xref: /illumos-gate/usr/src/uts/common/gssapi/mechs/krb5/include/krb5.h (revision 1a220b56b93ff1dc80855691548503117af4cc10)
1 /*
2  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /* This is the prologue to krb5.h */
7 /* Unfortunately some of these defines are compiler dependent */
8 #ifndef _KRB5_H
9 #define _KRB5_H
10 
11 #pragma ident	"%Z%%M%	%I%	%E% SMI"
12 
13 #define SIZEOF_INT 4
14 
15 #ifdef _LP64
16 #define SIZEOF_LONG 8
17 #else
18 #define SIZEOF_LONG 4
19 #endif
20 
21 #define SIZEOF_SHORT 2
22 #define HAVE_STDARG_H 1
23 #define HAVE_SYS_TYPES_H 1
24 /* End of prologue section */
25 /*
26  * include/krb5.h
27  *
28  * Copyright 1989,1990,1995 by the Massachusetts Institute of Technology.
29  * All Rights Reserved.
30  *
31  * Export of this software from the United States of America may
32  *   require a specific license from the United States Government.
33  *   It is the responsibility of any person or organization contemplating
34  *   export to obtain such a license before exporting.
35  *
36  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
37  * distribute this software and its documentation for any purpose and
38  * without fee is hereby granted, provided that the above copyright
39  * notice appear in all copies and that both that copyright notice and
40  * this permission notice appear in supporting documentation, and that
41  * the name of M.I.T. not be used in advertising or publicity pertaining
42  * to distribution of the software without specific, written prior
43  * permission.	Furthermore if you modify this software you must label
44  * your software as modified software and not distribute it in such a
45  * fashion that it might be confused with the original M.I.T. software.
46  * M.I.T. makes no representations about the suitability of
47  * this software for any purpose.  It is provided "as is" without express
48  * or implied warranty.
49  *
50  *
51  * General definitions for Kerberos version 5.
52  */
53 
54 /*
55  * Copyright (C) 1998 by the FundsXpress, INC.
56  *
57  * All rights reserved.
58  *
59  * Export of this software from the United States of America may require
60  * a specific license from the United States Government.  It is the
61  * responsibility of any person or organization contemplating export to
62  * obtain such a license before exporting.
63  *
64  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
65  * distribute this software and its documentation for any purpose and
66  * without fee is hereby granted, provided that the above copyright
67  * notice appear in all copies and that both that copyright notice and
68  * this permission notice appear in supporting documentation, and that
69  * the name of FundsXpress. not be used in advertising or publicity pertaining
70  * to distribution of the software without specific, written prior
71  * permission.  FundsXpress makes no representations about the suitability of
72  * this software for any purpose.  It is provided "as is" without express
73  * or implied warranty.
74  *
75  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
76  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
77  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
78  */
79 
80 #ifndef KRB5_GENERAL__
81 #define KRB5_GENERAL__
82 
83 #ifdef	_KERNEL
84 #include <sys/systm.h>
85 #include <sys/kmem.h>
86 
87 #include <sys/crypto/common.h>
88 #include <sys/crypto/api.h>
89 
90 /*
91  * Just to be safe lets make sure the buffers are zero'ed after
92  * malloc() as some code assumes this is the case.  To avoid warnings
93  * of duplicated defines let remove the old one if present.
94  */
95 #ifdef MALLOC
96 #undef MALLOC
97 #endif
98 #define MALLOC(n) kmem_zalloc((n), KM_SLEEP)
99 
100 #define	FREE(x, n) kmem_free((x), (n))
101 #define CALLOC(n, s) kmem_zalloc((n)*(s), KM_SLEEP)
102 #define strcpy(dst,src,n) bcopy((src),(dst),(n))
103 #define mutex_lock(lck)  mutex_enter(lck)
104 #define mutex_unlock(lck)  mutex_exit(lck)
105 
106 #else /* !_KERNEL */
107 #define	MALLOC(n) malloc(n)
108 #define	FREE(x, n) free(x)
109 #define CALLOC(n, s) calloc((n), (s))
110 #include <stdlib.h>
111 #include <thread.h>
112 #include <synch.h>
113 #include <security/cryptoki.h>
114 #include <limits.h>    /* for *_MAX */
115 #endif /* _KERNEL */
116 
117 /* By default, do not expose deprecated interfaces. */
118 /* SUNW14resync - we need to enable this for rlogind and such */
119 #ifndef KRB5_DEPRECATED
120 #define KRB5_DEPRECATED 1
121 #endif
122 /* Do not expose private interfaces.  Build system will override. */
123 /* SUNW14resync - for the Solaris build we set it to 1 here */
124 #ifndef KRB5_PRIVATE
125 #define KRB5_PRIVATE 1
126 #endif
127 
128 #if defined(__MACH__) && defined(__APPLE__)
129 #       include <TargetConditionals.h>
130 #    if TARGET_RT_MAC_CFM
131 #       error "Use KfM 4.0 SDK headers for CFM compilation."
132 #    endif
133 #endif
134 
135 #if (defined(_MSDOS) || defined(_WIN32))
136 #include <win-mac.h>
137 #endif
138 
139 #ifndef KRB5_CONFIG__
140 #ifndef KRB5_CALLCONV
141 #define KRB5_CALLCONV
142 #define KRB5_CALLCONV_C
143 #endif /* !KRB5_CALLCONV */
144 #endif /* !KRB5_CONFIG__ */
145 
146 #ifndef KRB5_CALLCONV_WRONG
147 #define KRB5_CALLCONV_WRONG
148 #endif
149 
150 /* SUNW14resync XXX */
151 #include <sys/types.h>
152 #include <sys/socket.h>
153 
154 #ifndef THREEPARAMOPEN
155 #define THREEPARAMOPEN(x,y,z) open(x,y,z)
156 #endif
157 
158 
159 /*
160  * Solaris Kerberos:
161  *   Samba needs a couple of these interfaces so old crypto is enabled.
162  */
163 #define KRB5_OLD_CRYPTO
164 
165 
166 #ifndef KRB5INT_BEGIN_DECLS
167 #if defined(__cplusplus)
168 #define KRB5INT_BEGIN_DECLS     extern "C" {
169 #define KRB5INT_END_DECLS }
170 #else
171 #define KRB5INT_BEGIN_DECLS
172 #define KRB5INT_END_DECLS
173 #endif
174 #endif /* KRB5INT_BEGIN_DECLS */
175 
176 #if TARGET_OS_MAC
177 #    pragma options align=mac68k
178 #endif
179 
180 /* from profile.h */
181 struct _profile_t;
182 /* typedef struct _profile_t *profile_t; */
183 
184 
185 /*
186  * begin wordsize.h
187  */
188 
189 /*
190  * Word-size related definition.
191  */
192 
193 typedef	unsigned char	krb5_octet;
194 
195 #if INT_MAX == 0x7fff
196 typedef	int	krb5_int16;
197 typedef	unsigned int	krb5_ui_2;
198 #elif SHRT_MAX == 0x7fff
199 typedef	short	krb5_int16;
200 typedef	unsigned short	krb5_ui_2;
201 #else
202 #error undefined 16 bit type
203 #endif
204 
205 #if INT_MAX == 0x7fffffffL
206 typedef	int		krb5_int32;
207 typedef	unsigned int	krb5_ui_4;
208 #elif LONG_MAX == 0x7fffffffL
209 typedef	long	krb5_int32;
210 typedef	unsigned long	krb5_ui_4;
211 #elif SHRT_MAX == 0x7fffffffL
212 typedef	short	krb5_int32;
213 typedef	unsigned short	krb5_ui_4;
214 #else
215 #error: undefined 32 bit type
216 #endif
217 
218 #define VALID_INT_BITS    INT_MAX
219 #define VALID_UINT_BITS   UINT_MAX
220 
221 #define KRB5_INT32_MAX	2147483647
222 /* this strange form is necessary since - is a unary operator, not a sign
223    indicator */
224 #define KRB5_INT32_MIN	(-KRB5_INT32_MAX-1)
225 
226 #define KRB5_INT16_MAX 65535
227 /* this strange form is necessary since - is a unary operator, not a sign
228    indicator */
229 #define KRB5_INT16_MIN	(-KRB5_INT16_MAX-1)
230 
231 /*
232  * end wordsize.h
233  */
234 
235 /*
236  * begin "base-defs.h"
237  */
238 
239 /*
240  * Basic definitions for Kerberos V5 library
241  */
242 
243 #ifndef FALSE
244 #define	FALSE	0
245 #endif
246 #ifndef TRUE
247 #define	TRUE	1
248 #endif
249 
250 typedef	unsigned int krb5_boolean;
251 typedef	unsigned int krb5_msgtype;
252 typedef	unsigned int krb5_kvno;
253 
254 typedef	krb5_int32	krb5_addrtype;
255 typedef krb5_int32	krb5_enctype;
256 typedef krb5_int32	krb5_cksumtype;
257 typedef krb5_int32	krb5_authdatatype;
258 typedef krb5_int32	krb5_keyusage;
259 
260 typedef krb5_int32	krb5_preauthtype; /* This may change, later on */
261 typedef	krb5_int32	krb5_flags;
262 typedef krb5_int32	krb5_timestamp;
263 typedef	krb5_int32	krb5_error_code;
264 typedef krb5_int32	krb5_deltat;
265 
266 typedef krb5_error_code	krb5_magic;
267 
268 typedef struct _krb5_data {
269     krb5_magic magic;
270     unsigned int length;
271     char *data;
272 } krb5_data;
273 
274 /*
275  * Hack length for crypto library to use the afs_string_to_key It is
276  * equivalent to -1 without possible sign extension
277  * We also overload for an unset salt type length - which is also -1, but
278  * hey, why not....
279 */
280 #define SALT_TYPE_AFS_LENGTH UINT_MAX
281 #define SALT_TYPE_NO_LENGTH  UINT_MAX
282 
283 typedef void * krb5_pointer;
284 typedef void const * krb5_const_pointer;
285 
286 typedef struct krb5_principal_data {
287     krb5_magic magic;
288     krb5_data realm;
289     krb5_data *data;		/* An array of strings */
290     krb5_int32 length;
291     krb5_int32 type;
292 } krb5_principal_data;
293 
294 typedef	krb5_principal_data * krb5_principal;
295 
296 /*
297  * Per V5 spec on definition of principal types
298  */
299 
300 /* Name type not known */
301 #define KRB5_NT_UNKNOWN		0
302 /* Just the name of the principal as in DCE, or for users */
303 #define KRB5_NT_PRINCIPAL	1
304 /* Service and other unique instance (krbtgt) */
305 #define KRB5_NT_SRV_INST	2
306 /* Service with host name as instance (telnet, rcommands) */
307 #define KRB5_NT_SRV_HST		3
308 /* Service with host as remaining components */
309 #define KRB5_NT_SRV_XHST	4
310 /* Unique ID */
311 #define KRB5_NT_UID		5
312 
313 /* constant version thereof: */
314 typedef const krb5_principal_data *krb5_const_principal;
315 
316 #define krb5_princ_realm(context, princ) (&(princ)->realm)
317 #define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value))
318 #define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value)
319 #define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value)
320 #define	krb5_princ_size(context, princ) (princ)->length
321 #define	krb5_princ_type(context, princ) (princ)->type
322 #define	krb5_princ_name(context, princ) (princ)->data
323 #define krb5_princ_component(context, princ,i)         \
324             (((i) < krb5_princ_size(context, princ)) \
325              ? (princ)->data + (i)                   \
326              : NULL)
327 
328 /*
329  * end "base-defs.h"
330  */
331 
332 /*
333  * begin "hostaddr.h"
334  */
335 
336 /* structure for address */
337 typedef struct _krb5_address {
338     krb5_magic magic;
339     krb5_addrtype addrtype;
340     unsigned int length;
341     krb5_octet *contents;
342 } krb5_address;
343 
344 /* per Kerberos v5 protocol spec */
345 #define	ADDRTYPE_INET		0x0002
346 #define	ADDRTYPE_CHAOS		0x0005
347 #define	ADDRTYPE_XNS		0x0006
348 #define	ADDRTYPE_ISO		0x0007
349 #define	ADDRTYPE_DDP		0x0010
350 #define	ADDRTYPE_INET6		0x0018
351 /* not yet in the spec... */
352 #define	ADDRTYPE_ADDRPORT	0x0100
353 #define	ADDRTYPE_IPPORT		0x0101
354 
355 /* macros to determine if a type is a local type */
356 #define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000)
357 
358 /*
359  * end "hostaddr.h"
360  */
361 
362 
363 struct _krb5_context;
364 typedef struct _krb5_context * krb5_context;
365 
366 struct _krb5_auth_context;
367 typedef struct _krb5_auth_context * krb5_auth_context;
368 
369 struct _krb5_cryptosystem_entry;
370 
371 /* SUNW EF (I assume) crypto mods ... */
372 struct _krb5_keyblock;
373 
374 /*
375  * keyblocks will contain a list of derived keys,
376  * this  structure will contain the derived key data.
377  */
378 typedef struct _dk_node {
379     krb5_keyusage   usage;
380     struct _krb5_keyblock   *derived_key;
381     uchar_t         dkid; /* derived key identifier byte */
382     struct _dk_node *next;
383 } krb5_dk_node;
384 
385 /*
386  * begin "encryption.h"
387  */
388 typedef struct _krb5_keyblock {
389     krb5_magic magic;
390     krb5_enctype enctype;
391     unsigned int length;
392     krb5_octet *contents;
393     krb5_dk_node   *dk_list; /* list of keys derived from this key */
394 #ifdef _KERNEL
395     crypto_mech_type_t     kef_mt;
396     crypto_key_t           kef_key;
397     crypto_ctx_template_t  key_tmpl;
398 #else
399     CK_OBJECT_HANDLE       hKey; /* PKCS#11 key object handle */
400     pid_t	pid; /* fork safety */
401 #endif /* _KERNEL */
402 } krb5_keyblock;
403 
404 typedef struct _krb5_checksum {
405     krb5_magic magic;
406     krb5_cksumtype checksum_type;	/* checksum type */
407     unsigned int length;
408     krb5_octet *contents;
409 } krb5_checksum;
410 
411 typedef struct _krb5_encrypt_block {
412     krb5_magic magic;
413     krb5_enctype crypto_entry;		/* to call krb5_encrypt_size, you need
414 					   this.  it was a pointer, but it
415 					   doesn't have to be.  gross. */
416     krb5_keyblock *key;
417 } krb5_encrypt_block;
418 
419 typedef struct _krb5_enc_data {
420     krb5_magic magic;
421     krb5_enctype enctype;
422     krb5_kvno kvno;
423     krb5_data ciphertext;
424 } krb5_enc_data;
425 
426 /* per Kerberos v5 protocol spec */
427 #define	ENCTYPE_NULL		0x0000
428 #define	ENCTYPE_DES_CBC_CRC	0x0001	/* DES cbc mode with CRC-32 */
429 #define	ENCTYPE_DES_CBC_MD4	0x0002	/* DES cbc mode with RSA-MD4 */
430 #define	ENCTYPE_DES_CBC_MD5	0x0003	/* DES cbc mode with RSA-MD5 */
431 #define	ENCTYPE_DES_CBC_RAW	0x0004  /* DES cbc mode raw */
432 /* XXX deprecated? */
433 #define	ENCTYPE_DES3_CBC_SHA	0x0005	/* DES-3 cbc mode with NIST-SHA */
434 #define	ENCTYPE_DES3_CBC_RAW	0x0006	/* DES-3 cbc mode raw */
435 #define	ENCTYPE_DES_HMAC_SHA1	0x0008
436 #define	ENCTYPE_DES3_CBC_SHA1	0x0010
437 #define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
438 #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
439 #define ENCTYPE_ARCFOUR_HMAC	0x0017
440 #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
441 #define	ENCTYPE_UNKNOWN		0x01ff
442 
443 #define	CKSUMTYPE_CRC32		0x0001
444 #define	CKSUMTYPE_RSA_MD4	0x0002
445 #define	CKSUMTYPE_RSA_MD4_DES	0x0003
446 #define	CKSUMTYPE_DESCBC	0x0004
447 /* des-mac-k */
448 /* rsa-md4-des-k */
449 #define	CKSUMTYPE_RSA_MD5	0x0007
450 #define	CKSUMTYPE_RSA_MD5_DES	0x0008
451 #define	CKSUMTYPE_NIST_SHA	0x0009
452 #define	CKSUMTYPE_HMAC_SHA1_DES3	0x000c
453 #define CKSUMTYPE_HMAC_SHA1_96_AES128	0x000f
454 #define CKSUMTYPE_HMAC_SHA1_96_AES256	0x0010
455 #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
456 
457 /* The following are entropy source designations. Whenever
458  * krb5_C_random_add_entropy is called, one of these source  ids is passed
459  * in.  This  allows the library  to better estimate bits of
460  * entropy in the sample and to keep track of what sources of entropy have
461  * contributed enough entropy.  Sources marked internal MUST NOT be
462  * used by applications outside the Kerberos library
463 */
464 
465 enum {
466   KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/
467   KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/
468   KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/
469   /*This source should be used carefully; data in this category
470    * should be from a third party trusted to give random bits
471    * For example keys issued by the KDC in the application server.
