*/
/*
- * Begin "asn1.h"
+ * This structure is returned in the e-data field of the KRB-ERROR
+ * message when the error calling for an alternative form of
+ * authentication is returned, KRB_AP_METHOD.
*/
-#ifndef KRB5_ASN1__
-#define KRB5_ASN1__
+typedef struct _krb5_alt_method {
+ krb5_magic magic;
+ krb5_int32 method;
+ krb5_int32 length;
+ krb5_octet *data;
+} krb5_alt_method;
-/* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */
-/* here we use some knowledge of ASN.1 encodings */
-/*
- Ticket is APPLICATION 1.
- Authenticator is APPLICATION 2.
- AS_REQ is APPLICATION 10.
- AS_REP is APPLICATION 11.
- TGS_REQ is APPLICATION 12.
- TGS_REP is APPLICATION 13.
- AP_REQ is APPLICATION 14.
- AP_REP is APPLICATION 15.
- KRB_SAFE is APPLICATION 20.
- KRB_PRIV is APPLICATION 21.
- KRB_CRED is APPLICATION 22.
- EncASRepPart is APPLICATION 25.
- EncTGSRepPart is APPLICATION 26.
- EncAPRepPart is APPLICATION 27.
- EncKrbPrivPart is APPLICATION 28.
- EncKrbCredPart is APPLICATION 29.
- KRB_ERROR is APPLICATION 30.
+/*
+ * A null-terminated array of this structure is returned by the KDC as
+ * the data part of the ETYPE_INFO preauth type. It informs the
+ * client which encryption types are supported.
*/
-/* allow either constructed or primitive encoding, so check for bit 6
- set or reset */
-#define krb5_is_krb_ticket(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\
- (dat)->data[0] == 0x41))
-#define krb5_is_krb_authenticator(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\
- (dat)->data[0] == 0x42))
-#define krb5_is_as_req(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\
- (dat)->data[0] == 0x4a))
-#define krb5_is_as_rep(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\
- (dat)->data[0] == 0x4b))
-#define krb5_is_tgs_req(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\
- (dat)->data[0] == 0x4c))
-#define krb5_is_tgs_rep(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\
- (dat)->data[0] == 0x4d))
-#define krb5_is_ap_req(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\
- (dat)->data[0] == 0x4e))
-#define krb5_is_ap_rep(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\
- (dat)->data[0] == 0x4f))
-#define krb5_is_krb_safe(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\
- (dat)->data[0] == 0x54))
-#define krb5_is_krb_priv(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\
- (dat)->data[0] == 0x55))
-#define krb5_is_krb_cred(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\
- (dat)->data[0] == 0x56))
-#define krb5_is_krb_enc_as_rep_part(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\
- (dat)->data[0] == 0x59))
-#define krb5_is_krb_enc_tgs_rep_part(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\
- (dat)->data[0] == 0x5a))
-#define krb5_is_krb_enc_ap_rep_part(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\
- (dat)->data[0] == 0x5b))
-#define krb5_is_krb_enc_krb_priv_part(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\
- (dat)->data[0] == 0x5c))
-#define krb5_is_krb_enc_krb_cred_part(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\
- (dat)->data[0] == 0x5d))
-#define krb5_is_krb_error(dat)\
- ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\
- (dat)->data[0] == 0x5e))
+typedef struct _krb5_etype_info_entry {
+ krb5_magic magic;
+ krb5_int32 etype;
+ krb5_int32 length;
+ krb5_octet *salt;
+} krb5_etype_info_entry;
-/*************************************************************************
- * Prototypes for krb5_encode.c
- *************************************************************************/
+typedef krb5_etype_info_entry ** krb5_etype_info;
/*
- krb5_error_code encode_krb5_structure(const krb5_structure *rep,
- krb5_data **code);
- modifies *code
- effects Returns the ASN.1 encoding of *rep in **code.
- Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep.
- Returns ENOMEM if memory runs out.
-*/
-
-krb5_error_code encode_krb5_authenticator
- KRB5_PROTOTYPE((const krb5_authenticator *rep, krb5_data **code));
+ * Begin "dbm.h"
+ */
+#ifndef KRB5_DBM_COMPAT__
+#define KRB5_DBM_COMPAT__
-krb5_error_code encode_krb5_ticket
- KRB5_PROTOTYPE((const krb5_ticket *rep, krb5_data **code));
+#include "osconf.h"
-krb5_error_code encode_krb5_encryption_key
- KRB5_PROTOTYPE((const krb5_keyblock *rep, krb5_data **code));
+#ifndef ODBM
+#include <ndbm.h>
+#else /* ODBM */
+#ifdef unicos61
+#include <rpcsvc/dbm.h>
+#else
+#include <dbm.h>
+#endif
+#endif /*ODBM */
-krb5_error_code encode_krb5_enc_tkt_part
- KRB5_PROTOTYPE((const krb5_enc_tkt_part *rep, krb5_data **code));
+#ifndef ODBM
+#define dbm_next(db,key) dbm_nextkey(db)
+#else /* OLD DBM */
+typedef char DBM;
-krb5_error_code encode_krb5_enc_kdc_rep_part
- KRB5_PROTOTYPE((const krb5_enc_kdc_rep_part *rep, krb5_data **code));
+/* Macros to convert ndbm names to dbm names.
