xref: /illumos-gate/usr/src/uts/common/gssapi/mechs/krb5/include/krb5.h (revision 628e3cbed6489fa1db545d8524a06cd6535af456)
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /* This is the prologue to krb5.h */
7 /* Unfortunately some of these defines are compiler dependent */
8 #ifndef _KRB5_H
9 #define _KRB5_H
10 
11 #pragma ident	"%Z%%M%	%I%	%E% SMI"
12 
13 #define SIZEOF_INT 4
14 
15 #ifdef _LP64
16 #define SIZEOF_LONG 8
17 #else
18 #define SIZEOF_LONG 4
19 #endif
20 
21 #define SIZEOF_SHORT 2
22 #define HAVE_STDARG_H 1
23 #define HAVE_SYS_TYPES_H 1
24 /* End of prologue section */
25 /*
26  * include/krb5.h
27  *
28  * Copyright 1989,1990,1995,2001, 2003  by the Massachusetts Institute of Technology.
29  * All Rights Reserved.
30  *
31  * Export of this software from the United States of America may
32  *   require a specific license from the United States Government.
33  *   It is the responsibility of any person or organization contemplating
34  *   export to obtain such a license before exporting.
35  *
36  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
37  * distribute this software and its documentation for any purpose and
38  * without fee is hereby granted, provided that the above copyright
39  * notice appear in all copies and that both that copyright notice and
40  * this permission notice appear in supporting documentation, and that
41  * the name of M.I.T. not be used in advertising or publicity pertaining
42  * to distribution of the software without specific, written prior
43  * permission.	Furthermore if you modify this software you must label
44  * your software as modified software and not distribute it in such a
45  * fashion that it might be confused with the original M.I.T. software.
46  * M.I.T. makes no representations about the suitability of
47  * this software for any purpose.  It is provided "as is" without express
48  * or implied warranty.
49  *
50  *
51  * General definitions for Kerberos version 5.
52  */
53 
54 /*
55  * Copyright (C) 1998 by the FundsXpress, INC.
56  *
57  * All rights reserved.
58  *
59  * Export of this software from the United States of America may require
60  * a specific license from the United States Government.  It is the
61  * responsibility of any person or organization contemplating export to
62  * obtain such a license before exporting.
63  *
64  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
65  * distribute this software and its documentation for any purpose and
66  * without fee is hereby granted, provided that the above copyright
67  * notice appear in all copies and that both that copyright notice and
68  * this permission notice appear in supporting documentation, and that
69  * the name of FundsXpress. not be used in advertising or publicity pertaining
70  * to distribution of the software without specific, written prior
71  * permission.  FundsXpress makes no representations about the suitability of
72  * this software for any purpose.  It is provided "as is" without express
73  * or implied warranty.
74  *
75  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
76  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
77  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
78  */
79 
80 #ifndef KRB5_GENERAL__
81 #define KRB5_GENERAL__
82 
83 #ifdef	_KERNEL
84 #include <sys/systm.h>
85 #include <sys/kmem.h>
86 
87 #include <sys/crypto/common.h>
88 #include <sys/crypto/api.h>
89 
90 /*
91  * Just to be safe lets make sure the buffers are zero'ed after
92  * malloc() as some code assumes this is the case.  To avoid warnings
93  * of duplicated defines let remove the old one if present.
94  */
95 #ifdef MALLOC
96 #undef MALLOC
97 #endif
98 #define MALLOC(n) kmem_zalloc((n), KM_SLEEP)
99 
100 #define	FREE(x, n) kmem_free((x), (n))
101 #define CALLOC(n, s) kmem_zalloc((n)*(s), KM_SLEEP)
102 #define strcpy(dst,src,n) bcopy((src),(dst),(n))
103 #define mutex_lock(lck)  mutex_enter(lck)
104 #define mutex_unlock(lck)  mutex_exit(lck)
105 
106 #else /* !_KERNEL */
107 #define	MALLOC(n) malloc(n)
108 #define	FREE(x, n) free(x)
109 #define CALLOC(n, s) calloc((n), (s))
110 #include <stdlib.h>
111 #include <thread.h>
112 #include <synch.h>
113 #include <security/cryptoki.h>
114 #include <limits.h>    /* for *_MAX */
115 #endif /* _KERNEL */
116 
117 /* By default, do not expose deprecated interfaces. */
118 /* SUNW14resync - we need to enable this for rlogind and such */
119 #ifndef KRB5_DEPRECATED
120 #define KRB5_DEPRECATED 1
121 #endif
122 /* Do not expose private interfaces.  Build system will override. */
123 /* SUNW14resync - for the Solaris build we set it to 1 here */
124 #ifndef KRB5_PRIVATE
125 #define KRB5_PRIVATE 1
126 #endif
127 
128 #if defined(__MACH__) && defined(__APPLE__)
129 #       include <TargetConditionals.h>
130 #    if TARGET_RT_MAC_CFM
131 #       error "Use KfM 4.0 SDK headers for CFM compilation."
132 #    endif
133 #endif
134 
135 #if (defined(_MSDOS) || defined(_WIN32))
136 #include <win-mac.h>
137 #endif
138 
139 #ifndef KRB5_CONFIG__
140 #ifndef KRB5_CALLCONV
141 #define KRB5_CALLCONV
142 #define KRB5_CALLCONV_C
143 #endif /* !KRB5_CALLCONV */
144 #endif /* !KRB5_CONFIG__ */
145 
146 #ifndef KRB5_CALLCONV_WRONG
147 #define KRB5_CALLCONV_WRONG
148 #endif
149 
150 /* SUNW14resync XXX */
151 #include <sys/types.h>
152 #include <sys/socket.h>
153 
154 #ifndef THREEPARAMOPEN
155 #define THREEPARAMOPEN(x,y,z) open(x,y,z)
156 #endif
157 
158 
159 /*
160  * Solaris Kerberos:
161  *   Samba needs a couple of these interfaces so old crypto is enabled.
162  */
163 #define KRB5_OLD_CRYPTO
164 
165 
166 #ifndef KRB5INT_BEGIN_DECLS
167 #if defined(__cplusplus)
168 #define KRB5INT_BEGIN_DECLS     extern "C" {
169 #define KRB5INT_END_DECLS }
170 #else
171 #define KRB5INT_BEGIN_DECLS
172 #define KRB5INT_END_DECLS
173 #endif
174 #endif /* KRB5INT_BEGIN_DECLS */
175 
176 #if TARGET_OS_MAC
177 #    pragma options align=mac68k
178 #endif
179 
180 /* from profile.h */
181 struct _profile_t;
182 /* typedef struct _profile_t *profile_t; */
183 
184 
185 /*
186  * begin wordsize.h
187  */
188 
189 /*
190  * Word-size related definition.
191  */
192 
193 typedef	unsigned char	krb5_octet;
194 
195 #if INT_MAX == 0x7fff
196 typedef	int	krb5_int16;
197 typedef	unsigned int	krb5_ui_2;
198 #elif SHRT_MAX == 0x7fff
199 typedef	short	krb5_int16;
200 typedef	unsigned short	krb5_ui_2;
201 #else
202 #error undefined 16 bit type
203 #endif
204 
205 #if INT_MAX == 0x7fffffffL
206 typedef	int		krb5_int32;
207 typedef	unsigned int	krb5_ui_4;
208 #elif LONG_MAX == 0x7fffffffL
209 typedef	long	krb5_int32;
210 typedef	unsigned long	krb5_ui_4;
211 #elif SHRT_MAX == 0x7fffffffL
212 typedef	short	krb5_int32;
213 typedef	unsigned short	krb5_ui_4;
214 #else
215 #error: undefined 32 bit type
216 #endif
217 
218 #define VALID_INT_BITS    INT_MAX
219 #define VALID_UINT_BITS   UINT_MAX
220 
221 #define KRB5_INT32_MAX	2147483647
222 /* this strange form is necessary since - is a unary operator, not a sign
223    indicator */
224 #define KRB5_INT32_MIN	(-KRB5_INT32_MAX-1)
225 
226 #define KRB5_INT16_MAX 65535
227 /* this strange form is necessary since - is a unary operator, not a sign
228    indicator */
229 #define KRB5_INT16_MIN	(-KRB5_INT16_MAX-1)
230 
231 /*
232  * end wordsize.h
233  */
234 
235 /*
236  * begin "base-defs.h"
237  */
238 
239 /*
240  * Basic definitions for Kerberos V5 library
241  */
242 
243 #ifndef FALSE
244 #define	FALSE	0
245 #endif
246 #ifndef TRUE
247 #define	TRUE	1
248 #endif
249 
250 typedef	unsigned int krb5_boolean;
251 typedef	unsigned int krb5_msgtype;
252 typedef	unsigned int krb5_kvno;
253 
254 typedef	krb5_int32	krb5_addrtype;
255 typedef krb5_int32	krb5_enctype;
256 typedef krb5_int32	krb5_cksumtype;
257 typedef krb5_int32	krb5_authdatatype;
258 typedef krb5_int32	krb5_keyusage;
259 
260 typedef krb5_int32	krb5_preauthtype; /* This may change, later on */
261 typedef	krb5_int32	krb5_flags;
262 typedef krb5_int32	krb5_timestamp;
263 typedef	krb5_int32	krb5_error_code;
264 typedef krb5_int32	krb5_deltat;
265 
266 typedef krb5_error_code	krb5_magic;
267 
268 typedef struct _krb5_data {
269     krb5_magic magic;
270     unsigned int length;
271     char *data;
272 } krb5_data;
273 
274 /*
275  * Hack length for crypto library to use the afs_string_to_key It is
276  * equivalent to -1 without possible sign extension
277  * We also overload for an unset salt type length - which is also -1, but
278  * hey, why not....
279 */
280 #define SALT_TYPE_AFS_LENGTH UINT_MAX
281 #define SALT_TYPE_NO_LENGTH  UINT_MAX
282 
283 typedef void * krb5_pointer;
284 typedef void const * krb5_const_pointer;
285 
286 typedef struct krb5_principal_data {
287     krb5_magic magic;
288     krb5_data realm;
289     krb5_data *data;		/* An array of strings */
290     krb5_int32 length;
291     krb5_int32 type;
292 } krb5_principal_data;
293 
294 typedef	krb5_principal_data * krb5_principal;
295 
296 /*
297  * Per V5 spec on definition of principal types
298  */
299 
300 /* Name type not known */
301 #define KRB5_NT_UNKNOWN		0
302 /* Just the name of the principal as in DCE, or for users */
303 #define KRB5_NT_PRINCIPAL	1
304 /* Service and other unique instance (krbtgt) */
305 #define KRB5_NT_SRV_INST	2
306 /* Service with host name as instance (telnet, rcommands) */
307 #define KRB5_NT_SRV_HST		3
308 /* Service with host as remaining components */
309 #define KRB5_NT_SRV_XHST	4
310 /* Unique ID */
311 #define KRB5_NT_UID		5
312 
313 /* constant version thereof: */
314 typedef const krb5_principal_data *krb5_const_principal;
315 
316 #define krb5_princ_realm(context, princ) (&(princ)->realm)
317 #define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value))
318 #define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value)
319 #define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value)
320 #define	krb5_princ_size(context, princ) (princ)->length
321 #define	krb5_princ_type(context, princ) (princ)->type
322 #define	krb5_princ_name(context, princ) (princ)->data
323 #define krb5_princ_component(context, princ,i)         \
324             (((i) < krb5_princ_size(context, princ)) \
325              ? (princ)->data + (i)                   \
326              : NULL)
327 
328 /*
329  * Constants for realm referrals.
330  */
331 #define        KRB5_REFERRAL_REALM	""
332 
333 /*
334  * Referral-specific functions.
335  */
336 krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *);
337 
338 /*
339  * end "base-defs.h"
340  */
341 
342 /*
343  * begin "hostaddr.h"
344  */
345 
346 /* structure for address */
347 typedef struct _krb5_address {
348     krb5_magic magic;
349     krb5_addrtype addrtype;
350     unsigned int length;
351     krb5_octet *contents;
352 } krb5_address;
353 
354 /* per Kerberos v5 protocol spec */
355 #define	ADDRTYPE_INET		0x0002
356 #define	ADDRTYPE_CHAOS		0x0005
357 #define	ADDRTYPE_XNS		0x0006
358 #define	ADDRTYPE_ISO		0x0007
359 #define	ADDRTYPE_DDP		0x0010
360 #define	ADDRTYPE_INET6		0x0018
361 /* not yet in the spec... */
362 #define	ADDRTYPE_ADDRPORT	0x0100
363 #define	ADDRTYPE_IPPORT		0x0101
364 
365 /* macros to determine if a type is a local type */
366 #define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000)
367 
368 /*
369  * end "hostaddr.h"
370  */
371 
372 
373 struct _krb5_context;
374 typedef struct _krb5_context * krb5_context;
375 
376 struct _krb5_auth_context;
377 typedef struct _krb5_auth_context * krb5_auth_context;
378 
379 struct _krb5_cryptosystem_entry;
380 
381 /* SUNW EF (I assume) crypto mods ... */
382 struct _krb5_keyblock;
383 
384 /*
385  * keyblocks will contain a list of derived keys,
386  * this  structure will contain the derived key data.
387  */
388 typedef struct _dk_node {
389     krb5_keyusage   usage;
390     struct _krb5_keyblock   *derived_key;
391     uchar_t         dkid; /* derived key identifier byte */
392     struct _dk_node *next;
393 } krb5_dk_node;
394 
395 /*
396  * begin "encryption.h"
397  */
398 typedef struct _krb5_keyblock {
399     krb5_magic magic;
400     krb5_enctype enctype;
401     unsigned int length;
402     krb5_octet *contents;
403     krb5_dk_node   *dk_list; /* list of keys derived from this key */
404 #ifdef _KERNEL
405     crypto_mech_type_t     kef_mt;
406     crypto_key_t           kef_key;
407     crypto_ctx_template_t  key_tmpl;
408 #else
409     CK_OBJECT_HANDLE       hKey; /* PKCS#11 key object handle */
410     pid_t	pid; /* fork safety */
411 #endif /* _KERNEL */
412 } krb5_keyblock;
413 
414 typedef struct _krb5_checksum {
415     krb5_magic magic;
416     krb5_cksumtype checksum_type;	/* checksum type */
417     unsigned int length;
418     krb5_octet *contents;
419 } krb5_checksum;
420 
421 typedef struct _krb5_encrypt_block {
422     krb5_magic magic;
423     krb5_enctype crypto_entry;		/* to call krb5_encrypt_size, you need
424 					   this.  it was a pointer, but it
425 					   doesn't have to be.  gross. */
426     krb5_keyblock *key;
427 } krb5_encrypt_block;
428 
429 typedef struct _krb5_enc_data {
430     krb5_magic magic;
431     krb5_enctype enctype;
432     krb5_kvno kvno;
433     krb5_data ciphertext;
434 } krb5_enc_data;
435 
436 /* per Kerberos v5 protocol spec */
437 #define	ENCTYPE_NULL		0x0000
438 #define	ENCTYPE_DES_CBC_CRC	0x0001	/* DES cbc mode with CRC-32 */
439 #define	ENCTYPE_DES_CBC_MD4	0x0002	/* DES cbc mode with RSA-MD4 */
440 #define	ENCTYPE_DES_CBC_MD5	0x0003	/* DES cbc mode with RSA-MD5 */
441 #define	ENCTYPE_DES_CBC_RAW	0x0004  /* DES cbc mode raw */
442 /* XXX deprecated? */
443 #define	ENCTYPE_DES3_CBC_SHA	0x0005	/* DES-3 cbc mode with NIST-SHA */
444 #define	ENCTYPE_DES3_CBC_RAW	0x0006	/* DES-3 cbc mode raw */
445 #define	ENCTYPE_DES_HMAC_SHA1	0x0008
446 #define	ENCTYPE_DES3_CBC_SHA1	0x0010
447 #define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
448 #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
449 #define ENCTYPE_ARCFOUR_HMAC	0x0017
450 #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
451 #define	ENCTYPE_UNKNOWN		0x01ff
452 
453 #define	CKSUMTYPE_CRC32		0x0001
454 #define	CKSUMTYPE_RSA_MD4	0x0002
455 #define	CKSUMTYPE_RSA_MD4_DES	0x0003
456 #define	CKSUMTYPE_DESCBC	0x0004
457 /* des-mac-k */
458 /* rsa-md4-des-k */
459 #define	CKSUMTYPE_RSA_MD5	0x0007
460 #define	CKSUMTYPE_RSA_MD5_DES	0x0008
461 #define	CKSUMTYPE_NIST_SHA	0x0009
462 #define	CKSUMTYPE_HMAC_SHA1_DES3	0x000c
463 #define CKSUMTYPE_HMAC_SHA1_96_AES128	0x000f
464 #define CKSUMTYPE_HMAC_SHA1_96_AES256	0x0010
465 #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
466 
467 /* The following are entropy source designations. Whenever
468  * krb5_C_random_add_entropy is called, one of these source  ids is passed
469  * in.  This  allows the library  to better estimate bits of
470  * entropy in the sample and to keep track of what sources of entropy have
471  * contributed enough entropy.  Sources marked internal MUST NOT be
472  * used by applications outside the Kerberos library
473 */
474 
475 enum {
476   KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/
477   KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/
478   KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/
479   /*This source should be used carefully; data in this category
480    * should be from a third party trusted to give random bits
481    * For example keys issued by the KDC in the application server.
