1 /* 2 * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* $Id: krb5.h,v 1.179 2000/12/15 17:11:12 joda Exp $ */ 35 36 #ifndef __KRB5_H__ 37 #define __KRB5_H__ 38 39 #include <time.h> 40 #include <krb5-types.h> 41 42 #include <asn1_err.h> 43 #include <krb5_err.h> 44 #include <heim_err.h> 45 46 #include <asn1.h> 47 48 /* simple constants */ 49 50 #ifndef TRUE 51 #define TRUE 1 52 #define FALSE 0 53 #endif 54 55 typedef int krb5_boolean; 56 57 typedef int32_t krb5_error_code; 58 59 typedef int krb5_kvno; 60 61 typedef u_int32_t krb5_flags; 62 63 typedef void *krb5_pointer; 64 typedef const void *krb5_const_pointer; 65 66 typedef octet_string krb5_data; 67 68 struct krb5_crypto_data; 69 typedef struct krb5_crypto_data *krb5_crypto; 70 71 typedef CKSUMTYPE krb5_cksumtype; 72 73 typedef enum krb5_enctype { 74 ETYPE_NULL = 0, 75 ETYPE_DES_CBC_CRC = 1, 76 ETYPE_DES_CBC_MD4 = 2, 77 ETYPE_DES_CBC_MD5 = 3, 78 ETYPE_DES3_CBC_MD5 = 5, 79 ETYPE_OLD_DES3_CBC_SHA1 = 7, 80 ETYPE_SIGN_DSA_GENERATE = 8, 81 ETYPE_ENCRYPT_RSA_PRIV = 9, 82 ETYPE_ENCRYPT_RSA_PUB = 10, 83 ETYPE_DES3_CBC_SHA1 = 16, /* with key derivation */ 84 ETYPE_ARCFOUR_HMAC_MD5 = 23, 85 ETYPE_ARCFOUR_HMAC_MD5_56 = 24, 86 ETYPE_ENCTYPE_PK_CROSS = 48, 87 ETYPE_DES_CBC_NONE = -0x1000, 88 ETYPE_DES3_CBC_NONE = -0x1001, 89 ETYPE_DES_CFB64_NONE = -0x1002, 90 ETYPE_DES_PCBC_NONE = -0x1003, 91 ETYPE_DES3_CBC_NONE_IVEC = -0x1004 92 } krb5_enctype; 93 94 typedef PADATA_TYPE krb5_preauthtype; 95 96 typedef enum krb5_key_usage { 97 KRB5_KU_PA_ENC_TIMESTAMP = 1, 98 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the 99 client key (section 5.4.1) */ 100 KRB5_KU_TICKET = 2, 101 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or 102 application session key), encrypted with the service key 103 (section 5.4.2) */ 104 KRB5_KU_AS_REP_ENC_PART = 3, 105 /* AS-REP encrypted part (includes tgs session key or application 106 session key), encrypted with the client key (section 5.4.2) */ 107 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4, 108 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs 109 session key (section 5.4.1) */ 110 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5, 111 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs 112 authenticator subkey (section 5.4.1) */ 113 KRB5_KU_TGS_REQ_AUTH_CKSUM = 6, 114 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed 115 with the tgs session key (sections 5.3.2, 5.4.1) */ 116 KRB5_KU_TGS_REQ_AUTH = 7, 117 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs 118 authenticator subkey), encrypted with the tgs session key 119 (section 5.3.2) */ 120 KRB5_KU_TGS_REP_ENC_PART_SESSION = 8, 121 /* TGS-REP encrypted part (includes application session key), 122 encrypted with the tgs session key (section 5.4.2) */ 123 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9, 124 /* TGS-REP encrypted part (includes application session key), 125 encrypted with the tgs authenticator subkey (section 5.4.2) */ 126 KRB5_KU_AP_REQ_AUTH_CKSUM = 10, 127 /* AP-REQ Authenticator cksum, keyed with the application session 128 key (section 5.3.2) */ 129 KRB5_KU_AP_REQ_AUTH = 11, 130 /* AP-REQ Authenticator (includes application authenticator 131 subkey), encrypted with the application session key (section 132 5.3.2) */ 133 KRB5_KU_AP_REQ_ENC_PART = 12, 134 /* AP-REP encrypted part (includes application session subkey), 135 encrypted with the application session key (section 5.5.2) */ 136 KRB5_KU_KRB_PRIV = 13, 137 /* KRB-PRIV encrypted part, encrypted with a key chosen by the 138 application (section 5.7.1) */ 139 KRB5_KU_KRB_CRED = 14, 140 /* KRB-CRED encrypted