#ifndef _KRB5_INT_H
#define _KRB5_INT_H
#ifdef KRB5_GENERAL__
#error krb5.h included before k5-int.h
#endif
#include "osconf.h"
#ifndef KRB5_CONFIG__
#define KRB5_CONFIG__
#if defined(_MSDOS) || defined(_WIN32)
#include "win-mac.h"
#define KERBEROS_INI "kerberos.ini"
#define INI_FILES "Files"
#define INI_KRB_CCACHE "krb5cc"
#define INI_KRB5_CONF "krb5.ini"
#define ANSI_STDIO
#endif
#ifndef KRB5_AUTOCONF__
#define KRB5_AUTOCONF__
#include "autoconf.h"
#endif
#ifndef KRB5_SYSTYPES__
#define KRB5_SYSTYPES__
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#else
typedef unsigned long u_long;
typedef unsigned int u_int;
typedef unsigned short u_short;
typedef unsigned char u_char;
#endif
#endif
#include "k5-platform.h"
typedef UINT64_TYPE krb5_ui_8;
typedef INT64_TYPE krb5_int64;
#define DEFAULT_PWD_STRING1 "Enter password"
#define DEFAULT_PWD_STRING2 "Re-enter password for verification"
#define KRB5_KDB_MAX_LIFE (60*60*24)
#define KRB5_KDB_MAX_RLIFE (60*60*24*7)
#define KRB5_KDB_EXPIRATION 2145830400
#ifndef KRB5_CALLCONV
#define KRB5_CALLCONV
#define KRB5_CALLCONV_C
#endif
#ifndef O_BINARY
#define O_BINARY 0
#endif
#endif
#include <errno.h>
#include "krb5.h"
#include "profile.h"
#include "port-sockets.h"
#include "socket-utils.h"
#include "k5-thread.h"
#include "k5-err.h"
#ifndef KRB5_ERRORS__
#define KRB5_ERRORS__
#define KDC_ERR_NONE 0
#define KDC_ERR_NAME_EXP 1
#define KDC_ERR_SERVICE_EXP 2
#define KDC_ERR_BAD_PVNO 3
#define KDC_ERR_C_OLD_MAST_KVNO 4
#define KDC_ERR_S_OLD_MAST_KVNO 5
#define KDC_ERR_C_PRINCIPAL_UNKNOWN 6
#define KDC_ERR_S_PRINCIPAL_UNKNOWN 7
#define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8
#define KDC_ERR_NULL_KEY 9
#define KDC_ERR_CANNOT_POSTDATE 10
#define KDC_ERR_NEVER_VALID 11
#define KDC_ERR_POLICY 12
#define KDC_ERR_BADOPTION 13
#define KDC_ERR_ENCTYPE_NOSUPP 14
#define KDC_ERR_SUMTYPE_NOSUPP 15
#define KDC_ERR_PADATA_TYPE_NOSUPP 16
#define KDC_ERR_TRTYPE_NOSUPP 17
#define KDC_ERR_CLIENT_REVOKED 18
#define KDC_ERR_SERVICE_REVOKED 19
#define KDC_ERR_TGT_REVOKED 20
#define KDC_ERR_CLIENT_NOTYET 21
#define KDC_ERR_SERVICE_NOTYET 22
#define KDC_ERR_KEY_EXP 23
#define KDC_ERR_PREAUTH_FAILED 24
#define KDC_ERR_PREAUTH_REQUIRED 25
#define KDC_ERR_SERVER_NOMATCH 26
#define KDC_ERR_CLIENT_NOT_TRUSTED 62
#define KDC_ERR_INVALID_SIG 64
#define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED 65
#define KDC_ERR_CANT_VERIFY_CERTIFICATE 70
#define KDC_ERR_INVALID_CERTIFICATE 71
#define KDC_ERR_REVOKED_CERTIFICATE 72
#define KDC_ERR_REVOCATION_STATUS_UNKNOWN 73
#define KDC_ERR_CLIENT_NAME_MISMATCH 75
#define KDC_ERR_INCONSISTENT_KEY_PURPOSE 77
#define KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED 78
#define KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED 79
#define KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED 80
#define KRB_AP_ERR_BAD_INTEGRITY 31
#define KRB_AP_ERR_TKT_EXPIRED 32
#define KRB_AP_ERR_TKT_NYV 33
#define KRB_AP_ERR_REPEAT 34
#define KRB_AP_ERR_NOT_US 35
#define KRB_AP_ERR_BADMATCH 36
#define KRB_AP_ERR_SKEW 37
#define KRB_AP_ERR_BADADDR 38
#define KRB_AP_ERR_BADVERSION 39
#define KRB_AP_ERR_MSG_TYPE 40
#define KRB_AP_ERR_MODIFIED 41
#define KRB_AP_ERR_BADORDER 42
#define KRB_AP_ERR_BADKEYVER 44
#define KRB_AP_ERR_NOKEY 45
#define KRB_AP_ERR_MUT_FAIL 46
#define KRB_AP_ERR_BADDIRECTION 47
#define KRB_AP_ERR_METHOD 48
#define KRB_AP_ERR_BADSEQ 49
#define KRB_AP_ERR_INAPP_CKSUM 50
#define KRB_AP_PATH_NOT_ACCEPTED 51
#define KRB_ERR_RESPONSE_TOO_BIG 52
#define KRB_ERR_GENERIC 60
#define KRB_ERR_FIELD_TOOLONG 61
#endif
typedef struct _krb5_alt_method {
krb5_magic magic;
krb5_int32 method;
unsigned int length;
krb5_octet *data;
} krb5_alt_method;
typedef struct _krb5_etype_info_entry {
krb5_magic magic;
krb5_enctype etype;
unsigned int length;
krb5_octet *salt;
krb5_data s2kparams;
} krb5_etype_info_entry;
#define KRB5_ETYPE_NO_SALT VALID_UINT_BITS
typedef krb5_etype_info_entry ** krb5_etype_info;
#define PA_SAM_TYPE_ENIGMA 1
#define PA_SAM_TYPE_DIGI_PATH 2
#define PA_SAM_TYPE_SKEY_K0 3
#define PA_SAM_TYPE_SKEY 4
#define PA_SAM_TYPE_SECURID 5
#define PA_SAM_TYPE_CRYPTOCARD 6
#if 1
#define PA_SAM_TYPE_ACTIVCARD_DEC 6
#define PA_SAM_TYPE_ACTIVCARD_HEX 7
#define PA_SAM_TYPE_DIGI_PATH_HEX 8
#endif
#define PA_SAM_TYPE_EXP_BASE 128
#define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0)
#define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1)
typedef struct _krb5_predicted_sam_response {
krb5_magic magic;
krb5_keyblock sam_key;
krb5_flags sam_flags;
krb5_timestamp stime;
krb5_int32 susec;
krb5_principal client;
krb5_data msd;
} krb5_predicted_sam_response;
typedef struct _krb5_sam_challenge {
krb5_magic magic;
krb5_int32 sam_type;
krb5_flags sam_flags;
krb5_data sam_type_name;
krb5_data sam_track_id;
krb5_data sam_challenge_label;
krb5_data sam_challenge;
krb5_data sam_response_prompt;
krb5_data sam_pk_for_sad;
krb5_int32 sam_nonce;
krb5_checksum sam_cksum;
} krb5_sam_challenge;
typedef struct _krb5_sam_key {
krb5_magic magic;
krb5_keyblock sam_key;
} krb5_sam_key;
typedef struct _krb5_enc_sam_response_enc {
krb5_magic magic;
krb5_int32 sam_nonce;
krb5_timestamp sam_timestamp;
krb5_int32 sam_usec;
krb5_data sam_sad;
} krb5_enc_sam_response_enc;
typedef struct _krb5_sam_response {
krb5_magic magic;
krb5_int32 sam_type;
krb5_flags sam_flags;
krb5_data sam_track_id;
krb5_enc_data sam_enc_key;
krb5_enc_data sam_enc_nonce_or_ts;
krb5_int32 sam_nonce;
krb5_timestamp sam_patimestamp;
} krb5_sam_response;
typedef struct _krb5_sam_challenge_2 {
krb5_data sam_challenge_2_body;
krb5_checksum **sam_cksum;
} krb5_sam_challenge_2;