472    */
473   KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/
474   KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/
475   KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/
476 };
477 
478 #ifndef krb5_roundup
479 /* round x up to nearest multiple of y */
480 #define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y))
481 #endif /* roundup */
482 
483 /* macro function definitions to help clean up code */
484 
485 #ifndef _KERNEL
486 #define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
487 #define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
488 #else
489 #define krb5_x(ptr,args) ((*(ptr)) args)
490 #define krb5_xc(ptr,args) ((*(ptr)) args)
491 #endif
492 
493 krb5_error_code KRB5_CALLCONV
494     krb5_c_encrypt
495     (krb5_context context,
496 		    const krb5_keyblock *key,
497 		    krb5_keyusage usage, const krb5_data *ivec,
498 		    const krb5_data *input, krb5_enc_data *output);
499 
500 krb5_error_code KRB5_CALLCONV
501     krb5_c_decrypt
502     (krb5_context context,
503 		    const krb5_keyblock *key,
504 		    krb5_keyusage usage, const krb5_data *ivec,
505 		    const krb5_enc_data *input, krb5_data *output);
506 
507 krb5_error_code KRB5_CALLCONV
508     krb5_c_encrypt_length
509     (krb5_context context, krb5_enctype enctype,
510 		    size_t inputlen, size_t *length);
511 
512 krb5_error_code KRB5_CALLCONV
513     krb5_c_block_size
514     (krb5_context context, krb5_enctype enctype,
515 		    size_t *blocksize);
516 
517 krb5_error_code KRB5_CALLCONV
518 	krb5_c_init_state(krb5_context,
519 		const krb5_keyblock *, krb5_keyusage,
520 		krb5_data *);
521 
522 krb5_error_code KRB5_CALLCONV
523 	krb5_c_free_state(krb5_context,
524 		const krb5_keyblock *, krb5_data *);
525 
526 krb5_error_code KRB5_CALLCONV
527     krb5_c_make_random_key
528     (krb5_context context, krb5_enctype enctype,
529 		    krb5_keyblock *random_key);
530 
531 /* Register a new entropy sample  with the PRNG. may cause
532 * the PRNG to be reseeded, although this is not guaranteed.  See previous randsource definitions
533 * for information on how each source should be used.
534 */
535 krb5_error_code KRB5_CALLCONV
536         krb5_c_random_add_entropy
537 (krb5_context context, unsigned int  randsource_id, const krb5_data *data);
538 
539 krb5_error_code KRB5_CALLCONV
540     krb5_c_random_make_octets
541     (krb5_context context, krb5_data *data);
542 
543 /*
544 * Collect entropy from the OS if possible. strong requests that as strong
545 * of a source of entropy  as available be used.  Setting strong may
546 * increase the probability of blocking and should not  be used for normal
547 * applications.  Good uses include seeding the PRNG for kadmind
548 * and realm setup.
549 * If successful is non-null, then successful is set to 1 if the OS provided
550 * entropy else zero.
551 */
552 #if 0 /* SUNW14resync - not used in Solaris */
553 krb5_error_code KRB5_CALLCONV
554 krb5_c_random_os_entropy
555 (krb5_context context, int strong, int *success);
556 #endif
557 
558 /*deprecated*/ krb5_error_code KRB5_CALLCONV
559     krb5_c_random_seed
560     (krb5_context context, krb5_data *data);
561 
562 krb5_error_code KRB5_CALLCONV
563     krb5_c_string_to_key
564     (krb5_context context, krb5_enctype enctype,
565 		    const krb5_data *string, const krb5_data *salt,
566 		    krb5_keyblock *key);
567 
568 krb5_error_code KRB5_CALLCONV
569 krb5_c_string_to_key_with_params(krb5_context context,
570                                  krb5_enctype enctype,
571                                  const krb5_data *string,
572                                  const krb5_data *salt,
573                                  const krb5_data *params,
574                                  krb5_keyblock *key);
575 
576 krb5_error_code KRB5_CALLCONV
577     krb5_c_enctype_compare
578     (krb5_context context, krb5_enctype e1, krb5_enctype e2,
579 		    krb5_boolean *similar);
580 
581 krb5_error_code KRB5_CALLCONV
582     krb5_c_make_checksum
583     (krb5_context context, krb5_cksumtype cksumtype,
584 		    const krb5_keyblock *key, krb5_keyusage usage,
585 		    const krb5_data *input, krb5_checksum *cksum);
586 
587 krb5_error_code KRB5_CALLCONV
588     krb5_c_verify_checksum
589     (krb5_context context,
590 		    const krb5_keyblock *key, krb5_keyusage usage,
591 		    const krb5_data *data,
592 		    const krb5_checksum *cksum,
593 		    krb5_boolean *valid);
594 
595 krb5_error_code KRB5_CALLCONV
596     krb5_c_checksum_length
597     (krb5_context context, krb5_cksumtype cksumtype,
598 		    size_t *length);
599 
600 krb5_error_code KRB5_CALLCONV
601     krb5_c_keyed_checksum_types
602     (krb5_context context, krb5_enctype enctype,
603 		    unsigned int *count, krb5_cksumtype **cksumtypes);
604 
605 #define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS		1
606 #define KRB5_KEYUSAGE_KDC_REP_TICKET		2
607 #define KRB5_KEYUSAGE_AS_REP_ENCPART		3
608 #define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY	4
609 #define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY		5
610 #define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM	6
611 #define KRB5_KEYUSAGE_TGS_REQ_AUTH		7
612 #define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY	8
613 #define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY	9
614 #define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM		10
615 #define KRB5_KEYUSAGE_AP_REQ_AUTH		11
616 #define KRB5_KEYUSAGE_AP_REP_ENCPART		12
617 #define KRB5_KEYUSAGE_KRB_PRIV_ENCPART		13
618 #define KRB5_KEYUSAGE_KRB_CRED_ENCPART		14
619 #define KRB5_KEYUSAGE_KRB_SAFE_CKSUM		15
620 #define KRB5_KEYUSAGE_APP_DATA_ENCRYPT		16
621 #define KRB5_KEYUSAGE_APP_DATA_CKSUM		17
622 #define KRB5_KEYUSAGE_KRB_ERROR_CKSUM		18
623 #define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM	19
624 #define KRB5_KEYUSAGE_AD_MTE			20
625 #define KRB5_KEYUSAGE_AD_ITE			21
626 
627 /* XXX need to register these */
628 
629 #define KRB5_KEYUSAGE_GSS_TOK_MIC		22
630 #define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG	23
631 #define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV		24
632 
633 /* Defined in hardware preauth draft */
634 
635 #define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM	25
636 #define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID	26
637 #define KRB5_KEYUSAGE_PA_SAM_RESPONSE		27
638 
639 krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype
640         (krb5_enctype ktype);
641 krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype
642         (krb5_cksumtype ctype);
643 krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum
644         (krb5_cksumtype ctype);
645 krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum
646         (krb5_cksumtype ctype);
647 
648 
649 #if KRB5_PRIVATE
650 /* Use the above four instead.  */
651 krb5_boolean KRB5_CALLCONV valid_enctype
652         (krb5_enctype ktype);
653 krb5_boolean KRB5_CALLCONV valid_cksumtype
654         (krb5_cksumtype ctype);
655 krb5_boolean KRB5_CALLCONV is_coll_proof_cksum
656         (krb5_cksumtype ctype);
657 krb5_boolean KRB5_CALLCONV is_keyed_cksum
658         (krb5_cksumtype ctype);
659 #endif
660 
661 
662 #ifdef KRB5_OLD_CRYPTO
663 /*
664  * old cryptosystem routine prototypes.  These are now layered
665  * on top of the functions above.
666  */
667 krb5_error_code KRB5_CALLCONV krb5_use_enctype
668         (krb5_context context,
669                 krb5_encrypt_block * eblock,
670                 krb5_enctype enctype);
671 
672 krb5_error_code KRB5_CALLCONV krb5_string_to_key
673         (krb5_context context,
674                 const krb5_encrypt_block * eblock,
675                 krb5_keyblock * keyblock,
676                 const krb5_data * data,
677                 const krb5_data * salt);
678 
679 size_t KRB5_CALLCONV krb5_checksum_size
680 	(krb5_context context,
681 		krb5_cksumtype ctype);
682 #endif /* KRB5_OLD_CRYPTO */
683 
684 /*
685  * end "encryption.h"
686  */
687 
688 /*
689  * begin "fieldbits.h"
690  */
691 
692 /* kdc_options for kdc_request */
693 /* options is 32 bits; each host is responsible to put the 4 bytes
694    representing these bits into net order before transmission */
695 /* #define	KDC_OPT_RESERVED	0x80000000 */
696 #define	KDC_OPT_FORWARDABLE		0x40000000
697 #define	KDC_OPT_FORWARDED		0x20000000
698 #define	KDC_OPT_PROXIABLE		0x10000000
699 #define	KDC_OPT_PROXY			0x08000000
700 #define	KDC_OPT_ALLOW_POSTDATE		0x04000000
701 #define	KDC_OPT_POSTDATED		0x02000000
702 /* #define	KDC_OPT_UNUSED		0x01000000 */
703 #define	KDC_OPT_RENEWABLE		0x00800000
704 /* #define	KDC_OPT_UNUSED		0x00400000 */
705 /* #define	KDC_OPT_RESERVED	0x00200000 */
706 /* #define	KDC_OPT_RESERVED	0x00100000 */
707 /* #define	KDC_OPT_RESERVED	0x00080000 */
708 /* #define	KDC_OPT_RESERVED	0x00040000 */
709 #define	KDC_OPT_REQUEST_ANONYMOUS	0x00020000
710 /* #define	KDC_OPT_RESERVED	0x00010000 */
711 /* #define	KDC_OPT_RESERVED	0x00008000 */
712 /* #define	KDC_OPT_RESERVED	0x00004000 */
713 /* #define	KDC_OPT_RESERVED	0x00002000 */
714 /* #define	KDC_OPT_RESERVED	0x00001000 */
715 /* #define	KDC_OPT_RESERVED	0x00000800 */
716 /* #define	KDC_OPT_RESERVED	0x00000400 */
717 /* #define	KDC_OPT_RESERVED	0x00000200 */
718 /* #define	KDC_OPT_RESERVED	0x00000100 */
719 /* #define	KDC_OPT_RESERVED	0x00000080 */
720 /* #define	KDC_OPT_RESERVED	0x00000040 */
721 #define	KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020
722 #define	KDC_OPT_RENEWABLE_OK		0x00000010
723 #define	KDC_OPT_ENC_TKT_IN_SKEY		0x00000008
724 /* #define	KDC_OPT_UNUSED		0x00000004 */
725 #define	KDC_OPT_RENEW			0x00000002
726 #define	KDC_OPT_VALIDATE		0x00000001
727 
728 /*
729  * Mask of ticket flags in the TGT which should be converted into KDC
730  * options when using the TGT to get derivitive tickets.
731  *
732  *  New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE |
733  *             KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE
734  */
735 #define KDC_TKT_COMMON_MASK		0x54800000
736 
737 /* definitions for ap_options fields */
738 /* ap_options are 32 bits; each host is responsible to put the 4 bytes
739    representing these bits into net order before transmission */
740 #define	AP_OPTS_RESERVED		0x80000000
741 #define	AP_OPTS_USE_SESSION_KEY		0x40000000
742 #define	AP_OPTS_MUTUAL_REQUIRED		0x20000000
743 /* #define	AP_OPTS_RESERVED	0x10000000 */
744 /* #define	AP_OPTS_RESERVED	0x08000000 */
745 /* #define	AP_OPTS_RESERVED	0x04000000 */
746 /* #define	AP_OPTS_RESERVED	0x02000000 */
747 /* #define	AP_OPTS_RESERVED	0x01000000 */
748 /* #define	AP_OPTS_RESERVED	0x00800000 */
749 /* #define	AP_OPTS_RESERVED	0x00400000 */
750 /* #define	AP_OPTS_RESERVED	0x00200000 */
751 /* #define	AP_OPTS_RESERVED	0x00100000 */
752 /* #define	AP_OPTS_RESERVED	0x00080000 */
753 /* #define	AP_OPTS_RESERVED	0x00040000 */
754 /* #define	AP_OPTS_RESERVED	0x00020000 */
755 /* #define	AP_OPTS_RESERVED	0x00010000 */
756 /* #define	AP_OPTS_RESERVED	0x00008000 */
757 /* #define	AP_OPTS_RESERVED	0x00004000 */
758 /* #define	AP_OPTS_RESERVED	0x00002000 */
759 /* #define	AP_OPTS_RESERVED	0x00001000 */
760 /* #define	AP_OPTS_RESERVED	0x00000800 */
761 /* #define	AP_OPTS_RESERVED	0x00000400 */
762 /* #define	AP_OPTS_RESERVED	0x00000200 */
763 /* #define	AP_OPTS_RESERVED	0x00000100 */
764 /* #define	AP_OPTS_RESERVED	0x00000080 */
765 /* #define	AP_OPTS_RESERVED	0x00000040 */
766 /* #define	AP_OPTS_RESERVED	0x00000020 */
767 /* #define	AP_OPTS_RESERVED	0x00000010 */
768 /* #define	AP_OPTS_RESERVED	0x00000008 */
769 /* #define	AP_OPTS_RESERVED	0x00000004 */
770 /* #define	AP_OPTS_RESERVED	0x00000002 */
771 #define AP_OPTS_USE_SUBKEY      0x00000001
772 
773 #define AP_OPTS_WIRE_MASK	0xfffffff0
774 
775 /* definitions for ad_type fields. */
776 #define	AD_TYPE_RESERVED	0x8000
777 #define	AD_TYPE_EXTERNAL	0x4000
778 #define	AD_TYPE_REGISTERED	0x2000
779 
780 #define AD_TYPE_FIELD_TYPE_MASK	0x1fff
781 
782 /* Ticket flags */
783 /* flags are 32 bits; each host is responsible to put the 4 bytes
784    representing these bits into net order before transmission */
785 /* #define	TKT_FLG_RESERVED	0x80000000 */
786 #define	TKT_FLG_FORWARDABLE		0x40000000
787 #define	TKT_FLG_FORWARDED		0x20000000
788 #define	TKT_FLG_PROXIABLE		0x10000000
789 #define	TKT_FLG_PROXY			0x08000000
790 #define	TKT_FLG_MAY_POSTDATE		0x04000000
791 #define	TKT_FLG_POSTDATED		0x02000000
792 #define	TKT_FLG_INVALID			0x01000000
793 #define	TKT_FLG_RENEWABLE		0x00800000
794 #define	TKT_FLG_INITIAL			0x00400000
795 #define	TKT_FLG_PRE_AUTH		0x00200000
796 #define	TKT_FLG_HW_AUTH			0x00100000
797 #define	TKT_FLG_TRANSIT_POLICY_CHECKED	0x00080000
798 #define	TKT_FLG_OK_AS_DELEGATE		0x00040000
799 #define	TKT_FLG_ANONYMOUS		0x00020000
800 /* #define	TKT_FLG_RESERVED	0x00010000 */
801 /* #define	TKT_FLG_RESERVED	0x00008000 */
802 /* #define	TKT_FLG_RESERVED	0x00004000 */
803 /* #define	TKT_FLG_RESERVED	0x00002000 */
804 /* #define	TKT_FLG_RESERVED	0x00001000 */
805 /* #define	TKT_FLG_RESERVED	0x00000800 */
806 /* #define	TKT_FLG_RESERVED	0x00000400 */
807 /* #define	TKT_FLG_RESERVED	0x00000200 */
808 /* #define	TKT_FLG_RESERVED	0x00000100 */
809 /* #define	TKT_FLG_RESERVED	0x00000080 */
810 /* #define	TKT_FLG_RESERVED	0x00000040 */
811 /* #define	TKT_FLG_RESERVED	0x00000020 */
812 /* #define	TKT_FLG_RESERVED	0x00000010 */
813 /* #define	TKT_FLG_RESERVED	0x00000008 */
814 /* #define	TKT_FLG_RESERVED	0x00000004 */
815 /* #define	TKT_FLG_RESERVED	0x00000002 */
816 /* #define	TKT_FLG_RESERVED	0x00000001 */
817 
818 /* definitions for lr_type fields. */
819 #define	LR_TYPE_THIS_SERVER_ONLY	0x8000
820 
821 #define LR_TYPE_INTERPRETATION_MASK	0x7fff
