2 * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006 by the Massachusetts Institute of Technology,
3 * Cambridge, MA, USA. All Rights Reserved.
5 * This software is being provided to you, the LICENSEE, by the
6 * Massachusetts Institute of Technology (M.I.T.) under the following
7 * license. By obtaining, using and/or copying this software, you agree
8 * that you have read, understood, and will comply with these terms and
11 * Export of this software from the United States of America may
12 * require a specific license from the United States Government.
13 * It is the responsibility of any person or organization contemplating
14 * export to obtain such a license before exporting.
16 * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
17 * this software and its documentation for any purpose and without fee or
18 * royalty is hereby granted, provided that you agree to comply with the
19 * following copyright notice and statements, including the disclaimer, and
20 * that the same appear on ALL copies of the software and documentation,
21 * including modifications that you make for internal use or for
24 * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
25 * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not
26 * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
27 * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
28 * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
29 * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
31 * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
32 * be used in advertising or publicity pertaining to distribution of the
33 * software. Title to copyright in this software and any associated
34 * documentation shall at all times remain with M.I.T., and USER agrees to
37 * Furthermore if you modify this software you must label
38 * your software as modified software and not distribute it in such a
39 * fashion that it might be confused with the original M.I.T. software.
43 * Copyright (C) 1998 by the FundsXpress, INC.
45 * All rights reserved.
47 * Export of this software from the United States of America may require
48 * a specific license from the United States Government. It is the
49 * responsibility of any person or organization contemplating export to
50 * obtain such a license before exporting.
52 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
53 * distribute this software and its documentation for any purpose and
54 * without fee is hereby granted, provided that the above copyright
55 * notice appear in all copies and that both that copyright notice and
56 * this permission notice appear in supporting documentation, and that
57 * the name of FundsXpress. not be used in advertising or publicity pertaining
58 * to distribution of the software without specific, written prior
59 * permission. FundsXpress makes no representations about the suitability of
60 * this software for any purpose. It is provided "as is" without express
61 * or implied warranty.
63 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
64 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
65 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
69 * This prototype for k5-int.h (Krb5 internals include file)
70 * includes the user-visible definitions from krb5.h and then
71 * includes other definitions that are not user-visible but are
72 * required for compiling Kerberos internal routines.
74 * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995
81 #error krb5.h included before k5-int.h
82 #endif /* KRB5_GENERAL__ */
93 * Machine-type definitions: PC Clone 386 running Microloss Windows
96 #if defined(_MSDOS) || defined(_WIN32)
99 /* Kerberos Windows initialization file */
100 #define KERBEROS_INI "kerberos.ini"
101 #define INI_FILES "Files"
102 #define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */
103 #define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */
107 #ifndef KRB5_AUTOCONF__
108 #define KRB5_AUTOCONF__
109 #include "autoconf.h"
112 #ifndef KRB5_SYSTYPES__
113 #define KRB5_SYSTYPES__
115 #ifdef HAVE_SYS_TYPES_H /* From autoconf.h */
116 #include <sys/types.h>
117 #else /* HAVE_SYS_TYPES_H */
118 typedef unsigned long u_long;
119 typedef unsigned int u_int;
120 typedef unsigned short u_short;
121 typedef unsigned char u_char;
122 #endif /* HAVE_SYS_TYPES_H */
123 #endif /* KRB5_SYSTYPES__ */
126 #include "k5-platform.h"
127 /* not used in krb5.h (yet) */
128 typedef UINT64_TYPE krb5_ui_8;
129 typedef INT64_TYPE krb5_int64;
132 #define DEFAULT_PWD_STRING1 "Enter password"
133 #define DEFAULT_PWD_STRING2 "Re-enter password for verification"
135 #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */
136 #define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */
137 #define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */
140 * Windows requires a different api interface to each function. Here
141 * just define it as NULL.
143 #ifndef KRB5_CALLCONV
144 #define KRB5_CALLCONV
145 #define KRB5_CALLCONV_C
151 /* #define KRB5_OLD_CRYPTO is done in krb5.h */
153 #endif /* KRB5_CONFIG__ */
160 * After loading the configuration definitions, load the Kerberos definitions.
166 #include "port-sockets.h"
167 #include "socket-utils.h"
169 /* Get mutex support; currently used only for the replay cache. */
170 #include "k5-thread.h"
172 /* Get error info support. */
175 /* krb5/krb5.h includes many other .h files in the krb5 subdirectory.
176 The ones that it doesn't include, we include below. */
179 * Begin "k5-errors.h"
181 #ifndef KRB5_ERRORS__
182 #define KRB5_ERRORS__
185 /* Error codes used in KRB_ERROR protocol messages.
186 Return values of library routines are based on a different error table
187 (which allows non-ambiguous error codes between subsystems) */
190 #define KDC_ERR_NONE 0 /* No error */
191 #define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */
192 #define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */
193 #define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */
194 #define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */
195 #define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */
196 #define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */
197 #define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */
198 #define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */
199 #define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */
200 #define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */
201 #define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */
202 #define KDC_ERR_POLICY 12 /* KDC policy rejects request */
203 #define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */
204 #define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */
205 #define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */
206 #define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */
207 #define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */
208 #define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */
209 #define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */
210 #define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */
211 #define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */
212 #define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */
213 #define KDC_ERR_KEY_EXP 23 /* Password has expired */
214 #define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */
215 #define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */
217 #define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */
218 /* ticket don't match*/
219 /* Application errors */
220 #define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */
221 #define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */
222 #define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */
223 #define KRB_AP_ERR_REPEAT 34 /* Request is a replay */
224 #define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */
225 #define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */
226 #define KRB_AP_ERR_SKEW 37 /* Clock skew too great */
227 #define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */
228 #define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */
229 #define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */
230 #define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */
231 #define KRB_AP_ERR_BADORDER 42 /* Message out of order */
232 #define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */
233 #define KRB_AP_ERR_NOKEY 45 /* Service key not available */
234 #define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */
235 #define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */
236 #define KRB_AP_ERR_METHOD 48 /* Alternative authentication */
237 /* method required */
238 #define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */
240 #define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */
241 /* checksum in message */
242 #define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */
243 #define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */
247 #define KRB_ERR_GENERIC 60 /* Generic error (description */
249 #define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */
251 #endif /* KRB5_ERRORS__ */
257 * This structure is returned in the e-data field of the KRB-ERROR
258 * message when the error calling for an alternative form of
259 * authentication is returned, KRB_AP_METHOD.
261 typedef struct _krb5_alt_method {
269 * A null-terminated array of this structure is returned by the KDC as
270 * the data part of the ETYPE_INFO preauth type. It informs the
271 * client which encryption types are supported.
272 * The same data structure is used by both etype-info and etype-info2
273 * but s2kparams must be null when encoding etype-info.
275 typedef struct _krb5_etype_info_entry {
281 } krb5_etype_info_entry;
284 * This is essentially -1 without sign extension which can screw up
285 * comparisons on 64 bit machines. If the length is this value, then
286 * the salt data is not present. This is to distinguish between not
287 * being set and being of 0 length.
