1b528cefcSMark Murray /* 2ae771770SStanislav Sedov * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan 3b528cefcSMark Murray * (Royal Institute of Technology, Stockholm, Sweden). 4b528cefcSMark Murray * All rights reserved. 5b528cefcSMark Murray * 6ae771770SStanislav Sedov * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 7ae771770SStanislav Sedov * 8b528cefcSMark Murray * Redistribution and use in source and binary forms, with or without 9b528cefcSMark Murray * modification, are permitted provided that the following conditions 10b528cefcSMark Murray * are met: 11b528cefcSMark Murray * 12b528cefcSMark Murray * 1. Redistributions of source code must retain the above copyright 13b528cefcSMark Murray * notice, this list of conditions and the following disclaimer. 14b528cefcSMark Murray * 15b528cefcSMark Murray * 2. Redistributions in binary form must reproduce the above copyright 16b528cefcSMark Murray * notice, this list of conditions and the following disclaimer in the 17b528cefcSMark Murray * documentation and/or other materials provided with the distribution. 18b528cefcSMark Murray * 19b528cefcSMark Murray * 3. Neither the name of the Institute nor the names of its contributors 20b528cefcSMark Murray * may be used to endorse or promote products derived from this software 21b528cefcSMark Murray * without specific prior written permission. 22b528cefcSMark Murray * 23b528cefcSMark Murray * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24b528cefcSMark Murray * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25b528cefcSMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26b528cefcSMark Murray * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27b528cefcSMark Murray * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28b528cefcSMark Murray * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29b528cefcSMark Murray * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30b528cefcSMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31b528cefcSMark Murray * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32b528cefcSMark Murray * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33b528cefcSMark Murray * SUCH DAMAGE. 34b528cefcSMark Murray */ 35b528cefcSMark Murray 36ae771770SStanislav Sedov /* $Id$ */ 37b528cefcSMark Murray 38b528cefcSMark Murray #ifndef __KRB5_LOCL_H__ 39b528cefcSMark Murray #define __KRB5_LOCL_H__ 40b528cefcSMark Murray 41b528cefcSMark Murray #include <config.h> 42b528cefcSMark Murray 43b528cefcSMark Murray #include <errno.h> 44b528cefcSMark Murray #include <ctype.h> 45b528cefcSMark Murray #include <string.h> 46b528cefcSMark Murray #include <stdio.h> 47b528cefcSMark Murray #include <stdlib.h> 4843a23712SJacques Vidrine #include <limits.h> 49b528cefcSMark Murray 50ae771770SStanislav Sedov #include <krb5-types.h> 51ae771770SStanislav Sedov 52b528cefcSMark Murray #ifdef HAVE_SYS_TYPES_H 53b528cefcSMark Murray #include <sys/types.h> 54b528cefcSMark Murray #endif 5533f12199SDoug Rabson #ifdef HAVE_SYS_MMAN_H 5633f12199SDoug Rabson #include <sys/mman.h> 5733f12199SDoug Rabson #endif 58b528cefcSMark Murray #ifdef HAVE_UNISTD_H 59b528cefcSMark Murray #include <unistd.h> 60b528cefcSMark Murray #endif 61b528cefcSMark Murray #ifdef HAVE_FCNTL_H 62b528cefcSMark Murray #include <fcntl.h> 63b528cefcSMark Murray #endif 64b528cefcSMark Murray 65b528cefcSMark Murray #if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 