krb5.h revision 102644
1/* 2 * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34/* $Id: krb5.h,v 1.203 2002/08/22 10:06:20 joda Exp $ */ 35 36#ifndef __KRB5_H__ 37#define __KRB5_H__ 38 39#include <time.h> 40#include <krb5-types.h> 41 42#include <asn1_err.h> 43#include <krb5_err.h> 44#include <heim_err.h> 45#include <k524_err.h> 46 47#include <krb5_asn1.h> 48 49/* name confusion with MIT */ 50#ifndef KRB5KDC_ERR_KEY_EXP 51#define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED 52#endif 53 54/* simple constants */ 55 56#ifndef TRUE 57#define TRUE 1 58#define FALSE 0 59#endif 60 61typedef int krb5_boolean; 62 63typedef int32_t krb5_error_code; 64 65typedef int krb5_kvno; 66 67typedef u_int32_t krb5_flags; 68 69typedef void *krb5_pointer; 70typedef const void *krb5_const_pointer; 71 72typedef octet_string krb5_data; 73 74struct krb5_crypto_data; 75typedef struct krb5_crypto_data *krb5_crypto; 76 77typedef CKSUMTYPE krb5_cksumtype; 78 79typedef Checksum krb5_checksum; 80 81typedef ENCTYPE krb5_enctype; 82 83/* alternative names */ 84enum { 85 ENCTYPE_NULL = ETYPE_NULL, 86 ENCTYPE_DES_CBC_CRC = ETYPE_DES_CBC_CRC, 87 ENCTYPE_DES_CBC_MD4 = ETYPE_DES_CBC_MD4, 88 ENCTYPE_DES_CBC_MD5 = ETYPE_DES_CBC_MD5, 89 ENCTYPE_DES3_CBC_MD5 = ETYPE_DES3_CBC_MD5, 90 ENCTYPE_OLD_DES3_CBC_SHA1 = ETYPE_OLD_DES3_CBC_SHA1, 91 ENCTYPE_SIGN_DSA_GENERATE = ETYPE_SIGN_DSA_GENERATE, 92 ENCTYPE_ENCRYPT_RSA_PRIV = ETYPE_ENCRYPT_RSA_PRIV, 93 ENCTYPE_ENCRYPT_RSA_PUB = ETYPE_ENCRYPT_RSA_PUB, 94 ENCTYPE_DES3_CBC_SHA1 = ETYPE_DES3_CBC_SHA1, 95 ENCTYPE_ARCFOUR_HMAC_MD5 = ETYPE_ARCFOUR_HMAC_MD5, 96 ENCTYPE_ARCFOUR_HMAC_MD5_56 = ETYPE_ARCFOUR_HMAC_MD5_56, 97 ENCTYPE_ENCTYPE_PK_CROSS = ETYPE_ENCTYPE_PK_CROSS, 98 ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE, 99 ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, 100 ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, 101 ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE, 102 ENCTYPE_DES3_CBC_NONE_IVEC = ETYPE_DES3_CBC_NONE_IVEC 103}; 104 105typedef PADATA_TYPE krb5_preauthtype; 106 107typedef enum krb5_key_usage { 108 KRB5_KU_PA_ENC_TIMESTAMP = 1, 109 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the 110 client key (section 5.4.1) */ 111 KRB5_KU_TICKET = 2, 112 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or 113 application session key), encrypted with the service key 114 (section 5.4.2) */ 115 KRB5_KU_AS_REP_ENC_PART = 3, 116 /* AS-REP encrypted part (includes tgs session key or application 117 session key), encrypted with the client key (section 5.4.2) */ 118 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4, 119 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs 120 session key (section 5.4.1) */ 121 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5, 122 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs 123 authenticator subkey (section 5.4.1) */ 124 KRB5_KU_TGS_REQ_AUTH_CKSUM = 6, 125 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed 126 with the tgs session key (sections 5.3.2, 5.4.1) */ 127 KRB5_KU_TGS_REQ_AUTH = 7, 128 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs 129 authenticator subkey), encrypted with the tgs session key 130 (section 5.3.2) */ 131 KRB5_KU_TGS_REP_ENC_PART_SESSION = 8, 132 /* TGS-REP encrypted part (includes application session key), 133 encrypted with the tgs session key (section 5.4.2) */ 134 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9, 135 /* TGS-REP encrypted part (includes application session key), 136 encrypted with the tgs authenticator subkey (section 5.4.2) */ 137 KRB5_KU_AP_REQ_AUTH_CKSUM = 10, 138 /* AP-REQ Authenticator cksum, keyed with the application session 139 key (section 5.3.2) */ 140 KRB5_KU_AP_REQ_AUTH = 11, 141 /* AP-REQ Authenticator (includes application authenticator 142 subkey), encrypted with the application session key (section 143 5.3.2) */ 144 KRB5_KU_AP_REQ_ENC_PART = 12, 145 /* AP-REP encrypted part (includes application session subkey), 146 encrypted