17c478bd9Sstevel@tonic-gate /*
2*5e01956fSGlenn Barry  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
37c478bd9Sstevel@tonic-gate  */
47c478bd9Sstevel@tonic-gate /*
5fe598cdcSmp  * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006 by the Massachusetts Institute of Technology,
67c478bd9Sstevel@tonic-gate  * Cambridge, MA, USA.  All Rights Reserved.
7159d09a2SMark Phalan  *
8159d09a2SMark Phalan  * This software is being provided to you, the LICENSEE, by the
9159d09a2SMark Phalan  * Massachusetts Institute of Technology (M.I.T.) under the following
10159d09a2SMark Phalan  * license.  By obtaining, using and/or copying this software, you agree
11159d09a2SMark Phalan  * that you have read, understood, and will comply with these terms and
12159d09a2SMark Phalan  * conditions:
13159d09a2SMark Phalan  *
147c478bd9Sstevel@tonic-gate  * Export of this software from the United States of America may
157c478bd9Sstevel@tonic-gate  * require a specific license from the United States Government.
167c478bd9Sstevel@tonic-gate  * It is the responsibility of any person or organization contemplating
177c478bd9Sstevel@tonic-gate  * export to obtain such a license before exporting.
18159d09a2SMark Phalan  *
19159d09a2SMark Phalan  * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
20159d09a2SMark Phalan  * this software and its documentation for any purpose and without fee or
21159d09a2SMark Phalan  * royalty is hereby granted, provided that you agree to comply with the
22159d09a2SMark Phalan  * following copyright notice and statements, including the disclaimer, and
23159d09a2SMark Phalan  * that the same appear on ALL copies of the software and documentation,
24159d09a2SMark Phalan  * including modifications that you make for internal use or for
257c478bd9Sstevel@tonic-gate  * distribution:
26159d09a2SMark Phalan  *
27159d09a2SMark Phalan  * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
28159d09a2SMark Phalan  * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
29159d09a2SMark Phalan  * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
30159d09a2SMark Phalan  * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
31159d09a2SMark Phalan  * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
32159d09a2SMark Phalan  * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
33159d09a2SMark Phalan  *
34159d09a2SMark Phalan  * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
35159d09a2SMark Phalan  * be used in advertising or publicity pertaining to distribution of the
36159d09a2SMark Phalan  * software.  Title to copyright in this software and any associated
37159d09a2SMark Phalan  * documentation shall at all times remain with M.I.T., and USER agrees to
387c478bd9Sstevel@tonic-gate  * preserve same.
39fe598cdcSmp  *
40fe598cdcSmp  * Furthermore if you modify this software you must label
41fe598cdcSmp  * your software as modified software and not distribute it in such a
42fe598cdcSmp  * fashion that it might be confused with the original M.I.T. software.
43ab9b2e15Sgtb  */
44159d09a2SMark Phalan 
457c478bd9Sstevel@tonic-gate /*
467c478bd9Sstevel@tonic-gate  * Copyright (C) 1998 by the FundsXpress, INC.
47159d09a2SMark Phalan  *
487c478bd9Sstevel@tonic-gate  * All rights reserved.
49159d09a2SMark Phalan  *
507c478bd9Sstevel@tonic-gate  * Export of this software from the United States of America may require
517c478bd9Sstevel@tonic-gate  * a specific license from the United States Government.  It is the
527c478bd9Sstevel@tonic-gate  * responsibility of any person or organization contemplating export to
537c478bd9Sstevel@tonic-gate  * obtain such a license before exporting.
54159d09a2SMark Phalan  *
557c478bd9Sstevel@tonic-gate  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
567c478bd9Sstevel@tonic-gate  * distribute this software and its documentation for any purpose and
577c478bd9Sstevel@tonic-gate  * without fee is hereby granted, provided that the above copyright
587c478bd9Sstevel@tonic-gate  * notice appear in all copies and that both that copyright notice and
597c478bd9Sstevel@tonic-gate  * this permission notice appear in supporting documentation, and that
607c478bd9Sstevel@tonic-gate  * the name of FundsXpress. not be used in advertising or publicity pertaining
617c478bd9Sstevel@tonic-gate  * to distribution of the software without specific, written prior
627c478bd9Sstevel@tonic-gate  * permission.  FundsXpress makes no representations about the suitability of
637c478bd9Sstevel@tonic-gate  * this software for any purpose.  It is provided "as is" without express
647c478bd9Sstevel@tonic-gate  * or implied warranty.
65159d09a2SMark Phalan  *
667c478bd9Sstevel@tonic-gate  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
677c478bd9Sstevel@tonic-gate  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
687c478bd9Sstevel@tonic-gate  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
697c478bd9Sstevel@tonic-gate  */
707c478bd9Sstevel@tonic-gate 
717c478bd9Sstevel@tonic-gate /*
727c478bd9Sstevel@tonic-gate  * This prototype for k5-int.h (Krb5 internals include file)
737c478bd9Sstevel@tonic-gate  * includes the user-visible definitions from krb5.h and then
747c478bd9Sstevel@tonic-gate  * includes other definitions that are not user-visible but are
757c478bd9Sstevel@tonic-gate  * required for compiling Kerberos internal routines.
767c478bd9Sstevel@tonic-gate  *
777c478bd9Sstevel@tonic-gate  * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995
787c478bd9Sstevel@tonic-gate  */
797c478bd9Sstevel@tonic-gate 
807c478bd9Sstevel@tonic-gate #ifndef _KRB5_INT_H
817c478bd9Sstevel@tonic-gate #define _KRB5_INT_H
827c478bd9Sstevel@tonic-gate 
83159d09a2SMark Phalan #ifdef KRB5_GENERAL__
84159d09a2SMark Phalan #error krb5.h included before k5-int.h
85159d09a2SMark Phalan #endif /* KRB5_GENERAL__ */
867c478bd9Sstevel@tonic-gate 
877c478bd9Sstevel@tonic-gate #ifndef	_KERNEL
887c478bd9Sstevel@tonic-gate #include <osconf.h>
897c478bd9Sstevel@tonic-gate #include <security/cryptoki.h>
907c478bd9Sstevel@tonic-gate #else
917c478bd9Sstevel@tonic-gate #include <sys/crypto/common.h>
927c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h>
937c478bd9Sstevel@tonic-gate #endif
947c478bd9Sstevel@tonic-gate 
957c478bd9Sstevel@tonic-gate #ifdef  DEBUG
967c478bd9Sstevel@tonic-gate #if !defined(KRB5_DEBUG)
977c478bd9Sstevel@tonic-gate #define KRB5_DEBUG
987c478bd9Sstevel@tonic-gate #endif
997c478bd9Sstevel@tonic-gate #ifndef  KRB5_LOG_LVL
1007c478bd9Sstevel@tonic-gate #define KRB5_LOG_LVL KRB5_ERR
1017c478bd9Sstevel@tonic-gate #endif
1027c478bd9Sstevel@tonic-gate #endif  /* DEBUG */
1037c478bd9Sstevel@tonic-gate 
1047c478bd9Sstevel@tonic-gate #ifdef  _KERNEL
1057c478bd9Sstevel@tonic-gate 
1067c478bd9Sstevel@tonic-gate #ifdef  DEBUG
1077c478bd9Sstevel@tonic-gate #include        <sys/types.h>
1087c478bd9Sstevel@tonic-gate #include        <sys/cmn_err.h>
1097c478bd9Sstevel@tonic-gate  extern  void prom_printf();
1107c478bd9Sstevel@tonic-gate #endif  /* DEBUG */
1117c478bd9Sstevel@tonic-gate 
1127c478bd9Sstevel@tonic-gate #else   /* !_KERNEL */
1137c478bd9Sstevel@tonic-gate 
1147c478bd9Sstevel@tonic-gate #define prom_printf printf
1157c478bd9Sstevel@tonic-gate 
1167c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
1177c478bd9Sstevel@tonic-gate 
1187c478bd9Sstevel@tonic-gate #ifdef KRB5_LOG_LVL
1197c478bd9Sstevel@tonic-gate 
1207c478bd9Sstevel@tonic-gate /* krb5_log is used to set the logging level to determine what class of messages
1217c478bd9Sstevel@tonic-gate  * are output by the mech.  Note, more than one logging level can be used by
1227c478bd9Sstevel@tonic-gate  * bit or'ing the log values together.