66b528cefcSMark Murray #include <sys/ioctl.h> 67b528cefcSMark Murray #endif 68b528cefcSMark Murray #ifdef HAVE_PWD_H 6933f12199SDoug Rabson #undef _POSIX_PTHREAD_SEMANTICS 7033f12199SDoug Rabson /* This gets us the 5-arg getpwnam_r on Solaris 9. */ 7133f12199SDoug Rabson #define _POSIX_PTHREAD_SEMANTICS 72b528cefcSMark Murray #include <pwd.h> 73b528cefcSMark Murray #endif 74b528cefcSMark Murray 75b528cefcSMark Murray #ifdef HAVE_SYS_PARAM_H 76b528cefcSMark Murray #include <sys/param.h> 77b528cefcSMark Murray #endif 78b528cefcSMark Murray #include <time.h> 79b528cefcSMark Murray #ifdef HAVE_SYS_TIME_H 80b528cefcSMark Murray #include <sys/time.h> 81b528cefcSMark Murray #endif 82b528cefcSMark Murray #ifdef HAVE_SYS_SELECT_H 83b528cefcSMark Murray #include <sys/select.h> 84b528cefcSMark Murray #endif 85b528cefcSMark Murray #ifdef HAVE_SYS_SOCKET_H 86b528cefcSMark Murray #include <sys/socket.h> 87b528cefcSMark Murray #endif 88b528cefcSMark Murray #ifdef HAVE_NETINET_IN_H 89b528cefcSMark Murray #include <netinet/in.h> 90b528cefcSMark Murray #endif 91b528cefcSMark Murray #ifdef HAVE_NETINET_IN6_H 92b528cefcSMark Murray #include <netinet/in6.h> 93b528cefcSMark Murray #endif 94b528cefcSMark Murray #ifdef HAVE_NETINET6_IN6_H 95b528cefcSMark Murray #include <netinet6/in6.h> 96b528cefcSMark Murray #endif 97b528cefcSMark Murray #ifdef HAVE_NETDB_H 98b528cefcSMark Murray #include <netdb.h> 99b528cefcSMark Murray #endif 100b528cefcSMark Murray #ifdef _AIX 101b528cefcSMark Murray struct ether_addr; 102b528cefcSMark Murray struct mbuf; 103b528cefcSMark Murray struct sockaddr_dl; 104b528cefcSMark Murray #endif 105b528cefcSMark Murray #ifdef HAVE_ARPA_INET_H 106b528cefcSMark Murray #include <arpa/inet.h> 107b528cefcSMark Murray #endif 108b528cefcSMark Murray #ifdef HAVE_ARPA_NAMESER_H 109b528cefcSMark Murray #include <arpa/nameser.h> 110b528cefcSMark Murray #endif 111b528cefcSMark Murray #ifdef HAVE_SYS_UIO_H 112b528cefcSMark Murray #include <sys/uio.h> 113b528cefcSMark Murray #endif 114b528cefcSMark Murray #ifdef HAVE_SYS_FILIO_H 115b528cefcSMark Murray #include <sys/filio.h> 116b528cefcSMark Murray #endif 1177b173f65SJacques Vidrine #ifdef HAVE_SYS_FILE_H 1187b173f65SJacques Vidrine #include <sys/file.h> 1197b173f65SJacques Vidrine #endif 12033f12199SDoug Rabson 121ae771770SStanislav Sedov #include <com_err.h> 122ae771770SStanislav Sedov 123ae771770SStanislav Sedov #include <heimbase.h> 124ae771770SStanislav Sedov 125ae771770SStanislav Sedov #define HEIMDAL_TEXTDOMAIN "heimdal_krb5" 126ae771770SStanislav Sedov 127ae771770SStanislav Sedov #ifdef LIBINTL 128ae771770SStanislav Sedov #include <libintl.h> 129ae771770SStanislav Sedov #define N_(x,y) dgettext(HEIMDAL_TEXTDOMAIN, x) 130ae771770SStanislav Sedov #else 131ae771770SStanislav Sedov #define N_(x,y) (x) 132ae771770SStanislav Sedov #define bindtextdomain(package, localedir) 133ae771770SStanislav Sedov #endif 134ae771770SStanislav Sedov 135ae771770SStanislav Sedov 13633f12199SDoug Rabson #ifdef HAVE_CRYPT_H 13733f12199SDoug Rabson #undef des_encrypt 13833f12199SDoug Rabson #define des_encrypt wingless_pigs_mostly_fail_to_fly 13933f12199SDoug Rabson #include <crypt.h> 14033f12199SDoug Rabson #undef des_encrypt 14133f12199SDoug Rabson #endif 14233f12199SDoug Rabson 14333f12199SDoug Rabson #ifdef HAVE_DOOR_CREATE 14433f12199SDoug Rabson #include <door.h> 14533f12199SDoug Rabson #endif 14633f12199SDoug Rabson 147b528cefcSMark