1 /* 2 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * Copyright (C) 1989-1995 by the Massachusetts Institute of Technology, 8 * Cambridge, MA, USA. All Rights Reserved. 9 * 10 * This software is being provided to you, the LICENSEE, by the 11 * Massachusetts Institute of Technology (M.I.T.) under the following 12 * license. By obtaining, using and/or copying this software, you agree 13 * that you have read, understood, and will comply with these terms and 14 * conditions: 15 * 16 * Export of this software from the United States of America may 17 * require a specific license from the United States Government. 18 * It is the responsibility of any person or organization contemplating 19 * export to obtain such a license before exporting. 20 * 21 * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 22 * this software and its documentation for any purpose and without fee or 23 * royalty is hereby granted, provided that you agree to comply with the 24 * following copyright notice and statements, including the disclaimer, and 25 * that the same appear on ALL copies of the software and documentation, 26 * including modifications that you make for internal use or for 27 * distribution: 28 * 29 * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 30 * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not 31 * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 32 * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 33 * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 34 * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. 35 * 36 * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 37 * be used in advertising or publicity pertaining to distribution of the 38 * software. Title to copyright in this software and any associated 39 * documentation shall at all times remain with M.I.T., and USER agrees to 40 * preserve same. 41 */ 42 /* 43 * Copyright (C) 1998 by the FundsXpress, INC. 44 * 45 * All rights reserved. 46 * 47 * Export of this software from the United States of America may require 48 * a specific license from the United States Government. It is the 49 * responsibility of any person or organization contemplating export to 50 * obtain such a license before exporting. 51 * 52 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 53 * distribute this software and its documentation for any purpose and 54 * without fee is hereby granted, provided that the above copyright 55 * notice appear in all copies and that both that copyright notice and 56 * this permission notice appear in supporting documentation, and that 57 * the name of FundsXpress. not be used in advertising or publicity pertaining 58 * to distribution of the software without specific, written prior 59 * permission. FundsXpress makes no representations about the suitability of 60 * this software for any purpose. It is provided "as is" without express 61 * or implied warranty. 62 * 63 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 64 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 65 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 66 */ 67 68 /* 69 * This prototype for k5-int.h (Krb5 internals include file) 70 * includes the user-visible definitions from krb5.h and then 71 * includes other definitions that are not user-visible but are 72 * required for compiling Kerberos internal routines. 73 * 74 * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995 75 */ 76 77 #ifndef _KRB5_INT_H 78 #define _KRB5_INT_H 79 80 #pragma ident "%Z%%M% %I% %E% SMI" 81 82 #ifndef _KERNEL 83 #include <osconf.h> 84 #include <security/cryptoki.h> 85 #else 86 #include <sys/crypto/common.h> 87 #include <sys/crypto/api.h> 88 #endif 89 90 #ifdef DEBUG 91 #if !defined(KRB5_DEBUG) 92 #define KRB5_DEBUG 93 #endif 94 #ifndef KRB5_LOG_LVL 95 #define KRB5_LOG_LVL KRB5_ERR 96 #endif 97 #endif /* DEBUG */ 98 99 #ifdef _KERNEL 100 101 #ifdef DEBUG 102 #include <sys/types.h> 103 #include <sys/cmn_err.h> 104 extern void prom_printf(); 105 #endif /* DEBUG */ 106 107 #else /* !_KERNEL */ 108 109 #define prom_printf printf 110 111 #endif /* !_KERNEL */ 112 113 #ifdef KRB5_LOG_LVL 114 115 /* krb5_log is used to set the logging level to determine what class of messages 116 * are output by the mech. Note, more than one logging level can be used by 117 * bit or'ing the log values together. 118 * 119 * All log messages are captured by syslog. 120 */ 121 122 extern unsigned int krb5_log; 123 124 /* Note, these defines should be mutually exclusive bit fields */ 125 #define KRB5_ERR 1 /* Use this debug log level for error path logging. */ 126 #define KRB5_INFO 2 /* Use this debug log level for informational messages. */ 127 128 #ifdef _KERNEL 129 130 #define KRB5_LOG1(A, B, C, D) \ 131 ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C), (D)), TRUE))) 132 #define KRB5_LOG(A, B, C) \ 133 ((void)((krb5_log) && (krb5_log & (A)) && (printf((B), (C)), TRUE))) 134 #define KRB5_LOG0(A, B) \ 135 ((void)((krb5_log) && (krb5_log & (A)) && (printf((B)), TRUE))) 136 137 #else /* !_KERNEL */ 138 139 #include <syslog.h> 140 141 #define KRB5_LOG1(A, B, C, D) \ 142 ((void)((krb5_log) && (krb5_log & (A)) && \ 143 (syslog(LOG_DEBUG, (B), (C), (D)), TRUE))) 144 #define KRB5_LOG(A, B, C) \ 145 ((void)((krb5_log) && (krb5_log & (A)) && \ 146 (syslog(LOG_DEBUG, (B), (C)), TRUE))) 147 #define KRB5_LOG0(A, B) \ 148 ((void)((krb5_log) && (krb5_log & (A)) && \ 149 (syslog(LOG_DEBUG, B), TRUE))) 150 151 #endif /* _KERNEL */ 152 153 #else /* ! KRB5_LOG_LVL */ 154 155 #define KRB5_LOG1(A, B, C, D) 156 #define KRB5_LOG(A, B, C) 157 #define KRB5_LOG0(A, B) 158 159 #endif /* KRB5_LOG_LVL */ 160 161 /* Compatibility switch for SAM preauth */ 162 #define AS_REP_105_SAM_COMPAT 163 164 #ifdef POSIX_TYPES 165 #define timetype time_t 166 #else 167 #define timetype long 168 #endif 169 170 /* 171 * Begin "k5-config.h" 172 */ 173 #ifndef KRB5_CONFIG__ 174 #define KRB5_CONFIG__ 175 176 /* 177 * Machine-type definitions: PC Clone 386 running Microsoft Windows 178 */ 179 180 #if defined(_MSDOS) || defined(_WIN32) || defined(macintosh) 181 #include "win-mac.h" 182 #if defined(macintosh) && defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) 183 #pragma import on 184 #endif 185 #endif 186 187 #if defined(_MSDOS) || defined(_WIN32) 188 /* Kerberos Windows initialization file */ 189 #define KERBEROS_INI "kerberos.ini" 190 #define INI_FILES "Files" 191 #define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */ 192 #define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */ 193 #define HAVE_LABS 194 #define ANSI_STDIO 195 #endif 196 197 198 #ifndef macintosh 199 #if defined(__MWERKS__) || defined(applec) || defined(THINK_C) 200 #define macintosh 201 #define SIZEOF_INT 4 202 #define SIZEOF_SHORT 2 203 #define HAVE_SRAND 204 #define NO_PASSWORD 205 #define HAVE_LABS 206 /*#define ENOMEM -1*/ 207 #define ANSI_STDIO 208 #ifndef _SIZET 209 typedef unsigned int size_t; 210 #define _SIZET 211 #endif 212 #include <unix.h> 213 #include <ctype.h> 214 #endif 215 #endif 216 217 #ifndef _KERNEL 218 #ifndef KRB5_AUTOCONF__ 219 #define KRB5_AUTOCONF__ 220 #include <autoconf.h> 221 #endif 222 #endif /* !