289 #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS
291 typedef krb5_etype_info_entry ** krb5_etype_info;
294 * a sam_challenge is returned for alternate preauth
297 SAMFlags ::= BIT STRING {
299 send-encrypted-sad[1],
300 must-pk-encrypt-sad[2]
304 PA-SAM-CHALLENGE ::= SEQUENCE {
306 sam-flags[1] SAMFlags,
307 sam-type-name[2] GeneralString OPTIONAL,
308 sam-track-id[3] GeneralString OPTIONAL,
309 sam-challenge-label[4] GeneralString OPTIONAL,
310 sam-challenge[5] GeneralString OPTIONAL,
311 sam-response-prompt[6] GeneralString OPTIONAL,
312 sam-pk-for-sad[7] EncryptionKey OPTIONAL,
313 sam-nonce[8] INTEGER OPTIONAL,
314 sam-cksum[9] Checksum OPTIONAL
317 /* sam_type values -- informational only */
318 #define PA_SAM_TYPE_ENIGMA 1 /* Enigma Logic */
319 #define PA_SAM_TYPE_DIGI_PATH 2 /* Digital Pathways */
320 #define PA_SAM_TYPE_SKEY_K0 3 /* S/key where KDC has key 0 */
321 #define PA_SAM_TYPE_SKEY 4 /* Traditional S/Key */
322 #define PA_SAM_TYPE_SECURID 5 /* Security Dynamics */
323 #define PA_SAM_TYPE_CRYPTOCARD 6 /* CRYPTOCard */
324 #if 1 /* XXX need to figure out who has which numbers assigned */
325 #define PA_SAM_TYPE_ACTIVCARD_DEC 6 /* ActivCard decimal mode */
326 #define PA_SAM_TYPE_ACTIVCARD_HEX 7 /* ActivCard hex mode */
327 #define PA_SAM_TYPE_DIGI_PATH_HEX 8 /* Digital Pathways hex mode */
329 #define PA_SAM_TYPE_EXP_BASE 128 /* experimental */
330 #define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */
331 #define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */
333 typedef struct _krb5_predicted_sam_response {
335 krb5_keyblock sam_key;
336 krb5_flags sam_flags; /* Makes key munging easier */
337 krb5_timestamp stime; /* time on server, for replay detection */
339 krb5_principal client;
340 krb5_data msd; /* mechanism specific data */
341 } krb5_predicted_sam_response;
343 typedef struct _krb5_sam_challenge {
345 krb5_int32 sam_type; /* information */
346 krb5_flags sam_flags; /* KRB5_SAM_* values */
347 krb5_data sam_type_name;
348 krb5_data sam_track_id;
349 krb5_data sam_challenge_label;
350 krb5_data sam_challenge;
351 krb5_data sam_response_prompt;
352 krb5_data sam_pk_for_sad;
353 krb5_int32 sam_nonce;
354 krb5_checksum sam_cksum;
355 } krb5_sam_challenge;
357 typedef struct _krb5_sam_key { /* reserved for future use */
359 krb5_keyblock sam_key;
362 typedef struct _krb5_enc_sam_response_enc {
364 krb5_int32 sam_nonce;
365 krb5_timestamp sam_timestamp;
368 } krb5_enc_sam_response_enc;
370 typedef struct _krb5_sam_response {
372 krb5_int32 sam_type; /* informational */
373 krb5_flags sam_flags; /* KRB5_SAM_* values */
374 krb5_data sam_track_id; /* copied */
375 krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */
376 krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */
377 krb5_int32 sam_nonce;
378 krb5_timestamp sam_patimestamp;
381 typedef struct _krb5_sam_challenge_2 {
382 krb5_data sam_challenge_2_body;
383 krb5_checksum **sam_cksum; /* Array of checksums */
384 } krb5_sam_challenge_2;
386 typedef struct _krb5_sam_challenge_2_body {
388 krb5_int32 sam_type; /* information */
389 krb5_flags sam_flags; /* KRB5_SAM_* values */
390 krb5_data sam_type_name;
391 krb5_data sam_track_id;
392 krb5_data sam_challenge_label;
393 krb5_data sam_challenge;
394 krb5_data sam_response_prompt;
395 krb5_data sam_pk_for_sad;
396 krb5_int32 sam_nonce;
397 krb5_enctype sam_etype;
398 } krb5_sam_challenge_2_body;
400 typedef struct _krb5_sam_response_2 {
402 krb5_int32 sam_type; /* informational */
403 krb5_flags sam_flags; /* KRB5_SAM_* values */
404 krb5_data sam_track_id; /* copied */
405 krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */
406 krb5_int32 sam_nonce;
407 } krb5_sam_response_2;
409 typedef struct _krb5_enc_sam_response_enc_2 {
411 krb5_int32 sam_nonce;
413 } krb5_enc_sam_response_enc_2;
416 * Begin "ext-proto.h"
418 #ifndef KRB5_EXT_PROTO__
419 #define KRB5_EXT_PROTO__
425 extern char *strdup (const char *);
432 #endif /* KRB5_EXT_PROTO__ */
440 #ifndef KRB5_SYSINCL__
441 #define KRB5_SYSINCL__
443 #ifndef KRB5_SYSTYPES__
444 #define KRB5_SYSTYPES__
445 /* needed for much of the rest -- but already handled in krb5.h? */
446 /* #include <sys/types.h> */
447 #endif /* KRB5_SYSTYPES__ */
449 #ifdef HAVE_SYS_TIME_H
450 #include <sys/time.h>
451 #ifdef TIME_WITH_SYS_TIME
458 #ifdef HAVE_SYS_STAT_H
459 #include <sys/stat.h> /* struct stat, stat() */
462 #ifdef HAVE_SYS_PARAM_H
463 #include <sys/param.h> /* MAXPATHLEN */
466 #ifdef HAVE_SYS_FILE_H
467 #include <sys/file.h> /* prototypes for file-related
468 syscalls; flags for open &
476 #endif /* KRB5_SYSINCL__ */
482 * Begin "los-proto.h"
484 #ifndef KRB5_LIBOS_PROTO__
485 #define KRB5_LIBOS_PROTO__
490 struct sendto_callback_info;
493 krb5_error_code krb5_lock_file (krb5_context, int, int);
494 krb5_error_code krb5_unlock_file (krb5_context, int);
495 krb5_error_code krb5_sendto_kdc (krb5_context, const krb5_data *,
496 const krb5_data *, krb5_data *, int *, int);
498 krb5_error_code krb5int_sendto (krb5_context context, const krb5_data *message,
499 const struct addrlist *addrs, struct sendto_callback_info* callback_info,
500 krb5_data *reply, struct sockaddr *localaddr, socklen_t *localaddrlen,
501 struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, int *addr_used);
503 krb5_error_code krb5_get_krbhst (krb5_context, const krb5_data *, char *** );
504 krb5_error_code krb5_free_krbhst (krb5_context, char * const * );
505 krb5_error_code krb5_create_secure_file (krb5_context, const char * pathname);
506 krb5_error_code krb5_sync_disk_file (krb5_context, FILE *fp);
508 krb5_error_code krb5int_get_fq_local_hostname (char *, size_t);
510 krb5_error_code krb5int_init_context_kdc(krb5_context *);
512 krb5_error_code krb5_os_init_context (krb5_context, krb5_boolean);
514 void krb5_os_free_context (krb5_context);
516 /* This function is needed by KfM's KerberosPreferences API
517 * because it needs to be able to specify "secure" */
518 krb5_error_code os_get_default_config_files
519 (profile_filespec_t **pfiles, krb5_boolean secure);
521 krb5_error_code krb5_os_hostaddr
522 (krb5_context, const char *, krb5_address ***);
524 /* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're
525 going to use this structure. */
531 struct undefined_addrinfo *ai;
533 void (*freefn)(void *);
539 #define ADDRLIST_INIT { 0, 0, 0 }
540 extern void krb5int_free_addrlist (struct addrlist *);
541 extern int krb5int_grow_addrlist (struct addrlist *, int);
542 extern int krb5int_add_host_to_list (struct addrlist *, const char *,
545 #include <krb5/locate_plugin.h>
547 krb5int_locate_server (krb5_context, const krb5_data *realm,
548 struct addrlist *, enum locate_service_type svc,
549 int sockettype, int family);
551 #endif /* KRB5_LIBOS_PROTO__ */
553 /* new encryption provider api */
555 struct krb5_enc_provider {
556 /* keybytes is the input size to make_key;
557 keylength is the output size */
558 size_t block_size, keybytes, keylength;
560 /* cipher-state == 0 fresh state thrown away at end */
561 krb5_error_code (*encrypt) (const krb5_keyblock *key,
562 const krb5_data *cipher_state,
563 const krb5_data *input,
566 krb5_error_code (*decrypt) (const krb5_keyblock *key,
567 const krb5_data *ivec,
568 const krb5_data *input,
571 krb5_error_code (*make_key) (const krb5_data *randombits,
574 krb5_error_code (*init_state) (const krb5_keyblock *key,
575 krb5_keyusage keyusage, krb5_data *out_state);
576 krb5_error_code (*free_state) (krb5_data *state);
580 struct krb5_hash_provider {
581 size_t hashsize, blocksize;
583 /* this takes multiple inputs to avoid lots of copying. */
584 krb5_error_code (*hash) (unsigned int icount, const krb5_data *input,
588 struct krb5_keyhash_provider {
591 krb5_error_code (*hash) (const krb5_keyblock *key,
592 krb5_keyusage keyusage,
593 const krb5_data *ivec,
594 const krb5_data *input,
597 krb5_error_code (*verify) (const krb5_keyblock *key,
598 krb5_keyusage keyusage,
599 const krb5_data *ivec,
600 const krb5_data *input,
601 const krb5_data *hash,
602 krb5_boolean *valid);
605 typedef void (*krb5_encrypt_length_func) (const struct krb5_enc_provider *enc,
606 const struct krb5_hash_provider *hash,
607 size_t inputlen, size_t *length);
609 typedef krb5_error_code (*krb5_crypt_func) (const struct krb5_enc_provider *enc,
610 const struct krb5_hash_provider *hash,
611 const krb5_keyblock *key, krb5_keyusage keyusage,
612 const krb5_data *ivec,
613 const krb5_data *input, krb5_data *output);
615 typedef krb5_error_code (*krb5_str2key_func) (const struct krb5_enc_provider *enc, const krb5_data *string,
616 const krb5_data *salt, const krb5_data *parm, krb5_keyblock *key);
618 typedef krb5_error_code (*krb5_prf_func)(
619 const struct krb5_enc_provider *enc,
620 const struct krb5_hash_provider *hash,
621 const krb5_keyblock *key,
622 const krb5_data *in, krb5_data *out);
624 struct krb5_keytypes {
628 const struct krb5_enc_provider *enc;
629 const struct krb5_hash_provider *hash;
631 krb5_encrypt_length_func encrypt_len;
632 krb5_crypt_func encrypt;
633 krb5_crypt_func decrypt;
634 krb5_str2key_func str2key;
636 krb5_cksumtype required_ctype;
639 struct krb5_cksumtypes {
640 krb5_cksumtype ctype;
644 /* if the hash is keyed, this is the etype it is keyed with.