part, encrypted with a key chosen by the 141 application (section 5.8.1) */ 142 KRB5_KU_KRB_SAFE_CKSUM = 15, 143 /* KRB-SAFE cksum, keyed with a key chosen by the application 144 (section 5.6.1) */ 145 KRB5_KU_OTHER_ENCRYPTED = 16, 146 /* Data which is defined in some specification outside of 147 Kerberos to be encrypted using an RFC1510 encryption type. */ 148 KRB5_KU_OTHER_CKSUM = 17, 149 /* Data which is defined in some specification outside of 150 Kerberos to be checksummed using an RFC1510 checksum type. */ 151 KRB5_KU_KRB_ERROR = 18, 152 /* Krb-error checksum */ 153 KRB5_KU_AD_KDC_ISSUED = 19, 154 /* AD-KDCIssued checksum */ 155 KRB5_KU_MANDATORY_TICKET_EXTENSION = 20, 156 /* Checksum for Mandatory Ticket Extensions */ 157 KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21, 158 /* Checksum in Authorization Data in Ticket Extensions */ 159 KRB5_KU_USAGE_SEAL = 22, 160 /* seal in GSSAPI krb5 mechanism */ 161 KRB5_KU_USAGE_SIGN = 23, 162 /* sign in GSSAPI krb5 mechanism */ 163 KRB5_KU_USAGE_SEQ = 24 164 /* SEQ in GSSAPI krb5 mechanism */ 165 } krb5_key_usage; 166 167 typedef enum krb5_salttype { 168 KRB5_PW_SALT = KRB5_PADATA_PW_SALT, 169 KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT 170 }krb5_salttype; 171 172 typedef struct krb5_salt { 173 krb5_salttype salttype; 174 krb5_data saltvalue; 175 } krb5_salt; 176 177 typedef ETYPE_INFO krb5_preauthinfo; 178 179 typedef struct { 180 krb5_preauthtype type; 181 krb5_preauthinfo info; /* list of preauthinfo for this type */ 182 } krb5_preauthdata_entry; 183 184 typedef struct krb5_preauthdata { 185 unsigned len; 186 krb5_preauthdata_entry *val; 187 }krb5_preauthdata; 188 189 typedef enum krb5_address_type { 190 KRB5_ADDRESS_INET = 2, 191 KRB5_ADDRESS_INET6 = 24, 192 KRB5_ADDRESS_ADDRPORT = 256, 193 KRB5_ADDRESS_IPPORT = 257 194 } krb5_address_type; 195 196 enum { 197 AP_OPTS_USE_SESSION_KEY = 1, 198 AP_OPTS_MUTUAL_REQUIRED = 2 199 }; 200 201 typedef HostAddress krb5_address; 202 203 typedef HostAddresses krb5_addresses; 204 205 typedef enum krb5_keytype { 206 KEYTYPE_NULL = 0, 207 KEYTYPE_DES = 1, 208 KEYTYPE_DES3 = 7, 209 KEYTYPE_ARCFOUR = 23 210 } krb5_keytype; 211 212 typedef EncryptionKey krb5_keyblock; 213 214 typedef AP_REQ krb5_ap_req; 215 216 struct krb5_cc_ops; 217 218 #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_" 219 220 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT 221 222 #define KRB5_ACCEPT_NULL_ADDRESSES(C) \ 223 krb5_config_get_bool_default((C), NULL, TRUE, \ 224 "libdefaults", "accept_null_addresses", \ 225 NULL) 226 227 typedef void *krb5_cc_cursor; 228 229 typedef struct krb5_ccache_data { 230 const struct krb5_cc_ops *ops; 231 krb5_data data; 232 }krb5_ccache_data; 233 234 typedef struct krb5_ccache_data *krb5_ccache; 235 236 typedef struct krb5_context_data *krb5_context; 237 238 typedef Realm krb5_realm; 239 typedef const char *krb5_const_realm; /* stupid language */ 240 241 #define krb5_realm_length(r) strlen(r) 242 #define krb5_realm_data(r) (r) 243 244 typedef Principal krb5_principal_data; 245 typedef struct Principal *krb5_principal; 246 typedef const struct Principal *krb5_const_principal; 247 248 typedef time_t krb5_deltat; 249 typedef time_t krb5_timestamp; 250 251 typedef struct krb5_times { 252 krb5_timestamp authtime; 253 krb5_timestamp starttime; 254 krb5_timestamp endtime; 255 krb5_timestamp renew_till; 256 } krb5_times; 257 258 typedef union { 259 TicketFlags b; 260 krb5_flags i; 261 } krb5_ticket_flags; 262 263 /* options for krb5_get_in_tkt() */ 264 #define KDC_OPT_FORWARDABLE (1 << 1) 265 #define KDC_OPT_FORWARDED (1 << 2) 266 #define KDC_OPT_PROXIABLE (1 << 3) 267 #define KDC_OPT_PROXY (1 << 4) 268 #define KDC_OPT_ALLOW_POSTDATE (1 << 5) 269 #define KDC_OPT_POSTDATED (1 << 6) 270 #define KDC_OPT_RENEWABLE (1 << 8) 271 #define KDC_OPT_REQUEST_ANONYMOUS (1 << 14) 272 #define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26) 273 #define KDC_OPT_RENEWABLE_OK (1 << 27) 274 #define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28) 275 #define KDC_OPT_RENEW (1 << 30) 276 #define KDC_OPT_VALIDATE (1 << 31) 277 278 typedef union { 279 KDCOptions b; 280 krb5_flags i; 281 } krb5_kdc_flags; 282 283 /* flags for krb5_verify_ap_req */ 284 285 #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0) 286 287 #define KRB5_GC_CACHED 1 288 #define KRB5_GC_USER_USER 2 289 290 /* constants for compare_creds (and cc_retrieve_cred) */ 291 #define KRB5_TC_DONT_MATCH_REALM (1U << 31) 292 #define KRB5_TC_MATCH_KEYTYPE (1U << 30) 293 294 typedef AuthorizationData krb5_authdata; 295 296 typedef KRB_ERROR krb5_error; 297 298 typedef struct krb5_creds { 299 krb5_principal client; 300 krb5_principal server; 301 krb5_keyblock session; 302 krb5_times times; 303 krb5_data ticket; 304 krb5_data second_ticket; 305 krb5_authdata authdata; 306 krb5_addresses addresses; 307 krb5_ticket_flags flags; 308 } krb5_creds; 309 310 typedef struct krb5_cc_ops { 311 char *prefix; 312 char* (*get_name)(krb5_context, krb5_ccache); 313 krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *); 314 krb5_error_code (*gen_new)(krb5_context, krb5_ccache *); 315 krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal); 316 krb5_error_code (*destroy)(krb5_context, krb5_ccache); 317 krb5_error_code (*close)(krb5_context, krb5_ccache); 318 krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*); 319 krb5_error_code (*retrieve)(krb5_context, krb5_ccache, 320 krb5_flags, krb5_creds*, krb5_creds); 321 krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*); 322 krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *); 323 krb5_error_code (*get_next)(krb5_context, krb5_ccache, 324 krb5_cc_cursor*, krb5_creds*); 325 krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*); 326 krb5_error_code (*remove_cred)(krb5_context, krb5_ccache, 327 krb5_flags, krb5_creds*); 328 krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags); 329 int (*get_version)(krb5_context, krb5_ccache); 330 } krb5_cc_ops; 331 332 struct krb5_log_facility; 333 334 struct krb5_config_binding { 335 enum { krb5_config_string, krb5_config_list } type; 336 char *name; 337 struct krb5_config_binding *next; 338 union { 339 char *string; 340 struct krb5_config_binding *list; 341 void *generic; 342 } u; 343 }; 344 345 typedef struct krb5_config_binding krb5_config_binding; 346 347 typedef krb5_config_binding krb5_config_section; 348 349 typedef struct krb5_context_data { 350 krb5_enctype *etypes; 351 krb5_enctype *etypes_des; 352 char **default_realms; 353 time_t max_skew; 354 time_t kdc_timeout; 355 unsigned max_retries; 356 int32_t kdc_sec_offset; 357 int32_t kdc_usec_offset; 358 krb5_config_section *cf; 359 struct et_list *et_list; 360 struct krb5_log_facility *warn_dest; 361 krb5_cc_ops *cc_ops; 362 int num_cc_ops; 363 const char *http_proxy; 364 const char *time_fmt; 365 krb5_boolean log_utc; 366 const char *default_keytab; 367 krb5_boolean use_admin_kdc; 368 krb5_addresses *extra_addresses; 369 krb5_boolean scan_interfaces; /* `ifconfig -a' */ 370 krb5_boolean srv_lookup; /* do SRV lookups */ 371 krb5_boolean srv_try_txt; /* try TXT records also */ 372 krb5_boolean srv_try_rfc2052; /* try RFC2052 compatible records */ 373 int32_t fcache_vno; /* create