xref: /freebsd/crypto/heimdal/lib/krb5/krb5.h (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1 /*
2  * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 /* $Id: krb5.h,v 1.209.2.2 2004/06/21 08:32:00 lha Exp $ */
35 
36 #ifndef __KRB5_H__
37 #define __KRB5_H__
38 
39 #include <time.h>
40 #include <krb5-types.h>
41 
42 #include <asn1_err.h>
43 #include <krb5_err.h>
44 #include <heim_err.h>
45 #include <k524_err.h>
46 
47 #include <krb5_asn1.h>
48 
49 /* name confusion with MIT */
50 #ifndef KRB5KDC_ERR_KEY_EXP
51 #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
52 #endif
53 
54 /* simple constants */
55 
56 #ifndef TRUE
57 #define TRUE  1
58 #define FALSE 0
59 #endif
60 
61 typedef int krb5_boolean;
62 
63 typedef int32_t krb5_error_code;
64 
65 typedef int krb5_kvno;
66 
67 typedef u_int32_t krb5_flags;
68 
69 typedef void *krb5_pointer;
70 typedef const void *krb5_const_pointer;
71 
72 typedef octet_string krb5_data;
73 
74 struct krb5_crypto_data;
75 typedef struct krb5_crypto_data *krb5_crypto;
76 
77 typedef CKSUMTYPE krb5_cksumtype;
78 
79 typedef Checksum krb5_checksum;
80 
81 typedef ENCTYPE krb5_enctype;
82 
83 /* alternative names */
84 enum {
85     ENCTYPE_NULL		= ETYPE_NULL,
86     ENCTYPE_DES_CBC_CRC		= ETYPE_DES_CBC_CRC,
87     ENCTYPE_DES_CBC_MD4		= ETYPE_DES_CBC_MD4,
88     ENCTYPE_DES_CBC_MD5		= ETYPE_DES_CBC_MD5,
89     ENCTYPE_DES3_CBC_MD5	= ETYPE_DES3_CBC_MD5,
90     ENCTYPE_OLD_DES3_CBC_SHA1	= ETYPE_OLD_DES3_CBC_SHA1,
91     ENCTYPE_SIGN_DSA_GENERATE	= ETYPE_SIGN_DSA_GENERATE,
92     ENCTYPE_ENCRYPT_RSA_PRIV	= ETYPE_ENCRYPT_RSA_PRIV,
93     ENCTYPE_ENCRYPT_RSA_PUB	= ETYPE_ENCRYPT_RSA_PUB,
94     ENCTYPE_DES3_CBC_SHA1	= ETYPE_DES3_CBC_SHA1,
95     ENCTYPE_ARCFOUR_HMAC_MD5	= ETYPE_ARCFOUR_HMAC_MD5,
96     ENCTYPE_ARCFOUR_HMAC_MD5_56	= ETYPE_ARCFOUR_HMAC_MD5_56,
97     ENCTYPE_ENCTYPE_PK_CROSS	= ETYPE_ENCTYPE_PK_CROSS,
98     ENCTYPE_DES_CBC_NONE	= ETYPE_DES_CBC_NONE,
99     ENCTYPE_DES3_CBC_NONE	= ETYPE_DES3_CBC_NONE,
100     ENCTYPE_DES_CFB64_NONE	= ETYPE_DES_CFB64_NONE,
101     ENCTYPE_DES_PCBC_NONE	= ETYPE_DES_PCBC_NONE
102 };
103 
104 typedef PADATA_TYPE krb5_preauthtype;
105 
106 typedef enum krb5_key_usage {
107     KRB5_KU_PA_ENC_TIMESTAMP = 1,
108     /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
109        client key (section 5.4.1) */
110     KRB5_KU_TICKET = 2,
111     /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
112        application session key), encrypted with the service key
113        (section 5.4.2) */
114     KRB5_KU_AS_REP_ENC_PART = 3,
115     /* AS-REP encrypted part (includes tgs session key or application
116        session key), encrypted with the client key (section 5.4.2) */
117     KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
118     /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
119        session key (section 5.4.1) */
120     KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
121     /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
122           authenticator subkey (section 5.4.1) */
123     KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
124     /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
125        with the tgs session key (sections 5.3.2, 5.4.1) */
126     KRB5_KU_TGS_REQ_AUTH = 7,
127     /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
128        authenticator subkey), encrypted with the tgs session key
129        (section 5.3.2) */
130     KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
131     /* TGS-REP encrypted part (includes application session key),
132        encrypted with the tgs session key (section 5.4.2) */
133     KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
