/*
* Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
*/
/* This is the prologue to krb5.h */
/* Unfortunately some of these defines are compiler dependent */
#ifndef _KRB5_H
#define _KRB5_H
#define SIZEOF_INT 4
#ifdef _LP64
#define SIZEOF_LONG 8
#else
#define SIZEOF_LONG 4
#endif
#define SIZEOF_SHORT 2
#define HAVE_STDARG_H 1
#define HAVE_SYS_TYPES_H 1
/* End of prologue section */
/*
* include/krb5.h
*
* Copyright 1989,1990,1995,2001, 2003 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* General definitions for Kerberos version 5.
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#ifndef KRB5_GENERAL__
#define KRB5_GENERAL__
#ifdef _KERNEL
#include <sys/systm.h>
#include <sys/kmem.h>
#include <sys/crypto/common.h>
#include <sys/crypto/api.h>
/*
* Just to be safe lets make sure the buffers are zero'ed after
* malloc() as some code assumes this is the case. To avoid warnings
* of duplicated defines let remove the old one if present.
*/
#ifdef MALLOC
#undef MALLOC
#endif
#define MALLOC(n) kmem_zalloc((n), KM_SLEEP)
#define FREE(x, n) kmem_free((x), (n))
#define CALLOC(n, s) kmem_zalloc((n)*(s), KM_SLEEP)
#define strcpy(dst,src,n) bcopy((src),(dst),(n))
#define mutex_lock(lck) mutex_enter(lck)
#define mutex_unlock(lck) mutex_exit(lck)
#else /* !_KERNEL */
#define MALLOC(n) malloc(n)
#define FREE(x, n) free(x)
#define CALLOC(n, s) calloc((n), (s))
#include <stdlib.h>
#include <thread.h>
#include <synch.h>
#include <security/cryptoki.h>
#include <limits.h> /* for *_MAX */
#endif /* _KERNEL */
/* By default, do not expose deprecated interfaces. */
/* SUNW14resync - we need to enable this for rlogind and such */
#ifndef KRB5_DEPRECATED
#define KRB5_DEPRECATED 1
#endif
/* Do not expose private interfaces. Build system will override. */
/* SUNW14resync - for the Solaris build we set it to 1 here */
#ifndef KRB5_PRIVATE
#define KRB5_PRIVATE 1
#endif
#if defined(__MACH__) && defined(__APPLE__)
# include <TargetConditionals.h>
# if TARGET_RT_MAC_CFM
# error "Use KfM 4.0 SDK headers for CFM compilation."
# endif
#endif
#if defined(_MSDOS) || defined(_WIN32)
#include <win-mac.h>
#endif
#ifndef KRB5_CONFIG__
#ifndef KRB5_CALLCONV
#define KRB5_CALLCONV
#define KRB5_CALLCONV_C
#endif /* !KRB5_CALLCONV */
#endif /* !KRB5_CONFIG__ */
#ifndef KRB5_CALLCONV_WRONG
#define KRB5_CALLCONV_WRONG
#endif
/* SUNW14resync XXX */
#include <sys/types.h>
#include <sys/socket.h>
#ifndef THREEPARAMOPEN
#define THREEPARAMOPEN(x,y,z) open(x,y,z)
#endif
/*
* Solaris Kerberos:
* Samba needs a couple of these interfaces so old crypto is enabled.
*/
#define KRB5_OLD_CRYPTO
#ifndef KRB5INT_BEGIN_DECLS
#if defined(__cplusplus)
#define KRB5INT_BEGIN_DECLS extern "C" {
#define KRB5INT_END_DECLS }
#else
#define KRB5INT_BEGIN_DECLS
#define KRB5INT_END_DECLS
#endif
#endif
KRB5INT_BEGIN_DECLS
#if TARGET_OS_MAC
# pragma options align=mac68k
#endif
/* from profile.h */
struct _profile_t;
/* typedef struct _profile_t *profile_t; */
/*
* begin wordsize.h
*/
/*
* Word-size related definition.
*/
typedef unsigned char krb5_octet;
#if INT_MAX == 0x7fff
typedef int krb5_int16;
typedef unsigned int krb5_ui_2;
#elif SHRT_MAX == 0x7fff
typedef short krb5_int16;
typedef unsigned short krb5_ui_2;
#else
#error undefined 16 bit type
#endif
#if INT_MAX == 0x7fffffffL
typedef int krb5_int32;
typedef unsigned int krb5_ui_4;
#elif LONG_MAX == 0x7fffffffL
typedef long krb5_int32;
typedef unsigned long krb5_ui_4;
#elif SHRT_MAX == 0x7fffffffL
typedef short krb5_int32;
typedef unsigned short krb5_ui_4;
#else
#error: undefined 32 bit type
#endif
#define VALID_INT_BITS INT_MAX
#define VALID_UINT_BITS UINT_MAX
#define KRB5_INT32_MAX 2147483647
/* this strange form is necessary since - is a unary operator, not a sign
indicator */
#define KRB5_INT32_MIN (-KRB5_INT32_MAX-1)
#define KRB5_INT16_MAX 65535
/* this strange form is necessary since - is a unary operator, not a sign
indicator */
#define KRB5_INT16_MIN (-KRB5_INT16_MAX-1)
/*
* end wordsize.h
*/
/*
* begin "base-defs.h"
*/
/*
* Basic definitions for Kerberos V5 library
*/
#ifndef FALSE
#define FALSE 0
#endif
#ifndef TRUE
#define TRUE 1
#endif
typedef unsigned int krb5_boolean;
typedef unsigned int krb5_msgtype;
typedef unsigned int krb5_kvno;
typedef krb5_int32 krb5_addrtype;
typedef krb5_int32 krb5_enctype;
typedef krb5_int32 krb5_cksumtype;
typedef krb5_int32 krb5_authdatatype;
typedef krb5_int32 krb5_keyusage;
typedef krb5_int32 krb5_preauthtype; /* This may change, later on */
typedef krb5_int32 krb5_flags;
typedef krb5_int32 krb5_timestamp;
typedef krb5_int32 krb5_error_code;
typedef krb5_int32 krb5_deltat;
typedef krb5_error_code krb5_magic;
typedef struct _krb5_data {
krb5_magic magic;
unsigned int length;
char *data;
} krb5_data;
typedef struct _krb5_octet_data {
krb5_magic magic;
unsigned int length;
krb5_octet *data;
} krb5_octet_data;
/*
* Hack length for crypto library to use the afs_string_to_key It is
* equivalent to -1 without possible sign extension
* We also overload for an unset salt type length - which is also -1, but
* hey, why not....
*/
#define SALT_TYPE_AFS_LENGTH UINT_MAX
#define SALT_TYPE_NO_LENGTH UINT_MAX
typedef void * krb5_pointer;
typedef void const * krb5_const_pointer;
typedef struct krb5_principal_data {
krb5_magic magic;
krb5_data realm;
krb5_data *data; /* An array of strings */
krb5_int32 length;
krb5_int32 type;
} krb5_principal_data;
typedef krb5_principal_data * krb5_principal;
/*
* Per V5 spec on definition of principal types
*/
/* Name type not known */
#define KRB5_NT_UNKNOWN 0
/* Just the name of the principal as in DCE, or for users */
#define KRB5_NT_PRINCIPAL 1
/* Service and other unique instance (krbtgt) */
#define KRB5_NT_SRV_INST 2
/* Service with host name as instance (telnet, rcommands) */
#define KRB5_NT_SRV_HST 3
/* Service with host as remaining components */
#define KRB5_NT_SRV_XHST 4
/* Unique ID */
#define KRB5_NT_UID 5
/* PKINIT */
#define KRB5_NT_X500_PRINCIPAL 6
/* Name in form of SMTP email name */
#define KRB5_NT_SMTP_NAME 7
/* Windows 2000 UPN */
#define KRB5_NT_ENTERPRISE_PRINCIPAL 10
/* Windows 2000 UPN and SID */
#define KRB5_NT_MS_PRINCIPAL -128
/* NT 4 style name */
#define KRB5_NT_MS_PRINCIPAL_AND_ID -129
/* NT 4 style name and SID */
#define KRB5_NT_ENT_PRINCIPAL_AND_ID -130
/* constant version thereof: */
typedef const krb5_principal_data *krb5_const_principal;
#define krb5_princ_realm(context, princ) (&(princ)->realm)
#define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value))
#define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value)
#define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value)
#define krb5_princ_size(context, princ) (princ)->length
#define krb5_princ_type(context, princ) (princ)->type
#define krb5_princ_name(context, princ) (princ)->data
#define krb5_princ_component(context, princ,i) \
(((i) < krb5_princ_size(context, princ)) \
? (princ)->data + (i) \
: NULL)
/*
* Constants for realm referrals.
*/
#define KRB5_REFERRAL_REALM ""
/*
* Referral-specific functions.
*/
krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *);
/*
* end "base-defs.h"
*/
/*
* begin "hostaddr.h"
*/
/* structure for address */
typedef struct _krb5_address {
krb5_magic magic;
krb5_addrtype addrtype;
unsigned int length;
krb5_octet *contents;
} krb5_address;
/* per Kerberos v5 protocol spec */
#define ADDRTYPE_INET 0x0002
#define ADDRTYPE_CHAOS 0x0005
#define ADDRTYPE_XNS 0x0006
#define ADDRTYPE_ISO 0x0007
#define ADDRTYPE_DDP 0x0010
#define ADDRTYPE_INET6 0x0018
/* not yet in the spec... */
#define ADDRTYPE_ADDRPORT 0x0100
#define ADDRTYPE_IPPORT 0x0101
/* macros to determine if a type is a local type */
#define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000)
/*
* end "hostaddr.h"
*/
struct _krb5_context;
typedef struct _krb5_context * krb5_context;
struct _krb5_auth_context;
typedef struct _krb5_auth_context * krb5_auth_context;
struct _krb5_cryptosystem_entry;
/* SUNW EF (I assume) crypto mods ... */
struct _krb5_keyblock;
/*
* keyblocks will contain a list of derived keys,
* this structure will contain the derived key data.
*/
typedef struct _dk_node {
krb5_keyusage usage;
struct _krb5_keyblock *derived_key;
uchar_t dkid; /* derived key identifier byte */
struct _dk_node *next;
} krb5_dk_node;
/*
* begin "encryption.h"
*/
typedef struct _krb5_keyblock {
krb5_magic magic;
krb5_enctype enctype;
unsigned int length;
krb5_octet *contents;
krb5_dk_node *dk_list; /* list of keys derived from this key */
#ifdef _KERNEL
crypto_mech_type_t kef_mt;
crypto_key_t kef_key;
crypto_ctx_template_t key_tmpl;
#else
CK_OBJECT_HANDLE hKey; /* PKCS#11 key object handle */
pid_t pid; /* fork safety */
#endif /* _KERNEL */
} krb5_keyblock;
typedef struct _krb5_checksum {
krb5_magic magic;
krb5_cksumtype checksum_type; /* checksum type */
unsigned int length;
krb5_octet *contents;
} krb5_checksum;
typedef struct _krb5_encrypt_block {
krb5_magic magic;
krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need
this. it was a pointer, but it
doesn't have to be. gross. */
krb5_keyblock *key;
} krb5_encrypt_block;
typedef struct _krb5_enc_data {
krb5_magic magic;
krb5_enctype enctype;
krb5_kvno kvno;
krb5_data ciphertext;
} krb5_enc_data;
/* per Kerberos v5 protocol spec */
#define ENCTYPE_NULL 0x0000
#define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */
#define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */
#define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */
#define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */
/* XXX deprecated? */
#define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */
#define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */
#define ENCTYPE_DES_HMAC_SHA1 0x0008
#define ENCTYPE_DES3_CBC_SHA1 0x0010
#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
#define ENCTYPE_ARCFOUR_HMAC 0x0017
#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
#define ENCTYPE_UNKNOWN 0x01ff
#define CKSUMTYPE_CRC32 0x0001
#define CKSUMTYPE_RSA_MD4 0x0002
#define CKSUMTYPE_RSA_MD4_DES 0x0003
#define CKSUMTYPE_DESCBC 0x0004
/* des-mac-k */
/* rsa-md4-des-k */
#define CKSUMTYPE_RSA_MD5 0x0007
#define CKSUMTYPE_RSA_MD5_DES 0x0008
#define CKSUMTYPE_NIST_SHA 0x0009
#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c
#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f
#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010
#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
/* The following are entropy source designations. Whenever
* krb5_C_random_add_entropy is called, one of these source ids is passed
* in. This allows the library to better estimate bits of
* entropy in the sample and to keep track of what sources of entropy have
* contributed enough entropy. Sources marked internal MUST NOT be
* used by applications outside the Kerberos library
*/
enum {
KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/
KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/
KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/
/*This source should be used carefully; data in this category
* should be from a third party trusted to give random bits
* For example keys issued by the KDC in the application server.
*/
KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/
KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/
KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/
};
#ifndef krb5_roundup
/* round x up to nearest multiple of y */
#define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y))
#endif /* roundup */
/* macro function definitions to help clean up code */
#ifndef _KERNEL
#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
#else
#define krb5_x(ptr,args) ((*(ptr)) args)
#define krb5_xc(ptr,args) ((*(ptr)) args)
#endif
krb5_error_code KRB5_CALLCONV
krb5_c_encrypt
(krb5_context context, const krb5_keyblock *key,
krb5_keyusage usage, const krb5_data *cipher_state,
const krb5_data *input, krb5_enc_data *output);
krb5_error_code KRB5_CALLCONV
krb5_c_decrypt
(krb5_context context, const krb5_keyblock *key,
krb5_keyusage usage, const krb5_data *cipher_state,
const krb5_enc_data *input, krb5_data *output);
krb5_error_code KRB5_CALLCONV
krb5_c_encrypt_length
(krb5_context context, krb5_enctype enctype,
size_t inputlen, size_t *length);
krb5_error_code KRB5_CALLCONV
krb5_c_block_size
(krb5_context context, krb5_enctype enctype,
size_t *blocksize);
krb5_error_code KRB5_CALLCONV
krb5_c_keylengths
(krb5_context context, krb5_enctype enctype,
size_t *keybytes, size_t *keylength);
krb5_error_code KRB5_CALLCONV
krb5_c_init_state(krb5_context,
const krb5_keyblock *, krb5_keyusage,
krb5_data *);
krb5_error_code KRB5_CALLCONV
krb5_c_free_state(krb5_context,
const krb5_keyblock *, krb5_data *);
krb5_error_code KRB5_CALLCONV
krb5_c_make_random_key
(krb5_context context, krb5_enctype enctype,
krb5_keyblock *random_key);
krb5_error_code KRB5_CALLCONV
krb5_c_random_to_key
(krb5_context context, krb5_enctype enctype,
krb5_data *random_data, krb5_keyblock *k5_random_key);
/* Register a new entropy sample with the PRNG. may cause
* the PRNG to be reseeded, although this is not guaranteed. See previous randsource definitions
* for information on how each source should be used.