typedef struct _krb5_sam_challenge_2_body {
krb5_magic magic;
krb5_int32 sam_type;
krb5_flags sam_flags;
krb5_data sam_type_name;
krb5_data sam_track_id;
krb5_data sam_challenge_label;
krb5_data sam_challenge;
krb5_data sam_response_prompt;
krb5_data sam_pk_for_sad;
krb5_int32 sam_nonce;
krb5_enctype sam_etype;
} krb5_sam_challenge_2_body;
typedef struct _krb5_sam_response_2 {
krb5_magic magic;
krb5_int32 sam_type;
krb5_flags sam_flags;
krb5_data sam_track_id;
krb5_enc_data sam_enc_nonce_or_sad;
krb5_int32 sam_nonce;
} krb5_sam_response_2;
typedef struct _krb5_enc_sam_response_enc_2 {
krb5_magic magic;
krb5_int32 sam_nonce;
krb5_data sam_sad;
} krb5_enc_sam_response_enc_2;
#ifndef KRB5_EXT_PROTO__
#define KRB5_EXT_PROTO__
#include <stdlib.h>
#include <string.h>
#ifndef HAVE_STRDUP
extern char *strdup (const char *);
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#endif
#ifndef KRB5_SYSINCL__
#define KRB5_SYSINCL__
#ifndef KRB5_SYSTYPES__
#define KRB5_SYSTYPES__
#endif
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#ifdef TIME_WITH_SYS_TIME
#include <time.h>
#endif
#else
#include <time.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#ifdef HAVE_SYS_FILE_H
#include <sys/file.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#endif
#ifndef KRB5_LIBOS_PROTO__
#define KRB5_LIBOS_PROTO__
#include <stdio.h>
struct addrlist;
struct sendto_callback_info;
krb5_error_code krb5_lock_file (krb5_context, int, int);
krb5_error_code krb5_unlock_file (krb5_context, int);
krb5_error_code krb5_sendto_kdc (krb5_context, const krb5_data *,
const krb5_data *, krb5_data *, int *, int);
krb5_error_code krb5int_sendto (krb5_context context, const krb5_data *message,
const struct addrlist *addrs, struct sendto_callback_info* callback_info,
krb5_data *reply, struct sockaddr *localaddr, socklen_t *localaddrlen,
struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, int *addr_used);
krb5_error_code krb5_get_krbhst (krb5_context, const krb5_data *, char *** );
krb5_error_code krb5_free_krbhst (krb5_context, char * const * );
krb5_error_code krb5_create_secure_file (krb5_context, const char * pathname);
krb5_error_code krb5_sync_disk_file (krb5_context, FILE *fp);
krb5_error_code krb5int_get_fq_local_hostname (char *, size_t);
krb5_error_code krb5int_init_context_kdc(krb5_context *);
krb5_error_code krb5_os_init_context (krb5_context, krb5_boolean);
void krb5_os_free_context (krb5_context);
krb5_error_code os_get_default_config_files
(profile_filespec_t **pfiles, krb5_boolean secure);
krb5_error_code krb5_os_hostaddr
(krb5_context, const char *, krb5_address ***);
struct addrlist {
struct {
#ifdef FAI_DEFINED
struct addrinfo *ai;
#else
struct undefined_addrinfo *ai;
#endif
void (*freefn)(void *);
void *data;
} *addrs;
int naddrs;
int space;
};
#define ADDRLIST_INIT { 0, 0, 0 }
extern void krb5int_free_addrlist (struct addrlist *);
extern int krb5int_grow_addrlist (struct addrlist *, int);
extern int krb5int_add_host_to_list (struct addrlist *, const char *,
int, int, int, int);
#include <krb5/locate_plugin.h>
krb5_error_code
krb5int_locate_server (krb5_context, const krb5_data *realm,
struct addrlist *, enum locate_service_type svc,
int sockettype, int family);
#endif
struct krb5_enc_provider {
size_t block_size, keybytes, keylength;
krb5_error_code (*encrypt) (const krb5_keyblock *key,
const krb5_data *cipher_state,
const krb5_data *input,
krb5_data *output);
krb5_error_code (*decrypt) (const krb5_keyblock *key,
const krb5_data *ivec,
const krb5_data *input,
krb5_data *output);
krb5_error_code (*make_key) (const krb5_data *randombits,
krb5_keyblock *key);
krb5_error_code (*init_state) (const krb5_keyblock *key,
krb5_keyusage keyusage, krb5_data *out_state);
krb5_error_code (*free_state) (krb5_data *state);
};
struct krb5_hash_provider {
size_t hashsize, blocksize;
krb5_error_code (*hash) (unsigned int icount, const krb5_data *input,
krb5_data *output);
};
struct krb5_keyhash_provider {
size_t hashsize;
krb5_error_code (*hash) (const krb5_keyblock *key,
krb5_keyusage keyusage,
const krb5_data *ivec,
const krb5_data *input,
krb5_data *output);
krb5_error_code (*verify) (const krb5_keyblock *key,
krb5_keyusage keyusage,
const krb5_data *ivec,
const krb5_data *input,
const krb5_data *hash,
krb5_boolean *valid);
};
typedef void (*krb5_encrypt_length_func) (const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
size_t inputlen, size_t *length);
typedef krb5_error_code (*krb5_crypt_func) (const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
const krb5_keyblock *key, krb5_keyusage keyusage,
const krb5_data *ivec,
const krb5_data *input, krb5_data *output);
typedef krb5_error_code (*krb5_str2key_func) (const struct krb5_enc_provider *enc, const krb5_data *string,
const krb5_data *salt, const krb5_data *parm, krb5_keyblock *key);
typedef krb5_error_code (*krb5_prf_func)(
const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
const krb5_keyblock *key,
const krb5_data *in, krb5_data *out);
struct krb5_keytypes {
krb5_enctype etype;
char *in_string;
char *out_string;
const struct krb5_enc_provider *enc;
const struct krb5_hash_provider *hash;
size_t prf_length;
krb5_encrypt_length_func encrypt_len;
krb5_crypt_func encrypt;
krb5_crypt_func decrypt;
krb5_str2key_func str2key;
krb5_prf_func prf;
krb5_cksumtype required_ctype;
};
struct krb5_cksumtypes {
krb5_cksumtype ctype;
unsigned int flags;
char *in_string;
char *out_string;
krb5_enctype keyed_etype;
const struct krb5_keyhash_provider *keyhash;
const struct krb5_hash_provider *hash;
unsigned int trunc_size;
};
#define KRB5_CKSUMFLAG_DERIVE 0x0001