_KERNEL */ 223 224 #ifndef KRB5_SYSTYPES__ 225 #define KRB5_SYSTYPES__ 226 227 #ifdef HAVE_SYS_TYPES_H /* From autoconf.h */ 228 #include <sys/types.h> 229 #else /* HAVE_SYS_TYPES_H */ 230 #endif /* HAVE_SYS_TYPES_H */ 231 #endif /* KRB5_SYSTYPES__ */ 232 233 #ifdef SYSV 234 /* Change srandom and random to use rand and srand */ 235 /* Taken from the Sandia changes. XXX We should really just include */ 236 /* srandom and random into Kerberos release, since rand() is a really */ 237 /* bad random number generator.... [tytso:19920616.2231EDT] */ 238 #define random() rand() 239 #define srandom(a) srand(a) 240 #endif /* SYSV */ 241 242 typedef uint64_t krb5_ui_8; 243 typedef int64_t krb5_int64; 244 245 #define DEFAULT_PWD_STRING1 "Enter password:" 246 #define DEFAULT_PWD_STRING2 "Re-enter password for verification:" 247 248 #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ 249 #define KRB5_KDB_MAX_RLIFE (60*60*24*365) /* one year */ 250 #define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */ 251 #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */ 252 #define KRB5_DEFAULT_RENEW_LIFE 7*24*60*60 /* 7 Days */ 253 254 /* 255 * Windows requires a different api interface to each function. Here 256 * just define it as NULL. 257 */ 258 #ifndef KRB5_CALLCONV 259 #define KRB5_CALLCONV 260 #define KRB5_CALLCONV_C 261 #define KRB5_DLLIMP 262 #define GSS_DLLIMP 263 #define KRB5_EXPORTVAR 264 #define FAR 265 #define NEAR 266 #endif 267 #ifndef O_BINARY 268 #define O_BINARY 0 269 #endif 270 271 #ifndef HAVE_LABS 272 #define labs(x) abs(x) 273 #endif 274 275 #endif /* KRB5_CONFIG__ */ 276 277 /* 278 * End "k5-config.h" 279 */ 280 281 /* 282 * After loading the configuration definitions, load the Kerberos definitions. 283 */ 284 #include <krb5.h> 285 286 #ifndef _KERNEL 287 #ifdef NEED_SOCKETS 288 #include <port-sockets.h> 289 #include <socket-utils.h> 290 #else 291 #ifndef SOCK_DGRAM 292 struct sockaddr; 293 #endif 294 #endif 295 #endif 296 297 /* krb5/krb5.h includes many other .h files in the krb5 subdirectory. 298 The ones that it doesn't include, we include below. */ 299 300 /* 301 * Begin "k5-errors.h" 302 */ 303 #ifndef KRB5_ERRORS__ 304 #define KRB5_ERRORS__ 305 306 307 /* Error codes used in KRB_ERROR protocol messages. 308 Return values of library routines are based on a different error table 309 (which allows non-ambiguous error codes between subsystems) */ 310 311 /* KDC errors */ 312 #define KDC_ERR_NONE 0 /* No error */ 313 #define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */ 314 #define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */ 315 #define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */ 316 #define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */ 317 #define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */ 318 #define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */ 319 #define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */ 320 #define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */ 321 #define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */ 322 #define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */ 323 #define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */ 324 #define KDC_ERR_POLICY 12 /* KDC policy rejects request */ 325 #define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */ 326 #define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */ 327 #define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */ 328 #define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */ 329 #define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */ 330 #define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */ 331 #define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */ 332 #define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */ 333 #define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */ 334 #define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */ 335 #define KDC_ERR_KEY_EXP 23 /* Password has expired */ 336 #define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */ 337 #define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */ 338 /* required */ 339 #define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */ 340 /* ticket don't match*/ 341 /* Application errors */ 342 #define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */ 343 #define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */ 344 #define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */ 345 #define KRB_AP_ERR_REPEAT 34 /* Request is a replay */ 346 #define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */ 347 #define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */ 348 #define KRB_AP_ERR_SKEW 37 /* Clock skew too great */ 349 #define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */ 350 #define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */ 351 #define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */ 352 #define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */ 353 #define KRB_AP_ERR_BADORDER 42 /* Message out of order */ 354 #define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */ 355 #define KRB_AP_ERR_NOKEY 45 /* Service key not available */ 356 #define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */ 357 #define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */ 358 #define KRB_AP_ERR_METHOD 48 /* Alternative authentication */ 359 /* method required */ 360 #define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */ 361 /* in message */ 362 #define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */ 363 /* checksum in message */ 364 #define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */ 365 #define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */ 366 /* retry with TCP */ 367 368 /* other errors */ 369 #define KRB_ERR_GENERIC 60 /* Generic error (description */ 370 /* in e-text) */ 371 #define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */ 372 373 #endif /* KRB5_ERRORS__ */ 374 /* 375 * End "k5-errors.h" 376 */ 377 378 /* 379 * This structure is returned in the e-data field of the KRB-ERROR 380 * message when the error calling for an alternative form of 381 * authentication is returned, KRB_AP_METHOD. 382 */ 383 typedef struct _krb5_alt_method { 384 krb5_magic magic; 385 krb5_int32 method; 386 unsigned int length; 387 krb5_octet *data; 388 } krb5_alt_method; 389 390 /* 391 * A null-terminated array of this structure is returned by the KDC as 392 * the data part of the ETYPE_INFO preauth type. It informs the 393 * client which encryption types are supported. 394 * The same data structure is used by both etype-info and etype-info2 395 * but s2kparams must be null when encoding etype-info. 396 */ 397 typedef struct _krb5_etype_info_entry { 398 krb5_magic magic; 399 krb5_enctype etype; 400 unsigned int length; 401 krb5_octet *salt; 402 krb5_data s2kparams; 403 } krb5_etype_info_entry; 404 405 /* 406 * This is essentially -1 without sign extension which can screw up 407 * comparisons on 64 bit machines. If the length is this value, then 408 * the salt data is not present. This is to distinguish between not 409 * being set and being of 0 length. 