645 Actually, it can be keyed by any etype which has the same
646 enc_provider as the specified etype. DERIVE checksums can
647 be keyed with any valid etype. */
648 krb5_enctype keyed_etype;
649 /* I can't statically initialize a union, so I'm just going to use
650 two pointers here. The keyhash is used if non-NULL. If NULL,
651 then HMAC/hash with derived keys is used if the relevant flag
652 is set. Otherwise, a non-keyed hash is computed. This is all
653 kind of messy, but so is the krb5 api. */
654 const struct krb5_keyhash_provider *keyhash;
655 const struct krb5_hash_provider *hash;
656 /* This just gets uglier and uglier. In the key derivation case,
657 we produce an hmac. To make the hmac code work, we can't hack
658 the output size indicated by the hash provider, but we may want
659 a truncated hmac. If we want truncation, this is the number of
660 bytes we truncate to; it should be 0 otherwise. */
661 unsigned int trunc_size;
664 #define KRB5_CKSUMFLAG_DERIVE 0x0001
665 #define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002
668 * in here to deal with stuff from lib/crypto
672 (unsigned int inbits, const unsigned char *in,
673 unsigned int outbits, unsigned char *out);
675 krb5_error_code krb5_hmac
676 (const struct krb5_hash_provider *hash,
677 const krb5_keyblock *key, unsigned int icount,
678 const krb5_data *input, krb5_data *output);
680 krb5_error_code krb5int_pbkdf2_hmac_sha1 (const krb5_data *, unsigned long,
684 /* Make this a function eventually? */
686 # define krb5int_zap_data(ptr, len) SecureZeroMemory(ptr, len)
687 #elif defined(__palmos__) && !defined(__GNUC__)
688 /* CodeWarrior 8.3 complains about passing a pointer to volatile in to
689 memset. On the other hand, we probably want it for gcc. */
690 # define krb5int_zap_data(ptr, len) memset(ptr, 0, len)
692 # define krb5int_zap_data(ptr, len) memset((volatile void *)ptr, 0, len)
693 # if defined(__GNUC__) && defined(__GLIBC__)
694 /* GNU libc generates multiple bogus initialization warnings if we
695 pass memset a volatile pointer. The compiler should do well enough
696 with memset even without GNU libc's attempt at optimization. */
700 #define zap(p,l) krb5int_zap_data(p,l)
702 /* A definition of init_state for DES based encryption systems.
703 * sets up an 8-byte IV of all zeros
706 krb5_error_code krb5int_des_init_state
707 (const krb5_keyblock *key, krb5_keyusage keyusage, krb5_data *new_state);
710 * normally to free a cipher_state you can just memset the length to zero and
713 krb5_error_code krb5int_default_free_state
718 * Combine two keys (normally used by the hardware preauth mechanism)
720 krb5_error_code krb5int_c_combine_keys
721 (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2,
722 krb5_keyblock *outkey);
724 void krb5int_c_free_keyblock
725 (krb5_context, krb5_keyblock *key);
726 void krb5int_c_free_keyblock_contents
727 (krb5_context, krb5_keyblock *);
728 krb5_error_code krb5int_c_init_keyblock
729 (krb5_context, krb5_enctype enctype,
730 size_t length, krb5_keyblock **out);
733 * Internal - for cleanup.
735 extern void krb5int_prng_cleanup (void);
739 * These declarations are here, so both krb5 and k5crypto
741 * krb5 needs to get to them so it can make them available to libgssapi.
743 extern const struct krb5_enc_provider krb5int_enc_arcfour;
744 extern const struct krb5_hash_provider krb5int_hash_md5;
747 #ifdef KRB5_OLD_CRYPTO
748 /* old provider api */
750 krb5_error_code krb5_crypto_os_localaddr
753 krb5_error_code krb5_crypto_us_timeofday
757 time_t krb5int_gmt_mktime (struct tm *);
759 #endif /* KRB5_OLD_CRYPTO */
761 /* this helper fct is in libkrb5, but it makes sense declared here. */
763 krb5_error_code krb5_encrypt_helper
764 (krb5_context context, const krb5_keyblock *key,
765 krb5_keyusage keyusage, const krb5_data *plain,
766 krb5_enc_data *cipher);
778 typedef struct _krb5_os_context {
780 krb5_int32 time_offset;
781 krb5_int32 usec_offset;
783 char * default_ccname;
787 * Flags for the os_flags field
789 * KRB5_OS_TOFFSET_VALID means that the time offset fields are valid.
790 * The intention is that this facility to correct the system clocks so
791 * that they reflect the "real" time, for systems where for some
792 * reason we can't set the system clock. Instead we calculate the
793 * offset between the system time and real time, and store the offset
794 * in the os context so that we can correct the system clock as necessary.
796 * KRB5_OS_TOFFSET_TIME means that the time offset fields should be
797 * returned as the time by the krb5 time routines. This should only
798 * be used for testing purposes (obviously!)
800 #define KRB5_OS_TOFFSET_VALID 1
801 #define KRB5_OS_TOFFSET_TIME 2
803 /* lock mode flags */
804 #define KRB5_LOCKMODE_SHARED 0x0001
805 #define KRB5_LOCKMODE_EXCLUSIVE 0x0002
806 #define KRB5_LOCKMODE_DONTBLOCK 0x0004
807 #define KRB5_LOCKMODE_UNLOCK 0x0008
809 #endif /* KRB5_LIBOS__ */
815 * Define our view of the size of a DES key.
817 #define KRB5_MIT_DES_KEYSIZE 8
819 * Check if des_int.h has been included before us. If so, then check to see
820 * that our view of the DES key size is the same as des_int.h's.
822 #ifdef MIT_DES_KEYSIZE
823 #if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
824 error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
825 #endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
826 #endif /* MIT_DES_KEYSIZE */
831 * (Originally written by Glen Machin at Sandia Labs.)
834 * Sandia National Laboratories also makes no representations about the
835 * suitability of the modifications, or additions to this software for
836 * any purpose. It is provided "as is" without express or implied warranty.