134     /* TGS-REP encrypted part (includes application session key),
135        encrypted with the tgs authenticator subkey (section 5.4.2) */
136     KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
137     /* AP-REQ Authenticator cksum, keyed with the application session
138        key (section 5.3.2) */
139     KRB5_KU_AP_REQ_AUTH = 11,
140     /* AP-REQ Authenticator (includes application authenticator
141        subkey), encrypted with the application session key (section
142        5.3.2) */
143     KRB5_KU_AP_REQ_ENC_PART = 12,
144     /* AP-REP encrypted part (includes application session subkey),
145        encrypted with the application session key (section 5.5.2) */
146     KRB5_KU_KRB_PRIV = 13,
147     /* KRB-PRIV encrypted part, encrypted with a key chosen by the
148        application (section 5.7.1) */
149     KRB5_KU_KRB_CRED = 14,
150     /* KRB-CRED encrypted part, encrypted with a key chosen by the
151        application (section 5.8.1) */
152     KRB5_KU_KRB_SAFE_CKSUM = 15,
153     /* KRB-SAFE cksum, keyed with a key chosen by the application
154        (section 5.6.1) */
155     KRB5_KU_OTHER_ENCRYPTED = 16,
156     /* Data which is defined in some specification outside of
157        Kerberos to be encrypted using an RFC1510 encryption type. */
158     KRB5_KU_OTHER_CKSUM = 17,
159     /* Data which is defined in some specification outside of
160        Kerberos to be checksummed using an RFC1510 checksum type. */
161     KRB5_KU_KRB_ERROR = 18,
162     /* Krb-error checksum */
163     KRB5_KU_AD_KDC_ISSUED = 19,
164     /* AD-KDCIssued checksum */
165     KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
166     /* Checksum for Mandatory Ticket Extensions */
167     KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
168     /* Checksum in Authorization Data in Ticket Extensions */
169     KRB5_KU_USAGE_SEAL = 22,
170     /* seal in GSSAPI krb5 mechanism */
171     KRB5_KU_USAGE_SIGN = 23,
172     /* sign in GSSAPI krb5 mechanism */
173     KRB5_KU_USAGE_SEQ = 24
174     /* SEQ in GSSAPI krb5 mechanism */
175 } krb5_key_usage;
176 
177 typedef krb5_key_usage krb5_keyusage;
178 
179 typedef enum krb5_salttype {
180     KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
181     KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
182 }krb5_salttype;
183 
184 typedef struct krb5_salt {
185     krb5_salttype salttype;
186     krb5_data saltvalue;
187 } krb5_salt;
188 
189 typedef ETYPE_INFO krb5_preauthinfo;
190 
191 typedef struct {
192     krb5_preauthtype type;
193     krb5_preauthinfo info; /* list of preauthinfo for this type */
194 } krb5_preauthdata_entry;
195 
196 typedef struct krb5_preauthdata {
197     unsigned len;
198     krb5_preauthdata_entry *val;
199 }krb5_preauthdata;
200 
201 typedef enum krb5_address_type {
202     KRB5_ADDRESS_INET     =   2,
203     KRB5_ADDRESS_INET6    =  24,
204     KRB5_ADDRESS_ADDRPORT = 256,
205     KRB5_ADDRESS_IPPORT   = 257
206 } krb5_address_type;
207 
208 enum {
209   AP_OPTS_USE_SESSION_KEY = 1,
210   AP_OPTS_MUTUAL_REQUIRED = 2,
211   AP_OPTS_USE_SUBKEY = 4		/* library internal */
212 };
213 
214 typedef HostAddress krb5_address;
215 
216 typedef HostAddresses krb5_addresses;
217 
218 typedef enum krb5_keytype {
219     KEYTYPE_NULL	= 0,
220     KEYTYPE_DES		= 1,
221     KEYTYPE_DES3	= 7,
222     KEYTYPE_AES128	= 17,
223     KEYTYPE_AES256	= 18,
224     KEYTYPE_ARCFOUR	= 23,
225     KEYTYPE_ARCFOUR_56	= 24
226 } krb5_keytype;
227 
228 typedef EncryptionKey krb5_keyblock;
229 
230 typedef AP_REQ krb5_ap_req;
231 
232 struct krb5_cc_ops;
233 
234 #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