+ * Note that dbm_nextkey() cannot be simply converted using a macro, since
+ * it is invoked giving the database, and nextkey() needs the previous key.
+ *
+ * Instead, all routines call "dbm_next" instead.
+ */
-/* yes, the translation is identical to that used for KDC__REP */
-krb5_error_code encode_krb5_as_rep
- KRB5_PROTOTYPE((const krb5_kdc_rep *rep, krb5_data **code));
+#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0))
+#define dbm_fetch(db, key) fetch(key)
+#define dbm_store(db, key, content, flag) store(key, content)
+#define dbm_delete(db, key) delete(key)
+#define dbm_firstkey(db) firstkey()
+#define dbm_next(db,key) nextkey(key)
+#define dbm_close(db) dbmclose()
+#endif /* OLD DBM */
-/* yes, the translation is identical to that used for KDC__REP */
-krb5_error_code encode_krb5_tgs_rep
- KRB5_PROTOTYPE((const krb5_kdc_rep *rep, krb5_data **code));
+#endif /* KRB5_DBM_COMPAT__ */
+/*
+ * End "dbm.h"
+ */
-krb5_error_code encode_krb5_ap_req
- KRB5_PROTOTYPE((const krb5_ap_req *rep, krb5_data **code));
+/*
+ * Begin "ext-proto.h"
+ */
+#ifndef KRB5_EXT_PROTO__
+#define KRB5_EXT_PROTO__
-krb5_error_code encode_krb5_ap_rep
- KRB5_PROTOTYPE((const krb5_ap_rep *rep, krb5_data **code));
+#ifdef HAS_STDLIB_H
+#include <stdlib.h>
+#else
+#if defined(__STDC__) || defined(_WINDOWS)
+#ifdef NO_STDLIB_H
+#include <fake-stdlib.h>
+#else
+#include <stdlib.h>
+#endif /* NO_STDLIB_H */
+#else
+extern char *malloc(), *realloc(), *calloc();
+extern char *getenv();
+#endif /* ! __STDC__ */
+#endif /* HAS_STDLIB_H */
-krb5_error_code encode_krb5_ap_rep_enc_part
- KRB5_PROTOTYPE((const krb5_ap_rep_enc_part *rep, krb5_data **code));
+#ifdef USE_STRING_H
+#include <string.h>
+#else
+#include <strings.h>
+#endif
-krb5_error_code encode_krb5_as_req
- KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code));
+#ifndef HAS_STRDUP
+extern char *strdup KRB5_PROTOTYPE((const char *));
+#endif
-krb5_error_code encode_krb5_tgs_req
- KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code));
+#ifdef HAS_UNISTD_H
+#include <unistd.h>
+#endif
-krb5_error_code encode_krb5_kdc_req_body
- KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code));
+#endif /* KRB5_EXT_PROTO__ */
+/*
+ * End "ext-proto.h"
+ */
-krb5_error_code encode_krb5_safe
- KRB5_PROTOTYPE((const krb5_safe *rep, krb5_data **code));
+/*
+ * Begin "sysincl.h"
+ */
+#ifndef KRB5_SYSINCL__
+#define KRB5_SYSINCL__
-krb5_error_code encode_krb5_priv
- KRB5_PROTOTYPE((const krb5_priv *rep, krb5_data **code));
+#ifndef KRB5_SYSTYPES__
+#define KRB5_SYSTYPES__
+/* needed for much of the rest -- but already handled in krb5.h? */
+/* #include <sys/types.h> */
+#endif /* KRB5_SYSTYPES__ */
-krb5_error_code encode_krb5_enc_priv_part
- KRB5_PROTOTYPE((const krb5_priv_enc_part *rep, krb5_data **code));
+#include "osconf.h" /* USE*TIME_H macros */
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <time.h>
+#endif
+#else
+#include <time.h>
+#endif
-krb5_error_code encode_krb5_cred
- KRB5_PROTOTYPE((const krb5_cred *rep, krb5_data **code));
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h> /* struct stat, stat() */
+#endif
-krb5_error_code encode_krb5_enc_cred_part
- KRB5_PROTOTYPE((const krb5_cred_enc_part *rep, krb5_data **code));
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h> /* MAXPATHLEN */
+#endif
-krb5_error_code encode_krb5_error
- KRB5_PROTOTYPE((const krb5_error *rep, krb5_data **code));
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h> /* prototypes for file-related
+ syscalls; flags for open &
+ friends */
+#endif
-krb5_error_code encode_krb5_authdata
- KRB5_PROTOTYPE((const krb5_authdata **rep, krb5_data **code));
+#if defined(SYSV) || defined(_AIX)
+#include <fcntl.h>
+#endif
+#ifdef NEED_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
-krb5_error_code encode_krb5_pwd_sequence
- KRB5_PROTOTYPE((const passwd_phrase_element *rep, krb5_data **code));
+#endif /* KRB5_SYSINCL__ */
+/*
+ * End "sysincl.h"
+ */
-krb5_error_code encode_krb5_pwd_data
- KRB5_PROTOTYPE((const krb5_pwd_data *rep, krb5_data **code));
