17c478bd9Sstevel@tonic-gate /*
2c54c769dSwillf  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
37c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate  */
57c478bd9Sstevel@tonic-gate 
67c478bd9Sstevel@tonic-gate /*
7fe598cdcSmp  * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006 by the Massachusetts Institute of Technology,
87c478bd9Sstevel@tonic-gate  * Cambridge, MA, USA.  All Rights Reserved.
9*ab9b2e15Sgtb  *
10*ab9b2e15Sgtb  * This software is being provided to you, the LICENSEE, by the
11*ab9b2e15Sgtb  * Massachusetts Institute of Technology (M.I.T.) under the following
12*ab9b2e15Sgtb  * license.  By obtaining, using and/or copying this software, you agree
13*ab9b2e15Sgtb  * that you have read, understood, and will comply with these terms and
14*ab9b2e15Sgtb  * conditions:
15*ab9b2e15Sgtb  *
167c478bd9Sstevel@tonic-gate  * Export of this software from the United States of America may
177c478bd9Sstevel@tonic-gate  * require a specific license from the United States Government.
187c478bd9Sstevel@tonic-gate  * It is the responsibility of any person or organization contemplating
197c478bd9Sstevel@tonic-gate  * export to obtain such a license before exporting.
20*ab9b2e15Sgtb  *
21*ab9b2e15Sgtb  * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
22*ab9b2e15Sgtb  * this software and its documentation for any purpose and without fee or
23*ab9b2e15Sgtb  * royalty is hereby granted, provided that you agree to comply with the
24*ab9b2e15Sgtb  * following copyright notice and statements, including the disclaimer, and
25*ab9b2e15Sgtb  * that the same appear on ALL copies of the software and documentation,
26*ab9b2e15Sgtb  * including modifications that you make for internal use or for
277c478bd9Sstevel@tonic-gate  * distribution:
28*ab9b2e15Sgtb  *
29*ab9b2e15Sgtb  * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
30*ab9b2e15Sgtb  * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
31*ab9b2e15Sgtb  * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
32*ab9b2e15Sgtb  * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
33*ab9b2e15Sgtb  * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
34*ab9b2e15Sgtb  * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
35*ab9b2e15Sgtb  *
36*ab9b2e15Sgtb  * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
37*ab9b2e15Sgtb  * be used in advertising or publicity pertaining to distribution of the
38*ab9b2e15Sgtb  * software.  Title to copyright in this software and any associated
39*ab9b2e15Sgtb  * documentation shall at all times remain with M.I.T., and USER agrees to
407c478bd9Sstevel@tonic-gate  * preserve same.
41fe598cdcSmp  *
42fe598cdcSmp  * Furthermore if you modify this software you must label
43fe598cdcSmp  * your software as modified software and not distribute it in such a
44fe598cdcSmp  * fashion that it might be confused with the original M.I.T. software.
45fe598cdcSmp 
46*ab9b2e15Sgtb  */
477c478bd9Sstevel@tonic-gate /*
487c478bd9Sstevel@tonic-gate  * Copyright (C) 1998 by the FundsXpress, INC.
497c478bd9Sstevel@tonic-gate  *
507c478bd9Sstevel@tonic-gate  * All rights reserved.
517c478bd9Sstevel@tonic-gate  *
527c478bd9Sstevel@tonic-gate  * Export of this software from the United States of America may require
537c478bd9Sstevel@tonic-gate  * a specific license from the United States Government.  It is the
547c478bd9Sstevel@tonic-gate  * responsibility of any person or organization contemplating export to
557c478bd9Sstevel@tonic-gate  * obtain such a license before exporting.
567c478bd9Sstevel@tonic-gate  *
577c478bd9Sstevel@tonic-gate  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
587c478bd9Sstevel@tonic-gate  * distribute this software and its documentation for any purpose and
597c478bd9Sstevel@tonic-gate  * without fee is hereby granted, provided that the above copyright
607c478bd9Sstevel@tonic-gate  * notice appear in all copies and that both that copyright notice and
617c478bd9Sstevel@tonic-gate  * this permission notice appear in supporting documentation, and that
627c478bd9Sstevel@tonic-gate  * the name of FundsXpress. not be used in advertising or publicity pertaining
637c478bd9Sstevel@tonic-gate  * to distribution of the software without specific, written prior
647c478bd9Sstevel@tonic-gate  * permission.  FundsXpress makes no representations about the suitability of
657c478bd9Sstevel@tonic-gate  * this software for any purpose.  It is provided "as is" without express
667c478bd9Sstevel@tonic-gate  * or implied warranty.
677c478bd9Sstevel@tonic-gate  *
687c478bd9Sstevel@tonic-gate  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
697c478bd9Sstevel@tonic-gate  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
707c478bd9Sstevel@tonic-gate  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
717c478bd9Sstevel@tonic-gate  */
727c478bd9Sstevel@tonic-gate 
737c478bd9Sstevel@tonic-gate /*
747c478bd9Sstevel@tonic-gate  * This prototype for k5-int.h (Krb5 internals include file)
757c478bd9Sstevel@tonic-gate  * includes the user-visible definitions from krb5.h and then
767c478bd9Sstevel@tonic-gate  * includes other definitions that are not user-visible but are
777c478bd9Sstevel@tonic-gate  * required for compiling Kerberos internal routines.
787c478bd9Sstevel@tonic-gate  *
797c478bd9Sstevel@tonic-gate  * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995
807c478bd9Sstevel@tonic-gate  */
817c478bd9Sstevel@tonic-gate 
827c478bd9Sstevel@tonic-gate #ifndef _KRB5_INT_H
837c478bd9Sstevel@tonic-gate #define _KRB5_INT_H
847c478bd9Sstevel@tonic-gate 
857c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
867c478bd9Sstevel@tonic-gate 
877c478bd9Sstevel@tonic-gate #ifndef	_KERNEL
887c478bd9Sstevel@tonic-gate #include <osconf.h>
897c478bd9Sstevel@tonic-gate #include <security/cryptoki.h>
907c478bd9Sstevel@tonic-gate #else
917c478bd9Sstevel@tonic-gate #include <sys/crypto/common.h>
927c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h>
937c478bd9Sstevel@tonic-gate #endif
947c478bd9Sstevel@tonic-gate 
957c478bd9Sstevel@tonic-gate #ifdef  DEBUG
967c478bd9Sstevel@tonic-gate #if !defined(KRB5_DEBUG)
977c478bd9Sstevel@tonic-gate #define KRB5_DEBUG
987c478bd9Sstevel@tonic-gate #endif
997c478bd9Sstevel@tonic-gate #ifndef  KRB5_LOG_LVL
1007c478bd9Sstevel@tonic-gate #define KRB5_LOG_LVL KRB5_ERR
1017c478bd9Sstevel@tonic-gate #endif
1027c478bd9Sstevel@tonic-gate #endif  /* DEBUG */
1037c478bd9Sstevel@tonic-gate 
1047c478bd9Sstevel@tonic-gate #ifdef  _KERNEL
1057c478bd9Sstevel@tonic-gate 
1067c478bd9Sstevel@tonic-gate #ifdef  DEBUG
1077c478bd9Sstevel@tonic-gate #include        <sys/types.h>
1087c478bd9Sstevel@tonic-gate #include        <sys/cmn_err.h>
1097c478bd9Sstevel@tonic-gate  extern  void prom_printf();
1107c478bd9Sstevel@tonic-gate #endif  /* DEBUG */
1117c478bd9Sstevel@tonic-gate 
1127c478bd9Sstevel@tonic-gate #else   /* !_KERNEL */
1137c478bd9Sstevel@tonic-gate 
1147c478bd9Sstevel@tonic-gate #define prom_printf printf
1157c478bd9Sstevel@tonic-gate 
1167c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
1177c478bd9Sstevel@tonic-gate 
1187c478bd9Sstevel@tonic-gate #ifdef KRB5_LOG_LVL
1197c478bd9Sstevel@tonic-gate 
1207c478bd9Sstevel@tonic-gate /* krb5_log is used to set the logging level to determine what class of messages
1217c478bd9Sstevel@tonic-gate  * are output by the mech.  Note, more than one logging level can be used by
1227c478bd9Sstevel@tonic-gate  * bit or'ing the log values together.
1237c478bd9Sstevel@tonic-gate  *
1247c478bd9Sstevel@tonic-gate  * All log messages are captured by syslog.
1257c478bd9Sstevel@tonic-gate  */
1267c478bd9Sstevel@tonic-gate 
1277c478bd9Sstevel@tonic-gate extern unsigned int krb5_log;
1287c478bd9Sstevel@tonic-gate 
1297c478bd9Sstevel@tonic-gate /* Note, these defines should be mutually exclusive bit fields */
1307c478bd9Sstevel@tonic-gate #define KRB5_ERR  1   /* Use this debug log level for error path logging. */
1317c478bd9Sstevel@tonic-gate #define KRB5_INFO 2   /* Use this debug log level for informational messages. */
1327c478bd9Sstevel@tonic-gate 
1337c478bd9Sstevel@tonic-gate #ifdef  _KERNEL
1347c478bd9Sstevel@tonic-gate 
1357c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \
1367c478bd9Sstevel@tonic-gate      ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C), (D)), TRUE)))
1377c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \
1387c478bd9Sstevel@tonic-gate      ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C)), TRUE)))
1397c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B)   \
1407c478bd9Sstevel@tonic-gate      ((void)((krb5_log) && (krb5_log & (A)) && (printf((B)), TRUE)))
1417c478bd9Sstevel@tonic-gate 
1427c478bd9Sstevel@tonic-gate #else	/* !_KERNEL */
1437c478bd9Sstevel@tonic-gate 
1447c478bd9Sstevel@tonic-gate #include <syslog.h>
1457c478bd9Sstevel@tonic-gate 
1467c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \
1477c478bd9Sstevel@tonic-gate         ((void)((krb5_log) && (krb5_log & (A)) && \
1487c478bd9Sstevel@tonic-gate 		(syslog(LOG_DEBUG, (B), (C), (D)), TRUE)))
1497c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \
1507c478bd9Sstevel@tonic-gate         ((void)((krb5_log) && (krb5_log & (A)) && \
1517c478bd9Sstevel@tonic-gate 		(syslog(LOG_DEBUG, (B), (C)), TRUE)))
1527c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B)   \
1537c478bd9Sstevel@tonic-gate         ((void)((krb5_log) && (krb5_log & (A)) && \
1547c478bd9Sstevel@tonic-gate 	       	(syslog(LOG_DEBUG, B), TRUE)))
1557c478bd9Sstevel@tonic-gate 
1567c478bd9Sstevel@tonic-gate #endif	/* _KERNEL */
1577c478bd9Sstevel@tonic-gate 
1587c478bd9Sstevel@tonic-gate #else /* ! KRB5_LOG_LVL */
1597c478bd9Sstevel@tonic-gate 
1607c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D)
1617c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C)
1627c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B)
1637c478bd9Sstevel@tonic-gate 
1647c478bd9Sstevel@tonic-gate #endif /* KRB5_LOG_LVL */
1657c478bd9Sstevel@tonic-gate 
1667c478bd9Sstevel@tonic-gate #ifdef POSIX_TYPES
1677c478bd9Sstevel@tonic-gate #define timetype time_t
1687c478bd9Sstevel@tonic-gate #else
1697c478bd9Sstevel@tonic-gate #define timetype long
1707c478bd9Sstevel@tonic-gate #endif
1717c478bd9Sstevel@tonic-gate 
1727c478bd9Sstevel@tonic-gate /*
1737c478bd9Sstevel@tonic-gate  * Begin "k5-config.h"
1747c478bd9Sstevel@tonic-gate  */
1757c478bd9Sstevel@tonic-gate #ifndef KRB5_CONFIG__
1767c478bd9Sstevel@tonic-gate #define KRB5_CONFIG__
1777c478bd9Sstevel@tonic-gate 
1787c478bd9Sstevel@tonic-gate /*
1797c478bd9Sstevel@tonic-gate  * Machine-type definitions: PC Clone 386 running Microsoft Windows
1807c478bd9Sstevel@tonic-gate  */
1817c478bd9Sstevel@tonic-gate 
182505d05c7Sgtb #if defined(_MSDOS) || defined(_WIN32)
1837c478bd9Sstevel@tonic-gate #include "win-mac.h"
1847c478bd9Sstevel@tonic-gate 
1857c478bd9Sstevel@tonic-gate /* Kerberos Windows initialization file */
1867c478bd9Sstevel@tonic-gate #define KERBEROS_INI    "kerberos.ini"
1877c478bd9Sstevel@tonic-gate #define INI_FILES       "Files"
1887c478bd9Sstevel@tonic-gate #define INI_KRB_CCACHE  "krb5cc"       /* Location of the ccache */
1897c478bd9Sstevel@tonic-gate #define INI_KRB5_CONF   "krb5.ini"		/* Location of krb5.conf file */
1907c478bd9Sstevel@tonic-gate #define ANSI_STDIO
1917c478bd9Sstevel@tonic-gate #endif
1927c478bd9Sstevel@tonic-gate 
1937c478bd9Sstevel@tonic-gate #ifndef _KERNEL
1947c478bd9Sstevel@tonic-gate #ifndef KRB5_AUTOCONF__
1957c478bd9Sstevel@tonic-gate #define KRB5_AUTOCONF__
1967c478bd9Sstevel@tonic-gate #include <autoconf.h>
1977c478bd9Sstevel@tonic-gate #endif
1987c478bd9Sstevel@tonic-gate #endif 		/* !_KERNEL  */
1997c478bd9Sstevel@tonic-gate 
2007c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__
2017c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__
2027c478bd9Sstevel@tonic-gate 
2037c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TYPES_H		/* From autoconf.h */
2047c478bd9Sstevel@tonic-gate #include <sys/types.h>
2057c478bd9Sstevel@tonic-gate #else /* HAVE_SYS_TYPES_H */
2067c478bd9Sstevel@tonic-gate #endif /* HAVE_SYS_TYPES_H */
2077c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */
2087c478bd9Sstevel@tonic-gate 
209505d05c7Sgtb /* #include "k5-platform.h" SUNW XXX */
210505d05c7Sgtb /* not used in krb5.h (yet) */
2117c478bd9Sstevel@tonic-gate typedef uint64_t krb5_ui_8;
2127c478bd9Sstevel@tonic-gate typedef int64_t krb5_int64;
2137c478bd9Sstevel@tonic-gate 
2147c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING1 "Enter password:"
2157c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING2 "Re-enter password for verification:"
2167c478bd9Sstevel@tonic-gate 
2177c478bd9Sstevel@tonic-gate #define	KRB5_KDB_MAX_LIFE	(60*60*24) /* one day */
2187c478bd9Sstevel@tonic-gate #define	KRB5_KDB_MAX_RLIFE	(60*60*24*365) /* one year */
2197c478bd9Sstevel@tonic-gate #define	KRB5_KDB_EXPIRATION	2145830400 /* Thu Jan  1 00:00:00 2038 UTC */
2207c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */
2217c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_RENEW_LIFE 7*24*60*60 /* 7 Days */
2227c478bd9Sstevel@tonic-gate 
2237c478bd9Sstevel@tonic-gate /*
2247c478bd9Sstevel@tonic-gate  * Windows requires a different api interface to each function. Here
2257c478bd9Sstevel@tonic-gate  * just define it as NULL.
2267c478bd9Sstevel@tonic-gate  */
2277c478bd9Sstevel@tonic-gate #ifndef KRB5_CALLCONV
2287c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV
2297c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV_C
2307c478bd9Sstevel@tonic-gate #endif
2317c478bd9Sstevel@tonic-gate #ifndef O_BINARY
2327c478bd9Sstevel@tonic-gate #define O_BINARY 0
2337c478bd9Sstevel@tonic-gate #endif
2347c478bd9Sstevel@tonic-gate 
2357c478bd9Sstevel@tonic-gate #endif /* KRB5_CONFIG__ */
2367c478bd9Sstevel@tonic-gate 
2377c478bd9Sstevel@tonic-gate /*
2387c478bd9Sstevel@tonic-gate  * End "k5-config.h"
2397c478bd9Sstevel@tonic-gate  */
2407c478bd9Sstevel@tonic-gate 
2417c478bd9Sstevel@tonic-gate /*
2427c478bd9Sstevel@tonic-gate  * After loading the configuration definitions, load the Kerberos definitions.
2437c478bd9Sstevel@tonic-gate  */
244505d05c7Sgtb #ifndef _KERNEL
245505d05c7Sgtb #include <errno.h>
246505d05c7Sgtb #include "profile.h"
247505d05c7Sgtb #endif
248505d05c7Sgtb 
2497c478bd9Sstevel@tonic-gate #include <krb5.h>
2507c478bd9Sstevel@tonic-gate 
2517c478bd9Sstevel@tonic-gate #ifndef _KERNEL
252505d05c7Sgtb #if 1 /* def NEED_SOCKETS */
2537c478bd9Sstevel@tonic-gate #include <port-sockets.h>
2547c478bd9Sstevel@tonic-gate #include <socket-utils.h>
2557c478bd9Sstevel@tonic-gate #else
2567c478bd9Sstevel@tonic-gate #ifndef SOCK_DGRAM
2577c478bd9Sstevel@tonic-gate struct sockaddr;
2587c478bd9Sstevel@tonic-gate #endif
2597c478bd9Sstevel@tonic-gate #endif
2607c478bd9Sstevel@tonic-gate #endif
2617c478bd9Sstevel@tonic-gate 
262505d05c7Sgtb /* Get mutex support; currently used only for the replay cache.  */
263505d05c7Sgtb #include "k5-thread.h"
264505d05c7Sgtb 
265fe598cdcSmp /*
266fe598cdcSmp  * Solaris Kerberos:
267fe598cdcSmp  * Define whether or not to do a reverse lookup when looking up a host in DNS.
268fe598cdcSmp  */
269fe598cdcSmp #define REV_LOOKUP 1
270fe598cdcSmp #define NO_REV_LOOKUP 0
271fe598cdcSmp 
272505d05c7Sgtb 
2737c478bd9Sstevel@tonic-gate /* krb5/krb5.h includes many other .h files in the krb5 subdirectory.
2747c478bd9Sstevel@tonic-gate    The ones that it doesn't include, we include below.  */
2757c478bd9Sstevel@tonic-gate 
2767c478bd9Sstevel@tonic-gate /*
2777c478bd9Sstevel@tonic-gate  * Begin "k5-errors.h"
2787c478bd9Sstevel@tonic-gate  */
2797c478bd9Sstevel@tonic-gate #ifndef KRB5_ERRORS__
2807c478bd9Sstevel@tonic-gate #define KRB5_ERRORS__
2817c478bd9Sstevel@tonic-gate 
2827c478bd9Sstevel@tonic-gate 
2837c478bd9Sstevel@tonic-gate /* Error codes used in KRB_ERROR protocol messages.