822 
823 /* definitions for ad_type fields. */
824 #define	AD_TYPE_EXTERNAL	0x4000
825 #define	AD_TYPE_REGISTERED	0x2000
826 
827 #define AD_TYPE_FIELD_TYPE_MASK	0x1fff
828 #define AD_TYPE_INTERNAL_MASK	0x3fff
829 
830 /* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */
831 #define	MSEC_DIRBIT		0x8000
832 #define	MSEC_VAL_MASK		0x7fff
833 
834 /*
835  * end "fieldbits.h"
836  */
837 
838 /*
839  * begin "proto.h"
840  */
841 
842 /* Protocol version number */
843 #define	KRB5_PVNO	5
844 
845 /* Message types */
846 
847 #define	KRB5_AS_REQ	((krb5_msgtype)10) /* Req for initial authentication */
848 #define	KRB5_AS_REP	((krb5_msgtype)11) /* Response to KRB_AS_REQ request */
849 #define	KRB5_TGS_REQ	((krb5_msgtype)12) /* TGS request to server */
850 #define	KRB5_TGS_REP	((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */
851 #define	KRB5_AP_REQ	((krb5_msgtype)14) /* application request to server */
852 #define	KRB5_AP_REP	((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */
853 #define	KRB5_SAFE	((krb5_msgtype)20) /* Safe application message */
854 #define	KRB5_PRIV	((krb5_msgtype)21) /* Private application message */
855 #define	KRB5_CRED	((krb5_msgtype)22) /* Credential forwarding message */
856 #define	KRB5_ERROR	((krb5_msgtype)30) /* Error response */
857 
858 /* LastReq types */
859 #define	KRB5_LRQ_NONE			0
860 #define	KRB5_LRQ_ALL_LAST_TGT		1
861 #define	KRB5_LRQ_ONE_LAST_TGT		(-1)
862 #define	KRB5_LRQ_ALL_LAST_INITIAL	2
863 #define	KRB5_LRQ_ONE_LAST_INITIAL	(-2)
864 #define	KRB5_LRQ_ALL_LAST_TGT_ISSUED	3
865 #define	KRB5_LRQ_ONE_LAST_TGT_ISSUED	(-3)
866 #define	KRB5_LRQ_ALL_LAST_RENEWAL	4
867 #define	KRB5_LRQ_ONE_LAST_RENEWAL	(-4)
868 #define	KRB5_LRQ_ALL_LAST_REQ		5
869 #define	KRB5_LRQ_ONE_LAST_REQ		(-5)
870 #define	KRB5_LRQ_ALL_PW_EXPTIME		6
871 #define	KRB5_LRQ_ONE_PW_EXPTIME		(-6)
872 
873 
874 /* PADATA types */
875 #define	KRB5_PADATA_NONE                0
876 #define	KRB5_PADATA_AP_REQ		1
877 #define	KRB5_PADATA_TGS_REQ		KRB5_PADATA_AP_REQ
878 #define KRB5_PADATA_ENC_TIMESTAMP	2
879 #define	KRB5_PADATA_PW_SALT		3
880 #if 0				/* Not used */
881 #define KRB5_PADATA_ENC_ENCKEY          4  /* Key encrypted within itself */
882 #endif
883 #define KRB5_PADATA_ENC_UNIX_TIME       5  /* timestamp encrypted in key */
884 #define KRB5_PADATA_ENC_SANDIA_SECURID  6  /* SecurId passcode */
885 #define KRB5_PADATA_SESAME		7  /* Sesame project */
886 #define KRB5_PADATA_OSF_DCE		8  /* OSF DCE */
887 #define KRB5_CYBERSAFE_SECUREID		9  /* Cybersafe */
888 #define	KRB5_PADATA_AFS3_SALT		10 /* Cygnus */
889 #define KRB5_PADATA_ETYPE_INFO		11 /* Etype info for preauth */
890 #define KRB5_PADATA_SAM_CHALLENGE	12 /* draft challenge system */
891 #define KRB5_PADATA_SAM_RESPONSE	13 /* draft challenge system response */
892 #define KRB5_PADATA_PK_AS_REQ		14 /* PKINIT */
893 #define KRB5_PADATA_PK_AS_REP		15 /* PKINIT */
894 #define KRB5_PADATA_ETYPE_INFO2 	19
895 #define KRB5_PADATA_SAM_CHALLENGE_2	30 /* draft challenge system, updated */
896 #define KRB5_PADATA_SAM_RESPONSE_2	31 /* draft challenge system, updated */
897 
898 #define	KRB5_SAM_USE_SAD_AS_KEY		0x80000000
899 #define	KRB5_SAM_SEND_ENCRYPTED_SAD	0x40000000
900 #define	KRB5_SAM_MUST_PK_ENCRYPT_SAD	0x20000000 /* currently must be zero */
901 
902 /* Reserved for SPX pre-authentication. */
903 #define KRB5_PADATA_DASS		16
904 
905 /* Transited encoding types */
906 #define	KRB5_DOMAIN_X500_COMPRESS	1
907 
908 /* alternate authentication types */
909 #define	KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE	64
910 
911 /* authorization data types */
912 #define	KRB5_AUTHDATA_OSF_DCE	64
913 #define KRB5_AUTHDATA_SESAME	65
914 
915 /* password change constants */
916 
917 #define KRB5_KPASSWD_SUCCESS		0
918 #define KRB5_KPASSWD_MALFORMED		1
919 #define KRB5_KPASSWD_HARDERROR		2
920 #define KRB5_KPASSWD_AUTHERROR		3
921 #define KRB5_KPASSWD_SOFTERROR		4
922 /* These are Microsoft's extensions in RFC 3244, and it looks like
923    they'll become standardized, possibly with other additions.  */
924 #define KRB5_KPASSWD_ACCESSDENIED       5       /* unused */
925 #define KRB5_KPASSWD_BAD_VERSION        6
926 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7      /* unused */
927 
928 /*
929  * end "proto.h"
930  */
931 
932 /* Time set */
933 typedef struct _krb5_ticket_times {
934     krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
935 				in ticket? otherwise client can't get this */
936     krb5_timestamp starttime;		/* optional in ticket, if not present,
937 					   use authtime */
938     krb5_timestamp endtime;
939     krb5_timestamp renew_till;
940 } krb5_ticket_times;
941 
942 /* structure for auth data */
943 typedef struct _krb5_authdata {
944     krb5_magic magic;
945     krb5_authdatatype ad_type;
946     unsigned int length;
947     krb5_octet *contents;
948 } krb5_authdata;
949 
950 /* structure for transited encoding */
951 typedef struct _krb5_transited {
952     krb5_magic magic;
953     krb5_octet tr_type;
954     krb5_data tr_contents;
955 } krb5_transited;
956 
957 typedef struct _krb5_enc_tkt_part {
958     krb5_magic magic;
959     /* to-be-encrypted portion */
960     krb5_flags flags;			/* flags */
961     krb5_keyblock *session;		/* session key: includes enctype */
962     krb5_principal client;		/* client name/realm */
963     krb5_transited transited;		/* list of transited realms */
964     krb5_ticket_times times;		/* auth, start, end, renew_till */
965     krb5_address * *caddrs;	/* array of ptrs to addresses */
966     krb5_authdata * *authorization_data; /* auth data */
967 } krb5_enc_tkt_part;
968 
969 typedef struct _krb5_ticket {
970     krb5_magic magic;
971     /* cleartext portion */
972     krb5_principal server;		/* server name/realm */
973     krb5_enc_data enc_part;		/* encryption type, kvno, encrypted
974 					   encoding */
975     krb5_enc_tkt_part *enc_part2;	/* ptr to decrypted version, if
976 					   available */
977 } krb5_ticket;
978 
979 /* the unencrypted version */
980 typedef struct _krb5_authenticator {
981     krb5_magic magic;
982     krb5_principal client;		/* client name/realm */
983     krb5_checksum *checksum;	/* checksum, includes type, optional */
984     krb5_int32 cusec;			/* client usec portion */
985     krb5_timestamp ctime;		/* client sec portion */
986     krb5_keyblock *subkey;		/* true session key, optional */
987     krb5_ui_4 seq_number;		/* sequence #, optional */
988     krb5_authdata * *authorization_data; /* New add by Ari, auth data */
989 } krb5_authenticator;
990 
991 typedef struct _krb5_tkt_authent {
992     krb5_magic magic;
993     krb5_ticket *ticket;
994     krb5_authenticator *authenticator;
995     krb5_flags ap_options;
996 } krb5_tkt_authent;
997 
998 /* credentials:  Ticket, session key, etc. */
999 typedef struct _krb5_creds {
1000     krb5_magic magic;
1001     krb5_principal client;		/* client's principal identifier */
1002     krb5_principal server;		/* server's principal identifier */
1003     krb5_keyblock keyblock;		/* session encryption key info */
1004     krb5_ticket_times times;		/* lifetime info */
1005     krb5_boolean is_skey;		/* true if ticket is encrypted in
1006 					   another ticket's skey */
1007     krb5_flags ticket_flags;		/* flags in ticket */
1008     krb5_address * *addresses;	/* addrs in ticket */
1009     krb5_data ticket;			/* ticket string itself */
1010     krb5_data second_ticket;		/* second ticket, if related to
1011 					   ticket (via DUPLICATE-SKEY or
1012 					   ENC-TKT-IN-SKEY) */
1013     krb5_authdata * *authdata;	/* authorization data */
1014 } krb5_creds;
1015 
1016 /* Last request fields */
1017 typedef struct _krb5_last_req_entry {
1018     krb5_magic magic;
1019     krb5_int32 lr_type;
1020     krb5_timestamp value;
1021 } krb5_last_req_entry;
1022 
1023 /* pre-authentication data */
1024 typedef struct _krb5_pa_data {
1025     krb5_magic magic;
1026     krb5_preauthtype  pa_type;
1027     unsigned int length;
1028     krb5_octet *contents;
1029 } krb5_pa_data;
1030 
1031 typedef struct _krb5_kdc_req {
1032     krb5_magic magic;
1033     krb5_msgtype msg_type;		/* AS_REQ or TGS_REQ? */
1034     krb5_pa_data * *padata;	/* e.g. encoded AP_REQ */
1035     /* real body */
1036     krb5_flags kdc_options;		/* requested options */
1037     krb5_principal client;		/* includes realm; optional */
1038     krb5_principal server;		/* includes realm (only used if no
1039 					   client) */
1040     krb5_timestamp from;		/* requested starttime */
1041     krb5_timestamp till;		/* requested endtime */
1042     krb5_timestamp rtime;		/* (optional) requested renew_till */
1043     krb5_int32 nonce;			/* nonce to match request/response */
1044     int nktypes;			/* # of ktypes, must be positive */
1045     krb5_enctype *ktype;		/* requested enctype(s) */
1046     krb5_address * *addresses;	/* requested addresses, optional */
1047     krb5_enc_data authorization_data;	/* encrypted auth data; OPTIONAL */
1048     krb5_authdata * *unenc_authdata; /* unencrypted auth data,
1049 					   if available */
1050     krb5_ticket * *second_ticket;/* second ticket array; OPTIONAL */
1051 } krb5_kdc_req;
1052 
1053 typedef struct _krb5_enc_kdc_rep_part {
1054     krb5_magic magic;
1055     /* encrypted part: */
1056     krb5_msgtype msg_type;		/* krb5 message type */
1057     krb5_keyblock *session;		/* session key */
1058     krb5_last_req_entry * *last_req; /* array of ptrs to entries */
1059     krb5_int32 nonce;			/* nonce from request */
1060     krb5_timestamp key_exp;		/* expiration date */
1061     krb5_flags flags;			/* ticket flags */
1062     krb5_ticket_times times;		/* lifetime info */
1063     krb5_principal server;		/* server's principal identifier */
1064     krb5_address * *caddrs;	/* array of ptrs to addresses,
1065 					   optional */
1066 } krb5_enc_kdc_rep_part;
1067 
1068 typedef struct _krb5_kdc_rep {
1069     krb5_magic magic;
1070     /* cleartext part: */
1071     krb5_msgtype msg_type;		/* AS_REP or KDC_REP? */
1072     krb5_pa_data * *padata;	/* preauthentication data from KDC */
1073     krb5_principal client;		/* client's principal identifier */
1074     krb5_ticket *ticket;		/* ticket */
1075     krb5_enc_data enc_part;		/* encryption type, kvno, encrypted
1076 					   encoding */
1077     krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */
1078 } krb5_kdc_rep;
1079 
1080 /* error message structure */
1081 typedef struct _krb5_error {
1082     krb5_magic magic;
1083     /* some of these may be meaningless in certain contexts */
1084     krb5_timestamp ctime;		/* client sec portion; optional */
1085     krb5_int32 cusec;			/* client usec portion; optional */
1086     krb5_int32 susec;			/* server usec portion */
1087     krb5_timestamp stime;		/* server sec portion */
1088     krb5_ui_4 error;			/* error code (protocol error #'s) */
1089     krb5_principal client;		/* client's principal identifier;
1090 					   optional */
1091     krb5_principal server;		/* server's principal identifier */
1092     krb5_data text;			/* descriptive text */
1093     krb5_data e_data;			/* additional error-describing data */
1094 } krb5_error;
1095 
1096 typedef struct _krb5_ap_req {
1097     krb5_magic magic;
1098     krb5_flags ap_options;		/* requested options */
1099     krb5_ticket *ticket;		/* ticket */
1100     krb5_enc_data authenticator;	/* authenticator (already encrypted) */
1101 } krb5_ap_req;
1102 
1103 typedef struct _krb5_ap_rep {
1104     krb5_magic magic;
1105     krb5_enc_data enc_part;
1106 } krb5_ap_rep;
1107 
1108 typedef struct _krb5_ap_rep_enc_part {
1109     krb5_magic magic;
1110     krb5_timestamp ctime;		/* client time, seconds portion */
1111     krb5_int32 cusec;			/* client time, microseconds portion */
1112     krb5_keyblock *subkey;		/* true session key, optional */
1113     krb5_ui_4 seq_number;		/* sequence #, optional */
1114 } krb5_ap_rep_enc_part;
1115 
1116 typedef struct _krb5_response {
1117     krb5_magic magic;
1118     krb5_octet message_type;
1119     krb5_data response;
1120     krb5_int32 expected_nonce;	/* The expected nonce for KDC_REP messages */
1121     krb5_timestamp request_time;   /* When we made the request */
1122 } krb5_response;
1123 
1124 typedef struct _krb5_cred_info {
1125     krb5_magic magic;
1126     krb5_keyblock *session;         /* session key used to encrypt */
1127 					/* ticket */
1128     krb5_principal client;              /* client name/realm, optional */
1129     krb5_principal server;              /* server name/realm, optional */
1130     krb5_flags flags;			/* ticket flags, optional */
1131     krb5_ticket_times times;		/* auth, start, end, renew_till, */
1132                                         /* optional */
1133     krb5_address * *caddrs;	/* array of ptrs to addresses */
1134 } krb5_cred_info;
1135 
1136 typedef struct _krb5_cred_enc_part {
1137     krb5_magic magic;
1138     krb5_int32 nonce;                   /* nonce, optional */
1139     krb5_timestamp timestamp;           /* client time */
1140     krb5_int32 usec;                    /* microsecond portion of time */
1141     krb5_address *s_address;        /* sender address, optional */
1142     krb5_address *r_address;        /* recipient address, optional */
1143     krb5_cred_info * *ticket_info;
1144 } krb5_cred_enc_part;
1145 
1146 typedef struct _krb5_cred {
1147     krb5_magic magic;
1148     krb5_ticket * *tickets;	/* tickets */
1149     krb5_enc_data enc_part;		/* encrypted part */
1150     krb5_cred_enc_part *enc_part2; 	/* unencrypted version, if available*/
1151 } krb5_cred;
1152 
1153 /* Sandia password generation structures */
1154 typedef struct _passwd_phrase_element {