+/*
+ * Begin "los-proto.h"
+ */
+#ifndef KRB5_LIBOS_PROTO__
+#define KRB5_LIBOS_PROTO__
-krb5_error_code encode_krb5_padata_sequence
- KRB5_PROTOTYPE((const krb5_pa_data ** rep, krb5_data **code));
-
-/*************************************************************************
- * End of prototypes for krb5_encode.c
- *************************************************************************/
-
-
-/*************************************************************************
- * Prototypes for krb5_decode.c
- *************************************************************************/
-
-/*
- krb5_error_code decode_krb5_structure(const krb5_data *code,
- krb5_structure **rep);
-
- requires Expects **rep to not have been allocated;
- a new *rep is allocated regardless of the old value.
- effects Decodes *code into **rep.
- Returns ENOMEM if memory is exhausted.
- Returns asn1 and krb5 errors.
-*/
-
-krb5_error_code decode_krb5_authenticator
- KRB5_PROTOTYPE((const krb5_data *code, krb5_authenticator **rep));
-
-krb5_error_code decode_krb5_ticket
- KRB5_PROTOTYPE((const krb5_data *code, krb5_ticket **rep));
-
-krb5_error_code decode_krb5_encryption_key
- KRB5_PROTOTYPE((const krb5_data *output, krb5_keyblock **rep));
-
-krb5_error_code decode_krb5_enc_tkt_part
- KRB5_PROTOTYPE((const krb5_data *output, krb5_enc_tkt_part **rep));
-
-krb5_error_code decode_krb5_enc_kdc_rep_part
- KRB5_PROTOTYPE((const krb5_data *output, krb5_enc_kdc_rep_part **rep));
-
-krb5_error_code decode_krb5_as_rep
- KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_rep **rep));
-
-krb5_error_code decode_krb5_tgs_rep
- KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_rep **rep));
-
-krb5_error_code decode_krb5_ap_req
- KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_req **rep));
-
-krb5_error_code decode_krb5_ap_rep
- KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_rep **rep));
-
-krb5_error_code decode_krb5_ap_rep_enc_part
- KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_rep_enc_part **rep));
-
-krb5_error_code decode_krb5_as_req
- KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep));
-
-krb5_error_code decode_krb5_tgs_req
- KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep));
-
-krb5_error_code decode_krb5_kdc_req_body
- KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep));
-
-krb5_error_code decode_krb5_safe
- KRB5_PROTOTYPE((const krb5_data *output, krb5_safe **rep));
-
-krb5_error_code decode_krb5_priv
- KRB5_PROTOTYPE((const krb5_data *output, krb5_priv **rep));
-
-krb5_error_code decode_krb5_enc_priv_part
- KRB5_PROTOTYPE((const krb5_data *output, krb5_priv_enc_part **rep));
-
-krb5_error_code decode_krb5_cred
- KRB5_PROTOTYPE((const krb5_data *output, krb5_cred **rep));
-
-krb5_error_code decode_krb5_enc_cred_part
- KRB5_PROTOTYPE((const krb5_data *output, krb5_cred_enc_part **rep));
-
-krb5_error_code decode_krb5_error
- KRB5_PROTOTYPE((const krb5_data *output, krb5_error **rep));
-
-krb5_error_code decode_krb5_authdata
- KRB5_PROTOTYPE((const krb5_data *output, krb5_authdata ***rep));
-
-krb5_error_code decode_krb5_pwd_sequence
- KRB5_PROTOTYPE((const krb5_data *output, passwd_phrase_element **rep));
-
-krb5_error_code decode_krb5_pwd_data
- KRB5_PROTOTYPE((const krb5_data *output, krb5_pwd_data **rep));
-
-krb5_error_code decode_krb5_padata_sequence
- KRB5_PROTOTYPE((const krb5_data *output, krb5_pa_data ***rep));
-
-/*************************************************************************
- * End of prototypes for krb5_decode.c
- *************************************************************************/
-
-#endif /* KRB5_ASN1__ */
-/*
- * End "asn1.h"
- */
-
-/*
- * Begin "dbm.h"
- */
-#ifndef KRB5_DBM_COMPAT__
-#define KRB5_DBM_COMPAT__
-
-#include "osconf.h"
-
-#ifndef ODBM
-#include <ndbm.h>
-#else /* ODBM */
-#ifdef unicos61
-#include <rpcsvc/dbm.h>
-#else
-#include <dbm.h>
-#endif
-#endif /*ODBM */
-
-#ifndef ODBM
-#define dbm_next(db,key) dbm_nextkey(db)
-#else /* OLD DBM */
-typedef char DBM;
-
-/* Macros to convert ndbm names to dbm names.