*/
krb5_error_code KRB5_CALLCONV
krb5_c_random_add_entropy
(krb5_context context, unsigned int randsource_id, const krb5_data *data);
krb5_error_code KRB5_CALLCONV
krb5_c_random_make_octets
(krb5_context context, krb5_data *data);
/*
* Collect entropy from the OS if possible. strong requests that as strong
* of a source of entropy as available be used. Setting strong may
* increase the probability of blocking and should not be used for normal
* applications. Good uses include seeding the PRNG for kadmind
* and realm setup.
* If successful is non-null, then successful is set to 1 if the OS provided
* entropy else zero.
*/
#if 0 /* SUNW14resync - not used in Solaris */
krb5_error_code KRB5_CALLCONV
krb5_c_random_os_entropy
(krb5_context context, int strong, int *success);
#endif
/*deprecated*/ krb5_error_code KRB5_CALLCONV
krb5_c_random_seed
(krb5_context context, krb5_data *data);
krb5_error_code KRB5_CALLCONV
krb5_c_string_to_key
(krb5_context context, krb5_enctype enctype,
const krb5_data *string, const krb5_data *salt,
krb5_keyblock *key);
krb5_error_code KRB5_CALLCONV
krb5_c_string_to_key_with_params(krb5_context context,
krb5_enctype enctype,
const krb5_data *string,
const krb5_data *salt,
const krb5_data *params,
krb5_keyblock *key);
krb5_error_code KRB5_CALLCONV
krb5_c_enctype_compare
(krb5_context context, krb5_enctype e1, krb5_enctype e2,
krb5_boolean *similar);
krb5_error_code KRB5_CALLCONV
krb5_c_make_checksum
(krb5_context context, krb5_cksumtype cksumtype,
const krb5_keyblock *key, krb5_keyusage usage,
const krb5_data *input, krb5_checksum *cksum);
krb5_error_code KRB5_CALLCONV
krb5_c_verify_checksum
(krb5_context context,
const krb5_keyblock *key, krb5_keyusage usage,
const krb5_data *data,
const krb5_checksum *cksum,
krb5_boolean *valid);
krb5_error_code KRB5_CALLCONV
krb5_c_checksum_length
(krb5_context context, krb5_cksumtype cksumtype,
size_t *length);
krb5_error_code KRB5_CALLCONV
krb5_c_keyed_checksum_types
(krb5_context context, krb5_enctype enctype,
unsigned int *count, krb5_cksumtype **cksumtypes);
#define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1
#define KRB5_KEYUSAGE_KDC_REP_TICKET 2
#define KRB5_KEYUSAGE_AS_REP_ENCPART 3
#define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4
#define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5
#define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6
#define KRB5_KEYUSAGE_TGS_REQ_AUTH 7
#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8
#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9
#define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10
#define KRB5_KEYUSAGE_AP_REQ_AUTH 11
#define KRB5_KEYUSAGE_AP_REP_ENCPART 12
#define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13
#define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14
#define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15
#define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16
#define KRB5_KEYUSAGE_APP_DATA_CKSUM 17
#define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18
#define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19
#define KRB5_KEYUSAGE_AD_MTE 20
#define KRB5_KEYUSAGE_AD_ITE 21
/* XXX need to register these */
#define KRB5_KEYUSAGE_GSS_TOK_MIC 22
#define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23
#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24
/* Defined in hardware preauth draft */
#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25
#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26
#define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27
/* Defined in KDC referrals draft */
#define KRB5_KEYUSAGE_PA_REFERRAL 26 /* XXX note conflict with above */
krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype
(krb5_enctype ktype);
krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype
(krb5_cksumtype ctype);
krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum
(krb5_cksumtype ctype);
krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum
(krb5_cksumtype ctype);
#if KRB5_PRIVATE
/* Use the above four instead. */
krb5_boolean KRB5_CALLCONV valid_enctype
(krb5_enctype ktype);
krb5_boolean KRB5_CALLCONV valid_cksumtype
(krb5_cksumtype ctype);
krb5_boolean KRB5_CALLCONV is_coll_proof_cksum
(krb5_cksumtype ctype);
krb5_boolean KRB5_CALLCONV is_keyed_cksum
(krb5_cksumtype ctype);
#endif
#ifdef KRB5_OLD_CRYPTO
/*
* old cryptosystem routine prototypes. These are now layered
* on top of the functions above.
*/
krb5_error_code KRB5_CALLCONV krb5_encrypt
(krb5_context context,
krb5_const_pointer inptr,
krb5_pointer outptr,
size_t size,
krb5_encrypt_block * eblock,
krb5_pointer ivec);
krb5_error_code KRB5_CALLCONV krb5_decrypt
(krb5_context context,
krb5_const_pointer inptr,
krb5_pointer outptr,
size_t size,
krb5_encrypt_block * eblock,
krb5_pointer ivec);
krb5_error_code KRB5_CALLCONV krb5_process_key
(krb5_context context,
krb5_encrypt_block * eblock,
const krb5_keyblock * key);
krb5_error_code KRB5_CALLCONV krb5_finish_key
(krb5_context context,
krb5_encrypt_block * eblock);
krb5_error_code KRB5_CALLCONV krb5_string_to_key
(krb5_context context,
const krb5_encrypt_block * eblock,
krb5_keyblock * keyblock,
const krb5_data * data,
const krb5_data * salt);
krb5_error_code KRB5_CALLCONV krb5_init_random_key
(krb5_context context,
const krb5_encrypt_block * eblock,
const krb5_keyblock * keyblock,
krb5_pointer * ptr);
krb5_error_code KRB5_CALLCONV krb5_finish_random_key
(krb5_context context,
const krb5_encrypt_block * eblock,
krb5_pointer * ptr);
krb5_error_code KRB5_CALLCONV krb5_random_key
(krb5_context context,
const krb5_encrypt_block * eblock,
krb5_pointer ptr,
krb5_keyblock ** keyblock);
krb5_enctype KRB5_CALLCONV krb5_eblock_enctype
(krb5_context context,
const krb5_encrypt_block * eblock);
krb5_error_code KRB5_CALLCONV krb5_use_enctype
(krb5_context context,
krb5_encrypt_block * eblock,
krb5_enctype enctype);
size_t KRB5_CALLCONV krb5_encrypt_size
(size_t length,
krb5_enctype crypto);
size_t KRB5_CALLCONV krb5_checksum_size
(krb5_context context,
krb5_cksumtype ctype);
krb5_error_code KRB5_CALLCONV krb5_calculate_checksum
(krb5_context context,
krb5_cksumtype ctype,
krb5_const_pointer in, size_t in_length,
krb5_const_pointer seed, size_t seed_length,
krb5_checksum * outcksum);
krb5_error_code KRB5_CALLCONV krb5_verify_checksum
(krb5_context context,
krb5_cksumtype ctype,
const krb5_checksum * cksum,
krb5_const_pointer in, size_t in_length,
krb5_const_pointer seed, size_t seed_length);
#if KRB5_PRIVATE
krb5_error_code KRB5_CALLCONV krb5_random_confounder
(size_t, krb5_pointer);
krb5_error_code krb5_encrypt_data
(krb5_context context, krb5_keyblock *key,
krb5_pointer ivec, krb5_data *data,
krb5_enc_data *enc_data);
krb5_error_code krb5_decrypt_data
(krb5_context context, krb5_keyblock *key,
krb5_pointer ivec, krb5_enc_data *data,
krb5_data *enc_data);
#endif
#endif /* KRB5_OLD_CRYPTO */
/*
* end "encryption.h"
*/
/*
* begin "fieldbits.h"
*/
/* kdc_options for kdc_request */
/* options is 32 bits; each host is responsible to put the 4 bytes
representing these bits into net order before transmission */
/* #define KDC_OPT_RESERVED 0x80000000 */
#define KDC_OPT_FORWARDABLE 0x40000000
#define KDC_OPT_FORWARDED 0x20000000
#define KDC_OPT_PROXIABLE 0x10000000
#define KDC_OPT_PROXY 0x08000000
#define KDC_OPT_ALLOW_POSTDATE 0x04000000
#define KDC_OPT_POSTDATED 0x02000000
/* #define KDC_OPT_UNUSED 0x01000000 */
#define KDC_OPT_RENEWABLE 0x00800000
/* #define KDC_OPT_UNUSED 0x00400000 */
/* #define KDC_OPT_RESERVED 0x00200000 */
/* #define KDC_OPT_RESERVED 0x00100000 */
/* #define KDC_OPT_RESERVED 0x00080000 */
/* #define KDC_OPT_RESERVED 0x00040000 */
#define KDC_OPT_REQUEST_ANONYMOUS 0x00020000
#define KDC_OPT_CANONICALIZE 0x00010000
/* #define KDC_OPT_RESERVED 0x00008000 */
/* #define KDC_OPT_RESERVED 0x00004000 */
/* #define KDC_OPT_RESERVED 0x00002000 */
/* #define KDC_OPT_RESERVED 0x00001000 */
/* #define KDC_OPT_RESERVED 0x00000800 */
/* #define KDC_OPT_RESERVED 0x00000400 */
/* #define KDC_OPT_RESERVED 0x00000200 */
/* #define KDC_OPT_RESERVED 0x00000100 */
/* #define KDC_OPT_RESERVED 0x00000080 */
/* #define KDC_OPT_RESERVED 0x00000040 */
#define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020
#define KDC_OPT_RENEWABLE_OK 0x00000010
#define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008
/* #define KDC_OPT_UNUSED 0x00000004 */
#define KDC_OPT_RENEW 0x00000002
#define KDC_OPT_VALIDATE 0x00000001
/*
* Mask of ticket flags in the TGT which should be converted into KDC
* options when using the TGT to get derivitive tickets.