235 
236 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
237 
238 #define KRB5_ACCEPT_NULL_ADDRESSES(C) 					 \
239     krb5_config_get_bool_default((C), NULL, TRUE, 			 \
240 				 "libdefaults", "accept_null_addresses", \
241 				 NULL)
242 
243 typedef void *krb5_cc_cursor;
244 
245 typedef struct krb5_ccache_data {
246     const struct krb5_cc_ops *ops;
247     krb5_data data;
248 }krb5_ccache_data;
249 
250 typedef struct krb5_ccache_data *krb5_ccache;
251 
252 typedef struct krb5_context_data *krb5_context;
253 
254 typedef Realm krb5_realm;
255 typedef const char *krb5_const_realm; /* stupid language */
256 
257 #define krb5_realm_length(r) strlen(r)
258 #define krb5_realm_data(r) (r)
259 
260 typedef Principal krb5_principal_data;
261 typedef struct Principal *krb5_principal;
262 typedef const struct Principal *krb5_const_principal;
263 
264 typedef time_t krb5_deltat;
265 typedef time_t krb5_timestamp;
266 
267 typedef struct krb5_times {
268   krb5_timestamp authtime;
269   krb5_timestamp starttime;
270   krb5_timestamp endtime;
271   krb5_timestamp renew_till;
272 } krb5_times;
273 
274 typedef union {
275     TicketFlags b;
276     krb5_flags i;
277 } krb5_ticket_flags;
278 
279 /* options for krb5_get_in_tkt() */
280 #define KDC_OPT_FORWARDABLE		(1 << 1)
281 #define KDC_OPT_FORWARDED		(1 << 2)
282 #define KDC_OPT_PROXIABLE		(1 << 3)
283 #define KDC_OPT_PROXY			(1 << 4)
284 #define KDC_OPT_ALLOW_POSTDATE		(1 << 5)
285 #define KDC_OPT_POSTDATED		(1 << 6)
286 #define KDC_OPT_RENEWABLE		(1 << 8)
287 #define KDC_OPT_REQUEST_ANONYMOUS	(1 << 14)
288 #define KDC_OPT_DISABLE_TRANSITED_CHECK	(1 << 26)
289 #define KDC_OPT_RENEWABLE_OK		(1 << 27)
290 #define KDC_OPT_ENC_TKT_IN_SKEY		(1 << 28)
291 #define KDC_OPT_RENEW			(1 << 30)
292 #define KDC_OPT_VALIDATE		(1 << 31)
293 
294 typedef union {
295     KDCOptions b;
296     krb5_flags i;
297 } krb5_kdc_flags;
298 
299 /* flags for krb5_verify_ap_req */
300 
301 #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID	(1 << 0)
302 
303 #define KRB5_GC_CACHED			(1U << 0)
304 #define KRB5_GC_USER_USER		(1U << 1)
305 
306 /* constants for compare_creds (and cc_retrieve_cred) */
307 #define KRB5_TC_DONT_MATCH_REALM	(1U << 31)
308 #define KRB5_TC_MATCH_KEYTYPE		(1U << 30)
309 
310 typedef AuthorizationData krb5_authdata;
311 
312 typedef KRB_ERROR krb5_error;
313 
314 typedef struct krb5_creds {
315     krb5_principal client;
316     krb5_principal server;
317     krb5_keyblock session;
318     krb5_times times;
319     krb5_data ticket;
320     krb5_data second_ticket;
321     krb5_authdata authdata;
322     krb5_addresses addresses;
323     krb5_ticket_flags flags;
324 } krb5_creds;
325 
326 typedef struct krb5_cc_ops {
327     const char *prefix;
328     const char* (*get_name)(krb5_context, krb5_ccache);
329     krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *);
330     krb5_error_code (*gen_new)(krb5_context, krb5_ccache *);
331     krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal);
332     krb5_error_code (*destroy)(krb5_context, krb5_ccache);
333     krb5_error_code (*close)(krb5_context, krb5_ccache);
334     krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*);
335     krb5_error_code (*retrieve)(krb5_context, krb5_ccache,
336 				krb5_flags, krb5_creds*, krb5_creds);
337     krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*);
338     krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
339     krb5_error_code (*get_next)(krb5_context, krb5_ccache,
340 				krb5_cc_cursor*, krb5_creds*);
341     krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
342     krb5_error_code (*remove_cred)(krb5_context, krb5_ccache,
