17c478bd9Sstevel@tonic-gate /*
2*5e01956fSGlenn Barry  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
37c478bd9Sstevel@tonic-gate  */
47c478bd9Sstevel@tonic-gate 
57c478bd9Sstevel@tonic-gate /* This is the prologue to krb5.h */
67c478bd9Sstevel@tonic-gate /* Unfortunately some of these defines are compiler dependent */
77c478bd9Sstevel@tonic-gate #ifndef _KRB5_H
87c478bd9Sstevel@tonic-gate #define _KRB5_H
97c478bd9Sstevel@tonic-gate 
107c478bd9Sstevel@tonic-gate 
117c478bd9Sstevel@tonic-gate #define SIZEOF_INT 4
127c478bd9Sstevel@tonic-gate 
137c478bd9Sstevel@tonic-gate #ifdef _LP64
147c478bd9Sstevel@tonic-gate #define SIZEOF_LONG 8
157c478bd9Sstevel@tonic-gate #else
167c478bd9Sstevel@tonic-gate #define SIZEOF_LONG 4
177c478bd9Sstevel@tonic-gate #endif
187c478bd9Sstevel@tonic-gate 
197c478bd9Sstevel@tonic-gate #define SIZEOF_SHORT 2
207c478bd9Sstevel@tonic-gate #define HAVE_STDARG_H 1
217c478bd9Sstevel@tonic-gate #define HAVE_SYS_TYPES_H 1
227c478bd9Sstevel@tonic-gate /* End of prologue section */
237c478bd9Sstevel@tonic-gate /*
247c478bd9Sstevel@tonic-gate  * include/krb5.h
257c478bd9Sstevel@tonic-gate  *
26fe598cdcSmp  * Copyright 1989,1990,1995,2001, 2003  by the Massachusetts Institute of Technology.
277c478bd9Sstevel@tonic-gate  * All Rights Reserved.
287c478bd9Sstevel@tonic-gate  *
297c478bd9Sstevel@tonic-gate  * Export of this software from the United States of America may
307c478bd9Sstevel@tonic-gate  *   require a specific license from the United States Government.
317c478bd9Sstevel@tonic-gate  *   It is the responsibility of any person or organization contemplating
327c478bd9Sstevel@tonic-gate  *   export to obtain such a license before exporting.
33fe598cdcSmp  *
347c478bd9Sstevel@tonic-gate  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
357c478bd9Sstevel@tonic-gate  * distribute this software and its documentation for any purpose and
367c478bd9Sstevel@tonic-gate  * without fee is hereby granted, provided that the above copyright
377c478bd9Sstevel@tonic-gate  * notice appear in all copies and that both that copyright notice and
387c478bd9Sstevel@tonic-gate  * this permission notice appear in supporting documentation, and that
397c478bd9Sstevel@tonic-gate  * the name of M.I.T. not be used in advertising or publicity pertaining
407c478bd9Sstevel@tonic-gate  * to distribution of the software without specific, written prior
417c478bd9Sstevel@tonic-gate  * permission.	Furthermore if you modify this software you must label
427c478bd9Sstevel@tonic-gate  * your software as modified software and not distribute it in such a
437c478bd9Sstevel@tonic-gate  * fashion that it might be confused with the original M.I.T. software.
447c478bd9Sstevel@tonic-gate  * M.I.T. makes no representations about the suitability of
457c478bd9Sstevel@tonic-gate  * this software for any purpose.  It is provided "as is" without express
467c478bd9Sstevel@tonic-gate  * or implied warranty.
47159d09a2SMark Phalan  *
487c478bd9Sstevel@tonic-gate  *
497c478bd9Sstevel@tonic-gate  * General definitions for Kerberos version 5.
507c478bd9Sstevel@tonic-gate  */
517c478bd9Sstevel@tonic-gate 
527c478bd9Sstevel@tonic-gate /*
537c478bd9Sstevel@tonic-gate  * Copyright (C) 1998 by the FundsXpress, INC.
54159d09a2SMark Phalan  *
557c478bd9Sstevel@tonic-gate  * All rights reserved.
56159d09a2SMark Phalan  *
577c478bd9Sstevel@tonic-gate  * Export of this software from the United States of America may require
587c478bd9Sstevel@tonic-gate  * a specific license from the United States Government.  It is the
597c478bd9Sstevel@tonic-gate  * responsibility of any person or organization contemplating export to
607c478bd9Sstevel@tonic-gate  * obtain such a license before exporting.