482    */
483   KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/
484   KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/
485   KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/
486 };
487 
488 #ifndef krb5_roundup
489 /* round x up to nearest multiple of y */
490 #define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y))
491 #endif /* roundup */
492 
493 /* macro function definitions to help clean up code */
494 
495 #ifndef _KERNEL
496 #define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
497 #define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
498 #else
499 #define krb5_x(ptr,args) ((*(ptr)) args)
500 #define krb5_xc(ptr,args) ((*(ptr)) args)
501 #endif
502 
503 krb5_error_code KRB5_CALLCONV
504     krb5_c_encrypt
505     (krb5_context context,
506 		    const krb5_keyblock *key,
507 		    krb5_keyusage usage, const krb5_data *ivec,
508 		    const krb5_data *input, krb5_enc_data *output);
509 
510 krb5_error_code KRB5_CALLCONV
511     krb5_c_decrypt
512     (krb5_context context,
513 		    const krb5_keyblock *key,
514 		    krb5_keyusage usage, const krb5_data *ivec,
515 		    const krb5_enc_data *input, krb5_data *output);
516 
517 krb5_error_code KRB5_CALLCONV
518     krb5_c_encrypt_length
519     (krb5_context context, krb5_enctype enctype,
520 		    size_t inputlen, size_t *length);
521 
522 krb5_error_code KRB5_CALLCONV
523     krb5_c_block_size
524     (krb5_context context, krb5_enctype enctype,
525 		    size_t *blocksize);
526 
527 krb5_error_code KRB5_CALLCONV
528 	krb5_c_init_state(krb5_context,
529 		const krb5_keyblock *, krb5_keyusage,
530 		krb5_data *);
531 
532 krb5_error_code KRB5_CALLCONV
533 	krb5_c_free_state(krb5_context,
534 		const krb5_keyblock *, krb5_data *);
535 
536 krb5_error_code KRB5_CALLCONV
537     krb5_c_make_random_key
538     (krb5_context context, krb5_enctype enctype,
539 		    krb5_keyblock *random_key);
540 
541 /* Register a new entropy sample  with the PRNG. may cause
542 * the PRNG to be reseeded, although this is not guaranteed.  See previous randsource definitions
543 * for information on how each source should be used.
544 */
545 krb5_error_code KRB5_CALLCONV
546         krb5_c_random_add_entropy
547 (krb5_context context, unsigned int  randsource_id, const krb5_data *data);
548 
549 krb5_error_code KRB5_CALLCONV
550     krb5_c_random_make_octets
551     (krb5_context context, krb5_data *data);
552 
553 /*
554 * Collect entropy from the OS if possible. strong requests that as strong
555 * of a source of entropy  as available be used.  Setting strong may
556 * increase the probability of blocking and should not  be used for normal
557 * applications.  Good uses include seeding the PRNG for kadmind
558 * and realm setup.
559 * If successful is non-null, then successful is set to 1 if the OS provided
560 * entropy else zero.
561 */
562 #if 0 /* SUNW14resync - not used in Solaris */
563 krb5_error_code KRB5_CALLCONV
564 krb5_c_random_os_entropy
565 (krb5_context context, int strong, int *success);
566 #endif
567 
568 /*deprecated*/ krb5_error_code KRB5_CALLCONV
569     krb5_c_random_seed
570     (krb5_context context, krb5_data *data);
571 
572 krb5_error_code KRB5_CALLCONV
573     krb5_c_string_to_key
574     (krb5_context context, krb5_enctype enctype,
575 		    const krb5_data *string, const krb5_data *salt,
576 		    krb5_keyblock *key);
577 
578 krb5_error_code KRB5_CALLCONV
579 krb5_c_string_to_key_with_params(krb5_context context,
580                                  krb5_enctype enctype,
581                                  const krb5_data *string,
582                                  const krb5_data *salt,
583                                  const krb5_data *params,
584                                  krb5_keyblock *key);
585 
586 krb5_error_code KRB5_CALLCONV
587     krb5_c_enctype_compare
588     (krb5_context context, krb5_enctype e1, krb5_enctype e2,
589 		    krb5_boolean *similar);
590 
591 krb5_error_code KRB5_CALLCONV
592     krb5_c_make_checksum
593     (krb5_context context, krb5_cksumtype cksumtype,
594 		    const krb5_keyblock *key, krb5_keyusage usage,
595 		    const krb5_data *input, krb5_checksum *cksum);
596 
597 krb5_error_code KRB5_CALLCONV
598     krb5_c_verify_checksum
599     (krb5_context context,
600 		    const krb5_keyblock *key, krb5_keyusage usage,
601 		    const krb5_data *data,
602 		    const krb5_checksum *cksum,
603 		    krb5_boolean *valid);
604 
605 krb5_error_code KRB5_CALLCONV
606     krb5_c_checksum_length
607     (krb5_context context, krb5_cksumtype cksumtype,
608 		    size_t *length);
609 
610 krb5_error_code KRB5_CALLCONV
611     krb5_c_keyed_checksum_types
612     (krb5_context context, krb5_enctype enctype,
613 		    unsigned int *count, krb5_cksumtype **cksumtypes);
614 
615 #define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS		1
616 #define KRB5_KEYUSAGE_KDC_REP_TICKET		2
617 #define KRB5_KEYUSAGE_AS_REP_ENCPART		3
618 #define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY	4
619 #define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY		5
620 #define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM	6
621 #define KRB5_KEYUSAGE_TGS_REQ_AUTH		7
622 #define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY	8
623 #define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY	9
624 #define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM		10
625 #define KRB5_KEYUSAGE_AP_REQ_AUTH		11
626 #define KRB5_KEYUSAGE_AP_REP_ENCPART		12
627 #define KRB5_KEYUSAGE_KRB_PRIV_ENCPART		13
628 #define KRB5_KEYUSAGE_KRB_CRED_ENCPART		14
629 #define KRB5_KEYUSAGE_KRB_SAFE_CKSUM		15
630 #define KRB5_KEYUSAGE_APP_DATA_ENCRYPT		16
631 #define KRB5_KEYUSAGE_APP_DATA_CKSUM		17
632 #define KRB5_KEYUSAGE_KRB_ERROR_CKSUM		18
633 #define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM	19
634 #define KRB5_KEYUSAGE_AD_MTE			20
635 #define KRB5_KEYUSAGE_AD_ITE			21
636 
637 /* XXX need to register these */
638 
639 #define KRB5_KEYUSAGE_GSS_TOK_MIC		22
640 #define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG	23
641 #define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV		24
642 
643 /* Defined in hardware preauth draft */
644 
645 #define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM	25
646 #define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID	26
647 #define KRB5_KEYUSAGE_PA_SAM_RESPONSE		27
648 
649 /* Defined in KDC referrals draft */
650 #define KRB5_KEYUSAGE_PA_REFERRAL		26 /* XXX note conflict with above */
651 
652 krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype
653         (krb5_enctype ktype);
654 krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype
655         (krb5_cksumtype ctype);
656 krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum
657         (krb5_cksumtype ctype);
658 krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum
659         (krb5_cksumtype ctype);
660 
661 
662 #if KRB5_PRIVATE
663 /* Use the above four instead.  */
664 krb5_boolean KRB5_CALLCONV valid_enctype
665         (krb5_enctype ktype);
666 krb5_boolean KRB5_CALLCONV valid_cksumtype
667         (krb5_cksumtype ctype);
668 krb5_boolean KRB5_CALLCONV is_coll_proof_cksum
669         (krb5_cksumtype ctype);
670 krb5_boolean KRB5_CALLCONV is_keyed_cksum
671         (krb5_cksumtype ctype);
672 #endif
673 
674 
675 #ifdef KRB5_OLD_CRYPTO
676 /*
677  * old cryptosystem routine prototypes.  These are now layered
678  * on top of the functions above.
679  */
680 krb5_error_code KRB5_CALLCONV krb5_use_enctype
681         (krb5_context context,
682                 krb5_encrypt_block * eblock,
683                 krb5_enctype enctype);
684 
685 krb5_error_code KRB5_CALLCONV krb5_string_to_key
686         (krb5_context context,
687                 const krb5_encrypt_block * eblock,
688                 krb5_keyblock * keyblock,
689                 const krb5_data * data,
690                 const krb5_data * salt);
691 
692 size_t KRB5_CALLCONV krb5_checksum_size
693 	(krb5_context context,
694 		krb5_cksumtype ctype);
695 #endif /* KRB5_OLD_CRYPTO */
696 
697 /*
698  * end "encryption.h"
699  */
700 
701 /*
702  * begin "fieldbits.h"
703  */
704 
705 /* kdc_options for kdc_request */
706 /* options is 32 bits; each host is responsible to put the 4 bytes
707    representing these bits into net order before transmission */
708 /* #define	KDC_OPT_RESERVED	0x80000000 */
709 #define	KDC_OPT_FORWARDABLE		0x40000000
710 #define	KDC_OPT_FORWARDED		0x20000000
711 #define	KDC_OPT_PROXIABLE		0x10000000
712 #define	KDC_OPT_PROXY			0x08000000
713 #define	KDC_OPT_ALLOW_POSTDATE		0x04000000
714 #define	KDC_OPT_POSTDATED		0x02000000
715 /* #define	KDC_OPT_UNUSED		0x01000000 */
716 #define	KDC_OPT_RENEWABLE		0x00800000
717 /* #define	KDC_OPT_UNUSED		0x00400000 */
718 /* #define	KDC_OPT_RESERVED	0x00200000 */
719 /* #define	KDC_OPT_RESERVED	0x00100000 */
720 /* #define	KDC_OPT_RESERVED	0x00080000 */
721 /* #define	KDC_OPT_RESERVED	0x00040000 */
722 #define	KDC_OPT_REQUEST_ANONYMOUS	0x00020000
723 #define	KDC_OPT_CANONICALIZE		0x00010000
724 /* #define	KDC_OPT_RESERVED	0x00008000 */
725 /* #define	KDC_OPT_RESERVED	0x00004000 */
726 /* #define	KDC_OPT_RESERVED	0x00002000 */
727 /* #define	KDC_OPT_RESERVED	0x00001000 */
728 /* #define	KDC_OPT_RESERVED	0x00000800 */
729 /* #define	KDC_OPT_RESERVED	0x00000400 */
730 /* #define	KDC_OPT_RESERVED	0x00000200 */
731 /* #define	KDC_OPT_RESERVED	0x00000100 */
732 /* #define	KDC_OPT_RESERVED	0x00000080 */
733 /* #define	KDC_OPT_RESERVED	0x00000040 */
734 #define	KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020
735 #define	KDC_OPT_RENEWABLE_OK		0x00000010
736 #define	KDC_OPT_ENC_TKT_IN_SKEY		0x00000008
737 /* #define	KDC_OPT_UNUSED		0x00000004 */
738 #define	KDC_OPT_RENEW			0x00000002
739 #define	KDC_OPT_VALIDATE		0x00000001
740 
741 /*
742  * Mask of ticket flags in the TGT which should be converted into KDC
743  * options when using the TGT to get derivitive tickets.
744  *
745  *  New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE |
746  *             KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE
747  */
748 #define KDC_TKT_COMMON_MASK		0x54800000
749 
750 /* definitions for ap_options fields */
751 /* ap_options are 32 bits; each host is responsible to put the 4 bytes
752    representing these bits into net order before transmission */
753 #define	AP_OPTS_RESERVED		0x80000000
754 #define	AP_OPTS_USE_SESSION_KEY		0x40000000
755 #define	AP_OPTS_MUTUAL_REQUIRED		0x20000000
756 /* #define	AP_OPTS_RESERVED	0x10000000 */
757 /* #define	AP_OPTS_RESERVED	0x08000000 */
758 /* #define	AP_OPTS_RESERVED	0x04000000 */
759 /* #define	AP_OPTS_RESERVED	0x02000000 */
760 /* #define	AP_OPTS_RESERVED	0x01000000 */
761 /* #define	AP_OPTS_RESERVED	0x00800000 */
762 /* #define	AP_OPTS_RESERVED	0x00400000 */
763 /* #define	AP_OPTS_RESERVED	0x00200000 */
764 /* #define	AP_OPTS_RESERVED	0x00100000 */
765 /* #define	AP_OPTS_RESERVED	0x00080000 */
766 /* #define	AP_OPTS_RESERVED	0x00040000 */
767 /* #define	AP_OPTS_RESERVED	0x00020000 */
768 /* #define	AP_OPTS_RESERVED	0x00010000 */
769 /* #define	AP_OPTS_RESERVED	0x00008000 */
770 /* #define	AP_OPTS_RESERVED	0x00004000 */
771 /* #define	AP_OPTS_RESERVED	0x00002000 */
772 /* #define	AP_OPTS_RESERVED	0x00001000 */
773 /* #define	AP_OPTS_RESERVED	0x00000800 */
774 /* #define	AP_OPTS_RESERVED	0x00000400 */
775 /* #define	AP_OPTS_RESERVED	0x00000200 */
776 /* #define	AP_OPTS_RESERVED	0x00000100 */
777 /* #define	AP_OPTS_RESERVED	0x00000080 */
778 /* #define	AP_OPTS_RESERVED	0x00000040 */
779 /* #define	AP_OPTS_RESERVED	0x00000020 */
780 /* #define	AP_OPTS_RESERVED	0x00000010 */
781 /* #define	AP_OPTS_RESERVED	0x00000008 */
782 /* #define	AP_OPTS_RESERVED	0x00000004 */
783 /* #define	AP_OPTS_RESERVED	0x00000002 */
784 #define AP_OPTS_USE_SUBKEY      0x00000001
785 
786 #define AP_OPTS_WIRE_MASK	0xfffffff0
787 
788 /* definitions for ad_type fields. */
789 #define	AD_TYPE_RESERVED	0x8000
790 #define	AD_TYPE_EXTERNAL	0x4000
791 #define	AD_TYPE_REGISTERED	0x2000
792 
793 #define AD_TYPE_FIELD_TYPE_MASK	0x1fff
794 
795 /* Ticket flags */
796 /* flags are 32 bits; each host is responsible to put the 4 bytes
797    representing these bits into net order before transmission */
798 /* #define	TKT_FLG_RESERVED	0x80000000 */
799 #define	TKT_FLG_FORWARDABLE		0x40000000
800 #define	TKT_FLG_FORWARDED		0x20000000
801 #define	TKT_FLG_PROXIABLE		0x10000000
802 #define	TKT_FLG_PROXY			0x08000000
803 #define	TKT_FLG_MAY_POSTDATE		0x04000000
804 #define	TKT_FLG_POSTDATED		0x02000000
805 #define	TKT_FLG_INVALID			0x01000000
806 #define	TKT_FLG_RENEWABLE		0x00800000
807 #define	TKT_FLG_INITIAL			0x00400000
808 #define	TKT_FLG_PRE_AUTH		0x00200000
809 #define	TKT_FLG_HW_AUTH			0x00100000
810 #define	TKT_FLG_TRANSIT_POLICY_CHECKED	0x00080000
811 #define	TKT_FLG_OK_AS_DELEGATE		0x00040000
812 #define	TKT_FLG_ANONYMOUS		0x00020000
813 /* #define	TKT_FLG_RESERVED	0x00010000 */
814 /* #define	TKT_FLG_RESERVED	0x00008000 */
815 /* #define	TKT_FLG_RESERVED	0x00004000 */
816 /* #define	TKT_FLG_RESERVED	0x00002000 */
817 /* #define	TKT_FLG_RESERVED	0x00001000 */
818 /* #define	TKT_FLG_RESERVED	0x00000800 */
819 /* #define	TKT_FLG_RESERVED	0x00000400 */
820 /* #define	TKT_FLG_RESERVED	0x00000200 */
821 /* #define	TKT_FLG_RESERVED	0x00000100 */
822 /* #define	TKT_FLG_RESERVED	0x00000080 */
823 /* #define	TKT_FLG_RESERVED	0x00000040 */
824 /* #define	TKT_FLG_RESERVED	0x00000020 */
825 /* #define	TKT_FLG_RESERVED	0x00000010 */
826 /* #define	TKT_FLG_RESERVED	0x00000008 */
827 /* #define	TKT_FLG_RESERVED	0x00000004 */
828 /* #define	TKT_FLG_RESERVED	0x00000002 */
829 /* #define	TKT_FLG_RESERVED	0x00000001 */
830 
831 /* definitions for lr_type fields. */
832 #define	LR_TYPE_THIS_SERVER_ONLY	0x8000