343 				   krb5_flags, krb5_creds*);
344     krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags);
345     int (*get_version)(krb5_context, krb5_ccache);
346 } krb5_cc_ops;
347 
348 struct krb5_log_facility;
349 
350 struct krb5_config_binding {
351     enum { krb5_config_string, krb5_config_list } type;
352     char *name;
353     struct krb5_config_binding *next;
354     union {
355 	char *string;
356 	struct krb5_config_binding *list;
357 	void *generic;
358     } u;
359 };
360 
361 typedef struct krb5_config_binding krb5_config_binding;
362 
363 typedef krb5_config_binding krb5_config_section;
364 
365 typedef struct krb5_context_data {
366     krb5_enctype *etypes;
367     krb5_enctype *etypes_des;
368     char **default_realms;
369     time_t max_skew;
370     time_t kdc_timeout;
371     unsigned max_retries;
372     int32_t kdc_sec_offset;
373     int32_t kdc_usec_offset;
374     krb5_config_section *cf;
375     struct et_list *et_list;
376     struct krb5_log_facility *warn_dest;
377     krb5_cc_ops *cc_ops;
378     int num_cc_ops;
379     const char *http_proxy;
380     const char *time_fmt;
381     krb5_boolean log_utc;
382     const char *default_keytab;
383     const char *default_keytab_modify;
384     krb5_boolean use_admin_kdc;
385     krb5_addresses *extra_addresses;
386     krb5_boolean scan_interfaces;	/* `ifconfig -a' */
387     krb5_boolean srv_lookup;		/* do SRV lookups */
388     krb5_boolean srv_try_txt;		/* try TXT records also */
389     int32_t fcache_vno;			/* create cache files w/ this
390                                            version */
391     int num_kt_types;			/* # of registered keytab types */
392     struct krb5_keytab_data *kt_types;  /* registered keytab types */
393     const char *date_fmt;
394     char *error_string;
395     char error_buf[256];
396     krb5_addresses *ignore_addresses;
397     char *default_cc_name;
398 } krb5_context_data;
399 
400 typedef struct krb5_ticket {
401     EncTicketPart ticket;
402     krb5_principal client;
403     krb5_principal server;
404 } krb5_ticket;
405 
406 typedef Authenticator krb5_authenticator_data;
407 
408 typedef krb5_authenticator_data *krb5_authenticator;
409 
410 struct krb5_rcache_data;
411 typedef struct krb5_rcache_data *krb5_rcache;
412 typedef Authenticator krb5_donot_replay;
413 
414 #define KRB5_STORAGE_HOST_BYTEORDER			0x01 /* old */
415 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS	0x02
416 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE		0x04
417 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE		0x08
418 #define KRB5_STORAGE_BYTEORDER_MASK			0x60
419 #define KRB5_STORAGE_BYTEORDER_BE			0x00 /* default */
420 #define KRB5_STORAGE_BYTEORDER_LE			0x20
421 #define KRB5_STORAGE_BYTEORDER_HOST			0x40
422 
423 struct krb5_storage_data;
424 typedef struct krb5_storage_data krb5_storage;
425 
426 typedef struct krb5_keytab_entry {
427     krb5_principal principal;
428     krb5_kvno vno;
429     krb5_keyblock keyblock;
430     u_int32_t timestamp;
431 } krb5_keytab_entry;
432 
433 typedef struct krb5_kt_cursor {
434     int fd;
435     krb5_storage *sp;
436     void *data;
437 } krb5_kt_cursor;
438 
439 struct krb5_keytab_data;
440 
441 typedef struct krb5_keytab_data *krb5_keytab;
442 
443 #define KRB5_KT_PREFIX_MAX_LEN	30
444 
445 struct krb5_keytab_data {
446     const char *prefix;
447     krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab);
448     krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t);
449     krb5_error_code (*close)(krb5_context, krb5_keytab);
450     krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal,
451 			   krb5_kvno, krb5_enctype, krb5_keytab_entry*);
