1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 3 #ifndef KRB5_INIT_CREDS_CONTEXT 4 #define KRB5_INIT_CREDS_CONTEXT 1 5 6 #include "k5-json.h" 7 #include "int-proto.h" 8 9 typedef struct krb5_preauth_req_context_st *krb5_preauth_req_context; 10 11 struct krb5_responder_context_st { 12 k5_response_items *items; 13 }; 14 15 struct gak_password { 16 krb5_data storage; 17 const krb5_data *password; 18 }; 19 20 struct _krb5_init_creds_context { 21 krb5_get_init_creds_opt *opt; 22 krb5_get_init_creds_opt opt_storage; 23 krb5_boolean identify_realm; 24 const krb5_data *subject_cert; 25 krb5_principal keytab_princ; 26 char *in_tkt_service; 27 krb5_prompter_fct prompter; 28 void *prompter_data; 29 get_as_key_fn gak_fct; 30 void *gak_data; 31 krb5_timestamp request_time; 32 krb5_deltat start_time; 33 krb5_deltat tkt_life; 34 krb5_deltat renew_life; 35 krb5_boolean complete; 36 unsigned int loopcount; 37 struct gak_password gakpw; 38 krb5_error *err_reply; 39 krb5_pa_data **err_padata; 40 krb5_creds cred; 41 krb5_kdc_req *request; 42 krb5_kdc_rep *reply; 43 /** 44 * Stores the outer request body in order to feed into FAST for 45 * checksumming. This is maintained even if FAST is not used. This is not 46 * used for preauth: that requires the inner request body. For AS-only 47 * FAST it would be better for krb5int_fast_prep_req() to simply generate 48 * this. However for TGS FAST, the client needs to supply the 49 * to_be_checksummed data. Whether this should be refactored should be 50 * revisited as TGS fast is integrated. 51 */ 52 krb5_data *outer_request_body; 53 krb5_data *inner_request_body; /**< For preauth */ 54 krb5_data *encoded_previous_request; 55 struct krb5int_fast_request_state *fast_state; 56 krb5_pa_data **optimistic_padata; /* from gic options */ 57 krb5_pa_data **method_padata; /* from PREAUTH_REQUIRED or PREAUTH_FAILED */ 58 krb5_pa_data **more_padata; /* from MORE_PREAUTH_DATA_REQUIRED */ 59 krb5_boolean default_salt; 60 krb5_data salt; 61 krb5_data s2kparams; 62 krb5_keyblock as_key; 63 krb5_enctype etype; 64 krb5_boolean info_pa_permitted; 65 krb5_boolean restarted; 66 krb5_boolean fallback_disabled; 67 krb5_boolean encts_disabled; 68 struct krb5_responder_context_st rctx; 69 krb5_preauthtype selected_preauth_type; 70 krb5_preauthtype allowed_preauth_type; 71 k5_json_object cc_config_in; 72 k5_json_object cc_config_out; 73 /* Discovered offset of server time during preauth */ 74 krb5_timestamp pa_offset; 75 krb5_int32 pa_offset_usec; 76 enum { NO_OFFSET = 0, UNAUTH_OFFSET, AUTH_OFFSET } pa_offset_state; 77 krb5_preauth_req_context preauth_reqctx; 78 }; 79 80 krb5_error_code 81 krb5_get_as_key_password(krb5_context context, 82 krb5_principal client, 83 krb5_enctype etype, 84 krb5_prompter_fct prompter, 85 void *prompter_data, 86 krb5_data *salt, 87 krb5_data *params, 88 krb5_keyblock *as_key, 89 void *gak_data, 90 k5_response_items *ritems); 91 92 #endif /* !KRB5_INIT_CREDS_CONTEXT */ 93