tonic-gate
16537c478bd9Sstevel@tonic-gate #ifdef _KERNEL
16547c478bd9Sstevel@tonic-gate int k5_ef_hash(krb5_context, int, const krb5_data *, krb5_data *);
16557c478bd9Sstevel@tonic-gate
16567c478bd9Sstevel@tonic-gate int k5_ef_mac(krb5_context, krb5_keyblock *, krb5_data *,
16577c478bd9Sstevel@tonic-gate const krb5_data *, krb5_data *);
16587c478bd9Sstevel@tonic-gate
16597c478bd9Sstevel@tonic-gate void make_kef_key(krb5_keyblock *);
16607c478bd9Sstevel@tonic-gate int init_key_kef(crypto_mech_type_t, krb5_keyblock *);
16617c478bd9Sstevel@tonic-gate int update_key_template(krb5_keyblock *);
16627c478bd9Sstevel@tonic-gate void setup_kef_keytypes();
16637c478bd9Sstevel@tonic-gate void setup_kef_cksumtypes();
16647c478bd9Sstevel@tonic-gate crypto_mech_type_t get_cipher_mech_type(krb5_context, krb5_keyblock *);
16657c478bd9Sstevel@tonic-gate crypto_mech_type_t get_hash_mech_type(krb5_context, krb5_keyblock *);
16667c478bd9Sstevel@tonic-gate
16677c478bd9Sstevel@tonic-gate #else
1668*55fea89dSDan Cross /*
16697c478bd9Sstevel@tonic-gate * This structure is used to map Kerberos supported OID's,
16707c478bd9Sstevel@tonic-gate * to PKCS11 mechanisms
16717c478bd9Sstevel@tonic-gate */
16727c478bd9Sstevel@tonic-gate #define USE_ENCR 0x01
16737c478bd9Sstevel@tonic-gate #define USE_HASH 0x02
16747c478bd9Sstevel@tonic-gate
16757c478bd9Sstevel@tonic-gate typedef struct krb5_mech_2_pkcs {
16767c478bd9Sstevel@tonic-gate uchar_t flags;
16777c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE enc_algo;
16787c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE hash_algo;
16797c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE str2key_algo;
1680*55fea89dSDan Cross } KRB5_MECH_TO_PKCS;
16817c478bd9Sstevel@tonic-gate
16827c478bd9Sstevel@tonic-gate #define ENC_DEFINED(x) (((x).flags & USE_ENCR))
16837c478bd9Sstevel@tonic-gate #define HASH_DEFINED(x) (((x).flags & USE_HASH))
16847c478bd9Sstevel@tonic-gate
16857c478bd9Sstevel@tonic-gate extern CK_RV get_algo(krb5_enctype etype, KRB5_MECH_TO_PKCS * algos);
16867c478bd9Sstevel@tonic-gate extern CK_RV get_key_type (krb5_enctype etype, CK_KEY_TYPE * keyType);
16877c478bd9Sstevel@tonic-gate extern krb5_error_code slot_supports_krb5 (CK_SLOT_ID_PTR slotid);
16887c478bd9Sstevel@tonic-gate
16897c478bd9Sstevel@tonic-gate krb5_error_code init_key_uef(CK_SESSION_HANDLE, krb5_keyblock *);
16907c478bd9Sstevel@tonic-gate
16917c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_hash(krb5_context, CK_MECHANISM *,
16927c478bd9Sstevel@tonic-gate unsigned int, const krb5_data *, krb5_data *);
16937c478bd9Sstevel@tonic-gate
16947c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_mac(krb5_context context,
16957c478bd9Sstevel@tonic-gate krb5_keyblock *key, krb5_data *ivec,
16967c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output);
16977c478bd9Sstevel@tonic-gate
16987c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
16997c478bd9Sstevel@tonic-gate
17007c478bd9Sstevel@tonic-gate krb5_error_code
17017c478bd9Sstevel@tonic-gate derive_3des_keys(krb5_context, struct krb5_enc_provider *,
17027c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyusage,
17037c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyblock *);
17047c478bd9Sstevel@tonic-gate
17057c478bd9Sstevel@tonic-gate /*
17067c478bd9Sstevel@tonic-gate * End Solaris Crypto Prototypes
17077c478bd9Sstevel@tonic-gate */
17087c478bd9Sstevel@tonic-gate
17097c478bd9Sstevel@tonic-gate #define KRB5_LIBOPT_SYNC_KDCTIME 0x0001
17107c478bd9Sstevel@tonic-gate
1711505d05c7Sgtb /* internal message representations */
1712505d05c7Sgtb
1713505d05c7Sgtb typedef struct _krb5_safe {
1714505d05c7Sgtb krb5_magic magic;
1715159d09a2SMark Phalan krb5_data user_data; /* user data */
1716159d09a2SMark Phalan krb5_timestamp timestamp; /* client time, optional */
1717159d09a2SMark Phalan krb5_int32 usec; /* microsecond portion of time,
1718159d09a2SMark Phalan optional */
1719159d09a2SMark Phalan krb5_ui_4 seq_number; /* sequence #, optional */
1720159d09a2SMark Phalan krb5_address *s_address; /* sender address */
1721159d09a2SMark Phalan krb5_address *r_address; /* recipient address, optional */
1722159d09a2SMark Phalan krb5_checksum *checksum; /* data integrity checksum */
1723505d05c7Sgtb } krb5_safe;
1724505d05c7Sgtb
1725505d05c7Sgtb typedef struct _krb5_priv {
1726505d05c7Sgtb krb5_magic magic;
1727159d09a2SMark Phalan krb5_enc_data enc_part; /* encrypted part */
1728505d05c7Sgtb } krb5_priv;
1729505d05c7Sgtb
1730505d05c7Sgtb typedef struct _krb5_priv_enc_part {
1731505d05c7Sgtb krb5_magic magic;
1732159d09a2SMark Phalan krb5_data user_data; /* user data */
1733159d09a2SMark Phalan krb5_timestamp timestamp; /* client time, optional */
1734159d09a2SMark Phalan krb5_int32 usec; /* microsecond portion of time, opt. */
1735159d09a2SMark Phalan krb5_ui_4 seq_number; /* sequence #, optional */
1736159d09a2SMark Phalan krb5_address *s_address; /* sender address */
1737159d09a2SMark Phalan krb5_address *r_address; /* recipient address, optional */
1738505d05c7Sgtb } krb5_priv_enc_part;
1739505d05c7Sgtb
1740505d05c7Sgtb void KRB5_CALLCONV krb5_free_safe
1741159d09a2SMark Phalan (krb5_context, krb5_safe * );
1742505d05c7Sgtb void KRB5_CALLCONV krb5_free_priv
1743159d09a2SMark Phalan (krb5_context, krb5_priv * );
1744505d05c7Sgtb void KRB5_CALLCONV krb5_free_priv_enc_part
1745159d09a2SMark Phalan (krb5_context, krb5_priv_enc_part * );
1746505d05c7Sgtb
17477c478bd9Sstevel@tonic-gate /*
17487c478bd9Sstevel@tonic-gate * Begin "asn1.h"
17497c478bd9Sstevel@tonic-gate */
17507c478bd9Sstevel@tonic-gate #ifndef KRB5_ASN1__
17517c478bd9Sstevel@tonic-gate #define KRB5_ASN1__
17527c478bd9Sstevel@tonic-gate
17537c478bd9Sstevel@tonic-gate /* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */
17547c478bd9Sstevel@tonic-gate /* here we use some knowledge of ASN.1 encodings */
1755*55fea89dSDan Cross /*
17567c478bd9Sstevel@tonic-gate Ticket is APPLICATION 1.
17577c478bd9Sstevel@tonic-gate Authenticator is APPLICATION 2.
17587c478bd9Sstevel@tonic-gate AS_REQ is APPLICATION 10.
17597c478bd9Sstevel@tonic-gate AS_REP is APPLICATION 11.
17607c478bd9Sstevel@tonic-gate TGS_REQ is APPLICATION 12.
17617c478bd9Sstevel@tonic-gate TGS_REP is APPLICATION 13.
17627c478bd9Sstevel@tonic-gate AP_REQ is APPLICATION 14.
17637c478bd9Sstevel@tonic-gate AP_REP is APPLICATION 15.
17647c478bd9Sstevel@tonic-gate KRB_SAFE is APPLICATION 20.
17657c478bd9Sstevel@tonic-gate KRB_PRIV is APPLICATION 21.
17667c478bd9Sstevel@tonic-gate KRB_CRED is APPLICATION 22.
17677c478bd9Sstevel@tonic-gate EncASRepPart is APPLICATION 25.
17687c478bd9Sstevel@tonic-gate EncTGSRepPart is APPLICATION 26.
