INDENTDIRS = \
clients \
+ include \
kadmin \
kdc \
lib/kadm5 \
slave/kpropd_rpc.c
OTHEREXCLUDES = \
+ include/k5-platform.h \
+ include/gssrpc \
lib/krb5/asn.1/asn1_decode.h \
lib/krb5/asn.1/asn1_encode.h \
lib/krb5/asn.1/asn1_k_encode.c \
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* $Header$
*
#endif
#if defined(_WIN32)
-#define CCACHE_API __declspec(dllexport)
+#define CCACHE_API __declspec(dllexport)
#if _INTEGRAL_MAX_BITS >= 64 && _MSC_VER >= 1500 && !defined(_WIN64) && !defined(_USE_32BIT_TIME_T)
#if defined(_TIME_T_DEFINED) || defined(_INC_IO) || defined(_INC_TIME) || defined(_INC_WCHAR)
ccErrInvalidCCache, /*!< CCache is invalid (e.g., it was released or destroyed). */
/* 206 */
- ccErrInvalidString, /*!< String is invalid (e.g., it was released). */
+ ccErrInvalidString, /*!< String is invalid (e.g., it was released). */
ccErrInvalidCredentials, /*!< Credentials are invalid (e.g., they were released), or they have a bad version. */
ccErrInvalidCCacheIterator, /*!< CCache iterator is invalid (e.g., it was released). */
ccErrInvalidCredentialsIterator, /*!< Credentials iterator is invalid (e.g., it was released). */
ccErrContextUnlocked, /*!< Context is not locked by the caller. */
/* 216 */
- ccErrCCacheLocked, /*!< CCache is already locked. */
+ ccErrCCacheLocked, /*!< CCache is already locked. */
ccErrCCacheUnlocked, /*!< CCache is not locked by the caller. */
ccErrBadLockType, /*!< Bad lock type. */
ccErrNeverDefault, /*!< CCache was never default. */
enum {
/* Make sure all of these are multiples of four (for alignment sanity) */
cc_v4_name_size = 40,
- cc_v4_instance_size = 40,
+ cc_v4_instance_size = 40,
cc_v4_realm_size = 40,
cc_v4_ticket_size = 1254,
cc_v4_key_size = 8
*/
struct cc_data {
/*! The type of the data as defined by the krb5_data structure. */
- cc_uint32 type;
+ cc_uint32 type;
/*! The length of \a data. */
- cc_uint32 length;
+ cc_uint32 length;
/*! The data buffer. */
- void* data;
+ void* data;
};
typedef struct cc_data cc_data;
struct cc_credentials_union {
/*! The credentials version of this credentials object. */
- cc_uint32 version;
+ cc_uint32 version;
/*! The credentials. */
union {
- /*! If \a version is #cc_credentials_v4, a pointer to a cc_credentials_v4_t. */
- cc_credentials_v4_t* credentials_v4;
- /*! If \a version is #cc_credentials_v5, a pointer to a cc_credentials_v5_t. */
- cc_credentials_v5_t* credentials_v5;
- } credentials;
+ /*! If \a version is #cc_credentials_v4, a pointer to a cc_credentials_v4_t. */
+ cc_credentials_v4_t* credentials_v4;
+ /*! If \a version is #cc_credentials_v5, a pointer to a cc_credentials_v5_t. */
+ cc_credentials_v5_t* credentials_v5;
+ } credentials;
};
typedef struct cc_credentials_union cc_credentials_union;
const char *in_name,
cc_ccache_t *out_ccache);
- /*!
- * \param in_context the context object for the cache collection.
- * \param out_ccache on exit, a ccache object for the default ccache
- * \return On success, #ccNoError. If no default ccache exists,
- * #ccErrCCacheNotFound. On failure, an error code representing the failure.
- * \brief \b cc_context_open_default_ccache(): Open the default ccache.
- *
- * Opens the default ccache. It returns a reference to the ccache in *ccache.
- *
- * This function performs the same function as calling
- * cc_context_get_default_ccache_name followed by cc_context_open_ccache,
- * but it performs it atomically.
- */
+ /*!
+ * \param in_context the context object for the cache collection.
+ * \param out_ccache on exit, a ccache object for the default ccache
+ * \return On success, #ccNoError. If no default ccache exists,
+ * #ccErrCCacheNotFound. On failure, an error code representing the failure.
+ * \brief \b cc_context_open_default_ccache(): Open the default ccache.
+ *
+ * Opens the default ccache. It returns a reference to the ccache in *ccache.
+ *
+ * This function performs the same function as calling
+ * cc_context_get_default_ccache_name followed by cc_context_open_ccache,
+ * but it performs it atomically.
+ */
cc_int32 (*open_default_ccache) (cc_context_t in_context,
cc_ccache_t *out_ccache);
- /*!
- * \param in_context the context object for the cache collection.
- * \param in_name the name of the new ccache to create
- * \param in_cred_vers the version of the credentials the new ccache will hold
- * \param in_principal the client principal of the credentials the new ccache will hold
- * \param out_ccache on exit, a ccache object for the newly created ccache
- * \return On success, #ccNoError. On failure, an error code representing the failure.
- * \brief \b cc_context_create_ccache(): Create a new ccache.
- *
- * Create a new credentials cache. The ccache is uniquely identified by its name.
- * The principal given is also associated with the ccache and the credentials
- * version specified. A NULL name is not allowed (and ccErrBadName is returned
- * if one is passed in). Only cc_credentials_v4 and cc_credentials_v5 are valid
- * input values for cred_vers. If you want to create a new ccache that will hold
- * both versions of credentials, call cc_context_create_ccache() with one version,
- * and then cc_ccache_set_principal() with the other version.
- *
- * If you want to create a new ccache (with a unique name), you should use
- * cc_context_create_new_ccache() instead. If you want to create or reinitialize
- * the default cache, you should use cc_context_create_default_ccache().
- *
- * If name is non-NULL and there is already a ccache named name:
- *
- * \li the credentials in the ccache whose version is cred_vers are removed
- * \li the principal (of the existing ccache) associated with cred_vers is set to principal
- * \li a handle for the existing ccache is returned and all existing handles for the ccache remain valid
- *
- * If no ccache named name already exists:
- *
- * \li a new empty ccache is created
- * \li the principal of the new ccache associated with cred_vers is set to principal
- * \li a handle for the new ccache is returned
- *
- * For a new ccache, the name should be any unique string. The name is not
- * intended to be presented to users.
- *
- * If the created ccache is the first ccache in the collection, it is made
- * the default ccache. Note that normally it is undesirable to create the first
- * ccache with a name different from the default ccache name (as returned by
- * cc_context_get_default_ccache_name()); see the description of
- * cc_context_get_default_ccache_name() for details.
- *
- * The principal should be a C string containing an unparsed Kerberos principal
- * in the format of the appropriate Kerberos version, i.e. \verbatim foo.bar/@BAZ
- * \endverbatim for Kerberos v4 and \verbatim foo/bar/@BAZ \endverbatim
- * for Kerberos v5.
- */
- cc_int32 (*create_ccache) (cc_context_t in_context,
+ /*!
+ * \param in_context the context object for the cache collection.
+ * \param in_name the name of the new ccache to create
+ * \param in_cred_vers the version of the credentials the new ccache will hold
+ * \param in_principal the client principal of the credentials the new ccache will hold
+ * \param out_ccache on exit, a ccache object for the newly created ccache
+ * \return On success, #ccNoError. On failure, an error code representing the failure.
+ * \brief \b cc_context_create_ccache(): Create a new ccache.
+ *
+ * Create a new credentials cache. The ccache is uniquely identified by its name.
+ * The principal given is also associated with the ccache and the credentials
+ * version specified. A NULL name is not allowed (and ccErrBadName is returned
+ * if one is passed in). Only cc_credentials_v4 and cc_credentials_v5 are valid
+ * input values for cred_vers. If you want to create a new ccache that will hold
+ * both versions of credentials, call cc_context_create_ccache() with one version,
+ * and then cc_ccache_set_principal() with the other version.
+ *
+ * If you want to create a new ccache (with a unique name), you should use
+ * cc_context_create_new_ccache() instead. If you want to create or reinitialize
+ * the default cache, you should use cc_context_create_default_ccache().
+ *
+ * If name is non-NULL and there is already a ccache named name:
+ *
+ * \li the credentials in the ccache whose version is cred_vers are removed
+ * \li the principal (of the existing ccache) associated with cred_vers is set to principal
+ * \li a handle for the existing ccache is returned and all existing handles for the ccache remain valid
+ *
+ * If no ccache named name already exists:
+ *
+ * \li a new empty ccache is created
+ * \li the principal of the new ccache associated with cred_vers is set to principal
+ * \li a handle for the new ccache is returned
+ *
+ * For a new ccache, the name should be any unique string. The name is not
+ * intended to be presented to users.
+ *
+ * If the created ccache is the first ccache in the collection, it is made
+ * the default ccache. Note that normally it is undesirable to create the first
+ * ccache with a name different from the default ccache name (as returned by
+ * cc_context_get_default_ccache_name()); see the description of
+ * cc_context_get_default_ccache_name() for details.
+ *
+ * The principal should be a C string containing an unparsed Kerberos principal
+ * in the format of the appropriate Kerberos version, i.e. \verbatim foo.bar/@BAZ
+ * \endverbatim for Kerberos v4 and \verbatim foo/bar/@BAZ \endverbatim
+ * for Kerberos v5.
+ */
+ cc_int32 (*create_ccache) (cc_context_t in_context,
const char *in_name,
cc_uint32 in_cred_vers,
const char *in_principal,
cc_ccache_t *out_ccache);
- /*!
- * \param in_context the context object for the cache collection.
- * \param in_cred_vers the version of the credentials the new default ccache will hold
- * \param in_principal the client principal of the credentials the new default ccache will hold
- * \param out_ccache on exit, a ccache object for the newly created default ccache
- * \return On success, #ccNoError. On failure, an error code representing the failure.
- * \brief \b cc_context_create_default_ccache(): Create a new default ccache.
- *
- * Create the default credentials cache. The behavior of this function is
- * similar to that of cc_create_ccache(). If there is a default ccache
- * (which is always the case except when there are no ccaches at all in
- * the collection), it is initialized with the specified credentials version
- * and principal, as per cc_create_ccache(); otherwise, a new ccache is
- * created, and its name is the name returned by
- * cc_context_get_default_ccache_name().
- */
- cc_int32 (*create_default_ccache) (cc_context_t in_context,
+ /*!
+ * \param in_context the context object for the cache collection.
+ * \param in_cred_vers the version of the credentials the new default ccache will hold
+ * \param in_principal the client principal of the credentials the new default ccache will hold
+ * \param out_ccache on exit, a ccache object for the newly created default ccache
+ * \return On success, #ccNoError. On failure, an error code representing the failure.
+ * \brief \b cc_context_create_default_ccache(): Create a new default ccache.
+ *
+ * Create the default credentials cache. The behavior of this function is
+ * similar to that of cc_create_ccache(). If there is a default ccache
+ * (which is always the case except when there are no ccaches at all in
+ * the collection), it is initialized with the specified credentials version
+ * and principal, as per cc_create_ccache(); otherwise, a new ccache is
+ * created, and its name is the name returned by
+ * cc_context_get_default_ccache_name().
+ */
+ cc_int32 (*create_default_ccache) (cc_context_t in_context,
cc_uint32 in_cred_vers,
const char *in_principal,
cc_ccache_t *out_ccache);
- /*!
- * \param in_context the context object for the cache collection.
- * \param in_cred_vers the version of the credentials the new ccache will hold
- * \param in_principal the client principal of the credentials the new ccache will hold
- * \param out_ccache on exit, a ccache object for the newly created ccache
- * \return On success, #ccNoError. On failure, an error code representing the failure.
- * \brief \b cc_context_create_new_ccache(): Create a new uniquely named ccache.
- *
- * Create a new unique credentials cache. The behavior of this function
- * is similar to that of cc_create_ccache(). If there are no ccaches, and
- * therefore no default ccache, the new ccache is created with the default
- * ccache name as would be returned by get_default_ccache_name(). If there
- * are some ccaches, and therefore there is a default ccache, the new ccache
- * is created with a new unique name. Clearly, this function never reinitializes
- * a ccache, since it always uses a unique name.
- */
- cc_int32 (*create_new_ccache) (cc_context_t in_context,
+ /*!
+ * \param in_context the context object for the cache collection.
+ * \param in_cred_vers the version of the credentials the new ccache will hold
+ * \param in_principal the client principal of the credentials the new ccache will hold
+ * \param out_ccache on exit, a ccache object for the newly created ccache
+ * \return On success, #ccNoError. On failure, an error code representing the failure.
+ * \brief \b cc_context_create_new_ccache(): Create a new uniquely named ccache.
+ *
+ * Create a new unique credentials cache. The behavior of this function
+ * is similar to that of cc_create_ccache(). If there are no ccaches, and
+ * therefore no default ccache, the new ccache is created with the default
+ * ccache name as would be returned by get_default_ccache_name(). If there
+ * are some ccaches, and therefore there is a default ccache, the new ccache
+ * is created with a new unique name. Clearly, this function never reinitializes
+ * a ccache, since it always uses a unique name.
+ */
+ cc_int32 (*create_new_ccache) (cc_context_t in_context,
cc_uint32 in_cred_vers,
const char *in_principal,
cc_ccache_t *out_ccache);
- /*!
- * \param in_context the context object for the cache collection.
- * \param out_iterator on exit, a ccache iterator object for the ccache collection.
- * \return On success, #ccNoError. On failure, an error code representing the failure.
- * \brief \b cc_context_new_ccache_iterator(): Get an iterator for the cache collection.
- *
- * Used to allocate memory and initialize iterator. Successive calls to iterator's
- * next() function will return ccaches in the collection.
- *
- * If changes are made to the collection while an iterator is being used
- * on it, the iterator must return at least the intersection, and at most
- * the union, of the set of ccaches that were present when the iteration
- * began and the set of ccaches that are present when it ends.
- */
- cc_int32 (*new_ccache_iterator) (cc_context_t in_context,
+ /*!
+ * \param in_context the context object for the cache collection.
+ * \param out_iterator on exit, a ccache iterator object for the ccache collection.
+ * \return On success, #ccNoError. On failure, an error code representing the failure.
+ * \brief \b cc_context_new_ccache_iterator(): Get an iterator for the cache collection.
+ *
+ * Used to allocate memory and initialize iterator. Successive calls to iterator's
+ * next() function will return ccaches in the collection.
+ *
+ * If changes are made to the collection while an iterator is being used
+ * on it, the iterator must return at least the intersection, and at most
+ * the union, of the set of ccaches that were present when the iteration
+ * began and the set of ccaches that are present when it ends.
+ */
+ cc_int32 (*new_ccache_iterator) (cc_context_t in_context,
cc_ccache_iterator_t *out_iterator);
- /*!
- * \param in_context the context object for the cache collection.
- * \param in_lock_type the type of lock to obtain.
- * \param in_block whether or not the function should block if the lock cannot be obtained immediately.
- * \return On success, #ccNoError. On failure, an error code representing the failure.
- * \brief \b cc_context_lock(): Lock the cache collection.
- *
- * Attempts to acquire an advisory lock for the ccache collection. Allowed values
- * for lock_type are:
- *
- * \li cc_lock_read: a read lock.
- * \li cc_lock_write: a write lock
- * \li cc_lock_upgrade: upgrade an already-obtained read lock to a write lock
- * \li cc_lock_downgrade: downgrade an already-obtained write lock to a read lock
- *
- * If block is cc_lock_block, lock() will not return until the lock is acquired.
- * If block is cc_lock_noblock, lock() will return immediately, either acquiring
- * the lock and returning ccNoError, or failing to acquire the lock and returning
- * an error explaining why.
- *
- * Locks apply only to the list of ccaches, not the contents of those ccaches. To
- * prevent callers participating in the advisory locking from changing the credentials
- * in a cache you must also lock that ccache with cc_ccache_lock(). This is so
- * that you can get the list of ccaches without preventing applications from
- * simultaneously obtaining service tickets.
- *
- * To avoid having to deal with differences between thread semantics on different
- * platforms, locks are granted per context, rather than per thread or per process.
- * That means that different threads of execution have to acquire separate contexts
- * in order to be able to synchronize with each other.
- *
- * The lock should be unlocked by using cc_context_unlock().
- *
- * \note All locks are advisory. For example, callers which do not call
- * cc_context_lock() and cc_context_unlock() will not be prevented from writing
- * to the cache collection when you have a read lock. This is because the CCAPI
- * locking was added after the first release and thus adding mandatory locks would
- * have changed the user experience and performance of existing applications.
- */
- cc_int32 (*lock) (cc_context_t in_context,
+ /*!
+ * \param in_context the context object for the cache collection.
+ * \param in_lock_type the type of lock to obtain.
+ * \param in_block whether or not the function should block if the lock cannot be obtained immediately.
+ * \return On success, #ccNoError. On failure, an error code representing the failure.
+ * \brief \b cc_context_lock(): Lock the cache collection.
+ *
+ * Attempts to acquire an advisory lock for the ccache collection. Allowed values
+ * for lock_type are:
+ *
+ * \li cc_lock_read: a read lock.
+ * \li cc_lock_write: a write lock
+ * \li cc_lock_upgrade: upgrade an already-obtained read lock to a write lock
+ * \li cc_lock_downgrade: downgrade an already-obtained write lock to a read lock
+ *
+ * If block is cc_lock_block, lock() will not return until the lock is acquired.
+ * If block is cc_lock_noblock, lock() will return immediately, either acquiring
+ * the lock and returning ccNoError, or failing to acquire the lock and returning
+ * an error explaining why.
+ *
+ * Locks apply only to the list of ccaches, not the contents of those ccaches. To
+ * prevent callers participating in the advisory locking from changing the credentials
+ * in a cache you must also lock that ccache with cc_ccache_lock(). This is so
+ * that you can get the list of ccaches without preventing applications from
+ * simultaneously obtaining service tickets.
+ *
+ * To avoid having to deal with differences between thread semantics on different
+ * platforms, locks are granted per context, rather than per thread or per process.
+ * That means that different threads of execution have to acquire separate contexts
+ * in order to be able to synchronize with each other.
+ *
+ * The lock should be unlocked by using cc_context_unlock().
+ *
+ * \note All locks are advisory. For example, callers which do not call
+ * cc_context_lock() and cc_context_unlock() will not be prevented from writing
+ * to the cache collection when you have a read lock. This is because the CCAPI
+ * locking was added after the first release and thus adding mandatory locks would
+ * have changed the user experience and performance of existing applications.
+ */
+ cc_int32 (*lock) (cc_context_t in_context,
cc_uint32 in_lock_type,
cc_uint32 in_block);
- /*!
- * \param in_context the context object for the cache collection.
- * \return On success, #ccNoError. On failure, an error code representing the failure.
- * \brief \b cc_context_unlock(): Unlock the cache collection.
- */
- cc_int32 (*unlock) (cc_context_t in_cc_context);
-
- /*!
- * \param in_context a context object.
- * \param in_compare_to_context a context object to compare with \a in_context.
- * \param out_equal on exit, whether or not the two contexts refer to the same cache collection.
- * \return On success, #ccNoError. On failure, an error code representing the failure.
- * \brief \b cc_context_compare(): Compare two context objects.
- */
- cc_int32 (*compare) (cc_context_t in_cc_context,
- cc_context_t in_compare_to_context,
- cc_uint32 *out_equal);
-
- /*!
- * \param in_context a context object.
- * \return On success, #ccNoError. On failure, an error code representing the failure.
- * \brief \b cc_context_wait_for_change(): Wait for the next change in the cache collection.
- *
- * This function blocks until the next change is made to the cache collection
- * ccache collection. By repeatedly calling cc_context_wait_for_change() from
- * a worker thread the caller can effectively receive callbacks whenever the
- * cache collection changes. This is considerably more efficient than polling
- * with cc_context_get_change_time().
- *
- * cc_context_wait_for_change() will return whenever:
- *
- * \li a ccache is created
- * \li a ccache is destroyed
- * \li a credential is stored
- * \li a credential is removed
- * \li a ccache principal is changed
- * \li the default ccache is changed
- *
- * \note In order to make sure that the caller doesn't miss any changes,
- * cc_context_wait_for_change() always returns immediately after the first time it
- * is called on a new context object. Callers must use the same context object
- * for successive calls to cc_context_wait_for_change() rather than creating a new
- * context for every call.
- *
- * \sa get_change_time
- */
- cc_int32 (*wait_for_change) (cc_context_t in_cc_context);
+ /*!
+ * \param in_context the context object for the cache collection.
+ * \return On success, #ccNoError. On failure, an error code representing the failure.
+ * \brief \b cc_context_unlock(): Unlock the cache collection.
+ */
+ cc_int32 (*unlock) (cc_context_t in_cc_context);
+
+ /*!
+ * \param in_context a context object.
+ * \param in_compare_to_context a context object to compare with \a in_context.
+ * \param out_equal on exit, whether or not the two contexts refer to the same cache collection.
+ * \return On success, #ccNoError. On failure, an error code representing the failure.
+ * \brief \b cc_context_compare(): Compare two context objects.
+ */
+ cc_int32 (*compare) (cc_context_t in_cc_context,
+ cc_context_t in_compare_to_context,
+ cc_uint32 *out_equal);
+
+ /*!
+ * \param in_context a context object.
+ * \return On success, #ccNoError. On failure, an error code representing the failure.
+ * \brief \b cc_context_wait_for_change(): Wait for the next change in the cache collection.
+ *
+ * This function blocks until the next change is made to the cache collection
+ * ccache collection. By repeatedly calling cc_context_wait_for_change() from
+ * a worker thread the caller can effectively receive callbacks whenever the
+ * cache collection changes. This is considerably more efficient than polling
+ * with cc_context_get_change_time().
+ *
+ * cc_context_wait_for_change() will return whenever:
+ *
+ * \li a ccache is created
+ * \li a ccache is destroyed
+ * \li a credential is stored
+ * \li a credential is removed
+ * \li a ccache principal is changed
+ * \li the default ccache is changed
+ *
+ * \note In order to make sure that the caller doesn't miss any changes,
+ * cc_context_wait_for_change() always returns immediately after the first time it
+ * is called on a new context object. Callers must use the same context object
+ * for successive calls to cc_context_wait_for_change() rather than creating a new
+ * context for every call.
+ *
+ * \sa get_change_time
+ */
+ cc_int32 (*wait_for_change) (cc_context_t in_cc_context);
};
/*!