*
* New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE |
* KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE
*/
#define KDC_TKT_COMMON_MASK 0x54800000
/* definitions for ap_options fields */
/* ap_options are 32 bits; each host is responsible to put the 4 bytes
representing these bits into net order before transmission */
#define AP_OPTS_RESERVED 0x80000000
#define AP_OPTS_USE_SESSION_KEY 0x40000000
#define AP_OPTS_MUTUAL_REQUIRED 0x20000000
/* #define AP_OPTS_RESERVED 0x10000000 */
/* #define AP_OPTS_RESERVED 0x08000000 */
/* #define AP_OPTS_RESERVED 0x04000000 */
/* #define AP_OPTS_RESERVED 0x02000000 */
/* #define AP_OPTS_RESERVED 0x01000000 */
/* #define AP_OPTS_RESERVED 0x00800000 */
/* #define AP_OPTS_RESERVED 0x00400000 */
/* #define AP_OPTS_RESERVED 0x00200000 */
/* #define AP_OPTS_RESERVED 0x00100000 */
/* #define AP_OPTS_RESERVED 0x00080000 */
/* #define AP_OPTS_RESERVED 0x00040000 */
/* #define AP_OPTS_RESERVED 0x00020000 */
/* #define AP_OPTS_RESERVED 0x00010000 */
/* #define AP_OPTS_RESERVED 0x00008000 */
/* #define AP_OPTS_RESERVED 0x00004000 */
/* #define AP_OPTS_RESERVED 0x00002000 */
/* #define AP_OPTS_RESERVED 0x00001000 */
/* #define AP_OPTS_RESERVED 0x00000800 */
/* #define AP_OPTS_RESERVED 0x00000400 */
/* #define AP_OPTS_RESERVED 0x00000200 */
/* #define AP_OPTS_RESERVED 0x00000100 */
/* #define AP_OPTS_RESERVED 0x00000080 */
/* #define AP_OPTS_RESERVED 0x00000040 */
/* #define AP_OPTS_RESERVED 0x00000020 */
/* #define AP_OPTS_RESERVED 0x00000010 */
/* #define AP_OPTS_RESERVED 0x00000008 */
/* #define AP_OPTS_RESERVED 0x00000004 */
/* #define AP_OPTS_RESERVED 0x00000002 */
#define AP_OPTS_USE_SUBKEY 0x00000001
#define AP_OPTS_WIRE_MASK 0xfffffff0
/* definitions for ad_type fields. */
#define AD_TYPE_RESERVED 0x8000
#define AD_TYPE_EXTERNAL 0x4000
#define AD_TYPE_REGISTERED 0x2000
#define AD_TYPE_FIELD_TYPE_MASK 0x1fff
/* Ticket flags */
/* flags are 32 bits; each host is responsible to put the 4 bytes
representing these bits into net order before transmission */
/* #define TKT_FLG_RESERVED 0x80000000 */
#define TKT_FLG_FORWARDABLE 0x40000000
#define TKT_FLG_FORWARDED 0x20000000
#define TKT_FLG_PROXIABLE 0x10000000
#define TKT_FLG_PROXY 0x08000000
#define TKT_FLG_MAY_POSTDATE 0x04000000
#define TKT_FLG_POSTDATED 0x02000000
#define TKT_FLG_INVALID 0x01000000
#define TKT_FLG_RENEWABLE 0x00800000
#define TKT_FLG_INITIAL 0x00400000
#define TKT_FLG_PRE_AUTH 0x00200000
#define TKT_FLG_HW_AUTH 0x00100000
#define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000
#define TKT_FLG_OK_AS_DELEGATE 0x00040000
#define TKT_FLG_ANONYMOUS 0x00020000
/* #define TKT_FLG_RESERVED 0x00010000 */
/* #define TKT_FLG_RESERVED 0x00008000 */
/* #define TKT_FLG_RESERVED 0x00004000 */
/* #define TKT_FLG_RESERVED 0x00002000 */
/* #define TKT_FLG_RESERVED 0x00001000 */
/* #define TKT_FLG_RESERVED 0x00000800 */
/* #define TKT_FLG_RESERVED 0x00000400 */
/* #define TKT_FLG_RESERVED 0x00000200 */
/* #define TKT_FLG_RESERVED 0x00000100 */
/* #define TKT_FLG_RESERVED 0x00000080 */
/* #define TKT_FLG_RESERVED 0x00000040 */
/* #define TKT_FLG_RESERVED 0x00000020 */
/* #define TKT_FLG_RESERVED 0x00000010 */
/* #define TKT_FLG_RESERVED 0x00000008 */
/* #define TKT_FLG_RESERVED 0x00000004 */
/* #define TKT_FLG_RESERVED 0x00000002 */
/* #define TKT_FLG_RESERVED 0x00000001 */
/* definitions for lr_type fields. */
#define LR_TYPE_THIS_SERVER_ONLY 0x8000
#define LR_TYPE_INTERPRETATION_MASK 0x7fff
/* definitions for ad_type fields. */
#define AD_TYPE_EXTERNAL 0x4000
#define AD_TYPE_REGISTERED 0x2000
#define AD_TYPE_FIELD_TYPE_MASK 0x1fff
#define AD_TYPE_INTERNAL_MASK 0x3fff
/* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */
#define MSEC_DIRBIT 0x8000
#define MSEC_VAL_MASK 0x7fff
/*
* end "fieldbits.h"
*/
/*
* begin "proto.h"
*/
/* Protocol version number */
#define KRB5_PVNO 5
/* Message types */
#define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */
#define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */
#define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */
#define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */
#define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */
#define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */
#define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */
#define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */
#define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */
#define KRB5_ERROR ((krb5_msgtype)30) /* Error response */
/* LastReq types */
#define KRB5_LRQ_NONE 0
#define KRB5_LRQ_ALL_LAST_TGT 1
#define KRB5_LRQ_ONE_LAST_TGT (-1)
#define KRB5_LRQ_ALL_LAST_INITIAL 2
#define KRB5_LRQ_ONE_LAST_INITIAL (-2)
#define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3
#define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3)
#define KRB5_LRQ_ALL_LAST_RENEWAL 4
#define KRB5_LRQ_ONE_LAST_RENEWAL (-4)
#define KRB5_LRQ_ALL_LAST_REQ 5
#define KRB5_LRQ_ONE_LAST_REQ (-5)
#define KRB5_LRQ_ALL_PW_EXPTIME 6
#define KRB5_LRQ_ONE_PW_EXPTIME (-6)
/* PADATA types */
#define KRB5_PADATA_NONE 0
#define KRB5_PADATA_AP_REQ 1
#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ
#define KRB5_PADATA_ENC_TIMESTAMP 2
#define KRB5_PADATA_PW_SALT 3
#if 0 /* Not used */
#define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */
#endif
#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */
#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */
#define KRB5_PADATA_SESAME 7 /* Sesame project */
#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */
#define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */
#define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */
#define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */
#define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */
#define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */
#define KRB5_PADATA_PK_AS_REQ_OLD 14 /* PKINIT */
#define KRB5_PADATA_PK_AS_REP_OLD 15 /* PKINIT */
#define KRB5_PADATA_PK_AS_REQ 16 /* PKINIT */
#define KRB5_PADATA_PK_AS_REP 17 /* PKINIT */
#define KRB5_PADATA_ETYPE_INFO2 19
#define KRB5_PADATA_REFERRAL 25 /* draft referral system */
#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */
#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */
#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000
#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000
#define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */
/* Reserved for SPX pre-authentication. */
#define KRB5_PADATA_DASS 16
/* Transited encoding types */
#define KRB5_DOMAIN_X500_COMPRESS 1
/* alternate authentication types */
#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64
/* authorization data types */
#define KRB5_AUTHDATA_IF_RELEVANT 1
#define KRB5_AUTHDATA_KDC_ISSUED 4
#define KRB5_AUTHDATA_AND_OR 5
#define KRB5_AUTHDATA_MANDATORY_FOR_KDC 8
#define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS 9
#define KRB5_AUTHDATA_OSF_DCE 64
#define KRB5_AUTHDATA_SESAME 65
#define KRB5_AUTHDATA_WIN2K_PAC 128
#define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */
#define KRB5_AUTHDATA_FX_ARMOR 71
/* password change constants */
#define KRB5_KPASSWD_SUCCESS 0
#define KRB5_KPASSWD_MALFORMED 1
#define KRB5_KPASSWD_HARDERROR 2
#define KRB5_KPASSWD_AUTHERROR 3
#define KRB5_KPASSWD_SOFTERROR 4
/* These are Microsoft's extensions in RFC 3244, and it looks like
they'll become standardized, possibly with other additions. */
#define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */
#define KRB5_KPASSWD_BAD_VERSION 6
#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */
/*
* end "proto.h"
*/
/* Time set */
typedef struct _krb5_ticket_times {
krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
in ticket? otherwise client can't get this */
krb5_timestamp starttime; /* optional in ticket, if not present,
use authtime */
krb5_timestamp endtime;
krb5_timestamp renew_till;
} krb5_ticket_times;
/* structure for auth data */
typedef struct _krb5_authdata {
krb5_magic magic;
krb5_authdatatype ad_type;
unsigned int length;
krb5_octet *contents;
} krb5_authdata;
/* structure for transited encoding */
typedef struct _krb5_transited {
krb5_magic magic;
krb5_octet tr_type;
krb5_data tr_contents;
} krb5_transited;
typedef struct _krb5_enc_tkt_part {
krb5_magic magic;
/* to-be-encrypted portion */
krb5_flags flags; /* flags */
krb5_keyblock *session; /* session key: includes enctype */
krb5_principal client; /* client name/realm */
krb5_transited transited; /* list of transited realms */
krb5_ticket_times times; /* auth, start, end, renew_till */
krb5_address **caddrs; /* array of ptrs to addresses */
krb5_authdata **authorization_data; /* auth data */
} krb5_enc_tkt_part;
typedef struct _krb5_ticket {
krb5_magic magic;
/* cleartext portion */
krb5_principal server; /* server name/realm */
krb5_enc_data enc_part; /* encryption type, kvno, encrypted
encoding */
krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if
available */
} krb5_ticket;
/* the unencrypted version */
typedef struct _krb5_authenticator {
krb5_magic magic;
krb5_principal client; /* client name/realm */
krb5_checksum *checksum; /* checksum, includes type, optional */
krb5_int32 cusec; /* client usec portion */
krb5_timestamp ctime; /* client sec portion */
krb5_keyblock *subkey; /* true session key, optional */
krb5_ui_4 seq_number; /* sequence #, optional */
krb5_authdata **authorization_data; /* New add by Ari, auth data */
} krb5_authenticator;
typedef struct _krb5_tkt_authent {
krb5_magic magic;
krb5_ticket *ticket;
krb5_authenticator *authenticator;
krb5_flags ap_options;
} krb5_tkt_authent;
/* credentials: Ticket, session key, etc. */
typedef struct _krb5_creds {
krb5_magic magic;
krb5_principal client; /* client's principal identifier */
krb5_principal server; /* server's principal identifier */
krb5_keyblock keyblock; /* session encryption key info */
krb5_ticket_times times; /* lifetime info */
krb5_boolean is_skey; /* true if ticket is encrypted in
another ticket's skey */
krb5_flags ticket_flags; /* flags in ticket */
krb5_address * *addresses; /* addrs in ticket */
krb5_data ticket; /* ticket string itself */
krb5_data second_ticket; /* second ticket, if related to
ticket (via DUPLICATE-SKEY or
ENC-TKT-IN-SKEY) */
krb5_authdata **authdata; /* authorization data */
} krb5_creds;
/* Last request fields */
typedef struct _krb5_last_req_entry {
krb5_magic magic;
krb5_int32 lr_type;
krb5_timestamp value;
} krb5_last_req_entry;
/* pre-authentication data */
typedef struct _krb5_pa_data {
krb5_magic magic;
krb5_preauthtype pa_type;
unsigned int length;
krb5_octet *contents;
} krb5_pa_data;
typedef struct _krb5_kdc_req {
krb5_magic magic;
krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */
krb5_pa_data **padata; /* e.g. encoded AP_REQ */
/* real body */
krb5_flags kdc_options; /* requested options */
krb5_principal client; /* includes realm; optional */
krb5_principal server; /* includes realm (only used if no
client) */
krb5_timestamp from; /* requested starttime */
krb5_timestamp till; /* requested endtime */
krb5_timestamp rtime; /* (optional) requested renew_till */
krb5_int32 nonce; /* nonce to match request/response */
int nktypes; /* # of ktypes, must be positive */
krb5_enctype *ktype; /* requested enctype(s) */
krb5_address **addresses; /* requested addresses, optional */
krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */
krb5_authdata **unenc_authdata; /* unencrypted auth data,
if available */
krb5_ticket **second_ticket;/* second ticket array; OPTIONAL */
} krb5_kdc_req;
typedef struct _krb5_enc_kdc_rep_part {
krb5_magic magic;
/* encrypted part: */
krb5_msgtype msg_type; /* krb5 message type */
krb5_keyblock *session; /* session key */
krb5_last_req_entry **last_req; /* array of ptrs to entries */
krb5_int32 nonce; /* nonce from request */
krb5_timestamp key_exp; /* expiration date */
krb5_flags flags; /* ticket flags */
krb5_ticket_times times; /* lifetime info */
krb5_principal server; /* server's principal identifier */
krb5_address **caddrs; /* array of ptrs to addresses,
optional */
krb5_pa_data **enc_padata; /* Windows 2000 compat */
} krb5_enc_kdc_rep_part;
typedef struct _krb5_kdc_rep {
krb5_magic magic;
/* cleartext part: */
krb5_msgtype msg_type; /* AS_REP or KDC_REP? */
krb5_pa_data **padata; /* preauthentication data from KDC */
krb5_principal client; /* client's principal identifier */
krb5_ticket *ticket; /* ticket */
krb5_enc_data enc_part; /* encryption type, kvno, encrypted
encoding */
krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */
} krb5_kdc_rep;
/* error message structure */
typedef struct _krb5_error {
krb5_magic magic;
/* some of these may be meaningless in certain contexts */
krb5_timestamp ctime; /* client sec portion; optional */
krb5_int32 cusec; /* client usec portion; optional */
krb5_int32 susec; /* server usec portion */
krb5_timestamp stime; /* server sec portion */
krb5_ui_4 error; /* error code (protocol error #'s) */
krb5_principal client; /* client's principal identifier;
optional */
krb5_principal server; /* server's principal identifier */
krb5_data text; /* descriptive text */
krb5_data e_data; /* additional error-describing data */
} krb5_error;
typedef struct _krb5_ap_req {
krb5_magic magic;
krb5_flags ap_options; /* requested options */
krb5_ticket *ticket; /* ticket */
krb5_enc_data authenticator; /* authenticator (already encrypted) */
} krb5_ap_req;
typedef struct _krb5_ap_rep {
krb5_magic magic;
krb5_enc_data enc_part;
} krb5_ap_rep;
typedef struct _krb5_ap_rep_enc_part {
krb5_magic magic;
krb5_timestamp ctime; /* client time, seconds portion */
krb5_int32 cusec; /* client time, microseconds portion */