1155     krb5_magic magic;
1156     krb5_data *passwd;
1157     krb5_data *phrase;
1158 } passwd_phrase_element;
1159 
1160 typedef struct _krb5_pwd_data {
1161     krb5_magic magic;
1162     int sequence_count;
1163     passwd_phrase_element * *element;
1164 } krb5_pwd_data;
1165 
1166 /* these need to be here so the typedefs are available for the prototypes */
1167 
1168 /*
1169  * begin "safepriv.h"
1170  */
1171 
1172 #define KRB5_AUTH_CONTEXT_DO_TIME       0x00000001
1173 #define KRB5_AUTH_CONTEXT_RET_TIME      0x00000002
1174 #define KRB5_AUTH_CONTEXT_DO_SEQUENCE   0x00000004
1175 #define KRB5_AUTH_CONTEXT_RET_SEQUENCE  0x00000008
1176 #define KRB5_AUTH_CONTEXT_PERMIT_ALL	0x00000010
1177 #define	KRB5_AUTH_CONTEXT_USE_SUBKEY	0x00000020
1178 
1179 typedef struct krb5_replay_data {
1180     krb5_timestamp      timestamp;
1181     krb5_int32          usec;
1182     krb5_int32          seq;
1183 } krb5_replay_data;
1184 
1185 /* flags for krb5_auth_con_genaddrs() */
1186 #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR           0x00000001
1187 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR          0x00000002
1188 #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR      0x00000004
1189 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR     0x00000008
1190 
1191 /* type of function used as a callback to generate checksum data for
1192  * mk_req */
1193 
1194 typedef krb5_error_code
1195 (KRB5_CALLCONV * krb5_mk_req_checksum_func) (
1196 	krb5_context,
1197 	krb5_auth_context,
1198 	void *,
1199 	krb5_data **);
1200 
1201 
1202 /*
1203  * end "safepriv.h"
1204  */
1205 
1206 
1207 /*
1208  * begin "ccache.h"
1209  */
1210 
1211 typedef	krb5_pointer	krb5_cc_cursor;	/* cursor for sequential lookup */
1212 
1213 struct _krb5_ccache;
1214 typedef struct _krb5_ccache *krb5_ccache;
1215 struct _krb5_cc_ops;
1216 typedef struct _krb5_cc_ops krb5_cc_ops;
1217 
1218 /* for retrieve_cred */
1219 #define	KRB5_TC_MATCH_TIMES		0x00000001
1220 #define	KRB5_TC_MATCH_IS_SKEY		0x00000002
1221 #define	KRB5_TC_MATCH_FLAGS		0x00000004
1222 #define	KRB5_TC_MATCH_TIMES_EXACT	0x00000008
1223 #define	KRB5_TC_MATCH_FLAGS_EXACT	0x00000010
1224 #define	KRB5_TC_MATCH_AUTHDATA		0x00000020
1225 #define	KRB5_TC_MATCH_SRV_NAMEONLY	0x00000040
1226 #define	KRB5_TC_MATCH_2ND_TKT		0x00000080
1227 #define	KRB5_TC_MATCH_KTYPE		0x00000100
1228 #define KRB5_TC_SUPPORTED_KTYPES	0x00000200
1229 
1230 /* for set_flags and other functions */
1231 #define KRB5_TC_OPENCLOSE		0x00000001
1232 #define KRB5_TC_NOTICKET                0x00000002
1233 
1234 
1235 
1236 krb5_error_code KRB5_CALLCONV
1237 krb5_cc_gen_new (krb5_context context, krb5_ccache *cache);
1238 
1239 krb5_error_code KRB5_CALLCONV
1240 krb5_cc_initialize(krb5_context context, krb5_ccache cache,
1241                    krb5_principal principal);
1242 
1243 krb5_error_code KRB5_CALLCONV
1244 krb5_cc_destroy (krb5_context context, krb5_ccache cache);
1245 
1246 krb5_error_code KRB5_CALLCONV
1247 krb5_cc_close (krb5_context context, krb5_ccache cache);
1248 
1249 krb5_error_code KRB5_CALLCONV
1250 krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
1251                     krb5_creds *creds);
1252 
1253 krb5_error_code KRB5_CALLCONV
1254 krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache,
1255                        krb5_flags flags, krb5_creds *mcreds,
1256                        krb5_creds *creds);
1257 
1258 krb5_error_code KRB5_CALLCONV
1259 krb5_cc_get_principal (krb5_context context, krb5_ccache cache,
1260                        krb5_principal *principal);
1261 krb5_error_code KRB5_CALLCONV
1262 krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache,
1263                        krb5_cc_cursor *cursor);
1264 
1265 krb5_error_code KRB5_CALLCONV
1266 krb5_cc_next_cred (krb5_context context, krb5_ccache cache,
1267                    krb5_cc_cursor *cursor, krb5_creds *creds);
1268 
1269 krb5_error_code KRB5_CALLCONV
1270 krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache,
1271                      krb5_cc_cursor *cursor);
1272 
1273 krb5_error_code KRB5_CALLCONV
1274 krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags,
1275                      krb5_creds *creds);
1276 
1277 krb5_error_code KRB5_CALLCONV
1278 krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags);
1279 
1280 const char * KRB5_CALLCONV
1281 krb5_cc_get_type (krb5_context context, krb5_ccache cache);
1282 
1283 /* SUNW14resync - add_cred.c needs this func */
1284 const char * KRB5_CALLCONV
1285 krb5_cc_get_name (krb5_context context, krb5_ccache cache);
1286 
1287 /*
1288  * end "ccache.h"
1289  */
1290 
1291 /*
1292  * begin "rcache.h"
1293  */
1294 
1295 struct krb5_rc_st;
1296 typedef struct krb5_rc_st *krb5_rcache;
1297 
1298 /*
1299  * end "rcache.h"
1300  */
1301 
1302 /*
1303  * begin "keytab.h"
1304  */
1305 
1306 
1307 /* XXX */
1308 #define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */
1309 
1310 typedef krb5_pointer krb5_kt_cursor;	/* XXX */
1311 
1312 typedef struct krb5_keytab_entry_st {
1313     krb5_magic magic;
1314     krb5_principal principal;	/* principal of this key */
1315     krb5_timestamp timestamp;   /* time entry written to keytable */
1316     krb5_kvno vno;		/* key version number */
1317     krb5_keyblock key;		/* the secret key */
1318 } krb5_keytab_entry;
1319 
1320 #if KRB5_PRIVATE
1321 struct _krb5_kt_ops;
1322 typedef struct _krb5_kt {       /* should move into k5-int.h */
1323     krb5_magic magic;
1324     const struct _krb5_kt_ops *ops;
1325     krb5_pointer data;
1326 } *krb5_keytab;
1327 #else
1328 struct _krb5_kt;
1329 typedef struct _krb5_kt *krb5_keytab;
1330 #endif
1331 
1332 char * KRB5_CALLCONV
1333 krb5_kt_get_type (krb5_context, krb5_keytab keytab);
1334 krb5_error_code KRB5_CALLCONV
1335 krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name,
1336                  unsigned int namelen);
1337 krb5_error_code KRB5_CALLCONV
1338 krb5_kt_close(krb5_context context, krb5_keytab keytab);
1339 krb5_error_code KRB5_CALLCONV
1340 krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
1341                   krb5_const_principal principal, krb5_kvno vno,
1342                   krb5_enctype enctype, krb5_keytab_entry *entry);
1343 krb5_error_code KRB5_CALLCONV
1344 krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
1345                       krb5_kt_cursor *cursor);
1346 krb5_error_code KRB5_CALLCONV
1347 krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
1348                    krb5_keytab_entry *entry, krb5_kt_cursor *cursor);
1349 krb5_error_code KRB5_CALLCONV
1350 krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
1351                     krb5_kt_cursor *cursor);
1352 
1353 /*
1354  * end "keytab.h"
1355  */
1356 
1357 /*
1358  * begin "func-proto.h"
1359  */
1360 
1361 /* Solaris Kerberos */
1362 krb5_error_code krb5_init_ef_handle(krb5_context);
1363 krb5_error_code krb5_free_ef_handle(krb5_context);
1364 
1365 krb5_boolean krb5_privacy_allowed(void);
1366 
1367 /*
1368  * Solaris Kerberos:
1369  * krb5_copy_keyblock_data is a new routine to hide the details
1370  * of a keyblock copy operation.
1371  */
1372 krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_data
1373 	(krb5_context,
1374 		const krb5_keyblock *,
1375 		krb5_keyblock *);
1376 
1377 
1378 
1379 krb5_error_code KRB5_CALLCONV krb5_init_context
1380 	(krb5_context *);
1381 krb5_error_code KRB5_CALLCONV krb5_init_secure_context
1382 	(krb5_context *);
1383 void KRB5_CALLCONV krb5_free_context
1384 	(krb5_context);
1385 
1386 #if KRB5_PRIVATE
1387 krb5_error_code krb5_set_default_in_tkt_ktypes
1388 	(krb5_context,
1389 		const krb5_enctype *);
1390 krb5_error_code krb5_get_default_in_tkt_ktypes
1391 	(krb5_context,
1392 		krb5_enctype **);
1393 
1394 krb5_error_code krb5_set_default_tgs_ktypes
1395 	(krb5_context,
1396 		const krb5_enctype *);
1397 #endif
1398 
1399 krb5_error_code KRB5_CALLCONV
1400 krb5_set_default_tgs_enctypes
1401 	(krb5_context,
1402 		const krb5_enctype *);
1403 #if KRB5_PRIVATE
1404 krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes
1405 	(krb5_context,
1406 		krb5_const_principal,
1407 		krb5_enctype **);
1408 #endif
1409 
1410 krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes
1411 	(krb5_context, krb5_enctype **);
1412 
1413 #if KRB5_PRIVATE
1414 void KRB5_CALLCONV krb5_free_ktypes
1415 	(krb5_context, krb5_enctype *);
1416 
1417 krb5_boolean krb5_is_permitted_enctype
1418 	(krb5_context, krb5_enctype);
1419 #endif
1420 
1421 krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void);
1422 
1423 /* libkrb.spec */
1424 #if KRB5_PRIVATE
1425 krb5_error_code krb5_kdc_rep_decrypt_proc
1426 	(krb5_context,
1427 		const krb5_keyblock *,
1428 		krb5_const_pointer,
1429 		krb5_kdc_rep * );
1430 krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part
1431 	(krb5_context,
1432 		const krb5_keyblock *,
1433 		krb5_ticket * );
1434 krb5_error_code krb5_get_cred_from_kdc
1435 	(krb5_context,
1436 		krb5_ccache,		/* not const, as reading may save
1437 					   state */
1438 		krb5_creds *,
1439 		krb5_creds **,
1440 		krb5_creds *** );
1441 krb5_error_code krb5_get_cred_from_kdc_validate
1442 	(krb5_context,
1443 		krb5_ccache,		/* not const, as reading may save
1444 					   state */
1445 		krb5_creds *,
1446 		krb5_creds **,
1447 		krb5_creds *** );
1448 krb5_error_code krb5_get_cred_from_kdc_renew
1449 	(krb5_context,
1450 		krb5_ccache,		/* not const, as reading may save
1451 					   state */
1452 		krb5_creds *,
1453 		krb5_creds **,
1454 		krb5_creds *** );
1455 #endif
1456 
1457 void KRB5_CALLCONV krb5_free_tgt_creds
1458 	(krb5_context,
1459 	 krb5_creds **); /* XXX too hard to do with const */
1460 
1461 #define	KRB5_GC_USER_USER	1	/* want user-user ticket */
1462 #define	KRB5_GC_CACHED		2	/* want cached ticket only */
1463 
1464 krb5_error_code KRB5_CALLCONV krb5_get_credentials
1465 	(krb5_context,
1466 		krb5_flags,
1467 		krb5_ccache,
1468 		krb5_creds *,
1469 		krb5_creds **);
1470 krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate
1471 	(krb5_context,
1472 		krb5_flags,
1473 		krb5_ccache,
1474 		krb5_creds *,
1475 		krb5_creds **);
1476 krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew
1477 	(krb5_context,
1478 		krb5_flags,
1479 		krb5_ccache,
1480 		krb5_creds *,
1481 		krb5_creds **);
1482 #if KRB5_PRIVATE
1483 krb5_error_code krb5_get_cred_via_tkt
1484 	(krb5_context,
1485 		   krb5_creds *,
1486 		   krb5_flags,
1487 		   krb5_address * const *,
1488 		   krb5_creds *,
1489 		   krb5_creds **);
1490 #endif
1491 krb5_error_code KRB5_CALLCONV krb5_mk_req
1492 	(krb5_context,
1493 		krb5_auth_context *,
1494 		krb5_flags,
1495 		char *,
1496 		char *,
1497 		krb5_data *,
1498 		krb5_ccache,
1499 		krb5_data * );
1500 krb5_error_code KRB5_CALLCONV krb5_mk_req_extended
1501 	(krb5_context,
1502 		krb5_auth_context *,
1503 		krb5_flags,
1504 		krb5_data *,
1505 		krb5_creds *,
1506 		krb5_data * );
1507 krb5_error_code KRB5_CALLCONV krb5_mk_rep
1508 	(krb5_context,
1509 		krb5_auth_context,
1510 		krb5_data *);
1511 krb5_error_code KRB5_CALLCONV krb5_rd_rep
1512 	(krb5_context,
1513 		krb5_auth_context,
1514 		const krb5_data *,
1515 		krb5_ap_rep_enc_part **);
1516 krb5_error_code KRB5_CALLCONV krb5_mk_error
1517 	(krb5_context,
1518 		const krb5_error *,
1519 		krb5_data * );
1520 krb5_error_code KRB5_CALLCONV krb5_rd_error
1521 	(krb5_context,
1522 		const krb5_data *,
1523 		krb5_error ** );
1524 krb5_error_code KRB5_CALLCONV krb5_rd_safe
1525 	(krb5_context,
1526 		krb5_auth_context,
1527 		const krb5_data *,
1528 		krb5_data *,
1529 		krb5_replay_data *);
1530 krb5_error_code KRB5_CALLCONV krb5_rd_priv
1531 	(krb5_context,
1532 		krb5_auth_context,
1533 		const krb5_data *,
1534 		krb5_data *,
1535 		krb5_replay_data *);
1536 krb5_error_code KRB5_CALLCONV krb5_parse_name
1537 	(krb5_context,
1538 		const char *,
1539 		krb5_principal * );
1540 krb5_error_code KRB5_CALLCONV krb5_unparse_name
1541 	(krb5_context,
1542 		krb5_const_principal,
1543 		char ** );
1544 krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext
1545 	(krb5_context,
1546 		krb5_const_principal,
1547 		char **,
1548 		unsigned int *);
1549 
1550 krb5_error_code KRB5_CALLCONV krb5_set_principal_realm
1551 	(krb5_context, krb5_principal, const char *);
1552 
1553 krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search
1554 	(krb5_context,
1555 		const krb5_address *,
1556 		krb5_address * const *);
1557 krb5_boolean KRB5_CALLCONV krb5_address_compare
1558 	(krb5_context,
1559 		const krb5_address *,
1560 		const krb5_address *);
1561 int KRB5_CALLCONV krb5_address_order
1562 	(krb5_context,
1563 		const krb5_address *,
1564 		const krb5_address *);
1565 krb5_boolean KRB5_CALLCONV krb5_realm_compare
1566 	(krb5_context,
1567 		krb5_const_principal,
1568 		krb5_const_principal);
1569 krb5_boolean KRB5_CALLCONV krb5_principal_compare
1570 	(krb5_context,
1571 		krb5_const_principal,
1572 		krb5_const_principal);
1573 krb5_error_code KRB5_CALLCONV  krb5_init_keyblock
1574 		(krb5_context, krb5_enctype enctype,
1575 		size_t length, krb5_keyblock **out);
1576   		/* Initialize a new keyblock and allocate storage
1577 		 * for the contents of the key, which will be freed along
1578 		 * with the keyblock when krb5_free_keyblock is called.
1579 		 * It is legal to pass in a length of 0, in which
1580 		 * case contents are left unallocated.
1581 		 */
1582 
1583 /*
1584  * Solaris Kerberos
1585  * Start - keyblock API (MIT will ship this also in a future release)
1586  */
1587 /*
1588  * Similiar to krb5_init_keyblock but this routine expects the
1589  * keyblock to already be allocated.
