1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* lib/krb5/krb/authdata.h */ 3 /* 4 * Copyright (C) 2009 by the Massachusetts Institute of Technology. 5 * All rights reserved. 6 * 7 * Export of this software from the United States of America may 8 * require a specific license from the United States Government. 9 * It is the responsibility of any person or organization contemplating 10 * export to obtain such a license before exporting. 11 * 12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 13 * distribute this software and its documentation for any purpose and 14 * without fee is hereby granted, provided that the above copyright 15 * notice appear in all copies and that both that copyright notice and 16 * this permission notice appear in supporting documentation, and that 17 * the name of M.I.T. not be used in advertising or publicity pertaining 18 * to distribution of the software without specific, written prior 19 * permission. Furthermore if you modify this software you must label 20 * your software as modified software and not distribute it in such a 21 * fashion that it might be confused with the original M.I.T. software. 22 * M.I.T. makes no representations about the suitability of 23 * this software for any purpose. It is provided "as is" without express 24 * or implied warranty. 25 */ 26 27 #ifndef KRB_AUTHDATA_H 28 29 #define KRB_AUTHDATA_H 30 31 #include <k5-int.h> 32 #include "k5-utf8.h" 33 34 35 /* authdata.c */ 36 krb5_error_code 37 krb5int_authdata_verify(krb5_context context, 38 krb5_authdata_context, 39 krb5_flags usage, 40 const krb5_auth_context *auth_context, 41 const krb5_keyblock *key, 42 const krb5_ap_req *ap_req); 43 44 /* PAC */ 45 /* 46 * A PAC consists of a sequence of PAC_INFO_BUFFERs, preceded by 47 * a PACTYPE header. Decoding the contents of the buffers is left 48 * to the application (notwithstanding signature verification). 49 */ 50 51 struct k5_pac_buffer { 52 uint32_t type; 53 uint32_t size; 54 uint64_t offset; 55 }; 56 57 struct krb5_pac_data { 58 krb5_data data; /* PAC data (including uninitialised header) */ 59 krb5_boolean verified; 60 uint32_t nbuffers; 61 uint32_t version; 62 struct k5_pac_buffer *buffers; 63 }; 64 65 66 67 #define PAC_ALIGNMENT 8 68 #define PACTYPE_LENGTH 8U 69 #define PAC_SIGNATURE_DATA_LENGTH 4U 70 #define PAC_CLIENT_INFO_LENGTH 10U 71 #define PAC_INFO_BUFFER_LENGTH 16 72 73 #define NT_TIME_EPOCH 11644473600LL 74 75 extern krb5plugin_authdata_client_ftable_v0 k5_mspac_ad_client_ftable; 76 extern krb5plugin_authdata_client_ftable_v0 k5_s4u2proxy_ad_client_ftable; 77 extern krb5plugin_authdata_client_ftable_v0 k5_authind_ad_client_ftable; 78 79 krb5_error_code 80 k5_pac_locate_buffer(krb5_context context, 81 const krb5_pac pac, 82 krb5_ui_4 type, 83 krb5_data *data); 84 85 krb5_error_code 86 k5_pac_validate_client(krb5_context context, 87 const krb5_pac pac, 88 krb5_timestamp authtime, 89 krb5_const_principal principal, 90 krb5_boolean with_realm); 91 92 krb5_error_code 93 k5_pac_add_buffer(krb5_context context, 94 krb5_pac pac, 95 krb5_ui_4 type, 96 const krb5_data *data, 97 krb5_boolean zerofill, 98 krb5_data *out_data); 99 100 krb5_error_code 101 k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds, uint64_t *ntTime); 102 103 104 #endif /* !KRB_AUTHDATA_H */ 105