krb5_keyblock *subkey; /* true session key, optional */
krb5_ui_4 seq_number; /* sequence #, optional */
} krb5_ap_rep_enc_part;
typedef struct _krb5_response {
krb5_magic magic;
krb5_octet message_type;
krb5_data response;
krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */
krb5_timestamp request_time; /* When we made the request */
} krb5_response;
typedef struct _krb5_cred_info {
krb5_magic magic;
krb5_keyblock *session; /* session key used to encrypt */
/* ticket */
krb5_principal client; /* client name/realm, optional */
krb5_principal server; /* server name/realm, optional */
krb5_flags flags; /* ticket flags, optional */
krb5_ticket_times times; /* auth, start, end, renew_till, */
/* optional */
krb5_address **caddrs; /* array of ptrs to addresses */
} krb5_cred_info;
typedef struct _krb5_cred_enc_part {
krb5_magic magic;
krb5_int32 nonce; /* nonce, optional */
krb5_timestamp timestamp; /* client time */
krb5_int32 usec; /* microsecond portion of time */
krb5_address *s_address; /* sender address, optional */
krb5_address *r_address; /* recipient address, optional */
krb5_cred_info **ticket_info;
} krb5_cred_enc_part;
typedef struct _krb5_cred {
krb5_magic magic;
krb5_ticket **tickets; /* tickets */
krb5_enc_data enc_part; /* encrypted part */
krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/
} krb5_cred;
/* Sandia password generation structures */
typedef struct _passwd_phrase_element {
krb5_magic magic;
krb5_data *passwd;
krb5_data *phrase;
} passwd_phrase_element;
typedef struct _krb5_pwd_data {
krb5_magic magic;
int sequence_count;
passwd_phrase_element **element;
} krb5_pwd_data;
/* these need to be here so the typedefs are available for the prototypes */
typedef struct _krb5_pa_svr_referral_data {
/* Referred name, only realm is required */
krb5_principal principal;
} krb5_pa_svr_referral_data;
typedef struct _krb5_pa_server_referral_data {
krb5_data *referred_realm;
krb5_principal true_principal_name;
krb5_principal requested_principal_name;
krb5_timestamp referral_valid_until;
krb5_checksum rep_cksum;
} krb5_pa_server_referral_data;
typedef struct _krb5_pa_pac_req {
/* TRUE if a PAC should be included in TGS-REP */
krb5_boolean include_pac;
} krb5_pa_pac_req;
/*
* begin "safepriv.h"
*/
#define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001
#define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002
#define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004
#define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008
#define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010
#define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020
typedef struct krb5_replay_data {
krb5_timestamp timestamp;
krb5_int32 usec;
krb5_int32 seq;
} krb5_replay_data;
/* flags for krb5_auth_con_genaddrs() */
#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001
#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002
#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004
#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008
/* type of function used as a callback to generate checksum data for
* mk_req */
typedef krb5_error_code
(KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *,
krb5_data **);
/*
* end "safepriv.h"
*/
/*
* begin "ccache.h"
*/
typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */
struct _krb5_ccache;
typedef struct _krb5_ccache *krb5_ccache;
struct _krb5_cc_ops;
typedef struct _krb5_cc_ops krb5_cc_ops;
/* for retrieve_cred */
#define KRB5_TC_MATCH_TIMES 0x00000001
#define KRB5_TC_MATCH_IS_SKEY 0x00000002
#define KRB5_TC_MATCH_FLAGS 0x00000004
#define KRB5_TC_MATCH_TIMES_EXACT 0x00000008
#define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010
#define KRB5_TC_MATCH_AUTHDATA 0x00000020
#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040
#define KRB5_TC_MATCH_2ND_TKT 0x00000080
#define KRB5_TC_MATCH_KTYPE 0x00000100
#define KRB5_TC_SUPPORTED_KTYPES 0x00000200
/* for set_flags and other functions */
#define KRB5_TC_OPENCLOSE 0x00000001
#define KRB5_TC_NOTICKET 0x00000002
krb5_error_code KRB5_CALLCONV
krb5_cc_gen_new (krb5_context context, krb5_ccache *cache);
krb5_error_code KRB5_CALLCONV
krb5_cc_initialize(krb5_context context, krb5_ccache cache,
krb5_principal principal);
krb5_error_code KRB5_CALLCONV
krb5_cc_destroy (krb5_context context, krb5_ccache cache);
krb5_error_code KRB5_CALLCONV
krb5_cc_close (krb5_context context, krb5_ccache cache);
krb5_error_code KRB5_CALLCONV
krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
krb5_creds *creds);
krb5_error_code KRB5_CALLCONV
krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache,
krb5_flags flags, krb5_creds *mcreds,
krb5_creds *creds);
krb5_error_code KRB5_CALLCONV
krb5_cc_get_principal (krb5_context context, krb5_ccache cache,
krb5_principal *principal);
krb5_error_code KRB5_CALLCONV
krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache,
krb5_cc_cursor *cursor);
krb5_error_code KRB5_CALLCONV
krb5_cc_next_cred (krb5_context context, krb5_ccache cache,
krb5_cc_cursor *cursor, krb5_creds *creds);
krb5_error_code KRB5_CALLCONV
krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache,
krb5_cc_cursor *cursor);
krb5_error_code KRB5_CALLCONV
krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags,
krb5_creds *creds);
krb5_error_code KRB5_CALLCONV
krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags);
krb5_error_code KRB5_CALLCONV
krb5_cc_get_flags (krb5_context context, krb5_ccache cache, krb5_flags *flags);
const char * KRB5_CALLCONV
krb5_cc_get_type (krb5_context context, krb5_ccache cache);
/* SUNW14resync - add_cred.c needs this func */
const char * KRB5_CALLCONV
krb5_cc_get_name (krb5_context context, krb5_ccache cache);
krb5_error_code KRB5_CALLCONV
krb5_cc_new_unique(
krb5_context context,
const char *type,
const char *hint,
krb5_ccache *id);
/*
* end "ccache.h"
*/
/*
* begin "rcache.h"
*/
struct krb5_rc_st;
typedef struct krb5_rc_st *krb5_rcache;
/*
* end "rcache.h"
*/
/*
* begin "keytab.h"
*/
/* XXX */
#define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */
typedef krb5_pointer krb5_kt_cursor; /* XXX */
typedef struct krb5_keytab_entry_st {
krb5_magic magic;
krb5_principal principal; /* principal of this key */
krb5_timestamp timestamp; /* time entry written to keytable */
krb5_kvno vno; /* key version number */
krb5_keyblock key; /* the secret key */
} krb5_keytab_entry;
#if KRB5_PRIVATE
struct _krb5_kt_ops;
typedef struct _krb5_kt { /* should move into k5-int.h */
krb5_magic magic;
const struct _krb5_kt_ops *ops;
krb5_pointer data;
} *krb5_keytab;
#else
struct _krb5_kt;
typedef struct _krb5_kt *krb5_keytab;
#endif
char * KRB5_CALLCONV
krb5_kt_get_type (krb5_context, krb5_keytab keytab);
krb5_error_code KRB5_CALLCONV
krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name,
unsigned int namelen);
krb5_error_code KRB5_CALLCONV
krb5_kt_close(krb5_context context, krb5_keytab keytab);
krb5_error_code KRB5_CALLCONV
krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
krb5_const_principal principal, krb5_kvno vno,
krb5_enctype enctype, krb5_keytab_entry *entry);
krb5_error_code KRB5_CALLCONV
krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
krb5_kt_cursor *cursor);
krb5_error_code KRB5_CALLCONV
krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
krb5_keytab_entry *entry, krb5_kt_cursor *cursor);
krb5_error_code KRB5_CALLCONV
krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
krb5_kt_cursor *cursor);
/* Solaris Kerberos */
krb5_error_code
krb5_kt_find_realm(krb5_context context, krb5_keytab keytab,
krb5_principal princ, krb5_data *realm);
/*
* end "keytab.h"
*/
/*
* begin "func-proto.h"
*/
/* Solaris Kerberos */
krb5_error_code krb5_init_ef_handle(krb5_context);
krb5_error_code krb5_free_ef_handle(krb5_context);
krb5_boolean krb5_privacy_allowed(void);
/*
* Solaris Kerberos:
* krb5_copy_keyblock_data is a new routine to hide the details
* of a keyblock copy operation.
*/
krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_data
(krb5_context,
const krb5_keyblock *,
krb5_keyblock *);
krb5_error_code KRB5_CALLCONV krb5_init_context
(krb5_context *);
krb5_error_code KRB5_CALLCONV krb5_init_secure_context
(krb5_context *);
void KRB5_CALLCONV krb5_free_context
(krb5_context);
#if KRB5_PRIVATE
krb5_error_code krb5_set_default_in_tkt_ktypes
(krb5_context,
const krb5_enctype *);
krb5_error_code krb5_get_default_in_tkt_ktypes
(krb5_context,
krb5_enctype **);
krb5_error_code krb5_set_default_tgs_ktypes
(krb5_context,
const krb5_enctype *);
#endif
krb5_error_code KRB5_CALLCONV
krb5_set_default_tgs_enctypes
(krb5_context,
const krb5_enctype *);
#if KRB5_PRIVATE
krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes
(krb5_context,
krb5_const_principal,
krb5_enctype **);
#endif
krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes
(krb5_context, krb5_enctype **);
#if KRB5_PRIVATE
void KRB5_CALLCONV krb5_free_ktypes
(krb5_context, krb5_enctype *);
krb5_boolean krb5_is_permitted_enctype
(krb5_context, krb5_enctype);
#endif
krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void);
/* libkrb.spec */
#if KRB5_PRIVATE
krb5_error_code krb5_kdc_rep_decrypt_proc
(krb5_context,
const krb5_keyblock *,
krb5_const_pointer,
krb5_kdc_rep * );
krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part
(krb5_context,
const krb5_keyblock *,
krb5_ticket * );
krb5_error_code krb5_get_cred_from_kdc
(krb5_context,
krb5_ccache, /* not const, as reading may save
state */
krb5_creds *,
krb5_creds **,
krb5_creds *** );
krb5_error_code krb5_get_cred_from_kdc_validate
(krb5_context,
krb5_ccache, /* not const, as reading may save
state */
krb5_creds *,
krb5_creds **,
krb5_creds *** );
krb5_error_code krb5_get_cred_from_kdc_renew
(krb5_context,
krb5_ccache, /* not const, as reading may save
state */
krb5_creds *,
krb5_creds **,
krb5_creds *** );
#endif
void KRB5_CALLCONV krb5_free_tgt_creds
(krb5_context,
krb5_creds **); /* XXX too hard to do with const */
#define KRB5_GC_USER_USER 1 /* want user-user ticket */
#define KRB5_GC_CACHED 2 /* want cached ticket only */
krb5_error_code KRB5_CALLCONV krb5_get_credentials
(krb5_context,
krb5_flags,
krb5_ccache,
krb5_creds *,
krb5_creds **);
krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate
(krb5_context,
krb5_flags,
krb5_ccache,
krb5_creds *,
krb5_creds **);
krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew
(krb5_context,
krb5_flags,
krb5_ccache,
krb5_creds *,
krb5_creds **);
#if KRB5_PRIVATE
krb5_error_code krb5_get_cred_via_tkt
(krb5_context,
krb5_creds *,
krb5_flags,
krb5_address * const *,
krb5_creds *,
krb5_creds **);
#endif
krb5_error_code KRB5_CALLCONV krb5_mk_req
(krb5_context,
krb5_auth_context *,
krb5_flags,
char *,
char *,
krb5_data *,
krb5_ccache,
krb5_data * );
krb5_error_code KRB5_CALLCONV krb5_mk_req_extended
(krb5_context,
krb5_auth_context *,
krb5_flags,
krb5_data *,
krb5_creds *,
krb5_data * );
krb5_error_code KRB5_CALLCONV krb5_mk_rep
(krb5_context,
krb5_auth_context,
krb5_data *);
krb5_error_code KRB5_CALLCONV krb5_rd_rep
(krb5_context,
krb5_auth_context,
const krb5_data *,
krb5_ap_rep_enc_part **);
krb5_error_code KRB5_CALLCONV krb5_mk_error
(krb5_context,
const krb5_error *,
krb5_data * );
krb5_error_code KRB5_CALLCONV krb5_rd_error
(krb5_context,
const krb5_data *,
krb5_error ** );
krb5_error_code KRB5_CALLCONV krb5_rd_safe
(krb5_context,
krb5_auth_context,
const krb5_data *,
krb5_data *,
krb5_replay_data *);
krb5_error_code KRB5_CALLCONV krb5_rd_priv
(krb5_context,
krb5_auth_context,
const krb5_data *,
krb5_data *,
krb5_replay_data *);
krb5_error_code KRB5_CALLCONV krb5_parse_name
(krb5_context,
const char *,
krb5_principal * );
#define KRB5_PRINCIPAL_PARSE_NO_REALM 0x1
#define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM 0x2
#define KRB5_PRINCIPAL_PARSE_ENTERPRISE 0x4
krb5_error_code KRB5_CALLCONV krb5_parse_name_flags
(krb5_context,
const char *,
int,
krb5_principal * );
krb5_error_code KRB5_CALLCONV krb5_unparse_name
(krb5_context,
krb5_const_principal,
char ** );
krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext
(krb5_context,
krb5_const_principal,
char **,
unsigned int *);
#define KRB5_PRINCIPAL_UNPARSE_SHORT 0x1
#define KRB5_PRINCIPAL_UNPARSE_NO_REALM 0x2
#define KRB5_PRINCIPAL_UNPARSE_DISPLAY 0x4
krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags
(krb5_context,
krb5_const_principal,
int,
char **);
krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags_ext
(krb5_context,
krb5_const_principal,
int,
char **,
unsigned int *);
krb5_error_code KRB5_CALLCONV krb5_set_principal_realm
(krb5_context, krb5_principal, const char *);
krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search
(krb5_context,
const krb5_address *,
krb5_address * const *);
krb5_boolean KRB5_CALLCONV krb5_address_compare
(krb5_context,
const krb5_address *,
const krb5_address *);
int KRB5_CALLCONV krb5_address_order
(krb5_context,
const krb5_address *,
const krb5_address *);
krb5_boolean KRB5_CALLCONV krb5_realm_compare
(krb5_context,
krb5_const_principal,
krb5_const_principal);
krb5_boolean KRB5_CALLCONV krb5_principal_compare
(krb5_context,
krb5_const_principal,
krb5_const_principal);
krb5_error_code KRB5_CALLCONV krb5_init_keyblock
(krb5_context, krb5_enctype enctype,
size_t length, krb5_keyblock **out);
/* Initialize a new keyblock and allocate storage
* for the contents of the key, which will be freed along
* with the keyblock when krb5_free_keyblock is called.
* It is legal to pass in a length of 0, in which
* case contents are left unallocated.
*/
/*
* Solaris Kerberos
* Start - keyblock API (MIT will ship this also in a future release)
*/
/*
* Similiar to krb5_init_keyblock but this routine expects the
* keyblock to already be allocated.
