src/include/krb5.h

   1 /*
   2  * include/krb5.h
   3  *
   4  * Copyright 1989,1990,1995 by the Massachusetts Institute of Technology.
   5  * All Rights Reserved.
   6  *
   7  * Export of this software from the United States of America may
   8  *   require a specific license from the United States Government.
   9  *   It is the responsibility of any person or organization contemplating
  10  *   export to obtain such a license before exporting.
  11  *
  12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  13  * distribute this software and its documentation for any purpose and
  14  * without fee is hereby granted, provided that the above copyright
  15  * notice appear in all copies and that both that copyright notice and
  16  * this permission notice appear in supporting documentation, and that
  17  * the name of M.I.T. not be used in advertising or publicity pertaining
  18  * to distribution of the software without specific, written prior
  19  * permission.  M.I.T. makes no representations about the suitability of
  20  * this software for any purpose.  It is provided "as is" without express
  21  * or implied warranty.
  22  *
  23  *
  24  * General definitions for Kerberos version 5.
  25  */
  26
  27 #ifndef KRB5_GENERAL__
  28 #define KRB5_GENERAL__
  29
  30 #include "k5-config.h"
  31
  32 #include "base-defs.h"
  33 #include "hostaddr.h"
  34
  35 typedef struct _krb5_context {
  36         krb5_magic      magic;
  37         krb5_enctype  * etypes;
  38         int             etype_count;
  39         void          * os_context;
  40 } * krb5_context;
  41
  42 struct _krb5_auth_context;
  43 typedef struct _krb5_auth_context krb5_auth_context;
  44
  45 #include "encryption.h"
  46 #include "fieldbits.h"
  47 #include "k5-errors.h"
  48 #include "proto.h"
  49 #include "macros.h"
  50 #include "error_def.h"
  51
  52 /* Time set */
  53 typedef struct _krb5_ticket_times {
  54     krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
  55                                 in ticket? otherwise client can't get this */
  56     krb5_timestamp starttime;           /* optional in ticket, if not present,
  57                                            use authtime */
  58     krb5_timestamp endtime;
  59     krb5_timestamp renew_till;
  60 } krb5_ticket_times;
  61
  62 /* structure for auth data */
  63 typedef struct _krb5_authdata {
  64     krb5_magic magic;
  65     krb5_authdatatype ad_type;
  66     int length;
  67     krb5_octet *contents;
  68 } krb5_authdata;
  69
  70 /* structure for transited encoding */
  71 typedef struct _krb5_transited {
  72     krb5_magic magic;
  73     krb5_octet tr_type;
  74     krb5_data tr_contents;
  75 } krb5_transited;
  76
  77 typedef struct _krb5_enc_tkt_part {
  78     krb5_magic magic;
  79     /* to-be-encrypted portion */
  80     krb5_flags flags;                   /* flags */
  81     krb5_keyblock *session;             /* session key: includes keytype */
  82     krb5_principal client;              /* client name/realm */
  83     krb5_transited transited;           /* list of transited realms */
  84     krb5_ticket_times times;            /* auth, start, end, renew_till */
  85     krb5_address **caddrs;              /* array of ptrs to addresses */
  86     krb5_authdata **authorization_data; /* auth data */
  87 } krb5_enc_tkt_part;
  88
  89 typedef struct _krb5_ticket {
  90     krb5_magic magic;
  91     /* cleartext portion */
  92     krb5_principal server;              /* server name/realm */
  93     krb5_enc_data enc_part;             /* encryption type, kvno, encrypted
  94                                            encoding */
  95     krb5_enc_tkt_part *enc_part2;       /* ptr to decrypted version, if
  96                                            available */
  97 } krb5_ticket;
  98
  99 /* the unencrypted version */
 100 typedef struct _krb5_authenticator {
 101     krb5_magic magic;
 102     krb5_principal client;              /* client name/realm */
 103     krb5_checksum *checksum;            /* checksum, includes type, optional */
 104     krb5_int32 cusec;                   /* client usec portion */
 105     krb5_timestamp ctime;               /* client sec portion */
 106     krb5_keyblock *subkey;              /* true session key, optional */
 107     krb5_int32 seq_number;              /* sequence #, optional */
 108     krb5_authdata **authorization_data; /* New add by Ari, auth data */
 109 } krb5_authenticator;
 110
 111 typedef struct _krb5_tkt_authent {
 112     krb5_magic magic;
 113     krb5_ticket *ticket;
 114     krb5_authenticator *authenticator;
 115     krb5_flags ap_options;
 116 } krb5_tkt_authent;
 117
 118 /* credentials:  Ticket, session key, etc. */
 119 typedef struct _krb5_creds {
 120     krb5_magic magic;
 121     krb5_principal client;              /* client's principal identifier */