61159d09a2SMark Phalan  *
627c478bd9Sstevel@tonic-gate  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
637c478bd9Sstevel@tonic-gate  * distribute this software and its documentation for any purpose and
647c478bd9Sstevel@tonic-gate  * without fee is hereby granted, provided that the above copyright
657c478bd9Sstevel@tonic-gate  * notice appear in all copies and that both that copyright notice and
667c478bd9Sstevel@tonic-gate  * this permission notice appear in supporting documentation, and that
677c478bd9Sstevel@tonic-gate  * the name of FundsXpress. not be used in advertising or publicity pertaining
687c478bd9Sstevel@tonic-gate  * to distribution of the software without specific, written prior
697c478bd9Sstevel@tonic-gate  * permission.  FundsXpress makes no representations about the suitability of
707c478bd9Sstevel@tonic-gate  * this software for any purpose.  It is provided "as is" without express
717c478bd9Sstevel@tonic-gate  * or implied warranty.
72159d09a2SMark Phalan  *
737c478bd9Sstevel@tonic-gate  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
747c478bd9Sstevel@tonic-gate  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
757c478bd9Sstevel@tonic-gate  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
767c478bd9Sstevel@tonic-gate  */
777c478bd9Sstevel@tonic-gate 
787c478bd9Sstevel@tonic-gate #ifndef KRB5_GENERAL__
797c478bd9Sstevel@tonic-gate #define KRB5_GENERAL__
807c478bd9Sstevel@tonic-gate 
817c478bd9Sstevel@tonic-gate #ifdef	_KERNEL
827c478bd9Sstevel@tonic-gate #include <sys/systm.h>
837c478bd9Sstevel@tonic-gate #include <sys/kmem.h>
847c478bd9Sstevel@tonic-gate 
857c478bd9Sstevel@tonic-gate #include <sys/crypto/common.h>
867c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h>
877c478bd9Sstevel@tonic-gate 
887c478bd9Sstevel@tonic-gate /*
897c478bd9Sstevel@tonic-gate  * Just to be safe lets make sure the buffers are zero'ed after
907c478bd9Sstevel@tonic-gate  * malloc() as some code assumes this is the case.  To avoid warnings
917c478bd9Sstevel@tonic-gate  * of duplicated defines let remove the old one if present.
927c478bd9Sstevel@tonic-gate  */
937c478bd9Sstevel@tonic-gate #ifdef MALLOC
947c478bd9Sstevel@tonic-gate #undef MALLOC
957c478bd9Sstevel@tonic-gate #endif
967c478bd9Sstevel@tonic-gate #define MALLOC(n) kmem_zalloc((n), KM_SLEEP)
977c478bd9Sstevel@tonic-gate 
987c478bd9Sstevel@tonic-gate #define	FREE(x, n) kmem_free((x), (n))
997c478bd9Sstevel@tonic-gate #define CALLOC(n, s) kmem_zalloc((n)*(s), KM_SLEEP)
1007c478bd9Sstevel@tonic-gate #define strcpy(dst,src,n) bcopy((src),(dst),(n))
1017c478bd9Sstevel@tonic-gate #define mutex_lock(lck)  mutex_enter(lck)
1027c478bd9Sstevel@tonic-gate #define mutex_unlock(lck)  mutex_exit(lck)
1037c478bd9Sstevel@tonic-gate 
1047c478bd9Sstevel@tonic-gate #else /* !_KERNEL */
1057c478bd9Sstevel@tonic-gate #define	MALLOC(n) malloc(n)
1067c478bd9Sstevel@tonic-gate #define	FREE(x, n) free(x)
1077c478bd9Sstevel@tonic-gate #define CALLOC(n, s) calloc((n), (s))
1087c478bd9Sstevel@tonic-gate #include <stdlib.h>
1097c478bd9Sstevel@tonic-gate #include <thread.h>
1107c478bd9Sstevel@tonic-gate #include <synch.h>
1117c478bd9Sstevel@tonic-gate #include <security/cryptoki.h>
112505d05c7Sgtb #include <limits.h>    /* for *_MAX */
1137c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
1147c478bd9Sstevel@tonic-gate 
115505d05c7Sgtb /* By default, do not expose deprecated interfaces. */
116505d05c7Sgtb /* SUNW14resync - we need to enable this for rlogind and such */
117505d05c7Sgtb #ifndef KRB5_DEPRECATED
118505d05c7Sgtb #define KRB5_DEPRECATED 1
119505d05c7Sgtb #endif
120505d05c7Sgtb /* Do not expose private interfaces.  Build system will override. */
121505d05c7Sgtb /* SUNW14resync - for the Solaris build we set it to 1 here */
122505d05c7Sgtb #ifndef KRB5_PRIVATE
123505d05c7Sgtb #define KRB5_PRIVATE 1
124505d05c7Sgtb #endif
125505d05c7Sgtb 
126159d09a2SMark Phalan #if defined(__MACH__) && defined(__APPLE__)
127159d09a2SMark Phalan #	include <TargetConditionals.h>
128159d09a2SMark Phalan #    if TARGET_RT_MAC_CFM
129159d09a2SMark Phalan #	error "Use KfM 4.0 SDK headers for CFM compilation."