*/
krb5_error_code KRB5_CALLCONV krb5_init_allocated_keyblock
(krb5_context,
krb5_enctype,
unsigned int,
krb5_keyblock *);
krb5_enctype KRB5_CALLCONV krb5_get_key_enctype
(krb5_keyblock *);
unsigned int KRB5_CALLCONV krb5_get_key_length
(krb5_keyblock *);
krb5_octet KRB5_CALLCONV *krb5_get_key_data
(krb5_keyblock *);
void KRB5_CALLCONV krb5_set_key_enctype
(krb5_keyblock *,
krb5_enctype);
void KRB5_CALLCONV krb5_set_key_data
(krb5_keyblock *,
krb5_octet *);
void KRB5_CALLCONV krb5_set_key_length
(krb5_keyblock *,
unsigned int);
/*
* Solaris Kerberos
* End - keyblock API
*/
krb5_error_code KRB5_CALLCONV krb5_copy_keyblock
(krb5_context,
const krb5_keyblock *,
krb5_keyblock **);
krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents
(krb5_context,
const krb5_keyblock *,
krb5_keyblock *);
krb5_error_code KRB5_CALLCONV krb5_copy_creds
(krb5_context,
const krb5_creds *,
krb5_creds **);
krb5_error_code KRB5_CALLCONV krb5_copy_data
(krb5_context,
const krb5_data *,
krb5_data **);
krb5_error_code KRB5_CALLCONV krb5_copy_principal
(krb5_context,
krb5_const_principal,
krb5_principal *);
#if KRB5_PRIVATE
krb5_error_code KRB5_CALLCONV krb5_copy_addr
(krb5_context,
const krb5_address *,
krb5_address **);
#endif
krb5_error_code KRB5_CALLCONV krb5_copy_addresses
(krb5_context,
krb5_address * const *,
krb5_address ***);
krb5_error_code KRB5_CALLCONV krb5_copy_ticket
(krb5_context,
const krb5_ticket *,
krb5_ticket **);
krb5_error_code KRB5_CALLCONV krb5_copy_authdata
(krb5_context,
krb5_authdata * const *,
krb5_authdata ***);
krb5_error_code KRB5_CALLCONV krb5_merge_authdata
(krb5_context,
krb5_authdata * const *,
krb5_authdata *const *,
krb5_authdata ***);
/* Merge two authdata arrays, such as the array from a ticket
* and authenticator */
krb5_error_code KRB5_CALLCONV krb5_copy_authenticator
(krb5_context,
const krb5_authenticator *,
krb5_authenticator **);
krb5_error_code KRB5_CALLCONV krb5_copy_checksum
(krb5_context,
const krb5_checksum *,
krb5_checksum **);
#if KRB5_PRIVATE
void krb5_init_ets
(krb5_context);
void krb5_free_ets
(krb5_context);
krb5_error_code krb5_generate_subkey
(krb5_context,
const krb5_keyblock *, krb5_keyblock **);
krb5_error_code krb5_generate_seq_number
(krb5_context,
const krb5_keyblock *, krb5_ui_4 *);
#endif
krb5_error_code KRB5_CALLCONV krb5_get_server_rcache
(krb5_context,
const krb5_data *, krb5_rcache *);
krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext
(krb5_context, krb5_principal *, unsigned int, const char *, ...);
krb5_error_code KRB5_CALLCONV_C krb5_build_principal
(krb5_context, krb5_principal *, unsigned int, const char *, ...);
#ifdef va_start
/* XXX depending on varargs include file defining va_start... */
krb5_error_code KRB5_CALLCONV krb5_build_principal_va
(krb5_context,
krb5_principal, unsigned int, const char *, va_list);
#endif
krb5_error_code KRB5_CALLCONV krb5_425_conv_principal
(krb5_context,
const char *name,
const char *instance, const char *realm,
krb5_principal *princ);
krb5_error_code KRB5_CALLCONV krb5_524_conv_principal
(krb5_context context, krb5_const_principal princ,
char *name, char *inst, char *realm);
struct credentials;
int KRB5_CALLCONV krb5_524_convert_creds
(krb5_context context, krb5_creds *v5creds,
struct credentials *v4creds);
#if KRB5_DEPRECATED
#define krb524_convert_creds_kdc krb5_524_convert_creds
#define krb524_init_ets(x) (0)
#endif
/* libkt.spec */
#if KRB5_PRIVATE
krb5_error_code KRB5_CALLCONV krb5_kt_register
(krb5_context,
const struct _krb5_kt_ops * );
#endif
krb5_error_code KRB5_CALLCONV krb5_kt_resolve
(krb5_context,
const char *,
krb5_keytab * );
krb5_error_code KRB5_CALLCONV krb5_kt_default_name
(krb5_context,
char *,
int );
krb5_error_code KRB5_CALLCONV krb5_kt_default
(krb5_context,
krb5_keytab * );
krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents
(krb5_context,
krb5_keytab_entry * );
#if KRB5_PRIVATE
/* use krb5_free_keytab_entry_contents instead */
krb5_error_code KRB5_CALLCONV krb5_kt_free_entry
(krb5_context,
krb5_keytab_entry * );
#endif
/* remove and add are functions, so that they can return NOWRITE
if not a writable keytab */
krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry
(krb5_context,
krb5_keytab,
krb5_keytab_entry * );
krb5_error_code KRB5_CALLCONV krb5_kt_add_entry
(krb5_context,
krb5_keytab,
krb5_keytab_entry * );
krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt
(krb5_context,
krb5_const_principal, krb5_data *);
#if KRB5_PRIVATE
krb5_error_code krb5_principal2salt_norealm
(krb5_context,
krb5_const_principal, krb5_data *);
#endif
/* librc.spec--see rcache.h */
/* libcc.spec */
krb5_error_code KRB5_CALLCONV krb5_cc_resolve
(krb5_context,
const char *,
krb5_ccache * );
const char * KRB5_CALLCONV krb5_cc_default_name
(krb5_context);
krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name
(krb5_context, const char *);
krb5_error_code KRB5_CALLCONV krb5_cc_default
(krb5_context,
krb5_ccache *);
#if KRB5_PRIVATE
unsigned int KRB5_CALLCONV krb5_get_notification_message
(void);
#endif
krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds
(krb5_context context,
krb5_ccache incc,
krb5_ccache outcc);
/* chk_trans.c */
#if KRB5_PRIVATE
krb5_error_code krb5_check_transited_list
(krb5_context, const krb5_data *trans,
const krb5_data *realm1, const krb5_data *realm2);
#endif
/* free_rtree.c */
#if KRB5_PRIVATE
void krb5_free_realm_tree
(krb5_context,
krb5_principal *);
#endif
/* krb5_free.c */
void KRB5_CALLCONV krb5_free_principal
(krb5_context, krb5_principal );
void KRB5_CALLCONV krb5_free_authenticator
(krb5_context, krb5_authenticator * );
#if KRB5_PRIVATE
void KRB5_CALLCONV krb5_free_authenticator_contents
(krb5_context, krb5_authenticator * );
#endif
void KRB5_CALLCONV krb5_free_addresses
(krb5_context, krb5_address ** );
#if KRB5_PRIVATE
void KRB5_CALLCONV krb5_free_address
(krb5_context, krb5_address * );
#endif
void KRB5_CALLCONV krb5_free_authdata
(krb5_context, krb5_authdata ** );
#if KRB5_PRIVATE
void KRB5_CALLCONV krb5_free_enc_tkt_part
(krb5_context, krb5_enc_tkt_part * );
#endif
void KRB5_CALLCONV krb5_free_ticket
(krb5_context, krb5_ticket * );
#if KRB5_PRIVATE
void KRB5_CALLCONV krb5_free_tickets
(krb5_context, krb5_ticket ** );
void KRB5_CALLCONV krb5_free_kdc_req
(krb5_context, krb5_kdc_req * );
void KRB5_CALLCONV krb5_free_kdc_rep
(krb5_context, krb5_kdc_rep * );
void KRB5_CALLCONV krb5_free_last_req
(krb5_context, krb5_last_req_entry ** );
void KRB5_CALLCONV krb5_free_enc_kdc_rep_part
(krb5_context, krb5_enc_kdc_rep_part * );
#endif
void KRB5_CALLCONV krb5_free_error
(krb5_context, krb5_error * );
#if KRB5_PRIVATE
void KRB5_CALLCONV krb5_free_ap_req
(krb5_context, krb5_ap_req * );
void KRB5_CALLCONV krb5_free_ap_rep
(krb5_context, krb5_ap_rep * );
void KRB5_CALLCONV krb5_free_cred
(krb5_context, krb5_cred *);
#endif
void KRB5_CALLCONV krb5_free_creds
(krb5_context, krb5_creds *);
void KRB5_CALLCONV krb5_free_cred_contents
(krb5_context, krb5_creds *);
#if KRB5_PRIVATE
void KRB5_CALLCONV krb5_free_cred_enc_part
(krb5_context, krb5_cred_enc_part *);
#endif
void KRB5_CALLCONV krb5_free_checksum
(krb5_context, krb5_checksum *);
void KRB5_CALLCONV krb5_free_checksum_contents
(krb5_context, krb5_checksum *);
void KRB5_CALLCONV krb5_free_keyblock
(krb5_context, krb5_keyblock *);
void KRB5_CALLCONV krb5_free_keyblock_contents
(krb5_context, krb5_keyblock *);
#if KRB5_PRIVATE
void KRB5_CALLCONV krb5_free_pa_data
(krb5_context, krb5_pa_data **);
#endif
void KRB5_CALLCONV krb5_free_ap_rep_enc_part
(krb5_context, krb5_ap_rep_enc_part *);
#if KRB5_PRIVATE
void KRB5_CALLCONV krb5_free_tkt_authent
(krb5_context, krb5_tkt_authent *);
void KRB5_CALLCONV krb5_free_pwd_data
(krb5_context, krb5_pwd_data *);
void KRB5_CALLCONV krb5_free_pwd_sequences
(krb5_context, passwd_phrase_element **);
#endif
void KRB5_CALLCONV krb5_free_data
(krb5_context, krb5_data *);
void KRB5_CALLCONV krb5_free_data_contents
(krb5_context, krb5_data *);
void KRB5_CALLCONV krb5_free_unparsed_name
(krb5_context, char *);
void KRB5_CALLCONV krb5_free_cksumtypes
(krb5_context, krb5_cksumtype *);
/* From krb5/os but needed but by the outside world */
krb5_error_code KRB5_CALLCONV krb5_us_timeofday
(krb5_context,
krb5_int32 *,
krb5_int32 * );
krb5_error_code KRB5_CALLCONV krb5_timeofday
(krb5_context,
krb5_int32 * );
/* get all the addresses of this host */
krb5_error_code KRB5_CALLCONV krb5_os_localaddr
(krb5_context,
krb5_address ***);
krb5_error_code KRB5_CALLCONV krb5_get_default_realm
(krb5_context,
char ** );
krb5_error_code KRB5_CALLCONV krb5_set_default_realm
(krb5_context,
const char * );
void KRB5_CALLCONV krb5_free_default_realm
(krb5_context,
char * );
krb5_error_code KRB5_CALLCONV krb5_sname_to_principal
(krb5_context,
const char *,
const char *,
krb5_int32,
krb5_principal *);
krb5_error_code KRB5_CALLCONV
krb5_change_password
(krb5_context context, krb5_creds *creds, char *newpw,
int *result_code, krb5_data *result_code_string,
krb5_data *result_string);
krb5_error_code KRB5_CALLCONV
krb5_set_password
(krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for,
int *result_code, krb5_data *result_code_string, krb5_data *result_string);
krb5_error_code KRB5_CALLCONV
krb5_set_password_using_ccache
(krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for,
int *result_code, krb5_data *result_code_string, krb5_data *result_string);
#if KRB5_PRIVATE
krb5_error_code krb5_set_config_files
(krb5_context, const char **);
krb5_error_code KRB5_CALLCONV krb5_get_default_config_files
(char ***filenames);
void KRB5_CALLCONV krb5_free_config_files
(char **filenames);
#endif
krb5_error_code KRB5_CALLCONV
krb5_get_profile
(krb5_context, struct _profile_t * /* profile_t */ *);
#if KRB5_PRIVATE
krb5_error_code krb5_send_tgs
(krb5_context,
krb5_flags,
const krb5_ticket_times *,
const krb5_enctype *,
krb5_const_principal,
krb5_address * const *,
krb5_authdata * const *,
krb5_pa_data * const *,
const krb5_data *,
krb5_creds *,
krb5_response * );
krb5_error_code krb5_send_tgs2
(krb5_context,
krb5_flags,
const krb5_ticket_times *,
const krb5_enctype *,
krb5_const_principal,
krb5_address * const *,
krb5_authdata * const *,
krb5_pa_data * const *,
const krb5_data *,
krb5_creds *,
krb5_response * ,
char **);
#endif
#if KRB5_DEPRECATED
krb5_error_code KRB5_CALLCONV krb5_get_in_tkt
(krb5_context,
krb5_flags,
krb5_address * const *,
krb5_enctype *,
krb5_preauthtype *,
krb5_error_code ( * )(krb5_context,
krb5_enctype,
krb5_data *,
krb5_const_pointer,
krb5_keyblock **),
krb5_const_pointer,
krb5_error_code ( * )(krb5_context,
const krb5_keyblock *,
krb5_const_pointer,
krb5_kdc_rep * ),
krb5_const_pointer,
krb5_creds *,
krb5_ccache,
krb5_kdc_rep ** );
krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password
(krb5_context,
krb5_flags,
krb5_address * const *,
krb5_enctype *,
krb5_preauthtype *,
const char *,
krb5_ccache,
krb5_creds *,
krb5_kdc_rep ** );
krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey
(krb5_context,
krb5_flags,
krb5_address * const *,
krb5_enctype *,
krb5_preauthtype *,
const krb5_keyblock *,
krb5_ccache,
krb5_creds *,
krb5_kdc_rep ** );
krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab
(krb5_context,
krb5_flags,
krb5_address * const *,
krb5_enctype *,
krb5_preauthtype *,
krb5_keytab,
krb5_ccache,
krb5_creds *,
krb5_kdc_rep ** );
#endif /* KRB5_DEPRECATED */
#if KRB5_PRIVATE
krb5_error_code krb5_decode_kdc_rep
(krb5_context,
krb5_data *,
const krb5_keyblock *,
krb5_kdc_rep ** );
#endif
krb5_error_code KRB5_CALLCONV krb5_rd_req
(krb5_context,
krb5_auth_context *,
const krb5_data *,
krb5_const_principal,
krb5_keytab,
krb5_flags *,
krb5_ticket **);
#if KRB5_PRIVATE
krb5_error_code krb5_rd_req_decoded
(krb5_context,
krb5_auth_context *,
const krb5_ap_req *,
krb5_const_principal,
krb5_keytab,
krb5_flags *,
krb5_ticket **);
krb5_error_code krb5_rd_req_decoded_anyflag
(krb5_context,
krb5_auth_context *,
const krb5_ap_req *,
krb5_const_principal,
krb5_keytab,
krb5_flags *,
krb5_ticket **);
#endif
krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key
(krb5_context,
krb5_pointer,
krb5_principal,
krb5_kvno,
krb5_enctype,
krb5_keyblock **);
krb5_error_code KRB5_CALLCONV krb5_mk_safe
(krb5_context,
krb5_auth_context,
const krb5_data *,
krb5_data *,
krb5_replay_data *);
krb5_error_code KRB5_CALLCONV krb5_mk_priv
(krb5_context,
krb5_auth_context,
const krb5_data *,
krb5_data *,
krb5_replay_data *);
#if KRB5_PRIVATE
krb5_error_code KRB5_CALLCONV krb5_cc_register
(krb5_context,
krb5_cc_ops *,
krb5_boolean );
#endif
krb5_error_code KRB5_CALLCONV krb5_sendauth
(krb5_context,
krb5_auth_context *,
krb5_pointer,
char *,
krb5_principal,
krb5_principal,
krb5_flags,
krb5_data *,
krb5_creds *,
krb5_ccache,
krb5_error **,
krb5_ap_rep_enc_part **,
krb5_creds **);
krb5_error_code KRB5_CALLCONV krb5_recvauth
(krb5_context,
krb5_auth_context *,
krb5_pointer,
char *,
krb5_principal,
krb5_int32,
krb5_keytab,
krb5_ticket **);
krb5_error_code KRB5_CALLCONV krb5_recvauth_version
(krb5_context,
krb5_auth_context *,
krb5_pointer,
krb5_principal,
krb5_int32,
krb5_keytab,
krb5_ticket **,
krb5_data *);
#if KRB5_PRIVATE
krb5_error_code krb5_walk_realm_tree
(krb5_context,
const krb5_data *,
const krb5_data *,
krb5_principal **,
int);
#endif
krb5_error_code KRB5_CALLCONV krb5_mk_ncred
(krb5_context,
krb5_auth_context,
krb5_creds **,
krb5_data **,
krb5_replay_data *);
krb5_error_code KRB5_CALLCONV krb5_mk_1cred
(krb5_context,
krb5_auth_context,
krb5_creds *,
krb5_data **,
krb5_replay_data *);
krb5_error_code KRB5_CALLCONV krb5_rd_cred
(krb5_context,
krb5_auth_context,
krb5_data *,
krb5_creds ***,
krb5_replay_data *);
krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds
(krb5_context,
krb5_auth_context,
char *,
krb5_principal,
krb5_principal,
krb5_ccache,
int forwardable,
krb5_data *);
krb5_error_code KRB5_CALLCONV krb5_auth_con_init
(krb5_context,
krb5_auth_context *);
krb5_error_code KRB5_CALLCONV krb5_auth_con_free
(krb5_context,
krb5_auth_context);
krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags
(krb5_context,
krb5_auth_context,
krb5_int32);
krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags
(krb5_context,
krb5_auth_context,
krb5_int32 *);
krb5_error_code KRB5_CALLCONV
krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context,
krb5_mk_req_checksum_func, void *);
krb5_error_code KRB5_CALLCONV
krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context,
krb5_mk_req_checksum_func *, void **);
krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs
(krb5_context,
krb5_auth_context,
krb5_address *,
krb5_address *);
krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs
(krb5_context,
krb5_auth_context,
krb5_address **,
krb5_address **);
krb5_error_code KRB5_CALLCONV krb5_auth_con_setports
(krb5_context,
krb5_auth_context,
krb5_address *,
krb5_address *);
krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey
(krb5_context,
krb5_auth_context,
krb5_keyblock *);
krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey
(krb5_context,
krb5_auth_context,
krb5_keyblock **);
krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey(
krb5_context, krb5_auth_context, krb5_keyblock **);
krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey(
krb5_context, krb5_auth_context, krb5_keyblock **);
krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey(
krb5_context, krb5_auth_context, krb5_keyblock *);
krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey(
krb5_context, krb5_auth_context, krb5_keyblock *);
#if KRB5_DEPRECATED
krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey
(krb5_context,
krb5_auth_context,
krb5_keyblock **);
krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey
(krb5_context,
krb5_auth_context,
krb5_keyblock **);
#endif
#if KRB5_PRIVATE
krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype
(krb5_context,
krb5_auth_context,
krb5_cksumtype);
krb5_error_code krb5_auth_con_set_safe_cksumtype
(krb5_context,
krb5_auth_context,
krb5_cksumtype);
#endif
krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber
(krb5_context,
krb5_auth_context,
krb5_int32 *);
krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber
(krb5_context,
krb5_auth_context,
krb5_int32 *);
#if KRB5_DEPRECATED
krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector
(krb5_context,
krb5_auth_context);
#endif
#if KRB5_PRIVATE
krb5_error_code krb5_auth_con_setivector
(krb5_context,
krb5_auth_context,
krb5_pointer);
krb5_error_code krb5_auth_con_getivector
(krb5_context,
krb5_auth_context,
krb5_pointer *);
#endif
krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache
(krb5_context,
krb5_auth_context,
krb5_rcache);
krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache
(krb5_context,
krb5_auth_context,
krb5_rcache *);
#if KRB5_PRIVATE
krb5_error_code krb5_auth_con_setpermetypes
(krb5_context,
krb5_auth_context,
const krb5_enctype *);
krb5_error_code krb5_auth_con_getpermetypes
(krb5_context,
krb5_auth_context,
krb5_enctype **);
#endif
krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator
(krb5_context,
krb5_auth_context,
krb5_authenticator **);
#define KRB5_REALM_BRANCH_CHAR '.'
