1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/krb/int-proto.h - Prototypes for libkrb5 internal functions */
4 * Copyright 1990,1991 the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
27 #ifndef KRB5_INT_FUNC_PROTO__
28 #define KRB5_INT_FUNC_PROTO__
31 krb5int_tgtname(krb5_context context, const krb5_data *, const krb5_data *,
35 krb5int_libdefault_boolean(krb5_context, const krb5_data *, const char *,
38 krb5int_libdefault_string(krb5_context context, const krb5_data *realm,
39 const char *option, char **ret_value);
42 krb5_error_code krb5_ser_authdata_init (krb5_context);
43 krb5_error_code krb5_ser_address_init (krb5_context);
44 krb5_error_code krb5_ser_authenticator_init (krb5_context);
45 krb5_error_code krb5_ser_checksum_init (krb5_context);
46 krb5_error_code krb5_ser_keyblock_init (krb5_context);
47 krb5_error_code krb5_ser_principal_init (krb5_context);
48 krb5_error_code krb5_ser_authdata_context_init (krb5_context);
51 krb5_preauth_supply_preauth_data(krb5_context context,
52 krb5_gic_opt_ext *opte,
57 krb5int_construct_matching_creds(krb5_context context, krb5_flags options,
58 krb5_creds *in_creds, krb5_creds *mcreds,
61 #define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew)
63 #define IS_TGS_PRINC(c, p) \
64 (krb5_princ_size((c), (p)) == 2 && \
65 data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME))
68 krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
69 krb5_flags kdcoptions, krb5_address *const *address,
70 krb5_pa_data **in_padata,
72 krb5_error_code (*gcvt_fct)(krb5_context,
77 krb5_pa_data ***out_padata,
78 krb5_pa_data ***enc_padata,
79 krb5_creds **out_cred,
80 krb5_keyblock **out_subkey);
83 krb5int_make_tgs_request_ext(krb5_context context,
84 krb5_flags kdcoptions,
85 const krb5_ticket_times *timestruct,
86 const krb5_enctype *ktypes,
87 krb5_const_principal sname,
88 krb5_address *const *addrs,
89 krb5_authdata *const *authorization_data,
90 krb5_pa_data *const *padata,
91 const krb5_data *second_ticket,
93 krb5_error_code (*pacb_fct)(krb5_context,
98 krb5_data *request_data,
99 krb5_timestamp *timestamp,
101 krb5_keyblock **subkey);
104 krb5int_make_tgs_request(krb5_context context,
106 krb5_flags kdcoptions,
107 krb5_address *const *address,
108 krb5_pa_data **in_padata,
110 krb5_error_code (*pacb_fct)(krb5_context,
115 krb5_data *request_data,
116 krb5_timestamp *timestamp,
118 krb5_keyblock **subkey);
121 krb5int_process_tgs_reply(krb5_context context,
122 krb5_data *response_data,
124 krb5_flags kdcoptions,
125 krb5_address *const *address,
126 krb5_pa_data **in_padata,
128 krb5_timestamp timestamp,
130 krb5_keyblock *subkey,
131 krb5_pa_data ***out_padata,
132 krb5_pa_data ***out_enc_padata,
133 krb5_creds **out_cred);
135 /* The subkey field is an output parameter; if a
136 * tgs-rep is received then the subkey will be filled
137 * in with the subkey needed to decrypt the TGS
138 * response. Otherwise it will be set to null.
140 krb5_error_code krb5int_decode_tgs_rep(krb5_context, krb5_data *,
141 const krb5_keyblock *, krb5_keyusage,
144 /* Utility functions for zero-terminated enctype lists. */
145 size_t krb5int_count_etypes(const krb5_enctype *list);
146 krb5_error_code krb5int_copy_etypes(const krb5_enctype *old_list,
147 krb5_enctype **new_list);
150 krb5int_validate_times(krb5_context, krb5_ticket_times *);
153 krb5int_copy_authdatum(krb5_context, const krb5_authdata *, krb5_authdata **);
156 k5_privsafe_check_seqnum(krb5_context ctx, krb5_auth_context ac,
159 #endif /* KRB5_INT_FUNC_PROTO__ */