#define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002
void krb5_nfold
(unsigned int inbits, const unsigned char *in,
unsigned int outbits, unsigned char *out);
krb5_error_code krb5_hmac
(const struct krb5_hash_provider *hash,
const krb5_keyblock *key, unsigned int icount,
const krb5_data *input, krb5_data *output);
krb5_error_code krb5int_pbkdf2_hmac_sha1 (const krb5_data *, unsigned long,
const krb5_data *,
const krb5_data *);
#ifdef _WIN32
# define krb5int_zap_data(ptr, len) SecureZeroMemory(ptr, len)
#elif defined(__palmos__) && !defined(__GNUC__)
# define krb5int_zap_data(ptr, len) memset(ptr, 0, len)
#else
# define krb5int_zap_data(ptr, len) memset((volatile void *)ptr, 0, len)
# if defined(__GNUC__) && defined(__GLIBC__)
# undef memset
# endif
#endif
#define zap(p,l) krb5int_zap_data(p,l)
krb5_error_code krb5int_des_init_state
(const krb5_keyblock *key, krb5_keyusage keyusage, krb5_data *new_state);
krb5_error_code krb5int_default_free_state
(krb5_data *state);
krb5_error_code krb5int_c_combine_keys
(krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2,
krb5_keyblock *outkey);
void krb5int_c_free_keyblock
(krb5_context, krb5_keyblock *key);
void krb5int_c_free_keyblock_contents
(krb5_context, krb5_keyblock *);
krb5_error_code krb5int_c_init_keyblock
(krb5_context, krb5_enctype enctype,
size_t length, krb5_keyblock **out);
extern void krb5int_prng_cleanup (void);
extern const struct krb5_enc_provider krb5int_enc_arcfour;
extern const struct krb5_hash_provider krb5int_hash_md5;
#ifdef KRB5_OLD_CRYPTO
krb5_error_code krb5_crypto_os_localaddr
(krb5_address ***);
krb5_error_code krb5_crypto_us_timeofday
(krb5_int32 *,
krb5_int32 *);
time_t krb5int_gmt_mktime (struct tm *);
#endif
krb5_error_code krb5_encrypt_helper
(krb5_context context, const krb5_keyblock *key,
krb5_keyusage keyusage, const krb5_data *plain,
krb5_enc_data *cipher);
#ifndef KRB5_LIBOS__
#define KRB5_LIBOS__
typedef struct _krb5_os_context {
krb5_magic magic;
krb5_int32 time_offset;
krb5_int32 usec_offset;
krb5_int32 os_flags;
char * default_ccname;
} *krb5_os_context;
#define KRB5_OS_TOFFSET_VALID 1
#define KRB5_OS_TOFFSET_TIME 2
#define KRB5_LOCKMODE_SHARED 0x0001
#define KRB5_LOCKMODE_EXCLUSIVE 0x0002
#define KRB5_LOCKMODE_DONTBLOCK 0x0004
#define KRB5_LOCKMODE_UNLOCK 0x0008
#endif
#define KRB5_MIT_DES_KEYSIZE 8
#ifdef MIT_DES_KEYSIZE
#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
#endif
#endif
#ifndef KRB5_PREAUTH__
#define KRB5_PREAUTH__
#include <krb5/preauth_plugin.h>
#define CLIENT_ROCK_MAGIC 0x4352434b
typedef struct _krb5_preauth_client_rock {
krb5_magic magic;
krb5_kdc_rep *as_reply;
} krb5_preauth_client_rock;
typedef struct _krb5_preauth_context {
int n_modules;
struct _krb5_preauth_context_module {
krb5_preauthtype pa_type;
krb5_enctype *enctypes;
void *plugin_context;
void (*client_fini)(krb5_context context, void *plugin_context);
struct krb5plugin_preauth_client_ftable_v0 *ftable;
const char *name;
int flags, use_count;
krb5_error_code (*client_process)(krb5_context context,
void *plugin_context,
void *request_context,
krb5_get_init_creds_opt *opt,
preauth_get_client_data_proc get_data_proc,
krb5_preauth_client_rock *rock,
krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request,
krb5_pa_data *pa_data,
krb5_prompter_fct prompter,
void *prompter_data,
preauth_get_as_key_proc gak_fct,
void *gak_data,
krb5_data *salt,
krb5_data *s2kparams,
krb5_keyblock *as_key,
krb5_pa_data **out_pa_data);
krb5_error_code (*client_tryagain)(krb5_context context,
void *plugin_context,
void *request_context,
krb5_get_init_creds_opt *opt,
preauth_get_client_data_proc get_data_proc,
krb5_preauth_client_rock *rock,
krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request,
krb5_pa_data *old_pa_data,
krb5_error *err_reply,
krb5_prompter_fct prompter,
void *prompter_data,
preauth_get_as_key_proc gak_fct,
void *gak_data,
krb5_data *salt,
krb5_data *s2kparams,
krb5_keyblock *as_key,
krb5_pa_data **new_pa_data);
supply_gic_opts_proc client_supply_gic_opts;
void (*client_req_init)(krb5_context context, void *plugin_context,
void **request_context);
void (*client_req_fini)(krb5_context context, void *plugin_context,
void *request_context);
void *request_context;
void **request_context_pp;
} *modules;
} krb5_preauth_context;
typedef struct _krb5_pa_enc_ts {
krb5_timestamp patimestamp;
krb5_int32 pausec;
} krb5_pa_enc_ts;
typedef krb5_error_code (*krb5_preauth_obtain_proc)
(krb5_context,
krb5_pa_data *,
krb5_etype_info,
krb5_keyblock *,
krb5_error_code ( * )(krb5_context,
const krb5_enctype,
krb5_data *,
krb5_const_pointer,
krb5_keyblock **),
krb5_const_pointer,
krb5_creds *,
krb5_kdc_req *,
krb5_pa_data **);
typedef krb5_error_code (*krb5_preauth_process_proc)
(krb5_context,
krb5_pa_data *,
krb5_kdc_req *,
krb5_kdc_rep *,
krb5_error_code ( * )(krb5_context,
const krb5_enctype,
krb5_data *,
krb5_const_pointer,
krb5_keyblock **),
krb5_const_pointer,
krb5_error_code ( * )(krb5_context,
const krb5_keyblock *,
krb5_const_pointer,
krb5_kdc_rep * ),
krb5_keyblock **,
krb5_creds *,
krb5_int32 *,
krb5_int32 *);
typedef struct _krb5_preauth_ops {
krb5_magic magic;
int type;
int flags;
krb5_preauth_obtain_proc obtain;
krb5_preauth_process_proc process;
} krb5_preauth_ops;
krb5_error_code krb5_obtain_padata
(krb5_context,
krb5_pa_data **,
krb5_error_code ( * )(krb5_context,
const krb5_enctype,
krb5_data *,
krb5_const_pointer,
krb5_keyblock **),
krb5_const_pointer,
krb5_creds *,
krb5_kdc_req *);
krb5_error_code krb5_process_padata
(krb5_context,
krb5_kdc_req *,
krb5_kdc_rep *,
krb5_error_code ( * )(krb5_context,
const krb5_enctype,
krb5_data *,