839 #ifndef KRB5_PREAUTH__
840 #define KRB5_PREAUTH__
842 #include <krb5/preauth_plugin.h>
844 #define CLIENT_ROCK_MAGIC 0x4352434b
845 /* This structure is passed into the client preauth functions and passed
846 * back to the "get_data_proc" function so that it can locate the
847 * requested information. It is opaque to the plugin code and can be
848 * expanded in the future as new types of requests are defined which
849 * may require other things to be passed through. */
850 typedef struct _krb5_preauth_client_rock {
852 krb5_kdc_rep *as_reply;
853 } krb5_preauth_client_rock;
855 /* This structure lets us keep track of all of the modules which are loaded,
856 * turning the list of modules and their lists of implemented preauth types
857 * into a single list which we can walk easily. */
858 typedef struct _krb5_preauth_context {
860 struct _krb5_preauth_context_module {
861 /* Which of the possibly more than one preauth types which the
862 * module supports we're using at this point in the list. */
863 krb5_preauthtype pa_type;
864 /* Encryption types which the client claims to support -- we
865 * copy them directly into the krb5_kdc_req structure during
866 * krb5_preauth_prepare_request(). */
867 krb5_enctype *enctypes;
868 /* The plugin's per-plugin context and a function to clear it. */
869 void *plugin_context;
870 void (*client_fini)(krb5_context context, void *plugin_context);
871 /* The module's table, and some of its members, copied here for
872 * convenience when we populated the list. */
873 struct krb5plugin_preauth_client_ftable_v0 *ftable;
875 int flags, use_count;
876 krb5_error_code (*client_process)(krb5_context context,
877 void *plugin_context,
878 void *request_context,
879 preauth_get_client_data_proc get_data_proc,
880 krb5_preauth_client_rock *rock,
881 krb5_kdc_req *request,
882 krb5_data *encoded_request_body,
883 krb5_data *encoded_previous_request,
884 krb5_pa_data *pa_data,
885 krb5_prompter_fct prompter,
887 preauth_get_as_key_proc gak_fct,
890 krb5_data *s2kparams,
891 krb5_keyblock *as_key,
892 krb5_pa_data **out_pa_data);
893 krb5_error_code (*client_tryagain)(krb5_context context,
894 void *plugin_context,
895 void *request_context,
896 preauth_get_client_data_proc get_data_proc,
897 krb5_preauth_client_rock *rock,
898 krb5_kdc_req *request,
899 krb5_data *encoded_request_body,
900 krb5_data *encoded_previous_request,
901 krb5_pa_data *old_pa_data,
902 krb5_error *err_reply,
903 krb5_prompter_fct prompter,
905 preauth_get_as_key_proc gak_fct,
908 krb5_data *s2kparams,
909 krb5_keyblock *as_key,
910 krb5_pa_data **new_pa_data);
911 void (*client_req_init)(krb5_context context, void *plugin_context,
912 void **request_context);
913 void (*client_req_fini)(krb5_context context, void *plugin_context,
914 void *request_context);
915 /* The per-request context which the client_req_init() function
916 * might allocate, which we'll need to clean up later by
917 * calling the client_req_fini() function. */
918 void *request_context;
919 /* A pointer to the request_context pointer. All modules within
920 * a plugin will point at the request_context of the first
921 * module within the plugin. */
922 void **request_context_pp;
924 } krb5_preauth_context;
926 typedef struct _krb5_pa_enc_ts {
927 krb5_timestamp patimestamp;
931 typedef krb5_error_code (*krb5_preauth_obtain_proc)
936 krb5_error_code ( * )(krb5_context,
946 typedef krb5_error_code (*krb5_preauth_process_proc)
951 krb5_error_code ( * )(krb5_context,
957 krb5_error_code ( * )(krb5_context,
958 const krb5_keyblock *,
966 typedef struct _krb5_preauth_ops {
970 krb5_preauth_obtain_proc obtain;
971 krb5_preauth_process_proc process;
974 krb5_error_code krb5_obtain_padata
977 krb5_error_code ( * )(krb5_context,
986 krb5_error_code krb5_process_padata
990 krb5_error_code ( * )(krb5_context,
996 krb5_error_code ( * )(krb5_context,
997 const krb5_keyblock *,
1004 void krb5_free_etype_info
1005 (krb5_context, krb5_etype_info);
1008 * Preauthentication property flags
1010 #define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001
1011 #define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002
1013 #endif /* KRB5_PREAUTH__ */
1018 krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *);
1020 typedef krb5_error_code (*krb5_gic_get_as_key_fct)
1025 void *prompter_data,
1027 krb5_data *s2kparams,
1028 krb5_keyblock *as_key,
1031 krb5_error_code KRB5_CALLCONV
1033 (krb5_context context,
1035 krb5_principal client,
1036 krb5_prompter_fct prompter,
1037 void *prompter_data,
1038 krb5_deltat start_time,
1039 char *in_tkt_service,
1040 krb5_get_init_creds_opt *gic_options,
1041 krb5_gic_get_as_key_fct gak,
1044 krb5_kdc_rep **as_reply);
1046 void krb5int_populate_gic_opt (
1047 krb5_context, krb5_get_init_creds_opt *,
1048 krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
1049 krb5_preauthtype *pre_auth_types, krb5_creds *creds);
1052 krb5_error_code KRB5_CALLCONV krb5_do_preauth
1053 (krb5_context context,
1054 krb5_kdc_req *request,
1055 krb5_data *encoded_request_body,
1056 krb5_data *encoded_previous_request,
1057 krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
1058 krb5_data *salt, krb5_data *s2kparams,
1059 krb5_enctype *etype, krb5_keyblock *as_key,
1060 krb5_prompter_fct prompter, void *prompter_data,
1061 krb5_gic_get_as_key_fct gak_fct, void *gak_data,
1062 krb5_preauth_client_rock *get_data_rock);
1063 krb5_error_code KRB5_CALLCONV krb5_do_preauth_tryagain
1064 (krb5_context context,
1065 krb5_kdc_req *request,
1066 krb5_data *encoded_request_body,
1067 krb5_data *encoded_previous_request,
1068 krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
1069 krb5_error *err_reply,
1070 krb5_data *salt, krb5_data *s2kparams,
1071 krb5_enctype *etype, krb5_keyblock *as_key,
1072 krb5_prompter_fct prompter, void *prompter_data,
1073 krb5_gic_get_as_key_fct gak_fct, void *gak_data,
1074 krb5_preauth_client_rock *get_data_rock);
1075 void KRB5_CALLCONV krb5_init_preauth_context
1077 void KRB5_CALLCONV krb5_free_preauth_context
1079 void KRB5_CALLCONV krb5_clear_preauth_context_use_counts
1081 void KRB5_CALLCONV krb5_preauth_prepare_request
1082 (krb5_context, krb5_get_init_creds_opt *, krb5_kdc_req *);
1083 void KRB5_CALLCONV krb5_preauth_request_context_init
1085 void KRB5_CALLCONV krb5_preauth_request_context_fini
1088 void KRB5_CALLCONV krb5_free_sam_challenge
1089 (krb5_context, krb5_sam_challenge * );
1090 void KRB5_CALLCONV krb5_free_sam_challenge_2
1091 (krb5_context, krb5_sam_challenge_2 * );
1092 void KRB5_CALLCONV krb5_free_sam_challenge_2_body
1093 (krb5_context, krb5_sam_challenge_2_body *);
1094 void KRB5_CALLCONV krb5_free_sam_response
1095 (krb5_context, krb5_sam_response * );
1096 void KRB5_CALLCONV krb5_free_sam_response_2
1097 (krb5_context, krb5_sam_response_2 * );
1098 void KRB5_CALLCONV krb5_free_predicted_sam_response
1099 (krb5_context, krb5_predicted_sam_response * );
1100 void KRB5_CALLCONV krb5_free_enc_sam_response_enc
1101 (krb5_context, krb5_enc_sam_response_enc * );
1102 void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2
1103 (krb5_context, krb5_enc_sam_response_enc_2 * );
1104 void KRB5_CALLCONV krb5_free_sam_challenge_contents
1105 (krb5_context, krb5_sam_challenge * );
1106 void KRB5_CALLCONV krb5_free_sam_challenge_2_contents