with the application session key (section 5.5.2) */ 147 KRB5_KU_KRB_PRIV = 13, 148 /* KRB-PRIV encrypted part, encrypted with a key chosen by the 149 application (section 5.7.1) */ 150 KRB5_KU_KRB_CRED = 14, 151 /* KRB-CRED encrypted part, encrypted with a key chosen by the 152 application (section 5.8.1) */ 153 KRB5_KU_KRB_SAFE_CKSUM = 15, 154 /* KRB-SAFE cksum, keyed with a key chosen by the application 155 (section 5.6.1) */ 156 KRB5_KU_OTHER_ENCRYPTED = 16, 157 /* Data which is defined in some specification outside of 158 Kerberos to be encrypted using an RFC1510 encryption type. */ 159 KRB5_KU_OTHER_CKSUM = 17, 160 /* Data which is defined in some specification outside of 161 Kerberos to be checksummed using an RFC1510 checksum type. */ 162 KRB5_KU_KRB_ERROR = 18, 163 /* Krb-error checksum */ 164 KRB5_KU_AD_KDC_ISSUED = 19, 165 /* AD-KDCIssued checksum */ 166 KRB5_KU_MANDATORY_TICKET_EXTENSION = 20, 167 /* Checksum for Mandatory Ticket Extensions */ 168 KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21, 169 /* Checksum in Authorization Data in Ticket Extensions */ 170 KRB5_KU_USAGE_SEAL = 22, 171 /* seal in GSSAPI krb5 mechanism */ 172 KRB5_KU_USAGE_SIGN = 23, 173 /* sign in GSSAPI krb5 mechanism */ 174 KRB5_KU_USAGE_SEQ = 24 175 /* SEQ in GSSAPI krb5 mechanism */ 176} krb5_key_usage; 177 178typedef krb5_key_usage krb5_keyusage; 179 180typedef enum krb5_salttype { 181 KRB5_PW_SALT = KRB5_PADATA_PW_SALT, 182 KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT 183}krb5_salttype; 184 185typedef struct krb5_salt { 186 krb5_salttype salttype; 187 krb5_data saltvalue; 188} krb5_salt; 189 190typedef ETYPE_INFO krb5_preauthinfo; 191 192typedef struct { 193 krb5_preauthtype type; 194 krb5_preauthinfo info; /* list of preauthinfo for this type */ 195} krb5_preauthdata_entry; 196 197typedef struct krb5_preauthdata { 198 unsigned len; 199 krb5_preauthdata_entry *val; 200}krb5_preauthdata; 201 202typedef enum krb5_address_type { 203 KRB5_ADDRESS_INET = 2, 204 KRB5_ADDRESS_INET6 = 24, 205 KRB5_ADDRESS_ADDRPORT = 256, 206 KRB5_ADDRESS_IPPORT = 257 207} krb5_address_type; 208 209enum { 210 AP_OPTS_USE_SESSION_KEY = 1, 211 AP_OPTS_MUTUAL_REQUIRED = 2 212}; 213 214typedef HostAddress krb5_address; 215 216typedef HostAddresses krb5_addresses; 217 218typedef enum krb5_keytype { 219 KEYTYPE_NULL = 0, 220 KEYTYPE_DES = 1, 221 KEYTYPE_DES3 = 7, 222 KEYTYPE_ARCFOUR = 23 223} krb5_keytype; 224 225typedef EncryptionKey krb5_keyblock; 226 227typedef AP_REQ krb5_ap_req; 228 229struct krb5_cc_ops; 230 231#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_" 232 233#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT 234 235#define KRB5_ACCEPT_NULL_ADDRESSES(C) \ 236 krb5_config_get_bool_default((C), NULL, TRUE, \ 237 "libdefaults", "accept_null_addresses", \ 238 NULL) 239 240typedef void *krb5_cc_cursor; 241 242typedef struct krb5_ccache_data { 243 const struct krb5_cc_ops *ops; 244 krb5_data data; 245}krb5_ccache_data; 246 247typedef struct krb5_ccache_data *krb5_ccache; 248 249typedef struct krb5_context_data *krb5_context; 250 251typedef Realm krb5_realm; 252typedef const char *krb5_const_realm; /* stupid language */ 253 254#define krb5_realm_length(r) strlen(r) 255#define krb5_realm_data(r) (r) 256 257typedef Principal krb5_principal_data; 258typedef struct Principal *krb5_principal; 259typedef const struct Principal *krb5_const_principal; 260 261typedef time_t krb5_deltat; 262typedef time_t krb5_timestamp; 263 264typedef struct krb5_times { 265 krb5_timestamp authtime; 266 krb5_timestamp starttime; 267 krb5_timestamp endtime; 268 krb5_timestamp renew_till; 269} krb5_times; 270 271typedef union { 272 TicketFlags b; 273 krb5_flags i; 274} krb5_ticket_flags; 275 276/* options for krb5_get_in_tkt() */ 277#define KDC_OPT_FORWARDABLE (1 << 1) 278#define KDC_OPT_FORWARDED (1 << 2) 279#define KDC_OPT_PROXIABLE (1 << 3) 280#define KDC_OPT_PROXY (1 << 4) 281#define KDC_OPT_ALLOW_POSTDATE (1 << 5) 282#define