17c478bd9Sstevel@tonic-gate /* 2*10db1377Sgtb * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate /* 77c478bd9Sstevel@tonic-gate * Copyright (C) 1989-1995 by the Massachusetts Institute of Technology, 87c478bd9Sstevel@tonic-gate * Cambridge, MA, USA. All Rights Reserved. 97c478bd9Sstevel@tonic-gate * 107c478bd9Sstevel@tonic-gate * This software is being provided to you, the LICENSEE, by the 117c478bd9Sstevel@tonic-gate * Massachusetts Institute of Technology (M.I.T.) under the following 127c478bd9Sstevel@tonic-gate * license. By obtaining, using and/or copying this software, you agree 137c478bd9Sstevel@tonic-gate * that you have read, understood, and will comply with these terms and 147c478bd9Sstevel@tonic-gate * conditions: 157c478bd9Sstevel@tonic-gate * 167c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 177c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 187c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 197c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 207c478bd9Sstevel@tonic-gate * 217c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 227c478bd9Sstevel@tonic-gate * this software and its documentation for any purpose and without fee or 237c478bd9Sstevel@tonic-gate * royalty is hereby granted, provided that you agree to comply with the 247c478bd9Sstevel@tonic-gate * following copyright notice and statements, including the disclaimer, and 257c478bd9Sstevel@tonic-gate * that the same appear on ALL copies of the software and documentation, 267c478bd9Sstevel@tonic-gate * including modifications that you make for internal use or for 277c478bd9Sstevel@tonic-gate * distribution: 287c478bd9Sstevel@tonic-gate * 297c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 307c478bd9Sstevel@tonic-gate * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not 317c478bd9Sstevel@tonic-gate * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 327c478bd9Sstevel@tonic-gate * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 337c478bd9Sstevel@tonic-gate * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 347c478bd9Sstevel@tonic-gate * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. 357c478bd9Sstevel@tonic-gate * 367c478bd9Sstevel@tonic-gate * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 377c478bd9Sstevel@tonic-gate * be used in advertising or publicity pertaining to distribution of the 387c478bd9Sstevel@tonic-gate * software. Title to copyright in this software and any associated 397c478bd9Sstevel@tonic-gate * documentation shall at all times remain with M.I.T., and USER agrees to 407c478bd9Sstevel@tonic-gate * preserve same. 417c478bd9Sstevel@tonic-gate */ 427c478bd9Sstevel@tonic-gate /* 437c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC. 447c478bd9Sstevel@tonic-gate * 457c478bd9Sstevel@tonic-gate * All rights reserved. 467c478bd9Sstevel@tonic-gate * 477c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require 487c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the 497c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to 507c478bd9Sstevel@tonic-gate * obtain such a license before exporting. 517c478bd9Sstevel@tonic-gate * 527c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 537c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 547c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 557c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 567c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 577c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining 587c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 597c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of 607c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 617c478bd9Sstevel@tonic-gate * or implied warranty. 627c478bd9Sstevel@tonic-gate * 637c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 647c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 657c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 667c478bd9Sstevel@tonic-gate */ 677c478bd9Sstevel@tonic-gate 687c478bd9Sstevel@tonic-gate /* 697c478bd9Sstevel@tonic-gate * This prototype for k5-int.h (Krb5 internals include file) 707c478bd9Sstevel@tonic-gate * includes the user-visible definitions from krb5.h and then 717c478bd9Sstevel@tonic-gate * includes other definitions that are not user-visible but are 727c478bd9Sstevel@tonic-gate * required for compiling Kerberos internal routines. 737c478bd9Sstevel@tonic-gate * 747c478bd9Sstevel@tonic-gate * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995 757c478bd9Sstevel@tonic-gate */ 767c478bd9Sstevel@tonic-gate 777c478bd9Sstevel@tonic-gate #ifndef _KRB5_INT_H 787c478bd9Sstevel@tonic-gate #define _KRB5_INT_H 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate #ifndef _KERNEL 837c478bd9Sstevel@tonic-gate #include <osconf.h> 847c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 857c478bd9Sstevel@tonic-gate #else 867c478bd9Sstevel@tonic-gate #include <sys/crypto/common.h> 877c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h> 887c478bd9Sstevel@tonic-gate #endif 897c478bd9Sstevel@tonic-gate 907c478bd9Sstevel@tonic-gate #ifdef DEBUG 917c478bd9Sstevel@tonic-gate #if !defined(KRB5_DEBUG) 927c478bd9Sstevel@tonic-gate #define KRB5_DEBUG 937c478bd9Sstevel@tonic-gate #endif 947c478bd9Sstevel@tonic-gate #ifndef KRB5_LOG_LVL 957c478bd9Sstevel@tonic-gate #define KRB5_LOG_LVL KRB5_ERR 967c478bd9Sstevel@tonic-gate #endif 977c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 987c478bd9Sstevel@tonic-gate 997c478bd9Sstevel@tonic-gate #ifdef _KERNEL 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate #ifdef DEBUG 1027c478bd9Sstevel@tonic-gate #include <sys/types.h> 1037c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h> 1047c478bd9Sstevel@tonic-gate extern void prom_printf(); 1057c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 1067c478bd9Sstevel@tonic-gate 1077c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 1087c478bd9Sstevel@tonic-gate 1097c478bd9Sstevel@tonic-gate #define prom_printf printf 1107c478bd9Sstevel@tonic-gate 1117c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 1127c478bd9Sstevel@tonic-gate 1137c478bd9Sstevel@tonic-gate #ifdef KRB5_LOG_LVL 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate /* krb5_log is used to set the logging level to determine what class of messages 1167c478bd9Sstevel@tonic-gate * are output by the mech. Note, more than one logging level can be used by 1177c478bd9Sstevel@tonic-gate * bit or'ing the log values together. 1187c478bd9Sstevel@tonic-gate * 1197c478bd9Sstevel@tonic-gate * All log messages are captured by syslog. 1207c478bd9Sstevel@tonic-gate */ 1217c478bd9Sstevel@tonic-gate 1227c478bd9Sstevel@tonic-gate extern unsigned int krb5_log; 1237c478bd9Sstevel@tonic-gate 1247c478bd9Sstevel@tonic-gate /* Note, these defines should be mutually exclusive bit fields */ 1257c478bd9Sstevel@tonic-gate #define KRB5_ERR 1 /* Use this debug log level for error path logging. */ 1267c478bd9Sstevel@tonic-gate #define KRB5_INFO 2 /* Use this debug log level for informational messages. */ 1277c478bd9Sstevel@tonic-gate 1287c478bd9Sstevel@tonic-gate #ifdef _KERNEL 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \ 1317c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C), (D)), TRUE))) 1327c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \ 1337c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C)), TRUE))) 1347c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \ 1357c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B)), TRUE))) 1367c478bd9Sstevel@tonic-gate 1377c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 1387c478bd9Sstevel@tonic-gate 1397c478bd9Sstevel@tonic-gate #include <syslog.h> 1407c478bd9Sstevel@tonic-gate 1417c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \ 1427c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1437c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C), (D)), TRUE))) 1447c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \ 1457c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1467c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C)), TRUE))) 1477c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \ 1487c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1497c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, B), TRUE))) 1507c478bd9Sstevel@tonic-gate 1517c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 1527c478bd9Sstevel@tonic-gate 1537c478bd9Sstevel@tonic-gate #else /* ! KRB5_LOG_LVL */ 1547c478bd9Sstevel@tonic-gate 1557c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) 1567c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) 1577c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) 1587c478bd9Sstevel@tonic-gate 1597c478bd9Sstevel@tonic-gate #endif /* KRB5_LOG_LVL */ 1607c478bd9Sstevel@tonic-gate 1617c478bd9Sstevel@tonic-gate #ifdef POSIX_TYPES 1627c478bd9Sstevel@tonic-gate #define timetype time_t 1637c478bd9Sstevel@tonic-gate #else 1647c478bd9Sstevel@tonic-gate #define timetype long 1657c478bd9Sstevel@tonic-gate #endif 1667c478bd9Sstevel@tonic-gate 1677c478bd9Sstevel@tonic-gate /* 1687c478bd9Sstevel@tonic-gate * Begin "k5-config.h" 1697c478bd9Sstevel@tonic-gate */ 1707c478bd9Sstevel@tonic-gate #ifndef KRB5_CONFIG__ 1717c478bd9Sstevel@tonic-gate #define KRB5_CONFIG__ 1727c478bd9Sstevel@tonic-gate 1737c478bd9Sstevel@tonic-gate /* 1747c478bd9Sstevel@tonic-gate * Machine-type definitions: PC Clone 386 running Microsoft Windows 1757c478bd9Sstevel@tonic-gate */ 1767c478bd9Sstevel@tonic-gate 177505d05c7Sgtb #if defined(_MSDOS) || defined(_WIN32) 1787c478bd9Sstevel@tonic-gate #include "win-mac.h" 1797c478bd9Sstevel@tonic-gate 1807c478bd9Sstevel@tonic-gate /* Kerberos Windows initialization file */ 1817c478bd9Sstevel@tonic-gate #define KERBEROS_INI "kerberos.ini" 1827c478bd9Sstevel@tonic-gate #define INI_FILES "Files" 1837c478bd9Sstevel@tonic-gate #define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */ 1847c478bd9Sstevel@tonic-gate #define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */ 1857c478bd9Sstevel@tonic-gate #define ANSI_STDIO 1867c478bd9Sstevel@tonic-gate #endif 1877c478bd9Sstevel@tonic-gate 1887c478bd9Sstevel@tonic-gate #ifndef _KERNEL 1897c478bd9Sstevel@tonic-gate #ifndef KRB5_AUTOCONF__ 1907c478bd9Sstevel@tonic-gate #define KRB5_AUTOCONF__ 1917c478bd9Sstevel@tonic-gate #include <autoconf.h> 1927c478bd9Sstevel@tonic-gate #endif 1937c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 1947c478bd9Sstevel@tonic-gate 1957c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__ 1967c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__ 1977c478bd9Sstevel@tonic-gate 1987c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TYPES_H /* From autoconf.h */ 1997c478bd9Sstevel@tonic-gate #include <sys/types.h> 2007c478bd9Sstevel@tonic-gate #else /* HAVE_SYS_TYPES_H */ 2017c478bd9Sstevel@tonic-gate #endif /* HAVE_SYS_TYPES_H */ 2027c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */ 2037c478bd9Sstevel@tonic-gate 204505d05c7Sgtb /* #include "k5-platform.h" SUNW XXX */ 205505d05c7Sgtb /* not used in krb5.h (yet) */ 2067c478bd9Sstevel@tonic-gate typedef uint64_t krb5_ui_8; 2077c478bd9Sstevel@tonic-gate typedef int64_t krb5_int64; 2087c478bd9Sstevel@tonic-gate 2097c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING1 "Enter password:" 2107c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING2 "Re-enter password for verification:" 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ 2137c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_RLIFE (60*60*24*365) /* one year */ 2147c478bd9Sstevel@tonic-gate #define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */ 2157c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */ 2167c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_RENEW_LIFE 7*24*60*60 /* 7 Days */ 2177c478bd9Sstevel@tonic-gate 2187c478bd9Sstevel@tonic-gate /* 2197c478bd9Sstevel@tonic-gate * Windows requires a different api interface to each function. Here 2207c478bd9Sstevel@tonic-gate * just define it as NULL. 2217c478bd9Sstevel@tonic-gate */ 2227c478bd9Sstevel@tonic-gate #ifndef KRB5_CALLCONV 2237c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV 2247c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV_C 2257c478bd9Sstevel@tonic-gate #endif 2267c478bd9Sstevel@tonic-gate #ifndef O_BINARY 2277c478bd9Sstevel@tonic-gate #define O_BINARY 0 2287c478bd9Sstevel@tonic-gate #endif 2297c478bd9Sstevel@tonic-gate 2307c478bd9Sstevel@tonic-gate #endif /* KRB5_CONFIG__ */ 2317c478bd9Sstevel@tonic-gate 2327c478bd9Sstevel@tonic-gate /* 2337c478bd9Sstevel@tonic-gate * End "k5-config.h" 2347c478bd9Sstevel@tonic-gate */ 2357c478bd9Sstevel@tonic-gate 2367c478bd9Sstevel@tonic-gate /* 2377c478bd9Sstevel@tonic-gate * After loading the configuration definitions, load the Kerberos definitions. 2387c478bd9Sstevel@tonic-gate */ 239505d05c7Sgtb #ifndef _KERNEL 240505d05c7Sgtb #include <errno.h> 241505d05c7Sgtb #include "profile.h" 242505d05c7Sgtb #endif 243505d05c7Sgtb 2447c478bd9Sstevel@tonic-gate #include <krb5.h> 2457c478bd9Sstevel@tonic-gate 2467c478bd9Sstevel@tonic-gate #ifndef _KERNEL 247505d05c7Sgtb #if 1 /* def NEED_SOCKETS */ 2487c478bd9Sstevel@tonic-gate #include <port-sockets.h> 2497c478bd9Sstevel@tonic-gate #include <socket-utils.h> 2507c478bd9Sstevel@tonic-gate #else 2517c478bd9Sstevel@tonic-gate #ifndef SOCK_DGRAM 2527c478bd9Sstevel@tonic-gate struct sockaddr; 2537c478bd9Sstevel@tonic-gate #endif 2547c478bd9Sstevel@tonic-gate #endif 2557c478bd9Sstevel@tonic-gate #endif 2567c478bd9Sstevel@tonic-gate 257505d05c7Sgtb /* Get mutex support; currently used only for the replay cache. */ 258505d05c7Sgtb #include "k5-thread.h" 259505d05c7Sgtb 260505d05c7Sgtb 2617c478bd9Sstevel@tonic-gate /* krb5/krb5.h includes many other .h files in the krb5 subdirectory. 2627c478bd9Sstevel@tonic-gate The ones that it doesn't include, we include below. */ 2637c478bd9Sstevel@tonic-gate 2647c478bd9Sstevel@tonic-gate /* 2657c478bd9Sstevel@tonic-gate * Begin "k5-errors.h" 2667c478bd9Sstevel@tonic-gate */ 2677c478bd9Sstevel@tonic-gate #ifndef KRB5_ERRORS__ 2687c478bd9Sstevel@tonic-gate #define KRB5_ERRORS__ 2697c478bd9Sstevel@tonic-gate 2707c478bd9Sstevel@tonic-gate 2717c478bd9Sstevel@tonic-gate /* Error codes used in KRB_ERROR protocol messages. 