833 
834 #define LR_TYPE_INTERPRETATION_MASK	0x7fff
835 
836 /* definitions for ad_type fields. */
837 #define	AD_TYPE_EXTERNAL	0x4000
838 #define	AD_TYPE_REGISTERED	0x2000
839 
840 #define AD_TYPE_FIELD_TYPE_MASK	0x1fff
841 #define AD_TYPE_INTERNAL_MASK	0x3fff
842 
843 /* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */
844 #define	MSEC_DIRBIT		0x8000
845 #define	MSEC_VAL_MASK		0x7fff
846 
847 /*
848  * end "fieldbits.h"
849  */
850 
851 /*
852  * begin "proto.h"
853  */
854 
855 /* Protocol version number */
856 #define	KRB5_PVNO	5
857 
858 /* Message types */
859 
860 #define	KRB5_AS_REQ	((krb5_msgtype)10) /* Req for initial authentication */
861 #define	KRB5_AS_REP	((krb5_msgtype)11) /* Response to KRB_AS_REQ request */
862 #define	KRB5_TGS_REQ	((krb5_msgtype)12) /* TGS request to server */
863 #define	KRB5_TGS_REP	((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */
864 #define	KRB5_AP_REQ	((krb5_msgtype)14) /* application request to server */
865 #define	KRB5_AP_REP	((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */
866 #define	KRB5_SAFE	((krb5_msgtype)20) /* Safe application message */
867 #define	KRB5_PRIV	((krb5_msgtype)21) /* Private application message */
868 #define	KRB5_CRED	((krb5_msgtype)22) /* Credential forwarding message */
869 #define	KRB5_ERROR	((krb5_msgtype)30) /* Error response */
870 
871 /* LastReq types */
872 #define	KRB5_LRQ_NONE			0
873 #define	KRB5_LRQ_ALL_LAST_TGT		1
874 #define	KRB5_LRQ_ONE_LAST_TGT		(-1)
875 #define	KRB5_LRQ_ALL_LAST_INITIAL	2
876 #define	KRB5_LRQ_ONE_LAST_INITIAL	(-2)
877 #define	KRB5_LRQ_ALL_LAST_TGT_ISSUED	3
878 #define	KRB5_LRQ_ONE_LAST_TGT_ISSUED	(-3)
879 #define	KRB5_LRQ_ALL_LAST_RENEWAL	4
880 #define	KRB5_LRQ_ONE_LAST_RENEWAL	(-4)
881 #define	KRB5_LRQ_ALL_LAST_REQ		5
882 #define	KRB5_LRQ_ONE_LAST_REQ		(-5)
883 #define	KRB5_LRQ_ALL_PW_EXPTIME		6
884 #define	KRB5_LRQ_ONE_PW_EXPTIME		(-6)
885 
886 
887 /* PADATA types */
888 #define	KRB5_PADATA_NONE                0
889 #define	KRB5_PADATA_AP_REQ		1
890 #define	KRB5_PADATA_TGS_REQ		KRB5_PADATA_AP_REQ
891 #define KRB5_PADATA_ENC_TIMESTAMP	2
892 #define	KRB5_PADATA_PW_SALT		3
893 #if 0				/* Not used */
894 #define KRB5_PADATA_ENC_ENCKEY          4  /* Key encrypted within itself */
895 #endif
896 #define KRB5_PADATA_ENC_UNIX_TIME       5  /* timestamp encrypted in key */
897 #define KRB5_PADATA_ENC_SANDIA_SECURID  6  /* SecurId passcode */
898 #define KRB5_PADATA_SESAME		7  /* Sesame project */
899 #define KRB5_PADATA_OSF_DCE		8  /* OSF DCE */
900 #define KRB5_CYBERSAFE_SECUREID		9  /* Cybersafe */
901 #define	KRB5_PADATA_AFS3_SALT		10 /* Cygnus */
902 #define KRB5_PADATA_ETYPE_INFO		11 /* Etype info for preauth */
903 #define KRB5_PADATA_SAM_CHALLENGE	12 /* draft challenge system */
904 #define KRB5_PADATA_SAM_RESPONSE	13 /* draft challenge system response */
905 #define KRB5_PADATA_PK_AS_REQ		14 /* PKINIT */
906 #define KRB5_PADATA_PK_AS_REP		15 /* PKINIT */
907 #define KRB5_PADATA_ETYPE_INFO2 	19
908 #define KRB5_PADATA_REFERRAL		25 /* draft referral system */
909 #define KRB5_PADATA_SAM_CHALLENGE_2	30 /* draft challenge system, updated */
910 #define KRB5_PADATA_SAM_RESPONSE_2	31 /* draft challenge system, updated */
911 
912 #define	KRB5_SAM_USE_SAD_AS_KEY		0x80000000
913 #define	KRB5_SAM_SEND_ENCRYPTED_SAD	0x40000000
914 #define	KRB5_SAM_MUST_PK_ENCRYPT_SAD	0x20000000 /* currently must be zero */
915 
916 /* Reserved for SPX pre-authentication. */
917 #define KRB5_PADATA_DASS		16
918 
919 /* Transited encoding types */
920 #define	KRB5_DOMAIN_X500_COMPRESS	1
921 
922 /* alternate authentication types */
923 #define	KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE	64
924 
925 /* authorization data types */
926 #define	KRB5_AUTHDATA_OSF_DCE	64
927 #define KRB5_AUTHDATA_SESAME	65
928 
929 /* password change constants */
930 
931 #define KRB5_KPASSWD_SUCCESS		0
932 #define KRB5_KPASSWD_MALFORMED		1
933 #define KRB5_KPASSWD_HARDERROR		2
934 #define KRB5_KPASSWD_AUTHERROR		3
935 #define KRB5_KPASSWD_SOFTERROR		4
936 /* These are Microsoft's extensions in RFC 3244, and it looks like
937    they'll become standardized, possibly with other additions.  */
938 #define KRB5_KPASSWD_ACCESSDENIED       5       /* unused */
939 #define KRB5_KPASSWD_BAD_VERSION        6
940 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7      /* unused */
941 
942 /*
943  * end "proto.h"
944  */
945 
946 /* Time set */
947 typedef struct _krb5_ticket_times {
948     krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
949 				in ticket? otherwise client can't get this */
950     krb5_timestamp starttime;		/* optional in ticket, if not present,
951 					   use authtime */
952     krb5_timestamp endtime;
953     krb5_timestamp renew_till;
954 } krb5_ticket_times;
955 
956 /* structure for auth data */
957 typedef struct _krb5_authdata {
958     krb5_magic magic;
959     krb5_authdatatype ad_type;
960     unsigned int length;
961     krb5_octet *contents;
962 } krb5_authdata;
963 
964 /* structure for transited encoding */
965 typedef struct _krb5_transited {
966     krb5_magic magic;
967     krb5_octet tr_type;
968     krb5_data tr_contents;
969 } krb5_transited;
970 
971 typedef struct _krb5_enc_tkt_part {
972     krb5_magic magic;
973     /* to-be-encrypted portion */
974     krb5_flags flags;			/* flags */
975     krb5_keyblock *session;		/* session key: includes enctype */
976     krb5_principal client;		/* client name/realm */
977     krb5_transited transited;		/* list of transited realms */
978     krb5_ticket_times times;		/* auth, start, end, renew_till */
979     krb5_address * *caddrs;	/* array of ptrs to addresses */
980     krb5_authdata * *authorization_data; /* auth data */
981 } krb5_enc_tkt_part;
982 
983 typedef struct _krb5_ticket {
984     krb5_magic magic;
985     /* cleartext portion */
986     krb5_principal server;		/* server name/realm */
987     krb5_enc_data enc_part;		/* encryption type, kvno, encrypted
988 					   encoding */
989     krb5_enc_tkt_part *enc_part2;	/* ptr to decrypted version, if
990 					   available */
991 } krb5_ticket;
992 
993 /* the unencrypted version */
994 typedef struct _krb5_authenticator {
995     krb5_magic magic;
996     krb5_principal client;		/* client name/realm */
997     krb5_checksum *checksum;	/* checksum, includes type, optional */
998     krb5_int32 cusec;			/* client usec portion */
999     krb5_timestamp ctime;		/* client sec portion */
1000     krb5_keyblock *subkey;		/* true session key, optional */
1001     krb5_ui_4 seq_number;		/* sequence #, optional */
1002     krb5_authdata * *authorization_data; /* New add by Ari, auth data */
1003 } krb5_authenticator;
1004 
1005 typedef struct _krb5_tkt_authent {
1006     krb5_magic magic;
1007     krb5_ticket *ticket;
1008     krb5_authenticator *authenticator;
1009     krb5_flags ap_options;
1010 } krb5_tkt_authent;
1011 
1012 /* credentials:  Ticket, session key, etc. */
1013 typedef struct _krb5_creds {
1014     krb5_magic magic;
1015     krb5_principal client;		/* client's principal identifier */
1016     krb5_principal server;		/* server's principal identifier */
1017     krb5_keyblock keyblock;		/* session encryption key info */
1018     krb5_ticket_times times;		/* lifetime info */
1019     krb5_boolean is_skey;		/* true if ticket is encrypted in
1020 					   another ticket's skey */
1021     krb5_flags ticket_flags;		/* flags in ticket */
1022     krb5_address * *addresses;	/* addrs in ticket */
1023     krb5_data ticket;			/* ticket string itself */
1024     krb5_data second_ticket;		/* second ticket, if related to
1025 					   ticket (via DUPLICATE-SKEY or
1026 					   ENC-TKT-IN-SKEY) */
1027     krb5_authdata * *authdata;	/* authorization data */
1028 } krb5_creds;
1029 
1030 /* Last request fields */
1031 typedef struct _krb5_last_req_entry {
1032     krb5_magic magic;
1033     krb5_int32 lr_type;
1034     krb5_timestamp value;
1035 } krb5_last_req_entry;
1036 
1037 /* pre-authentication data */
1038 typedef struct _krb5_pa_data {
1039     krb5_magic magic;
1040     krb5_preauthtype  pa_type;
1041     unsigned int length;
1042     krb5_octet *contents;
1043 } krb5_pa_data;
1044 
1045 typedef struct _krb5_kdc_req {
1046     krb5_magic magic;
1047     krb5_msgtype msg_type;		/* AS_REQ or TGS_REQ? */
1048     krb5_pa_data * *padata;	/* e.g. encoded AP_REQ */
1049     /* real body */
1050     krb5_flags kdc_options;		/* requested options */
1051     krb5_principal client;		/* includes realm; optional */
1052     krb5_principal server;		/* includes realm (only used if no
1053 					   client) */
1054     krb5_timestamp from;		/* requested starttime */
1055     krb5_timestamp till;		/* requested endtime */
1056     krb5_timestamp rtime;		/* (optional) requested renew_till */
1057     krb5_int32 nonce;			/* nonce to match request/response */
1058     int nktypes;			/* # of ktypes, must be positive */
1059     krb5_enctype *ktype;		/* requested enctype(s) */
1060     krb5_address * *addresses;	/* requested addresses, optional */
1061     krb5_enc_data authorization_data;	/* encrypted auth data; OPTIONAL */
1062     krb5_authdata * *unenc_authdata; /* unencrypted auth data,
1063 					   if available */
1064     krb5_ticket * *second_ticket;/* second ticket array; OPTIONAL */
1065 } krb5_kdc_req;
1066 
1067 typedef struct _krb5_enc_kdc_rep_part {
1068     krb5_magic magic;
1069     /* encrypted part: */
1070     krb5_msgtype msg_type;		/* krb5 message type */
1071     krb5_keyblock *session;		/* session key */
1072     krb5_last_req_entry * *last_req; /* array of ptrs to entries */
1073     krb5_int32 nonce;			/* nonce from request */
1074     krb5_timestamp key_exp;		/* expiration date */
1075     krb5_flags flags;			/* ticket flags */
1076     krb5_ticket_times times;		/* lifetime info */
1077     krb5_principal server;		/* server's principal identifier */
1078     krb5_address * *caddrs;	/* array of ptrs to addresses,
1079 					   optional */
1080 } krb5_enc_kdc_rep_part;
1081 
1082 typedef struct _krb5_kdc_rep {
1083     krb5_magic magic;
1084     /* cleartext part: */
1085     krb5_msgtype msg_type;		/* AS_REP or KDC_REP? */
1086     krb5_pa_data * *padata;	/* preauthentication data from KDC */
1087     krb5_principal client;		/* client's principal identifier */
1088     krb5_ticket *ticket;		/* ticket */
1089     krb5_enc_data enc_part;		/* encryption type, kvno, encrypted
1090 					   encoding */
1091     krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */
1092 } krb5_kdc_rep;
1093 
1094 /* error message structure */
1095 typedef struct _krb5_error {
1096     krb5_magic magic;
1097     /* some of these may be meaningless in certain contexts */
1098     krb5_timestamp ctime;		/* client sec portion; optional */
1099     krb5_int32 cusec;			/* client usec portion; optional */
1100     krb5_int32 susec;			/* server usec portion */
1101     krb5_timestamp stime;		/* server sec portion */
1102     krb5_ui_4 error;			/* error code (protocol error #'s) */
1103     krb5_principal client;		/* client's principal identifier;
1104 					   optional */
1105     krb5_principal server;		/* server's principal identifier */
1106     krb5_data text;			/* descriptive text */
1107     krb5_data e_data;			/* additional error-describing data */
1108 } krb5_error;
1109 
1110 typedef struct _krb5_ap_req {
1111     krb5_magic magic;
1112     krb5_flags ap_options;		/* requested options */
1113     krb5_ticket *ticket;		/* ticket */
1114     krb5_enc_data authenticator;	/* authenticator (already encrypted) */
1115 } krb5_ap_req;
1116 
1117 typedef struct _krb5_ap_rep {
1118     krb5_magic magic;
1119     krb5_enc_data enc_part;
1120 } krb5_ap_rep;
1121 
1122 typedef struct _krb5_ap_rep_enc_part {
1123     krb5_magic magic;
1124     krb5_timestamp ctime;		/* client time, seconds portion */
1125     krb5_int32 cusec;			/* client time, microseconds portion */
1126     krb5_keyblock *subkey;		/* true session key, optional */
1127     krb5_ui_4 seq_number;		/* sequence #, optional */
1128 } krb5_ap_rep_enc_part;
1129 
1130 typedef struct _krb5_response {
1131     krb5_magic magic;
1132     krb5_octet message_type;
1133     krb5_data response;
1134     krb5_int32 expected_nonce;	/* The expected nonce for KDC_REP messages */
1135     krb5_timestamp request_time;   /* When we made the request */
1136 } krb5_response;
1137 
1138 typedef struct _krb5_cred_info {
1139     krb5_magic magic;
1140     krb5_keyblock *session;         /* session key used to encrypt */
1141 					/* ticket */
1142     krb5_principal client;              /* client name/realm, optional */
1143     krb5_principal server;              /* server name/realm, optional */
1144     krb5_flags flags;			/* ticket flags, optional */
1145     krb5_ticket_times times;		/* auth, start, end, renew_till, */
1146                                         /* optional */
1147     krb5_address * *caddrs;	/* array of ptrs to addresses */
1148 } krb5_cred_info;
1149 
1150 typedef struct _krb5_cred_enc_part {
1151     krb5_magic magic;
1152     krb5_int32 nonce;                   /* nonce, optional */
1153     krb5_timestamp timestamp;           /* client time */
1154     krb5_int32 usec;                    /* microsecond portion of time */
1155     krb5_address *s_address;        /* sender address, optional */
1156     krb5_address *r_address;        /* recipient address, optional */
1157     krb5_cred_info * *ticket_info;
1158 } krb5_cred_enc_part;
1159 
1160 typedef struct _krb5_cred {
1161     krb5_magic magic;
1162     krb5_ticket * *tickets;	/* tickets */
1163     krb5_enc_data enc_part;		/* encrypted part */
1164     krb5_cred_enc_part *enc_part2; 	/* unencrypted version, if available*/
1165 } krb5_cred;
1166 