130159d09a2SMark Phalan #    endif
131505d05c7Sgtb #endif
1327c478bd9Sstevel@tonic-gate 
133159d09a2SMark Phalan #if defined(_MSDOS) || defined(_WIN32)
1347c478bd9Sstevel@tonic-gate #include <win-mac.h>
1357c478bd9Sstevel@tonic-gate #endif
1367c478bd9Sstevel@tonic-gate 
1377c478bd9Sstevel@tonic-gate #ifndef KRB5_CONFIG__
1387c478bd9Sstevel@tonic-gate #ifndef KRB5_CALLCONV
1397c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV
1407c478bd9Sstevel@tonic-gate #define KRB5_CALLCONV_C
1417c478bd9Sstevel@tonic-gate #endif /* !KRB5_CALLCONV */
1427c478bd9Sstevel@tonic-gate #endif /* !KRB5_CONFIG__ */
1437c478bd9Sstevel@tonic-gate 
144505d05c7Sgtb #ifndef KRB5_CALLCONV_WRONG
145505d05c7Sgtb #define KRB5_CALLCONV_WRONG
146505d05c7Sgtb #endif
147505d05c7Sgtb 
148505d05c7Sgtb /* SUNW14resync XXX */
1497c478bd9Sstevel@tonic-gate #include <sys/types.h>
1507c478bd9Sstevel@tonic-gate #include <sys/socket.h>
1517c478bd9Sstevel@tonic-gate 
1527c478bd9Sstevel@tonic-gate #ifndef THREEPARAMOPEN
1537c478bd9Sstevel@tonic-gate #define THREEPARAMOPEN(x,y,z) open(x,y,z)
1547c478bd9Sstevel@tonic-gate #endif
1557c478bd9Sstevel@tonic-gate 
156505d05c7Sgtb 
1577c478bd9Sstevel@tonic-gate /*
1587c478bd9Sstevel@tonic-gate  * Solaris Kerberos:
15910db1377Sgtb  *   Samba needs a couple of these interfaces so old crypto is enabled.
1607c478bd9Sstevel@tonic-gate  */
16110db1377Sgtb #define KRB5_OLD_CRYPTO
1627c478bd9Sstevel@tonic-gate 
1637c478bd9Sstevel@tonic-gate 
164159d09a2SMark Phalan #ifndef KRB5INT_BEGIN_DECLS
165159d09a2SMark Phalan #if defined(__cplusplus)
166159d09a2SMark Phalan #define KRB5INT_BEGIN_DECLS	extern "C" {
167159d09a2SMark Phalan #define KRB5INT_END_DECLS	}
168159d09a2SMark Phalan #else
169159d09a2SMark Phalan #define KRB5INT_BEGIN_DECLS
170159d09a2SMark Phalan #define KRB5INT_END_DECLS
171159d09a2SMark Phalan #endif
172159d09a2SMark Phalan #endif
1737c478bd9Sstevel@tonic-gate 
174eb42280bSWill Fiveash KRB5INT_BEGIN_DECLS
175eb42280bSWill Fiveash 
176505d05c7Sgtb #if TARGET_OS_MAC
177505d05c7Sgtb #    pragma options align=mac68k
1787c478bd9Sstevel@tonic-gate #endif
1797c478bd9Sstevel@tonic-gate 
180505d05c7Sgtb /* from profile.h */
181505d05c7Sgtb struct _profile_t;
182505d05c7Sgtb /* typedef struct _profile_t *profile_t; */
183505d05c7Sgtb 
1847c478bd9Sstevel@tonic-gate /*
1857c478bd9Sstevel@tonic-gate  * begin wordsize.h
1867c478bd9Sstevel@tonic-gate  */
1877c478bd9Sstevel@tonic-gate 
1887c478bd9Sstevel@tonic-gate /*
1897c478bd9Sstevel@tonic-gate  * Word-size related definition.