1237c478bd9Sstevel@tonic-gate  *
1247c478bd9Sstevel@tonic-gate  * All log messages are captured by syslog.
1257c478bd9Sstevel@tonic-gate  */
1267c478bd9Sstevel@tonic-gate 
1277c478bd9Sstevel@tonic-gate extern unsigned int krb5_log;
1287c478bd9Sstevel@tonic-gate 
1297c478bd9Sstevel@tonic-gate /* Note, these defines should be mutually exclusive bit fields */
1307c478bd9Sstevel@tonic-gate #define KRB5_ERR  1   /* Use this debug log level for error path logging. */
1317c478bd9Sstevel@tonic-gate #define KRB5_INFO 2   /* Use this debug log level for informational messages. */
1327c478bd9Sstevel@tonic-gate 
1337c478bd9Sstevel@tonic-gate #ifdef  _KERNEL
1347c478bd9Sstevel@tonic-gate 
1357c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \
1367c478bd9Sstevel@tonic-gate      ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C), (D)), TRUE)))
1377c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \
1387c478bd9Sstevel@tonic-gate      ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C)), TRUE)))
1397c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B)   \
1407c478bd9Sstevel@tonic-gate      ((void)((krb5_log) && (krb5_log & (A)) && (printf((B)), TRUE)))
1417c478bd9Sstevel@tonic-gate 
1427c478bd9Sstevel@tonic-gate #else	/* !_KERNEL */
1437c478bd9Sstevel@tonic-gate 
1447c478bd9Sstevel@tonic-gate #include <syslog.h>
1457c478bd9Sstevel@tonic-gate 
1467c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \
1477c478bd9Sstevel@tonic-gate         ((void)((krb5_log) && (krb5_log & (A)) && \
1487c478bd9Sstevel@tonic-gate 		(syslog(LOG_DEBUG, (B), (C), (D)), TRUE)))
1497c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \
1507c478bd9Sstevel@tonic-gate         ((void)((krb5_log) && (krb5_log & (A)) && \
1517c478bd9Sstevel@tonic-gate 		(syslog(LOG_DEBUG, (B), (C)), TRUE)))
1527c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B)   \
1537c478bd9Sstevel@tonic-gate         ((void)((krb5_log) && (krb5_log & (A)) && \
1547c478bd9Sstevel@tonic-gate 	       	(syslog(LOG_DEBUG, B), TRUE)))
1557c478bd9Sstevel@tonic-gate 
1567c478bd9Sstevel@tonic-gate #endif	/* _KERNEL */
1577c478bd9Sstevel@tonic-gate 
1587c478bd9Sstevel@tonic-gate #else /* ! KRB5_LOG_LVL */
1597c478bd9Sstevel@tonic-gate 
1607c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D)
1617c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C)
1627c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B)
1637c478bd9Sstevel@tonic-gate 
1647c478bd9Sstevel@tonic-gate #endif /* KRB5_LOG_LVL */
1657c478bd9Sstevel@tonic-gate 
1667c478bd9Sstevel@tonic-gate #ifdef POSIX_TYPES
1677c478bd9Sstevel@tonic-gate #define timetype time_t
1687c478bd9Sstevel@tonic-gate #else
1697c478bd9Sstevel@tonic-gate #define timetype long
1707c478bd9Sstevel@tonic-gate #endif
1717c478bd9Sstevel@tonic-gate 
1727c478bd9Sstevel@tonic-gate /*
1737c478bd9Sstevel@tonic-gate  * Begin "k5-config.h"
1747c478bd9Sstevel@tonic-gate  */
1757c478bd9Sstevel@tonic-gate #ifndef KRB5_CONFIG__
1767c478bd9Sstevel@tonic-gate #define KRB5_CONFIG__
1777c478bd9Sstevel@tonic-gate 
178159d09a2SMark Phalan /*
179159d09a2SMark Phalan  * Machine-type definitions: PC Clone 386 running Microloss Windows
1807c478bd9Sstevel@tonic-gate  */
1817c478bd9Sstevel@tonic-gate 
182159d09a2SMark Phalan #if defined(_MSDOS) || defined(_WIN32)
1837c478bd9Sstevel@tonic-gate #include "win-mac.h"
1847c478bd9Sstevel@tonic-gate 
1857c478bd9Sstevel@tonic-gate /* Kerberos Windows initialization file */
186159d09a2SMark Phalan #define KERBEROS_INI	"kerberos.ini"
187159d09a2SMark Phalan #define INI_FILES	"Files"
188159d09a2SMark Phalan #define INI_KRB_CCACHE	"krb5cc"	/* Location of the ccache */
189159d09a2SMark Phalan #define INI_KRB5_CONF	"krb5.ini"	/* Location of krb5.conf file */
1907c478bd9Sstevel@tonic-gate #define ANSI_STDIO
1917c478bd9Sstevel@tonic-gate #endif
1927c478bd9Sstevel@tonic-gate 
1937c478bd9Sstevel@tonic-gate #ifndef _KERNEL
1947c478bd9Sstevel@tonic-gate #ifndef KRB5_AUTOCONF__
1957c478bd9Sstevel@tonic-gate #define KRB5_AUTOCONF__
196159d09a2SMark Phalan #include "autoconf.h"
1977c478bd9Sstevel@tonic-gate #endif
1987c478bd9Sstevel@tonic-gate #endif 		/* !_KERNEL  */
1997c478bd9Sstevel@tonic-gate 
2007c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__
2017c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__
2027c478bd9Sstevel@tonic-gate 
203159d09a2SMark Phalan #ifndef _KERNEL
2047c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TYPES_H		/* From autoconf.h */
2057c478bd9Sstevel@tonic-gate #include <sys/types.h>
2067c478bd9Sstevel@tonic-gate #else /* HAVE_SYS_TYPES_H */
207159d09a2SMark Phalan typedef unsigned long 	u_long;
208159d09a2SMark Phalan typedef unsigned int	u_int;
209159d09a2SMark Phalan typedef unsigned short	u_short;
210159d09a2SMark Phalan typedef unsigned char	u_char;
2117c478bd9Sstevel@tonic-gate #endif /* HAVE_SYS_TYPES_H */
2127c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */
213159d09a2SMark Phalan #endif 		/* !_KERNEL  */
214159d09a2SMark Phalan 
2157c478bd9Sstevel@tonic-gate 
216505d05c7Sgtb /* #include "k5-platform.h" SUNW XXX */
217505d05c7Sgtb /* not used in krb5.h (yet) */
2187c478bd9Sstevel@tonic-gate typedef uint64_t krb5_ui_8;
2197c478bd9Sstevel@tonic-gate typedef int64_t krb5_int64;
2207c478bd9Sstevel@tonic-gate 
221159d09a2SMark Phalan 
222159d09a2SMark Phalan 
2237c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING1 "Enter password:"
2247c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING2 "Re-enter password for verification:"
2257c478bd9Sstevel@tonic-gate #define	KRB5_KDB_MAX_LIFE	(60*60*24) /* one day */
2267c478bd9Sstevel@tonic-gate #define	KRB5_KDB_MAX_RLIFE	(60*60*24*365) /* one year */
2277c478bd9Sstevel@tonic-gate #define	KRB5_KDB_EXPIRATION	2145830400 /* Thu Jan  1 00:00:00 2038 UTC */
2287c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */
2297c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_RENEW_LIFE 7*24*60*60 /* 7 Days */
2307c478bd9Sstevel@tonic-gate 
231159d09a2SMark Phalan /*
2327c478bd9Sstevel@tonic-gate  * Windows requires a different api interface to each function. Here
2337c478bd9Sstevel@tonic-gate  * just define it as NULL.