krb5_const_pointer,
krb5_keyblock **),
krb5_const_pointer,
krb5_error_code ( * )(krb5_context,
const krb5_keyblock *,
krb5_const_pointer,
krb5_kdc_rep * ),
krb5_keyblock **,
krb5_creds *,
krb5_int32 *);
void krb5_free_etype_info
(krb5_context, krb5_etype_info);
#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001
#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002
#endif
#define KRB5_GET_INIT_CREDS_OPT_EXTENDED 0x80000000
#define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
#define krb5_gic_opt_is_extended(s) \
((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
#define krb5_gic_opt_is_shadowed(s) \
((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
typedef struct _krb5_gic_opt_private {
int num_preauth_data;
krb5_gic_opt_pa_data *preauth_data;
} krb5_gic_opt_private;
typedef struct _krb5_gic_opt_ext {
krb5_flags flags;
krb5_deltat tkt_life;
krb5_deltat renew_life;
int forwardable;
int proxiable;
krb5_enctype *etype_list;
int etype_list_length;
krb5_address **address_list;
krb5_preauthtype *preauth_list;
int preauth_list_length;
krb5_data *salt;
krb5_gic_opt_private *opt_private;
} krb5_gic_opt_ext;
krb5_error_code
krb5int_gic_opt_to_opte(krb5_context context,
krb5_get_init_creds_opt *opt,
krb5_gic_opt_ext **opte,
unsigned int force,
const char *where);
krb5_error_code
krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *);
typedef krb5_error_code (*krb5_gic_get_as_key_fct)
(krb5_context,
krb5_principal,
krb5_enctype,
krb5_prompter_fct,
void *prompter_data,
krb5_data *salt,
krb5_data *s2kparams,
krb5_keyblock *as_key,
void *gak_data);
krb5_error_code KRB5_CALLCONV
krb5_get_init_creds
(krb5_context context,
krb5_creds *creds,
krb5_principal client,
krb5_prompter_fct prompter,
void *prompter_data,
krb5_deltat start_time,
char *in_tkt_service,
krb5_gic_opt_ext *gic_options,
krb5_gic_get_as_key_fct gak,
void *gak_data,
int *master,
krb5_kdc_rep **as_reply);
krb5_error_code krb5int_populate_gic_opt (
krb5_context, krb5_gic_opt_ext **,
krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
krb5_preauthtype *pre_auth_types, krb5_creds *creds);
krb5_error_code KRB5_CALLCONV krb5_do_preauth
(krb5_context context,
krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request,
krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
krb5_data *salt, krb5_data *s2kparams,
krb5_enctype *etype, krb5_keyblock *as_key,
krb5_prompter_fct prompter, void *prompter_data,
krb5_gic_get_as_key_fct gak_fct, void *gak_data,
krb5_preauth_client_rock *get_data_rock,
krb5_gic_opt_ext *opte);
krb5_error_code KRB5_CALLCONV krb5_do_preauth_tryagain
(krb5_context context,
krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request,
krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
krb5_error *err_reply,
krb5_data *salt, krb5_data *s2kparams,
krb5_enctype *etype, krb5_keyblock *as_key,
krb5_prompter_fct prompter, void *prompter_data,
krb5_gic_get_as_key_fct gak_fct, void *gak_data,
krb5_preauth_client_rock *get_data_rock,
krb5_gic_opt_ext *opte);
void KRB5_CALLCONV krb5_init_preauth_context
(krb5_context);
void KRB5_CALLCONV krb5_free_preauth_context
(krb5_context);
void KRB5_CALLCONV krb5_clear_preauth_context_use_counts
(krb5_context);
void KRB5_CALLCONV krb5_preauth_prepare_request
(krb5_context, krb5_gic_opt_ext *, krb5_kdc_req *);
void KRB5_CALLCONV krb5_preauth_request_context_init
(krb5_context);
void KRB5_CALLCONV krb5_preauth_request_context_fini
(krb5_context);
void KRB5_CALLCONV krb5_free_sam_challenge
(krb5_context, krb5_sam_challenge * );
void KRB5_CALLCONV krb5_free_sam_challenge_2
(krb5_context, krb5_sam_challenge_2 * );
void KRB5_CALLCONV krb5_free_sam_challenge_2_body
(krb5_context, krb5_sam_challenge_2_body *);
void KRB5_CALLCONV krb5_free_sam_response
(krb5_context, krb5_sam_response * );
void KRB5_CALLCONV krb5_free_sam_response_2
(krb5_context, krb5_sam_response_2 * );
void KRB5_CALLCONV krb5_free_predicted_sam_response
(krb5_context, krb5_predicted_sam_response * );
void KRB5_CALLCONV krb5_free_enc_sam_response_enc
(krb5_context, krb5_enc_sam_response_enc * );
void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2
(krb5_context, krb5_enc_sam_response_enc_2 * );
void KRB5_CALLCONV krb5_free_sam_challenge_contents
(krb5_context, krb5_sam_challenge * );
void KRB5_CALLCONV krb5_free_sam_challenge_2_contents
(krb5_context, krb5_sam_challenge_2 * );
void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents
(krb5_context, krb5_sam_challenge_2_body * );
void KRB5_CALLCONV krb5_free_sam_response_contents
(krb5_context, krb5_sam_response * );
void KRB5_CALLCONV krb5_free_sam_response_2_contents
(krb5_context, krb5_sam_response_2 *);
void KRB5_CALLCONV krb5_free_predicted_sam_response_contents
(krb5_context, krb5_predicted_sam_response * );
void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents
(krb5_context, krb5_enc_sam_response_enc * );
void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents
(krb5_context, krb5_enc_sam_response_enc_2 * );
void KRB5_CALLCONV krb5_free_pa_enc_ts
(krb5_context, krb5_pa_enc_ts *);
#include "com_err.h"
#include "k5-plugin.h"
struct _krb5_context {
krb5_magic magic;
krb5_enctype *in_tkt_ktypes;
unsigned int in_tkt_ktype_count;
krb5_enctype *tgs_ktypes;
unsigned int tgs_ktype_count;
struct _krb5_os_context os_context[1];
char *default_realm;
profile_t profile;
void *db_context;
int ser_ctx_count;
void *ser_ctx;
krb5_deltat clockskew;
krb5_cksumtype kdc_req_sumtype;
krb5_cksumtype default_ap_req_sumtype;
krb5_cksumtype default_safe_sumtype;
krb5_flags kdc_default_options;
krb5_flags library_options;
krb5_boolean profile_secure;
int fcc_default_format;