410 */ 411 #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS 412 413 typedef krb5_etype_info_entry ** krb5_etype_info; 414 415 /* 416 * a sam_challenge is returned for alternate preauth 417 */ 418 /* 419 SAMFlags ::= BIT STRING { 420 use-sad-as-key[0], 421 send-encrypted-sad[1], 422 must-pk-encrypt-sad[2] 423 } 424 */ 425 /* 426 PA-SAM-CHALLENGE ::= SEQUENCE { 427 sam-type[0] INTEGER, 428 sam-flags[1] SAMFlags, 429 sam-type-name[2] GeneralString OPTIONAL, 430 sam-track-id[3] GeneralString OPTIONAL, 431 sam-challenge-label[4] GeneralString OPTIONAL, 432 sam-challenge[5] GeneralString OPTIONAL, 433 sam-response-prompt[6] GeneralString OPTIONAL, 434 sam-pk-for-sad[7] EncryptionKey OPTIONAL, 435 sam-nonce[8] INTEGER OPTIONAL, 436 sam-cksum[9] Checksum OPTIONAL 437 } 438 */ 439 /* sam_type values -- informational only */ 440 #define PA_SAM_TYPE_ENIGMA 1 /* Enigma Logic */ 441 #define PA_SAM_TYPE_DIGI_PATH 2 /* Digital Pathways */ 442 #define PA_SAM_TYPE_SKEY_K0 3 /* S/key where KDC has key 0 */ 443 #define PA_SAM_TYPE_SKEY 4 /* Traditional S/Key */ 444 #define PA_SAM_TYPE_SECURID 5 /* Security Dynamics */ 445 #define PA_SAM_TYPE_CRYPTOCARD 6 /* CRYPTOCard */ 446 #if 1 /* XXX need to figure out who has which numbers assigned */ 447 #define PA_SAM_TYPE_ACTIVCARD_DEC 6 /* ActivCard decimal mode */ 448 #define PA_SAM_TYPE_ACTIVCARD_HEX 7 /* ActivCard hex mode */ 449 #define PA_SAM_TYPE_DIGI_PATH_HEX 8 /* Digital Pathways hex mode */ 450 #endif 451 #define PA_SAM_TYPE_EXP_BASE 128 /* experimental */ 452 #define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */ 453 #define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */ 454 455 typedef struct _krb5_predicted_sam_response { 456 krb5_magic magic; 457 krb5_keyblock sam_key; 458 krb5_flags sam_flags; /* Makes key munging easier */ 459 krb5_timestamp stime; /* time on server, for replay detection */ 460 krb5_int32 susec; 461 krb5_principal client; 462 krb5_data msd; /* mechanism specific data */ 463 } krb5_predicted_sam_response; 464 465 typedef struct _krb5_sam_challenge { 466 krb5_magic magic; 467 krb5_int32 sam_type; /* information */ 468 krb5_flags sam_flags; /* KRB5_SAM_* values */ 469 krb5_data sam_type_name; 470 krb5_data sam_track_id; 471 krb5_data sam_challenge_label; 472 krb5_data sam_challenge; 473 krb5_data sam_response_prompt; 474 krb5_data sam_pk_for_sad; 475 krb5_int32 sam_nonce; 476 krb5_checksum sam_cksum; 477 } krb5_sam_challenge; 478 479 typedef struct _krb5_sam_key { /* reserved for future use */ 480 krb5_magic magic; 481 krb5_keyblock sam_key; 482 } krb5_sam_key; 483 484 typedef struct _krb5_enc_sam_response_enc { 485 krb5_magic magic; 486 krb5_int32 sam_nonce; 487 krb5_timestamp sam_timestamp; 488 krb5_int32 sam_usec; 489 krb5_data sam_sad; 490 } krb5_enc_sam_response_enc; 491 492 typedef struct _krb5_sam_response { 493 krb5_magic magic; 494 krb5_int32 sam_type; /* informational */ 495 krb5_flags sam_flags; /* KRB5_SAM_* values */ 496 krb5_data sam_track_id; /* copied */ 497 krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */ 498 krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */ 499 krb5_int32 sam_nonce; 500 krb5_timestamp sam_patimestamp; 501 } krb5_sam_response; 502 503 typedef struct _krb5_sam_challenge_2 { 504 krb5_data sam_challenge_2_body; 505 krb5_checksum **sam_cksum; /* Array of checksums */ 506 } krb5_sam_challenge_2; 507 508 typedef struct _krb5_sam_challenge_2_body { 509 krb5_magic magic; 510 krb5_int32 sam_type; /* information */ 511 krb5_flags sam_flags; /* KRB5_SAM_* values */ 512 krb5_data sam_type_name; 513 krb5_data sam_track_id; 514 krb5_data sam_challenge_label; 515 krb5_data sam_challenge; 516 krb5_data sam_response_prompt; 517 krb5_data sam_pk_for_sad; 518 krb5_int32 sam_nonce; 519 krb5_enctype sam_etype; 520 } krb5_sam_challenge_2_body; 521 522 typedef struct _krb5_sam_response_2 { 523 krb5_magic magic; 524 krb5_int32 sam_type; /* informational */ 525 krb5_flags sam_flags; /* KRB5_SAM_* values */ 526 krb5_data sam_track_id; /* copied */ 527 krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */ 528 krb5_int32 sam_nonce; 529 } krb5_sam_response_2; 530 531 typedef struct _krb5_enc_sam_response_enc_2 { 532 krb5_magic magic; 533 krb5_int32 sam_nonce; 534 krb5_data sam_sad; 535 } krb5_enc_sam_response_enc_2; 536 537 /* 538 * Begin "dbm.h" 539 */ 540 #ifndef _KERNEL 541 542 /* 543 * Since we are always using db, use the db-ndbm include header file. 544 */ 545 546 #include "db-ndbm.h" 547 548 #endif /* !KERNEL */ 549 /* 550 * End "dbm.h" 551 */ 552 553 /* 554 * Begin "ext-proto.h" 555 */ 556 #ifndef KRB5_EXT_PROTO__ 557 #define KRB5_EXT_PROTO__ 558 559 #ifndef _KERNEL 560 #include <stdlib.h> 561 562 #ifdef HAVE_STRING_H 563 #include <string.h> 564 #else 565 #include <strings.h> 566 #endif 567 568 #endif /* !_KERNEL */ 569 570 #ifndef HAVE_STRDUP 571 extern char *strdup (const char *); 572 #endif 573 574 #ifndef _KERNEL 575 #ifdef HAVE_UNISTD_H 576 #include <unistd.h> 577 #endif 578 #endif /* !_KERNEL */ 579 580 #endif /* KRB5_EXT_PROTO__ */ 581 /* 582 * End "ext-proto.h" 583 */ 584 585 /* 586 * Begin "sysincl.h" 587 */ 588 #ifndef KRB5_SYSINCL__ 589 #define KRB5_SYSINCL__ 590 591 #ifndef KRB5_SYSTYPES__ 592 #define KRB5_SYSTYPES__ 593 /* needed for much of the rest -- but already handled in krb5.h? */ 594 /* #include <sys/types.h> */ 595 #endif /* KRB5_SYSTYPES__ */ 596 597 #ifdef _KERNEL 598 #include <sys/time.h> 599 #else 600 #ifdef HAVE_SYS_TIME_H 601 #include <sys/time.h> 602 #ifdef TIME_WITH_SYS_TIME 603 #include <time.h> 604 #endif 605 #else 606 #include <time.h> 607 #endif 608 #endif /* _KERNEL */ 609 610 #ifdef HAVE_SYS_STAT_H 611 #include <sys/stat.h> /* struct stat, stat() */ 612 #endif 613 614 #ifdef HAVE_SYS_PARAM_H 615 #include <sys/param.h> /* MAXPATHLEN */ 616 #endif 617 618 #ifdef HAVE_SYS_FILE_H 619 #include <sys/file.h> /* prototypes for file-related 620 syscalls; flags for open & 621 friends */ 622 #endif 623 624 #ifdef _KERNEL 625 #include <sys/fcntl.h> 626 #else 627 #include <fcntl.h> 628 #endif 629 630 #endif /* KRB5_SYSINCL__ */ 631 /* 632 * End "sysincl.h" 633 */ 634 635 /* 636 * Begin "los-proto.h" 637 */ 638 #ifndef KRB5_LIBOS_PROTO__ 639 #define KRB5_LIBOS_PROTO__ 640 641 #ifndef _KERNEL 642 #include <stdio.h> 643 644 struct addrlist; 645 #endif 646 647 /* libos.spec */ 648 krb5_error_code krb5_lock_file 649 (krb5_context, int, int); 650 651 krb5_error_code krb5_unlock_file 652 (krb5_context, int); 653 654 int krb5_net_read 655 (krb5_context, int , char *, int); 656 657 int krb5_net_write 658 (krb5_context, int , const char *, int); 659 660 krb5_error_code krb5_sendto_kdc 661 (krb5_context, const krb5_data *, const krb5_data *, 662 krb5_data *, int, int); 663 664 krb5_error_code krb5_get_krbhst 665 (krb5_context, const krb5_data *, char ***); 666 667 krb5_error_code krb5_free_krbhst 668 (krb5_context, char * const *); 669 670 krb5_error_code krb5_gen_replay_name 671 (krb5_context, const krb5_address *, const char *, char **); 672 673 krb5_error_code krb5_create_secure_file 674 (krb5_context, const char * pathname); 675 676 #ifndef _KERNEL 677 krb5_error_code krb5_sync_disk_file 678 (krb5_context, FILE *fp); 679 680 krb5_error_code 681 krb5_open_pkcs11_session(CK_SESSION_HANDLE *); 682 #endif 683 684 685 krb5_error_code krb5_read_message 686 (krb5_context, krb5_pointer, krb5_data *); 687 688 krb5_error_code krb5_write_message 689 (krb5_context, krb5_pointer, krb5_data *); 690 691 krb5_error_code krb5int_get_fq_local_hostname (char *, size_t); 692 693 krb5_error_code krb5_os_init_context 694 (krb5_context); 695 696 void krb5_os_free_context (krb5_context); 697 698 krb5_error_code krb5_find_config_files(void); 699 700 #ifndef _KERNEL 701 /* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're 702 * going to use this structure. */ 703 struct addrlist { 704 struct addrinfo **addrs; 705 int naddrs; 706 int space; 707 }; 708 709 #define ADDRLIST_INIT { 0, 0, 0 } 710 extern void krb5int_free_addrlist (struct addrlist *); 711 extern int krb5int_grow_addrlist (struct addrlist *, int); 712 extern int krb5int_add_host_to_list (struct addrlist *, const char *, 713 int, int, int, int); 714 715 krb5_error_code krb5_locate_srv_conf 716 (krb5_context, const krb5_data *, const char *, 717 struct sockaddr **, int*, int); 718 719 #ifdef KRB5_DNS_LOOKUP 720 /* no context? */ 721 krb5_error_code krb5_locate_srv_dns 722 (const krb5_data *, const char *, 723 const char *, struct sockaddr **, int *, 724 char *, unsigned short *, boolean_t); 725 726 int _krb5_conf_boolean(char *); 727 int _krb5_use_dns_kdc(krb5_context); 728 int _krb5_use_dns_realm(krb5_context); 729 730 #endif /* KRB5_DNS_LOOKUP */ 731 #endif /* _KERNEL */ 732 733 #endif /* KRB5_LIBOS_PROTO__ */ 734 735 /* new encryption provider api */ 736 737 struct krb5_enc_provider { 738 void (*block_size) (size_t *output); 739 740 /* keybytes is the input size to make_key; 741 keylength is the output size */ 742 void (*keysize) (size_t *keybytes, size_t *keylength); 743 744 /* ivec == 0 is an all-zeros ivec */ 745 krb5_error_code (*encrypt) ( 746 krb5_context context, 747 krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 748 krb5_const krb5_data *input, krb5_data *output); 749 750 krb5_error_code (*decrypt) ( 751 krb5_context context, 752 krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 753 krb5_const krb5_data *input, krb5_data *output); 754 755 krb5_error_code (*make_key) 756 (krb5_context, krb5_const krb5_data *, krb5_keyblock *); 757 758 krb5_error_code (*init_state) (krb5_context, 759 const krb5_keyblock *, 760 krb5_keyusage, krb5_data *); 761 krb5_error_code (*free_state) (krb5_context, krb5_data *); 762 763 }; 764 765 struct krb5_hash_provider { 766 void (*hash_size) (size_t *output); 767 768 void (*block_size) (size_t *output); 769 770 /* this takes multiple inputs to avoid lots of copying. */ 771 krb5_error_code (*hash) (krb5_context context, 772 unsigned int icount, krb5_const krb5_data *input, 773 krb5_data *output); 774 }; 775 776 struct krb5_keyhash_provider { 777 void (*hash_size) (size_t *output); 778 779 krb5_error_code (*hash) ( 780 krb5_context context, 781 krb5_const krb5_keyblock *key, 782 krb5_keyusage keyusage, 783 krb5_const krb5_data *ivec, 784 krb5_const krb5_data *input, krb5_data *output); 785 786 krb5_error_code (*verify) ( 787 krb5_context context, 788 krb5_const krb5_keyblock *key, 789 krb5_keyusage keyusage, 790 krb5_const krb5_data *ivec, 791 krb5_const krb5_data *input, 792 krb5_const krb5_data *hash, 793 krb5_boolean *valid); 794 795 }; 796 797 typedef void (*krb5_encrypt_length_func) ( 798 krb5_const struct krb5_enc_provider *enc, 799 krb5_const struct krb5_hash_provider *hash, 800 size_t inputlen, size_t *length); 801 802 typedef krb5_error_code (*krb5_crypt_func) ( 803 krb5_context context, 804 krb5_const struct krb5_enc_provider *enc, 805 krb5_const struct krb5_hash_provider *hash, 806 krb5_const krb5_keyblock *key, krb5_keyusage usage, 807 krb5_const krb5_data *ivec, 808 krb5_const krb5_data *input, krb5_data *output); 809 810 #ifndef _KERNEL 811 typedef krb5_error_code (*krb5_str2key_func) ( 812 krb5_context context, 813 krb5_const struct krb5_enc_provider *enc, krb5_const krb5_data *string, 814 krb5_const krb5_data *salt, krb5_const krb5_data *params, 815 krb5_keyblock *key); 816 #endif /* _KERNEL */ 817 818 struct krb5_keytypes { 819 krb5_enctype etype; 820 char *in_string; 821 char *out_string; 822 const struct krb5_enc_provider *enc; 823 const struct krb5_hash_provider *hash; 824 krb5_encrypt_length_func encrypt_len; 825 krb5_crypt_func encrypt; 826 krb5_crypt_func decrypt; 827 krb5_cksumtype required_ctype; 828 #ifndef _KERNEL 829 /* Solaris Kerberos: strings to key conversion not done in the kernel */ 830 krb5_str2key_func str2key; 831 #else /* _KERNEL */ 832 char *mt_e_name; 833 char *mt_h_name; 834 crypto_mech_type_t kef_cipher_mt; 835 crypto_mech_type_t kef_hash_mt; 836 #endif /* _KERNEL */ 837 }; 838 839 840 struct krb5_cksumtypes { 841 krb5_cksumtype ctype; 842 unsigned int flags; 843 char *in_string; 844 char *out_string; 845 /* if the hash is keyed, this is the etype it is keyed with. 846 Actually, it can be keyed by any etype which has the same 847 enc_provider as the specified etype. DERIVE checksums can 848 be keyed with any valid etype. */ 849 krb5_enctype keyed_etype; 850 /* I can't statically initialize a union, so I'm just going to use 851 two pointers here. The keyhash is used if non-NULL. If NULL, 852 then HMAC/hash with derived keys is used if the relevant flag 853 is set. Otherwise, a non-keyed hash is computed. This is all 854 kind of messy, but so is the krb5 api. */ 855 const struct krb5_keyhash_provider *keyhash; 856 const struct krb5_hash_provider *hash; 857 /* This just gets uglier and uglier. In the key derivation case, 858 we produce an hmac. To make the hmac code work, we can't hack 859 the output size indicated by the hash provider, but we may want 860 a truncated hmac. If we want truncation, this is the number of 861 bytes we truncate to; it should be 0 otherwise. */ 862 unsigned int trunc_size; 863 #ifdef _KERNEL 864 char *mt_c_name; 865 crypto_mech_type_t kef_cksum_mt; 866 #endif /* _KERNEL */ 867 }; 868 869 #define KRB5_CKSUMFLAG_DERIVE 0x0001 870 #define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002 871 872 krb5_error_code krb5int_des_init_state( 873 krb5_context, 874 const krb5_keyblock *, 875 krb5_keyusage, krb5_data *); 876 877 krb5_error_code krb5int_c_mandatory_cksumtype( 878 krb5_context, 879 krb5_enctype, 880 krb5_cksumtype *); 881 882 /* 883 * normally to free a cipher_state you can just memset the length to zero and 884 * free it. 885 */ 886 krb5_error_code krb5int_default_free_state(krb5_context, krb5_data *); 887 888 /* 889 * Combine two keys (normally used by the hardware preauth mechanism) 890 */ 891 krb5_error_code krb5int_c_combine_keys 892 (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2, 893 krb5_keyblock *outkey); 894 /* 895 * in here to deal with stuff from lib/crypto 896 */ 897 898 void krb5_nfold (int inbits, krb5_const unsigned char *in, 899 int outbits, unsigned char *out); 900 901 #ifdef _KERNEL 902 903 int k5_ef_crypto( 904 const char *, char *, 905 long, krb5_keyblock *, 906 krb5_data *, int); 907 908 krb5_error_code 909 krb5_hmac(krb5_context, const krb5_keyblock *, 910 krb5_const krb5_data *, krb5_data *); 911 912 #else 913 krb5_error_code krb5_hmac 914 (krb5_context, 915 krb5_const struct krb5_hash_provider *, 916 krb5_const krb5_keyblock *, krb5_const unsigned int, 917 krb5_const krb5_data *, krb5_data *); 918 919 #endif /* _KERNEL */ 920 921 krb5_error_code krb5int_pbkdf2_hmac_sha1 (krb5_context, 922 const krb5_data *, 923 unsigned long, 924 krb5_enctype, 925 const krb5_data *, 926 const krb5_data *); 927 928 krb5_error_code krb5_crypto_us_timeofday 929 (krb5_int32 *, krb5_int32 *); 930 931 /* this helper fct is in libkrb5, but it makes sense declared here. */ 932 933 krb5_error_code krb5_encrypt_helper 934 (krb5_context context, krb5_const krb5_keyblock *key, 935 krb5_keyusage usage, krb5_const krb5_data *plain, 936 krb5_enc_data *cipher); 937 938 /* 939 * End "los-proto.h" 940 */ 941 942 /* 943 * Include the KDB definitions. 944 */ 945 #ifndef _KERNEL 946 #include <krb5/kdb.h> 947 #endif /* !_KERNEL */ 948 /* 949 * Begin "libos.h" 950 */ 951 #ifndef KRB5_LIBOS__ 952 #define KRB5_LIBOS__ 953 954 typedef struct _krb5_os_context { 955 krb5_magic magic; 956 krb5_int32 time_offset; 957 krb5_int32 usec_offset; 958 krb5_int32 os_flags; 959 char * default_ccname; 960 krb5_principal default_ccprincipal; 961 } *krb5_os_context; 962 963 /* 964 * Flags for the os_flags field 965 * 966 * KRB5_OS_TOFFSET_VALID means that the time offset fields are valid. 967 * The intention is that this facility to correct the system clocks so 968 * that they reflect the "real" time, for systems where for some 969 * reason we can't set the system clock. Instead we calculate the 970 * offset between the system time and real time, and store the offset 971 * in the os context so that we can correct the system clock as necessary. 972 * 973 * KRB5_OS_TOFFSET_TIME means that the time offset fields should be 974 * returned as the time by the krb5 time routines. This should only 975 * be used for testing purposes (obviously!) 