1167 /* Sandia password generation structures */
1168 typedef struct _passwd_phrase_element {
1169     krb5_magic magic;
1170     krb5_data *passwd;
1171     krb5_data *phrase;
1172 } passwd_phrase_element;
1173 
1174 typedef struct _krb5_pwd_data {
1175     krb5_magic magic;
1176     int sequence_count;
1177     passwd_phrase_element * *element;
1178 } krb5_pwd_data;
1179 
1180 /* these need to be here so the typedefs are available for the prototypes */
1181 
1182 /*
1183  * begin "safepriv.h"
1184  */
1185 
1186 #define KRB5_AUTH_CONTEXT_DO_TIME       0x00000001
1187 #define KRB5_AUTH_CONTEXT_RET_TIME      0x00000002
1188 #define KRB5_AUTH_CONTEXT_DO_SEQUENCE   0x00000004
1189 #define KRB5_AUTH_CONTEXT_RET_SEQUENCE  0x00000008
1190 #define KRB5_AUTH_CONTEXT_PERMIT_ALL	0x00000010
1191 #define	KRB5_AUTH_CONTEXT_USE_SUBKEY	0x00000020
1192 
1193 typedef struct krb5_replay_data {
1194     krb5_timestamp      timestamp;
1195     krb5_int32          usec;
1196     krb5_int32          seq;
1197 } krb5_replay_data;
1198 
1199 /* flags for krb5_auth_con_genaddrs() */
1200 #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR           0x00000001
1201 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR          0x00000002
1202 #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR      0x00000004
1203 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR     0x00000008
1204 
1205 /* type of function used as a callback to generate checksum data for
1206  * mk_req */
1207 
1208 typedef krb5_error_code
1209 (KRB5_CALLCONV * krb5_mk_req_checksum_func) (
1210 	krb5_context,
1211 	krb5_auth_context,
1212 	void *,
1213 	krb5_data **);
1214 
1215 
1216 /*
1217  * end "safepriv.h"
1218  */
1219 
1220 
1221 /*
1222  * begin "ccache.h"
1223  */
1224 
1225 typedef	krb5_pointer	krb5_cc_cursor;	/* cursor for sequential lookup */
1226 
1227 struct _krb5_ccache;
1228 typedef struct _krb5_ccache *krb5_ccache;
1229 struct _krb5_cc_ops;
1230 typedef struct _krb5_cc_ops krb5_cc_ops;
1231 
1232 /* for retrieve_cred */
1233 #define	KRB5_TC_MATCH_TIMES		0x00000001
1234 #define	KRB5_TC_MATCH_IS_SKEY		0x00000002
1235 #define	KRB5_TC_MATCH_FLAGS		0x00000004
1236 #define	KRB5_TC_MATCH_TIMES_EXACT	0x00000008
1237 #define	KRB5_TC_MATCH_FLAGS_EXACT	0x00000010
1238 #define	KRB5_TC_MATCH_AUTHDATA		0x00000020
1239 #define	KRB5_TC_MATCH_SRV_NAMEONLY	0x00000040
1240 #define	KRB5_TC_MATCH_2ND_TKT		0x00000080
1241 #define	KRB5_TC_MATCH_KTYPE		0x00000100
1242 #define KRB5_TC_SUPPORTED_KTYPES	0x00000200
1243 
1244 /* for set_flags and other functions */
1245 #define KRB5_TC_OPENCLOSE		0x00000001
1246 #define KRB5_TC_NOTICKET                0x00000002
1247 
1248 
1249 
1250 krb5_error_code KRB5_CALLCONV
1251 krb5_cc_gen_new (krb5_context context, krb5_ccache *cache);
1252 
1253 krb5_error_code KRB5_CALLCONV
1254 krb5_cc_initialize(krb5_context context, krb5_ccache cache,
1255                    krb5_principal principal);
1256 
1257 krb5_error_code KRB5_CALLCONV
1258 krb5_cc_destroy (krb5_context context, krb5_ccache cache);
1259 
1260 krb5_error_code KRB5_CALLCONV
1261 krb5_cc_close (krb5_context context, krb5_ccache cache);
1262 
1263 krb5_error_code KRB5_CALLCONV
1264 krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
1265                     krb5_creds *creds);
1266 
1267 krb5_error_code KRB5_CALLCONV
1268 krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache,
1269                        krb5_flags flags, krb5_creds *mcreds,
1270                        krb5_creds *creds);
1271 
1272 krb5_error_code KRB5_CALLCONV
1273 krb5_cc_get_principal (krb5_context context, krb5_ccache cache,
1274                        krb5_principal *principal);
1275 krb5_error_code KRB5_CALLCONV
1276 krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache,
1277                        krb5_cc_cursor *cursor);
1278 
1279 krb5_error_code KRB5_CALLCONV
1280 krb5_cc_next_cred (krb5_context context, krb5_ccache cache,
1281                    krb5_cc_cursor *cursor, krb5_creds *creds);
1282 
1283 krb5_error_code KRB5_CALLCONV
1284 krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache,
1285                      krb5_cc_cursor *cursor);
1286 
1287 krb5_error_code KRB5_CALLCONV
1288 krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags,
1289                      krb5_creds *creds);
1290 
1291 krb5_error_code KRB5_CALLCONV
1292 krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags);
1293 
1294 const char * KRB5_CALLCONV
1295 krb5_cc_get_type (krb5_context context, krb5_ccache cache);
1296 
1297 /* SUNW14resync - add_cred.c needs this func */
1298 const char * KRB5_CALLCONV
1299 krb5_cc_get_name (krb5_context context, krb5_ccache cache);
1300 
1301 /*
1302  * end "ccache.h"
1303  */
1304 
1305 /*
1306  * begin "rcache.h"
1307  */
1308 
1309 struct krb5_rc_st;
1310 typedef struct krb5_rc_st *krb5_rcache;
1311 
1312 /*
1313  * end "rcache.h"
1314  */
1315 
1316 /*
1317  * begin "keytab.h"
1318  */
1319 
1320 
1321 /* XXX */
1322 #define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */
1323 
1324 typedef krb5_pointer krb5_kt_cursor;	/* XXX */
1325 
1326 typedef struct krb5_keytab_entry_st {
1327     krb5_magic magic;
1328     krb5_principal principal;	/* principal of this key */
1329     krb5_timestamp timestamp;   /* time entry written to keytable */
1330     krb5_kvno vno;		/* key version number */
1331     krb5_keyblock key;		/* the secret key */
1332 } krb5_keytab_entry;
1333 
1334 #if KRB5_PRIVATE
1335 struct _krb5_kt_ops;
1336 typedef struct _krb5_kt {       /* should move into k5-int.h */
1337     krb5_magic magic;
1338     const struct _krb5_kt_ops *ops;
1339     krb5_pointer data;
1340 } *krb5_keytab;
1341 #else
1342 struct _krb5_kt;
1343 typedef struct _krb5_kt *krb5_keytab;
1344 #endif
1345 
1346 char * KRB5_CALLCONV
1347 krb5_kt_get_type (krb5_context, krb5_keytab keytab);
1348 krb5_error_code KRB5_CALLCONV
1349 krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name,
1350                  unsigned int namelen);
1351 krb5_error_code KRB5_CALLCONV
1352 krb5_kt_close(krb5_context context, krb5_keytab keytab);
1353 krb5_error_code KRB5_CALLCONV
1354 krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
1355                   krb5_const_principal principal, krb5_kvno vno,
1356                   krb5_enctype enctype, krb5_keytab_entry *entry);
1357 krb5_error_code KRB5_CALLCONV
1358 krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
1359                       krb5_kt_cursor *cursor);
1360 krb5_error_code KRB5_CALLCONV
1361 krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
1362                    krb5_keytab_entry *entry, krb5_kt_cursor *cursor);
1363 krb5_error_code KRB5_CALLCONV
1364 krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
1365                     krb5_kt_cursor *cursor);
1366 
1367 /*
1368  * end "keytab.h"
1369  */
1370 
1371 /*
1372  * begin "func-proto.h"
1373  */
1374 
1375 /* Solaris Kerberos */
1376 krb5_error_code krb5_init_ef_handle(krb5_context);
1377 krb5_error_code krb5_free_ef_handle(krb5_context);
1378 
1379 krb5_boolean krb5_privacy_allowed(void);
1380 
1381 /*
1382  * Solaris Kerberos:
1383  * krb5_copy_keyblock_data is a new routine to hide the details
1384  * of a keyblock copy operation.
1385  */
1386 krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_data
1387 	(krb5_context,
1388 		const krb5_keyblock *,
1389 		krb5_keyblock *);
1390 
1391 
1392 
1393 krb5_error_code KRB5_CALLCONV krb5_init_context
1394 	(krb5_context *);
1395 krb5_error_code KRB5_CALLCONV krb5_init_secure_context
1396 	(krb5_context *);
1397 void KRB5_CALLCONV krb5_free_context
1398 	(krb5_context);
1399 
1400 #if KRB5_PRIVATE
1401 krb5_error_code krb5_set_default_in_tkt_ktypes
1402 	(krb5_context,
1403 		const krb5_enctype *);
1404 krb5_error_code krb5_get_default_in_tkt_ktypes
1405 	(krb5_context,
1406 		krb5_enctype **);
1407 
1408 krb5_error_code krb5_set_default_tgs_ktypes
1409 	(krb5_context,
1410 		const krb5_enctype *);
1411 #endif
1412 
1413 krb5_error_code KRB5_CALLCONV
1414 krb5_set_default_tgs_enctypes
1415 	(krb5_context,
1416 		const krb5_enctype *);
1417 #if KRB5_PRIVATE
1418 krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes
1419 	(krb5_context,
1420 		krb5_const_principal,
1421 		krb5_enctype **);
1422 #endif
1423 
1424 krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes
1425 	(krb5_context, krb5_enctype **);
1426 
1427 #if KRB5_PRIVATE
1428 void KRB5_CALLCONV krb5_free_ktypes
1429 	(krb5_context, krb5_enctype *);
1430 
1431 krb5_boolean krb5_is_permitted_enctype
1432 	(krb5_context, krb5_enctype);
1433 #endif
1434 
1435 krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void);
1436 
1437 /* libkrb.spec */
1438 #if KRB5_PRIVATE
1439 krb5_error_code krb5_kdc_rep_decrypt_proc
1440 	(krb5_context,
1441 		const krb5_keyblock *,
1442 		krb5_const_pointer,
1443 		krb5_kdc_rep * );
1444 krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part
1445 	(krb5_context,
1446 		const krb5_keyblock *,
1447 		krb5_ticket * );
1448 krb5_error_code krb5_get_cred_from_kdc
1449 	(krb5_context,
1450 		krb5_ccache,		/* not const, as reading may save
1451 					   state */
1452 		krb5_creds *,
1453 		krb5_creds **,
1454 		krb5_creds *** );
1455 krb5_error_code krb5_get_cred_from_kdc_validate
1456 	(krb5_context,
1457 		krb5_ccache,		/* not const, as reading may save
1458 					   state */
1459 		krb5_creds *,
1460 		krb5_creds **,
1461 		krb5_creds *** );
1462 krb5_error_code krb5_get_cred_from_kdc_renew
1463 	(krb5_context,
1464 		krb5_ccache,		/* not const, as reading may save
1465 					   state */
1466 		krb5_creds *,
1467 		krb5_creds **,
1468 		krb5_creds *** );
1469 #endif
1470 
1471 void KRB5_CALLCONV krb5_free_tgt_creds
1472 	(krb5_context,
1473 	 krb5_creds **); /* XXX too hard to do with const */
1474 
1475 #define	KRB5_GC_USER_USER	1	/* want user-user ticket */
1476 #define	KRB5_GC_CACHED		2	/* want cached ticket only */
1477 
1478 krb5_error_code KRB5_CALLCONV krb5_get_credentials
1479 	(krb5_context,
1480 		krb5_flags,
1481 		krb5_ccache,
1482 		krb5_creds *,
1483 		krb5_creds **);
1484 krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate
1485 	(krb5_context,
1486 		krb5_flags,
1487 		krb5_ccache,
1488 		krb5_creds *,
1489 		krb5_creds **);
1490 krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew
1491 	(krb5_context,
1492 		krb5_flags,
1493 		krb5_ccache,
1494 		krb5_creds *,
1495 		krb5_creds **);
1496 #if KRB5_PRIVATE
1497 krb5_error_code krb5_get_cred_via_tkt
1498 	(krb5_context,
1499 		   krb5_creds *,
1500 		   krb5_flags,
1501 		   krb5_address * const *,
1502 		   krb5_creds *,
1503 		   krb5_creds **);
1504 #endif
1505 krb5_error_code KRB5_CALLCONV krb5_mk_req
1506 	(krb5_context,
1507 		krb5_auth_context *,
1508 		krb5_flags,
1509 		char *,
1510 		char *,
1511 		krb5_data *,
1512 		krb5_ccache,
1513 		krb5_data * );
1514 krb5_error_code KRB5_CALLCONV krb5_mk_req_extended
1515 	(krb5_context,
1516 		krb5_auth_context *,
1517 		krb5_flags,
1518 		krb5_data *,
1519 		krb5_creds *,
1520 		krb5_data * );
1521 krb5_error_code KRB5_CALLCONV krb5_mk_rep
1522 	(krb5_context,
1523 		krb5_auth_context,
1524 		krb5_data *);
1525 krb5_error_code KRB5_CALLCONV krb5_rd_rep
1526 	(krb5_context,
1527 		krb5_auth_context,
1528 		const krb5_data *,
1529 		krb5_ap_rep_enc_part **);
1530 krb5_error_code KRB5_CALLCONV krb5_mk_error
1531 	(krb5_context,
1532 		const krb5_error *,
1533 		krb5_data * );
1534 krb5_error_code KRB5_CALLCONV krb5_rd_error
1535 	(krb5_context,
1536 		const krb5_data *,
1537 		krb5_error ** );
1538 krb5_error_code KRB5_CALLCONV krb5_rd_safe
1539 	(krb5_context,
1540 		krb5_auth_context,
1541 		const krb5_data *,
1542 		krb5_data *,
1543 		krb5_replay_data *);
1544 krb5_error_code KRB5_CALLCONV krb5_rd_priv
1545 	(krb5_context,
1546 		krb5_auth_context,
1547 		const krb5_data *,
1548 		krb5_data *,
1549 		krb5_replay_data *);
1550 krb5_error_code KRB5_CALLCONV krb5_parse_name
1551 	(krb5_context,
1552 		const char *,
1553 		krb5_principal * );
1554 krb5_error_code KRB5_CALLCONV krb5_unparse_name
1555 	(krb5_context,
1556 		krb5_const_principal,
1557 		char ** );
1558 krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext
1559 	(krb5_context,
1560 		krb5_const_principal,
1561 		char **,
1562 		unsigned int *);
1563 
1564 krb5_error_code KRB5_CALLCONV krb5_set_principal_realm
1565 	(krb5_context, krb5_principal, const char *);
1566 
1567 krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search
1568 	(krb5_context,
1569 		const krb5_address *,
1570 		krb5_address * const *);
1571 krb5_boolean KRB5_CALLCONV krb5_address_compare
1572 	(krb5_context,
1573 		const krb5_address *,
1574 		const krb5_address *);
1575 int KRB5_CALLCONV krb5_address_order
1576 	(krb5_context,
1577 		const krb5_address *,
1578 		const krb5_address *);
1579 krb5_boolean KRB5_CALLCONV krb5_realm_compare
1580 	(krb5_context,
1581 		krb5_const_principal,
1582 		krb5_const_principal);
1583 krb5_boolean KRB5_CALLCONV krb5_principal_compare
1584 	(krb5_context,
1585 		krb5_const_principal,
1586 		krb5_const_principal);
1587 krb5_error_code KRB5_CALLCONV  krb5_init_keyblock
1588 		(krb5_context, krb5_enctype enctype,
1589 		size_t length, krb5_keyblock **out);
1590   		/* Initialize a new keyblock and allocate storage
1591 		 * for the contents of the key, which will be freed along
1592 		 * with the keyblock when krb5_free_keyblock is called.
1593 		 * It is legal to pass in a length of 0, in which
1594 		 * case contents are left unallocated.
1595 		 */
1596 
1597 /*
1598  * Solaris Kerberos
1599  * Start - keyblock API (MIT will ship this also in a future release)
1600  */
1601 /*
1602  * Similiar to krb5_init_keyblock but this routine expects the
1603  * keyblock to already be allocated.