17697c478bd9Sstevel@tonic-gate EncAPRepPart is APPLICATION 27.
17707c478bd9Sstevel@tonic-gate EncKrbPrivPart is APPLICATION 28.
17717c478bd9Sstevel@tonic-gate EncKrbCredPart is APPLICATION 29.
17727c478bd9Sstevel@tonic-gate KRB_ERROR is APPLICATION 30.
17737c478bd9Sstevel@tonic-gate */
17747c478bd9Sstevel@tonic-gate /* allow either constructed or primitive encoding, so check for bit 6
17757c478bd9Sstevel@tonic-gate set or reset */
17767c478bd9Sstevel@tonic-gate #define krb5_is_krb_ticket(dat)\
17777c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\
17787c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x41))
17797c478bd9Sstevel@tonic-gate #define krb5_is_krb_authenticator(dat)\
17807c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\
17817c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x42))
17827c478bd9Sstevel@tonic-gate #define krb5_is_as_req(dat)\
17837c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\
17847c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4a))
17857c478bd9Sstevel@tonic-gate #define krb5_is_as_rep(dat)\
17867c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\
17877c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4b))
17887c478bd9Sstevel@tonic-gate #define krb5_is_tgs_req(dat)\
17897c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\
17907c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4c))
17917c478bd9Sstevel@tonic-gate #define krb5_is_tgs_rep(dat)\
17927c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\
17937c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4d))
17947c478bd9Sstevel@tonic-gate #define krb5_is_ap_req(dat)\
17957c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\
17967c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4e))
17977c478bd9Sstevel@tonic-gate #define krb5_is_ap_rep(dat)\
17987c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\
17997c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4f))
18007c478bd9Sstevel@tonic-gate #define krb5_is_krb_safe(dat)\
18017c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\
18027c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x54))
18037c478bd9Sstevel@tonic-gate #define krb5_is_krb_priv(dat)\
18047c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\
18057c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x55))
18067c478bd9Sstevel@tonic-gate #define krb5_is_krb_cred(dat)\
18077c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\
18087c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x56))
18097c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_as_rep_part(dat)\
18107c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\
18117c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x59))
18127c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_tgs_rep_part(dat)\
18137c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\
18147c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5a))
18157c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_ap_rep_part(dat)\
18167c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\
18177c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5b))
18187c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_priv_part(dat)\
18197c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\
18207c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5c))
18217c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_cred_part(dat)\
18227c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\
18237c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5d))
18247c478bd9Sstevel@tonic-gate #define krb5_is_krb_error(dat)\
18257c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\
18267c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5e))
18277c478bd9Sstevel@tonic-gate
18287c478bd9Sstevel@tonic-gate /*************************************************************************
18297c478bd9Sstevel@tonic-gate * Prototypes for krb5_encode.c
18307c478bd9Sstevel@tonic-gate *************************************************************************/
18317c478bd9Sstevel@tonic-gate
18327c478bd9Sstevel@tonic-gate /*
18337c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_structure(const krb5_structure *rep,
18347c478bd9Sstevel@tonic-gate krb5_data **code);
18357c478bd9Sstevel@tonic-gate modifies *code
18367c478bd9Sstevel@tonic-gate effects Returns the ASN.1 encoding of *rep in **code.
18377c478bd9Sstevel@tonic-gate Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep.
18387c478bd9Sstevel@tonic-gate Returns ENOMEM if memory runs out.
18397c478bd9Sstevel@tonic-gate */
18407c478bd9Sstevel@tonic-gate
18417c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authenticator
18427c478bd9Sstevel@tonic-gate (const krb5_authenticator *rep, krb5_data **code);
18437c478bd9Sstevel@tonic-gate
18447c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ticket
18457c478bd9Sstevel@tonic-gate (const krb5_ticket *rep, krb5_data **code);
18467c478bd9Sstevel@tonic-gate
18477c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_encryption_key
18487c478bd9Sstevel@tonic-gate (const krb5_keyblock *rep, krb5_data **code);
18497c478bd9Sstevel@tonic-gate
18507c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_tkt_part
18517c478bd9Sstevel@tonic-gate (const krb5_enc_tkt_part *rep, krb5_data **code);
18527c478bd9Sstevel@tonic-gate
18537c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_kdc_rep_part
18547c478bd9Sstevel@tonic-gate (const krb5_enc_kdc_rep_part *rep, krb5_data **code);
18557c478bd9Sstevel@tonic-gate
1856*55fea89dSDan Cross /* yes, the translation is identical to that used for KDC__REP */
18577c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_rep
18587c478bd9Sstevel@tonic-gate (const krb5_kdc_rep *rep, krb5_data **code);
18597c478bd9Sstevel@tonic-gate
1860*55fea89dSDan Cross /* yes, the translation is identical to that used for KDC__REP */
18617c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_rep
18627c478bd9Sstevel@tonic-gate (const krb5_kdc_rep *rep, krb5_data **code);
18637c478bd9Sstevel@tonic-gate
18647c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_req
18657c478bd9Sstevel@tonic-gate (const krb5_ap_req *rep, krb5_data **code);
18667c478bd9Sstevel@tonic-gate
18677c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep
18687c478bd9Sstevel@tonic-gate (const krb5_ap_rep *rep, krb5_data **code);
18697c478bd9Sstevel@tonic-gate
18707c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep_enc_part
18717c478bd9Sstevel@tonic-gate (const krb5_ap_rep_enc_part *rep, krb5_data **code);
18727c478bd9Sstevel@tonic-gate
18737c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_req
18747c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code);
18757c478bd9Sstevel@tonic-gate
18767c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_req
18777c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code);
18787c478bd9Sstevel@tonic-gate
18797c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_kdc_req_body
18807c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code);
18817c478bd9Sstevel@tonic-gate
18827c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe
18837c478bd9Sstevel@tonic-gate (const krb5_safe *rep, krb5_data **code);
18847c478bd9Sstevel@tonic-gate
1885ba7b222eSGlenn Barry struct krb5_safe_with_body {
1886ba7b222eSGlenn Barry krb5_safe *safe;
1887ba7b222eSGlenn Barry krb5_data *body;
1888ba7b222eSGlenn Barry };
1889ba7b222eSGlenn Barry
18907c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe_with_body
1891ba7b222eSGlenn Barry (const struct krb5_safe_with_body *rep, krb5_data **code);
18927c478bd9Sstevel@tonic-gate
18937c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_priv
18947c478bd9Sstevel@tonic-gate (const krb5_priv *rep, krb5_data **code);
18957c478bd9Sstevel@tonic-gate
18967c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_priv_part
18977c478bd9Sstevel@tonic-gate (const krb5_priv_enc_part *rep, krb5_data **code);
18987c478bd9Sstevel@tonic-gate
18997c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_cred
19007c478bd9Sstevel@tonic-gate (const krb5_cred *rep, krb5_data **code);
19017c478bd9Sstevel@tonic-gate
19027c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_cred_part
19037c478bd9Sstevel@tonic-gate (const krb5_cred_enc_part *rep, krb5_data **code);
19047c478bd9Sstevel@tonic-gate
19057c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_error