- * Note that dbm_nextkey() cannot be simply converted using a macro, since
- * it is invoked giving the database, and nextkey() needs the previous key.
- *
- * Instead, all routines call "dbm_next" instead.
- */
-
-#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0))
-#define dbm_fetch(db, key) fetch(key)
-#define dbm_store(db, key, content, flag) store(key, content)
-#define dbm_delete(db, key) delete(key)
-#define dbm_firstkey(db) firstkey()
-#define dbm_next(db,key) nextkey(key)
-#define dbm_close(db) dbmclose()
-#endif /* OLD DBM */
-
-#endif /* KRB5_DBM_COMPAT__ */
-/*
- * End "dbm.h"
- */
-
-/*
- * Begin "ext-proto.h"
- */
-#ifndef KRB5_EXT_PROTO__
-#define KRB5_EXT_PROTO__
-
-#ifdef HAS_STDLIB_H
-#include <stdlib.h>
-#else
-#if defined(__STDC__) || defined(_WINDOWS)
-#ifdef NO_STDLIB_H
-#include <fake-stdlib.h>
-#else
-#include <stdlib.h>
-#endif /* NO_STDLIB_H */
-#else
-extern char *malloc(), *realloc(), *calloc();
-extern char *getenv();
-#endif /* ! __STDC__ */
-#endif /* HAS_STDLIB_H */
-
-#ifdef USE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-#ifndef HAS_STRDUP
-extern char *strdup KRB5_PROTOTYPE((const char *));
-#endif
-
-#ifdef HAS_UNISTD_H
-#include <unistd.h>
-#endif
-
-#endif /* KRB5_EXT_PROTO__ */
-/*
- * End "ext-proto.h"
- */
-
-/*
- * Begin "sysincl.h"
- */
-#ifndef KRB5_SYSINCL__
-#define KRB5_SYSINCL__
-
-#ifndef KRB5_SYSTYPES__
-#define KRB5_SYSTYPES__
-/* needed for much of the rest -- but already handled in krb5.h? */
-/* #include <sys/types.h> */
-#endif /* KRB5_SYSTYPES__ */
-
-#include "osconf.h" /* USE*TIME_H macros */
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <time.h>
-#endif
-#else
-#include <time.h>
-#endif
-
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h> /* struct stat, stat() */
-#endif
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h> /* MAXPATHLEN */
-#endif
-
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h> /* prototypes for file-related
- syscalls; flags for open &
- friends */
-#endif
-
-#if defined(SYSV) || defined(_AIX)
-#include <fcntl.h>
-#endif
-#ifdef NEED_SYS_FCNTL_H
-#include <sys/fcntl.h>
-#endif
-
-#endif /* KRB5_SYSINCL__ */
-/*
- * End "sysincl.h"
- */
-
-/*
- * Begin "los-proto.h"
- */
-#ifndef KRB5_LIBOS_PROTO__
-#define KRB5_LIBOS_PROTO__
-
-#include <stdio.h>
+#include <stdio.h>
/* libos.spec */
krb5_error_code krb5_read_password
FILE *fp));
-krb5_error_code krb5_read_message
- KRB5_PROTOTYPE((krb5_context,
- krb5_pointer,
- krb5_data *));
-krb5_error_code krb5_write_message
- KRB5_PROTOTYPE((krb5_context,
- krb5_pointer,
- krb5_data *));
+krb5_error_code krb5_read_message
+ KRB5_PROTOTYPE((krb5_context,
+ krb5_pointer,
+ krb5_data *));
+krb5_error_code krb5_write_message
+ KRB5_PROTOTYPE((krb5_context,
+ krb5_pointer,
+ krb5_data *));
+
+krb5_error_code krb5_os_init_context
+ KRB5_PROTOTYPE((krb5_context));
+
+void krb5_os_free_context
+ KRB5_PROTOTYPE((krb5_context));
+
+krb5_error_code krb5_find_config_files
+ KRB5_PROTOTYPE(());
+
+krb5_error_code krb5_make_fulladdr
+ KRB5_PROTOTYPE((krb5_context,
+ krb5_address *,
+ krb5_address *,
+ krb5_address *));
+
+/* in here to deal with stuff from lib/crypto/os */
+
+krb5_error_code krb5_crypto_os_localaddr
+ KRB5_PROTOTYPE((krb5_address ***));
+
+krb5_error_code krb5_crypto_us_timeofday
+ KRB5_PROTOTYPE((krb5_int32 *,
+ krb5_int32 *));
+
+time_t gmt_mktime KRB5_PROTOTYPE((struct tm *));
+
+#endif /* KRB5_LIBOS_PROTO__ */
+/*
+ * End "los-proto.h"
+ */
+
+/*
+ * Include the KDB definitions.