452     krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
453     krb5_error_code (*next_entry)(krb5_context, krb5_keytab,
454 				  krb5_keytab_entry*, krb5_kt_cursor*);
455     krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
456     krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
457     krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
458     void *data;
459     int32_t version;
460 };
461 
462 typedef struct krb5_keytab_data krb5_kt_ops;
463 
464 struct krb5_keytab_key_proc_args {
465     krb5_keytab keytab;
466     krb5_principal principal;
467 };
468 
469 typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
470 
471 typedef struct krb5_replay_data {
472     krb5_timestamp timestamp;
473     u_int32_t usec;
474     u_int32_t seq;
475 } krb5_replay_data;
476 
477 /* flags for krb5_auth_con_setflags */
478 enum {
479     KRB5_AUTH_CONTEXT_DO_TIME      = 1,
480     KRB5_AUTH_CONTEXT_RET_TIME     = 2,
481     KRB5_AUTH_CONTEXT_DO_SEQUENCE  = 4,
482     KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8,
483     KRB5_AUTH_CONTEXT_PERMIT_ALL   = 16
484 };
485 
486 /* flags for krb5_auth_con_genaddrs */
487 enum {
488     KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR       = 1,
489     KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR  = 3,
490     KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR      = 4,
491     KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
492 };
493 
494 typedef struct krb5_auth_context_data {
495     unsigned int flags;
496 
497     krb5_address *local_address;
498     krb5_address *remote_address;
499     int16_t local_port;
500     int16_t remote_port;
501     krb5_keyblock *keyblock;
502     krb5_keyblock *local_subkey;
503     krb5_keyblock *remote_subkey;
504 
505     u_int32_t local_seqnumber;
506     u_int32_t remote_seqnumber;
507 
508     krb5_authenticator authenticator;
509 
510     krb5_pointer i_vector;
511 
512     krb5_rcache rcache;
513 
514     krb5_keytype keytype;	/* �requested key type ? */
515     krb5_cksumtype cksumtype;	/* �requested checksum type! */
516 
517 }krb5_auth_context_data, *krb5_auth_context;
518 
519 typedef struct {
520     KDC_REP kdc_rep;
521     EncKDCRepPart enc_part;
522     KRB_ERROR error;
523 } krb5_kdc_rep;
524 
525 extern const char *heimdal_version, *heimdal_long_version;
526 
527 typedef void (*krb5_log_log_func_t)(const char*, const char*, void*);
528 typedef void (*krb5_log_close_func_t)(void*);
529 
530 typedef struct krb5_log_facility {
531     const char *program;
532     int len;
533     struct facility *val;
534 } krb5_log_facility;
535 
536 typedef EncAPRepPart krb5_ap_rep_enc_part;
537 
538 #define KRB5_RECVAUTH_IGNORE_VERSION 1
539 
540 #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
541 
542 #define KRB5_TGS_NAME_SIZE (6)
543 #define KRB5_TGS_NAME ("krbtgt")
544 
545 /* variables */
546 
547 extern const char *krb5_config_file;
548 extern const char *krb5_defkeyname;
549 
550 typedef enum {
551     KRB5_PROMPT_TYPE_PASSWORD		= 0x1,
552     KRB5_PROMPT_TYPE_NEW_PASSWORD	= 0x2,
553     KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
554     KRB5_PROMPT_TYPE_PREAUTH		= 0x4
555 } krb5_prompt_type;
556 
557 typedef struct _krb5_prompt {
558     const char *prompt;
559     int hidden;
560     krb5_data *reply;
561     krb5_prompt_type type;
562 } krb5_prompt;
563 
564 typedef int (*krb5_prompter_fct)(krb5_context context,
565 				 void *data,
566 				 const char *name,
567 				 const char *banner,
568 				 int num_prompts,
569 				 krb5_prompt prompts[]);
570 
571 typedef krb5_error_code (*krb5_key_proc)(krb5_context context,