1907c478bd9Sstevel@tonic-gate  */
1917c478bd9Sstevel@tonic-gate 
1927c478bd9Sstevel@tonic-gate typedef	unsigned char	krb5_octet;
1937c478bd9Sstevel@tonic-gate 
194505d05c7Sgtb #if INT_MAX == 0x7fff
1957c478bd9Sstevel@tonic-gate typedef	int	krb5_int16;
1967c478bd9Sstevel@tonic-gate typedef	unsigned int	krb5_ui_2;
197505d05c7Sgtb #elif SHRT_MAX == 0x7fff
1987c478bd9Sstevel@tonic-gate typedef	short	krb5_int16;
1997c478bd9Sstevel@tonic-gate typedef	unsigned short	krb5_ui_2;
2007c478bd9Sstevel@tonic-gate #else
201505d05c7Sgtb #error undefined 16 bit type
2027c478bd9Sstevel@tonic-gate #endif
2037c478bd9Sstevel@tonic-gate 
204505d05c7Sgtb #if INT_MAX == 0x7fffffffL
205159d09a2SMark Phalan typedef	int	krb5_int32;
2067c478bd9Sstevel@tonic-gate typedef	unsigned int	krb5_ui_4;
207505d05c7Sgtb #elif LONG_MAX == 0x7fffffffL
2087c478bd9Sstevel@tonic-gate typedef	long	krb5_int32;
2097c478bd9Sstevel@tonic-gate typedef	unsigned long	krb5_ui_4;
210505d05c7Sgtb #elif SHRT_MAX == 0x7fffffffL
2117c478bd9Sstevel@tonic-gate typedef	short	krb5_int32;
2127c478bd9Sstevel@tonic-gate typedef	unsigned short	krb5_ui_4;
2137c478bd9Sstevel@tonic-gate #else
214505d05c7Sgtb #error: undefined 32 bit type
2157c478bd9Sstevel@tonic-gate #endif
2167c478bd9Sstevel@tonic-gate 
217159d09a2SMark Phalan #define VALID_INT_BITS	  INT_MAX
218159d09a2SMark Phalan #define VALID_UINT_BITS	  UINT_MAX
219505d05c7Sgtb 
2207c478bd9Sstevel@tonic-gate #define KRB5_INT32_MAX	2147483647
2217c478bd9Sstevel@tonic-gate /* this strange form is necessary since - is a unary operator, not a sign
2227c478bd9Sstevel@tonic-gate    indicator */
2237c478bd9Sstevel@tonic-gate #define KRB5_INT32_MIN	(-KRB5_INT32_MAX-1)
2247c478bd9Sstevel@tonic-gate 
2257c478bd9Sstevel@tonic-gate #define KRB5_INT16_MAX 65535
2267c478bd9Sstevel@tonic-gate /* this strange form is necessary since - is a unary operator, not a sign
2277c478bd9Sstevel@tonic-gate    indicator */
2287c478bd9Sstevel@tonic-gate #define KRB5_INT16_MIN	(-KRB5_INT16_MAX-1)
2297c478bd9Sstevel@tonic-gate 
2307c478bd9Sstevel@tonic-gate /*
2317c478bd9Sstevel@tonic-gate  * end wordsize.h
2327c478bd9Sstevel@tonic-gate  */
2337c478bd9Sstevel@tonic-gate 
2347c478bd9Sstevel@tonic-gate /*
2357c478bd9Sstevel@tonic-gate  * begin "base-defs.h"
2367c478bd9Sstevel@tonic-gate  */
2377c478bd9Sstevel@tonic-gate 
2387c478bd9Sstevel@tonic-gate /*
2397c478bd9Sstevel@tonic-gate  * Basic definitions for Kerberos V5 library
2407c478bd9Sstevel@tonic-gate  */
2417c478bd9Sstevel@tonic-gate 
2427c478bd9Sstevel@tonic-gate #ifndef FALSE
2437c478bd9Sstevel@tonic-gate #define	FALSE	0
2447c478bd9Sstevel@tonic-gate #endif
2457c478bd9Sstevel@tonic-gate #ifndef TRUE
2467c478bd9Sstevel@tonic-gate #define	TRUE	1
2477c478bd9Sstevel@tonic-gate #endif
2487c478bd9Sstevel@tonic-gate 
2497c478bd9Sstevel@tonic-gate typedef	unsigned int krb5_boolean;
2507c478bd9Sstevel@tonic-gate typedef	unsigned int krb5_msgtype;
2517c478bd9Sstevel@tonic-gate typedef	unsigned int krb5_kvno;
2527c478bd9Sstevel@tonic-gate 
253159d09a2SMark Phalan typedef	krb5_int32 krb5_addrtype;
254159d09a2SMark Phalan typedef krb5_int32 krb5_enctype;
255159d09a2SMark Phalan typedef krb5_int32 krb5_cksumtype;
256159d09a2SMark Phalan typedef krb5_int32 krb5_authdatatype;