+ */
+#include "kdb.h"
+#include "kdb_dbm.h"
+
+/*
+ * Begin "libos.h"
+ */
+#ifndef KRB5_LIBOS__
+#define KRB5_LIBOS__
+
+typedef struct _krb5_os_context {
+ krb5_magic magic;
+} *krb5_os_context;
+
+/* lock mode flags */
+#define KRB5_LOCKMODE_SHARED 0x0001
+#define KRB5_LOCKMODE_EXCLUSIVE 0x0002
+#define KRB5_LOCKMODE_DONTBLOCK 0x0004
+#define KRB5_LOCKMODE_UNLOCK 0x0008
+
+#endif /* KRB5_LIBOS__ */
+/*
+ * End "libos.h"
+ */
+
+/*
+ * Define our view of the size of a DES key.
+ */
+#define KRB5_MIT_DES_KEYSIZE 8
+/*
+ * Check if des_int.h has been included before us. If so, then check to see
+ * that our view of the DES key size is the same as des_int.h's.
+ */
+#ifdef MIT_DES_KEYSIZE
+#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
+error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
+#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
+#endif /* MIT_DES_KEYSIZE */
+
+/*
+ * Begin "preauth.h"
+ *
+ * (Originally written by Glen Machin at Sandia Labs.)
+ */
+/*
+ * Sandia National Laboratories also makes no representations about the
+ * suitability of the modifications, or additions to this software for
+ * any purpose. It is provided "as is" without express or implied warranty.
+ *
+ */
+#ifndef KRB5_PREAUTH__
+#define KRB5_PREAUTH__
+
+#define MAX_PREAUTH_SIZE 20 /* Maximum size of PreAuthenticator.data */
+
+/*
+ * Note: these typedefs are subject to change.... [tytso:19920903.1609EDT]
+ */
+typedef krb5_error_code (krb5_preauth_obtain_proc)
+ KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr,
+ krb5_pa_data *pa_data));
+
+typedef krb5_error_code (krb5_preauth_verify_proc)
+ KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr,
+ krb5_data *data));
+
+typedef struct _krb5_preauth_ops {
+ krb5_magic magic;
+ int type;
+ int flags;
+ krb5_preauth_obtain_proc *obtain;
+ krb5_preauth_verify_proc *verify;
+} krb5_preauth_ops;
+
+/*
+ * Preauthentication property flags
+ */
+#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001
+#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002
+
+#if 0
+krb5_error_code get_random_padata
+ KRB5_PROTOTYPE((krb5_principal client, krb5_address **src_addr,
+ krb5_pa_data *data));
+
+krb5_error_code verify_random_padata
+ KRB5_PROTOTYPE((krb5_principal client, krb5_address **src_addr,
+ krb5_data *data));
+#endif
+
+krb5_error_code get_unixtime_padata
+ KRB5_PROTOTYPE((krb5_context, krb5_principal client,
+ krb5_address **src_addr, krb5_pa_data *data));
+
+krb5_error_code verify_unixtime_padata
+ KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr,
+ krb5_data *data));
+
+krb5_error_code get_securid_padata
+ KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr,
+ krb5_pa_data *data));
+
+krb5_error_code verify_securid_padata
+ KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr,
+ krb5_data *data));
+
+#endif /* KRB5_PREAUTH__ */
+/*
+ * End "preauth.h"
+ */
+
+/* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
+#if !defined(_MACINTOSH)
+#include "profile.h"
+#else
+typedef unsigned long profile_t;
+#endif
+
+struct _krb5_context {
+ krb5_magic magic;
+ krb5_enctype FAR *etypes;
+ int etype_count;
+ void FAR *os_context;
+ char FAR *default_realm;
+ profile_t profile;
+ void FAR *db_context;
+};
+
+/*
+ * Begin "asn1.h"
+ */
+#ifndef KRB5_ASN1__
+#define KRB5_ASN1__
+
+/* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */
+/* here we use some knowledge of ASN.1 encodings */
+/*
+ Ticket is APPLICATION 1.