Murray #include <roken.h> 148b528cefcSMark Murray #include <parse_time.h> 149b528cefcSMark Murray #include <base64.h> 150b528cefcSMark Murray 151ae771770SStanislav Sedov #include <wind.h> 152ae771770SStanislav Sedov 153ae771770SStanislav Sedov #define HC_DEPRECATED_CRYPTO 15443a23712SJacques Vidrine #include "crypto-headers.h" 155b528cefcSMark Murray 15633f12199SDoug Rabson 157c80b5a63SAssar Westerlund #include <krb5_asn1.h> 15833f12199SDoug Rabson 15933f12199SDoug Rabson struct send_to_kdc; 16033f12199SDoug Rabson 16133f12199SDoug Rabson /* XXX glue for pkinit */ 162ae771770SStanislav Sedov struct hx509_certs_data; 16333f12199SDoug Rabson struct krb5_pk_identity; 16433f12199SDoug Rabson struct krb5_pk_cert; 16533f12199SDoug Rabson struct ContentInfo; 166ae771770SStanislav Sedov struct AlgorithmIdentifier; 16733f12199SDoug Rabson typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx; 16833f12199SDoug Rabson struct krb5_dh_moduli; 16933f12199SDoug Rabson 17033f12199SDoug Rabson /* v4 glue */ 17133f12199SDoug Rabson struct _krb5_krb_auth_data; 17233f12199SDoug Rabson 173b528cefcSMark Murray #include <der.h> 174b528cefcSMark Murray 175b528cefcSMark Murray #include <krb5.h> 176b528cefcSMark Murray #include <krb5_err.h> 177b528cefcSMark Murray #include <asn1_err.h> 17833f12199SDoug Rabson #ifdef PKINIT 179ae771770SStanislav Sedov #include <hx509.h> 18033f12199SDoug Rabson #endif 181ae771770SStanislav Sedov 182ae771770SStanislav Sedov #include "crypto.h" 183ae771770SStanislav Sedov 184b528cefcSMark Murray #include <krb5-private.h> 185b528cefcSMark Murray 18633f12199SDoug Rabson #include "heim_threads.h" 18733f12199SDoug Rabson 188b528cefcSMark Murray #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) 189b528cefcSMark Murray #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) 190b528cefcSMark Murray 191ae771770SStanislav Sedov #ifndef __func__ 192ae771770SStanislav Sedov #define __func__ "unknown-function" 193ae771770SStanislav Sedov #endif 194ae771770SStanislav Sedov 195ae771770SStanislav Sedov #define krb5_einval(context, argnum) _krb5_einval((context), __func__, (argnum)) 196ae771770SStanislav Sedov 197ae771770SStanislav Sedov #ifndef PATH_SEP 198ae771770SStanislav Sedov #define PATH_SEP ":" 199ae771770SStanislav Sedov #endif 200ae771770SStanislav Sedov 201b528cefcSMark Murray /* should this be public? */ 202ae771770SStanislav Sedov #define KEYTAB_DEFAULT "FILE:" SYSCONFDIR "/krb5.keytab" 2037b173f65SJacques Vidrine #define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab" 204b528cefcSMark Murray 205ae771770SStanislav Sedov 20633f12199SDoug Rabson #define MODULI_FILE SYSCONFDIR "/krb5.moduli" 20733f12199SDoug Rabson 208b528cefcSMark Murray #ifndef O_BINARY 209b528cefcSMark Murray #define O_BINARY 0 210b528cefcSMark Murray #endif 211b528cefcSMark Murray 212ae771770SStanislav Sedov #ifndef O_CLOEXEC 213ae771770SStanislav Sedov #define O_CLOEXEC 0 214ae771770SStanislav Sedov #endif 215ae771770SStanislav Sedov 216ae771770SStanislav Sedov #ifndef SOCK_CLOEXEC 217ae771770SStanislav Sedov #define SOCK_CLOEXEC 0 218ae771770SStanislav Sedov #endif 219ae771770SStanislav Sedov 220ae771770SStanislav Sedov 221ae771770SStanislav Sedov #define KRB5_BUFSIZ 2048 22233f12199SDoug Rabson 22333f12199SDoug Rabson typedef enum { 22433f12199SDoug Rabson KRB5_INIT_CREDS_TRISTATE_UNSET = 0, 22533f12199SDoug Rabson KRB5_INIT_CREDS_TRISTATE_TRUE, 22633f12199SDoug Rabson