1604  */
1605 krb5_error_code KRB5_CALLCONV krb5_init_allocated_keyblock
1606         (krb5_context,
1607 	        krb5_enctype,
1608 	        unsigned int,
1609                 krb5_keyblock *);
1610 
1611 krb5_enctype KRB5_CALLCONV krb5_get_key_enctype
1612         (krb5_keyblock *);
1613 
1614 unsigned int KRB5_CALLCONV krb5_get_key_length
1615         (krb5_keyblock *);
1616 
1617 krb5_octet KRB5_CALLCONV *krb5_get_key_data
1618         (krb5_keyblock *);
1619 
1620 void KRB5_CALLCONV krb5_set_key_enctype
1621         (krb5_keyblock *,
1622                  krb5_enctype);
1623 
1624 void KRB5_CALLCONV krb5_set_key_data
1625         (krb5_keyblock *,
1626                  krb5_octet *);
1627 
1628 void KRB5_CALLCONV krb5_set_key_length
1629         (krb5_keyblock *,
1630                  unsigned int);
1631 /*
1632  * Solaris Kerberos
1633  * End - keyblock API
1634  */
1635 
1636 krb5_error_code KRB5_CALLCONV krb5_copy_keyblock
1637 	(krb5_context,
1638 		const krb5_keyblock *,
1639 		krb5_keyblock **);
1640 krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents
1641 	(krb5_context,
1642 		const krb5_keyblock *,
1643 		krb5_keyblock *);
1644 krb5_error_code KRB5_CALLCONV krb5_copy_creds
1645 	(krb5_context,
1646 		const krb5_creds *,
1647 		krb5_creds **);
1648 krb5_error_code KRB5_CALLCONV krb5_copy_data
1649 	(krb5_context,
1650 		const krb5_data *,
1651 		krb5_data **);
1652 krb5_error_code KRB5_CALLCONV krb5_copy_principal
1653 	(krb5_context,
1654 		krb5_const_principal,
1655 		krb5_principal *);
1656 #if KRB5_PRIVATE
1657 krb5_error_code KRB5_CALLCONV krb5_copy_addr
1658 	(krb5_context,
1659 		const krb5_address *,
1660 		krb5_address **);
1661 #endif
1662 krb5_error_code KRB5_CALLCONV krb5_copy_addresses
1663 	(krb5_context,
1664 		krb5_address * const *,
1665 		krb5_address ***);
1666 krb5_error_code KRB5_CALLCONV krb5_copy_ticket
1667 	(krb5_context,
1668 		const krb5_ticket *,
1669 		krb5_ticket **);
1670 krb5_error_code KRB5_CALLCONV krb5_copy_authdata
1671 	(krb5_context,
1672 		krb5_authdata * const *,
1673 		krb5_authdata ***);
1674 krb5_error_code KRB5_CALLCONV krb5_copy_authenticator
1675 	(krb5_context,
1676 		const krb5_authenticator *,
1677 		krb5_authenticator **);
1678 krb5_error_code KRB5_CALLCONV krb5_copy_checksum
1679 	(krb5_context,
1680 		const krb5_checksum *,
1681 		krb5_checksum **);
1682 #if KRB5_PRIVATE
1683 void krb5_init_ets
1684 	(krb5_context);
1685 void krb5_free_ets
1686 	(krb5_context);
1687 krb5_error_code krb5_generate_subkey
1688 	(krb5_context,
1689 		const krb5_keyblock *, krb5_keyblock **);
1690 krb5_error_code krb5_generate_seq_number
1691 	(krb5_context,
1692 		const krb5_keyblock *, krb5_ui_4 *);
1693 #endif
1694 krb5_error_code KRB5_CALLCONV krb5_get_server_rcache
1695 	(krb5_context,
1696 		const krb5_data *, krb5_rcache *);
1697 krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext
1698 	(krb5_context, krb5_principal *, unsigned int, const char *, ...);
1699 krb5_error_code KRB5_CALLCONV_C krb5_build_principal
1700 	(krb5_context, krb5_principal *, unsigned int, const char *, ...);
1701 #ifdef va_start
1702 /* XXX depending on varargs include file defining va_start... */
1703 krb5_error_code KRB5_CALLCONV krb5_build_principal_va
1704 	(krb5_context,
1705 		krb5_principal, unsigned int, const char *, va_list);
1706 #endif
1707 
1708 krb5_error_code KRB5_CALLCONV krb5_425_conv_principal
1709 	(krb5_context,
1710 		const char *name,
1711 		const char *instance, const char *realm,
1712 		krb5_principal *princ);
1713 
1714 krb5_error_code KRB5_CALLCONV krb5_524_conv_principal
1715 	(krb5_context context, krb5_const_principal princ,
1716 		char *name, char *inst, char *realm);
1717 
1718 struct credentials;
1719 int KRB5_CALLCONV krb5_524_convert_creds
1720 	(krb5_context context, krb5_creds *v5creds,
1721 	 struct credentials *v4creds);
1722 #if KRB5_DEPRECATED
1723 #define krb524_convert_creds_kdc krb5_524_convert_creds
1724 #define krb524_init_ets(x) (0)
1725 #endif
1726 
1727 /* libkt.spec */
1728 #if KRB5_PRIVATE
1729 krb5_error_code KRB5_CALLCONV krb5_kt_register
1730 	(krb5_context,
1731 		const struct _krb5_kt_ops * );
1732 #endif
1733 
1734 krb5_error_code KRB5_CALLCONV krb5_kt_resolve
1735 	(krb5_context,
1736 		const char *,
1737 		krb5_keytab * );
1738 krb5_error_code KRB5_CALLCONV krb5_kt_default_name
1739 	(krb5_context,
1740 		char *,
1741 		int );
1742 krb5_error_code KRB5_CALLCONV krb5_kt_default
1743 	(krb5_context,
1744 		krb5_keytab * );
1745 krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents
1746 	(krb5_context,
1747 		krb5_keytab_entry * );
1748 #if KRB5_PRIVATE
1749 /* use krb5_free_keytab_entry_contents instead */
1750 krb5_error_code KRB5_CALLCONV krb5_kt_free_entry
1751 	(krb5_context,
1752 		krb5_keytab_entry * );
1753 #endif
1754 /* remove and add are functions, so that they can return NOWRITE
1755    if not a writable keytab */
1756 krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry
1757 	(krb5_context,
1758 		krb5_keytab,
1759 		krb5_keytab_entry * );
1760 krb5_error_code KRB5_CALLCONV krb5_kt_add_entry
1761 	(krb5_context,
1762 		krb5_keytab,
1763 		krb5_keytab_entry * );
1764 krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt
1765 	(krb5_context,
1766 		krb5_const_principal, krb5_data *);
1767 #if KRB5_PRIVATE
1768 krb5_error_code krb5_principal2salt_norealm
1769 	(krb5_context,
1770 		krb5_const_principal, krb5_data *);
1771 #endif
1772 /* librc.spec--see rcache.h */
1773 
1774 /* libcc.spec */
1775 krb5_error_code KRB5_CALLCONV krb5_cc_resolve
1776 	(krb5_context,
1777 		const char *,
1778 		krb5_ccache * );
1779 const char * KRB5_CALLCONV krb5_cc_default_name
1780 	(krb5_context);
1781 krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name
1782 	(krb5_context, const char *);
1783 krb5_error_code KRB5_CALLCONV krb5_cc_default
1784 	(krb5_context,
1785 		krb5_ccache *);
1786 #if KRB5_PRIVATE
1787 unsigned int KRB5_CALLCONV krb5_get_notification_message
1788 	(void);
1789 #endif
1790 
1791 krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds
1792 	(krb5_context context,
1793 			krb5_ccache incc,
1794 			krb5_ccache outcc);
1795 
1796 
1797 /* chk_trans.c */
1798 #if KRB5_PRIVATE
1799 krb5_error_code krb5_check_transited_list
1800 	(krb5_context, const krb5_data *trans,
1801 	 const krb5_data *realm1, const krb5_data *realm2);
1802 #endif
1803 
1804 /* free_rtree.c */
1805 #if KRB5_PRIVATE
1806 void krb5_free_realm_tree
1807 	(krb5_context,
1808 		krb5_principal *);
1809 #endif
1810 
1811 /* krb5_free.c */
1812 void KRB5_CALLCONV krb5_free_principal
1813 	(krb5_context, krb5_principal );
1814 void KRB5_CALLCONV krb5_free_authenticator
1815 	(krb5_context, krb5_authenticator * );
1816 #if KRB5_PRIVATE
1817 void KRB5_CALLCONV krb5_free_authenticator_contents
1818 	(krb5_context, krb5_authenticator * );
1819 #endif
1820 void KRB5_CALLCONV krb5_free_addresses
1821 	(krb5_context, krb5_address ** );
1822 #if KRB5_PRIVATE
1823 void KRB5_CALLCONV krb5_free_address
1824 	(krb5_context, krb5_address * );
1825 #endif
1826 void KRB5_CALLCONV krb5_free_authdata
1827 	(krb5_context, krb5_authdata ** );
1828 #if KRB5_PRIVATE
1829 void KRB5_CALLCONV krb5_free_enc_tkt_part
1830 	(krb5_context, krb5_enc_tkt_part * );
1831 #endif
1832 void KRB5_CALLCONV krb5_free_ticket
1833 	(krb5_context, krb5_ticket * );
1834 #if KRB5_PRIVATE
1835 void KRB5_CALLCONV krb5_free_tickets
1836 	(krb5_context, krb5_ticket ** );
1837 void KRB5_CALLCONV krb5_free_kdc_req
1838 	(krb5_context, krb5_kdc_req * );
1839 void KRB5_CALLCONV krb5_free_kdc_rep
1840 	(krb5_context, krb5_kdc_rep * );
1841 void KRB5_CALLCONV krb5_free_last_req
1842 	(krb5_context, krb5_last_req_entry ** );
1843 void KRB5_CALLCONV krb5_free_enc_kdc_rep_part
1844 	(krb5_context, krb5_enc_kdc_rep_part * );
1845 #endif
1846 void KRB5_CALLCONV krb5_free_error
1847 	(krb5_context, krb5_error * );
1848 #if KRB5_PRIVATE
1849 void KRB5_CALLCONV krb5_free_ap_req
1850 	(krb5_context, krb5_ap_req * );
1851 void KRB5_CALLCONV krb5_free_ap_rep
1852 	(krb5_context, krb5_ap_rep * );
1853 void KRB5_CALLCONV krb5_free_cred
1854 	(krb5_context, krb5_cred *);
1855 #endif
1856 void KRB5_CALLCONV krb5_free_creds
1857 	(krb5_context, krb5_creds *);
1858 void KRB5_CALLCONV krb5_free_cred_contents
1859 	(krb5_context, krb5_creds *);
1860 #if KRB5_PRIVATE
1861 void KRB5_CALLCONV krb5_free_cred_enc_part
1862 	(krb5_context, krb5_cred_enc_part *);
1863 #endif
1864 void KRB5_CALLCONV krb5_free_checksum
1865 	(krb5_context, krb5_checksum *);
1866 void KRB5_CALLCONV krb5_free_checksum_contents
1867 	(krb5_context, krb5_checksum *);
1868 void KRB5_CALLCONV krb5_free_keyblock
1869 	(krb5_context, krb5_keyblock *);
1870 void KRB5_CALLCONV krb5_free_keyblock_contents
1871 	(krb5_context, krb5_keyblock *);
1872 #if KRB5_PRIVATE
1873 void KRB5_CALLCONV krb5_free_pa_data
1874 	(krb5_context, krb5_pa_data **);
1875 #endif
1876 void KRB5_CALLCONV krb5_free_ap_rep_enc_part
1877 	(krb5_context, krb5_ap_rep_enc_part *);
1878 #if KRB5_PRIVATE
1879 void KRB5_CALLCONV krb5_free_tkt_authent
1880 	(krb5_context, krb5_tkt_authent *);
1881 void KRB5_CALLCONV krb5_free_pwd_data
1882 	(krb5_context, krb5_pwd_data *);
1883 void KRB5_CALLCONV krb5_free_pwd_sequences
1884 	(krb5_context, passwd_phrase_element **);
1885 #endif
1886 void KRB5_CALLCONV krb5_free_data
1887 	(krb5_context, krb5_data *);
1888 void KRB5_CALLCONV krb5_free_data_contents
1889 	(krb5_context, krb5_data *);
1890 void KRB5_CALLCONV krb5_free_unparsed_name
1891 	(krb5_context, char *);
1892 void KRB5_CALLCONV krb5_free_cksumtypes
1893 	(krb5_context, krb5_cksumtype *);
1894 
1895 /* From krb5/os but needed but by the outside world */
1896 krb5_error_code KRB5_CALLCONV krb5_us_timeofday
1897 	(krb5_context,
1898 		krb5_int32 *,
1899 		krb5_int32 * );
1900 krb5_error_code KRB5_CALLCONV krb5_timeofday
1901 	(krb5_context,
1902 		krb5_int32 * );
1903 		 /* get all the addresses of this host */
1904 krb5_error_code KRB5_CALLCONV krb5_os_localaddr
1905 	(krb5_context,
1906 		krb5_address ***);
1907 krb5_error_code KRB5_CALLCONV krb5_get_default_realm
1908 	(krb5_context,
1909 		 char ** );
1910 krb5_error_code KRB5_CALLCONV krb5_set_default_realm
1911 	(krb5_context,
1912 		   const char * );
1913 void KRB5_CALLCONV krb5_free_default_realm
1914 	(krb5_context,
1915 		   char * );
1916 krb5_error_code KRB5_CALLCONV krb5_sname_to_principal
1917 	(krb5_context,
1918 		const char *,
1919 		   const char *,
1920 		   krb5_int32,
1921 		   krb5_principal *);
1922 krb5_error_code KRB5_CALLCONV
1923 krb5_change_password
1924 	(krb5_context context, krb5_creds *creds, char *newpw,
1925 			int *result_code, krb5_data *result_code_string,
1926 			krb5_data *result_string);
1927 krb5_error_code KRB5_CALLCONV
1928 krb5_set_password
1929 	(krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for,
1930 			int *result_code, krb5_data *result_code_string, krb5_data *result_string);
1931 krb5_error_code KRB5_CALLCONV
1932 krb5_set_password_using_ccache
1933 	(krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for,
1934 			int *result_code, krb5_data *result_code_string, krb5_data *result_string);
1935 
1936 #if KRB5_PRIVATE
1937 krb5_error_code krb5_set_config_files
1938 	(krb5_context, const char **);
1939 
1940 krb5_error_code KRB5_CALLCONV krb5_get_default_config_files
1941 	(char ***filenames);
1942 
1943 void KRB5_CALLCONV krb5_free_config_files
1944 	(char **filenames);
1945 #endif
1946 
1947 krb5_error_code KRB5_CALLCONV
1948 krb5_get_profile
1949 	(krb5_context, struct _profile_t * /* profile_t */ *);
1950 
1951 #if KRB5_PRIVATE
1952 krb5_error_code krb5_send_tgs
1953 	(krb5_context,
1954 		krb5_flags,
1955 		const krb5_ticket_times *,
1956 		const krb5_enctype *,
1957 		krb5_const_principal,
1958 		krb5_address * const *,
1959 		krb5_authdata * const *,
1960 		krb5_pa_data * const *,
1961 		const krb5_data *,
1962 		krb5_creds *,
1963 		krb5_response * );
1964 #endif
1965 
1966 #if KRB5_DEPRECATED
1967 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt
1968 	(krb5_context,
1969 		krb5_flags,
1970 		krb5_address * const *,
1971 		krb5_enctype *,
1972 		krb5_preauthtype *,
1973 		krb5_error_code ( * )(krb5_context,
1974 					krb5_enctype,
1975 					krb5_data *,
1976 					krb5_const_pointer,
1977 					krb5_keyblock **),
1978 		krb5_const_pointer,
1979 		krb5_error_code ( * )(krb5_context,
1980 					const krb5_keyblock *,
1981 					krb5_const_pointer,
1982 					krb5_kdc_rep * ),
1983 		krb5_const_pointer,
1984 		krb5_creds *,
1985 		krb5_ccache,
1986 		krb5_kdc_rep ** );
1987 
1988 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password
1989 	(krb5_context,
1990 		krb5_flags,
1991 		krb5_address * const *,
1992 		krb5_enctype *,
1993 		krb5_preauthtype *,
1994 		const char *,
1995 		krb5_ccache,
1996 		krb5_creds *,
1997 		krb5_kdc_rep ** );
1998 
1999 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey
2000 	(krb5_context,
2001 		krb5_flags,
2002 		krb5_address * const *,
2003 		krb5_enctype *,
2004 		krb5_preauthtype *,
2005 		const krb5_keyblock *,
2006 		krb5_ccache,
2007 		krb5_creds *,
2008 		krb5_kdc_rep ** );
2009 
2010 krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab
2011 	(krb5_context,
2012 		krb5_flags,
2013 		krb5_address * const *,
2014 		krb5_enctype *,
2015 		krb5_preauthtype *,
2016 		krb5_keytab,
2017 		krb5_ccache,
2018 		krb5_creds *,
2019 		krb5_kdc_rep ** );
2020 #endif /* KRB5_DEPRECATED */
2021 
2022 #if KRB5_PRIVATE
2023 krb5_error_code krb5_decode_kdc_rep
2024 	(krb5_context,
2025 		krb5_data *,
2026 		const krb5_keyblock *,
2027 		krb5_kdc_rep ** );
2028 #endif
2029 
2030 krb5_error_code KRB5_CALLCONV krb5_rd_req
2031 	(krb5_context,
2032 		krb5_auth_context *,
2033 		const krb5_data *,
2034 		krb5_const_principal,
2035 		krb5_keytab,
2036 		krb5_flags *,
2037 		krb5_ticket **);
2038 
2039 #if KRB5_PRIVATE
2040 krb5_error_code krb5_rd_req_decoded
2041 	(krb5_context,
2042 		krb5_auth_context *,
2043 		const krb5_ap_req *,
2044 		krb5_const_principal,
2045 		krb5_keytab,
2046 		krb5_flags *,
2047 		krb5_ticket **);
2048 
2049 krb5_error_code krb5_rd_req_decoded_anyflag
2050 	(krb5_context,
2051 		krb5_auth_context *,
2052 		const krb5_ap_req *,
2053 		krb5_const_principal,
2054 		krb5_keytab,
2055 		krb5_flags *,
2056 		krb5_ticket **);
2057 #endif
2058 
2059 krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key
2060 	(krb5_context,
2061 		krb5_pointer,
2062 		krb5_principal,
2063 		krb5_kvno,
2064 		krb5_enctype,
2065 		krb5_keyblock **);
2066 krb5_error_code KRB5_CALLCONV krb5_mk_safe
2067 	(krb5_context,
2068 		krb5_auth_context,
2069 		const krb5_data *,
2070 		krb5_data *,
2071 		krb5_replay_data *);
2072 krb5_error_code KRB5_CALLCONV krb5_mk_priv
2073 	(krb5_context,
2074 		krb5_auth_context,
2075 		const krb5_data *,
2076 		krb5_data *,
2077 		krb5_replay_data *);
2078 #if KRB5_PRIVATE
2079 krb5_error_code KRB5_CALLCONV krb5_cc_register
2080 	(krb5_context,
2081 		krb5_cc_ops *,
2082 		krb5_boolean );
2083 #endif
2084 
2085 krb5_error_code KRB5_CALLCONV krb5_sendauth
2086 	(krb5_context,
2087 		krb5_auth_context *,
2088 		krb5_pointer,
2089 		char *,
2090 		krb5_principal,
2091 		krb5_principal,
2092 		krb5_flags,
2093 		krb5_data *,
2094 		krb5_creds *,
2095 		krb5_ccache,
2096 		krb5_error **,
2097 		krb5_ap_rep_enc_part **,
2098 		krb5_creds **);
2099 
2100 krb5_error_code KRB5_CALLCONV krb5_recvauth
2101 	(krb5_context,
2102 		krb5_auth_context *,
2103 		krb5_pointer,
2104 		char *,
2105 		krb5_principal,
2106 		krb5_int32,
2107 		krb5_keytab,
2108 		krb5_ticket **);
2109 krb5_error_code KRB5_CALLCONV krb5_recvauth_version
2110 	(krb5_context,
2111 		krb5_auth_context *,
2112 		krb5_pointer,
2113 		krb5_principal,
2114 		krb5_int32,
2115 		krb5_keytab,
2116 		krb5_ticket **,
2117 		krb5_data *);
2118 
2119 #if KRB5_PRIVATE
2120 krb5_error_code krb5_walk_realm_tree
2121 	(krb5_context,
2122 		const krb5_data *,
2123 		const krb5_data *,
2124 		krb5_principal **,
2125 		int);
2126 #endif
2127 
2128 krb5_error_code KRB5_CALLCONV krb5_mk_ncred
2129 	(krb5_context,
2130 		krb5_auth_context,
2131 		krb5_creds **,
2132 		krb5_data **,
2133 		krb5_replay_data *);
2134 
2135 krb5_error_code KRB5_CALLCONV krb5_mk_1cred
2136 	(krb5_context,
2137 		krb5_auth_context,
2138 		krb5_creds *,
2139 		krb5_data **,
2140 		krb5_replay_data *);