2847c478bd9Sstevel@tonic-gate    Return values of library routines are based on a different error table
2857c478bd9Sstevel@tonic-gate    (which allows non-ambiguous error codes between subsystems) */
2867c478bd9Sstevel@tonic-gate 
2877c478bd9Sstevel@tonic-gate /* KDC errors */
2887c478bd9Sstevel@tonic-gate #define	KDC_ERR_NONE			0 /* No error */
2897c478bd9Sstevel@tonic-gate #define	KDC_ERR_NAME_EXP		1 /* Client's entry in DB expired */
2907c478bd9Sstevel@tonic-gate #define	KDC_ERR_SERVICE_EXP		2 /* Server's entry in DB expired */
2917c478bd9Sstevel@tonic-gate #define	KDC_ERR_BAD_PVNO		3 /* Requested pvno not supported */
2927c478bd9Sstevel@tonic-gate #define	KDC_ERR_C_OLD_MAST_KVNO		4 /* C's key encrypted in old master */
2937c478bd9Sstevel@tonic-gate #define	KDC_ERR_S_OLD_MAST_KVNO		5 /* S's key encrypted in old master */
2947c478bd9Sstevel@tonic-gate #define	KDC_ERR_C_PRINCIPAL_UNKNOWN	6 /* Client not found in Kerberos DB */
2957c478bd9Sstevel@tonic-gate #define	KDC_ERR_S_PRINCIPAL_UNKNOWN	7 /* Server not found in Kerberos DB */
2967c478bd9Sstevel@tonic-gate #define	KDC_ERR_PRINCIPAL_NOT_UNIQUE	8 /* Multiple entries in Kerberos DB */
2977c478bd9Sstevel@tonic-gate #define	KDC_ERR_NULL_KEY		9 /* The C or S has a null key */
2987c478bd9Sstevel@tonic-gate #define	KDC_ERR_CANNOT_POSTDATE		10 /* Tkt ineligible for postdating */
2997c478bd9Sstevel@tonic-gate #define	KDC_ERR_NEVER_VALID		11 /* Requested starttime > endtime */
3007c478bd9Sstevel@tonic-gate #define	KDC_ERR_POLICY			12 /* KDC policy rejects request */
3017c478bd9Sstevel@tonic-gate #define	KDC_ERR_BADOPTION		13 /* KDC can't do requested opt. */
3027c478bd9Sstevel@tonic-gate #define	KDC_ERR_ENCTYPE_NOSUPP		14 /* No support for encryption type */
3037c478bd9Sstevel@tonic-gate #define KDC_ERR_SUMTYPE_NOSUPP		15 /* No support for checksum type */
3047c478bd9Sstevel@tonic-gate #define KDC_ERR_PADATA_TYPE_NOSUPP	16 /* No support for padata type */
3057c478bd9Sstevel@tonic-gate #define KDC_ERR_TRTYPE_NOSUPP		17 /* No support for transited type */
3067c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_REVOKED		18 /* C's creds have been revoked */
3077c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_REVOKED		19 /* S's creds have been revoked */
3087c478bd9Sstevel@tonic-gate #define KDC_ERR_TGT_REVOKED		20 /* TGT has been revoked */
3097c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_NOTYET		21 /* C not yet valid */
3107c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_NOTYET		22 /* S not yet valid */
3117c478bd9Sstevel@tonic-gate #define KDC_ERR_KEY_EXP			23 /* Password has expired */
3127c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_FAILED		24 /* Preauthentication failed */
3137c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_REQUIRED	25 /* Additional preauthentication */
3147c478bd9Sstevel@tonic-gate 					   /* required */
3157c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVER_NOMATCH		26 /* Requested server and */
3167c478bd9Sstevel@tonic-gate 					   /* ticket don't match*/
3177c478bd9Sstevel@tonic-gate /* Application errors */
3187c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BAD_INTEGRITY 31	/* Decrypt integrity check failed */
3197c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_TKT_EXPIRED	32	/* Ticket expired */
3207c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_TKT_NYV	33	/* Ticket not yet valid */
3217c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_REPEAT	34	/* Request is a replay */
3227c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_NOT_US	35	/* The ticket isn't for us */
3237c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BADMATCH	36	/* Ticket/authenticator don't match */
3247c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_SKEW		37	/* Clock skew too great */
3257c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BADADDR	38	/* Incorrect net address */
3267c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BADVERSION	39	/* Protocol version mismatch */
3277c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_MSG_TYPE	40	/* Invalid message type */
3287c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_MODIFIED	41	/* Message stream modified */
3297c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BADORDER	42	/* Message out of order */
3307c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BADKEYVER	44	/* Key version is not available */
3317c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_NOKEY	45	/* Service key not available */
3327c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_MUT_FAIL	46	/* Mutual authentication failed */
3337c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADDIRECTION	47 	/* Incorrect message direction */
3347c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_METHOD	48 	/* Alternative authentication */
3357c478bd9Sstevel@tonic-gate 					/* method required */
3367c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADSEQ	49 	/* Incorrect sequence numnber */
3377c478bd9Sstevel@tonic-gate 					/* in message */
3387c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_INAPP_CKSUM	50	/* Inappropriate type of */
3397c478bd9Sstevel@tonic-gate 					/* checksum in message */
3407c478bd9Sstevel@tonic-gate #define	KRB_AP_PATH_NOT_ACCEPTED 51	/* Policy rejects transited path */
3417c478bd9Sstevel@tonic-gate #define	KRB_ERR_RESPONSE_TOO_BIG 52	/* Response too big for UDP, */
3427c478bd9Sstevel@tonic-gate 					/*   retry with TCP */
3437c478bd9Sstevel@tonic-gate 
3447c478bd9Sstevel@tonic-gate /* other errors */
3457c478bd9Sstevel@tonic-gate #define KRB_ERR_GENERIC		60 	/* Generic error (description */
3467c478bd9Sstevel@tonic-gate 					/* in e-text) */
3477c478bd9Sstevel@tonic-gate #define	KRB_ERR_FIELD_TOOLONG	61	/* Field is too long for impl. */
3487c478bd9Sstevel@tonic-gate 
3497c478bd9Sstevel@tonic-gate #endif /* KRB5_ERRORS__ */
3507c478bd9Sstevel@tonic-gate /*
3517c478bd9Sstevel@tonic-gate  * End "k5-errors.h"
3527c478bd9Sstevel@tonic-gate  */
3537c478bd9Sstevel@tonic-gate 
3547c478bd9Sstevel@tonic-gate /*
3557c478bd9Sstevel@tonic-gate  * This structure is returned in the e-data field of the KRB-ERROR
3567c478bd9Sstevel@tonic-gate  * message when the error calling for an alternative form of
3577c478bd9Sstevel@tonic-gate  * authentication is returned, KRB_AP_METHOD.
3587c478bd9Sstevel@tonic-gate  */
3597c478bd9Sstevel@tonic-gate typedef struct _krb5_alt_method {
3607c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
3617c478bd9Sstevel@tonic-gate 	krb5_int32	method;
3627c478bd9Sstevel@tonic-gate 	unsigned int	length;
3637c478bd9Sstevel@tonic-gate 	krb5_octet	*data;
3647c478bd9Sstevel@tonic-gate } krb5_alt_method;
3657c478bd9Sstevel@tonic-gate 
3667c478bd9Sstevel@tonic-gate /*
3677c478bd9Sstevel@tonic-gate  * A null-terminated array of this structure is returned by the KDC as
3687c478bd9Sstevel@tonic-gate  * the data part of the ETYPE_INFO preauth type.  It informs the
3697c478bd9Sstevel@tonic-gate  * client which encryption types are supported.
3707c478bd9Sstevel@tonic-gate  * The	same data structure is used by both etype-info and etype-info2
3717c478bd9Sstevel@tonic-gate  * but s2kparams must be null when encoding etype-info.
3727c478bd9Sstevel@tonic-gate  */
3737c478bd9Sstevel@tonic-gate typedef struct _krb5_etype_info_entry {
3747c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
3757c478bd9Sstevel@tonic-gate 	krb5_enctype	etype;
3767c478bd9Sstevel@tonic-gate 	unsigned int	length;
3777c478bd9Sstevel@tonic-gate 	krb5_octet	*salt;
3787c478bd9Sstevel@tonic-gate 	krb5_data	s2kparams;
3797c478bd9Sstevel@tonic-gate } krb5_etype_info_entry;
3807c478bd9Sstevel@tonic-gate 
3817c478bd9Sstevel@tonic-gate /*
3827c478bd9Sstevel@tonic-gate  *  This is essentially -1 without sign extension which can screw up
3837c478bd9Sstevel@tonic-gate  *  comparisons on 64 bit machines. If the length is this value, then
3847c478bd9Sstevel@tonic-gate  *  the salt data is not present. This is to distinguish between not
3857c478bd9Sstevel@tonic-gate  *  being set and being of 0 length.
3867c478bd9Sstevel@tonic-gate  */
3877c478bd9Sstevel@tonic-gate #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS
3887c478bd9Sstevel@tonic-gate 
3897c478bd9Sstevel@tonic-gate typedef krb5_etype_info_entry ** krb5_etype_info;
3907c478bd9Sstevel@tonic-gate 
3917c478bd9Sstevel@tonic-gate /*
3927c478bd9Sstevel@tonic-gate  * a sam_challenge is returned for alternate preauth
3937c478bd9Sstevel@tonic-gate  */
3947c478bd9Sstevel@tonic-gate /*
3957c478bd9Sstevel@tonic-gate           SAMFlags ::= BIT STRING {
3967c478bd9Sstevel@tonic-gate               use-sad-as-key[0],
3977c478bd9Sstevel@tonic-gate               send-encrypted-sad[1],
3987c478bd9Sstevel@tonic-gate               must-pk-encrypt-sad[2]
3997c478bd9Sstevel@tonic-gate           }
4007c478bd9Sstevel@tonic-gate  */
4017c478bd9Sstevel@tonic-gate /*
4027c478bd9Sstevel@tonic-gate           PA-SAM-CHALLENGE ::= SEQUENCE {
4037c478bd9Sstevel@tonic-gate               sam-type[0]                 INTEGER,
4047c478bd9Sstevel@tonic-gate               sam-flags[1]                SAMFlags,
4057c478bd9Sstevel@tonic-gate               sam-type-name[2]            GeneralString OPTIONAL,
4067c478bd9Sstevel@tonic-gate               sam-track-id[3]             GeneralString OPTIONAL,
4077c478bd9Sstevel@tonic-gate               sam-challenge-label[4]      GeneralString OPTIONAL,
4087c478bd9Sstevel@tonic-gate               sam-challenge[5]            GeneralString OPTIONAL,
4097c478bd9Sstevel@tonic-gate               sam-response-prompt[6]      GeneralString OPTIONAL,
4107c478bd9Sstevel@tonic-gate               sam-pk-for-sad[7]           EncryptionKey OPTIONAL,
4117c478bd9Sstevel@tonic-gate               sam-nonce[8]                INTEGER OPTIONAL,
4127c478bd9Sstevel@tonic-gate               sam-cksum[9]                Checksum OPTIONAL
4137c478bd9Sstevel@tonic-gate           }
4147c478bd9Sstevel@tonic-gate */
4157c478bd9Sstevel@tonic-gate /* sam_type values -- informational only */
4167c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ENIGMA     1   /*  Enigma Logic */
4177c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH  2   /*  Digital Pathways */
4187c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY_K0    3   /*  S/key where  KDC has key 0 */
4197c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY       4   /*  Traditional S/Key */
4207c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID    5   /*  Security Dynamics */
4217c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_CRYPTOCARD 6   /*  CRYPTOCard */
4227c478bd9Sstevel@tonic-gate #if 1 /* XXX need to figure out who has which numbers assigned */
4237c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_DEC  6   /*  ActivCard decimal mode */
4247c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_HEX  7   /*  ActivCard hex mode */
4257c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH_HEX  8   /*  Digital Pathways hex mode */
4267c478bd9Sstevel@tonic-gate #endif
4277c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_EXP_BASE    128 /* experimental */
4287c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_GRAIL		(PA_SAM_TYPE_EXP_BASE+0) /* testing */
4297c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID_PREDICT	(PA_SAM_TYPE_EXP_BASE+1) /* special */
4307c478bd9Sstevel@tonic-gate 
4317c478bd9Sstevel@tonic-gate typedef struct _krb5_predicted_sam_response {
4327c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
4337c478bd9Sstevel@tonic-gate 	krb5_keyblock	sam_key;
4347c478bd9Sstevel@tonic-gate         krb5_flags      sam_flags; /* Makes key munging easier */
4357c478bd9Sstevel@tonic-gate         krb5_timestamp  stime;  /* time on server, for replay detection */
4367c478bd9Sstevel@tonic-gate         krb5_int32      susec;
4377c478bd9Sstevel@tonic-gate         krb5_principal  client;
4387c478bd9Sstevel@tonic-gate         krb5_data       msd;    /* mechanism specific data */
4397c478bd9Sstevel@tonic-gate } krb5_predicted_sam_response;
4407c478bd9Sstevel@tonic-gate 
4417c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge {
4427c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
4437c478bd9Sstevel@tonic-gate 	krb5_int32	sam_type; /* information */
4447c478bd9Sstevel@tonic-gate 	krb5_flags	sam_flags; /* KRB5_SAM_* values */
4457c478bd9Sstevel@tonic-gate 	krb5_data	sam_type_name;
4467c478bd9Sstevel@tonic-gate 	krb5_data	sam_track_id;
4477c478bd9Sstevel@tonic-gate 	krb5_data	sam_challenge_label;
4487c478bd9Sstevel@tonic-gate 	krb5_data	sam_challenge;
4497c478bd9Sstevel@tonic-gate 	krb5_data	sam_response_prompt;
4507c478bd9Sstevel@tonic-gate 	krb5_data	sam_pk_for_sad;
4517c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
4527c478bd9Sstevel@tonic-gate 	krb5_checksum	sam_cksum;
4537c478bd9Sstevel@tonic-gate } krb5_sam_challenge;
4547c478bd9Sstevel@tonic-gate 
4557c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_key {	/* reserved for future use */
4567c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
4577c478bd9Sstevel@tonic-gate 	krb5_keyblock	sam_key;
4587c478bd9Sstevel@tonic-gate } krb5_sam_key;
4597c478bd9Sstevel@tonic-gate 
4607c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc {
4617c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
4627c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
4637c478bd9Sstevel@tonic-gate 	krb5_timestamp	sam_timestamp;
4647c478bd9Sstevel@tonic-gate 	krb5_int32	sam_usec;
4657c478bd9Sstevel@tonic-gate 	krb5_data	sam_sad;
4667c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc;
4677c478bd9Sstevel@tonic-gate 
4687c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response {
4697c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
4707c478bd9Sstevel@tonic-gate 	krb5_int32	sam_type; /* informational */
4717c478bd9Sstevel@tonic-gate 	krb5_flags	sam_flags; /* KRB5_SAM_* values */
4727c478bd9Sstevel@tonic-gate 	krb5_data	sam_track_id; /* copied */
4737c478bd9Sstevel@tonic-gate 	krb5_enc_data	sam_enc_key; /* krb5_sam_key - future use */
4747c478bd9Sstevel@tonic-gate 	krb5_enc_data	sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */
4757c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
4767c478bd9Sstevel@tonic-gate 	krb5_timestamp	sam_patimestamp;
4777c478bd9Sstevel@tonic-gate } krb5_sam_response;
4787c478bd9Sstevel@tonic-gate 
4797c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2 {
4807c478bd9Sstevel@tonic-gate 	krb5_data	sam_challenge_2_body;
4817c478bd9Sstevel@tonic-gate 	krb5_checksum	**sam_cksum;		/* Array of checksums */
4827c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2;
4837c478bd9Sstevel@tonic-gate 
4847c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2_body {
4857c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
4867c478bd9Sstevel@tonic-gate 	krb5_int32	sam_type; /* information */
4877c478bd9Sstevel@tonic-gate 	krb5_flags	sam_flags; /* KRB5_SAM_* values */
4887c478bd9Sstevel@tonic-gate 	krb5_data	sam_type_name;
4897c478bd9Sstevel@tonic-gate 	krb5_data	sam_track_id;
4907c478bd9Sstevel@tonic-gate 	krb5_data	sam_challenge_label;
4917c478bd9Sstevel@tonic-gate 	krb5_data	sam_challenge;
4927c478bd9Sstevel@tonic-gate 	krb5_data	sam_response_prompt;
4937c478bd9Sstevel@tonic-gate 	krb5_data	sam_pk_for_sad;
4947c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
4957c478bd9Sstevel@tonic-gate 	krb5_enctype	sam_etype;
4967c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2_body;
4977c478bd9Sstevel@tonic-gate 
4987c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response_2 {
4997c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
5007c478bd9Sstevel@tonic-gate 	krb5_int32	sam_type; /* informational */
5017c478bd9Sstevel@tonic-gate 	krb5_flags	sam_flags; /* KRB5_SAM_* values */
5027c478bd9Sstevel@tonic-gate 	krb5_data	sam_track_id; /* copied */
5037c478bd9Sstevel@tonic-gate 	krb5_enc_data	sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */
5047c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
5057c478bd9Sstevel@tonic-gate } krb5_sam_response_2;
5067c478bd9Sstevel@tonic-gate 
5077c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc_2 {
5087c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
5097c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
5107c478bd9Sstevel@tonic-gate 	krb5_data	sam_sad;
5117c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc_2;
5127c478bd9Sstevel@tonic-gate 
5137c478bd9Sstevel@tonic-gate /*
5147c478bd9Sstevel@tonic-gate  * Begin "dbm.h"
5157c478bd9Sstevel@tonic-gate  */
5167c478bd9Sstevel@tonic-gate #ifndef _KERNEL
5177c478bd9Sstevel@tonic-gate 
5187c478bd9Sstevel@tonic-gate /*
5197c478bd9Sstevel@tonic-gate  * Since we are always using db, use the db-ndbm include header file.