572 					 krb5_enctype type,
573 					 krb5_salt salt,
574 					 krb5_const_pointer keyseed,
575 					 krb5_keyblock **key);
576 typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context context,
577 					     krb5_keyblock *key,
578 					     krb5_key_usage usage,
579 					     krb5_const_pointer decrypt_arg,
580 					     krb5_kdc_rep *dec_rep);
581 
582 
583 typedef struct _krb5_get_init_creds_opt {
584     krb5_flags flags;
585     krb5_deltat tkt_life;
586     krb5_deltat renew_life;
587     int forwardable;
588     int proxiable;
589     int anonymous;
590     krb5_enctype *etype_list;
591     int etype_list_length;
592     krb5_addresses *address_list;
593 #if 0 /* this is the MIT-way */
594     krb5_address **address_list;
595 #endif
596     /* XXX the next three should not be used, as they may be
597        removed later */
598     krb5_preauthtype *preauth_list;
599     int preauth_list_length;
600     krb5_data *salt;
601 } krb5_get_init_creds_opt;
602 
603 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE	0x0001
604 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE	0x0002
605 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE	0x0004
606 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE	0x0008
607 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST	0x0010
608 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST	0x0020
609 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST	0x0040
610 #define KRB5_GET_INIT_CREDS_OPT_SALT		0x0080
611 #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS	0x0100
612 
613 typedef struct _krb5_verify_init_creds_opt {
614     krb5_flags flags;
615     int ap_req_nofail;
616 } krb5_verify_init_creds_opt;
617 
618 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
619 
620 typedef struct krb5_verify_opt {
621     unsigned int flags;
622     krb5_ccache ccache;
623     krb5_keytab keytab;
624     krb5_boolean secure;
625     const char *service;
626 } krb5_verify_opt;
627 
628 #define KRB5_VERIFY_LREALMS		1
629 #define KRB5_VERIFY_NO_ADDRESSES	2
630 
631 extern const krb5_cc_ops krb5_fcc_ops;
632 extern const krb5_cc_ops krb5_mcc_ops;
633 
634 extern const krb5_kt_ops krb5_fkt_ops;
635 extern const krb5_kt_ops krb5_mkt_ops;
636 extern const krb5_kt_ops krb5_akf_ops;
637 extern const krb5_kt_ops krb4_fkt_ops;
638 extern const krb5_kt_ops krb5_srvtab_fkt_ops;
639 extern const krb5_kt_ops krb5_any_ops;
640 
641 #define KRB5_KPASSWD_VERS_CHANGEPW      1
642 #define KRB5_KPASSWD_VERS_SETPW         0xff80
643 
644 #define KRB5_KPASSWD_SUCCESS	0
645 #define KRB5_KPASSWD_MALFORMED	1
646 #define KRB5_KPASSWD_HARDERROR	2
647 #define KRB5_KPASSWD_AUTHERROR	3
648 #define KRB5_KPASSWD_SOFTERROR	4
649 #define KRB5_KPASSWD_ACCESSDENIED 5
650 #define KRB5_KPASSWD_BAD_VERSION 6
651 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
652 
653 #define KPASSWD_PORT 464
654 
655 /* types for the new krbhst interface */
656 struct krb5_krbhst_data;
657 typedef struct krb5_krbhst_data *krb5_krbhst_handle;
658 
659 #define KRB5_KRBHST_KDC		1
660 #define KRB5_KRBHST_ADMIN	2
661 #define KRB5_KRBHST_CHANGEPW	3
662 #define KRB5_KRBHST_KRB524	4
663 
664 typedef struct krb5_krbhst_info {
665     enum { KRB5_KRBHST_UDP,
666 	   KRB5_KRBHST_TCP,
667 	   KRB5_KRBHST_HTTP } proto;
668     unsigned short port;
669     unsigned short def_port;
670     struct addrinfo *ai;
671     struct krb5_krbhst_info *next;
672     char hostname[1]; /* has to come last */
673 } krb5_krbhst_info;
674 
675 
676 struct credentials; /* this is to keep the compiler happy */
677 struct getargs;
678 struct sockaddr;
679 
680 #include <krb5-protos.h>
681 
682 #endif /* __KRB5_H__ */
683 
684