2141 
2142 krb5_error_code KRB5_CALLCONV krb5_rd_cred
2143 	(krb5_context,
2144 		krb5_auth_context,
2145 		krb5_data *,
2146 		krb5_creds ***,
2147 		krb5_replay_data *);
2148 
2149 krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds
2150 	(krb5_context,
2151 		krb5_auth_context,
2152 		char *,
2153 		krb5_principal,
2154 		krb5_principal,
2155 		krb5_ccache,
2156 		int forwardable,
2157 		krb5_data *);
2158 
2159 krb5_error_code KRB5_CALLCONV krb5_auth_con_init
2160 	(krb5_context,
2161 		krb5_auth_context *);
2162 
2163 krb5_error_code KRB5_CALLCONV krb5_auth_con_free
2164 	(krb5_context,
2165 		krb5_auth_context);
2166 
2167 krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags
2168 	(krb5_context,
2169 		krb5_auth_context,
2170 		krb5_int32);
2171 
2172 krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags
2173 	(krb5_context,
2174 		krb5_auth_context,
2175 		krb5_int32 *);
2176 
2177 krb5_error_code KRB5_CALLCONV
2178 krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context,
2179 				 krb5_mk_req_checksum_func, void *);
2180 
2181 krb5_error_code KRB5_CALLCONV
2182 krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context,
2183 				 krb5_mk_req_checksum_func *, void **);
2184 
2185 krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs
2186 	(krb5_context,
2187 		krb5_auth_context,
2188 		krb5_address *,
2189 		krb5_address *);
2190 
2191 krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs
2192 	(krb5_context,
2193 		krb5_auth_context,
2194 		krb5_address **,
2195 		krb5_address **);
2196 
2197 krb5_error_code KRB5_CALLCONV krb5_auth_con_setports
2198 	(krb5_context,
2199 		krb5_auth_context,
2200 		krb5_address *,
2201 		krb5_address *);
2202 
2203 krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey
2204 	(krb5_context,
2205 		krb5_auth_context,
2206 		krb5_keyblock *);
2207 
2208 krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey
2209 	(krb5_context,
2210 		krb5_auth_context,
2211 		krb5_keyblock **);
2212 
2213 krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey(
2214     krb5_context, krb5_auth_context, krb5_keyblock **);
2215 
2216 krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey(
2217     krb5_context, krb5_auth_context, krb5_keyblock **);
2218 
2219 krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey(
2220     krb5_context, krb5_auth_context, krb5_keyblock *);
2221 
2222 krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey(
2223     krb5_context, krb5_auth_context, krb5_keyblock *);
2224 
2225 #if KRB5_DEPRECATED
2226 krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey
2227 	(krb5_context,
2228 		krb5_auth_context,
2229 		krb5_keyblock **);
2230 
2231 krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey
2232 	(krb5_context,
2233 		krb5_auth_context,
2234 		krb5_keyblock **);
2235 #endif
2236 
2237 #if KRB5_PRIVATE
2238 krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype
2239 	(krb5_context,
2240 		krb5_auth_context,
2241 		krb5_cksumtype);
2242 
2243 krb5_error_code krb5_auth_con_set_safe_cksumtype
2244 	(krb5_context,
2245 		krb5_auth_context,
2246 		krb5_cksumtype);
2247 #endif
2248 
2249 krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber
2250 	(krb5_context,
2251 		krb5_auth_context,
2252 		krb5_int32 *);
2253 
2254 krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber
2255 	(krb5_context,
2256 		krb5_auth_context,
2257 		krb5_int32 *);
2258 
2259 #if KRB5_DEPRECATED
2260 krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector
2261 	(krb5_context,
2262 		krb5_auth_context);
2263 #endif
2264 
2265 #if KRB5_PRIVATE
2266 krb5_error_code krb5_auth_con_setivector
2267 	(krb5_context,
2268 		krb5_auth_context,
2269 		krb5_pointer);
2270 
2271 krb5_error_code krb5_auth_con_getivector
2272 	(krb5_context,
2273 		krb5_auth_context,
2274 		krb5_pointer *);
2275 #endif
2276 
2277 krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache
2278 	(krb5_context,
2279 		krb5_auth_context,
2280 		krb5_rcache);
2281 
2282 krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache
2283 	(krb5_context,
2284 		krb5_auth_context,
2285 		krb5_rcache *);
2286 
2287 #if KRB5_PRIVATE
2288 krb5_error_code krb5_auth_con_setpermetypes
2289 	(krb5_context,
2290 	    krb5_auth_context,
2291 	    const krb5_enctype *);
2292 
2293 krb5_error_code krb5_auth_con_getpermetypes
2294 	(krb5_context,
2295 	    krb5_auth_context,
2296 	    krb5_enctype **);
2297 #endif
2298 
2299 krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator
2300 	(krb5_context,
2301 		krb5_auth_context,
2302 		krb5_authenticator **);
2303 
2304 #define KRB5_REALM_BRANCH_CHAR '.'
2305 
2306 /*
2307  * end "func-proto.h"
2308  */
2309 
2310 /*
2311  * begin stuff from libos.h
2312  */
2313 
2314 
2315 #if KRB5_PRIVATE
2316 krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *);
2317 krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *);
2318 int krb5_net_read (krb5_context, int , char *, int);
2319 int krb5_net_write (krb5_context, int , const char *, int);
2320 #endif
2321 
2322 krb5_error_code KRB5_CALLCONV krb5_read_password
2323 	(krb5_context,
2324 		const char *,
2325 		const char *,
2326 		char *,
2327 		unsigned int * );
2328 krb5_error_code KRB5_CALLCONV krb5_aname_to_localname
2329 	(krb5_context,
2330 		krb5_const_principal,
2331 		int,
2332 		char * );
2333 krb5_error_code KRB5_CALLCONV krb5_get_host_realm
2334 	(krb5_context,
2335 		const char *,
2336 		char *** );
2337 krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm
2338 	(krb5_context,
2339 		krb5_data *,
2340 		char *** );
2341 krb5_error_code KRB5_CALLCONV krb5_free_host_realm
2342 	(krb5_context,
2343 		char * const * );
2344 #if KRB5_PRIVATE
2345 krb5_error_code KRB5_CALLCONV krb5_get_realm_domain
2346 	(krb5_context,
2347 		const char *,
2348 		char ** );
2349 #endif
2350 krb5_boolean KRB5_CALLCONV krb5_kuserok
2351 	(krb5_context,
2352 		krb5_principal, const char *);
2353 krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs
2354 	(krb5_context,
2355 		krb5_auth_context,
2356 		int, int);
2357 #if KRB5_PRIVATE
2358 krb5_error_code krb5_gen_portaddr
2359 	(krb5_context,
2360 		const krb5_address *,
2361 		krb5_const_pointer,
2362 		krb5_address **);
2363 krb5_error_code krb5_gen_replay_name
2364 	(krb5_context,
2365 		const krb5_address *,
2366 		const char *,
2367 		char **);
2368 krb5_error_code krb5_make_fulladdr
2369 	(krb5_context,
2370 		krb5_address *,
2371 		krb5_address *,
2372 		krb5_address *);
2373 #endif
2374 
2375 krb5_error_code KRB5_CALLCONV krb5_set_real_time
2376 	(krb5_context, krb5_int32, krb5_int32);
2377 
2378 #if KRB5_PRIVATE
2379 krb5_error_code krb5_set_debugging_time
2380 	(krb5_context, krb5_int32, krb5_int32);
2381 krb5_error_code krb5_use_natural_time
2382 	(krb5_context);
2383 #endif
2384 krb5_error_code KRB5_CALLCONV krb5_get_time_offsets
2385 	(krb5_context, krb5_int32 *, krb5_int32 *);
2386 #if KRB5_PRIVATE
2387 krb5_error_code krb5_set_time_offsets
2388 	(krb5_context, krb5_int32, krb5_int32);
2389 #endif
2390 
2391 /* str_conv.c */
2392 krb5_error_code KRB5_CALLCONV krb5_string_to_enctype
2393 	(char *, krb5_enctype *);
2394 krb5_error_code KRB5_CALLCONV krb5_string_to_salttype
2395 	(char *, krb5_int32 *);
2396 krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype
2397 	(char *, krb5_cksumtype *);
2398 krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp
2399 	(char *, krb5_timestamp *);
2400 krb5_error_code KRB5_CALLCONV krb5_string_to_deltat
2401 	(char *, krb5_deltat *);
2402 krb5_error_code KRB5_CALLCONV krb5_enctype_to_string
2403 	(krb5_enctype, char *, size_t);
2404 /* Solaris Kerberos */
2405 krb5_error_code KRB5_CALLCONV krb5_enctype_to_istring
2406 	(krb5_enctype, char *, size_t);
2407 krb5_error_code KRB5_CALLCONV krb5_salttype_to_string
2408 	(krb5_int32, char *, size_t);
2409 krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string
2410 	(krb5_cksumtype, char *, size_t);
2411 krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string
2412 	(krb5_timestamp, char *, size_t);
2413 krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring
2414 	(krb5_timestamp, char *, size_t, char *);
2415 krb5_error_code KRB5_CALLCONV krb5_deltat_to_string
2416 	(krb5_deltat, char *, size_t);
2417 
2418 
2419 /*
2420  * end stuff from libos.h
2421  */
2422 
2423 /*
2424  * begin "k5-free.h"
2425  */
2426 
2427 /* to keep lint happy */
2428 #ifdef _KERNEL
2429 #define krb5_xfree_wrap(val,n) kmem_free((char *)(val),n)
2430 #else
2431 #define krb5_xfree_wrap(val,n) free((char *)(val))
2432 #define krb5_xfree(val) free((char *)(val))
2433 #endif
2434 
2435 /*
2436  * end "k5-free.h"
2437  */
2438 
2439 /* The name of the Kerberos ticket granting service... and its size */
2440 #define	KRB5_TGS_NAME		"krbtgt"
2441 #define KRB5_TGS_NAME_SIZE	6
2442 
2443 /* flags for recvauth */
2444 #define KRB5_RECVAUTH_SKIP_VERSION	0x0001
2445 #define KRB5_RECVAUTH_BADAUTHVERS	0x0002
2446 
2447 /* initial ticket api functions */
2448 
2449 typedef struct _krb5_prompt {
2450     char *prompt;
2451     int hidden;
2452     krb5_data *reply;
2453 } krb5_prompt;
2454 
2455 typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context,
2456 					     void *data,
2457 					     const char *name,
2458 					     const char *banner,
2459 					     int num_prompts,
2460 					     krb5_prompt prompts[]);
2461 
2462 
2463 krb5_error_code KRB5_CALLCONV
2464 krb5_prompter_posix
2465     (krb5_context context,
2466 		void *data,
2467 		const char *name,
2468 		const char *banner,
2469 		int num_prompts,
2470 		krb5_prompt prompts[]);
2471 
2472 typedef struct _krb5_get_init_creds_opt {
2473     krb5_flags flags;
2474     krb5_deltat tkt_life;
2475     krb5_deltat renew_life;
2476     int forwardable;
2477     int proxiable;
2478     krb5_enctype *etype_list;
2479     int etype_list_length;
2480     krb5_address **address_list;
2481     krb5_preauthtype *preauth_list;
2482     int preauth_list_length;
2483     krb5_data *salt;
2484 } krb5_get_init_creds_opt;
2485 
2486 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE	0x0001
2487 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE	0x0002
2488 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE	0x0004
2489 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE	0x0008
2490 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST	0x0010
2491 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST	0x0020
2492 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST	0x0040
2493 #define KRB5_GET_INIT_CREDS_OPT_SALT		0x0080
2494 
2495 void KRB5_CALLCONV
2496 krb5_get_init_creds_opt_init
2497 (krb5_get_init_creds_opt *opt);
2498 
2499 void KRB5_CALLCONV
2500 krb5_get_init_creds_opt_set_tkt_life
2501 (krb5_get_init_creds_opt *opt,
2502 		krb5_deltat tkt_life);
2503 
2504 void KRB5_CALLCONV
2505 krb5_get_init_creds_opt_set_renew_life
2506 (krb5_get_init_creds_opt *opt,
2507 		krb5_deltat renew_life);
2508 
2509 void KRB5_CALLCONV
2510 krb5_get_init_creds_opt_set_forwardable
2511 (krb5_get_init_creds_opt *opt,
2512 		int forwardable);
2513 
2514 void KRB5_CALLCONV
2515 krb5_get_init_creds_opt_set_proxiable
2516 (krb5_get_init_creds_opt *opt,
2517 		int proxiable);
2518 
2519 void KRB5_CALLCONV
2520 krb5_get_init_creds_opt_set_etype_list
2521 (krb5_get_init_creds_opt *opt,
2522 		krb5_enctype *etype_list,
2523 		int etype_list_length);
2524 
2525 void KRB5_CALLCONV
2526 krb5_get_init_creds_opt_set_address_list
2527 (krb5_get_init_creds_opt *opt,
2528 		krb5_address **addresses);
2529 
2530 void KRB5_CALLCONV
2531 krb5_get_init_creds_opt_set_preauth_list
2532 (krb5_get_init_creds_opt *opt,
2533 		krb5_preauthtype *preauth_list,
2534 		int preauth_list_length);
2535 
2536 void KRB5_CALLCONV
2537 krb5_get_init_creds_opt_set_salt
2538 (krb5_get_init_creds_opt *opt,
2539 		krb5_data *salt);
2540 
2541 
2542 
2543 krb5_error_code KRB5_CALLCONV
2544 krb5_get_init_creds_password
2545 (krb5_context context,
2546 		krb5_creds *creds,
2547 		krb5_principal client,
2548 		char *password,
2549 		krb5_prompter_fct prompter,
2550 		void *data,
2551 		krb5_deltat start_time,
2552 		char *in_tkt_service,
2553 		krb5_get_init_creds_opt *k5_gic_options);
2554 
2555 krb5_error_code KRB5_CALLCONV
2556 krb5_get_init_creds_keytab
2557 (krb5_context context,
2558 		krb5_creds *creds,
2559 		krb5_principal client,
2560 		krb5_keytab arg_keytab,
2561 		krb5_deltat start_time,
2562 		char *in_tkt_service,
2563 		krb5_get_init_creds_opt *k5_gic_options);
2564 
2565 typedef struct _krb5_verify_init_creds_opt {
2566     krb5_flags flags;
2567     int ap_req_nofail;
2568 } krb5_verify_init_creds_opt;
2569 
2570 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
2571 
2572 void KRB5_CALLCONV
2573 krb5_verify_init_creds_opt_init
2574 (krb5_verify_init_creds_opt *k5_vic_options);
2575 void KRB5_CALLCONV
2576 krb5_verify_init_creds_opt_set_ap_req_nofail
2577 (krb5_verify_init_creds_opt *k5_vic_options,
2578 		int ap_req_nofail);
2579 
2580 krb5_error_code KRB5_CALLCONV
2581 krb5_verify_init_creds
2582 (krb5_context context,
2583 		krb5_creds *creds,
2584 		krb5_principal ap_req_server,
2585 		krb5_keytab ap_req_keytab,
2586 		krb5_ccache *ccache,
2587 		krb5_verify_init_creds_opt *k5_vic_options);
2588 
2589 krb5_error_code KRB5_CALLCONV
2590 krb5_get_validated_creds
2591 (krb5_context context,
2592 		krb5_creds *creds,
2593 		krb5_principal client,
2594 		krb5_ccache ccache,
2595 		char *in_tkt_service);
2596 
2597 krb5_error_code KRB5_CALLCONV
2598 krb5_get_renewed_creds
2599 (krb5_context context,
2600 		krb5_creds *creds,
2601 		krb5_principal client,
2602 		krb5_ccache ccache,
2603 		char *in_tkt_service);
2604 
2605 krb5_error_code KRB5_CALLCONV
2606 krb5_decode_ticket
2607 (const krb5_data *code,
2608 		krb5_ticket **rep);
2609 
2610 void KRB5_CALLCONV
2611 krb5_appdefault_string
2612 (krb5_context context,
2613 		const char *appname,
2614 	        const krb5_data *realm,
2615  		const char *option,
2616 		const char *default_value,
2617 		char ** ret_value);
2618 
2619 void KRB5_CALLCONV
2620 krb5_appdefault_boolean
2621 (krb5_context context,
2622 		const char *appname,
2623 	        const krb5_data *realm,
2624  		const char *option,
2625 		int default_value,
2626 		int *ret_value);
2627 
2628 #if KRB5_PRIVATE
2629 /*
2630  * The realm iterator functions
2631  */
2632 
2633 krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create
2634 	(krb5_context context, void **iter_p);
2635 
2636 krb5_error_code KRB5_CALLCONV krb5_realm_iterator
2637 	(krb5_context context, void **iter_p, char **ret_realm);
2638 
2639 void KRB5_CALLCONV krb5_realm_iterator_free
2640 	(krb5_context context, void **iter_p);
2641 
2642 void KRB5_CALLCONV krb5_free_realm_string
2643 	(krb5_context context, char *str);
2644 #endif
2645 
2646 /*
2647  * The realm iterator functions
2648  */
2649 
2650 krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create
2651 	(krb5_context context, void **iter_p);
2652 
2653 krb5_error_code KRB5_CALLCONV krb5_realm_iterator
2654 	(krb5_context context, void **iter_p, char **ret_realm);
2655 
2656 void KRB5_CALLCONV krb5_realm_iterator_free
2657 	(krb5_context context, void **iter_p);
2658 
2659 void KRB5_CALLCONV krb5_free_realm_string
2660 	(krb5_context context, char *str);
2661 
2662 /*
2663  * Prompter enhancements
2664  */
2665 
2666 #define KRB5_PROMPT_TYPE_PASSWORD		0x1
2667 #define KRB5_PROMPT_TYPE_NEW_PASSWORD		0x2
2668 #define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN	0x3
2669 #define KRB5_PROMPT_TYPE_PREAUTH		0x4
2670 
2671 typedef krb5_int32 krb5_prompt_type;
2672 
2673 krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types
2674 	(krb5_context context);
2675 
2676 /* Error reporting */
2677 void KRB5_CALLCONV_C
2678 krb5_set_error_message (krb5_context, krb5_error_code, const char *, ...);
2679 #ifdef va_start
2680 void KRB5_CALLCONV
2681 krb5_vset_error_message (krb5_context, krb5_error_code, const char *, va_list);
2682 #endif
2683 /*
2684  * The behavior of krb5_get_error_message is only defined the first
2685  * time it is called after a failed call to a krb5 function using the
2686  * same context, and only when the error code passed in is the same as
2687  * that returned by the krb5 function.  Future versions may return the
2688  * same string for the second and following calls.