976 */ 977 #define KRB5_OS_TOFFSET_VALID 1 978 #define KRB5_OS_TOFFSET_TIME 2 979 980 /* lock mode flags */ 981 #define KRB5_LOCKMODE_SHARED 0x0001 982 #define KRB5_LOCKMODE_EXCLUSIVE 0x0002 983 #define KRB5_LOCKMODE_DONTBLOCK 0x0004 984 #define KRB5_LOCKMODE_UNLOCK 0x0008 985 986 #endif /* KRB5_LIBOS__ */ 987 /* 988 * End "libos.h" 989 */ 990 991 /* 992 * Define our view of the size of a DES key. 993 */ 994 #define KRB5_MIT_DES_KEYSIZE 8 995 996 /* 997 * Define a couple of SHA1 constants 998 */ 999 #define SHS_DATASIZE 64 1000 #define SHS_DIGESTSIZE 20 1001 1002 /* 1003 * Check if des_int.h has been included before us. If so, then check to see 1004 * that our view of the DES key size is the same as des_int.h's. 1005 */ 1006 #ifdef MIT_DES_KEYSIZE 1007 #if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE 1008 error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) 1009 #endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ 1010 #endif /* MIT_DES_KEYSIZE */ 1011 1012 #ifndef _KERNEL 1013 /* Solaris Kerberos: only define PROVIDE_DES3_CBC_SHA if the following are 1014 * defined. 1015 */ 1016 #define PROVIDE_DES3_CBC_SHA 1 1017 #define PROVIDE_NIST_SHA 1 1018 1019 #endif /* !_KERNEL */ 1020 1021 /* 1022 * Begin "preauth.h" 1023 * 1024 * (Originally written by Glen Machin at Sandia Labs.) 1025 */ 1026 /* 1027 * Sandia National Laboratories also makes no representations about the 1028 * suitability of the modifications, or additions to this software for 1029 * any purpose. It is provided "as is" without express or implied warranty. 1030 * 1031 */ 1032 #ifndef KRB5_PREAUTH__ 1033 #define KRB5_PREAUTH__ 1034 1035 typedef struct _krb5_pa_enc_ts { 1036 krb5_timestamp patimestamp; 1037 krb5_int32 pausec; 1038 } krb5_pa_enc_ts; 1039 1040 typedef krb5_error_code (*krb5_preauth_obtain_proc) 1041 (krb5_context, 1042 krb5_pa_data *, 1043 krb5_etype_info, 1044 krb5_keyblock *, 1045 krb5_error_code ( * )(krb5_context, 1046 krb5_const krb5_enctype, 1047 krb5_data *, 1048 krb5_const_pointer, 1049 krb5_keyblock **), 1050 krb5_const_pointer, 1051 krb5_creds *, 1052 krb5_kdc_req *, 1053 krb5_pa_data **); 1054 1055 typedef krb5_error_code (*krb5_preauth_process_proc) 1056 (krb5_context, 1057 krb5_pa_data *, 1058 krb5_kdc_req *, 1059 krb5_kdc_rep *, 1060 krb5_error_code ( * )(krb5_context, 1061 krb5_const krb5_enctype, 1062 krb5_data *, 1063 krb5_const_pointer, 1064 krb5_keyblock **), 1065 krb5_const_pointer, 1066 krb5_error_code ( * )(krb5_context, 1067 krb5_const krb5_keyblock *, 1068 krb5_const_pointer, 1069 krb5_kdc_rep * ), 1070 krb5_keyblock **, 1071 krb5_creds *, 1072 krb5_int32 *, 1073 krb5_int32 *); 1074 1075 typedef struct _krb5_preauth_ops { 1076 krb5_magic magic; 1077 int type; 1078 int flags; 1079 krb5_preauth_obtain_proc obtain; 1080 krb5_preauth_process_proc process; 1081 } krb5_preauth_ops; 1082 1083 void krb5_free_etype_info (krb5_context, krb5_etype_info); 1084 1085 /* 1086 * Preauthentication property flags 1087 */ 1088 #define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001 1089 #define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002 1090 1091 #endif /* KRB5_PREAUTH__ */ 1092 /* 1093 * End "preauth.h" 1094 */ 1095 1096 krb5_error_code 1097 krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *); 1098 1099 #ifndef _KERNEL /* needed for lib/krb5/krb/ */ 1100 typedef krb5_error_code (*krb5_gic_get_as_key_fct) 1101 (krb5_context, 1102 krb5_principal, 1103 krb5_enctype, 1104 krb5_prompter_fct, 1105 void *prompter_data, 1106 krb5_data *salt, 1107 krb5_data *s2kparams, 1108 krb5_keyblock *as_key, 1109 void *gak_data); 1110 1111 krb5_error_code KRB5_CALLCONV 1112 krb5_get_init_creds 1113 (krb5_context context, 1114 krb5_creds *creds, 1115 krb5_principal client, 1116 krb5_prompter_fct prompter, 1117 void *prompter_data, 1118 krb5_deltat start_time, 1119 char *in_tkt_service, 1120 krb5_get_init_creds_opt *options, 1121 krb5_gic_get_as_key_fct gak, 1122 void *gak_data, 1123 int master, 1124 krb5_kdc_rep **as_reply); 1125 1126 krb5_error_code krb5_do_preauth 1127 (krb5_context, krb5_kdc_req *, 1128 krb5_pa_data **, krb5_pa_data ***, 1129 krb5_data *, krb5_data *, krb5_enctype *, 1130 krb5_keyblock *, 1131 krb5_prompter_fct, void *, 1132 krb5_gic_get_as_key_fct, void *); 1133 #endif /* _KERNEL */ 1134 1135 void KRB5_CALLCONV krb5_free_sam_challenge 1136 (krb5_context, krb5_sam_challenge * ); 1137 void KRB5_CALLCONV krb5_free_sam_challenge_2 1138 (krb5_context, krb5_sam_challenge_2 * ); 1139 void KRB5_CALLCONV krb5_free_sam_challenge_2_body 1140 (krb5_context, krb5_sam_challenge_2_body *); 1141 void KRB5_CALLCONV krb5_free_sam_response 1142 (krb5_context, krb5_sam_response * ); 1143 void KRB5_CALLCONV krb5_free_sam_response_2 1144 (krb5_context, krb5_sam_response_2 * ); 1145 void KRB5_CALLCONV krb5_free_predicted_sam_response 1146 (krb5_context, krb5_predicted_sam_response * ); 1147 void KRB5_CALLCONV krb5_free_enc_sam_response_enc 1148 (krb5_context, krb5_enc_sam_response_enc * ); 1149 void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2 1150 (krb5_context, krb5_enc_sam_response_enc_2 * ); 1151 void KRB5_CALLCONV krb5_free_sam_challenge_contents 1152 (krb5_context, krb5_sam_challenge * ); 1153 void KRB5_CALLCONV krb5_free_sam_challenge_2_contents 1154 (krb5_context, krb5_sam_challenge_2 * ); 1155 void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents 1156 (krb5_context, krb5_sam_challenge_2_body * ); 1157 void KRB5_CALLCONV krb5_free_sam_response_contents 1158 (krb5_context, krb5_sam_response * ); 1159 void KRB5_CALLCONV krb5_free_sam_response_2_contents 1160 (krb5_context, krb5_sam_response_2 *); 1161 void KRB5_CALLCONV krb5_free_predicted_sam_response_contents 1162 (krb5_context, krb5_predicted_sam_response * ); 1163 void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents 1164 (krb5_context, krb5_enc_sam_response_enc * ); 1165 void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents 1166 (krb5_context, krb5_enc_sam_response_enc_2 * ); 1167 1168 void KRB5_CALLCONV krb5_free_pa_enc_ts 1169 (krb5_context, krb5_pa_enc_ts *); 1170 1171 /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ 1172 /* 1173 * Solaris Kerberos: moved from sendto_kdc.c so other code can reference 1174 */ 1175 #define DEFAULT_UDP_PREF_LIMIT 1465 1176 1177 #ifndef _KERNEL 1178 #include "profile.h" 1179 #include <strings.h> 1180 #endif /* _KERNEL */ 1181 1182 #define KEY_CHANGED(k1, k2) \ 1183 (k1 == NULL || \ 1184 k1 != k2 || \ 1185 k1->enctype != k2->enctype || \ 1186 k1->length != k2->length || \ 1187 bcmp(k1->contents, k2->contents, k1->length)) 1188 1189 #ifndef _KERNEL 1190 typedef struct _arcfour_ctx { 1191 CK_SESSION_HANDLE eSession; /* encrypt session handle */ 1192 CK_SESSION_HANDLE dSession; /* decrypt session handle */ 1193 CK_OBJECT_HANDLE eKey; /* encrypt key object */ 1194 CK_OBJECT_HANDLE dKey; /* decrype key object */ 1195 uchar_t initialized; 1196 }arcfour_ctx_rec; 1197 1198 #endif /* !