17c478bd9Sstevel@tonic-gate /* 2*5e01956fSGlenn Barry * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 37c478bd9Sstevel@tonic-gate */ 47c478bd9Sstevel@tonic-gate /* 5fe598cdcSmp * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006 by the Massachusetts Institute of Technology, 67c478bd9Sstevel@tonic-gate * Cambridge, MA, USA. All Rights Reserved. 7159d09a2SMark Phalan * 8159d09a2SMark Phalan * This software is being provided to you, the LICENSEE, by the 9159d09a2SMark Phalan * Massachusetts Institute of Technology (M.I.T.) under the following 10159d09a2SMark Phalan * license. By obtaining, using and/or copying this software, you agree 11159d09a2SMark Phalan * that you have read, understood, and will comply with these terms and 12159d09a2SMark Phalan * conditions: 13159d09a2SMark Phalan * 147c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 157c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 167c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 177c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 18159d09a2SMark Phalan * 19159d09a2SMark Phalan * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 20159d09a2SMark Phalan * this software and its documentation for any purpose and without fee or 21159d09a2SMark Phalan * royalty is hereby granted, provided that you agree to comply with the 22159d09a2SMark Phalan * following copyright notice and statements, including the disclaimer, and 23159d09a2SMark Phalan * that the same appear on ALL copies of the software and documentation, 24159d09a2SMark Phalan * including modifications that you make for internal use or for 257c478bd9Sstevel@tonic-gate * distribution: 26159d09a2SMark Phalan * 27159d09a2SMark Phalan * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 28159d09a2SMark Phalan * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not 29159d09a2SMark Phalan * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 30159d09a2SMark Phalan * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 31159d09a2SMark Phalan * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 32159d09a2SMark Phalan * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. 33159d09a2SMark Phalan * 34159d09a2SMark Phalan * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 35159d09a2SMark Phalan * be used in advertising or publicity pertaining to distribution of the 36159d09a2SMark Phalan * software. Title to copyright in this software and any associated 37159d09a2SMark Phalan * documentation shall at all times remain with M.I.T., and USER agrees to 387c478bd9Sstevel@tonic-gate * preserve same. 39fe598cdcSmp * 40fe598cdcSmp * Furthermore if you modify this software you must label 41fe598cdcSmp * your software as modified software and not distribute it in such a 42fe598cdcSmp * fashion that it might be confused with the original M.I.T. software. 43ab9b2e15Sgtb */ 44159d09a2SMark Phalan 457c478bd9Sstevel@tonic-gate /* 467c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC. 47159d09a2SMark Phalan * 487c478bd9Sstevel@tonic-gate * All rights reserved. 49159d09a2SMark Phalan * 507c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require 517c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the 527c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to 537c478bd9Sstevel@tonic-gate * obtain such a license before exporting. 54159d09a2SMark Phalan * 557c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 567c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 577c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 587c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 597c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 607c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining 617c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 627c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of 637c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 647c478bd9Sstevel@tonic-gate * or implied warranty. 65159d09a2SMark Phalan * 667c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 677c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 687c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 697c478bd9Sstevel@tonic-gate */ 707c478bd9Sstevel@tonic-gate 717c478bd9Sstevel@tonic-gate /* 727c478bd9Sstevel@tonic-gate * This prototype for k5-int.h (Krb5 internals include file) 737c478bd9Sstevel@tonic-gate * includes the user-visible definitions from krb5.h and then 747c478bd9Sstevel@tonic-gate * includes other definitions that are not user-visible but are 757c478bd9Sstevel@tonic-gate * required for compiling Kerberos internal routines. 767c478bd9Sstevel@tonic-gate * 777c478bd9Sstevel@tonic-gate * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995 787c478bd9Sstevel@tonic-gate */ 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate #ifndef _KRB5_INT_H 817c478bd9Sstevel@tonic-gate #define _KRB5_INT_H 827c478bd9Sstevel@tonic-gate 83159d09a2SMark Phalan #ifdef KRB5_GENERAL__ 84159d09a2SMark Phalan #error krb5.h included before k5-int.h 85159d09a2SMark Phalan #endif /* KRB5_GENERAL__ */ 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate #ifndef _KERNEL 887c478bd9Sstevel@tonic-gate #include <osconf.h> 897c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 907c478bd9Sstevel@tonic-gate #else 917c478bd9Sstevel@tonic-gate #include <sys/crypto/common.h> 927c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h> 937c478bd9Sstevel@tonic-gate #endif 