/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
/* $Id$ */
#define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
#endif
+#ifndef KRB5_DEPRECATED
+#define KRB5_DEPRECATED __attribute__((deprecated))
+#endif
+
/* simple constants */
#ifndef TRUE
struct krb5_get_creds_opt_data;
typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt;
-struct krb5_digest;
-typedef struct krb5_digest *krb5_digest;
-struct krb5_ntlm;
-typedef struct krb5_ntlm *krb5_ntlm;
+struct krb5_digest_data;
+typedef struct krb5_digest_data *krb5_digest;
+struct krb5_ntlm_data;
+typedef struct krb5_ntlm_data *krb5_ntlm;
-typedef struct krb5_pac *krb5_pac;
+struct krb5_pac_data;
+typedef struct krb5_pac_data *krb5_pac;
-typedef struct krb5_rd_req_in_ctx *krb5_rd_req_in_ctx;
-typedef struct krb5_rd_req_out_ctx *krb5_rd_req_out_ctx;
+typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx;
+typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx;
typedef CKSUMTYPE krb5_cksumtype;
typedef ENCTYPE krb5_enctype;
+typedef struct krb5_get_init_creds_ctx *krb5_init_creds_context;
+
typedef heim_octet_string krb5_data;
/* PKINIT related forward declarations */
/* acceptor sign in GSSAPI CFX krb5 mechanism */
KRB5_KU_USAGE_ACCEPTOR_SIGN = 23,
/* acceptor seal in GSSAPI CFX krb5 mechanism */
- KRB5_KU_USAGE_INITIATOR_SEAL = 24,
+ KRB5_KU_USAGE_INITIATOR_SEAL = 24,
/* initiator sign in GSSAPI CFX krb5 mechanism */
KRB5_KU_USAGE_INITIATOR_SIGN = 25,
/* initiator seal in GSSAPI CFX krb5 mechanism */
/* Keyusage for the server referral in a TGS req */
KRB5_KU_SAM_ENC_NONCE_SAD = 27,
/* Encryption of the SAM-NONCE-OR-SAD field */
+ KRB5_KU_PA_PKINIT_KX = 44,
+ /* Encryption type of the kdc session contribution in pk-init */
KRB5_KU_DIGEST_ENCRYPT = -18,
/* Encryption key usage used in the digest encryption field */
KRB5_KU_DIGEST_OPAQUE = -19,
krb5_preauthdata_entry *val;
}krb5_preauthdata;
-typedef enum krb5_address_type {
+typedef enum krb5_address_type {
KRB5_ADDRESS_INET = 2,
KRB5_ADDRESS_NETBIOS = 20,
KRB5_ADDRESS_INET6 = 24,
typedef HostAddresses krb5_addresses;
-typedef enum krb5_keytype {
- KEYTYPE_NULL = 0,
- KEYTYPE_DES = 1,
- KEYTYPE_DES3 = 7,
- KEYTYPE_AES128 = 17,
- KEYTYPE_AES256 = 18,
- KEYTYPE_ARCFOUR = 23,
- KEYTYPE_ARCFOUR_56 = 24
+typedef enum krb5_keytype {
+ KEYTYPE_NULL = ETYPE_NULL,
+ KEYTYPE_DES = ETYPE_DES_CBC_CRC,
+ KEYTYPE_DES3 = ETYPE_OLD_DES3_CBC_SHA1,
+ KEYTYPE_AES128 = ETYPE_AES128_CTS_HMAC_SHA1_96,
+ KEYTYPE_AES256 = ETYPE_AES256_CTS_HMAC_SHA1_96,
+ KEYTYPE_ARCFOUR = ETYPE_ARCFOUR_HMAC_MD5,
+ KEYTYPE_ARCFOUR_56 = ETYPE_ARCFOUR_HMAC_MD5_56
} krb5_keytype;
typedef EncryptionKey krb5_keyblock;
NULL)
typedef void *krb5_cc_cursor;
+typedef struct krb5_cccol_cursor *krb5_cccol_cursor;
typedef struct krb5_ccache_data {
const struct krb5_cc_ops *ops;
typedef Principal krb5_principal_data;
typedef struct Principal *krb5_principal;
typedef const struct Principal *krb5_const_principal;
+typedef struct Principals *krb5_principals;
typedef time_t krb5_deltat;
typedef time_t krb5_timestamp;
#define KRB5_GC_NO_STORE (1U << 3)
#define KRB5_GC_FORWARDABLE (1U << 4)
#define KRB5_GC_NO_TRANSIT_CHECK (1U << 5)
+#define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6)
+#define KRB5_GC_CANONICALIZE (1U << 7)
/* constants for compare_creds (and cc_retrieve_cred) */
#define KRB5_TC_DONT_MATCH_REALM (1U << 31)
typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
+#define KRB5_CC_OPS_VERSION 2
+
typedef struct krb5_cc_ops {
+ int version;
const char *prefix;
const char* (*get_name)(krb5_context, krb5_ccache);
krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *);
krb5_error_code (*destroy)(krb5_context, krb5_ccache);
krb5_error_code (*close)(krb5_context, krb5_ccache);
krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*);