_KERNEL */ 1199 1200 struct _krb5_context { 1201 krb5_magic magic; 1202 krb5_enctype *in_tkt_ktypes; 1203 int in_tkt_ktype_count; 1204 krb5_enctype *tgs_ktypes; 1205 int tgs_ktype_count; 1206 void *os_context; 1207 char *default_realm; 1208 int ser_ctx_count; 1209 krb5_boolean profile_secure; 1210 void *ser_ctx; 1211 #ifndef _KERNEL 1212 profile_t profile; 1213 void *db_context; 1214 void *kdblog_context; 1215 /* allowable clock skew */ 1216 krb5_deltat clockskew; 1217 krb5_cksumtype kdc_req_sumtype; 1218 krb5_cksumtype default_ap_req_sumtype; 1219 krb5_cksumtype default_safe_sumtype; 1220 krb5_flags kdc_default_options; 1221 krb5_flags library_options; 1222 int fcc_default_format; 1223 int scc_default_format; 1224 krb5_prompt_type *prompt_types; 1225 /* Message size above which we'll try TCP first in send-to-kdc 1226 type code. Aside from the 2**16 size limit, we put no 1227 absolute limit on the UDP packet size. */ 1228 int udp_pref_limit; 1229 1230 /* This is the tgs_ktypes list as read from the profile, or 1231 set to compiled-in defaults. The application code cannot 1232 override it. This is used for session keys for 1233 intermediate ticket-granting tickets used to acquire the 1234 requested ticket (the session key of which may be 1235 constrained by tgs_ktypes above). */ 1236 krb5_enctype *conf_tgs_ktypes; 1237 int conf_tgs_ktypes_count; 1238 1239 /* Use the _configured version? */ 1240 krb5_boolean use_conf_ktypes; 1241 #ifdef KRB5_DNS_LOOKUP 1242 krb5_boolean profile_in_memory; 1243 #endif /* KRB5_DNS_LOOKUP */ 1244 1245 pid_t pid; /* fork safety: PID of process that did last PKCS11 init */ 1246 1247 /* Solaris Kerberos: handles for PKCS#11 crypto */ 1248 /* 1249 * Warning, do not access hSession directly as this is not fork() safe. 1250 * Instead use the krb_ctx_hSession() macro below. 1251 */ 1252 CK_SESSION_HANDLE hSession; 1253 int cryptoki_initialized; 1254 1255 /* arcfour_ctx: used only for rcmd stuff so no fork safety issues apply */ 1256 arcfour_ctx_rec arcfour_ctx; 1257 #else /* ! KERNEL */ 1258 crypto_mech_type_t kef_cipher_mt; 1259 crypto_mech_type_t kef_hash_mt; 1260 crypto_mech_type_t kef_cksum_mt; 1261 #endif /* ! KERNEL */ 1262 }; 1263 1264 #ifndef _KERNEL 1265 extern pid_t __krb5_current_pid; 1266 1267 CK_SESSION_HANDLE krb5_reinit_ef_handle(krb5_context); 1268 1269 /* 1270 * fork safety: barring the ef_init code, every other function must use the 1271 * krb_ctx_hSession() macro to access the hSession field in a krb context. 1272 * Note, if the pid of the krb ctx == the current global pid then it is safe to 1273 * use the ctx hSession otherwise it needs to be re-inited before it is returned 1274 * to the caller. 1275 */ 1276 #define krb_ctx_hSession(ctx) \ 1277 ((ctx)->pid == __krb5_current_pid) ? (ctx)->hSession : krb5_reinit_ef_handle((ctx)) 1278 #endif 1279 1280 #define MD5_CKSUM_LENGTH 16 1281 #define RSA_MD5_CKSUM_LENGTH 16 1282 #define MD5_BLOCKSIZE 64 1283 1284 1285 /* 1286 * Solaris Kerberos: 1287 * This next section of prototypes and constants 1288 * are all unique to the Solaris Kerberos implementation. 1289 * Because Solaris uses the native encryption framework 1290 * to provide crypto support, the following routines 1291 * are needed to support this system. 1292 */ 1293 1294 /* 1295 * Begin Solaris Crypto Prototypes 1296 */ 1297 1298 /* 1299 * define constants that are used for creating the constant 1300 * which is used to make derived keys. 1301 */ 1302 #define DK_ENCR_KEY_BYTE 0xAA 1303 #define DK_HASH_KEY_BYTE 0x55 1304 #define DK_CKSUM_KEY_BYTE 0x99 1305 1306 int init_derived_keydata(krb5_context, const struct krb5_enc_provider *, 1307 krb5_keyblock *, krb5_keyusage, 1308 krb5_keyblock **, krb5_keyblock **); 1309 1310 krb5_error_code add_derived_key(krb5_keyblock *, krb5_keyusage, uchar_t, 1311 krb5_keyblock *); 1312 1313 krb5_keyblock *find_derived_key(krb5_keyusage, uchar_t, krb5_keyblock *); 1314 krb5_keyblock *krb5_create_derived_keyblock(int); 1315 1316 #ifdef _KERNEL 1317 int k5_ef_hash(krb5_context, int, const krb5_data *, krb5_data *); 1318 1319 int k5_ef_mac(krb5_context, krb5_keyblock *, krb5_data *, 1320 const krb5_data *, krb5_data *); 1321 1322 void make_kef_key(krb5_keyblock *); 1323 int init_key_kef(crypto_mech_type_t, krb5_keyblock *); 1324 int update_key_template(krb5_keyblock *); 1325 void setup_kef_keytypes(); 1326 void setup_kef_cksumtypes(); 1327 crypto_mech_type_t get_cipher_mech_type(krb5_context, krb5_keyblock *); 1328 crypto_mech_type_t get_hash_mech_type(krb5_context, krb5_keyblock *); 1329 1330 #else 1331 /* 1332 * This structure is used to map Kerberos supported OID's, 1333 * to PKCS11 mechanisms 1334 */ 1335 #define USE_ENCR 0x01 1336 #define USE_HASH 0x02 1337 1338 typedef struct krb5_mech_2_pkcs { 1339 uchar_t flags; 1340 CK_MECHANISM_TYPE enc_algo; 1341 CK_MECHANISM_TYPE hash_algo; 1342 CK_MECHANISM_TYPE str2key_algo; 1343 } KRB5_MECH_TO_PKCS; 1344 1345 #define ENC_DEFINED(x) (((x).flags & USE_ENCR)) 1346 #define HASH_DEFINED(x) (((x).flags & USE_HASH)) 1347 1348 extern CK_RV get_algo(krb5_enctype etype, KRB5_MECH_TO_PKCS * algos); 1349 extern CK_RV get_key_type (krb5_enctype etype, CK_KEY_TYPE * keyType); 1350 extern krb5_error_code slot_supports_krb5 (CK_SLOT_ID_PTR slotid); 1351 1352 krb5_error_code init_key_uef(CK_SESSION_HANDLE, krb5_keyblock *); 1353 1354 krb5_error_code k5_ef_hash(krb5_context, CK_MECHANISM *, 1355 unsigned int, const krb5_data *, krb5_data *); 1356 1357 krb5_error_code k5_ef_mac(krb5_context context, 1358 krb5_keyblock *key, krb5_data *ivec, 1359 krb5_const krb5_data *input, krb5_data *output); 1360 1361 #endif /* !_KERNEL */ 1362 1363 krb5_error_code 1364 derive_3des_keys(krb5_context, struct krb5_enc_provider *, 1365 krb5_keyblock *, krb5_keyusage, 1366 krb5_keyblock *, krb5_keyblock *); 1367 1368 /* 1369 * End Solaris Crypto Prototypes 1370 */ 1371 1372 #define KRB5_LIBOPT_SYNC_KDCTIME 0x0001 1373 1374 /* 1375 * Begin "asn1.h" 1376 */ 1377 #ifndef KRB5_ASN1__ 1378 #define KRB5_ASN1__ 1379 1380 /* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */ 1381 /* here we use some knowledge of ASN.1 encodings */ 1382 /* 1383 Ticket is APPLICATION 1. 1384 Authenticator is APPLICATION 2. 1385 AS_REQ is APPLICATION 10. 1386 AS_REP is APPLICATION 11. 1387 TGS_REQ is APPLICATION 12. 1388 TGS_REP is APPLICATION 13. 1389 AP_REQ is APPLICATION 14. 1390 AP_REP is APPLICATION 15. 1391 KRB_SAFE is APPLICATION 20. 1392 KRB_PRIV is APPLICATION 21. 1393 KRB_CRED is APPLICATION 22. 1394 EncASRepPart is APPLICATION 25. 1395 EncTGSRepPart is APPLICATION 26. 1396 EncAPRepPart is APPLICATION 27. 1397 EncKrbPrivPart is APPLICATION 28. 1398 EncKrbCredPart is APPLICATION 29. 1399 KRB_ERROR is APPLICATION 30. 1400 */ 1401 /* allow either constructed or primitive encoding, so check for bit 6 1402 set or reset */ 1403 #define krb5_is_krb_ticket(dat)\ 1404 ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\ 1405 (dat)->data[0] == 0x41)) 1406 #define krb5_is_krb_authenticator(dat)\ 1407 ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\ 1408 (dat)->data[0] == 0x42)) 1409 #define krb5_is_as_req(dat)\ 1410 ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\ 1411 (dat)->data[0] == 0x4a)) 1412 #define krb5_is_as_rep(dat)\ 1413 ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\ 1414 (dat)->data[0] == 0x4b)) 1415 #define krb5_is_tgs_req(dat)\ 1416 ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\ 1417 (dat)->data[0] == 0x4c)) 1418 #define krb5_is_tgs_rep(dat)\ 1419 ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\ 1420 (dat)->data[0] == 0x4d)) 1421 #define krb5_is_ap_req(dat)\ 1422 ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\ 1423 (dat)->data[0] == 0x4e)) 1424 #define krb5_is_ap_rep(dat)\ 1425 ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\ 1426 (dat)->data[0] == 0x4f)) 1427 #define krb5_is_krb_safe(dat)\ 1428 ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\ 1429 (dat)->data[0] == 0x54)) 1430 #define krb5_is_krb_priv(dat)\ 1431 ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\ 1432 (dat)->data[0] == 0x55)) 1433 #define krb5_is_krb_cred(dat)\ 1434 ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\ 1435 (dat)->data[0] == 0x56)) 1436 #define krb5_is_krb_enc_as_rep_part(dat)\ 1437 ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\ 