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate #ifdef DEBUG 967c478bd9Sstevel@tonic-gate #if !defined(KRB5_DEBUG) 977c478bd9Sstevel@tonic-gate #define KRB5_DEBUG 987c478bd9Sstevel@tonic-gate #endif 997c478bd9Sstevel@tonic-gate #ifndef KRB5_LOG_LVL 1007c478bd9Sstevel@tonic-gate #define KRB5_LOG_LVL KRB5_ERR 1017c478bd9Sstevel@tonic-gate #endif 1027c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 1037c478bd9Sstevel@tonic-gate 1047c478bd9Sstevel@tonic-gate #ifdef _KERNEL 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate #ifdef DEBUG 1077c478bd9Sstevel@tonic-gate #include <sys/types.h> 1087c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h> 1097c478bd9Sstevel@tonic-gate extern void prom_printf(); 1107c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate #define prom_printf printf 1157c478bd9Sstevel@tonic-gate 1167c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate #ifdef KRB5_LOG_LVL 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate /* krb5_log is used to set the logging level to determine what class of messages 1217c478bd9Sstevel@tonic-gate * are output by the mech. Note, more than one logging level can be used by 1227c478bd9Sstevel@tonic-gate * bit or'ing the log values together. 1237c478bd9Sstevel@tonic-gate * 1247c478bd9Sstevel@tonic-gate * All log messages are captured by syslog. 1257c478bd9Sstevel@tonic-gate */ 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate extern unsigned int krb5_log; 1287c478bd9Sstevel@tonic-gate 1297c478bd9Sstevel@tonic-gate /* Note, these defines should be mutually exclusive bit fields */ 1307c478bd9Sstevel@tonic-gate #define KRB5_ERR 1 /* Use this debug log level for error path logging. */ 1317c478bd9Sstevel@tonic-gate #define KRB5_INFO 2 /* Use this debug log level for informational messages. */ 1327c478bd9Sstevel@tonic-gate 1337c478bd9Sstevel@tonic-gate #ifdef _KERNEL 1347c478bd9Sstevel@tonic-gate 1357c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \ 1367c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C), (D)), TRUE))) 1377c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \ 1387c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C)), TRUE))) 1397c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \ 1407c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && (printf((B)), TRUE))) 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate #include <syslog.h> 1457c478bd9Sstevel@tonic-gate 1467c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) \ 1477c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1487c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C), (D)), TRUE))) 1497c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) \ 1507c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1517c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, (B), (C)), TRUE))) 1527c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) \ 1537c478bd9Sstevel@tonic-gate ((void)((krb5_log) && (krb5_log & (A)) && \ 1547c478bd9Sstevel@tonic-gate (syslog(LOG_DEBUG, B), TRUE))) 1557c478bd9Sstevel@tonic-gate 1567c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 1577c478bd9Sstevel@tonic-gate 1587c478bd9Sstevel@tonic-gate #else /* ! KRB5_LOG_LVL */ 1597c478bd9Sstevel@tonic-gate 1607c478bd9Sstevel@tonic-gate #define KRB5_LOG1(A, B, C, D) 1617c478bd9Sstevel@tonic-gate #define KRB5_LOG(A, B, C) 1627c478bd9Sstevel@tonic-gate #define KRB5_LOG0(A, B) 1637c478bd9Sstevel@tonic-gate 1647c478bd9Sstevel@tonic-gate #endif /* KRB5_LOG_LVL */ 1657c478bd9Sstevel@tonic-gate 1667c478bd9Sstevel@tonic-gate #ifdef POSIX_TYPES 1677c478bd9Sstevel@tonic-gate #define timetype time_t 1687c478bd9Sstevel@tonic-gate #else 1697c478bd9Sstevel@tonic-gate #define timetype long 1707c478bd9Sstevel@tonic-gate #endif 1717c478bd9Sstevel@tonic-gate 1727c478bd9Sstevel@tonic-gate /* 1737c478bd9Sstevel@tonic-gate * Begin "k5-config.h" 1747c478bd9Sstevel@tonic-gate */ 1757c478bd9Sstevel@tonic-gate #ifndef KRB5_CONFIG__ 1767c478bd9Sstevel@tonic-gate #define KRB5_CONFIG__ 1777c478bd9Sstevel@tonic-gate 178159d09a2SMark Phalan /* 179159d09a2SMark Phalan * Machine-type definitions: PC Clone 386 running Microloss Windows 1807c478bd9Sstevel@tonic-gate */ 1817c478bd9Sstevel@tonic-gate 182159d09a2SMark Phalan #if defined(_MSDOS) || defined(_WIN32) 1837c478bd9Sstevel@tonic-gate #include "win-mac.h" 1847c478bd9Sstevel@tonic-gate 1857c478bd9Sstevel@tonic-gate /* Kerberos Windows initialization file */ 186159d09a2SMark Phalan #define KERBEROS_INI "kerberos.ini" 187159d09a2SMark Phalan #define INI_FILES "Files" 188159d09a2SMark Phalan #define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */ 189159d09a2SMark Phalan #define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */ 1907c478bd9Sstevel@tonic-gate #define ANSI_STDIO 1917c478bd9Sstevel@tonic-gate #endif 1927c478bd9Sstevel@tonic-gate 1937c478bd9Sstevel@tonic-gate #ifndef _KERNEL 1947c478bd9Sstevel@tonic-gate #ifndef KRB5_AUTOCONF__ 1957c478bd9Sstevel@tonic-gate #define KRB5_AUTOCONF__ 196159d09a2SMark Phalan #include "autoconf.h" 1977c478bd9Sstevel@tonic-gate #endif 1987c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 1997c478bd9Sstevel@tonic-gate 2007c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__ 2017c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__ 2027c478bd9Sstevel@tonic-gate 203159d09a2SMark Phalan #ifndef _KERNEL 2047c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TYPES_H /* From autoconf.h */ 2057c478bd9Sstevel@tonic-gate #include <sys/types.h> 2067c478bd9Sstevel@tonic-gate #else /* HAVE_SYS_TYPES_H */ 207159d09a2SMark Phalan typedef unsigned long u_long; 208159d09a2SMark Phalan typedef unsigned int u_int; 209159d09a2SMark Phalan typedef unsigned short u_short; 210159d09a2SMark Phalan typedef unsigned char u_char; 2117c478bd9Sstevel@tonic-gate #endif /* HAVE_SYS_TYPES_H */ 2127c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */ 213159d09a2SMark Phalan #endif /* !