1590  */
1591 krb5_error_code KRB5_CALLCONV krb5_init_allocated_keyblock
1592         (krb5_context,
1593 	        krb5_enctype,
1594 	        unsigned int,
1595                 krb5_keyblock *);
1596 
1597 krb5_enctype KRB5_CALLCONV krb5_get_key_enctype
1598         (krb5_keyblock *);
1599 
1600 unsigned int KRB5_CALLCONV krb5_get_key_length
1601         (krb5_keyblock *);
1602 
1603 krb5_octet KRB5_CALLCONV *krb5_get_key_data
1604         (krb5_keyblock *);
1605 
1606 void KRB5_CALLCONV krb5_set_key_enctype
1607         (krb5_keyblock *,
1608                  krb5_enctype);
1609 
1610 void KRB5_CALLCONV krb5_set_key_data
1611         (krb5_keyblock *,
1612                  krb5_octet *);
1613 
1614 void KRB5_CALLCONV krb5_set_key_length
1615         (krb5_keyblock *,
1616                  unsigned int);
1617 /*
1618  * Solaris Kerberos
1619  * End - keyblock API
1620  */
1621 
1622 krb5_error_code KRB5_CALLCONV krb5_copy_keyblock
1623 	(krb5_context,
1624 		const krb5_keyblock *,
1625 		krb5_keyblock **);
1626 krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents
1627 	(krb5_context,
1628 		const krb5_keyblock *,
1629 		krb5_keyblock *);
1630 krb5_error_code KRB5_CALLCONV krb5_copy_creds
1631 	(krb5_context,
1632 		const krb5_creds *,
1633 		krb5_creds **);
1634 krb5_error_code KRB5_CALLCONV krb5_copy_data
1635 	(krb5_context,
1636 		const krb5_data *,
1637 		krb5_data **);
1638 krb5_error_code KRB5_CALLCONV krb5_copy_principal
1639 	(krb5_context,
1640 		krb5_const_principal,
1641 		krb5_principal *);
1642 #if KRB5_PRIVATE
1643 krb5_error_code KRB5_CALLCONV krb5_copy_addr
1644 	(krb5_context,
1645 		const krb5_address *,
1646 		krb5_address **);
1647 #endif
1648 krb5_error_code KRB5_CALLCONV krb5_copy_addresses
1649 	(krb5_context,
1650 		krb5_address * const *,
1651 		krb5_address ***);
1652 krb5_error_code KRB5_CALLCONV krb5_copy_ticket
1653 	(krb5_context,
1654 		const krb5_ticket *,
1655 		krb5_ticket **);
1656 krb5_error_code KRB5_CALLCONV krb5_copy_authdata
1657 	(krb5_context,
1658 		krb5_authdata * const *,
1659 		krb5_authdata ***);
1660 krb5_error_code KRB5_CALLCONV krb5_copy_authenticator
1661 	(krb5_context,
1662 		const krb5_authenticator *,
1663 		krb5_authenticator **);
1664 krb5_error_code KRB5_CALLCONV krb5_copy_checksum
1665 	(krb5_context,
1666 		const krb5_checksum *,
1667 		krb5_checksum **);
1668 #if KRB5_PRIVATE
1669 void krb5_init_ets
1670 	(krb5_context);
1671 void krb5_free_ets
1672 	(krb5_context);
1673 krb5_error_code krb5_generate_subkey
1674 	(krb5_context,
1675 		const krb5_keyblock *, krb5_keyblock **);
1676 krb5_error_code krb5_generate_seq_number
1677 	(krb5_context,
1678 		const krb5_keyblock *, krb5_ui_4 *);
1679 #endif
1680 krb5_error_code KRB5_CALLCONV krb5_get_server_rcache
1681 	(krb5_context,
1682 		const krb5_data *, krb5_rcache *);
1683 krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext
1684 	(krb5_context, krb5_principal *, unsigned int, const char *, ...);
1685 krb5_error_code KRB5_CALLCONV_C krb5_build_principal
1686 	(krb5_context, krb5_principal *, unsigned int, const char *, ...);
1687 #ifdef va_start
1688 /* XXX depending on varargs include file defining va_start... */
1689 krb5_error_code KRB5_CALLCONV krb5_build_principal_va
1690 	(krb5_context,
1691 		krb5_principal, unsigned int, const char *, va_list);
1692 #endif
1693 
1694 krb5_error_code KRB5_CALLCONV krb5_425_conv_principal
1695 	(krb5_context,
1696 		const char *name,
1697 		const char *instance, const char *realm,
1698 		krb5_principal *princ);
1699 
1700 krb5_error_code KRB5_CALLCONV krb5_524_conv_principal
1701 	(krb5_context context, krb5_const_principal princ,
1702 		char *name, char *inst, char *realm);
1703 
1704 struct credentials;
1705 int KRB5_CALLCONV krb5_524_convert_creds
1706 	(krb5_context context, krb5_creds *v5creds,
1707 	 struct credentials *v4creds);
1708 #if KRB5_DEPRECATED
1709 #define krb524_convert_creds_kdc krb5_524_convert_creds
1710 #define krb524_init_ets(x) (0)
1711 #endif
1712 
1713 /* libkt.spec */
1714 #if KRB5_PRIVATE
1715 krb5_error_code KRB5_CALLCONV krb5_kt_register
1716 	(krb5_context,
1717 		const struct _krb5_kt_ops * );
1718 #endif
1719 
1720 krb5_error_code KRB5_CALLCONV krb5_kt_resolve
1721 	(krb5_context,
1722 		const char *,
1723 		krb5_keytab * );
1724 krb5_error_code KRB5_CALLCONV krb5_kt_default_name
1725 	(krb5_context,
1726 		char *,
1727 		int );
1728 krb5_error_code KRB5_CALLCONV krb5_kt_default
1729 	(krb5_context,
1730 		krb5_keytab * );
1731 krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents
1732 	(krb5_context,
1733 		krb5_keytab_entry * );
1734 #if KRB5_PRIVATE
1735 /* use krb5_free_keytab_entry_contents instead */
1736 krb5_error_code KRB5_CALLCONV krb5_kt_free_entry
1737 	(krb5_context,
1738 		krb5_keytab_entry * );
1739 #endif
1740 /* remove and add are functions, so that they can return NOWRITE
1741    if not a writable keytab */
1742 krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry
1743 	(krb5_context,
1744 		krb5_keytab,
1745 		krb5_keytab_entry * );
1746 krb5_error_code KRB5_CALLCONV krb5_kt_add_entry
1747 	(krb5_context,
1748 		krb5_keytab,
1749 		krb5_keytab_entry * );
1750 krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt
1751 	(krb5_context,
1752 		krb5_const_principal, krb5_data *);
1753 #if KRB5_PRIVATE
1754 krb5_error_code krb5_principal2salt_norealm
1755 	(krb5_context,
1756 		krb5_const_principal, krb5_data *);
1757 #endif
1758 /* librc.spec--see rcache.h */
1759 
1760 /* libcc.spec */
1761 krb5_error_code KRB5_CALLCONV krb5_cc_resolve
1762 	(krb5_context,
1763 		const char *,
1764 		krb5_ccache * );
1765 const char * KRB5_CALLCONV krb5_cc_default_name
1766 	(krb5_context);
1767 krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name
1768 	(krb5_context, const char *);
1769 krb5_error_code KRB5_CALLCONV krb5_cc_default
1770 	(krb5_context,
1771 		krb5_ccache *);
1772 #if KRB5_PRIVATE
1773 unsigned int KRB5_CALLCONV krb5_get_notification_message
1774 	(void);
1775 #endif
1776 
1777 krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds
1778 	(krb5_context context,
1779 			krb5_ccache incc,
1780 			krb5_ccache outcc);
1781 
1782 
1783 /* chk_trans.c */
1784 #if KRB5_PRIVATE
1785 krb5_error_code krb5_check_transited_list
1786 	(krb5_context, const krb5_data *trans,
1787 	 const krb5_data *realm1, const krb5_data *realm2);
1788 #endif
1789 
1790 /* free_rtree.c */
1791 #if KRB5_PRIVATE
1792 void krb5_free_realm_tree
1793 	(krb5_context,
1794 		krb5_principal *);
1795 #endif
1796 
1797 /* krb5_free.c */
1798 void KRB5_CALLCONV krb5_free_principal
1799 	(krb5_context, krb5_principal );
1800 void KRB5_CALLCONV krb5_free_authenticator
1801 	(krb5_context, krb5_authenticator * );
1802 #if KRB5_PRIVATE
1803 void KRB5_CALLCONV krb5_free_authenticator_contents
1804 	(krb5_context, krb5_authenticator * );
1805 #endif
1806 void KRB5_CALLCONV krb5_free_addresses
1807 	(krb5_context, krb5_address ** );
1808 #if KRB5_PRIVATE
1809 void KRB5_CALLCONV krb5_free_address
1810 	(krb5_context, krb5_address * );
1811 #endif
1812 void KRB5_CALLCONV krb5_free_authdata
1813 	(krb5_context, krb5_authdata ** );
1814 #if KRB5_PRIVATE
1815 void KRB5_CALLCONV krb5_free_enc_tkt_part
1816 	(krb5_context, krb5_enc_tkt_part * );
1817 #endif
1818 void KRB5_CALLCONV krb5_free_ticket
1819 	(krb5_context, krb5_ticket * );
1820 #if KRB5_PRIVATE
1821 void KRB5_CALLCONV krb5_free_tickets
1822 	(krb5_context, krb5_ticket ** );
1823 void KRB5_CALLCONV krb5_free_kdc_req
1824 	(krb5_context, krb5_kdc_req * );
1825 void KRB5_CALLCONV krb5_free_kdc_rep
1826 	(krb5_context, krb5_kdc_rep * );
1827 void KRB5_CALLCONV krb5_free_last_req
1828 	(krb5_context, krb5_last_req_entry ** );
1829 void KRB5_CALLCONV krb5_free_enc_kdc_rep_part
1830 	(krb5_context, krb5_enc_kdc_rep_part * );
1831 #endif
1832 void KRB5_CALLCONV krb5_free_error
1833 	(krb5_context, krb5_error * );
1834 #if KRB5_PRIVATE
1835 void KRB5_CALLCONV krb5_free_ap_req
1836 	(krb5_context, krb5_ap_req * );
1837 void KRB5_CALLCONV krb5_free_ap_rep
1838 	(krb5_context, krb5_ap_rep * );
1839 void KRB5_CALLCONV krb5_free_cred
1840 	(krb5_context, krb5_cred *);
1841 #endif
1842 void KRB5_CALLCONV krb5_free_creds
1843 	(krb5_context, krb5_creds *);
1844 void KRB5_CALLCONV krb5_free_cred_contents
1845 	(krb5_context, krb5_creds *);
1846 #if KRB5_PRIVATE
1847 void KRB5_CALLCONV krb5_free_cred_enc_part
1848 	(krb5_context, krb5_cred_enc_part *);
1849 #endif
1850 void KRB5_CALLCONV krb5_free_checksum
1851 	(krb5_context, krb5_checksum *);
1852 void KRB5_CALLCONV krb5_free_checksum_contents
1853 	(krb5_context, krb5_checksum *);
1854 void KRB5_CALLCONV krb5_free_keyblock
1855 	(krb5_context, krb5_keyblock *);
1856 void KRB5_CALLCONV krb5_free_keyblock_contents
1857 	(krb5_context, krb5_keyblock *);
1858 #if KRB5_PRIVATE
1859 void KRB5_CALLCONV krb5_free_pa_data
1860 	(krb5_context, krb5_pa_data **);
1861 #endif
1862 void KRB5_CALLCONV krb5_free_ap_rep_enc_part
1863 	(krb5_context, krb5_ap_rep_enc_part *);
1864 #if KRB5_PRIVATE
1865 void KRB5_CALLCONV krb5_free_tkt_authent
1866 	(krb5_context, krb5_tkt_authent *);
1867 void KRB5_CALLCONV krb5_free_pwd_data
1868 	(krb5_context, krb5_pwd_data *);
1869 void KRB5_CALLCONV krb5_free_pwd_sequences
1870 	(krb5_context, passwd_phrase_element **);
1871 #endif
1872 void KRB5_CALLCONV krb5_free_data
1873 	(krb5_context, krb5_data *);
1874 void KRB5_CALLCONV krb5_free_data_contents
1875 	(krb5_context, krb5_data *);
1876 void KRB5_CALLCONV krb5_free_unparsed_name
1877 	(krb5_context, char *);
1878 void KRB5_CALLCONV krb5_free_cksumtypes
1879 	(krb5_context, krb5_cksumtype *);
1880 
1881 /* From krb5/os but needed but by the outside world */
1882 krb5_error_code KRB5_CALLCONV krb5_us_timeofday
1883 	(krb5_context,
1884 		krb5_int32 *,
1885 		krb5_int32 * );
1886 krb5_error_code KRB5_CALLCONV krb5_timeofday
1887 	(krb5_context,
1888 		krb5_int32 * );
1889 		 /* get all the addresses of this host */
1890 krb5_error_code KRB5_CALLCONV krb5_os_localaddr
1891 	(krb5_context,
1892 		krb5_address ***);
1893 krb5_error_code KRB5_CALLCONV krb5_get_default_realm
1894 	(krb5_context,
1895 		 char ** );
1896 krb5_error_code KRB5_CALLCONV krb5_set_default_realm
1897 	(krb5_context,
1898 		   const char * );
1899 void KRB5_CALLCONV krb5_free_default_realm
1900 	(krb5_context,
1901 		   char * );
1902 krb5_error_code KRB5_CALLCONV krb5_sname_to_principal
1903 	(krb5_context,
1904 		const char *,
1905 		   const char *,
1906 		   krb5_int32,
1907 		   krb5_principal *);
1908 krb5_error_code KRB5_CALLCONV
1909 krb5_change_password
1910 	(krb5_context context, krb5_creds *creds, char *newpw,
1911 			int *result_code, krb5_data *result_code_string,
1912 			krb5_data *result_string);
1913 krb5_error_code KRB5_CALLCONV
1914 krb5_set_password
1915 	(krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for,
1916 			int *result_code, krb5_data *result_code_string, krb5_data *result_string);
1917 krb5_error_code KRB5_CALLCONV
1918 krb5_set_password_using_ccache
1919 	(krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for,
1920 			int *result_code, krb5_data *result_code_string, krb5_data *result_string);
1921 
1922 #if KRB5_PRIVATE
1923 krb5_error_code krb5_set_config_files
1924 	(krb5_context, const char **);
1925 
1926 krb5_error_code KRB5_CALLCONV krb5_get_default_config_files
1927 	(char ***filenames);
1928 
1929 void KRB5_CALLCONV krb5_free_config_files
1930 	(char **filenames);
1931 #endif
1932 
1933 krb5_error_code KRB5_CALLCONV
1934 krb5_get_profile
1935 	(krb5_context, struct _profile_t * /* profile_t */ *);
1936 
1937 #if KRB5_PRIVATE
1938 krb5_error_code krb5_send_tgs
1939 	(krb5_context,
1940 		krb5_flags,
1941 		const krb5_ticket_times *,
1942 		const krb5_enctype *,
1943 		krb5_const_principal,
1944 		krb5_address * const *,
1945 		krb5_authdata * const *,
1946 		krb5_pa_data * const *,
1947 		const krb5_data *,
1948 		krb5_creds *,
1949 		krb5_response * );
1950 #endif
1951 
1952 #if KRB5_DEPRECATED
1953 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt
1954 	(krb5_context,
1955 		krb5_flags,
1956 		krb5_address * const *,
1957 		krb5_enctype *,
1958 		krb5_preauthtype *,
1959 		krb5_error_code ( * )(krb5_context,
1960 					krb5_enctype,
1961 					krb5_data *,
1962 					krb5_const_pointer,
1963 					krb5_keyblock **),
1964 		krb5_const_pointer,
1965 		krb5_error_code ( * )(krb5_context,
1966 					const krb5_keyblock *,
1967 					krb5_const_pointer,
1968 					krb5_kdc_rep * ),
1969 		krb5_const_pointer,
1970 		krb5_creds *,
1971 		krb5_ccache,
1972 		krb5_kdc_rep ** );
1973 
1974 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password
1975 	(krb5_context,
1976 		krb5_flags,
1977 		krb5_address * const *,
1978 		krb5_enctype *,
1979 		krb5_preauthtype *,
1980 		const char *,
1981 		krb5_ccache,
1982 		krb5_creds *,
1983 		krb5_kdc_rep ** );
1984 
1985 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey
1986 	(krb5_context,
1987 		krb5_flags,
1988 		krb5_address * const *,
1989 		krb5_enctype *,
1990 		krb5_preauthtype *,
1991 		const krb5_keyblock *,
1992 		krb5_ccache,
1993 		krb5_creds *,
1994 		krb5_kdc_rep ** );
1995 
1996 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab
1997 	(krb5_context,
1998 		krb5_flags,
1999 		krb5_address * const *,
2000 		krb5_enctype *,
2001 		krb5_preauthtype *,
2002 		krb5_keytab,
2003 		krb5_ccache,
2004 		krb5_creds *,
2005 		krb5_kdc_rep ** );
2006 #endif /* KRB5_DEPRECATED */
2007 
2008 #if KRB5_PRIVATE
2009 krb5_error_code krb5_decode_kdc_rep
2010 	(krb5_context,
2011 		krb5_data *,
2012 		const krb5_keyblock *,
2013 		krb5_kdc_rep ** );
2014 #endif
2015 
2016 krb5_error_code KRB5_CALLCONV krb5_rd_req
2017 	(krb5_context,
2018 		krb5_auth_context *,
2019 		const krb5_data *,
2020 		krb5_const_principal,
2021 		krb5_keytab,
2022 		krb5_flags *,
2023 		krb5_ticket **);
2024 
2025 #if KRB5_PRIVATE
2026 krb5_error_code krb5_rd_req_decoded
2027 	(krb5_context,
2028 		krb5_auth_context *,
2029 		const krb5_ap_req *,
2030 		krb5_const_principal,
2031 		krb5_keytab,
2032 		krb5_flags *,
2033 		krb5_ticket **);
2034 
2035 krb5_error_code krb5_rd_req_decoded_anyflag
2036 	(krb5_context,
2037 		krb5_auth_context *,
2038 		const krb5_ap_req *,
2039 		krb5_const_principal,
2040 		krb5_keytab,
2041 		krb5_flags *,
2042 		krb5_ticket **);
2043 #endif
2044 
2045 krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key
2046 	(krb5_context,
2047 		krb5_pointer,
2048 		krb5_principal,
2049 		krb5_kvno,
2050 		krb5_enctype,
2051 		krb5_keyblock **);
2052 krb5_error_code KRB5_CALLCONV krb5_mk_safe
2053 	(krb5_context,
2054 		krb5_auth_context,
2055 		const krb5_data *,
2056 		krb5_data *,
2057 		krb5_replay_data *);
2058 krb5_error_code KRB5_CALLCONV krb5_mk_priv
2059 	(krb5_context,
2060 		krb5_auth_context,
2061 		const krb5_data *,
2062 		krb5_data *,
2063 		krb5_replay_data *);
2064 #if KRB5_PRIVATE
2065 krb5_error_code KRB5_CALLCONV krb5_cc_register
2066 	(krb5_context,
2067 		krb5_cc_ops *,
2068 		krb5_boolean );
2069 #endif
2070 
2071 krb5_error_code KRB5_CALLCONV krb5_sendauth
2072 	(krb5_context,
2073 		krb5_auth_context *,
2074 		krb5_pointer,
2075 		char *,
2076 		krb5_principal,
2077 		krb5_principal,
2078 		krb5_flags,
2079 		krb5_data *,
2080 		krb5_creds *,
2081 		krb5_ccache,
2082 		krb5_error **,
2083 		krb5_ap_rep_enc_part **,
2084 		krb5_creds **);
2085 
2086 krb5_error_code KRB5_CALLCONV krb5_recvauth
2087 	(krb5_context,
2088 		krb5_auth_context *,
2089 		krb5_pointer,
2090 		char *,
2091 		krb5_principal,
2092 		krb5_int32,
2093 		krb5_keytab,
2094 		krb5_ticket **);
2095 krb5_error_code KRB5_CALLCONV krb5_recvauth_version
2096 	(krb5_context,
2097 		krb5_auth_context *,
2098 		krb5_pointer,
2099 		krb5_principal,
2100 		krb5_int32,
2101 		krb5_keytab,
2102 		krb5_ticket **,
2103 		krb5_data *);
2104 
2105 #if KRB5_PRIVATE
2106 krb5_error_code krb5_walk_realm_tree
2107 	(krb5_context,
2108 		const krb5_data *,
2109 		const krb5_data *,
2110 		krb5_principal **,
2111 		int);
2112 #endif
2113 
2114 krb5_error_code KRB5_CALLCONV krb5_mk_ncred
2115 	(krb5_context,
2116 		krb5_auth_context,