2347c478bd9Sstevel@tonic-gate  */
2357c478bd9Sstevel@tonic-gate #ifndef KRB5_CALLCONV
2367c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV
2377c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV_C
2387c478bd9Sstevel@tonic-gate #endif
2397c478bd9Sstevel@tonic-gate #ifndef O_BINARY
2407c478bd9Sstevel@tonic-gate #define O_BINARY 0
2417c478bd9Sstevel@tonic-gate #endif
2427c478bd9Sstevel@tonic-gate 
2437c478bd9Sstevel@tonic-gate #endif /* KRB5_CONFIG__ */
2447c478bd9Sstevel@tonic-gate 
2457c478bd9Sstevel@tonic-gate /*
2467c478bd9Sstevel@tonic-gate  * End "k5-config.h"
2477c478bd9Sstevel@tonic-gate  */
2487c478bd9Sstevel@tonic-gate 
2497c478bd9Sstevel@tonic-gate /*
2507c478bd9Sstevel@tonic-gate  * After loading the configuration definitions, load the Kerberos definitions.
2517c478bd9Sstevel@tonic-gate  */
252505d05c7Sgtb #ifndef _KERNEL
253505d05c7Sgtb #include <errno.h>
254505d05c7Sgtb #include "profile.h"
255505d05c7Sgtb #endif
256505d05c7Sgtb 
2577c478bd9Sstevel@tonic-gate #include <krb5.h>
2587c478bd9Sstevel@tonic-gate 
2597c478bd9Sstevel@tonic-gate #ifndef _KERNEL
260505d05c7Sgtb #if 1 /* def NEED_SOCKETS */
2617c478bd9Sstevel@tonic-gate #include <port-sockets.h>
2627c478bd9Sstevel@tonic-gate #include <socket-utils.h>
2637c478bd9Sstevel@tonic-gate #else
2647c478bd9Sstevel@tonic-gate #ifndef SOCK_DGRAM
2657c478bd9Sstevel@tonic-gate struct sockaddr;
2667c478bd9Sstevel@tonic-gate #endif
2677c478bd9Sstevel@tonic-gate #endif
2687c478bd9Sstevel@tonic-gate #endif
2697c478bd9Sstevel@tonic-gate 
270505d05c7Sgtb /* Get mutex support; currently used only for the replay cache.  */
271505d05c7Sgtb #include "k5-thread.h"
272505d05c7Sgtb 
273505d05c7Sgtb 
2747c478bd9Sstevel@tonic-gate /* krb5/krb5.h includes many other .h files in the krb5 subdirectory.
2757c478bd9Sstevel@tonic-gate    The ones that it doesn't include, we include below.  */
2767c478bd9Sstevel@tonic-gate 
2777c478bd9Sstevel@tonic-gate /*
2787c478bd9Sstevel@tonic-gate  * Begin "k5-errors.h"
2797c478bd9Sstevel@tonic-gate  */
2807c478bd9Sstevel@tonic-gate #ifndef KRB5_ERRORS__
2817c478bd9Sstevel@tonic-gate #define KRB5_ERRORS__
2827c478bd9Sstevel@tonic-gate 
2837c478bd9Sstevel@tonic-gate 
2847c478bd9Sstevel@tonic-gate /* Error codes used in KRB_ERROR protocol messages.