/*
* end "func-proto.h"
*/
/*
* begin stuff from libos.h
*/
#if KRB5_PRIVATE
krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *);
krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *);
int krb5_net_read (krb5_context, int , char *, int);
int krb5_net_write (krb5_context, int , const char *, int);
#endif
krb5_error_code KRB5_CALLCONV krb5_read_password
(krb5_context,
const char *,
const char *,
char *,
unsigned int * );
krb5_error_code KRB5_CALLCONV krb5_aname_to_localname
(krb5_context,
krb5_const_principal,
int,
char * );
krb5_error_code KRB5_CALLCONV krb5_get_host_realm
(krb5_context,
const char *,
char *** );
krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm
(krb5_context,
krb5_data *,
char *** );
krb5_error_code KRB5_CALLCONV krb5_free_host_realm
(krb5_context,
char * const * );
#if KRB5_PRIVATE
krb5_error_code KRB5_CALLCONV krb5_get_realm_domain
(krb5_context,
const char *,
char ** );
#endif
krb5_boolean KRB5_CALLCONV krb5_kuserok
(krb5_context,
krb5_principal, const char *);
krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs
(krb5_context,
krb5_auth_context,
int, int);
#if KRB5_PRIVATE
krb5_error_code krb5_gen_portaddr
(krb5_context,
const krb5_address *,
krb5_const_pointer,
krb5_address **);
krb5_error_code krb5_gen_replay_name
(krb5_context,
const krb5_address *,
const char *,
char **);
krb5_error_code krb5_make_fulladdr
(krb5_context,
krb5_address *,
krb5_address *,
krb5_address *);
#endif
krb5_error_code KRB5_CALLCONV krb5_set_real_time
(krb5_context, krb5_int32, krb5_int32);
#if KRB5_PRIVATE
krb5_error_code krb5_set_debugging_time
(krb5_context, krb5_int32, krb5_int32);
krb5_error_code krb5_use_natural_time
(krb5_context);
#endif
krb5_error_code KRB5_CALLCONV krb5_get_time_offsets
(krb5_context, krb5_int32 *, krb5_int32 *);
#if KRB5_PRIVATE
krb5_error_code krb5_set_time_offsets
(krb5_context, krb5_int32, krb5_int32);
#endif
/* str_conv.c */
krb5_error_code KRB5_CALLCONV krb5_string_to_enctype
(char *, krb5_enctype *);
krb5_error_code KRB5_CALLCONV krb5_string_to_salttype
(char *, krb5_int32 *);
krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype
(char *, krb5_cksumtype *);
krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp
(char *, krb5_timestamp *);
krb5_error_code KRB5_CALLCONV krb5_string_to_deltat
(char *, krb5_deltat *);
krb5_error_code KRB5_CALLCONV krb5_enctype_to_string
(krb5_enctype, char *, size_t);
/* Solaris Kerberos */
krb5_error_code KRB5_CALLCONV krb5_enctype_to_istring
(krb5_enctype, char *, size_t);
krb5_error_code KRB5_CALLCONV krb5_salttype_to_string
(krb5_int32, char *, size_t);
krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string
(krb5_cksumtype, char *, size_t);
krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string
(krb5_timestamp, char *, size_t);
krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring
(krb5_timestamp, char *, size_t, char *);
krb5_error_code KRB5_CALLCONV krb5_deltat_to_string
(krb5_deltat, char *, size_t);
/*
* end stuff from libos.h
*/
/*
* begin "k5-free.h"
*/
/* to keep lint happy */
#ifdef _KERNEL
#define krb5_xfree_wrap(val,n) kmem_free((char *)(val),n)
#else
#define krb5_xfree_wrap(val,n) free((char *)(val))
#define krb5_xfree(val) free((char *)(val))
#endif
/*
* end "k5-free.h"
*/
/* The name of the Kerberos ticket granting service... and its size */
#define KRB5_TGS_NAME "krbtgt"
#define KRB5_TGS_NAME_SIZE 6
/* flags for recvauth */
#define KRB5_RECVAUTH_SKIP_VERSION 0x0001
#define KRB5_RECVAUTH_BADAUTHVERS 0x0002
/* initial ticket api functions */
typedef struct _krb5_prompt {
char *prompt;
int hidden;
krb5_data *reply;
} krb5_prompt;
typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context,
void *data,
const char *name,
const char *banner,
int num_prompts,
krb5_prompt prompts[]);
krb5_error_code KRB5_CALLCONV
krb5_prompter_posix (krb5_context context,
void *data,
const char *name,
const char *banner,
int num_prompts,
krb5_prompt prompts[]);
typedef struct _krb5_get_init_creds_opt {
krb5_flags flags;
krb5_deltat tkt_life;
krb5_deltat renew_life;
int forwardable;
int proxiable;
krb5_enctype *etype_list;
int etype_list_length;
krb5_address **address_list;
krb5_preauthtype *preauth_list;
int preauth_list_length;
krb5_data *salt;
} krb5_get_init_creds_opt;
#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
#define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100
krb5_error_code KRB5_CALLCONV
krb5_get_init_creds_opt_alloc
(krb5_context context,
krb5_get_init_creds_opt **opt);
void KRB5_CALLCONV
krb5_get_init_creds_opt_free
(krb5_context context,
krb5_get_init_creds_opt *opt);
void KRB5_CALLCONV
krb5_get_init_creds_opt_init
(krb5_get_init_creds_opt *opt);
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_tkt_life
(krb5_get_init_creds_opt *opt,
krb5_deltat tkt_life);
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_renew_life
(krb5_get_init_creds_opt *opt,
krb5_deltat renew_life);
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_forwardable
(krb5_get_init_creds_opt *opt,
int forwardable);
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_proxiable
(krb5_get_init_creds_opt *opt,
int proxiable);
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_etype_list
(krb5_get_init_creds_opt *opt,
krb5_enctype *etype_list,
int etype_list_length);
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_address_list
(krb5_get_init_creds_opt *opt,
krb5_address **addresses);
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_preauth_list
(krb5_get_init_creds_opt *opt,
krb5_preauthtype *preauth_list,
int preauth_list_length);
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_salt
(krb5_get_init_creds_opt *opt,
krb5_data *salt);
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_change_password_prompt
(krb5_get_init_creds_opt *opt,
int prompt);
/* Generic preauth option attribute/value pairs */
typedef struct _krb5_gic_opt_pa_data {
char *attr;
char *value;
} krb5_gic_opt_pa_data;
/*
* This function allows the caller to supply options to preauth
* plugins. Preauth plugin modules are given a chance to look
* at each option at the time this function is called in ordre
* to check the validity of the option.
* The 'opt' pointer supplied to this function must have been
* obtained using krb5_get_init_creds_opt_alloc()
*/
krb5_error_code KRB5_CALLCONV
krb5_get_init_creds_opt_set_pa
(krb5_context context,
krb5_get_init_creds_opt *opt,
const char *attr,
const char *value);
krb5_error_code KRB5_CALLCONV
krb5_get_init_creds_password
(krb5_context context,
krb5_creds *creds,
krb5_principal client,
char *password,
krb5_prompter_fct prompter,
void *data,
krb5_deltat start_time,
char *in_tkt_service,
krb5_get_init_creds_opt *k5_gic_options);
krb5_error_code KRB5_CALLCONV
krb5_get_init_creds_keytab
(krb5_context context,
krb5_creds *creds,
krb5_principal client,
krb5_keytab arg_keytab,
krb5_deltat start_time,
char *in_tkt_service,
krb5_get_init_creds_opt *k5_gic_options);
typedef struct _krb5_verify_init_creds_opt {
krb5_flags flags;
int ap_req_nofail;
} krb5_verify_init_creds_opt;
#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
void KRB5_CALLCONV
krb5_verify_init_creds_opt_init
(krb5_verify_init_creds_opt *k5_vic_options);
void KRB5_CALLCONV
krb5_verify_init_creds_opt_set_ap_req_nofail
(krb5_verify_init_creds_opt *k5_vic_options,
int ap_req_nofail);
krb5_error_code KRB5_CALLCONV
krb5_verify_init_creds
(krb5_context context,
krb5_creds *creds,
krb5_principal ap_req_server,
krb5_keytab ap_req_keytab,
krb5_ccache *ccache,
krb5_verify_init_creds_opt *k5_vic_options);
krb5_error_code KRB5_CALLCONV
krb5_get_validated_creds
(krb5_context context,
krb5_creds *creds,
krb5_principal client,
krb5_ccache ccache,
char *in_tkt_service);
krb5_error_code KRB5_CALLCONV
krb5_get_renewed_creds
(krb5_context context,
krb5_creds *creds,
krb5_principal client,
krb5_ccache ccache,
char *in_tkt_service);
krb5_error_code KRB5_CALLCONV
krb5_decode_ticket
(const krb5_data *code,
krb5_ticket **rep);
void KRB5_CALLCONV
krb5_appdefault_string
(krb5_context context,
const char *appname,
const krb5_data *realm,
const char *option,
const char *default_value,
char ** ret_value);
void KRB5_CALLCONV
krb5_appdefault_boolean
(krb5_context context,
const char *appname,
const krb5_data *realm,
const char *option,
int default_value,
int *ret_value);
#if KRB5_PRIVATE
/*
* The realm iterator functions
*/
krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create
(krb5_context context, void **iter_p);
krb5_error_code KRB5_CALLCONV krb5_realm_iterator
(krb5_context context, void **iter_p, char **ret_realm);
void KRB5_CALLCONV krb5_realm_iterator_free
(krb5_context context, void **iter_p);
void KRB5_CALLCONV krb5_free_realm_string
(krb5_context context, char *str);
#endif
/*
* The realm iterator functions
*/
krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create
(krb5_context context, void **iter_p);
krb5_error_code KRB5_CALLCONV krb5_realm_iterator
(krb5_context context, void **iter_p, char **ret_realm);
void KRB5_CALLCONV krb5_realm_iterator_free
(krb5_context context, void **iter_p);
void KRB5_CALLCONV krb5_free_realm_string
(krb5_context context, char *str);
/*
* Prompter enhancements
*/
#define KRB5_PROMPT_TYPE_PASSWORD 0x1
#define KRB5_PROMPT_TYPE_NEW_PASSWORD 0x2
#define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN 0x3
#define KRB5_PROMPT_TYPE_PREAUTH 0x4
typedef krb5_int32 krb5_prompt_type;
krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types
(krb5_context context);
/* Error reporting */
void KRB5_CALLCONV_C
krb5_set_error_message (krb5_context, krb5_error_code, const char *, ...);
#ifdef va_start
void KRB5_CALLCONV
krb5_vset_error_message (krb5_context, krb5_error_code, const char *, va_list);
#endif
/*
* The behavior of krb5_get_error_message is only defined the first
* time it is called after a failed call to a krb5 function using the
* same context, and only when the error code passed in is the same as
* that returned by the krb5 function. Future versions may return the
* same string for the second and following calls.