1107 (krb5_context, krb5_sam_challenge_2 * );
1108 void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents
1109 (krb5_context, krb5_sam_challenge_2_body * );
1110 void KRB5_CALLCONV krb5_free_sam_response_contents
1111 (krb5_context, krb5_sam_response * );
1112 void KRB5_CALLCONV krb5_free_sam_response_2_contents
1113 (krb5_context, krb5_sam_response_2 *);
1114 void KRB5_CALLCONV krb5_free_predicted_sam_response_contents
1115 (krb5_context, krb5_predicted_sam_response * );
1116 void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents
1117 (krb5_context, krb5_enc_sam_response_enc * );
1118 void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents
1119 (krb5_context, krb5_enc_sam_response_enc_2 * );
1121 void KRB5_CALLCONV krb5_free_pa_enc_ts
1122 (krb5_context, krb5_pa_enc_ts *);
1124 /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
1125 #include "com_err.h"
1126 #include "k5-plugin.h"
1128 struct _krb5_context {
1130 krb5_enctype *in_tkt_ktypes;
1131 unsigned int in_tkt_ktype_count;
1132 krb5_enctype *tgs_ktypes;
1133 unsigned int tgs_ktype_count;
1134 /* This used to be a void*, but since we always allocate them
1135 together (though in different source files), and the types
1136 are declared in the same header, might as well just combine
1139 The array[1] is so the existing code treating the field as
1140 a pointer will still work. For cleanliness, it should
1141 eventually get changed to a single element instead of an
1143 struct _krb5_os_context os_context[1];
1144 char *default_realm;
1149 /* allowable clock skew */
1150 krb5_deltat clockskew;
1151 krb5_cksumtype kdc_req_sumtype;
1152 krb5_cksumtype default_ap_req_sumtype;
1153 krb5_cksumtype default_safe_sumtype;
1154 krb5_flags kdc_default_options;
1155 krb5_flags library_options;
1156 krb5_boolean profile_secure;
1157 int fcc_default_format;
1158 int scc_default_format;
1159 krb5_prompt_type *prompt_types;
1160 /* Message size above which we'll try TCP first in send-to-kdc
1161 type code. Aside from the 2**16 size limit, we put no
1162 absolute limit on the UDP packet size. */
1165 /* Use the config-file ktypes instead of app-specified? */
1166 krb5_boolean use_conf_ktypes;
1168 #ifdef KRB5_DNS_LOOKUP
1169 krb5_boolean profile_in_memory;
1170 #endif /* KRB5_DNS_LOOKUP */
1172 /* locate_kdc module stuff */
1173 struct plugin_dir_handle libkrb5_plugins;
1174 struct krb5plugin_service_locate_ftable *vtbl;
1175 void (**locate_fptrs)(void);
1177 /* preauth module stuff */
1178 struct plugin_dir_handle preauth_plugins;
1179 krb5_preauth_context *preauth_context;
1181 /* error detail info */
1185 /* could be used in a table to find an etype and initialize a block */
1188 #define KRB5_LIBOPT_SYNC_KDCTIME 0x0001
1190 /* internal message representations */
1192 typedef struct _krb5_safe {
1194 krb5_data user_data; /* user data */
1195 krb5_timestamp timestamp; /* client time, optional */
1196 krb5_int32 usec; /* microsecond portion of time,
1198 krb5_ui_4 seq_number; /* sequence #, optional */
1199 krb5_address *s_address; /* sender address */
1200 krb5_address *r_address; /* recipient address, optional */
1201 krb5_checksum *checksum; /* data integrity checksum */
1204 typedef struct _krb5_priv {
1206 krb5_enc_data enc_part; /* encrypted part */
1209 typedef struct _krb5_priv_enc_part {
1211 krb5_data user_data; /* user data */
1212 krb5_timestamp timestamp; /* client time, optional */
1213 krb5_int32 usec; /* microsecond portion of time, opt. */
1214 krb5_ui_4 seq_number; /* sequence #, optional */
1215 krb5_address *s_address; /* sender address */
1216 krb5_address *r_address; /* recipient address, optional */
1217 } krb5_priv_enc_part;
1219 void KRB5_CALLCONV krb5_free_safe
1220 (krb5_context, krb5_safe * );
1221 void KRB5_CALLCONV krb5_free_priv
1222 (krb5_context, krb5_priv * );
1223 void KRB5_CALLCONV krb5_free_priv_enc_part
1224 (krb5_context, krb5_priv_enc_part * );
1232 /* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */
1233 /* here we use some knowledge of ASN.1 encodings */
1235 Ticket is APPLICATION 1.
1236 Authenticator is APPLICATION 2.
1237 AS_REQ is APPLICATION 10.
1238 AS_REP is APPLICATION 11.
1239 TGS_REQ is APPLICATION 12.
1240 TGS_REP is APPLICATION 13.
1241 AP_REQ is APPLICATION 14.
1242 AP_REP is APPLICATION 15.
1243 KRB_SAFE is APPLICATION 20.
1244 KRB_PRIV is APPLICATION 21.
1245 KRB_CRED is APPLICATION 22.
1246 EncASRepPart is APPLICATION 25.
1247 EncTGSRepPart is APPLICATION 26.
1248 EncAPRepPart is APPLICATION 27.
1249 EncKrbPrivPart is APPLICATION 28.
1250 EncKrbCredPart is APPLICATION 29.
1251 KRB_ERROR is APPLICATION 30.
1253 /* allow either constructed or primitive encoding, so check for bit 6
1255 #define krb5_is_krb_ticket(dat)\
1256 ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\
1257 (dat)->data[0] == 0x41))
1258 #define krb5_is_krb_authenticator(dat)\
1259 ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\
1260 (dat)->data[0] == 0x42))
1261 #define krb5_is_as_req(dat)\
1262 ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\
1263 (dat)->data[0] == 0x4a))
1264 #define krb5_is_as_rep(dat)\
1265 ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\
1266 (dat)->data[0] == 0x4b))
1267 #define krb5_is_tgs_req(dat)\
1268 ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\
1269 (dat)->data[0] == 0x4c))
1270 #define krb5_is_tgs_rep(dat)\
1271 ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\
1272 (dat)->data[0] == 0x4d))
1273 #define krb5_is_ap_req(dat)\
1274 ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\
1275 (dat)->data[0] == 0x4e))
1276 #define krb5_is_ap_rep(dat)\
1277 ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\
1278 (dat)->data[0] == 0x4f))
1279 #define krb5_is_krb_safe(dat)\
1280 ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\
1281 (dat)->data[0] == 0x54))
1282 #define krb5_is_krb_priv(dat)\
1283 ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\
1284 (dat)->data[0] == 0x55))
1285 #define krb5_is_krb_cred(dat)\
1286 ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\
1287 (dat)->data[0] == 0x56))
1288 #define krb5_is_krb_enc_as_rep_part(dat)\
1289 ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\
1290 (dat)->data[0] == 0x59))
1291 #define krb5_is_krb_enc_tgs_rep_part(dat)\
1292 ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\
1293 (dat)->data[0] == 0x5a))
1294 #define krb5_is_krb_enc_ap_rep_part(dat)\
1295 ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\
1296 (dat)->data[0] == 0x5b))
1297 #define krb5_is_krb_enc_krb_priv_part(dat)\
1298 ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\
1299 (dat)->data[0] == 0x5c))
1300 #define krb5_is_krb_enc_krb_cred_part(dat)\
1301 ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\
1302 (dat)->data[0] == 0x5d))
1303 #define krb5_is_krb_error(dat)\
1304 ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\
1305 (dat)->data[0] == 0x5e))
1307 /*************************************************************************
1308 * Prototypes for krb5_encode.c
1309 *************************************************************************/
1312 krb5_error_code encode_krb5_structure(const krb5_structure *rep,
1315 effects Returns the ASN.1 encoding of *rep in **code.
1316 Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep.