KRB5_INIT_CREDS_TRISTATE_FALSE 22733f12199SDoug Rabson } krb5_get_init_creds_tristate; 22833f12199SDoug Rabson 22933f12199SDoug Rabson struct _krb5_get_init_creds_opt_private { 23033f12199SDoug Rabson int refcount; 23133f12199SDoug Rabson /* ENC_TIMESTAMP */ 23233f12199SDoug Rabson const char *password; 23333f12199SDoug Rabson krb5_s2k_proc key_proc; 23433f12199SDoug Rabson /* PA_PAC_REQUEST */ 23533f12199SDoug Rabson krb5_get_init_creds_tristate req_pac; 23633f12199SDoug Rabson /* PKINIT */ 23733f12199SDoug Rabson krb5_pk_init_ctx pk_init_ctx; 23833f12199SDoug Rabson krb5_get_init_creds_tristate addressless; 23933f12199SDoug Rabson int flags; 24033f12199SDoug Rabson #define KRB5_INIT_CREDS_CANONICALIZE 1 24133f12199SDoug Rabson #define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2 242ae771770SStanislav Sedov #define KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK 4 243*60616b44SCy Schubert #define KRB5_INIT_CREDS_PKINIT_KX_VALID 32 244ae771770SStanislav Sedov struct { 245ae771770SStanislav Sedov krb5_gic_process_last_req func; 246ae771770SStanislav Sedov void *ctx; 247ae771770SStanislav Sedov } lr; 24833f12199SDoug Rabson }; 24933f12199SDoug Rabson 250ae771770SStanislav Sedov typedef uint32_t krb5_enctype_set; 251ae771770SStanislav Sedov 25233f12199SDoug Rabson typedef struct krb5_context_data { 25333f12199SDoug Rabson krb5_enctype *etypes; 254ae771770SStanislav Sedov krb5_enctype *etypes_des;/* deprecated */ 255ae771770SStanislav Sedov krb5_enctype *as_etypes; 256ae771770SStanislav Sedov krb5_enctype *tgs_etypes; 257ae771770SStanislav Sedov krb5_enctype *permitted_enctypes; 25833f12199SDoug Rabson char **default_realms; 25933f12199SDoug Rabson time_t max_skew; 26033f12199SDoug Rabson time_t kdc_timeout; 26133f12199SDoug Rabson unsigned max_retries; 26233f12199SDoug Rabson int32_t kdc_sec_offset; 26333f12199SDoug Rabson int32_t kdc_usec_offset; 26433f12199SDoug Rabson krb5_config_section *cf; 26533f12199SDoug Rabson struct et_list *et_list; 26633f12199SDoug Rabson struct krb5_log_facility *warn_dest; 267ae771770SStanislav Sedov struct krb5_log_facility *debug_dest; 268ae771770SStanislav Sedov const krb5_cc_ops **cc_ops; 26933f12199SDoug Rabson int num_cc_ops; 27033f12199SDoug Rabson const char *http_proxy; 27133f12199SDoug Rabson const char *time_fmt; 27233f12199SDoug Rabson krb5_boolean log_utc; 27333f12199SDoug Rabson const char *default_keytab; 27433f12199SDoug Rabson const char *default_keytab_modify; 27533f12199SDoug Rabson krb5_boolean use_admin_kdc; 27633f12199SDoug Rabson krb5_addresses *extra_addresses; 27733f12199SDoug Rabson krb5_boolean scan_interfaces; /* `ifconfig -a' */ 27833f12199SDoug Rabson krb5_boolean srv_lookup; /* do SRV lookups */ 27933f12199SDoug Rabson krb5_boolean srv_try_txt; /* try TXT records also */ 28033f12199SDoug Rabson int32_t fcache_vno; /* create cache files w/ this 28133f12199SDoug Rabson version */ 28233f12199SDoug Rabson int num_kt_types; /* # of registered keytab types */ 28333f12199SDoug Rabson struct krb5_keytab_data *kt_types; /* registered keytab types */ 28433f12199SDoug Rabson const char *date_fmt; 28533f12199SDoug Rabson char *error_string; 286ae771770SStanislav Sedov krb5_error_code error_code; 28733f12199SDoug Rabson krb5_addresses *ignore_addresses; 28833f12199SDoug Rabson char *default_cc_name; 28933f12199SDoug Rabson char *default_cc_name_env; 29033f12199SDoug Rabson int default_cc_name_set; 