19067c478bd9Sstevel@tonic-gate (const krb5_error *rep, krb5_data **code);
19077c478bd9Sstevel@tonic-gate
19087c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authdata
1909ba7b222eSGlenn Barry (krb5_authdata *const *rep, krb5_data **code);
19107c478bd9Sstevel@tonic-gate
1911159d09a2SMark Phalan krb5_error_code encode_krb5_authdata_elt
1912159d09a2SMark Phalan (const krb5_authdata *rep, krb5_data **code);
1913159d09a2SMark Phalan
19147c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_sequence
19157c478bd9Sstevel@tonic-gate (const passwd_phrase_element *rep, krb5_data **code);
19167c478bd9Sstevel@tonic-gate
19177c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_data
19187c478bd9Sstevel@tonic-gate (const krb5_pwd_data *rep, krb5_data **code);
19197c478bd9Sstevel@tonic-gate
19207c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_padata_sequence
1921ba7b222eSGlenn Barry (krb5_pa_data *const *rep, krb5_data **code);
19227c478bd9Sstevel@tonic-gate
19237c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_alt_method
19247c478bd9Sstevel@tonic-gate (const krb5_alt_method *, krb5_data **code);
19257c478bd9Sstevel@tonic-gate
19267c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info
1927ba7b222eSGlenn Barry (krb5_etype_info_entry *const *, krb5_data **code);
19287c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info2
1929ba7b222eSGlenn Barry (krb5_etype_info_entry *const *, krb5_data **code);
19307c478bd9Sstevel@tonic-gate
19317c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_data
19327c478bd9Sstevel@tonic-gate (const krb5_enc_data *, krb5_data **);
19337c478bd9Sstevel@tonic-gate
19347c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pa_enc_ts
19357c478bd9Sstevel@tonic-gate (const krb5_pa_enc_ts *, krb5_data **);
19367c478bd9Sstevel@tonic-gate
19377c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge
19387c478bd9Sstevel@tonic-gate (const krb5_sam_challenge * , krb5_data **);
19397c478bd9Sstevel@tonic-gate
19407c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_key
19417c478bd9Sstevel@tonic-gate (const krb5_sam_key * , krb5_data **);
19427c478bd9Sstevel@tonic-gate
19437c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc
19447c478bd9Sstevel@tonic-gate (const krb5_enc_sam_response_enc * , krb5_data **);
19457c478bd9Sstevel@tonic-gate
19467c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response
19477c478bd9Sstevel@tonic-gate (const krb5_sam_response * , krb5_data **);
19487c478bd9Sstevel@tonic-gate
19497c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2
19507c478bd9Sstevel@tonic-gate (const krb5_sam_challenge_2 * , krb5_data **);
19517c478bd9Sstevel@tonic-gate
19527c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2_body
19537c478bd9Sstevel@tonic-gate (const krb5_sam_challenge_2_body * , krb5_data **);
19547c478bd9Sstevel@tonic-gate
19557c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc_2
19567c478bd9Sstevel@tonic-gate (const krb5_enc_sam_response_enc_2 * , krb5_data **);
19577c478bd9Sstevel@tonic-gate
19587c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response_2
19597c478bd9Sstevel@tonic-gate (const krb5_sam_response_2 * , krb5_data **);
19607c478bd9Sstevel@tonic-gate
1961159d09a2SMark Phalan krb5_error_code encode_krb5_predicted_sam_response
1962159d09a2SMark Phalan (const krb5_predicted_sam_response * , krb5_data **);
1963159d09a2SMark Phalan
1964ba7b222eSGlenn Barry struct krb5_setpw_req {
1965ba7b222eSGlenn Barry krb5_principal target;
1966ba7b222eSGlenn Barry krb5_data password;
1967ba7b222eSGlenn Barry };
196810db1377Sgtb krb5_error_code encode_krb5_setpw_req
1969ba7b222eSGlenn Barry (const struct krb5_setpw_req *rep, krb5_data **code);
197010db1377Sgtb
19717c478bd9Sstevel@tonic-gate /*************************************************************************
19727c478bd9Sstevel@tonic-gate * End of prototypes for krb5_encode.c
19737c478bd9Sstevel@tonic-gate *************************************************************************/
19747c478bd9Sstevel@tonic-gate
1975159d09a2SMark Phalan krb5_error_code decode_krb5_sam_challenge
1976159d09a2SMark Phalan (const krb5_data *, krb5_sam_challenge **);
1977159d09a2SMark Phalan
1978159d09a2SMark Phalan krb5_error_code decode_krb5_enc_sam_key
1979159d09a2SMark Phalan (const krb5_data *, krb5_sam_key **);
1980159d09a2SMark Phalan
1981159d09a2SMark Phalan krb5_error_code decode_krb5_enc_sam_response_enc
1982159d09a2SMark Phalan (const krb5_data *, krb5_enc_sam_response_enc **);
1983159d09a2SMark Phalan
1984159d09a2SMark Phalan krb5_error_code decode_krb5_sam_response
1985159d09a2SMark Phalan (const krb5_data *, krb5_sam_response **);
1986159d09a2SMark Phalan
1987159d09a2SMark Phalan krb5_error_code decode_krb5_predicted_sam_response
1988159d09a2SMark Phalan (const krb5_data *, krb5_predicted_sam_response **);
1989159d09a2SMark Phalan
1990159d09a2SMark Phalan krb5_error_code decode_krb5_sam_challenge_2
1991159d09a2SMark Phalan (const krb5_data *, krb5_sam_challenge_2 **);
1992159d09a2SMark Phalan
1993159d09a2SMark Phalan krb5_error_code decode_krb5_sam_challenge_2_body
1994159d09a2SMark Phalan (const krb5_data *, krb5_sam_challenge_2_body **);
1995159d09a2SMark Phalan
1996159d09a2SMark Phalan krb5_error_code decode_krb5_enc_sam_response_enc_2
1997159d09a2SMark Phalan (const krb5_data *, krb5_enc_sam_response_enc_2 **);
1998159d09a2SMark Phalan
1999159d09a2SMark Phalan krb5_error_code decode_krb5_sam_response_2
2000159d09a2SMark Phalan (const krb5_data *, krb5_sam_response_2 **);
2001159d09a2SMark Phalan
2002159d09a2SMark Phalan
20037c478bd9Sstevel@tonic-gate /*************************************************************************
20047c478bd9Sstevel@tonic-gate * Prototypes for krb5_decode.c
20057c478bd9Sstevel@tonic-gate *************************************************************************/
20067c478bd9Sstevel@tonic-gate
2007159d09a2SMark Phalan krb5_error_code krb5_validate_times
2008*55fea89dSDan Cross (krb5_context,
2009159d09a2SMark Phalan krb5_ticket_times *);
2010159d09a2SMark Phalan
20117c478bd9Sstevel@tonic-gate /*
20127c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_structure(const krb5_data *code,
20137c478bd9Sstevel@tonic-gate krb5_structure **rep);
2014*55fea89dSDan Cross
20157c478bd9Sstevel@tonic-gate requires Expects **rep to not have been allocated;
20167c478bd9Sstevel@tonic-gate a new *rep is allocated regardless of the old value.
20177c478bd9Sstevel@tonic-gate effects Decodes *code into **rep.
20187c478bd9Sstevel@tonic-gate Returns ENOMEM if memory is exhausted.
20197c478bd9Sstevel@tonic-gate Returns asn1 and krb5 errors.
20207c478bd9Sstevel@tonic-gate */
20217c478bd9Sstevel@tonic-gate
20227c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authenticator
20237c478bd9Sstevel@tonic-gate (const krb5_data *code, krb5_authenticator **rep);
20247c478bd9Sstevel@tonic-gate
20257c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ticket
20267c478bd9Sstevel@tonic-gate (const krb5_data *code, krb5_ticket **rep);
20277c478bd9Sstevel@tonic-gate
20287c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_encryption_key
20297c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_keyblock **rep);
20307c478bd9Sstevel@tonic-gate
20317c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_tkt_part
20327c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_tkt_part **rep);
20337c478bd9Sstevel@tonic-gate
20347c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_kdc_rep_part
20357c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_kdc_rep_part **rep);
20367c478bd9Sstevel@tonic-gate
20377c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_rep
20387c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_rep **rep);
20397c478bd9Sstevel@tonic-gate
20407c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_rep
20417c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_rep **rep);
20427c478bd9Sstevel@tonic-gate
20437c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_req
20447c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_req **rep);
20457c478bd9Sstevel@tonic-gate
20467c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep
20477c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_rep **rep);
20487c478bd9Sstevel@tonic-gate
20497c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep_enc_part
20507c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_rep_enc_part **rep);