257159d09a2SMark Phalan typedef krb5_int32 krb5_keyusage;
2587c478bd9Sstevel@tonic-gate 
2597c478bd9Sstevel@tonic-gate typedef krb5_int32	krb5_preauthtype; /* This may change, later on */
2607c478bd9Sstevel@tonic-gate typedef	krb5_int32	krb5_flags;
2617c478bd9Sstevel@tonic-gate typedef krb5_int32	krb5_timestamp;
2627c478bd9Sstevel@tonic-gate typedef	krb5_int32	krb5_error_code;
2637c478bd9Sstevel@tonic-gate typedef krb5_int32	krb5_deltat;
2647c478bd9Sstevel@tonic-gate 
2657c478bd9Sstevel@tonic-gate typedef krb5_error_code	krb5_magic;
2667c478bd9Sstevel@tonic-gate 
2677c478bd9Sstevel@tonic-gate typedef struct _krb5_data {
268159d09a2SMark Phalan 	krb5_magic magic;
269159d09a2SMark Phalan 	unsigned int length;
270159d09a2SMark Phalan 	char *data;
2717c478bd9Sstevel@tonic-gate } krb5_data;
2727c478bd9Sstevel@tonic-gate 
273159d09a2SMark Phalan typedef struct _krb5_octet_data {
274159d09a2SMark Phalan 	krb5_magic magic;
275159d09a2SMark Phalan 	unsigned int length;
276159d09a2SMark Phalan 	krb5_octet *data;
277159d09a2SMark Phalan } krb5_octet_data;
278159d09a2SMark Phalan 
279505d05c7Sgtb /*
280159d09a2SMark Phalan  * Hack length for crypto library to use the afs_string_to_key It is
281159d09a2SMark Phalan  * equivalent to -1 without possible sign extension
282159d09a2SMark Phalan  * We also overload for an unset salt type length - which is also -1, but
283159d09a2SMark Phalan  * hey, why not....
284159d09a2SMark Phalan */
285159d09a2SMark Phalan #define SALT_TYPE_AFS_LENGTH UINT_MAX
286159d09a2SMark Phalan #define SALT_TYPE_NO_LENGTH  UINT_MAX
2877c478bd9Sstevel@tonic-gate 
288159d09a2SMark Phalan typedef	void * krb5_pointer;
289159d09a2SMark Phalan typedef void const * krb5_const_pointer;
2907c478bd9Sstevel@tonic-gate 
2917c478bd9Sstevel@tonic-gate typedef struct krb5_principal_data {
2927c478bd9Sstevel@tonic-gate     krb5_magic magic;
2937c478bd9Sstevel@tonic-gate     krb5_data realm;
2947c478bd9Sstevel@tonic-gate     krb5_data *data;		/* An array of strings */
2957c478bd9Sstevel@tonic-gate     krb5_int32 length;
2967c478bd9Sstevel@tonic-gate     krb5_int32 type;
2977c478bd9Sstevel@tonic-gate } krb5_principal_data;
2987c478bd9Sstevel@tonic-gate 
2997c478bd9Sstevel@tonic-gate typedef	krb5_principal_data * krb5_principal;
3007c478bd9Sstevel@tonic-gate 
3017c478bd9Sstevel@tonic-gate /*
3027c478bd9Sstevel@tonic-gate  * Per V5 spec on definition of principal types
3037c478bd9Sstevel@tonic-gate  */
3047c478bd9Sstevel@tonic-gate 
3057c478bd9Sstevel@tonic-gate /* Name type not known */
3067c478bd9Sstevel@tonic-gate #define KRB5_NT_UNKNOWN		0
3077c478bd9Sstevel@tonic-gate /* Just the name of the principal as in DCE, or for users */
3087c478bd9Sstevel@tonic-gate #define KRB5_NT_PRINCIPAL	1
3097c478bd9Sstevel@tonic-gate /* Service and other unique instance (krbtgt) */
3107c478bd9Sstevel@tonic-gate #define KRB5_NT_SRV_INST	2
3117c478bd9Sstevel@tonic-gate /* Service with host name as instance (telnet, rcommands) */
3127c478bd9Sstevel@tonic-gate #define KRB5_NT_SRV_HST		3
3137c478bd9Sstevel@tonic-gate /* Service with host as remaining components */
3147c478bd9Sstevel@tonic-gate #define KRB5_NT_SRV_XHST	4
3157c478bd9Sstevel@tonic-gate /* Unique ID */