int scc_default_format;
krb5_prompt_type *prompt_types;
int udp_pref_limit;
krb5_boolean use_conf_ktypes;
#ifdef KRB5_DNS_LOOKUP
krb5_boolean profile_in_memory;
#endif
struct plugin_dir_handle libkrb5_plugins;
struct krb5plugin_service_locate_ftable *vtbl;
void (**locate_fptrs)(void);
struct plugin_dir_handle preauth_plugins;
krb5_preauth_context *preauth_context;
struct errinfo err;
};
#define KRB5_LIBOPT_SYNC_KDCTIME 0x0001
typedef struct _krb5_safe {
krb5_magic magic;
krb5_data user_data;
krb5_timestamp timestamp;
krb5_int32 usec;
krb5_ui_4 seq_number;
krb5_address *s_address;
krb5_address *r_address;
krb5_checksum *checksum;
} krb5_safe;
typedef struct _krb5_priv {
krb5_magic magic;
krb5_enc_data enc_part;
} krb5_priv;
typedef struct _krb5_priv_enc_part {
krb5_magic magic;
krb5_data user_data;
krb5_timestamp timestamp;
krb5_int32 usec;
krb5_ui_4 seq_number;
krb5_address *s_address;
krb5_address *r_address;
} krb5_priv_enc_part;
void KRB5_CALLCONV krb5_free_safe
(krb5_context, krb5_safe * );
void KRB5_CALLCONV krb5_free_priv
(krb5_context, krb5_priv * );
void KRB5_CALLCONV krb5_free_priv_enc_part
(krb5_context, krb5_priv_enc_part * );
#ifndef KRB5_ASN1__
#define KRB5_ASN1__
#define krb5_is_krb_ticket(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\
(dat)->data[0] == 0x41))
#define krb5_is_krb_authenticator(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\
(dat)->data[0] == 0x42))
#define krb5_is_as_req(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\
(dat)->data[0] == 0x4a))
#define krb5_is_as_rep(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\
(dat)->data[0] == 0x4b))
#define krb5_is_tgs_req(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\
(dat)->data[0] == 0x4c))
#define krb5_is_tgs_rep(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\
(dat)->data[0] == 0x4d))
#define krb5_is_ap_req(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\
(dat)->data[0] == 0x4e))
#define krb5_is_ap_rep(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\
(dat)->data[0] == 0x4f))
#define krb5_is_krb_safe(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\
(dat)->data[0] == 0x54))
#define krb5_is_krb_priv(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\
(dat)->data[0] == 0x55))
#define krb5_is_krb_cred(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\
(dat)->data[0] == 0x56))
#define krb5_is_krb_enc_as_rep_part(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\
(dat)->data[0] == 0x59))
#define krb5_is_krb_enc_tgs_rep_part(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\
(dat)->data[0] == 0x5a))
#define krb5_is_krb_enc_ap_rep_part(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\
(dat)->data[0] == 0x5b))
#define krb5_is_krb_enc_krb_priv_part(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\
(dat)->data[0] == 0x5c))
#define krb5_is_krb_enc_krb_cred_part(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\
(dat)->data[0] == 0x5d))
#define krb5_is_krb_error(dat)\
((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\
(dat)->data[0] == 0x5e))
krb5_error_code encode_krb5_authenticator
(const krb5_authenticator *rep, krb5_data **code);
krb5_error_code encode_krb5_ticket
(const krb5_ticket *rep, krb5_data **code);
krb5_error_code encode_krb5_encryption_key
(const krb5_keyblock *rep, krb5_data **code);
krb5_error_code encode_krb5_enc_tkt_part
(const krb5_enc_tkt_part *rep, krb5_data **code);
krb5_error_code encode_krb5_enc_kdc_rep_part
(const krb5_enc_kdc_rep_part *rep, krb5_data **code);
krb5_error_code encode_krb5_as_rep
(const krb5_kdc_rep *rep, krb5_data **code);
krb5_error_code encode_krb5_tgs_rep
(const krb5_kdc_rep *rep, krb5_data **code);
krb5_error_code encode_krb5_ap_req
(const krb5_ap_req *rep, krb5_data **code);
krb5_error_code encode_krb5_ap_rep
(const krb5_ap_rep *rep, krb5_data **code);
krb5_error_code encode_krb5_ap_rep_enc_part
(const krb5_ap_rep_enc_part *rep, krb5_data **code);
krb5_error_code encode_krb5_as_req
(const krb5_kdc_req *rep, krb5_data **code);
krb5_error_code encode_krb5_tgs_req
(const krb5_kdc_req *rep, krb5_data **code);
krb5_error_code encode_krb5_kdc_req_body
(const krb5_kdc_req *rep, krb5_data **code);
krb5_error_code encode_krb5_safe
(const krb5_safe *rep, krb5_data **code);
krb5_error_code encode_krb5_safe_with_body
(const krb5_safe *rep, const krb5_data *body, krb5_data **code);
krb5_error_code encode_krb5_priv
(const krb5_priv *rep, krb5_data **code);
krb5_error_code encode_krb5_enc_priv_part
(const krb5_priv_enc_part *rep, krb5_data **code);
krb5_error_code encode_krb5_cred
(const krb5_cred *rep, krb5_data **code);
krb5_error_code encode_krb5_enc_cred_part
(const krb5_cred_enc_part *rep, krb5_data **code);
krb5_error_code encode_krb5_error
(const krb5_error *rep, krb5_data **code);
krb5_error_code encode_krb5_authdata
(const krb5_authdata **rep, krb5_data **code);
krb5_error_code encode_krb5_pwd_sequence
(const passwd_phrase_element *rep, krb5_data **code);
krb5_error_code encode_krb5_pwd_data
(const krb5_pwd_data *rep, krb5_data **code);
krb5_error_code encode_krb5_padata_sequence
(const krb5_pa_data ** rep, krb5_data **code);
krb5_error_code encode_krb5_alt_method
(const krb5_alt_method *, krb5_data **code);
krb5_error_code encode_krb5_etype_info
(const krb5_etype_info_entry **, krb5_data **code);
krb5_error_code encode_krb5_etype_info2
(const krb5_etype_info_entry **, krb5_data **code);
krb5_error_code encode_krb5_enc_data
(const krb5_enc_data *, krb5_data **);
krb5_error_code encode_krb5_pa_enc_ts
(const krb5_pa_enc_ts *, krb5_data **);
krb5_error_code encode_krb5_sam_challenge