5207c478bd9Sstevel@tonic-gate  */
5217c478bd9Sstevel@tonic-gate 
5227c478bd9Sstevel@tonic-gate #include "db-ndbm.h"
5237c478bd9Sstevel@tonic-gate 
5247c478bd9Sstevel@tonic-gate #endif /* !KERNEL */
5257c478bd9Sstevel@tonic-gate /*
5267c478bd9Sstevel@tonic-gate  * End "dbm.h"
5277c478bd9Sstevel@tonic-gate  */
5287c478bd9Sstevel@tonic-gate 
5297c478bd9Sstevel@tonic-gate /*
5307c478bd9Sstevel@tonic-gate  * Begin "ext-proto.h"
5317c478bd9Sstevel@tonic-gate  */
5327c478bd9Sstevel@tonic-gate #ifndef KRB5_EXT_PROTO__
5337c478bd9Sstevel@tonic-gate #define KRB5_EXT_PROTO__
5347c478bd9Sstevel@tonic-gate 
5357c478bd9Sstevel@tonic-gate #ifndef _KERNEL
5367c478bd9Sstevel@tonic-gate #include <stdlib.h>
5377c478bd9Sstevel@tonic-gate #include <string.h>
5387c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
5397c478bd9Sstevel@tonic-gate 
5407c478bd9Sstevel@tonic-gate #ifndef HAVE_STRDUP
5417c478bd9Sstevel@tonic-gate extern char *strdup (const char *);
5427c478bd9Sstevel@tonic-gate #endif
5437c478bd9Sstevel@tonic-gate 
5447c478bd9Sstevel@tonic-gate #ifndef _KERNEL
5457c478bd9Sstevel@tonic-gate #ifdef HAVE_UNISTD_H
5467c478bd9Sstevel@tonic-gate #include <unistd.h>
5477c478bd9Sstevel@tonic-gate #endif
5487c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
5497c478bd9Sstevel@tonic-gate 
5507c478bd9Sstevel@tonic-gate #endif /* KRB5_EXT_PROTO__ */
5517c478bd9Sstevel@tonic-gate /*
5527c478bd9Sstevel@tonic-gate  * End "ext-proto.h"
5537c478bd9Sstevel@tonic-gate  */
5547c478bd9Sstevel@tonic-gate 
5557c478bd9Sstevel@tonic-gate /*
5567c478bd9Sstevel@tonic-gate  * Begin "sysincl.h"
5577c478bd9Sstevel@tonic-gate  */
5587c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSINCL__
5597c478bd9Sstevel@tonic-gate #define KRB5_SYSINCL__
5607c478bd9Sstevel@tonic-gate 
5617c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__
5627c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__
5637c478bd9Sstevel@tonic-gate /* needed for much of the rest -- but already handled in krb5.h? */
5647c478bd9Sstevel@tonic-gate /* #include <sys/types.h> */
5657c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */
5667c478bd9Sstevel@tonic-gate 
5677c478bd9Sstevel@tonic-gate #ifdef	_KERNEL
5687c478bd9Sstevel@tonic-gate #include <sys/time.h>
5697c478bd9Sstevel@tonic-gate #else
5707c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TIME_H
5717c478bd9Sstevel@tonic-gate #include <sys/time.h>
5727c478bd9Sstevel@tonic-gate #ifdef TIME_WITH_SYS_TIME
5737c478bd9Sstevel@tonic-gate #include <time.h>
5747c478bd9Sstevel@tonic-gate #endif
5757c478bd9Sstevel@tonic-gate #else
5767c478bd9Sstevel@tonic-gate #include <time.h>
5777c478bd9Sstevel@tonic-gate #endif
5787c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
5797c478bd9Sstevel@tonic-gate 
5807c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_STAT_H
5817c478bd9Sstevel@tonic-gate #include <sys/stat.h>			/* struct stat, stat() */
5827c478bd9Sstevel@tonic-gate #endif
5837c478bd9Sstevel@tonic-gate 
5847c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_PARAM_H
5857c478bd9Sstevel@tonic-gate #include <sys/param.h>			/* MAXPATHLEN */
5867c478bd9Sstevel@tonic-gate #endif
5877c478bd9Sstevel@tonic-gate 
5887c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_FILE_H
5897c478bd9Sstevel@tonic-gate #include <sys/file.h>			/* prototypes for file-related
5907c478bd9Sstevel@tonic-gate 					   syscalls; flags for open &
5917c478bd9Sstevel@tonic-gate 					   friends */
5927c478bd9Sstevel@tonic-gate #endif
5937c478bd9Sstevel@tonic-gate 
5947c478bd9Sstevel@tonic-gate #ifdef _KERNEL
5957c478bd9Sstevel@tonic-gate #include <sys/fcntl.h>
5967c478bd9Sstevel@tonic-gate #else
5977c478bd9Sstevel@tonic-gate #include <fcntl.h>
5987c478bd9Sstevel@tonic-gate #endif
5997c478bd9Sstevel@tonic-gate 
6007c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSINCL__ */
6017c478bd9Sstevel@tonic-gate /*
6027c478bd9Sstevel@tonic-gate  * End "sysincl.h"
6037c478bd9Sstevel@tonic-gate  */
6047c478bd9Sstevel@tonic-gate 
6057c478bd9Sstevel@tonic-gate /*
6067c478bd9Sstevel@tonic-gate  * Begin "los-proto.h"
6077c478bd9Sstevel@tonic-gate  */
6087c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS_PROTO__
6097c478bd9Sstevel@tonic-gate #define KRB5_LIBOS_PROTO__
6107c478bd9Sstevel@tonic-gate 
6117c478bd9Sstevel@tonic-gate #ifndef	_KERNEL
6127c478bd9Sstevel@tonic-gate #include <stdio.h>
6137c478bd9Sstevel@tonic-gate 
6147c478bd9Sstevel@tonic-gate struct addrlist;
6157c478bd9Sstevel@tonic-gate #endif
6167c478bd9Sstevel@tonic-gate 
6177c478bd9Sstevel@tonic-gate /* libos.spec */
6187c478bd9Sstevel@tonic-gate krb5_error_code krb5_lock_file
6197c478bd9Sstevel@tonic-gate 	(krb5_context, int, int);
6207c478bd9Sstevel@tonic-gate 
6217c478bd9Sstevel@tonic-gate krb5_error_code krb5_unlock_file
6227c478bd9Sstevel@tonic-gate 	(krb5_context, int);
6237c478bd9Sstevel@tonic-gate 
6247c478bd9Sstevel@tonic-gate int krb5_net_read
6257c478bd9Sstevel@tonic-gate 	(krb5_context, int , char *, int);
6267c478bd9Sstevel@tonic-gate 
6277c478bd9Sstevel@tonic-gate int krb5_net_write
6287c478bd9Sstevel@tonic-gate 	(krb5_context, int , const char *, int);
6297c478bd9Sstevel@tonic-gate 
6307c478bd9Sstevel@tonic-gate krb5_error_code krb5_sendto_kdc
6317c478bd9Sstevel@tonic-gate 	(krb5_context, const krb5_data *, const krb5_data *,
632505d05c7Sgtb 	   krb5_data *, int *, int);
6337c478bd9Sstevel@tonic-gate 
6347c478bd9Sstevel@tonic-gate krb5_error_code krb5_get_krbhst
6357c478bd9Sstevel@tonic-gate 	(krb5_context, const krb5_data *, char ***);
6367c478bd9Sstevel@tonic-gate 
6377c478bd9Sstevel@tonic-gate krb5_error_code krb5_free_krbhst
6387c478bd9Sstevel@tonic-gate 	(krb5_context, char * const *);
6397c478bd9Sstevel@tonic-gate 
6407c478bd9Sstevel@tonic-gate krb5_error_code krb5_gen_replay_name
6417c478bd9Sstevel@tonic-gate     (krb5_context, const krb5_address *, const char *, char **);
6427c478bd9Sstevel@tonic-gate 
6437c478bd9Sstevel@tonic-gate krb5_error_code krb5_create_secure_file
6447c478bd9Sstevel@tonic-gate 	(krb5_context, const char * pathname);
6457c478bd9Sstevel@tonic-gate 
6467c478bd9Sstevel@tonic-gate #ifndef	_KERNEL
6477c478bd9Sstevel@tonic-gate krb5_error_code krb5_sync_disk_file
6487c478bd9Sstevel@tonic-gate 	(krb5_context, FILE *fp);
6497c478bd9Sstevel@tonic-gate 
6507c478bd9Sstevel@tonic-gate krb5_error_code
6517c478bd9Sstevel@tonic-gate krb5_open_pkcs11_session(CK_SESSION_HANDLE *);
6527c478bd9Sstevel@tonic-gate 
6537c478bd9Sstevel@tonic-gate 
6547c478bd9Sstevel@tonic-gate krb5_error_code krb5_read_message
6557c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_pointer, krb5_data *);
6567c478bd9Sstevel@tonic-gate 
6577c478bd9Sstevel@tonic-gate krb5_error_code krb5_write_message
6587c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_pointer, krb5_data *);
6597c478bd9Sstevel@tonic-gate 
66054925bf6Swillf krb5_error_code
66154925bf6Swillf krb5int_sendto (krb5_context context, const krb5_data *message,
66254925bf6Swillf 		const struct addrlist *addrs, krb5_data *reply,
66354925bf6Swillf 		struct sockaddr_storage *localaddr, socklen_t *localaddrlen,
66454925bf6Swillf 		int *addr_used);
66554925bf6Swillf 
6667c478bd9Sstevel@tonic-gate krb5_error_code krb5int_get_fq_local_hostname (char *, size_t);
66754925bf6Swillf #endif
6687c478bd9Sstevel@tonic-gate 
669fe598cdcSmp /*
670fe598cdcSmp  * Solaris Kerberos
671fe598cdcSmp  * The following two functions are needed for better realm
672fe598cdcSmp  * determination based on the DNS domain name.
673fe598cdcSmp  */
674fe598cdcSmp krb5_error_code krb5int_lookup_host(int , const char *, char **);
675fe598cdcSmp 
676fe598cdcSmp krb5_error_code krb5int_domain_get_realm(krb5_context, const char *,
677fe598cdcSmp     char **);
678fe598cdcSmp krb5_error_code krb5int_fqdn_get_realm(krb5_context, const char *,
679fe598cdcSmp     char **);
680fe598cdcSmp 
68154925bf6Swillf krb5_error_code krb5int_init_context_kdc(krb5_context *);
68254925bf6Swillf 
6837c478bd9Sstevel@tonic-gate krb5_error_code krb5_os_init_context
68454925bf6Swillf         (krb5_context, krb5_boolean);
6857c478bd9Sstevel@tonic-gate 
6867c478bd9Sstevel@tonic-gate void krb5_os_free_context (krb5_context);
6877c478bd9Sstevel@tonic-gate 
688505d05c7Sgtb /* This function is needed by KfM's KerberosPreferences API
689505d05c7Sgtb  * because it needs to be able to specify "secure" */
690505d05c7Sgtb #ifndef _KERNEL
691505d05c7Sgtb krb5_error_code os_get_default_config_files
692505d05c7Sgtb     (profile_filespec_t **pfiles, krb5_boolean secure);
693505d05c7Sgtb #endif
694505d05c7Sgtb 
6957c478bd9Sstevel@tonic-gate krb5_error_code krb5_find_config_files(void);
6967c478bd9Sstevel@tonic-gate 
697505d05c7Sgtb krb5_error_code krb5_os_hostaddr
698505d05c7Sgtb     (krb5_context, const char *, krb5_address ***);
699505d05c7Sgtb 
7007c478bd9Sstevel@tonic-gate #ifndef _KERNEL
7017c478bd9Sstevel@tonic-gate /* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're
7027c478bd9Sstevel@tonic-gate  * going to use this structure.  */
7037c478bd9Sstevel@tonic-gate struct addrlist {
7047c478bd9Sstevel@tonic-gate 	struct addrinfo **addrs;
7057c478bd9Sstevel@tonic-gate 	int naddrs;
7067c478bd9Sstevel@tonic-gate 	int space;
7077c478bd9Sstevel@tonic-gate };
7087c478bd9Sstevel@tonic-gate 
7097c478bd9Sstevel@tonic-gate #define	ADDRLIST_INIT { 0, 0, 0 }
7107c478bd9Sstevel@tonic-gate extern void krb5int_free_addrlist (struct addrlist *);
7117c478bd9Sstevel@tonic-gate extern int krb5int_grow_addrlist (struct addrlist *, int);
7127c478bd9Sstevel@tonic-gate extern int krb5int_add_host_to_list (struct addrlist *, const char *,
7137c478bd9Sstevel@tonic-gate 			int, int, int, int);
7147c478bd9Sstevel@tonic-gate 
71510db1377Sgtb krb5_error_code
71610db1377Sgtb krb5int_locate_server (krb5_context,
71710db1377Sgtb 		       const krb5_data *realm,
71810db1377Sgtb 		       struct addrlist *,
71910db1377Sgtb 		       /* Only meaningful for kdc, really...  */
72010db1377Sgtb 		       int want_masters,
72110db1377Sgtb 		       /* look up [realms]->$realm->$name in krb5.conf */
72210db1377Sgtb 		       const char *profilename,
72310db1377Sgtb 		       /* SRV record lookup */
72410db1377Sgtb 		       const char *dnsname,
72510db1377Sgtb 		       int is_stream_service,
72610db1377Sgtb 		       /* Port numbers, in network order!  For profile
72710db1377Sgtb 			  version only, DNS code gets port numbers
72810db1377Sgtb 			  itself.  Use 0 for dflport2 if there's no
72910db1377Sgtb 			  secondary port (most common, except kdc
73010db1377Sgtb 			  case).  */
73110db1377Sgtb 		       int dflport1, int dflport2,
73210db1377Sgtb 		       int family);
73310db1377Sgtb 
7347c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
7357c478bd9Sstevel@tonic-gate 
7367c478bd9Sstevel@tonic-gate #endif /* KRB5_LIBOS_PROTO__ */
7377c478bd9Sstevel@tonic-gate 
7387c478bd9Sstevel@tonic-gate /* new encryption provider api */
7397c478bd9Sstevel@tonic-gate 
7407c478bd9Sstevel@tonic-gate struct krb5_enc_provider {
7417c478bd9Sstevel@tonic-gate 
7427c478bd9Sstevel@tonic-gate     /* keybytes is the input size to make_key;
7437c478bd9Sstevel@tonic-gate        keylength is the output size */
744505d05c7Sgtb     size_t block_size, keybytes, keylength;
7457c478bd9Sstevel@tonic-gate 
746505d05c7Sgtb     /* cipher-state == 0 fresh state thrown away at end */
7477c478bd9Sstevel@tonic-gate     krb5_error_code (*encrypt) (
7487c478bd9Sstevel@tonic-gate 	krb5_context context,
7497c478bd9Sstevel@tonic-gate 	krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec,
7507c478bd9Sstevel@tonic-gate 	krb5_const krb5_data *input, krb5_data *output);
7517c478bd9Sstevel@tonic-gate 
7527c478bd9Sstevel@tonic-gate     krb5_error_code (*decrypt) (
7537c478bd9Sstevel@tonic-gate 	krb5_context context,
7547c478bd9Sstevel@tonic-gate 	krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec,
7557c478bd9Sstevel@tonic-gate 	krb5_const krb5_data *input, krb5_data *output);
7567c478bd9Sstevel@tonic-gate 
7577c478bd9Sstevel@tonic-gate     krb5_error_code (*make_key)
7587c478bd9Sstevel@tonic-gate     (krb5_context, krb5_const krb5_data *, krb5_keyblock *);
7597c478bd9Sstevel@tonic-gate 
7607c478bd9Sstevel@tonic-gate     krb5_error_code (*init_state) (krb5_context,
7617c478bd9Sstevel@tonic-gate 			const krb5_keyblock *,
7627c478bd9Sstevel@tonic-gate 			krb5_keyusage, krb5_data *);
7637c478bd9Sstevel@tonic-gate     krb5_error_code (*free_state) (krb5_context, krb5_data *);
7647c478bd9Sstevel@tonic-gate 
7657c478bd9Sstevel@tonic-gate };
7667c478bd9Sstevel@tonic-gate 
7677c478bd9Sstevel@tonic-gate struct krb5_hash_provider {
768505d05c7Sgtb     size_t hashsize, blocksize;
7697c478bd9Sstevel@tonic-gate 
7707c478bd9Sstevel@tonic-gate     /* this takes multiple inputs to avoid lots of copying. */
7717c478bd9Sstevel@tonic-gate     krb5_error_code (*hash) (krb5_context context,
7727c478bd9Sstevel@tonic-gate 	unsigned int icount, krb5_const krb5_data *input,
7737c478bd9Sstevel@tonic-gate 	krb5_data *output);
7747c478bd9Sstevel@tonic-gate };
7757c478bd9Sstevel@tonic-gate 
7767c478bd9Sstevel@tonic-gate struct krb5_keyhash_provider {
777505d05c7Sgtb     size_t hashsize;
7787c478bd9Sstevel@tonic-gate 
7797c478bd9Sstevel@tonic-gate     krb5_error_code (*hash) (
7807c478bd9Sstevel@tonic-gate 	krb5_context context,
7817c478bd9Sstevel@tonic-gate 	krb5_const krb5_keyblock *key,
7827c478bd9Sstevel@tonic-gate 	krb5_keyusage keyusage,
7837c478bd9Sstevel@tonic-gate 	krb5_const krb5_data *ivec,
7847c478bd9Sstevel@tonic-gate 	krb5_const krb5_data *input, krb5_data *output);
7857c478bd9Sstevel@tonic-gate 
7867c478bd9Sstevel@tonic-gate     krb5_error_code (*verify) (
7877c478bd9Sstevel@tonic-gate 	krb5_context context,
7887c478bd9Sstevel@tonic-gate 	krb5_const krb5_keyblock *key,
7897c478bd9Sstevel@tonic-gate 	krb5_keyusage keyusage,
7907c478bd9Sstevel@tonic-gate 	krb5_const krb5_data *ivec,
7917c478bd9Sstevel@tonic-gate 	krb5_const krb5_data *input,
7927c478bd9Sstevel@tonic-gate 	krb5_const krb5_data *hash,
7937c478bd9Sstevel@tonic-gate 	krb5_boolean *valid);
7947c478bd9Sstevel@tonic-gate 
7957c478bd9Sstevel@tonic-gate };
7967c478bd9Sstevel@tonic-gate 
7977c478bd9Sstevel@tonic-gate typedef void (*krb5_encrypt_length_func) (
7987c478bd9Sstevel@tonic-gate   krb5_const struct krb5_enc_provider *enc,
7997c478bd9Sstevel@tonic-gate   krb5_const struct krb5_hash_provider *hash,
8007c478bd9Sstevel@tonic-gate   size_t inputlen, size_t *length);
8017c478bd9Sstevel@tonic-gate 
8027c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_crypt_func) (
8037c478bd9Sstevel@tonic-gate   krb5_context context,
8047c478bd9Sstevel@tonic-gate   krb5_const struct krb5_enc_provider *enc,
8057c478bd9Sstevel@tonic-gate   krb5_const struct krb5_hash_provider *hash,
8067c478bd9Sstevel@tonic-gate   krb5_const krb5_keyblock *key, krb5_keyusage usage,
8077c478bd9Sstevel@tonic-gate   krb5_const krb5_data *ivec,
8087c478bd9Sstevel@tonic-gate   krb5_const krb5_data *input, krb5_data *output);
8097c478bd9Sstevel@tonic-gate 
8107c478bd9Sstevel@tonic-gate #ifndef	_KERNEL
8117c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_str2key_func) (
8127c478bd9Sstevel@tonic-gate   krb5_context context,
8137c478bd9Sstevel@tonic-gate   krb5_const struct krb5_enc_provider *enc, krb5_const krb5_data *string,
8147c478bd9Sstevel@tonic-gate   krb5_const krb5_data *salt, krb5_const krb5_data *params,
8157c478bd9Sstevel@tonic-gate   krb5_keyblock *key);
8167c478bd9Sstevel@tonic-gate #endif	/* _KERNEL */
8177c478bd9Sstevel@tonic-gate 
8187c478bd9Sstevel@tonic-gate struct krb5_keytypes {
8197c478bd9Sstevel@tonic-gate     krb5_enctype etype;
8207c478bd9Sstevel@tonic-gate     char *in_string;
8217c478bd9Sstevel@tonic-gate     char *out_string;
8227c478bd9Sstevel@tonic-gate     const struct krb5_enc_provider *enc;
8237c478bd9Sstevel@tonic-gate     const struct krb5_hash_provider *hash;
8247c478bd9Sstevel@tonic-gate     krb5_encrypt_length_func encrypt_len;
8257c478bd9Sstevel@tonic-gate     krb5_crypt_func encrypt;
8267c478bd9Sstevel@tonic-gate     krb5_crypt_func decrypt;
8277c478bd9Sstevel@tonic-gate     krb5_cksumtype required_ctype;
8287c478bd9Sstevel@tonic-gate #ifndef	_KERNEL
8297c478bd9Sstevel@tonic-gate     /* Solaris Kerberos:  strings to key conversion not done in the kernel */
8307c478bd9Sstevel@tonic-gate     krb5_str2key_func str2key;
8317c478bd9Sstevel@tonic-gate #else	/* _KERNEL */
8327c478bd9Sstevel@tonic-gate     char *mt_e_name;
8337c478bd9Sstevel@tonic-gate     char *mt_h_name;
8347c478bd9Sstevel@tonic-gate     crypto_mech_type_t kef_cipher_mt;
8357c478bd9Sstevel@tonic-gate     crypto_mech_type_t kef_hash_mt;
8367c478bd9Sstevel@tonic-gate #endif	/* _KERNEL */
8377c478bd9Sstevel@tonic-gate };
8387c478bd9Sstevel@tonic-gate 
8397c478bd9Sstevel@tonic-gate 
8407c478bd9Sstevel@tonic-gate struct krb5_cksumtypes {
8417c478bd9Sstevel@tonic-gate     krb5_cksumtype ctype;
8427c478bd9Sstevel@tonic-gate     unsigned int flags;
8437c478bd9Sstevel@tonic-gate     char *in_string;
8447c478bd9Sstevel@tonic-gate     char *out_string;
8457c478bd9Sstevel@tonic-gate     /* if the hash is keyed, this is the etype it is keyed with.