3167c478bd9Sstevel@tonic-gate #define KRB5_NT_UID		5
317ba7b222eSGlenn Barry /* PKINIT */
318ba7b222eSGlenn Barry #define KRB5_NT_X500_PRINCIPAL          6
319ba7b222eSGlenn Barry /* Name in form of SMTP email name */
320ba7b222eSGlenn Barry #define KRB5_NT_SMTP_NAME               7
321ba7b222eSGlenn Barry /* Windows 2000 UPN */
322ba7b222eSGlenn Barry #define KRB5_NT_ENTERPRISE_PRINCIPAL    10
323ba7b222eSGlenn Barry /* Windows 2000 UPN and SID */
324ba7b222eSGlenn Barry #define KRB5_NT_MS_PRINCIPAL            -128
325ba7b222eSGlenn Barry /* NT 4 style name */
326ba7b222eSGlenn Barry #define KRB5_NT_MS_PRINCIPAL_AND_ID     -129
327ba7b222eSGlenn Barry /* NT 4 style name and SID */
328ba7b222eSGlenn Barry #define KRB5_NT_ENT_PRINCIPAL_AND_ID    -130
3297c478bd9Sstevel@tonic-gate 
3307c478bd9Sstevel@tonic-gate /* constant version thereof: */
331505d05c7Sgtb typedef const krb5_principal_data *krb5_const_principal;
3327c478bd9Sstevel@tonic-gate 
3337c478bd9Sstevel@tonic-gate #define krb5_princ_realm(context, princ) (&(princ)->realm)
3347c478bd9Sstevel@tonic-gate #define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value))
3357c478bd9Sstevel@tonic-gate #define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value)
3367c478bd9Sstevel@tonic-gate #define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value)
3377c478bd9Sstevel@tonic-gate #define	krb5_princ_size(context, princ) (princ)->length
3387c478bd9Sstevel@tonic-gate #define	krb5_princ_type(context, princ) (princ)->type
3397c478bd9Sstevel@tonic-gate #define	krb5_princ_name(context, princ) (princ)->data
340159d09a2SMark Phalan #define	krb5_princ_component(context, princ,i)		\
341159d09a2SMark Phalan 	    (((i) < krb5_princ_size(context, princ))	\
342159d09a2SMark Phalan 	     ? (princ)->data + (i)			\
343159d09a2SMark Phalan 	     : NULL)
3447c478bd9Sstevel@tonic-gate 
345fe598cdcSmp /*
346fe598cdcSmp  * Constants for realm referrals.
347fe598cdcSmp  */
348fe598cdcSmp #define        KRB5_REFERRAL_REALM	""
349fe598cdcSmp 
350fe598cdcSmp /*
351fe598cdcSmp  * Referral-specific functions.
352fe598cdcSmp  */
353fe598cdcSmp krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *);
354fe598cdcSmp 
3557c478bd9Sstevel@tonic-gate /*
3567c478bd9Sstevel@tonic-gate  * end "base-defs.h"
3577c478bd9Sstevel@tonic-gate  */
3587c478bd9Sstevel@tonic-gate 
3597c478bd9Sstevel@tonic-gate /*
3607c478bd9Sstevel@tonic-gate  * begin "hostaddr.h"
3617c478bd9Sstevel@tonic-gate  */
3627c478bd9Sstevel@tonic-gate 
3637c478bd9Sstevel@tonic-gate /* structure for address */
3647c478bd9Sstevel@tonic-gate typedef struct _krb5_address {
3657c478bd9Sstevel@tonic-gate     krb5_magic magic;
3667c478bd9Sstevel@tonic-gate     krb5_addrtype addrtype;
3677c478bd9Sstevel@tonic-gate     unsigned int length;
3687c478bd9Sstevel@tonic-gate     krb5_octet *contents;
3697c478bd9Sstevel@tonic-gate } krb5_address;
3707c478bd9Sstevel@tonic-gate 
3717c478bd9Sstevel@tonic-gate /* per Kerberos v5 protocol spec */
3727c478bd9Sstevel@tonic-gate #define	ADDRTYPE_INET		0x0002
3737c478bd9Sstevel@tonic-gate #define	ADDRTYPE_CHAOS		0x0005
3747c478bd9Sstevel@tonic-gate #define	ADDRTYPE_XNS		0x0006
3757c478bd9Sstevel@tonic-gate #define	ADDRTYPE_ISO		0x0007