KDC_OPT_POSTDATED (1 << 6) 283#define KDC_OPT_RENEWABLE (1 << 8) 284#define KDC_OPT_REQUEST_ANONYMOUS (1 << 14) 285#define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26) 286#define KDC_OPT_RENEWABLE_OK (1 << 27) 287#define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28) 288#define KDC_OPT_RENEW (1 << 30) 289#define KDC_OPT_VALIDATE (1 << 31) 290 291typedef union { 292 KDCOptions b; 293 krb5_flags i; 294} krb5_kdc_flags; 295 296/* flags for krb5_verify_ap_req */ 297 298#define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0) 299 300#define KRB5_GC_CACHED (1U << 0) 301#define KRB5_GC_USER_USER (1U << 1) 302 303/* constants for compare_creds (and cc_retrieve_cred) */ 304#define KRB5_TC_DONT_MATCH_REALM (1U << 31) 305#define KRB5_TC_MATCH_KEYTYPE (1U << 30) 306 307typedef AuthorizationData krb5_authdata; 308 309typedef KRB_ERROR krb5_error; 310 311typedef struct krb5_creds { 312 krb5_principal client; 313 krb5_principal server; 314 krb5_keyblock session; 315 krb5_times times; 316 krb5_data ticket; 317 krb5_data second_ticket; 318 krb5_authdata authdata; 319 krb5_addresses addresses; 320 krb5_ticket_flags flags; 321} krb5_creds; 322 323typedef struct krb5_cc_ops { 324 const char *prefix; 325 const char* (*get_name)(krb5_context, krb5_ccache); 326 krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *); 327 krb5_error_code (*gen_new)(krb5_context, krb5_ccache *); 328 krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal); 329 krb5_error_code (*destroy)(krb5_context, krb5_ccache); 330 krb5_error_code (*close)(krb5_context, krb5_ccache); 331 krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*); 332 krb5_error_code (*retrieve)(krb5_context, krb5_ccache, 333 krb5_flags, krb5_creds*, krb5_creds); 334 krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*); 335 krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *); 336 krb5_error_code (*get_next)(krb5_context, krb5_ccache, 337 krb5_cc_cursor*, krb5_creds*); 338 krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*); 339 krb5_error_code (*remove_cred)(krb5_context, krb5_ccache, 340 krb5_flags, krb5_creds*); 341 krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags); 342 int (*get_version)(krb5_context, krb5_ccache); 343} krb5_cc_ops; 344 345struct krb5_log_facility; 346 347struct krb5_config_binding { 348 enum { krb5_config_string, krb5_config_list } type; 349 char *name; 350 struct krb5_config_binding *next; 351 union { 352 char *string; 353 struct krb5_config_binding *list; 354 void *generic; 355 } u; 356}; 357 358typedef struct krb5_config_binding krb5_config_binding; 359 360typedef krb5_config_binding krb5_config_section; 361 362typedef struct krb5_context_data { 363 krb5_enctype *etypes; 364 krb5_enctype *etypes_des; 365 char **default_realms; 366 time_t max_skew; 367 time_t kdc_timeout; 368 unsigned max_retries; 369 int32_t kdc_sec_offset; 370 int32_t kdc_usec_offset; 371 krb5_config_section *cf; 372 struct et_list *et_list; 373 struct krb5_log_facility *warn_dest; 374 krb5_cc_ops *cc_ops; 375 int num_cc_ops; 376 const char *http_proxy; 377 const char *time_fmt; 378 krb5_boolean log_utc; 379 const char *default_keytab; 380 const char *default_keytab_modify; 381 krb5_boolean use_admin_kdc; 382 krb5_addresses *extra_addresses; 383 krb5_boolean scan_interfaces; /* `ifconfig -a' */ 384 krb5_boolean srv_lookup; /* do SRV lookups */ 385 krb5_boolean srv_try_txt; /* try TXT records also */ 386 int32_t fcache_vno; /* create cache files w/ this 387 version */ 388 int num_kt_types; /* # of registered keytab types */ 389 struct krb5_keytab_data *kt_types; /* registered keytab types */ 390 const char *date_fmt; 391 char *error_string; 392 char error_buf[256]; 393 krb5_addresses *ignore_addresses; 394} krb5_context_data; 395 396typedef struct krb5_ticket { 397 EncTicketPart ticket; 398 krb5_principal client; 399 krb5_principal server; 400} krb5_ticket; 401 402typedef Authenticator krb5_authenticator_data; 403 404typedef