20517c478bd9Sstevel@tonic-gate
20527c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_req
20537c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep);
20547c478bd9Sstevel@tonic-gate
20557c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_req
20567c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep);
20577c478bd9Sstevel@tonic-gate
20587c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_kdc_req_body
20597c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep);
20607c478bd9Sstevel@tonic-gate
20617c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe
20627c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_safe **rep);
20637c478bd9Sstevel@tonic-gate
20647c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe_with_body
20657c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_safe **rep, krb5_data *body);
20667c478bd9Sstevel@tonic-gate
20677c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_priv
20687c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_priv **rep);
20697c478bd9Sstevel@tonic-gate
20707c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_priv_part
20717c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_priv_enc_part **rep);
20727c478bd9Sstevel@tonic-gate
20737c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_cred
20747c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_cred **rep);
20757c478bd9Sstevel@tonic-gate
20767c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_cred_part
20777c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_cred_enc_part **rep);
20787c478bd9Sstevel@tonic-gate
20797c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_error
20807c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_error **rep);
20817c478bd9Sstevel@tonic-gate
20827c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authdata
20837c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_authdata ***rep);
20847c478bd9Sstevel@tonic-gate
20857c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_sequence
20867c478bd9Sstevel@tonic-gate (const krb5_data *output, passwd_phrase_element **rep);
20877c478bd9Sstevel@tonic-gate
20887c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_data
20897c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pwd_data **rep);
20907c478bd9Sstevel@tonic-gate
20917c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_padata_sequence
20927c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pa_data ***rep);
20937c478bd9Sstevel@tonic-gate
20947c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_alt_method
20957c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_alt_method **rep);
20967c478bd9Sstevel@tonic-gate
20977c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info
20987c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_etype_info_entry ***rep);
20997c478bd9Sstevel@tonic-gate
21007c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info2
21017c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_etype_info_entry ***rep);
21027c478bd9Sstevel@tonic-gate
21037c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_data
21047c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_data **rep);
21057c478bd9Sstevel@tonic-gate
21067c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pa_enc_ts
21077c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pa_enc_ts **rep);
21087c478bd9Sstevel@tonic-gate
21097c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_key
21107c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_key **);
21117c478bd9Sstevel@tonic-gate
211254925bf6Swillf struct _krb5_key_data; /* kdb.h */
211354925bf6Swillf krb5_error_code
211454925bf6Swillf krb5int_ldap_encode_sequence_of_keys (struct _krb5_key_data *key_data,
211554925bf6Swillf krb5_int16 n_key_data,
211654925bf6Swillf krb5_int32 mkvno,
211754925bf6Swillf krb5_data **code);
211854925bf6Swillf
211954925bf6Swillf krb5_error_code
212054925bf6Swillf krb5int_ldap_decode_sequence_of_keys (krb5_data *in,
212154925bf6Swillf struct _krb5_key_data **out,
212254925bf6Swillf krb5_int16 *n_key_data,
212354925bf6Swillf int *mkvno);
21247c478bd9Sstevel@tonic-gate
21257c478bd9Sstevel@tonic-gate /*************************************************************************
21267c478bd9Sstevel@tonic-gate * End of prototypes for krb5_decode.c
21277c478bd9Sstevel@tonic-gate *************************************************************************/
21287c478bd9Sstevel@tonic-gate
21297c478bd9Sstevel@tonic-gate #endif /* KRB5_ASN1__ */
21307c478bd9Sstevel@tonic-gate /*
21317c478bd9Sstevel@tonic-gate * End "asn1.h"
21327c478bd9Sstevel@tonic-gate */
21337c478bd9Sstevel@tonic-gate
21347c478bd9Sstevel@tonic-gate
21357c478bd9Sstevel@tonic-gate /*
21367c478bd9Sstevel@tonic-gate * Internal krb5 library routines
21377c478bd9Sstevel@tonic-gate */
21387c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_tkt_part
21397c478bd9Sstevel@tonic-gate (krb5_context,
2140159d09a2SMark Phalan const krb5_keyblock *,
2141159d09a2SMark Phalan krb5_ticket * );
21427c478bd9Sstevel@tonic-gate
21437c478bd9Sstevel@tonic-gate
21447c478bd9Sstevel@tonic-gate krb5_error_code krb5_encode_kdc_rep
21457c478bd9Sstevel@tonic-gate (krb5_context,
2146159d09a2SMark Phalan const krb5_msgtype,
2147159d09a2SMark Phalan const krb5_enc_kdc_rep_part *,
2148159d09a2SMark Phalan int using_subkey,
2149159d09a2SMark Phalan const krb5_keyblock *,
2150159d09a2SMark Phalan krb5_kdc_rep *,
2151159d09a2SMark Phalan krb5_data ** );
21527c478bd9Sstevel@tonic-gate
2153505d05c7Sgtb krb5_boolean krb5int_auth_con_chkseqnum
2154505d05c7Sgtb (krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq);
21557c478bd9Sstevel@tonic-gate /*
21567c478bd9Sstevel@tonic-gate * [De]Serialization Handle and operations.
21577c478bd9Sstevel@tonic-gate */
21587c478bd9Sstevel@tonic-gate struct __krb5_serializer {
21597c478bd9Sstevel@tonic-gate krb5_magic odtype;
21607c478bd9Sstevel@tonic-gate krb5_error_code (*sizer) (krb5_context,
2161159d09a2SMark Phalan krb5_pointer,
2162159d09a2SMark Phalan size_t *);
21637c478bd9Sstevel@tonic-gate krb5_error_code (*externalizer) (krb5_context,
2164159d09a2SMark Phalan krb5_pointer,
2165159d09a2SMark Phalan krb5_octet **,
2166159d09a2SMark Phalan size_t *);
21677c478bd9Sstevel@tonic-gate krb5_error_code (*internalizer) (krb5_context,
2168159d09a2SMark Phalan krb5_pointer *,
2169159d09a2SMark Phalan krb5_octet **,
2170159d09a2SMark Phalan size_t *);
21717c478bd9Sstevel@tonic-gate };
2172159d09a2SMark Phalan typedef const struct __krb5_serializer * krb5_ser_handle;
21737c478bd9Sstevel@tonic-gate typedef struct __krb5_serializer krb5_ser_entry;
21747c478bd9Sstevel@tonic-gate
21757c478bd9Sstevel@tonic-gate krb5_ser_handle krb5_find_serializer
2176505d05c7Sgtb (krb5_context,
2177505d05c7Sgtb krb5_magic);
21787c478bd9Sstevel@tonic-gate krb5_error_code krb5_register_serializer
2179505d05c7Sgtb (krb5_context,
2180505d05c7Sgtb const krb5_ser_entry *);
21817c478bd9Sstevel@tonic-gate
21827c478bd9Sstevel@tonic-gate /* Determine the external size of a particular opaque structure */
2183505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_size_opaque
2184505d05c7Sgtb (krb5_context,
2185505d05c7Sgtb krb5_magic,
2186505d05c7Sgtb krb5_pointer,
2187505d05c7Sgtb size_t *);
21887c478bd9Sstevel@tonic-gate
21897c478bd9Sstevel@tonic-gate /* Serialize the structure into a buffer */
2190505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_externalize_opaque
21917c478bd9Sstevel@tonic-gate (krb5_context,
2192159d09a2SMark Phalan krb5_magic,
2193159d09a2SMark Phalan krb5_pointer,
2194159d09a2SMark Phalan krb5_octet **,
2195159d09a2SMark Phalan size_t *);
21967c478bd9Sstevel@tonic-gate
21977c478bd9Sstevel@tonic-gate /* Deserialize the structure from a buffer */
2198505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_internalize_opaque
2199505d05c7Sgtb (krb5_context,
2200505d05c7Sgtb krb5_magic,
2201505d05c7Sgtb krb5_pointer *,
2202505d05c7Sgtb krb5_octet **,
2203505d05c7Sgtb size_t *);
22047c478bd9Sstevel@tonic-gate
22057c478bd9Sstevel@tonic-gate /* Serialize data into a buffer */
22067c478bd9Sstevel@tonic-gate krb5_error_code krb5_externalize_data
2207505d05c7Sgtb (krb5_context,
2208505d05c7Sgtb krb5_pointer,
2209505d05c7Sgtb krb5_octet **,
2210505d05c7Sgtb size_t *);
22117c478bd9Sstevel@tonic-gate /*
22127c478bd9Sstevel@tonic-gate * Initialization routines.