_KERNEL */ 214159d09a2SMark Phalan 2157c478bd9Sstevel@tonic-gate 216505d05c7Sgtb /* #include "k5-platform.h" SUNW XXX */ 217505d05c7Sgtb /* not used in krb5.h (yet) */ 2187c478bd9Sstevel@tonic-gate typedef uint64_t krb5_ui_8; 2197c478bd9Sstevel@tonic-gate typedef int64_t krb5_int64; 2207c478bd9Sstevel@tonic-gate 221159d09a2SMark Phalan 222159d09a2SMark Phalan 2237c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING1 "Enter password:" 2247c478bd9Sstevel@tonic-gate #define DEFAULT_PWD_STRING2 "Re-enter password for verification:" 2257c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ 2267c478bd9Sstevel@tonic-gate #define KRB5_KDB_MAX_RLIFE (60*60*24*365) /* one year */ 2277c478bd9Sstevel@tonic-gate #define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */ 2287c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */ 2297c478bd9Sstevel@tonic-gate #define KRB5_DEFAULT_RENEW_LIFE 7*24*60*60 /* 7 Days */ 2307c478bd9Sstevel@tonic-gate 231159d09a2SMark Phalan /* 2327c478bd9Sstevel@tonic-gate * Windows requires a different api interface to each function. Here 2337c478bd9Sstevel@tonic-gate * just define it as NULL. 2347c478bd9Sstevel@tonic-gate */ 2357c478bd9Sstevel@tonic-gate #ifndef KRB5_CALLCONV 2367c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV 2377c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV_C 2387c478bd9Sstevel@tonic-gate #endif 2397c478bd9Sstevel@tonic-gate #ifndef O_BINARY 2407c478bd9Sstevel@tonic-gate #define O_BINARY 0 2417c478bd9Sstevel@tonic-gate #endif 2427c478bd9Sstevel@tonic-gate 2437c478bd9Sstevel@tonic-gate #endif /* KRB5_CONFIG__ */ 2447c478bd9Sstevel@tonic-gate 2457c478bd9Sstevel@tonic-gate /* 2467c478bd9Sstevel@tonic-gate * End "k5-config.h" 2477c478bd9Sstevel@tonic-gate */ 2487c478bd9Sstevel@tonic-gate 2497c478bd9Sstevel@tonic-gate /* 2507c478bd9Sstevel@tonic-gate * After loading the configuration definitions, load the Kerberos definitions. 2517c478bd9Sstevel@tonic-gate */ 252505d05c7Sgtb #ifndef _KERNEL 253505d05c7Sgtb #include <errno.h> 254505d05c7Sgtb #include "profile.h" 255505d05c7Sgtb #endif 256505d05c7Sgtb 2577c478bd9Sstevel@tonic-gate #include <krb5.h> 2587c478bd9Sstevel@tonic-gate 2597c478bd9Sstevel@tonic-gate #ifndef _KERNEL 260505d05c7Sgtb #if 1 /* def NEED_SOCKETS */ 2617c478bd9Sstevel@tonic-gate #include <port-sockets.h> 2627c478bd9Sstevel@tonic-gate #include <socket-utils.h> 2637c478bd9Sstevel@tonic-gate #else 2647c478bd9Sstevel@tonic-gate #ifndef SOCK_DGRAM 2657c478bd9Sstevel@tonic-gate struct sockaddr; 2667c478bd9Sstevel@tonic-gate #endif 2677c478bd9Sstevel@tonic-gate #endif 2687c478bd9Sstevel@tonic-gate #endif 2697c478bd9Sstevel@tonic-gate 270505d05c7Sgtb /* Get mutex support; currently used only for the replay cache. */ 271505d05c7Sgtb #include "k5-thread.h" 272505d05c7Sgtb 273505d05c7Sgtb 2747c478bd9Sstevel@tonic-gate /* krb5/krb5.h includes many other .h files in the krb5 subdirectory. 2757c478bd9Sstevel@tonic-gate The ones that it doesn't include, we include below. */ 2767c478bd9Sstevel@tonic-gate 2777c478bd9Sstevel@tonic-gate /* 2787c478bd9Sstevel@tonic-gate * Begin "k5-errors.h" 2797c478bd9Sstevel@tonic-gate */ 2807c478bd9Sstevel@tonic-gate #ifndef KRB5_ERRORS__ 2817c478bd9Sstevel@tonic-gate #define KRB5_ERRORS__ 2827c478bd9Sstevel@tonic-gate 2837c478bd9Sstevel@tonic-gate 2847c478bd9Sstevel@tonic-gate /* Error codes used in KRB_ERROR protocol messages. 2857c478bd9Sstevel@tonic-gate Return values of library routines are based on a different error table 2867c478bd9Sstevel@tonic-gate (which allows non-ambiguous error codes between subsystems) */ 2877c478bd9Sstevel@tonic-gate 2887c478bd9Sstevel@tonic-gate /* KDC errors */ 2897c478bd9Sstevel@tonic-gate #define KDC_ERR_NONE 0 /* No error */ 2907c478bd9Sstevel@tonic-gate #define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */ 2917c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */ 2927c478bd9Sstevel@tonic-gate #define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */ 2937c478bd9Sstevel@tonic-gate #define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */ 2947c478bd9Sstevel@tonic-gate #define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */ 2957c478bd9Sstevel@tonic-gate #define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */ 2967c478bd9Sstevel@tonic-gate #define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */ 2977c478bd9Sstevel@tonic-gate #define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */ 2987c478bd9Sstevel@tonic-gate #define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */ 2997c478bd9Sstevel@tonic-gate #define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */ 3007c478bd9Sstevel@tonic-gate #define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */ 3017c478bd9Sstevel@tonic-gate #define KDC_ERR_POLICY 12 /* KDC policy rejects request */ 3027c478bd9Sstevel@tonic-gate #define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */ 3037c478bd9Sstevel@tonic-gate #define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */ 3047c478bd9Sstevel@tonic-gate #define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */ 3057c478bd9Sstevel@tonic-gate #define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */ 3067c478bd9Sstevel@tonic-gate #define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */ 3077c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */ 3087c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */ 3097c478bd9Sstevel@tonic-gate #define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */ 3107c478bd9Sstevel@tonic-gate #define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */ 3117c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */ 3127c478bd9Sstevel@tonic-gate #define KDC_ERR_KEY_EXP 23 /* Password has expired */ 3137c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */ 3147c478bd9Sstevel@tonic-gate #define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */ 3157c478bd9Sstevel@tonic-gate /* required */ 3167c478bd9Sstevel@tonic-gate #define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */ 3177c478bd9Sstevel@tonic-gate /* ticket don't match*/ 318*5e01956fSGlenn Barry #define KDC_ERR_MUST_USE_USER2USER 27 /* Server principal valid for */ 319*5e01956fSGlenn Barry /* user2user only */ 320*5e01956fSGlenn Barry #define KDC_ERR_PATH_NOT_ACCEPTED 28 /* KDC policy rejected transited */ 321*5e01956fSGlenn Barry /* path */ 322159d09a2SMark Phalan #define KDC_ERR_SVC_UNAVAILABLE 29 /* A service is not 323159d09a2SMark Phalan * available that is 324159d09a2SMark Phalan * required to process the 325159d09a2SMark Phalan * request */ 3267c478bd9Sstevel@tonic-gate /* Application errors */ 3277c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */ 3287c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */ 3297c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */ 3307c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_REPEAT 34 /* Request is a replay */ 3317c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */ 3327c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */ 3337c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_SKEW 37 /* Clock skew too great */ 3347c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */ 3357c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */ 3367c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */ 3377c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */ 3387c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADORDER 42 /* Message out of order */ 3397c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */ 3407c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_NOKEY 45 /* Service key not available */ 3417c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */ 3427c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */ 3437c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_METHOD 48 /* Alternative authentication */ 3447c478bd9Sstevel@tonic-gate /* method required */ 3457c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */ 3467c478bd9Sstevel@tonic-gate /* in message */ 3477c478bd9Sstevel@tonic-gate #define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */ 3487c478bd9Sstevel@tonic-gate /* checksum in message */ 349159d09a2SMark Phalan #define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */ 350159d09a2SMark Phalan #define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */ 351159d09a2SMark Phalan /* retry with TCP */ 3527c478bd9Sstevel@tonic-gate 3537c478bd9Sstevel@tonic-gate /* other errors */ 3547c478bd9Sstevel@tonic-gate #define KRB_ERR_GENERIC 60 /* Generic error (description */ 3557c478bd9Sstevel@tonic-gate /* in e-text) */ 3567c478bd9Sstevel@tonic-gate #define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */ 3577c478bd9Sstevel@tonic-gate 358159d09a2SMark Phalan /* PKINIT server-reported errors */ 359159d09a2SMark Phalan #define KDC_ERR_CLIENT_NOT_TRUSTED 62 /* client cert not trusted */ 360159d09a2SMark Phalan #define KDC_ERR_INVALID_SIG 64 /* client signature verify failed */ 361159d09a2SMark Phalan #define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED 65 /* invalid Diffie-Hellman parameters */ 362*5e01956fSGlenn Barry #define KDC_ERR_CERTIFICATE_MISMATCH 66 363*5e01956fSGlenn Barry #define KRB_AP_ERR_NO_TGT 67 364*5e01956fSGlenn Barry #define KDC_ERR_WRONG_REALM 68 365*5e01956fSGlenn Barry #define KRB_AP_ERR_USER_TO_USER_REQUIRED 69 366*5e01956fSGlenn Barry #define KDC_ERR_CANT_VERIFY_CERTIFICATE 70 /* client cert not verifiable 367*5e01956fSGlenn Barry to */ 368159d09a2SMark Phalan /* trusted root cert */ 369159d09a2SMark Phalan #define KDC_ERR_INVALID_CERTIFICATE 71 /* client cert had invalid signature */ 370159d09a2SMark Phalan #define KDC_ERR_REVOKED_CERTIFICATE 72 /* client cert was revoked */ 371159d09a2SMark Phalan #define KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 /* client cert revoked, reason unknown */ 372159d09a2SMark Phalan #define KDC_ERR_CLIENT_NAME_MISMATCH 75 /* mismatch between client cert and */ 373159d09a2SMark Phalan /* principal name */ 374159d09a2SMark Phalan #define KDC_ERR_INCONSISTENT_KEY_PURPOSE 77 /* bad extended key use */ 375159d09a2SMark Phalan #define KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED 78 /* bad digest algorithm in client cert */ 376159d09a2SMark Phalan #define KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED 79 /* missing paChecksum in PA-PK-AS-REQ */ 377159d09a2SMark Phalan #define KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED 80 /* bad digest algorithm in SignedData */ 378159d09a2SMark Phalan #define KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED 81 379159d09a2SMark Phalan 3807c478bd9Sstevel@tonic-gate #endif /* KRB5_ERRORS__ */ 3817c478bd9Sstevel@tonic-gate /* 3827c478bd9Sstevel@tonic-gate * End "k5-errors.h" 3837c478bd9Sstevel@tonic-gate */ 3847c478bd9Sstevel@tonic-gate 3857c478bd9Sstevel@tonic-gate /* 3867c478bd9Sstevel@tonic-gate * This structure is returned in the e-data field of the KRB-ERROR 3877c478bd9Sstevel@tonic-gate * message when the error calling for an alternative form of 3887c478bd9Sstevel@tonic-gate * authentication is returned, KRB_AP_METHOD. 