2727c478bd9Sstevel@tonic-gate Return values of library routines are based on a different error table 2737c478bd9Sstevel@tonic-gate (which allows non-ambiguous error codes between subsystems) */ 2747c478bd9Sstevel@tonic-gate 2757c478bd9Sstevel@tonic-gate /* KDC errors */ 2767c478bd9Sstevel@tonic-gate #define KDC_ERR_NONE 0 /* No error */ 2777c478bd9Sstevel@tonic-gate #define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */ 2787c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */ 2797c478bd9Sstevel@tonic-gate #define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */ 2807c478bd9Sstevel@tonic-gate #define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */ 2817c478bd9Sstevel@tonic-gate #define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */ 2827c478bd9Sstevel@tonic-gate #define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */ 2837c478bd9Sstevel@tonic-gate #define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */ 2847c478bd9Sstevel@tonic-gate #define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */ 2857c478bd9Sstevel@tonic-gate #define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */ 2867c478bd9Sstevel@tonic-gate #define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */ 2877c478bd9Sstevel@tonic-gate #define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */ 2887c478bd9Sstevel@tonic-gate #define KDC_ERR_POLICY 12 /* KDC policy rejects request */ 2897c478bd9Sstevel@tonic-gate #define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */ 2907c478bd9Sstevel@tonic-gate #define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */ 2917c478bd9Sstevel@tonic-gate #define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */ 2927c478bd9Sstevel@tonic-gate #define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */ 2937c478bd9Sstevel@tonic-gate #define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */ 2947c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */ 2957c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */ 2967c478bd9Sstevel@tonic-gate #define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */ 2977c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */ 2987c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */ 2997c478bd9Sstevel@tonic-gate #define KDC_ERR_KEY_EXP 23 /* Password has expired */ 3007c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */ 3017c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */ 3027c478bd9Sstevel@tonic-gate /* required */ 3037c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */ 3047c478bd9Sstevel@tonic-gate /* ticket don't match*/ 3057c478bd9Sstevel@tonic-gate /* Application errors */ 3067c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */ 3077c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */ 3087c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */ 3097c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_REPEAT 34 /* Request is a replay */ 3107c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */ 3117c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */ 3127c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_SKEW 37 /* Clock skew too great */ 3137c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */ 3147c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */ 3157c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */ 3167c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */ 3177c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADORDER 42 /* Message out of order */ 3187c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */ 3197c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOKEY 45 /* Service key not available */ 3207c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */ 3217c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */ 3227c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_METHOD 48 /* Alternative authentication */ 3237c478bd9Sstevel@tonic-gate /* method required */ 3247c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */ 3257c478bd9Sstevel@tonic-gate /* in message */ 3267c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */ 3277c478bd9Sstevel@tonic-gate /* checksum in message */ 3287c478bd9Sstevel@tonic-gate #define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */ 3297c478bd9Sstevel@tonic-gate #define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */ 3307c478bd9Sstevel@tonic-gate /* retry with TCP */ 3317c478bd9Sstevel@tonic-gate 3327c478bd9Sstevel@tonic-gate /* other errors */ 3337c478bd9Sstevel@tonic-gate #define KRB_ERR_GENERIC 60 /* Generic error (description */ 3347c478bd9Sstevel@tonic-gate /* in e-text) */ 3357c478bd9Sstevel@tonic-gate #define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */ 3367c478bd9Sstevel@tonic-gate 3377c478bd9Sstevel@tonic-gate #endif /* KRB5_ERRORS__ */ 3387c478bd9Sstevel@tonic-gate /* 3397c478bd9Sstevel@tonic-gate * End "k5-errors.h" 3407c478bd9Sstevel@tonic-gate */ 3417c478bd9Sstevel@tonic-gate 3427c478bd9Sstevel@tonic-gate /* 3437c478bd9Sstevel@tonic-gate * This structure is returned in the e-data field of the KRB-ERROR 3447c478bd9Sstevel@tonic-gate * message when the error calling for an alternative form of 3457c478bd9Sstevel@tonic-gate * authentication is returned, KRB_AP_METHOD. 3467c478bd9Sstevel@tonic-gate */ 3477c478bd9Sstevel@tonic-gate typedef struct _krb5_alt_method { 3487c478bd9Sstevel@tonic-gate krb5_magic magic; 3497c478bd9Sstevel@tonic-gate krb5_int32 method; 3507c478bd9Sstevel@tonic-gate unsigned int length; 3517c478bd9Sstevel@tonic-gate krb5_octet *data; 3527c478bd9Sstevel@tonic-gate } krb5_alt_method; 3537c478bd9Sstevel@tonic-gate 3547c478bd9Sstevel@tonic-gate /* 3557c478bd9Sstevel@tonic-gate * A null-terminated array of this structure is returned by the KDC as 3567c478bd9Sstevel@tonic-gate * the data part of the ETYPE_INFO preauth type. It informs the 3577c478bd9Sstevel@tonic-gate * client which encryption types are supported. 3587c478bd9Sstevel@tonic-gate * The same data structure is used by both etype-info and etype-info2 3597c478bd9Sstevel@tonic-gate * but s2kparams must be null when encoding etype-info. 3607c478bd9Sstevel@tonic-gate */ 3617c478bd9Sstevel@tonic-gate typedef struct _krb5_etype_info_entry { 3627c478bd9Sstevel@tonic-gate krb5_magic magic; 3637c478bd9Sstevel@tonic-gate krb5_enctype etype; 3647c478bd9Sstevel@tonic-gate unsigned int length; 3657c478bd9Sstevel@tonic-gate krb5_octet *salt; 3667c478bd9Sstevel@tonic-gate krb5_data s2kparams; 3677c478bd9Sstevel@tonic-gate } krb5_etype_info_entry; 3687c478bd9Sstevel@tonic-gate 3697c478bd9Sstevel@tonic-gate /* 3707c478bd9Sstevel@tonic-gate * This is essentially -1 without sign extension which can screw up 3717c478bd9Sstevel@tonic-gate * comparisons on 64 bit machines. If the length is this value, then 3727c478bd9Sstevel@tonic-gate * the salt data is not present. This is to distinguish between not 3737c478bd9Sstevel@tonic-gate * being set and being of 0 length. 3747c478bd9Sstevel@tonic-gate */ 3757c478bd9Sstevel@tonic-gate #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS 3767c478bd9Sstevel@tonic-gate 3777c478bd9Sstevel@tonic-gate typedef krb5_etype_info_entry ** krb5_etype_info; 3787c478bd9Sstevel@tonic-gate 3797c478bd9Sstevel@tonic-gate /* 3807c478bd9Sstevel@tonic-gate * a sam_challenge is returned for alternate preauth 3817c478bd9Sstevel@tonic-gate */ 3827c478bd9Sstevel@tonic-gate /* 3837c478bd9Sstevel@tonic-gate SAMFlags ::= BIT STRING { 3847c478bd9Sstevel@tonic-gate use-sad-as-key[0], 3857c478bd9Sstevel@tonic-gate send-encrypted-sad[1], 3867c478bd9Sstevel@tonic-gate must-pk-encrypt-sad[2] 3877c478bd9Sstevel@tonic-gate } 3887c478bd9Sstevel@tonic-gate */ 3897c478bd9Sstevel@tonic-gate /* 3907c478bd9Sstevel@tonic-gate PA-SAM-CHALLENGE ::= SEQUENCE { 3917c478bd9Sstevel@tonic-gate sam-type[0] INTEGER, 3927c478bd9Sstevel@tonic-gate sam-flags[1] SAMFlags, 3937c478bd9Sstevel@tonic-gate sam-type-name[2] GeneralString OPTIONAL, 3947c478bd9Sstevel@tonic-gate sam-track-id[3] GeneralString OPTIONAL, 3957c478bd9Sstevel@tonic-gate sam-challenge-label[4] GeneralString OPTIONAL, 3967c478bd9Sstevel@tonic-gate sam-challenge[5] GeneralString OPTIONAL, 3977c478bd9Sstevel@tonic-gate sam-response-prompt[6] GeneralString OPTIONAL, 3987c478bd9Sstevel@tonic-gate sam-pk-for-sad[7] EncryptionKey OPTIONAL, 3997c478bd9Sstevel@tonic-gate sam-nonce[8] INTEGER OPTIONAL, 4007c478bd9Sstevel@tonic-gate sam-cksum[9] Checksum OPTIONAL 4017c478bd9Sstevel@tonic-gate } 4027c478bd9Sstevel@tonic-gate */ 4037c478bd9Sstevel@tonic-gate /* sam_type values -- informational only */ 4047c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ENIGMA 1 /* Enigma Logic */ 4057c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH 2 /* Digital Pathways */ 4067c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY_K0 3 /* S/key where KDC has key 0 */ 4077c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY 4 /* Traditional S/Key */ 4087c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID 5 /* Security Dynamics */ 4097c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_CRYPTOCARD 6 /* CRYPTOCard */ 4107c478bd9Sstevel@tonic-gate #if 1 /* XXX need to figure out who has which numbers assigned */ 4117c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_DEC 6 /* ActivCard decimal mode */ 4127c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_HEX 7 /* ActivCard hex mode */ 4137c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH_HEX 8 /* Digital Pathways hex mode */ 4147c478bd9Sstevel@tonic-gate #endif 4157c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_EXP_BASE 128 /* experimental */ 4167c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */ 4177c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */ 4187c478bd9Sstevel@tonic-gate 4197c478bd9Sstevel@tonic-gate typedef struct _krb5_predicted_sam_response { 4207c478bd9Sstevel@tonic-gate krb5_magic magic; 4217c478bd9Sstevel@tonic-gate krb5_keyblock sam_key; 4227c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* Makes key munging easier */ 4237c478bd9Sstevel@tonic-gate krb5_timestamp stime; /* time on server, for replay detection */ 4247c478bd9Sstevel@tonic-gate krb5_int32 susec; 4257c478bd9Sstevel@tonic-gate krb5_principal client; 4267c478bd9Sstevel@tonic-gate krb5_data msd; /* mechanism specific data */ 4277c478bd9Sstevel@tonic-gate } krb5_predicted_sam_response; 4287c478bd9Sstevel@tonic-gate 4297c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge { 4307c478bd9Sstevel@tonic-gate krb5_magic magic; 4317c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */ 4327c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 4337c478bd9Sstevel@tonic-gate krb5_data sam_type_name; 4347c478bd9Sstevel@tonic-gate krb5_data sam_track_id; 4357c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label; 4367c478bd9Sstevel@tonic-gate krb5_data sam_challenge; 4377c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt; 4387c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad; 4397c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4407c478bd9Sstevel@tonic-gate krb5_checksum sam_cksum; 4417c478bd9Sstevel@tonic-gate } krb5_sam_challenge; 4427c478bd9Sstevel@tonic-gate 4437c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_key { /* reserved for future use */ 4447c478bd9Sstevel@tonic-gate krb5_magic magic; 4457c478bd9Sstevel@tonic-gate krb5_keyblock sam_key; 4467c478bd9Sstevel@tonic-gate } krb5_sam_key; 4477c478bd9Sstevel@tonic-gate 4487c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc { 4497c478bd9Sstevel@tonic-gate krb5_magic magic; 4507c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4517c478bd9Sstevel@tonic-gate krb5_timestamp sam_timestamp; 4527c478bd9Sstevel@tonic-gate krb5_int32 sam_usec; 4537c478bd9Sstevel@tonic-gate krb5_data sam_sad; 4547c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc; 4557c478bd9Sstevel@tonic-gate 4567c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response { 4577c478bd9Sstevel@tonic-gate krb5_magic magic; 4587c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */ 4597c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 4607c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */ 4617c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */ 4627c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */ 4637c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4647c478bd9Sstevel@tonic-gate krb5_timestamp sam_patimestamp; 4657c478bd9Sstevel@tonic-gate } krb5_sam_response; 4667c478bd9Sstevel@tonic-gate 4677c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2 { 4687c478bd9Sstevel@tonic-gate krb5_data sam_challenge_2_body; 4697c478bd9Sstevel@tonic-gate krb5_checksum **sam_cksum; /* Array of checksums */ 4707c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2; 4717c478bd9Sstevel@tonic-gate 4727c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2_body { 4737c478bd9Sstevel@tonic-gate krb5_magic magic; 4747c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */ 4757c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 4767c478bd9Sstevel@tonic-gate krb5_data sam_type_name; 4777c478bd9Sstevel@tonic-gate krb5_data sam_track_id; 4787c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label; 4797c478bd9Sstevel@tonic-gate krb5_data sam_challenge; 4807c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt; 4817c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad; 4827c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4837c478bd9Sstevel@tonic-gate krb5_enctype sam_etype; 4847c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2_body; 4857c478bd9Sstevel@tonic-gate 4867c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response_2 { 4877c478bd9Sstevel@tonic-gate krb5_magic magic; 4887c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */ 4897c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 4907c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */ 4917c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */ 4927c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4937c478bd9Sstevel@tonic-gate } krb5_sam_response_2; 4947c478bd9Sstevel@tonic-gate 4957c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc_2 { 4967c478bd9Sstevel@tonic-gate krb5_magic magic; 4977c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4987c478bd9Sstevel@tonic-gate krb5_data sam_sad; 4997c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc_2; 5007c478bd9Sstevel@tonic-gate 5017c478bd9Sstevel@tonic-gate /* 5027c478bd9Sstevel@tonic-gate * Begin "dbm.h" 5037c478bd9Sstevel@tonic-gate */ 5047c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5057c478bd9Sstevel@tonic-gate 5067c478bd9Sstevel@tonic-gate /* 5077c478bd9Sstevel@tonic-gate * Since we are always using db, use the db-ndbm include header file. 5087c478bd9Sstevel@tonic-gate */ 5097c478bd9Sstevel@tonic-gate 5107c478bd9Sstevel@tonic-gate #include "db-ndbm.h" 5117c478bd9Sstevel@tonic-gate 5127c478bd9Sstevel@tonic-gate #endif /* !KERNEL */ 5137c478bd9Sstevel@tonic-gate /* 5147c478bd9Sstevel@tonic-gate * End "dbm.h" 5157c478bd9Sstevel@tonic-gate */ 5167c478bd9Sstevel@tonic-gate 5177c478bd9Sstevel@tonic-gate /* 5187c478bd9Sstevel@tonic-gate * Begin "ext-proto.h" 5197c478bd9Sstevel@tonic-gate */ 5207c478bd9Sstevel@tonic-gate #ifndef KRB5_EXT_PROTO__ 5217c478bd9Sstevel@tonic-gate #define KRB5_EXT_PROTO__ 5227c478bd9Sstevel@tonic-gate 5237c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5247c478bd9Sstevel@tonic-gate #include <stdlib.h> 5257c478bd9Sstevel@tonic-gate #include <string.h> 5267c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 5277c478bd9Sstevel@tonic-gate 5287c478bd9Sstevel@tonic-gate #ifndef HAVE_STRDUP 5297c478bd9Sstevel@tonic-gate extern char *strdup (const char *); 5307c478bd9Sstevel@tonic-gate #endif 5317c478bd9Sstevel@tonic-gate 5327c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5337c478bd9Sstevel@tonic-gate #ifdef HAVE_UNISTD_H 5347c478bd9Sstevel@tonic-gate #include <unistd.h> 5357c478bd9Sstevel@tonic-gate #endif 5367c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 5377c478bd9Sstevel@tonic-gate 5387c478bd9Sstevel@tonic-gate #endif /* KRB5_EXT_PROTO__ */ 5397c478bd9Sstevel@tonic-gate /* 5407c478bd9Sstevel@tonic-gate * End "ext-proto.h" 5417c478bd9Sstevel@tonic-gate */ 5427c478bd9Sstevel@tonic-gate 5437c478bd9Sstevel@tonic-gate /* 5447c478bd9Sstevel@tonic-gate * Begin "sysincl.h" 5457c478bd9Sstevel@tonic-gate */ 