* @{ */
/*! Helper macro for cc_context_f release() */
-#define cc_context_release(context) \
- ((context) -> functions -> release (context))
+#define cc_context_release(context) \
+ ((context) -> functions -> release (context))
/*! Helper macro for cc_context_f get_change_time() */
-#define cc_context_get_change_time(context, change_time) \
- ((context) -> functions -> get_change_time (context, change_time))
+#define cc_context_get_change_time(context, change_time) \
+ ((context) -> functions -> get_change_time (context, change_time))
/*! Helper macro for cc_context_f get_default_ccache_name() */
-#define cc_context_get_default_ccache_name(context, name) \
- ((context) -> functions -> get_default_ccache_name (context, name))
+#define cc_context_get_default_ccache_name(context, name) \
+ ((context) -> functions -> get_default_ccache_name (context, name))
/*! Helper macro for cc_context_f open_ccache() */
-#define cc_context_open_ccache(context, name, ccache) \
- ((context) -> functions -> open_ccache (context, name, ccache))
+#define cc_context_open_ccache(context, name, ccache) \
+ ((context) -> functions -> open_ccache (context, name, ccache))
/*! Helper macro for cc_context_f open_default_ccache() */
-#define cc_context_open_default_ccache(context, ccache) \
- ((context) -> functions -> open_default_ccache (context, ccache))
+#define cc_context_open_default_ccache(context, ccache) \
+ ((context) -> functions -> open_default_ccache (context, ccache))
/*! Helper macro for cc_context_f create_ccache() */
-#define cc_context_create_ccache(context, name, version, principal, ccache) \
- ((context) -> functions -> create_ccache (context, name, version, principal, ccache))
+#define cc_context_create_ccache(context, name, version, principal, ccache) \
+ ((context) -> functions -> create_ccache (context, name, version, principal, ccache))
/*! Helper macro for cc_context_f create_default_ccache() */
-#define cc_context_create_default_ccache(context, version, principal, ccache) \
- ((context) -> functions -> create_default_ccache (context, version, principal, ccache))
+#define cc_context_create_default_ccache(context, version, principal, ccache) \
+ ((context) -> functions -> create_default_ccache (context, version, principal, ccache))
/*! Helper macro for cc_context_f create_new_ccache() */
-#define cc_context_create_new_ccache(context, version, principal, ccache) \
- ((context) -> functions -> create_new_ccache (context, version, principal, ccache))
+#define cc_context_create_new_ccache(context, version, principal, ccache) \
+ ((context) -> functions -> create_new_ccache (context, version, principal, ccache))
/*! Helper macro for cc_context_f new_ccache_iterator() */
-#define cc_context_new_ccache_iterator(context, iterator) \
- ((context) -> functions -> new_ccache_iterator (context, iterator))
+#define cc_context_new_ccache_iterator(context, iterator) \
+ ((context) -> functions -> new_ccache_iterator (context, iterator))
/*! Helper macro for cc_context_f lock() */
-#define cc_context_lock(context, type, block) \
- ((context) -> functions -> lock (context, type, block))
+#define cc_context_lock(context, type, block) \
+ ((context) -> functions -> lock (context, type, block))
/*! Helper macro for cc_context_f unlock() */
-#define cc_context_unlock(context) \
- ((context) -> functions -> unlock (context))
+#define cc_context_unlock(context) \
+ ((context) -> functions -> unlock (context))
/*! Helper macro for cc_context_f compare() */
-#define cc_context_compare(context, compare_to, equal) \
- ((context) -> functions -> compare (context, compare_to, equal))
+#define cc_context_compare(context, compare_to, equal) \
+ ((context) -> functions -> compare (context, compare_to, equal))
/*! Helper macro for cc_context_f wait_for_change() */
-#define cc_context_wait_for_change(context) \
- ((context) -> functions -> wait_for_change (context))
+#define cc_context_wait_for_change(context) \
+ ((context) -> functions -> wait_for_change (context))
/*! Helper macro for cc_ccache_f release() */
-#define cc_ccache_release(ccache) \
- ((ccache) -> functions -> release (ccache))
+#define cc_ccache_release(ccache) \
+ ((ccache) -> functions -> release (ccache))
/*! Helper macro for cc_ccache_f destroy() */
-#define cc_ccache_destroy(ccache) \
- ((ccache) -> functions -> destroy (ccache))
+#define cc_ccache_destroy(ccache) \
+ ((ccache) -> functions -> destroy (ccache))
/*! Helper macro for cc_ccache_f set_default() */
-#define cc_ccache_set_default(ccache) \
- ((ccache) -> functions -> set_default (ccache))
+#define cc_ccache_set_default(ccache) \
+ ((ccache) -> functions -> set_default (ccache))
/*! Helper macro for cc_ccache_f get_credentials_version() */
-#define cc_ccache_get_credentials_version(ccache, version) \
- ((ccache) -> functions -> get_credentials_version (ccache, version))
+#define cc_ccache_get_credentials_version(ccache, version) \
+ ((ccache) -> functions -> get_credentials_version (ccache, version))
/*! Helper macro for cc_ccache_f get_name() */
-#define cc_ccache_get_name(ccache, name) \
- ((ccache) -> functions -> get_name (ccache, name))
+#define cc_ccache_get_name(ccache, name) \
+ ((ccache) -> functions -> get_name (ccache, name))
/*! Helper macro for cc_ccache_f get_principal() */
-#define cc_ccache_get_principal(ccache, version, principal) \
- ((ccache) -> functions -> get_principal (ccache, version, principal))
+#define cc_ccache_get_principal(ccache, version, principal) \
+ ((ccache) -> functions -> get_principal (ccache, version, principal))
/*! Helper macro for cc_ccache_f set_principal() */
-#define cc_ccache_set_principal(ccache, version, principal) \
- ((ccache) -> functions -> set_principal (ccache, version, principal))
+#define cc_ccache_set_principal(ccache, version, principal) \
+ ((ccache) -> functions -> set_principal (ccache, version, principal))
/*! Helper macro for cc_ccache_f store_credentials() */
-#define cc_ccache_store_credentials(ccache, credentials) \
- ((ccache) -> functions -> store_credentials (ccache, credentials))
+#define cc_ccache_store_credentials(ccache, credentials) \
+ ((ccache) -> functions -> store_credentials (ccache, credentials))
/*! Helper macro for cc_ccache_f remove_credentials() */
-#define cc_ccache_remove_credentials(ccache, credentials) \
- ((ccache) -> functions -> remove_credentials (ccache, credentials))
+#define cc_ccache_remove_credentials(ccache, credentials) \
+ ((ccache) -> functions -> remove_credentials (ccache, credentials))
/*! Helper macro for cc_ccache_f new_credentials_iterator() */
-#define cc_ccache_new_credentials_iterator(ccache, iterator) \
- ((ccache) -> functions -> new_credentials_iterator (ccache, iterator))
+#define cc_ccache_new_credentials_iterator(ccache, iterator) \
+ ((ccache) -> functions -> new_credentials_iterator (ccache, iterator))
/*! Helper macro for cc_ccache_f lock() */
-#define cc_ccache_lock(ccache, type, block) \
- ((ccache) -> functions -> lock (ccache, type, block))
+#define cc_ccache_lock(ccache, type, block) \
+ ((ccache) -> functions -> lock (ccache, type, block))
/*! Helper macro for cc_ccache_f unlock() */
-#define cc_ccache_unlock(ccache) \
- ((ccache) -> functions -> unlock (ccache))
+#define cc_ccache_unlock(ccache) \
+ ((ccache) -> functions -> unlock (ccache))
/*! Helper macro for cc_ccache_f get_last_default_time() */
-#define cc_ccache_get_last_default_time(ccache, last_default_time) \
- ((ccache) -> functions -> get_last_default_time (ccache, last_default_time))
+#define cc_ccache_get_last_default_time(ccache, last_default_time) \
+ ((ccache) -> functions -> get_last_default_time (ccache, last_default_time))
/*! Helper macro for cc_ccache_f get_change_time() */
-#define cc_ccache_get_change_time(ccache, change_time) \
- ((ccache) -> functions -> get_change_time (ccache, change_time))
+#define cc_ccache_get_change_time(ccache, change_time) \
+ ((ccache) -> functions -> get_change_time (ccache, change_time))
/*! Helper macro for cc_ccache_f move() */
-#define cc_ccache_move(source, destination) \
- ((source) -> functions -> move (source, destination))
+#define cc_ccache_move(source, destination) \
+ ((source) -> functions -> move (source, destination))
/*! Helper macro for cc_ccache_f compare() */
-#define cc_ccache_compare(ccache, compare_to, equal) \
- ((ccache) -> functions -> compare (ccache, compare_to, equal))
+#define cc_ccache_compare(ccache, compare_to, equal) \
+ ((ccache) -> functions -> compare (ccache, compare_to, equal))
/*! Helper macro for cc_ccache_f get_kdc_time_offset() */
-#define cc_ccache_get_kdc_time_offset(ccache, version, time_offset) \
- ((ccache) -> functions -> get_kdc_time_offset (ccache, version, time_offset))
+#define cc_ccache_get_kdc_time_offset(ccache, version, time_offset) \
+ ((ccache) -> functions -> get_kdc_time_offset (ccache, version, time_offset))
/*! Helper macro for cc_ccache_f set_kdc_time_offset() */
-#define cc_ccache_set_kdc_time_offset(ccache, version, time_offset) \
- ((ccache) -> functions -> set_kdc_time_offset (ccache, version, time_offset))
+#define cc_ccache_set_kdc_time_offset(ccache, version, time_offset) \
+ ((ccache) -> functions -> set_kdc_time_offset (ccache, version, time_offset))
/*! Helper macro for cc_ccache_f clear_kdc_time_offset() */
-#define cc_ccache_clear_kdc_time_offset(ccache, version) \
- ((ccache) -> functions -> clear_kdc_time_offset (ccache, version))
+#define cc_ccache_clear_kdc_time_offset(ccache, version) \
+ ((ccache) -> functions -> clear_kdc_time_offset (ccache, version))
/*! Helper macro for cc_ccache_f wait_for_change() */
-#define cc_ccache_wait_for_change(ccache) \
- ((ccache) -> functions -> wait_for_change (ccache))
+#define cc_ccache_wait_for_change(ccache) \
+ ((ccache) -> functions -> wait_for_change (ccache))
/*! Helper macro for cc_string_f release() */
-#define cc_string_release(string) \
- ((string) -> functions -> release (string))
+#define cc_string_release(string) \
+ ((string) -> functions -> release (string))
/*! Helper macro for cc_credentials_f release() */
-#define cc_credentials_release(credentials) \
- ((credentials) -> functions -> release (credentials))
+#define cc_credentials_release(credentials) \
+ ((credentials) -> functions -> release (credentials))
/*! Helper macro for cc_credentials_f compare() */
-#define cc_credentials_compare(credentials, compare_to, equal) \
- ((credentials) -> functions -> compare (credentials, compare_to, equal))
+#define cc_credentials_compare(credentials, compare_to, equal) \
+ ((credentials) -> functions -> compare (credentials, compare_to, equal))
/*! Helper macro for cc_ccache_iterator_f release() */
-#define cc_ccache_iterator_release(iterator) \
- ((iterator) -> functions -> release (iterator))
+#define cc_ccache_iterator_release(iterator) \
+ ((iterator) -> functions -> release (iterator))
/*! Helper macro for cc_ccache_iterator_f next() */
-#define cc_ccache_iterator_next(iterator, ccache) \
- ((iterator) -> functions -> next (iterator, ccache))
+#define cc_ccache_iterator_next(iterator, ccache) \
+ ((iterator) -> functions -> next (iterator, ccache))
/*! Helper macro for cc_ccache_iterator_f clone() */
-#define cc_ccache_iterator_clone(iterator, new_iterator) \
- ((iterator) -> functions -> clone (iterator, new_iterator))
+#define cc_ccache_iterator_clone(iterator, new_iterator) \
+ ((iterator) -> functions -> clone (iterator, new_iterator))
/*! Helper macro for cc_credentials_iterator_f release() */
-#define cc_credentials_iterator_release(iterator) \
- ((iterator) -> functions -> release (iterator))
+#define cc_credentials_iterator_release(iterator) \
+ ((iterator) -> functions -> release (iterator))
/*! Helper macro for cc_credentials_iterator_f next() */
-#define cc_credentials_iterator_next(iterator, credentials) \
- ((iterator) -> functions -> next (iterator, credentials))
+#define cc_credentials_iterator_next(iterator, credentials) \
+ ((iterator) -> functions -> next (iterator, credentials))
/*! Helper macro for cc_credentials_iterator_f clone() */
-#define cc_credentials_iterator_clone(iterator, new_iterator) \
- ((iterator) -> functions -> clone (iterator, new_iterator))
+#define cc_credentials_iterator_clone(iterator, new_iterator) \
+ ((iterator) -> functions -> clone (iterator, new_iterator))
/*!@}*/
#if TARGET_OS_MAC
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* $Header$
*
/* Credentials types are visible to the caller so we have to keep binary compatibility */
typedef struct cc_credentials_v5_compat {
- char* client;
- char* server;
- cc_data_compat keyblock;
- cc_time_t authtime;
- cc_time_t starttime;
- cc_time_t endtime;
- cc_time_t renew_till;
- cc_uint32 is_skey;
- cc_uint32 ticket_flags;
- cc_data_compat** addresses;
- cc_data_compat ticket;
- cc_data_compat second_ticket;
- cc_data_compat** authdata;
+ char* client;
+ char* server;
+ cc_data_compat keyblock;
+ cc_time_t authtime;
+ cc_time_t starttime;
+ cc_time_t endtime;
+ cc_time_t renew_till;
+ cc_uint32 is_skey;
+ cc_uint32 ticket_flags;
+ cc_data_compat** addresses;
+ cc_data_compat ticket;
+ cc_data_compat second_ticket;
+ cc_data_compat** authdata;
} cc_credentials_v5_compat;
enum {
};
typedef struct cc_credentials_v4_compat {
- unsigned char kversion;
- char principal[KRB_NAME_SZ+1];
- char principal_instance[KRB_INSTANCE_SZ+1];
- char service[KRB_NAME_SZ+1];
- char service_instance[KRB_INSTANCE_SZ+1];
- char realm[KRB_REALM_SZ+1];
- unsigned char session_key[8];
- cc_int32 kvno;
- cc_int32 str_to_key;
- long issue_date;
- cc_int32 lifetime;
- cc_uint32 address;
- cc_int32 ticket_sz;
- unsigned char ticket[MAX_V4_CRED_LEN];
- unsigned long oops;
+ unsigned char kversion;
+ char principal[KRB_NAME_SZ+1];
+ char principal_instance[KRB_INSTANCE_SZ+1];
+ char service[KRB_NAME_SZ+1];
+ char service_instance[KRB_INSTANCE_SZ+1];
+ char realm[KRB_REALM_SZ+1];
+ unsigned char session_key[8];
+ cc_int32 kvno;
+ cc_int32 str_to_key;
+ long issue_date;
+ cc_int32 lifetime;
+ cc_uint32 address;
+ cc_int32 ticket_sz;
+ unsigned char ticket[MAX_V4_CRED_LEN];
+ unsigned long oops;
} cc_credentials_v4_compat;
typedef union cred_ptr_union_compat {
/* NC info structure is gone in v3 */
struct infoNC {
- char* name;
- char* principal;
- cc_int32 vers;
+ char* name;
+ char* principal;
+ cc_int32 vers;
};
typedef struct infoNC infoNC;
CCACHE_API cc_int32
cc_shutdown (apiCB **io_context)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_get_NC_info (apiCB *in_context,
infoNC ***out_info)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_get_change_time (apiCB *in_context,
cc_time_t *out_change_time)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_open (apiCB *in_context,
cc_int32 in_version,
cc_uint32 in_flags,
ccache_p **out_ccache)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_create (apiCB *in_context,
cc_int32 in_version,
cc_uint32 in_flags,
ccache_p **out_ccache)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_close (apiCB *in_context,
ccache_p **ioCCache)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_destroy (apiCB *in_context,
ccache_p **io_ccache)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_seq_fetch_NCs_begin (apiCB *in_context,
ccache_cit **out_nc_iterator)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_seq_fetch_NCs_next (apiCB *in_context,
ccache_p **out_ccache,
ccache_cit *in_nc_iterator)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_seq_fetch_NCs_end (apiCB *in_context,
ccache_cit **io_nc_iterator)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_get_name (apiCB *in_context,
ccache_p *in_ccache,
char **out_name)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_get_cred_version (apiCB *in_context,
ccache_p *in_ccache,
cc_int32 *out_version)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_set_principal (apiCB *in_context,
ccache_p *in_ccache,
cc_int32 in_version,
char *in_principal)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_get_principal (apiCB *in_context,
ccache_p *in_ccache,
char **out_principal)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_store (apiCB *in_context,
ccache_p *in_ccache,
cred_union in_credentials)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_remove_cred (apiCB *in_context,
ccache_p *in_ccache,
cred_union in_credentials)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_seq_fetch_creds_begin (apiCB *in_context,
const ccache_p *in_ccache,
ccache_cit **out_ccache_iterator)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_seq_fetch_creds_next (apiCB *in_context,
cred_union **out_cred_union,
ccache_cit *in_ccache_iterator)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_seq_fetch_creds_end (apiCB *in_context,
ccache_cit **io_ccache_iterator)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_free_principal (apiCB *in_context,
char **io_principal)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_free_name (apiCB *in_context,
char **io_name)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_free_creds (apiCB *in_context,
cred_union **io_cred_union)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_free_NC_info (apiCB *in_context,
infoNC ***io_info)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
CCACHE_API cc_int32
cc_lock_request (apiCB *in_context,
const ccache_p *in_ccache,
const cc_int32 in_lock_type)
-CCAPI_DEPRECATED;
+ CCAPI_DEPRECATED;
#if TARGET_OS_MAC
#pragma pack(pop)
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* include/krb5/adm.h
*
* or implied warranty.
*
*/
-#ifndef KRB5_ADM_H__
-#define KRB5_ADM_H__
+#ifndef KRB5_ADM_H__
+#define KRB5_ADM_H__
/*
* Kerberos V5 Change Password service name
*/
-#define KRB5_ADM_SERVICE_NAME "kpasswd"
-#define KRB5_ADM_DEFAULT_PORT 464
+#define KRB5_ADM_SERVICE_NAME "kpasswd"
+#define KRB5_ADM_DEFAULT_PORT 464
#define KRB5_ADM_SERVICE_INSTANCE "changepw"
/*
* Maximum password length.
*/
-#define KRB5_ADM_MAX_PASSWORD_LEN 512
+#define KRB5_ADM_MAX_PASSWORD_LEN 512
/*
* Protocol command strings.
*/
-#define KRB5_ADM_QUIT_CMD "QUIT"
-#define KRB5_ADM_CHECKPW_CMD "CHECKPW"
-#define KRB5_ADM_CHANGEPW_CMD "CHANGEPW"
-#define KRB5_ADM_MOTD_CMD "MOTD"
-#define KRB5_ADM_MIME_CMD "MIME"
-#define KRB5_ADM_LANGUAGE_CMD "LANGUAGE"
+#define KRB5_ADM_QUIT_CMD "QUIT"
+#define KRB5_ADM_CHECKPW_CMD "CHECKPW"
+#define KRB5_ADM_CHANGEPW_CMD "CHANGEPW"
+#define KRB5_ADM_MOTD_CMD "MOTD"
+#define KRB5_ADM_MIME_CMD "MIME"
+#define KRB5_ADM_LANGUAGE_CMD "LANGUAGE"
-#define KRB5_ADM_ADD_PRINC_CMD "ADD-PRINCIPAL"
-#define KRB5_ADM_DEL_PRINC_CMD "DELETE-PRINCIPAL"
-#define KRB5_ADM_REN_PRINC_CMD "RENAME-PRINCIPAL"
-#define KRB5_ADM_MOD_PRINC_CMD "MODIFY-PRINCIPAL"
-#define KRB5_ADM_INQ_PRINC_CMD "INQUIRE-PRINCIPAL"
-#define KRB5_ADM_EXT_KEY_CMD "EXTRACT-KEY"
+#define KRB5_ADM_ADD_PRINC_CMD "ADD-PRINCIPAL"
+#define KRB5_ADM_DEL_PRINC_CMD "DELETE-PRINCIPAL"
+#define KRB5_ADM_REN_PRINC_CMD "RENAME-PRINCIPAL"
+#define KRB5_ADM_MOD_PRINC_CMD "MODIFY-PRINCIPAL"
+#define KRB5_ADM_INQ_PRINC_CMD "INQUIRE-PRINCIPAL"
+#define KRB5_ADM_EXT_KEY_CMD "EXTRACT-KEY"
/*
* Protocol command strings for the current version of the admin
/*
* Reply status values.
*/
-#define KRB5_ADM_SUCCESS 0
-#define KRB5_ADM_CMD_UNKNOWN 1
-#define KRB5_ADM_PW_UNACCEPT 2
-#define KRB5_ADM_BAD_PW 3
-#define KRB5_ADM_NOT_IN_TKT 4
-#define KRB5_ADM_CANT_CHANGE 5
-#define KRB5_ADM_LANG_NOT_SUPPORTED 6
+#define KRB5_ADM_SUCCESS 0
+#define KRB5_ADM_CMD_UNKNOWN 1
+#define KRB5_ADM_PW_UNACCEPT 2
+#define KRB5_ADM_BAD_PW 3
+#define KRB5_ADM_NOT_IN_TKT 4
+#define KRB5_ADM_CANT_CHANGE 5
+#define KRB5_ADM_LANG_NOT_SUPPORTED 6
-#define KRB5_ADM_P_ALREADY_EXISTS 64
-#define KRB5_ADM_P_DOES_NOT_EXIST 65
-#define KRB5_ADM_NOT_AUTHORIZED 66
-#define KRB5_ADM_BAD_OPTION 67
-#define KRB5_ADM_VALUE_REQUIRED 68
-#define KRB5_ADM_SYSTEM_ERROR 69
-#define KRB5_ADM_KEY_DOES_NOT_EXIST 70
-#define KRB5_ADM_KEY_ALREADY_EXISTS 71
+#define KRB5_ADM_P_ALREADY_EXISTS 64
+#define KRB5_ADM_P_DOES_NOT_EXIST 65
+#define KRB5_ADM_NOT_AUTHORIZED 66
+#define KRB5_ADM_BAD_OPTION 67
+#define KRB5_ADM_VALUE_REQUIRED 68
+#define KRB5_ADM_SYSTEM_ERROR 69
+#define KRB5_ADM_KEY_DOES_NOT_EXIST 70
+#define KRB5_ADM_KEY_ALREADY_EXISTS 71
/*
* Principal flag keywords.
*/
/* Settable only */
-#define KRB5_ADM_KW_PASSWORD "PASSWORD"
-#define KRB5_ADM_KW_APASSWORD "APASSWORD"
-#define KRB5_ADM_KW_RANDOMKEY "RANDOMKEY"
-#define KRB5_ADM_KW_ARANDOMKEY "ARANDOMKEY"
-#define KRB5_ADM_KW_SETFLAGS "SETFLAGS"
-#define KRB5_ADM_KW_UNSETFLAGS "UNSETFLAGS"
+#define KRB5_ADM_KW_PASSWORD "PASSWORD"
+#define KRB5_ADM_KW_APASSWORD "APASSWORD"
+#define KRB5_ADM_KW_RANDOMKEY "RANDOMKEY"
+#define KRB5_ADM_KW_ARANDOMKEY "ARANDOMKEY"
+#define KRB5_ADM_KW_SETFLAGS "SETFLAGS"
+#define KRB5_ADM_KW_UNSETFLAGS "UNSETFLAGS"
/* Settable and retrievable */
-#define KRB5_ADM_KW_MAXLIFE "MAXLIFE"
-#define KRB5_ADM_KW_MAXRENEWLIFE "MAXRENEWLIFE"
-#define KRB5_ADM_KW_EXPIRATION "EXPIRATION"
-#define KRB5_ADM_KW_PWEXPIRATION "PWEXPIRATION"
-#define KRB5_ADM_KW_FLAGS "FLAGS"
-#define KRB5_ADM_KW_AUXDATA "AUXDATA"
-#define KRB5_ADM_KW_EXTRADATA "EXTRADATA"
+#define KRB5_ADM_KW_MAXLIFE "MAXLIFE"
+#define KRB5_ADM_KW_MAXRENEWLIFE "MAXRENEWLIFE"
+#define KRB5_ADM_KW_EXPIRATION "EXPIRATION"
+#define KRB5_ADM_KW_PWEXPIRATION "PWEXPIRATION"
+#define KRB5_ADM_KW_FLAGS "FLAGS"
+#define KRB5_ADM_KW_AUXDATA "AUXDATA"
+#define KRB5_ADM_KW_EXTRADATA "EXTRADATA"
/* Retrievable only */
-#define KRB5_ADM_KW_LASTPWCHANGE "LASTPWCHANGE"
-#define KRB5_ADM_KW_LASTSUCCESS "LASTSUCCESS"
-#define KRB5_ADM_KW_LASTFAILED "LASTFAILED"
-#define KRB5_ADM_KW_FAILCOUNT "FAILCOUNT"
-#define KRB5_ADM_KW_KEYDATA "KEYDATA"
+#define KRB5_ADM_KW_LASTPWCHANGE "LASTPWCHANGE"
+#define KRB5_ADM_KW_LASTSUCCESS "LASTSUCCESS"
+#define KRB5_ADM_KW_LASTFAILED "LASTFAILED"
+#define KRB5_ADM_KW_FAILCOUNT "FAILCOUNT"
+#define KRB5_ADM_KW_KEYDATA "KEYDATA"
/* Valid mask */
-#define KRB5_ADM_M_PASSWORD 0x00000001
-#define KRB5_ADM_M_MAXLIFE 0x00000002
-#define KRB5_ADM_M_MAXRENEWLIFE 0x00000004
-#define KRB5_ADM_M_EXPIRATION 0x00000008
-#define KRB5_ADM_M_PWEXPIRATION 0x00000010
-#define KRB5_ADM_M_RANDOMKEY 0x00000020
-#define KRB5_ADM_M_FLAGS 0x00000040
-#define KRB5_ADM_M_LASTPWCHANGE 0x00000080
-#define KRB5_ADM_M_LASTSUCCESS 0x00000100
-#define KRB5_ADM_M_LASTFAILED 0x00000200
-#define KRB5_ADM_M_FAILCOUNT 0x00000400
-#define KRB5_ADM_M_AUXDATA 0x00000800
-#define KRB5_ADM_M_KEYDATA 0x00001000
-#define KRB5_ADM_M_APASSWORD 0x00002000
-#define KRB5_ADM_M_ARANDOMKEY 0x00004000
-#define KRB5_ADM_M_UNUSED_15 0x00008000
-#define KRB5_ADM_M_UNUSED_16 0x00010000
-#define KRB5_ADM_M_UNUSED_17 0x00020000
-#define KRB5_ADM_M_UNUSED_18 0x00040000
-#define KRB5_ADM_M_UNUSED_19 0x00080000
-#define KRB5_ADM_M_UNUSED_20 0x00100000
-#define KRB5_ADM_M_UNUSED_21 0x00200000
-#define KRB5_ADM_M_UNUSED_22 0x00400000
-#define KRB5_ADM_M_UNUSED_23 0x00800000
-#define KRB5_ADM_M_UNUSED_24 0x01000000
-#define KRB5_ADM_M_UNUSED_25 0x02000000
-#define KRB5_ADM_M_UNUSED_26 0x04000000
-#define KRB5_ADM_M_UNUSED_27 0x08000000
-#define KRB5_ADM_M_UNUSED_28 0x10000000
-#define KRB5_ADM_M_UNUSED_29 0x20000000
-#define KRB5_ADM_M_GET 0x40000000
-#define KRB5_ADM_M_SET 0x80000000
+#define KRB5_ADM_M_PASSWORD 0x00000001
+#define KRB5_ADM_M_MAXLIFE 0x00000002
+#define KRB5_ADM_M_MAXRENEWLIFE 0x00000004
+#define KRB5_ADM_M_EXPIRATION 0x00000008
+#define KRB5_ADM_M_PWEXPIRATION 0x00000010
+#define KRB5_ADM_M_RANDOMKEY 0x00000020
+#define KRB5_ADM_M_FLAGS 0x00000040
+#define KRB5_ADM_M_LASTPWCHANGE 0x00000080
+#define KRB5_ADM_M_LASTSUCCESS 0x00000100
+#define KRB5_ADM_M_LASTFAILED 0x00000200
+#define KRB5_ADM_M_FAILCOUNT 0x00000400
+#define KRB5_ADM_M_AUXDATA 0x00000800
+#define KRB5_ADM_M_KEYDATA 0x00001000
+#define KRB5_ADM_M_APASSWORD 0x00002000
+#define KRB5_ADM_M_ARANDOMKEY 0x00004000
+#define KRB5_ADM_M_UNUSED_15 0x00008000
+#define KRB5_ADM_M_UNUSED_16 0x00010000
+#define KRB5_ADM_M_UNUSED_17 0x00020000
+#define KRB5_ADM_M_UNUSED_18 0x00040000
+#define KRB5_ADM_M_UNUSED_19 0x00080000
+#define KRB5_ADM_M_UNUSED_20 0x00100000
+#define KRB5_ADM_M_UNUSED_21 0x00200000
+#define KRB5_ADM_M_UNUSED_22 0x00400000
+#define KRB5_ADM_M_UNUSED_23 0x00800000
+#define KRB5_ADM_M_UNUSED_24 0x01000000
+#define KRB5_ADM_M_UNUSED_25 0x02000000
+#define KRB5_ADM_M_UNUSED_26 0x04000000
+#define KRB5_ADM_M_UNUSED_27 0x08000000
+#define KRB5_ADM_M_UNUSED_28 0x10000000
+#define KRB5_ADM_M_UNUSED_29 0x20000000
+#define KRB5_ADM_M_GET 0x40000000
+#define KRB5_ADM_M_SET 0x80000000
-#define KRB5_ADM_M_EXTRADATA 0x00000000 /* Hack to get */
- /* libkadm to compile */
+#define KRB5_ADM_M_EXTRADATA 0x00000000 /* Hack to get */
+ /* libkadm to compile */
-#define KRB5_ADM_M_SET_VALID (KRB5_ADM_M_SET + \
- KRB5_ADM_M_PASSWORD + \
- KRB5_ADM_M_APASSWORD + \
- KRB5_ADM_M_MAXLIFE + \
- KRB5_ADM_M_MAXRENEWLIFE+ \
- KRB5_ADM_M_EXPIRATION + \
- KRB5_ADM_M_PWEXPIRATION+ \
- KRB5_ADM_M_RANDOMKEY + \
- KRB5_ADM_M_ARANDOMKEY + \
- KRB5_ADM_M_FLAGS + \
- KRB5_ADM_M_AUXDATA)
-#define KRB5_ADM_M_GET_VALID (KRB5_ADM_M_GET + \
- KRB5_ADM_M_MAXLIFE + \
- KRB5_ADM_M_MAXRENEWLIFE+ \
- KRB5_ADM_M_EXPIRATION + \
- KRB5_ADM_M_PWEXPIRATION+ \
- KRB5_ADM_M_FLAGS + \
- KRB5_ADM_M_LASTPWCHANGE+ \
- KRB5_ADM_M_LASTSUCCESS + \
- KRB5_ADM_M_LASTFAILED + \
- KRB5_ADM_M_FAILCOUNT + \
- KRB5_ADM_M_AUXDATA + \
- KRB5_ADM_M_KEYDATA)
+#define KRB5_ADM_M_SET_VALID (KRB5_ADM_M_SET + \
+ KRB5_ADM_M_PASSWORD + \
+ KRB5_ADM_M_APASSWORD + \
+ KRB5_ADM_M_MAXLIFE + \
+ KRB5_ADM_M_MAXRENEWLIFE+ \
+ KRB5_ADM_M_EXPIRATION + \
+ KRB5_ADM_M_PWEXPIRATION+ \
+ KRB5_ADM_M_RANDOMKEY + \
+ KRB5_ADM_M_ARANDOMKEY + \
+ KRB5_ADM_M_FLAGS + \
+ KRB5_ADM_M_AUXDATA)
+#define KRB5_ADM_M_GET_VALID (KRB5_ADM_M_GET + \
+ KRB5_ADM_M_MAXLIFE + \
+ KRB5_ADM_M_MAXRENEWLIFE+ \
+ KRB5_ADM_M_EXPIRATION + \
+ KRB5_ADM_M_PWEXPIRATION+ \
+ KRB5_ADM_M_FLAGS + \
+ KRB5_ADM_M_LASTPWCHANGE+ \
+ KRB5_ADM_M_LASTSUCCESS + \
+ KRB5_ADM_M_LASTFAILED + \
+ KRB5_ADM_M_FAILCOUNT + \
+ KRB5_ADM_M_AUXDATA + \
+ KRB5_ADM_M_KEYDATA)
/*
* Keytab reply components.
*/
-#define KRB5_ADM_KT_PRINCIPAL 0
-#define KRB5_ADM_KT_TIMESTAMP 1
-#define KRB5_ADM_KT_VNO 2
-#define KRB5_ADM_KT_KEY_ENCTYPE 3
-#define KRB5_ADM_KT_KEY_KEY 4
-#define KRB5_ADM_KT_NCOMPS 5
+#define KRB5_ADM_KT_PRINCIPAL 0
+#define KRB5_ADM_KT_TIMESTAMP 1
+#define KRB5_ADM_KT_VNO 2
+#define KRB5_ADM_KT_KEY_ENCTYPE 3
+#define KRB5_ADM_KT_KEY_KEY 4
+#define KRB5_ADM_KT_NCOMPS 5
/* for krb5_key_salt_tuple */
#include "kdb.h"
* Data structure returned by krb5_read_realm_params()
*/
typedef struct __krb5_realm_params {
- char * realm_profile;
- char * realm_dbname;
- char * realm_mkey_name;
- char * realm_stash_file;
- char * realm_kdc_ports;
- char * realm_kdc_tcp_ports;
- char * realm_acl_file;
+ char * realm_profile;
+ char * realm_dbname;
+ char * realm_mkey_name;
+ char * realm_stash_file;
+ char * realm_kdc_ports;
+ char * realm_kdc_tcp_ports;
+ char * realm_acl_file;
char * realm_host_based_services;
char * realm_no_host_referral;
- krb5_int32 realm_kadmind_port;
- krb5_enctype realm_enctype;
- krb5_deltat realm_max_life;
- krb5_deltat realm_max_rlife;
- krb5_timestamp realm_expiration;
- krb5_flags realm_flags;
- krb5_key_salt_tuple *realm_keysalts;
- unsigned int realm_reject_bad_transit:1;
- unsigned int realm_kadmind_port_valid:1;
- unsigned int realm_enctype_valid:1;
- unsigned int realm_max_life_valid:1;
- unsigned int realm_max_rlife_valid:1;
- unsigned int realm_expiration_valid:1;
- unsigned int realm_flags_valid:1;
- unsigned int realm_reject_bad_transit_valid:1;
- krb5_int32 realm_num_keysalts;
+ krb5_int32 realm_kadmind_port;
+ krb5_enctype realm_enctype;
+ krb5_deltat realm_max_life;
+ krb5_deltat realm_max_rlife;
+ krb5_timestamp realm_expiration;
+ krb5_flags realm_flags;
+ krb5_key_salt_tuple *realm_keysalts;
+ unsigned int realm_reject_bad_transit:1;
+ unsigned int realm_kadmind_port_valid:1;
+ unsigned int realm_enctype_valid:1;
+ unsigned int realm_max_life_valid:1;
+ unsigned int realm_max_rlife_valid:1;
+ unsigned int realm_expiration_valid:1;
+ unsigned int realm_flags_valid:1;
+ unsigned int realm_reject_bad_transit_valid:1;
+ krb5_int32 realm_num_keysalts;
} krb5_realm_params;
-#endif /* KRB5_ADM_H__ */
+#endif /* KRB5_ADM_H__ */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* include/krb5/adm_proto.h
*
* or implied warranty.
*
*/
-#ifndef KRB5_ADM_PROTO_H__
-#define KRB5_ADM_PROTO_H__
+#ifndef KRB5_ADM_PROTO_H__
+#define KRB5_ADM_PROTO_H__
/*
* This is ugly, but avoids having to include k5-int or kdb.h for this.
*/
-#ifndef KRB5_KDB5__
+#ifndef KRB5_KDB5__
struct _krb5_db_entry;
typedef struct _krb5_db_entry krb5_db_entry;
-#endif /* KRB5_KDB5__ */
+#endif /* KRB5_KDB5__ */
/* Ditto for adm.h */
#if !defined(KRB5_ADM_H__) && !defined(__KADM5_ADMIN_H__)
struct ___krb5_realm_params;
typedef struct ___krb5_realm_params krb5_realm_params;
-#endif /* KRB5_ADM_H__ */
+#endif /* KRB5_ADM_H__ */
#ifndef KRB5_KDB5__
struct ___krb5_key_salt_tuple;
typedef struct ___krb5_key_salt_tuple krb5_key_salt_tuple;
-#endif /* KRB5_KDB5__ */
+#endif /* KRB5_KDB5__ */
/*
* Function prototypes.
*/
/* logger.c */
-krb5_error_code krb5_klog_init
- (krb5_context,
- char *,
- char *,
- krb5_boolean);
-void krb5_klog_close (krb5_context);
-int krb5_klog_syslog (int, const char *, ...)
+krb5_error_code krb5_klog_init(krb5_context, char *, char *, krb5_boolean);
+void krb5_klog_close(krb5_context);
+int krb5_klog_syslog(int, const char *, ...)