3897c478bd9Sstevel@tonic-gate */ 3907c478bd9Sstevel@tonic-gate typedef struct _krb5_alt_method { 3917c478bd9Sstevel@tonic-gate krb5_magic magic; 3927c478bd9Sstevel@tonic-gate krb5_int32 method; 3937c478bd9Sstevel@tonic-gate unsigned int length; 3947c478bd9Sstevel@tonic-gate krb5_octet *data; 3957c478bd9Sstevel@tonic-gate } krb5_alt_method; 3967c478bd9Sstevel@tonic-gate 3977c478bd9Sstevel@tonic-gate /* 3987c478bd9Sstevel@tonic-gate * A null-terminated array of this structure is returned by the KDC as 3997c478bd9Sstevel@tonic-gate * the data part of the ETYPE_INFO preauth type. It informs the 4007c478bd9Sstevel@tonic-gate * client which encryption types are supported. 401159d09a2SMark Phalan * The same data structure is used by both etype-info and etype-info2 4027c478bd9Sstevel@tonic-gate * but s2kparams must be null when encoding etype-info. 4037c478bd9Sstevel@tonic-gate */ 4047c478bd9Sstevel@tonic-gate typedef struct _krb5_etype_info_entry { 4057c478bd9Sstevel@tonic-gate krb5_magic magic; 4067c478bd9Sstevel@tonic-gate krb5_enctype etype; 4077c478bd9Sstevel@tonic-gate unsigned int length; 4087c478bd9Sstevel@tonic-gate krb5_octet *salt; 409159d09a2SMark Phalan krb5_data s2kparams; 4107c478bd9Sstevel@tonic-gate } krb5_etype_info_entry; 4117c478bd9Sstevel@tonic-gate 412159d09a2SMark Phalan /* 4137c478bd9Sstevel@tonic-gate * This is essentially -1 without sign extension which can screw up 4147c478bd9Sstevel@tonic-gate * comparisons on 64 bit machines. If the length is this value, then 4157c478bd9Sstevel@tonic-gate * the salt data is not present. This is to distinguish between not 416159d09a2SMark Phalan * being set and being of 0 length. 4177c478bd9Sstevel@tonic-gate */ 4187c478bd9Sstevel@tonic-gate #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS 4197c478bd9Sstevel@tonic-gate 4207c478bd9Sstevel@tonic-gate typedef krb5_etype_info_entry ** krb5_etype_info; 4217c478bd9Sstevel@tonic-gate 422ba7b222eSGlenn Barry /* RFC 4537 */ 423ba7b222eSGlenn Barry typedef struct _krb5_etype_list { 424ba7b222eSGlenn Barry int length; 425ba7b222eSGlenn Barry krb5_enctype *etypes; 426ba7b222eSGlenn Barry } krb5_etype_list; 427ba7b222eSGlenn Barry 4287c478bd9Sstevel@tonic-gate /* 429159d09a2SMark Phalan * a sam_challenge is returned for alternate preauth 4307c478bd9Sstevel@tonic-gate */ 4317c478bd9Sstevel@tonic-gate /* 4327c478bd9Sstevel@tonic-gate SAMFlags ::= BIT STRING { 4337c478bd9Sstevel@tonic-gate use-sad-as-key[0], 4347c478bd9Sstevel@tonic-gate send-encrypted-sad[1], 4357c478bd9Sstevel@tonic-gate must-pk-encrypt-sad[2] 4367c478bd9Sstevel@tonic-gate } 4377c478bd9Sstevel@tonic-gate */ 4387c478bd9Sstevel@tonic-gate /* 4397c478bd9Sstevel@tonic-gate PA-SAM-CHALLENGE ::= SEQUENCE { 4407c478bd9Sstevel@tonic-gate sam-type[0] INTEGER, 4417c478bd9Sstevel@tonic-gate sam-flags[1] SAMFlags, 4427c478bd9Sstevel@tonic-gate sam-type-name[2] GeneralString OPTIONAL, 4437c478bd9Sstevel@tonic-gate sam-track-id[3] GeneralString OPTIONAL, 4447c478bd9Sstevel@tonic-gate sam-challenge-label[4] GeneralString OPTIONAL, 4457c478bd9Sstevel@tonic-gate sam-challenge[5] GeneralString OPTIONAL, 4467c478bd9Sstevel@tonic-gate sam-response-prompt[6] GeneralString OPTIONAL, 4477c478bd9Sstevel@tonic-gate sam-pk-for-sad[7] EncryptionKey OPTIONAL, 4487c478bd9Sstevel@tonic-gate sam-nonce[8] INTEGER OPTIONAL, 4497c478bd9Sstevel@tonic-gate sam-cksum[9] Checksum OPTIONAL 4507c478bd9Sstevel@tonic-gate } 4517c478bd9Sstevel@tonic-gate */ 4527c478bd9Sstevel@tonic-gate /* sam_type values -- informational only */ 4537c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ENIGMA 1 /* Enigma Logic */ 4547c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH 2 /* Digital Pathways */ 4557c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY_K0 3 /* S/key where KDC has key 0 */ 4567c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SKEY 4 /* Traditional S/Key */ 4577c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID 5 /* Security Dynamics */ 4587c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_CRYPTOCARD 6 /* CRYPTOCard */ 4597c478bd9Sstevel@tonic-gate #if 1 /* XXX need to figure out who has which numbers assigned */ 4607c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_DEC 6 /* ActivCard decimal mode */ 4617c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_ACTIVCARD_HEX 7 /* ActivCard hex mode */ 4627c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_DIGI_PATH_HEX 8 /* Digital Pathways hex mode */ 4637c478bd9Sstevel@tonic-gate #endif 4647c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_EXP_BASE 128 /* experimental */ 4657c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */ 4667c478bd9Sstevel@tonic-gate #define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */ 4677c478bd9Sstevel@tonic-gate 4687c478bd9Sstevel@tonic-gate typedef struct _krb5_predicted_sam_response { 4697c478bd9Sstevel@tonic-gate krb5_magic magic; 4707c478bd9Sstevel@tonic-gate krb5_keyblock sam_key; 471159d09a2SMark Phalan krb5_flags sam_flags; /* Makes key munging easier */ 472159d09a2SMark Phalan krb5_timestamp stime; /* time on server, for replay detection */ 473159d09a2SMark Phalan krb5_int32 susec; 474159d09a2SMark Phalan krb5_principal client; 475159d09a2SMark Phalan krb5_data msd; /* mechanism specific data */ 4767c478bd9Sstevel@tonic-gate } krb5_predicted_sam_response; 4777c478bd9Sstevel@tonic-gate 4787c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge { 4797c478bd9Sstevel@tonic-gate krb5_magic magic; 4807c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */ 4817c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 4827c478bd9Sstevel@tonic-gate krb5_data sam_type_name; 4837c478bd9Sstevel@tonic-gate krb5_data sam_track_id; 4847c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label; 4857c478bd9Sstevel@tonic-gate krb5_data sam_challenge; 4867c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt; 4877c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad; 4887c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 4897c478bd9Sstevel@tonic-gate krb5_checksum sam_cksum; 4907c478bd9Sstevel@tonic-gate } krb5_sam_challenge; 4917c478bd9Sstevel@tonic-gate 4927c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_key { /* reserved for future use */ 4937c478bd9Sstevel@tonic-gate krb5_magic magic; 4947c478bd9Sstevel@tonic-gate krb5_keyblock sam_key; 4957c478bd9Sstevel@tonic-gate } krb5_sam_key; 4967c478bd9Sstevel@tonic-gate 4977c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc { 4987c478bd9Sstevel@tonic-gate krb5_magic magic; 4997c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5007c478bd9Sstevel@tonic-gate krb5_timestamp sam_timestamp; 5017c478bd9Sstevel@tonic-gate krb5_int32 sam_usec; 5027c478bd9Sstevel@tonic-gate krb5_data sam_sad; 5037c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc; 5047c478bd9Sstevel@tonic-gate 5057c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response { 5067c478bd9Sstevel@tonic-gate krb5_magic magic; 5077c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */ 5087c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 5097c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */ 5107c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */ 5117c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */ 5127c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5137c478bd9Sstevel@tonic-gate krb5_timestamp sam_patimestamp; 5147c478bd9Sstevel@tonic-gate } krb5_sam_response; 5157c478bd9Sstevel@tonic-gate 5167c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2 { 5177c478bd9Sstevel@tonic-gate krb5_data sam_challenge_2_body; 5187c478bd9Sstevel@tonic-gate krb5_checksum **sam_cksum; /* Array of checksums */ 5197c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2; 5207c478bd9Sstevel@tonic-gate 5217c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_challenge_2_body { 5227c478bd9Sstevel@tonic-gate krb5_magic magic; 5237c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* information */ 5247c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 5257c478bd9Sstevel@tonic-gate krb5_data sam_type_name; 5267c478bd9Sstevel@tonic-gate krb5_data sam_track_id; 5277c478bd9Sstevel@tonic-gate krb5_data sam_challenge_label; 5287c478bd9Sstevel@tonic-gate krb5_data sam_challenge; 5297c478bd9Sstevel@tonic-gate krb5_data sam_response_prompt; 5307c478bd9Sstevel@tonic-gate krb5_data sam_pk_for_sad; 5317c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5327c478bd9Sstevel@tonic-gate krb5_enctype sam_etype; 5337c478bd9Sstevel@tonic-gate } krb5_sam_challenge_2_body; 5347c478bd9Sstevel@tonic-gate 5357c478bd9Sstevel@tonic-gate typedef struct _krb5_sam_response_2 { 5367c478bd9Sstevel@tonic-gate krb5_magic magic; 5377c478bd9Sstevel@tonic-gate krb5_int32 sam_type; /* informational */ 5387c478bd9Sstevel@tonic-gate krb5_flags sam_flags; /* KRB5_SAM_* values */ 5397c478bd9Sstevel@tonic-gate krb5_data sam_track_id; /* copied */ 5407c478bd9Sstevel@tonic-gate krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */ 5417c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5427c478bd9Sstevel@tonic-gate } krb5_sam_response_2; 5437c478bd9Sstevel@tonic-gate 5447c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_sam_response_enc_2 { 5457c478bd9Sstevel@tonic-gate krb5_magic magic; 5467c478bd9Sstevel@tonic-gate krb5_int32 sam_nonce; 5477c478bd9Sstevel@tonic-gate krb5_data sam_sad; 5487c478bd9Sstevel@tonic-gate } krb5_enc_sam_response_enc_2; 5497c478bd9Sstevel@tonic-gate 550159d09a2SMark Phalan /* 551159d09a2SMark Phalan * Keep the pkinit definitions in a separate file so that the plugin 552159d09a2SMark Phalan * only has to include k5-int-pkinit.h rather than k5-int.h 553159d09a2SMark Phalan */ 554159d09a2SMark Phalan 555159d09a2SMark Phalan #include "k5-int-pkinit.h" 556159d09a2SMark Phalan 5577c478bd9Sstevel@tonic-gate /* 5587c478bd9Sstevel@tonic-gate * Begin "dbm.h" 5597c478bd9Sstevel@tonic-gate */ 5607c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5617c478bd9Sstevel@tonic-gate 5627c478bd9Sstevel@tonic-gate /* 5637c478bd9Sstevel@tonic-gate * Since we are always using db, use the db-ndbm include header file. 5647c478bd9Sstevel@tonic-gate */ 5657c478bd9Sstevel@tonic-gate 5667c478bd9Sstevel@tonic-gate #include "db-ndbm.h" 5677c478bd9Sstevel@tonic-gate 5687c478bd9Sstevel@tonic-gate #endif /* !KERNEL */ 5697c478bd9Sstevel@tonic-gate /* 5707c478bd9Sstevel@tonic-gate * End "dbm.h" 5717c478bd9Sstevel@tonic-gate */ 5727c478bd9Sstevel@tonic-gate 5737c478bd9Sstevel@tonic-gate /* 5747c478bd9Sstevel@tonic-gate * Begin "ext-proto.h" 5757c478bd9Sstevel@tonic-gate */ 5767c478bd9Sstevel@tonic-gate #ifndef KRB5_EXT_PROTO__ 5777c478bd9Sstevel@tonic-gate #define KRB5_EXT_PROTO__ 5787c478bd9Sstevel@tonic-gate 5797c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5807c478bd9Sstevel@tonic-gate #include <stdlib.h> 5817c478bd9Sstevel@tonic-gate #include <string.h> 5827c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 5837c478bd9Sstevel@tonic-gate 5847c478bd9Sstevel@tonic-gate #ifndef HAVE_STRDUP 5857c478bd9Sstevel@tonic-gate extern char *strdup (const char *); 5867c478bd9Sstevel@tonic-gate #endif 5877c478bd9Sstevel@tonic-gate 5887c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5897c478bd9Sstevel@tonic-gate #ifdef HAVE_UNISTD_H 5907c478bd9Sstevel@tonic-gate #include <unistd.h> 5917c478bd9Sstevel@tonic-gate #endif 5927c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 5937c478bd9Sstevel@tonic-gate 5947c478bd9Sstevel@tonic-gate #endif /* KRB5_EXT_PROTO__ */ 5957c478bd9Sstevel@tonic-gate /* 5967c478bd9Sstevel@tonic-gate * End "ext-proto.h" 5977c478bd9Sstevel@tonic-gate */ 5987c478bd9Sstevel@tonic-gate 5997c478bd9Sstevel@tonic-gate /* 6007c478bd9Sstevel@tonic-gate * Begin "sysincl.h" 6017c478bd9Sstevel@tonic-gate */ 6027c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSINCL__ 6037c478bd9Sstevel@tonic-gate #define KRB5_SYSINCL__ 6047c478bd9Sstevel@tonic-gate 6057c478bd9Sstevel@tonic-gate #ifndef KRB5_SYSTYPES__ 6067c478bd9Sstevel@tonic-gate #define KRB5_SYSTYPES__ 6077c478bd9Sstevel@tonic-gate /* needed for much of the rest -- but already handled in krb5.h? */ 6087c478bd9Sstevel@tonic-gate /* #include <sys/types.h> */ 6097c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSTYPES__ */ 6107c478bd9Sstevel@tonic-gate 6117c478bd9Sstevel@tonic-gate #ifdef _KERNEL 6127c478bd9Sstevel@tonic-gate #include <sys/time.h> 6137c478bd9Sstevel@tonic-gate #else 6147c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_TIME_H 6157c478bd9Sstevel@tonic-gate #include <sys/time.h> 6167c478bd9Sstevel@tonic-gate #ifdef TIME_WITH_SYS_TIME 6177c478bd9Sstevel@tonic-gate #include <time.h> 6187c478bd9Sstevel@tonic-gate #endif 6197c478bd9Sstevel@tonic-gate #else 6207c478bd9Sstevel@tonic-gate #include <time.h> 6217c478bd9Sstevel@tonic-gate #endif 6227c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 6237c478bd9Sstevel@tonic-gate 6247c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_STAT_H 6257c478bd9Sstevel@tonic-gate #include <sys/stat.h> /* struct stat, stat() */ 6267c478bd9Sstevel@tonic-gate #endif 6277c478bd9Sstevel@tonic-gate 6287c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_PARAM_H 6297c478bd9Sstevel@tonic-gate #include <sys/param.h> /* MAXPATHLEN */ 6307c478bd9Sstevel@tonic-gate #endif 6317c478bd9Sstevel@tonic-gate 6327c478bd9Sstevel@tonic-gate #ifdef HAVE_SYS_FILE_H 6337c478bd9Sstevel@tonic-gate #include <sys/file.h> /* prototypes for file-related 6347c478bd9Sstevel@tonic-gate syscalls; flags for open & 6357c478bd9Sstevel@tonic-gate friends */ 6367c478bd9Sstevel@tonic-gate #endif 6377c478bd9Sstevel@tonic-gate 6387c478bd9Sstevel@tonic-gate #ifdef _KERNEL 6397c478bd9Sstevel@tonic-gate #include <sys/fcntl.h> 6407c478bd9Sstevel@tonic-gate #else 6417c478bd9Sstevel@tonic-gate #include <fcntl.h> 6427c478bd9Sstevel@tonic-gate #endif 6437c478bd9Sstevel@tonic-gate 6447c478bd9Sstevel@tonic-gate #endif /* KRB5_SYSINCL__ */ 6457c478bd9Sstevel@tonic-gate /* 6467c478bd9Sstevel@tonic-gate * End "sysincl.h" 6477c478bd9Sstevel@tonic-gate */ 6487c478bd9Sstevel@tonic-gate 6497c478bd9Sstevel@tonic-gate /* 6507c478bd9Sstevel@tonic-gate * Begin "los-proto.h" 6517c478bd9Sstevel@tonic-gate */ 6527c478bd9Sstevel@tonic-gate #ifndef KRB5_LIBOS_PROTO__ 6537c478bd9Sstevel@tonic-gate #define KRB5_LIBOS_PROTO__ 654159d09a2SMark Phalan #endif 6557c478bd9Sstevel@tonic-gate 6567c478bd9Sstevel@tonic-gate #ifndef _KERNEL 6577c478bd9Sstevel@tonic-gate #include <stdio.h> 6587c478bd9Sstevel@tonic-gate 6597c478bd9Sstevel@tonic-gate struct addrlist; 660159d09a2SMark Phalan struct sendto_callback_info; 6617c478bd9Sstevel@tonic-gate #endif 6627c478bd9Sstevel@tonic-gate 6637c478bd9Sstevel@tonic-gate /* libos.spec */ 664159d09a2SMark Phalan krb5_error_code krb5_lock_file (krb5_context, int, int); 665159d09a2SMark Phalan krb5_error_code krb5_unlock_file (krb5_context, int); 666159d09a2SMark Phalan krb5_error_code krb5_sendto_kdc (krb5_context, const krb5_data *, 667159d09a2SMark Phalan const krb5_data *, krb5_data *, int *, int); 668*5e01956fSGlenn Barry /* Solaris Kerberos */ 669*5e01956fSGlenn Barry krb5_error_code krb5_sendto_kdc2 (krb5_context, const krb5_data *, 670*5e01956fSGlenn Barry const krb5_data *, krb5_data *, int *, int, 671*5e01956fSGlenn Barry char **); 672159d09a2SMark Phalan 6737c478bd9Sstevel@tonic-gate 674159d09a2SMark Phalan krb5_error_code krb5_get_krbhst (krb5_context, const krb5_data *, char *** ); 675159d09a2SMark Phalan krb5_error_code krb5_free_krbhst (krb5_context, char * const * ); 676159d09a2SMark Phalan krb5_error_code krb5_create_secure_file (krb5_context, const char * pathname); 6777c478bd9Sstevel@tonic-gate 678159d09a2SMark Phalan int krb5_net_read (krb5_context, int , char *, int); 6797c478bd9Sstevel@tonic-gate 6807c478bd9Sstevel@tonic-gate int