krb5_authenticator_data *krb5_authenticator; 405 406struct krb5_rcache_data; 407typedef struct krb5_rcache_data *krb5_rcache; 408typedef Authenticator krb5_donot_replay; 409 410#define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */ 411#define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02 412#define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04 413#define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08 414#define KRB5_STORAGE_BYTEORDER_MASK 0x60 415#define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */ 416#define KRB5_STORAGE_BYTEORDER_LE 0x20 417#define KRB5_STORAGE_BYTEORDER_HOST 0x40 418 419struct krb5_storage_data; 420typedef struct krb5_storage_data krb5_storage; 421 422typedef struct krb5_keytab_entry { 423 krb5_principal principal; 424 krb5_kvno vno; 425 krb5_keyblock keyblock; 426 u_int32_t timestamp; 427} krb5_keytab_entry; 428 429typedef struct krb5_kt_cursor { 430 int fd; 431 krb5_storage *sp; 432 void *data; 433} krb5_kt_cursor; 434 435struct krb5_keytab_data; 436 437typedef struct krb5_keytab_data *krb5_keytab; 438 439struct krb5_keytab_data { 440 const char *prefix; 441 krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab); 442 krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t); 443 krb5_error_code (*close)(krb5_context, krb5_keytab); 444 krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal, 445 krb5_kvno, krb5_enctype, krb5_keytab_entry*); 446 krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); 447 krb5_error_code (*next_entry)(krb5_context, krb5_keytab, 448 krb5_keytab_entry*, krb5_kt_cursor*); 449 krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); 450 krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*); 451 krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*); 452 void *data; 453 int32_t version; 454}; 455 456typedef struct krb5_keytab_data krb5_kt_ops; 457 458struct krb5_keytab_key_proc_args { 459 krb5_keytab keytab; 460 krb5_principal principal; 461}; 462 463typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args; 464 465typedef struct krb5_replay_data { 466 krb5_timestamp timestamp; 467 u_int32_t usec; 468 u_int32_t seq; 469} krb5_replay_data; 470 471/* flags for krb5_auth_con_setflags */ 472enum { 473 KRB5_AUTH_CONTEXT_DO_TIME = 1, 474 KRB5_AUTH_CONTEXT_RET_TIME = 2, 475 KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4, 476 KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8, 477 KRB5_AUTH_CONTEXT_PERMIT_ALL = 16 478}; 479 480/* flags for krb5_auth_con_genaddrs */ 481enum { 482 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1, 483 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3, 484 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4, 485 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12 486}; 487 488typedef struct krb5_auth_context_data { 489 unsigned int flags; 490 491 krb5_address *local_address; 492 krb5_address *remote_address; 493 int16_t local_port; 494 int16_t remote_port; 495 krb5_keyblock *keyblock; 496 krb5_keyblock *local_subkey; 497 krb5_keyblock *remote_subkey; 498 499 u_int32_t local_seqnumber; 500 u_int32_t remote_seqnumber; 501 502 krb5_authenticator authenticator; 503 504 krb5_pointer i_vector; 505 506 krb5_rcache rcache; 507 508 krb5_keytype keytype; /* �requested key type ? */ 509 krb5_cksumtype cksumtype; /* �requested checksum type! */ 510 511}krb5_auth_context_data, *krb5_auth_context; 512 513typedef struct { 514 KDC_REP kdc_rep; 515 EncKDCRepPart enc_part; 516 KRB_ERROR error; 517} krb5_kdc_rep; 518 519extern const char *heimdal_version, *heimdal_long_version; 520 521typedef void (*krb5_log_log_func_t)(const char*, const char*, void*); 522typedef void (*krb5_log_close_func_t)(void*); 523 524typedef struct krb5_log_facility { 525 const char *program; 526 int len; 527 struct facility *val; 528} krb5_log_facility; 529 530typedef EncAPRepPart krb5_ap_rep_enc_part; 531 532#define KRB5_RECVAUTH_IGNORE_VERSION 1 533 534#define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0" 