8467c478bd9Sstevel@tonic-gate        Actually, it can be keyed by any etype which has the same
8477c478bd9Sstevel@tonic-gate        enc_provider as the specified etype.  DERIVE checksums can
8487c478bd9Sstevel@tonic-gate        be keyed with any valid etype. */
8497c478bd9Sstevel@tonic-gate     krb5_enctype keyed_etype;
8507c478bd9Sstevel@tonic-gate     /* I can't statically initialize a union, so I'm just going to use
8517c478bd9Sstevel@tonic-gate        two pointers here.  The keyhash is used if non-NULL.  If NULL,
8527c478bd9Sstevel@tonic-gate        then HMAC/hash with derived keys is used if the relevant flag
8537c478bd9Sstevel@tonic-gate        is set.  Otherwise, a non-keyed hash is computed.  This is all
8547c478bd9Sstevel@tonic-gate        kind of messy, but so is the krb5 api. */
8557c478bd9Sstevel@tonic-gate     const struct krb5_keyhash_provider *keyhash;
8567c478bd9Sstevel@tonic-gate     const struct krb5_hash_provider *hash;
8577c478bd9Sstevel@tonic-gate     /* This just gets uglier and uglier.  In the key derivation case,
8587c478bd9Sstevel@tonic-gate 	we produce an hmac.  To make the hmac code work, we can't hack
8597c478bd9Sstevel@tonic-gate 	the output size indicated by the hash provider, but we may want
8607c478bd9Sstevel@tonic-gate 	a truncated hmac.  If we want truncation, this is the number of
8617c478bd9Sstevel@tonic-gate 	bytes we truncate to; it should be 0 otherwise.	*/
8627c478bd9Sstevel@tonic-gate     unsigned int trunc_size;
8637c478bd9Sstevel@tonic-gate #ifdef _KERNEL
8647c478bd9Sstevel@tonic-gate     char *mt_c_name;
8657c478bd9Sstevel@tonic-gate     crypto_mech_type_t kef_cksum_mt;
8667c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
8677c478bd9Sstevel@tonic-gate };
8687c478bd9Sstevel@tonic-gate 
8697c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_DERIVE		0x0001
8707c478bd9Sstevel@tonic-gate #define KRB5_CKSUMFLAG_NOT_COLL_PROOF	0x0002
8717c478bd9Sstevel@tonic-gate 
8727c478bd9Sstevel@tonic-gate krb5_error_code krb5int_des_init_state(
8737c478bd9Sstevel@tonic-gate 	krb5_context,
8747c478bd9Sstevel@tonic-gate 	const krb5_keyblock *,
8757c478bd9Sstevel@tonic-gate 	krb5_keyusage, krb5_data *);
8767c478bd9Sstevel@tonic-gate 
8777c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_mandatory_cksumtype(
8787c478bd9Sstevel@tonic-gate 	krb5_context,
8797c478bd9Sstevel@tonic-gate 	krb5_enctype,
8807c478bd9Sstevel@tonic-gate 	krb5_cksumtype *);
8817c478bd9Sstevel@tonic-gate 
8827c478bd9Sstevel@tonic-gate /*
8837c478bd9Sstevel@tonic-gate  * normally to free a cipher_state you can just memset the length to zero and
8847c478bd9Sstevel@tonic-gate  * free it.
8857c478bd9Sstevel@tonic-gate  */
8867c478bd9Sstevel@tonic-gate krb5_error_code krb5int_default_free_state(krb5_context, krb5_data *);
8877c478bd9Sstevel@tonic-gate 
8887c478bd9Sstevel@tonic-gate /*
8897c478bd9Sstevel@tonic-gate  * Combine two keys (normally used by the hardware preauth mechanism)
8907c478bd9Sstevel@tonic-gate  */
8917c478bd9Sstevel@tonic-gate krb5_error_code krb5int_c_combine_keys
8927c478bd9Sstevel@tonic-gate (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2,
8937c478bd9Sstevel@tonic-gate 		krb5_keyblock *outkey);
8947c478bd9Sstevel@tonic-gate /*
8957c478bd9Sstevel@tonic-gate  * in here to deal with stuff from lib/crypto
8967c478bd9Sstevel@tonic-gate  */
8977c478bd9Sstevel@tonic-gate 
8987c478bd9Sstevel@tonic-gate void krb5_nfold (int inbits, krb5_const unsigned char *in,
8997c478bd9Sstevel@tonic-gate 		int outbits, unsigned char *out);
9007c478bd9Sstevel@tonic-gate 
9017c478bd9Sstevel@tonic-gate #ifdef _KERNEL
9027c478bd9Sstevel@tonic-gate 
9037c478bd9Sstevel@tonic-gate int k5_ef_crypto(
9047c478bd9Sstevel@tonic-gate 	const char *, char *,
9057c478bd9Sstevel@tonic-gate 	long, krb5_keyblock *,
906c54c769dSwillf 	const krb5_data *, int);
9077c478bd9Sstevel@tonic-gate 
9087c478bd9Sstevel@tonic-gate krb5_error_code
9097c478bd9Sstevel@tonic-gate krb5_hmac(krb5_context, const krb5_keyblock *,
9107c478bd9Sstevel@tonic-gate 	krb5_const krb5_data *, krb5_data *);
9117c478bd9Sstevel@tonic-gate 
9127c478bd9Sstevel@tonic-gate #else
9137c478bd9Sstevel@tonic-gate krb5_error_code krb5_hmac
9147c478bd9Sstevel@tonic-gate 	(krb5_context,
9157c478bd9Sstevel@tonic-gate 	krb5_const struct krb5_hash_provider *,
9167c478bd9Sstevel@tonic-gate 	krb5_const krb5_keyblock *, krb5_const unsigned int,
9177c478bd9Sstevel@tonic-gate 	krb5_const krb5_data *, krb5_data *);
9187c478bd9Sstevel@tonic-gate 
9197c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
9207c478bd9Sstevel@tonic-gate 
9217c478bd9Sstevel@tonic-gate krb5_error_code krb5int_pbkdf2_hmac_sha1 (krb5_context,
9227c478bd9Sstevel@tonic-gate 		const krb5_data *,
9237c478bd9Sstevel@tonic-gate 		unsigned long,
9247c478bd9Sstevel@tonic-gate 		krb5_enctype,
9257c478bd9Sstevel@tonic-gate 		const krb5_data *,
9267c478bd9Sstevel@tonic-gate 		const krb5_data *);
9277c478bd9Sstevel@tonic-gate 
928505d05c7Sgtb /* Make this a function eventually?  */
929505d05c7Sgtb #ifdef WIN32
930505d05c7Sgtb # define krb5int_zap_data(ptr, len) SecureZeroMemory(ptr, len)
931505d05c7Sgtb #else
932505d05c7Sgtb # define krb5int_zap_data(ptr, len) memset((void *)ptr, 0, len)
933505d05c7Sgtb # if defined(__GNUC__) && defined(__GLIBC__)
934505d05c7Sgtb /* GNU libc generates multiple bogus initialization warnings if we
935505d05c7Sgtb    pass memset a volatile pointer.  The compiler should do well enough
936505d05c7Sgtb    with memset even without GNU libc's attempt at optimization.  */
937505d05c7Sgtb # undef memset
938505d05c7Sgtb # endif
939505d05c7Sgtb #endif /* WIN32 */
940505d05c7Sgtb #define zap(p,l) krb5int_zap_data(p,l)
941505d05c7Sgtb 
942505d05c7Sgtb 
943505d05c7Sgtb /*
944505d05c7Sgtb  * These declarations are here, so both krb5 and k5crypto
945505d05c7Sgtb  * can get to them.
946505d05c7Sgtb  * krb5 needs to get to them so it can  make them available to libgssapi.
947505d05c7Sgtb  */
948505d05c7Sgtb extern const struct krb5_enc_provider krb5int_enc_arcfour;
949505d05c7Sgtb extern const struct krb5_hash_provider krb5int_hash_md5;
950505d05c7Sgtb 
951505d05c7Sgtb 
952505d05c7Sgtb /* #ifdef KRB5_OLD_CRYPTO XXX SUNW14resync */
953505d05c7Sgtb 
9547c478bd9Sstevel@tonic-gate krb5_error_code krb5_crypto_us_timeofday
9557c478bd9Sstevel@tonic-gate     (krb5_int32  *, krb5_int32  *);
9567c478bd9Sstevel@tonic-gate 
95754925bf6Swillf #ifndef _KERNEL
95854925bf6Swillf /* Solaris kerberos: for convenience */
95954925bf6Swillf time_t gmt_mktime (struct tm *);
96054925bf6Swillf #endif /* ! _KERNEL */
96154925bf6Swillf 
962505d05c7Sgtb /* #endif KRB5_OLD_CRYPTO */
963505d05c7Sgtb 
9647c478bd9Sstevel@tonic-gate /* this helper fct is in libkrb5, but it makes sense declared here. */
9657c478bd9Sstevel@tonic-gate 
9667c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_helper
9677c478bd9Sstevel@tonic-gate 	(krb5_context context, krb5_const krb5_keyblock *key,
9687c478bd9Sstevel@tonic-gate 	krb5_keyusage usage, krb5_const krb5_data *plain,
9697c478bd9Sstevel@tonic-gate 	krb5_enc_data *cipher);
9707c478bd9Sstevel@tonic-gate 
9717c478bd9Sstevel@tonic-gate /*
9727c478bd9Sstevel@tonic-gate  * End "los-proto.h"
9737c478bd9Sstevel@tonic-gate  */
9747c478bd9Sstevel@tonic-gate 
9757c478bd9Sstevel@tonic-gate /*
9767c478bd9Sstevel@tonic-gate  * Begin "libos.h"
9777c478bd9Sstevel@tonic-gate  */
9787c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS__
9797c478bd9Sstevel@tonic-gate #define KRB5_LIBOS__
9807c478bd9Sstevel@tonic-gate 
9817c478bd9Sstevel@tonic-gate typedef struct _krb5_os_context {
9827c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
9837c478bd9Sstevel@tonic-gate 	krb5_int32	time_offset;
9847c478bd9Sstevel@tonic-gate 	krb5_int32	usec_offset;
9857c478bd9Sstevel@tonic-gate 	krb5_int32	os_flags;
9867c478bd9Sstevel@tonic-gate 	char *		default_ccname;
9877c478bd9Sstevel@tonic-gate } *krb5_os_context;
9887c478bd9Sstevel@tonic-gate 
9897c478bd9Sstevel@tonic-gate /*
9907c478bd9Sstevel@tonic-gate  * Flags for the os_flags field
9917c478bd9Sstevel@tonic-gate  *
9927c478bd9Sstevel@tonic-gate  * KRB5_OS_TOFFSET_VALID means that the time offset fields are valid.
9937c478bd9Sstevel@tonic-gate  * The intention is that this facility to correct the system clocks so
9947c478bd9Sstevel@tonic-gate  * that they reflect the "real" time, for systems where for some
9957c478bd9Sstevel@tonic-gate  * reason we can't set the system clock.  Instead we calculate the
9967c478bd9Sstevel@tonic-gate  * offset between the system time and real time, and store the offset
9977c478bd9Sstevel@tonic-gate  * in the os context so that we can correct the system clock as necessary.
9987c478bd9Sstevel@tonic-gate  *
9997c478bd9Sstevel@tonic-gate  * KRB5_OS_TOFFSET_TIME means that the time offset fields should be
10007c478bd9Sstevel@tonic-gate  * returned as the time by the krb5 time routines.  This should only
10017c478bd9Sstevel@tonic-gate  * be used for testing purposes (obviously!)
10027c478bd9Sstevel@tonic-gate  */
10037c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_VALID	1
10047c478bd9Sstevel@tonic-gate #define KRB5_OS_TOFFSET_TIME	2
10057c478bd9Sstevel@tonic-gate 
10067c478bd9Sstevel@tonic-gate /* lock mode flags */
10077c478bd9Sstevel@tonic-gate #define	KRB5_LOCKMODE_SHARED	0x0001
10087c478bd9Sstevel@tonic-gate #define	KRB5_LOCKMODE_EXCLUSIVE	0x0002
10097c478bd9Sstevel@tonic-gate #define	KRB5_LOCKMODE_DONTBLOCK	0x0004
10107c478bd9Sstevel@tonic-gate #define	KRB5_LOCKMODE_UNLOCK	0x0008
10117c478bd9Sstevel@tonic-gate 
10127c478bd9Sstevel@tonic-gate #endif /* KRB5_LIBOS__ */
10137c478bd9Sstevel@tonic-gate /*
10147c478bd9Sstevel@tonic-gate  * End "libos.h"
10157c478bd9Sstevel@tonic-gate  */
10167c478bd9Sstevel@tonic-gate 
10177c478bd9Sstevel@tonic-gate /*
10187c478bd9Sstevel@tonic-gate  * Define our view of the size of a DES key.
10197c478bd9Sstevel@tonic-gate  */
10207c478bd9Sstevel@tonic-gate #define	KRB5_MIT_DES_KEYSIZE		8
10217c478bd9Sstevel@tonic-gate 
10227c478bd9Sstevel@tonic-gate /*
10237c478bd9Sstevel@tonic-gate  * Define a couple of SHA1 constants
10247c478bd9Sstevel@tonic-gate  */
10257c478bd9Sstevel@tonic-gate #define	SHS_DATASIZE	64
10267c478bd9Sstevel@tonic-gate #define	SHS_DIGESTSIZE	20
10277c478bd9Sstevel@tonic-gate 
10287c478bd9Sstevel@tonic-gate /*
10297c478bd9Sstevel@tonic-gate  * Check if des_int.h has been included before us.  If so, then check to see
10307c478bd9Sstevel@tonic-gate  * that our view of the DES key size is the same as des_int.h's.
10317c478bd9Sstevel@tonic-gate  */
10327c478bd9Sstevel@tonic-gate #ifdef	MIT_DES_KEYSIZE
10337c478bd9Sstevel@tonic-gate #if	MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
10347c478bd9Sstevel@tonic-gate error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
10357c478bd9Sstevel@tonic-gate #endif	/* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
10367c478bd9Sstevel@tonic-gate #endif	/* MIT_DES_KEYSIZE */
10377c478bd9Sstevel@tonic-gate 
10387c478bd9Sstevel@tonic-gate #ifndef _KERNEL
10397c478bd9Sstevel@tonic-gate /* Solaris Kerberos: only define PROVIDE_DES3_CBC_SHA if the following are
10407c478bd9Sstevel@tonic-gate  * defined.
10417c478bd9Sstevel@tonic-gate  */
10427c478bd9Sstevel@tonic-gate #define PROVIDE_DES3_CBC_SHA 1
10437c478bd9Sstevel@tonic-gate #define PROVIDE_NIST_SHA 1
10447c478bd9Sstevel@tonic-gate 
10457c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
10467c478bd9Sstevel@tonic-gate 
10477c478bd9Sstevel@tonic-gate /*
10487c478bd9Sstevel@tonic-gate  * Begin "preauth.h"
10497c478bd9Sstevel@tonic-gate  *
10507c478bd9Sstevel@tonic-gate  * (Originally written by Glen Machin at Sandia Labs.)
10517c478bd9Sstevel@tonic-gate  */
10527c478bd9Sstevel@tonic-gate /*
10537c478bd9Sstevel@tonic-gate  * Sandia National Laboratories also makes no representations about the
10547c478bd9Sstevel@tonic-gate  * suitability of the modifications, or additions to this software for
10557c478bd9Sstevel@tonic-gate  * any purpose.  It is provided "as is" without express or implied warranty.