 122     krb5_principal server;              /* server's principal identifier */
 123     krb5_keyblock keyblock;             /* session encryption key info */
 124     krb5_ticket_times times;            /* lifetime info */
 125     krb5_boolean is_skey;               /* true if ticket is encrypted in
 126                                            another ticket's skey */
 127     krb5_flags ticket_flags;            /* flags in ticket */
 128     krb5_address **addresses;           /* addrs in ticket */
 129     krb5_data ticket;                   /* ticket string itself */
 130     krb5_data second_ticket;            /* second ticket, if related to
 131                                            ticket (via DUPLICATE-SKEY or
 132                                            ENC-TKT-IN-SKEY) */
 133     krb5_authdata **authdata;           /* authorization data */
 134 } krb5_creds;
 135
 136 /* Last request fields */
 137 typedef struct _krb5_last_req_entry {
 138     krb5_magic magic;
 139     krb5_octet lr_type;
 140     krb5_timestamp value;
 141 } krb5_last_req_entry;
 142
 143 /* pre-authentication data */
 144 typedef struct _krb5_pa_data {
 145     krb5_magic magic;
 146     krb5_ui_2  pa_type;
 147     int length;
 148     krb5_octet *contents;
 149 } krb5_pa_data;
 150
 151 typedef struct _krb5_kdc_req {
 152     krb5_magic magic;
 153     krb5_msgtype msg_type;              /* AS_REQ or TGS_REQ? */
 154     krb5_pa_data **padata;              /* e.g. encoded AP_REQ */
 155     /* real body */
 156     krb5_flags kdc_options;             /* requested options */
 157     krb5_principal client;              /* includes realm; optional */
 158     krb5_principal server;              /* includes realm (only used if no
 159                                            client) */
 160     krb5_timestamp from;                /* requested starttime */
 161     krb5_timestamp till;                /* requested endtime */
 162     krb5_timestamp rtime;               /* (optional) requested renew_till */
 163     krb5_int32 nonce;                   /* nonce to match request/response */
 164     int netypes;                        /* # of etypes, must be positive */
 165     krb5_enctype *etype;                /* requested encryption type(s) */
 166     krb5_address **addresses;           /* requested addresses, optional */
 167     krb5_enc_data authorization_data;   /* encrypted auth data; OPTIONAL */
 168     krb5_authdata **unenc_authdata;     /* unencrypted auth data,
 169                                            if available */
 170     krb5_ticket **second_ticket;        /* second ticket array; OPTIONAL */
 171 } krb5_kdc_req;
 172
 173 typedef struct _krb5_enc_kdc_rep_part {
 174     krb5_magic magic;
 175     /* encrypted part: */
 176     krb5_msgtype msg_type;              /* krb5 message type */
 177     krb5_keyblock *session;             /* session key */
 178     krb5_last_req_entry **last_req;     /* array of ptrs to entries */
 179     krb5_int32 nonce;                   /* nonce from request */
 180     krb5_timestamp key_exp;             /* expiration date */
 181     krb5_flags flags;                   /* ticket flags */
 182     krb5_ticket_times times;            /* lifetime info */
 183     krb5_principal server;              /* server's principal identifier */
 184     krb5_address **caddrs;              /* array of ptrs to addresses,
 185                                            optional */
 186 } krb5_enc_kdc_rep_part;
 187
 188 typedef struct _krb5_kdc_rep {
 189     krb5_magic magic;
 190     /* cleartext part: */
 191     krb5_msgtype msg_type;              /* AS_REP or KDC_REP? */
 192     krb5_pa_data **padata;              /* preauthentication data from KDC */
 193     krb5_principal client;              /* client's principal identifier */
 194     krb5_ticket *ticket;                /* ticket */
 195     krb5_enc_data enc_part;             /* encryption type, kvno, encrypted
 196                                            encoding */
 197     krb5_enc_kdc_rep_part *enc_part2;   /* unencrypted version, if available */
 198 } krb5_kdc_rep;
 199
 200 /* error message structure */
 201 typedef struct _krb5_error {
 202     krb5_magic magic;
 203     /* some of these may be meaningless in certain contexts */
 204     krb5_timestamp ctime;               /* client sec portion; optional */
 205     krb5_int32 cusec;                   /* client usec portion; optional */
 206     krb5_int32 susec;                   /* server usec portion */
 207     krb5_timestamp stime;               /* server sec portion */
 208     krb5_ui_4 error;                    /* error code (protocol error #'s) */
 209     krb5_principal client;              /* client's principal identifier;
 210                                            optional */
 211     krb5_principal server;              /* server's principal identifier */
 212     krb5_data text;                     /* descriptive text */