*
* The string returned by this function must be freed using
* krb5_free_error_message.
*/
const char * KRB5_CALLCONV
krb5_get_error_message (krb5_context, krb5_error_code);
void KRB5_CALLCONV
krb5_free_error_message (krb5_context, const char *);
void KRB5_CALLCONV
krb5_clear_error_message (krb5_context);
krb5_error_code KRB5_CALLCONV
krb5_decode_authdata_container(krb5_context context,
krb5_authdatatype type,
const krb5_authdata *container,
krb5_authdata ***authdata);
krb5_error_code KRB5_CALLCONV
krb5_encode_authdata_container(krb5_context context,
krb5_authdatatype type,
krb5_authdata * const*authdata,
krb5_authdata ***container);
/*
* Windows PAC
*/
struct krb5_pac_data;
typedef struct krb5_pac_data *krb5_pac;
krb5_error_code KRB5_CALLCONV
krb5_pac_add_buffer
(krb5_context context,
krb5_pac pac,
krb5_ui_4 type,
const krb5_data *data);
void KRB5_CALLCONV
krb5_pac_free
(krb5_context context,
krb5_pac pac);
krb5_error_code KRB5_CALLCONV
krb5_pac_get_buffer
(krb5_context context,
krb5_pac pac,
krb5_ui_4 type,
krb5_data *data);
krb5_error_code KRB5_CALLCONV
krb5_pac_get_types
(krb5_context context,
krb5_pac pac,
size_t *len,
krb5_ui_4 **types);
krb5_error_code KRB5_CALLCONV
krb5_pac_init
(krb5_context context,
krb5_pac *pac);
krb5_error_code KRB5_CALLCONV
krb5_pac_parse
(krb5_context context,
const void *ptr,
size_t len,
krb5_pac *pac);
krb5_error_code KRB5_CALLCONV
krb5_pac_verify
(krb5_context context,
const krb5_pac pac,
krb5_timestamp authtime,
krb5_const_principal principal,
const krb5_keyblock *server,
const krb5_keyblock *privsvr);
#if TARGET_OS_MAC
# pragma pack(pop)
#endif
KRB5INT_END_DECLS
/* Don't use this! We're going to phase it out. It's just here to keep
applications from breaking right away. */
#define krb5_const const
#endif /* KRB5_GENERAL__ */
/*
* Solaris Kerberos: the following differs from the MIT krb5.hin as that file is
* processed to produce their krb5.h. We do not process a krb5.hin so our
* krb5.h is manually edited.
*/
/*
* krb5_err.h:
* This file is automatically generated; please do not edit it.
*/
#define KRB5KDC_ERR_NONE (-1765328384L)
#define KRB5KDC_ERR_NAME_EXP (-1765328383L)
#define KRB5KDC_ERR_SERVICE_EXP (-1765328382L)
#define KRB5KDC_ERR_BAD_PVNO (-1765328381L)
#define KRB5KDC_ERR_C_OLD_MAST_KVNO (-1765328380L)
#define KRB5KDC_ERR_S_OLD_MAST_KVNO (-1765328379L)
#define KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN (-1765328378L)
#define KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (-1765328377L)
#define KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE (-1765328376L)
#define KRB5KDC_ERR_NULL_KEY (-1765328375L)
#define KRB5KDC_ERR_CANNOT_POSTDATE (-1765328374L)
#define KRB5KDC_ERR_NEVER_VALID (-1765328373L)
#define KRB5KDC_ERR_POLICY (-1765328372L)
#define KRB5KDC_ERR_BADOPTION (-1765328371L)
#define KRB5KDC_ERR_ETYPE_NOSUPP (-1765328370L)
#define KRB5KDC_ERR_SUMTYPE_NOSUPP (-1765328369L)
#define KRB5KDC_ERR_PADATA_TYPE_NOSUPP (-1765328368L)
#define KRB5KDC_ERR_TRTYPE_NOSUPP (-1765328367L)
#define KRB5KDC_ERR_CLIENT_REVOKED (-1765328366L)
#define KRB5KDC_ERR_SERVICE_REVOKED (-1765328365L)
#define KRB5KDC_ERR_TGT_REVOKED (-1765328364L)
#define KRB5KDC_ERR_CLIENT_NOTYET (-1765328363L)
#define KRB5KDC_ERR_SERVICE_NOTYET (-1765328362L)
#define KRB5KDC_ERR_KEY_EXP (-1765328361L)
#define KRB5KDC_ERR_PREAUTH_FAILED (-1765328360L)
#define KRB5KDC_ERR_PREAUTH_REQUIRED (-1765328359L)
#define KRB5KDC_ERR_SERVER_NOMATCH (-1765328358L)
#define KRB5KDC_ERR_MUST_USE_USER2USER (-1765328357L)
#define KRB5KDC_ERR_PATH_NOT_ACCEPTED (-1765328356L)
#define KRB5KDC_ERR_SVC_UNAVAILABLE (-1765328355L)
#define KRB5PLACEHOLD_30 (-1765328354L)
#define KRB5KRB_AP_ERR_BAD_INTEGRITY (-1765328353L)
#define KRB5KRB_AP_ERR_TKT_EXPIRED (-1765328352L)
#define KRB5KRB_AP_ERR_TKT_NYV (-1765328351L)
#define KRB5KRB_AP_ERR_REPEAT (-1765328350L)
#define KRB5KRB_AP_ERR_NOT_US (-1765328349L)
#define KRB5KRB_AP_ERR_BADMATCH (-1765328348L)
#define KRB5KRB_AP_ERR_SKEW (-1765328347L)
#define KRB5KRB_AP_ERR_BADADDR (-1765328346L)
#define KRB5KRB_AP_ERR_BADVERSION (-1765328345L)
#define KRB5KRB_AP_ERR_MSG_TYPE (-1765328344L)
#define KRB5KRB_AP_ERR_MODIFIED (-1765328343L)
#define KRB5KRB_AP_ERR_BADORDER (-1765328342L)
#define KRB5KRB_AP_ERR_ILL_CR_TKT (-1765328341L)
#define KRB5KRB_AP_ERR_BADKEYVER (-1765328340L)
#define KRB5KRB_AP_ERR_NOKEY (-1765328339L)
#define KRB5KRB_AP_ERR_MUT_FAIL (-1765328338L)
#define KRB5KRB_AP_ERR_BADDIRECTION (-1765328337L)
#define KRB5KRB_AP_ERR_METHOD (-1765328336L)
#define KRB5KRB_AP_ERR_BADSEQ (-1765328335L)
#define KRB5KRB_AP_ERR_INAPP_CKSUM (-1765328334L)
#define KRB5KRB_AP_PATH_NOT_ACCEPTED (-1765328333L)
#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
#define KRB5PLACEHOLD_53 (-1765328331L)
#define KRB5PLACEHOLD_54 (-1765328330L)
#define KRB5PLACEHOLD_55 (-1765328329L)
#define KRB5PLACEHOLD_56 (-1765328328L)
#define KRB5PLACEHOLD_57 (-1765328327L)
#define KRB5PLACEHOLD_58 (-1765328326L)
#define KRB5PLACEHOLD_59 (-1765328325L)
#define KRB5KRB_ERR_GENERIC (-1765328324L)
#define KRB5KRB_ERR_FIELD_TOOLONG (-1765328323L)
#define KRB5KDC_ERR_CLIENT_NOT_TRUSTED (-1765328322L)
#define KRB5KDC_ERR_KDC_NOT_TRUSTED (-1765328321L)
#define KRB5KDC_ERR_INVALID_SIG (-1765328320L)
#define KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED (-1765328319L)
#define KRB5KDC_ERR_CERTIFICATE_MISMATCH (-1765328318L)
#define KRB5KRB_AP_ERR_NO_TGT (-1765328317L)
#define KRB5KDC_ERR_WRONG_REALM (-1765328316L)
#define KRB5KRB_AP_ERR_USER_TO_USER_REQUIRED (-1765328315L)
#define KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE (-1765328314L)
#define KRB5KDC_ERR_INVALID_CERTIFICATE (-1765328313L)
#define KRB5KDC_ERR_REVOKED_CERTIFICATE (-1765328312L)
#define KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN (-1765328311L)
#define KRB5KDC_ERR_REVOCATION_STATUS_UNAVAILABLE (-1765328310L)
#define KRB5KDC_ERR_CLIENT_NAME_MISMATCH (-1765328309L)
#define KRB5KDC_ERR_KDC_NAME_MISMATCH (-1765328308L)
#define KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE (-1765328307L)
#define KRB5KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED (-1765328306L)
#define KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED (-1765328305L)
#define KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED (-1765328304L)
#define KRB5KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED (-1765328303L)
#define KRB5PLACEHOLD_82 (-1765328302L)
#define KRB5PLACEHOLD_83 (-1765328301L)
#define KRB5PLACEHOLD_84 (-1765328300L)
#define KRB5PLACEHOLD_85 (-1765328299L)
#define KRB5PLACEHOLD_86 (-1765328298L)
#define KRB5PLACEHOLD_87 (-1765328297L)
#define KRB5PLACEHOLD_88 (-1765328296L)
#define KRB5PLACEHOLD_89 (-1765328295L)
#define KRB5PLACEHOLD_90 (-1765328294L)
#define KRB5PLACEHOLD_91 (-1765328293L)
#define KRB5PLACEHOLD_92 (-1765328292L)
#define KRB5PLACEHOLD_93 (-1765328291L)
#define KRB5PLACEHOLD_94 (-1765328290L)
#define KRB5PLACEHOLD_95 (-1765328289L)
#define KRB5PLACEHOLD_96 (-1765328288L)
#define KRB5PLACEHOLD_97 (-1765328287L)
#define KRB5PLACEHOLD_98 (-1765328286L)
#define KRB5PLACEHOLD_99 (-1765328285L)
#define KRB5PLACEHOLD_100 (-1765328284L)
#define KRB5PLACEHOLD_101 (-1765328283L)
#define KRB5PLACEHOLD_102 (-1765328282L)
#define KRB5PLACEHOLD_103 (-1765328281L)
#define KRB5PLACEHOLD_104 (-1765328280L)
#define KRB5PLACEHOLD_105 (-1765328279L)
#define KRB5PLACEHOLD_106 (-1765328278L)
#define KRB5PLACEHOLD_107 (-1765328277L)
#define KRB5PLACEHOLD_108 (-1765328276L)
#define KRB5PLACEHOLD_109 (-1765328275L)
#define KRB5PLACEHOLD_110 (-1765328274L)
#define KRB5PLACEHOLD_111 (-1765328273L)
#define KRB5PLACEHOLD_112 (-1765328272L)
#define KRB5PLACEHOLD_113 (-1765328271L)
#define KRB5PLACEHOLD_114 (-1765328270L)
#define KRB5PLACEHOLD_115 (-1765328269L)
#define KRB5PLACEHOLD_116 (-1765328268L)
#define KRB5PLACEHOLD_117 (-1765328267L)
#define KRB5PLACEHOLD_118 (-1765328266L)
#define KRB5PLACEHOLD_119 (-1765328265L)
#define KRB5PLACEHOLD_120 (-1765328264L)
#define KRB5PLACEHOLD_121 (-1765328263L)
#define KRB5PLACEHOLD_122 (-1765328262L)
#define KRB5PLACEHOLD_123 (-1765328261L)
#define KRB5PLACEHOLD_124 (-1765328260L)
#define KRB5PLACEHOLD_125 (-1765328259L)
#define KRB5PLACEHOLD_126 (-1765328258L)
#define KRB5PLACEHOLD_127 (-1765328257L)
#define KRB5_ERR_RCSID (-1765328256L)
#define KRB5_LIBOS_BADLOCKFLAG (-1765328255L)
#define KRB5_LIBOS_CANTREADPWD (-1765328254L)
#define KRB5_LIBOS_BADPWDMATCH (-1765328253L)
#define KRB5_LIBOS_PWDINTR (-1765328252L)
#define KRB5_PARSE_ILLCHAR (-1765328251L)
#define KRB5_PARSE_MALFORMED (-1765328250L)
#define KRB5_CONFIG_CANTOPEN (-1765328249L)
#define KRB5_CONFIG_BADFORMAT (-1765328248L)
#define KRB5_CONFIG_NOTENUFSPACE (-1765328247L)
#define KRB5_BADMSGTYPE (-1765328246L)
#define KRB5_CC_BADNAME (-1765328245L)
#define KRB5_CC_UNKNOWN_TYPE (-1765328244L)
#define KRB5_CC_NOTFOUND (-1765328243L)
#define KRB5_CC_END (-1765328242L)
#define KRB5_NO_TKT_SUPPLIED (-1765328241L)
#define KRB5KRB_AP_WRONG_PRINC (-1765328240L)
#define KRB5KRB_AP_ERR_TKT_INVALID (-1765328239L)
#define KRB5_PRINC_NOMATCH (-1765328238L)
#define KRB5_KDCREP_MODIFIED (-1765328237L)
#define KRB5_KDCREP_SKEW (-1765328236L)
#define KRB5_IN_TKT_REALM_MISMATCH (-1765328235L)
#define KRB5_PROG_ETYPE_NOSUPP (-1765328234L)
#define KRB5_PROG_KEYTYPE_NOSUPP (-1765328233L)
#define KRB5_WRONG_ETYPE (-1765328232L)
#define KRB5_PROG_SUMTYPE_NOSUPP (-1765328231L)
#define KRB5_REALM_UNKNOWN (-1765328230L)
#define KRB5_SERVICE_UNKNOWN (-1765328229L)
#define KRB5_KDC_UNREACH (-1765328228L)
#define KRB5_NO_LOCALNAME (-1765328227L)
#define KRB5_MUTUAL_FAILED (-1765328226L)
#define KRB5_RC_TYPE_EXISTS (-1765328225L)
#define KRB5_RC_MALLOC (-1765328224L)
#define KRB5_RC_TYPE_NOTFOUND (-1765328223L)