- krb5_error_code (*retrieve)(krb5_context, krb5_ccache,
+ krb5_error_code (*retrieve)(krb5_context, krb5_ccache,
krb5_flags, const krb5_creds*, krb5_creds *);
krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*);
krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
- krb5_error_code (*get_next)(krb5_context, krb5_ccache,
+ krb5_error_code (*get_next)(krb5_context, krb5_ccache,
krb5_cc_cursor*, krb5_creds*);
krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
- krb5_error_code (*remove_cred)(krb5_context, krb5_ccache,
+ krb5_error_code (*remove_cred)(krb5_context, krb5_ccache,
krb5_flags, krb5_creds*);
krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags);
int (*get_version)(krb5_context, krb5_ccache);
krb5_error_code (*get_cache_first)(krb5_context, krb5_cc_cursor *);
krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *);
krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor);
+ krb5_error_code (*move)(krb5_context, krb5_ccache, krb5_ccache);
+ krb5_error_code (*get_default_name)(krb5_context, char **);
+ krb5_error_code (*set_default)(krb5_context, krb5_ccache);
+ krb5_error_code (*lastchange)(krb5_context, krb5_ccache, krb5_timestamp *);
} krb5_cc_ops;
struct krb5_log_facility;
typedef krb5_config_binding krb5_config_section;
-enum {
- KRB5_PKINIT_WIN2K = 1, /* wire compatible with Windows 2k */
- KRB5_PKINIT_PACKET_CABLE = 2 /* use packet cable standard */
-};
-
typedef struct krb5_ticket {
EncTicketPart ticket;
krb5_principal client;
krb5_kvno vno;
krb5_keyblock keyblock;
uint32_t timestamp;
+ uint32_t flags;
+ krb5_principals aliases;
} krb5_keytab_entry;
typedef struct krb5_kt_cursor {
krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab);
krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t);
krb5_error_code (*close)(krb5_context, krb5_keytab);
- krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal,
+ krb5_error_code (*destroy)(krb5_context, krb5_keytab);
+ krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal,
krb5_kvno, krb5_enctype, krb5_keytab_entry*);
krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
- krb5_error_code (*next_entry)(krb5_context, krb5_keytab,
+ krb5_error_code (*next_entry)(krb5_context, krb5_keytab,
krb5_keytab_entry*, krb5_kt_cursor*);
krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
uint32_t remote_seqnumber;
krb5_authenticator authenticator;
-
+
krb5_pointer i_vector;
-
+
krb5_rcache rcache;
- krb5_keytype keytype; /* ¿requested key type ? */
- krb5_cksumtype cksumtype; /* ¡requested checksum type! */
-
+ krb5_keytype keytype; /* ¿requested key type ? */
+ krb5_cksumtype cksumtype; /* ¡requested checksum type! */
+
}krb5_auth_context_data, *krb5_auth_context;
typedef struct {
#define KRB5_TGS_NAME_SIZE (6)
#define KRB5_TGS_NAME ("krbtgt")
-
+#define KRB5_WELLKNOWN_NAME ("WELLKNOWN")
+#define KRB5_ANON_NAME ("ANONYMOUS")
#define KRB5_DIGEST_NAME ("digest")
-/* variables */
-
-extern const char *krb5_config_file;
-extern const char *krb5_defkeyname;
-
typedef enum {
KRB5_PROMPT_TYPE_PASSWORD = 0x1,
KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2,
struct _krb5_get_init_creds_opt_private;
-typedef struct _krb5_get_init_creds_opt {
+struct _krb5_get_init_creds_opt {
krb5_flags flags;
krb5_deltat tkt_life;
krb5_deltat renew_life;
int preauth_list_length;
krb5_data *salt;
struct _krb5_get_init_creds_opt_private *opt_private;
-} krb5_get_init_creds_opt;
+};
+
+typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt;
#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
#define KRB5_VERIFY_LREALMS 1
#define KRB5_VERIFY_NO_ADDRESSES 2
-extern const krb5_cc_ops krb5_acc_ops;
-extern const krb5_cc_ops krb5_fcc_ops;
-extern const krb5_cc_ops krb5_mcc_ops;
-extern const krb5_cc_ops krb5_kcm_ops;
-
-extern const krb5_kt_ops krb5_fkt_ops;
-extern const krb5_kt_ops krb5_wrfkt_ops;