535 536#define KRB5_TGS_NAME_SIZE (6) 537#define KRB5_TGS_NAME ("krbtgt") 538 539/* variables */ 540 541extern const char *krb5_config_file; 542extern const char *krb5_defkeyname; 543 544typedef enum { 545 KRB5_PROMPT_TYPE_PASSWORD = 0x1, 546 KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2, 547 KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3, 548 KRB5_PROMPT_TYPE_PREAUTH = 0x4 549} krb5_prompt_type; 550 551typedef struct _krb5_prompt { 552 const char *prompt; 553 int hidden; 554 krb5_data *reply; 555 krb5_prompt_type type; 556} krb5_prompt; 557 558typedef int (*krb5_prompter_fct)(krb5_context context, 559 void *data, 560 const char *name, 561 const char *banner, 562 int num_prompts, 563 krb5_prompt prompts[]); 564 565typedef krb5_error_code (*krb5_key_proc)(krb5_context context, 566 krb5_enctype type, 567 krb5_salt salt, 568 krb5_const_pointer keyseed, 569 krb5_keyblock **key); 570typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context context, 571 krb5_keyblock *key, 572 krb5_key_usage usage, 573 krb5_const_pointer decrypt_arg, 574 krb5_kdc_rep *dec_rep); 575 576 577typedef struct _krb5_get_init_creds_opt { 578 krb5_flags flags; 579 krb5_deltat tkt_life; 580 krb5_deltat renew_life; 581 int forwardable; 582 int proxiable; 583 int anonymous; 584 krb5_enctype *etype_list; 585 int etype_list_length; 586 krb5_addresses *address_list; 587#if 0 /* this is the MIT-way */ 588 krb5_address **address_list; 589#endif 590 /* XXX the next three should not be used, as they may be 591 removed later */ 592 krb5_preauthtype *preauth_list; 593 int preauth_list_length; 594 krb5_data *salt; 595} krb5_get_init_creds_opt; 596 597#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 598#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 599#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 600#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 601#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 602#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 603#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 604#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 605#define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100 606 607typedef struct _krb5_verify_init_creds_opt { 608 krb5_flags flags; 609 int ap_req_nofail; 610} krb5_verify_init_creds_opt; 611 612#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 613 614typedef struct krb5_verify_opt { 615 unsigned int flags; 616 krb5_ccache ccache; 617 krb5_keytab keytab; 618 krb5_boolean secure; 619 const char *service; 620} krb5_verify_opt; 621 622#define KRB5_VERIFY_LREALMS 1 623#define KRB5_VERIFY_NO_ADDRESSES 2 624 625extern const krb5_cc_ops krb5_fcc_ops; 626extern const krb5_cc_ops krb5_mcc_ops; 627 628extern const krb5_kt_ops krb5_fkt_ops; 629extern const krb5_kt_ops krb5_mkt_ops; 630extern const krb5_kt_ops krb5_akf_ops; 631extern const krb5_kt_ops krb4_fkt_ops; 632extern const krb5_kt_ops krb5_srvtab_fkt_ops; 633extern const krb5_kt_ops krb5_any_ops; 634 635#define KRB5_KPASSWD_SUCCESS 0 636#define KRB5_KPASSWD_MALFORMED 1 637#define KRB5_KPASSWD_HARDERROR 2 638#define KRB5_KPASSWD_AUTHERROR 3 639#define KRB5_KPASSWD_SOFTERROR 4 640 641#define KPASSWD_PORT 464 642 643/* types for the new krbhst interface */ 644struct krb5_krbhst_data; 645typedef struct krb5_krbhst_data *krb5_krbhst_handle; 646 647#define KRB5_KRBHST_KDC 1 648#define KRB5_KRBHST_ADMIN 2 649#define KRB5_KRBHST_CHANGEPW 3 650#define KRB5_KRBHST_KRB524 4 651 652typedef struct krb5_krbhst_info { 653 enum { KRB5_KRBHST_UDP, 654 KRB5_KRBHST_TCP, 655 KRB5_KRBHST_HTTP } proto; 656 unsigned short port; 657 unsigned short def_port; 658 struct addrinfo *ai; 659 struct krb5_krbhst_info *next; 660 char hostname[1]; /* has to come last */ 661} krb5_krbhst_info; 662 663 664struct credentials; /* this is to keep the compiler happy */ 665struct getargs; 666struct sockaddr; 667 668#include <krb5-protos.h> 669 670#endif /* __KRB5_H__ */ 671 672