cache files w/ this 374 version */ 375 int num_kt_types; /* # of registered keytab types */ 376 struct krb5_keytab_data *kt_types; /* registered keytab types */ 377 const char *date_fmt; 378 } krb5_context_data; 379 380 typedef struct krb5_ticket { 381 EncTicketPart ticket; 382 krb5_principal client; 383 krb5_principal server; 384 } krb5_ticket; 385 386 typedef Authenticator krb5_authenticator_data; 387 388 typedef krb5_authenticator_data *krb5_authenticator; 389 390 struct krb5_rcache_data; 391 typedef struct krb5_rcache_data *krb5_rcache; 392 typedef Authenticator krb5_donot_replay; 393 394 #define KRB5_STORAGE_HOST_BYTEORDER 0x01 395 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02 396 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04 397 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08 398 399 typedef struct krb5_storage { 400 void *data; 401 ssize_t (*fetch)(struct krb5_storage*, void*, size_t); 402 ssize_t (*store)(struct krb5_storage*, const void*, size_t); 403 off_t (*seek)(struct krb5_storage*, off_t, int); 404 void (*free)(struct krb5_storage*); 405 krb5_flags flags; 406 } krb5_storage; 407 408 typedef struct krb5_keytab_entry { 409 krb5_principal principal; 410 krb5_kvno vno; 411 krb5_keyblock keyblock; 412 u_int32_t timestamp; 413 } krb5_keytab_entry; 414 415 typedef struct krb5_kt_cursor { 416 int fd; 417 krb5_storage *sp; 418 void *data; 419 } krb5_kt_cursor; 420 421 struct krb5_keytab_data; 422 423 typedef struct krb5_keytab_data *krb5_keytab; 424 425 struct krb5_keytab_data { 426 char *prefix; 427 krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab); 428 krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t); 429 krb5_error_code (*close)(krb5_context, krb5_keytab); 430 krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal, 431 krb5_kvno, krb5_enctype, krb5_keytab_entry*); 432 krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); 433 krb5_error_code (*next_entry)(krb5_context, krb5_keytab, 434 krb5_keytab_entry*, krb5_kt_cursor*); 435 krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); 436 krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*); 437 krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*); 438 void *data; 439 int32_t version; 440 }; 441 442 typedef struct krb5_keytab_data krb5_kt_ops; 443 444 struct krb5_keytab_key_proc_args { 445 krb5_keytab keytab; 446 krb5_principal principal; 447 }; 448 449 typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args; 450 451 typedef struct krb5_replay_data { 452 krb5_timestamp timestamp; 453 u_int32_t usec; 454 u_int32_t seq; 455 } krb5_replay_data; 456 457 /* flags for krb5_auth_con_setflags */ 458 enum { 459 KRB5_AUTH_CONTEXT_DO_TIME = 1, 460 KRB5_AUTH_CONTEXT_RET_TIME = 2, 461 KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4, 462 KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8, 463 KRB5_AUTH_CONTEXT_PERMIT_ALL = 16 464 }; 465 466 /* flags for krb5_auth_con_genaddrs */ 467 enum { 468 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1, 469 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3, 470 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4, 471 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12 472 }; 473 474 typedef struct krb5_auth_context_data { 475 unsigned int flags; 476 477 krb5_address *local_address; 478 krb5_address *remote_address; 479 int16_t local_port; 480 int16_t remote_port; 481 krb5_keyblock *keyblock; 482 krb5_keyblock *local_subkey; 483 krb5_keyblock *remote_subkey; 484 485 u_int32_t local_seqnumber; 486 u_int32_t remote_seqnumber; 487 488 krb5_authenticator authenticator; 