+ Authenticator is APPLICATION 2.
+ AS_REQ is APPLICATION 10.
+ AS_REP is APPLICATION 11.
+ TGS_REQ is APPLICATION 12.
+ TGS_REP is APPLICATION 13.
+ AP_REQ is APPLICATION 14.
+ AP_REP is APPLICATION 15.
+ KRB_SAFE is APPLICATION 20.
+ KRB_PRIV is APPLICATION 21.
+ KRB_CRED is APPLICATION 22.
+ EncASRepPart is APPLICATION 25.
+ EncTGSRepPart is APPLICATION 26.
+ EncAPRepPart is APPLICATION 27.
+ EncKrbPrivPart is APPLICATION 28.
+ EncKrbCredPart is APPLICATION 29.
+ KRB_ERROR is APPLICATION 30.
+ */
+/* allow either constructed or primitive encoding, so check for bit 6
+ set or reset */
+#define krb5_is_krb_ticket(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\
+ (dat)->data[0] == 0x41))
+#define krb5_is_krb_authenticator(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\
+ (dat)->data[0] == 0x42))
+#define krb5_is_as_req(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\
+ (dat)->data[0] == 0x4a))
+#define krb5_is_as_rep(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\
+ (dat)->data[0] == 0x4b))
+#define krb5_is_tgs_req(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\
+ (dat)->data[0] == 0x4c))
+#define krb5_is_tgs_rep(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\
+ (dat)->data[0] == 0x4d))
+#define krb5_is_ap_req(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\
+ (dat)->data[0] == 0x4e))
+#define krb5_is_ap_rep(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\
+ (dat)->data[0] == 0x4f))
+#define krb5_is_krb_safe(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\
+ (dat)->data[0] == 0x54))
+#define krb5_is_krb_priv(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\
+ (dat)->data[0] == 0x55))
+#define krb5_is_krb_cred(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\
+ (dat)->data[0] == 0x56))
+#define krb5_is_krb_enc_as_rep_part(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\
+ (dat)->data[0] == 0x59))
+#define krb5_is_krb_enc_tgs_rep_part(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\
+ (dat)->data[0] == 0x5a))
+#define krb5_is_krb_enc_ap_rep_part(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\
+ (dat)->data[0] == 0x5b))
+#define krb5_is_krb_enc_krb_priv_part(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\
+ (dat)->data[0] == 0x5c))
+#define krb5_is_krb_enc_krb_cred_part(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\
+ (dat)->data[0] == 0x5d))
+#define krb5_is_krb_error(dat)\
+ ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\
+ (dat)->data[0] == 0x5e))
+
+/*************************************************************************
+ * Prototypes for krb5_encode.c
+ *************************************************************************/
+
+/*
+ krb5_error_code encode_krb5_structure(const krb5_structure *rep,
+ krb5_data **code);
+ modifies *code
+ effects Returns the ASN.1 encoding of *rep in **code.
+ Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep.
+ Returns ENOMEM if memory runs out.
+*/
+
+krb5_error_code encode_krb5_authenticator
+ KRB5_PROTOTYPE((const krb5_authenticator *rep, krb5_data **code));
+
+krb5_error_code encode_krb5_ticket
+ KRB5_PROTOTYPE((const krb5_ticket *rep, krb5_data **code));
+
+krb5_error_code encode_krb5_encryption_key
+ KRB5_PROTOTYPE((const krb5_keyblock *rep, krb5_data **code));
+
+krb5_error_code encode_krb5_enc_tkt_part
+ KRB5_PROTOTYPE((const krb5_enc_tkt_part *rep, krb5_data **code));
+
+krb5_error_code encode_krb5_enc_kdc_rep_part
+ KRB5_PROTOTYPE((const krb5_enc_kdc_rep_part *rep, krb5_data **code));
+
+/* yes, the translation is identical to that used for KDC__REP */
+krb5_error_code encode_krb5_as_rep
+ KRB5_PROTOTYPE((const krb5_kdc_rep *rep, krb5_data **code));
+
+/* yes, the translation is identical to that used for KDC__REP */
+krb5_error_code encode_krb5_tgs_rep
+ KRB5_PROTOTYPE((const krb5_kdc_rep *rep, krb5_data **code));
+
+krb5_error_code encode_krb5_ap_req
+ KRB5_PROTOTYPE((const krb5_ap_req *rep, krb5_data **code));
+
+krb5_error_code encode_krb5_ap_rep
+ KRB5_PROTOTYPE((const krb5_ap_rep *rep, krb5_data **code));
-krb5_error_code krb5_os_init_context
- KRB5_PROTOTYPE((krb5_context));
+krb5_error_code encode_krb5_ap_rep_enc_part
+ KRB5_PROTOTYPE((const krb5_ap_rep_enc_part *rep, krb5_data **code));
-void krb5_os_free_context