#if !defined(__cplusplus) && (__GNUC__ > 2)
__attribute__((__format__(__printf__, 2, 3)))
#endif
void krb5_klog_reopen (krb5_context);
/* alt_prof.c */
-krb5_error_code krb5_aprof_init
- (char *, char *, krb5_pointer *);
-krb5_error_code krb5_aprof_getvals
- (krb5_pointer, const char **, char ***);
-krb5_error_code krb5_aprof_get_boolean
- (krb5_pointer, const char **, int, krb5_boolean *);
-krb5_error_code krb5_aprof_get_deltat
- (krb5_pointer,
- const char **,
- krb5_boolean,
- krb5_deltat *);
-krb5_error_code krb5_aprof_get_string
- (krb5_pointer, const char **, krb5_boolean, char **);
-krb5_error_code krb5_aprof_get_string_all
- (krb5_pointer, const char **, char **);
-krb5_error_code krb5_aprof_get_int32
- (krb5_pointer,
- const char **,
- krb5_boolean,
- krb5_int32 *);
-krb5_error_code krb5_aprof_finish (krb5_pointer);
+krb5_error_code krb5_aprof_init(char *, char *, krb5_pointer *);
+krb5_error_code krb5_aprof_getvals(krb5_pointer, const char **, char ***);
+krb5_error_code krb5_aprof_get_boolean(krb5_pointer, const char **, int,
+ krb5_boolean *);
+krb5_error_code krb5_aprof_get_deltat(krb5_pointer, const char **,
+ krb5_boolean, krb5_deltat *);
+krb5_error_code krb5_aprof_get_string(krb5_pointer, const char **,
+ krb5_boolean, char **);
+krb5_error_code krb5_aprof_get_string_all(krb5_pointer, const char **,
+ char **);
+krb5_error_code krb5_aprof_get_int32(krb5_pointer, const char **,
+ krb5_boolean, krb5_int32 *);
+krb5_error_code krb5_aprof_finish(krb5_pointer);
-krb5_error_code krb5_read_realm_params (krb5_context,
- char *,
- krb5_realm_params **);
-krb5_error_code krb5_free_realm_params (krb5_context,
- krb5_realm_params *);
+krb5_error_code krb5_read_realm_params(krb5_context, char *,
+ krb5_realm_params **);
+krb5_error_code krb5_free_realm_params(krb5_context, krb5_realm_params *);
krb5_boolean krb5_match_config_pattern(const char *, const char *);
/* str_conv.c */
-krb5_error_code
-krb5_string_to_flags (char *,
- const char *,
- const char *,
- krb5_flags *);
-krb5_error_code
-krb5_flags_to_string (krb5_flags,
- const char *,
- char *,
- size_t);
-krb5_error_code
-krb5_input_flag_to_string (int,
- char *,
- size_t);
+krb5_error_code krb5_string_to_flags(char *, const char *, const char *,
+ krb5_flags *);
+krb5_error_code krb5_flags_to_string(krb5_flags, const char *, char *, size_t);
+krb5_error_code krb5_input_flag_to_string (int, char *, size_t);
/* keysalt.c */
-krb5_boolean
-krb5_keysalt_is_present (krb5_key_salt_tuple *,
- krb5_int32,
- krb5_enctype,
- krb5_int32);
-krb5_error_code
-krb5_keysalt_iterate (krb5_key_salt_tuple *,
- krb5_int32,
- krb5_boolean,
- krb5_error_code (*) (krb5_key_salt_tuple *,
- krb5_pointer),
- krb5_pointer);
+krb5_boolean krb5_keysalt_is_present(krb5_key_salt_tuple *, krb5_int32,
+ krb5_enctype, krb5_int32);
+krb5_error_code krb5_keysalt_iterate(krb5_key_salt_tuple *, krb5_int32,
+ krb5_boolean,
+ krb5_error_code (*)(krb5_key_salt_tuple *,
+ krb5_pointer),
+ krb5_pointer);
-krb5_error_code
-krb5_string_to_keysalts (char *,
- const char *,
- const char *,
- krb5_boolean,
- krb5_key_salt_tuple **,
- krb5_int32 *);
-#endif /* KRB5_ADM_PROTO_H__ */
+krb5_error_code krb5_string_to_keysalts(char *, const char *, const char *,
+ krb5_boolean, krb5_key_salt_tuple **,
+ krb5_int32 *);
+#endif /* KRB5_ADM_PROTO_H__ */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* include/cm.h
*
struct select_state {
int max, nfds;
fd_set rfds, wfds, xfds;
- struct timeval end_time; /* magic: tv_sec==0 => never time out */
+ struct timeval end_time; /* magic: tv_sec==0 => never time out */
};
/* Select state flags. */
-#define SSF_READ 0x01
-#define SSF_WRITE 0x02
-#define SSF_EXCEPTION 0x04
+#define SSF_READ 0x01
+#define SSF_WRITE 0x02
+#define SSF_EXCEPTION 0x04
static const char *const state_strings[] = {
int (*service)(struct conn_state *, struct select_state *, int);
struct addrinfo *addr;
struct {
- struct {
- sg_buf sgbuf[2];
- sg_buf *sgp;
- int sg_count;
- unsigned char msg_len_buf[4];
- } out;
- struct incoming_krb5_message in;
+ struct {
+ sg_buf sgbuf[2];
+ sg_buf *sgp;
+ int sg_count;
+ unsigned char msg_len_buf[4];
+ } out;
+ struct incoming_krb5_message in;
} x;
};
krb5_error_code krb5int_cm_call_select (const struct select_state *,
- struct select_state *, int *);
+ struct select_state *, int *);
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 1989-1994 by the Massachusetts Institute of Technology,
* Cambridge, MA, USA. All Rights Reserved.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 2001,2002,2003,2004 by the Massachusetts Institute of Technology,
* Cambridge, MA, USA. All Rights Reserved.
/* To do, maybe:
+ For AIX 4.3.3, using the RFC 2133 definition: Implement
- AI_NUMERICHOST. It's not defined in the header file.
+ AI_NUMERICHOST. It's not defined in the header file.
- For certain (old?) versions of GNU libc, AI_NUMERICHOST is
- defined but not implemented.
+ For certain (old?) versions of GNU libc, AI_NUMERICHOST is
+ defined but not implemented.
+ Use gethostbyname2, inet_aton and other IPv6 or thread-safe
- functions if available. But, see
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
- gethostbyname2 problem on Linux. And besides, if a platform is
- supporting IPv6 at all, they really should be doing getaddrinfo
- by now.
+ functions if available. But, see
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
+ gethostbyname2 problem on Linux. And besides, if a platform is
+ supporting IPv6 at all, they really should be doing getaddrinfo
+ by now.
+ inet_ntop, inet_pton
+ Conditionally export/import the function definitions, so a
- library can have a single copy instead of multiple.
+ library can have a single copy instead of multiple.
+ Upgrade host requirements to include working implementations of
- these functions, and throw all this away. Pleeease? :-) */
+ these functions, and throw all this away. Pleeease? :-) */
#ifndef FAI_DEFINED
#define FAI_DEFINED
#if !defined (HAVE_GETADDRINFO)
#undef addrinfo
-#define addrinfo my_fake_addrinfo
+#define addrinfo my_fake_addrinfo
struct addrinfo {
- int ai_family; /* PF_foo */
- int ai_socktype; /* SOCK_foo */
- int ai_protocol; /* 0, IPPROTO_foo */
- int ai_flags; /* AI_PASSIVE etc */
- size_t ai_addrlen; /* real length of socket address */
- char *ai_canonname; /* canonical name of host */
- struct sockaddr *ai_addr; /* pointer to variable-size address */
- struct addrinfo *ai_next; /* next in linked list */
+ int ai_family; /* PF_foo */
+ int ai_socktype; /* SOCK_foo */
+ int ai_protocol; /* 0, IPPROTO_foo */
+ int ai_flags; /* AI_PASSIVE etc */
+ size_t ai_addrlen; /* real length of socket address */
+ char *ai_canonname; /* canonical name of host */
+ struct sockaddr *ai_addr; /* pointer to variable-size address */
+ struct addrinfo *ai_next; /* next in linked list */
};
-#undef AI_PASSIVE
-#define AI_PASSIVE 0x01
-#undef AI_CANONNAME
-#define AI_CANONNAME 0x02
-#undef AI_NUMERICHOST
-#define AI_NUMERICHOST 0x04
+#undef AI_PASSIVE
+#define AI_PASSIVE 0x01
+#undef AI_CANONNAME
+#define AI_CANONNAME 0x02
+#undef AI_NUMERICHOST
+#define AI_NUMERICHOST 0x04
/* RFC 2553 says these are part of the interface for getipnodebyname,
not for getaddrinfo. RFC 3493 says they're part of the interface
for getaddrinfo, and getipnodeby* are deprecated. Our fake
getaddrinfo implementation here does IPv4 only anyways. */
-#undef AI_V4MAPPED
-#define AI_V4MAPPED 0
-#undef AI_ADDRCONFIG
-#define AI_ADDRCONFIG 0
-#undef AI_ALL
-#define AI_ALL 0
-#undef AI_DEFAULT
-#define AI_DEFAULT (AI_V4MAPPED|AI_ADDRCONFIG)
+#undef AI_V4MAPPED
+#define AI_V4MAPPED 0
+#undef AI_ADDRCONFIG
+#define AI_ADDRCONFIG 0
+#undef AI_ALL
+#define AI_ALL 0
+#undef AI_DEFAULT
+#define AI_DEFAULT (AI_V4MAPPED|AI_ADDRCONFIG)
#ifndef NI_MAXHOST
#define NI_MAXHOST 1025
#define NI_MAXSERV 32
#endif
-#undef NI_NUMERICHOST
-#define NI_NUMERICHOST 0x01
-#undef NI_NUMERICSERV
-#define NI_NUMERICSERV 0x02
-#undef NI_NAMEREQD
-#define NI_NAMEREQD 0x04
-#undef NI_DGRAM
-#define NI_DGRAM 0x08
-#undef NI_NOFQDN
-#define NI_NOFQDN 0x10
+#undef NI_NUMERICHOST
+#define NI_NUMERICHOST 0x01
+#undef NI_NUMERICSERV
+#define NI_NUMERICSERV 0x02
+#undef NI_NAMEREQD
+#define NI_NAMEREQD 0x04
+#undef NI_DGRAM
+#define NI_DGRAM 0x08
+#undef NI_NOFQDN
+#define NI_NOFQDN 0x10
#undef EAI_ADDRFAMILY
-#define EAI_ADDRFAMILY 1
+#define EAI_ADDRFAMILY 1
#undef EAI_AGAIN
-#define EAI_AGAIN 2
+#define EAI_AGAIN 2
#undef EAI_BADFLAGS
-#define EAI_BADFLAGS 3
+#define EAI_BADFLAGS 3
#undef EAI_FAIL
-#define EAI_FAIL 4
+#define EAI_FAIL 4
#undef EAI_FAMILY
-#define EAI_FAMILY 5
+#define EAI_FAMILY 5
#undef EAI_MEMORY
-#define EAI_MEMORY 6
+#define EAI_MEMORY 6
#undef EAI_NODATA
-#define EAI_NODATA 7
+#define EAI_NODATA 7
#undef EAI_NONAME
-#define EAI_NONAME 8
+#define EAI_NONAME 8
#undef EAI_SERVICE
-#define EAI_SERVICE 9
+#define EAI_SERVICE 9
#undef EAI_SOCKTYPE
-#define EAI_SOCKTYPE 10
+#define EAI_SOCKTYPE 10
#undef EAI_SYSTEM
-#define EAI_SYSTEM 11
+#define EAI_SYSTEM 11
#endif /* ! HAVE_GETADDRINFO */
/* Call out to stuff defined in libkrb5support. */
extern int krb5int_getaddrinfo (const char *node, const char *service,
- const struct addrinfo *hints,
- struct addrinfo **aip);
+ const struct addrinfo *hints,
+ struct addrinfo **aip);
extern void krb5int_freeaddrinfo (struct addrinfo *ai);
extern const char *krb5int_gai_strerror(int err);
extern int krb5int_getnameinfo (const struct sockaddr *sa, socklen_t salen,
- char *hbuf, size_t hbuflen,
- char *sbuf, size_t sbuflen,
- int flags);
+ char *hbuf, size_t hbuflen,
+ char *sbuf, size_t sbuflen,
+ int flags);
#ifndef IMPLEMENT_FAKE_GETADDRINFO
-#undef getaddrinfo
+#undef getaddrinfo
#define getaddrinfo krb5int_getaddrinfo
#undef freeaddrinfo
#define freeaddrinfo krb5int_freeaddrinfo
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* include/foreachaddr.c
*
extern int
krb5int_foreach_localaddr (/*@null@*/ void *data,
- int (*pass1fn) (/*@null@*/ void *,
- struct sockaddr *) /*@*/,
- /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
- /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
- struct sockaddr *) /*@*/)
+ int (*pass1fn) (/*@null@*/ void *,
+ struct sockaddr *) /*@*/,
+ /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+ /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+ struct sockaddr *) /*@*/)
#if defined(DEBUG) || defined(TEST)
- /*@modifies fileSystem@*/
+/*@modifies fileSystem@*/
#endif
;
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Wrapper so that #include <gssapi.h> will work without special include
* paths.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Please do not edit this file.
* It was generated using rpcgen.
typedef struct {
- u_int utf8str_t_len;
- char *utf8str_t_val;
+ u_int utf8str_t_len;
+ char *utf8str_t_val;
} utf8str_t;
typedef uint32_t kdb_sno_t;
struct kdbe_time_t {
- uint32_t seconds;
- uint32_t useconds;
+ uint32_t seconds;
+ uint32_t useconds;
};
typedef struct kdbe_time_t kdbe_time_t;
struct kdbe_key_t {
- int32_t k_ver;
- int32_t k_kvno;
- struct {
- u_int k_enctype_len;
- int32_t *k_enctype_val;
- } k_enctype;
- struct {
- u_int k_contents_len;
- utf8str_t *k_contents_val;
- } k_contents;
+ int32_t k_ver;
+ int32_t k_kvno;
+ struct {
+ u_int k_enctype_len;
+ int32_t *k_enctype_val;
+ } k_enctype;
+ struct {
+ u_int k_contents_len;
+ utf8str_t *k_contents_val;
+ } k_contents;
};
typedef struct kdbe_key_t kdbe_key_t;
struct kdbe_data_t {
- int32_t k_magic;
- utf8str_t k_data;
+ int32_t k_magic;
+ utf8str_t k_data;
};
typedef struct kdbe_data_t kdbe_data_t;
struct kdbe_princ_t {
- utf8str_t k_realm;
- struct {
- u_int k_components_len;
- kdbe_data_t *k_components_val;
- } k_components;
- int32_t k_nametype;
+ utf8str_t k_realm;
+ struct {
+ u_int k_components_len;
+ kdbe_data_t *k_components_val;
+ } k_components;
+ int32_t k_nametype;
};
typedef struct kdbe_princ_t kdbe_princ_t;
struct kdbe_tl_t {
- int16_t tl_type;
- struct {
- u_int tl_data_len;
- char *tl_data_val;
- } tl_data;
+ int16_t tl_type;
+ struct {
+ u_int tl_data_len;
+ char *tl_data_val;
+ } tl_data;
};
typedef struct kdbe_tl_t kdbe_tl_t;
typedef struct {
- u_int kdbe_pw_hist_t_len;
- kdbe_key_t *kdbe_pw_hist_t_val;
+ u_int kdbe_pw_hist_t_len;
+ kdbe_key_t *kdbe_pw_hist_t_val;
} kdbe_pw_hist_t;
enum kdbe_attr_type_t {
- AT_ATTRFLAGS = 0,
- AT_MAX_LIFE = 1,
- AT_MAX_RENEW_LIFE = 2,
- AT_EXP = 3,
- AT_PW_EXP = 4,
- AT_LAST_SUCCESS = 5,
- AT_LAST_FAILED = 6,
- AT_FAIL_AUTH_COUNT = 7,
- AT_PRINC = 8,
- AT_KEYDATA = 9,
- AT_TL_DATA = 10,
- AT_LEN = 11,
- AT_MOD_PRINC = 12,
- AT_MOD_TIME = 13,
- AT_MOD_WHERE = 14,
- AT_PW_LAST_CHANGE = 15,
- AT_PW_POLICY = 16,
- AT_PW_POLICY_SWITCH = 17,
- AT_PW_HIST_KVNO = 18,
- AT_PW_HIST = 19,
+ AT_ATTRFLAGS = 0,
+ AT_MAX_LIFE = 1,
+ AT_MAX_RENEW_LIFE = 2,
+ AT_EXP = 3,
+ AT_PW_EXP = 4,
+ AT_LAST_SUCCESS = 5,
+ AT_LAST_FAILED = 6,
+ AT_FAIL_AUTH_COUNT = 7,
+ AT_PRINC = 8,
+ AT_KEYDATA = 9,
+ AT_TL_DATA = 10,
+ AT_LEN = 11,
+ AT_MOD_PRINC = 12,
+ AT_MOD_TIME = 13,
+ AT_MOD_WHERE = 14,
+ AT_PW_LAST_CHANGE = 15,
+ AT_PW_POLICY = 16,
+ AT_PW_POLICY_SWITCH = 17,
+ AT_PW_HIST_KVNO = 18,
+ AT_PW_HIST = 19,
};
typedef enum kdbe_attr_type_t kdbe_attr_type_t;
struct kdbe_val_t {
- kdbe_attr_type_t av_type;
- union {
- uint32_t av_attrflags;
- uint32_t av_max_life;
- uint32_t av_max_renew_life;
- uint32_t av_exp;
- uint32_t av_pw_exp;
- uint32_t av_last_success;
- uint32_t av_last_failed;
- uint32_t av_fail_auth_count;
- kdbe_princ_t av_princ;
- struct {
- u_int av_keydata_len;
- kdbe_key_t *av_keydata_val;
- } av_keydata;
- struct {
- u_int av_tldata_len;
- kdbe_tl_t *av_tldata_val;
- } av_tldata;
- int16_t av_len;
- uint32_t av_pw_last_change;
- kdbe_princ_t av_mod_princ;
- uint32_t av_mod_time;
- utf8str_t av_mod_where;
- utf8str_t av_pw_policy;
- bool_t av_pw_policy_switch;
- uint32_t av_pw_hist_kvno;
- struct {
- u_int av_pw_hist_len;
- kdbe_pw_hist_t *av_pw_hist_val;
- } av_pw_hist;
- struct {
- u_int av_extension_len;
- char *av_extension_val;
- } av_extension;
- } kdbe_val_t_u;
+ kdbe_attr_type_t av_type;
+ union {
+ uint32_t av_attrflags;
+ uint32_t av_max_life;
+ uint32_t av_max_renew_life;
+ uint32_t av_exp;
+ uint32_t av_pw_exp;
+ uint32_t av_last_success;
+ uint32_t av_last_failed;
+ uint32_t av_fail_auth_count;
+ kdbe_princ_t av_princ;
+ struct {
+ u_int av_keydata_len;
+ kdbe_key_t *av_keydata_val;
+ } av_keydata;
+ struct {
+ u_int av_tldata_len;
+ kdbe_tl_t *av_tldata_val;
+ } av_tldata;
+ int16_t av_len;
+ uint32_t av_pw_last_change;
+ kdbe_princ_t av_mod_princ;
+ uint32_t av_mod_time;
+ utf8str_t av_mod_where;
+ utf8str_t av_pw_policy;
+ bool_t av_pw_policy_switch;
+ uint32_t av_pw_hist_kvno;
+ struct {
+ u_int av_pw_hist_len;
+ kdbe_pw_hist_t *av_pw_hist_val;
+ } av_pw_hist;
+ struct {
+ u_int av_extension_len;
+ char *av_extension_val;
+ } av_extension;
+ } kdbe_val_t_u;
};
typedef struct kdbe_val_t kdbe_val_t;
typedef struct {
- u_int kdbe_t_len;
- kdbe_val_t *kdbe_t_val;
+ u_int kdbe_t_len;
+ kdbe_val_t *kdbe_t_val;
} kdbe_t;
struct kdb_incr_update_t {
- utf8str_t kdb_princ_name;
- kdb_sno_t kdb_entry_sno;
- kdbe_time_t kdb_time;
- kdbe_t kdb_update;
- bool_t kdb_deleted;
- bool_t kdb_commit;
- struct {
- u_int kdb_kdcs_seen_by_len;
- utf8str_t *kdb_kdcs_seen_by_val;
- } kdb_kdcs_seen_by;
- struct {
- u_int kdb_futures_len;
- char *kdb_futures_val;
- } kdb_futures;
+ utf8str_t kdb_princ_name;
+ kdb_sno_t kdb_entry_sno;
+ kdbe_time_t kdb_time;
+ kdbe_t kdb_update;
+ bool_t kdb_deleted;
+ bool_t kdb_commit;
+ struct {
+ u_int kdb_kdcs_seen_by_len;
+ utf8str_t *kdb_kdcs_seen_by_val;
+ } kdb_kdcs_seen_by;
+ struct {
+ u_int kdb_futures_len;
+ char *kdb_futures_val;
+ } kdb_futures;
};
typedef struct kdb_incr_update_t kdb_incr_update_t;
typedef struct {
- u_int kdb_ulog_t_len;
- kdb_incr_update_t *kdb_ulog_t_val;
+ u_int kdb_ulog_t_len;
+ kdb_incr_update_t *kdb_ulog_t_val;
} kdb_ulog_t;
enum update_status_t {
- UPDATE_OK = 0,
- UPDATE_ERROR = 1,
- UPDATE_FULL_RESYNC_NEEDED = 2,
- UPDATE_BUSY = 3,
- UPDATE_NIL = 4,
- UPDATE_PERM_DENIED = 5,
+ UPDATE_OK = 0,
+ UPDATE_ERROR = 1,
+ UPDATE_FULL_RESYNC_NEEDED = 2,
+ UPDATE_BUSY = 3,
+ UPDATE_NIL = 4,
+ UPDATE_PERM_DENIED = 5,
};
typedef enum update_status_t update_status_t;
struct kdb_last_t {
- kdb_sno_t last_sno;
- kdbe_time_t last_time;
+ kdb_sno_t last_sno;
+ kdbe_time_t last_time;
};
typedef struct kdb_last_t kdb_last_t;
struct kdb_incr_result_t {
- kdb_last_t lastentry;
- kdb_ulog_t updates;
- update_status_t ret;
+ kdb_last_t lastentry;
+ kdb_ulog_t updates;
+ update_status_t ret;
};
typedef struct kdb_incr_result_t kdb_incr_result_t;
struct kdb_fullresync_result_t {
- kdb_last_t lastentry;
- update_status_t ret;
+ kdb_last_t lastentry;
+ update_status_t ret;
};
typedef struct kdb_fullresync_result_t kdb_fullresync_result_t;
extern kdb_fullresync_result_t * iprop_full_resync_1(void *, CLIENT *);
extern kdb_fullresync_result_t * iprop_full_resync_1_svc(void *, struct svc_req *);
#define IPROP_FULL_RESYNC_EXT 3
-extern kdb_fullresync_result_t * iprop_full_resync_ext_1(uint32_t *, CLIENT *);
-extern kdb_fullresync_result_t * iprop_full_resync_ext_1_svc(uint32_t *, struct svc_req *);
+extern kdb_fullresync_result_t * iprop_full_resync_ext_1(uint32_t *, CLIENT *);
+extern kdb_fullresync_result_t * iprop_full_resync_ext_1_svc(uint32_t *, struct svc_req *);
extern int krb5_iprop_prog_1_freeresult (SVCXPRT *, xdrproc_t, caddr_t);
#else /* K&R C */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
-#ifndef _IPROP_HDR_H
-#define _IPROP_HDR_H
+#ifndef _IPROP_HDR_H
+#define _IPROP_HDR_H
-/* #pragma ident "@(#)iprop_hdr.h 1.1 04/02/20 SMI" */
+/* #pragma ident "@(#)iprop_hdr.h 1.1 04/02/20 SMI" */
-#ifdef __cplusplus
+#ifdef __cplusplus
extern "C" {
#endif
* Maximum size for each ulog entry is 2KB and maximum
* possible attribute-value pairs for each ulog entry is 20
*/
-#define MAXENTRY_SIZE 2048
-#define MAXATTRS_SIZE 20
+#define MAXENTRY_SIZE 2048
+#define MAXATTRS_SIZE 20
-#define KIPROP_SVC_NAME "kiprop"
-#define MAX_BACKOFF 300 /* Backoff for a maximum for 5 mts */
+#define KIPROP_SVC_NAME "kiprop"
+#define MAX_BACKOFF 300 /* Backoff for a maximum for 5 mts */
enum iprop_role {
- IPROP_NULL = 0,
- IPROP_MASTER = 1,
- IPROP_SLAVE = 2
+ IPROP_NULL = 0,
+ IPROP_MASTER = 1,
+ IPROP_SLAVE = 2
};
typedef enum iprop_role iprop_role;
#define IPROPX_VERSION_1 1
#define IPROPX_VERSION IPROPX_VERSION_1
-#ifdef __cplusplus
+#ifdef __cplusplus
}
#endif
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* include/k5-buf.h
*
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* include/k5-err.h
*
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
void
krb5int_set_error (struct errinfo *ep,
- long code,
- const char *fmt, ...)
+ long code,
+ const char *fmt, ...)
#if !defined(__cplusplus) && (__GNUC__ > 2)
__attribute__((__format__(__printf__, 3, 4)))
#endif
;
void
krb5int_vset_error (struct errinfo *ep, long code,
- const char *fmt, va_list args)
+ const char *fmt, va_list args)
#if !defined(__cplusplus) && (__GNUC__ > 2)
__attribute__((__format__(__printf__, 3, 0)))
#endif
;
void
krb5int_set_error_fl (struct errinfo *ep, long code,
- const char *file, int line,
- const char *fmt, ...)
+ const char *file, int line,
+ const char *fmt, ...)