1317 Returns ENOMEM if memory runs out.
1320 krb5_error_code encode_krb5_authenticator
1321 (const krb5_authenticator *rep, krb5_data **code);
1323 krb5_error_code encode_krb5_ticket
1324 (const krb5_ticket *rep, krb5_data **code);
1326 krb5_error_code encode_krb5_encryption_key
1327 (const krb5_keyblock *rep, krb5_data **code);
1329 krb5_error_code encode_krb5_enc_tkt_part
1330 (const krb5_enc_tkt_part *rep, krb5_data **code);
1332 krb5_error_code encode_krb5_enc_kdc_rep_part
1333 (const krb5_enc_kdc_rep_part *rep, krb5_data **code);
1335 /* yes, the translation is identical to that used for KDC__REP */
1336 krb5_error_code encode_krb5_as_rep
1337 (const krb5_kdc_rep *rep, krb5_data **code);
1339 /* yes, the translation is identical to that used for KDC__REP */
1340 krb5_error_code encode_krb5_tgs_rep
1341 (const krb5_kdc_rep *rep, krb5_data **code);
1343 krb5_error_code encode_krb5_ap_req
1344 (const krb5_ap_req *rep, krb5_data **code);
1346 krb5_error_code encode_krb5_ap_rep
1347 (const krb5_ap_rep *rep, krb5_data **code);
1349 krb5_error_code encode_krb5_ap_rep_enc_part
1350 (const krb5_ap_rep_enc_part *rep, krb5_data **code);
1352 krb5_error_code encode_krb5_as_req
1353 (const krb5_kdc_req *rep, krb5_data **code);
1355 krb5_error_code encode_krb5_tgs_req
1356 (const krb5_kdc_req *rep, krb5_data **code);
1358 krb5_error_code encode_krb5_kdc_req_body
1359 (const krb5_kdc_req *rep, krb5_data **code);
1361 krb5_error_code encode_krb5_safe
1362 (const krb5_safe *rep, krb5_data **code);
1364 krb5_error_code encode_krb5_safe_with_body
1365 (const krb5_safe *rep, const krb5_data *body, krb5_data **code);
1367 krb5_error_code encode_krb5_priv
1368 (const krb5_priv *rep, krb5_data **code);
1370 krb5_error_code encode_krb5_enc_priv_part
1371 (const krb5_priv_enc_part *rep, krb5_data **code);
1373 krb5_error_code encode_krb5_cred
1374 (const krb5_cred *rep, krb5_data **code);
1376 krb5_error_code encode_krb5_enc_cred_part
1377 (const krb5_cred_enc_part *rep, krb5_data **code);
1379 krb5_error_code encode_krb5_error
1380 (const krb5_error *rep, krb5_data **code);
1382 krb5_error_code encode_krb5_authdata
1383 (const krb5_authdata **rep, krb5_data **code);
1385 krb5_error_code encode_krb5_pwd_sequence
1386 (const passwd_phrase_element *rep, krb5_data **code);
1388 krb5_error_code encode_krb5_pwd_data
1389 (const krb5_pwd_data *rep, krb5_data **code);
1391 krb5_error_code encode_krb5_padata_sequence
1392 (const krb5_pa_data ** rep, krb5_data **code);
1394 krb5_error_code encode_krb5_alt_method
1395 (const krb5_alt_method *, krb5_data **code);
1397 krb5_error_code encode_krb5_etype_info
1398 (const krb5_etype_info_entry **, krb5_data **code);
1399 krb5_error_code encode_krb5_etype_info2
1400 (const krb5_etype_info_entry **, krb5_data **code);
1402 krb5_error_code encode_krb5_enc_data
1403 (const krb5_enc_data *, krb5_data **);
1405 krb5_error_code encode_krb5_pa_enc_ts
1406 (const krb5_pa_enc_ts *, krb5_data **);
1408 krb5_error_code encode_krb5_sam_challenge
1409 (const krb5_sam_challenge * , krb5_data **);
1411 krb5_error_code encode_krb5_sam_key
1412 (const krb5_sam_key * , krb5_data **);
1414 krb5_error_code encode_krb5_enc_sam_response_enc
1415 (const krb5_enc_sam_response_enc * , krb5_data **);
1417 krb5_error_code encode_krb5_sam_response
1418 (const krb5_sam_response * , krb5_data **);
1420 krb5_error_code encode_krb5_sam_challenge_2
1421 (const krb5_sam_challenge_2 * , krb5_data **);
1423 krb5_error_code encode_krb5_sam_challenge_2_body
1424 (const krb5_sam_challenge_2_body * , krb5_data **);
1426 krb5_error_code encode_krb5_enc_sam_response_enc_2
1427 (const krb5_enc_sam_response_enc_2 * , krb5_data **);
1429 krb5_error_code encode_krb5_sam_response_2
1430 (const krb5_sam_response_2 * , krb5_data **);
1432 krb5_error_code encode_krb5_predicted_sam_response
1433 (const krb5_predicted_sam_response * , krb5_data **);
1435 krb5_error_code encode_krb5_setpw_req
1436 (const krb5_principal target, char *password, krb5_data **code);
1438 /*************************************************************************
1439 * End of prototypes for krb5_encode.c
1440 *************************************************************************/
1442 krb5_error_code decode_krb5_sam_challenge
1443 (const krb5_data *, krb5_sam_challenge **);
1445 krb5_error_code decode_krb5_enc_sam_key
1446 (const krb5_data *, krb5_sam_key **);
1448 krb5_error_code decode_krb5_enc_sam_response_enc
1449 (const krb5_data *, krb5_enc_sam_response_enc **);
1451 krb5_error_code decode_krb5_sam_response
1452 (const krb5_data *, krb5_sam_response **);
1454 krb5_error_code decode_krb5_predicted_sam_response
1455 (const krb5_data *, krb5_predicted_sam_response **);
1457 krb5_error_code decode_krb5_sam_challenge_2
1458 (const krb5_data *, krb5_sam_challenge_2 **);
1460 krb5_error_code decode_krb5_sam_challenge_2_body
1461 (const krb5_data *, krb5_sam_challenge_2_body **);
1463 krb5_error_code decode_krb5_enc_sam_response_enc_2
1464 (const krb5_data *, krb5_enc_sam_response_enc_2 **);
1466 krb5_error_code decode_krb5_sam_response_2
1467 (const krb5_data *, krb5_sam_response_2 **);
1470 /*************************************************************************
1471 * Prototypes for krb5_decode.c
1472 *************************************************************************/
1474 krb5_error_code krb5_validate_times
1476 krb5_ticket_times *);
1479 krb5_error_code decode_krb5_structure(const krb5_data *code,
1480 krb5_structure **rep);
1482 requires Expects **rep to not have been allocated;
1483 a new *rep is allocated regardless of the old value.
1484 effects Decodes *code into **rep.
1485 Returns ENOMEM if memory is exhausted.
1486 Returns asn1 and krb5 errors.
1489 krb5_error_code decode_krb5_authenticator
1490 (const krb5_data *code, krb5_authenticator **rep);
1492 krb5_error_code decode_krb5_ticket
1493 (const krb5_data *code, krb5_ticket **rep);
1495 krb5_error_code decode_krb5_encryption_key
1496 (const krb5_data *output, krb5_keyblock **rep);
1498 krb5_error_code decode_krb5_enc_tkt_part
1499 (const krb5_data *output, krb5_enc_tkt_part **rep);
1501 krb5_error_code decode_krb5_enc_kdc_rep_part
1502 (const krb5_data *output, krb5_enc_kdc_rep_part **rep);
1504 krb5_error_code decode_krb5_as_rep
1505 (const krb5_data *output, krb5_kdc_rep **rep);
1507 krb5_error_code decode_krb5_tgs_rep
1508 (const krb5_data *output, krb5_kdc_rep **rep);
1510 krb5_error_code decode_krb5_ap_req
1511 (const krb5_data *output, krb5_ap_req **rep);
1513 krb5_error_code decode_krb5_ap_rep
1514 (const krb5_data *output, krb5_ap_rep **rep);
1516 krb5_error_code decode_krb5_ap_rep_enc_part
1517 (const krb5_data *output, krb5_ap_rep_enc_part **rep);
1519 krb5_error_code decode_krb5_as_req
1520 (const krb5_data *output, krb5_kdc_req **rep);
1522 krb5_error_code decode_krb5_tgs_req
1523 (const krb5_data *output, krb5_kdc_req **rep);
1525 krb5_error_code decode_krb5_kdc_req_body
1526 (const krb5_data *output, krb5_kdc_req **rep);
1528 krb5_error_code decode_krb5_safe
1529 (const krb5_data *output, krb5_safe **rep);
1531 krb5_error_code decode_krb5_safe_with_body
1532 (const krb5_data *output, krb5_safe **rep, krb5_data *body);
1534 krb5_error_code decode_krb5_priv
1535 (const krb5_data *output, krb5_priv **rep);
1537 krb5_error_code decode_krb5_enc_priv_part
1538 (const krb5_data *output, krb5_priv_enc_part **rep);
1540 krb5_error_code decode_krb5_cred
1541 (const krb5_data *output, krb5_cred **rep);
1543 krb5_error_code decode_krb5_enc_cred_part
1544 (const krb5_data *output, krb5_cred_enc_part **rep);
1546 krb5_error_code decode_krb5_error
1547 (const krb5_data *output, krb5_error **rep);
1549 krb5_error_code decode_krb5_authdata
1550 (const krb5_data *output, krb5_authdata ***rep);
1552 krb5_error_code decode_krb5_pwd_sequence
1553 (const krb5_data *output, passwd_phrase_element **rep);
1555 krb5_error_code decode_krb5_pwd_data
1556 (const krb5_data *output, krb5_pwd_data **rep);
1558 krb5_error_code decode_krb5_padata_sequence
1559 (const krb5_data *output, krb5_pa_data ***rep);
1561 krb5_error_code decode_krb5_alt_method
1562 (const krb5_data *output, krb5_alt_method **rep);
1564 krb5_error_code decode_krb5_etype_info
1565 (const krb5_data *output, krb5_etype_info_entry ***rep);
1567 krb5_error_code decode_krb5_etype_info2
1568 (const krb5_data *output, krb5_etype_info_entry ***rep);
1570 krb5_error_code decode_krb5_enc_data
1571 (const krb5_data *output, krb5_enc_data **rep);
1573 krb5_error_code decode_krb5_pa_enc_ts
1574 (const krb5_data *output, krb5_pa_enc_ts **rep);
1576 krb5_error_code decode_krb5_sam_key
1577 (const krb5_data *, krb5_sam_key **);
1579 struct _krb5_key_data; /* kdb.h */
1581 krb5int_ldap_encode_sequence_of_keys (struct _krb5_key_data *key_data,
1582 krb5_int16 n_key_data,
1587 krb5int_ldap_decode_sequence_of_keys (krb5_data *in,
1588 struct _krb5_key_data **out,
1589 krb5_int16 *n_key_data,
1592 /*************************************************************************
1593 * End of prototypes for krb5_decode.c
1594 *************************************************************************/
1596 #endif /* KRB5_ASN1__ */
1603 * Internal krb5 library routines
1605 krb5_error_code krb5_encrypt_tkt_part
1607 const krb5_keyblock *,
1611 krb5_error_code krb5_encode_kdc_rep
1614 const krb5_enc_kdc_rep_part *,
1616 const krb5_keyblock *,
1620 krb5_boolean krb5int_auth_con_chkseqnum
1621 (krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq);
1623 * [De]Serialization Handle and operations.