5467c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSINCL__ 5477c478bd9Sstevel@tonic-gate #define KRB5_SYSINCL__ 5487c478bd9Sstevel@tonic-gate 5497c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__ 5507c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__ 5517c478bd9Sstevel@tonic-gate /* needed for much of the rest -- but already handled in krb5.h? */ 5527c478bd9Sstevel@tonic-gate /* #include <sys/types.h> */ 5537c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */ 5547c478bd9Sstevel@tonic-gate 5557c478bd9Sstevel@tonic-gate #ifdef _KERNEL 5567c478bd9Sstevel@tonic-gate #include <sys/time.h> 5577c478bd9Sstevel@tonic-gate #else 5587c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TIME_H 5597c478bd9Sstevel@tonic-gate #include <sys/time.h> 5607c478bd9Sstevel@tonic-gate #ifdef TIME_WITH_SYS_TIME 5617c478bd9Sstevel@tonic-gate #include <time.h> 5627c478bd9Sstevel@tonic-gate #endif 5637c478bd9Sstevel@tonic-gate #else 5647c478bd9Sstevel@tonic-gate #include <time.h> 5657c478bd9Sstevel@tonic-gate #endif 5667c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 5677c478bd9Sstevel@tonic-gate 5687c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_STAT_H 5697c478bd9Sstevel@tonic-gate #include <sys/stat.h> /* struct stat, stat() */ 5707c478bd9Sstevel@tonic-gate #endif 5717c478bd9Sstevel@tonic-gate 5727c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_PARAM_H 5737c478bd9Sstevel@tonic-gate #include <sys/param.h> /* MAXPATHLEN */ 5747c478bd9Sstevel@tonic-gate #endif 5757c478bd9Sstevel@tonic-gate 5767c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_FILE_H 5777c478bd9Sstevel@tonic-gate #include <sys/file.h> /* prototypes for file-related 5787c478bd9Sstevel@tonic-gate syscalls; flags for open & 5797c478bd9Sstevel@tonic-gate friends */ 5807c478bd9Sstevel@tonic-gate #endif 5817c478bd9Sstevel@tonic-gate 5827c478bd9Sstevel@tonic-gate #ifdef _KERNEL 5837c478bd9Sstevel@tonic-gate #include <sys/fcntl.h> 5847c478bd9Sstevel@tonic-gate #else 5857c478bd9Sstevel@tonic-gate #include <fcntl.h> 5867c478bd9Sstevel@tonic-gate #endif 5877c478bd9Sstevel@tonic-gate 5887c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSINCL__ */ 5897c478bd9Sstevel@tonic-gate /* 5907c478bd9Sstevel@tonic-gate * End "sysincl.h" 5917c478bd9Sstevel@tonic-gate */ 5927c478bd9Sstevel@tonic-gate 5937c478bd9Sstevel@tonic-gate /* 5947c478bd9Sstevel@tonic-gate * Begin "los-proto.h" 5957c478bd9Sstevel@tonic-gate */ 5967c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS_PROTO__ 5977c478bd9Sstevel@tonic-gate #define KRB5_LIBOS_PROTO__ 5987c478bd9Sstevel@tonic-gate 5997c478bd9Sstevel@tonic-gate #ifndef _KERNEL 6007c478bd9Sstevel@tonic-gate #include <stdio.h> 6017c478bd9Sstevel@tonic-gate 6027c478bd9Sstevel@tonic-gate struct addrlist; 6037c478bd9Sstevel@tonic-gate #endif 6047c478bd9Sstevel@tonic-gate 6057c478bd9Sstevel@tonic-gate /* libos.spec */ 6067c478bd9Sstevel@tonic-gate krb5_error_code krb5_lock_file 6077c478bd9Sstevel@tonic-gate (krb5_context, int, int); 6087c478bd9Sstevel@tonic-gate 6097c478bd9Sstevel@tonic-gate krb5_error_code krb5_unlock_file 6107c478bd9Sstevel@tonic-gate (krb5_context, int); 6117c478bd9Sstevel@tonic-gate 6127c478bd9Sstevel@tonic-gate int krb5_net_read 6137c478bd9Sstevel@tonic-gate (krb5_context, int , char *, int); 6147c478bd9Sstevel@tonic-gate 6157c478bd9Sstevel@tonic-gate int krb5_net_write 6167c478bd9Sstevel@tonic-gate (krb5_context, int , const char *, int); 6177c478bd9Sstevel@tonic-gate 6187c478bd9Sstevel@tonic-gate krb5_error_code krb5_sendto_kdc 6197c478bd9Sstevel@tonic-gate (krb5_context, const krb5_data *, const krb5_data *, 620505d05c7Sgtb krb5_data *, int *, int); 6217c478bd9Sstevel@tonic-gate 6227c478bd9Sstevel@tonic-gate krb5_error_code krb5_get_krbhst 6237c478bd9Sstevel@tonic-gate (krb5_context, const krb5_data *, char ***); 6247c478bd9Sstevel@tonic-gate 6257c478bd9Sstevel@tonic-gate krb5_error_code krb5_free_krbhst 6267c478bd9Sstevel@tonic-gate (krb5_context, char * const *); 6277c478bd9Sstevel@tonic-gate 6287c478bd9Sstevel@tonic-gate krb5_error_code krb5_gen_replay_name 6297c478bd9Sstevel@tonic-gate (krb5_context, const krb5_address *, const char *, char **); 6307c478bd9Sstevel@tonic-gate 6317c478bd9Sstevel@tonic-gate krb5_error_code krb5_create_secure_file 6327c478bd9Sstevel@tonic-gate (krb5_context, const char * pathname); 6337c478bd9Sstevel@tonic-gate 6347c478bd9Sstevel@tonic-gate #ifndef _KERNEL 6357c478bd9Sstevel@tonic-gate krb5_error_code krb5_sync_disk_file 6367c478bd9Sstevel@tonic-gate (krb5_context, FILE *fp); 6377c478bd9Sstevel@tonic-gate 6387c478bd9Sstevel@tonic-gate krb5_error_code 6397c478bd9Sstevel@tonic-gate krb5_open_pkcs11_session(CK_SESSION_HANDLE *); 6407c478bd9Sstevel@tonic-gate #endif 6417c478bd9Sstevel@tonic-gate 6427c478bd9Sstevel@tonic-gate 6437c478bd9Sstevel@tonic-gate krb5_error_code krb5_read_message 6447c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *); 6457c478bd9Sstevel@tonic-gate 6467c478bd9Sstevel@tonic-gate krb5_error_code krb5_write_message 6477c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *); 6487c478bd9Sstevel@tonic-gate 6497c478bd9Sstevel@tonic-gate krb5_error_code krb5int_get_fq_local_hostname (char *, size_t); 6507c478bd9Sstevel@tonic-gate 6517c478bd9Sstevel@tonic-gate krb5_error_code krb5_os_init_context 6527c478bd9Sstevel@tonic-gate (krb5_context); 6537c478bd9Sstevel@tonic-gate 6547c478bd9Sstevel@tonic-gate void krb5_os_free_context (krb5_context); 6557c478bd9Sstevel@tonic-gate 656505d05c7Sgtb /* This function is needed by KfM's KerberosPreferences API 657505d05c7Sgtb * because it needs to be able to specify "secure" */ 658505d05c7Sgtb #ifndef _KERNEL 659505d05c7Sgtb krb5_error_code os_get_default_config_files 660505d05c7Sgtb (profile_filespec_t **pfiles, krb5_boolean secure); 661505d05c7Sgtb #endif 662505d05c7Sgtb 6637c478bd9Sstevel@tonic-gate krb5_error_code krb5_find_config_files(void); 6647c478bd9Sstevel@tonic-gate 665505d05c7Sgtb krb5_error_code krb5_os_hostaddr 666505d05c7Sgtb (krb5_context, const char *, krb5_address ***); 667505d05c7Sgtb 6687c478bd9Sstevel@tonic-gate #ifndef _KERNEL 6697c478bd9Sstevel@tonic-gate /* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're 6707c478bd9Sstevel@tonic-gate * going to use this structure. */ 6717c478bd9Sstevel@tonic-gate struct addrlist { 6727c478bd9Sstevel@tonic-gate struct addrinfo **addrs; 6737c478bd9Sstevel@tonic-gate int naddrs; 6747c478bd9Sstevel@tonic-gate int space; 6757c478bd9Sstevel@tonic-gate }; 6767c478bd9Sstevel@tonic-gate 6777c478bd9Sstevel@tonic-gate #define ADDRLIST_INIT { 0, 0, 0 } 6787c478bd9Sstevel@tonic-gate extern void krb5int_free_addrlist (struct addrlist *); 6797c478bd9Sstevel@tonic-gate extern int krb5int_grow_addrlist (struct addrlist *, int); 6807c478bd9Sstevel@tonic-gate extern int krb5int_add_host_to_list (struct addrlist *, const char *, 6817c478bd9Sstevel@tonic-gate int, int, int, int); 6827c478bd9Sstevel@tonic-gate 683*10db1377Sgtb krb5_error_code 684*10db1377Sgtb krb5int_locate_server (krb5_context, 685*10db1377Sgtb const krb5_data *realm, 686*10db1377Sgtb struct addrlist *, 687*10db1377Sgtb /* Only meaningful for kdc, really... */ 688*10db1377Sgtb int want_masters, 689*10db1377Sgtb /* look up [realms]->$realm->$name in krb5.conf */ 690*10db1377Sgtb const char *profilename, 691*10db1377Sgtb /* SRV record lookup */ 692*10db1377Sgtb const char *dnsname, 693*10db1377Sgtb int is_stream_service, 694*10db1377Sgtb /* Port numbers, in network order! For profile 695*10db1377Sgtb version only, DNS code gets port numbers 696*10db1377Sgtb itself. Use 0 for dflport2 if there's no 697*10db1377Sgtb secondary port (most common, except kdc 698*10db1377Sgtb case). */ 699*10db1377Sgtb int dflport1, int dflport2, 700*10db1377Sgtb int family); 701*10db1377Sgtb 7027c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 7037c478bd9Sstevel@tonic-gate 7047c478bd9Sstevel@tonic-gate #endif /* KRB5_LIBOS_PROTO__ */ 7057c478bd9Sstevel@tonic-gate 7067c478bd9Sstevel@tonic-gate /* new encryption provider api */ 7077c478bd9Sstevel@tonic-gate 7087c478bd9Sstevel@tonic-gate struct krb5_enc_provider { 7097c478bd9Sstevel@tonic-gate 7107c478bd9Sstevel@tonic-gate /* keybytes is the input size to make_key; 7117c478bd9Sstevel@tonic-gate keylength is the output size */ 712505d05c7Sgtb size_t block_size, keybytes, keylength; 7137c478bd9Sstevel@tonic-gate 714505d05c7Sgtb /* cipher-state == 0 fresh state thrown away at end */ 7157c478bd9Sstevel@tonic-gate krb5_error_code (*encrypt) ( 7167c478bd9Sstevel@tonic-gate krb5_context context, 7177c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 7187c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 7197c478bd9Sstevel@tonic-gate 7207c478bd9Sstevel@tonic-gate krb5_error_code (*decrypt) ( 7217c478bd9Sstevel@tonic-gate krb5_context context, 7227c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 7237c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 7247c478bd9Sstevel@tonic-gate 7257c478bd9Sstevel@tonic-gate krb5_error_code (*make_key) 7267c478bd9Sstevel@tonic-gate (krb5_context, krb5_const krb5_data *, krb5_keyblock *); 7277c478bd9Sstevel@tonic-gate 7287c478bd9Sstevel@tonic-gate krb5_error_code (*init_state) (krb5_context, 7297c478bd9Sstevel@tonic-gate const krb5_keyblock *, 7307c478bd9Sstevel@tonic-gate krb5_keyusage, krb5_data *); 7317c478bd9Sstevel@tonic-gate krb5_error_code (*free_state) (krb5_context, krb5_data *); 7327c478bd9Sstevel@tonic-gate 7337c478bd9Sstevel@tonic-gate }; 7347c478bd9Sstevel@tonic-gate 7357c478bd9Sstevel@tonic-gate struct krb5_hash_provider { 736505d05c7Sgtb size_t hashsize, blocksize; 7377c478bd9Sstevel@tonic-gate 7387c478bd9Sstevel@tonic-gate /* this takes multiple inputs to avoid lots of copying. */ 7397c478bd9Sstevel@tonic-gate krb5_error_code (*hash) (krb5_context context, 7407c478bd9Sstevel@tonic-gate unsigned int icount, krb5_const krb5_data *input, 7417c478bd9Sstevel@tonic-gate krb5_data *output); 7427c478bd9Sstevel@tonic-gate }; 7437c478bd9Sstevel@tonic-gate 7447c478bd9Sstevel@tonic-gate struct krb5_keyhash_provider { 745505d05c7Sgtb size_t hashsize; 7467c478bd9Sstevel@tonic-gate 7477c478bd9Sstevel@tonic-gate krb5_error_code (*hash) ( 7487c478bd9Sstevel@tonic-gate krb5_context context, 7497c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, 7507c478bd9Sstevel@tonic-gate krb5_keyusage keyusage, 7517c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 7527c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 7537c478bd9Sstevel@tonic-gate 7547c478bd9Sstevel@tonic-gate krb5_error_code (*verify) ( 7557c478bd9Sstevel@tonic-gate krb5_context context, 7567c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, 7577c478bd9Sstevel@tonic-gate krb5_keyusage keyusage, 7587c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 7597c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, 7607c478bd9Sstevel@tonic-gate krb5_const krb5_data *hash, 7617c478bd9Sstevel@tonic-gate krb5_boolean *valid); 7627c478bd9Sstevel@tonic-gate 7637c478bd9Sstevel@tonic-gate }; 7647c478bd9Sstevel@tonic-gate 7657c478bd9Sstevel@tonic-gate typedef void (*krb5_encrypt_length_func) ( 7667c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, 7677c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *hash, 7687c478bd9Sstevel@tonic-gate size_t inputlen, size_t *length); 7697c478bd9Sstevel@tonic-gate 7707c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_crypt_func) ( 7717c478bd9Sstevel@tonic-gate krb5_context context, 7727c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, 7737c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *hash, 7747c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *key, krb5_keyusage usage, 7757c478bd9Sstevel@tonic-gate krb5_const krb5_data *ivec, 7767c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 7777c478bd9Sstevel@tonic-gate 7787c478bd9Sstevel@tonic-gate #ifndef _KERNEL 7797c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_str2key_func) ( 7807c478bd9Sstevel@tonic-gate krb5_context context, 7817c478bd9Sstevel@tonic-gate krb5_const struct krb5_enc_provider *enc, krb5_const krb5_data *string, 7827c478bd9Sstevel@tonic-gate krb5_const krb5_data *salt, krb5_const krb5_data *params, 7837c478bd9Sstevel@tonic-gate krb5_keyblock *key); 7847c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 7857c478bd9Sstevel@tonic-gate 7867c478bd9Sstevel@tonic-gate struct krb5_keytypes { 7877c478bd9Sstevel@tonic-gate krb5_enctype etype; 7887c478bd9Sstevel@tonic-gate char *in_string; 7897c478bd9Sstevel@tonic-gate char *out_string; 7907c478bd9Sstevel@tonic-gate const struct krb5_enc_provider *enc; 7917c478bd9Sstevel@tonic-gate const struct krb5_hash_provider *hash; 7927c478bd9Sstevel@tonic-gate krb5_encrypt_length_func encrypt_len; 7937c478bd9Sstevel@tonic-gate krb5_crypt_func encrypt; 7947c478bd9Sstevel@tonic-gate krb5_crypt_func decrypt; 7957c478bd9Sstevel@tonic-gate krb5_cksumtype required_ctype; 7967c478bd9Sstevel@tonic-gate #ifndef _KERNEL 7977c478bd9Sstevel@tonic-gate /* Solaris Kerberos: strings to key conversion not done in the kernel */ 7987c478bd9Sstevel@tonic-gate krb5_str2key_func str2key; 7997c478bd9Sstevel@tonic-gate #else /* _KERNEL */ 8007c478bd9Sstevel@tonic-gate char *mt_e_name; 8017c478bd9Sstevel@tonic-gate char *mt_h_name; 8027c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cipher_mt; 8037c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_hash_mt; 8047c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 8057c478bd9Sstevel@tonic-gate }; 8067c478bd9Sstevel@tonic-gate 8077c478bd9Sstevel@tonic-gate 8087c478bd9Sstevel@tonic-gate struct krb5_cksumtypes { 8097c478bd9Sstevel@tonic-gate krb5_cksumtype ctype; 8107c478bd9Sstevel@tonic-gate unsigned int flags; 8117c478bd9Sstevel@tonic-gate char *in_string; 8127c478bd9Sstevel@tonic-gate char *out_string; 8137c478bd9Sstevel@tonic-gate /* if the hash is keyed, this is the etype it is keyed with. 8147c478bd9Sstevel@tonic-gate Actually, it can be keyed by any etype which has the same 8157c478bd9Sstevel@tonic-gate enc_provider as the specified etype. DERIVE checksums can 8167c478bd9Sstevel@tonic-gate be keyed with any valid etype. */ 8177c478bd9Sstevel@tonic-gate krb5_enctype keyed_etype; 8187c478bd9Sstevel@tonic-gate /* I can't statically initialize a union, so I'm just going to use 8197c478bd9Sstevel@tonic-gate two pointers here. The keyhash is used if non-NULL. If NULL, 8207c478bd9Sstevel@tonic-gate then HMAC/hash with derived keys is used if the relevant flag 8217c478bd9Sstevel@tonic-gate is set. Otherwise, a non-keyed hash is computed. This is all 8227c478bd9Sstevel@tonic-gate kind of messy, but so is the krb5 api. */ 8237c478bd9Sstevel@tonic-gate const struct krb5_keyhash_provider *keyhash; 8247c478bd9Sstevel@tonic-gate const struct krb5_hash_provider *hash; 8257c478bd9Sstevel@tonic-gate /* This just gets uglier and uglier. In the key derivation case, 8267c478bd9Sstevel@tonic-gate we produce an hmac. To make the hmac code work, we can't hack 8277c478bd9Sstevel@tonic-gate the output size indicated by the hash provider, but we may want 8287c478bd9Sstevel@tonic-gate a truncated hmac. If we want truncation, this is the number of 8297c478bd9Sstevel@tonic-gate bytes we truncate to; it should be 0 otherwise. */ 8307c478bd9Sstevel@tonic-gate unsigned int trunc_size; 8317c478bd9Sstevel@tonic-gate #ifdef _KERNEL 8327c478bd9Sstevel@tonic-gate