22137c478bd9Sstevel@tonic-gate */
22147c478bd9Sstevel@tonic-gate
22157c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_[os_]context */
2216505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_context_init
22177c478bd9Sstevel@tonic-gate (krb5_context);
22187c478bd9Sstevel@tonic-gate
22197c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_auth_context */
2220505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init
22217c478bd9Sstevel@tonic-gate (krb5_context);
22227c478bd9Sstevel@tonic-gate
22237c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_keytab */
2224505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init
22257c478bd9Sstevel@tonic-gate (krb5_context);
22267c478bd9Sstevel@tonic-gate
22277c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_ccache */
2228505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init
22297c478bd9Sstevel@tonic-gate (krb5_context);
22307c478bd9Sstevel@tonic-gate
22317c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_rcache */
2232505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init
22337c478bd9Sstevel@tonic-gate (krb5_context);
22347c478bd9Sstevel@tonic-gate
22357c478bd9Sstevel@tonic-gate /* [De]serialize 4-byte integer */
22367c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32
2237505d05c7Sgtb (krb5_int32,
2238505d05c7Sgtb krb5_octet **,
2239505d05c7Sgtb size_t *);
2240505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32
2241505d05c7Sgtb (krb5_int32 *,
2242505d05c7Sgtb krb5_octet **,
2243505d05c7Sgtb size_t *);
2244505d05c7Sgtb /* [De]serialize 8-byte integer */
22457c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64
2246159d09a2SMark Phalan (krb5_int64, krb5_octet **, size_t *);
22477c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64
22487c478bd9Sstevel@tonic-gate (krb5_int64 *, krb5_octet **, size_t *);
22497c478bd9Sstevel@tonic-gate /* [De]serialize byte string */
2250505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes
22517c478bd9Sstevel@tonic-gate (krb5_octet *,
2252505d05c7Sgtb size_t,
2253505d05c7Sgtb krb5_octet **,
2254505d05c7Sgtb size_t *);
2255505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes
22567c478bd9Sstevel@tonic-gate (krb5_octet *,
2257505d05c7Sgtb size_t,
2258505d05c7Sgtb krb5_octet **,
2259505d05c7Sgtb size_t *);
22607c478bd9Sstevel@tonic-gate
2261505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5int_cc_default
22627c478bd9Sstevel@tonic-gate (krb5_context, krb5_ccache *);
22637c478bd9Sstevel@tonic-gate
22647c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default
2265159d09a2SMark Phalan (krb5_context, krb5_ccache, krb5_flags,
2266159d09a2SMark Phalan krb5_creds *, krb5_creds *);
2267159d09a2SMark Phalan
2268159d09a2SMark Phalan krb5_boolean KRB5_CALLCONV
2269159d09a2SMark Phalan krb5_creds_compare (krb5_context in_context,
2270159d09a2SMark Phalan krb5_creds *in_creds,
2271159d09a2SMark Phalan krb5_creds *in_compare_creds);
22727c478bd9Sstevel@tonic-gate
22737c478bd9Sstevel@tonic-gate void krb5int_set_prompt_types
22747c478bd9Sstevel@tonic-gate (krb5_context, krb5_prompt_type *);
22757c478bd9Sstevel@tonic-gate
22767c478bd9Sstevel@tonic-gate krb5_error_code
22777c478bd9Sstevel@tonic-gate krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context,
2278159d09a2SMark Phalan krb5_keyblock * /* Old keyblock, not new! */);
22797c478bd9Sstevel@tonic-gate
2280505d05c7Sgtb /* set and change password helpers */
2281505d05c7Sgtb
2282505d05c7Sgtb krb5_error_code krb5int_mk_chpw_req
2283*55fea89dSDan Cross (krb5_context context, krb5_auth_context auth_context,
2284159d09a2SMark Phalan krb5_data *ap_req, char *passwd, krb5_data *packet);
2285505d05c7Sgtb krb5_error_code krb5int_rd_chpw_rep
2286159d09a2SMark Phalan (krb5_context context, krb5_auth_context auth_context,
2287159d09a2SMark Phalan krb5_data *packet, int *result_code,
2288159d09a2SMark Phalan krb5_data *result_data);
2289505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string
2290159d09a2SMark Phalan (krb5_context context, int result_code,
2291159d09a2SMark Phalan char **result_codestr);
2292505d05c7Sgtb krb5_error_code krb5int_mk_setpw_req
2293159d09a2SMark Phalan (krb5_context context, krb5_auth_context auth_context,
2294159d09a2SMark Phalan krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet);
2295505d05c7Sgtb krb5_error_code krb5int_rd_setpw_rep
2296159d09a2SMark Phalan (krb5_context context, krb5_auth_context auth_context,
2297159d09a2SMark Phalan krb5_data *packet, int *result_code,
2298159d09a2SMark Phalan krb5_data *result_data);
2299505d05c7Sgtb krb5_error_code krb5int_setpw_result_code_string
2300159d09a2SMark Phalan (krb5_context context, int result_code,
2301159d09a2SMark Phalan const char **result_codestr);
23027c478bd9Sstevel@tonic-gate
23037c478bd9Sstevel@tonic-gate struct srv_dns_entry {
2304159d09a2SMark Phalan struct srv_dns_entry *next;
2305159d09a2SMark Phalan int priority;
2306159d09a2SMark Phalan int weight;
2307159d09a2SMark Phalan unsigned short port;
2308159d09a2SMark Phalan char *host;
23097c478bd9Sstevel@tonic-gate };
2310159d09a2SMark Phalan #ifdef KRB5_DNS_LOOKUP
23117c478bd9Sstevel@tonic-gate krb5_error_code
23127c478bd9Sstevel@tonic-gate krb5int_make_srv_query_realm(const krb5_data *realm,
2313159d09a2SMark Phalan const char *service,
2314159d09a2SMark Phalan const char *protocol,
2315159d09a2SMark Phalan struct srv_dns_entry **answers);
23167c478bd9Sstevel@tonic-gate void krb5int_free_srv_dns_data(struct srv_dns_entry *);
2317159d09a2SMark Phalan #endif
23187c478bd9Sstevel@tonic-gate
23197c478bd9Sstevel@tonic-gate /*
23207c478bd9Sstevel@tonic-gate * Convenience function for structure magic number
23217c478bd9Sstevel@tonic-gate */
23227c478bd9Sstevel@tonic-gate #define KRB5_VERIFY_MAGIC(structure,magic_number) \
23237c478bd9Sstevel@tonic-gate if ((structure)->magic != (magic_number)) return (magic_number);
23247c478bd9Sstevel@tonic-gate
2325505d05c7Sgtb
2326505d05c7Sgtb /* SUNW14resync XXX - see k5-util.h */
2327505d05c7Sgtb #if 0
23287c478bd9Sstevel@tonic-gate int krb5_seteuid (int);
2329505d05c7Sgtb #endif
23307c478bd9Sstevel@tonic-gate
23317c478bd9Sstevel@tonic-gate char * krb5_getenv(const char *);
23327c478bd9Sstevel@tonic-gate int krb5_setenv (const char *, const char *, int);
23337c478bd9Sstevel@tonic-gate void krb5_unsetenv (const char *);
23347c478bd9Sstevel@tonic-gate
2335*55fea89dSDan Cross
2336505d05c7Sgtb /* SUNW14resync - (from here to EOF) not sure if we need this but will add it
2337505d05c7Sgtb for future resync sake */
2338505d05c7Sgtb
2339505d05c7Sgtb /* To keep happy libraries which are (for now) accessing internal stuff */
2340505d05c7Sgtb
2341505d05c7Sgtb /* Make sure to increment by one when changing the struct */
2342159d09a2SMark Phalan #define KRB5INT_ACCESS_STRUCT_VERSION 12
2343505d05c7Sgtb
2344505d05c7Sgtb #ifndef ANAME_SZ
2345159d09a2SMark Phalan struct ktext; /* from krb.h, for krb524 support */
2346505d05c7Sgtb #endif
2347505d05c7Sgtb typedef struct _krb5int_access {
2348505d05c7Sgtb /* crypto stuff */
2349505d05c7Sgtb const struct krb5_hash_provider *md5_hash_provider;
2350505d05c7Sgtb const struct krb5_enc_provider *arcfour_enc_provider;
2351159d09a2SMark Phalan krb5_error_code (* krb5_hmac) (krb5_context, const struct krb5_hash_provider *hash,
2352159d09a2SMark Phalan const krb5_keyblock *key,
2353159d09a2SMark Phalan unsigned int icount, const krb5_data *input,
2354159d09a2SMark Phalan krb5_data *output);
2355505d05c7Sgtb /* service location and communication */
2356505d05c7Sgtb #ifndef _KERNEL
2357505d05c7Sgtb krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg,
2358159d09a2SMark Phalan const struct addrlist *, struct sendto_callback_info*, krb5_data *reply,
2359159d09a2SMark Phalan struct sockaddr *, socklen_t *,struct sockaddr *,
2360159d09a2SMark Phalan socklen_t *, int *,
2361159d09a2SMark Phalan int (*msg_handler)(krb5_context, const krb5_data *, void *),
2362159d09a2SMark Phalan void *msg_handler_data);
2363505d05c7Sgtb krb5_error_code (*add_host_to_list)(struct addrlist *lp,
2364159d09a2SMark Phalan const char *hostname,
2365159d09a2SMark Phalan int port, int secport,
2366159d09a2SMark Phalan int socktype, int family);
2367505d05c7Sgtb void (*free_addrlist) (struct addrlist *);
2368505d05c7Sgtb #endif /* _KERNEL */
2369505d05c7Sgtb