 213     krb5_data e_data;                   /* additional error-describing data */
 214 } krb5_error;
 215
 216 typedef struct _krb5_ap_req {
 217     krb5_magic magic;
 218     krb5_flags ap_options;              /* requested options */
 219     krb5_ticket *ticket;                /* ticket */
 220     krb5_enc_data authenticator;        /* authenticator (already encrypted) */
 221 } krb5_ap_req;
 222
 223 typedef struct _krb5_ap_rep {
 224     krb5_magic magic;
 225     krb5_enc_data enc_part;
 226 } krb5_ap_rep;
 227
 228 typedef struct _krb5_ap_rep_enc_part {
 229     krb5_magic magic;
 230     krb5_timestamp ctime;               /* client time, seconds portion */
 231     krb5_int32 cusec;                   /* client time, microseconds portion */
 232     krb5_keyblock *subkey;              /* true session key, optional */
 233     krb5_int32 seq_number;              /* sequence #, optional */
 234 } krb5_ap_rep_enc_part;
 235
 236 typedef struct _krb5_response {
 237     krb5_magic magic;
 238     krb5_octet message_type;
 239     krb5_data response;
 240 } krb5_response;
 241
 242 typedef struct _krb5_safe {
 243     krb5_magic magic;
 244     krb5_data user_data;                /* user data */
 245     krb5_timestamp timestamp;           /* client time, optional */
 246     krb5_int32 usec;                    /* microsecond portion of time,
 247                                            optional */
 248     krb5_int32 seq_number;              /* sequence #, optional */
 249     krb5_address *s_address;            /* sender address */
 250     krb5_address *r_address;            /* recipient address, optional */
 251     krb5_checksum *checksum;            /* data integrity checksum */
 252 } krb5_safe;
 253
 254 typedef struct _krb5_priv {
 255     krb5_magic magic;
 256     krb5_enc_data enc_part;             /* encrypted part */
 257 } krb5_priv;
 258
 259 typedef struct _krb5_priv_enc_part {
 260     krb5_magic magic;
 261     krb5_data user_data;                /* user data */
 262     krb5_timestamp timestamp;           /* client time, optional */
 263     krb5_int32 usec;                    /* microsecond portion of time, opt. */
 264     krb5_int32 seq_number;              /* sequence #, optional */
 265     krb5_address *s_address;            /* sender address */
 266     krb5_address *r_address;            /* recipient address, optional */
 267 } krb5_priv_enc_part;
 268
 269 typedef struct _krb5_cred_info {
 270     krb5_magic magic;
 271     krb5_keyblock* session;             /* session key used to encrypt */
 272                                         /* ticket */
 273     krb5_principal client;              /* client name/realm, optional */
 274     krb5_principal server;              /* server name/realm, optional */
 275     krb5_flags flags;                   /* ticket flags, optional */
 276     krb5_ticket_times times;            /* auth, start, end, renew_till, */
 277                                         /* optional */
 278     krb5_address **caddrs;              /* array of ptrs to addresses */
 279 } krb5_cred_info;
 280
 281 typedef struct _krb5_cred_enc_part {
 282     krb5_magic magic;
 283     krb5_int32 nonce;                   /* nonce, optional */
 284     krb5_timestamp timestamp;           /* client time */
 285     krb5_int32 usec;                    /* microsecond portion of time */
 286     krb5_address *s_address;            /* sender address, optional */
 287     krb5_address *r_address;            /* recipient address, optional */
 288     krb5_cred_info **ticket_info;
 289 } krb5_cred_enc_part;
 290
 291 typedef struct _krb5_cred {
 292     krb5_magic magic;
 293     krb5_ticket **tickets;              /* tickets */
 294     krb5_enc_data enc_part;             /* encrypted part */
 295     krb5_cred_enc_part *enc_part2;      /* unencrypted version, if available*/
 296 } krb5_cred;
 297
 298 /* Sandia password generation structures */
 299 typedef struct _passwd_phrase_element {
 300     krb5_magic magic;
 301     krb5_data *passwd;
 302     krb5_data *phrase;
 303 } passwd_phrase_element;
 304
 305 typedef struct _krb5_pwd_data {
 306     krb5_magic magic;
 307     int sequence_count;
 308     passwd_phrase_element **element;
 309 } krb5_pwd_data;
 310
 311 /* these need to be here so the typedefs are available for the prototypes */
 312 #include "safepriv.h"
 313 #include "ccache.h"
 314 #include "rcache.h"
 315 #include "keytab.h"
 316 #include "func-proto.h"
 317 #include "k5-free.h"
 318
 319 /* The name of the Kerberos ticket granting service... and its size */
 320 #define KRB5_TGS_NAME           "krbtgt"
 321 #define KRB5_TGS_NAME_SIZE      6
 322
 323 /* flags for recvauth */
 324 #define KRB5_RECVAUTH_SKIP_VERSION      0x0001
 325 #define KRB5_RECVAUTH_BADAUTHVERS       0x0002
 326
 327 #include "adm_defs.h"
 328
 329 #endif /* KRB5_GENERAL__ */