376159d09a2SMark Phalan #define ADDRTYPE_DDP		0x0010
377159d09a2SMark Phalan #define ADDRTYPE_INET6		0x0018
3787c478bd9Sstevel@tonic-gate /* not yet in the spec... */
379159d09a2SMark Phalan #define ADDRTYPE_ADDRPORT	0x0100
380159d09a2SMark Phalan #define ADDRTYPE_IPPORT		0x0101
3817c478bd9Sstevel@tonic-gate 
3827c478bd9Sstevel@tonic-gate /* macros to determine if a type is a local type */
3837c478bd9Sstevel@tonic-gate #define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000)
3847c478bd9Sstevel@tonic-gate 
3857c478bd9Sstevel@tonic-gate /*
3867c478bd9Sstevel@tonic-gate  * end "hostaddr.h"
3877c478bd9Sstevel@tonic-gate  */
3887c478bd9Sstevel@tonic-gate 
3897c478bd9Sstevel@tonic-gate 
3907c478bd9Sstevel@tonic-gate struct _krb5_context;
3917c478bd9Sstevel@tonic-gate typedef struct _krb5_context * krb5_context;
3927c478bd9Sstevel@tonic-gate 
3937c478bd9Sstevel@tonic-gate struct _krb5_auth_context;
3947c478bd9Sstevel@tonic-gate typedef struct _krb5_auth_context * krb5_auth_context;
3957c478bd9Sstevel@tonic-gate 
3967c478bd9Sstevel@tonic-gate struct _krb5_cryptosystem_entry;
3977c478bd9Sstevel@tonic-gate 
398505d05c7Sgtb /* SUNW EF (I assume) crypto mods ... */
3997c478bd9Sstevel@tonic-gate struct _krb5_keyblock;
4007c478bd9Sstevel@tonic-gate 
4017c478bd9Sstevel@tonic-gate /*
4027c478bd9Sstevel@tonic-gate  * keyblocks will contain a list of derived keys,
4037c478bd9Sstevel@tonic-gate  * this  structure will contain the derived key data.
4047c478bd9Sstevel@tonic-gate  */
4057c478bd9Sstevel@tonic-gate typedef struct _dk_node {
4067c478bd9Sstevel@tonic-gate     krb5_keyusage   usage;
4077c478bd9Sstevel@tonic-gate     struct _krb5_keyblock   *derived_key;
4087c478bd9Sstevel@tonic-gate     uchar_t         dkid; /* derived key identifier byte */
4097c478bd9Sstevel@tonic-gate     struct _dk_node *next;
4107c478bd9Sstevel@tonic-gate } krb5_dk_node;
4117c478bd9Sstevel@tonic-gate 
4127c478bd9Sstevel@tonic-gate /*
4137c478bd9Sstevel@tonic-gate  * begin "encryption.h"
4147c478bd9Sstevel@tonic-gate  */
415159d09a2SMark Phalan 
4167c478bd9Sstevel@tonic-gate typedef struct _krb5_keyblock {
4177c478bd9Sstevel@tonic-gate     krb5_magic magic;
4187c478bd9Sstevel@tonic-gate     krb5_enctype enctype;
4197c478bd9Sstevel@tonic-gate     unsigned int length;
4207c478bd9Sstevel@tonic-gate     krb5_octet *contents;
4217c478bd9Sstevel@tonic-gate     krb5_dk_node   *dk_list; /* list of keys derived from this key */
4227c478bd9Sstevel@tonic-gate #ifdef _KERNEL
4237c478bd9Sstevel@tonic-gate     crypto_mech_type_t     kef_mt;
4247c478bd9Sstevel@tonic-gate     crypto_key_t           kef_key;
4257c478bd9Sstevel@tonic-gate     crypto_ctx_template_t  key_tmpl;
4267c478bd9Sstevel@tonic-gate #else
4277c478bd9Sstevel@tonic-gate     CK_OBJECT_HANDLE       hKey; /* PKCS#11 key object handle */
4287c478bd9Sstevel@tonic-gate     pid_t	pid; /* fork safety */
4297c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
4307c478bd9Sstevel@tonic-gate } krb5_keyblock;
4317c478bd9Sstevel@tonic-gate 
4327c478bd9Sstevel@tonic-gate typedef struct _krb5_checksum {
4337c478bd9Sstevel@tonic-gate     krb5_magic magic;
4347c478bd9Sstevel@tonic-gate     krb5_cksumtype checksum_type;	/* checksum type */