10567c478bd9Sstevel@tonic-gate  *
10577c478bd9Sstevel@tonic-gate  */
10587c478bd9Sstevel@tonic-gate #ifndef KRB5_PREAUTH__
10597c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH__
10607c478bd9Sstevel@tonic-gate 
10617c478bd9Sstevel@tonic-gate typedef struct _krb5_pa_enc_ts {
10627c478bd9Sstevel@tonic-gate     krb5_timestamp	patimestamp;
10637c478bd9Sstevel@tonic-gate     krb5_int32		pausec;
10647c478bd9Sstevel@tonic-gate } krb5_pa_enc_ts;
10657c478bd9Sstevel@tonic-gate 
10667c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_obtain_proc)
10677c478bd9Sstevel@tonic-gate     (krb5_context,
10687c478bd9Sstevel@tonic-gate 	    krb5_pa_data *,
10697c478bd9Sstevel@tonic-gate 	    krb5_etype_info,
10707c478bd9Sstevel@tonic-gate 	    krb5_keyblock *,
10717c478bd9Sstevel@tonic-gate 	    krb5_error_code ( * )(krb5_context,
10727c478bd9Sstevel@tonic-gate 				  krb5_const krb5_enctype,
10737c478bd9Sstevel@tonic-gate 				  krb5_data *,
10747c478bd9Sstevel@tonic-gate 				  krb5_const_pointer,
10757c478bd9Sstevel@tonic-gate 				  krb5_keyblock **),
10767c478bd9Sstevel@tonic-gate 	    krb5_const_pointer,
10777c478bd9Sstevel@tonic-gate 	    krb5_creds *,
10787c478bd9Sstevel@tonic-gate 	    krb5_kdc_req *,
10797c478bd9Sstevel@tonic-gate 	    krb5_pa_data **);
10807c478bd9Sstevel@tonic-gate 
10817c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_preauth_process_proc)
10827c478bd9Sstevel@tonic-gate     (krb5_context,
10837c478bd9Sstevel@tonic-gate 	    krb5_pa_data *,
10847c478bd9Sstevel@tonic-gate 	    krb5_kdc_req *,
10857c478bd9Sstevel@tonic-gate 	    krb5_kdc_rep *,
10867c478bd9Sstevel@tonic-gate 	    krb5_error_code ( * )(krb5_context,
10877c478bd9Sstevel@tonic-gate 				  krb5_const krb5_enctype,
10887c478bd9Sstevel@tonic-gate 				  krb5_data *,
10897c478bd9Sstevel@tonic-gate 				  krb5_const_pointer,
10907c478bd9Sstevel@tonic-gate 				  krb5_keyblock **),
10917c478bd9Sstevel@tonic-gate 	    krb5_const_pointer,
10927c478bd9Sstevel@tonic-gate 	    krb5_error_code ( * )(krb5_context,
10937c478bd9Sstevel@tonic-gate 				  krb5_const krb5_keyblock *,
10947c478bd9Sstevel@tonic-gate 				  krb5_const_pointer,
10957c478bd9Sstevel@tonic-gate 				  krb5_kdc_rep * ),
10967c478bd9Sstevel@tonic-gate 	    krb5_keyblock **,
10977c478bd9Sstevel@tonic-gate 	    krb5_creds *,
10987c478bd9Sstevel@tonic-gate 	    krb5_int32 *,
10997c478bd9Sstevel@tonic-gate 	    krb5_int32 *);
11007c478bd9Sstevel@tonic-gate 
11017c478bd9Sstevel@tonic-gate typedef struct _krb5_preauth_ops {
11027c478bd9Sstevel@tonic-gate     krb5_magic magic;
11037c478bd9Sstevel@tonic-gate     int     type;
11047c478bd9Sstevel@tonic-gate     int	flags;
11057c478bd9Sstevel@tonic-gate     krb5_preauth_obtain_proc	obtain;
11067c478bd9Sstevel@tonic-gate     krb5_preauth_process_proc	process;
11077c478bd9Sstevel@tonic-gate } krb5_preauth_ops;
11087c478bd9Sstevel@tonic-gate 
11097c478bd9Sstevel@tonic-gate void krb5_free_etype_info (krb5_context, krb5_etype_info);
11107c478bd9Sstevel@tonic-gate 
11117c478bd9Sstevel@tonic-gate /*
11127c478bd9Sstevel@tonic-gate  * Preauthentication property flags
11137c478bd9Sstevel@tonic-gate  */
11147c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_ENCRYPT	0x00000001
11157c478bd9Sstevel@tonic-gate #define KRB5_PREAUTH_FLAGS_HARDWARE	0x00000002
11167c478bd9Sstevel@tonic-gate 
11177c478bd9Sstevel@tonic-gate #endif /* KRB5_PREAUTH__ */
11187c478bd9Sstevel@tonic-gate /*
11197c478bd9Sstevel@tonic-gate  * End "preauth.h"
11207c478bd9Sstevel@tonic-gate  */
11217c478bd9Sstevel@tonic-gate 
11227c478bd9Sstevel@tonic-gate krb5_error_code
11237c478bd9Sstevel@tonic-gate krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *);
11247c478bd9Sstevel@tonic-gate 
11257c478bd9Sstevel@tonic-gate #ifndef _KERNEL /* needed for lib/krb5/krb/ */
11267c478bd9Sstevel@tonic-gate typedef krb5_error_code (*krb5_gic_get_as_key_fct)
11277c478bd9Sstevel@tonic-gate     (krb5_context,
11287c478bd9Sstevel@tonic-gate      krb5_principal,
11297c478bd9Sstevel@tonic-gate      krb5_enctype,
11307c478bd9Sstevel@tonic-gate      krb5_prompter_fct,
11317c478bd9Sstevel@tonic-gate      void *prompter_data,
11327c478bd9Sstevel@tonic-gate      krb5_data *salt,
11337c478bd9Sstevel@tonic-gate      krb5_data *s2kparams,
11347c478bd9Sstevel@tonic-gate      krb5_keyblock *as_key,
11357c478bd9Sstevel@tonic-gate      void *gak_data);
11367c478bd9Sstevel@tonic-gate 
11377c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV
11387c478bd9Sstevel@tonic-gate krb5_get_init_creds
11397c478bd9Sstevel@tonic-gate (krb5_context context,
11407c478bd9Sstevel@tonic-gate 	krb5_creds *creds,
11417c478bd9Sstevel@tonic-gate 	krb5_principal client,
11427c478bd9Sstevel@tonic-gate 	krb5_prompter_fct prompter,
11437c478bd9Sstevel@tonic-gate 	void *prompter_data,
11447c478bd9Sstevel@tonic-gate 	krb5_deltat start_time,
11457c478bd9Sstevel@tonic-gate 	char *in_tkt_service,
11467c478bd9Sstevel@tonic-gate 	krb5_get_init_creds_opt *options,
11477c478bd9Sstevel@tonic-gate 	krb5_gic_get_as_key_fct gak,
11487c478bd9Sstevel@tonic-gate 	void *gak_data,
1149505d05c7Sgtb 	int *master,
11507c478bd9Sstevel@tonic-gate 	krb5_kdc_rep **as_reply);
11517c478bd9Sstevel@tonic-gate 
1152505d05c7Sgtb void krb5int_populate_gic_opt (
1153505d05c7Sgtb      krb5_context, krb5_get_init_creds_opt *,
1154505d05c7Sgtb      krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
1155505d05c7Sgtb      krb5_preauthtype *pre_auth_types, krb5_creds *creds);
1156505d05c7Sgtb 
11577c478bd9Sstevel@tonic-gate krb5_error_code krb5_do_preauth
11587c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_kdc_req *,
11597c478bd9Sstevel@tonic-gate 	krb5_pa_data **, krb5_pa_data ***,
11607c478bd9Sstevel@tonic-gate 	krb5_data *, krb5_data *, krb5_enctype *,
11617c478bd9Sstevel@tonic-gate 	krb5_keyblock *,
11627c478bd9Sstevel@tonic-gate 	krb5_prompter_fct, void *,
11637c478bd9Sstevel@tonic-gate 	krb5_gic_get_as_key_fct, void *);
11647c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
11657c478bd9Sstevel@tonic-gate 
11667c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge
11677c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_sam_challenge * );
11687c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2
11697c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_sam_challenge_2 * );
11707c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body
11717c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_sam_challenge_2_body *);
11727c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response
11737c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_sam_response * );
11747c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2
11757c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_sam_response_2 * );
11767c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response
11777c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_predicted_sam_response * );
11787c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc
11797c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_enc_sam_response_enc * );
11807c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2
11817c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_enc_sam_response_enc_2 * );
11827c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_contents
11837c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_sam_challenge * );
11847c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_contents
11857c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_sam_challenge_2 * );
11867c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents
11877c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_sam_challenge_2_body * );
11887c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_contents
11897c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_sam_response * );
11907c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_sam_response_2_contents
11917c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_sam_response_2 *);
11927c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_predicted_sam_response_contents
11937c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_predicted_sam_response * );
11947c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents
11957c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_enc_sam_response_enc * );
11967c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents
11977c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_enc_sam_response_enc_2 * );
11987c478bd9Sstevel@tonic-gate 
11997c478bd9Sstevel@tonic-gate void KRB5_CALLCONV krb5_free_pa_enc_ts
12007c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_pa_enc_ts *);
12017c478bd9Sstevel@tonic-gate 
12027c478bd9Sstevel@tonic-gate /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
1203505d05c7Sgtb #ifndef	_KERNEL
1204505d05c7Sgtb #include "com_err.h"
120554925bf6Swillf #include <krb5/k5-plugin.h>
1206505d05c7Sgtb #endif /* _KERNEL */
1207505d05c7Sgtb 
12087c478bd9Sstevel@tonic-gate /*
12097c478bd9Sstevel@tonic-gate  * Solaris Kerberos: moved from sendto_kdc.c so other code can reference
12107c478bd9Sstevel@tonic-gate  */
12117c478bd9Sstevel@tonic-gate #define	DEFAULT_UDP_PREF_LIMIT   1465
12127c478bd9Sstevel@tonic-gate 
12137c478bd9Sstevel@tonic-gate #ifndef	_KERNEL
12147c478bd9Sstevel@tonic-gate #include "profile.h"
12157c478bd9Sstevel@tonic-gate #include <strings.h>
12167c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
12177c478bd9Sstevel@tonic-gate 
12187c478bd9Sstevel@tonic-gate #define KEY_CHANGED(k1, k2) \
12197c478bd9Sstevel@tonic-gate (k1 == NULL || \
12207c478bd9Sstevel@tonic-gate  k1 != k2 || \
12217c478bd9Sstevel@tonic-gate  k1->enctype != k2->enctype || \
12227c478bd9Sstevel@tonic-gate  k1->length != k2->length || \
12237c478bd9Sstevel@tonic-gate  bcmp(k1->contents, k2->contents, k1->length))
12247c478bd9Sstevel@tonic-gate 
12257c478bd9Sstevel@tonic-gate #ifndef _KERNEL
12267c478bd9Sstevel@tonic-gate typedef struct _arcfour_ctx {
12277c478bd9Sstevel@tonic-gate 	CK_SESSION_HANDLE eSession; /* encrypt session handle */
12287c478bd9Sstevel@tonic-gate 	CK_SESSION_HANDLE dSession; /* decrypt session handle */
12297c478bd9Sstevel@tonic-gate 	CK_OBJECT_HANDLE  eKey; /* encrypt key object */
12307c478bd9Sstevel@tonic-gate 	CK_OBJECT_HANDLE  dKey; /* decrype key object */
12317c478bd9Sstevel@tonic-gate 	uchar_t           initialized;
12327c478bd9Sstevel@tonic-gate }arcfour_ctx_rec;
12337c478bd9Sstevel@tonic-gate 
12347c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
12357c478bd9Sstevel@tonic-gate 
12367c478bd9Sstevel@tonic-gate struct _krb5_context {
12377c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
12387c478bd9Sstevel@tonic-gate 	krb5_enctype	*in_tkt_ktypes;
12397c478bd9Sstevel@tonic-gate 	int		in_tkt_ktype_count;
12407c478bd9Sstevel@tonic-gate 	krb5_enctype	*tgs_ktypes;
12417c478bd9Sstevel@tonic-gate 	int		tgs_ktype_count;
1242505d05c7Sgtb         /* This used to be a void*, but since we always allocate them
1243505d05c7Sgtb            together (though in different source files), and the types
1244505d05c7Sgtb            are declared in the same header, might as well just combine
1245505d05c7Sgtb            them.
1246505d05c7Sgtb 
1247505d05c7Sgtb            The array[1] is so the existing code treating the field as
1248505d05c7Sgtb            a pointer will still work.  For cleanliness, it should
1249505d05c7Sgtb            eventually get changed to a single element instead of an
1250505d05c7Sgtb            array.  */
1251505d05c7Sgtb         struct _krb5_os_context os_context[1];
12527c478bd9Sstevel@tonic-gate 	char		*default_realm;
12537c478bd9Sstevel@tonic-gate 	int		ser_ctx_count;
12547c478bd9Sstevel@tonic-gate 	krb5_boolean	profile_secure;
12557c478bd9Sstevel@tonic-gate 	void	      	*ser_ctx;
12567c478bd9Sstevel@tonic-gate #ifndef _KERNEL
12577c478bd9Sstevel@tonic-gate 	profile_t	profile;
12587c478bd9Sstevel@tonic-gate 	void		*db_context;
12597c478bd9Sstevel@tonic-gate 	void		*kdblog_context;
12607c478bd9Sstevel@tonic-gate 	/* allowable clock skew */
12617c478bd9Sstevel@tonic-gate 	krb5_deltat 	clockskew;
12627c478bd9Sstevel@tonic-gate 	krb5_cksumtype	kdc_req_sumtype;
12637c478bd9Sstevel@tonic-gate 	krb5_cksumtype	default_ap_req_sumtype;
12647c478bd9Sstevel@tonic-gate 	krb5_cksumtype	default_safe_sumtype;
12657c478bd9Sstevel@tonic-gate 	krb5_flags 	kdc_default_options;
12667c478bd9Sstevel@tonic-gate 	krb5_flags	library_options;
12677c478bd9Sstevel@tonic-gate 	int		fcc_default_format;
12687c478bd9Sstevel@tonic-gate 	int		scc_default_format;
12697c478bd9Sstevel@tonic-gate 	krb5_prompt_type *prompt_types;
12707c478bd9Sstevel@tonic-gate 	/* Message size above which we'll try TCP first in send-to-kdc
12717c478bd9Sstevel@tonic-gate 	   type code.  Aside from the 2**16 size limit, we put no
12727c478bd9Sstevel@tonic-gate 	   absolute limit on the UDP packet size.  */
12737c478bd9Sstevel@tonic-gate 	int		udp_pref_limit;
12747c478bd9Sstevel@tonic-gate 
12757c478bd9Sstevel@tonic-gate 	/* This is the tgs_ktypes list as read from the profile, or
12767c478bd9Sstevel@tonic-gate 	   set to compiled-in defaults.	 The application code cannot
12777c478bd9Sstevel@tonic-gate 	   override it.	 This is used for session keys for
12787c478bd9Sstevel@tonic-gate 	   intermediate ticket-granting tickets used to acquire the
12797c478bd9Sstevel@tonic-gate 	   requested ticket (the session key of which may be
12807c478bd9Sstevel@tonic-gate 	   constrained by tgs_ktypes above).  */
12817c478bd9Sstevel@tonic-gate 	krb5_enctype	*conf_tgs_ktypes;
12827c478bd9Sstevel@tonic-gate 	int		conf_tgs_ktypes_count;
12837c478bd9Sstevel@tonic-gate 
12847c478bd9Sstevel@tonic-gate 	/* Use the _configured version?	 */
12857c478bd9Sstevel@tonic-gate 	krb5_boolean	use_conf_ktypes;
12867c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP
12877c478bd9Sstevel@tonic-gate 	krb5_boolean	profile_in_memory;
12887c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */
12897c478bd9Sstevel@tonic-gate 
12907c478bd9Sstevel@tonic-gate 	pid_t pid;  /* fork safety: PID of process that did last PKCS11 init */
12917c478bd9Sstevel@tonic-gate 
12927c478bd9Sstevel@tonic-gate 	/* Solaris Kerberos: handles for PKCS#11 crypto */
12937c478bd9Sstevel@tonic-gate 	/*
12947c478bd9Sstevel@tonic-gate 	 * Warning, do not access hSession directly as this is not fork() safe.
12957c478bd9Sstevel@tonic-gate 	 * Instead use the krb_ctx_hSession() macro below.
12967c478bd9Sstevel@tonic-gate 	 */
12977c478bd9Sstevel@tonic-gate 	CK_SESSION_HANDLE hSession;
12987c478bd9Sstevel@tonic-gate 	int		cryptoki_initialized;
12997c478bd9Sstevel@tonic-gate 
13007c478bd9Sstevel@tonic-gate 	/* arcfour_ctx: used only for rcmd stuff so no fork safety issues apply */
13017c478bd9Sstevel@tonic-gate 	arcfour_ctx_rec arcfour_ctx;
130254925bf6Swillf 
130354925bf6Swillf 	/* error detail info */
130454925bf6Swillf 	struct errinfo err;
13057c478bd9Sstevel@tonic-gate #else /* ! KERNEL */
13067c478bd9Sstevel@tonic-gate 	crypto_mech_type_t kef_cipher_mt;
13077c478bd9Sstevel@tonic-gate 	crypto_mech_type_t kef_hash_mt;
13087c478bd9Sstevel@tonic-gate 	crypto_mech_type_t kef_cksum_mt;
13097c478bd9Sstevel@tonic-gate #endif /* ! KERNEL */
13107c478bd9Sstevel@tonic-gate };
13117c478bd9Sstevel@tonic-gate 
13127c478bd9Sstevel@tonic-gate #ifndef  _KERNEL
13137c478bd9Sstevel@tonic-gate extern pid_t __krb5_current_pid;
13147c478bd9Sstevel@tonic-gate 
13157c478bd9Sstevel@tonic-gate CK_SESSION_HANDLE krb5_reinit_ef_handle(krb5_context);
13167c478bd9Sstevel@tonic-gate 
13177c478bd9Sstevel@tonic-gate /*
13187c478bd9Sstevel@tonic-gate  * fork safety: barring the ef_init code, every other function must use the
13197c478bd9Sstevel@tonic-gate  * krb_ctx_hSession() macro to access the hSession field in a krb context.
13207c478bd9Sstevel@tonic-gate  * Note, if the pid of the krb ctx == the current global pid then it is safe to
13217c478bd9Sstevel@tonic-gate  * use the ctx hSession otherwise it needs to be re-inited before it is returned
13227c478bd9Sstevel@tonic-gate  * to the caller.
13237c478bd9Sstevel@tonic-gate  */
13247c478bd9Sstevel@tonic-gate #define krb_ctx_hSession(ctx) \
13257c478bd9Sstevel@tonic-gate     ((ctx)->pid == __krb5_current_pid) ? (ctx)->hSession : krb5_reinit_ef_handle((ctx))
13267c478bd9Sstevel@tonic-gate #endif
13277c478bd9Sstevel@tonic-gate 
13287c478bd9Sstevel@tonic-gate #define MD5_CKSUM_LENGTH 16
13297c478bd9Sstevel@tonic-gate #define RSA_MD5_CKSUM_LENGTH 16
13307c478bd9Sstevel@tonic-gate #define MD5_BLOCKSIZE 64
13317c478bd9Sstevel@tonic-gate 
13327c478bd9Sstevel@tonic-gate 
13337c478bd9Sstevel@tonic-gate /*
13347c478bd9Sstevel@tonic-gate  * Solaris Kerberos:
13357c478bd9Sstevel@tonic-gate  * This next section of prototypes and constants
13367c478bd9Sstevel@tonic-gate  * are all unique to the Solaris Kerberos implementation.
13377c478bd9Sstevel@tonic-gate  * Because Solaris uses the native encryption framework
13387c478bd9Sstevel@tonic-gate  * to provide crypto support, the following routines
13397c478bd9Sstevel@tonic-gate  * are needed to support this system.
13407c478bd9Sstevel@tonic-gate  */
13417c478bd9Sstevel@tonic-gate 
13427c478bd9Sstevel@tonic-gate /*
13437c478bd9Sstevel@tonic-gate  * Begin Solaris Crypto Prototypes
13447c478bd9Sstevel@tonic-gate  */
13457c478bd9Sstevel@tonic-gate 
13467c478bd9Sstevel@tonic-gate /*
13477c478bd9Sstevel@tonic-gate  * define constants that are used for creating the constant
13487c478bd9Sstevel@tonic-gate  * which is used to make derived keys.