489 490 krb5_pointer i_vector; 491 492 krb5_rcache rcache; 493 494 krb5_keytype keytype; /* �requested key type ? */ 495 krb5_cksumtype cksumtype; /* �requested checksum type! */ 496 497 }krb5_auth_context_data, *krb5_auth_context; 498 499 typedef struct { 500 KDC_REP kdc_rep; 501 EncKDCRepPart enc_part; 502 KRB_ERROR error; 503 } krb5_kdc_rep; 504 505 extern const char *heimdal_version, *heimdal_long_version; 506 507 typedef void (*krb5_log_log_func_t)(const char*, const char*, void*); 508 typedef void (*krb5_log_close_func_t)(void*); 509 510 typedef struct krb5_log_facility { 511 const char *program; 512 int len; 513 struct facility *val; 514 } krb5_log_facility; 515 516 typedef EncAPRepPart krb5_ap_rep_enc_part; 517 518 #define KRB5_RECVAUTH_IGNORE_VERSION 1 519 520 #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0" 521 522 #define KRB5_TGS_NAME_SIZE (6) 523 #define KRB5_TGS_NAME ("krbtgt") 524 525 /* variables */ 526 527 extern const char krb5_config_file[]; 528 extern const char krb5_defkeyname[]; 529 530 typedef struct _krb5_prompt { 531 char *prompt; 532 int hidden; 533 krb5_data *reply; 534 } krb5_prompt; 535 536 typedef int (*krb5_prompter_fct)(krb5_context context, 537 void *data, 538 const char *banner, 539 int num_prompts, 540 krb5_prompt prompts[]); 541 542 typedef krb5_error_code (*krb5_key_proc)(krb5_context context, 543 krb5_enctype type, 544 krb5_salt salt, 545 krb5_const_pointer keyseed, 546 krb5_keyblock **key); 547 typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context context, 548 krb5_keyblock *key, 549 krb5_key_usage usage, 550 krb5_const_pointer decrypt_arg, 551 krb5_kdc_rep *dec_rep); 552 553 554 typedef struct _krb5_get_init_creds_opt { 555 krb5_flags flags; 556 krb5_deltat tkt_life; 557 krb5_deltat renew_life; 558 int forwardable; 559 int proxiable; 560 int anonymous; 561 krb5_enctype *etype_list; 562 int etype_list_length; 563 krb5_addresses *address_list; 564 #if 0 /* this is the MIT-way */ 565 krb5_address **address_list; 566 #endif 567 /* XXX the next three should not be used, as they may be 568 removed later */ 569 krb5_preauthtype *preauth_list; 570 int preauth_list_length; 571 krb5_data *salt; 572 } krb5_get_init_creds_opt; 573 574 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 575 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 576 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 577 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 578 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 579 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 580 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 581 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 582 #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100 583 584 typedef struct _krb5_verify_init_creds_opt { 585 krb5_flags flags; 586 int ap_req_nofail; 587 } krb5_verify_init_creds_opt; 588 589 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 590 591 extern const krb5_cc_ops krb5_fcc_ops; 592 extern const krb5_cc_ops krb5_mcc_ops; 593 594 extern const krb5_kt_ops krb5_fkt_ops; 595 extern const krb5_kt_ops krb5_mkt_ops; 596 extern const krb5_kt_ops krb5_akf_ops; 597 extern const krb5_kt_ops krb4_fkt_ops; 598 599 #define KRB5_KPASSWD_SUCCESS 0 600 #define KRB5_KPASSWD_MALFORMED 0 601 #define KRB5_KPASSWD_HARDERROR 0 602 #define KRB5_KPASSWD_AUTHERROR 0 603 #define KRB5_KPASSWD_SOFTERROR 0 604 605 #define KPASSWD_PORT 464 606 607 struct credentials; /* this is to keep the compiler happy */ 608 struct getargs; 609 610 struct sockaddr; 611 612 #include <krb5-protos.h> 613 614 #endif /* __KRB5_H__ */ 615 616