char *mt_c_name; 8337c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cksum_mt; 8347c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 8357c478bd9Sstevel@tonic-gate }; 8367c478bd9Sstevel@tonic-gate 8377c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_DERIVE 0x0001 8387c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002 8397c478bd9Sstevel@tonic-gate 8407c478bd9Sstevel@tonic-gate krb5_error_code krb5int_des_init_state( 8417c478bd9Sstevel@tonic-gate krb5_context, 8427c478bd9Sstevel@tonic-gate const krb5_keyblock *, 8437c478bd9Sstevel@tonic-gate krb5_keyusage, krb5_data *); 8447c478bd9Sstevel@tonic-gate 8457c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_mandatory_cksumtype( 8467c478bd9Sstevel@tonic-gate krb5_context, 8477c478bd9Sstevel@tonic-gate krb5_enctype, 8487c478bd9Sstevel@tonic-gate krb5_cksumtype *); 8497c478bd9Sstevel@tonic-gate 8507c478bd9Sstevel@tonic-gate /* 8517c478bd9Sstevel@tonic-gate * normally to free a cipher_state you can just memset the length to zero and 8527c478bd9Sstevel@tonic-gate * free it. 8537c478bd9Sstevel@tonic-gate */ 8547c478bd9Sstevel@tonic-gate krb5_error_code krb5int_default_free_state(krb5_context, krb5_data *); 8557c478bd9Sstevel@tonic-gate 8567c478bd9Sstevel@tonic-gate /* 8577c478bd9Sstevel@tonic-gate * Combine two keys (normally used by the hardware preauth mechanism) 8587c478bd9Sstevel@tonic-gate */ 8597c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_combine_keys 8607c478bd9Sstevel@tonic-gate (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2, 8617c478bd9Sstevel@tonic-gate krb5_keyblock *outkey); 8627c478bd9Sstevel@tonic-gate /* 8637c478bd9Sstevel@tonic-gate * in here to deal with stuff from lib/crypto 8647c478bd9Sstevel@tonic-gate */ 8657c478bd9Sstevel@tonic-gate 8667c478bd9Sstevel@tonic-gate void krb5_nfold (int inbits, krb5_const unsigned char *in, 8677c478bd9Sstevel@tonic-gate int outbits, unsigned char *out); 8687c478bd9Sstevel@tonic-gate 8697c478bd9Sstevel@tonic-gate #ifdef _KERNEL 8707c478bd9Sstevel@tonic-gate 8717c478bd9Sstevel@tonic-gate int k5_ef_crypto( 8727c478bd9Sstevel@tonic-gate const char *, char *, 8737c478bd9Sstevel@tonic-gate long, krb5_keyblock *, 8747c478bd9Sstevel@tonic-gate krb5_data *, int); 8757c478bd9Sstevel@tonic-gate 8767c478bd9Sstevel@tonic-gate krb5_error_code 8777c478bd9Sstevel@tonic-gate krb5_hmac(krb5_context, const krb5_keyblock *, 8787c478bd9Sstevel@tonic-gate krb5_const krb5_data *, krb5_data *); 8797c478bd9Sstevel@tonic-gate 8807c478bd9Sstevel@tonic-gate #else 8817c478bd9Sstevel@tonic-gate krb5_error_code krb5_hmac 8827c478bd9Sstevel@tonic-gate (krb5_context, 8837c478bd9Sstevel@tonic-gate krb5_const struct krb5_hash_provider *, 8847c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, krb5_const unsigned int, 8857c478bd9Sstevel@tonic-gate krb5_const krb5_data *, krb5_data *); 8867c478bd9Sstevel@tonic-gate 8877c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 8887c478bd9Sstevel@tonic-gate 8897c478bd9Sstevel@tonic-gate krb5_error_code krb5int_pbkdf2_hmac_sha1 (krb5_context, 8907c478bd9Sstevel@tonic-gate const krb5_data *, 8917c478bd9Sstevel@tonic-gate unsigned long, 8927c478bd9Sstevel@tonic-gate krb5_enctype, 8937c478bd9Sstevel@tonic-gate const krb5_data *, 8947c478bd9Sstevel@tonic-gate const krb5_data *); 8957c478bd9Sstevel@tonic-gate 896505d05c7Sgtb /* Make this a function eventually? */ 897505d05c7Sgtb #ifdef WIN32 898505d05c7Sgtb # define krb5int_zap_data(ptr, len) SecureZeroMemory(ptr, len) 899505d05c7Sgtb #else 900505d05c7Sgtb # define krb5int_zap_data(ptr, len) memset((void *)ptr, 0, len) 901505d05c7Sgtb # if defined(__GNUC__) && defined(__GLIBC__) 902505d05c7Sgtb /* GNU libc generates multiple bogus initialization warnings if we 903505d05c7Sgtb pass memset a volatile pointer. The compiler should do well enough 904505d05c7Sgtb with memset even without GNU libc's attempt at optimization. */ 905505d05c7Sgtb # undef memset 906505d05c7Sgtb # endif 907505d05c7Sgtb #endif /* WIN32 */ 908505d05c7Sgtb #define zap(p,l) krb5int_zap_data(p,l) 909505d05c7Sgtb 910505d05c7Sgtb 911505d05c7Sgtb /* 912505d05c7Sgtb * These declarations are here, so both krb5 and k5crypto 913505d05c7Sgtb * can get to them. 914505d05c7Sgtb * krb5 needs to get to them so it can make them available to libgssapi. 915505d05c7Sgtb */ 916505d05c7Sgtb extern const struct krb5_enc_provider krb5int_enc_arcfour; 917505d05c7Sgtb extern const struct krb5_hash_provider krb5int_hash_md5; 918505d05c7Sgtb 919505d05c7Sgtb 920505d05c7Sgtb /* #ifdef KRB5_OLD_CRYPTO XXX SUNW14resync */ 921505d05c7Sgtb 9227c478bd9Sstevel@tonic-gate krb5_error_code krb5_crypto_us_timeofday 9237c478bd9Sstevel@tonic-gate (krb5_int32 *, krb5_int32 *); 9247c478bd9Sstevel@tonic-gate 925505d05c7Sgtb /* #endif KRB5_OLD_CRYPTO */ 926505d05c7Sgtb 9277c478bd9Sstevel@tonic-gate /* this helper fct is in libkrb5, but it makes sense declared here. */ 9287c478bd9Sstevel@tonic-gate 9297c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_helper 9307c478bd9Sstevel@tonic-gate (krb5_context context, krb5_const krb5_keyblock *key, 9317c478bd9Sstevel@tonic-gate krb5_keyusage usage, krb5_const krb5_data *plain, 9327c478bd9Sstevel@tonic-gate krb5_enc_data *cipher); 9337c478bd9Sstevel@tonic-gate 9347c478bd9Sstevel@tonic-gate /* 9357c478bd9Sstevel@tonic-gate * End "los-proto.h" 9367c478bd9Sstevel@tonic-gate */ 9377c478bd9Sstevel@tonic-gate 9387c478bd9Sstevel@tonic-gate /* 9397c478bd9Sstevel@tonic-gate * Include the KDB definitions. 9407c478bd9Sstevel@tonic-gate */ 9417c478bd9Sstevel@tonic-gate #ifndef _KERNEL 9427c478bd9Sstevel@tonic-gate #include <krb5/kdb.h> 9437c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 9447c478bd9Sstevel@tonic-gate /* 9457c478bd9Sstevel@tonic-gate * Begin "libos.h" 9467c478bd9Sstevel@tonic-gate */ 9477c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS__ 9487c478bd9Sstevel@tonic-gate #define KRB5_LIBOS__ 9497c478bd9Sstevel@tonic-gate 9507c478bd9Sstevel@tonic-gate typedef struct _krb5_os_context { 9517c478bd9Sstevel@tonic-gate krb5_magic magic; 9527c478bd9Sstevel@tonic-gate krb5_int32 time_offset; 9537c478bd9Sstevel@tonic-gate krb5_int32 usec_offset; 9547c478bd9Sstevel@tonic-gate krb5_int32 os_flags; 9557c478bd9Sstevel@tonic-gate char * default_ccname; 9567c478bd9Sstevel@tonic-gate } *krb5_os_context; 9577c478bd9Sstevel@tonic-gate 9587c478bd9Sstevel@tonic-gate /* 9597c478bd9Sstevel@tonic-gate * Flags for the os_flags field 9607c478bd9Sstevel@tonic-gate * 9617c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_VALID means that the time offset fields are valid. 9627c478bd9Sstevel@tonic-gate * The intention is that this facility to correct the system clocks so 9637c478bd9Sstevel@tonic-gate * that they reflect the "real" time, for systems where for some 9647c478bd9Sstevel@tonic-gate * reason we can't set the system clock. Instead we calculate the 9657c478bd9Sstevel@tonic-gate * offset between the system time and real time, and store the offset 9667c478bd9Sstevel@tonic-gate * in the os context so that we can correct the system clock as necessary. 9677c478bd9Sstevel@tonic-gate * 9687c478bd9Sstevel@tonic-gate * KRB5_OS_TOFFSET_TIME means that the time offset fields should be 9697c478bd9Sstevel@tonic-gate * returned as the time by the krb5 time routines. This should only 9707c478bd9Sstevel@tonic-gate * be used for testing purposes (obviously!) 9717c478bd9Sstevel@tonic-gate */ 9727c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_VALID 1 9737c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_TIME 2 9747c478bd9Sstevel@tonic-gate 9757c478bd9Sstevel@tonic-gate /* lock mode flags */ 9767c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_SHARED 0x0001 9777c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_EXCLUSIVE 0x0002 9787c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_DONTBLOCK 0x0004 9797c478bd9Sstevel@tonic-gate #define KRB5_LOCKMODE_UNLOCK 0x0008 9807c478bd9Sstevel@tonic-gate 9817c478bd9Sstevel@tonic-gate #endif /* KRB5_LIBOS__ */ 9827c478bd9Sstevel@tonic-gate /* 9837c478bd9Sstevel@tonic-gate * End "libos.h" 9847c478bd9Sstevel@tonic-gate */ 9857c478bd9Sstevel@tonic-gate 9867c478bd9Sstevel@tonic-gate /* 9877c478bd9Sstevel@tonic-gate * Define our view of the size of a DES key. 9887c478bd9Sstevel@tonic-gate */ 9897c478bd9Sstevel@tonic-gate #define KRB5_MIT_DES_KEYSIZE 8 9907c478bd9Sstevel@tonic-gate 9917c478bd9Sstevel@tonic-gate /* 9927c478bd9Sstevel@tonic-gate * Define a couple of SHA1 constants 9937c478bd9Sstevel@tonic-gate */ 9947c478bd9Sstevel@tonic-gate #define SHS_DATASIZE 64 9957c478bd9Sstevel@tonic-gate #define SHS_DIGESTSIZE 20 9967c478bd9Sstevel@tonic-gate 9977c478bd9Sstevel@tonic-gate /* 9987c478bd9Sstevel@tonic-gate * Check if des_int.h has been included before us. If so, then check to see 9997c478bd9Sstevel@tonic-gate * that our view of the DES key size is the same as des_int.h's. 10007c478bd9Sstevel@tonic-gate */ 10017c478bd9Sstevel@tonic-gate #ifdef MIT_DES_KEYSIZE 10027c478bd9Sstevel@tonic-gate #if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE 10037c478bd9Sstevel@tonic-gate error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) 10047c478bd9Sstevel@tonic-gate #endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ 10057c478bd9Sstevel@tonic-gate #endif /* MIT_DES_KEYSIZE */ 10067c478bd9Sstevel@tonic-gate 10077c478bd9Sstevel@tonic-gate #ifndef _KERNEL 10087c478bd9Sstevel@tonic-gate /* Solaris Kerberos: only define PROVIDE_DES3_CBC_SHA if the following are 10097c478bd9Sstevel@tonic-gate * defined. 10107c478bd9Sstevel@tonic-gate */ 10117c478bd9Sstevel@tonic-gate #define PROVIDE_DES3_CBC_SHA 1 10127c478bd9Sstevel@tonic-gate #define PROVIDE_NIST_SHA 1 10137c478bd9Sstevel@tonic-gate 10147c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 10157c478bd9Sstevel@tonic-gate 10167c478bd9Sstevel@tonic-gate /* 10177c478bd9Sstevel@tonic-gate * Begin "preauth.h" 10187c478bd9Sstevel@tonic-gate * 10197c478bd9Sstevel@tonic-gate * (Originally written by Glen Machin at Sandia Labs.) 10207c478bd9Sstevel@tonic-gate */ 10217c478bd9Sstevel@tonic-gate /* 10227c478bd9Sstevel@tonic-gate * Sandia National Laboratories also makes no representations about the 10237c478bd9Sstevel@tonic-gate * suitability of the modifications, or additions to this software for 10247c478bd9Sstevel@tonic-gate * any purpose. It is provided "as is" without express or implied warranty. 10257c478bd9Sstevel@tonic-gate * 10267c478bd9Sstevel@tonic-gate */ 10277c478bd9Sstevel@tonic-gate #ifndef KRB5_PREAUTH__ 10287c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH__ 10297c478bd9Sstevel@tonic-gate 10307c478bd9Sstevel@tonic-gate typedef struct _krb5_pa_enc_ts { 10317c478bd9Sstevel@tonic-gate krb5_timestamp patimestamp; 10327c478bd9Sstevel@tonic-gate krb5_int32 pausec; 10337c478bd9Sstevel@tonic-gate } krb5_pa_enc_ts; 10347c478bd9Sstevel@tonic-gate 10357c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_obtain_proc) 10367c478bd9Sstevel@tonic-gate (krb5_context, 10377c478bd9Sstevel@tonic-gate krb5_pa_data *, 10387c478bd9Sstevel@tonic-gate krb5_etype_info, 10397c478bd9Sstevel@tonic-gate krb5_keyblock *, 10407c478bd9Sstevel@tonic-gate krb5_error_code ( * )(krb5_context, 10417c478bd9Sstevel@tonic-gate krb5_const krb5_enctype, 10427c478bd9Sstevel@tonic-gate krb5_data *, 10437c478bd9Sstevel@tonic-gate krb5_const_pointer, 10447c478bd9Sstevel@tonic-gate krb5_keyblock **), 10457c478bd9Sstevel@tonic-gate krb5_const_pointer, 10467c478bd9Sstevel@tonic-gate krb5_creds *, 10477c478bd9Sstevel@tonic-gate krb5_kdc_req *, 10487c478bd9Sstevel@tonic-gate krb5_pa_data **); 10497c478bd9Sstevel@tonic-gate 10507c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_process_proc) 10517c478bd9Sstevel@tonic-gate (krb5_context, 10527c478bd9Sstevel@tonic-gate krb5_pa_data *, 10537c478bd9Sstevel@tonic-gate krb5_kdc_req *, 10547c478bd9Sstevel@tonic-gate krb5_kdc_rep *, 10557c478bd9Sstevel@tonic-gate krb5_error_code ( * )(krb5_context, 10567c478bd9Sstevel@tonic-gate krb5_const krb5_enctype, 10577c478bd9Sstevel@tonic-gate krb5_data *, 10587c478bd9Sstevel@tonic-gate krb5_const_pointer, 10597c478bd9Sstevel@tonic-gate krb5_keyblock **), 10607c478bd9Sstevel@tonic-gate krb5_const_pointer, 10617c478bd9Sstevel@tonic-gate krb5_error_code ( * )(krb5_context, 10627c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, 10637c478bd9Sstevel@tonic-gate krb5_const_pointer, 10647c478bd9Sstevel@tonic-gate krb5_kdc_rep * ), 10657c478bd9Sstevel@tonic-gate krb5_keyblock **, 10667c478bd9Sstevel@tonic-gate krb5_creds *, 10677c478bd9Sstevel@tonic-gate krb5_int32 *, 10687c478bd9Sstevel@tonic-gate krb5_int32 *); 10697c478bd9Sstevel@tonic-gate 10707c478bd9Sstevel@tonic-gate typedef struct _krb5_preauth_ops { 10717c478bd9Sstevel@tonic-gate krb5_magic magic; 10727c478bd9Sstevel@tonic-gate int type; 10737c478bd9Sstevel@tonic-gate int flags; 10747c478bd9Sstevel@tonic-gate krb5_preauth_obtain_proc obtain; 10757c478bd9Sstevel@tonic-gate krb5_preauth_process_proc process; 10767c478bd9Sstevel@tonic-gate } krb5_preauth_ops; 10777c478bd9Sstevel@tonic-gate 10787c478bd9Sstevel@tonic-gate void krb5_free_etype_info (krb5_context, krb5_etype_info); 10797c478bd9Sstevel@tonic-gate 10807c478bd9Sstevel@tonic-gate /* 10817c478bd9Sstevel@tonic-gate * Preauthentication property flags 10827c478bd9Sstevel@tonic-gate */ 10837c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001 10847c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002 10857c478bd9Sstevel@tonic-gate 10867c478bd9Sstevel@tonic-gate #endif /* KRB5_PREAUTH__ */ 10877c478bd9Sstevel@tonic-gate /* 10887c478bd9Sstevel@tonic-gate * End "preauth.h" 10897c478bd9Sstevel@tonic-gate */ 10907c478bd9Sstevel@tonic-gate 10917c478bd9Sstevel@tonic-gate krb5_error_code 10927c478bd9Sstevel@tonic-gate krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *); 10937c478bd9Sstevel@tonic-gate 10947c478bd9Sstevel@tonic-gate #ifndef _KERNEL /* needed for lib/krb5/krb/ */ 10957c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_gic_get_as_key_fct) 10967c478bd9Sstevel@tonic-gate (krb5_context, 10977c478bd9Sstevel@tonic-gate krb5_principal, 10987c478bd9Sstevel@tonic-gate krb5_enctype, 10997c478bd9Sstevel@tonic-gate krb5_prompter_fct, 11007c478bd9Sstevel@tonic-gate void *prompter_data, 11017c478bd9Sstevel@tonic-gate krb5_data *salt, 11027c478bd9Sstevel@tonic-gate krb5_data *s2kparams, 11037c478bd9Sstevel@tonic-gate krb5_keyblock *as_key, 11047c478bd9Sstevel@tonic-gate void *gak_data); 11057c478bd9Sstevel@tonic-gate 11067c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV 11077c478bd9Sstevel@tonic-gate krb5_get_init_creds 11087c478bd9Sstevel@tonic-gate (krb5_context context, 11097c478bd9Sstevel@tonic-gate krb5_creds *creds, 11107c478bd9Sstevel@tonic-gate krb5_principal client, 11117c478bd9Sstevel@tonic-gate krb5_prompter_fct prompter, 11127c478bd9Sstevel@tonic-gate void *prompter_data, 11137c478bd9Sstevel@tonic-gate krb5_deltat start_time, 11147c478bd9Sstevel@tonic-gate char *in_tkt_service, 11157c478bd9Sstevel@tonic-gate krb5_get_init_creds_opt *options, 11167c478bd9Sstevel@tonic-gate krb5_gic_get_as_key_fct gak, 11177c478bd9Sstevel@tonic-gate void *gak_data, 1118505d05c7Sgtb int *master, 11197c478bd9Sstevel@tonic-gate krb5_kdc_rep **as_reply); 11207c478bd9Sstevel@tonic-gate 1121505d05c7Sgtb void krb5int_populate_gic_opt ( 1122505d05c7Sgtb