2370505d05c7Sgtb krb5_error_code (*make_srv_query_realm)(const krb5_data *realm,
2371159d09a2SMark Phalan const char *service,
2372159d09a2SMark Phalan const char *protocol,
2373159d09a2SMark Phalan struct srv_dns_entry **answers);
2374505d05c7Sgtb void (*free_srv_dns_data)(struct srv_dns_entry *);
2375505d05c7Sgtb int (*use_dns_kdc)(krb5_context);
2376ba7b222eSGlenn Barry krb5_error_code (*clean_hostname)(krb5_context, const char *, char *, size_t);
2377505d05c7Sgtb
2378505d05c7Sgtb /* krb4 compatibility stuff -- may be null if not enabled */
2379505d05c7Sgtb krb5_int32 (*krb_life_to_time)(krb5_int32, int);
2380505d05c7Sgtb int (*krb_time_to_life)(krb5_int32, krb5_int32);
2381505d05c7Sgtb int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *);
2382505d05c7Sgtb krb5_error_code (*krb5int_c_mandatory_cksumtype)
2383505d05c7Sgtb (krb5_context, krb5_enctype, krb5_cksumtype *);
2384505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *krb5_ser_pack_int64)
2385505d05c7Sgtb (krb5_int64, krb5_octet **, size_t *);
2386505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *krb5_ser_unpack_int64)
2387505d05c7Sgtb (krb5_int64 *, krb5_octet **, size_t *);
238854925bf6Swillf
238954925bf6Swillf /* Used for KDB LDAP back end. */
239054925bf6Swillf krb5_error_code
239154925bf6Swillf (*asn1_ldap_encode_sequence_of_keys) (struct _krb5_key_data *key_data,
239254925bf6Swillf krb5_int16 n_key_data,
239354925bf6Swillf krb5_int32 mkvno,
239454925bf6Swillf krb5_data **code);
239554925bf6Swillf
239654925bf6Swillf krb5_error_code
239754925bf6Swillf (*asn1_ldap_decode_sequence_of_keys) (krb5_data *in,
239854925bf6Swillf struct _krb5_key_data **out,
239954925bf6Swillf krb5_int16 *n_key_data,
240054925bf6Swillf int *mkvno);
2401159d09a2SMark Phalan
2402159d09a2SMark Phalan /*
2403159d09a2SMark Phalan * pkinit asn.1 encode/decode functions
2404159d09a2SMark Phalan */
2405159d09a2SMark Phalan krb5_error_code (*encode_krb5_auth_pack)
2406159d09a2SMark Phalan (const krb5_auth_pack *rep, krb5_data **code);
2407159d09a2SMark Phalan krb5_error_code (*encode_krb5_auth_pack_draft9)
2408159d09a2SMark Phalan (const krb5_auth_pack_draft9 *rep, krb5_data **code);
2409159d09a2SMark Phalan krb5_error_code (*encode_krb5_kdc_dh_key_info)
2410159d09a2SMark Phalan (const krb5_kdc_dh_key_info *rep, krb5_data **code);
2411159d09a2SMark Phalan krb5_error_code (*encode_krb5_pa_pk_as_rep)
2412159d09a2SMark Phalan (const krb5_pa_pk_as_rep *rep, krb5_data **code);
2413159d09a2SMark Phalan krb5_error_code (*encode_krb5_pa_pk_as_rep_draft9)
2414159d09a2SMark Phalan (const krb5_pa_pk_as_rep_draft9 *rep, krb5_data **code);
2415159d09a2SMark Phalan krb5_error_code (*encode_krb5_pa_pk_as_req)
2416159d09a2SMark Phalan (const krb5_pa_pk_as_req *rep, krb5_data **code);
2417159d09a2SMark Phalan krb5_error_code (*encode_krb5_pa_pk_as_req_draft9)
2418159d09a2SMark Phalan (const krb5_pa_pk_as_req_draft9 *rep, krb5_data **code);
2419159d09a2SMark Phalan krb5_error_code (*encode_krb5_reply_key_pack)
2420159d09a2SMark Phalan (const krb5_reply_key_pack *, krb5_data **code);
2421159d09a2SMark Phalan krb5_error_code (*encode_krb5_reply_key_pack_draft9)
2422159d09a2SMark Phalan (const krb5_reply_key_pack_draft9 *, krb5_data **code);
2423159d09a2SMark Phalan krb5_error_code (*encode_krb5_td_dh_parameters)
2424159d09a2SMark Phalan (const krb5_algorithm_identifier **, krb5_data **code);
2425159d09a2SMark Phalan krb5_error_code (*encode_krb5_td_trusted_certifiers)
2426159d09a2SMark Phalan (const krb5_external_principal_identifier **, krb5_data **code);
2427159d09a2SMark Phalan krb5_error_code (*encode_krb5_typed_data)
2428159d09a2SMark Phalan (const krb5_typed_data **, krb5_data **code);
2429159d09a2SMark Phalan
2430159d09a2SMark Phalan krb5_error_code (*decode_krb5_auth_pack)
2431159d09a2SMark Phalan (const krb5_data *, krb5_auth_pack **);
2432159d09a2SMark Phalan krb5_error_code (*decode_krb5_auth_pack_draft9)
2433159d09a2SMark Phalan (const krb5_data *, krb5_auth_pack_draft9 **);
2434159d09a2SMark Phalan krb5_error_code (*decode_krb5_pa_pk_as_req)
2435159d09a2SMark Phalan (const krb5_data *, krb5_pa_pk_as_req **);
2436159d09a2SMark Phalan krb5_error_code (*decode_krb5_pa_pk_as_req_draft9)
2437159d09a2SMark Phalan (const krb5_data *, krb5_pa_pk_as_req_draft9 **);
2438159d09a2SMark Phalan krb5_error_code (*decode_krb5_pa_pk_as_rep)
2439159d09a2SMark Phalan (const krb5_data *, krb5_pa_pk_as_rep **);
2440159d09a2SMark Phalan krb5_error_code (*decode_krb5_pa_pk_as_rep_draft9)
2441159d09a2SMark Phalan (const krb5_data *, krb5_pa_pk_as_rep_draft9 **);
2442159d09a2SMark Phalan krb5_error_code (*decode_krb5_kdc_dh_key_info)
2443159d09a2SMark Phalan (const krb5_data *, krb5_kdc_dh_key_info **);
2444159d09a2SMark Phalan krb5_error_code (*decode_krb5_principal_name)
2445159d09a2SMark Phalan (const krb5_data *, krb5_principal_data **);
2446159d09a2SMark Phalan krb5_error_code (*decode_krb5_reply_key_pack)
2447159d09a2SMark Phalan (const krb5_data *, krb5_reply_key_pack **);
2448159d09a2SMark Phalan krb5_error_code (*decode_krb5_reply_key_pack_draft9)
2449159d09a2SMark Phalan (const krb5_data *, krb5_reply_key_pack_draft9 **);
2450159d09a2SMark Phalan krb5_error_code (*decode_krb5_td_dh_parameters)
2451159d09a2SMark Phalan (const krb5_data *, krb5_algorithm_identifier ***);
2452159d09a2SMark Phalan krb5_error_code (*decode_krb5_td_trusted_certifiers)
2453159d09a2SMark Phalan (const krb5_data *, krb5_external_principal_identifier ***);
2454159d09a2SMark Phalan krb5_error_code (*decode_krb5_typed_data)
2455159d09a2SMark Phalan (const krb5_data *, krb5_typed_data ***);
2456159d09a2SMark Phalan
2457159d09a2SMark Phalan krb5_error_code (*decode_krb5_as_req)
2458159d09a2SMark Phalan (const krb5_data *output, krb5_kdc_req **rep);
2459159d09a2SMark Phalan krb5_error_code (*encode_krb5_kdc_req_body)
2460159d09a2SMark Phalan (const krb5_kdc_req *rep, krb5_data **code);
2461159d09a2SMark Phalan void (KRB5_CALLCONV *krb5_free_kdc_req)
2462159d09a2SMark Phalan (krb5_context, krb5_kdc_req * );
2463159d09a2SMark Phalan void (*krb5int_set_prompt_types)
2464159d09a2SMark Phalan (krb5_context, krb5_prompt_type *);
2465159d09a2SMark Phalan krb5_error_code (*encode_krb5_authdata_elt)
2466159d09a2SMark Phalan (const krb5_authdata *rep, krb5_data **code);
2467159d09a2SMark Phalan
2468505d05c7Sgtb } krb5int_access;
2469505d05c7Sgtb
2470505d05c7Sgtb #define KRB5INT_ACCESS_VERSION \
2471505d05c7Sgtb (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \
2472159d09a2SMark Phalan (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF)
2473505d05c7Sgtb
2474505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5int_accessor
2475159d09a2SMark Phalan (krb5int_access*, krb5_int32);
2476505d05c7Sgtb
2477505d05c7Sgtb /* Ick -- some krb524 and krb4 support placed in the krb5 library,
2478505d05c7Sgtb because AFS (and potentially other applications?) use the krb4
2479505d05c7Sgtb object as an opaque token, which (in some implementations) is not
2480505d05c7Sgtb in fact a krb4 ticket, so we don't want to drag in the krb4 support
2481505d05c7Sgtb just to enable this. */
2482505d05c7Sgtb
2483505d05c7Sgtb #define KRB524_SERVICE "krb524"
2484505d05c7Sgtb #define KRB524_PORT 4444
2485505d05c7Sgtb
2486505d05c7Sgtb /* v4lifetime.c */
2487505d05c7Sgtb extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int);
2488505d05c7Sgtb extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32);
2489505d05c7Sgtb
2490505d05c7Sgtb /* conv_creds.c */
2491505d05c7Sgtb int krb5int_encode_v4tkt
2492159d09a2SMark Phalan (struct ktext *v4tkt, char *buf, unsigned int *encoded_len);
2493505d05c7Sgtb
2494505d05c7Sgtb /* send524.c */
2495505d05c7Sgtb int krb5int_524_sendto_kdc
2496*55fea89dSDan Cross (krb5_context context, const krb5_data * message,
2497159d09a2SMark Phalan const krb5_data * realm, krb5_data * reply,
2498159d09a2SMark Phalan struct sockaddr *, socklen_t *);
2499505d05c7Sgtb
2500505d05c7Sgtb /* temporary -- this should be under lib/krb5/ccache somewhere */
2501505d05c7Sgtb
2502505d05c7Sgtb struct _krb5_ccache {
2503505d05c7Sgtb krb5_magic magic;
2504505d05c7Sgtb const struct _krb5_cc_ops *ops;
2505505d05c7Sgtb krb5_pointer data;
2506505d05c7Sgtb };
2507505d05c7Sgtb
2508159d09a2SMark Phalan /*
2509159d09a2SMark Phalan * Per-type ccache cursor.