2117 		krb5_creds **,
2118 		krb5_data **,
2119 		krb5_replay_data *);
2120 
2121 krb5_error_code KRB5_CALLCONV krb5_mk_1cred
2122 	(krb5_context,
2123 		krb5_auth_context,
2124 		krb5_creds *,
2125 		krb5_data **,
2126 		krb5_replay_data *);
2127 
2128 krb5_error_code KRB5_CALLCONV krb5_rd_cred
2129 	(krb5_context,
2130 		krb5_auth_context,
2131 		krb5_data *,
2132 		krb5_creds ***,
2133 		krb5_replay_data *);
2134 
2135 krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds
2136 	(krb5_context,
2137 		krb5_auth_context,
2138 		char *,
2139 		krb5_principal,
2140 		krb5_principal,
2141 		krb5_ccache,
2142 		int forwardable,
2143 		krb5_data *);
2144 
2145 krb5_error_code KRB5_CALLCONV krb5_auth_con_init
2146 	(krb5_context,
2147 		krb5_auth_context *);
2148 
2149 krb5_error_code KRB5_CALLCONV krb5_auth_con_free
2150 	(krb5_context,
2151 		krb5_auth_context);
2152 
2153 krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags
2154 	(krb5_context,
2155 		krb5_auth_context,
2156 		krb5_int32);
2157 
2158 krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags
2159 	(krb5_context,
2160 		krb5_auth_context,
2161 		krb5_int32 *);
2162 
2163 krb5_error_code KRB5_CALLCONV
2164 krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context,
2165 				 krb5_mk_req_checksum_func, void *);
2166 
2167 krb5_error_code KRB5_CALLCONV
2168 krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context,
2169 				 krb5_mk_req_checksum_func *, void **);
2170 
2171 krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs
2172 	(krb5_context,
2173 		krb5_auth_context,
2174 		krb5_address *,
2175 		krb5_address *);
2176 
2177 krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs
2178 	(krb5_context,
2179 		krb5_auth_context,
2180 		krb5_address **,
2181 		krb5_address **);
2182 
2183 krb5_error_code KRB5_CALLCONV krb5_auth_con_setports
2184 	(krb5_context,
2185 		krb5_auth_context,
2186 		krb5_address *,
2187 		krb5_address *);
2188 
2189 krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey
2190 	(krb5_context,
2191 		krb5_auth_context,
2192 		krb5_keyblock *);
2193 
2194 krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey
2195 	(krb5_context,
2196 		krb5_auth_context,
2197 		krb5_keyblock **);
2198 
2199 krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey(
2200     krb5_context, krb5_auth_context, krb5_keyblock **);
2201 
2202 krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey(
2203     krb5_context, krb5_auth_context, krb5_keyblock **);
2204 
2205 krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey(
2206     krb5_context, krb5_auth_context, krb5_keyblock *);
2207 
2208 krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey(
2209     krb5_context, krb5_auth_context, krb5_keyblock *);
2210 
2211 #if KRB5_DEPRECATED
2212 krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey
2213 	(krb5_context,
2214 		krb5_auth_context,
2215 		krb5_keyblock **);
2216 
2217 krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey
2218 	(krb5_context,
2219 		krb5_auth_context,
2220 		krb5_keyblock **);
2221 #endif
2222 
2223 #if KRB5_PRIVATE
2224 krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype
2225 	(krb5_context,
2226 		krb5_auth_context,
2227 		krb5_cksumtype);
2228 
2229 krb5_error_code krb5_auth_con_set_safe_cksumtype
2230 	(krb5_context,
2231 		krb5_auth_context,
2232 		krb5_cksumtype);
2233 #endif
2234 
2235 krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber
2236 	(krb5_context,
2237 		krb5_auth_context,
2238 		krb5_int32 *);
2239 
2240 krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber
2241 	(krb5_context,
2242 		krb5_auth_context,
2243 		krb5_int32 *);
2244 
2245 #if KRB5_DEPRECATED
2246 krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector
2247 	(krb5_context,
2248 		krb5_auth_context);
2249 #endif
2250 
2251 #if KRB5_PRIVATE
2252 krb5_error_code krb5_auth_con_setivector
2253 	(krb5_context,
2254 		krb5_auth_context,
2255 		krb5_pointer);
2256 
2257 krb5_error_code krb5_auth_con_getivector
2258 	(krb5_context,
2259 		krb5_auth_context,
2260 		krb5_pointer *);
2261 #endif
2262 
2263 krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache
2264 	(krb5_context,
2265 		krb5_auth_context,
2266 		krb5_rcache);
2267 
2268 krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache
2269 	(krb5_context,
2270 		krb5_auth_context,
2271 		krb5_rcache *);
2272 
2273 #if KRB5_PRIVATE
2274 krb5_error_code krb5_auth_con_setpermetypes
2275 	(krb5_context,
2276 	    krb5_auth_context,
2277 	    const krb5_enctype *);
2278 
2279 krb5_error_code krb5_auth_con_getpermetypes
2280 	(krb5_context,
2281 	    krb5_auth_context,
2282 	    krb5_enctype **);
2283 #endif
2284 
2285 krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator
2286 	(krb5_context,
2287 		krb5_auth_context,
2288 		krb5_authenticator **);
2289 
2290 #define KRB5_REALM_BRANCH_CHAR '.'
2291 
2292 /*
2293  * end "func-proto.h"
2294  */
2295 
2296 /*
2297  * begin stuff from libos.h
2298  */
2299 
2300 
2301 #if KRB5_PRIVATE
2302 krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *);
2303 krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *);
2304 int krb5_net_read (krb5_context, int , char *, int);
2305 int krb5_net_write (krb5_context, int , const char *, int);
2306 #endif
2307 
2308 krb5_error_code KRB5_CALLCONV krb5_read_password
2309 	(krb5_context,
2310 		const char *,
2311 		const char *,
2312 		char *,
2313 		unsigned int * );
2314 krb5_error_code KRB5_CALLCONV krb5_aname_to_localname
2315 	(krb5_context,
2316 		krb5_const_principal,
2317 		int,
2318 		char * );
2319 krb5_error_code KRB5_CALLCONV krb5_get_host_realm
2320 	(krb5_context,
2321 		const char *,
2322 		char *** );
2323 krb5_error_code KRB5_CALLCONV krb5_free_host_realm
2324 	(krb5_context,
2325 		char * const * );
2326 #if KRB5_PRIVATE
2327 krb5_error_code KRB5_CALLCONV krb5_get_realm_domain
2328 	(krb5_context,
2329 		const char *,
2330 		char ** );
2331 #endif
2332 krb5_boolean KRB5_CALLCONV krb5_kuserok
2333 	(krb5_context,
2334 		krb5_principal, const char *);
2335 krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs
2336 	(krb5_context,
2337 		krb5_auth_context,
2338 		int, int);
2339 #if KRB5_PRIVATE
2340 krb5_error_code krb5_gen_portaddr
2341 	(krb5_context,
2342 		const krb5_address *,
2343 		krb5_const_pointer,
2344 		krb5_address **);
2345 krb5_error_code krb5_gen_replay_name
2346 	(krb5_context,
2347 		const krb5_address *,
2348 		const char *,
2349 		char **);
2350 krb5_error_code krb5_make_fulladdr
2351 	(krb5_context,
2352 		krb5_address *,
2353 		krb5_address *,
2354 		krb5_address *);
2355 #endif
2356 
2357 krb5_error_code KRB5_CALLCONV krb5_set_real_time
2358 	(krb5_context, krb5_int32, krb5_int32);
2359 
2360 #if KRB5_PRIVATE
2361 krb5_error_code krb5_set_debugging_time
2362 	(krb5_context, krb5_int32, krb5_int32);
2363 krb5_error_code krb5_use_natural_time
2364 	(krb5_context);
2365 #endif
2366 krb5_error_code KRB5_CALLCONV krb5_get_time_offsets
2367 	(krb5_context, krb5_int32 *, krb5_int32 *);
2368 #if KRB5_PRIVATE
2369 krb5_error_code krb5_set_time_offsets
2370 	(krb5_context, krb5_int32, krb5_int32);
2371 #endif
2372 
2373 /* str_conv.c */
2374 krb5_error_code KRB5_CALLCONV krb5_string_to_enctype
2375 	(char *, krb5_enctype *);
2376 krb5_error_code KRB5_CALLCONV krb5_string_to_salttype
2377 	(char *, krb5_int32 *);
2378 krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype
2379 	(char *, krb5_cksumtype *);
2380 krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp
2381 	(char *, krb5_timestamp *);
2382 krb5_error_code KRB5_CALLCONV krb5_string_to_deltat
2383 	(char *, krb5_deltat *);
2384 krb5_error_code KRB5_CALLCONV krb5_enctype_to_string
2385 	(krb5_enctype, char *, size_t);
2386 krb5_error_code KRB5_CALLCONV krb5_salttype_to_string
2387 	(krb5_int32, char *, size_t);
2388 krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string
2389 	(krb5_cksumtype, char *, size_t);
2390 krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string
2391 	(krb5_timestamp, char *, size_t);
2392 krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring
2393 	(krb5_timestamp, char *, size_t, char *);
2394 krb5_error_code KRB5_CALLCONV krb5_deltat_to_string
2395 	(krb5_deltat, char *, size_t);
2396 
2397 
2398 /*
2399  * end stuff from libos.h
2400  */
2401 
2402 /*
2403  * begin "k5-free.h"
2404  */
2405 
2406 /* to keep lint happy */
2407 #ifdef _KERNEL
2408 #define krb5_xfree_wrap(val,n) kmem_free((char *)(val),n)
2409 #else
2410 #define krb5_xfree_wrap(val,n) free((char *)(val))
2411 #define krb5_xfree(val) free((char *)(val))
2412 #endif
2413 
2414 /*
2415  * end "k5-free.h"
2416  */
2417 
2418 /* The name of the Kerberos ticket granting service... and its size */
2419 #define	KRB5_TGS_NAME		"krbtgt"
2420 #define KRB5_TGS_NAME_SIZE	6
2421 
2422 /* flags for recvauth */
2423 #define KRB5_RECVAUTH_SKIP_VERSION	0x0001
2424 #define KRB5_RECVAUTH_BADAUTHVERS	0x0002
2425 
2426 /* initial ticket api functions */
2427 
2428 typedef struct _krb5_prompt {
2429     char *prompt;
2430     int hidden;
2431     krb5_data *reply;
2432 } krb5_prompt;
2433 
2434 typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context,
2435 					     void *data,
2436 					     const char *name,
2437 					     const char *banner,
2438 					     int num_prompts,
2439 					     krb5_prompt prompts[]);
2440 
2441 
2442 krb5_error_code KRB5_CALLCONV
2443 krb5_prompter_posix
2444     (krb5_context context,
2445 		void *data,
2446 		const char *name,
2447 		const char *banner,
2448 		int num_prompts,
2449 		krb5_prompt prompts[]);
2450 
2451 typedef struct _krb5_get_init_creds_opt {
2452     krb5_flags flags;
2453     krb5_deltat tkt_life;
2454     krb5_deltat renew_life;
2455     int forwardable;
2456     int proxiable;
2457     krb5_enctype *etype_list;
2458     int etype_list_length;
2459     krb5_address **address_list;
2460     krb5_preauthtype *preauth_list;
2461     int preauth_list_length;
2462     krb5_data *salt;
2463 } krb5_get_init_creds_opt;
2464 
2465 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE	0x0001
2466 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE	0x0002
2467 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE	0x0004
2468 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE	0x0008
2469 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST	0x0010
2470 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST	0x0020
2471 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST	0x0040
2472 #define KRB5_GET_INIT_CREDS_OPT_SALT		0x0080
2473 
2474 void KRB5_CALLCONV
2475 krb5_get_init_creds_opt_init
2476 (krb5_get_init_creds_opt *opt);
2477 
2478 void KRB5_CALLCONV
2479 krb5_get_init_creds_opt_set_tkt_life
2480 (krb5_get_init_creds_opt *opt,
2481 		krb5_deltat tkt_life);
2482 
2483 void KRB5_CALLCONV
2484 krb5_get_init_creds_opt_set_renew_life
2485 (krb5_get_init_creds_opt *opt,
2486 		krb5_deltat renew_life);
2487 
2488 void KRB5_CALLCONV
2489 krb5_get_init_creds_opt_set_forwardable
2490 (krb5_get_init_creds_opt *opt,
2491 		int forwardable);
2492 
2493 void KRB5_CALLCONV
2494 krb5_get_init_creds_opt_set_proxiable
2495 (krb5_get_init_creds_opt *opt,
2496 		int proxiable);
2497 
2498 void KRB5_CALLCONV
2499 krb5_get_init_creds_opt_set_etype_list
2500 (krb5_get_init_creds_opt *opt,
2501 		krb5_enctype *etype_list,
2502 		int etype_list_length);
2503 
2504 void KRB5_CALLCONV
2505 krb5_get_init_creds_opt_set_address_list
2506 (krb5_get_init_creds_opt *opt,
2507 		krb5_address **addresses);
2508 
2509 void KRB5_CALLCONV
2510 krb5_get_init_creds_opt_set_preauth_list
2511 (krb5_get_init_creds_opt *opt,
2512 		krb5_preauthtype *preauth_list,
2513 		int preauth_list_length);
2514 
2515 void KRB5_CALLCONV
2516 krb5_get_init_creds_opt_set_salt
2517 (krb5_get_init_creds_opt *opt,
2518 		krb5_data *salt);
2519 
2520 
2521 
2522 krb5_error_code KRB5_CALLCONV
2523 krb5_get_init_creds_password
2524 (krb5_context context,
2525 		krb5_creds *creds,
2526 		krb5_principal client,
2527 		char *password,
2528 		krb5_prompter_fct prompter,
2529 		void *data,
2530 		krb5_deltat start_time,
2531 		char *in_tkt_service,
2532 		krb5_get_init_creds_opt *k5_gic_options);
2533 
2534 krb5_error_code KRB5_CALLCONV
2535 krb5_get_init_creds_keytab
2536 (krb5_context context,
2537 		krb5_creds *creds,
2538 		krb5_principal client,
2539 		krb5_keytab arg_keytab,
2540 		krb5_deltat start_time,
2541 		char *in_tkt_service,
2542 		krb5_get_init_creds_opt *k5_gic_options);
2543 
2544 typedef struct _krb5_verify_init_creds_opt {
2545     krb5_flags flags;
2546     int ap_req_nofail;
2547 } krb5_verify_init_creds_opt;
2548 
2549 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
2550 
2551 void KRB5_CALLCONV
2552 krb5_verify_init_creds_opt_init
2553 (krb5_verify_init_creds_opt *k5_vic_options);
2554 void KRB5_CALLCONV
2555 krb5_verify_init_creds_opt_set_ap_req_nofail
2556 (krb5_verify_init_creds_opt *k5_vic_options,
2557 		int ap_req_nofail);
2558 
2559 krb5_error_code KRB5_CALLCONV
2560 krb5_verify_init_creds
2561 (krb5_context context,
2562 		krb5_creds *creds,
2563 		krb5_principal ap_req_server,
2564 		krb5_keytab ap_req_keytab,
2565 		krb5_ccache *ccache,
2566 		krb5_verify_init_creds_opt *k5_vic_options);
2567 
2568 krb5_error_code KRB5_CALLCONV
2569 krb5_get_validated_creds
2570 (krb5_context context,
2571 		krb5_creds *creds,
2572 		krb5_principal client,
2573 		krb5_ccache ccache,
2574 		char *in_tkt_service);
2575 
2576 krb5_error_code KRB5_CALLCONV
2577 krb5_get_renewed_creds
2578 (krb5_context context,
2579 		krb5_creds *creds,
2580 		krb5_principal client,
2581 		krb5_ccache ccache,
2582 		char *in_tkt_service);
2583 
2584 krb5_error_code KRB5_CALLCONV
2585 krb5_decode_ticket
2586 (const krb5_data *code,
2587 		krb5_ticket **rep);
2588 
2589 void KRB5_CALLCONV
2590 krb5_appdefault_string
2591 (krb5_context context,
2592 		const char *appname,
2593 	        const krb5_data *realm,
2594  		const char *option,
2595 		const char *default_value,
2596 		char ** ret_value);
2597 
2598 void KRB5_CALLCONV
2599 krb5_appdefault_boolean
2600 (krb5_context context,
2601 		const char *appname,
2602 	        const krb5_data *realm,
2603  		const char *option,
2604 		int default_value,
2605 		int *ret_value);
2606 
2607 #if KRB5_PRIVATE
2608 /*
2609  * The realm iterator functions
2610  */
2611 
2612 krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create
2613 	(krb5_context context, void **iter_p);
2614 
2615 krb5_error_code KRB5_CALLCONV krb5_realm_iterator
2616 	(krb5_context context, void **iter_p, char **ret_realm);
2617 
2618 void KRB5_CALLCONV krb5_realm_iterator_free
2619 	(krb5_context context, void **iter_p);
2620 
2621 void KRB5_CALLCONV krb5_free_realm_string
2622 	(krb5_context context, char *str);
2623 #endif
2624 
2625 /*
2626  * The realm iterator functions
2627  */
2628 
2629 krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create
2630 	(krb5_context context, void **iter_p);
2631 
2632 krb5_error_code KRB5_CALLCONV krb5_realm_iterator
2633 	(krb5_context context, void **iter_p, char **ret_realm);
2634 
2635 void KRB5_CALLCONV krb5_realm_iterator_free
2636 	(krb5_context context, void **iter_p);
2637 
2638 void KRB5_CALLCONV krb5_free_realm_string
2639 	(krb5_context context, char *str);
2640 
2641 /*
2642  * Prompter enhancements
2643  */
2644 
2645 #define KRB5_PROMPT_TYPE_PASSWORD		0x1
2646 #define KRB5_PROMPT_TYPE_NEW_PASSWORD		0x2
2647 #define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN	0x3
2648 #define KRB5_PROMPT_TYPE_PREAUTH		0x4
2649 
2650 typedef krb5_int32 krb5_prompt_type;
2651 
2652 krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types
2653 	(krb5_context context);
2654 
2655 #if TARGET_OS_MAC
2656 #    pragma options align=reset
2657 #endif /* KRB5INT_END_DECLS */
2658 
2659 /* Don't use this!  We're going to phase it out.  It's just here to keep
2660    applications from breaking right away.  */
2661 #define krb5_const const
2662 
2663 #endif /* KRB5_GENERAL__ */
2664 
2665 
2666 /*
2667  * krb5_err.h:
2668  * This file is automatically generated; please do not edit it.