2857c478bd9Sstevel@tonic-gate    Return values of library routines are based on a different error table
2867c478bd9Sstevel@tonic-gate    (which allows non-ambiguous error codes between subsystems) */
2877c478bd9Sstevel@tonic-gate 
2887c478bd9Sstevel@tonic-gate /* KDC errors */
2897c478bd9Sstevel@tonic-gate #define	KDC_ERR_NONE			0 /* No error */
2907c478bd9Sstevel@tonic-gate #define	KDC_ERR_NAME_EXP		1 /* Client's entry in DB expired */
2917c478bd9Sstevel@tonic-gate #define	KDC_ERR_SERVICE_EXP		2 /* Server's entry in DB expired */
2927c478bd9Sstevel@tonic-gate #define	KDC_ERR_BAD_PVNO		3 /* Requested pvno not supported */
2937c478bd9Sstevel@tonic-gate #define	KDC_ERR_C_OLD_MAST_KVNO		4 /* C's key encrypted in old master */
2947c478bd9Sstevel@tonic-gate #define	KDC_ERR_S_OLD_MAST_KVNO		5 /* S's key encrypted in old master */
2957c478bd9Sstevel@tonic-gate #define	KDC_ERR_C_PRINCIPAL_UNKNOWN	6 /* Client not found in Kerberos DB */
2967c478bd9Sstevel@tonic-gate #define	KDC_ERR_S_PRINCIPAL_UNKNOWN	7 /* Server not found in Kerberos DB */
2977c478bd9Sstevel@tonic-gate #define	KDC_ERR_PRINCIPAL_NOT_UNIQUE	8 /* Multiple entries in Kerberos DB */
2987c478bd9Sstevel@tonic-gate #define	KDC_ERR_NULL_KEY		9 /* The C or S has a null key */
2997c478bd9Sstevel@tonic-gate #define	KDC_ERR_CANNOT_POSTDATE		10 /* Tkt ineligible for postdating */
3007c478bd9Sstevel@tonic-gate #define	KDC_ERR_NEVER_VALID		11 /* Requested starttime > endtime */
3017c478bd9Sstevel@tonic-gate #define	KDC_ERR_POLICY			12 /* KDC policy rejects request */
3027c478bd9Sstevel@tonic-gate #define	KDC_ERR_BADOPTION		13 /* KDC can't do requested opt. */
3037c478bd9Sstevel@tonic-gate #define	KDC_ERR_ENCTYPE_NOSUPP		14 /* No support for encryption type */
3047c478bd9Sstevel@tonic-gate #define KDC_ERR_SUMTYPE_NOSUPP		15 /* No support for checksum type */
3057c478bd9Sstevel@tonic-gate #define KDC_ERR_PADATA_TYPE_NOSUPP	16 /* No support for padata type */
3067c478bd9Sstevel@tonic-gate #define KDC_ERR_TRTYPE_NOSUPP		17 /* No support for transited type */
3077c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_REVOKED		18 /* C's creds have been revoked */
3087c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_REVOKED		19 /* S's creds have been revoked */
3097c478bd9Sstevel@tonic-gate #define KDC_ERR_TGT_REVOKED		20 /* TGT has been revoked */
3107c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_NOTYET		21 /* C not yet valid */
3117c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_NOTYET		22 /* S not yet valid */
3127c478bd9Sstevel@tonic-gate #define KDC_ERR_KEY_EXP			23 /* Password has expired */
3137c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_FAILED		24 /* Preauthentication failed */
3147c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_REQUIRED	25 /* Additional preauthentication */
3157c478bd9Sstevel@tonic-gate 					   /* required */
3167c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVER_NOMATCH		26 /* Requested server and */
3177c478bd9Sstevel@tonic-gate 					   /* ticket don't match*/
318*5e01956fSGlenn Barry #define KDC_ERR_MUST_USE_USER2USER      27 /* Server principal valid for */
319*5e01956fSGlenn Barry 					   /*   user2user only */
320*5e01956fSGlenn Barry #define KDC_ERR_PATH_NOT_ACCEPTED       28 /* KDC policy rejected transited */
321*5e01956fSGlenn Barry 					   /*   path */
322159d09a2SMark Phalan #define KDC_ERR_SVC_UNAVAILABLE		29 /* A service is not
323159d09a2SMark Phalan 					    * available that is
324159d09a2SMark Phalan 					    * required to process the
325159d09a2SMark Phalan 					    * request */
3267c478bd9Sstevel@tonic-gate /* Application errors */
3277c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BAD_INTEGRITY 31	/* Decrypt integrity check failed */
3287c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_TKT_EXPIRED	32	/* Ticket expired */
3297c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_TKT_NYV	33	/* Ticket not yet valid */
3307c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_REPEAT	34	/* Request is a replay */
3317c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_NOT_US	35	/* The ticket isn't for us */
3327c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BADMATCH	36	/* Ticket/authenticator don't match */
3337c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_SKEW		37	/* Clock skew too great */
3347c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BADADDR	38	/* Incorrect net address */
3357c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BADVERSION	39	/* Protocol version mismatch */
3367c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_MSG_TYPE	40	/* Invalid message type */
3377c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_MODIFIED	41	/* Message stream modified */
3387c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BADORDER	42	/* Message out of order */
3397c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_BADKEYVER	44	/* Key version is not available */
3407c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_NOKEY	45	/* Service key not available */
3417c478bd9Sstevel@tonic-gate #define	KRB_AP_ERR_MUT_FAIL	46	/* Mutual authentication failed */
3427c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADDIRECTION	47 	/* Incorrect message direction */
3437c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_METHOD	48 	/* Alternative authentication */
3447c478bd9Sstevel@tonic-gate 					/* method required */
3457c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADSEQ	49 	/* Incorrect sequence numnber */
3467c478bd9Sstevel@tonic-gate 					/* in message */
3477c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_INAPP_CKSUM	50	/* Inappropriate type of */
3487c478bd9Sstevel@tonic-gate 					/* checksum in message */
349159d09a2SMark Phalan #define KRB_AP_PATH_NOT_ACCEPTED 51	/* Policy rejects transited path */
350159d09a2SMark Phalan #define KRB_ERR_RESPONSE_TOO_BIG 52	/* Response too big for UDP, */
351159d09a2SMark Phalan 					/*   retry with TCP */
3527c478bd9Sstevel@tonic-gate 
3537c478bd9Sstevel@tonic-gate /* other errors */
3547c478bd9Sstevel@tonic-gate #define KRB_ERR_GENERIC		60 	/* Generic error (description */
3557c478bd9Sstevel@tonic-gate 					/* in e-text) */
3567c478bd9Sstevel@tonic-gate #define	KRB_ERR_FIELD_TOOLONG	61	/* Field is too long for impl. */
3577c478bd9Sstevel@tonic-gate 
358159d09a2SMark Phalan /* PKINIT server-reported errors */
359159d09a2SMark Phalan #define KDC_ERR_CLIENT_NOT_TRUSTED		62 /* client cert not trusted */
360159d09a2SMark Phalan #define KDC_ERR_INVALID_SIG			64 /* client signature verify failed */
361159d09a2SMark Phalan #define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED	65 /* invalid Diffie-Hellman parameters */
362*5e01956fSGlenn Barry #define KDC_ERR_CERTIFICATE_MISMATCH            66
363*5e01956fSGlenn Barry #define KRB_AP_ERR_NO_TGT                       67
364*5e01956fSGlenn Barry #define KDC_ERR_WRONG_REALM                     68
365*5e01956fSGlenn Barry #define KRB_AP_ERR_USER_TO_USER_REQUIRED        69
366*5e01956fSGlenn Barry #define KDC_ERR_CANT_VERIFY_CERTIFICATE         70 /* client cert not verifiable
367*5e01956fSGlenn Barry  to */
368159d09a2SMark Phalan 						   /* trusted root cert */
369159d09a2SMark Phalan #define KDC_ERR_INVALID_CERTIFICATE		71 /* client cert had invalid signature */
370159d09a2SMark Phalan #define KDC_ERR_REVOKED_CERTIFICATE		72 /* client cert was revoked */
371159d09a2SMark Phalan #define KDC_ERR_REVOCATION_STATUS_UNKNOWN	73 /* client cert revoked, reason unknown */
372159d09a2SMark Phalan #define KDC_ERR_CLIENT_NAME_MISMATCH		75 /* mismatch between client cert and */
373159d09a2SMark Phalan 						   /* principal name */
374159d09a2SMark Phalan #define KDC_ERR_INCONSISTENT_KEY_PURPOSE	77 /* bad extended key use */
375159d09a2SMark Phalan #define KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED	78 /* bad digest algorithm in client cert */
376159d09a2SMark Phalan #define KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED	79 /* missing paChecksum in PA-PK-AS-REQ */
377159d09a2SMark Phalan #define KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED 80 /* bad digest algorithm in SignedData */
378159d09a2SMark Phalan #define KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED 81
379159d09a2SMark Phalan 
3807c478bd9Sstevel@tonic-gate #endif /* KRB5_ERRORS__ */
3817c478bd9Sstevel@tonic-gate /*
3827c478bd9Sstevel@tonic-gate  * End "k5-errors.h"
3837c478bd9Sstevel@tonic-gate  */
3847c478bd9Sstevel@tonic-gate 
3857c478bd9Sstevel@tonic-gate /*
3867c478bd9Sstevel@tonic-gate  * This structure is returned in the e-data field of the KRB-ERROR
3877c478bd9Sstevel@tonic-gate  * message when the error calling for an alternative form of
3887c478bd9Sstevel@tonic-gate  * authentication is returned, KRB_AP_METHOD.