1438 (dat)->data[0] == 0x59)) 1439 #define krb5_is_krb_enc_tgs_rep_part(dat)\ 1440 ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\ 1441 (dat)->data[0] == 0x5a)) 1442 #define krb5_is_krb_enc_ap_rep_part(dat)\ 1443 ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\ 1444 (dat)->data[0] == 0x5b)) 1445 #define krb5_is_krb_enc_krb_priv_part(dat)\ 1446 ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\ 1447 (dat)->data[0] == 0x5c)) 1448 #define krb5_is_krb_enc_krb_cred_part(dat)\ 1449 ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\ 1450 (dat)->data[0] == 0x5d)) 1451 #define krb5_is_krb_error(dat)\ 1452 ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\ 1453 (dat)->data[0] == 0x5e)) 1454 1455 /************************************************************************* 1456 * Prototypes for krb5_encode.c 1457 *************************************************************************/ 1458 1459 /* 1460 krb5_error_code encode_krb5_structure(const krb5_structure *rep, 1461 krb5_data **code); 1462 modifies *code 1463 effects Returns the ASN.1 encoding of *rep in **code. 1464 Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep. 1465 Returns ENOMEM if memory runs out. 1466 */ 1467 1468 krb5_error_code encode_krb5_authenticator 1469 (const krb5_authenticator *rep, krb5_data **code); 1470 1471 krb5_error_code encode_krb5_ticket 1472 (const krb5_ticket *rep, krb5_data **code); 1473 1474 krb5_error_code encode_krb5_encryption_key 1475 (const krb5_keyblock *rep, krb5_data **code); 1476 1477 krb5_error_code encode_krb5_enc_tkt_part 1478 (const krb5_enc_tkt_part *rep, krb5_data **code); 1479 1480 krb5_error_code encode_krb5_enc_kdc_rep_part 1481 (const krb5_enc_kdc_rep_part *rep, krb5_data **code); 1482 1483 /* yes, the translation is identical to that used for KDC__REP */ 1484 krb5_error_code encode_krb5_as_rep 1485 (const krb5_kdc_rep *rep, krb5_data **code); 1486 1487 /* yes, the translation is identical to that used for KDC__REP */ 1488 krb5_error_code encode_krb5_tgs_rep 1489 (const krb5_kdc_rep *rep, krb5_data **code); 1490 1491 krb5_error_code encode_krb5_ap_req 1492 (const krb5_ap_req *rep, krb5_data **code); 1493 1494 krb5_error_code encode_krb5_ap_rep 1495 (const krb5_ap_rep *rep, krb5_data **code); 1496 1497 krb5_error_code encode_krb5_ap_rep_enc_part 1498 (const krb5_ap_rep_enc_part *rep, krb5_data **code); 1499 1500 krb5_error_code encode_krb5_as_req 1501 (const krb5_kdc_req *rep, krb5_data **code); 1502 1503 krb5_error_code encode_krb5_tgs_req 1504 (const krb5_kdc_req *rep, krb5_data **code); 1505 1506 krb5_error_code encode_krb5_kdc_req_body 1507 (const krb5_kdc_req *rep, krb5_data **code); 1508 1509 krb5_error_code encode_krb5_safe 1510 (const krb5_safe *rep, krb5_data **code); 1511 1512 krb5_error_code encode_krb5_safe_with_body 1513 (const krb5_safe *rep, const krb5_data *body, krb5_data **code); 1514 1515 krb5_error_code encode_krb5_priv 1516 (const krb5_priv *rep, krb5_data **code); 1517 1518 krb5_error_code encode_krb5_enc_priv_part 1519 (const krb5_priv_enc_part *rep, krb5_data **code); 1520 1521 krb5_error_code encode_krb5_cred 1522 (const krb5_cred *rep, krb5_data **code); 1523 1524 krb5_error_code encode_krb5_enc_cred_part 1525 (const krb5_cred_enc_part *rep, krb5_data **code); 1526 1527 krb5_error_code encode_krb5_error 1528 (const krb5_error *rep, krb5_data **code); 1529 1530 krb5_error_code encode_krb5_authdata 1531 (const krb5_authdata **rep, krb5_data **code); 1532 1533 krb5_error_code encode_krb5_pwd_sequence 1534 (const passwd_phrase_element *rep, krb5_data **code); 1535 1536 krb5_error_code encode_krb5_pwd_data 1537 (const krb5_pwd_data *rep, krb5_data **code); 1538 1539 krb5_error_code encode_krb5_padata_sequence 1540 (const krb5_pa_data ** rep, krb5_data **code); 1541 1542 krb5_error_code encode_krb5_alt_method 1543 (const krb5_alt_method *, krb5_data **code); 1544 1545 krb5_error_code encode_krb5_etype_info 1546 (const krb5_etype_info_entry **, krb5_data **code); 1547 1548 krb5_error_code encode_krb5_etype_info2 1549 (const krb5_etype_info_entry **, krb5_data **code); 1550 1551 krb5_error_code encode_krb5_enc_data 1552 (const krb5_enc_data *, krb5_data **); 1553 1554 krb5_error_code encode_krb5_pa_enc_ts 1555 (const krb5_pa_enc_ts *, krb5_data **); 1556 1557 krb5_error_code encode_krb5_sam_challenge 1558 (const krb5_sam_challenge * , krb5_data **); 1559 1560 krb5_error_code encode_krb5_sam_key 1561 (const krb5_sam_key * , krb5_data **); 1562 1563 krb5_error_code encode_krb5_enc_sam_response_enc 1564 (const krb5_enc_sam_response_enc * , krb5_data **); 1565 1566 krb5_error_code encode_krb5_sam_response 1567 (const krb5_sam_response * , krb5_data **); 1568 1569 krb5_error_code encode_krb5_predicted_sam_response 1570 (const krb5_predicted_sam_response * , krb5_data **); 1571 1572 krb5_error_code encode_krb5_sam_challenge_2 1573 (const krb5_sam_challenge_2 * , krb5_data **); 1574 1575 krb5_error_code encode_krb5_sam_challenge_2_body 1576 (const krb5_sam_challenge_2_body * , krb5_data **); 1577 1578 krb5_error_code encode_krb5_enc_sam_response_enc_2 1579 (const krb5_enc_sam_response_enc_2 * , krb5_data **); 1580 1581 krb5_error_code encode_krb5_sam_response_2 1582 (const krb5_sam_response_2 * , krb5_data **); 1583 1584 /************************************************************************* 1585 * End of prototypes for krb5_encode.c 1586 *************************************************************************/ 1587 1588 /************************************************************************* 1589 * Prototypes for krb5_decode.c 1590 *************************************************************************/ 1591 1592 /* 1593 krb5_error_code decode_krb5_structure(const krb5_data *code, 1594 krb5_structure **rep); 1595 1596 requires Expects **rep to not have been allocated; 1597 a new *rep is allocated regardless of the old value. 1598 effects Decodes *code into **rep. 1599 Returns ENOMEM if memory is exhausted. 1600 Returns asn1 and krb5 errors. 1601 */ 1602 1603 krb5_error_code decode_krb5_authenticator 1604 (const krb5_data *code, krb5_authenticator **rep); 1605 1606 krb5_error_code decode_krb5_ticket 1607 (const krb5_data *code, krb5_ticket **rep); 1608 1609 krb5_error_code decode_krb5_encryption_key 1610 (const krb5_data *output, krb5_keyblock **rep); 1611 1612 krb5_error_code decode_krb5_enc_tkt_part 1613 (const krb5_data *output, krb5_enc_tkt_part **rep); 1614 1615 krb5_error_code decode_krb5_enc_kdc_rep_part 1616 (const krb5_data *output, krb5_enc_kdc_rep_part **rep); 1617 1618 krb5_error_code decode_krb5_as_rep 1619 (const krb5_data *output, krb5_kdc_rep **rep); 1620 1621 krb5_error_code decode_krb5_tgs_rep 1622 (const krb5_data *output, krb5_kdc_rep **rep); 1623 1624 krb5_error_code decode_krb5_ap_req 1625 (const krb5_data *output, krb5_ap_req **rep); 1626 1627 krb5_error_code decode_krb5_ap_rep 1628 (const krb5_data *output, krb5_ap_rep **rep); 1629 1630 krb5_error_code decode_krb5_ap_rep_enc_part 1631 (const krb5_data *output, krb5_ap_rep_enc_part **rep); 1632 1633 krb5_error_code decode_krb5_as_req 1634 (const krb5_data *output, krb5_kdc_req **rep); 1635 1636 krb5_error_code decode_krb5_tgs_req 1637 (const krb5_data *output, krb5_kdc_req **rep); 1638 1639 krb5_error_code decode_krb5_kdc_req_body 1640 (const krb5_data *output, krb5_kdc_req **rep); 1641 1642 krb5_error_code decode_krb5_safe 1643 (const krb5_data *output, krb5_safe **rep); 1644 1645 krb5_error_code decode_krb5_safe_with_body 1646 (const krb5_data *output, krb5_safe **rep, krb5_data *body); 1647 1648 krb5_error_code decode_krb5_priv 1649 (const krb5_data *output, krb5_priv **rep); 1650 1651 krb5_error_code decode_krb5_enc_priv_part 1652 (const krb5_data *output, krb5_priv_enc_part **rep); 1653 1654 krb5_error_code decode_krb5_cred 1655 (const krb5_data *output, krb5_cred **rep); 1656 1657 krb5_error_code decode_krb5_enc_cred_part 1658 (const krb5_data *output, krb5_cred_enc_part **rep); 1659 1660 krb5_error_code decode_krb5_error 1661 (const krb5_data *output, krb5_error **rep); 1662 1663 krb5_error_code decode_krb5_authdata 1664 (const krb5_data *output, krb5_authdata ***rep); 1665 1666 krb5_error_code decode_krb5_pwd_sequence 1667 (const krb5_data *output, passwd_phrase_element **rep); 1668 1669 krb5_error_code decode_krb5_pwd_data 1670 (const krb5_data *output, krb5_pwd_data **rep); 1671 1672 krb5_error_code decode_krb5_padata_sequence 1673 (const krb5_data *output, krb5_pa_data ***rep); 1674 1675 krb5_error_code decode_krb5_alt_method 1676 (const krb5_data *output, krb5_alt_method **rep); 1677 1678 krb5_error_code decode_krb5_etype_info 1679 (const krb5_data *output, krb5_etype_info_entry ***rep); 1680 1681 krb5_error_code decode_krb5_etype_info2 1682 (const krb5_data *output, krb5_etype_info_entry ***rep); 1683 1684 krb5_error_code decode_krb5_enc_data 1685 (const krb5_data *output, krb5_enc_data **rep); 1686 1687 krb5_error_code decode_krb5_pa_enc_ts 1688 (const krb5_data *output, krb5_pa_enc_ts **rep); 1689 1690 krb5_error_code decode_krb5_sam_challenge 1691 (const krb5_data *, krb5_sam_challenge **); 1692 1693 krb5_error_code decode_krb5_sam_key 1694 (const krb5_data *, krb5_sam_key **); 1695 1696 krb5_error_code decode_krb5_enc_sam_response_enc 1697 (const krb5_data *, krb5_enc_sam_response_enc **); 1698 1699 krb5_error_code decode_krb5_sam_response 1700 (const krb5_data *, krb5_sam_response **); 1701 1702 krb5_error_code decode_krb5_predicted_sam_response 1703 (const krb5_data *, krb5_predicted_sam_response **); 1704 1705 krb5_error_code decode_krb5_sam_challenge_2 1706 (const krb5_data *, krb5_sam_challenge_2 **); 1707 1708 krb5_error_code decode_krb5_sam_challenge_2_body 1709 (const krb5_data *, krb5_sam_challenge_2_body **); 1710 1711 krb5_error_code decode_krb5_enc_sam_response_enc_2 1712 (const krb5_data *, krb5_enc_sam_response_enc_2 **); 1713 1714 krb5_error_code decode_krb5_sam_response_2 1715 (const krb5_data *, krb5_sam_response_2 **); 1716 1717 1718 /************************************************************************* 1719 * End of prototypes for krb5_decode.c 1720 *************************************************************************/ 1721 1722 #endif /* KRB5_ASN1__ */ 1723 /* 1724 * End "asn1.h" 1725 */ 1726 1727 1728 /* 1729 * Internal krb5 library routines 1730 */ 1731 krb5_error_code krb5_encrypt_tkt_part 1732 (krb5_context, 1733 krb5_const krb5_keyblock *, 1734 krb5_ticket *); 1735 1736 1737 krb5_error_code krb5_encode_kdc_rep 1738 (krb5_context, 1739 krb5_const krb5_msgtype, 1740 krb5_const krb5_enc_kdc_rep_part *, 1741 int using_subkey, 1742 krb5_const krb5_keyblock *, 1743 krb5_kdc_rep *, 1744 krb5_data ** ); 1745 1746 krb5_error_code krb5_validate_times 1747 (krb5_context, krb5_ticket_times *); 1748 1749 /* 1750 * [De]Serialization Handle and operations. 1751 */ 1752 struct __krb5_serializer { 1753 krb5_magic odtype; 1754 krb5_error_code (*sizer) (krb5_context, 1755 krb5_pointer, 1756 size_t *); 1757 krb5_error_code (*externalizer) (krb5_context, 1758 krb5_pointer, 1759 krb5_octet **, 1760 size_t *); 1761 krb5_error_code (*internalizer) (krb5_context, 1762 krb5_pointer *, 1763 krb5_octet **, 1764 size_t *); 1765 }; 1766 typedef struct __krb5_serializer * krb5_ser_handle; 1767 typedef struct __krb5_serializer krb5_ser_entry; 1768 1769 krb5_ser_handle krb5_find_serializer 1770 (krb5_context, krb5_magic); 1771 1772 krb5_error_code krb5_register_serializer 1773 (krb5_context, const krb5_ser_entry *); 1774 1775 /* Determine the external size of a particular opaque structure */ 1776 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_size_opaque 1777 (krb5_context, krb5_magic, krb5_pointer, size_t *); 1778 1779 /* Serialize the structure into a buffer */ 1780 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_externalize_opaque 1781 (krb5_context, 1782 krb5_magic, 1783 krb5_pointer, 1784 krb5_octet * *, 1785 size_t *); 1786 1787 /* Deserialize the structure from a buffer */ 1788 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_internalize_opaque 1789 (krb5_context, krb5_magic, krb5_pointer *, 1790 krb5_octet * *, size_t *); 1791 1792 /* Serialize data into a buffer */ 1793 krb5_error_code krb5_externalize_data 1794 (krb5_context, krb5_pointer, krb5_octet **, size_t *); 1795 /* 1796 * Initialization routines. 1797 */ 1798 1799 /* Initialize serialization for krb5_[os_]context */ 1800 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_context_init 1801 (krb5_context); 1802 1803 /* Initialize serialization for krb5_auth_context */ 1804 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init 1805 (krb5_context); 1806 1807 /* Initialize serialization for krb5_keytab */ 1808 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init 1809 (krb5_context); 1810 1811 /* Initialize serialization for krb5_ccache */ 1812 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init 1813 (krb5_context); 1814 1815 /* Initialize serialization for krb5_rcache */ 1816 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init 1817 (krb5_context); 1818 1819 /* [De]serialize 4-byte integer */ 1820 krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32 1821 (krb5_int32, krb5_octet * *, size_t *); 1822 1823 krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64 1824 (krb5_int64, krb5_octet * *, size_t *); 1825 1826 krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32 1827 (krb5_int32 *, krb5_octet **, size_t *); 1828 1829 krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64 1830 (krb5_int64 *, krb5_octet **, size_t *); 1831 1832 /* [De]serialize byte string */ 1833 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes 1834 (krb5_octet *, 1835 size_t, krb5_octet * *, size_t *); 1836 1837 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes 1838 (krb5_octet *, 1839 size_t, krb5_octet * *, size_t *); 1840 1841 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5int_cc_default 1842 (krb5_context, krb5_ccache *); 1843 1844 krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default 1845 (krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *); 1846 1847 void krb5int_set_prompt_types 1848 (krb5_context, krb5_prompt_type *); 1849 1850 krb5_error_code 1851 krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context, 1852 krb5_keyblock * /* Old keyblock, not new! */); 1853 1854 1855 1856 extern const struct krb5_hash_provider krb5int_hash_md5; 1857 extern const struct krb5_enc_provider krb5int_enc_arcfour; 1858 1859 struct srv_dns_entry { 1860 struct srv_dns_entry *next; 1861 int priority; 1862 int weight; 1863 unsigned short port; 1864 char *host; 1865 }; 1866 1867 krb5_error_code 1868 krb5int_make_srv_query_realm(const krb5_data *realm, 1869 const char *service, 1870 const char *protocol, 1871 struct srv_dns_entry **answers); 1872 void krb5int_free_srv_dns_data(struct srv_dns_entry *); 1873 1874 /* 1875 * Convenience function for structure magic number 1876 */ 1877 #define KRB5_VERIFY_MAGIC(structure,magic_number) \ 1878 if ((structure)->magic != (magic_number)) return (magic_number); 1879 1880 int krb5_seteuid (int); 1881 1882 char * krb5_getenv(const char *); 1883 1884 int krb5_setenv (const char *, const char *, int); 1885 1886 void krb5_unsetenv (const char *); 1887 1888 #endif /* _KRB5_INT_H */ 1889