2669  */
2670 
2671 #define KRB5KDC_ERR_NONE                         (-1765328384L)
2672 #define KRB5KDC_ERR_NAME_EXP                     (-1765328383L)
2673 #define KRB5KDC_ERR_SERVICE_EXP                  (-1765328382L)
2674 #define KRB5KDC_ERR_BAD_PVNO                     (-1765328381L)
2675 #define KRB5KDC_ERR_C_OLD_MAST_KVNO              (-1765328380L)
2676 #define KRB5KDC_ERR_S_OLD_MAST_KVNO              (-1765328379L)
2677 #define KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN          (-1765328378L)
2678 #define KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN          (-1765328377L)
2679 #define KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE         (-1765328376L)
2680 #define KRB5KDC_ERR_NULL_KEY                     (-1765328375L)
2681 #define KRB5KDC_ERR_CANNOT_POSTDATE              (-1765328374L)
2682 #define KRB5KDC_ERR_NEVER_VALID                  (-1765328373L)
2683 #define KRB5KDC_ERR_POLICY                       (-1765328372L)
2684 #define KRB5KDC_ERR_BADOPTION                    (-1765328371L)
2685 #define KRB5KDC_ERR_ETYPE_NOSUPP                 (-1765328370L)
2686 #define KRB5KDC_ERR_SUMTYPE_NOSUPP               (-1765328369L)
2687 #define KRB5KDC_ERR_PADATA_TYPE_NOSUPP           (-1765328368L)
2688 #define KRB5KDC_ERR_TRTYPE_NOSUPP                (-1765328367L)
2689 #define KRB5KDC_ERR_CLIENT_REVOKED               (-1765328366L)
2690 #define KRB5KDC_ERR_SERVICE_REVOKED              (-1765328365L)
2691 #define KRB5KDC_ERR_TGT_REVOKED                  (-1765328364L)
2692 #define KRB5KDC_ERR_CLIENT_NOTYET                (-1765328363L)
2693 #define KRB5KDC_ERR_SERVICE_NOTYET               (-1765328362L)
2694 #define KRB5KDC_ERR_KEY_EXP                      (-1765328361L)
2695 #define KRB5KDC_ERR_PREAUTH_FAILED               (-1765328360L)
2696 #define KRB5KDC_ERR_PREAUTH_REQUIRED             (-1765328359L)
2697 #define KRB5KDC_ERR_SERVER_NOMATCH               (-1765328358L)
2698 #define KRB5PLACEHOLD_27                         (-1765328357L)
2699 #define KRB5PLACEHOLD_28                         (-1765328356L)
2700 #define KRB5PLACEHOLD_29                         (-1765328355L)
2701 #define KRB5PLACEHOLD_30                         (-1765328354L)
2702 #define KRB5KRB_AP_ERR_BAD_INTEGRITY             (-1765328353L)
2703 #define KRB5KRB_AP_ERR_TKT_EXPIRED               (-1765328352L)
2704 #define KRB5KRB_AP_ERR_TKT_NYV                   (-1765328351L)
2705 #define KRB5KRB_AP_ERR_REPEAT                    (-1765328350L)
2706 #define KRB5KRB_AP_ERR_NOT_US                    (-1765328349L)
2707 #define KRB5KRB_AP_ERR_BADMATCH                  (-1765328348L)
2708 #define KRB5KRB_AP_ERR_SKEW                      (-1765328347L)
2709 #define KRB5KRB_AP_ERR_BADADDR                   (-1765328346L)
2710 #define KRB5KRB_AP_ERR_BADVERSION                (-1765328345L)
2711 #define KRB5KRB_AP_ERR_MSG_TYPE                  (-1765328344L)
2712 #define KRB5KRB_AP_ERR_MODIFIED                  (-1765328343L)
2713 #define KRB5KRB_AP_ERR_BADORDER                  (-1765328342L)
2714 #define KRB5KRB_AP_ERR_ILL_CR_TKT                (-1765328341L)
2715 #define KRB5KRB_AP_ERR_BADKEYVER                 (-1765328340L)
2716 #define KRB5KRB_AP_ERR_NOKEY                     (-1765328339L)
2717 #define KRB5KRB_AP_ERR_MUT_FAIL                  (-1765328338L)
2718 #define KRB5KRB_AP_ERR_BADDIRECTION              (-1765328337L)
2719 #define KRB5KRB_AP_ERR_METHOD                    (-1765328336L)
2720 #define KRB5KRB_AP_ERR_BADSEQ                    (-1765328335L)
2721 #define KRB5KRB_AP_ERR_INAPP_CKSUM               (-1765328334L)
2722 #define KRB5PLACEHOLD_51                         (-1765328333L)
2723 #define KRB5PLACEHOLD_52                         (-1765328332L)
2724 #define KRB5PLACEHOLD_53                         (-1765328331L)
2725 #define KRB5PLACEHOLD_54                         (-1765328330L)
2726 #define KRB5PLACEHOLD_55                         (-1765328329L)
2727 #define KRB5PLACEHOLD_56                         (-1765328328L)
2728 #define KRB5PLACEHOLD_57                         (-1765328327L)
2729 #define KRB5PLACEHOLD_58                         (-1765328326L)
2730 #define KRB5PLACEHOLD_59                         (-1765328325L)
2731 #define KRB5KRB_ERR_GENERIC                      (-1765328324L)
2732 #define KRB5KRB_ERR_FIELD_TOOLONG                (-1765328323L)
2733 #define KRB5PLACEHOLD_62                         (-1765328322L)
2734 #define KRB5PLACEHOLD_63                         (-1765328321L)
2735 #define KRB5PLACEHOLD_64                         (-1765328320L)
2736 #define KRB5PLACEHOLD_65                         (-1765328319L)
2737 #define KRB5PLACEHOLD_66                         (-1765328318L)
2738 #define KRB5PLACEHOLD_67                         (-1765328317L)
2739 #define KRB5PLACEHOLD_68                         (-1765328316L)
2740 #define KRB5PLACEHOLD_69                         (-1765328315L)
2741 #define KRB5PLACEHOLD_70                         (-1765328314L)
2742 #define KRB5PLACEHOLD_71                         (-1765328313L)
2743 #define KRB5PLACEHOLD_72                         (-1765328312L)
2744 #define KRB5PLACEHOLD_73                         (-1765328311L)
2745 #define KRB5PLACEHOLD_74                         (-1765328310L)
2746 #define KRB5PLACEHOLD_75                         (-1765328309L)
2747 #define KRB5PLACEHOLD_76                         (-1765328308L)
2748 #define KRB5PLACEHOLD_77                         (-1765328307L)
2749 #define KRB5PLACEHOLD_78                         (-1765328306L)
2750 #define KRB5PLACEHOLD_79                         (-1765328305L)
2751 #define KRB5PLACEHOLD_80                         (-1765328304L)
2752 #define KRB5PLACEHOLD_81                         (-1765328303L)
2753 #define KRB5PLACEHOLD_82                         (-1765328302L)
2754 #define KRB5PLACEHOLD_83                         (-1765328301L)
2755 #define KRB5PLACEHOLD_84                         (-1765328300L)
2756 #define KRB5PLACEHOLD_85                         (-1765328299L)
2757 #define KRB5PLACEHOLD_86                         (-1765328298L)
2758 #define KRB5PLACEHOLD_87                         (-1765328297L)
2759 #define KRB5PLACEHOLD_88                         (-1765328296L)
2760 #define KRB5PLACEHOLD_89                         (-1765328295L)
2761 #define KRB5PLACEHOLD_90                         (-1765328294L)
2762 #define KRB5PLACEHOLD_91                         (-1765328293L)
2763 #define KRB5PLACEHOLD_92                         (-1765328292L)
2764 #define KRB5PLACEHOLD_93                         (-1765328291L)
2765 #define KRB5PLACEHOLD_94                         (-1765328290L)
2766 #define KRB5PLACEHOLD_95                         (-1765328289L)
2767 #define KRB5PLACEHOLD_96                         (-1765328288L)
2768 #define KRB5PLACEHOLD_97                         (-1765328287L)
2769 #define KRB5PLACEHOLD_98                         (-1765328286L)
2770 #define KRB5PLACEHOLD_99                         (-1765328285L)
2771 #define KRB5PLACEHOLD_100                        (-1765328284L)
2772 #define KRB5PLACEHOLD_101                        (-1765328283L)
2773 #define KRB5PLACEHOLD_102                        (-1765328282L)
2774 #define KRB5PLACEHOLD_103                        (-1765328281L)
2775 #define KRB5PLACEHOLD_104                        (-1765328280L)
2776 #define KRB5PLACEHOLD_105                        (-1765328279L)
2777 #define KRB5PLACEHOLD_106                        (-1765328278L)
2778 #define KRB5PLACEHOLD_107                        (-1765328277L)
2779 #define KRB5PLACEHOLD_108                        (-1765328276L)
2780 #define KRB5PLACEHOLD_109                        (-1765328275L)
2781 #define KRB5PLACEHOLD_110                        (-1765328274L)
2782 #define KRB5PLACEHOLD_111                        (-1765328273L)
2783 #define KRB5PLACEHOLD_112                        (-1765328272L)
2784 #define KRB5PLACEHOLD_113                        (-1765328271L)
2785 #define KRB5PLACEHOLD_114                        (-1765328270L)
2786 #define KRB5PLACEHOLD_115                        (-1765328269L)
2787 #define KRB5PLACEHOLD_116                        (-1765328268L)
2788 #define KRB5PLACEHOLD_117                        (-1765328267L)
2789 #define KRB5PLACEHOLD_118                        (-1765328266L)
2790 #define KRB5PLACEHOLD_119                        (-1765328265L)
2791 #define KRB5PLACEHOLD_120                        (-1765328264L)
2792 #define KRB5PLACEHOLD_121                        (-1765328263L)
2793 #define KRB5PLACEHOLD_122                        (-1765328262L)
2794 #define KRB5PLACEHOLD_123                        (-1765328261L)
2795 #define KRB5PLACEHOLD_124                        (-1765328260L)
2796 #define KRB5PLACEHOLD_125                        (-1765328259L)
2797 #define KRB5PLACEHOLD_126                        (-1765328258L)
2798 #define KRB5PLACEHOLD_127                        (-1765328257L)
2799 #define KRB5_ERR_RCSID                           (-1765328256L)
2800 #define KRB5_LIBOS_BADLOCKFLAG                   (-1765328255L)
2801 #define KRB5_LIBOS_CANTREADPWD                   (-1765328254L)
2802 #define KRB5_LIBOS_BADPWDMATCH                   (-1765328253L)
2803 #define KRB5_LIBOS_PWDINTR                       (-1765328252L)
2804 #define KRB5_PARSE_ILLCHAR                       (-1765328251L)
2805 #define KRB5_PARSE_MALFORMED                     (-1765328250L)
2806 #define KRB5_CONFIG_CANTOPEN                     (-1765328249L)
2807 #define KRB5_CONFIG_BADFORMAT                    (-1765328248L)
2808 #define KRB5_CONFIG_NOTENUFSPACE                 (-1765328247L)
2809 #define KRB5_BADMSGTYPE                          (-1765328246L)
2810 #define KRB5_CC_BADNAME                          (-1765328245L)
2811 #define KRB5_CC_UNKNOWN_TYPE                     (-1765328244L)
2812 #define KRB5_CC_NOTFOUND                         (-1765328243L)
2813 #define KRB5_CC_END                              (-1765328242L)
2814 #define KRB5_NO_TKT_SUPPLIED                     (-1765328241L)
2815 #define KRB5KRB_AP_WRONG_PRINC                   (-1765328240L)
2816 #define KRB5KRB_AP_ERR_TKT_INVALID               (-1765328239L)
2817 #define KRB5_PRINC_NOMATCH                       (-1765328238L)
2818 #define KRB5_KDCREP_MODIFIED                     (-1765328237L)
2819 #define KRB5_KDCREP_SKEW                         (-1765328236L)
2820 #define KRB5_IN_TKT_REALM_MISMATCH               (-1765328235L)
2821 #define KRB5_PROG_ETYPE_NOSUPP                   (-1765328234L)
2822 #define KRB5_PROG_KEYTYPE_NOSUPP                 (-1765328233L)
2823 #define KRB5_WRONG_ETYPE                         (-1765328232L)
2824 #define KRB5_PROG_SUMTYPE_NOSUPP                 (-1765328231L)
2825 #define KRB5_REALM_UNKNOWN                       (-1765328230L)
2826 #define KRB5_SERVICE_UNKNOWN                     (-1765328229L)
2827 #define KRB5_KDC_UNREACH                         (-1765328228L)
2828 #define KRB5_NO_LOCALNAME                        (-1765328227L)
2829 #define KRB5_MUTUAL_FAILED                       (-1765328226L)
2830 #define KRB5_RC_TYPE_EXISTS                      (-1765328225L)
2831 #define KRB5_RC_MALLOC                           (-1765328224L)
2832 #define KRB5_RC_TYPE_NOTFOUND                    (-1765328223L)
2833 #define KRB5_RC_UNKNOWN                          (-1765328222L)
2834 #define KRB5_RC_REPLAY                           (-1765328221L)
2835 #define KRB5_RC_IO                               (-1765328220L)
2836 #define KRB5_RC_NOIO                             (-1765328219L)
2837 #define KRB5_RC_PARSE                            (-1765328218L)
2838 #define KRB5_RC_IO_EOF                           (-1765328217L)
2839 #define KRB5_RC_IO_MALLOC                        (-1765328216L)
2840 #define KRB5_RC_IO_PERM                          (-1765328215L)
2841 #define KRB5_RC_IO_IO                            (-1765328214L)
2842 #define KRB5_RC_IO_UNKNOWN                       (-1765328213L)
2843 #define KRB5_RC_IO_SPACE                         (-1765328212L)
2844 #define KRB5_TRANS_CANTOPEN                      (-1765328211L)
2845 #define KRB5_TRANS_BADFORMAT                     (-1765328210L)
2846 #define KRB5_LNAME_CANTOPEN                      (-1765328209L)
2847 #define KRB5_LNAME_NOTRANS                       (-1765328208L)
2848 #define KRB5_LNAME_BADFORMAT                     (-1765328207L)
2849 #define KRB5_CRYPTO_INTERNAL                     (-1765328206L)
2850 #define KRB5_KT_BADNAME                          (-1765328205L)
2851 #define KRB5_KT_UNKNOWN_TYPE                     (-1765328204L)