(const krb5_sam_challenge * , krb5_data **);
krb5_error_code encode_krb5_sam_key
(const krb5_sam_key * , krb5_data **);
krb5_error_code encode_krb5_enc_sam_response_enc
(const krb5_enc_sam_response_enc * , krb5_data **);
krb5_error_code encode_krb5_sam_response
(const krb5_sam_response * , krb5_data **);
krb5_error_code encode_krb5_sam_challenge_2
(const krb5_sam_challenge_2 * , krb5_data **);
krb5_error_code encode_krb5_sam_challenge_2_body
(const krb5_sam_challenge_2_body * , krb5_data **);
krb5_error_code encode_krb5_enc_sam_response_enc_2
(const krb5_enc_sam_response_enc_2 * , krb5_data **);
krb5_error_code encode_krb5_sam_response_2
(const krb5_sam_response_2 * , krb5_data **);
krb5_error_code encode_krb5_predicted_sam_response
(const krb5_predicted_sam_response * , krb5_data **);
krb5_error_code encode_krb5_setpw_req
(const krb5_principal target, char *password, krb5_data **code);
krb5_error_code decode_krb5_sam_challenge
(const krb5_data *, krb5_sam_challenge **);
krb5_error_code decode_krb5_enc_sam_key
(const krb5_data *, krb5_sam_key **);
krb5_error_code decode_krb5_enc_sam_response_enc
(const krb5_data *, krb5_enc_sam_response_enc **);
krb5_error_code decode_krb5_sam_response
(const krb5_data *, krb5_sam_response **);
krb5_error_code decode_krb5_predicted_sam_response
(const krb5_data *, krb5_predicted_sam_response **);
krb5_error_code decode_krb5_sam_challenge_2
(const krb5_data *, krb5_sam_challenge_2 **);
krb5_error_code decode_krb5_sam_challenge_2_body
(const krb5_data *, krb5_sam_challenge_2_body **);
krb5_error_code decode_krb5_enc_sam_response_enc_2
(const krb5_data *, krb5_enc_sam_response_enc_2 **);
krb5_error_code decode_krb5_sam_response_2
(const krb5_data *, krb5_sam_response_2 **);
krb5_error_code krb5_validate_times
(krb5_context,
krb5_ticket_times *);
krb5_error_code decode_krb5_authenticator
(const krb5_data *code, krb5_authenticator **rep);
krb5_error_code decode_krb5_ticket
(const krb5_data *code, krb5_ticket **rep);
krb5_error_code decode_krb5_encryption_key
(const krb5_data *output, krb5_keyblock **rep);
krb5_error_code decode_krb5_enc_tkt_part
(const krb5_data *output, krb5_enc_tkt_part **rep);
krb5_error_code decode_krb5_enc_kdc_rep_part
(const krb5_data *output, krb5_enc_kdc_rep_part **rep);
krb5_error_code decode_krb5_as_rep
(const krb5_data *output, krb5_kdc_rep **rep);
krb5_error_code decode_krb5_tgs_rep
(const krb5_data *output, krb5_kdc_rep **rep);
krb5_error_code decode_krb5_ap_req
(const krb5_data *output, krb5_ap_req **rep);
krb5_error_code decode_krb5_ap_rep
(const krb5_data *output, krb5_ap_rep **rep);
krb5_error_code decode_krb5_ap_rep_enc_part
(const krb5_data *output, krb5_ap_rep_enc_part **rep);
krb5_error_code decode_krb5_as_req
(const krb5_data *output, krb5_kdc_req **rep);
krb5_error_code decode_krb5_tgs_req
(const krb5_data *output, krb5_kdc_req **rep);
krb5_error_code decode_krb5_kdc_req_body
(const krb5_data *output, krb5_kdc_req **rep);
krb5_error_code decode_krb5_safe
(const krb5_data *output, krb5_safe **rep);
krb5_error_code decode_krb5_safe_with_body
(const krb5_data *output, krb5_safe **rep, krb5_data *body);
krb5_error_code decode_krb5_priv
(const krb5_data *output, krb5_priv **rep);
krb5_error_code decode_krb5_enc_priv_part
(const krb5_data *output, krb5_priv_enc_part **rep);
krb5_error_code decode_krb5_cred
(const krb5_data *output, krb5_cred **rep);
krb5_error_code decode_krb5_enc_cred_part
(const krb5_data *output, krb5_cred_enc_part **rep);
krb5_error_code decode_krb5_error
(const krb5_data *output, krb5_error **rep);
krb5_error_code decode_krb5_authdata
(const krb5_data *output, krb5_authdata ***rep);
krb5_error_code decode_krb5_pwd_sequence
(const krb5_data *output, passwd_phrase_element **rep);
krb5_error_code decode_krb5_pwd_data
(const krb5_data *output, krb5_pwd_data **rep);
krb5_error_code decode_krb5_padata_sequence
(const krb5_data *output, krb5_pa_data ***rep);
krb5_error_code decode_krb5_alt_method
(const krb5_data *output, krb5_alt_method **rep);
krb5_error_code decode_krb5_etype_info
(const krb5_data *output, krb5_etype_info_entry ***rep);
krb5_error_code decode_krb5_etype_info2
(const krb5_data *output, krb5_etype_info_entry ***rep);
krb5_error_code decode_krb5_enc_data
(const krb5_data *output, krb5_enc_data **rep);
krb5_error_code decode_krb5_pa_enc_ts
(const krb5_data *output, krb5_pa_enc_ts **rep);
krb5_error_code decode_krb5_sam_key
(const krb5_data *, krb5_sam_key **);
struct _krb5_key_data;
krb5_error_code
krb5int_ldap_encode_sequence_of_keys (struct _krb5_key_data *key_data,
krb5_int16 n_key_data,
krb5_int32 mkvno,
krb5_data **code);
krb5_error_code
krb5int_ldap_decode_sequence_of_keys (krb5_data *in,
struct _krb5_key_data **out,
krb5_int16 *n_key_data,
int *mkvno);
#endif
krb5_error_code krb5_encrypt_tkt_part
(krb5_context,
const krb5_keyblock *,
krb5_ticket * );
krb5_error_code krb5_encode_kdc_rep
(krb5_context,
const krb5_msgtype,
const krb5_enc_kdc_rep_part *,
int using_subkey,
const krb5_keyblock *,
krb5_kdc_rep *,
krb5_data ** );
krb5_boolean krb5int_auth_con_chkseqnum
(krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq);
struct __krb5_serializer {
krb5_magic odtype;
krb5_error_code (*sizer) (krb5_context,
krb5_pointer,
size_t *);
krb5_error_code (*externalizer) (krb5_context,
krb5_pointer,
krb5_octet **,
size_t *);
krb5_error_code (*internalizer) (krb5_context,
krb5_pointer *,
krb5_octet **,
size_t *);
};
typedef const struct __krb5_serializer * krb5_ser_handle;
typedef struct __krb5_serializer krb5_ser_entry;
krb5_ser_handle krb5_find_serializer
(krb5_context,
krb5_magic);
krb5_error_code krb5_register_serializer
(krb5_context,