krb5_net_write 6817c478bd9Sstevel@tonic-gate (krb5_context, int , const char *, int); 6827c478bd9Sstevel@tonic-gate 6837c478bd9Sstevel@tonic-gate 6847c478bd9Sstevel@tonic-gate krb5_error_code krb5_gen_replay_name 6857c478bd9Sstevel@tonic-gate (krb5_context, const krb5_address *, const char *, char **); 6867c478bd9Sstevel@tonic-gate 6877c478bd9Sstevel@tonic-gate 6887c478bd9Sstevel@tonic-gate #ifndef _KERNEL 689159d09a2SMark Phalan 690159d09a2SMark Phalan krb5_error_code krb5_sync_disk_file (krb5_context, FILE *fp); 6917c478bd9Sstevel@tonic-gate 6927c478bd9Sstevel@tonic-gate krb5_error_code 6937c478bd9Sstevel@tonic-gate krb5_open_pkcs11_session(CK_SESSION_HANDLE *); 6947c478bd9Sstevel@tonic-gate 6957c478bd9Sstevel@tonic-gate 6967c478bd9Sstevel@tonic-gate krb5_error_code krb5_read_message 6977c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *); 6987c478bd9Sstevel@tonic-gate 6997c478bd9Sstevel@tonic-gate krb5_error_code krb5_write_message 7007c478bd9Sstevel@tonic-gate (krb5_context, krb5_pointer, krb5_data *); 701159d09a2SMark Phalan krb5_error_code krb5int_sendto (krb5_context context, const krb5_data *message, 702159d09a2SMark Phalan const struct addrlist *addrs, struct sendto_callback_info* callback_info, 703159d09a2SMark Phalan krb5_data *reply, struct sockaddr *localaddr, socklen_t *localaddrlen, 704159d09a2SMark Phalan struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, int *addr_used, 705159d09a2SMark Phalan int (*msg_handler)(krb5_context, const krb5_data *, void *), 706159d09a2SMark Phalan void *msg_handler_data); 70754925bf6Swillf 7087c478bd9Sstevel@tonic-gate krb5_error_code krb5int_get_fq_local_hostname (char *, size_t); 709ba7b222eSGlenn Barry 710ba7b222eSGlenn Barry krb5_error_code krb5_set_debugging_time 711ba7b222eSGlenn Barry (krb5_context, krb5_timestamp, krb5_int32); 712ba7b222eSGlenn Barry krb5_error_code krb5_use_natural_time 713ba7b222eSGlenn Barry (krb5_context); 714ba7b222eSGlenn Barry krb5_error_code krb5_set_time_offsets 715ba7b222eSGlenn Barry (krb5_context, krb5_timestamp, krb5_int32); 716ba7b222eSGlenn Barry krb5_error_code krb5int_check_clockskew(krb5_context, krb5_timestamp); 71754925bf6Swillf #endif 7187c478bd9Sstevel@tonic-gate 719fe598cdcSmp /* 720fe598cdcSmp * Solaris Kerberos 721fe598cdcSmp * The following two functions are needed for better realm 722fe598cdcSmp * determination based on the DNS domain name. 723fe598cdcSmp */ 724fe598cdcSmp krb5_error_code krb5int_lookup_host(int , const char *, char **); 725fe598cdcSmp 726fe598cdcSmp krb5_error_code krb5int_domain_get_realm(krb5_context, const char *, 727fe598cdcSmp char **); 728fe598cdcSmp krb5_error_code krb5int_fqdn_get_realm(krb5_context, const char *, 729fe598cdcSmp char **); 730fe598cdcSmp 73154925bf6Swillf krb5_error_code krb5int_init_context_kdc(krb5_context *); 73254925bf6Swillf 733159d09a2SMark Phalan krb5_error_code krb5_os_init_context (krb5_context, krb5_boolean); 7347c478bd9Sstevel@tonic-gate 7357c478bd9Sstevel@tonic-gate void krb5_os_free_context (krb5_context); 7367c478bd9Sstevel@tonic-gate 737159d09a2SMark Phalan /* This function is needed by KfM's KerberosPreferences API 738159d09a2SMark Phalan * because it needs to be able to specify "secure" */ 739505d05c7Sgtb #ifndef _KERNEL 740159d09a2SMark Phalan krb5_error_code os_get_default_config_files 741159d09a2SMark Phalan (profile_filespec_t **pfiles, krb5_boolean secure); 742505d05c7Sgtb #endif 743505d05c7Sgtb 744159d09a2SMark Phalan krb5_error_code krb5_os_hostaddr 745159d09a2SMark Phalan (krb5_context, const char *, krb5_address ***); 746505d05c7Sgtb 7477c478bd9Sstevel@tonic-gate #ifndef _KERNEL 7487c478bd9Sstevel@tonic-gate /* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're 749159d09a2SMark Phalan going to use this structure. */ 7507c478bd9Sstevel@tonic-gate struct addrlist { 751159d09a2SMark Phalan struct { 752159d09a2SMark Phalan #ifdef FAI_DEFINED 753159d09a2SMark Phalan struct addrinfo *ai; 754159d09a2SMark Phalan #else 755159d09a2SMark Phalan struct undefined_addrinfo *ai; 756159d09a2SMark Phalan #endif 757159d09a2SMark Phalan void (*freefn)(void *); 758159d09a2SMark Phalan void *data; 759159d09a2SMark Phalan } *addrs; 760159d09a2SMark Phalan int naddrs; 761159d09a2SMark Phalan int space; 7627c478bd9Sstevel@tonic-gate }; 763159d09a2SMark Phalan #define ADDRLIST_INIT { 0, 0, 0 } 7647c478bd9Sstevel@tonic-gate extern void krb5int_free_addrlist (struct addrlist *); 7657c478bd9Sstevel@tonic-gate extern int krb5int_grow_addrlist (struct addrlist *, int); 7667c478bd9Sstevel@tonic-gate extern int krb5int_add_host_to_list (struct addrlist *, const char *, 767159d09a2SMark Phalan int, int, int, int); 7687c478bd9Sstevel@tonic-gate 769159d09a2SMark Phalan #include <locate_plugin.h> 77010db1377Sgtb krb5_error_code 771159d09a2SMark Phalan krb5int_locate_server (krb5_context, const krb5_data *realm, 772159d09a2SMark Phalan struct addrlist *, enum locate_service_type svc, 773159d09a2SMark Phalan int sockettype, int family); 77410db1377Sgtb 7757c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 7767c478bd9Sstevel@tonic-gate 7777c478bd9Sstevel@tonic-gate /* new encryption provider api */ 7787c478bd9Sstevel@tonic-gate 7797c478bd9Sstevel@tonic-gate struct krb5_enc_provider { 780159d09a2SMark Phalan /* keybytes is the input size to make_key; 7817c478bd9Sstevel@tonic-gate keylength is the output size */ 782505d05c7Sgtb size_t block_size, keybytes, keylength; 7837c478bd9Sstevel@tonic-gate 784