2852 #define KRB5_KT_NOTFOUND                         (-1765328203L)
2853 #define KRB5_KT_END                              (-1765328202L)
2854 #define KRB5_KT_NOWRITE                          (-1765328201L)
2855 #define KRB5_KT_IOERR                            (-1765328200L)
2856 #define KRB5_NO_TKT_IN_RLM                       (-1765328199L)
2857 #define KRB5DES_BAD_KEYPAR                       (-1765328198L)
2858 #define KRB5DES_WEAK_KEY                         (-1765328197L)
2859 #define KRB5_BAD_ENCTYPE                         (-1765328196L)
2860 #define KRB5_BAD_KEYSIZE                         (-1765328195L)
2861 #define KRB5_BAD_MSIZE                           (-1765328194L)
2862 #define KRB5_CC_TYPE_EXISTS                      (-1765328193L)
2863 #define KRB5_KT_TYPE_EXISTS                      (-1765328192L)
2864 #define KRB5_CC_IO                               (-1765328191L)
2865 #define KRB5_FCC_PERM                            (-1765328190L)
2866 #define KRB5_FCC_NOFILE                          (-1765328189L)
2867 #define KRB5_FCC_INTERNAL                        (-1765328188L)
2868 #define KRB5_CC_WRITE                            (-1765328187L)
2869 #define KRB5_CC_NOMEM                            (-1765328186L)
2870 #define KRB5_CC_FORMAT                           (-1765328185L)
2871 #define KRB5_CC_NOT_KTYPE                        (-1765328184L)
2872 #define KRB5_INVALID_FLAGS                       (-1765328183L)
2873 #define KRB5_NO_2ND_TKT                          (-1765328182L)
2874 #define KRB5_NOCREDS_SUPPLIED                    (-1765328181L)
2875 #define KRB5_SENDAUTH_BADAUTHVERS                (-1765328180L)
2876 #define KRB5_SENDAUTH_BADAPPLVERS                (-1765328179L)
2877 #define KRB5_SENDAUTH_BADRESPONSE                (-1765328178L)
2878 #define KRB5_SENDAUTH_REJECTED                   (-1765328177L)
2879 #define KRB5_PREAUTH_BAD_TYPE                    (-1765328176L)
2880 #define KRB5_PREAUTH_NO_KEY                      (-1765328175L)
2881 #define KRB5_PREAUTH_FAILED                      (-1765328174L)
2882 #define KRB5_RCACHE_BADVNO                       (-1765328173L)
2883 #define KRB5_CCACHE_BADVNO                       (-1765328172L)
2884 #define KRB5_KEYTAB_BADVNO                       (-1765328171L)
2885 #define KRB5_PROG_ATYPE_NOSUPP                   (-1765328170L)
2886 #define KRB5_RC_REQUIRED                         (-1765328169L)
2887 #define KRB5_ERR_BAD_HOSTNAME                    (-1765328168L)
2888 #define KRB5_ERR_HOST_REALM_UNKNOWN              (-1765328167L)
2889 #define KRB5_SNAME_UNSUPP_NAMETYPE               (-1765328166L)
2890 #define KRB5KRB_AP_ERR_V4_REPLY                  (-1765328165L)
2891 #define KRB5_REALM_CANT_RESOLVE                  (-1765328164L)
2892 #define KRB5_TKT_NOT_FORWARDABLE                 (-1765328163L)
2893 #define KRB5_FWD_BAD_PRINCIPAL                   (-1765328162L)
2894 #define KRB5_GET_IN_TKT_LOOP                     (-1765328161L)
2895 #define KRB5_CONFIG_NODEFREALM                   (-1765328160L)
2896 #define KRB5_SAM_UNSUPPORTED                     (-1765328159L)
2897 #define KRB5_SAM_INVALID_ETYPE			 (-1765328158L)
2898 #define KRB5_SAM_NO_CHECKSUM			 (-1765328157L)
2899 #define KRB5_SAM_BAD_CHECKSUM			 (-1765328156L)
2900 #define KRB5_KT_NAME_TOOLONG			 (-1765328155L)
2901 #define KRB5_KT_KVNONOTFOUND			 (-1765328154L)
2902 #define KRB5_APPL_EXPIRED			 (-1765328153L)
2903 #define KRB5_LIB_EXPIRED			 (-1765328152L)
2904 #define KRB5_CHPW_PWDNULL			 (-1765328151L)
2905 #define KRB5_CHPW_FAIL				 (-1765328150L)
2906 #define KRB5_KT_FORMAT				 (-1765328149L)
2907 #define KRB5_NOPERM_ETYPE			 (-1765328148L)
2908 #define KRB5_CONFIG_ETYPE_NOSUPP		 (-1765328147L)
2909 #define KRB5_OBSOLETE_FN			 (-1765328146L)
2910 #define KRB5_EAI_FAIL				 (-1765328145L)
2911 #define KRB5_EAI_NODATA				 (-1765328144L)
2912 #define KRB5_EAI_NONAME				 (-1765328143L)
2913 #define KRB5_EAI_SERVICE			 (-1765328142L)
2914 #define KRB5_ERR_NUMERIC_REALM			 (-1765328141L)
2915 #define KRB5_ERR_BAD_S2K_PARAMS			 (-1765328140L)
2916 #define KRB5_ERR_NO_SERVICE			 (-1765328139L)
2917 #define KRB5_CC_READONLY			 (-1765328138L)
2918 #define KRB5_CC_NOSUPP				 (-1765328137L)
2919 
2920 /* NOTE! error values should not collide */
2921 /* XXX Note KRB5_RC_BADNAME and KRB5_CONF_NOT_CONFIGURED are Solaris specific */
2922 #define	KRB5_RC_BADNAME				(-1765328136L)
2923 #define	KRB5_CONF_NOT_CONFIGURED	 	 (-1765328135L)
2924 #ifdef _KERNEL
2925 /* XXX Note KRB5_KEF_ERROR and PKCS_ERR are Solaris specific */
2926 #define KRB5_KEF_ERROR                           (-1765328134L)
2927 #else
2928 #define PKCS_ERR				 (-1765328134L)
2929 #endif /* _KERNEL */
2930 
2931 #define KRB5_DELTAT_BADFORMAT			(-1765328133L)
2932 
2933 #define ERROR_TABLE_BASE_krb5 (-1765328384L)
2934 
2935 /* for compatibility with older versions... */
2936 #define krb5_err_base ERROR_TABLE_BASE_krb5
2937 /*
2938  * kdb5_err.h:
2939  * This file is automatically generated; please do not edit it.
2940  */
2941 #define KRB5_KDB_RCSID                           (-1780008448L)
2942 #define KRB5_KDB_INUSE                           (-1780008447L)
2943 #define KRB5_KDB_UK_SERROR                       (-1780008446L)
2944 #define KRB5_KDB_UK_RERROR                       (-1780008445L)
2945 #define KRB5_KDB_UNAUTH                          (-1780008444L)
2946 #define KRB5_KDB_NOENTRY                         (-1780008443L)
2947 #define KRB5_KDB_ILL_WILDCARD                    (-1780008442L)
2948 #define KRB5_KDB_DB_INUSE                        (-1780008441L)
2949 #define KRB5_KDB_DB_CHANGED                      (-1780008440L)
2950 #define KRB5_KDB_TRUNCATED_RECORD                (-1780008439L)
2951 #define KRB5_KDB_RECURSIVELOCK                   (-1780008438L)
2952 #define KRB5_KDB_NOTLOCKED                       (-1780008437L)
2953 #define KRB5_KDB_BADLOCKMODE                     (-1780008436L)
2954 #define KRB5_KDB_DBNOTINITED                     (-1780008435L)
2955 #define KRB5_KDB_DBINITED                        (-1780008434L)
2956 #define KRB5_KDB_ILLDIRECTION                    (-1780008433L)
2957 #define KRB5_KDB_NOMASTERKEY                     (-1780008432L)
2958 #define KRB5_KDB_BADMASTERKEY                    (-1780008431L)
2959 #define KRB5_KDB_INVALIDKEYSIZE                  (-1780008430L)
2960 #define KRB5_KDB_CANTREAD_STORED                 (-1780008429L)
2961 #define KRB5_KDB_BADSTORED_MKEY                  (-1780008428L)
2962 #define KRB5_KDB_CANTLOCK_DB                     (-1780008427L)
2963 #define KRB5_KDB_DB_CORRUPT                      (-1780008426L)
2964 #define KRB5_KDB_BAD_VERSION                     (-1780008425L)
2965 #define KRB5_KDB_BAD_SALTTYPE                    (-1780008424L)
2966 #define KRB5_KDB_BAD_ENCTYPE                     (-1780008423L)
2967 #define KRB5_KDB_BAD_CREATEFLAGS                 (-1780008422L)
2968 #define KRB5_KDB_NO_PERMITTED_KEY                (-1780008421L)
2969 #define KRB5_KDB_NO_MATCHING_KEY                 (-1780008420L)
2970 /*
2971  * Incremental propagation error codes
2972  */
2973 #define	KRB5_LOG_CONV				(-1780008419L)
2974 #define	KRB5_LOG_UNSTABLE			(-1780008418L)
2975 #define	KRB5_LOG_CORRUPT			(-1780008417L)
2976 #define	KRB5_LOG_ERROR				(-1780008416L)
2977 #define ERROR_TABLE_BASE_kdb5 (-1780008448L)
2978 
2979 /* for compatibility with older versions... */
2980 #define kdb5_err_base ERROR_TABLE_BASE_kdb5
2981 /*
2982  * kv5m_err.h:
2983  * This file is automatically generated; please do not edit it.
2984  */
2985 #define KV5M_NONE                                (-1760647424L)
2986 #define KV5M_PRINCIPAL                           (-1760647423L)
2987 #define KV5M_DATA                                (-1760647422L)
2988 #define KV5M_KEYBLOCK                            (-1760647421L)
2989 #define KV5M_CHECKSUM                            (-1760647420L)
2990 #define KV5M_ENCRYPT_BLOCK                       (-1760647419L)
2991 #define KV5M_ENC_DATA                            (-1760647418L)
2992 #define KV5M_CRYPTOSYSTEM_ENTRY                  (-1760647417L)
2993 #define KV5M_CS_TABLE_ENTRY                      (-1760647416L)
2994 #define KV5M_CHECKSUM_ENTRY                      (-1760647415L)
2995 #define KV5M_AUTHDATA                            (-1760647414L)
2996 #define KV5M_TRANSITED                           (-1760647413L)
2997 #define KV5M_ENC_TKT_PART                        (-1760647412L)
2998 #define KV5M_TICKET                              (-1760647411L)
2999 #define KV5M_AUTHENTICATOR                       (-1760647410L)
3000 #define KV5M_TKT_AUTHENT                         (-1760647409L)
3001 #define KV5M_CREDS                               (-1760647408L)
3002 #define KV5M_LAST_REQ_ENTRY                      (-1760647407L)
3003 #define KV5M_PA_DATA                             (-1760647406L)
3004 #define KV5M_KDC_REQ                             (-1760647405L)
3005 #define KV5M_ENC_KDC_REP_PART                    (-1760647404L)
3006 #define KV5M_KDC_REP                             (-1760647403L)
3007 #define KV5M_ERROR                               (-1760647402L)
3008 #define KV5M_AP_REQ                              (-1760647401L)
3009 #define KV5M_AP_REP                              (-1760647400L)
3010 #define KV5M_AP_REP_ENC_PART                     (-1760647399L)
3011 #define KV5M_RESPONSE                            (-1760647398L)
3012 #define KV5M_SAFE                                (-1760647397L)
3013 #define KV5M_PRIV                                (-1760647396L)
3014 #define KV5M_PRIV_ENC_PART                       (-1760647395L)
3015 #define KV5M_CRED                                (-1760647394L)
3016 #define KV5M_CRED_INFO                           (-1760647393L)
3017 #define KV5M_CRED_ENC_PART                       (-1760647392L)
3018 #define KV5M_PWD_DATA                            (-1760647391L)
3019 #define KV5M_ADDRESS                             (-1760647390L)
3020 #define KV5M_KEYTAB_ENTRY                        (-1760647389L)
3021 #define KV5M_CONTEXT                             (-1760647388L)
3022 #define KV5M_OS_CONTEXT                          (-1760647387L)
3023 #define KV5M_ALT_METHOD                          (-1760647386L)
3024 #define KV5M_ETYPE_INFO_ENTRY                    (-1760647385L)
3025 #define KV5M_DB_CONTEXT                          (-1760647384L)
3026 #define KV5M_AUTH_CONTEXT                        (-1760647383L)
3027 #define KV5M_KEYTAB                              (-1760647382L)
3028 #define KV5M_RCACHE                              (-1760647381L)
3029 #define KV5M_CCACHE                              (-1760647380L)
3030 #define KV5M_PREAUTH_OPS                         (-1760647379L)
3031 #define KV5M_SAM_CHALLENGE                       (-1760647378L)
3032 #define KV5M_SAM_KEY                             (-1760647377L)
3033 #define KV5M_ENC_SAM_RESPONSE_ENC                (-1760647376L)
3034 #define KV5M_ENC_SAM_RESPONSE_ENC_2		 (-1760647374L)
3035 #define KV5M_SAM_RESPONSE			 (-1760647373L)
3036 #define KV5M_SAM_RESPONSE_2			 (-1760647372L)
3037 #define KV5M_PREDICTED_SAM_RESPONSE		 (-1760647371L)
3038 #define KV5M_PASSWD_PHRASE_ELEMENT		 (-1760647370L)
3039 #define KV5M_GSS_OID				 (-1760647369L)
3040 #define KV5M_GSS_QUEUE				 (-1760647368L)
3041 #define ERROR_TABLE_BASE_kv5m (-1760647424L)
3042 
3043 /* for compatibility with older versions... */
3044 #define kv5m_err_base ERROR_TABLE_BASE_kv5m
3045 /*
3046  * asn1_err.h:
3047  * This file is automatically generated; please do not edit it.
3048  */
3049 #define ASN1_BAD_TIMEFORMAT                      (1859794432L)
3050 #define ASN1_MISSING_FIELD                       (1859794433L)
3051 #define ASN1_MISPLACED_FIELD                     (1859794434L)
3052 #define ASN1_TYPE_MISMATCH                       (1859794435L)
3053 #define ASN1_OVERFLOW                            (1859794436L)
3054 #define ASN1_OVERRUN                             (1859794437L)
3055 #define ASN1_BAD_ID                              (1859794438L)
3056 #define ASN1_BAD_LENGTH                          (1859794439L)
3057 #define ASN1_BAD_FORMAT                          (1859794440L)
3058 #define ASN1_PARSE_ERROR                         (1859794441L)
3059 #define ASN1_BAD_GMTIME                          (1859794442L)
3060 #define ASN1_MISMATCH_INDEF			 (1859794443L)
3061 #define ASN1_MISSING_EOC			 (1859794444L)
3062 #define ERROR_TABLE_BASE_asn1 (1859794432L)
3063 
3064 /* for compatibility with older versions... */
3065 #define asn1_err_base ERROR_TABLE_BASE_asn1
3066 
3067 #ifdef __cplusplus
3068 }
3069 #endif
3070 
3071 #endif		/* _KRB5_H */
3072