const krb5_ser_entry *);
krb5_error_code KRB5_CALLCONV krb5_size_opaque
(krb5_context,
krb5_magic,
krb5_pointer,
size_t *);
krb5_error_code KRB5_CALLCONV krb5_externalize_opaque
(krb5_context,
krb5_magic,
krb5_pointer,
krb5_octet **,
size_t *);
krb5_error_code KRB5_CALLCONV krb5_internalize_opaque
(krb5_context,
krb5_magic,
krb5_pointer *,
krb5_octet **,
size_t *);
krb5_error_code krb5_externalize_data
(krb5_context,
krb5_pointer,
krb5_octet **,
size_t *);
krb5_error_code KRB5_CALLCONV krb5_ser_context_init
(krb5_context);
krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init
(krb5_context);
krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init
(krb5_context);
krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init
(krb5_context);
krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init
(krb5_context);
krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32
(krb5_int32,
krb5_octet **,
size_t *);
krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32
(krb5_int32 *,
krb5_octet **,
size_t *);
krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64
(krb5_int64, krb5_octet **, size_t *);
krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64
(krb5_int64 *, krb5_octet **, size_t *);
krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes
(krb5_octet *,
size_t,
krb5_octet **,
size_t *);
krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes
(krb5_octet *,
size_t,
krb5_octet **,
size_t *);
krb5_error_code KRB5_CALLCONV krb5int_cc_default
(krb5_context, krb5_ccache *);
krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default
(krb5_context, krb5_ccache, krb5_flags,
krb5_creds *, krb5_creds *);
krb5_boolean KRB5_CALLCONV
krb5_creds_compare (krb5_context in_context,
krb5_creds *in_creds,
krb5_creds *in_compare_creds);
void krb5int_set_prompt_types
(krb5_context, krb5_prompt_type *);
krb5_error_code
krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context,
krb5_keyblock * );
krb5_error_code krb5int_mk_chpw_req
(krb5_context context, krb5_auth_context auth_context,
krb5_data *ap_req, char *passwd, krb5_data *packet);
krb5_error_code krb5int_rd_chpw_rep
(krb5_context context, krb5_auth_context auth_context,
krb5_data *packet, int *result_code,
krb5_data *result_data);
krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string
(krb5_context context, int result_code,
char **result_codestr);
krb5_error_code krb5int_mk_setpw_req
(krb5_context context, krb5_auth_context auth_context,
krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet);
krb5_error_code krb5int_rd_setpw_rep
(krb5_context context, krb5_auth_context auth_context,
krb5_data *packet, int *result_code,
krb5_data *result_data);
krb5_error_code krb5int_setpw_result_code_string
(krb5_context context, int result_code,
const char **result_codestr);
struct srv_dns_entry {
struct srv_dns_entry *next;
int priority;
int weight;
unsigned short port;
char *host;
};
#ifdef KRB5_DNS_LOOKUP
krb5_error_code
krb5int_make_srv_query_realm(const krb5_data *realm,
const char *service,
const char *protocol,
struct srv_dns_entry **answers);
void krb5int_free_srv_dns_data(struct srv_dns_entry *);
#endif
#define KRB5_VERIFY_MAGIC(structure,magic_number) \
if ((structure)->magic != (magic_number)) return (magic_number);
#define krb5_xfree(val) free((char *)(val))
#define KRB5INT_ACCESS_STRUCT_VERSION 10
#ifndef ANAME_SZ
struct ktext;
#endif
typedef struct _krb5int_access {
const struct krb5_hash_provider *md5_hash_provider;
const struct krb5_enc_provider *arcfour_enc_provider;
krb5_error_code (* krb5_hmac) (const struct krb5_hash_provider *hash,
const krb5_keyblock *key,
unsigned int icount, const krb5_data *input,
krb5_data *output);
krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg,
const struct addrlist *, struct sendto_callback_info*, krb5_data *reply,
struct sockaddr *, socklen_t *,struct sockaddr *,
socklen_t *, int *);
krb5_error_code (*add_host_to_list)(struct addrlist *lp,
const char *hostname,
int port, int secport,
int socktype, int family);
void (*free_addrlist) (struct addrlist *);
krb5_error_code (*make_srv_query_realm)(const krb5_data *realm,
const char *service,
const char *protocol,
struct srv_dns_entry **answers);
void (*free_srv_dns_data)(struct srv_dns_entry *);
int (*use_dns_kdc)(krb5_context);
krb5_int32 (*krb_life_to_time)(krb5_int32, int);
int (*krb_time_to_life)(krb5_int32, krb5_int32);
int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *);
krb5_error_code (*krb5int_c_mandatory_cksumtype)
(krb5_context, krb5_enctype, krb5_cksumtype *);
krb5_error_code (KRB5_CALLCONV *krb5_ser_pack_int64)
(krb5_int64, krb5_octet **, size_t *);
krb5_error_code (KRB5_CALLCONV *krb5_ser_unpack_int64)
(krb5_int64 *, krb5_octet **, size_t *);
krb5_error_code
(*asn1_ldap_encode_sequence_of_keys) (struct _krb5_key_data *key_data,
krb5_int16 n_key_data,
krb5_int32 mkvno,
krb5_data **code);
krb5_error_code
(*asn1_ldap_decode_sequence_of_keys) (krb5_data *in,
struct _krb5_key_data **out,
krb5_int16 *n_key_data,
int *mkvno);
} krb5int_access;
#define KRB5INT_ACCESS_VERSION \
(((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \
(KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF)
krb5_error_code KRB5_CALLCONV krb5int_accessor
(krb5int_access*, krb5_int32);
#define KRB524_SERVICE "krb524"
#define KRB524_PORT 4444
extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int);
extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32);
int krb5int_encode_v4tkt
(struct ktext *v4tkt, char *buf, unsigned int *encoded_len);
int krb5int_524_sendto_kdc
(krb5_context context, const krb5_data * message,