2510159d09a2SMark Phalan */
2511159d09a2SMark Phalan struct krb5_cc_ptcursor {
2512159d09a2SMark Phalan const struct _krb5_cc_ops *ops;
2513159d09a2SMark Phalan krb5_pointer data;
2514159d09a2SMark Phalan };
2515159d09a2SMark Phalan typedef struct krb5_cc_ptcursor *krb5_cc_ptcursor;
2516159d09a2SMark Phalan
2517505d05c7Sgtb struct _krb5_cc_ops {
2518505d05c7Sgtb krb5_magic magic;
2519505d05c7Sgtb char *prefix;
2520505d05c7Sgtb const char * (KRB5_CALLCONV *get_name) (krb5_context, krb5_ccache);
2521505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_ccache *,
2522159d09a2SMark Phalan const char *);
2523505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *gen_new) (krb5_context, krb5_ccache *);
2524505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_ccache,
2525159d09a2SMark Phalan krb5_principal);
2526505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_ccache);
2527505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_ccache);
2528505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_ccache,
2529159d09a2SMark Phalan krb5_creds *);
2530505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *retrieve) (krb5_context, krb5_ccache,
2531159d09a2SMark Phalan krb5_flags, krb5_creds *,
2532159d09a2SMark Phalan krb5_creds *);
2533505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_princ) (krb5_context, krb5_ccache,
2534159d09a2SMark Phalan krb5_principal *);
2535505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_first) (krb5_context, krb5_ccache,
2536159d09a2SMark Phalan krb5_cc_cursor *);
2537505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_ccache,
2538159d09a2SMark Phalan krb5_cc_cursor *, krb5_creds *);
2539505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_ccache,
2540159d09a2SMark Phalan krb5_cc_cursor *);
2541505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *remove_cred) (krb5_context, krb5_ccache,
2542159d09a2SMark Phalan krb5_flags, krb5_creds *);
2543505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *set_flags) (krb5_context, krb5_ccache,
2544159d09a2SMark Phalan krb5_flags);
2545159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *get_flags) (krb5_context, krb5_ccache,
2546159d09a2SMark Phalan krb5_flags *);
2547159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context,
2548159d09a2SMark Phalan krb5_cc_ptcursor *);
2549159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context,
2550159d09a2SMark Phalan krb5_cc_ptcursor,
2551159d09a2SMark Phalan krb5_ccache *);
2552159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context,
2553159d09a2SMark Phalan krb5_cc_ptcursor *);
2554159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache);
2555159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
2556159d09a2SMark Phalan krb5_ccache, krb5_timestamp *);
2557159d09a2SMark Phalan krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
2558159d09a2SMark Phalan krb5_timestamp *);
2559505d05c7Sgtb };
2560505d05c7Sgtb
2561505d05c7Sgtb extern const krb5_cc_ops *krb5_cc_dfl_ops;
2562505d05c7Sgtb
2563159d09a2SMark Phalan krb5_error_code
2564159d09a2SMark Phalan krb5int_cc_os_default_name(krb5_context context, char **name);
2565159d09a2SMark Phalan
2566159d09a2SMark Phalan /*
2567159d09a2SMark Phalan * Cursor for iterating over ccache types
2568159d09a2SMark Phalan */
2569159d09a2SMark Phalan struct krb5_cc_typecursor;
2570159d09a2SMark Phalan typedef struct krb5_cc_typecursor *krb5_cc_typecursor;
2571159d09a2SMark Phalan
2572159d09a2SMark Phalan krb5_error_code
2573159d09a2SMark Phalan krb5int_cc_typecursor_new(krb5_context context, krb5_cc_typecursor *cursor);
2574159d09a2SMark Phalan
2575159d09a2SMark Phalan krb5_error_code
2576159d09a2SMark Phalan krb5int_cc_typecursor_next(
2577159d09a2SMark Phalan krb5_context context,
2578159d09a2SMark Phalan krb5_cc_typecursor cursor,
2579159d09a2SMark Phalan const struct _krb5_cc_ops **ops);
2580159d09a2SMark Phalan
2581159d09a2SMark Phalan krb5_error_code
2582159d09a2SMark Phalan krb5int_cc_typecursor_free(
2583159d09a2SMark Phalan krb5_context context,
2584159d09a2SMark Phalan krb5_cc_typecursor *cursor);
2585159d09a2SMark Phalan
2586505d05c7Sgtb typedef struct _krb5_donot_replay {
2587505d05c7Sgtb krb5_magic magic;
2588505d05c7Sgtb krb5_ui_4 hash;
2589159d09a2SMark Phalan char *server; /* null-terminated */
2590159d09a2SMark Phalan char *client; /* null-terminated */
2591ba7b222eSGlenn Barry char *msghash; /* null-terminated */
2592505d05c7Sgtb krb5_int32 cusec;
2593505d05c7Sgtb krb5_timestamp ctime;
2594505d05c7Sgtb } krb5_donot_replay;
2595505d05c7Sgtb
2596*55fea89dSDan Cross krb5_error_code krb5_rc_default
2597159d09a2SMark Phalan (krb5_context,
2598159d09a2SMark Phalan krb5_rcache *);
2599*55fea89dSDan Cross krb5_error_code krb5_rc_resolve_type
2600159d09a2SMark Phalan (krb5_context,
2601159d09a2SMark Phalan krb5_rcache *,char *);
2602*55fea89dSDan Cross krb5_error_code krb5_rc_resolve_full
2603159d09a2SMark Phalan (krb5_context,
2604159d09a2SMark Phalan krb5_rcache *,char *);
2605*55fea89dSDan Cross char * krb5_rc_get_type
2606159d09a2SMark Phalan (krb5_context,
2607159d09a2SMark Phalan krb5_rcache);
2608*55fea89dSDan Cross char * krb5_rc_default_type
2609159d09a2SMark Phalan (krb5_context);
2610*55fea89dSDan Cross char * krb5_rc_default_name
2611159d09a2SMark Phalan (krb5_context);
2612*55fea89dSDan Cross krb5_error_code krb5_auth_to_rep
2613159d09a2SMark Phalan (krb5_context,
2614159d09a2SMark Phalan krb5_tkt_authent *,
2615159d09a2SMark Phalan krb5_donot_replay *);
2616159d09a2SMark Phalan
2617505d05c7Sgtb
2618505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_initialize
2619159d09a2SMark Phalan (krb5_context, krb5_rcache,krb5_deltat);
2620505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_recover_or_initialize
2621159d09a2SMark Phalan (krb5_context, krb5_rcache,krb5_deltat);
2622505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_recover
2623159d09a2SMark Phalan (krb5_context, krb5_rcache);
2624505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_destroy
2625159d09a2SMark Phalan (krb5_context, krb5_rcache);
2626505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_close
2627159d09a2SMark Phalan (krb5_context, krb5_rcache);
2628505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_store
2629159d09a2SMark Phalan (krb5_context, krb5_rcache,krb5_donot_replay *);
2630505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_expunge
2631159d09a2SMark Phalan (krb5_context, krb5_rcache);
2632505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan
2633159d09a2SMark Phalan (krb5_context, krb5_rcache,krb5_deltat *);
2634505d05c7Sgtb char *KRB5_CALLCONV krb5_rc_get_name
2635159d09a2SMark Phalan (krb5_context, krb5_rcache);