- KRB5_PROTOTYPE((krb5_context));
+krb5_error_code encode_krb5_as_req
+ KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code));
-krb5_error_code krb5_find_config_files
- KRB5_PROTOTYPE(());
+krb5_error_code encode_krb5_tgs_req
+ KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code));
-krb5_error_code krb5_make_fulladdr
- KRB5_PROTOTYPE((krb5_context,
- krb5_address *,
- krb5_address *,
- krb5_address *));
+krb5_error_code encode_krb5_kdc_req_body
+ KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code));
-/* in here to deal with stuff from lib/crypto/os */
+krb5_error_code encode_krb5_safe
+ KRB5_PROTOTYPE((const krb5_safe *rep, krb5_data **code));
-krb5_error_code krb5_crypto_os_localaddr
- KRB5_PROTOTYPE((krb5_address ***));
+krb5_error_code encode_krb5_priv
+ KRB5_PROTOTYPE((const krb5_priv *rep, krb5_data **code));
-krb5_error_code krb5_crypto_us_timeofday
- KRB5_PROTOTYPE((krb5_int32 *,
- krb5_int32 *));
+krb5_error_code encode_krb5_enc_priv_part
+ KRB5_PROTOTYPE((const krb5_priv_enc_part *rep, krb5_data **code));
-time_t gmt_mktime KRB5_PROTOTYPE((struct tm *));
+krb5_error_code encode_krb5_cred
+ KRB5_PROTOTYPE((const krb5_cred *rep, krb5_data **code));
-#endif /* KRB5_LIBOS_PROTO__ */
-/*
- * End "los-proto.h"
- */
+krb5_error_code encode_krb5_enc_cred_part
+ KRB5_PROTOTYPE((const krb5_cred_enc_part *rep, krb5_data **code));
-/*
- * Include the KDB definitions.
- */
-#include "kdb.h"
-#include "kdb_dbm.h"
+krb5_error_code encode_krb5_error
+ KRB5_PROTOTYPE((const krb5_error *rep, krb5_data **code));
-/*
- * Begin "libos.h"
- */
-#ifndef KRB5_LIBOS__
-#define KRB5_LIBOS__
+krb5_error_code encode_krb5_authdata
+ KRB5_PROTOTYPE((const krb5_authdata **rep, krb5_data **code));
-typedef struct _krb5_os_context {
- krb5_magic magic;
-} *krb5_os_context;
+krb5_error_code encode_krb5_pwd_sequence
+ KRB5_PROTOTYPE((const passwd_phrase_element *rep, krb5_data **code));
-/* lock mode flags */
-#define KRB5_LOCKMODE_SHARED 0x0001
-#define KRB5_LOCKMODE_EXCLUSIVE 0x0002
-#define KRB5_LOCKMODE_DONTBLOCK 0x0004
-#define KRB5_LOCKMODE_UNLOCK 0x0008
+krb5_error_code encode_krb5_pwd_data
+ KRB5_PROTOTYPE((const krb5_pwd_data *rep, krb5_data **code));
-#endif /* KRB5_LIBOS__ */
-/*
- * End "libos.h"
- */
+krb5_error_code encode_krb5_padata_sequence
+ KRB5_PROTOTYPE((const krb5_pa_data ** rep, krb5_data **code));
-/*
- * Define our view of the size of a DES key.
- */
-#define KRB5_MIT_DES_KEYSIZE 8
-/*
- * Check if des_int.h has been included before us. If so, then check to see
- * that our view of the DES key size is the same as des_int.h's.
- */
-#ifdef MIT_DES_KEYSIZE
-#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
-error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
-#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
-#endif /* MIT_DES_KEYSIZE */
+krb5_error_code encode_krb5_alt_method
+ KRB5_PROTOTYPE((const krb5_alt_method *, krb5_data **code));
-/*
- * Begin "preauth.h"
- *
- * (Originally written by Glen Machin at Sandia Labs.)
- */
-/*
- * Sandia National Laboratories also makes no representations about the
- * suitability of the modifications, or additions to this software for
- * any purpose. It is provided "as is" without express or implied warranty.
- *
- */
-#ifndef KRB5_PREAUTH__
-#define KRB5_PREAUTH__
+krb5_error_code encode_krb5_etype_info
+ KRB5_PROTOTYPE((const krb5_etype_info_entry **, krb5_data **code));
-#define MAX_PREAUTH_SIZE 20 /* Maximum size of PreAuthenticator.data */
+/*************************************************************************
+ * End of prototypes for krb5_encode.c
+ *************************************************************************/
+
+
+/*************************************************************************
+ * Prototypes for krb5_decode.c
+ *************************************************************************/
/*
- * Note: these typedefs are subject to change.... [tytso:19920903.1609EDT]
- */
-typedef krb5_error_code (krb5_preauth_obtain_proc)
- KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr,
- krb5_pa_data *pa_data));
+ krb5_error_code decode_krb5_structure(const krb5_data *code,
+ krb5_structure **rep);
+
+ requires Expects **rep to not have been allocated;
+ a new *rep is allocated regardless of the old value.