#if !defined(__cplusplus) && (__GNUC__ > 2)
__attribute__((__format__(__printf__, 5, 6)))
#endif
;
void
krb5int_vset_error_fl (struct errinfo *ep, long code,
- const char *file, int line,
- const char *fmt, va_list args)
+ const char *file, int line,
+ const char *fmt, va_list args)
#if !defined(__cplusplus) && (__GNUC__ > 2)
__attribute__((__format__(__printf__, 5, 0)))
#endif
krb5int_set_error_info_callout_fn (const char *(KRB5_CALLCONV *f)(long));
#ifdef DEBUG_ERROR_LOCATIONS
-#define krb5int_set_error(ep, code, ...) \
+#define krb5int_set_error(ep, code, ...) \
krb5int_set_error_fl(ep, code, __FILE__, __LINE__, __VA_ARGS__)
#endif
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* include/k5-gmt_mktime.h
*
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* COPYRIGHT (C) 2006
* THE REGENTS OF THE UNIVERSITY OF MICHIGAN
/* PKAuthenticator */
typedef struct _krb5_pk_authenticator {
- krb5_int32 cusec; /* (0..999999) */
- krb5_timestamp ctime;
- krb5_int32 nonce; /* (0..4294967295) */
- krb5_checksum paChecksum;
+ krb5_int32 cusec; /* (0..999999) */
+ krb5_timestamp ctime;
+ krb5_int32 nonce; /* (0..4294967295) */
+ krb5_checksum paChecksum;
} krb5_pk_authenticator;
/* PKAuthenticator draft9 */
typedef struct _krb5_pk_authenticator_draft9 {
- krb5_principal kdcName;
- krb5_octet_data kdcRealm;
- krb5_int32 cusec; /* (0..999999) */
- krb5_timestamp ctime;
- krb5_int32 nonce; /* (0..4294967295) */
+ krb5_principal kdcName;
+ krb5_octet_data kdcRealm;
+ krb5_int32 cusec; /* (0..999999) */
+ krb5_timestamp ctime;
+ krb5_int32 nonce; /* (0..4294967295) */
} krb5_pk_authenticator_draft9;
/* AlgorithmIdentifier */
typedef struct _krb5_algorithm_identifier {
- krb5_octet_data algorithm; /* OID */
- krb5_octet_data parameters; /* Optional */
+ krb5_octet_data algorithm; /* OID */
+ krb5_octet_data parameters; /* Optional */
} krb5_algorithm_identifier;
/* SubjectPublicKeyInfo */
typedef struct _krb5_subject_pk_info {
- krb5_algorithm_identifier algorithm;
- krb5_octet_data subjectPublicKey; /* BIT STRING */
+ krb5_algorithm_identifier algorithm;
+ krb5_octet_data subjectPublicKey; /* BIT STRING */
} krb5_subject_pk_info;
/* AuthPack */
typedef struct _krb5_auth_pack {
- krb5_pk_authenticator pkAuthenticator;
- krb5_subject_pk_info *clientPublicValue; /* Optional */
- krb5_algorithm_identifier **supportedCMSTypes; /* Optional */
- krb5_octet_data clientDHNonce; /* Optional */
+ krb5_pk_authenticator pkAuthenticator;
+ krb5_subject_pk_info *clientPublicValue; /* Optional */
+ krb5_algorithm_identifier **supportedCMSTypes; /* Optional */
+ krb5_octet_data clientDHNonce; /* Optional */
} krb5_auth_pack;
/* AuthPack draft9 */
typedef struct _krb5_auth_pack_draft9 {
- krb5_pk_authenticator_draft9 pkAuthenticator;
- krb5_subject_pk_info *clientPublicValue; /* Optional */
+ krb5_pk_authenticator_draft9 pkAuthenticator;
+ krb5_subject_pk_info *clientPublicValue; /* Optional */
} krb5_auth_pack_draft9;
/* ExternalPrincipalIdentifier */
typedef struct _krb5_external_principal_identifier {
- krb5_octet_data subjectName; /* Optional */
- krb5_octet_data issuerAndSerialNumber; /* Optional */
- krb5_octet_data subjectKeyIdentifier; /* Optional */
+ krb5_octet_data subjectName; /* Optional */
+ krb5_octet_data issuerAndSerialNumber; /* Optional */
+ krb5_octet_data subjectKeyIdentifier; /* Optional */
} krb5_external_principal_identifier;
/* TrustedCas */
typedef struct _krb5_trusted_ca {
- enum {
- choice_trusted_cas_UNKNOWN = -1,
- choice_trusted_cas_principalName = 0,
- choice_trusted_cas_caName = 1,
- choice_trusted_cas_issuerAndSerial = 2
- } choice;
- union {
- krb5_principal principalName;
- krb5_octet_data caName; /* fully-qualified X.500 "Name" as defined by X.509 (der-encoded) */
- krb5_octet_data issuerAndSerial; /* Optional -- IssuerAndSerialNumber (der-encoded) */
- } u;
+ enum {
+ choice_trusted_cas_UNKNOWN = -1,
+ choice_trusted_cas_principalName = 0,
+ choice_trusted_cas_caName = 1,
+ choice_trusted_cas_issuerAndSerial = 2
+ } choice;
+ union {
+ krb5_principal principalName;
+ krb5_octet_data caName; /* fully-qualified X.500 "Name" as defined by X.509 (der-encoded) */
+ krb5_octet_data issuerAndSerial; /* Optional -- IssuerAndSerialNumber (der-encoded) */
+ } u;
} krb5_trusted_ca;
/* typed data */
/* PA-PK-AS-REQ (Draft 9 -- PA TYPE 14) */
typedef struct _krb5_pa_pk_as_req_draft9 {
- krb5_octet_data signedAuthPack;
- krb5_trusted_ca **trustedCertifiers; /* Optional array */
- krb5_octet_data kdcCert; /* Optional */
- krb5_octet_data encryptionCert;
+ krb5_octet_data signedAuthPack;
+ krb5_trusted_ca **trustedCertifiers; /* Optional array */
+ krb5_octet_data kdcCert; /* Optional */
+ krb5_octet_data encryptionCert;
} krb5_pa_pk_as_req_draft9;
/* PA-PK-AS-REQ (rfc4556 -- PA TYPE 16) */
typedef struct _krb5_pa_pk_as_req {
- krb5_octet_data signedAuthPack;
- krb5_external_principal_identifier **trustedCertifiers; /* Optional array */
- krb5_octet_data kdcPkId; /* Optional */
+ krb5_octet_data signedAuthPack;
+ krb5_external_principal_identifier **trustedCertifiers; /* Optional array */
+ krb5_octet_data kdcPkId; /* Optional */
} krb5_pa_pk_as_req;
/* DHRepInfo */
typedef struct _krb5_dh_rep_info {
- krb5_octet_data dhSignedData;
- krb5_octet_data serverDHNonce; /* Optional */
+ krb5_octet_data dhSignedData;
+ krb5_octet_data serverDHNonce; /* Optional */
} krb5_dh_rep_info;
/* KDCDHKeyInfo */
typedef struct _krb5_kdc_dh_key_info {
- krb5_octet_data subjectPublicKey; /* BIT STRING */
- krb5_int32 nonce; /* (0..4294967295) */
- krb5_timestamp dhKeyExpiration; /* Optional */
+ krb5_octet_data subjectPublicKey; /* BIT STRING */
+ krb5_int32 nonce; /* (0..4294967295) */
+ krb5_timestamp dhKeyExpiration; /* Optional */
} krb5_kdc_dh_key_info;
/* KDCDHKeyInfo draft9*/
typedef struct _krb5_kdc_dh_key_info_draft9 {
- krb5_octet_data subjectPublicKey; /* BIT STRING */
- krb5_int32 nonce; /* (0..4294967295) */
+ krb5_octet_data subjectPublicKey; /* BIT STRING */
+ krb5_int32 nonce; /* (0..4294967295) */
} krb5_kdc_dh_key_info_draft9;
/* ReplyKeyPack */
typedef struct _krb5_reply_key_pack {
- krb5_keyblock replyKey;
- krb5_checksum asChecksum;
+ krb5_keyblock replyKey;
+ krb5_checksum asChecksum;
} krb5_reply_key_pack;
/* ReplyKeyPack */
typedef struct _krb5_reply_key_pack_draft9 {
- krb5_keyblock replyKey;
- krb5_int32 nonce;
+ krb5_keyblock replyKey;
+ krb5_int32 nonce;
} krb5_reply_key_pack_draft9;
/* PA-PK-AS-REP (Draft 9 -- PA TYPE 15) */
typedef struct _krb5_pa_pk_as_rep_draft9 {
- enum {
- choice_pa_pk_as_rep_draft9_UNKNOWN = -1,
- choice_pa_pk_as_rep_draft9_dhSignedData = 0,
- choice_pa_pk_as_rep_draft9_encKeyPack = 1
- } choice;
- union {
- krb5_octet_data dhSignedData;
- krb5_octet_data encKeyPack;
- } u;
+ enum {
+ choice_pa_pk_as_rep_draft9_UNKNOWN = -1,
+ choice_pa_pk_as_rep_draft9_dhSignedData = 0,
+ choice_pa_pk_as_rep_draft9_encKeyPack = 1
+ } choice;
+ union {
+ krb5_octet_data dhSignedData;
+ krb5_octet_data encKeyPack;
+ } u;
} krb5_pa_pk_as_rep_draft9;
/* PA-PK-AS-REP (rfc4556 -- PA TYPE 17) */
typedef struct _krb5_pa_pk_as_rep {
- enum {
- choice_pa_pk_as_rep_UNKNOWN = -1,
- choice_pa_pk_as_rep_dhInfo = 0,
- choice_pa_pk_as_rep_encKeyPack = 1
- } choice;
- union {
- krb5_dh_rep_info dh_Info;
- krb5_octet_data encKeyPack;
- } u;
+ enum {
+ choice_pa_pk_as_rep_UNKNOWN = -1,
+ choice_pa_pk_as_rep_dhInfo = 0,
+ choice_pa_pk_as_rep_encKeyPack = 1
+ } choice;
+ union {
+ krb5_dh_rep_info dh_Info;
+ krb5_octet_data encKeyPack;
+ } u;
} krb5_pa_pk_as_rep;
/*
* Prototypes for pkinit asn.1 encode routines
*************************************************************************/
-krb5_error_code encode_krb5_pa_pk_as_req
- (const krb5_pa_pk_as_req *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_pa_pk_as_req(const krb5_pa_pk_as_req *rep, krb5_data **code);
-krb5_error_code encode_krb5_pa_pk_as_req_draft9
- (const krb5_pa_pk_as_req_draft9 *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_pa_pk_as_req_draft9(const krb5_pa_pk_as_req_draft9 *rep,
+ krb5_data **code);
-krb5_error_code encode_krb5_pa_pk_as_rep
- (const krb5_pa_pk_as_rep *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_pa_pk_as_rep(const krb5_pa_pk_as_rep *rep, krb5_data **code);
-krb5_error_code encode_krb5_pa_pk_as_rep_draft9
- (const krb5_pa_pk_as_rep_draft9 *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_pa_pk_as_rep_draft9(const krb5_pa_pk_as_rep_draft9 *rep,
+ krb5_data **code);
-krb5_error_code encode_krb5_auth_pack
- (const krb5_auth_pack *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_auth_pack(const krb5_auth_pack *rep, krb5_data **code);
-krb5_error_code encode_krb5_auth_pack_draft9
- (const krb5_auth_pack_draft9 *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_auth_pack_draft9(const krb5_auth_pack_draft9 *rep,
+ krb5_data **code);
-krb5_error_code encode_krb5_kdc_dh_key_info
- (const krb5_kdc_dh_key_info *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_kdc_dh_key_info(const krb5_kdc_dh_key_info *rep, krb5_data **code);
-krb5_error_code encode_krb5_reply_key_pack
- (const krb5_reply_key_pack *, krb5_data **code);
+krb5_error_code
+encode_krb5_reply_key_pack(const krb5_reply_key_pack *, krb5_data **code);
-krb5_error_code encode_krb5_reply_key_pack_draft9
- (const krb5_reply_key_pack_draft9 *, krb5_data **code);
+krb5_error_code
+encode_krb5_reply_key_pack_draft9(const krb5_reply_key_pack_draft9 *,
+ krb5_data **code);
-krb5_error_code encode_krb5_typed_data
- (const krb5_typed_data **, krb5_data **code);
+krb5_error_code
+encode_krb5_typed_data(const krb5_typed_data **, krb5_data **code);
-krb5_error_code encode_krb5_td_trusted_certifiers
- (const krb5_external_principal_identifier **, krb5_data **code);
+krb5_error_code
+encode_krb5_td_trusted_certifiers(const krb5_external_principal_identifier **,
+ krb5_data **code);
-krb5_error_code encode_krb5_td_dh_parameters
- (const krb5_algorithm_identifier **, krb5_data **code);
+krb5_error_code
+encode_krb5_td_dh_parameters(const krb5_algorithm_identifier **,
+ krb5_data **code);
/*************************************************************************
* Prototypes for pkinit asn.1 decode routines
*************************************************************************/
-krb5_error_code decode_krb5_pa_pk_as_req
- (const krb5_data *, krb5_pa_pk_as_req **);
+krb5_error_code
+decode_krb5_pa_pk_as_req(const krb5_data *, krb5_pa_pk_as_req **);
-krb5_error_code decode_krb5_pa_pk_as_req_draft9
- (const krb5_data *, krb5_pa_pk_as_req_draft9 **);
+krb5_error_code
+decode_krb5_pa_pk_as_req_draft9(const krb5_data *,
+ krb5_pa_pk_as_req_draft9 **);
-krb5_error_code decode_krb5_pa_pk_as_rep
- (const krb5_data *, krb5_pa_pk_as_rep **);
+krb5_error_code
+decode_krb5_pa_pk_as_rep(const krb5_data *, krb5_pa_pk_as_rep **);
-krb5_error_code decode_krb5_pa_pk_as_rep_draft9
- (const krb5_data *, krb5_pa_pk_as_rep_draft9 **);
+krb5_error_code
+decode_krb5_pa_pk_as_rep_draft9(const krb5_data *,
+ krb5_pa_pk_as_rep_draft9 **);
-krb5_error_code decode_krb5_auth_pack
- (const krb5_data *, krb5_auth_pack **);
+krb5_error_code
+decode_krb5_auth_pack(const krb5_data *, krb5_auth_pack **);
-krb5_error_code decode_krb5_auth_pack_draft9
- (const krb5_data *, krb5_auth_pack_draft9 **);
+krb5_error_code
+decode_krb5_auth_pack_draft9(const krb5_data *, krb5_auth_pack_draft9 **);
-krb5_error_code decode_krb5_kdc_dh_key_info
- (const krb5_data *, krb5_kdc_dh_key_info **);
+krb5_error_code
+decode_krb5_kdc_dh_key_info(const krb5_data *, krb5_kdc_dh_key_info **);
-krb5_error_code decode_krb5_principal_name
- (const krb5_data *, krb5_principal_data **);
+krb5_error_code
+decode_krb5_principal_name(const krb5_data *, krb5_principal_data **);
-krb5_error_code decode_krb5_reply_key_pack
- (const krb5_data *, krb5_reply_key_pack **);
+krb5_error_code
+decode_krb5_reply_key_pack(const krb5_data *, krb5_reply_key_pack **);
-krb5_error_code decode_krb5_reply_key_pack_draft9
- (const krb5_data *, krb5_reply_key_pack_draft9 **);
+krb5_error_code
+decode_krb5_reply_key_pack_draft9(const krb5_data *,
+ krb5_reply_key_pack_draft9 **);
-krb5_error_code decode_krb5_typed_data
- (const krb5_data *, krb5_typed_data ***);
+krb5_error_code
+decode_krb5_typed_data(const krb5_data *, krb5_typed_data ***);
-krb5_error_code decode_krb5_td_trusted_certifiers
- (const krb5_data *, krb5_external_principal_identifier ***);
+krb5_error_code
+decode_krb5_td_trusted_certifiers(const krb5_data *,
+ krb5_external_principal_identifier ***);
-krb5_error_code decode_krb5_td_dh_parameters
- (const krb5_data *, krb5_algorithm_identifier ***);
+krb5_error_code
+decode_krb5_td_dh_parameters(const krb5_data *, krb5_algorithm_identifier ***);
void krb5_free_typed_data(krb5_context, krb5_typed_data **);
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006,2007,2008,2009 by the Massachusetts Institute of Technology,
* Cambridge, MA, USA. All Rights Reserved.
#include "osconf.h"
#if defined(__MACH__) && defined(__APPLE__)
-# include <TargetConditionals.h>
+# include <TargetConditionals.h>
# if TARGET_RT_MAC_CFM
-# error "Use KfM 4.0 SDK headers for CFM compilation."
+# error "Use KfM 4.0 SDK headers for CFM compilation."
# endif
#endif
#include "win-mac.h"
/* Kerberos Windows initialization file */
-#define KERBEROS_INI "kerberos.ini"
-#define INI_FILES "Files"
-#define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */
-#define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */
+#define KERBEROS_INI "kerberos.ini"
+#define INI_FILES "Files"
+#define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */
+#define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */
#define ANSI_STDIO
#endif
#ifndef KRB5_SYSTYPES__
#define KRB5_SYSTYPES__
-#ifdef HAVE_SYS_TYPES_H /* From autoconf.h */
+#ifdef HAVE_SYS_TYPES_H /* From autoconf.h */
#include <sys/types.h>
#else /* HAVE_SYS_TYPES_H */
-typedef unsigned long u_long;
-typedef unsigned int u_int;
-typedef unsigned short u_short;
-typedef unsigned char u_char;
+typedef unsigned long u_long;
+typedef unsigned int u_int;
+typedef unsigned short u_short;
+typedef unsigned char u_char;
#endif /* HAVE_SYS_TYPES_H */
#endif /* KRB5_SYSTYPES__ */
#define DEFAULT_PWD_STRING1 "Enter password"
#define DEFAULT_PWD_STRING2 "Re-enter password for verification"
-#define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */
-#define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */
-#define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */
+#define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */
+#define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */
+#define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */
/*
* Windows requires a different api interface to each function. Here
(which allows non-ambiguous error codes between subsystems) */
/* KDC errors */
-#define KDC_ERR_NONE 0 /* No error */
-#define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */
-#define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */
-#define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */
-#define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */
-#define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */
-#define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */
-#define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */
-#define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */
-#define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */
-#define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */
-#define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */
-#define KDC_ERR_POLICY 12 /* KDC policy rejects request */
-#define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */
-#define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */
-#define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */
-#define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */
-#define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */
-#define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */
-#define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */
-#define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */
-#define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */
-#define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */
-#define KDC_ERR_KEY_EXP 23 /* Password has expired */
-#define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */
-#define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */
- /* required */
-#define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */
- /* ticket don't match*/
-#define KDC_ERR_MUST_USE_USER2USER 27 /* Server principal valid for */
- /* user2user only */
-#define KDC_ERR_PATH_NOT_ACCEPTED 28 /* KDC policy rejected transited */
- /* path */
-#define KDC_ERR_SVC_UNAVAILABLE 29 /* A service is not
- * available that is
- * required to process the
- * request */
+#define KDC_ERR_NONE 0 /* No error */
+#define KDC_ERR_NAME_EXP 1 /* Client's entry in DB expired */
+#define KDC_ERR_SERVICE_EXP 2 /* Server's entry in DB expired */
+#define KDC_ERR_BAD_PVNO 3 /* Requested pvno not supported */
+#define KDC_ERR_C_OLD_MAST_KVNO 4 /* C's key encrypted in old master */
+#define KDC_ERR_S_OLD_MAST_KVNO 5 /* S's key encrypted in old master */
+#define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 /* Client not found in Kerberos DB */
+#define KDC_ERR_S_PRINCIPAL_UNKNOWN 7 /* Server not found in Kerberos DB */
+#define KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 /* Multiple entries in Kerberos DB */
+#define KDC_ERR_NULL_KEY 9 /* The C or S has a null key */
+#define KDC_ERR_CANNOT_POSTDATE 10 /* Tkt ineligible for postdating */
+#define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */
+#define KDC_ERR_POLICY 12 /* KDC policy rejects request */
+#define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */
+#define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */
+#define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */
+#define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */
+#define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */
+#define KDC_ERR_CLIENT_REVOKED 18 /* C's creds have been revoked */
+#define KDC_ERR_SERVICE_REVOKED 19 /* S's creds have been revoked */
+#define KDC_ERR_TGT_REVOKED 20 /* TGT has been revoked */
+#define KDC_ERR_CLIENT_NOTYET 21 /* C not yet valid */
+#define KDC_ERR_SERVICE_NOTYET 22 /* S not yet valid */
+#define KDC_ERR_KEY_EXP 23 /* Password has expired */
+#define KDC_ERR_PREAUTH_FAILED 24 /* Preauthentication failed */
+#define KDC_ERR_PREAUTH_REQUIRED 25 /* Additional preauthentication */
+ /* required */
+#define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */
+ /* ticket don't match*/
+#define KDC_ERR_MUST_USE_USER2USER 27 /* Server principal valid for */
+ /* user2user only */
+#define KDC_ERR_PATH_NOT_ACCEPTED 28 /* KDC policy rejected transited */
+ /* path */
+#define KDC_ERR_SVC_UNAVAILABLE 29 /* A service is not
+ * available that is
+ * required to process the
+ * request */
/* Application errors */
-#define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */
-#define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */
-#define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */
-#define KRB_AP_ERR_REPEAT 34 /* Request is a replay */
-#define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */
-#define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */
-#define KRB_AP_ERR_SKEW 37 /* Clock skew too great */
-#define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */
-#define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */
-#define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */
-#define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */
-#define KRB_AP_ERR_BADORDER 42 /* Message out of order */
-#define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */
-#define KRB_AP_ERR_NOKEY 45 /* Service key not available */
-#define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */
-#define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */
-#define KRB_AP_ERR_METHOD 48 /* Alternative authentication */
- /* method required */
-#define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */
- /* in message */
-#define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */
- /* checksum in message */
-#define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */
-#define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */
- /* retry with TCP */
+#define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */
+#define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */
+#define KRB_AP_ERR_TKT_NYV 33 /* Ticket not yet valid */
+#define KRB_AP_ERR_REPEAT 34 /* Request is a replay */
+#define KRB_AP_ERR_NOT_US 35 /* The ticket isn't for us */
+#define KRB_AP_ERR_BADMATCH 36 /* Ticket/authenticator don't match */
+#define KRB_AP_ERR_SKEW 37 /* Clock skew too great */
+#define KRB_AP_ERR_BADADDR 38 /* Incorrect net address */
+#define KRB_AP_ERR_BADVERSION 39 /* Protocol version mismatch */
+#define KRB_AP_ERR_MSG_TYPE 40 /* Invalid message type */
+#define KRB_AP_ERR_MODIFIED 41 /* Message stream modified */
+#define KRB_AP_ERR_BADORDER 42 /* Message out of order */
+#define KRB_AP_ERR_BADKEYVER 44 /* Key version is not available */
+#define KRB_AP_ERR_NOKEY 45 /* Service key not available */
+#define KRB_AP_ERR_MUT_FAIL 46 /* Mutual authentication failed */
+#define KRB_AP_ERR_BADDIRECTION 47 /* Incorrect message direction */
+#define KRB_AP_ERR_METHOD 48 /* Alternative authentication */
+ /* method required */
+#define KRB_AP_ERR_BADSEQ 49 /* Incorrect sequence numnber */
+ /* in message */
+#define KRB_AP_ERR_INAPP_CKSUM 50 /* Inappropriate type of */
+ /* checksum in message */
+#define KRB_AP_PATH_NOT_ACCEPTED 51 /* Policy rejects transited path */
+#define KRB_ERR_RESPONSE_TOO_BIG 52 /* Response too big for UDP, */
+ /* retry with TCP */
/* other errors */
-#define KRB_ERR_GENERIC 60 /* Generic error (description */
- /* in e-text) */
-#define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */
+#define KRB_ERR_GENERIC 60 /* Generic error (description */
+ /* in e-text) */
+#define KRB_ERR_FIELD_TOOLONG 61 /* Field is too long for impl. */
/* PKINIT server-reported errors */
-#define KDC_ERR_CLIENT_NOT_TRUSTED 62 /* client cert not trusted */
-#define KDC_ERR_KDC_NOT_TRUSTED 63
-#define KDC_ERR_INVALID_SIG 64 /* client signature verify failed */
-#define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED 65 /* invalid Diffie-Hellman parameters */
-#define KDC_ERR_CERTIFICATE_MISMATCH 66
-#define KRB_AP_ERR_NO_TGT 67
-#define KDC_ERR_WRONG_REALM 68
-#define KRB_AP_ERR_USER_TO_USER_REQUIRED 69
-#define KDC_ERR_CANT_VERIFY_CERTIFICATE 70 /* client cert not verifiable to */
- /* trusted root cert */
-#define KDC_ERR_INVALID_CERTIFICATE 71 /* client cert had invalid signature */
-#define KDC_ERR_REVOKED_CERTIFICATE 72 /* client cert was revoked */
-#define KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 /* client cert revoked, reason unknown */
-#define KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74
-#define KDC_ERR_CLIENT_NAME_MISMATCH 75 /* mismatch between client cert and */
- /* principal name */
-#define KDC_ERR_INCONSISTENT_KEY_PURPOSE 77 /* bad extended key use */
-#define KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED 78 /* bad digest algorithm in client cert */
-#define KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED 79 /* missing paChecksum in PA-PK-AS-REQ */
+#define KDC_ERR_CLIENT_NOT_TRUSTED 62 /* client cert not trusted */
+#define KDC_ERR_KDC_NOT_TRUSTED 63
+#define KDC_ERR_INVALID_SIG 64 /* client signature verify failed */
+#define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED 65 /* invalid Diffie-Hellman parameters */
+#define KDC_ERR_CERTIFICATE_MISMATCH 66
+#define KRB_AP_ERR_NO_TGT 67
+#define KDC_ERR_WRONG_REALM 68
+#define KRB_AP_ERR_USER_TO_USER_REQUIRED 69
+#define KDC_ERR_CANT_VERIFY_CERTIFICATE 70 /* client cert not verifiable to */
+ /* trusted root cert */
+#define KDC_ERR_INVALID_CERTIFICATE 71 /* client cert had invalid signature */
+#define KDC_ERR_REVOKED_CERTIFICATE 72 /* client cert was revoked */
+#define KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 /* client cert revoked, reason unknown */
+#define KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74
+#define KDC_ERR_CLIENT_NAME_MISMATCH 75 /* mismatch between client cert and */
+ /* principal name */
+#define KDC_ERR_INCONSISTENT_KEY_PURPOSE 77 /* bad extended key use */
+#define KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED 78 /* bad digest algorithm in client cert */
+#define KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED 79 /* missing paChecksum in PA-PK-AS-REQ */
#define KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED 80 /* bad digest algorithm in SignedData */
#define KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED 81
* authentication is returned, KRB_AP_METHOD.
*/
typedef struct _krb5_alt_method {
- krb5_magic magic;
- krb5_int32 method;
- unsigned int length;
- krb5_octet *data;
+ krb5_magic magic;
+ krb5_int32 method;
+ unsigned int length;
+ krb5_octet *data;
} krb5_alt_method;
/*
* but s2kparams must be null when encoding etype-info.