13497c478bd9Sstevel@tonic-gate  */
13507c478bd9Sstevel@tonic-gate #define DK_ENCR_KEY_BYTE 0xAA
13517c478bd9Sstevel@tonic-gate #define DK_HASH_KEY_BYTE 0x55
13527c478bd9Sstevel@tonic-gate #define DK_CKSUM_KEY_BYTE 0x99
13537c478bd9Sstevel@tonic-gate 
13547c478bd9Sstevel@tonic-gate int init_derived_keydata(krb5_context, const struct krb5_enc_provider *,
13557c478bd9Sstevel@tonic-gate 			krb5_keyblock *, krb5_keyusage,
13567c478bd9Sstevel@tonic-gate 			krb5_keyblock **, krb5_keyblock **);
13577c478bd9Sstevel@tonic-gate 
13587c478bd9Sstevel@tonic-gate krb5_error_code add_derived_key(krb5_keyblock *, krb5_keyusage, uchar_t,
13597c478bd9Sstevel@tonic-gate 				krb5_keyblock *);
13607c478bd9Sstevel@tonic-gate 
13617c478bd9Sstevel@tonic-gate krb5_keyblock *find_derived_key(krb5_keyusage, uchar_t, krb5_keyblock *);
13627c478bd9Sstevel@tonic-gate krb5_keyblock *krb5_create_derived_keyblock(int);
13637c478bd9Sstevel@tonic-gate 
13647c478bd9Sstevel@tonic-gate #ifdef _KERNEL
13657c478bd9Sstevel@tonic-gate int k5_ef_hash(krb5_context, int, const krb5_data *, krb5_data *);
13667c478bd9Sstevel@tonic-gate 
13677c478bd9Sstevel@tonic-gate int k5_ef_mac(krb5_context, krb5_keyblock *, krb5_data *,
13687c478bd9Sstevel@tonic-gate         const krb5_data *, krb5_data *);
13697c478bd9Sstevel@tonic-gate 
13707c478bd9Sstevel@tonic-gate void make_kef_key(krb5_keyblock *);
13717c478bd9Sstevel@tonic-gate int init_key_kef(crypto_mech_type_t, krb5_keyblock *);
13727c478bd9Sstevel@tonic-gate int update_key_template(krb5_keyblock *);
13737c478bd9Sstevel@tonic-gate void setup_kef_keytypes();
13747c478bd9Sstevel@tonic-gate void setup_kef_cksumtypes();
13757c478bd9Sstevel@tonic-gate crypto_mech_type_t get_cipher_mech_type(krb5_context, krb5_keyblock *);
13767c478bd9Sstevel@tonic-gate crypto_mech_type_t get_hash_mech_type(krb5_context, krb5_keyblock *);
13777c478bd9Sstevel@tonic-gate 
13787c478bd9Sstevel@tonic-gate #else
13797c478bd9Sstevel@tonic-gate /*
13807c478bd9Sstevel@tonic-gate  * This structure is used to map Kerberos supported OID's,
13817c478bd9Sstevel@tonic-gate  * to PKCS11 mechanisms
13827c478bd9Sstevel@tonic-gate  */
13837c478bd9Sstevel@tonic-gate #define USE_ENCR	0x01
13847c478bd9Sstevel@tonic-gate #define	USE_HASH	0x02
13857c478bd9Sstevel@tonic-gate 
13867c478bd9Sstevel@tonic-gate typedef struct krb5_mech_2_pkcs {
13877c478bd9Sstevel@tonic-gate 	uchar_t		flags;
13887c478bd9Sstevel@tonic-gate 	CK_MECHANISM_TYPE enc_algo;
13897c478bd9Sstevel@tonic-gate 	CK_MECHANISM_TYPE hash_algo;
13907c478bd9Sstevel@tonic-gate 	CK_MECHANISM_TYPE str2key_algo;
13917c478bd9Sstevel@tonic-gate } KRB5_MECH_TO_PKCS;
13927c478bd9Sstevel@tonic-gate 
13937c478bd9Sstevel@tonic-gate #define ENC_DEFINED(x)	(((x).flags & USE_ENCR))
13947c478bd9Sstevel@tonic-gate #define HASH_DEFINED(x)	(((x).flags & USE_HASH))
13957c478bd9Sstevel@tonic-gate 
13967c478bd9Sstevel@tonic-gate extern CK_RV get_algo(krb5_enctype etype, KRB5_MECH_TO_PKCS * algos);
13977c478bd9Sstevel@tonic-gate extern CK_RV get_key_type (krb5_enctype etype, CK_KEY_TYPE * keyType);
13987c478bd9Sstevel@tonic-gate extern krb5_error_code slot_supports_krb5 (CK_SLOT_ID_PTR slotid);
13997c478bd9Sstevel@tonic-gate 
14007c478bd9Sstevel@tonic-gate krb5_error_code init_key_uef(CK_SESSION_HANDLE, krb5_keyblock *);
14017c478bd9Sstevel@tonic-gate 
14027c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_hash(krb5_context, CK_MECHANISM *,
14037c478bd9Sstevel@tonic-gate 	unsigned int, const krb5_data *, krb5_data *);
14047c478bd9Sstevel@tonic-gate 
14057c478bd9Sstevel@tonic-gate krb5_error_code k5_ef_mac(krb5_context context,
14067c478bd9Sstevel@tonic-gate 	krb5_keyblock *key, krb5_data *ivec,
14077c478bd9Sstevel@tonic-gate 	krb5_const krb5_data *input, krb5_data *output);
14087c478bd9Sstevel@tonic-gate 
14097c478bd9Sstevel@tonic-gate #endif	/* !_KERNEL */
14107c478bd9Sstevel@tonic-gate 
14117c478bd9Sstevel@tonic-gate krb5_error_code
14127c478bd9Sstevel@tonic-gate derive_3des_keys(krb5_context, struct krb5_enc_provider *,
14137c478bd9Sstevel@tonic-gate                 krb5_keyblock *, krb5_keyusage,
14147c478bd9Sstevel@tonic-gate                 krb5_keyblock *, krb5_keyblock *);
14157c478bd9Sstevel@tonic-gate 
14167c478bd9Sstevel@tonic-gate /*
14177c478bd9Sstevel@tonic-gate  * End Solaris Crypto Prototypes
14187c478bd9Sstevel@tonic-gate  */
14197c478bd9Sstevel@tonic-gate 
14207c478bd9Sstevel@tonic-gate #define KRB5_LIBOPT_SYNC_KDCTIME	0x0001
14217c478bd9Sstevel@tonic-gate 
1422505d05c7Sgtb /* internal message representations */
1423505d05c7Sgtb 
1424505d05c7Sgtb typedef struct _krb5_safe {
1425505d05c7Sgtb     krb5_magic magic;
1426505d05c7Sgtb     krb5_data user_data;                /* user data */
1427505d05c7Sgtb     krb5_timestamp timestamp;           /* client time, optional */
1428505d05c7Sgtb     krb5_int32 usec;                    /* microsecond portion of time,
1429505d05c7Sgtb                                            optional */
1430505d05c7Sgtb     krb5_ui_4 seq_number;               /* sequence #, optional */
1431505d05c7Sgtb     krb5_address *s_address;    /* sender address */
1432505d05c7Sgtb     krb5_address *r_address;    /* recipient address, optional */
1433505d05c7Sgtb     krb5_checksum *checksum;    /* data integrity checksum */
1434505d05c7Sgtb } krb5_safe;
1435505d05c7Sgtb 
1436505d05c7Sgtb typedef struct _krb5_priv {
1437505d05c7Sgtb     krb5_magic magic;
1438505d05c7Sgtb     krb5_enc_data enc_part;             /* encrypted part */
1439505d05c7Sgtb } krb5_priv;
1440505d05c7Sgtb 
1441505d05c7Sgtb typedef struct _krb5_priv_enc_part {
1442505d05c7Sgtb     krb5_magic magic;
1443505d05c7Sgtb     krb5_data user_data;                /* user data */
1444505d05c7Sgtb     krb5_timestamp timestamp;           /* client time, optional */
1445505d05c7Sgtb     krb5_int32 usec;                    /* microsecond portion of time, opt. */
1446505d05c7Sgtb     krb5_ui_4 seq_number;               /* sequence #, optional */
1447505d05c7Sgtb     krb5_address *s_address;    /* sender address */
1448505d05c7Sgtb     krb5_address *r_address;    /* recipient address, optional */
1449505d05c7Sgtb } krb5_priv_enc_part;
1450505d05c7Sgtb 
1451505d05c7Sgtb void KRB5_CALLCONV krb5_free_safe
1452505d05c7Sgtb         (krb5_context, krb5_safe * );
1453505d05c7Sgtb void KRB5_CALLCONV krb5_free_priv
1454505d05c7Sgtb         (krb5_context, krb5_priv * );
1455505d05c7Sgtb void KRB5_CALLCONV krb5_free_priv_enc_part
1456505d05c7Sgtb         (krb5_context, krb5_priv_enc_part * );
1457505d05c7Sgtb 
14587c478bd9Sstevel@tonic-gate /*
14597c478bd9Sstevel@tonic-gate  * Begin "asn1.h"
14607c478bd9Sstevel@tonic-gate  */
14617c478bd9Sstevel@tonic-gate #ifndef KRB5_ASN1__
14627c478bd9Sstevel@tonic-gate #define KRB5_ASN1__
14637c478bd9Sstevel@tonic-gate 
14647c478bd9Sstevel@tonic-gate /* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */
14657c478bd9Sstevel@tonic-gate /* here we use some knowledge of ASN.1 encodings */
14667c478bd9Sstevel@tonic-gate /*
14677c478bd9Sstevel@tonic-gate   Ticket is APPLICATION 1.
14687c478bd9Sstevel@tonic-gate   Authenticator is APPLICATION 2.
14697c478bd9Sstevel@tonic-gate   AS_REQ is APPLICATION 10.
14707c478bd9Sstevel@tonic-gate   AS_REP is APPLICATION 11.
14717c478bd9Sstevel@tonic-gate   TGS_REQ is APPLICATION 12.
14727c478bd9Sstevel@tonic-gate   TGS_REP is APPLICATION 13.
14737c478bd9Sstevel@tonic-gate   AP_REQ is APPLICATION 14.
14747c478bd9Sstevel@tonic-gate   AP_REP is APPLICATION 15.
14757c478bd9Sstevel@tonic-gate   KRB_SAFE is APPLICATION 20.
14767c478bd9Sstevel@tonic-gate   KRB_PRIV is APPLICATION 21.
14777c478bd9Sstevel@tonic-gate   KRB_CRED is APPLICATION 22.
14787c478bd9Sstevel@tonic-gate   EncASRepPart is APPLICATION 25.
14797c478bd9Sstevel@tonic-gate   EncTGSRepPart is APPLICATION 26.
14807c478bd9Sstevel@tonic-gate   EncAPRepPart is APPLICATION 27.
14817c478bd9Sstevel@tonic-gate   EncKrbPrivPart is APPLICATION 28.
14827c478bd9Sstevel@tonic-gate   EncKrbCredPart is APPLICATION 29.
14837c478bd9Sstevel@tonic-gate   KRB_ERROR is APPLICATION 30.
14847c478bd9Sstevel@tonic-gate  */
14857c478bd9Sstevel@tonic-gate /* allow either constructed or primitive encoding, so check for bit 6
14867c478bd9Sstevel@tonic-gate    set or reset */
14877c478bd9Sstevel@tonic-gate #define krb5_is_krb_ticket(dat)\
14887c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\
14897c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x41))
14907c478bd9Sstevel@tonic-gate #define krb5_is_krb_authenticator(dat)\
14917c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\
14927c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x42))
14937c478bd9Sstevel@tonic-gate #define krb5_is_as_req(dat)\
14947c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\
14957c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x4a))
14967c478bd9Sstevel@tonic-gate #define krb5_is_as_rep(dat)\
14977c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\
14987c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x4b))
14997c478bd9Sstevel@tonic-gate #define krb5_is_tgs_req(dat)\
15007c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\
15017c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x4c))
15027c478bd9Sstevel@tonic-gate #define krb5_is_tgs_rep(dat)\
15037c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\
15047c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x4d))
15057c478bd9Sstevel@tonic-gate #define krb5_is_ap_req(dat)\
15067c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\
15077c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x4e))
15087c478bd9Sstevel@tonic-gate #define krb5_is_ap_rep(dat)\
15097c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\
15107c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x4f))
15117c478bd9Sstevel@tonic-gate #define krb5_is_krb_safe(dat)\
15127c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\
15137c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x54))
15147c478bd9Sstevel@tonic-gate #define krb5_is_krb_priv(dat)\
15157c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\
15167c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x55))
15177c478bd9Sstevel@tonic-gate #define krb5_is_krb_cred(dat)\
15187c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\
15197c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x56))
15207c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_as_rep_part(dat)\
15217c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\
15227c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x59))
15237c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_tgs_rep_part(dat)\
15247c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\
15257c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x5a))
15267c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_ap_rep_part(dat)\
15277c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\
15287c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x5b))
15297c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_priv_part(dat)\
15307c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\
15317c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x5c))
15327c478bd9Sstevel@tonic-gate #define krb5_is_krb_enc_krb_cred_part(dat)\
15337c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\
15347c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x5d))
15357c478bd9Sstevel@tonic-gate #define krb5_is_krb_error(dat)\
15367c478bd9Sstevel@tonic-gate 	((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\
15377c478bd9Sstevel@tonic-gate 				    (dat)->data[0] == 0x5e))
15387c478bd9Sstevel@tonic-gate 
15397c478bd9Sstevel@tonic-gate /*************************************************************************
15407c478bd9Sstevel@tonic-gate  * Prototypes for krb5_encode.c
15417c478bd9Sstevel@tonic-gate  *************************************************************************/
15427c478bd9Sstevel@tonic-gate 
15437c478bd9Sstevel@tonic-gate /*
15447c478bd9Sstevel@tonic-gate    krb5_error_code encode_krb5_structure(const krb5_structure *rep,
15457c478bd9Sstevel@tonic-gate 					 krb5_data **code);
15467c478bd9Sstevel@tonic-gate    modifies  *code
15477c478bd9Sstevel@tonic-gate    effects   Returns the ASN.1 encoding of *rep in **code.
15487c478bd9Sstevel@tonic-gate              Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep.
15497c478bd9Sstevel@tonic-gate              Returns ENOMEM if memory runs out.
15507c478bd9Sstevel@tonic-gate */
15517c478bd9Sstevel@tonic-gate 
15527c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authenticator
15537c478bd9Sstevel@tonic-gate 	(const krb5_authenticator *rep, krb5_data **code);
15547c478bd9Sstevel@tonic-gate 
15557c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ticket
15567c478bd9Sstevel@tonic-gate 	(const krb5_ticket *rep, krb5_data **code);
15577c478bd9Sstevel@tonic-gate 
15587c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_encryption_key
15597c478bd9Sstevel@tonic-gate 	(const krb5_keyblock *rep, krb5_data **code);
15607c478bd9Sstevel@tonic-gate 
15617c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_tkt_part
15627c478bd9Sstevel@tonic-gate 	(const krb5_enc_tkt_part *rep, krb5_data **code);
15637c478bd9Sstevel@tonic-gate 
15647c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_kdc_rep_part
15657c478bd9Sstevel@tonic-gate 	(const krb5_enc_kdc_rep_part *rep, krb5_data **code);
15667c478bd9Sstevel@tonic-gate 
15677c478bd9Sstevel@tonic-gate /* yes, the translation is identical to that used for KDC__REP */
15687c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_rep
15697c478bd9Sstevel@tonic-gate 	(const krb5_kdc_rep *rep, krb5_data **code);
15707c478bd9Sstevel@tonic-gate 
15717c478bd9Sstevel@tonic-gate /* yes, the translation is identical to that used for KDC__REP */
15727c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_rep
15737c478bd9Sstevel@tonic-gate 	(const krb5_kdc_rep *rep, krb5_data **code);
15747c478bd9Sstevel@tonic-gate 
15757c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_req
15767c478bd9Sstevel@tonic-gate 	(const krb5_ap_req *rep, krb5_data **code);
15777c478bd9Sstevel@tonic-gate 
15787c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep
15797c478bd9Sstevel@tonic-gate 	(const krb5_ap_rep *rep, krb5_data **code);
15807c478bd9Sstevel@tonic-gate 
15817c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_ap_rep_enc_part
15827c478bd9Sstevel@tonic-gate 	(const krb5_ap_rep_enc_part *rep, krb5_data **code);
15837c478bd9Sstevel@tonic-gate 
15847c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_as_req
15857c478bd9Sstevel@tonic-gate 	(const krb5_kdc_req *rep, krb5_data **code);
15867c478bd9Sstevel@tonic-gate 
15877c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_tgs_req
15887c478bd9Sstevel@tonic-gate 	(const krb5_kdc_req *rep, krb5_data **code);
15897c478bd9Sstevel@tonic-gate 
15907c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_kdc_req_body
15917c478bd9Sstevel@tonic-gate 	(const krb5_kdc_req *rep, krb5_data **code);
15927c478bd9Sstevel@tonic-gate 
15937c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe
15947c478bd9Sstevel@tonic-gate 	(const krb5_safe *rep, krb5_data **code);
15957c478bd9Sstevel@tonic-gate 
15967c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_safe_with_body
15977c478bd9Sstevel@tonic-gate 	(const krb5_safe *rep, const krb5_data *body, krb5_data **code);
15987c478bd9Sstevel@tonic-gate 
15997c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_priv
16007c478bd9Sstevel@tonic-gate 	(const krb5_priv *rep, krb5_data **code);
16017c478bd9Sstevel@tonic-gate 
16027c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_priv_part
16037c478bd9Sstevel@tonic-gate 	(const krb5_priv_enc_part *rep, krb5_data **code);
16047c478bd9Sstevel@tonic-gate 
16057c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_cred
16067c478bd9Sstevel@tonic-gate 	(const krb5_cred *rep, krb5_data **code);
16077c478bd9Sstevel@tonic-gate 
16087c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_cred_part
16097c478bd9Sstevel@tonic-gate 	(const krb5_cred_enc_part *rep, krb5_data **code);
16107c478bd9Sstevel@tonic-gate 
16117c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_error
16127c478bd9Sstevel@tonic-gate 	(const krb5_error *rep, krb5_data **code);
16137c478bd9Sstevel@tonic-gate 
16147c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_authdata
16157c478bd9Sstevel@tonic-gate 	(const krb5_authdata **rep, krb5_data **code);
16167c478bd9Sstevel@tonic-gate 
16177c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_sequence
16187c478bd9Sstevel@tonic-gate 	(const passwd_phrase_element *rep, krb5_data **code);
16197c478bd9Sstevel@tonic-gate 
16207c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pwd_data
16217c478bd9Sstevel@tonic-gate 	(const krb5_pwd_data *rep, krb5_data **code);
16227c478bd9Sstevel@tonic-gate 
16237c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_padata_sequence
16247c478bd9Sstevel@tonic-gate 	(const krb5_pa_data ** rep, krb5_data **code);
16257c478bd9Sstevel@tonic-gate 
16267c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_alt_method
16277c478bd9Sstevel@tonic-gate 	(const krb5_alt_method *, krb5_data **code);
16287c478bd9Sstevel@tonic-gate 
16297c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info
16307c478bd9Sstevel@tonic-gate 	(const krb5_etype_info_entry **, krb5_data **code);
16317c478bd9Sstevel@tonic-gate 
16327c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_etype_info2
16337c478bd9Sstevel@tonic-gate 	(const krb5_etype_info_entry **, krb5_data **code);
16347c478bd9Sstevel@tonic-gate 
16357c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_data
16367c478bd9Sstevel@tonic-gate     	(const krb5_enc_data *, krb5_data **);
16377c478bd9Sstevel@tonic-gate 
16387c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_pa_enc_ts
16397c478bd9Sstevel@tonic-gate     	(const krb5_pa_enc_ts *, krb5_data **);
16407c478bd9Sstevel@tonic-gate 
16417c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge
16427c478bd9Sstevel@tonic-gate 	(const krb5_sam_challenge * , krb5_data **);
16437c478bd9Sstevel@tonic-gate 
16447c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_key
16457c478bd9Sstevel@tonic-gate 	(const krb5_sam_key * , krb5_data **);
16467c478bd9Sstevel@tonic-gate 
16477c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc
16487c478bd9Sstevel@tonic-gate 	(const krb5_enc_sam_response_enc * , krb5_data **);
16497c478bd9Sstevel@tonic-gate 
16507c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response
16517c478bd9Sstevel@tonic-gate 	(const krb5_sam_response * , krb5_data **);
16527c478bd9Sstevel@tonic-gate 
16537c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_predicted_sam_response
16547c478bd9Sstevel@tonic-gate 	(const krb5_predicted_sam_response * , krb5_data **);
16557c478bd9Sstevel@tonic-gate 
16567c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2
16577c478bd9Sstevel@tonic-gate 	(const krb5_sam_challenge_2 * , krb5_data **);
16587c478bd9Sstevel@tonic-gate 
16597c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_challenge_2_body
16607c478bd9Sstevel@tonic-gate 	(const krb5_sam_challenge_2_body * , krb5_data **);
16617c478bd9Sstevel@tonic-gate 
16627c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_enc_sam_response_enc_2
16637c478bd9Sstevel@tonic-gate 	(const krb5_enc_sam_response_enc_2 * , krb5_data **);
16647c478bd9Sstevel@tonic-gate 
16657c478bd9Sstevel@tonic-gate krb5_error_code encode_krb5_sam_response_2
16667c478bd9Sstevel@tonic-gate 	(const krb5_sam_response_2 * , krb5_data **);
16677c478bd9Sstevel@tonic-gate 
166810db1377Sgtb krb5_error_code encode_krb5_setpw_req
166910db1377Sgtb         (const krb5_principal target, char *password, krb5_data **code);
167010db1377Sgtb 
16717c478bd9Sstevel@tonic-gate /*************************************************************************
16727c478bd9Sstevel@tonic-gate  * End of prototypes for krb5_encode.c
16737c478bd9Sstevel@tonic-gate  *************************************************************************/
16747c478bd9Sstevel@tonic-gate 
16757c478bd9Sstevel@tonic-gate /*************************************************************************
16767c478bd9Sstevel@tonic-gate  * Prototypes for krb5_decode.c
16777c478bd9Sstevel@tonic-gate  *************************************************************************/
16787c478bd9Sstevel@tonic-gate 
16797c478bd9Sstevel@tonic-gate /*
16807c478bd9Sstevel@tonic-gate    krb5_error_code decode_krb5_structure(const krb5_data *code,
16817c478bd9Sstevel@tonic-gate                                          krb5_structure **rep);
16827c478bd9Sstevel@tonic-gate 
16837c478bd9Sstevel@tonic-gate    requires  Expects **rep to not have been allocated;
16847c478bd9Sstevel@tonic-gate               a new *rep is allocated regardless of the old value.