3897c478bd9Sstevel@tonic-gate  */
3907c478bd9Sstevel@tonic-gate typedef struct _krb5_alt_method {
3917c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
3927c478bd9Sstevel@tonic-gate 	krb5_int32	method;
3937c478bd9Sstevel@tonic-gate 	unsigned int	length;
3947c478bd9Sstevel@tonic-gate 	krb5_octet	*data;
3957c478bd9Sstevel@tonic-gate } krb5_alt_method;
3967c478bd9Sstevel@tonic-gate 
3977c478bd9Sstevel@tonic-gate /*
3987c478bd9Sstevel@tonic-gate  * A null-terminated array of this structure is returned by the KDC as
3997c478bd9Sstevel@tonic-gate  * the data part of the ETYPE_INFO preauth type.  It informs the
4007c478bd9Sstevel@tonic-gate  * client which encryption types are supported.
401159d09a2SMark Phalan  * The  same data structure is used by both etype-info and etype-info2
4027c478bd9Sstevel@tonic-gate  * but s2kparams must be null when encoding etype-info.
4037c478bd9Sstevel@tonic-gate  */
4047c478bd9Sstevel@tonic-gate typedef struct _krb5_etype_info_entry {
4057c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
4067c478bd9Sstevel@tonic-gate 	krb5_enctype	etype;
4077c478bd9Sstevel@tonic-gate 	unsigned int	length;
4087c478bd9Sstevel@tonic-gate 	krb5_octet	*salt;
409159d09a2SMark Phalan     krb5_data s2kparams;
4107c478bd9Sstevel@tonic-gate } krb5_etype_info_entry;
4117c478bd9Sstevel@tonic-gate 
412159d09a2SMark Phalan /*
4137c478bd9Sstevel@tonic-gate  *  This is essentially -1 without sign extension which can screw up
4147c478bd9Sstevel@tonic-gate  *  comparisons on 64 bit machines. If the length is this value, then
4157c478bd9Sstevel@tonic-gate  *  the salt data is not present. This is to distinguish between not
416159d09a2SMark Phalan  *  being set and being of 0 length.
4177c478bd9Sstevel@tonic-gate  */
4187c478bd9Sstevel@tonic-gate #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS
4197c478bd9Sstevel@tonic-gate 
4207c478bd9Sstevel@tonic-gate typedef krb5_etype_info_entry ** krb5_etype_info;
4217c478bd9Sstevel@tonic-gate 
422ba7b222eSGlenn Barry /* RFC 4537 */
423ba7b222eSGlenn Barry typedef struct _krb5_etype_list {
424ba7b222eSGlenn Barry         int             length;
425ba7b222eSGlenn Barry         krb5_enctype    *etypes;
426ba7b222eSGlenn Barry } krb5_etype_list;
427ba7b222eSGlenn Barry 
4287c478bd9Sstevel@tonic-gate /*
429159d09a2SMark Phalan  * a sam_challenge is returned for alternate preauth
4307c478bd9Sstevel@tonic-gate  */
4317c478bd9Sstevel@tonic-gate /*
4327c478bd9Sstevel@tonic-gate           SAMFlags ::= BIT STRING {
4337c478bd9Sstevel@tonic-gate               use-sad-as-key[0],
4347c478bd9Sstevel@tonic-gate               send-encrypted-sad[1],
4357c478bd9Sstevel@tonic-gate               must-pk-encrypt-sad[2]
4367c478bd9Sstevel@tonic-gate           }
4377c478bd9Sstevel@tonic-gate  */
4387c478bd9Sstevel@tonic-gate /*
4397c478bd9Sstevel@tonic-gate           PA-SAM-CHALLENGE ::= SEQUENCE {
4407c478bd9Sstevel@tonic-gate               sam-type[0]                 INTEGER,
4417c478bd9Sstevel@tonic-gate               sam-flags[1]                SAMFlags,
4427c478bd9Sstevel@tonic-gate               sam-type-name[2]            GeneralString OPTIONAL,
4437c478bd9Sstevel@tonic-gate               sam-track-id[3]             GeneralString OPTIONAL,
4447c478bd9Sstevel@tonic-gate               sam-challenge-label[4]      GeneralString OPTIONAL,
4457c478bd9Sstevel@tonic-gate               sam-challenge[5]            GeneralString OPTIONAL,
4467c478bd9Sstevel@tonic-gate               sam-response-prompt[6]      GeneralString OPTIONAL,
4477c478bd9Sstevel@tonic-gate               sam-pk-for-sad[7]           EncryptionKey OPTIONAL,
4487c478bd9Sstevel@tonic-gate               sam-nonce[8]                INTEGER OPTIONAL,
4497c478bd9Sstevel@tonic-gate               sam-cksum[9]                Checksum OPTIONAL
4507c478bd9Sstevel@tonic-gate           }
4517c478bd9Sstevel@tonic-gate */
4527c478bd9Sstevel@tonic-gate /* sam_type values -- informational only */
4537c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ENIGMA     1   /*  Enigma Logic */
4547c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH  2   /*  Digital Pathways */
4557c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY_K0    3   /*  S/key where  KDC has key 0 */
4567c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY       4   /*  Traditional S/Key */
4577c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID    5   /*  Security Dynamics */
4587c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_CRYPTOCARD 6   /*  CRYPTOCard */
4597c478bd9Sstevel@tonic-gate #if 1 /* XXX need to figure out who has which numbers assigned */
4607c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_DEC  6   /*  ActivCard decimal mode */
4617c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_HEX  7   /*  ActivCard hex mode */
4627c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH_HEX  8   /*  Digital Pathways hex mode */
4637c478bd9Sstevel@tonic-gate #endif
4647c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_EXP_BASE    128 /* experimental */
4657c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_GRAIL		(PA_SAM_TYPE_EXP_BASE+0) /* testing */
4667c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID_PREDICT	(PA_SAM_TYPE_EXP_BASE+1) /* special */
4677c478bd9Sstevel@tonic-gate 
4687c478bd9Sstevel@tonic-gate typedef struct _krb5_predicted_sam_response {
4697c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