*/
typedef struct _krb5_etype_info_entry {
- krb5_magic magic;
- krb5_enctype etype;
- unsigned int length;
- krb5_octet *salt;
+ krb5_magic magic;
+ krb5_enctype etype;
+ unsigned int length;
+ krb5_octet *salt;
krb5_data s2kparams;
} krb5_etype_info_entry;
/* RFC 4537 */
typedef struct _krb5_etype_list {
- int length;
- krb5_enctype *etypes;
+ int length;
+ krb5_enctype *etypes;
} krb5_etype_list;
/*
* a sam_challenge is returned for alternate preauth
*/
/*
- SAMFlags ::= BIT STRING {
- use-sad-as-key[0],
- send-encrypted-sad[1],
- must-pk-encrypt-sad[2]
- }
- */
+ SAMFlags ::= BIT STRING {
+ use-sad-as-key[0],
+ send-encrypted-sad[1],
+ must-pk-encrypt-sad[2]
+ }
+*/
/*
- PA-SAM-CHALLENGE ::= SEQUENCE {
- sam-type[0] INTEGER,
- sam-flags[1] SAMFlags,
- sam-type-name[2] GeneralString OPTIONAL,
- sam-track-id[3] GeneralString OPTIONAL,
- sam-challenge-label[4] GeneralString OPTIONAL,
- sam-challenge[5] GeneralString OPTIONAL,
- sam-response-prompt[6] GeneralString OPTIONAL,
- sam-pk-for-sad[7] EncryptionKey OPTIONAL,
- sam-nonce[8] INTEGER OPTIONAL,
- sam-cksum[9] Checksum OPTIONAL
- }
+ PA-SAM-CHALLENGE ::= SEQUENCE {
+ sam-type[0] INTEGER,
+ sam-flags[1] SAMFlags,
+ sam-type-name[2] GeneralString OPTIONAL,
+ sam-track-id[3] GeneralString OPTIONAL,
+ sam-challenge-label[4] GeneralString OPTIONAL,
+ sam-challenge[5] GeneralString OPTIONAL,
+ sam-response-prompt[6] GeneralString OPTIONAL,
+ sam-pk-for-sad[7] EncryptionKey OPTIONAL,
+ sam-nonce[8] INTEGER OPTIONAL,
+ sam-cksum[9] Checksum OPTIONAL
+ }
*/
/* sam_type values -- informational only */
#define PA_SAM_TYPE_ENIGMA 1 /* Enigma Logic */
#define PA_SAM_TYPE_DIGI_PATH_HEX 8 /* Digital Pathways hex mode */
#endif
#define PA_SAM_TYPE_EXP_BASE 128 /* experimental */
-#define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */
-#define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */
+#define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */
+#define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */
typedef struct _krb5_predicted_sam_response {
- krb5_magic magic;
- krb5_keyblock sam_key;
- krb5_flags sam_flags; /* Makes key munging easier */
- krb5_timestamp stime; /* time on server, for replay detection */
- krb5_int32 susec;
- krb5_principal client;
- krb5_data msd; /* mechanism specific data */
+ krb5_magic magic;
+ krb5_keyblock sam_key;
+ krb5_flags sam_flags; /* Makes key munging easier */
+ krb5_timestamp stime; /* time on server, for replay detection */
+ krb5_int32 susec;
+ krb5_principal client;
+ krb5_data msd; /* mechanism specific data */
} krb5_predicted_sam_response;
typedef struct _krb5_sam_challenge {
- krb5_magic magic;
- krb5_int32 sam_type; /* information */
- krb5_flags sam_flags; /* KRB5_SAM_* values */
- krb5_data sam_type_name;
- krb5_data sam_track_id;
- krb5_data sam_challenge_label;
- krb5_data sam_challenge;
- krb5_data sam_response_prompt;
- krb5_data sam_pk_for_sad;
- krb5_int32 sam_nonce;
- krb5_checksum sam_cksum;
+ krb5_magic magic;
+ krb5_int32 sam_type; /* information */
+ krb5_flags sam_flags; /* KRB5_SAM_* values */
+ krb5_data sam_type_name;
+ krb5_data sam_track_id;
+ krb5_data sam_challenge_label;
+ krb5_data sam_challenge;
+ krb5_data sam_response_prompt;
+ krb5_data sam_pk_for_sad;
+ krb5_int32 sam_nonce;
+ krb5_checksum sam_cksum;
} krb5_sam_challenge;
-typedef struct _krb5_sam_key { /* reserved for future use */
- krb5_magic magic;
- krb5_keyblock sam_key;
+typedef struct _krb5_sam_key { /* reserved for future use */
+ krb5_magic magic;
+ krb5_keyblock sam_key;
} krb5_sam_key;
typedef struct _krb5_enc_sam_response_enc {
- krb5_magic magic;
- krb5_int32 sam_nonce;
- krb5_timestamp sam_timestamp;
- krb5_int32 sam_usec;
- krb5_data sam_sad;
+ krb5_magic magic;
+ krb5_int32 sam_nonce;
+ krb5_timestamp sam_timestamp;
+ krb5_int32 sam_usec;
+ krb5_data sam_sad;
} krb5_enc_sam_response_enc;
typedef struct _krb5_sam_response {
- krb5_magic magic;
- krb5_int32 sam_type; /* informational */
- krb5_flags sam_flags; /* KRB5_SAM_* values */
- krb5_data sam_track_id; /* copied */
- krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */
- krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */
- krb5_int32 sam_nonce;
- krb5_timestamp sam_patimestamp;
+ krb5_magic magic;
+ krb5_int32 sam_type; /* informational */
+ krb5_flags sam_flags; /* KRB5_SAM_* values */
+ krb5_data sam_track_id; /* copied */
+ krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */
+ krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */
+ krb5_int32 sam_nonce;
+ krb5_timestamp sam_patimestamp;
} krb5_sam_response;
typedef struct _krb5_sam_challenge_2 {
- krb5_data sam_challenge_2_body;
- krb5_checksum **sam_cksum; /* Array of checksums */
+ krb5_data sam_challenge_2_body;
+ krb5_checksum **sam_cksum; /* Array of checksums */
} krb5_sam_challenge_2;
typedef struct _krb5_sam_challenge_2_body {
- krb5_magic magic;
- krb5_int32 sam_type; /* information */
- krb5_flags sam_flags; /* KRB5_SAM_* values */
- krb5_data sam_type_name;
- krb5_data sam_track_id;
- krb5_data sam_challenge_label;
- krb5_data sam_challenge;
- krb5_data sam_response_prompt;
- krb5_data sam_pk_for_sad;
- krb5_int32 sam_nonce;
- krb5_enctype sam_etype;
+ krb5_magic magic;
+ krb5_int32 sam_type; /* information */
+ krb5_flags sam_flags; /* KRB5_SAM_* values */
+ krb5_data sam_type_name;
+ krb5_data sam_track_id;
+ krb5_data sam_challenge_label;
+ krb5_data sam_challenge;
+ krb5_data sam_response_prompt;
+ krb5_data sam_pk_for_sad;
+ krb5_int32 sam_nonce;
+ krb5_enctype sam_etype;
} krb5_sam_challenge_2_body;
typedef struct _krb5_sam_response_2 {
- krb5_magic magic;
- krb5_int32 sam_type; /* informational */
- krb5_flags sam_flags; /* KRB5_SAM_* values */
- krb5_data sam_track_id; /* copied */
- krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */
- krb5_int32 sam_nonce;
+ krb5_magic magic;
+ krb5_int32 sam_type; /* informational */
+ krb5_flags sam_flags; /* KRB5_SAM_* values */
+ krb5_data sam_track_id; /* copied */
+ krb5_enc_data sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */
+ krb5_int32 sam_nonce;
} krb5_sam_response_2;
typedef struct _krb5_enc_sam_response_enc_2 {
- krb5_magic magic;
- krb5_int32 sam_nonce;
- krb5_data sam_sad;
+ krb5_magic magic;
+ krb5_int32 sam_nonce;
+ krb5_data sam_sad;
} krb5_enc_sam_response_enc_2;
/*
#endif
#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h> /* struct stat, stat() */
+#include <sys/stat.h> /* struct stat, stat() */
#endif
#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h> /* MAXPATHLEN */
+#include <sys/param.h> /* MAXPATHLEN */
#endif
#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h> /* prototypes for file-related
- syscalls; flags for open &
- friends */
+#include <sys/file.h> /* prototypes for file-related
+ syscalls; flags for open &
+ friends */
#endif
#ifdef HAVE_FCNTL_H
struct sendto_callback_info;
/* libos.spec */
-krb5_error_code krb5_lock_file (krb5_context, int, int);
-krb5_error_code krb5_unlock_file (krb5_context, int);
-krb5_error_code krb5_sendto_kdc (krb5_context, const krb5_data *,
- const krb5_data *, krb5_data *, int *, int);
-
-krb5_error_code krb5int_sendto (krb5_context context, const krb5_data *message,
- const struct addrlist *addrs, struct sendto_callback_info* callback_info,
- krb5_data *reply, struct sockaddr *localaddr, socklen_t *localaddrlen,
- struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, int *addr_used,
- int (*msg_handler)(krb5_context, const krb5_data *, void *),
- void *msg_handler_data);
+krb5_error_code krb5_lock_file(krb5_context, int, int);
+krb5_error_code krb5_unlock_file(krb5_context, int);
+krb5_error_code krb5_sendto_kdc(krb5_context, const krb5_data *,
+ const krb5_data *, krb5_data *, int *, int);
-krb5_error_code krb5_get_krbhst (krb5_context, const krb5_data *, char *** );
-krb5_error_code krb5_free_krbhst (krb5_context, char * const * );
-krb5_error_code krb5_create_secure_file (krb5_context, const char * pathname);
-krb5_error_code krb5_sync_disk_file (krb5_context, FILE *fp);
-
-krb5_error_code krb5int_get_fq_local_hostname (char *, size_t);
+krb5_error_code
+krb5int_sendto(krb5_context context, const krb5_data *message,
+ const struct addrlist *addrs,
+ struct sendto_callback_info* callback_info,
+ krb5_data *reply, struct sockaddr *localaddr,
+ socklen_t *localaddrlen,
+ struct sockaddr *remoteaddr, socklen_t *remoteaddrlen,
+ int *addr_used,
+ int (*msg_handler)(krb5_context, const krb5_data *, void *),
+ void *msg_handler_data);
+
+krb5_error_code krb5_get_krbhst(krb5_context, const krb5_data *, char *** );
+krb5_error_code krb5_free_krbhst(krb5_context, char * const * );
+krb5_error_code krb5_create_secure_file(krb5_context, const char * pathname);
+krb5_error_code krb5_sync_disk_file(krb5_context, FILE *fp);
+
+krb5_error_code krb5int_get_fq_local_hostname(char *, size_t);
krb5_error_code krb5int_init_context_kdc(krb5_context *);
-krb5_error_code krb5_os_init_context (krb5_context, krb5_boolean);
+krb5_error_code krb5_os_init_context(krb5_context, krb5_boolean);
-void krb5_os_free_context (krb5_context);
+void krb5_os_free_context(krb5_context);
/* This function is needed by KfM's KerberosPreferences API
* because it needs to be able to specify "secure" */
-krb5_error_code os_get_default_config_files
- (profile_filespec_t **pfiles, krb5_boolean secure);
+krb5_error_code
+os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure);
-krb5_error_code krb5_os_hostaddr
- (krb5_context, const char *, krb5_address ***);
+krb5_error_code
+krb5_os_hostaddr(krb5_context, const char *, krb5_address ***);
-krb5_error_code krb5int_get_domain_realm_mapping
- (krb5_context , const char *, char ***);
+krb5_error_code
+krb5int_get_domain_realm_mapping(krb5_context , const char *, char ***);
/* N.B.: You need to include fake-addrinfo.h *before* k5-int.h if you're
going to use this structure. */
struct addrlist {
struct {
#ifdef FAI_DEFINED
- struct addrinfo *ai;
+ struct addrinfo *ai;
#else
- struct undefined_addrinfo *ai;
+ struct undefined_addrinfo *ai;
#endif
- void (*freefn)(void *);
- void *data;
+ void (*freefn)(void *);
+ void *data;
} *addrs;
size_t naddrs;
size_t space;
};
#define ADDRLIST_INIT { 0, 0, 0 }
-extern void krb5int_free_addrlist (struct addrlist *);
-extern int krb5int_grow_addrlist (struct addrlist *, int);
-extern int krb5int_add_host_to_list (struct addrlist *, const char *,
- int, int, int, int);
+extern void krb5int_free_addrlist(struct addrlist *);
+extern int krb5int_grow_addrlist(struct addrlist *, int);
+extern int krb5int_add_host_to_list(struct addrlist *, const char *,
+ int, int, int, int);
#include <krb5/locate_plugin.h>
krb5_error_code
-krb5int_locate_server (krb5_context, const krb5_data *realm,
- struct addrlist *, enum locate_service_type svc,
- int sockettype, int family);
+krb5int_locate_server(krb5_context, const krb5_data *realm,
+ struct addrlist *, enum locate_service_type svc,
+ int sockettype, int family);
struct derived_key {
krb5_data constant;
size_t block_size, keybytes, keylength;
/* cipher-state == 0 fresh state thrown away at end */
- krb5_error_code (*encrypt) (krb5_key key,
- const krb5_data *cipher_state,
- const krb5_data *input,
- krb5_data *output);
+ krb5_error_code (*encrypt)(krb5_key key, const krb5_data *cipher_state,
+ const krb5_data *input, krb5_data *output);
- krb5_error_code (*decrypt) (krb5_key key,
- const krb5_data *ivec,
- const krb5_data *input,
- krb5_data *output);
+ krb5_error_code (*decrypt)(krb5_key key, const krb5_data *ivec,
+ const krb5_data *input, krb5_data *output);
- krb5_error_code (*make_key) (const krb5_data *randombits,
- krb5_keyblock *key);
+ krb5_error_code (*make_key)(const krb5_data *randombits,
+ krb5_keyblock *key);
- krb5_error_code (*init_state) (const krb5_keyblock *key,
- krb5_keyusage keyusage, krb5_data *out_state);
- krb5_error_code (*free_state) (krb5_data *state);
+ krb5_error_code (*init_state)(const krb5_keyblock *key,
+ krb5_keyusage keyusage,
+ krb5_data *out_state);
+ krb5_error_code (*free_state)(krb5_data *state);
/* In-place encryption/decryption of multiple buffers */
- krb5_error_code (*encrypt_iov) (krb5_key key,
- const krb5_data *cipher_state,
- krb5_crypto_iov *data,
- size_t num_data);
-
+ krb5_error_code (*encrypt_iov)(krb5_key key, const krb5_data *cipher_state,
+ krb5_crypto_iov *data, size_t num_data);
- krb5_error_code (*decrypt_iov) (krb5_key key,
- const krb5_data *cipher_state,
- krb5_crypto_iov *data,
- size_t num_data);
+ krb5_error_code (*decrypt_iov)(krb5_key key, const krb5_data *cipher_state,
+ krb5_crypto_iov *data, size_t num_data);
};
size_t hashsize, blocksize;
/* this takes multiple inputs to avoid lots of copying. */
- krb5_error_code (*hash) (unsigned int icount, const krb5_data *input,
- krb5_data *output);
+ krb5_error_code (*hash)(unsigned int icount, const krb5_data *input,
+ krb5_data *output);
};
struct krb5_keyhash_provider {
size_t hashsize;
- krb5_error_code (*hash) (krb5_key key,
- krb5_keyusage keyusage,
- const krb5_data *ivec,
- const krb5_data *input,
- krb5_data *output);
-
- krb5_error_code (*verify) (krb5_key key,
- krb5_keyusage keyusage,
- const krb5_data *ivec,
- const krb5_data *input,
- const krb5_data *hash,
- krb5_boolean *valid);
-
- krb5_error_code (*hash_iov) (krb5_key key,
- krb5_keyusage keyusage,
- const krb5_data *ivec,
- const krb5_crypto_iov *data,
- size_t num_data,
- krb5_data *output);
-
- krb5_error_code (*verify_iov) (krb5_key key,
- krb5_keyusage keyusage,
- const krb5_data *ivec,
- const krb5_crypto_iov *data,
- size_t num_data,
- const krb5_data *hash,
- krb5_boolean *valid);
+ krb5_error_code (*hash)(krb5_key key, krb5_keyusage keyusage,
+ const krb5_data *ivec, const krb5_data *input,
+ krb5_data *output);
+
+ krb5_error_code (*verify)(krb5_key key, krb5_keyusage keyusage,
+ const krb5_data *ivec, const krb5_data *input,
+ const krb5_data *hash, krb5_boolean *valid);
+
+ krb5_error_code (*hash_iov)(krb5_key key, krb5_keyusage keyusage,
+ const krb5_data *ivec,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output);
+
+ krb5_error_code (*verify_iov)(krb5_key key, krb5_keyusage keyusage,
+ const krb5_data *ivec,
+ const krb5_crypto_iov *data,
+ size_t num_data, const krb5_data *hash,
+ krb5_boolean *valid);
};
struct krb5_aead_provider {
- krb5_error_code (*crypto_length) (const struct krb5_aead_provider *aead,
- const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_cryptotype type,
- unsigned int *length);
- krb5_error_code (*encrypt_iov) (const struct krb5_aead_provider *aead,
- const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key,
- krb5_keyusage keyusage,
- const krb5_data *ivec,
- krb5_crypto_iov *data,
- size_t num_data);
- krb5_error_code (*decrypt_iov) (const struct krb5_aead_provider *aead,
- const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key,
- krb5_keyusage keyusage,
- const krb5_data *ivec,
- krb5_crypto_iov *data,
- size_t num_data);
+ krb5_error_code (*crypto_length)(const struct krb5_aead_provider *aead,
+ const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ krb5_cryptotype type,
+ unsigned int *length);
+ krb5_error_code (*encrypt_iov)(const struct krb5_aead_provider *aead,
+ const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ krb5_key key, krb5_keyusage keyusage,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data, size_t num_data);
+ krb5_error_code (*decrypt_iov)(const struct krb5_aead_provider *aead,
+ const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ krb5_key key, krb5_keyusage keyusage,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data, size_t num_data);
};
/*
* in here to deal with stuff from lib/crypto
*/
-void krb5int_nfold
-(unsigned int inbits, const unsigned char *in,
- unsigned int outbits, unsigned char *out);
+void krb5int_nfold(unsigned int inbits, const unsigned char *in,
+ unsigned int outbits, unsigned char *out);
-krb5_error_code krb5int_hmac
-(const struct krb5_hash_provider *hash,
- krb5_key key, unsigned int icount,
- const krb5_data *input, krb5_data *output);
+krb5_error_code krb5int_hmac(const struct krb5_hash_provider *hash,
+ krb5_key key, unsigned int icount,
+ const krb5_data *input, krb5_data *output);
-krb5_error_code krb5int_hmac_iov
-(const struct krb5_hash_provider *hash,
- krb5_key key,
- const krb5_crypto_iov *data, size_t num_data,
- krb5_data *output);
+krb5_error_code krb5int_hmac_iov(const struct krb5_hash_provider *hash,
+ krb5_key key, const krb5_crypto_iov *data,
+ size_t num_data, krb5_data *output);
-krb5_error_code krb5int_hmac_keyblock
-(const struct krb5_hash_provider *hash,
- const krb5_keyblock *key, unsigned int icount,
- const krb5_data *input, krb5_data *output);
+krb5_error_code
+krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key, unsigned int icount,
+ const krb5_data *input, krb5_data *output);
-krb5_error_code krb5int_hmac_iov_keyblock
-(const struct krb5_hash_provider *hash,
- const krb5_keyblock *key,
- const krb5_crypto_iov *data, size_t num_data,
- krb5_data *output);
+krb5_error_code
+krb5int_hmac_iov_keyblock(const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output);
-krb5_error_code krb5int_pbkdf2_hmac_sha1 (const krb5_data *, unsigned long,
- const krb5_data *,
- const krb5_data *);
+krb5_error_code krb5int_pbkdf2_hmac_sha1(const krb5_data *, unsigned long,
+ const krb5_data *, const krb5_data *);
/* Make this a function eventually? */
#ifdef _WIN32
zapfree(void *ptr, size_t len)
{
if (ptr != NULL) {
- zap(ptr, len);
- free(ptr);
+ zap(ptr, len);
+ free(ptr);
}
}
* sets up an 8-byte IV of all zeros
*/
-krb5_error_code krb5int_des_init_state
-(const krb5_keyblock *key, krb5_keyusage keyusage, krb5_data *new_state);
+krb5_error_code
+krb5int_des_init_state(const krb5_keyblock *key, krb5_keyusage keyusage,
+ krb5_data *new_state);
/*
* normally to free a cipher_state you can just memset the length to zero and
* free it.
*/
-krb5_error_code krb5int_default_free_state
-(krb5_data *state);
+krb5_error_code krb5int_default_free_state(krb5_data *state);
/*
* Combine two keys (normally used by the hardware preauth mechanism)
*/
-krb5_error_code krb5int_c_combine_keys
-(krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2,
- krb5_keyblock *outkey);
-
-
-void krb5int_c_free_keyblock
-(krb5_context, krb5_keyblock *key);
-void krb5int_c_free_keyblock_contents
- (krb5_context, krb5_keyblock *);
-krb5_error_code krb5int_c_init_keyblock
- (krb5_context, krb5_enctype enctype,
- size_t length, krb5_keyblock **out);
-krb5_error_code krb5int_c_copy_keyblock
-(krb5_context context, const krb5_keyblock *from, krb5_keyblock **to);
-krb5_error_code krb5int_c_copy_keyblock_contents
-(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to);
+krb5_error_code
+krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
+ krb5_keyblock *key2, krb5_keyblock *outkey);
+
+void krb5int_c_free_keyblock(krb5_context, krb5_keyblock *key);
+void krb5int_c_free_keyblock_contents(krb5_context, krb5_keyblock *);
+krb5_error_code krb5int_c_init_keyblock(krb5_context, krb5_enctype enctype,
+ size_t length, krb5_keyblock **out);
+krb5_error_code krb5int_c_copy_keyblock(krb5_context context,
+ const krb5_keyblock *from,
+ krb5_keyblock **to);
+krb5_error_code krb5int_c_copy_keyblock_contents(krb5_context context,
+ const krb5_keyblock *from,
+ krb5_keyblock *to);
/*
* Internal - for cleanup.
*/
-extern void krb5int_prng_cleanup (void);
+extern void krb5int_prng_cleanup(void);
/*
#ifdef KRB5_OLD_CRYPTO
/* old provider api */
-krb5_error_code krb5_crypto_os_localaddr
- (krb5_address ***);
+krb5_error_code krb5_crypto_os_localaddr(krb5_address ***);
-krb5_error_code krb5_crypto_us_timeofday
- (krb5_int32 *,
- krb5_int32 *);
+krb5_error_code krb5_crypto_us_timeofday(krb5_int32 *, krb5_int32 *);
#endif /* KRB5_OLD_CRYPTO */
/* this helper fct is in libkrb5, but it makes sense declared here. */
-krb5_error_code krb5_encrypt_helper
-(krb5_context context, const krb5_keyblock *key,
- krb5_keyusage keyusage, const krb5_data *plain,
- krb5_enc_data *cipher);
+krb5_error_code
+krb5_encrypt_helper(krb5_context context, const krb5_keyblock *key,
+ krb5_keyusage keyusage, const krb5_data *plain,
+ krb5_enc_data *cipher);
-krb5_error_code krb5_encrypt_keyhelper
-(krb5_context context, krb5_key key,
- krb5_keyusage keyusage, const krb5_data *plain,
- krb5_enc_data *cipher);
+krb5_error_code
+krb5_encrypt_keyhelper(krb5_context context, krb5_key key,
+ krb5_keyusage keyusage, const krb5_data *plain,
+ krb5_enc_data *cipher);
/*
* End "los-proto.h"
*/
typedef struct _krb5_os_context {
- krb5_magic magic;
- krb5_int32 time_offset;
- krb5_int32 usec_offset;
- krb5_int32 os_flags;
- char * default_ccname;
+ krb5_magic magic;
+ krb5_int32 time_offset;
+ krb5_int32 usec_offset;
+ krb5_int32 os_flags;
+ char * default_ccname;
} *krb5_os_context;
/*
* returned as the time by the krb5 time routines. This should only
* be used for testing purposes (obviously!)
*/
-#define KRB5_OS_TOFFSET_VALID 1
-#define KRB5_OS_TOFFSET_TIME 2
+#define KRB5_OS_TOFFSET_VALID 1
+#define KRB5_OS_TOFFSET_TIME 2
/* lock mode flags */
-#define KRB5_LOCKMODE_SHARED 0x0001
-#define KRB5_LOCKMODE_EXCLUSIVE 0x0002
-#define KRB5_LOCKMODE_DONTBLOCK 0x0004
-#define KRB5_LOCKMODE_UNLOCK 0x0008
+#define KRB5_LOCKMODE_SHARED 0x0001
+#define KRB5_LOCKMODE_EXCLUSIVE 0x0002
+#define KRB5_LOCKMODE_DONTBLOCK 0x0004
+#define KRB5_LOCKMODE_UNLOCK 0x0008
/*
* Define our view of the size of a DES key.
*/
-#define KRB5_MIT_DES_KEYSIZE 8
-#define KRB5_MIT_DES3_KEYSIZE 24
-#define KRB5_MIT_DES3_KEY_BYTES 21
+#define KRB5_MIT_DES_KEYSIZE 8
+#define KRB5_MIT_DES3_KEYSIZE 24
+#define KRB5_MIT_DES3_KEY_BYTES 21
/*
* Check if des_int.h has been included before us. If so, then check to see
* that our view of the DES key size is the same as des_int.h's.
*/
-#ifdef MIT_DES_KEYSIZE
-#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
+#ifdef MIT_DES_KEYSIZE
+#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
-#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
-#endif /* MIT_DES_KEYSIZE */
+#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
+#endif /* MIT_DES_KEYSIZE */
/*
* Begin "preauth.h"
* requested information. It is opaque to the plugin code and can be
* expanded in the future as new types of requests are defined which
* may require other things to be passed through. */
- struct krb5int_fast_request_state;
+struct krb5int_fast_request_state;
typedef struct _krb5_preauth_client_rock {
- krb5_magic magic;
+ krb5_magic magic;
krb5_enctype *etype;
struct krb5int_fast_request_state *fast_state;
} krb5_preauth_client_rock;
typedef struct _krb5_preauth_context {
int n_modules;
struct _krb5_preauth_context_module {
- /* Which of the possibly more than one preauth types which the
- * module supports we're using at this point in the list. */
- krb5_preauthtype pa_type;
- /* Encryption types which the client claims to support -- we
- * copy them directly into the krb5_kdc_req structure during
- * krb5_preauth_prepare_request(). */
- krb5_enctype *enctypes;
- /* The plugin's per-plugin context and a function to clear it. */
- void *plugin_context;
- preauth_client_plugin_fini_proc client_fini;
- /* The module's table, and some of its members, copied here for
- * convenience when we populated the list. */
- struct krb5plugin_preauth_client_ftable_v1 *ftable;
- const char *name;
- int flags, use_count;
- preauth_client_process_proc client_process;
- preauth_client_tryagain_proc client_tryagain;
- preauth_client_supply_gic_opts_proc client_supply_gic_opts;
- preauth_client_request_init_proc client_req_init;
- preauth_client_request_fini_proc client_req_fini;
- /* The per-request context which the client_req_init() function
- * might allocate, which we'll need to clean up later by
- * calling the client_req_fini() function. */
- void *request_context;
- /* A pointer to the request_context pointer. All modules within
- * a plugin will point at the request_context of the first
- * module within the plugin. */
- void **request_context_pp;
+ /* Which of the possibly more than one preauth types which the
+ * module supports we're using at this point in the list. */
+ krb5_preauthtype pa_type;
+ /* Encryption types which the client claims to support -- we
+ * copy them directly into the krb5_kdc_req structure during
+ * krb5_preauth_prepare_request(). */
+ krb5_enctype *enctypes;
+ /* The plugin's per-plugin context and a function to clear it. */
+ void *plugin_context;
+ preauth_client_plugin_fini_proc client_fini;
+ /* The module's table, and some of its members, copied here for
+ * convenience when we populated the list. */
+ struct krb5plugin_preauth_client_ftable_v1 *ftable;
+ const char *name;
+ int flags, use_count;
+ preauth_client_process_proc client_process;
+ preauth_client_tryagain_proc client_tryagain;
+ preauth_client_supply_gic_opts_proc client_supply_gic_opts;
+ preauth_client_request_init_proc client_req_init;
+ preauth_client_request_fini_proc client_req_fini;
+ /* The per-request context which the client_req_init() function
+ * might allocate, which we'll need to clean up later by
+ * calling the client_req_fini() function. */
+ void *request_context;
+ /* A pointer to the request_context pointer. All modules within
+ * a plugin will point at the request_context of the first
+ * module within the plugin. */
+ void **request_context_pp;
} *modules;
} krb5_preauth_context;
typedef struct _krb5_pa_enc_ts {
- krb5_timestamp patimestamp;
- krb5_int32 pausec;
+ krb5_timestamp patimestamp;
+ krb5_int32 pausec;
} krb5_pa_enc_ts;
typedef struct _krb5_pa_for_user {
- krb5_principal user;
- krb5_checksum cksum;
- krb5_data auth_package;
+ krb5_principal user;
+ krb5_checksum cksum;
+ krb5_data auth_package;
} krb5_pa_for_user;
typedef struct _krb5_s4u_userid {
- krb5_int32 nonce;
- krb5_principal user;
- krb5_data subject_cert;
- krb5_flags options;
+ krb5_int32 nonce;
+ krb5_principal user;
+ krb5_data subject_cert;
+ krb5_flags options;
} krb5_s4u_userid;
-#define KRB5_S4U_OPTS_CHECK_LOGON_HOURS 0x40000000 /* check logon hour restrictions */
-#define KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE 0x20000000 /* sign with usage 27 instead of 26 */
+#define KRB5_S4U_OPTS_CHECK_LOGON_HOURS 0x40000000 /* check logon hour restrictions */
+#define KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE 0x20000000 /* sign with usage 27 instead of 26 */
typedef struct _krb5_pa_s4u_x509_user {
- krb5_s4u_userid user_id;
- krb5_checksum cksum;
+ krb5_s4u_userid user_id;
+ krb5_checksum cksum;
} krb5_pa_s4u_x509_user;
enum {
- KRB5_FAST_ARMOR_AP_REQUEST = 0x1
+ KRB5_FAST_ARMOR_AP_REQUEST = 0x1
};
typedef struct _krb5_fast_armor {
krb5_magic magic;
krb5_flags fast_options;
/* padata from req_body is used*/
- krb5_kdc_req *req_body;
+ krb5_kdc_req *req_body;
} krb5_fast_req;
/* Bits 0-15 are critical in fast options.*/
krb5_pa_data **method_data;
} krb5_ad_signedpath;
-typedef krb5_error_code (*krb5_preauth_obtain_proc)
- (krb5_context,
- krb5_pa_data *,
- krb5_etype_info,
- krb5_keyblock *,
- krb5_error_code ( * )(krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **),
- krb5_const_pointer,
- krb5_creds *,
- krb5_kdc_req *,
- krb5_pa_data **);
-
-typedef krb5_error_code (*krb5_preauth_process_proc)
- (krb5_context,
- krb5_pa_data *,
- krb5_kdc_req *,
- krb5_kdc_rep *,
- krb5_error_code ( * )(krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **),
- krb5_const_pointer,
- krb5_error_code ( * )(krb5_context,
- const krb5_keyblock *,
- krb5_const_pointer,
- krb5_kdc_rep * ),
- krb5_keyblock **,
- krb5_creds *,
- krb5_int32 *,
- krb5_int32 *);
+typedef krb5_error_code
+(*krb5_preauth_obtain_proc)(krb5_context, krb5_pa_data *,
+ krb5_etype_info, krb5_keyblock *,
+ krb5_error_code (*)(krb5_context,
+ const krb5_enctype,
+ krb5_data *,
+ krb5_const_pointer,
+ krb5_keyblock **),
+ krb5_const_pointer, krb5_creds *,
+ krb5_kdc_req *, krb5_pa_data **);
+
+typedef krb5_error_code
+(*krb5_preauth_process_proc)(krb5_context, krb5_pa_data *, krb5_kdc_req *,
+ krb5_kdc_rep *,
+ krb5_error_code (*)(krb5_context,
+ const krb5_enctype,
+ krb5_data *,
+ krb5_const_pointer,
+ krb5_keyblock **),
+ krb5_const_pointer,
+ krb5_error_code (*)(krb5_context,
+ const krb5_keyblock *,
+ krb5_const_pointer,
+ krb5_kdc_rep * ),
+ krb5_keyblock **, krb5_creds *, krb5_int32 *,
+ krb5_int32 *);
typedef struct _krb5_preauth_ops {
krb5_magic magic;
int type;
- int flags;
- krb5_preauth_obtain_proc obtain;
- krb5_preauth_process_proc process;
+ int flags;
+ krb5_preauth_obtain_proc obtain;
+ krb5_preauth_process_proc process;
} krb5_preauth_ops;
-krb5_error_code krb5_obtain_padata
- (krb5_context,
- krb5_pa_data **,
- krb5_error_code ( * )(krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **),
- krb5_const_pointer,
- krb5_creds *,
- krb5_kdc_req *);
-
-krb5_error_code krb5_process_padata
- (krb5_context,
- krb5_kdc_req *,
- krb5_kdc_rep *,
- krb5_error_code ( * )(krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **),
- krb5_const_pointer,
- krb5_error_code ( * )(krb5_context,
- const krb5_keyblock *,
- krb5_const_pointer,
- krb5_kdc_rep * ),
- krb5_keyblock **,
- krb5_creds *,
- krb5_int32 *);
-
-krb5_pa_data * krb5int_find_pa_data
-(krb5_context, krb5_pa_data * const *, krb5_preauthtype);
+krb5_error_code
+krb5_obtain_padata(krb5_context, krb5_pa_data **,
+ krb5_error_code (*)(krb5_context, const krb5_enctype,
+ krb5_data *, krb5_const_pointer,
+ krb5_keyblock **),
+ krb5_const_pointer, krb5_creds *, krb5_kdc_req *);
+
+krb5_error_code
+krb5_process_padata(krb5_context, krb5_kdc_req *, krb5_kdc_rep *,
+ krb5_error_code (*)(krb5_context, const krb5_enctype,
+ krb5_data *, krb5_const_pointer,
+ krb5_keyblock **),
+ krb5_const_pointer,
+ krb5_error_code (*)(krb5_context, const krb5_keyblock *,
+ krb5_const_pointer, krb5_kdc_rep *),
+ krb5_keyblock **, krb5_creds *, krb5_int32 *);
+
+krb5_pa_data *
+krb5int_find_pa_data(krb5_context, krb5_pa_data *const *, krb5_preauthtype);
/* Does not return a copy; original padata sequence responsible for freeing*/
-void krb5_free_etype_info
- (krb5_context, krb5_etype_info);
+void krb5_free_etype_info(krb5_context, krb5_etype_info);
/*
* Preauthentication property flags
*/
-#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001
-#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002
+#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001
+#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002
#endif /* KRB5_PREAUTH__ */
/*
#define KRB5_GET_INIT_CREDS_OPT_EXTENDED 0x80000000
#define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
-#define krb5_gic_opt_is_extended(s) \
+#define krb5_gic_opt_is_extended(s) \
((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
-#define krb5_gic_opt_is_shadowed(s) \
+#define krb5_gic_opt_is_shadowed(s) \
((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
typedef struct _krb5_gic_opt_private {
int num_preauth_data;
krb5_gic_opt_pa_data *preauth_data;
- char * fast_ccache_name;
+ char * fast_ccache_name;
} krb5_gic_opt_private;
/*
#endif
krb5_error_code
-krb5int_gic_opt_to_opte(krb5_context context,
- krb5_get_init_creds_opt *opt,
- krb5_gic_opt_ext **opte,
- unsigned int force,
+krb5int_gic_opt_to_opte(krb5_context context, krb5_get_init_creds_opt *opt,
+ krb5_gic_opt_ext **opte, unsigned int force,
const char *where);
krb5_error_code
-krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *);
+krb5int_copy_data_contents(krb5_context, const krb5_data *, krb5_data *);
krb5_error_code
-krb5int_copy_data_contents_add0 (krb5_context, const krb5_data *, krb5_data *);
+krb5int_copy_data_contents_add0(krb5_context, const krb5_data *, krb5_data *);
krb5_error_code
-krb5int_copy_creds_contents (krb5_context, const krb5_creds *, krb5_creds *);
+krb5int_copy_creds_contents(krb5_context, const krb5_creds *, krb5_creds *);
-typedef krb5_error_code (*krb5_gic_get_as_key_fct)
- (krb5_context,
- krb5_principal,
- krb5_enctype,
- krb5_prompter_fct,
- void *prompter_data,
- krb5_data *salt,
- krb5_data *s2kparams,
- krb5_keyblock *as_key,
- void *gak_data);
+typedef krb5_error_code
+(*krb5_gic_get_as_key_fct)(krb5_context, krb5_principal, krb5_enctype,
+ krb5_prompter_fct, void *prompter_data,
+ krb5_data *salt, krb5_data *s2kparams,
+ krb5_keyblock *as_key, void *gak_data);
krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds
-(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_prompter_fct prompter,