#define KRB5_RC_UNKNOWN (-1765328222L)
#define KRB5_RC_REPLAY (-1765328221L)
#define KRB5_RC_IO (-1765328220L)
#define KRB5_RC_NOIO (-1765328219L)
#define KRB5_RC_PARSE (-1765328218L)
#define KRB5_RC_IO_EOF (-1765328217L)
#define KRB5_RC_IO_MALLOC (-1765328216L)
#define KRB5_RC_IO_PERM (-1765328215L)
#define KRB5_RC_IO_IO (-1765328214L)
#define KRB5_RC_IO_UNKNOWN (-1765328213L)
#define KRB5_RC_IO_SPACE (-1765328212L)
#define KRB5_TRANS_CANTOPEN (-1765328211L)
#define KRB5_TRANS_BADFORMAT (-1765328210L)
#define KRB5_LNAME_CANTOPEN (-1765328209L)
#define KRB5_LNAME_NOTRANS (-1765328208L)
#define KRB5_LNAME_BADFORMAT (-1765328207L)
#define KRB5_CRYPTO_INTERNAL (-1765328206L)
#define KRB5_KT_BADNAME (-1765328205L)
#define KRB5_KT_UNKNOWN_TYPE (-1765328204L)
#define KRB5_KT_NOTFOUND (-1765328203L)
#define KRB5_KT_END (-1765328202L)
#define KRB5_KT_NOWRITE (-1765328201L)
#define KRB5_KT_IOERR (-1765328200L)
#define KRB5_NO_TKT_IN_RLM (-1765328199L)
#define KRB5DES_BAD_KEYPAR (-1765328198L)
#define KRB5DES_WEAK_KEY (-1765328197L)
#define KRB5_BAD_ENCTYPE (-1765328196L)
#define KRB5_BAD_KEYSIZE (-1765328195L)
#define KRB5_BAD_MSIZE (-1765328194L)
#define KRB5_CC_TYPE_EXISTS (-1765328193L)
#define KRB5_KT_TYPE_EXISTS (-1765328192L)
#define KRB5_CC_IO (-1765328191L)
#define KRB5_FCC_PERM (-1765328190L)
#define KRB5_FCC_NOFILE (-1765328189L)
#define KRB5_FCC_INTERNAL (-1765328188L)
#define KRB5_CC_WRITE (-1765328187L)
#define KRB5_CC_NOMEM (-1765328186L)
#define KRB5_CC_FORMAT (-1765328185L)
#define KRB5_CC_NOT_KTYPE (-1765328184L)
#define KRB5_INVALID_FLAGS (-1765328183L)
#define KRB5_NO_2ND_TKT (-1765328182L)
#define KRB5_NOCREDS_SUPPLIED (-1765328181L)
#define KRB5_SENDAUTH_BADAUTHVERS (-1765328180L)
#define KRB5_SENDAUTH_BADAPPLVERS (-1765328179L)
#define KRB5_SENDAUTH_BADRESPONSE (-1765328178L)
#define KRB5_SENDAUTH_REJECTED (-1765328177L)
#define KRB5_PREAUTH_BAD_TYPE (-1765328176L)
#define KRB5_PREAUTH_NO_KEY (-1765328175L)
#define KRB5_PREAUTH_FAILED (-1765328174L)
#define KRB5_RCACHE_BADVNO (-1765328173L)
#define KRB5_CCACHE_BADVNO (-1765328172L)
#define KRB5_KEYTAB_BADVNO (-1765328171L)
#define KRB5_PROG_ATYPE_NOSUPP (-1765328170L)
#define KRB5_RC_REQUIRED (-1765328169L)
#define KRB5_ERR_BAD_HOSTNAME (-1765328168L)
#define KRB5_ERR_HOST_REALM_UNKNOWN (-1765328167L)
#define KRB5_SNAME_UNSUPP_NAMETYPE (-1765328166L)
#define KRB5KRB_AP_ERR_V4_REPLY (-1765328165L)
#define KRB5_REALM_CANT_RESOLVE (-1765328164L)
#define KRB5_TKT_NOT_FORWARDABLE (-1765328163L)
#define KRB5_FWD_BAD_PRINCIPAL (-1765328162L)
#define KRB5_GET_IN_TKT_LOOP (-1765328161L)
#define KRB5_CONFIG_NODEFREALM (-1765328160L)
#define KRB5_SAM_UNSUPPORTED (-1765328159L)
#define KRB5_SAM_INVALID_ETYPE (-1765328158L)
#define KRB5_SAM_NO_CHECKSUM (-1765328157L)
#define KRB5_SAM_BAD_CHECKSUM (-1765328156L)
#define KRB5_KT_NAME_TOOLONG (-1765328155L)
#define KRB5_KT_KVNONOTFOUND (-1765328154L)
#define KRB5_APPL_EXPIRED (-1765328153L)
#define KRB5_LIB_EXPIRED (-1765328152L)
#define KRB5_CHPW_PWDNULL (-1765328151L)
#define KRB5_CHPW_FAIL (-1765328150L)
#define KRB5_KT_FORMAT (-1765328149L)
#define KRB5_NOPERM_ETYPE (-1765328148L)
#define KRB5_CONFIG_ETYPE_NOSUPP (-1765328147L)
#define KRB5_OBSOLETE_FN (-1765328146L)
#define KRB5_EAI_FAIL (-1765328145L)
#define KRB5_EAI_NODATA (-1765328144L)
#define KRB5_EAI_NONAME (-1765328143L)
#define KRB5_EAI_SERVICE (-1765328142L)
#define KRB5_ERR_NUMERIC_REALM (-1765328141L)
#define KRB5_ERR_BAD_S2K_PARAMS (-1765328140L)
#define KRB5_ERR_NO_SERVICE (-1765328139L)
#define KRB5_CC_READONLY (-1765328138L)
#define KRB5_CC_NOSUPP (-1765328137L)
/* NOTE! error values should not collide */
/* XXX Note KRB5_RC_BADNAME and KRB5_CONF_NOT_CONFIGURED are Solaris specific */
#define KRB5_RC_BADNAME (-1765328136L)
#define KRB5_CONF_NOT_CONFIGURED (-1765328135L)
#ifdef _KERNEL
/* XXX Note KRB5_KEF_ERROR and PKCS_ERR are Solaris specific */
#define KRB5_KEF_ERROR (-1765328134L)
#else
#define PKCS_ERR (-1765328134L)
#endif /* _KERNEL */
#define KRB5_DELTAT_BADFORMAT (-1765328133L)
#define KRB5_PLUGIN_NO_HANDLE (-1765328132L)
#define KRB5_PLUGIN_OP_NOTSUPP (-1765328131L)
/* SUNW17PACresync */
#define KRB5_ERR_INVALID_UTF8 (-1765328130L)
#define KRB5_ERR_FAST_REQUIRED (-1765328129L)
#define KRB5_LOCAL_ADDR_REQUIRED (-1765328128L)
#define KRB5_REMOTE_ADDR_REQUIRED (-1765328127L)
#define ERROR_TABLE_BASE_krb5 (-1765328384L)
/* for compatibility with older versions... */
#define krb5_err_base ERROR_TABLE_BASE_krb5
/*
* kdb5_err.h:
* This file is automatically generated; please do not edit it.
*/
#define KRB5_KDB_RCSID (-1780008448L)
#define KRB5_KDB_INUSE (-1780008447L)
#define KRB5_KDB_UK_SERROR (-1780008446L)
#define KRB5_KDB_UK_RERROR (-1780008445L)
#define KRB5_KDB_UNAUTH (-1780008444L)
#define KRB5_KDB_NOENTRY (-1780008443L)
#define KRB5_KDB_ILL_WILDCARD (-1780008442L)
#define KRB5_KDB_DB_INUSE (-1780008441L)
#define KRB5_KDB_DB_CHANGED (-1780008440L)
#define KRB5_KDB_TRUNCATED_RECORD (-1780008439L)
#define KRB5_KDB_RECURSIVELOCK (-1780008438L)
#define KRB5_KDB_NOTLOCKED (-1780008437L)
#define KRB5_KDB_BADLOCKMODE (-1780008436L)
#define KRB5_KDB_DBNOTINITED (-1780008435L)
#define KRB5_KDB_DBINITED (-1780008434L)
#define KRB5_KDB_ILLDIRECTION (-1780008433L)
#define KRB5_KDB_NOMASTERKEY (-1780008432L)
#define KRB5_KDB_BADMASTERKEY (-1780008431L)
#define KRB5_KDB_INVALIDKEYSIZE (-1780008430L)
#define KRB5_KDB_CANTREAD_STORED (-1780008429L)
#define KRB5_KDB_BADSTORED_MKEY (-1780008428L)
#define KRB5_KDB_CANTLOCK_DB (-1780008427L)
#define KRB5_KDB_DB_CORRUPT (-1780008426L)
#define KRB5_KDB_BAD_VERSION (-1780008425L)
#define KRB5_KDB_BAD_SALTTYPE (-1780008424L)
#define KRB5_KDB_BAD_ENCTYPE (-1780008423L)
#define KRB5_KDB_BAD_CREATEFLAGS (-1780008422L)
#define KRB5_KDB_NO_PERMITTED_KEY (-1780008421L)
#define KRB5_KDB_NO_MATCHING_KEY (-1780008420L)
/*
* Incremental propagation error codes
*/
#define KRB5_LOG_CONV (-1780008419L)
#define KRB5_LOG_UNSTABLE (-1780008418L)
#define KRB5_LOG_CORRUPT (-1780008417L)
#define KRB5_LOG_ERROR (-1780008416L)
#define KRB5_KDB_DBTYPE_NOTFOUND (-1780008415L)
#define KRB5_KDB_DBTYPE_NOSUP (-1780008414L)
#define KRB5_KDB_DBTYPE_INIT (-1780008413L)
#define KRB5_KDB_SERVER_INTERNAL_ERR (-1780008412L)
#define KRB5_KDB_ACCESS_ERROR (-1780008411L)
#define KRB5_KDB_INTERNAL_ERROR (-1780008410L)
#define KRB5_KDB_CONSTRAINT_VIOLATION (-1780008409L)
#define ERROR_TABLE_BASE_kdb5 (-1780008448L)
/* for compatibility with older versions... */
#define kdb5_err_base ERROR_TABLE_BASE_kdb5
/*
* kv5m_err.h:
* This file is automatically generated; please do not edit it.
*/
#define KV5M_NONE (-1760647424L)
#define KV5M_PRINCIPAL (-1760647423L)
#define KV5M_DATA (-1760647422L)
#define KV5M_KEYBLOCK (-1760647421L)
#define KV5M_CHECKSUM (-1760647420L)
#define KV5M_ENCRYPT_BLOCK (-1760647419L)
#define KV5M_ENC_DATA (-1760647418L)
#define KV5M_CRYPTOSYSTEM_ENTRY (-1760647417L)
#define KV5M_CS_TABLE_ENTRY (-1760647416L)
#define KV5M_CHECKSUM_ENTRY (-1760647415L)
#define KV5M_AUTHDATA (-1760647414L)
#define KV5M_TRANSITED (-1760647413L)
#define KV5M_ENC_TKT_PART (-1760647412L)
#define KV5M_TICKET (-1760647411L)
#define KV5M_AUTHENTICATOR (-1760647410L)
#define KV5M_TKT_AUTHENT (-1760647409L)
#define KV5M_CREDS (-1760647408L)
#define KV5M_LAST_REQ_ENTRY (-1760647407L)
#define KV5M_PA_DATA (-1760647406L)
#define KV5M_KDC_REQ (-1760647405L)
#define KV5M_ENC_KDC_REP_PART (-1760647404L)
#define KV5M_KDC_REP (-1760647403L)
#define KV5M_ERROR (-1760647402L)
#define KV5M_AP_REQ (-1760647401L)
#define KV5M_AP_REP (-1760647400L)
#define KV5M_AP_REP_ENC_PART (-1760647399L)
#define KV5M_RESPONSE (-1760647398L)
#define KV5M_SAFE (-1760647397L)
#define KV5M_PRIV (-1760647396L)
#define KV5M_PRIV_ENC_PART (-1760647395L)
#define KV5M_CRED (-1760647394L)
#define KV5M_CRED_INFO (-1760647393L)
#define KV5M_CRED_ENC_PART (-1760647392L)
#define KV5M_PWD_DATA (-1760647391L)
#define KV5M_ADDRESS (-1760647390L)
#define KV5M_KEYTAB_ENTRY (-1760647389L)
#define KV5M_CONTEXT (-1760647388L)
#define KV5M_OS_CONTEXT (-1760647387L)
#define KV5M_ALT_METHOD (-1760647386L)
#define KV5M_ETYPE_INFO_ENTRY (-1760647385L)
#define KV5M_DB_CONTEXT (-1760647384L)
#define KV5M_AUTH_CONTEXT (-1760647383L)
#define KV5M_KEYTAB (-1760647382L)
#define KV5M_RCACHE (-1760647381L)
#define KV5M_CCACHE (-1760647380L)
#define KV5M_PREAUTH_OPS (-1760647379L)
#define KV5M_SAM_CHALLENGE (-1760647378L)
#define KV5M_SAM_KEY (-1760647377L)
#define KV5M_ENC_SAM_RESPONSE_ENC (-1760647376L)
#define KV5M_ENC_SAM_RESPONSE_ENC_2 (-1760647374L)
#define KV5M_SAM_RESPONSE (-1760647373L)
#define KV5M_SAM_RESPONSE_2 (-1760647372L)
#define KV5M_PREDICTED_SAM_RESPONSE (-1760647371L)
#define KV5M_PASSWD_PHRASE_ELEMENT (-1760647370L)
#define KV5M_GSS_OID (-1760647369L)
#define KV5M_GSS_QUEUE (-1760647368L)
#define ERROR_TABLE_BASE_kv5m (-1760647424L)
/* for compatibility with older versions... */
#define kv5m_err_base ERROR_TABLE_BASE_kv5m
/*
* asn1_err.h:
* This file is automatically generated; please do not edit it.
*/
#define ASN1_BAD_TIMEFORMAT (1859794432L)
#define ASN1_MISSING_FIELD (1859794433L)
#define ASN1_MISPLACED_FIELD (1859794434L)
#define ASN1_TYPE_MISMATCH (1859794435L)
#define ASN1_OVERFLOW (1859794436L)
#define ASN1_OVERRUN (1859794437L)
#define ASN1_BAD_ID (1859794438L)
#define ASN1_BAD_LENGTH (1859794439L)
#define ASN1_BAD_FORMAT (1859794440L)
#define ASN1_PARSE_ERROR (1859794441L)
#define ASN1_BAD_GMTIME (1859794442L)
#define ASN1_MISMATCH_INDEF (1859794443L)
#define ASN1_MISSING_EOC (1859794444L)
#define ERROR_TABLE_BASE_asn1 (1859794432L)
/* for compatibility with older versions... */
#define asn1_err_base ERROR_TABLE_BASE_asn1
#endif /* _KRB5_H */