16857c478bd9Sstevel@tonic-gate    effects   Decodes *code into **rep.
16867c478bd9Sstevel@tonic-gate 	     Returns ENOMEM if memory is exhausted.
16877c478bd9Sstevel@tonic-gate              Returns asn1 and krb5 errors.
16887c478bd9Sstevel@tonic-gate */
16897c478bd9Sstevel@tonic-gate 
16907c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authenticator
16917c478bd9Sstevel@tonic-gate 	(const krb5_data *code, krb5_authenticator **rep);
16927c478bd9Sstevel@tonic-gate 
16937c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ticket
16947c478bd9Sstevel@tonic-gate 	(const krb5_data *code, krb5_ticket **rep);
16957c478bd9Sstevel@tonic-gate 
16967c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_encryption_key
16977c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_keyblock **rep);
16987c478bd9Sstevel@tonic-gate 
16997c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_tkt_part
17007c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_enc_tkt_part **rep);
17017c478bd9Sstevel@tonic-gate 
17027c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_kdc_rep_part
17037c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_enc_kdc_rep_part **rep);
17047c478bd9Sstevel@tonic-gate 
17057c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_rep
17067c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_kdc_rep **rep);
17077c478bd9Sstevel@tonic-gate 
17087c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_rep
17097c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_kdc_rep **rep);
17107c478bd9Sstevel@tonic-gate 
17117c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_req
17127c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_ap_req **rep);
17137c478bd9Sstevel@tonic-gate 
17147c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep
17157c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_ap_rep **rep);
17167c478bd9Sstevel@tonic-gate 
17177c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_ap_rep_enc_part
17187c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_ap_rep_enc_part **rep);
17197c478bd9Sstevel@tonic-gate 
17207c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_as_req
17217c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_kdc_req **rep);
17227c478bd9Sstevel@tonic-gate 
17237c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_tgs_req
17247c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_kdc_req **rep);
17257c478bd9Sstevel@tonic-gate 
17267c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_kdc_req_body
17277c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_kdc_req **rep);
17287c478bd9Sstevel@tonic-gate 
17297c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe
17307c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_safe **rep);
17317c478bd9Sstevel@tonic-gate 
17327c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_safe_with_body
17337c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_safe **rep, krb5_data *body);
17347c478bd9Sstevel@tonic-gate 
17357c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_priv
17367c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_priv **rep);
17377c478bd9Sstevel@tonic-gate 
17387c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_priv_part
17397c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_priv_enc_part **rep);
17407c478bd9Sstevel@tonic-gate 
17417c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_cred
17427c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_cred **rep);
17437c478bd9Sstevel@tonic-gate 
17447c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_cred_part
17457c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_cred_enc_part **rep);
17467c478bd9Sstevel@tonic-gate 
17477c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_error
17487c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_error **rep);
17497c478bd9Sstevel@tonic-gate 
17507c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_authdata
17517c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_authdata ***rep);
17527c478bd9Sstevel@tonic-gate 
17537c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_sequence
17547c478bd9Sstevel@tonic-gate 	(const krb5_data *output, passwd_phrase_element **rep);
17557c478bd9Sstevel@tonic-gate 
17567c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pwd_data
17577c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_pwd_data **rep);
17587c478bd9Sstevel@tonic-gate 
17597c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_padata_sequence
17607c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_pa_data ***rep);
17617c478bd9Sstevel@tonic-gate 
17627c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_alt_method
17637c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_alt_method **rep);
17647c478bd9Sstevel@tonic-gate 
17657c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info
17667c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_etype_info_entry ***rep);
17677c478bd9Sstevel@tonic-gate 
17687c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_etype_info2
17697c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_etype_info_entry ***rep);
17707c478bd9Sstevel@tonic-gate 
17717c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_data
17727c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_enc_data **rep);
17737c478bd9Sstevel@tonic-gate 
17747c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_pa_enc_ts
17757c478bd9Sstevel@tonic-gate 	(const krb5_data *output, krb5_pa_enc_ts **rep);
17767c478bd9Sstevel@tonic-gate 
17777c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge
17787c478bd9Sstevel@tonic-gate 	(const krb5_data *, krb5_sam_challenge **);
17797c478bd9Sstevel@tonic-gate 
17807c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_key
17817c478bd9Sstevel@tonic-gate 	(const krb5_data *, krb5_sam_key **);
17827c478bd9Sstevel@tonic-gate 
17837c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_sam_response_enc
17847c478bd9Sstevel@tonic-gate 	(const krb5_data *, krb5_enc_sam_response_enc **);
17857c478bd9Sstevel@tonic-gate 
17867c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_response
17877c478bd9Sstevel@tonic-gate 	(const krb5_data *, krb5_sam_response **);
17887c478bd9Sstevel@tonic-gate 
17897c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_predicted_sam_response
17907c478bd9Sstevel@tonic-gate 	(const krb5_data *, krb5_predicted_sam_response **);
17917c478bd9Sstevel@tonic-gate 
17927c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge_2
17937c478bd9Sstevel@tonic-gate 	(const krb5_data *, krb5_sam_challenge_2 **);
17947c478bd9Sstevel@tonic-gate 
17957c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_challenge_2_body
17967c478bd9Sstevel@tonic-gate 	(const krb5_data *, krb5_sam_challenge_2_body **);
17977c478bd9Sstevel@tonic-gate 
17987c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_enc_sam_response_enc_2
17997c478bd9Sstevel@tonic-gate 	(const krb5_data *, krb5_enc_sam_response_enc_2 **);
18007c478bd9Sstevel@tonic-gate 
18017c478bd9Sstevel@tonic-gate krb5_error_code decode_krb5_sam_response_2
18027c478bd9Sstevel@tonic-gate 	(const krb5_data *, krb5_sam_response_2 **);
18037c478bd9Sstevel@tonic-gate 
180454925bf6Swillf struct _krb5_key_data;		/* kdb.h */
180554925bf6Swillf krb5_error_code
180654925bf6Swillf krb5int_ldap_encode_sequence_of_keys (struct _krb5_key_data *key_data,
180754925bf6Swillf 				      krb5_int16 n_key_data,
180854925bf6Swillf 				      krb5_int32 mkvno,
180954925bf6Swillf 				      krb5_data **code);
181054925bf6Swillf 
181154925bf6Swillf krb5_error_code
181254925bf6Swillf krb5int_ldap_decode_sequence_of_keys (krb5_data *in,
181354925bf6Swillf 				      struct _krb5_key_data **out,
181454925bf6Swillf 				      krb5_int16 *n_key_data,
181554925bf6Swillf 				      int *mkvno);
18167c478bd9Sstevel@tonic-gate 
18177c478bd9Sstevel@tonic-gate /*************************************************************************
18187c478bd9Sstevel@tonic-gate  * End of prototypes for krb5_decode.c
18197c478bd9Sstevel@tonic-gate  *************************************************************************/
18207c478bd9Sstevel@tonic-gate 
18217c478bd9Sstevel@tonic-gate #endif /* KRB5_ASN1__ */
18227c478bd9Sstevel@tonic-gate /*
18237c478bd9Sstevel@tonic-gate  * End "asn1.h"
18247c478bd9Sstevel@tonic-gate  */
18257c478bd9Sstevel@tonic-gate 
18267c478bd9Sstevel@tonic-gate 
18277c478bd9Sstevel@tonic-gate /*
18287c478bd9Sstevel@tonic-gate  * Internal krb5 library routines
18297c478bd9Sstevel@tonic-gate  */
18307c478bd9Sstevel@tonic-gate krb5_error_code krb5_encrypt_tkt_part
18317c478bd9Sstevel@tonic-gate 	(krb5_context,
18327c478bd9Sstevel@tonic-gate 	   krb5_const krb5_keyblock *,
18337c478bd9Sstevel@tonic-gate 	   krb5_ticket *);
18347c478bd9Sstevel@tonic-gate 
18357c478bd9Sstevel@tonic-gate 
18367c478bd9Sstevel@tonic-gate krb5_error_code krb5_encode_kdc_rep
18377c478bd9Sstevel@tonic-gate 	(krb5_context,
18387c478bd9Sstevel@tonic-gate 	   krb5_const krb5_msgtype,
18397c478bd9Sstevel@tonic-gate 	   krb5_const krb5_enc_kdc_rep_part *,
18407c478bd9Sstevel@tonic-gate 	   int using_subkey,
18417c478bd9Sstevel@tonic-gate 	   krb5_const krb5_keyblock *,
18427c478bd9Sstevel@tonic-gate 	   krb5_kdc_rep *,
18437c478bd9Sstevel@tonic-gate 	   krb5_data ** );
18447c478bd9Sstevel@tonic-gate 
18457c478bd9Sstevel@tonic-gate krb5_error_code krb5_validate_times
18467c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_ticket_times *);
18477c478bd9Sstevel@tonic-gate 
1848505d05c7Sgtb krb5_boolean krb5int_auth_con_chkseqnum
1849505d05c7Sgtb 	(krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq);
1850505d05c7Sgtb 
18517c478bd9Sstevel@tonic-gate /*
18527c478bd9Sstevel@tonic-gate  * [De]Serialization Handle and operations.
18537c478bd9Sstevel@tonic-gate  */
18547c478bd9Sstevel@tonic-gate struct __krb5_serializer {
18557c478bd9Sstevel@tonic-gate     krb5_magic		odtype;
18567c478bd9Sstevel@tonic-gate     krb5_error_code	(*sizer) (krb5_context,
18577c478bd9Sstevel@tonic-gate 				  krb5_pointer,
18587c478bd9Sstevel@tonic-gate 				  size_t *);
18597c478bd9Sstevel@tonic-gate     krb5_error_code	(*externalizer) (krb5_context,
18607c478bd9Sstevel@tonic-gate 					 krb5_pointer,
18617c478bd9Sstevel@tonic-gate 					 krb5_octet **,
18627c478bd9Sstevel@tonic-gate 					 size_t *);
18637c478bd9Sstevel@tonic-gate     krb5_error_code	(*internalizer) (krb5_context,
18647c478bd9Sstevel@tonic-gate 					 krb5_pointer *,
18657c478bd9Sstevel@tonic-gate 					 krb5_octet **,
18667c478bd9Sstevel@tonic-gate 					 size_t *);
18677c478bd9Sstevel@tonic-gate };
18687c478bd9Sstevel@tonic-gate typedef struct __krb5_serializer * krb5_ser_handle;
18697c478bd9Sstevel@tonic-gate typedef struct __krb5_serializer krb5_ser_entry;
18707c478bd9Sstevel@tonic-gate 
18717c478bd9Sstevel@tonic-gate krb5_ser_handle krb5_find_serializer
1872505d05c7Sgtb 	(krb5_context,
1873505d05c7Sgtb 		krb5_magic);
18747c478bd9Sstevel@tonic-gate krb5_error_code krb5_register_serializer
1875505d05c7Sgtb 	(krb5_context,
1876505d05c7Sgtb 			const krb5_ser_entry *);
18777c478bd9Sstevel@tonic-gate 
18787c478bd9Sstevel@tonic-gate /* Determine the external size of a particular opaque structure */
1879505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_size_opaque
1880505d05c7Sgtb 	(krb5_context,
1881505d05c7Sgtb 		krb5_magic,
1882505d05c7Sgtb 		krb5_pointer,
1883505d05c7Sgtb 		size_t *);
18847c478bd9Sstevel@tonic-gate 
18857c478bd9Sstevel@tonic-gate /* Serialize the structure into a buffer */
1886505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_externalize_opaque
18877c478bd9Sstevel@tonic-gate 	(krb5_context,
18887c478bd9Sstevel@tonic-gate 	krb5_magic,
18897c478bd9Sstevel@tonic-gate 	krb5_pointer,
18907c478bd9Sstevel@tonic-gate 	krb5_octet * *,
18917c478bd9Sstevel@tonic-gate 	size_t *);
18927c478bd9Sstevel@tonic-gate 
18937c478bd9Sstevel@tonic-gate /* Deserialize the structure from a buffer */
1894505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_internalize_opaque
1895505d05c7Sgtb 	(krb5_context,
1896505d05c7Sgtb 		krb5_magic,
1897505d05c7Sgtb 		krb5_pointer *,
1898505d05c7Sgtb 		krb5_octet **,
1899505d05c7Sgtb 		size_t *);
19007c478bd9Sstevel@tonic-gate 
19017c478bd9Sstevel@tonic-gate /* Serialize data into a buffer */
19027c478bd9Sstevel@tonic-gate krb5_error_code krb5_externalize_data
1903505d05c7Sgtb 	(krb5_context,
1904505d05c7Sgtb 		krb5_pointer,
1905505d05c7Sgtb 		krb5_octet **,
1906505d05c7Sgtb 		size_t *);
19077c478bd9Sstevel@tonic-gate /*
19087c478bd9Sstevel@tonic-gate  * Initialization routines.