- void *prompter_data,
- krb5_deltat start_time,
- char *in_tkt_service,
- krb5_gic_opt_ext *gic_options,
- krb5_gic_get_as_key_fct gak,
- void *gak_data,
- int *master,
- krb5_kdc_rep **as_reply);
-
-krb5_error_code krb5int_populate_gic_opt (
- krb5_context, krb5_gic_opt_ext **,
- krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
- krb5_preauthtype *pre_auth_types, krb5_creds *creds);
-
-
-krb5_error_code KRB5_CALLCONV krb5_do_preauth
- (krb5_context context,
- krb5_kdc_req *request,
- krb5_data *encoded_request_body,
- krb5_data *encoded_previous_request,
- krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
- krb5_data *salt, krb5_data *s2kparams,
- krb5_enctype *etype, krb5_keyblock *as_key,
- krb5_prompter_fct prompter, void *prompter_data,
- krb5_gic_get_as_key_fct gak_fct, void *gak_data,
- krb5_preauth_client_rock *get_data_rock,
- krb5_gic_opt_ext *opte);
-krb5_error_code KRB5_CALLCONV krb5_do_preauth_tryagain
- (krb5_context context,
- krb5_kdc_req *request,
- krb5_data *encoded_request_body,
- krb5_data *encoded_previous_request,
- krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
- krb5_error *err_reply,
- krb5_data *salt, krb5_data *s2kparams,
- krb5_enctype *etype, krb5_keyblock *as_key,
- krb5_prompter_fct prompter, void *prompter_data,
- krb5_gic_get_as_key_fct gak_fct, void *gak_data,
- krb5_preauth_client_rock *get_data_rock,
- krb5_gic_opt_ext *opte);
-void KRB5_CALLCONV krb5_init_preauth_context
- (krb5_context);
-void KRB5_CALLCONV krb5_free_preauth_context
- (krb5_context);
-void KRB5_CALLCONV krb5_clear_preauth_context_use_counts
- (krb5_context);
-void KRB5_CALLCONV krb5_preauth_prepare_request
- (krb5_context, krb5_gic_opt_ext *, krb5_kdc_req *);
-void KRB5_CALLCONV krb5_preauth_request_context_init
- (krb5_context);
-void KRB5_CALLCONV krb5_preauth_request_context_fini
- (krb5_context);
-
-void KRB5_CALLCONV krb5_free_sam_challenge
- (krb5_context, krb5_sam_challenge * );
-void KRB5_CALLCONV krb5_free_sam_challenge_2
- (krb5_context, krb5_sam_challenge_2 * );
-void KRB5_CALLCONV krb5_free_sam_challenge_2_body
- (krb5_context, krb5_sam_challenge_2_body *);
-void KRB5_CALLCONV krb5_free_sam_response
- (krb5_context, krb5_sam_response * );
-void KRB5_CALLCONV krb5_free_sam_response_2
- (krb5_context, krb5_sam_response_2 * );
-void KRB5_CALLCONV krb5_free_predicted_sam_response
- (krb5_context, krb5_predicted_sam_response * );
-void KRB5_CALLCONV krb5_free_enc_sam_response_enc
- (krb5_context, krb5_enc_sam_response_enc * );
-void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2
- (krb5_context, krb5_enc_sam_response_enc_2 * );
-void KRB5_CALLCONV krb5_free_sam_challenge_contents
- (krb5_context, krb5_sam_challenge * );
-void KRB5_CALLCONV krb5_free_sam_challenge_2_contents
- (krb5_context, krb5_sam_challenge_2 * );
-void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents
- (krb5_context, krb5_sam_challenge_2_body * );
-void KRB5_CALLCONV krb5_free_sam_response_contents
- (krb5_context, krb5_sam_response * );
-void KRB5_CALLCONV krb5_free_sam_response_2_contents
- (krb5_context, krb5_sam_response_2 *);
-void KRB5_CALLCONV krb5_free_predicted_sam_response_contents
- (krb5_context, krb5_predicted_sam_response * );
-void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents
- (krb5_context, krb5_enc_sam_response_enc * );
-void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents
- (krb5_context, krb5_enc_sam_response_enc_2 * );
-
-void KRB5_CALLCONV krb5_free_pa_enc_ts
- (krb5_context, krb5_pa_enc_ts *);
-void KRB5_CALLCONV krb5_free_pa_for_user
- (krb5_context, krb5_pa_for_user * );
-void KRB5_CALLCONV krb5_free_s4u_userid_contents
- (krb5_context, krb5_s4u_userid * );
-void KRB5_CALLCONV krb5_free_pa_s4u_x509_user
- (krb5_context, krb5_pa_s4u_x509_user * );
-void KRB5_CALLCONV krb5_free_pa_svr_referral_data
- (krb5_context, krb5_pa_svr_referral_data * );
-void KRB5_CALLCONV krb5_free_pa_server_referral_data
- (krb5_context, krb5_pa_server_referral_data * );
-void KRB5_CALLCONV krb5_free_pa_pac_req
- (krb5_context, krb5_pa_pac_req * );
-void KRB5_CALLCONV krb5_free_etype_list
- (krb5_context, krb5_etype_list * );
-
-void KRB5_CALLCONV krb5_free_fast_armor
-(krb5_context, krb5_fast_armor *);
-void KRB5_CALLCONV krb5_free_fast_armored_req
-(krb5_context, krb5_fast_armored_req *);
+krb5_get_init_creds(krb5_context context, krb5_creds *creds,
+ krb5_principal client, krb5_prompter_fct prompter,
+ void *prompter_data, krb5_deltat start_time,
+ char *in_tkt_service, krb5_gic_opt_ext *gic_options,
+ krb5_gic_get_as_key_fct gak, void *gak_data,
+ int *master, krb5_kdc_rep **as_reply);
+
+krb5_error_code
+krb5int_populate_gic_opt (krb5_context, krb5_gic_opt_ext **,
+ krb5_flags options, krb5_address *const *addrs,
+ krb5_enctype *ktypes,
+ krb5_preauthtype *pre_auth_types, krb5_creds *creds);
+
+
+krb5_error_code KRB5_CALLCONV
+krb5_do_preauth(krb5_context context, krb5_kdc_req *request,
+ krb5_data *encoded_request_body,
+ krb5_data *encoded_previous_request, krb5_pa_data **in_padata,
+ krb5_pa_data ***out_padata, krb5_data *salt,
+ krb5_data *s2kparams, krb5_enctype *etype,
+ krb5_keyblock *as_key, krb5_prompter_fct prompter,
+ void *prompter_data, krb5_gic_get_as_key_fct gak_fct,
+ void *gak_data, krb5_preauth_client_rock *get_data_rock,
+ krb5_gic_opt_ext *opte);
+
+krb5_error_code KRB5_CALLCONV
+krb5_do_preauth_tryagain(krb5_context context, krb5_kdc_req *request,
+ krb5_data *encoded_request_body,
+ krb5_data *encoded_previous_request,
+ krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
+ krb5_error *err_reply,
+ krb5_data *salt, krb5_data *s2kparams,
+ krb5_enctype *etype, krb5_keyblock *as_key,
+ krb5_prompter_fct prompter, void *prompter_data,
+ krb5_gic_get_as_key_fct gak_fct, void *gak_data,
+ krb5_preauth_client_rock *get_data_rock,
+ krb5_gic_opt_ext *opte);
+
+void KRB5_CALLCONV krb5_init_preauth_context(krb5_context);
+void KRB5_CALLCONV krb5_free_preauth_context(krb5_context);
+void KRB5_CALLCONV krb5_clear_preauth_context_use_counts(krb5_context);
+void KRB5_CALLCONV krb5_preauth_prepare_request(krb5_context,
+ krb5_gic_opt_ext *,
+ krb5_kdc_req *);
+void KRB5_CALLCONV krb5_preauth_request_context_init(krb5_context);
+void KRB5_CALLCONV krb5_preauth_request_context_fini(krb5_context);
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge(krb5_context, krb5_sam_challenge *);
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2(krb5_context, krb5_sam_challenge_2 *);
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2_body(krb5_context, krb5_sam_challenge_2_body *);
+
+void KRB5_CALLCONV
+krb5_free_sam_response(krb5_context, krb5_sam_response *);
+
+void KRB5_CALLCONV
+krb5_free_sam_response_2(krb5_context, krb5_sam_response_2 *);
+
+void KRB5_CALLCONV
+krb5_free_predicted_sam_response(krb5_context, krb5_predicted_sam_response *);
+
+void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc(krb5_context, krb5_enc_sam_response_enc *);
+
+void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc_2(krb5_context, krb5_enc_sam_response_enc_2 *);
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_contents(krb5_context, krb5_sam_challenge *);
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2_contents(krb5_context, krb5_sam_challenge_2 *);
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2_body_contents(krb5_context,
+ krb5_sam_challenge_2_body *);
+
+void KRB5_CALLCONV
+krb5_free_sam_response_contents(krb5_context, krb5_sam_response *);
+
+void KRB5_CALLCONV
+krb5_free_sam_response_2_contents(krb5_context, krb5_sam_response_2 *);
+
+void KRB5_CALLCONV
+krb5_free_predicted_sam_response_contents(krb5_context,
+ krb5_predicted_sam_response * );
+
+void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc_contents(krb5_context,
+ krb5_enc_sam_response_enc * );
+
+void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc_2_contents(krb5_context,
+ krb5_enc_sam_response_enc_2 * );
+
+void KRB5_CALLCONV
+krb5_free_pa_enc_ts(krb5_context, krb5_pa_enc_ts *);
+
+void KRB5_CALLCONV
+krb5_free_pa_for_user(krb5_context, krb5_pa_for_user *);
+
+void KRB5_CALLCONV
+krb5_free_s4u_userid_contents(krb5_context, krb5_s4u_userid *);
+
+void KRB5_CALLCONV
+krb5_free_pa_s4u_x509_user(krb5_context, krb5_pa_s4u_x509_user *);
+
+void KRB5_CALLCONV
+krb5_free_pa_svr_referral_data(krb5_context, krb5_pa_svr_referral_data *);
+
+void KRB5_CALLCONV
+krb5_free_pa_server_referral_data(krb5_context,
+ krb5_pa_server_referral_data * );
+
+void KRB5_CALLCONV
+krb5_free_pa_pac_req(krb5_context, krb5_pa_pac_req * );
+
+void KRB5_CALLCONV
+krb5_free_etype_list(krb5_context, krb5_etype_list * );
+
+void KRB5_CALLCONV krb5_free_fast_armor(krb5_context, krb5_fast_armor *);
+void KRB5_CALLCONV krb5_free_fast_armored_req(krb5_context,
+ krb5_fast_armored_req *);
void KRB5_CALLCONV krb5_free_fast_req(krb5_context, krb5_fast_req *);
-void KRB5_CALLCONV krb5_free_fast_finished
-(krb5_context, krb5_fast_finished *);
-void KRB5_CALLCONV krb5_free_fast_response
-(krb5_context, krb5_fast_response *);
-void KRB5_CALLCONV krb5_free_ad_kdcissued
-(krb5_context, krb5_ad_kdcissued *);
-void KRB5_CALLCONV krb5_free_ad_signedpath
-(krb5_context, krb5_ad_signedpath *);
+void KRB5_CALLCONV krb5_free_fast_finished(krb5_context, krb5_fast_finished *);
+void KRB5_CALLCONV krb5_free_fast_response(krb5_context, krb5_fast_response *);
+void KRB5_CALLCONV krb5_free_ad_kdcissued(krb5_context, krb5_ad_kdcissued *);
+void KRB5_CALLCONV krb5_free_ad_signedpath(krb5_context, krb5_ad_signedpath *);
/* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
#include "com_err.h"
krb5_magic magic;
int n_modules;
struct _krb5_authdata_context_module {
- krb5_authdatatype ad_type;
- void *plugin_context;
+ krb5_authdatatype ad_type;
+ void *plugin_context;
authdata_client_plugin_fini_proc client_fini;
- krb5_flags flags;
- krb5plugin_authdata_client_ftable_v0 *ftable;
- authdata_client_request_init_proc client_req_init;
- authdata_client_request_fini_proc client_req_fini;
- const char *name;
- void *request_context;
- void **request_context_pp;
+ krb5_flags flags;
+ krb5plugin_authdata_client_ftable_v0 *ftable;
+ authdata_client_request_init_proc client_req_init;
+ authdata_client_request_fini_proc client_req_fini;
+ const char *name;
+ void *request_context;
+ void **request_context_pp;
} *modules;
struct plugin_dir_handle plugins;
};
typedef struct _krb5_authdata_context *krb5_authdata_context;
-void KRB5_CALLCONV krb5int_free_data_list
-(krb5_context context, krb5_data *data);
+void KRB5_CALLCONV
+krb5int_free_data_list(krb5_context context, krb5_data *data);
-krb5_error_code KRB5_CALLCONV krb5_authdata_context_init
-(krb5_context kcontext, krb5_authdata_context *pcontext);
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_context_init(krb5_context kcontext,
+ krb5_authdata_context *pcontext);
void KRB5_CALLCONV
-krb5_authdata_context_free
-(krb5_context kcontext, krb5_authdata_context context);
+krb5_authdata_context_free(krb5_context kcontext,
+ krb5_authdata_context context);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_export_authdata(krb5_context kcontext,
+ krb5_authdata_context context, krb5_flags usage,
+ krb5_authdata ***pauthdata);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_get_attribute_types(krb5_context kcontext,
+ krb5_authdata_context context,
+ krb5_data **attrs);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_get_attribute(krb5_context kcontext,
+ krb5_authdata_context context,
+ const krb5_data *attribute,
+ krb5_boolean *authenticated,
+ krb5_boolean *complete, krb5_data *value,
+ krb5_data *display_value, int *more);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_set_attribute(krb5_context kcontext,
+ krb5_authdata_context context,
+ krb5_boolean complete, const krb5_data *attribute,
+ const krb5_data *value);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_delete_attribute(krb5_context kcontext,
+ krb5_authdata_context context,
+ const krb5_data *attribute);
-krb5_error_code KRB5_CALLCONV krb5_authdata_export_authdata
-(krb5_context kcontext,
- krb5_authdata_context context,
- krb5_flags usage,
- krb5_authdata ***pauthdata);
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_import_attributes(krb5_context kcontext,
+ krb5_authdata_context context,
+ krb5_flags usage, const krb5_data *attributes);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_export_attributes(krb5_context kcontext,
+ krb5_authdata_context context,
+ krb5_flags usage, krb5_data **pattributes);
krb5_error_code KRB5_CALLCONV
-krb5_authdata_get_attribute_types
-(krb5_context kcontext,
- krb5_authdata_context context,
- krb5_data **attrs);
-
-krb5_error_code KRB5_CALLCONV krb5_authdata_get_attribute
-(krb5_context kcontext,
- krb5_authdata_context context,
- const krb5_data *attribute,
- krb5_boolean *authenticated,
- krb5_boolean *complete,
- krb5_data *value,
- krb5_data *display_value,
- int *more);
-
-krb5_error_code KRB5_CALLCONV krb5_authdata_set_attribute
-(krb5_context kcontext,
- krb5_authdata_context context,
- krb5_boolean complete,
- const krb5_data *attribute,
- const krb5_data *value);
+krb5_authdata_export_internal(krb5_context kcontext,
+ krb5_authdata_context context,
+ krb5_boolean restrict_authenticated,
+ const char *module, void **ptr);
krb5_error_code KRB5_CALLCONV
-krb5_authdata_delete_attribute
-(krb5_context kcontext,
- krb5_authdata_context context,
- const krb5_data *attribute);
-
-krb5_error_code KRB5_CALLCONV krb5_authdata_import_attributes
-(krb5_context kcontext,
- krb5_authdata_context context,
- krb5_flags usage,
- const krb5_data *attributes);
-
-krb5_error_code KRB5_CALLCONV krb5_authdata_export_attributes
-(krb5_context kcontext,
- krb5_authdata_context context,
- krb5_flags usage,
- krb5_data **pattributes);
-
-krb5_error_code KRB5_CALLCONV krb5_authdata_export_internal
-(krb5_context kcontext,
- krb5_authdata_context context,
- krb5_boolean restrict_authenticated,
- const char *module,
- void **ptr);
-
-krb5_error_code KRB5_CALLCONV krb5_authdata_context_copy
-(krb5_context kcontext,
- krb5_authdata_context src,
- krb5_authdata_context *dst);
-
-krb5_error_code KRB5_CALLCONV krb5_authdata_free_internal
-(krb5_context kcontext,
- krb5_authdata_context context,
- const char *module,
- void *ptr);
-
-
-struct _kdb5_dal_handle; /* private, in kdb5.h */
+krb5_authdata_context_copy(krb5_context kcontext, krb5_authdata_context src,
+ krb5_authdata_context *dst);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_free_internal(krb5_context kcontext,
+ krb5_authdata_context context, const char *module,
+ void *ptr);
+
+struct _kdb5_dal_handle; /* private, in kdb5.h */
typedef struct _kdb5_dal_handle kdb5_dal_handle;
struct _kdb_log_context;
struct _krb5_context {
- krb5_magic magic;
- krb5_enctype *in_tkt_etypes;
- krb5_enctype *tgs_etypes;
- struct _krb5_os_context os_context;
- char *default_realm;
- profile_t profile;
- kdb5_dal_handle *dal_handle;
- int ser_ctx_count;
- void *ser_ctx;
- /* allowable clock skew */
- krb5_deltat clockskew;
- krb5_cksumtype kdc_req_sumtype;
- krb5_cksumtype default_ap_req_sumtype;
- krb5_cksumtype default_safe_sumtype;
- krb5_flags kdc_default_options;
- krb5_flags library_options;
- krb5_boolean profile_secure;
- int fcc_default_format;
- krb5_prompt_type *prompt_types;
- /* Message size above which we'll try TCP first in send-to-kdc
- type code. Aside from the 2**16 size limit, we put no
- absolute limit on the UDP packet size. */
- int udp_pref_limit;
-
- /* Use the config-file ktypes instead of app-specified? */
- krb5_boolean use_conf_ktypes;
+ krb5_magic magic;
+ krb5_enctype *in_tkt_etypes;
+ krb5_enctype *tgs_etypes;
+ struct _krb5_os_context os_context;
+ char *default_realm;
+ profile_t profile;
+ kdb5_dal_handle *dal_handle;
+ int ser_ctx_count;
+ void *ser_ctx;
+ /* allowable clock skew */
+ krb5_deltat clockskew;
+ krb5_cksumtype kdc_req_sumtype;
+ krb5_cksumtype default_ap_req_sumtype;
+ krb5_cksumtype default_safe_sumtype;
+ krb5_flags kdc_default_options;
+ krb5_flags library_options;
+ krb5_boolean profile_secure;
+ int fcc_default_format;
+ krb5_prompt_type *prompt_types;
+ /* Message size above which we'll try TCP first in send-to-kdc
+ type code. Aside from the 2**16 size limit, we put no
+ absolute limit on the UDP packet size. */
+ int udp_pref_limit;
+
+ /* Use the config-file ktypes instead of app-specified? */
+ krb5_boolean use_conf_ktypes;
#ifdef KRB5_DNS_LOOKUP
- krb5_boolean profile_in_memory;
+ krb5_boolean profile_in_memory;
#endif /* KRB5_DNS_LOOKUP */
/* locate_kdc module stuff */
/* could be used in a table to find an etype and initialize a block */
-#define KRB5_LIBOPT_SYNC_KDCTIME 0x0001
+#define KRB5_LIBOPT_SYNC_KDCTIME 0x0001
/* internal message representations */
typedef struct _krb5_safe {
krb5_magic magic;
- krb5_data user_data; /* user data */
- krb5_timestamp timestamp; /* client time, optional */
- krb5_int32 usec; /* microsecond portion of time,
- optional */
- krb5_ui_4 seq_number; /* sequence #, optional */
- krb5_address *s_address; /* sender address */
- krb5_address *r_address; /* recipient address, optional */
- krb5_checksum *checksum; /* data integrity checksum */
+ krb5_data user_data; /* user data */
+ krb5_timestamp timestamp; /* client time, optional */
+ krb5_int32 usec; /* microsecond portion of time,
+ optional */
+ krb5_ui_4 seq_number; /* sequence #, optional */
+ krb5_address *s_address; /* sender address */
+ krb5_address *r_address; /* recipient address, optional */
+ krb5_checksum *checksum; /* data integrity checksum */
} krb5_safe;
typedef struct _krb5_priv {
krb5_magic magic;
- krb5_enc_data enc_part; /* encrypted part */
+ krb5_enc_data enc_part; /* encrypted part */
} krb5_priv;
typedef struct _krb5_priv_enc_part {
krb5_magic magic;
- krb5_data user_data; /* user data */
- krb5_timestamp timestamp; /* client time, optional */
- krb5_int32 usec; /* microsecond portion of time, opt. */
- krb5_ui_4 seq_number; /* sequence #, optional */
- krb5_address *s_address; /* sender address */
- krb5_address *r_address; /* recipient address, optional */
+ krb5_data user_data; /* user data */
+ krb5_timestamp timestamp; /* client time, optional */
+ krb5_int32 usec; /* microsecond portion of time, opt. */
+ krb5_ui_4 seq_number; /* sequence #, optional */
+ krb5_address *s_address; /* sender address */
+ krb5_address *r_address; /* recipient address, optional */
} krb5_priv_enc_part;
-void KRB5_CALLCONV krb5_free_safe
- (krb5_context, krb5_safe * );
-void KRB5_CALLCONV krb5_free_priv
- (krb5_context, krb5_priv * );
-void KRB5_CALLCONV krb5_free_priv_enc_part
- (krb5_context, krb5_priv_enc_part * );
+void KRB5_CALLCONV krb5_free_safe(krb5_context, krb5_safe *);
+void KRB5_CALLCONV krb5_free_priv(krb5_context, krb5_priv *);
+void KRB5_CALLCONV krb5_free_priv_enc_part(krb5_context, krb5_priv_enc_part *);
/*
* Begin "asn1.h"
EncKrbPrivPart is APPLICATION 28.
EncKrbCredPart is APPLICATION 29.
KRB_ERROR is APPLICATION 30.
- */
+*/
/* allow either constructed or primitive encoding, so check for bit 6
set or reset */
-#define krb5int_is_app_tag(dat,tag)\
- ((dat) && (dat)->length && \
+#define krb5int_is_app_tag(dat,tag) \
+ ((dat) && (dat)->length && \
((((dat)->data[0] & ~0x20) == ((tag) | 0x40))))
#define krb5_is_krb_ticket(dat) krb5int_is_app_tag(dat, 1)
#define krb5_is_krb_authenticator(dat) krb5int_is_app_tag(dat, 2)
*************************************************************************/
/*
- krb5_error_code encode_krb5_structure(const krb5_structure *rep,
- krb5_data **code);
- modifies *code
- effects Returns the ASN.1 encoding of *rep in **code.
- Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep.
- Returns ENOMEM if memory runs out.
+ krb5_error_code encode_krb5_structure(const krb5_structure *rep,
+ krb5_data **code);
+ modifies *code
+ effects Returns the ASN.1 encoding of *rep in **code.
+ Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep.
+ Returns ENOMEM if memory runs out.
*/
-krb5_error_code encode_krb5_authenticator
- (const krb5_authenticator *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_authenticator(const krb5_authenticator *rep, krb5_data **code);
-krb5_error_code encode_krb5_ticket
- (const krb5_ticket *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_ticket(const krb5_ticket *rep, krb5_data **code);
-krb5_error_code encode_krb5_encryption_key
- (const krb5_keyblock *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_encryption_key(const krb5_keyblock *rep, krb5_data **code);
-krb5_error_code encode_krb5_enc_tkt_part
- (const krb5_enc_tkt_part *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_enc_tkt_part(const krb5_enc_tkt_part *rep, krb5_data **code);
-krb5_error_code encode_krb5_enc_kdc_rep_part
- (const krb5_enc_kdc_rep_part *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_enc_kdc_rep_part(const krb5_enc_kdc_rep_part *rep,
+ krb5_data **code);
/* yes, the translation is identical to that used for KDC__REP */
-krb5_error_code encode_krb5_as_rep
- (const krb5_kdc_rep *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_as_rep(const krb5_kdc_rep *rep, krb5_data **code);
/* yes, the translation is identical to that used for KDC__REP */
-krb5_error_code encode_krb5_tgs_rep
- (const krb5_kdc_rep *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_tgs_rep(const krb5_kdc_rep *rep, krb5_data **code);
-krb5_error_code encode_krb5_ap_req
- (const krb5_ap_req *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_ap_req(const krb5_ap_req *rep, krb5_data **code);
-krb5_error_code encode_krb5_ap_rep
- (const krb5_ap_rep *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_ap_rep(const krb5_ap_rep *rep, krb5_data **code);
-krb5_error_code encode_krb5_ap_rep_enc_part
- (const krb5_ap_rep_enc_part *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_ap_rep_enc_part(const krb5_ap_rep_enc_part *rep, krb5_data **code);
-krb5_error_code encode_krb5_as_req
- (const krb5_kdc_req *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_as_req(const krb5_kdc_req *rep, krb5_data **code);
-krb5_error_code encode_krb5_tgs_req
- (const krb5_kdc_req *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_tgs_req(const krb5_kdc_req *rep, krb5_data **code);
-krb5_error_code encode_krb5_kdc_req_body
- (const krb5_kdc_req *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_kdc_req_body(const krb5_kdc_req *rep, krb5_data **code);
-krb5_error_code encode_krb5_safe
- (const krb5_safe *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_safe(const krb5_safe *rep, krb5_data **code);
struct krb5_safe_with_body {
krb5_safe *safe;
krb5_data *body;
};
-krb5_error_code encode_krb5_safe_with_body
- (const struct krb5_safe_with_body *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_safe_with_body(const struct krb5_safe_with_body *rep,
+ krb5_data **code);
-krb5_error_code encode_krb5_priv
- (const krb5_priv *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_priv(const krb5_priv *rep, krb5_data **code);
-krb5_error_code encode_krb5_enc_priv_part
- (const krb5_priv_enc_part *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_enc_priv_part(const krb5_priv_enc_part *rep, krb5_data **code);
-krb5_error_code encode_krb5_cred
- (const krb5_cred *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_cred(const krb5_cred *rep, krb5_data **code);
-krb5_error_code encode_krb5_enc_cred_part
- (const krb5_cred_enc_part *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_enc_cred_part(const krb5_cred_enc_part *rep, krb5_data **code);
-krb5_error_code encode_krb5_error
- (const krb5_error *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_error(const krb5_error *rep, krb5_data **code);
-krb5_error_code encode_krb5_authdata
- (krb5_authdata *const *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_authdata(krb5_authdata *const *rep, krb5_data **code);
-krb5_error_code encode_krb5_authdata_elt
- (const krb5_authdata *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_authdata_elt(const krb5_authdata *rep, krb5_data **code);
-krb5_error_code encode_krb5_pwd_sequence
- (const passwd_phrase_element *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_pwd_sequence(const passwd_phrase_element *rep, krb5_data **code);
-krb5_error_code encode_krb5_pwd_data
- (const krb5_pwd_data *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_pwd_data(const krb5_pwd_data *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_padata_sequence(krb5_pa_data *const *rep, krb5_data **code);
-krb5_error_code encode_krb5_padata_sequence
- (krb5_pa_data *const *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_alt_method(const krb5_alt_method *, krb5_data **code);
-krb5_error_code encode_krb5_alt_method
- (const krb5_alt_method *, krb5_data **code);
+krb5_error_code
+encode_krb5_etype_info(krb5_etype_info_entry *const *, krb5_data **code);
-krb5_error_code encode_krb5_etype_info
- (krb5_etype_info_entry *const *, krb5_data **code);
-krb5_error_code encode_krb5_etype_info2
- (krb5_etype_info_entry *const *, krb5_data **code);
+krb5_error_code
+encode_krb5_etype_info2(krb5_etype_info_entry *const *, krb5_data **code);
-krb5_error_code encode_krb5_enc_data
- (const krb5_enc_data *, krb5_data **);
+krb5_error_code
+encode_krb5_enc_data(const krb5_enc_data *, krb5_data **);
-krb5_error_code encode_krb5_pa_enc_ts
- (const krb5_pa_enc_ts *, krb5_data **);
+krb5_error_code
+encode_krb5_pa_enc_ts(const krb5_pa_enc_ts *, krb5_data **);
-krb5_error_code encode_krb5_sam_challenge
- (const krb5_sam_challenge * , krb5_data **);
+krb5_error_code
+encode_krb5_sam_challenge(const krb5_sam_challenge * , krb5_data **);
-krb5_error_code encode_krb5_sam_key
- (const krb5_sam_key * , krb5_data **);
+krb5_error_code
+encode_krb5_sam_key(const krb5_sam_key * , krb5_data **);
-krb5_error_code encode_krb5_enc_sam_response_enc
- (const krb5_enc_sam_response_enc * , krb5_data **);
+krb5_error_code
+encode_krb5_enc_sam_response_enc(const krb5_enc_sam_response_enc *,
+ krb5_data **);
-krb5_error_code encode_krb5_sam_response
- (const krb5_sam_response * , krb5_data **);
+krb5_error_code
+encode_krb5_sam_response(const krb5_sam_response *, krb5_data **);
#if 0 /* currently not compiled because we never use them */
-krb5_error_code encode_krb5_sam_challenge_2
- (const krb5_sam_challenge_2 * , krb5_data **);
+krb5_error_code
+encode_krb5_sam_challenge_2(const krb5_sam_challenge_2 * , krb5_data **);
-krb5_error_code encode_krb5_sam_challenge_2_body
- (const krb5_sam_challenge_2_body * , krb5_data **);
+krb5_error_code
+encode_krb5_sam_challenge_2_body(const krb5_sam_challenge_2_body *,
+ krb5_data **);
#endif
-krb5_error_code encode_krb5_enc_sam_response_enc_2
- (const krb5_enc_sam_response_enc_2 * , krb5_data **);
+krb5_error_code
+encode_krb5_enc_sam_response_enc_2(const krb5_enc_sam_response_enc_2 *,
+ krb5_data **);
-krb5_error_code encode_krb5_sam_response_2
- (const krb5_sam_response_2 * , krb5_data **);
+krb5_error_code
+encode_krb5_sam_response_2(const krb5_sam_response_2 * , krb5_data **);
-krb5_error_code encode_krb5_predicted_sam_response
- (const krb5_predicted_sam_response * , krb5_data **);
+krb5_error_code
+encode_krb5_predicted_sam_response(const krb5_predicted_sam_response *,
+ krb5_data **);
struct krb5_setpw_req {
krb5_principal target;
krb5_data password;
};
-krb5_error_code encode_krb5_setpw_req
- (const struct krb5_setpw_req *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_setpw_req(const struct krb5_setpw_req *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_pa_for_user(const krb5_pa_for_user *, krb5_data **);
+
+krb5_error_code
+encode_krb5_s4u_userid(const krb5_s4u_userid *, krb5_data **);
+
+krb5_error_code
+encode_krb5_pa_s4u_x509_user(const krb5_pa_s4u_x509_user *, krb5_data **);
+
+krb5_error_code
+encode_krb5_pa_svr_referral_data(const krb5_pa_svr_referral_data *,
+ krb5_data **);
-krb5_error_code encode_krb5_pa_for_user
- (const krb5_pa_for_user * , krb5_data **);
+krb5_error_code
+encode_krb5_pa_server_referral_data(const krb5_pa_server_referral_data *,
+ krb5_data **);
-krb5_error_code encode_krb5_s4u_userid
- (const krb5_s4u_userid * , krb5_data **);
+krb5_error_code
+encode_krb5_pa_pac_req(const krb5_pa_pac_req *, krb5_data **);
-krb5_error_code encode_krb5_pa_s4u_x509_user
- (const krb5_pa_s4u_x509_user * , krb5_data **);
+krb5_error_code
+encode_krb5_etype_list(const krb5_etype_list * , krb5_data **);
-krb5_error_code encode_krb5_pa_svr_referral_data
- (const krb5_pa_svr_referral_data * , krb5_data **);
+krb5_error_code
+encode_krb5_pa_fx_fast_request(const krb5_fast_armored_req *, krb5_data **);
-krb5_error_code encode_krb5_pa_server_referral_data
- (const krb5_pa_server_referral_data * , krb5_data **);
+krb5_error_code
+encode_krb5_fast_req(const krb5_fast_req *, krb5_data **);
-krb5_error_code encode_krb5_pa_pac_req
- (const krb5_pa_pac_req * , krb5_data **);
+krb5_error_code
+encode_krb5_pa_fx_fast_reply(const krb5_enc_data *, krb5_data **);
-krb5_error_code encode_krb5_etype_list
- (const krb5_etype_list * , krb5_data **);
+krb5_error_code
+encode_krb5_fast_response(const krb5_fast_response *, krb5_data **);
-krb5_error_code encode_krb5_pa_fx_fast_request
-(const krb5_fast_armored_req *, krb5_data **);
-krb5_error_code encode_krb5_fast_req
-(const krb5_fast_req *, krb5_data **);
-krb5_error_code encode_krb5_pa_fx_fast_reply
-(const krb5_enc_data *, krb5_data **);
+krb5_error_code
+encode_krb5_ad_kdcissued(const krb5_ad_kdcissued *, krb5_data **);
-krb5_error_code encode_krb5_fast_response
-(const krb5_fast_response *, krb5_data **);
+krb5_error_code
+encode_krb5_ad_signedpath(const krb5_ad_signedpath *, krb5_data **);
-krb5_error_code encode_krb5_ad_kdcissued
-(const krb5_ad_kdcissued *, krb5_data **);
-krb5_error_code encode_krb5_ad_signedpath
-(const krb5_ad_signedpath *, krb5_data **);
-krb5_error_code encode_krb5_ad_signedpath_data
-(const krb5_ad_signedpath_data *, krb5_data **);
+krb5_error_code
+encode_krb5_ad_signedpath_data(const krb5_ad_signedpath_data *, krb5_data **);
/*************************************************************************
* End of prototypes for krb5_encode.c
*************************************************************************/
-krb5_error_code decode_krb5_sam_challenge
- (const krb5_data *, krb5_sam_challenge **);
+krb5_error_code
+decode_krb5_sam_challenge(const krb5_data *, krb5_sam_challenge **);
-krb5_error_code decode_krb5_enc_sam_key
- (const krb5_data *, krb5_sam_key **);
+krb5_error_code
+decode_krb5_enc_sam_key(const krb5_data *, krb5_sam_key **);
-krb5_error_code decode_krb5_enc_sam_response_enc
- (const krb5_data *, krb5_enc_sam_response_enc **);
+krb5_error_code
+decode_krb5_enc_sam_response_enc(const krb5_data *,
+ krb5_enc_sam_response_enc **);
-krb5_error_code decode_krb5_sam_response
- (const krb5_data *, krb5_sam_response **);
+krb5_error_code
+decode_krb5_sam_response(const krb5_data *, krb5_sam_response **);
-krb5_error_code decode_krb5_predicted_sam_response
- (const krb5_data *, krb5_predicted_sam_response **);
+krb5_error_code
+decode_krb5_predicted_sam_response(const krb5_data *,
+ krb5_predicted_sam_response **);
-krb5_error_code decode_krb5_sam_challenge_2
- (const krb5_data *, krb5_sam_challenge_2 **);
+krb5_error_code
+decode_krb5_sam_challenge_2(const krb5_data *, krb5_sam_challenge_2 **);
-krb5_error_code decode_krb5_sam_challenge_2_body
- (const krb5_data *, krb5_sam_challenge_2_body **);
+krb5_error_code
+decode_krb5_sam_challenge_2_body(const krb5_data *,
+ krb5_sam_challenge_2_body **);
-krb5_error_code decode_krb5_enc_sam_response_enc_2
- (const krb5_data *, krb5_enc_sam_response_enc_2 **);
+krb5_error_code
+decode_krb5_enc_sam_response_enc_2(const krb5_data *,
+ krb5_enc_sam_response_enc_2 **);
-krb5_error_code decode_krb5_sam_response_2
- (const krb5_data *, krb5_sam_response_2 **);
+krb5_error_code
+decode_krb5_sam_response_2(const krb5_data *, krb5_sam_response_2 **);
/*************************************************************************
* Prototypes for krb5_decode.c
*************************************************************************/
-krb5_error_code krb5_validate_times
- (krb5_context,
- krb5_ticket_times *);
+krb5_error_code
+krb5_validate_times(krb5_context, krb5_ticket_times *);
/*
- krb5_error_code decode_krb5_structure(const krb5_data *code,
- krb5_structure **rep);
-
- requires Expects **rep to not have been allocated;
- a new *rep is allocated regardless of the old value.