4707c478bd9Sstevel@tonic-gate 	krb5_keyblock	sam_key;
471159d09a2SMark Phalan 	krb5_flags	sam_flags; /* Makes key munging easier */
472159d09a2SMark Phalan 	krb5_timestamp  stime;	/* time on server, for replay detection */
473159d09a2SMark Phalan 	krb5_int32      susec;
474159d09a2SMark Phalan 	krb5_principal  client;
475159d09a2SMark Phalan 	krb5_data       msd;	/* mechanism specific data */
4767c478bd9Sstevel@tonic-gate } krb5_predicted_sam_response;
4777c478bd9Sstevel@tonic-gate 
4787c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge {
4797c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
4807c478bd9Sstevel@tonic-gate 	krb5_int32	sam_type; /* information */
4817c478bd9Sstevel@tonic-gate 	krb5_flags	sam_flags; /* KRB5_SAM_* values */
4827c478bd9Sstevel@tonic-gate 	krb5_data	sam_type_name;
4837c478bd9Sstevel@tonic-gate 	krb5_data	sam_track_id;
4847c478bd9Sstevel@tonic-gate 	krb5_data	sam_challenge_label;
4857c478bd9Sstevel@tonic-gate 	krb5_data	sam_challenge;
4867c478bd9Sstevel@tonic-gate 	krb5_data	sam_response_prompt;
4877c478bd9Sstevel@tonic-gate 	krb5_data	sam_pk_for_sad;
4887c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
4897c478bd9Sstevel@tonic-gate 	krb5_checksum	sam_cksum;
4907c478bd9Sstevel@tonic-gate } krb5_sam_challenge;
4917c478bd9Sstevel@tonic-gate 
4927c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_key {	/* reserved for future use */
4937c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
4947c478bd9Sstevel@tonic-gate 	krb5_keyblock	sam_key;
4957c478bd9Sstevel@tonic-gate } krb5_sam_key;
4967c478bd9Sstevel@tonic-gate 
4977c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc {
4987c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
4997c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
5007c478bd9Sstevel@tonic-gate 	krb5_timestamp	sam_timestamp;
5017c478bd9Sstevel@tonic-gate 	krb5_int32	sam_usec;
5027c478bd9Sstevel@tonic-gate 	krb5_data	sam_sad;
5037c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc;
5047c478bd9Sstevel@tonic-gate 
5057c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response {
5067c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
5077c478bd9Sstevel@tonic-gate 	krb5_int32	sam_type; /* informational */
5087c478bd9Sstevel@tonic-gate 	krb5_flags	sam_flags; /* KRB5_SAM_* values */
5097c478bd9Sstevel@tonic-gate 	krb5_data	sam_track_id; /* copied */
5107c478bd9Sstevel@tonic-gate 	krb5_enc_data	sam_enc_key; /* krb5_sam_key - future use */
5117c478bd9Sstevel@tonic-gate 	krb5_enc_data	sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */
5127c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
5137c478bd9Sstevel@tonic-gate 	krb5_timestamp	sam_patimestamp;
5147c478bd9Sstevel@tonic-gate } krb5_sam_response;
5157c478bd9Sstevel@tonic-gate 
5167c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2 {
5177c478bd9Sstevel@tonic-gate 	krb5_data	sam_challenge_2_body;
5187c478bd9Sstevel@tonic-gate 	krb5_checksum	**sam_cksum;		/* Array of checksums */
5197c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2;
5207c478bd9Sstevel@tonic-gate 
5217c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2_body {
5227c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
5237c478bd9Sstevel@tonic-gate 	krb5_int32	sam_type; /* information */
5247c478bd9Sstevel@tonic-gate 	krb5_flags	sam_flags; /* KRB5_SAM_* values */
5257c478bd9Sstevel@tonic-gate 	krb5_data	sam_type_name;
5267c478bd9Sstevel@tonic-gate 	krb5_data	sam_track_id;
5277c478bd9Sstevel@tonic-gate 	krb5_data	sam_challenge_label;
5287c478bd9Sstevel@tonic-gate 	krb5_data	sam_challenge;
5297c478bd9Sstevel@tonic-gate 	krb5_data	sam_response_prompt;
5307c478bd9Sstevel@tonic-gate 	krb5_data	sam_pk_for_sad;
5317c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
5327c478bd9Sstevel@tonic-gate 	krb5_enctype	sam_etype;
5337c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2_body;
5347c478bd9Sstevel@tonic-gate 
5357c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response_2 {
5367c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
5377c478bd9Sstevel@tonic-gate 	krb5_int32	sam_type; /* informational */
5387c478bd9Sstevel@tonic-gate 	krb5_flags	sam_flags; /* KRB5_SAM_* values */
5397c478bd9Sstevel@tonic-gate 	krb5_data	sam_track_id; /* copied */
5407c478bd9Sstevel@tonic-gate 	krb5_enc_data	sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */
5417c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
5427c478bd9Sstevel@tonic-gate } krb5_sam_response_2;
5437c478bd9Sstevel@tonic-gate 
5447c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc_2 {
5457c478bd9Sstevel@tonic-gate 	krb5_magic	magic;
5467c478bd9Sstevel@tonic-gate 	krb5_int32	sam_nonce;
5477c478bd9Sstevel@tonic-gate 	krb5_data	sam_sad;
5487c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc_2;
5497c478bd9Sstevel@tonic-gate 
550159d09a2SMark Phalan /*
551159d09a2SMark Phalan  * Keep the pkinit definitions in a separate file so that the plugin
552159d09a2SMark Phalan  * only has to include k5-int-pkinit.h rather than k5-int.h
553159d09a2SMark Phalan  */
554159d09a2SMark Phalan 
555159d09a2SMark Phalan #include "k5-int-pkinit.h"
556159d09a2SMark Phalan 
5577c478bd9Sstevel@tonic-gate /*
5587c478bd9Sstevel@tonic-gate  * Begin "dbm.h"
5597c478bd9Sstevel@tonic-gate  */
5607c478bd9Sstevel@tonic-gate #ifndef _KERNEL
5617c478bd9Sstevel@tonic-gate 
5627c478bd9Sstevel@tonic-gate /*
5637c478bd9Sstevel@tonic-gate  * Since we are always using db, use the db-ndbm include header file.