29133f12199SDoug Rabson void *mutex; /* protects error_string/error_buf */ 29233f12199SDoug Rabson int large_msg_size; 29333f12199SDoug Rabson int flags; 29433f12199SDoug Rabson #define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1 29533f12199SDoug Rabson #define KRB5_CTX_F_CHECK_PAC 2 296ae771770SStanislav Sedov #define KRB5_CTX_F_HOMEDIR_ACCESS 4 297ae771770SStanislav Sedov #define KRB5_CTX_F_SOCKETS_INITIALIZED 8 298ae771770SStanislav Sedov #define KRB5_CTX_F_RD_REQ_IGNORE 16 29933f12199SDoug Rabson struct send_to_kdc *send_to_kdc; 300ae771770SStanislav Sedov #ifdef PKINIT 301ae771770SStanislav Sedov hx509_context hx509ctx; 302ae771770SStanislav Sedov #endif 30333f12199SDoug Rabson } krb5_context_data; 30433f12199SDoug Rabson 305ae771770SStanislav Sedov #ifndef KRB5_USE_PATH_TOKENS 30633f12199SDoug Rabson #define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}" 307ae771770SStanislav Sedov #else 308ae771770SStanislav Sedov #define KRB5_DEFAULT_CCNAME_FILE "FILE:%{TEMP}/krb5cc_%{uid}" 309ae771770SStanislav Sedov #endif 31033f12199SDoug Rabson #define KRB5_DEFAULT_CCNAME_API "API:" 311ae771770SStanislav Sedov #define KRB5_DEFAULT_CCNAME_KCM_KCM "KCM:%{uid}" 312ae771770SStanislav Sedov #define KRB5_DEFAULT_CCNAME_KCM_API "API:%{uid}" 31333f12199SDoug Rabson 31433f12199SDoug Rabson #define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1 31533f12199SDoug Rabson #define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2 31633f12199SDoug Rabson #define EXTRACT_TICKET_MATCH_REALM 4 317ae771770SStanislav Sedov #define EXTRACT_TICKET_AS_REQ 8 318ae771770SStanislav Sedov #define EXTRACT_TICKET_TIMESYNC 16 31933f12199SDoug Rabson 32033f12199SDoug Rabson /* 32133f12199SDoug Rabson * Configurable options 32233f12199SDoug Rabson */ 32333f12199SDoug Rabson 32433f12199SDoug Rabson #ifndef KRB5_DEFAULT_CCTYPE 32533f12199SDoug Rabson #ifdef __APPLE__ 32633f12199SDoug Rabson #define KRB5_DEFAULT_CCTYPE (&krb5_acc_ops) 32733f12199SDoug Rabson #else 32833f12199SDoug Rabson #define KRB5_DEFAULT_CCTYPE (&krb5_fcc_ops) 32933f12199SDoug Rabson #endif 33033f12199SDoug Rabson #endif 33133f12199SDoug Rabson 33233f12199SDoug Rabson #ifndef KRB5_ADDRESSLESS_DEFAULT 33333f12199SDoug Rabson #define KRB5_ADDRESSLESS_DEFAULT TRUE 33433f12199SDoug Rabson #endif 33533f12199SDoug Rabson 336ae771770SStanislav Sedov #ifndef KRB5_FORWARDABLE_DEFAULT 337ae771770SStanislav Sedov #define KRB5_FORWARDABLE_DEFAULT TRUE 338ae771770SStanislav Sedov #endif 339ae771770SStanislav Sedov 340ae771770SStanislav Sedov #ifdef PKINIT 341ae771770SStanislav Sedov 342ae771770SStanislav Sedov struct krb5_pk_identity { 343ae771770SStanislav Sedov hx509_verify_ctx verify_ctx; 344ae771770SStanislav Sedov hx509_certs certs; 345ae771770SStanislav Sedov hx509_cert cert; 346ae771770SStanislav Sedov hx509_certs anchors; 347ae771770SStanislav Sedov hx509_certs certpool; 348ae771770SStanislav Sedov hx509_revoke_ctx revokectx; 349ae771770SStanislav Sedov int flags; 350ae771770SStanislav Sedov #define PKINIT_BTMM 1 351ae771770SStanislav Sedov }; 352ae771770SStanislav Sedov 353ae771770SStanislav Sedov enum krb5_pk_type { 354ae771770SStanislav Sedov PKINIT_WIN2K = 1, 355ae771770SStanislav Sedov PKINIT_27 = 2 356ae771770SStanislav Sedov }; 357ae771770SStanislav Sedov 358ae771770SStanislav Sedov #endif /* PKINIT */ 359ae771770SStanislav Sedov 360b528cefcSMark Murray #endif /* __KRB5_LOCL_H__ */ 361