- effects Decodes *code into **rep.
- Returns ENOMEM if memory is exhausted.
- Returns asn1 and krb5 errors.
+ krb5_error_code decode_krb5_structure(const krb5_data *code,
+ krb5_structure **rep);
+
+ requires Expects **rep to not have been allocated;
+ a new *rep is allocated regardless of the old value.
+ effects Decodes *code into **rep.
+ Returns ENOMEM if memory is exhausted.
+ Returns asn1 and krb5 errors.
*/
-krb5_error_code decode_krb5_authenticator
- (const krb5_data *code, krb5_authenticator **rep);
-
-krb5_error_code decode_krb5_ticket
- (const krb5_data *code, krb5_ticket **rep);
+krb5_error_code
+decode_krb5_authenticator(const krb5_data *code, krb5_authenticator **rep);
-krb5_error_code decode_krb5_encryption_key
- (const krb5_data *output, krb5_keyblock **rep);
+krb5_error_code
+decode_krb5_ticket(const krb5_data *code, krb5_ticket **rep);
-krb5_error_code decode_krb5_enc_tkt_part
- (const krb5_data *output, krb5_enc_tkt_part **rep);
+krb5_error_code
+decode_krb5_encryption_key(const krb5_data *output, krb5_keyblock **rep);
-krb5_error_code decode_krb5_enc_kdc_rep_part
- (const krb5_data *output, krb5_enc_kdc_rep_part **rep);
+krb5_error_code
+decode_krb5_enc_tkt_part(const krb5_data *output, krb5_enc_tkt_part **rep);
-krb5_error_code decode_krb5_as_rep
- (const krb5_data *output, krb5_kdc_rep **rep);
+krb5_error_code
+decode_krb5_enc_kdc_rep_part(const krb5_data *output,
+ krb5_enc_kdc_rep_part **rep);
-krb5_error_code decode_krb5_tgs_rep
- (const krb5_data *output, krb5_kdc_rep **rep);
+krb5_error_code
+decode_krb5_as_rep(const krb5_data *output, krb5_kdc_rep **rep);
-krb5_error_code decode_krb5_ap_req
- (const krb5_data *output, krb5_ap_req **rep);
+krb5_error_code
+decode_krb5_tgs_rep(const krb5_data *output, krb5_kdc_rep **rep);
-krb5_error_code decode_krb5_ap_rep
- (const krb5_data *output, krb5_ap_rep **rep);
+krb5_error_code
+decode_krb5_ap_req(const krb5_data *output, krb5_ap_req **rep);
-krb5_error_code decode_krb5_ap_rep_enc_part
- (const krb5_data *output, krb5_ap_rep_enc_part **rep);
+krb5_error_code
+decode_krb5_ap_rep(const krb5_data *output, krb5_ap_rep **rep);
-krb5_error_code decode_krb5_as_req
- (const krb5_data *output, krb5_kdc_req **rep);
+krb5_error_code
+decode_krb5_ap_rep_enc_part(const krb5_data *output,
+ krb5_ap_rep_enc_part **rep);
-krb5_error_code decode_krb5_tgs_req
- (const krb5_data *output, krb5_kdc_req **rep);
+krb5_error_code
+decode_krb5_as_req(const krb5_data *output, krb5_kdc_req **rep);
-krb5_error_code decode_krb5_kdc_req_body
- (const krb5_data *output, krb5_kdc_req **rep);
+krb5_error_code
+decode_krb5_tgs_req(const krb5_data *output, krb5_kdc_req **rep);
-krb5_error_code decode_krb5_safe
- (const krb5_data *output, krb5_safe **rep);
+krb5_error_code
+decode_krb5_kdc_req_body(const krb5_data *output, krb5_kdc_req **rep);
-krb5_error_code decode_krb5_safe_with_body
- (const krb5_data *output, krb5_safe **rep, krb5_data *body);
+krb5_error_code
+decode_krb5_safe(const krb5_data *output, krb5_safe **rep);
-krb5_error_code decode_krb5_priv
- (const krb5_data *output, krb5_priv **rep);
+krb5_error_code
+decode_krb5_safe_with_body(const krb5_data *output, krb5_safe **rep,
+ krb5_data *body);
-krb5_error_code decode_krb5_enc_priv_part
- (const krb5_data *output, krb5_priv_enc_part **rep);
+krb5_error_code
+decode_krb5_priv(const krb5_data *output, krb5_priv **rep);
-krb5_error_code decode_krb5_cred
- (const krb5_data *output, krb5_cred **rep);
+krb5_error_code
+decode_krb5_enc_priv_part(const krb5_data *output, krb5_priv_enc_part **rep);
-krb5_error_code decode_krb5_enc_cred_part
- (const krb5_data *output, krb5_cred_enc_part **rep);
+krb5_error_code
+decode_krb5_cred(const krb5_data *output, krb5_cred **rep);
-krb5_error_code decode_krb5_error
- (const krb5_data *output, krb5_error **rep);
+krb5_error_code
+decode_krb5_enc_cred_part(const krb5_data *output, krb5_cred_enc_part **rep);
-krb5_error_code decode_krb5_authdata
- (const krb5_data *output, krb5_authdata ***rep);
+krb5_error_code
+decode_krb5_error(const krb5_data *output, krb5_error **rep);
-krb5_error_code decode_krb5_pwd_sequence
- (const krb5_data *output, passwd_phrase_element **rep);
+krb5_error_code
+decode_krb5_authdata(const krb5_data *output, krb5_authdata ***rep);
-krb5_error_code decode_krb5_pwd_data
- (const krb5_data *output, krb5_pwd_data **rep);
+krb5_error_code
+decode_krb5_pwd_sequence(const krb5_data *output, passwd_phrase_element **rep);
-krb5_error_code decode_krb5_padata_sequence
- (const krb5_data *output, krb5_pa_data ***rep);
+krb5_error_code
+decode_krb5_pwd_data(const krb5_data *output, krb5_pwd_data **rep);
-krb5_error_code decode_krb5_alt_method
- (const krb5_data *output, krb5_alt_method **rep);
+krb5_error_code
+decode_krb5_padata_sequence(const krb5_data *output, krb5_pa_data ***rep);
-krb5_error_code decode_krb5_etype_info
- (const krb5_data *output, krb5_etype_info_entry ***rep);
+krb5_error_code
+decode_krb5_alt_method(const krb5_data *output, krb5_alt_method **rep);
-krb5_error_code decode_krb5_etype_info2
- (const krb5_data *output, krb5_etype_info_entry ***rep);
+krb5_error_code
+decode_krb5_etype_info(const krb5_data *output, krb5_etype_info_entry ***rep);
-krb5_error_code decode_krb5_enc_data
- (const krb5_data *output, krb5_enc_data **rep);
+krb5_error_code
+decode_krb5_etype_info2(const krb5_data *output, krb5_etype_info_entry ***rep);
-krb5_error_code decode_krb5_pa_enc_ts
- (const krb5_data *output, krb5_pa_enc_ts **rep);
+krb5_error_code
+decode_krb5_enc_data(const krb5_data *output, krb5_enc_data **rep);
-krb5_error_code decode_krb5_sam_key
- (const krb5_data *, krb5_sam_key **);
+krb5_error_code
+decode_krb5_pa_enc_ts(const krb5_data *output, krb5_pa_enc_ts **rep);
-krb5_error_code decode_krb5_setpw_req
- (const krb5_data *, krb5_data **, krb5_principal *);
+krb5_error_code
+decode_krb5_sam_key(const krb5_data *, krb5_sam_key **);
-krb5_error_code decode_krb5_pa_for_user
- (const krb5_data *, krb5_pa_for_user **);
+krb5_error_code
+decode_krb5_setpw_req(const krb5_data *, krb5_data **, krb5_principal *);
-krb5_error_code decode_krb5_pa_s4u_x509_user
- (const krb5_data *, krb5_pa_s4u_x509_user **);
+krb5_error_code
+decode_krb5_pa_for_user(const krb5_data *, krb5_pa_for_user **);
-krb5_error_code decode_krb5_pa_svr_referral_data
- (const krb5_data *, krb5_pa_svr_referral_data **);
+krb5_error_code
+decode_krb5_pa_s4u_x509_user(const krb5_data *, krb5_pa_s4u_x509_user **);
-krb5_error_code decode_krb5_pa_server_referral_data
- (const krb5_data *, krb5_pa_server_referral_data **);
+krb5_error_code
+decode_krb5_pa_svr_referral_data(const krb5_data *,
+ krb5_pa_svr_referral_data **);
-krb5_error_code decode_krb5_pa_pac_req
- (const krb5_data *, krb5_pa_pac_req **);
+krb5_error_code
+decode_krb5_pa_server_referral_data(const krb5_data *,
+ krb5_pa_server_referral_data **);
-krb5_error_code decode_krb5_etype_list
- (const krb5_data *, krb5_etype_list **);
+krb5_error_code
+decode_krb5_pa_pac_req(const krb5_data *, krb5_pa_pac_req **);
-krb5_error_code decode_krb5_pa_fx_fast_request
-(const krb5_data *, krb5_fast_armored_req **);
+krb5_error_code
+decode_krb5_etype_list(const krb5_data *, krb5_etype_list **);
-krb5_error_code decode_krb5_fast_req
-(const krb5_data *, krb5_fast_req **);
+krb5_error_code
+decode_krb5_pa_fx_fast_request(const krb5_data *, krb5_fast_armored_req **);
+krb5_error_code
+decode_krb5_fast_req(const krb5_data *, krb5_fast_req **);
-krb5_error_code decode_krb5_pa_fx_fast_reply
-(const krb5_data *, krb5_enc_data **);
+krb5_error_code
+decode_krb5_pa_fx_fast_reply(const krb5_data *, krb5_enc_data **);
-krb5_error_code decode_krb5_fast_response
-(const krb5_data *, krb5_fast_response **);
+krb5_error_code
+decode_krb5_fast_response(const krb5_data *, krb5_fast_response **);
-krb5_error_code decode_krb5_ad_kdcissued
-(const krb5_data *, krb5_ad_kdcissued **);
+krb5_error_code
+decode_krb5_ad_kdcissued(const krb5_data *, krb5_ad_kdcissued **);
-krb5_error_code decode_krb5_ad_signedpath
-(const krb5_data *, krb5_ad_signedpath **);
+krb5_error_code
+decode_krb5_ad_signedpath(const krb5_data *, krb5_ad_signedpath **);
-struct _krb5_key_data; /* kdb.h */
+struct _krb5_key_data; /* kdb.h */
struct ldap_seqof_key_data {
- krb5_int32 mkvno; /* Master key version number */
+ krb5_int32 mkvno; /* Master key version number */
struct _krb5_key_data *key_data;
krb5_int16 n_key_data;
};
typedef struct ldap_seqof_key_data ldap_seqof_key_data;
krb5_error_code
-krb5int_ldap_encode_sequence_of_keys (const ldap_seqof_key_data *val,
- krb5_data **code);
+krb5int_ldap_encode_sequence_of_keys(const ldap_seqof_key_data *val,
+ krb5_data **code);
krb5_error_code
-krb5int_ldap_decode_sequence_of_keys (krb5_data *in,
- ldap_seqof_key_data **rep);
+krb5int_ldap_decode_sequence_of_keys(krb5_data *in,
+ ldap_seqof_key_data **rep);
/*************************************************************************
* End of prototypes for krb5_decode.c
/*
* Internal krb5 library routines
*/
-krb5_error_code krb5_encrypt_tkt_part
- (krb5_context,
- const krb5_keyblock *,
- krb5_ticket * );
-
-
-krb5_error_code krb5_encode_kdc_rep
- (krb5_context,
- krb5_msgtype,
- const krb5_enc_kdc_rep_part *,
- int using_subkey,
- const krb5_keyblock *,
- krb5_kdc_rep *,
- krb5_data ** );
-
-krb5_boolean krb5int_auth_con_chkseqnum
- (krb5_context ctx, krb5_auth_context ac, krb5_ui_4 in_seq);
+krb5_error_code
+krb5_encrypt_tkt_part(krb5_context, const krb5_keyblock *, krb5_ticket *);
+
+krb5_error_code
+krb5_encode_kdc_rep(krb5_context, krb5_msgtype, const krb5_enc_kdc_rep_part *,
+ int using_subkey, const krb5_keyblock *, krb5_kdc_rep *,
+ krb5_data ** );
+
+krb5_boolean
+krb5int_auth_con_chkseqnum(krb5_context ctx, krb5_auth_context ac,
+ krb5_ui_4 in_seq);
/*
* [De]Serialization Handle and operations.
*/
struct __krb5_serializer {
- krb5_magic odtype;
- krb5_error_code (*sizer) (krb5_context,
- krb5_pointer,
- size_t *);
- krb5_error_code (*externalizer) (krb5_context,
- krb5_pointer,
- krb5_octet **,
- size_t *);
- krb5_error_code (*internalizer) (krb5_context,
- krb5_pointer *,
- krb5_octet **,
- size_t *);
+ krb5_magic odtype;
+ krb5_error_code (*sizer) (krb5_context,
+ krb5_pointer,
+ size_t *);
+ krb5_error_code (*externalizer) (krb5_context,
+ krb5_pointer,
+ krb5_octet **,
+ size_t *);
+ krb5_error_code (*internalizer) (krb5_context,
+ krb5_pointer *,
+ krb5_octet **,
+ size_t *);
};
typedef const struct __krb5_serializer * krb5_ser_handle;
typedef struct __krb5_serializer krb5_ser_entry;
-krb5_ser_handle krb5_find_serializer
- (krb5_context,
- krb5_magic);
-krb5_error_code krb5_register_serializer
- (krb5_context,
- const krb5_ser_entry *);
+krb5_ser_handle krb5_find_serializer(krb5_context, krb5_magic);
+krb5_error_code krb5_register_serializer(krb5_context, const krb5_ser_entry *);
/* Determine the external size of a particular opaque structure */
-krb5_error_code KRB5_CALLCONV krb5_size_opaque
- (krb5_context,
- krb5_magic,
- krb5_pointer,
- size_t *);
+krb5_error_code KRB5_CALLCONV
+krb5_size_opaque(krb5_context, krb5_magic, krb5_pointer, size_t *);
/* Serialize the structure into a buffer */
-krb5_error_code KRB5_CALLCONV krb5_externalize_opaque
- (krb5_context,
- krb5_magic,
- krb5_pointer,
- krb5_octet **,
- size_t *);
+krb5_error_code KRB5_CALLCONV
+krb5_externalize_opaque(krb5_context, krb5_magic, krb5_pointer, krb5_octet **,
+ size_t *);
/* Deserialize the structure from a buffer */
-krb5_error_code KRB5_CALLCONV krb5_internalize_opaque
- (krb5_context,
- krb5_magic,
- krb5_pointer *,
- krb5_octet **,
- size_t *);
+krb5_error_code KRB5_CALLCONV
+krb5_internalize_opaque(krb5_context, krb5_magic, krb5_pointer *,
+ krb5_octet **, size_t *);
/* Serialize data into a buffer */
-krb5_error_code krb5_externalize_data
- (krb5_context,
- krb5_pointer,
- krb5_octet **,
- size_t *);
+krb5_error_code
+krb5_externalize_data(krb5_context, krb5_pointer, krb5_octet **, size_t *);
/*
* Initialization routines.
*/
/* Initialize serialization for krb5_[os_]context */
-krb5_error_code KRB5_CALLCONV krb5_ser_context_init
- (krb5_context);
+krb5_error_code KRB5_CALLCONV krb5_ser_context_init(krb5_context);
/* Initialize serialization for krb5_auth_context */
-krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init
- (krb5_context);
+krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init(krb5_context);
/* Initialize serialization for krb5_keytab */
-krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init
- (krb5_context);
+krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init(krb5_context);
/* Initialize serialization for krb5_ccache */
-krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init
- (krb5_context);
+krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init(krb5_context);
/* Initialize serialization for krb5_rcache */
-krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init
- (krb5_context);
+krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init(krb5_context);
/* [De]serialize 4-byte integer */
-krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32
- (krb5_int32,
- krb5_octet **,
- size_t *);
-krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32
- (krb5_int32 *,
- krb5_octet **,
- size_t *);
+krb5_error_code KRB5_CALLCONV
+krb5_ser_pack_int32(krb5_int32, krb5_octet **, size_t *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_ser_unpack_int32(krb5_int32 *, krb5_octet **, size_t *);
+
/* [De]serialize 8-byte integer */
-krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64
- (krb5_int64, krb5_octet **, size_t *);
-krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64
- (krb5_int64 *, krb5_octet **, size_t *);
+krb5_error_code KRB5_CALLCONV
+krb5_ser_pack_int64(krb5_int64, krb5_octet **, size_t *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_ser_unpack_int64(krb5_int64 *, krb5_octet **, size_t *);
+
/* [De]serialize byte string */
-krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes
- (krb5_octet *,
- size_t,
- krb5_octet **,
- size_t *);
-krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes
- (krb5_octet *,
- size_t,
- krb5_octet **,
- size_t *);
-
-krb5_error_code KRB5_CALLCONV krb5int_cc_default
- (krb5_context, krb5_ccache *);
-
-krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default
- (krb5_context, krb5_ccache, krb5_flags,
- krb5_creds *, krb5_creds *);
+krb5_error_code KRB5_CALLCONV
+krb5_ser_pack_bytes(krb5_octet *, size_t, krb5_octet **, size_t *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_ser_unpack_bytes(krb5_octet *, size_t, krb5_octet **, size_t *);
+
+krb5_error_code KRB5_CALLCONV
+krb5int_cc_default(krb5_context, krb5_ccache *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_retrieve_cred_default(krb5_context, krb5_ccache, krb5_flags,
+ krb5_creds *, krb5_creds *);
krb5_boolean KRB5_CALLCONV
-krb5_creds_compare (krb5_context in_context,
- krb5_creds *in_creds,
- krb5_creds *in_compare_creds);
+krb5_creds_compare(krb5_context in_context, krb5_creds *in_creds,
+ krb5_creds *in_compare_creds);
-void krb5int_set_prompt_types
- (krb5_context, krb5_prompt_type *);
+void
+krb5int_set_prompt_types(krb5_context, krb5_prompt_type *);
krb5_error_code
-krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context,
- krb5_keyblock * /* Old keyblock, not new! */,
- krb5_enctype);
+krb5int_generate_and_save_subkey(krb5_context, krb5_auth_context,
+ krb5_keyblock * /* Old keyblock, not new! */,
+ krb5_enctype);
/* set and change password helpers */
-krb5_error_code krb5int_mk_chpw_req
- (krb5_context context, krb5_auth_context auth_context,
- krb5_data *ap_req, char *passwd, krb5_data *packet);
-krb5_error_code krb5int_rd_chpw_rep
- (krb5_context context, krb5_auth_context auth_context,
- krb5_data *packet, int *result_code,
- krb5_data *result_data);
-krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string
- (krb5_context context, int result_code,
- char **result_codestr);
-krb5_error_code krb5int_mk_setpw_req
- (krb5_context context, krb5_auth_context auth_context,
- krb5_data *ap_req, krb5_principal targetprinc, char *passwd, krb5_data *packet);
-krb5_error_code krb5int_rd_setpw_rep
- (krb5_context context, krb5_auth_context auth_context,
- krb5_data *packet, int *result_code,
- krb5_data *result_data);
-krb5_error_code krb5int_setpw_result_code_string
- (krb5_context context, int result_code,
- const char **result_codestr);
+krb5_error_code
+krb5int_mk_chpw_req(krb5_context context, krb5_auth_context auth_context,
+ krb5_data *ap_req, char *passwd, krb5_data *packet);
+
+krb5_error_code
+krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
+ krb5_data *packet, int *result_code,
+ krb5_data *result_data);
+
+krb5_error_code KRB5_CALLCONV
+krb5_chpw_result_code_string(krb5_context context, int result_code,
+ char **result_codestr);
+
+krb5_error_code
+krb5int_mk_setpw_req(krb5_context context, krb5_auth_context auth_context,
+ krb5_data *ap_req, krb5_principal targetprinc,
+ char *passwd, krb5_data *packet);
+
+krb5_error_code
+krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context,
+ krb5_data *packet, int *result_code,
+ krb5_data *result_data);
+
+krb5_error_code
+krb5int_setpw_result_code_string(krb5_context context, int result_code,
+ const char **result_codestr);
struct srv_dns_entry {
struct srv_dns_entry *next;
#ifdef KRB5_DNS_LOOKUP
krb5_error_code
krb5int_make_srv_query_realm(const krb5_data *realm,
- const char *service,
- const char *protocol,
- struct srv_dns_entry **answers);
+ const char *service,
+ const char *protocol,
+ struct srv_dns_entry **answers);
void krb5int_free_srv_dns_data(struct srv_dns_entry *);
#endif
/*
* Convenience function for structure magic number
*/
-#define KRB5_VERIFY_MAGIC(structure,magic_number) \
+#define KRB5_VERIFY_MAGIC(structure,magic_number) \
if ((structure)->magic != (magic_number)) return (magic_number);
/* to keep lint happy */
#define KRB5INT_ACCESS_STRUCT_VERSION 15
#ifndef ANAME_SZ
-struct ktext; /* from krb.h, for krb524 support */
+struct ktext; /* from krb.h, for krb524 support */
#endif
typedef struct _krb5int_access {
/* crypto stuff */
const struct krb5_hash_provider *md5_hash_provider;
const struct krb5_enc_provider *arcfour_enc_provider;
krb5_error_code (*hmac)(const struct krb5_hash_provider *hash,
- const krb5_keyblock *key,
- unsigned int icount, const krb5_data *input,
- krb5_data *output);
+ const krb5_keyblock *key,
+ unsigned int icount, const krb5_data *input,
+ krb5_data *output);
krb5_error_code (*auth_con_get_subkey_enctype)(krb5_context,
- krb5_auth_context,
- krb5_enctype *);
+ krb5_auth_context,
+ krb5_enctype *);
/* service location and communication */
- krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg,
- const struct addrlist *, struct sendto_callback_info*, krb5_data *reply,
- struct sockaddr *, socklen_t *,struct sockaddr *,
- socklen_t *, int *,
- int (*msg_handler)(krb5_context, const krb5_data *, void *),
- void *msg_handler_data);
+ krb5_error_code (*sendto_udp)(krb5_context, const krb5_data *msg,
+ const struct addrlist *,
+ struct sendto_callback_info *,
+ krb5_data *reply, struct sockaddr *,
+ socklen_t *, struct sockaddr *,
+ socklen_t *, int *,
+ int (*msg_handler)(krb5_context,
+ const krb5_data *,
+ void *),
+ void *msg_handler_data);
krb5_error_code (*add_host_to_list)(struct addrlist *lp,
- const char *hostname,
- int port, int secport,
- int socktype, int family);
- void (*free_addrlist) (struct addrlist *);
+ const char *hostname,
+ int port, int secport,
+ int socktype, int family);
+ void (*free_addrlist)(struct addrlist *);
krb5_error_code (*make_srv_query_realm)(const krb5_data *realm,
- const char *service,
- const char *protocol,
- struct srv_dns_entry **answers);
+ const char *service,
+ const char *protocol,
+ struct srv_dns_entry **answers);
void (*free_srv_dns_data)(struct srv_dns_entry *);
int (*use_dns_kdc)(krb5_context);
- krb5_error_code (*clean_hostname)(krb5_context, const char *, char *, size_t);
+ krb5_error_code (*clean_hostname)(krb5_context, const char *, char *,
+ size_t);
krb5_error_code (*mandatory_cksumtype)(krb5_context, krb5_enctype,
- krb5_cksumtype *);
+ krb5_cksumtype *);
krb5_error_code (KRB5_CALLCONV *ser_pack_int64)(krb5_int64, krb5_octet **,
- size_t *);
+ size_t *);
krb5_error_code (KRB5_CALLCONV *ser_unpack_int64)(krb5_int64 *,
- krb5_octet **, size_t *);
+ krb5_octet **, size_t *);
/* Used for KDB LDAP back end. */
krb5_error_code
- (*asn1_ldap_encode_sequence_of_keys) (const ldap_seqof_key_data *val,
- krb5_data **code);
+ (*asn1_ldap_encode_sequence_of_keys)(const ldap_seqof_key_data *val,
+ krb5_data **code);
krb5_error_code
- (*asn1_ldap_decode_sequence_of_keys) (krb5_data *in,
- ldap_seqof_key_data **);
- /* Used for encrypted challenge fast factor*/
+ (*asn1_ldap_decode_sequence_of_keys)(krb5_data *in,
+ ldap_seqof_key_data **);
+
+ /* Used for encrypted challenge fast factor*/
krb5_error_code (*encode_enc_data)(const krb5_enc_data *, krb5_data **);
krb5_error_code (*decode_enc_data)(const krb5_data *, krb5_enc_data **);
void (*free_enc_data)(krb5_context, krb5_enc_data *);
krb5_error_code (*encode_enc_ts)(const krb5_pa_enc_ts *, krb5_data **);
krb5_error_code (*decode_enc_ts)(const krb5_data *, krb5_pa_enc_ts **);
void (*free_enc_ts)(krb5_context, krb5_pa_enc_ts *);
- krb5_error_code (*encrypt_helper)
- (krb5_context, const krb5_keyblock *, krb5_keyusage, const krb5_data *,
- krb5_enc_data *);
+ krb5_error_code
+ (*encrypt_helper)(krb5_context, const krb5_keyblock *, krb5_keyusage,
+ const krb5_data *, krb5_enc_data *);
/*
* pkinit asn.1 encode/decode functions
*/
- krb5_error_code (*encode_krb5_auth_pack)
- (const krb5_auth_pack *rep, krb5_data **code);
- krb5_error_code (*encode_krb5_auth_pack_draft9)
- (const krb5_auth_pack_draft9 *rep, krb5_data **code);
- krb5_error_code (*encode_krb5_kdc_dh_key_info)
- (const krb5_kdc_dh_key_info *rep, krb5_data **code);
- krb5_error_code (*encode_krb5_pa_pk_as_rep)
- (const krb5_pa_pk_as_rep *rep, krb5_data **code);
- krb5_error_code (*encode_krb5_pa_pk_as_rep_draft9)
- (const krb5_pa_pk_as_rep_draft9 *rep, krb5_data **code);
- krb5_error_code (*encode_krb5_pa_pk_as_req)
- (const krb5_pa_pk_as_req *rep, krb5_data **code);
- krb5_error_code (*encode_krb5_pa_pk_as_req_draft9)
- (const krb5_pa_pk_as_req_draft9 *rep, krb5_data **code);
- krb5_error_code (*encode_krb5_reply_key_pack)
- (const krb5_reply_key_pack *, krb5_data **code);
- krb5_error_code (*encode_krb5_reply_key_pack_draft9)
- (const krb5_reply_key_pack_draft9 *, krb5_data **code);
- krb5_error_code (*encode_krb5_td_dh_parameters)
- (const krb5_algorithm_identifier **, krb5_data **code);
- krb5_error_code (*encode_krb5_td_trusted_certifiers)
- (const krb5_external_principal_identifier **, krb5_data **code);
- krb5_error_code (*encode_krb5_typed_data)
- (const krb5_typed_data **, krb5_data **code);
-
- krb5_error_code (*decode_krb5_auth_pack)
- (const krb5_data *, krb5_auth_pack **);
- krb5_error_code (*decode_krb5_auth_pack_draft9)
- (const krb5_data *, krb5_auth_pack_draft9 **);
- krb5_error_code (*decode_krb5_pa_pk_as_req)
- (const krb5_data *, krb5_pa_pk_as_req **);
- krb5_error_code (*decode_krb5_pa_pk_as_req_draft9)
- (const krb5_data *, krb5_pa_pk_as_req_draft9 **);
- krb5_error_code (*decode_krb5_pa_pk_as_rep)
- (const krb5_data *, krb5_pa_pk_as_rep **);
- krb5_error_code (*decode_krb5_pa_pk_as_rep_draft9)