1625 struct __krb5_serializer {
1627 krb5_error_code (*sizer) (krb5_context,
1630 krb5_error_code (*externalizer) (krb5_context,
1634 krb5_error_code (*internalizer) (krb5_context,
1639 typedef const struct __krb5_serializer * krb5_ser_handle;
1640 typedef struct __krb5_serializer krb5_ser_entry;
1642 krb5_ser_handle krb5_find_serializer
1645 krb5_error_code krb5_register_serializer
1647 const krb5_ser_entry *);
1649 /* Determine the external size of a particular opaque structure */
1650 krb5_error_code KRB5_CALLCONV krb5_size_opaque
1656 /* Serialize the structure into a buffer */
1657 krb5_error_code KRB5_CALLCONV krb5_externalize_opaque
1664 /* Deserialize the structure from a buffer */
1665 krb5_error_code KRB5_CALLCONV krb5_internalize_opaque
1672 /* Serialize data into a buffer */
1673 krb5_error_code krb5_externalize_data
1679 * Initialization routines.
1682 /* Initialize serialization for krb5_[os_]context */
1683 krb5_error_code KRB5_CALLCONV krb5_ser_context_init
1686 /* Initialize serialization for krb5_auth_context */
1687 krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init
1690 /* Initialize serialization for krb5_keytab */
1691 krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init
1694 /* Initialize serialization for krb5_ccache */
1695 krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init
1698 /* Initialize serialization for krb5_rcache */
1699 krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init
1702 /* [De]serialize 4-byte integer */
1703 krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32
1707 krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32
1711 /* [De]serialize 8-byte integer */
1712 krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64
1713 (krb5_int64, krb5_octet **, size_t *);
1714 krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64
1715 (krb5_int64 *, krb5_octet **, size_t *);
1716 /* [De]serialize byte string */
1717 krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes
1722 krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes
1728 krb5_error_code KRB5_CALLCONV krb5int_cc_default
1729 (krb5_context, krb5_ccache *);
1731 krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default
1732 (krb5_context, krb5_ccache, krb5_flags,
1733 krb5_creds *, krb5_creds *);
1735 krb5_boolean KRB5_CALLCONV
1736 krb5_creds_compare (krb5_context in_context,
1737 krb5_creds *in_creds,
1738 krb5_creds *in_compare_creds);
1740 void krb5int_set_prompt_types
1741 (krb5_context, krb5_prompt_type *);
1744 krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context,
1745 krb5_keyblock * /* Old keyblock, not new! */);
1747 /* set and change password helpers */
1749 krb5_error_code krb5int_mk_chpw_req
1750 (krb5_context context, krb5_auth_context auth_context,
1751 krb5_data *ap_req, char *passwd, krb5_data *packet);
1752 krb5_error_code krb5int_rd_chpw_rep
1753 (krb5_context context, krb5_auth_context auth_context,
1754 krb5_data *packet, int *result_code,
1755 krb5_data *result_data);
1756 krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string
1757 (krb5_context context, int result_code,
1758 char **result_codestr);
1759 krb5_error_code krb5int_mk_setpw_req
1760 (krb5_context context, krb5_auth_context auth_context,
1761 krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet);
1762 krb5_error_code krb5int_rd_setpw_rep
1763 (krb5_context context, krb5_auth_context auth_context,
1764 krb5_data *packet, int *result_code,
1765 krb5_data *result_data);
1766 krb5_error_code krb5int_setpw_result_code_string
1767 (krb5_context context, int result_code,
1768 const char **result_codestr);
1770 struct srv_dns_entry {
1771 struct srv_dns_entry *next;
1774 unsigned short port;
1777 #ifdef KRB5_DNS_LOOKUP
1779 krb5int_make_srv_query_realm(const krb5_data *realm,
1780 const char *service,
1781 const char *protocol,
1782 struct srv_dns_entry **answers);
1783 void krb5int_free_srv_dns_data(struct srv_dns_entry *);
1787 * Convenience function for structure magic number
1789 #define KRB5_VERIFY_MAGIC(structure,magic_number) \
1790 if ((structure)->magic != (magic_number)) return (magic_number);
1792 /* to keep lint happy */
1793 #define krb5_xfree(val) free((char *)(val))
1795 /* To keep happy libraries which are (for now) accessing internal stuff */
1797 /* Make sure to increment by one when changing the struct */
1798 #define KRB5INT_ACCESS_STRUCT_VERSION 10
1801 struct ktext; /* from krb.h, for krb524 support */
1803 typedef struct _krb5int_access {
1805 const struct krb5_hash_provider *md5_hash_provider;
1806 const struct krb5_enc_provider *arcfour_enc_provider;
1807 krb5_error_code (* krb5_hmac) (const struct krb5_hash_provider *hash,
1808 const krb5_keyblock *key,
1809 unsigned int icount, const krb5_data *input,
1811 /* service location and communication */
1812 krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg,
1813 const struct addrlist *, struct sendto_callback_info*, krb5_data *reply,
1814 struct sockaddr *, socklen_t *,struct sockaddr *,
1815 socklen_t *, int *);
1816 krb5_error_code (*add_host_to_list)(struct addrlist *lp,
1817 const char *hostname,
1818 int port, int secport,
1819 int socktype, int family);
1820 void (*free_addrlist) (struct addrlist *);
1822 krb5_error_code (*make_srv_query_realm)(const krb5_data *realm,
1823 const char *service,
1824 const char *protocol,
1825 struct srv_dns_entry **answers);
1826 void (*free_srv_dns_data)(struct srv_dns_entry *);
1827 int (*use_dns_kdc)(krb5_context);
1829 /* krb4 compatibility stuff -- may be null if not enabled */
1830 krb5_int32 (*krb_life_to_time)(krb5_int32, int);
1831 int (*krb_time_to_life)(krb5_int32, krb5_int32);
1832 int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *);
1833 krb5_error_code (*krb5int_c_mandatory_cksumtype)
1834 (krb5_context, krb5_enctype, krb5_cksumtype *);
1835 krb5_error_code (KRB5_CALLCONV *krb5_ser_pack_int64)
1836 (krb5_int64, krb5_octet **, size_t *);
1837 krb5_error_code (KRB5_CALLCONV *krb5_ser_unpack_int64)
1838 (krb5_int64 *, krb5_octet **, size_t *);
1840 /* Used for KDB LDAP back end. */
1842 (*asn1_ldap_encode_sequence_of_keys) (struct _krb5_key_data *key_data,
1843 krb5_int16 n_key_data,
1848 (*asn1_ldap_decode_sequence_of_keys) (krb5_data *in,
1849 struct _krb5_key_data **out,
1850 krb5_int16 *n_key_data,
1854 #define KRB5INT_ACCESS_VERSION \
1855 (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \
1856 (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF)
1858 krb5_error_code KRB5_CALLCONV krb5int_accessor
1859 (krb5int_access*, krb5_int32);
1861 /* Ick -- some krb524 and krb4 support placed in the krb5 library,
1862 because AFS (and potentially other applications?) use the krb4
1863 object as an opaque token, which (in some implementations) is not
1864 in fact a krb4 ticket, so we don't want to drag in the krb4 support
1865 just to enable this. */
1867 #define KRB524_SERVICE "krb524"
1868 #define KRB524_PORT 4444
1871 extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int);
1872 extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32);
1875 int krb5int_encode_v4tkt
1876 (struct ktext *v4tkt, char *buf, unsigned int *encoded_len);
1879 int krb5int_524_sendto_kdc
1880 (krb5_context context, const krb5_data * message,
1881 const krb5_data * realm, krb5_data * reply,
1882 struct sockaddr *, socklen_t *);
1884 /* temporary -- this should be under lib/krb5/ccache somewhere */
1886 struct _krb5_ccache {
1888 const struct _krb5_cc_ops *ops;
1893 * Per-type ccache cursor.