2689  *
2690  * The string returned by this function must be freed using
2691  * krb5_free_error_message.
2692  */
2693 const char * KRB5_CALLCONV
2694 krb5_get_error_message (krb5_context, krb5_error_code);
2695 void KRB5_CALLCONV
2696 krb5_free_error_message (krb5_context, const char *);
2697 void KRB5_CALLCONV
2698 krb5_clear_error_message (krb5_context);
2699 
2700 #if TARGET_OS_MAC
2701 #    pragma options align=reset
2702 #endif /* KRB5INT_END_DECLS */
2703 
2704 /* Don't use this!  We're going to phase it out.  It's just here to keep
2705    applications from breaking right away.  */
2706 #define krb5_const const
2707 
2708 #endif /* KRB5_GENERAL__ */
2709 
2710 
2711 /*
2712  * krb5_err.h:
2713  * This file is automatically generated; please do not edit it.
2714  */
2715 
2716 #define KRB5KDC_ERR_NONE                         (-1765328384L)
2717 #define KRB5KDC_ERR_NAME_EXP                     (-1765328383L)
2718 #define KRB5KDC_ERR_SERVICE_EXP                  (-1765328382L)
2719 #define KRB5KDC_ERR_BAD_PVNO                     (-1765328381L)
2720 #define KRB5KDC_ERR_C_OLD_MAST_KVNO              (-1765328380L)
2721 #define KRB5KDC_ERR_S_OLD_MAST_KVNO              (-1765328379L)
2722 #define KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN          (-1765328378L)
2723 #define KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN          (-1765328377L)
2724 #define KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE         (-1765328376L)
2725 #define KRB5KDC_ERR_NULL_KEY                     (-1765328375L)
2726 #define KRB5KDC_ERR_CANNOT_POSTDATE              (-1765328374L)
2727 #define KRB5KDC_ERR_NEVER_VALID                  (-1765328373L)
2728 #define KRB5KDC_ERR_POLICY                       (-1765328372L)
2729 #define KRB5KDC_ERR_BADOPTION                    (-1765328371L)
2730 #define KRB5KDC_ERR_ETYPE_NOSUPP                 (-1765328370L)
2731 #define KRB5KDC_ERR_SUMTYPE_NOSUPP               (-1765328369L)
2732 #define KRB5KDC_ERR_PADATA_TYPE_NOSUPP           (-1765328368L)
2733 #define KRB5KDC_ERR_TRTYPE_NOSUPP                (-1765328367L)
2734 #define KRB5KDC_ERR_CLIENT_REVOKED               (-1765328366L)
2735 #define KRB5KDC_ERR_SERVICE_REVOKED              (-1765328365L)
2736 #define KRB5KDC_ERR_TGT_REVOKED                  (-1765328364L)
2737 #define KRB5KDC_ERR_CLIENT_NOTYET                (-1765328363L)
2738 #define KRB5KDC_ERR_SERVICE_NOTYET               (-1765328362L)
2739 #define KRB5KDC_ERR_KEY_EXP                      (-1765328361L)
2740 #define KRB5KDC_ERR_PREAUTH_FAILED               (-1765328360L)
2741 #define KRB5KDC_ERR_PREAUTH_REQUIRED             (-1765328359L)
2742 #define KRB5KDC_ERR_SERVER_NOMATCH               (-1765328358L)
2743 #define KRB5PLACEHOLD_27                         (-1765328357L)
2744 #define KRB5PLACEHOLD_28                         (-1765328356L)
2745 #define KRB5PLACEHOLD_29                         (-1765328355L)
2746 #define KRB5PLACEHOLD_30                         (-1765328354L)
2747 #define KRB5KRB_AP_ERR_BAD_INTEGRITY             (-1765328353L)
2748 #define KRB5KRB_AP_ERR_TKT_EXPIRED               (-1765328352L)
2749 #define KRB5KRB_AP_ERR_TKT_NYV                   (-1765328351L)
2750 #define KRB5KRB_AP_ERR_REPEAT                    (-1765328350L)
2751 #define KRB5KRB_AP_ERR_NOT_US                    (-1765328349L)
2752 #define KRB5KRB_AP_ERR_BADMATCH                  (-1765328348L)
2753 #define KRB5KRB_AP_ERR_SKEW                      (-1765328347L)
2754 #define KRB5KRB_AP_ERR_BADADDR                   (-1765328346L)
2755 #define KRB5KRB_AP_ERR_BADVERSION                (-1765328345L)
2756 #define KRB5KRB_AP_ERR_MSG_TYPE                  (-1765328344L)
2757 #define KRB5KRB_AP_ERR_MODIFIED                  (-1765328343L)
2758 #define KRB5KRB_AP_ERR_BADORDER                  (-1765328342L)
2759 #define KRB5KRB_AP_ERR_ILL_CR_TKT                (-1765328341L)
2760 #define KRB5KRB_AP_ERR_BADKEYVER                 (-1765328340L)
2761 #define KRB5KRB_AP_ERR_NOKEY                     (-1765328339L)
2762 #define KRB5KRB_AP_ERR_MUT_FAIL                  (-1765328338L)
2763 #define KRB5KRB_AP_ERR_BADDIRECTION              (-1765328337L)
2764 #define KRB5KRB_AP_ERR_METHOD                    (-1765328336L)
2765 #define KRB5KRB_AP_ERR_BADSEQ                    (-1765328335L)
2766 #define KRB5KRB_AP_ERR_INAPP_CKSUM               (-1765328334L)
2767 #define KRB5PLACEHOLD_51                         (-1765328333L)
2768 #define KRB5PLACEHOLD_52                         (-1765328332L)
2769 #define KRB5PLACEHOLD_53                         (-1765328331L)
2770 #define KRB5PLACEHOLD_54                         (-1765328330L)
2771 #define KRB5PLACEHOLD_55                         (-1765328329L)
2772 #define KRB5PLACEHOLD_56                         (-1765328328L)
2773 #define KRB5PLACEHOLD_57                         (-1765328327L)
2774 #define KRB5PLACEHOLD_58                         (-1765328326L)
2775 #define KRB5PLACEHOLD_59                         (-1765328325L)
2776 #define KRB5KRB_ERR_GENERIC                      (-1765328324L)
2777 #define KRB5KRB_ERR_FIELD_TOOLONG                (-1765328323L)
2778 #define KRB5PLACEHOLD_62                         (-1765328322L)
2779 #define KRB5PLACEHOLD_63                         (-1765328321L)
2780 #define KRB5PLACEHOLD_64                         (-1765328320L)
2781 #define KRB5PLACEHOLD_65                         (-1765328319L)
2782 #define KRB5PLACEHOLD_66                         (-1765328318L)
2783 #define KRB5PLACEHOLD_67                         (-1765328317L)
2784 #define KRB5PLACEHOLD_68                         (-1765328316L)
2785 #define KRB5PLACEHOLD_69                         (-1765328315L)
2786 #define KRB5PLACEHOLD_70                         (-1765328314L)
2787 #define KRB5PLACEHOLD_71                         (-1765328313L)
2788 #define KRB5PLACEHOLD_72                         (-1765328312L)
2789 #define KRB5PLACEHOLD_73                         (-1765328311L)
2790 #define KRB5PLACEHOLD_74                         (-1765328310L)
2791 #define KRB5PLACEHOLD_75                         (-1765328309L)
2792 #define KRB5PLACEHOLD_76                         (-1765328308L)
2793 #define KRB5PLACEHOLD_77                         (-1765328307L)
2794 #define KRB5PLACEHOLD_78                         (-1765328306L)
2795 #define KRB5PLACEHOLD_79                         (-1765328305L)
2796 #define KRB5PLACEHOLD_80                         (-1765328304L)
2797 #define KRB5PLACEHOLD_81                         (-1765328303L)
2798 #define KRB5PLACEHOLD_82                         (-1765328302L)
2799 #define KRB5PLACEHOLD_83                         (-1765328301L)
2800 #define KRB5PLACEHOLD_84                         (-1765328300L)
2801 #define KRB5PLACEHOLD_85                         (-1765328299L)
2802 #define KRB5PLACEHOLD_86                         (-1765328298L)
2803 #define KRB5PLACEHOLD_87                         (-1765328297L)
2804 #define KRB5PLACEHOLD_88                         (-1765328296L)
2805 #define KRB5PLACEHOLD_89                         (-1765328295L)
2806 #define KRB5PLACEHOLD_90                         (-1765328294L)
2807 #define KRB5PLACEHOLD_91                         (-1765328293L)
2808 #define KRB5PLACEHOLD_92                         (-1765328292L)
2809 #define KRB5PLACEHOLD_93                         (-1765328291L)
2810 #define KRB5PLACEHOLD_94                         (-1765328290L)
2811 #define KRB5PLACEHOLD_95                         (-1765328289L)
2812 #define KRB5PLACEHOLD_96                         (-1765328288L)
2813 #define KRB5PLACEHOLD_97                         (-1765328287L)
2814 #define KRB5PLACEHOLD_98                         (-1765328286L)
2815 #define KRB5PLACEHOLD_99                         (-1765328285L)
2816 #define KRB5PLACEHOLD_100                        (-1765328284L)
2817 #define KRB5PLACEHOLD_101                        (-1765328283L)
2818 #define KRB5PLACEHOLD_102                        (-1765328282L)
2819 #define KRB5PLACEHOLD_103                        (-1765328281L)
2820 #define KRB5PLACEHOLD_104                        (-1765328280L)
2821 #define KRB5PLACEHOLD_105                        (-1765328279L)
2822 #define KRB5PLACEHOLD_106                        (-1765328278L)
2823 #define KRB5PLACEHOLD_107                        (-1765328277L)
2824 #define KRB5PLACEHOLD_108                        (-1765328276L)
2825 #define KRB5PLACEHOLD_109                        (-1765328275L)
2826 #define KRB5PLACEHOLD_110                        (-1765328274L)
2827 #define KRB5PLACEHOLD_111                        (-1765328273L)
2828 #define KRB5PLACEHOLD_112                        (-1765328272L)
2829 #define KRB5PLACEHOLD_113                        (-1765328271L)
2830 #define KRB5PLACEHOLD_114                        (-1765328270L)
2831 #define KRB5PLACEHOLD_115                        (-1765328269L)
2832 #define KRB5PLACEHOLD_116                        (-1765328268L)
2833 #define KRB5PLACEHOLD_117                        (-1765328267L)
2834 #define KRB5PLACEHOLD_118                        (-1765328266L)
2835 #define KRB5PLACEHOLD_119                        (-1765328265L)
2836 #define KRB5PLACEHOLD_120                        (-1765328264L)
2837 #define KRB5PLACEHOLD_121                        (-1765328263L)
2838 #define KRB5PLACEHOLD_122                        (-1765328262L)
2839 #define KRB5PLACEHOLD_123                        (-1765328261L)
2840 #define KRB5PLACEHOLD_124                        (-1765328260L)
2841 #define KRB5PLACEHOLD_125                        (-1765328259L)
2842 #define KRB5PLACEHOLD_126                        (-1765328258L)
2843 #define KRB5PLACEHOLD_127                        (-1765328257L)
2844 #define KRB5_ERR_RCSID                           (-1765328256L)
2845 #define KRB5_LIBOS_BADLOCKFLAG                   (-1765328255L)
2846 #define KRB5_LIBOS_CANTREADPWD                   (-1765328254L)
2847 #define KRB5_LIBOS_BADPWDMATCH                   (-1765328253L)
2848 #define KRB5_LIBOS_PWDINTR                       (-1765328252L)
2849 #define KRB5_PARSE_ILLCHAR                       (-1765328251L)
2850 #define KRB5_PARSE_MALFORMED                     (-1765328250L)
2851 #define KRB5_CONFIG_CANTOPEN                     (-1765328249L)
2852 #define KRB5_CONFIG_BADFORMAT                    (-1765328248L)
2853 #define KRB5_CONFIG_NOTENUFSPACE                 (-1765328247L)
2854 #define KRB5_BADMSGTYPE                          (-1765328246L)
2855 #define KRB5_CC_BADNAME                          (-1765328245L)
2856 #define KRB5_CC_UNKNOWN_TYPE                     (-1765328244L)
2857 #define KRB5_CC_NOTFOUND                         (-1765328243L)
2858 #define KRB5_CC_END                              (-1765328242L)
2859 #define KRB5_NO_TKT_SUPPLIED                     (-1765328241L)
2860 #define KRB5KRB_AP_WRONG_PRINC                   (-1765328240L)
2861 #define KRB5KRB_AP_ERR_TKT_INVALID               (-1765328239L)
2862 #define KRB5_PRINC_NOMATCH                       (-1765328238L)
2863 #define KRB5_KDCREP_MODIFIED                     (-1765328237L)
2864 #define KRB5_KDCREP_SKEW                         (-1765328236L)
2865 #define KRB5_IN_TKT_REALM_MISMATCH               (-1765328235L)
2866 #define KRB5_PROG_ETYPE_NOSUPP                   (-1765328234L)
2867 #define KRB5_PROG_KEYTYPE_NOSUPP                 (-1765328233L)
2868 #define KRB5_WRONG_ETYPE                         (-1765328232L)
2869 #define KRB5_PROG_SUMTYPE_NOSUPP                 (-1765328231L)
2870 #define KRB5_REALM_UNKNOWN                       (-1765328230L)
2871 #define KRB5_SERVICE_UNKNOWN                     (-1765328229L)
2872 #define KRB5_KDC_UNREACH                         (-1765328228L)
2873 #define KRB5_NO_LOCALNAME                        (-1765328227L)
2874 #define KRB5_MUTUAL_FAILED                       (-1765328226L)
2875 #define KRB5_RC_TYPE_EXISTS                      (-1765328225L)
2876 #define KRB5_RC_MALLOC                           (-1765328224L)
2877 #define KRB5_RC_TYPE_NOTFOUND                    (-1765328223L)
2878 #define KRB5_RC_UNKNOWN                          (-1765328222L)
2879 #define KRB5_RC_REPLAY                           (-1765328221L)
2880 #define KRB5_RC_IO                               (-1765328220L)
2881 #define KRB5_RC_NOIO                             (-1765328219L)
2882 #define KRB5_RC_PARSE                            (-1765328218L)
2883 #define KRB5_RC_IO_EOF                           (-1765328217L)
2884 #define KRB5_RC_IO_MALLOC                        (-1765328216L)
2885 #define KRB5_RC_IO_PERM                          (-1765328215L)
2886 #define KRB5_RC_IO_IO                            (-1765328214L)
2887 #define KRB5_RC_IO_UNKNOWN                       (-1765328213L)
2888 #define KRB5_RC_IO_SPACE                         (-1765328212L)
2889 #define KRB5_TRANS_CANTOPEN                      (-1765328211L)
2890 #define KRB5_TRANS_BADFORMAT                     (-1765328210L)
2891 #define KRB5_LNAME_CANTOPEN                      (-1765328209L)
2892 #define KRB5_LNAME_NOTRANS                       (-1765328208L)
2893 #define KRB5_LNAME_BADFORMAT                     (-1765328207L)
2894 #define KRB5_CRYPTO_INTERNAL                     (-1765328206L)