+ effects Decodes *code into **rep.
+ Returns ENOMEM if memory is exhausted.
+ Returns asn1 and krb5 errors.
+*/
-typedef krb5_error_code (krb5_preauth_verify_proc)
- KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr,
- krb5_data *data));
+krb5_error_code decode_krb5_authenticator
+ KRB5_PROTOTYPE((const krb5_data *code, krb5_authenticator **rep));
-typedef struct _krb5_preauth_ops {
- krb5_magic magic;
- int type;
- int flags;
- krb5_preauth_obtain_proc *obtain;
- krb5_preauth_verify_proc *verify;
-} krb5_preauth_ops;
+krb5_error_code decode_krb5_ticket
+ KRB5_PROTOTYPE((const krb5_data *code, krb5_ticket **rep));
-/*
- * Preauthentication property flags
- */
-#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001
-#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002
+krb5_error_code decode_krb5_encryption_key
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_keyblock **rep));
-#if 0
-krb5_error_code get_random_padata
- KRB5_PROTOTYPE((krb5_principal client, krb5_address **src_addr,
- krb5_pa_data *data));
+krb5_error_code decode_krb5_enc_tkt_part
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_enc_tkt_part **rep));
-krb5_error_code verify_random_padata
- KRB5_PROTOTYPE((krb5_principal client, krb5_address **src_addr,
- krb5_data *data));
-#endif
+krb5_error_code decode_krb5_enc_kdc_rep_part
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_enc_kdc_rep_part **rep));
-krb5_error_code get_unixtime_padata
- KRB5_PROTOTYPE((krb5_context, krb5_principal client,
- krb5_address **src_addr, krb5_pa_data *data));
+krb5_error_code decode_krb5_as_rep
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_rep **rep));
-krb5_error_code verify_unixtime_padata
- KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr,
- krb5_data *data));
+krb5_error_code decode_krb5_tgs_rep
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_rep **rep));
-krb5_error_code get_securid_padata
- KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr,
- krb5_pa_data *data));
+krb5_error_code decode_krb5_ap_req
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_req **rep));
-krb5_error_code verify_securid_padata
- KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr,
- krb5_data *data));
+krb5_error_code decode_krb5_ap_rep
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_rep **rep));
-#endif /* KRB5_PREAUTH__ */
+krb5_error_code decode_krb5_ap_rep_enc_part
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_rep_enc_part **rep));
+
+krb5_error_code decode_krb5_as_req
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep));
+
+krb5_error_code decode_krb5_tgs_req
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep));
+
+krb5_error_code decode_krb5_kdc_req_body
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep));
+
+krb5_error_code decode_krb5_safe
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_safe **rep));
+
+krb5_error_code decode_krb5_priv
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_priv **rep));
+
+krb5_error_code decode_krb5_enc_priv_part
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_priv_enc_part **rep));
+
+krb5_error_code decode_krb5_cred
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_cred **rep));
+
+krb5_error_code decode_krb5_enc_cred_part
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_cred_enc_part **rep));
+
+krb5_error_code decode_krb5_error
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_error **rep));
+
+krb5_error_code decode_krb5_authdata
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_authdata ***rep));
+
+krb5_error_code decode_krb5_pwd_sequence
+ KRB5_PROTOTYPE((const krb5_data *output, passwd_phrase_element **rep));
+
+krb5_error_code decode_krb5_pwd_data
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_pwd_data **rep));
+
+krb5_error_code decode_krb5_padata_sequence
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_pa_data ***rep));
+
+krb5_error_code decode_krb5_alt_method
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_alt_method **rep));
+
+krb5_error_code decode_krb5_etype_info
+ KRB5_PROTOTYPE((const krb5_data *output, krb5_etype_info_entry ***rep));
+
+/*************************************************************************
+ * End of prototypes for krb5_decode.c
+ *************************************************************************/
+
+#endif /* KRB5_ASN1__ */
/*
- * End "preauth.h"
+ * End "asn1.h"
*/
-/* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
-#if !defined(_MACINTOSH)
-#include "profile.h"
-#else
-typedef unsigned long profile_t;
-#endif
-
-struct _krb5_context {
- krb5_magic magic;
- krb5_enctype FAR *etypes;
- int etype_count;
- void FAR *os_context;
- char FAR *default_realm;
- profile_t profile;
- void FAR *db_context;
-};
#endif /* _KRB5_INT_H */
projects / krb5.git / commitdiff