const krb5_data * realm, krb5_data * reply,
struct sockaddr *, socklen_t *);
struct _krb5_ccache {
krb5_magic magic;
const struct _krb5_cc_ops *ops;
krb5_pointer data;
};
struct krb5_cc_ptcursor {
const struct _krb5_cc_ops *ops;
krb5_pointer data;
};
typedef struct krb5_cc_ptcursor *krb5_cc_ptcursor;
struct _krb5_cc_ops {
krb5_magic magic;
char *prefix;
const char * (KRB5_CALLCONV *get_name) (krb5_context, krb5_ccache);
krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_ccache *,
const char *);
krb5_error_code (KRB5_CALLCONV *gen_new) (krb5_context, krb5_ccache *);
krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_ccache,
krb5_principal);
krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_ccache);
krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_ccache);
krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_ccache,
krb5_creds *);
krb5_error_code (KRB5_CALLCONV *retrieve) (krb5_context, krb5_ccache,
krb5_flags, krb5_creds *,
krb5_creds *);
krb5_error_code (KRB5_CALLCONV *get_princ) (krb5_context, krb5_ccache,
krb5_principal *);
krb5_error_code (KRB5_CALLCONV *get_first) (krb5_context, krb5_ccache,
krb5_cc_cursor *);
krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_ccache,
krb5_cc_cursor *, krb5_creds *);
krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_ccache,
krb5_cc_cursor *);
krb5_error_code (KRB5_CALLCONV *remove_cred) (krb5_context, krb5_ccache,
krb5_flags, krb5_creds *);
krb5_error_code (KRB5_CALLCONV *set_flags) (krb5_context, krb5_ccache,
krb5_flags);
krb5_error_code (KRB5_CALLCONV *get_flags) (krb5_context, krb5_ccache,
krb5_flags *);
krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context,
krb5_cc_ptcursor *);
krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context,
krb5_cc_ptcursor,
krb5_ccache *);
krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context,
krb5_cc_ptcursor *);
krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache);
krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
krb5_ccache, krb5_timestamp *);
krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
krb5_timestamp *);
};
extern const krb5_cc_ops *krb5_cc_dfl_ops;
krb5_error_code
krb5int_cc_os_default_name(krb5_context context, char **name);
struct krb5_cc_typecursor;
typedef struct krb5_cc_typecursor *krb5_cc_typecursor;
krb5_error_code
krb5int_cc_typecursor_new(krb5_context context, krb5_cc_typecursor *cursor);
krb5_error_code
krb5int_cc_typecursor_next(
krb5_context context,
krb5_cc_typecursor cursor,
const struct _krb5_cc_ops **ops);
krb5_error_code
krb5int_cc_typecursor_free(
krb5_context context,
krb5_cc_typecursor *cursor);
typedef struct _krb5_donot_replay {
krb5_magic magic;
krb5_ui_4 hash;
char *server;
char *client;
krb5_int32 cusec;
krb5_timestamp ctime;
} krb5_donot_replay;
krb5_error_code krb5_rc_default
(krb5_context,
krb5_rcache *);
krb5_error_code krb5_rc_resolve_type
(krb5_context,
krb5_rcache *,char *);
krb5_error_code krb5_rc_resolve_full
(krb5_context,
krb5_rcache *,char *);
char * krb5_rc_get_type
(krb5_context,
krb5_rcache);
char * krb5_rc_default_type
(krb5_context);
char * krb5_rc_default_name
(krb5_context);
krb5_error_code krb5_auth_to_rep
(krb5_context,
krb5_tkt_authent *,
krb5_donot_replay *);
krb5_error_code KRB5_CALLCONV krb5_rc_initialize
(krb5_context, krb5_rcache,krb5_deltat);
krb5_error_code KRB5_CALLCONV krb5_rc_recover_or_initialize
(krb5_context, krb5_rcache,krb5_deltat);
krb5_error_code KRB5_CALLCONV krb5_rc_recover
(krb5_context, krb5_rcache);
krb5_error_code KRB5_CALLCONV krb5_rc_destroy
(krb5_context, krb5_rcache);
krb5_error_code KRB5_CALLCONV krb5_rc_close
(krb5_context, krb5_rcache);
krb5_error_code KRB5_CALLCONV krb5_rc_store
(krb5_context, krb5_rcache,krb5_donot_replay *);
krb5_error_code KRB5_CALLCONV krb5_rc_expunge
(krb5_context, krb5_rcache);
krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan
(krb5_context, krb5_rcache,krb5_deltat *);
char *KRB5_CALLCONV krb5_rc_get_name
(krb5_context, krb5_rcache);
krb5_error_code KRB5_CALLCONV krb5_rc_resolve
(krb5_context, krb5_rcache, char *);
typedef struct _krb5_kt_ops {
krb5_magic magic;
char *prefix;
krb5_error_code (KRB5_CALLCONV *resolve)
(krb5_context,
const char *,
krb5_keytab *);
krb5_error_code (KRB5_CALLCONV *get_name)
(krb5_context,
krb5_keytab,
char *,
unsigned int);
krb5_error_code (KRB5_CALLCONV *close)
(krb5_context,
krb5_keytab);
krb5_error_code (KRB5_CALLCONV *get)
(krb5_context,
krb5_keytab,
krb5_const_principal,
krb5_kvno,
krb5_enctype,
krb5_keytab_entry *);
krb5_error_code (KRB5_CALLCONV *start_seq_get)
(krb5_context,
krb5_keytab,
krb5_kt_cursor *);
krb5_error_code (KRB5_CALLCONV *get_next)
(krb5_context,
krb5_keytab,
krb5_keytab_entry *,
krb5_kt_cursor *);
krb5_error_code (KRB5_CALLCONV *end_get)
(krb5_context,
krb5_keytab,
krb5_kt_cursor *);
krb5_error_code (KRB5_CALLCONV *add)
(krb5_context,
krb5_keytab,
krb5_keytab_entry *);
krb5_error_code (KRB5_CALLCONV *remove)
(krb5_context,
krb5_keytab,
krb5_keytab_entry *);
const krb5_ser_entry *serializer;
} krb5_kt_ops;
extern const krb5_kt_ops krb5_kt_dfl_ops;
extern krb5_error_code krb5int_translate_gai_error (int);
extern krb5_error_code
krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *);
extern int krb5int_crypto_init (void);
extern int krb5int_prng_init(void);
#define krb5_copy_error_state(CTX, OCTX) \
krb5int_set_error(&(CTX)->errinfo, (OCTX)->errinfo.code, "%s", (OCTX)->errinfo.msg)
#define KRB5_REFERRAL_MAXHOPS 5
#ifdef DEBUG_REFERRALS
void krb5int_dbgref_dump_principal(char *, krb5_principal);
#endif
krb5_error_code KRB5_CALLCONV krb5int_clean_hostname
(krb5_context,
const char *,
char *,
size_t);
#endif