xref: /freebsd/crypto/krb5/src/lib/krb5/krb/init_creds_ctx.h (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9)
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 
3 #ifndef KRB5_INIT_CREDS_CONTEXT
4 #define KRB5_INIT_CREDS_CONTEXT 1
5 
6 #include "k5-json.h"
7 #include "int-proto.h"
8 
9 typedef struct krb5_preauth_req_context_st *krb5_preauth_req_context;
10 
11 struct krb5_responder_context_st {
12     k5_response_items *items;
13 };
14 
15 struct gak_password {
16     krb5_data storage;
17     const krb5_data *password;
18 };
19 
20 struct _krb5_init_creds_context {
21     krb5_get_init_creds_opt *opt;
22     krb5_get_init_creds_opt opt_storage;
23     krb5_boolean identify_realm;
24     const krb5_data *subject_cert;
25     krb5_principal keytab_princ;
26     char *in_tkt_service;
27     krb5_prompter_fct prompter;
28     void *prompter_data;
29     get_as_key_fn gak_fct;
30     void *gak_data;
31     krb5_timestamp request_time;
32     krb5_deltat start_time;
33     krb5_deltat tkt_life;
34     krb5_deltat renew_life;
35     krb5_boolean complete;
36     unsigned int loopcount;
37     struct gak_password gakpw;
38     krb5_error *err_reply;
39     krb5_pa_data **err_padata;
40     krb5_creds cred;
41     krb5_kdc_req *request;
42     krb5_kdc_rep *reply;
43     /**
44      * Stores the outer request body in order to feed into FAST for
45      * checksumming.  This is maintained even if FAST is not used. This is not
46      * used for preauth: that requires the inner request body.  For AS-only
47      * FAST it would be better for krb5int_fast_prep_req() to simply generate
48      * this.  However for TGS FAST, the client needs to supply the
49      * to_be_checksummed data. Whether this should be refactored should be
50      * revisited as TGS fast is integrated.
51      */
52     krb5_data *outer_request_body;
53     krb5_data *inner_request_body; /**< For preauth */
54     krb5_data *encoded_previous_request;
55     struct krb5int_fast_request_state *fast_state;
56     krb5_pa_data **optimistic_padata; /* from gic options */
57     krb5_pa_data **method_padata; /* from PREAUTH_REQUIRED or PREAUTH_FAILED */
58     krb5_pa_data **more_padata; /* from MORE_PREAUTH_DATA_REQUIRED */
59     krb5_boolean default_salt;
60     krb5_data salt;
61     krb5_data s2kparams;
62     krb5_keyblock as_key;
63     krb5_enctype etype;
64     krb5_boolean info_pa_permitted;
65     krb5_boolean restarted;
66     krb5_boolean fallback_disabled;
67     krb5_boolean encts_disabled;
68     struct krb5_responder_context_st rctx;
69     krb5_preauthtype selected_preauth_type;
70     krb5_preauthtype allowed_preauth_type;
71     k5_json_object cc_config_in;
72     k5_json_object cc_config_out;
73     /* Discovered offset of server time during preauth */
74     krb5_timestamp pa_offset;
75     krb5_int32 pa_offset_usec;
76     enum { NO_OFFSET = 0, UNAUTH_OFFSET, AUTH_OFFSET } pa_offset_state;
77     krb5_preauth_req_context preauth_reqctx;
78 };
79 
80 krb5_error_code
81 krb5_get_as_key_password(krb5_context context,
82                          krb5_principal client,
83                          krb5_enctype etype,
84                          krb5_prompter_fct prompter,
85                          void *prompter_data,
86                          krb5_data *salt,
87                          krb5_data *params,
88                          krb5_keyblock *as_key,
89                          void *gak_data,
90                          k5_response_items *ritems);
91 
92 #endif /* !KRB5_INIT_CREDS_CONTEXT */
93