krb5_context, krb5_get_init_creds_opt *, 1123505d05c7Sgtb krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes, 1124505d05c7Sgtb krb5_preauthtype *pre_auth_types, krb5_creds *creds); 1125505d05c7Sgtb 11267c478bd9Sstevel@tonic-gate krb5_error_code krb5_do_preauth 11277c478bd9Sstevel@tonic-gate (krb5_context, krb5_kdc_req *, 11287c478bd9Sstevel@tonic-gate krb5_pa_data **, krb5_pa_data ***, 11297c478bd9Sstevel@tonic-gate krb5_data *, krb5_data *, krb5_enctype *, 11307c478bd9Sstevel@tonic-gate krb5_keyblock *, 11317c478bd9Sstevel@tonic-gate krb5_prompter_fct, void *, 11327c478bd9Sstevel@tonic-gate krb5_gic_get_as_key_fct, void *); 11337c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 11347c478bd9Sstevel@tonic-gate 11357c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge 11367c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge * ); 11377c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2 11387c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2 * ); 11397c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body 11407c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2_body *); 11417c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response 11427c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response * ); 11437c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2 11447c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response_2 * ); 11457c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response 11467c478bd9Sstevel@tonic-gate (krb5_context, krb5_predicted_sam_response * ); 11477c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc 11487c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc * ); 11497c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2 11507c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc_2 * ); 11517c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_contents 11527c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge * ); 11537c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_contents 11547c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2 * ); 11557c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents 11567c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_challenge_2_body * ); 11577c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_contents 11587c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response * ); 11597c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2_contents 11607c478bd9Sstevel@tonic-gate (krb5_context, krb5_sam_response_2 *); 11617c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response_contents 11627c478bd9Sstevel@tonic-gate (krb5_context, krb5_predicted_sam_response * ); 11637c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents 11647c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc * ); 11657c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents 11667c478bd9Sstevel@tonic-gate (krb5_context, krb5_enc_sam_response_enc_2 * ); 11677c478bd9Sstevel@tonic-gate 11687c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_pa_enc_ts 11697c478bd9Sstevel@tonic-gate (krb5_context, krb5_pa_enc_ts *); 11707c478bd9Sstevel@tonic-gate 11717c478bd9Sstevel@tonic-gate /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ 1172505d05c7Sgtb #ifndef _KERNEL 1173505d05c7Sgtb #include "com_err.h" 1174505d05c7Sgtb #endif /* _KERNEL */ 1175505d05c7Sgtb 11767c478bd9Sstevel@tonic-gate /* 11777c478bd9Sstevel@tonic-gate * Solaris Kerberos: moved from sendto_kdc.c so other code can reference 11787c478bd9Sstevel@tonic-gate */ 11797c478bd9Sstevel@tonic-gate #define DEFAULT_UDP_PREF_LIMIT 1465 11807c478bd9Sstevel@tonic-gate 11817c478bd9Sstevel@tonic-gate #ifndef _KERNEL 11827c478bd9Sstevel@tonic-gate #include "profile.h" 11837c478bd9Sstevel@tonic-gate #include <strings.h> 11847c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 11857c478bd9Sstevel@tonic-gate 11867c478bd9Sstevel@tonic-gate #define KEY_CHANGED(k1, k2) \ 11877c478bd9Sstevel@tonic-gate (k1 == NULL || \ 11887c478bd9Sstevel@tonic-gate k1 != k2 || \ 11897c478bd9Sstevel@tonic-gate k1->enctype != k2->enctype || \ 11907c478bd9Sstevel@tonic-gate k1->length != k2->length || \ 11917c478bd9Sstevel@tonic-gate bcmp(k1->contents, k2->contents, k1->length)) 11927c478bd9Sstevel@tonic-gate 11937c478bd9Sstevel@tonic-gate #ifndef _KERNEL 11947c478bd9Sstevel@tonic-gate typedef struct _arcfour_ctx { 11957c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE eSession; /* encrypt session handle */ 11967c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE dSession; /* decrypt session handle */ 11977c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE eKey; /* encrypt key object */ 11987c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE dKey; /* decrype key object */ 11997c478bd9Sstevel@tonic-gate uchar_t initialized; 12007c478bd9Sstevel@tonic-gate }arcfour_ctx_rec; 12017c478bd9Sstevel@tonic-gate 12027c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 12037c478bd9Sstevel@tonic-gate 12047c478bd9Sstevel@tonic-gate struct _krb5_context { 12057c478bd9Sstevel@tonic-gate krb5_magic magic; 12067c478bd9Sstevel@tonic-gate krb5_enctype *in_tkt_ktypes; 12077c478bd9Sstevel@tonic-gate int in_tkt_ktype_count; 12087c478bd9Sstevel@tonic-gate krb5_enctype *tgs_ktypes; 12097c478bd9Sstevel@tonic-gate int tgs_ktype_count; 1210505d05c7Sgtb /* This used to be a void*, but since we always allocate them 1211505d05c7Sgtb together (though in different source files), and the types 1212505d05c7Sgtb are declared in the same header, might as well just combine 1213505d05c7Sgtb them. 1214505d05c7Sgtb 1215505d05c7Sgtb The array[1] is so the existing code treating the field as 1216505d05c7Sgtb a pointer will still work. For cleanliness, it should 1217505d05c7Sgtb eventually get changed to a single element instead of an 1218505d05c7Sgtb array. */ 1219505d05c7Sgtb struct _krb5_os_context os_context[1]; 12207c478bd9Sstevel@tonic-gate char *default_realm; 12217c478bd9Sstevel@tonic-gate int ser_ctx_count; 12227c478bd9Sstevel@tonic-gate krb5_boolean profile_secure; 12237c478bd9Sstevel@tonic-gate void *ser_ctx; 12247c478bd9Sstevel@tonic-gate #ifndef _KERNEL 12257c478bd9Sstevel@tonic-gate profile_t profile; 12267c478bd9Sstevel@tonic-gate void *db_context; 12277c478bd9Sstevel@tonic-gate void *kdblog_context; 12287c478bd9Sstevel@tonic-gate /* allowable clock skew */ 12297c478bd9Sstevel@tonic-gate krb5_deltat clockskew; 12307c478bd9Sstevel@tonic-gate krb5_cksumtype kdc_req_sumtype; 12317c478bd9Sstevel@tonic-gate krb5_cksumtype default_ap_req_sumtype; 12327c478bd9Sstevel@tonic-gate krb5_cksumtype default_safe_sumtype; 12337c478bd9Sstevel@tonic-gate krb5_flags kdc_default_options; 12347c478bd9Sstevel@tonic-gate krb5_flags library_options; 12357c478bd9Sstevel@tonic-gate int fcc_default_format; 12367c478bd9Sstevel@tonic-gate int scc_default_format; 12377c478bd9Sstevel@tonic-gate krb5_prompt_type *prompt_types; 12387c478bd9Sstevel@tonic-gate /* Message size above which we'll try TCP first in send-to-kdc 12397c478bd9Sstevel@tonic-gate type code. Aside from the 2**16 size limit, we put no 12407c478bd9Sstevel@tonic-gate absolute limit on the UDP packet size. */ 12417c478bd9Sstevel@tonic-gate int udp_pref_limit; 12427c478bd9Sstevel@tonic-gate 12437c478bd9Sstevel@tonic-gate /* This is the tgs_ktypes list as read from the profile, or 12447c478bd9Sstevel@tonic-gate set to compiled-in defaults. The application code cannot 12457c478bd9Sstevel@tonic-gate override it. This is used for session keys for 12467c478bd9Sstevel@tonic-gate intermediate ticket-granting tickets used to acquire the 12477c478bd9Sstevel@tonic-gate requested ticket (the session key of which may be 12487c478bd9Sstevel@tonic-gate constrained by tgs_ktypes above). */ 12497c478bd9Sstevel@tonic-gate krb5_enctype *conf_tgs_ktypes; 12507c478bd9Sstevel@tonic-gate int conf_tgs_ktypes_count; 12517c478bd9Sstevel@tonic-gate 12527c478bd9Sstevel@tonic-gate /* Use the _configured version? */ 12537c478bd9Sstevel@tonic-gate krb5_boolean use_conf_ktypes; 12547c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 12557c478bd9Sstevel@tonic-gate krb5_boolean profile_in_memory; 12567c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 12577c478bd9Sstevel@tonic-gate 12587c478bd9Sstevel@tonic-gate pid_t pid; /* fork safety: PID of process that did last PKCS11 init */ 12597c478bd9Sstevel@tonic-gate 12607c478bd9Sstevel@tonic-gate /* Solaris Kerberos: handles for PKCS#11 crypto */ 12617c478bd9Sstevel@tonic-gate /* 12627c478bd9Sstevel@tonic-gate * Warning, do not access hSession directly as this is not fork() safe. 12637c478bd9Sstevel@tonic-gate * Instead use the krb_ctx_hSession() macro below. 12647c478bd9Sstevel@tonic-gate */ 12657c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE hSession; 12667c478bd9Sstevel@tonic-gate int cryptoki_initialized; 12677c478bd9Sstevel@tonic-gate 12687c478bd9Sstevel@tonic-gate /* arcfour_ctx: used only for rcmd stuff so no fork safety issues apply */ 12697c478bd9Sstevel@tonic-gate arcfour_ctx_rec arcfour_ctx; 12707c478bd9Sstevel@tonic-gate #else /* ! KERNEL */ 12717c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cipher_mt; 12727c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_hash_mt; 12737c478bd9Sstevel@tonic-gate crypto_mech_type_t kef_cksum_mt; 12747c478bd9Sstevel@tonic-gate #endif /* ! KERNEL */ 12757c478bd9Sstevel@tonic-gate }; 12767c478bd9Sstevel@tonic-gate 12777c478bd9Sstevel@tonic-gate #ifndef _KERNEL 12787c478bd9Sstevel@tonic-gate extern pid_t __krb5_current_pid; 12797c478bd9Sstevel@tonic-gate 12807c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE krb5_reinit_ef_handle(krb5_context); 12817c478bd9Sstevel@tonic-gate 12827c478bd9Sstevel@tonic-gate /* 12837c478bd9Sstevel@tonic-gate * fork safety: barring the ef_init code, every other function must use the 12847c478bd9Sstevel@tonic-gate * krb_ctx_hSession() macro to access the hSession field in a krb context. 12857c478bd9Sstevel@tonic-gate * Note, if the pid of the krb ctx == the current global pid then it is safe to 12867c478bd9Sstevel@tonic-gate * use the ctx hSession otherwise it needs to be re-inited before it is returned 12877c478bd9Sstevel@tonic-gate * to the caller. 12887c478bd9Sstevel@tonic-gate */ 12897c478bd9Sstevel@tonic-gate #define krb_ctx_hSession(ctx) \ 12907c478bd9Sstevel@tonic-gate ((ctx)->pid == __krb5_current_pid) ? (ctx)->hSession : krb5_reinit_ef_handle((ctx)) 12917c478bd9Sstevel@tonic-gate #endif 12927c478bd9Sstevel@tonic-gate 12937c478bd9Sstevel@tonic-gate #define MD5_CKSUM_LENGTH 16 12947c478bd9Sstevel@tonic-gate #define RSA_MD5_CKSUM_LENGTH 16 12957c478bd9Sstevel@tonic-gate #define MD5_BLOCKSIZE 64 12967c478bd9Sstevel@tonic-gate 12977c478bd9Sstevel@tonic-gate 12987c478bd9Sstevel@tonic-gate /* 12997c478bd9Sstevel@tonic-gate * Solaris Kerberos: 13007c478bd9Sstevel@tonic-gate * This next section of prototypes and constants 13017c478bd9Sstevel@tonic-gate * are all unique to the Solaris Kerberos implementation. 13027c478bd9Sstevel@tonic-gate * Because Solaris uses the native encryption framework 13037c478bd9Sstevel@tonic-gate * to provide crypto support, the following routines 13047c478bd9Sstevel@tonic-gate * are needed to support this system. 13057c478bd9Sstevel@tonic-gate */ 13067c478bd9Sstevel@tonic-gate 13077c478bd9Sstevel@tonic-gate /* 13087c478bd9Sstevel@tonic-gate * Begin Solaris Crypto Prototypes 13097c478bd9Sstevel@tonic-gate */ 13107c478bd9Sstevel@tonic-gate 13117c478bd9Sstevel@tonic-gate /* 13127c478bd9Sstevel@tonic-gate * define constants that are used for creating the constant 13137c478bd9Sstevel@tonic-gate * which is used to make derived keys. 13147c478bd9Sstevel@tonic-gate */ 13157c478bd9Sstevel@tonic-gate #define DK_ENCR_KEY_BYTE 0xAA 13167c478bd9Sstevel@tonic-gate #define DK_HASH_KEY_BYTE 0x55 13177c478bd9Sstevel@tonic-gate #define DK_CKSUM_KEY_BYTE 0x99 13187c478bd9Sstevel@tonic-gate 13197c478bd9Sstevel@tonic-gate int init_derived_keydata(krb5_context, const struct krb5_enc_provider *, 13207c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyusage, 13217c478bd9Sstevel@tonic-gate krb5_keyblock **, krb5_keyblock **); 13227c478bd9Sstevel@tonic-gate 13237c478bd9Sstevel@tonic-gate krb5_error_code add_derived_key(krb5_keyblock *, krb5_keyusage, uchar_t, 13247c478bd9Sstevel@tonic-gate krb5_keyblock *); 13257c478bd9Sstevel@tonic-gate 13267c478bd9Sstevel@tonic-gate krb5_keyblock *find_derived_key(krb5_keyusage, uchar_t, krb5_keyblock *); 13277c478bd9Sstevel@tonic-gate krb5_keyblock *krb5_create_derived_keyblock(int); 13287c478bd9Sstevel@tonic-gate 13297c478bd9Sstevel@tonic-gate #ifdef _KERNEL 13307c478bd9Sstevel@tonic-gate int k5_ef_hash(krb5_context, int, const krb5_data *, krb5_data *); 13317c478bd9Sstevel@tonic-gate 13327c478bd9Sstevel@tonic-gate int k5_ef_mac(krb5_context, krb5_keyblock *, krb5_data *, 13337c478bd9Sstevel@tonic-gate const krb5_data *, krb5_data *); 13347c478bd9Sstevel@tonic-gate 13357c478bd9Sstevel@tonic-gate void make_kef_key(krb5_keyblock *); 13367c478bd9Sstevel@tonic-gate int init_key_kef(crypto_mech_type_t, krb5_keyblock *); 13377c478bd9Sstevel@tonic-gate int update_key_template(krb5_keyblock *); 13387c478bd9Sstevel@tonic-gate void setup_kef_keytypes(); 13397c478bd9Sstevel@tonic-gate void setup_kef_cksumtypes(); 13407c478bd9Sstevel@tonic-gate crypto_mech_type_t get_cipher_mech_type(krb5_context, krb5_keyblock *); 13417c478bd9Sstevel@tonic-gate crypto_mech_type_t get_hash_mech_type(krb5_context, krb5_keyblock *); 13427c478bd9Sstevel@tonic-gate 13437c478bd9Sstevel@tonic-gate #else 13447c478bd9Sstevel@tonic-gate /* 13457c478bd9Sstevel@tonic-gate * This structure is used to map Kerberos supported OID's, 13467c478bd9Sstevel@tonic-gate * to PKCS11 mechanisms 13477c478bd9Sstevel@tonic-gate */ 13487c478bd9Sstevel@tonic-gate #define USE_ENCR 0x01 13497c478bd9Sstevel@tonic-gate #define USE_HASH 0x02 13507c478bd9Sstevel@tonic-gate 13517c478bd9Sstevel@tonic-gate typedef struct krb5_mech_2_pkcs { 13527c478bd9Sstevel@tonic-gate uchar_t flags; 13537c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE enc_algo; 13547c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE hash_algo; 13557c478bd9Sstevel@tonic-gate CK_MECHANISM_TYPE str2key_algo; 13567c478bd9Sstevel@tonic-gate } KRB5_MECH_TO_PKCS; 13577c478bd9Sstevel@tonic-gate 13587c478bd9Sstevel@tonic-gate #define ENC_DEFINED(x) (((x).flags & USE_ENCR)) 13597c478bd9Sstevel@tonic-gate #define HASH_DEFINED(x) (((x).flags & USE_HASH)) 13607c478bd9Sstevel@tonic-gate 13617c478bd9Sstevel@tonic-gate extern CK_RV get_algo(krb5_enctype etype, KRB5_MECH_TO_PKCS * algos); 13627c478bd9Sstevel@tonic-gate extern CK_RV get_key_type (krb5_enctype etype, CK_KEY_TYPE * keyType); 13637c478bd9Sstevel@tonic-gate extern krb5_error_code slot_supports_krb5 (CK_SLOT_ID_PTR slotid); 13647c478bd9Sstevel@tonic-gate 13657c478bd9Sstevel@tonic-gate krb5_error_code init_key_uef(CK_SESSION_HANDLE, krb5_keyblock *); 13667c478bd9Sstevel@tonic-gate 13677c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_hash(krb5_context, CK_MECHANISM *, 13687c478bd9Sstevel@tonic-gate unsigned int, const krb5_data *, krb5_data *); 13697c478bd9Sstevel@tonic-gate 13707c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_mac(krb5_context context, 13717c478bd9Sstevel@tonic-gate krb5_keyblock *key, krb5_data *ivec, 13727c478bd9Sstevel@tonic-gate krb5_const krb5_data *input, krb5_data *output); 13737c478bd9Sstevel@tonic-gate 13747c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 13757c478bd9Sstevel@tonic-gate 13767c478bd9Sstevel@tonic-gate krb5_error_code 13777c478bd9Sstevel@tonic-gate derive_3des_keys(krb5_context, struct krb5_enc_provider *, 13787c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyusage, 13797c478bd9Sstevel@tonic-gate krb5_keyblock *, krb5_keyblock *); 13807c478bd9Sstevel@tonic-gate 13817c478bd9Sstevel@tonic-gate /* 13827c478bd9Sstevel@tonic-gate * End Solaris Crypto Prototypes 13837c478bd9Sstevel@tonic-gate */ 13847c478bd9Sstevel@tonic-gate 13857c478bd9Sstevel@tonic-gate #define KRB5_LIBOPT_SYNC_KDCTIME 0x0001 13867c478bd9Sstevel@tonic-gate 1387505d05c7Sgtb /* internal message representations */ 1388505d05c7Sgtb 1389505d05c7Sgtb typedef struct _krb5_safe { 1390505d05c7Sgtb krb5_magic magic; 1391505d05c7Sgtb krb5_data user_data; /* user data */ 1392505d05c7Sgtb krb5_timestamp timestamp; /* client time, optional */ 1393505d05c7Sgtb krb5_int32 usec; /* microsecond portion of time, 1394505d05c7Sgtb optional */ 1395505d05c7Sgtb krb5_ui_4 seq_number; /* sequence #, optional */ 1396505d05c7Sgtb krb5_address *s_address; /* sender address */ 1397505d05c7Sgtb krb5_address *r_address; /* recipient address, optional */ 1398505d05c7Sgtb krb5_checksum *checksum; /* data integrity checksum */ 1399505d05c7Sgtb } krb5_safe; 1400505d05c7Sgtb 1401505d05c7Sgtb typedef struct _krb5_priv { 1402505d05c7Sgtb krb5_magic magic; 1403505d05c7Sgtb krb5_enc_data enc_part; /* encrypted part */ 1404505d05c7Sgtb } krb5_priv; 1405505d05c7Sgtb 1406505d05c7Sgtb typedef struct _krb5_priv_enc_part { 1407505d05c7Sgtb krb5_magic magic; 1408505d05c7Sgtb krb5_data user_data; /* user data */ 1409505d05c7Sgtb krb5_timestamp timestamp; /* client time, optional */ 1410505d05c7Sgtb krb5_int32 usec; /* microsecond portion of time, opt. */ 1411505d05c7Sgtb krb5_ui_4 seq_number; /* sequence #, optional */ 1412505d05c7Sgtb krb5_address *s_address; /* sender address */ 1413505d05c7Sgtb krb5_address *r_address; /* recipient address, optional */ 1414505d05c7Sgtb } krb5_priv_enc_part; 1415505d05c7Sgtb 1416505d05c7Sgtb void KRB5_CALLCONV krb5_free_safe 1417505d05c7Sgtb (krb5_context, krb5_safe * ); 1418505d05c7Sgtb void KRB5_CALLCONV krb5_free_priv 1419505d05c7Sgtb (krb5_context, krb5_priv * ); 1420505d05c7Sgtb void KRB5_CALLCONV krb5_free_priv_enc_part 1421505d05c7Sgtb (krb5_context, krb5_priv_enc_part * ); 1422505d05c7Sgtb 14237c478bd9Sstevel@tonic-gate /* 14247c478bd9Sstevel@tonic-gate * Begin "asn1.h" 14257c478bd9Sstevel@tonic-gate */ 14267c478bd9Sstevel@tonic-gate #ifndef KRB5_ASN1__ 14277c478bd9Sstevel@tonic-gate #define KRB5_ASN1__ 14287c478bd9Sstevel@tonic-gate 14297c478bd9Sstevel@tonic-gate /* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */ 14307c478bd9Sstevel@tonic-gate /* here we use some knowledge of ASN.1 encodings */ 14317c478bd9Sstevel@tonic-gate /* 14327c478bd9Sstevel@tonic-gate Ticket is APPLICATION 1. 14337c478bd9Sstevel@tonic-gate Authenticator is APPLICATION 2. 14347c478bd9Sstevel@tonic-gate AS_REQ is APPLICATION 10. 14357c478bd9Sstevel@tonic-gate AS_REP is APPLICATION 11. 14367c478bd9Sstevel@tonic-gate TGS_REQ is APPLICATION 12. 14377c478bd9Sstevel@tonic-gate TGS_REP is APPLICATION 13. 14387c478bd9Sstevel@tonic-gate AP_REQ is APPLICATION 14. 14397c478bd9Sstevel@tonic-gate AP_REP is APPLICATION 15. 14407c478bd9Sstevel@tonic-gate KRB_SAFE is APPLICATION 20. 14417c478bd9Sstevel@tonic-gate KRB_PRIV is APPLICATION 21. 14427c478bd9Sstevel@tonic-gate KRB_CRED is APPLICATION 22. 14437c478bd9Sstevel@tonic-gate EncASRepPart is APPLICATION 25. 14447c478bd9Sstevel@tonic-gate EncTGSRepPart is APPLICATION 26. 14457c478bd9Sstevel@tonic-gate EncAPRepPart is APPLICATION 27. 14467c478bd9Sstevel@tonic-gate EncKrbPrivPart is APPLICATION 28. 14477c478bd9Sstevel@tonic-gate EncKrbCredPart is APPLICATION 29. 14487c478bd9Sstevel@tonic-gate KRB_ERROR is APPLICATION 30. 14497c478bd9Sstevel@tonic-gate */ 14507c478bd9Sstevel@tonic-gate /* allow either constructed or primitive encoding, so check for bit 6 14517c478bd9Sstevel@tonic-gate set or reset */ 14527c478bd9Sstevel@tonic-gate #define krb5_is_krb_ticket(dat)\ 14537c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\ 14547c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x41)) 14557c478bd9Sstevel@tonic-gate #define krb5_is_krb_authenticator(dat)\ 14567c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\ 14577c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x42)) 14587c478bd9Sstevel@tonic-gate #define krb5_is_as_req(dat)\ 14597c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\ 14607c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4a)) 14617c478bd9Sstevel@tonic-gate #define krb5_is_as_rep(dat)\ 14627c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\ 14637c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4b)) 14647c478bd9Sstevel@tonic-gate #define krb5_is_tgs_req(dat)\ 14657c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\ 14667c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4c)) 14677c478bd9Sstevel@tonic-gate #define krb5_is_tgs_rep(dat)\ 14687c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\ 14697c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4d)) 14707c478bd9Sstevel@tonic-gate #define krb5_is_ap_req(dat)\ 14717c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\ 14727c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4e)) 14737c478bd9Sstevel@tonic-gate #define krb5_is_ap_rep(dat)\ 14747c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\ 14757c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x4f)) 14767c478bd9Sstevel@tonic-gate #define krb5_is_krb_safe(dat)\ 14777c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\ 14787c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x54)) 14797c478bd9Sstevel@tonic-gate #define krb5_is_krb_priv(dat)\ 14807c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\ 14817c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x55)) 14827c478bd9Sstevel@tonic-gate #define krb5_is_krb_cred(dat)\ 14837c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\ 14847c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x56)) 14857c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_as_rep_part(dat)\ 14867c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\ 14877c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x59)) 14887c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_tgs_rep_part(dat)\ 14897c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\ 14907c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5a)) 14917c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_ap_rep_part(dat)\ 14927c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\ 14937c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5b)) 14947c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_priv_part(dat)\ 14957c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\ 14967c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5c)) 14977c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_cred_part(dat)\ 14987c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\ 14997c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5d)) 15007c478bd9Sstevel@tonic-gate #define krb5_is_krb_error(dat)\ 15017c478bd9Sstevel@tonic-gate ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\ 15027c478bd9Sstevel@tonic-gate (dat)->data[0] == 0x5e)) 15037c478bd9Sstevel@tonic-gate 15047c478bd9Sstevel@tonic-gate /************************************************************************* 15057c478bd9Sstevel@tonic-gate * Prototypes for krb5_encode.c 15067c478bd9Sstevel@tonic-gate *************************************************************************/ 15077c478bd9Sstevel@tonic-gate 15087c478bd9Sstevel@tonic-gate /* 15097c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_structure(const krb5_structure *rep, 15107c478bd9Sstevel@tonic-gate krb5_data **code); 15117c478bd9Sstevel@tonic-gate modifies *code 15127c478bd9Sstevel@tonic-gate effects Returns the ASN.1 encoding of *rep in **code. 15137c478bd9Sstevel@tonic-gate Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep. 15147c478bd9Sstevel@tonic-gate Returns ENOMEM if memory runs out. 15157c478bd9Sstevel@tonic-gate */ 15167c478bd9Sstevel@tonic-gate 15177c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authenticator 15187c478bd9Sstevel@tonic-gate (const krb5_authenticator *rep, krb5_data **code); 15197c478bd9Sstevel@tonic-gate 15207c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ticket 15217c478bd9Sstevel@tonic-gate (const krb5_ticket *rep, krb5_data **code); 15227c478bd9Sstevel@tonic-gate 15237c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_encryption_key 15247c478bd9Sstevel@tonic-gate (const krb5_keyblock *rep, krb5_data **code); 15257c478bd9Sstevel@tonic-gate 15267c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_tkt_part 15277c478bd9Sstevel@tonic-gate (const krb5_enc_tkt_part *rep, krb5_data **code); 15287c478bd9Sstevel@tonic-gate 15297c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_kdc_rep_part 15307c478bd9Sstevel@tonic-gate (const krb5_enc_kdc_rep_part *rep, krb5_data **code); 15317c478bd9Sstevel@tonic-gate 15327c478bd9Sstevel@tonic-gate /* yes, the translation is identical to that used for KDC__REP */ 15337c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_rep 15347c478bd9Sstevel@tonic-gate (const krb5_kdc_rep *rep, krb5_data **code); 15357c478bd9Sstevel@tonic-gate 15367c478bd9Sstevel@tonic-gate /* yes, the translation is identical to that used for KDC__REP */ 15377c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_rep 15387c478bd9Sstevel@tonic-gate (const krb5_kdc_rep *rep, krb5_data **code); 15397c478bd9Sstevel@tonic-gate 15407c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_req 15417c478bd9Sstevel@tonic-gate (const krb5_ap_req *rep, krb5_data **code); 15427c478bd9Sstevel@tonic-gate 15437c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep 15447c478bd9Sstevel@tonic-gate (const krb5_ap_rep *rep, krb5_data **code); 15457c478bd9Sstevel@tonic-gate 15467c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep_enc_part 15477c478bd9Sstevel@tonic-gate (const krb5_ap_rep_enc_part *rep, krb5_data **code); 15487c478bd9Sstevel@tonic-gate 15497c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_req 15507c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 15517c478bd9Sstevel@tonic-gate 15527c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_req 15537c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 15547c478bd9Sstevel@tonic-gate 15557c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_kdc_req_body 15567c478bd9Sstevel@tonic-gate (const krb5_kdc_req *rep, krb5_data **code); 15577c478bd9Sstevel@tonic-gate 15587c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe 15597c478bd9Sstevel@tonic-gate (const krb5_safe *rep, krb5_data **code); 15607c478bd9Sstevel@tonic-gate 15617c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe_with_body 15627c478bd9Sstevel@tonic-gate (const krb5_safe *rep, const krb5_data *body, krb5_data **code); 15637c478bd9Sstevel@tonic-gate 15647c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_priv 15657c478bd9Sstevel@tonic-gate (const krb5_priv *rep, krb5_data **code); 15667c478bd9Sstevel@tonic-gate 15677c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_priv_part 15687c478bd9Sstevel@tonic-gate (const krb5_priv_enc_part *rep, krb5_data **code); 15697c478bd9Sstevel@tonic-gate 15707c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_cred 15717c478bd9Sstevel@tonic-gate (const krb5_cred *rep, krb5_data **code); 15727c478bd9Sstevel@tonic-gate 15737c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_cred_part 15747c478bd9Sstevel@tonic-gate (const krb5_cred_enc_part *rep, krb5_data **code); 15757c478bd9Sstevel@tonic-gate 15767c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_error 15777c478bd9Sstevel@tonic-gate (const krb5_error *rep, krb5_data **code); 15787c478bd9Sstevel@tonic-gate 15797c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authdata 15807c478bd9Sstevel@tonic-gate (const krb5_authdata **rep, krb5_data **code); 15817c478bd9Sstevel@tonic-gate 15827c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_sequence 15837c478bd9Sstevel@tonic-gate (const passwd_phrase_element *rep, krb5_data **code); 15847c478bd9Sstevel@tonic-gate 15857c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_data 15867c478bd9Sstevel@tonic-gate (const krb5_pwd_data *rep, krb5_data **code); 15877c478bd9Sstevel@tonic-gate 15887c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_padata_sequence 15897c478bd9Sstevel@tonic-gate (const krb5_pa_data ** rep, krb5_data **code); 15907c478bd9Sstevel@tonic-gate 15917c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_alt_method 15927c478bd9Sstevel@tonic-gate (const krb5_alt_method *, krb5_data **code); 15937c478bd9Sstevel@tonic-gate 15947c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info 15957c478bd9Sstevel@tonic-gate (const krb5_etype_info_entry **, krb5_data **code); 15967c478bd9Sstevel@tonic-gate 15977c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info2 15987c478bd9Sstevel@tonic-gate (const krb5_etype_info_entry **, krb5_data **code); 15997c478bd9Sstevel@tonic-gate 16007c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_data 16017c478bd9Sstevel@tonic-gate (const krb5_enc_data *, krb5_data **); 16027c478bd9Sstevel@tonic-gate 16037c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pa_enc_ts 16047c478bd9Sstevel@tonic-gate (const krb5_pa_enc_ts *, krb5_data **); 16057c478bd9Sstevel@tonic-gate 16067c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge 16077c478bd9Sstevel@tonic-gate (const krb5_sam_challenge * , krb5_data **); 16087c478bd9Sstevel@tonic-gate 16097c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_key 16107c478bd9Sstevel@tonic-gate (const krb5_sam_key * , krb5_data **); 16117c478bd9Sstevel@tonic-gate 16127c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc 16137c478bd9Sstevel@tonic-gate (const krb5_enc_sam_response_enc * , krb5_data **); 16147c478bd9Sstevel@tonic-gate 16157c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response 16167c478bd9Sstevel@tonic-gate (const krb5_sam_response * , krb5_data **); 16177c478bd9Sstevel@tonic-gate 16187c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_predicted_sam_response 16197c478bd9Sstevel@tonic-gate (const krb5_predicted_sam_response * , krb5_data **); 16207c478bd9Sstevel@tonic-gate 16217c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2 16227c478bd9Sstevel@tonic-gate (const krb5_sam_challenge_2 * , krb5_data **); 16237c478bd9Sstevel@tonic-gate 16247c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2_body 16257c478bd9Sstevel@tonic-gate (const krb5_sam_challenge_2_body * , krb5_data **); 16267c478bd9Sstevel@tonic-gate 16277c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc_2 16287c478bd9Sstevel@tonic-gate (const krb5_enc_sam_response_enc_2 * , krb5_data **); 16297c478bd9Sstevel@tonic-gate 16307c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response_2 16317c478bd9Sstevel@tonic-gate (const krb5_sam_response_2 * , krb5_data **); 16327c478bd9Sstevel@tonic-gate 1633*10db1377Sgtb krb5_error_code encode_krb5_setpw_req 1634*10db1377Sgtb (const krb5_principal target, char *password, krb5_data **code); 1635*10db1377Sgtb 16367c478bd9Sstevel@tonic-gate /************************************************************************* 16377c478bd9Sstevel@tonic-gate * End of prototypes for krb5_encode.c 16387c478bd9Sstevel@tonic-gate *************************************************************************/ 16397c478bd9Sstevel@tonic-gate 16407c478bd9Sstevel@tonic-gate /************************************************************************* 16417c478bd9Sstevel@tonic-gate * Prototypes for krb5_decode.c 16427c478bd9Sstevel@tonic-gate *************************************************************************/ 16437c478bd9Sstevel@tonic-gate 16447c478bd9Sstevel@tonic-gate /* 16457c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_structure(const krb5_data *code, 16467c478bd9Sstevel@tonic-gate krb5_structure **rep); 16477c478bd9Sstevel@tonic-gate 16487c478bd9Sstevel@tonic-gate requires Expects **rep to not have been allocated; 16497c478bd9Sstevel@tonic-gate a new *rep is allocated regardless of the old value. 