2895 #define KRB5_KT_BADNAME                          (-1765328205L)
2896 #define KRB5_KT_UNKNOWN_TYPE                     (-1765328204L)
2897 #define KRB5_KT_NOTFOUND                         (-1765328203L)
2898 #define KRB5_KT_END                              (-1765328202L)
2899 #define KRB5_KT_NOWRITE                          (-1765328201L)
2900 #define KRB5_KT_IOERR                            (-1765328200L)
2901 #define KRB5_NO_TKT_IN_RLM                       (-1765328199L)
2902 #define KRB5DES_BAD_KEYPAR                       (-1765328198L)
2903 #define KRB5DES_WEAK_KEY                         (-1765328197L)
2904 #define KRB5_BAD_ENCTYPE                         (-1765328196L)
2905 #define KRB5_BAD_KEYSIZE                         (-1765328195L)
2906 #define KRB5_BAD_MSIZE                           (-1765328194L)
2907 #define KRB5_CC_TYPE_EXISTS                      (-1765328193L)
2908 #define KRB5_KT_TYPE_EXISTS                      (-1765328192L)
2909 #define KRB5_CC_IO                               (-1765328191L)
2910 #define KRB5_FCC_PERM                            (-1765328190L)
2911 #define KRB5_FCC_NOFILE                          (-1765328189L)
2912 #define KRB5_FCC_INTERNAL                        (-1765328188L)
2913 #define KRB5_CC_WRITE                            (-1765328187L)
2914 #define KRB5_CC_NOMEM                            (-1765328186L)
2915 #define KRB5_CC_FORMAT                           (-1765328185L)
2916 #define KRB5_CC_NOT_KTYPE                        (-1765328184L)
2917 #define KRB5_INVALID_FLAGS                       (-1765328183L)
2918 #define KRB5_NO_2ND_TKT                          (-1765328182L)
2919 #define KRB5_NOCREDS_SUPPLIED                    (-1765328181L)
2920 #define KRB5_SENDAUTH_BADAUTHVERS                (-1765328180L)
2921 #define KRB5_SENDAUTH_BADAPPLVERS                (-1765328179L)
2922 #define KRB5_SENDAUTH_BADRESPONSE                (-1765328178L)
2923 #define KRB5_SENDAUTH_REJECTED                   (-1765328177L)
2924 #define KRB5_PREAUTH_BAD_TYPE                    (-1765328176L)
2925 #define KRB5_PREAUTH_NO_KEY                      (-1765328175L)
2926 #define KRB5_PREAUTH_FAILED                      (-1765328174L)
2927 #define KRB5_RCACHE_BADVNO                       (-1765328173L)
2928 #define KRB5_CCACHE_BADVNO                       (-1765328172L)
2929 #define KRB5_KEYTAB_BADVNO                       (-1765328171L)
2930 #define KRB5_PROG_ATYPE_NOSUPP                   (-1765328170L)
2931 #define KRB5_RC_REQUIRED                         (-1765328169L)
2932 #define KRB5_ERR_BAD_HOSTNAME                    (-1765328168L)
2933 #define KRB5_ERR_HOST_REALM_UNKNOWN              (-1765328167L)
2934 #define KRB5_SNAME_UNSUPP_NAMETYPE               (-1765328166L)
2935 #define KRB5KRB_AP_ERR_V4_REPLY                  (-1765328165L)
2936 #define KRB5_REALM_CANT_RESOLVE                  (-1765328164L)
2937 #define KRB5_TKT_NOT_FORWARDABLE                 (-1765328163L)
2938 #define KRB5_FWD_BAD_PRINCIPAL                   (-1765328162L)
2939 #define KRB5_GET_IN_TKT_LOOP                     (-1765328161L)
2940 #define KRB5_CONFIG_NODEFREALM                   (-1765328160L)
2941 #define KRB5_SAM_UNSUPPORTED                     (-1765328159L)
2942 #define KRB5_SAM_INVALID_ETYPE			 (-1765328158L)
2943 #define KRB5_SAM_NO_CHECKSUM			 (-1765328157L)
2944 #define KRB5_SAM_BAD_CHECKSUM			 (-1765328156L)
2945 #define KRB5_KT_NAME_TOOLONG			 (-1765328155L)
2946 #define KRB5_KT_KVNONOTFOUND			 (-1765328154L)
2947 #define KRB5_APPL_EXPIRED			 (-1765328153L)
2948 #define KRB5_LIB_EXPIRED			 (-1765328152L)
2949 #define KRB5_CHPW_PWDNULL			 (-1765328151L)
2950 #define KRB5_CHPW_FAIL				 (-1765328150L)
2951 #define KRB5_KT_FORMAT				 (-1765328149L)
2952 #define KRB5_NOPERM_ETYPE			 (-1765328148L)
2953 #define KRB5_CONFIG_ETYPE_NOSUPP		 (-1765328147L)
2954 #define KRB5_OBSOLETE_FN			 (-1765328146L)
2955 #define KRB5_EAI_FAIL				 (-1765328145L)
2956 #define KRB5_EAI_NODATA				 (-1765328144L)
2957 #define KRB5_EAI_NONAME				 (-1765328143L)
2958 #define KRB5_EAI_SERVICE			 (-1765328142L)
2959 #define KRB5_ERR_NUMERIC_REALM			 (-1765328141L)
2960 #define KRB5_ERR_BAD_S2K_PARAMS			 (-1765328140L)
2961 #define KRB5_ERR_NO_SERVICE			 (-1765328139L)
2962 #define KRB5_CC_READONLY			 (-1765328138L)
2963 #define KRB5_CC_NOSUPP				 (-1765328137L)
2964 
2965 /* NOTE! error values should not collide */
2966 /* XXX Note KRB5_RC_BADNAME and KRB5_CONF_NOT_CONFIGURED are Solaris specific */
2967 #define	KRB5_RC_BADNAME				(-1765328136L)
2968 #define	KRB5_CONF_NOT_CONFIGURED	 	 (-1765328135L)
2969 #ifdef _KERNEL
2970 /* XXX Note KRB5_KEF_ERROR and PKCS_ERR are Solaris specific */
2971 #define KRB5_KEF_ERROR                           (-1765328134L)
2972 #else
2973 #define PKCS_ERR				 (-1765328134L)
2974 #endif /* _KERNEL */
2975 
2976 #define KRB5_DELTAT_BADFORMAT			(-1765328133L)
2977 #define KRB5_PLUGIN_NO_HANDLE			(-1765328132L)
2978 #define KRB5_PLUGIN_OP_NOTSUPP			(-1765328131L)
2979 
2980 #define ERROR_TABLE_BASE_krb5 (-1765328384L)
2981 
2982 /* for compatibility with older versions... */
2983 #define krb5_err_base ERROR_TABLE_BASE_krb5
2984 /*
2985  * kdb5_err.h:
2986  * This file is automatically generated; please do not edit it.
2987  */
2988 #define KRB5_KDB_RCSID                           (-1780008448L)
2989 #define KRB5_KDB_INUSE                           (-1780008447L)
2990 #define KRB5_KDB_UK_SERROR                       (-1780008446L)
2991 #define KRB5_KDB_UK_RERROR                       (-1780008445L)
2992 #define KRB5_KDB_UNAUTH                          (-1780008444L)
2993 #define KRB5_KDB_NOENTRY                         (-1780008443L)
2994 #define KRB5_KDB_ILL_WILDCARD                    (-1780008442L)
2995 #define KRB5_KDB_DB_INUSE                        (-1780008441L)
2996 #define KRB5_KDB_DB_CHANGED                      (-1780008440L)
2997 #define KRB5_KDB_TRUNCATED_RECORD                (-1780008439L)
2998 #define KRB5_KDB_RECURSIVELOCK                   (-1780008438L)
2999 #define KRB5_KDB_NOTLOCKED                       (-1780008437L)
3000 #define KRB5_KDB_BADLOCKMODE                     (-1780008436L)
3001 #define KRB5_KDB_DBNOTINITED                     (-1780008435L)
3002 #define KRB5_KDB_DBINITED                        (-1780008434L)
3003 #define KRB5_KDB_ILLDIRECTION                    (-1780008433L)
3004 #define KRB5_KDB_NOMASTERKEY                     (-1780008432L)
3005 #define KRB5_KDB_BADMASTERKEY                    (-1780008431L)
3006 #define KRB5_KDB_INVALIDKEYSIZE                  (-1780008430L)
3007 #define KRB5_KDB_CANTREAD_STORED                 (-1780008429L)
3008 #define KRB5_KDB_BADSTORED_MKEY                  (-1780008428L)
3009 #define KRB5_KDB_CANTLOCK_DB                     (-1780008427L)
3010 #define KRB5_KDB_DB_CORRUPT                      (-1780008426L)
3011 #define KRB5_KDB_BAD_VERSION                     (-1780008425L)
3012 #define KRB5_KDB_BAD_SALTTYPE                    (-1780008424L)
3013 #define KRB5_KDB_BAD_ENCTYPE                     (-1780008423L)
3014 #define KRB5_KDB_BAD_CREATEFLAGS                 (-1780008422L)
3015 #define KRB5_KDB_NO_PERMITTED_KEY                (-1780008421L)
3016 #define KRB5_KDB_NO_MATCHING_KEY                 (-1780008420L)
3017 /*
3018  * Incremental propagation error codes
3019  */
3020 #define	KRB5_LOG_CONV				(-1780008419L)
3021 #define	KRB5_LOG_UNSTABLE			(-1780008418L)
3022 #define	KRB5_LOG_CORRUPT			(-1780008417L)
3023 #define	KRB5_LOG_ERROR				(-1780008416L)
3024 #define KRB5_KDB_DBTYPE_NOTFOUND		(-1780008415L)
3025 #define KRB5_KDB_DBTYPE_NOSUP			(-1780008414L)
3026 #define KRB5_KDB_DBTYPE_INIT			(-1780008413L)
3027 #define KRB5_KDB_SERVER_INTERNAL_ERR		(-1780008412L)
3028 #define KRB5_KDB_ACCESS_ERROR			(-1780008411L)
3029 #define KRB5_KDB_INTERNAL_ERROR			(-1780008410L)
3030 #define KRB5_KDB_CONSTRAINT_VIOLATION		(-1780008409L)
3031 #define ERROR_TABLE_BASE_kdb5 (-1780008448L)
3032 
3033 /* for compatibility with older versions... */
3034 #define kdb5_err_base ERROR_TABLE_BASE_kdb5
3035 /*
3036  * kv5m_err.h:
3037  * This file is automatically generated; please do not edit it.
3038  */
3039 #define KV5M_NONE                                (-1760647424L)
3040 #define KV5M_PRINCIPAL                           (-1760647423L)
3041 #define KV5M_DATA                                (-1760647422L)
3042 #define KV5M_KEYBLOCK                            (-1760647421L)
3043 #define KV5M_CHECKSUM                            (-1760647420L)
3044 #define KV5M_ENCRYPT_BLOCK                       (-1760647419L)
3045 #define KV5M_ENC_DATA                            (-1760647418L)
3046 #define KV5M_CRYPTOSYSTEM_ENTRY                  (-1760647417L)
3047 #define KV5M_CS_TABLE_ENTRY                      (-1760647416L)
3048 #define KV5M_CHECKSUM_ENTRY                      (-1760647415L)
3049 #define KV5M_AUTHDATA                            (-1760647414L)
3050 #define KV5M_TRANSITED                           (-1760647413L)
3051 #define KV5M_ENC_TKT_PART                        (-1760647412L)
3052 #define KV5M_TICKET                              (-1760647411L)
3053 #define KV5M_AUTHENTICATOR                       (-1760647410L)
3054 #define KV5M_TKT_AUTHENT                         (-1760647409L)
3055 #define KV5M_CREDS                               (-1760647408L)
3056 #define KV5M_LAST_REQ_ENTRY                      (-1760647407L)
3057 #define KV5M_PA_DATA                             (-1760647406L)
3058 #define KV5M_KDC_REQ                             (-1760647405L)
3059 #define KV5M_ENC_KDC_REP_PART                    (-1760647404L)
3060 #define KV5M_KDC_REP                             (-1760647403L)
3061 #define KV5M_ERROR                               (-1760647402L)
3062 #define KV5M_AP_REQ                              (-1760647401L)
3063 #define KV5M_AP_REP                              (-1760647400L)
3064 #define KV5M_AP_REP_ENC_PART                     (-1760647399L)
3065 #define KV5M_RESPONSE                            (-1760647398L)
3066 #define KV5M_SAFE                                (-1760647397L)
3067 #define KV5M_PRIV                                (-1760647396L)
3068 #define KV5M_PRIV_ENC_PART                       (-1760647395L)
3069 #define KV5M_CRED                                (-1760647394L)
3070 #define KV5M_CRED_INFO                           (-1760647393L)
3071 #define KV5M_CRED_ENC_PART                       (-1760647392L)
3072 #define KV5M_PWD_DATA                            (-1760647391L)
3073 #define KV5M_ADDRESS                             (-1760647390L)
3074 #define KV5M_KEYTAB_ENTRY                        (-1760647389L)
3075 #define KV5M_CONTEXT                             (-1760647388L)
3076 #define KV5M_OS_CONTEXT                          (-1760647387L)
3077 #define KV5M_ALT_METHOD                          (-1760647386L)
3078 #define KV5M_ETYPE_INFO_ENTRY                    (-1760647385L)
3079 #define KV5M_DB_CONTEXT                          (-1760647384L)
3080 #define KV5M_AUTH_CONTEXT                        (-1760647383L)
3081 #define KV5M_KEYTAB                              (-1760647382L)
3082 #define KV5M_RCACHE                              (-1760647381L)
3083 #define KV5M_CCACHE                              (-1760647380L)
3084 #define KV5M_PREAUTH_OPS                         (-1760647379L)
3085 #define KV5M_SAM_CHALLENGE                       (-1760647378L)
3086 #define KV5M_SAM_KEY                             (-1760647377L)
3087 #define KV5M_ENC_SAM_RESPONSE_ENC                (-1760647376L)
3088 #define KV5M_ENC_SAM_RESPONSE_ENC_2		 (-1760647374L)
3089 #define KV5M_SAM_RESPONSE			 (-1760647373L)
3090 #define KV5M_SAM_RESPONSE_2			 (-1760647372L)
3091 #define KV5M_PREDICTED_SAM_RESPONSE		 (-1760647371L)
3092 #define KV5M_PASSWD_PHRASE_ELEMENT		 (-1760647370L)
3093 #define KV5M_GSS_OID				 (-1760647369L)
3094 #define KV5M_GSS_QUEUE				 (-1760647368L)
3095 #define ERROR_TABLE_BASE_kv5m (-1760647424L)
3096 
3097 /* for compatibility with older versions... */
3098 #define kv5m_err_base ERROR_TABLE_BASE_kv5m
3099 /*
3100  * asn1_err.h:
3101  * This file is automatically generated; please do not edit it.
3102  */
3103 #define ASN1_BAD_TIMEFORMAT                      (1859794432L)
3104 #define ASN1_MISSING_FIELD                       (1859794433L)
3105 #define ASN1_MISPLACED_FIELD                     (1859794434L)
3106 #define ASN1_TYPE_MISMATCH                       (1859794435L)
3107 #define ASN1_OVERFLOW                            (1859794436L)
3108 #define ASN1_OVERRUN                             (1859794437L)
3109 #define ASN1_BAD_ID                              (1859794438L)
3110 #define ASN1_BAD_LENGTH                          (1859794439L)
3111 #define ASN1_BAD_FORMAT                          (1859794440L)
3112 #define ASN1_PARSE_ERROR                         (1859794441L)
3113 #define ASN1_BAD_GMTIME                          (1859794442L)
3114 #define ASN1_MISMATCH_INDEF			 (1859794443L)
3115 #define ASN1_MISSING_EOC			 (1859794444L)
3116 #define ERROR_TABLE_BASE_asn1 (1859794432L)
3117 
3118 /* for compatibility with older versions... */
3119 #define asn1_err_base ERROR_TABLE_BASE_asn1
3120 
3121 #ifdef __cplusplus
3122 }
3123 #endif
3124 
3125 #endif		/* _KRB5_H */
3126