-extern const krb5_kt_ops krb5_javakt_ops;
-extern const krb5_kt_ops krb5_mkt_ops;
-extern const krb5_kt_ops krb5_akf_ops;
-extern const krb5_kt_ops krb4_fkt_ops;
-extern const krb5_kt_ops krb5_srvtab_fkt_ops;
-extern const krb5_kt_ops krb5_any_ops;
-
#define KRB5_KPASSWD_VERS_CHANGEPW 1
#define KRB5_KPASSWD_VERS_SETPW 0xff80
KRB5_KRBHST_FLAGS_LARGE_MSG = 2
};
-typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context,
- void *,
+typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context,
+ void *,
krb5_krbhst_info *,
+ time_t timeout,
const krb5_data *,
krb5_data *);
-/* flags for krb5_parse_name_flags */
+/** flags for krb5_parse_name_flags */
enum {
- KRB5_PRINCIPAL_PARSE_NO_REALM = 1,
- KRB5_PRINCIPAL_PARSE_MUST_REALM = 2,
- KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4
+ KRB5_PRINCIPAL_PARSE_NO_REALM = 1, /**< Require that there are no realm */
+ KRB5_PRINCIPAL_PARSE_REQUIRE_REALM = 2, /**< Require a realm present */
+ KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4 /**< Parse as a NT-ENTERPRISE name */
};
-/* flags for krb5_unparse_name_flags */
+/** flags for krb5_unparse_name_flags */
enum {
- KRB5_PRINCIPAL_UNPARSE_SHORT = 1,
- KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2
+ KRB5_PRINCIPAL_UNPARSE_SHORT = 1, /**< No realm if it is the default realm */
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2, /**< No realm */
+ KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 /**< No quoting */
+};
+
+typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx;
+
+#define KRB5_SENDTO_DONE 0
+#define KRB5_SENDTO_RESTART 1
+#define KRB5_SENDTO_CONTINUE 2
+
+typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *);
+
+struct krb5_plugin;
+enum krb5_plugin_type {
+ PLUGIN_TYPE_DATA = 1,
+ PLUGIN_TYPE_FUNC
};
struct credentials; /* this is to keep the compiler happy */
struct getargs;
struct sockaddr;
+/**
+ * Semi private, not stable yet
+ */
+
+typedef struct krb5_crypto_iov {
+ unsigned int flags;
+ /* ignored */
+#define KRB5_CRYPTO_TYPE_EMPTY 0
+ /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
+#define KRB5_CRYPTO_TYPE_HEADER 1
+ /* IN and OUT */
+#define KRB5_CRYPTO_TYPE_DATA 2
+ /* IN */
+#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3
+ /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
+#define KRB5_CRYPTO_TYPE_PADDING 4
+ /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
+#define KRB5_CRYPTO_TYPE_TRAILER 5
+ /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
+#define KRB5_CRYPTO_TYPE_CHECKSUM 6
+ krb5_data data;
+} krb5_crypto_iov;
+
+
+/* Glue for MIT */
+
+typedef struct {
+ int32_t lr_type;
+ krb5_timestamp value;
+} krb5_last_req_entry;
+
+typedef krb5_error_code
+(*krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *);
+
+/*
+ *
+ */
+
#include <krb5-protos.h>
+/* variables */
+
+extern KRB5_LIB_VARIABLE const char *krb5_config_file;
+extern KRB5_LIB_VARIABLE const char *krb5_defkeyname;
+
+
+extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops;
+extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops;
+extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops;
+extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops;
+extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops;
+
+extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops;
+extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_wrfkt_ops;
+extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_javakt_ops;
+extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_mkt_ops;
+extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_akf_ops;
+extern KRB5_LIB_VARIABLE const krb5_kt_ops krb4_fkt_ops;
+extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_srvtab_fkt_ops;
+extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_any_ops;
+
#endif /* __KRB5_H__ */