16507c478bd9Sstevel@tonic-gate effects Decodes *code into **rep. 16517c478bd9Sstevel@tonic-gate Returns ENOMEM if memory is exhausted. 16527c478bd9Sstevel@tonic-gate Returns asn1 and krb5 errors. 16537c478bd9Sstevel@tonic-gate */ 16547c478bd9Sstevel@tonic-gate 16557c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authenticator 16567c478bd9Sstevel@tonic-gate (const krb5_data *code, krb5_authenticator **rep); 16577c478bd9Sstevel@tonic-gate 16587c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ticket 16597c478bd9Sstevel@tonic-gate (const krb5_data *code, krb5_ticket **rep); 16607c478bd9Sstevel@tonic-gate 16617c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_encryption_key 16627c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_keyblock **rep); 16637c478bd9Sstevel@tonic-gate 16647c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_tkt_part 16657c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_tkt_part **rep); 16667c478bd9Sstevel@tonic-gate 16677c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_kdc_rep_part 16687c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_kdc_rep_part **rep); 16697c478bd9Sstevel@tonic-gate 16707c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_rep 16717c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_rep **rep); 16727c478bd9Sstevel@tonic-gate 16737c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_rep 16747c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_rep **rep); 16757c478bd9Sstevel@tonic-gate 16767c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_req 16777c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_req **rep); 16787c478bd9Sstevel@tonic-gate 16797c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep 16807c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_rep **rep); 16817c478bd9Sstevel@tonic-gate 16827c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep_enc_part 16837c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_ap_rep_enc_part **rep); 16847c478bd9Sstevel@tonic-gate 16857c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_req 16867c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 16877c478bd9Sstevel@tonic-gate 16887c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_req 16897c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 16907c478bd9Sstevel@tonic-gate 16917c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_kdc_req_body 16927c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_kdc_req **rep); 16937c478bd9Sstevel@tonic-gate 16947c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe 16957c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_safe **rep); 16967c478bd9Sstevel@tonic-gate 16977c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe_with_body 16987c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_safe **rep, krb5_data *body); 16997c478bd9Sstevel@tonic-gate 17007c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_priv 17017c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_priv **rep); 17027c478bd9Sstevel@tonic-gate 17037c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_priv_part 17047c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_priv_enc_part **rep); 17057c478bd9Sstevel@tonic-gate 17067c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_cred 17077c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_cred **rep); 17087c478bd9Sstevel@tonic-gate 17097c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_cred_part 17107c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_cred_enc_part **rep); 17117c478bd9Sstevel@tonic-gate 17127c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_error 17137c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_error **rep); 17147c478bd9Sstevel@tonic-gate 17157c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authdata 17167c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_authdata ***rep); 17177c478bd9Sstevel@tonic-gate 17187c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_sequence 17197c478bd9Sstevel@tonic-gate (const krb5_data *output, passwd_phrase_element **rep); 17207c478bd9Sstevel@tonic-gate 17217c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_data 17227c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pwd_data **rep); 17237c478bd9Sstevel@tonic-gate 17247c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_padata_sequence 17257c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pa_data ***rep); 17267c478bd9Sstevel@tonic-gate 17277c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_alt_method 17287c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_alt_method **rep); 17297c478bd9Sstevel@tonic-gate 17307c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info 17317c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_etype_info_entry ***rep); 17327c478bd9Sstevel@tonic-gate 17337c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info2 17347c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_etype_info_entry ***rep); 17357c478bd9Sstevel@tonic-gate 17367c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_data 17377c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_enc_data **rep); 17387c478bd9Sstevel@tonic-gate 17397c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pa_enc_ts 17407c478bd9Sstevel@tonic-gate (const krb5_data *output, krb5_pa_enc_ts **rep); 17417c478bd9Sstevel@tonic-gate 17427c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge 17437c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_challenge **); 17447c478bd9Sstevel@tonic-gate 17457c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_key 17467c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_key **); 17477c478bd9Sstevel@tonic-gate 17487c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_sam_response_enc 17497c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_enc_sam_response_enc **); 17507c478bd9Sstevel@tonic-gate 17517c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_response 17527c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_response **); 17537c478bd9Sstevel@tonic-gate 17547c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_predicted_sam_response 17557c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_predicted_sam_response **); 17567c478bd9Sstevel@tonic-gate 17577c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge_2 17587c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_challenge_2 **); 17597c478bd9Sstevel@tonic-gate 17607c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge_2_body 17617c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_challenge_2_body **); 17627c478bd9Sstevel@tonic-gate 17637c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_sam_response_enc_2 17647c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_enc_sam_response_enc_2 **); 17657c478bd9Sstevel@tonic-gate 17667c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_response_2 17677c478bd9Sstevel@tonic-gate (const krb5_data *, krb5_sam_response_2 **); 17687c478bd9Sstevel@tonic-gate 17697c478bd9Sstevel@tonic-gate 17707c478bd9Sstevel@tonic-gate /************************************************************************* 17717c478bd9Sstevel@tonic-gate * End of prototypes for krb5_decode.c 17727c478bd9Sstevel@tonic-gate *************************************************************************/ 17737c478bd9Sstevel@tonic-gate 17747c478bd9Sstevel@tonic-gate #endif /* KRB5_ASN1__ */ 17757c478bd9Sstevel@tonic-gate /* 17767c478bd9Sstevel@tonic-gate * End "asn1.h" 17777c478bd9Sstevel@tonic-gate */ 17787c478bd9Sstevel@tonic-gate 17797c478bd9Sstevel@tonic-gate 17807c478bd9Sstevel@tonic-gate /* 17817c478bd9Sstevel@tonic-gate * Internal krb5 library routines 17827c478bd9Sstevel@tonic-gate */ 17837c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_tkt_part 17847c478bd9Sstevel@tonic-gate (krb5_context, 17857c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, 17867c478bd9Sstevel@tonic-gate krb5_ticket *); 17877c478bd9Sstevel@tonic-gate 17887c478bd9Sstevel@tonic-gate 17897c478bd9Sstevel@tonic-gate krb5_error_code krb5_encode_kdc_rep 17907c478bd9Sstevel@tonic-gate (krb5_context, 17917c478bd9Sstevel@tonic-gate krb5_const krb5_msgtype, 17927c478bd9Sstevel@tonic-gate krb5_const krb5_enc_kdc_rep_part *, 17937c478bd9Sstevel@tonic-gate int using_subkey, 17947c478bd9Sstevel@tonic-gate krb5_const krb5_keyblock *, 17957c478bd9Sstevel@tonic-gate krb5_kdc_rep *, 17967c478bd9Sstevel@tonic-gate krb5_data ** ); 17977c478bd9Sstevel@tonic-gate 17987c478bd9Sstevel@tonic-gate krb5_error_code krb5_validate_times 17997c478bd9Sstevel@tonic-gate (krb5_context, krb5_ticket_times *); 18007c478bd9Sstevel@tonic-gate 1801505d05c7Sgtb krb5_boolean krb5int_auth_con_chkseqnum 1802505d05c7Sgtb (krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq); 1803505d05c7Sgtb 18047c478bd9Sstevel@tonic-gate /* 18057c478bd9Sstevel@tonic-gate * [De]Serialization Handle and operations. 18067c478bd9Sstevel@tonic-gate */ 18077c478bd9Sstevel@tonic-gate struct __krb5_serializer { 18087c478bd9Sstevel@tonic-gate krb5_magic odtype; 18097c478bd9Sstevel@tonic-gate krb5_error_code (*sizer) (krb5_context, 18107c478bd9Sstevel@tonic-gate krb5_pointer, 18117c478bd9Sstevel@tonic-gate size_t *); 18127c478bd9Sstevel@tonic-gate krb5_error_code (*externalizer) (krb5_context, 18137c478bd9Sstevel@tonic-gate krb5_pointer, 18147c478bd9Sstevel@tonic-gate krb5_octet **, 18157c478bd9Sstevel@tonic-gate size_t *); 18167c478bd9Sstevel@tonic-gate krb5_error_code (*internalizer) (krb5_context, 18177c478bd9Sstevel@tonic-gate krb5_pointer *, 18187c478bd9Sstevel@tonic-gate krb5_octet **, 18197c478bd9Sstevel@tonic-gate size_t *); 18207c478bd9Sstevel@tonic-gate }; 18217c478bd9Sstevel@tonic-gate typedef struct __krb5_serializer * krb5_ser_handle; 18227c478bd9Sstevel@tonic-gate typedef struct __krb5_serializer krb5_ser_entry; 18237c478bd9Sstevel@tonic-gate 18247c478bd9Sstevel@tonic-gate krb5_ser_handle krb5_find_serializer 1825505d05c7Sgtb (krb5_context, 1826505d05c7Sgtb krb5_magic); 18277c478bd9Sstevel@tonic-gate krb5_error_code krb5_register_serializer 1828505d05c7Sgtb (krb5_context, 1829505d05c7Sgtb const krb5_ser_entry *); 18307c478bd9Sstevel@tonic-gate 18317c478bd9Sstevel@tonic-gate /* Determine the external size of a particular opaque structure */ 1832505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_size_opaque 1833505d05c7Sgtb (krb5_context, 1834505d05c7Sgtb krb5_magic, 1835505d05c7Sgtb krb5_pointer, 1836505d05c7Sgtb size_t *); 18377c478bd9Sstevel@tonic-gate 18387c478bd9Sstevel@tonic-gate /* Serialize the structure into a buffer */ 1839505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_externalize_opaque 18407c478bd9Sstevel@tonic-gate (krb5_context, 18417c478bd9Sstevel@tonic-gate krb5_magic, 18427c478bd9Sstevel@tonic-gate krb5_pointer, 18437c478bd9Sstevel@tonic-gate krb5_octet * *, 18447c478bd9Sstevel@tonic-gate size_t *); 18457c478bd9Sstevel@tonic-gate 18467c478bd9Sstevel@tonic-gate /* Deserialize the structure from a buffer */ 1847505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_internalize_opaque 1848505d05c7Sgtb (krb5_context, 1849505d05c7Sgtb krb5_magic, 1850505d05c7Sgtb krb5_pointer *, 1851505d05c7Sgtb krb5_octet **, 1852505d05c7Sgtb size_t *); 18537c478bd9Sstevel@tonic-gate 18547c478bd9Sstevel@tonic-gate /* Serialize data into a buffer */ 18557c478bd9Sstevel@tonic-gate krb5_error_code krb5_externalize_data 1856505d05c7Sgtb (krb5_context, 1857505d05c7Sgtb krb5_pointer, 1858505d05c7Sgtb krb5_octet **, 1859505d05c7Sgtb size_t *); 18607c478bd9Sstevel@tonic-gate /* 18617c478bd9Sstevel@tonic-gate * Initialization routines. 18627c478bd9Sstevel@tonic-gate */ 18637c478bd9Sstevel@tonic-gate 18647c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_[os_]context */ 1865505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_context_init 18667c478bd9Sstevel@tonic-gate (krb5_context); 18677c478bd9Sstevel@tonic-gate 18687c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_auth_context */ 1869505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init 18707c478bd9Sstevel@tonic-gate (krb5_context); 18717c478bd9Sstevel@tonic-gate 18727c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_keytab */ 1873505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init 18747c478bd9Sstevel@tonic-gate (krb5_context); 18757c478bd9Sstevel@tonic-gate 18767c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_ccache */ 1877505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init 18787c478bd9Sstevel@tonic-gate (krb5_context); 18797c478bd9Sstevel@tonic-gate 18807c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_rcache */ 1881505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init 18827c478bd9Sstevel@tonic-gate (krb5_context); 18837c478bd9Sstevel@tonic-gate 18847c478bd9Sstevel@tonic-gate /* [De]serialize 4-byte integer */ 18857c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32 1886505d05c7Sgtb (krb5_int32, 1887505d05c7Sgtb krb5_octet **, 1888505d05c7Sgtb size_t *); 1889505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32 1890505d05c7Sgtb (krb5_int32 *, 1891505d05c7Sgtb krb5_octet **, 1892505d05c7Sgtb size_t *); 1893505d05c7Sgtb /* [De]serialize 8-byte integer */ 18947c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64 18957c478bd9Sstevel@tonic-gate (krb5_int64, krb5_octet * *, size_t *); 18967c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64 18977c478bd9Sstevel@tonic-gate (krb5_int64 *, krb5_octet **, size_t *); 18987c478bd9Sstevel@tonic-gate /* [De]serialize byte string */ 1899505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes 19007c478bd9Sstevel@tonic-gate (krb5_octet *, 1901505d05c7Sgtb size_t, 1902505d05c7Sgtb krb5_octet **, 1903505d05c7Sgtb size_t *); 1904505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes 19057c478bd9Sstevel@tonic-gate (krb5_octet *, 1906505d05c7Sgtb size_t, 1907505d05c7Sgtb krb5_octet **, 1908505d05c7Sgtb size_t *); 19097c478bd9Sstevel@tonic-gate 1910505d05c7Sgtb 1911505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5int_cc_default 19127c478bd9Sstevel@tonic-gate (krb5_context, krb5_ccache *); 19137c478bd9Sstevel@tonic-gate 19147c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default 19157c478bd9Sstevel@tonic-gate (krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *); 