5647c478bd9Sstevel@tonic-gate  */
5657c478bd9Sstevel@tonic-gate 
5667c478bd9Sstevel@tonic-gate #include "db-ndbm.h"
5677c478bd9Sstevel@tonic-gate 
5687c478bd9Sstevel@tonic-gate #endif /* !KERNEL */
5697c478bd9Sstevel@tonic-gate /*
5707c478bd9Sstevel@tonic-gate  * End "dbm.h"
5717c478bd9Sstevel@tonic-gate  */
5727c478bd9Sstevel@tonic-gate 
5737c478bd9Sstevel@tonic-gate /*
5747c478bd9Sstevel@tonic-gate  * Begin "ext-proto.h"
5757c478bd9Sstevel@tonic-gate  */
5767c478bd9Sstevel@tonic-gate #ifndef KRB5_EXT_PROTO__
5777c478bd9Sstevel@tonic-gate #define KRB5_EXT_PROTO__
5787c478bd9Sstevel@tonic-gate 
5797c478bd9Sstevel@tonic-gate #ifndef _KERNEL
5807c478bd9Sstevel@tonic-gate #include <stdlib.h>
5817c478bd9Sstevel@tonic-gate #include <string.h>
5827c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
5837c478bd9Sstevel@tonic-gate 
5847c478bd9Sstevel@tonic-gate #ifndef HAVE_STRDUP
5857c478bd9Sstevel@tonic-gate extern char *strdup (const char *);
5867c478bd9Sstevel@tonic-gate #endif
5877c478bd9Sstevel@tonic-gate 
5887c478bd9Sstevel@tonic-gate #ifndef _KERNEL
5897c478bd9Sstevel@tonic-gate #ifdef HAVE_UNISTD_H
5907c478bd9Sstevel@tonic-gate #include <unistd.h>
5917c478bd9Sstevel@tonic-gate #endif
5927c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
5937c478bd9Sstevel@tonic-gate 
5947c478bd9Sstevel@tonic-gate #endif /* KRB5_EXT_PROTO__ */
5957c478bd9Sstevel@tonic-gate /*
5967c478bd9Sstevel@tonic-gate  * End "ext-proto.h"
5977c478bd9Sstevel@tonic-gate  */
5987c478bd9Sstevel@tonic-gate 
5997c478bd9Sstevel@tonic-gate /*
6007c478bd9Sstevel@tonic-gate  * Begin "sysincl.h"
6017c478bd9Sstevel@tonic-gate  */
6027c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSINCL__
6037c478bd9Sstevel@tonic-gate #define KRB5_SYSINCL__
6047c478bd9Sstevel@tonic-gate 
6057c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__
6067c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__
6077c478bd9Sstevel@tonic-gate /* needed for much of the rest -- but already handled in krb5.h? */
6087c478bd9Sstevel@tonic-gate /* #include <sys/types.h> */
6097c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */
6107c478bd9Sstevel@tonic-gate 
6117c478bd9Sstevel@tonic-gate #ifdef	_KERNEL
6127c478bd9Sstevel@tonic-gate #include <sys/time.h>
6137c478bd9Sstevel@tonic-gate #else
6147c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TIME_H
6157c478bd9Sstevel@tonic-gate #include <sys/time.h>
6167c478bd9Sstevel@tonic-gate #ifdef TIME_WITH_SYS_TIME
6177c478bd9Sstevel@tonic-gate #include <time.h>
6187c478bd9Sstevel@tonic-gate #endif
6197c478bd9Sstevel@tonic-gate #else
6207c478bd9Sstevel@tonic-gate #include <time.h>
6217c478bd9Sstevel@tonic-gate #endif
6227c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
6237c478bd9Sstevel@tonic-gate 
6247c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_STAT_H
6257c478bd9Sstevel@tonic-gate #include <sys/stat.h>			/* struct stat, stat() */
6267c478bd9Sstevel@tonic-gate #endif
6277c478bd9Sstevel@tonic-gate 
6287c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_PARAM_H
6297c478bd9Sstevel@tonic-gate #include <sys/param.h>			/* MAXPATHLEN */
6307c478bd9Sstevel@tonic-gate #endif
6317c478bd9Sstevel@tonic-gate 
6327c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_FILE_H
6337c478bd9Sstevel@tonic-gate #include <sys/file.h>			/* prototypes for file-related
6347c478bd9Sstevel@tonic-gate 					   syscalls; flags for open &
6357c478bd9Sstevel@tonic-gate 					   friends */
6367c478bd9Sstevel@tonic-gate #endif
6377c478bd9Sstevel@tonic-gate 
6387c478bd9Sstevel@tonic-gate #ifdef _KERNEL
6397c478bd9Sstevel@tonic-gate #include <sys/fcntl.h>
6407c478bd9Sstevel@tonic-gate #else
6417c478bd9Sstevel@tonic-gate #include <fcntl.h>
6427c478bd9Sstevel@tonic-gate #endif
6437c478bd9Sstevel@tonic-gate 
6447c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSINCL__ */
6457c478bd9Sstevel@tonic-gate /*
6467c478bd9Sstevel@tonic-gate  * End "sysincl.h"
6477c478bd9Sstevel@tonic-gate  */
6487c478bd9Sstevel@tonic-gate 
6497c478bd9Sstevel@tonic-gate /*
6507c478bd9Sstevel@tonic-gate  * Begin "los-proto.h"
6517c478bd9Sstevel@tonic-gate  */
6527c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS_PROTO__
6537c478bd9Sstevel@tonic-gate #define KRB5_LIBOS_PROTO__
654159d09a2SMark Phalan #endif
6557c478bd9Sstevel@tonic-gate 
6567c478bd9Sstevel@tonic-gate #ifndef	_KERNEL
6577c478bd9Sstevel@tonic-gate #include <stdio.h>
6587c478bd9Sstevel@tonic-gate 
6597c478bd9Sstevel@tonic-gate struct addrlist;
660159d09a2SMark Phalan struct sendto_callback_info;
6617c478bd9Sstevel@tonic-gate #endif
6627c478bd9Sstevel@tonic-gate 
6637c478bd9Sstevel@tonic-gate /* libos.spec */
664159d09a2SMark Phalan krb5_error_code krb5_lock_file (krb5_context, int, int);
665159d09a2SMark Phalan krb5_error_code krb5_unlock_file (krb5_context, int);
666159d09a2SMark Phalan krb5_error_code krb5_sendto_kdc (krb5_context, const krb5_data *,
667159d09a2SMark Phalan 				 const krb5_data *, krb5_data *, int *, int);
668*5e01956fSGlenn Barry /* Solaris Kerberos */
669*5e01956fSGlenn Barry krb5_error_code krb5_sendto_kdc2 (krb5_context, const krb5_data *,
670*5e01956fSGlenn Barry 				const krb5_data *, krb5_data *, int *, int,
671*5e01956fSGlenn Barry 				char **);
672159d09a2SMark Phalan 
6737c478bd9Sstevel@tonic-gate 
674159d09a2SMark Phalan krb5_error_code krb5_get_krbhst (krb5_context, const krb5_data *, char *** );
675159d09a2SMark Phalan krb5_error_code krb5_free_krbhst (krb5_context, char * const * );
676159d09a2SMark Phalan krb5_error_code krb5_create_secure_file (krb5_context, const char * pathname);
6777c478bd9Sstevel@tonic-gate 
678159d09a2SMark Phalan int krb5_net_read (krb5_context, int , char *, int);
6797c478bd9Sstevel@tonic-gate 