19097c478bd9Sstevel@tonic-gate  */
19107c478bd9Sstevel@tonic-gate 
19117c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_[os_]context */
1912505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_context_init
19137c478bd9Sstevel@tonic-gate 	(krb5_context);
19147c478bd9Sstevel@tonic-gate 
19157c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_auth_context */
1916505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init
19177c478bd9Sstevel@tonic-gate 	(krb5_context);
19187c478bd9Sstevel@tonic-gate 
19197c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_keytab */
1920505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init
19217c478bd9Sstevel@tonic-gate 	(krb5_context);
19227c478bd9Sstevel@tonic-gate 
19237c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_ccache */
1924505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init
19257c478bd9Sstevel@tonic-gate 	(krb5_context);
19267c478bd9Sstevel@tonic-gate 
19277c478bd9Sstevel@tonic-gate /* Initialize serialization for krb5_rcache */
1928505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init
19297c478bd9Sstevel@tonic-gate 	(krb5_context);
19307c478bd9Sstevel@tonic-gate 
19317c478bd9Sstevel@tonic-gate /* [De]serialize 4-byte integer */
19327c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32
1933505d05c7Sgtb 	(krb5_int32,
1934505d05c7Sgtb 		krb5_octet **,
1935505d05c7Sgtb 		size_t *);
1936505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32
1937505d05c7Sgtb 	(krb5_int32 *,
1938505d05c7Sgtb 		krb5_octet **,
1939505d05c7Sgtb 		size_t *);
1940505d05c7Sgtb /* [De]serialize 8-byte integer */
19417c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64
19427c478bd9Sstevel@tonic-gate 	(krb5_int64, krb5_octet * *, size_t *);
19437c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64
19447c478bd9Sstevel@tonic-gate 	(krb5_int64 *, krb5_octet **, size_t *);
19457c478bd9Sstevel@tonic-gate /* [De]serialize byte string */
1946505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes
19477c478bd9Sstevel@tonic-gate 	(krb5_octet *,
1948505d05c7Sgtb 		size_t,
1949505d05c7Sgtb 		krb5_octet **,
1950505d05c7Sgtb 		size_t *);
1951505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes
19527c478bd9Sstevel@tonic-gate 	(krb5_octet *,
1953505d05c7Sgtb 		size_t,
1954505d05c7Sgtb 		krb5_octet **,
1955505d05c7Sgtb 		size_t *);
19567c478bd9Sstevel@tonic-gate 
1957505d05c7Sgtb 
1958505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5int_cc_default
19597c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_ccache *);
19607c478bd9Sstevel@tonic-gate 
19617c478bd9Sstevel@tonic-gate krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default
19627c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *);
19637c478bd9Sstevel@tonic-gate 
19647c478bd9Sstevel@tonic-gate void krb5int_set_prompt_types
19657c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_prompt_type *);
19667c478bd9Sstevel@tonic-gate 
19677c478bd9Sstevel@tonic-gate krb5_error_code
19687c478bd9Sstevel@tonic-gate krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context,
19697c478bd9Sstevel@tonic-gate 		krb5_keyblock * /* Old keyblock, not new!  */);
19707c478bd9Sstevel@tonic-gate 
1971505d05c7Sgtb /* set and change password helpers */
1972505d05c7Sgtb 
1973505d05c7Sgtb krb5_error_code krb5int_mk_chpw_req
1974505d05c7Sgtb         (krb5_context context, krb5_auth_context auth_context,
1975505d05c7Sgtb              krb5_data *ap_req, char *passwd, krb5_data *packet);
1976505d05c7Sgtb krb5_error_code krb5int_rd_chpw_rep
1977505d05c7Sgtb         (krb5_context context, krb5_auth_context auth_context,
1978505d05c7Sgtb                        krb5_data *packet, int *result_code,
1979505d05c7Sgtb                        krb5_data *result_data);
1980505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string
1981505d05c7Sgtb         (krb5_context context, int result_code,
1982505d05c7Sgtb                         char **result_codestr);
1983505d05c7Sgtb krb5_error_code  krb5int_mk_setpw_req
1984505d05c7Sgtb         (krb5_context context, krb5_auth_context auth_context,
1985505d05c7Sgtb              krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet);
1986505d05c7Sgtb krb5_error_code krb5int_rd_setpw_rep
1987505d05c7Sgtb         (krb5_context context, krb5_auth_context auth_context,
1988505d05c7Sgtb                        krb5_data *packet, int *result_code,
1989505d05c7Sgtb                        krb5_data *result_data);
1990505d05c7Sgtb 
1991505d05c7Sgtb krb5_error_code krb5int_setpw_result_code_string
1992505d05c7Sgtb         (krb5_context context, int result_code,
1993505d05c7Sgtb                        const char **result_codestr);
19947c478bd9Sstevel@tonic-gate 
19957c478bd9Sstevel@tonic-gate struct srv_dns_entry {
19967c478bd9Sstevel@tonic-gate 	struct srv_dns_entry *next;
19977c478bd9Sstevel@tonic-gate 	int priority;
19987c478bd9Sstevel@tonic-gate 	int weight;
19997c478bd9Sstevel@tonic-gate 	unsigned short port;
20007c478bd9Sstevel@tonic-gate 	char *host;
20017c478bd9Sstevel@tonic-gate };
20027c478bd9Sstevel@tonic-gate 
20037c478bd9Sstevel@tonic-gate krb5_error_code
20047c478bd9Sstevel@tonic-gate krb5int_make_srv_query_realm(const krb5_data *realm,
20057c478bd9Sstevel@tonic-gate 	const char *service,
20067c478bd9Sstevel@tonic-gate 	const char *protocol,
20077c478bd9Sstevel@tonic-gate 	struct srv_dns_entry **answers);
20087c478bd9Sstevel@tonic-gate void krb5int_free_srv_dns_data(struct srv_dns_entry *);
20097c478bd9Sstevel@tonic-gate 
20107c478bd9Sstevel@tonic-gate /*
20117c478bd9Sstevel@tonic-gate  * Convenience function for structure magic number
20127c478bd9Sstevel@tonic-gate  */
20137c478bd9Sstevel@tonic-gate #define KRB5_VERIFY_MAGIC(structure,magic_number) \
20147c478bd9Sstevel@tonic-gate     if ((structure)->magic != (magic_number)) return (magic_number);
20157c478bd9Sstevel@tonic-gate 
2016505d05c7Sgtb 
2017505d05c7Sgtb /* SUNW14resync XXX - see k5-util.h */
2018505d05c7Sgtb #if 0
20197c478bd9Sstevel@tonic-gate int krb5_seteuid  (int);
2020505d05c7Sgtb #endif
20217c478bd9Sstevel@tonic-gate 
20227c478bd9Sstevel@tonic-gate char * krb5_getenv(const char *);
20237c478bd9Sstevel@tonic-gate int krb5_setenv  (const char *, const char *, int);
20247c478bd9Sstevel@tonic-gate void krb5_unsetenv  (const char *);
20257c478bd9Sstevel@tonic-gate 
2026505d05c7Sgtb 
2027505d05c7Sgtb /* SUNW14resync - (from here to EOF) not sure if we need this but will add it
2028505d05c7Sgtb    for future resync sake */
2029505d05c7Sgtb 
2030505d05c7Sgtb /* To keep happy libraries which are (for now) accessing internal stuff */
2031505d05c7Sgtb 
2032505d05c7Sgtb /* Make sure to increment by one when changing the struct */
2033505d05c7Sgtb #define KRB5INT_ACCESS_STRUCT_VERSION 9
2034505d05c7Sgtb 
2035505d05c7Sgtb #ifndef ANAME_SZ
2036505d05c7Sgtb struct ktext;                   /* from krb.h, for krb524 support */
2037505d05c7Sgtb #endif
2038505d05c7Sgtb typedef struct _krb5int_access {
2039505d05c7Sgtb     /* crypto stuff */
2040505d05c7Sgtb     const struct krb5_hash_provider *md5_hash_provider;
2041505d05c7Sgtb     const struct krb5_enc_provider *arcfour_enc_provider;
2042*ab9b2e15Sgtb 	krb5_error_code (* krb5_hmac) (krb5_context,
2043*ab9b2e15Sgtb 				   const struct krb5_hash_provider *hash,
2044505d05c7Sgtb                                    const krb5_keyblock *key,
2045505d05c7Sgtb                                    unsigned int icount, const krb5_data *input,
2046505d05c7Sgtb                                    krb5_data *output);
2047505d05c7Sgtb     /* service location and communication */
2048505d05c7Sgtb #ifndef _KERNEL
2049505d05c7Sgtb     krb5_error_code (*locate_server) (krb5_context, const krb5_data *,
2050505d05c7Sgtb                                       struct addrlist *, int,
2051505d05c7Sgtb                                       const char *, const char *,
2052505d05c7Sgtb                                       int, int, int, int);
2053505d05c7Sgtb     krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg,
2054505d05c7Sgtb                                    const struct addrlist *, krb5_data *reply,
205554925bf6Swillf                                    struct sockaddr_storage *, socklen_t *, int *);
2056505d05c7Sgtb     krb5_error_code (*add_host_to_list)(struct addrlist *lp,
2057505d05c7Sgtb                                         const char *hostname,
2058505d05c7Sgtb                                         int port, int secport,
2059505d05c7Sgtb                                         int socktype, int family);
2060505d05c7Sgtb     void (*free_addrlist) (struct addrlist *);
2061505d05c7Sgtb #endif /* _KERNEL */
2062505d05c7Sgtb 
2063505d05c7Sgtb 
2064505d05c7Sgtb     krb5_error_code (*make_srv_query_realm)(const krb5_data *realm,
2065505d05c7Sgtb                                             const char *service,
2066505d05c7Sgtb                                             const char *protocol,
2067505d05c7Sgtb                                             struct srv_dns_entry **answers);
2068505d05c7Sgtb     void (*free_srv_dns_data)(struct srv_dns_entry *);
2069505d05c7Sgtb     int (*use_dns_kdc)(krb5_context);
2070505d05c7Sgtb 
2071505d05c7Sgtb     /* krb4 compatibility stuff -- may be null if not enabled */
2072505d05c7Sgtb     krb5_int32 (*krb_life_to_time)(krb5_int32, int);
2073505d05c7Sgtb     int (*krb_time_to_life)(krb5_int32, krb5_int32);
2074505d05c7Sgtb     int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *);
2075505d05c7Sgtb     krb5_error_code (*krb5int_c_mandatory_cksumtype)
2076505d05c7Sgtb         (krb5_context, krb5_enctype, krb5_cksumtype *);
2077505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *krb5_ser_pack_int64)
2078505d05c7Sgtb         (krb5_int64, krb5_octet **, size_t *);
2079505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *krb5_ser_unpack_int64)
2080505d05c7Sgtb         (krb5_int64 *, krb5_octet **, size_t *);
208154925bf6Swillf 
208254925bf6Swillf     /* Used for KDB LDAP back end.  */
208354925bf6Swillf     krb5_error_code
208454925bf6Swillf     (*asn1_ldap_encode_sequence_of_keys) (struct _krb5_key_data *key_data,
208554925bf6Swillf 					  krb5_int16 n_key_data,
208654925bf6Swillf 					  krb5_int32 mkvno,
208754925bf6Swillf 					  krb5_data **code);
208854925bf6Swillf 
208954925bf6Swillf     krb5_error_code
209054925bf6Swillf     (*asn1_ldap_decode_sequence_of_keys) (krb5_data *in,
209154925bf6Swillf 					  struct _krb5_key_data **out,
209254925bf6Swillf 					  krb5_int16 *n_key_data,
209354925bf6Swillf 					  int *mkvno);
2094505d05c7Sgtb } krb5int_access;
2095505d05c7Sgtb 
2096505d05c7Sgtb #define KRB5INT_ACCESS_VERSION \
2097505d05c7Sgtb     (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \
2098505d05c7Sgtb                    (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF)
2099505d05c7Sgtb 
2100505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5int_accessor
2101505d05c7Sgtb         (krb5int_access*, krb5_int32);
2102505d05c7Sgtb 
2103505d05c7Sgtb /* Ick -- some krb524 and krb4 support placed in the krb5 library,
2104505d05c7Sgtb    because AFS (and potentially other applications?) use the krb4
2105505d05c7Sgtb    object as an opaque token, which (in some implementations) is not
2106505d05c7Sgtb    in fact a krb4 ticket, so we don't want to drag in the krb4 support
2107505d05c7Sgtb    just to enable this.  */
2108505d05c7Sgtb 
2109505d05c7Sgtb #define KRB524_SERVICE "krb524"
2110505d05c7Sgtb #define KRB524_PORT 4444
2111505d05c7Sgtb 
2112505d05c7Sgtb /* v4lifetime.c */
2113505d05c7Sgtb extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int);
2114505d05c7Sgtb extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32);
2115505d05c7Sgtb 
2116505d05c7Sgtb /* conv_creds.c */
2117505d05c7Sgtb int krb5int_encode_v4tkt
2118505d05c7Sgtb         (struct ktext *v4tkt, char *buf, unsigned int *encoded_len);
2119505d05c7Sgtb 
2120505d05c7Sgtb /* send524.c */
2121505d05c7Sgtb int krb5int_524_sendto_kdc
2122505d05c7Sgtb         (krb5_context context, const krb5_data * message,
2123505d05c7Sgtb          const krb5_data * realm, krb5_data * reply,
2124505d05c7Sgtb          struct sockaddr *, socklen_t *);
2125505d05c7Sgtb 
2126505d05c7Sgtb /* temporary -- this should be under lib/krb5/ccache somewhere */
2127505d05c7Sgtb 
2128505d05c7Sgtb struct _krb5_ccache {
2129505d05c7Sgtb     krb5_magic magic;
2130505d05c7Sgtb     const struct _krb5_cc_ops *ops;
2131505d05c7Sgtb     krb5_pointer data;
2132505d05c7Sgtb };
2133505d05c7Sgtb 
2134505d05c7Sgtb struct _krb5_cc_ops {
2135505d05c7Sgtb     krb5_magic magic;
2136505d05c7Sgtb     char *prefix;
2137505d05c7Sgtb     const char * (KRB5_CALLCONV *get_name) (krb5_context, krb5_ccache);
2138505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_ccache *,
2139505d05c7Sgtb                                             const char *);
2140505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *gen_new) (krb5_context, krb5_ccache *);
2141505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_ccache,
2142505d05c7Sgtb                                             krb5_principal);
2143505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_ccache);
2144505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_ccache);
2145505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_ccache,
2146505d05c7Sgtb                                             krb5_creds *);
2147505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *retrieve) (krb5_context, krb5_ccache,
2148505d05c7Sgtb                                             krb5_flags, krb5_creds *,
2149505d05c7Sgtb                                             krb5_creds *);
2150505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *get_princ) (krb5_context, krb5_ccache,
2151505d05c7Sgtb                                             krb5_principal *);
2152505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *get_first) (krb5_context, krb5_ccache,
2153505d05c7Sgtb                                             krb5_cc_cursor *);
2154505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_ccache,
2155505d05c7Sgtb                                             krb5_cc_cursor *, krb5_creds *);
2156505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_ccache,
2157505d05c7Sgtb                                             krb5_cc_cursor *);
2158505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *remove_cred) (krb5_context, krb5_ccache,
2159505d05c7Sgtb                                             krb5_flags, krb5_creds *);
2160505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *set_flags) (krb5_context, krb5_ccache,
2161505d05c7Sgtb                                             krb5_flags);
2162505d05c7Sgtb };
2163505d05c7Sgtb 
2164505d05c7Sgtb extern const krb5_cc_ops *krb5_cc_dfl_ops;
2165505d05c7Sgtb 
2166505d05c7Sgtb typedef struct _krb5_donot_replay {
2167505d05c7Sgtb     krb5_magic magic;
2168505d05c7Sgtb     krb5_ui_4 hash;
2169505d05c7Sgtb     char *server;                       /* null-terminated */
2170505d05c7Sgtb     char *client;                       /* null-terminated */
2171505d05c7Sgtb     krb5_int32 cusec;
2172505d05c7Sgtb     krb5_timestamp ctime;
2173505d05c7Sgtb } krb5_donot_replay;
2174505d05c7Sgtb 
2175505d05c7Sgtb krb5_error_code krb5_rc_default
2176505d05c7Sgtb         (krb5_context,
2177505d05c7Sgtb                 krb5_rcache *);
2178505d05c7Sgtb krb5_error_code krb5_rc_resolve_type
2179505d05c7Sgtb         (krb5_context,
2180505d05c7Sgtb                 krb5_rcache *,char *);
2181505d05c7Sgtb krb5_error_code krb5_rc_resolve_full
2182505d05c7Sgtb         (krb5_context,
2183505d05c7Sgtb                 krb5_rcache *,char *);
2184505d05c7Sgtb char * krb5_rc_get_type
2185505d05c7Sgtb         (krb5_context,
2186505d05c7Sgtb                 krb5_rcache);
2187505d05c7Sgtb char * krb5_rc_default_type
2188505d05c7Sgtb         (krb5_context);
2189505d05c7Sgtb char * krb5_rc_default_name
2190505d05c7Sgtb         (krb5_context);
2191505d05c7Sgtb krb5_error_code krb5_auth_to_rep
2192505d05c7Sgtb         (krb5_context,
2193505d05c7Sgtb                 krb5_tkt_authent *,
2194505d05c7Sgtb                 krb5_donot_replay *);
2195505d05c7Sgtb 
2196505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_initialize
2197505d05c7Sgtb         (krb5_context, krb5_rcache,krb5_deltat);
2198505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_recover_or_initialize
2199505d05c7Sgtb         (krb5_context, krb5_rcache,krb5_deltat);
2200505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_recover
2201505d05c7Sgtb         (krb5_context, krb5_rcache);
2202505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_destroy
2203505d05c7Sgtb         (krb5_context, krb5_rcache);
2204505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_close
2205505d05c7Sgtb         (krb5_context, krb5_rcache);
2206505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_store
2207505d05c7Sgtb         (krb5_context, krb5_rcache,krb5_donot_replay *);
2208505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_expunge
2209505d05c7Sgtb         (krb5_context, krb5_rcache);
2210505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan
2211505d05c7Sgtb         (krb5_context, krb5_rcache,krb5_deltat *);
2212505d05c7Sgtb char *KRB5_CALLCONV krb5_rc_get_name
2213505d05c7Sgtb         (krb5_context, krb5_rcache);
2214505d05c7Sgtb krb5_error_code KRB5_CALLCONV krb5_rc_resolve
2215505d05c7Sgtb         (krb5_context, krb5_rcache, char *);
2216505d05c7Sgtb 
2217505d05c7Sgtb typedef struct _krb5_kt_ops {
2218505d05c7Sgtb     krb5_magic magic;
2219505d05c7Sgtb     char *prefix;
2220505d05c7Sgtb     /* routines always present */
2221505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *resolve)
2222505d05c7Sgtb         (krb5_context,
2223505d05c7Sgtb                  const char *,
2224505d05c7Sgtb                  krb5_keytab *);
2225505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *get_name)
2226505d05c7Sgtb         (krb5_context,
2227505d05c7Sgtb                  krb5_keytab,
2228505d05c7Sgtb                  char *,
2229505d05c7Sgtb                  unsigned int);
2230505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *close)
2231505d05c7Sgtb         (krb5_context,
2232505d05c7Sgtb                  krb5_keytab);
2233505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *get)
2234505d05c7Sgtb         (krb5_context,
2235505d05c7Sgtb                  krb5_keytab,
2236505d05c7Sgtb                  krb5_const_principal,
2237505d05c7Sgtb                  krb5_kvno,
2238505d05c7Sgtb                  krb5_enctype,
2239505d05c7Sgtb                  krb5_keytab_entry *);
2240505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *start_seq_get)
2241505d05c7Sgtb         (krb5_context,
2242505d05c7Sgtb                  krb5_keytab,
2243505d05c7Sgtb                  krb5_kt_cursor *);
2244505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *get_next)
2245505d05c7Sgtb         (krb5_context,
2246505d05c7Sgtb                  krb5_keytab,
2247505d05c7Sgtb                  krb5_keytab_entry *,
2248505d05c7Sgtb                  krb5_kt_cursor *);
2249505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *end_get)
2250505d05c7Sgtb         (krb5_context,
2251505d05c7Sgtb                  krb5_keytab,
2252505d05c7Sgtb                  krb5_kt_cursor *);
2253505d05c7Sgtb     /* routines to be included on extended version (write routines) */
2254505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *add)
2255505d05c7Sgtb         (krb5_context,
2256505d05c7Sgtb                  krb5_keytab,
2257505d05c7Sgtb                  krb5_keytab_entry *);
2258505d05c7Sgtb     krb5_error_code (KRB5_CALLCONV *remove)
2259505d05c7Sgtb         (krb5_context,
2260505d05c7Sgtb                  krb5_keytab,
2261505d05c7Sgtb                   krb5_keytab_entry *);
2262505d05c7Sgtb 
2263505d05c7Sgtb     /* Handle for serializer */
2264505d05c7Sgtb     const krb5_ser_entry *serializer;
2265505d05c7Sgtb } krb5_kt_ops;
2266505d05c7Sgtb 
2267505d05c7Sgtb extern const krb5_kt_ops krb5_kt_dfl_ops;
2268505d05c7Sgtb 
2269505d05c7Sgtb extern krb5_error_code krb5int_translate_gai_error (int);
2270505d05c7Sgtb 
2271505d05c7Sgtb /* Not sure it's ready for exposure just yet.  */
2272505d05c7Sgtb extern krb5_error_code
2273505d05c7Sgtb krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *);
2274505d05c7Sgtb 
2275505d05c7Sgtb extern int krb5int_crypto_init (void);
2276505d05c7Sgtb extern int krb5int_prng_init(void);
2277505d05c7Sgtb 
2278505d05c7Sgtb /*
2279505d05c7Sgtb  * SUNW14resync
2280505d05c7Sgtb  * Hack (?) to neuter C99 "inline" which causes warnings w/our build.
2281505d05c7Sgtb  */
2282505d05c7Sgtb #define inline
2283505d05c7Sgtb 
2284505d05c7Sgtb /* Solaris kerberos */
2285505d05c7Sgtb krb5_boolean KRB5_CALLCONV is_in_keytype
2286505d05c7Sgtb 	(krb5_const krb5_enctype *keytype,
2287505d05c7Sgtb 	int numkeytypes, krb5_enctype enctype);
2288505d05c7Sgtb 
228924da5b34Srie /*
229024da5b34Srie  * Solaris Kerberos
229124da5b34Srie  * Use krb5_getuid() to select the mechanism to obtain the uid.
229224da5b34Srie  */
229324da5b34Srie extern uid_t	krb5_getuid();
2294*ab9b2e15Sgtb 
2295fe598cdcSmp /*
2296fe598cdcSmp  * Referral definitions, debugging hooks, and subfunctions.
2297fe598cdcSmp  */
2298fe598cdcSmp #define        KRB5_REFERRAL_MAXHOPS	5
2299fe598cdcSmp /* #define DEBUG_REFERRALS */
2300fe598cdcSmp 
2301fe598cdcSmp #ifdef DEBUG_REFERRALS
2302fe598cdcSmp void krb5int_dbgref_dump_principal(char *, krb5_principal);
2303fe598cdcSmp #endif
2304fe598cdcSmp 
2305fe598cdcSmp /* Common hostname-parsing code. */
2306fe598cdcSmp krb5_error_code KRB5_CALLCONV krb5int_clean_hostname
2307fe598cdcSmp 	(krb5_context,
2308fe598cdcSmp 		const char *,
2309fe598cdcSmp 		char *,
2310fe598cdcSmp 		size_t);
2311505d05c7Sgtb 
23127c478bd9Sstevel@tonic-gate #endif /* _KRB5_INT_H */
2313