2636505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_resolve
2637159d09a2SMark Phalan (krb5_context, krb5_rcache, char *);
2638505d05c7Sgtb
2639505d05c7Sgtb typedef struct _krb5_kt_ops {
2640505d05c7Sgtb krb5_magic magic;
2641505d05c7Sgtb char *prefix;
2642505d05c7Sgtb /* routines always present */
2643*55fea89dSDan Cross krb5_error_code (KRB5_CALLCONV *resolve)
2644159d09a2SMark Phalan (krb5_context,
2645159d09a2SMark Phalan const char *,
2646159d09a2SMark Phalan krb5_keytab *);
2647*55fea89dSDan Cross krb5_error_code (KRB5_CALLCONV *get_name)
2648159d09a2SMark Phalan (krb5_context,
2649159d09a2SMark Phalan krb5_keytab,
2650159d09a2SMark Phalan char *,
2651159d09a2SMark Phalan unsigned int);
2652*55fea89dSDan Cross krb5_error_code (KRB5_CALLCONV *close)
2653159d09a2SMark Phalan (krb5_context,
2654159d09a2SMark Phalan krb5_keytab);
2655*55fea89dSDan Cross krb5_error_code (KRB5_CALLCONV *get)
2656159d09a2SMark Phalan (krb5_context,
2657159d09a2SMark Phalan krb5_keytab,
2658159d09a2SMark Phalan krb5_const_principal,
2659159d09a2SMark Phalan krb5_kvno,
2660159d09a2SMark Phalan krb5_enctype,
2661159d09a2SMark Phalan krb5_keytab_entry *);
2662*55fea89dSDan Cross krb5_error_code (KRB5_CALLCONV *start_seq_get)
2663159d09a2SMark Phalan (krb5_context,
2664159d09a2SMark Phalan krb5_keytab,
2665*55fea89dSDan Cross krb5_kt_cursor *);
2666*55fea89dSDan Cross krb5_error_code (KRB5_CALLCONV *get_next)
2667159d09a2SMark Phalan (krb5_context,
2668159d09a2SMark Phalan krb5_keytab,
2669159d09a2SMark Phalan krb5_keytab_entry *,
2670159d09a2SMark Phalan krb5_kt_cursor *);
2671*55fea89dSDan Cross krb5_error_code (KRB5_CALLCONV *end_get)
2672159d09a2SMark Phalan (krb5_context,
2673159d09a2SMark Phalan krb5_keytab,
2674159d09a2SMark Phalan krb5_kt_cursor *);
2675505d05c7Sgtb /* routines to be included on extended version (write routines) */
2676*55fea89dSDan Cross krb5_error_code (KRB5_CALLCONV *add)
2677159d09a2SMark Phalan (krb5_context,
2678159d09a2SMark Phalan krb5_keytab,
2679159d09a2SMark Phalan krb5_keytab_entry *);
2680*55fea89dSDan Cross krb5_error_code (KRB5_CALLCONV *remove)
2681159d09a2SMark Phalan (krb5_context,
2682159d09a2SMark Phalan krb5_keytab,
2683159d09a2SMark Phalan krb5_keytab_entry *);
2684505d05c7Sgtb
2685505d05c7Sgtb /* Handle for serializer */
2686505d05c7Sgtb const krb5_ser_entry *serializer;
2687505d05c7Sgtb } krb5_kt_ops;
2688505d05c7Sgtb
2689505d05c7Sgtb extern const krb5_kt_ops krb5_kt_dfl_ops;
2690505d05c7Sgtb
2691505d05c7Sgtb extern krb5_error_code krb5int_translate_gai_error (int);
2692505d05c7Sgtb
2693505d05c7Sgtb /* Not sure it's ready for exposure just yet. */
2694505d05c7Sgtb extern krb5_error_code
2695505d05c7Sgtb krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *);
2696505d05c7Sgtb
2697505d05c7Sgtb extern int krb5int_crypto_init (void);
2698505d05c7Sgtb extern int krb5int_prng_init(void);
2699505d05c7Sgtb
27005e01956fSGlenn Barry
2701505d05c7Sgtb /*
2702505d05c7Sgtb * SUNW14resync
2703505d05c7Sgtb * Hack (?) to neuter C99 "inline" which causes warnings w/our build.
2704505d05c7Sgtb */
2705505d05c7Sgtb #define inline
2706505d05c7Sgtb
27075e01956fSGlenn Barry /* Some data comparison and conversion functions. */
27085e01956fSGlenn Barry #if 0
27095e01956fSGlenn Barry static inline int data_cmp(krb5_data d1, krb5_data d2)
27105e01956fSGlenn Barry {
27115e01956fSGlenn Barry if (d1.length < d2.length) return -1;
27125e01956fSGlenn Barry if (d1.length > d2.length) return 1;
27135e01956fSGlenn Barry return memcmp(d1.data, d2.data, d1.length);
27145e01956fSGlenn Barry }
27155e01956fSGlenn Barry static inline int data_eq (krb5_data d1, krb5_data d2)
27165e01956fSGlenn Barry {
27175e01956fSGlenn Barry return data_cmp(d1, d2) == 0;
27185e01956fSGlenn Barry }
27195e01956fSGlenn Barry #else
data_eq(krb5_data d1,krb5_data d2)27205e01956fSGlenn Barry static inline int data_eq (krb5_data d1, krb5_data d2)
27215e01956fSGlenn Barry {
27225e01956fSGlenn Barry return (d1.length == d2.length
27235e01956fSGlenn Barry && !memcmp(d1.data, d2.data, d1.length));
27245e01956fSGlenn Barry }
27255e01956fSGlenn Barry #endif
string2data(char * str)27265e01956fSGlenn Barry static inline krb5_data string2data (char *str)
27275e01956fSGlenn Barry {
27285e01956fSGlenn Barry krb5_data d;
27295e01956fSGlenn Barry d.magic = KV5M_DATA;
27305e01956fSGlenn Barry d.length = strlen(str);
27315e01956fSGlenn Barry d.data = str;
27325e01956fSGlenn Barry return d;
27335e01956fSGlenn Barry }
27345e01956fSGlenn Barry /*LINTED*/
data_eq_string(krb5_data d,char * s)27355e01956fSGlenn Barry static inline int data_eq_string (krb5_data d, char *s)
27365e01956fSGlenn Barry {
27375e01956fSGlenn Barry return data_eq(d, string2data(s));
27385e01956fSGlenn Barry }
27395e01956fSGlenn Barry /*LINTED*/
authdata_eq(krb5_authdata a1,krb5_authdata a2)27405e01956fSGlenn Barry static inline int authdata_eq (krb5_authdata a1, krb5_authdata a2)
27415e01956fSGlenn Barry {
27425e01956fSGlenn Barry return (a1.ad_type == a2.ad_type
27435e01956fSGlenn Barry && a1.length == a2.length
27445e01956fSGlenn Barry && !memcmp(a1.contents, a2.contents, a1.length));
27455e01956fSGlenn Barry }
27465e01956fSGlenn Barry
27475e01956fSGlenn Barry
2748505d05c7Sgtb /* Solaris kerberos */
2749*55fea89dSDan Cross krb5_boolean KRB5_CALLCONV is_in_keytype
2750*55fea89dSDan Cross (krb5_const krb5_enctype *keytype,
2751*55fea89dSDan Cross int numkeytypes, krb5_enctype enctype);
2752505d05c7Sgtb
275324da5b34Srie /*
275424da5b34Srie * Solaris Kerberos
275524da5b34Srie * Use krb5_getuid() to select the mechanism to obtain the uid.
275624da5b34Srie */
275724da5b34Srie extern uid_t krb5_getuid();
2758ab9b2e15Sgtb
2759fe598cdcSmp /*
2760fe598cdcSmp * Referral definitions, debugging hooks, and subfunctions.
2761fe598cdcSmp */
2762fe598cdcSmp #define KRB5_REFERRAL_MAXHOPS 5
2763fe598cdcSmp /* #define DEBUG_REFERRALS */
2764fe598cdcSmp
2765fe598cdcSmp #ifdef DEBUG_REFERRALS
2766fe598cdcSmp void krb5int_dbgref_dump_principal(char *, krb5_principal);
2767fe598cdcSmp #endif
2768fe598cdcSmp
2769fe598cdcSmp /* Common hostname-parsing code. */
2770fe598cdcSmp krb5_error_code KRB5_CALLCONV krb5int_clean_hostname
2771fe598cdcSmp (krb5_context,
2772fe598cdcSmp const char *,
2773fe598cdcSmp char *,
2774fe598cdcSmp size_t);
2775505d05c7Sgtb
2776ba7b222eSGlenn Barry /*
2777ba7b222eSGlenn Barry * Solaris Kerberos
2778ba7b222eSGlenn Barry * Kernel & user space realloc.
2779ba7b222eSGlenn Barry */
2780ba7b222eSGlenn Barry void *krb5int_realloc
2781ba7b222eSGlenn Barry (void *oldp,
2782ba7b222eSGlenn Barry size_t new_size,
2783ba7b222eSGlenn Barry size_t old_size);
27847c478bd9Sstevel@tonic-gate #endif /* _KRB5_INT_H */
2785