6807c478bd9Sstevel@tonic-gate int krb5_net_write
6817c478bd9Sstevel@tonic-gate 	(krb5_context, int , const char *, int);
6827c478bd9Sstevel@tonic-gate 
6837c478bd9Sstevel@tonic-gate 
6847c478bd9Sstevel@tonic-gate krb5_error_code krb5_gen_replay_name
6857c478bd9Sstevel@tonic-gate     (krb5_context, const krb5_address *, const char *, char **);
6867c478bd9Sstevel@tonic-gate 
6877c478bd9Sstevel@tonic-gate 
6887c478bd9Sstevel@tonic-gate #ifndef	_KERNEL
689159d09a2SMark Phalan 
690159d09a2SMark Phalan krb5_error_code krb5_sync_disk_file (krb5_context, FILE *fp);
6917c478bd9Sstevel@tonic-gate 
6927c478bd9Sstevel@tonic-gate krb5_error_code
6937c478bd9Sstevel@tonic-gate krb5_open_pkcs11_session(CK_SESSION_HANDLE *);
6947c478bd9Sstevel@tonic-gate 
6957c478bd9Sstevel@tonic-gate 
6967c478bd9Sstevel@tonic-gate krb5_error_code krb5_read_message
6977c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_pointer, krb5_data *);
6987c478bd9Sstevel@tonic-gate 
6997c478bd9Sstevel@tonic-gate krb5_error_code krb5_write_message
7007c478bd9Sstevel@tonic-gate 	(krb5_context, krb5_pointer, krb5_data *);
701159d09a2SMark Phalan krb5_error_code krb5int_sendto (krb5_context context, const krb5_data *message,
702159d09a2SMark Phalan                 const struct addrlist *addrs, struct sendto_callback_info* callback_info,
703159d09a2SMark Phalan 				krb5_data *reply, struct sockaddr *localaddr, socklen_t *localaddrlen,
704159d09a2SMark Phalan                 struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, int *addr_used,
705159d09a2SMark Phalan 		int (*msg_handler)(krb5_context, const krb5_data *, void *),
706159d09a2SMark Phalan 		void *msg_handler_data);
70754925bf6Swillf 
7087c478bd9Sstevel@tonic-gate krb5_error_code krb5int_get_fq_local_hostname (char *, size_t);
709ba7b222eSGlenn Barry 
710ba7b222eSGlenn Barry krb5_error_code krb5_set_debugging_time
711ba7b222eSGlenn Barry         (krb5_context, krb5_timestamp, krb5_int32);
712ba7b222eSGlenn Barry krb5_error_code krb5_use_natural_time
713ba7b222eSGlenn Barry         (krb5_context);
714ba7b222eSGlenn Barry krb5_error_code krb5_set_time_offsets
715ba7b222eSGlenn Barry         (krb5_context, krb5_timestamp, krb5_int32);
716ba7b222eSGlenn Barry krb5_error_code krb5int_check_clockskew(krb5_context, krb5_timestamp);
71754925bf6Swillf #endif
7187c478bd9Sstevel@tonic-gate 
719fe598cdcSmp /*
720fe598cdcSmp  * Solaris Kerberos
721fe598cdcSmp  * The following two functions are needed for better realm
722fe598cdcSmp  * determination based on the DNS domain name.
723fe598cdcSmp  */
724fe598cdcSmp krb5_error_code krb5int_lookup_host(int , const char *, char **);
725fe598cdcSmp 
726fe598cdcSmp krb5_error_code krb5int_domain_get_realm(krb5_context, const char *,
727fe598cdcSmp     char **);
728fe598cdcSmp krb5_error_code krb5int_fqdn_get_realm(krb5_context, const char *,
729fe598cdcSmp     char **);
730fe598cdcSmp 
73154925bf6Swillf krb5_error_code krb5int_init_context_kdc(krb5_context *);
73254925bf6Swillf 
733159d09a2SMark Phalan krb5_error_code krb5_os_init_context (krb5_context, krb5_boolean);
7347c478bd9Sstevel@tonic-gate 
7357c478bd9Sstevel@tonic-gate void krb5_os_free_context (krb5_context);
7367c478bd9Sstevel@tonic-gate 
737159d09a2SMark Phalan /* This function is needed by KfM's KerberosPreferences API
738159d09a2SMark Phalan  * because it needs to be able to specify "secure" */
739505d05c7Sgtb #ifndef _KERNEL
740159d09a2SMark Phalan krb5_error_code os_get_default_config_files
741159d09a2SMark Phalan     (profile_filespec_t **pfiles, krb5_boolean secure);
742505d05c7Sgtb #endif
743505d05c7Sgtb 
744159d09a2SMark Phalan krb5_error_code krb5_os_hostaddr
745159d09a2SMark Phalan 	(krb5_context, const char *, krb5_address ***);
746505d05c7Sgtb 
7477c478bd9Sstevel@tonic-gate #ifndef _KERNEL
7487c478bd9Sstevel@tonic-gate /* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're
749159d09a2SMark Phalan    going to use this structure.  */
7507c478bd9Sstevel@tonic-gate struct addrlist {
751159d09a2SMark Phalan     struct {
752159d09a2SMark Phalan #ifdef FAI_DEFINED
753159d09a2SMark Phalan 	struct addrinfo *ai;
754159d09a2SMark Phalan #else
755159d09a2SMark Phalan 	struct undefined_addrinfo *ai;
756159d09a2SMark Phalan #endif
757159d09a2SMark Phalan 	void (*freefn)(void *);
758159d09a2SMark Phalan 	void *data;
759159d09a2SMark Phalan     } *addrs;
760159d09a2SMark Phalan     int naddrs;
761159d09a2SMark Phalan     int space;
7627c478bd9Sstevel@tonic-gate };
763159d09a2SMark Phalan #define ADDRLIST_INIT { 0, 0, 0 }
7647c478bd9Sstevel@tonic-gate extern void krb5int_free_addrlist (struct addrlist *);
7657c478bd9Sstevel@tonic-gate extern int krb5int_grow_addrlist (struct addrlist *, int);
7667c478bd9Sstevel@tonic-gate extern int krb5int_add_host_to_list (struct addrlist *, const char *,
767159d09a2SMark Phalan 				     int, int, int, int);
7687c478bd9Sstevel@tonic-gate 
769159d09a2SMark Phalan #include <locate_plugin.h>
77010db1377Sgtb krb5_error_code
771159d09a2SMark Phalan krb5int_locate_server (krb5_context, const krb5_data *realm,
772159d09a2SMark Phalan 		       struct addrlist *, enum locate_service_type svc,
773159d09a2SMark Phalan 		       int sockettype, int family);
77410db1377Sgtb 
7757c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
7767c478bd9Sstevel@tonic-gate 
7777c478bd9Sstevel@tonic-gate /* new encryption provider api */
7787c478bd9Sstevel@tonic-gate 
7797c478bd9Sstevel@tonic-gate struct krb5_enc_provider {
780159d09a2SMark Phalan     /* keybytes is the input size to make_key;
7817c478bd9Sstevel@tonic-gate        keylength is the output size */
782505d05c7Sgtb     size_t block_size, keybytes, keylength;
7837c478bd9Sstevel@tonic-gate 
784