1895 struct krb5_cc_ptcursor {
1896 const struct _krb5_cc_ops *ops;
1899 typedef struct krb5_cc_ptcursor *krb5_cc_ptcursor;
1901 struct _krb5_cc_ops {
1904 const char * (KRB5_CALLCONV *get_name) (krb5_context, krb5_ccache);
1905 krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_ccache *,
1907 krb5_error_code (KRB5_CALLCONV *gen_new) (krb5_context, krb5_ccache *);
1908 krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_ccache,
1910 krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_ccache);
1911 krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_ccache);
1912 krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_ccache,
1914 krb5_error_code (KRB5_CALLCONV *retrieve) (krb5_context, krb5_ccache,
1915 krb5_flags, krb5_creds *,
1917 krb5_error_code (KRB5_CALLCONV *get_princ) (krb5_context, krb5_ccache,
1919 krb5_error_code (KRB5_CALLCONV *get_first) (krb5_context, krb5_ccache,
1921 krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_ccache,
1922 krb5_cc_cursor *, krb5_creds *);
1923 krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_ccache,
1925 krb5_error_code (KRB5_CALLCONV *remove_cred) (krb5_context, krb5_ccache,
1926 krb5_flags, krb5_creds *);
1927 krb5_error_code (KRB5_CALLCONV *set_flags) (krb5_context, krb5_ccache,
1929 krb5_error_code (KRB5_CALLCONV *get_flags) (krb5_context, krb5_ccache,
1931 krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context,
1932 krb5_cc_ptcursor *);
1933 krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context,
1936 krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context,
1937 krb5_cc_ptcursor *);
1938 krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache);
1939 krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
1940 krb5_ccache, krb5_timestamp *);
1941 krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
1945 extern const krb5_cc_ops *krb5_cc_dfl_ops;
1948 krb5int_cc_os_default_name(krb5_context context, char **name);
1951 * Cursor for iterating over ccache types
1953 struct krb5_cc_typecursor;
1954 typedef struct krb5_cc_typecursor *krb5_cc_typecursor;
1957 krb5int_cc_typecursor_new(krb5_context context, krb5_cc_typecursor *cursor);
1960 krb5int_cc_typecursor_next(
1961 krb5_context context,
1962 krb5_cc_typecursor cursor,
1963 const struct _krb5_cc_ops **ops);
1966 krb5int_cc_typecursor_free(
1967 krb5_context context,
1968 krb5_cc_typecursor *cursor);
1970 typedef struct _krb5_donot_replay {
1973 char *server; /* null-terminated */
1974 char *client; /* null-terminated */
1976 krb5_timestamp ctime;
1977 } krb5_donot_replay;
1979 krb5_error_code krb5_rc_default
1982 krb5_error_code krb5_rc_resolve_type
1984 krb5_rcache *,char *);
1985 krb5_error_code krb5_rc_resolve_full
1987 krb5_rcache *,char *);
1988 char * krb5_rc_get_type
1991 char * krb5_rc_default_type
1993 char * krb5_rc_default_name
1995 krb5_error_code krb5_auth_to_rep
1998 krb5_donot_replay *);
2001 krb5_error_code KRB5_CALLCONV krb5_rc_initialize
2002 (krb5_context, krb5_rcache,krb5_deltat);
2003 krb5_error_code KRB5_CALLCONV krb5_rc_recover_or_initialize
2004 (krb5_context, krb5_rcache,krb5_deltat);
2005 krb5_error_code KRB5_CALLCONV krb5_rc_recover
2006 (krb5_context, krb5_rcache);
2007 krb5_error_code KRB5_CALLCONV krb5_rc_destroy
2008 (krb5_context, krb5_rcache);
2009 krb5_error_code KRB5_CALLCONV krb5_rc_close
2010 (krb5_context, krb5_rcache);
2011 krb5_error_code KRB5_CALLCONV krb5_rc_store
2012 (krb5_context, krb5_rcache,krb5_donot_replay *);
2013 krb5_error_code KRB5_CALLCONV krb5_rc_expunge
2014 (krb5_context, krb5_rcache);
2015 krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan
2016 (krb5_context, krb5_rcache,krb5_deltat *);
2017 char *KRB5_CALLCONV krb5_rc_get_name
2018 (krb5_context, krb5_rcache);
2019 krb5_error_code KRB5_CALLCONV krb5_rc_resolve
2020 (krb5_context, krb5_rcache, char *);
2022 typedef struct _krb5_kt_ops {
2025 /* routines always present */
2026 krb5_error_code (KRB5_CALLCONV *resolve)
2030 krb5_error_code (KRB5_CALLCONV *get_name)
2035 krb5_error_code (KRB5_CALLCONV *close)
2038 krb5_error_code (KRB5_CALLCONV *get)
2041 krb5_const_principal,
2044 krb5_keytab_entry *);
2045 krb5_error_code (KRB5_CALLCONV *start_seq_get)
2049 krb5_error_code (KRB5_CALLCONV *get_next)
2052 krb5_keytab_entry *,
2054 krb5_error_code (KRB5_CALLCONV *end_get)
2058 /* routines to be included on extended version (write routines) */
2059 krb5_error_code (KRB5_CALLCONV *add)
2062 krb5_keytab_entry *);
2063 krb5_error_code (KRB5_CALLCONV *remove)
2066 krb5_keytab_entry *);
2068 /* Handle for serializer */
2069 const krb5_ser_entry *serializer;
2072 extern const krb5_kt_ops krb5_kt_dfl_ops;
2074 extern krb5_error_code krb5int_translate_gai_error (int);
2076 /* Not sure it's ready for exposure just yet. */
2077 extern krb5_error_code
2078 krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *);
2080 extern int krb5int_crypto_init (void);
2081 extern int krb5int_prng_init(void);
2083 #define krb5_copy_error_state(CTX, OCTX) \
2084 krb5int_set_error(&(CTX)->errinfo, (OCTX)->errinfo.code, "%s", (OCTX)->errinfo.msg)
2087 * Referral definitions, debugging hooks, and subfunctions.
2089 #define KRB5_REFERRAL_MAXHOPS 5
2090 /* #define DEBUG_REFERRALS */
2092 #ifdef DEBUG_REFERRALS
2093 void krb5int_dbgref_dump_principal(char *, krb5_principal);
2096 /* Common hostname-parsing code. */
2097 krb5_error_code KRB5_CALLCONV krb5int_clean_hostname
2103 #endif /* _KRB5_INT_H */