19167c478bd9Sstevel@tonic-gate 19177c478bd9Sstevel@tonic-gate void krb5int_set_prompt_types 19187c478bd9Sstevel@tonic-gate (krb5_context, krb5_prompt_type *); 19197c478bd9Sstevel@tonic-gate 19207c478bd9Sstevel@tonic-gate krb5_error_code 19217c478bd9Sstevel@tonic-gate krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context, 19227c478bd9Sstevel@tonic-gate krb5_keyblock * /* Old keyblock, not new! */); 19237c478bd9Sstevel@tonic-gate 1924505d05c7Sgtb /* set and change password helpers */ 1925505d05c7Sgtb 1926505d05c7Sgtb krb5_error_code krb5int_mk_chpw_req 1927505d05c7Sgtb (krb5_context context, krb5_auth_context auth_context, 1928505d05c7Sgtb krb5_data *ap_req, char *passwd, krb5_data *packet); 1929505d05c7Sgtb krb5_error_code krb5int_rd_chpw_rep 1930505d05c7Sgtb (krb5_context context, krb5_auth_context auth_context, 1931505d05c7Sgtb krb5_data *packet, int *result_code, 1932505d05c7Sgtb krb5_data *result_data); 1933505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string 1934505d05c7Sgtb (krb5_context context, int result_code, 1935505d05c7Sgtb char **result_codestr); 1936505d05c7Sgtb krb5_error_code krb5int_mk_setpw_req 1937505d05c7Sgtb (krb5_context context, krb5_auth_context auth_context, 1938505d05c7Sgtb krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet); 1939505d05c7Sgtb krb5_error_code krb5int_rd_setpw_rep 1940505d05c7Sgtb (krb5_context context, krb5_auth_context auth_context, 1941505d05c7Sgtb krb5_data *packet, int *result_code, 1942505d05c7Sgtb krb5_data *result_data); 1943505d05c7Sgtb 1944505d05c7Sgtb krb5_error_code krb5int_setpw_result_code_string 1945505d05c7Sgtb (krb5_context context, int result_code, 1946505d05c7Sgtb const char **result_codestr); 19477c478bd9Sstevel@tonic-gate 19487c478bd9Sstevel@tonic-gate struct srv_dns_entry { 19497c478bd9Sstevel@tonic-gate struct srv_dns_entry *next; 19507c478bd9Sstevel@tonic-gate int priority; 19517c478bd9Sstevel@tonic-gate int weight; 19527c478bd9Sstevel@tonic-gate unsigned short port; 19537c478bd9Sstevel@tonic-gate char *host; 19547c478bd9Sstevel@tonic-gate }; 19557c478bd9Sstevel@tonic-gate 19567c478bd9Sstevel@tonic-gate krb5_error_code 19577c478bd9Sstevel@tonic-gate krb5int_make_srv_query_realm(const krb5_data *realm, 19587c478bd9Sstevel@tonic-gate const char *service, 19597c478bd9Sstevel@tonic-gate const char *protocol, 19607c478bd9Sstevel@tonic-gate struct srv_dns_entry **answers); 19617c478bd9Sstevel@tonic-gate void krb5int_free_srv_dns_data(struct srv_dns_entry *); 19627c478bd9Sstevel@tonic-gate 19637c478bd9Sstevel@tonic-gate /* 19647c478bd9Sstevel@tonic-gate * Convenience function for structure magic number 19657c478bd9Sstevel@tonic-gate */ 19667c478bd9Sstevel@tonic-gate #define KRB5_VERIFY_MAGIC(structure,magic_number) \ 19677c478bd9Sstevel@tonic-gate if ((structure)->magic != (magic_number)) return (magic_number); 19687c478bd9Sstevel@tonic-gate 1969505d05c7Sgtb 1970505d05c7Sgtb /* SUNW14resync XXX - see k5-util.h */ 1971505d05c7Sgtb #if 0 19727c478bd9Sstevel@tonic-gate int krb5_seteuid (int); 1973505d05c7Sgtb #endif 19747c478bd9Sstevel@tonic-gate 19757c478bd9Sstevel@tonic-gate char * krb5_getenv(const char *); 19767c478bd9Sstevel@tonic-gate int krb5_setenv (const char *, const char *, int); 19777c478bd9Sstevel@tonic-gate void krb5_unsetenv (const char *); 19787c478bd9Sstevel@tonic-gate 1979505d05c7Sgtb 1980505d05c7Sgtb /* SUNW14resync - (from here to EOF) not sure if we need this but will add it 1981505d05c7Sgtb for future resync sake */ 1982505d05c7Sgtb 1983505d05c7Sgtb /* To keep happy libraries which are (for now) accessing internal stuff */ 1984505d05c7Sgtb 1985505d05c7Sgtb /* Make sure to increment by one when changing the struct */ 1986505d05c7Sgtb #define KRB5INT_ACCESS_STRUCT_VERSION 9 1987505d05c7Sgtb 1988505d05c7Sgtb #ifndef ANAME_SZ 1989505d05c7Sgtb struct ktext; /* from krb.h, for krb524 support */ 1990505d05c7Sgtb #endif 1991505d05c7Sgtb typedef struct _krb5int_access { 1992505d05c7Sgtb /* crypto stuff */ 1993505d05c7Sgtb const struct krb5_hash_provider *md5_hash_provider; 1994505d05c7Sgtb const struct krb5_enc_provider *arcfour_enc_provider; 1995505d05c7Sgtb krb5_error_code (* krb5_hmac) (const struct krb5_hash_provider *hash, 1996505d05c7Sgtb const krb5_keyblock *key, 1997505d05c7Sgtb unsigned int icount, const krb5_data *input, 1998505d05c7Sgtb krb5_data *output); 1999505d05c7Sgtb /* service location and communication */ 2000505d05c7Sgtb #ifndef _KERNEL 2001505d05c7Sgtb krb5_error_code (*locate_server) (krb5_context, const krb5_data *, 2002505d05c7Sgtb struct addrlist *, int, 2003505d05c7Sgtb const char *, const char *, 2004505d05c7Sgtb int, int, int, int); 2005505d05c7Sgtb krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg, 2006505d05c7Sgtb const struct addrlist *, krb5_data *reply, 2007505d05c7Sgtb struct sockaddr *, socklen_t *, int *); 2008505d05c7Sgtb krb5_error_code (*add_host_to_list)(struct addrlist *lp, 2009505d05c7Sgtb const char *hostname, 2010505d05c7Sgtb int port, int secport, 2011505d05c7Sgtb int socktype, int family); 2012505d05c7Sgtb void (*free_addrlist) (struct addrlist *); 2013505d05c7Sgtb #endif /* _KERNEL */ 2014505d05c7Sgtb 2015505d05c7Sgtb 2016505d05c7Sgtb krb5_error_code (*make_srv_query_realm)(const krb5_data *realm, 2017505d05c7Sgtb const char *service, 2018505d05c7Sgtb const char *protocol, 2019505d05c7Sgtb struct srv_dns_entry **answers); 2020505d05c7Sgtb void (*free_srv_dns_data)(struct srv_dns_entry *); 2021505d05c7Sgtb int (*use_dns_kdc)(krb5_context); 2022505d05c7Sgtb 2023505d05c7Sgtb /* krb4 compatibility stuff -- may be null if not enabled */ 2024505d05c7Sgtb krb5_int32 (*krb_life_to_time)(krb5_int32, int); 2025505d05c7Sgtb int (*krb_time_to_life)(krb5_int32, krb5_int32); 2026505d05c7Sgtb int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *); 2027505d05c7Sgtb krb5_error_code (*krb5int_c_mandatory_cksumtype) 2028505d05c7Sgtb (krb5_context, krb5_enctype, krb5_cksumtype *); 2029505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *krb5_ser_pack_int64) 2030505d05c7Sgtb (krb5_int64, krb5_octet **, size_t *); 2031505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *krb5_ser_unpack_int64) 2032505d05c7Sgtb (krb5_int64 *, krb5_octet **, size_t *); 2033505d05c7Sgtb } krb5int_access; 2034505d05c7Sgtb 2035505d05c7Sgtb #define KRB5INT_ACCESS_VERSION \ 2036505d05c7Sgtb (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \ 2037505d05c7Sgtb (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF) 2038505d05c7Sgtb 2039505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5int_accessor 2040505d05c7Sgtb (krb5int_access*, krb5_int32); 2041505d05c7Sgtb 2042505d05c7Sgtb /* Ick -- some krb524 and krb4 support placed in the krb5 library, 2043505d05c7Sgtb because AFS (and potentially other applications?) use the krb4 2044505d05c7Sgtb object as an opaque token, which (in some implementations) is not 2045505d05c7Sgtb in fact a krb4 ticket, so we don't want to drag in the krb4 support 2046505d05c7Sgtb just to enable this. */ 2047505d05c7Sgtb 2048505d05c7Sgtb #define KRB524_SERVICE "krb524" 2049505d05c7Sgtb #define KRB524_PORT 4444 2050505d05c7Sgtb 2051505d05c7Sgtb /* v4lifetime.c */ 2052505d05c7Sgtb extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int); 2053505d05c7Sgtb extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32); 2054505d05c7Sgtb 2055505d05c7Sgtb /* conv_creds.c */ 2056505d05c7Sgtb int krb5int_encode_v4tkt 2057505d05c7Sgtb (struct ktext *v4tkt, char *buf, unsigned int *encoded_len); 2058505d05c7Sgtb 2059505d05c7Sgtb /* send524.c */ 2060505d05c7Sgtb int krb5int_524_sendto_kdc 2061505d05c7Sgtb (krb5_context context, const krb5_data * message, 2062505d05c7Sgtb const krb5_data * realm, krb5_data * reply, 2063505d05c7Sgtb struct sockaddr *, socklen_t *); 2064505d05c7Sgtb 2065505d05c7Sgtb /* temporary -- this should be under lib/krb5/ccache somewhere */ 2066505d05c7Sgtb 2067505d05c7Sgtb struct _krb5_ccache { 2068505d05c7Sgtb krb5_magic magic; 2069505d05c7Sgtb const struct _krb5_cc_ops *ops; 2070505d05c7Sgtb krb5_pointer data; 2071505d05c7Sgtb }; 2072505d05c7Sgtb 2073505d05c7Sgtb struct _krb5_cc_ops { 2074505d05c7Sgtb krb5_magic magic; 2075505d05c7Sgtb char *prefix; 2076505d05c7Sgtb const char * (KRB5_CALLCONV *get_name) (krb5_context, krb5_ccache); 2077505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_ccache *, 2078505d05c7Sgtb const char *); 2079505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *gen_new) (krb5_context, krb5_ccache *); 2080505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_ccache, 2081505d05c7Sgtb krb5_principal); 2082505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_ccache); 2083505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_ccache); 2084505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_ccache, 2085505d05c7Sgtb krb5_creds *); 2086505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *retrieve) (krb5_context, krb5_ccache, 2087505d05c7Sgtb krb5_flags, krb5_creds *, 2088505d05c7Sgtb krb5_creds *); 2089505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_princ) (krb5_context, krb5_ccache, 2090505d05c7Sgtb krb5_principal *); 2091505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_first) (krb5_context, krb5_ccache, 2092505d05c7Sgtb krb5_cc_cursor *); 2093505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_ccache, 2094505d05c7Sgtb krb5_cc_cursor *, krb5_creds *); 2095505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_ccache, 2096505d05c7Sgtb krb5_cc_cursor *); 2097505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *remove_cred) (krb5_context, krb5_ccache, 2098505d05c7Sgtb krb5_flags, krb5_creds *); 2099505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *set_flags) (krb5_context, krb5_ccache, 2100505d05c7Sgtb krb5_flags); 2101505d05c7Sgtb }; 2102505d05c7Sgtb 2103505d05c7Sgtb extern const krb5_cc_ops *krb5_cc_dfl_ops; 2104505d05c7Sgtb 2105505d05c7Sgtb typedef struct _krb5_donot_replay { 2106505d05c7Sgtb krb5_magic magic; 2107505d05c7Sgtb krb5_ui_4 hash; 2108505d05c7Sgtb char *server; /* null-terminated */ 2109505d05c7Sgtb char *client; /* null-terminated */ 2110505d05c7Sgtb krb5_int32 cusec; 2111505d05c7Sgtb krb5_timestamp ctime; 2112505d05c7Sgtb } krb5_donot_replay; 2113505d05c7Sgtb 2114505d05c7Sgtb krb5_error_code krb5_rc_default 2115505d05c7Sgtb (krb5_context, 2116505d05c7Sgtb krb5_rcache *); 2117505d05c7Sgtb krb5_error_code krb5_rc_resolve_type 2118505d05c7Sgtb (krb5_context, 2119505d05c7Sgtb krb5_rcache *,char *); 2120505d05c7Sgtb krb5_error_code krb5_rc_resolve_full 2121505d05c7Sgtb (krb5_context, 2122505d05c7Sgtb krb5_rcache *,char *); 2123505d05c7Sgtb char * krb5_rc_get_type 2124505d05c7Sgtb (krb5_context, 2125505d05c7Sgtb krb5_rcache); 2126505d05c7Sgtb char * krb5_rc_default_type 2127505d05c7Sgtb (krb5_context); 2128505d05c7Sgtb char * krb5_rc_default_name 2129505d05c7Sgtb (krb5_context); 2130505d05c7Sgtb krb5_error_code krb5_auth_to_rep 2131505d05c7Sgtb (krb5_context, 2132505d05c7Sgtb krb5_tkt_authent *, 2133505d05c7Sgtb krb5_donot_replay *); 2134505d05c7Sgtb 2135505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_initialize 2136505d05c7Sgtb (krb5_context, krb5_rcache,krb5_deltat); 2137505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_recover_or_initialize 2138505d05c7Sgtb (krb5_context, krb5_rcache,krb5_deltat); 2139505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_recover 2140505d05c7Sgtb (krb5_context, krb5_rcache); 2141505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_destroy 2142505d05c7Sgtb (krb5_context, krb5_rcache); 2143505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_close 2144505d05c7Sgtb (krb5_context, krb5_rcache); 2145505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_store 2146505d05c7Sgtb (krb5_context, krb5_rcache,krb5_donot_replay *); 2147505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_expunge 2148505d05c7Sgtb (krb5_context, krb5_rcache); 2149505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan 2150505d05c7Sgtb (krb5_context, krb5_rcache,krb5_deltat *); 2151505d05c7Sgtb char *KRB5_CALLCONV krb5_rc_get_name 2152505d05c7Sgtb (krb5_context, krb5_rcache); 2153505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_resolve 2154505d05c7Sgtb (krb5_context, krb5_rcache, char *); 2155505d05c7Sgtb 2156505d05c7Sgtb typedef struct _krb5_kt_ops { 2157505d05c7Sgtb krb5_magic magic; 2158505d05c7Sgtb char *prefix; 2159505d05c7Sgtb /* routines always present */ 2160505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *resolve) 2161505d05c7Sgtb (krb5_context, 2162505d05c7Sgtb const char *, 2163505d05c7Sgtb krb5_keytab *); 2164505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_name) 2165505d05c7Sgtb (krb5_context, 2166505d05c7Sgtb krb5_keytab, 2167505d05c7Sgtb char *, 2168505d05c7Sgtb unsigned int); 2169505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *close) 2170505d05c7Sgtb (krb5_context, 2171505d05c7Sgtb krb5_keytab); 2172505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get) 2173505d05c7Sgtb (krb5_context, 2174505d05c7Sgtb krb5_keytab, 2175505d05c7Sgtb krb5_const_principal, 2176505d05c7Sgtb krb5_kvno, 2177505d05c7Sgtb krb5_enctype, 2178505d05c7Sgtb krb5_keytab_entry *); 2179505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *start_seq_get) 2180505d05c7Sgtb (krb5_context, 2181505d05c7Sgtb krb5_keytab, 2182505d05c7Sgtb krb5_kt_cursor *); 2183505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *get_next) 2184505d05c7Sgtb (krb5_context, 2185505d05c7Sgtb krb5_keytab, 2186505d05c7Sgtb krb5_keytab_entry *, 2187505d05c7Sgtb krb5_kt_cursor *); 2188505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *end_get) 2189505d05c7Sgtb (krb5_context, 2190505d05c7Sgtb krb5_keytab, 2191505d05c7Sgtb krb5_kt_cursor *); 2192505d05c7Sgtb /* routines to be included on extended version (write routines) */ 2193505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *add) 2194505d05c7Sgtb (krb5_context, 2195505d05c7Sgtb krb5_keytab, 2196505d05c7Sgtb krb5_keytab_entry *); 2197505d05c7Sgtb krb5_error_code (KRB5_CALLCONV *remove) 2198505d05c7Sgtb (krb5_context, 2199505d05c7Sgtb krb5_keytab, 2200505d05c7Sgtb krb5_keytab_entry *); 2201505d05c7Sgtb 2202505d05c7Sgtb /* Handle for serializer */ 2203505d05c7Sgtb const krb5_ser_entry *serializer; 2204505d05c7Sgtb } krb5_kt_ops; 2205505d05c7Sgtb 2206505d05c7Sgtb extern const krb5_kt_ops krb5_kt_dfl_ops; 2207505d05c7Sgtb 2208505d05c7Sgtb extern krb5_error_code krb5int_translate_gai_error (int); 2209505d05c7Sgtb 2210505d05c7Sgtb /* Not sure it's ready for exposure just yet. */ 2211505d05c7Sgtb extern krb5_error_code 2212505d05c7Sgtb krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *); 2213505d05c7Sgtb 2214505d05c7Sgtb extern int krb5int_crypto_init (void); 2215505d05c7Sgtb extern int krb5int_prng_init(void); 2216505d05c7Sgtb 2217505d05c7Sgtb /* 2218505d05c7Sgtb * SUNW14resync 2219505d05c7Sgtb * Hack (?) to neuter C99 "inline" which causes warnings w/our build. 2220505d05c7Sgtb */ 2221505d05c7Sgtb #define inline 2222505d05c7Sgtb 2223505d05c7Sgtb /* Solaris kerberos */ 2224505d05c7Sgtb krb5_boolean KRB5_CALLCONV is_in_keytype 2225505d05c7Sgtb (krb5_const krb5_enctype *keytype, 2226505d05c7Sgtb int numkeytypes, krb5_enctype enctype); 2227505d05c7Sgtb 2228505d05c7Sgtb 22297c478bd9Sstevel@tonic-gate #endif /* _KRB5_INT_H */ 2230