4357c478bd9Sstevel@tonic-gate     unsigned int length;
4367c478bd9Sstevel@tonic-gate     krb5_octet *contents;
4377c478bd9Sstevel@tonic-gate } krb5_checksum;
4387c478bd9Sstevel@tonic-gate 
4397c478bd9Sstevel@tonic-gate typedef struct _krb5_encrypt_block {
4407c478bd9Sstevel@tonic-gate     krb5_magic magic;
4417c478bd9Sstevel@tonic-gate     krb5_enctype crypto_entry;		/* to call krb5_encrypt_size, you need
4427c478bd9Sstevel@tonic-gate 					   this.  it was a pointer, but it
4437c478bd9Sstevel@tonic-gate 					   doesn't have to be.  gross. */
4447c478bd9Sstevel@tonic-gate     krb5_keyblock *key;
4457c478bd9Sstevel@tonic-gate } krb5_encrypt_block;
4467c478bd9Sstevel@tonic-gate 
4477c478bd9Sstevel@tonic-gate typedef struct _krb5_enc_data {
4487c478bd9Sstevel@tonic-gate     krb5_magic magic;
4497c478bd9Sstevel@tonic-gate     krb5_enctype enctype;
4507c478bd9Sstevel@tonic-gate     krb5_kvno kvno;
4517c478bd9Sstevel@tonic-gate     krb5_data ciphertext;
4527c478bd9Sstevel@tonic-gate } krb5_enc_data;
4537c478bd9Sstevel@tonic-gate 
4547c478bd9Sstevel@tonic-gate /* per Kerberos v5 protocol spec */
4557c478bd9Sstevel@tonic-gate #define	ENCTYPE_NULL		0x0000
4567c478bd9Sstevel@tonic-gate #define	ENCTYPE_DES_CBC_CRC	0x0001	/* DES cbc mode with CRC-32 */
4577c478bd9Sstevel@tonic-gate #define	ENCTYPE_DES_CBC_MD4	0x0002	/* DES cbc mode with RSA-MD4 */
4587c478bd9Sstevel@tonic-gate #define	ENCTYPE_DES_CBC_MD5	0x0003	/* DES cbc mode with RSA-MD5 */
459159d09a2SMark Phalan #define	ENCTYPE_DES_CBC_RAW	0x0004	/* DES cbc mode raw */
4607c478bd9Sstevel@tonic-gate /* XXX deprecated? */
4617c478bd9Sstevel@tonic-gate #define	ENCTYPE_DES3_CBC_SHA	0x0005	/* DES-3 cbc mode with NIST-SHA */
4627c478bd9Sstevel@tonic-gate #define	ENCTYPE_DES3_CBC_RAW	0x0006	/* DES-3 cbc mode raw */
463159d09a2SMark Phalan #define ENCTYPE_DES_HMAC_SHA1	0x0008
464159d09a2SMark Phalan #define ENCTYPE_DES3_CBC_SHA1	0x0010
465159d09a2SMark Phalan #define ENCTYPE_AES128_CTS_HMAC_SHA1_96	0x0011
466159d09a2SMark Phalan #define ENCTYPE_AES256_CTS_HMAC_SHA1_96	0x0012
4677c478bd9Sstevel@tonic-gate #define ENCTYPE_ARCFOUR_HMAC	0x0017
4687c478bd9Sstevel@tonic-gate #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
469159d09a2SMark Phalan #define ENCTYPE_UNKNOWN		0x01ff
4707c478bd9Sstevel@tonic-gate 
4717c478bd9Sstevel@tonic-gate #define	CKSUMTYPE_CRC32		0x0001
4727c478bd9Sstevel@tonic-gate #define	CKSUMTYPE_RSA_MD4	0x0002
4737c478bd9Sstevel@tonic-gate #define	CKSUMTYPE_RSA_MD4_DES	0x0003
4747c478bd9Sstevel@tonic-gate #define	CKSUMTYPE_DESCBC	0x0004
4757c478bd9Sstevel@tonic-gate /* des-mac-k */
4767c478bd9Sstevel@tonic-gate /* rsa-md4-des-k */
4777c478bd9Sstevel@tonic-gate #define	CKSUMTYPE_RSA_MD5	0x0007
4787c478bd9Sstevel@tonic-gate #define	CKSUMTYPE_RSA_MD5_DES	0x0008
479159d09a2SMark Phalan #define CKSUMTYPE_NIST_SHA	0x0009
480159d09a2SMark Phalan #define CKSUMTYPE_HMAC_SHA1_DES3	0x000c
4817c478bd9Sstevel@tonic-gate #define CKSUMTYPE_HMAC_SHA1_96_AES128	0x000f
4827c478bd9Sstevel@tonic-gate #define CKSUMTYPE_HMAC_SHA1_96_AES256	0x0010
4837c478bd9Sstevel@tonic-gate #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
4847c478bd9Sstevel@tonic-gate 
485505d05c7Sgtb /* The following are entropy source designations. Whenever
486