- (const krb5_data *, krb5_pa_pk_as_rep_draft9 **);
- krb5_error_code (*decode_krb5_kdc_dh_key_info)
- (const krb5_data *, krb5_kdc_dh_key_info **);
- krb5_error_code (*decode_krb5_principal_name)
- (const krb5_data *, krb5_principal_data **);
- krb5_error_code (*decode_krb5_reply_key_pack)
- (const krb5_data *, krb5_reply_key_pack **);
- krb5_error_code (*decode_krb5_reply_key_pack_draft9)
- (const krb5_data *, krb5_reply_key_pack_draft9 **);
- krb5_error_code (*decode_krb5_td_dh_parameters)
- (const krb5_data *, krb5_algorithm_identifier ***);
- krb5_error_code (*decode_krb5_td_trusted_certifiers)
- (const krb5_data *, krb5_external_principal_identifier ***);
- krb5_error_code (*decode_krb5_typed_data)
- (const krb5_data *, krb5_typed_data ***);
-
- krb5_error_code (*decode_krb5_as_req)
- (const krb5_data *output, krb5_kdc_req **rep);
- krb5_error_code (*encode_krb5_kdc_req_body)
- (const krb5_kdc_req *rep, krb5_data **code);
- void (KRB5_CALLCONV *free_kdc_req)
- (krb5_context, krb5_kdc_req * );
- void (*set_prompt_types)
- (krb5_context, krb5_prompt_type *);
- krb5_error_code (*encode_krb5_authdata_elt)
- (const krb5_authdata *rep, krb5_data **code);
+ krb5_error_code
+ (*encode_krb5_auth_pack)(const krb5_auth_pack *rep, krb5_data **code);
- /* Exported for testing only! */
- krb5_error_code (*encode_krb5_sam_response_2)
- (const krb5_sam_response_2 *rep, krb5_data **code);
- krb5_error_code (*encode_krb5_enc_sam_response_enc_2)
- (const krb5_enc_sam_response_enc_2 *rep, krb5_data **code);
+ krb5_error_code
+ (*encode_krb5_auth_pack_draft9)(const krb5_auth_pack_draft9 *rep,
+ krb5_data **code);
+
+ krb5_error_code
+ (*encode_krb5_kdc_dh_key_info)(const krb5_kdc_dh_key_info *rep,
+ krb5_data **code);
+
+ krb5_error_code
+ (*encode_krb5_pa_pk_as_rep)(const krb5_pa_pk_as_rep *rep,
+ krb5_data **code);
+
+ krb5_error_code
+ (*encode_krb5_pa_pk_as_rep_draft9)(const krb5_pa_pk_as_rep_draft9 *rep,
+ krb5_data **code);
+
+ krb5_error_code
+ (*encode_krb5_pa_pk_as_req)(const krb5_pa_pk_as_req *rep,
+ krb5_data **code);
+
+ krb5_error_code
+ (*encode_krb5_pa_pk_as_req_draft9)(const krb5_pa_pk_as_req_draft9 *rep,
+ krb5_data **code);
+
+ krb5_error_code
+ (*encode_krb5_reply_key_pack)(const krb5_reply_key_
+ krb5_data **code);
+
+ krb5_error_code
+ (*encode_krb5_reply_key_pack_draft9)(const krb5_reply_key_pack_draft9 *,
+ krb5_data **code);
+
+ krb5_error_code
+ (*encode_krb5_td_dh_parameters)(const krb5_algorithm_identifier **,
+ krb5_data **code);
+
+ krb5_error_code
+ (*encode_krb5_td_trusted_certifiers)(const
+ krb5_external_principal_identifier **,
+ krb5_data **code);
+ krb5_error_code
+ (*encode_krb5_typed_data)(const krb5_typed_data **, krb5_data **code);
+
+ krb5_error_code
+ (*decode_krb5_auth_pack)(const krb5_data *, krb5_auth_pack **);
+
+ krb5_error_code
+ (*decode_krb5_auth_pack_draft9)(const krb5_data *,
+ krb5_auth_pack_draft9 **);
+
+ krb5_error_code
+ (*decode_krb5_pa_pk_as_req)(const krb5_data *, krb5_pa_pk_as_req **);
+
+ krb5_error_code
+ (*decode_krb5_pa_pk_as_req_draft9)(const krb5_data *,
+ krb5_pa_pk_as_req_draft9 **);
+
+ krb5_error_code
+ (*decode_krb5_pa_pk_as_rep)(const krb5_data *, krb5_pa_pk_as_rep **);
+
+ krb5_error_code
+ (*decode_krb5_pa_pk_as_rep_draft9)(const krb5_data *,
+ krb5_pa_pk_as_rep_draft9 **);
+
+ krb5_error_code
+ (*decode_krb5_kdc_dh_key_info)(const krb5_data *, krb5_kdc_dh_key_info **);
+
+ krb5_error_code
+ (*decode_krb5_principal_name)(const krb5_data *, krb5_principal_data **);
+
+ krb5_error_code
+ (*decode_krb5_reply_key_pack)(const krb5_data *, krb5_reply_key_pack **);
+
+ krb5_error_code
+ (*decode_krb5_reply_key_pack_draft9)(const krb5_data *,
+ krb5_reply_key_pack_draft9 **);
+
+ krb5_error_code
+ (*decode_krb5_td_dh_parameters)(const krb5_data *,
+ krb5_algorithm_identifier ***);
+
+ krb5_error_code
+ (*decode_krb5_td_trusted_certifiers)(const krb5_data *,
+ krb5_external_principal_identifier
+ ***);
+
+ krb5_error_code
+ (*decode_krb5_typed_data)(const krb5_data *, krb5_typed_data ***);
+
+ krb5_error_code
+ (*decode_krb5_as_req)(const krb5_data *output, krb5_kdc_req **rep);
+
+ krb5_error_code
+ (*encode_krb5_kdc_req_body)(const krb5_kdc_req *rep, krb5_data **code);
+
+ void
+ (KRB5_CALLCONV *free_kdc_req)(krb5_context, krb5_kdc_req * );
+ void
+ (*set_prompt_types)(krb5_context, krb5_prompt_type *);
+
+ krb5_error_code
+ (*encode_krb5_authdata_elt)(const krb5_authdata *rep, krb5_data **code);
+
+ /* Exported for testing only! */
+ krb5_error_code
+ (*encode_krb5_sam_response_2)(const krb5_sam_response_2 *rep,
+ krb5_data **code);
+ krb5_error_code
+ (*encode_krb5_enc_sam_response_enc_2)(const
+ krb5_enc_sam_response_enc_2 *rep,
+ krb5_data **code);
} krb5int_access;
-#define KRB5INT_ACCESS_VERSION \
- (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \
- (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF)
+#define KRB5INT_ACCESS_VERSION \
+ (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | \
+ (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF)
-krb5_error_code KRB5_CALLCONV krb5int_accessor
- (krb5int_access*, krb5_int32);
+krb5_error_code KRB5_CALLCONV
+krb5int_accessor(krb5int_access*, krb5_int32);
/* Ick -- some krb524 and krb4 support placed in the krb5 library,
because AFS (and potentially other applications?) use the krb4
struct _krb5_cc_ops {
krb5_magic magic;
char *prefix;
- const char * (KRB5_CALLCONV *get_name) (krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_ccache *,
- const char *);
- krb5_error_code (KRB5_CALLCONV *gen_new) (krb5_context, krb5_ccache *);
- krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_ccache,
- krb5_principal);
- krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_ccache,
- krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *retrieve) (krb5_context, krb5_ccache,
- krb5_flags, krb5_creds *,
- krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *get_princ) (krb5_context, krb5_ccache,
- krb5_principal *);
- krb5_error_code (KRB5_CALLCONV *get_first) (krb5_context, krb5_ccache,
- krb5_cc_cursor *);
- krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_ccache,
- krb5_cc_cursor *, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_ccache,
- krb5_cc_cursor *);
- krb5_error_code (KRB5_CALLCONV *remove_cred) (krb5_context, krb5_ccache,
- krb5_flags, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *set_flags) (krb5_context, krb5_ccache,
- krb5_flags);
- krb5_error_code (KRB5_CALLCONV *get_flags) (krb5_context, krb5_ccache,
- krb5_flags *);
+ const char * (KRB5_CALLCONV *get_name)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, krb5_ccache *,
+ const char *);
+ krb5_error_code (KRB5_CALLCONV *gen_new)(krb5_context, krb5_ccache *);
+ krb5_error_code (KRB5_CALLCONV *init)(krb5_context, krb5_ccache,
+ krb5_principal);
+ krb5_error_code (KRB5_CALLCONV *destroy)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *store)(krb5_context, krb5_ccache,
+ krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *retrieve)(krb5_context, krb5_ccache,
+ krb5_flags, krb5_creds *,
+ krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *get_princ)(krb5_context, krb5_ccache,
+ krb5_principal *);
+ krb5_error_code (KRB5_CALLCONV *get_first)(krb5_context, krb5_ccache,
+ krb5_cc_cursor *);
+ krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_ccache,
+ krb5_cc_cursor *, krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_ccache,
+ krb5_cc_cursor *);
+ krb5_error_code (KRB5_CALLCONV *remove_cred)(krb5_context, krb5_ccache,
+ krb5_flags, krb5_creds *);
+ krb5_error_code (KRB5_CALLCONV *set_flags)(krb5_context, krb5_ccache,
+ krb5_flags);
+ krb5_error_code (KRB5_CALLCONV *get_flags)(krb5_context, krb5_ccache,
+ krb5_flags *);
krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context,
- krb5_cc_ptcursor *);
+ krb5_cc_ptcursor *);
krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context,
- krb5_cc_ptcursor,
- krb5_ccache *);
+ krb5_cc_ptcursor,
+ krb5_ccache *);
krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context,
- krb5_cc_ptcursor *);
+ krb5_cc_ptcursor *);
krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache,
- krb5_ccache);
+ krb5_ccache);
krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
- krb5_ccache, krb5_timestamp *);
+ krb5_ccache, krb5_timestamp *);
krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
- krb5_timestamp *);
+ krb5_timestamp *);
krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache);
krb5_error_code (KRB5_CALLCONV *unlock)(krb5_context, krb5_ccache);
};
typedef struct _krb5_donot_replay {
krb5_magic magic;
krb5_ui_4 hash;
- char *server; /* null-terminated */
- char *client; /* null-terminated */
- char *msghash; /* null-terminated */
+ char *server; /* null-terminated */
+ char *client; /* null-terminated */
+ char *msghash; /* null-terminated */
krb5_int32 cusec;
krb5_timestamp ctime;
} krb5_donot_replay;
-krb5_error_code krb5_rc_default
- (krb5_context,
- krb5_rcache *);
-krb5_error_code krb5_rc_resolve_type
- (krb5_context,
- krb5_rcache *,char *);
-krb5_error_code krb5_rc_resolve_full
- (krb5_context,
- krb5_rcache *,char *);
-char * krb5_rc_get_type
- (krb5_context,
- krb5_rcache);
-char * krb5_rc_default_type
- (krb5_context);
-char * krb5_rc_default_name
- (krb5_context);
-krb5_error_code krb5_auth_to_rep
- (krb5_context,
- krb5_tkt_authent *,
- krb5_donot_replay *);
-krb5_error_code krb5_rc_hash_message
- (krb5_context context,
- const krb5_data *message, char **out);
-
-
-krb5_error_code KRB5_CALLCONV krb5_rc_initialize
- (krb5_context, krb5_rcache,krb5_deltat);
-krb5_error_code KRB5_CALLCONV krb5_rc_recover_or_initialize
- (krb5_context, krb5_rcache,krb5_deltat);
-krb5_error_code KRB5_CALLCONV krb5_rc_recover
- (krb5_context, krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_destroy
- (krb5_context, krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_close
- (krb5_context, krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_store
- (krb5_context, krb5_rcache,krb5_donot_replay *);
-krb5_error_code KRB5_CALLCONV krb5_rc_expunge
- (krb5_context, krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan
- (krb5_context, krb5_rcache,krb5_deltat *);
-char *KRB5_CALLCONV krb5_rc_get_name
- (krb5_context, krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_resolve
- (krb5_context, krb5_rcache, char *);
+krb5_error_code krb5_rc_default(krb5_context, krb5_rcache *);
+krb5_error_code krb5_rc_resolve_type(krb5_context, krb5_rcache *,char *);
+krb5_error_code krb5_rc_resolve_full(krb5_context, krb5_rcache *,char *);
+char *krb5_rc_get_type(krb5_context, krb5_rcache);
+char *krb5_rc_default_type(krb5_context);
+char *krb5_rc_default_name(krb5_context);
+krb5_error_code krb5_auth_to_rep(krb5_context, krb5_tkt_authent *,
+ krb5_donot_replay *);
+krb5_error_code krb5_rc_hash_message(krb5_context context,
+ const krb5_data *message, char **out);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_initialize(krb5_context, krb5_rcache, krb5_deltat);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_recover_or_initialize(krb5_context, krb5_rcache,krb5_deltat);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_recover(krb5_context, krb5_rcache);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_destroy(krb5_context, krb5_rcache);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_close(krb5_context, krb5_rcache);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_store(krb5_context, krb5_rcache, krb5_donot_replay *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_expunge(krb5_context, krb5_rcache);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_get_lifespan(krb5_context, krb5_rcache,krb5_deltat *);
+char *KRB5_CALLCONV
+krb5_rc_get_name(krb5_context, krb5_rcache);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_resolve(krb5_context, krb5_rcache, char *);
+
+/*
+ * This structure was exposed and used in macros in krb5 1.2, so do not
+ * change its ABI.
+ */
typedef struct _krb5_kt_ops {
krb5_magic magic;
char *prefix;
+
/* routines always present */
- krb5_error_code (KRB5_CALLCONV *resolve)
- (krb5_context,
- const char *,
- krb5_keytab *);
- krb5_error_code (KRB5_CALLCONV *get_name)
- (krb5_context,
- krb5_keytab,
- char *,
- unsigned int);
- krb5_error_code (KRB5_CALLCONV *close)
- (krb5_context,
- krb5_keytab);
- krb5_error_code (KRB5_CALLCONV *get)
- (krb5_context,
- krb5_keytab,
- krb5_const_principal,
- krb5_kvno,
- krb5_enctype,
- krb5_keytab_entry *);
- krb5_error_code (KRB5_CALLCONV *start_seq_get)
- (krb5_context,
- krb5_keytab,
- krb5_kt_cursor *);
- krb5_error_code (KRB5_CALLCONV *get_next)
- (krb5_context,
- krb5_keytab,
- krb5_keytab_entry *,
- krb5_kt_cursor *);
- krb5_error_code (KRB5_CALLCONV *end_get)
- (krb5_context,
- krb5_keytab,
- krb5_kt_cursor *);
+ krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, const char *,
+ krb5_keytab *);
+ krb5_error_code (KRB5_CALLCONV *get_name)(krb5_context, krb5_keytab,
+ char *, unsigned int);
+ krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_keytab);
+ krb5_error_code (KRB5_CALLCONV *get)(krb5_context, krb5_keytab,
+ krb5_const_principal, krb5_kvno,
+ krb5_enctype, krb5_keytab_entry *);
+ krb5_error_code (KRB5_CALLCONV *start_seq_get)(krb5_context, krb5_keytab,
+ krb5_kt_cursor *);
+ krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_keytab,
+ krb5_keytab_entry *,
+ krb5_kt_cursor *);
+ krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_keytab,
+ krb5_kt_cursor *);
/* routines to be included on extended version (write routines) */
- krb5_error_code (KRB5_CALLCONV *add)
- (krb5_context,
- krb5_keytab,
- krb5_keytab_entry *);
- krb5_error_code (KRB5_CALLCONV *remove)
- (krb5_context,
- krb5_keytab,
- krb5_keytab_entry *);
+ krb5_error_code (KRB5_CALLCONV *add)(krb5_context, krb5_keytab,
+ krb5_keytab_entry *);
+ krb5_error_code (KRB5_CALLCONV *remove)(krb5_context, krb5_keytab,
+ krb5_keytab_entry *);
/* Handle for serializer */
const krb5_ser_entry *serializer;
extern const krb5_kt_ops krb5_kt_dfl_ops;
-extern krb5_error_code krb5int_translate_gai_error (int);
+extern krb5_error_code krb5int_translate_gai_error(int);
/* Not sure it's ready for exposure just yet. */
extern krb5_error_code
-krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *);
+krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
extern int krb5int_crypto_init (void);
extern int krb5int_prng_init(void);
/*
* Referral definitions, debugging hooks, and subfunctions.
*/
-#define KRB5_REFERRAL_MAXHOPS 10
+#define KRB5_REFERRAL_MAXHOPS 10
/* #define DEBUG_REFERRALS */
#ifdef DEBUG_REFERRALS
#endif
/* Common hostname-parsing code. */
-krb5_error_code KRB5_CALLCONV krb5int_clean_hostname
- (krb5_context,
- const char *,
- char *,
- size_t);
+krb5_error_code KRB5_CALLCONV
+krb5int_clean_hostname(krb5_context, const char *, char *, size_t);
krb5_error_code
krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
- const krb5_data *input, krb5_data *output);
+ const krb5_data *input, krb5_data *output);
krb5_error_code
krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
- const krb5_data *input, krb5_data *output);
+ const krb5_data *input, krb5_data *output);
-struct _krb5_kt { /* should move into k5-int.h */
+struct _krb5_kt { /* should move into k5-int.h */
krb5_magic magic;
const struct _krb5_kt_ops *ops;
krb5_pointer data;
};
-krb5_error_code krb5_set_default_in_tkt_ktypes
- (krb5_context,
- const krb5_enctype *);
-krb5_error_code krb5_get_default_in_tkt_ktypes
- (krb5_context,
- krb5_enctype **);
+krb5_error_code krb5_set_default_in_tkt_ktypes(krb5_context,
+ const krb5_enctype *);
+
+krb5_error_code krb5_get_default_in_tkt_ktypes(krb5_context, krb5_enctype **);
-krb5_error_code krb5_set_default_tgs_ktypes
- (krb5_context,
- const krb5_enctype *);
+krb5_error_code krb5_set_default_tgs_ktypes(krb5_context,
+ const krb5_enctype *);
-krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes
- (krb5_context,
- krb5_const_principal,
- krb5_enctype **);
+krb5_error_code KRB5_CALLCONV
+krb5_get_tgs_ktypes(krb5_context, krb5_const_principal, krb5_enctype **);
-void KRB5_CALLCONV krb5_free_ktypes
- (krb5_context, krb5_enctype *);
+void KRB5_CALLCONV krb5_free_ktypes(krb5_context, krb5_enctype *);
-krb5_boolean krb5_is_permitted_enctype
- (krb5_context, krb5_enctype);
+krb5_boolean krb5_is_permitted_enctype(krb5_context, krb5_enctype);
typedef struct
{
- krb5_enctype *etype;
- krb5_boolean *etype_ok;
- krb5_int32 etype_count;
+ krb5_enctype *etype;
+ krb5_boolean *etype_ok;
+ krb5_int32 etype_count;
} krb5_etypes_permitted;
-krb5_boolean krb5_is_permitted_enctype_ext
- ( krb5_context, krb5_etypes_permitted *);
+krb5_boolean krb5_is_permitted_enctype_ext(krb5_context,
+ krb5_etypes_permitted *);
krb5_boolean KRB5_CALLCONV krb5int_c_weak_enctype(krb5_enctype);
-krb5_error_code krb5_kdc_rep_decrypt_proc
- (krb5_context,
- const krb5_keyblock *,
- krb5_const_pointer,
- krb5_kdc_rep * );
-krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part
- (krb5_context,
- const krb5_keyblock *,
- krb5_ticket * );
-krb5_error_code krb5_get_cred_from_kdc
- (krb5_context,
- krb5_ccache, /* not const, as reading may save
- state */
- krb5_creds *,
- krb5_creds **,
- krb5_creds *** );
-krb5_error_code krb5_get_cred_from_kdc_validate
- (krb5_context,
- krb5_ccache, /* not const, as reading may save
- state */
- krb5_creds *,
- krb5_creds **,
- krb5_creds *** );
-krb5_error_code krb5_get_cred_from_kdc_renew
- (krb5_context,
- krb5_ccache, /* not const, as reading may save
- state */
- krb5_creds *,
- krb5_creds **,
- krb5_creds *** );
-
-krb5_error_code krb5_get_cred_via_tkt
- (krb5_context,
- krb5_creds *,
- krb5_flags,
- krb5_address * const *,
- krb5_creds *,
- krb5_creds **);
-
-krb5_error_code KRB5_CALLCONV krb5_copy_addr
- (krb5_context,
- const krb5_address *,
- krb5_address **);
-
-void krb5_init_ets
- (krb5_context);
-void krb5_free_ets
- (krb5_context);
-krb5_error_code krb5_generate_subkey
- (krb5_context,
- const krb5_keyblock *, krb5_keyblock **);
-krb5_error_code krb5_generate_subkey_extended
- (krb5_context,
- const krb5_keyblock *,
- krb5_enctype,
- krb5_keyblock **);
-krb5_error_code krb5_generate_seq_number
- (krb5_context,
- const krb5_keyblock *, krb5_ui_4 *);
-
-krb5_error_code KRB5_CALLCONV krb5_kt_register
- (krb5_context,
- const struct _krb5_kt_ops * );
+krb5_error_code krb5_kdc_rep_decrypt_proc(krb5_context, const krb5_keyblock *,
+ krb5_const_pointer, krb5_kdc_rep *);
+krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part(krb5_context,
+ const krb5_keyblock *,
+ krb5_ticket * );
+krb5_error_code krb5_get_cred_from_kdc(krb5_context, krb5_ccache,
+ krb5_creds *, krb5_creds **,
+ krb5_creds *** );
+krb5_error_code krb5_get_cred_from_kdc_validate(krb5_context, krb5_ccache,
+ krb5_creds *, krb5_creds **,
+ krb5_creds *** );
+krb5_error_code krb5_get_cred_from_kdc_renew(krb5_context, krb5_ccache,
+ krb5_creds *, krb5_creds **,
+ krb5_creds *** );
+
+krb5_error_code krb5_get_cred_via_tkt(krb5_context, krb5_creds *, krb5_flags,
+ krb5_address *const *, krb5_creds *,
+ krb5_creds **);
+
+krb5_error_code KRB5_CALLCONV krb5_copy_addr(krb5_context,
+ const krb5_address *,
+ krb5_address **);
+
+void krb5_init_ets(krb5_context);
+void krb5_free_ets(krb5_context);
+krb5_error_code krb5_generate_subkey(krb5_context, const krb5_keyblock *,
+ krb5_keyblock **);
+krb5_error_code krb5_generate_subkey_extended(krb5_context,
+ const krb5_keyblock *,
+ krb5_enctype, krb5_keyblock **);
+krb5_error_code krb5_generate_seq_number(krb5_context, const krb5_keyblock *,
+ krb5_ui_4 *);
+
+krb5_error_code KRB5_CALLCONV krb5_kt_register(krb5_context,
+ const struct _krb5_kt_ops *);
/* use krb5_free_keytab_entry_contents instead */
-krb5_error_code KRB5_CALLCONV krb5_kt_free_entry
- (krb5_context,
- krb5_keytab_entry * );
+krb5_error_code KRB5_CALLCONV krb5_kt_free_entry(krb5_context,
+ krb5_keytab_entry * );
-krb5_error_code krb5_principal2salt_norealm
- (krb5_context,
- krb5_const_principal, krb5_data *);
+krb5_error_code krb5_principal2salt_norealm(krb5_context, krb5_const_principal,
+ krb5_data *);
-unsigned int KRB5_CALLCONV krb5_get_notification_message
- (void);
+unsigned int KRB5_CALLCONV krb5_get_notification_message(void);
/* chk_trans.c */
-krb5_error_code krb5_check_transited_list
- (krb5_context, const krb5_data *trans,
- const krb5_data *realm1, const krb5_data *realm2);
+krb5_error_code krb5_check_transited_list(krb5_context, const krb5_data *trans,
+ const krb5_data *realm1,
+ const krb5_data *realm2);
/* free_rtree.c */
-void krb5_free_realm_tree
- (krb5_context,
- krb5_principal *);
-
-void KRB5_CALLCONV krb5_free_authenticator_contents
- (krb5_context, krb5_authenticator * );
-
-void KRB5_CALLCONV krb5_free_address
- (krb5_context, krb5_address * );
-
-void KRB5_CALLCONV krb5_free_enc_tkt_part
- (krb5_context, krb5_enc_tkt_part * );
-
-void KRB5_CALLCONV krb5_free_tickets
- (krb5_context, krb5_ticket ** );
-void KRB5_CALLCONV krb5_free_kdc_req
- (krb5_context, krb5_kdc_req * );
-void KRB5_CALLCONV krb5_free_kdc_rep
- (krb5_context, krb5_kdc_rep * );
-void KRB5_CALLCONV krb5_free_last_req
- (krb5_context, krb5_last_req_entry ** );
-void KRB5_CALLCONV krb5_free_enc_kdc_rep_part
- (krb5_context, krb5_enc_kdc_rep_part * );
-void KRB5_CALLCONV krb5_free_ap_req
- (krb5_context, krb5_ap_req * );
-void KRB5_CALLCONV krb5_free_ap_rep
- (krb5_context, krb5_ap_rep * );
-void KRB5_CALLCONV krb5_free_cred
- (krb5_context, krb5_cred *);
-void KRB5_CALLCONV krb5_free_cred_enc_part
- (krb5_context, krb5_cred_enc_part *);
-void KRB5_CALLCONV krb5_free_pa_data
- (krb5_context, krb5_pa_data **);
-void KRB5_CALLCONV krb5_free_tkt_authent
- (krb5_context, krb5_tkt_authent *);
-void KRB5_CALLCONV krb5_free_pwd_data
- (krb5_context, krb5_pwd_data *);
-void KRB5_CALLCONV krb5_free_pwd_sequences
- (krb5_context, passwd_phrase_element **);
-void KRB5_CALLCONV krb5_free_passwd_phrase_element
- (krb5_context, passwd_phrase_element *);
-void KRB5_CALLCONV krb5_free_alt_method
- (krb5_context, krb5_alt_method *);
-void KRB5_CALLCONV krb5_free_enc_data
- (krb5_context, krb5_enc_data *);
-krb5_error_code krb5_set_config_files
- (krb5_context, const char **);
-
-krb5_error_code KRB5_CALLCONV krb5_get_default_config_files
- (char ***filenames);
-
-void KRB5_CALLCONV krb5_free_config_files
- (char **filenames);
-krb5_error_code krb5int_send_tgs
- (krb5_context,
- krb5_flags,
- const krb5_ticket_times *,
- const krb5_enctype *,
- krb5_const_principal,
- krb5_address * const *,
- krb5_authdata * const *,
- krb5_pa_data * const *,
- const krb5_data *,
- krb5_creds *,
- krb5_error_code (*gcvt_fct)(krb5_context,
- krb5_keyblock *,
- krb5_kdc_req *,
- void *),
- void *gcvt_data,
- krb5_response * , krb5_keyblock **subkey);
- /* The subkey field is an output parameter; if a
- * tgs-rep is received then the subkey will be filled
- * in with the subkey needed to decrypt the TGS
- * response. Otherwise it will be set to null.
- */
-krb5_error_code krb5int_decode_tgs_rep
- (krb5_context,
- krb5_data *,
- const krb5_keyblock *, krb5_keyusage,
- krb5_kdc_rep ** );
-krb5_error_code krb5int_find_authdata
-(krb5_context context, krb5_authdata *const * ticket_authdata,
- krb5_authdata * const *ap_req_authdata,
- krb5_authdatatype ad_type,
- krb5_authdata ***results);
-
-krb5_error_code krb5_rd_req_decoded
- (krb5_context,
- krb5_auth_context *,
- const krb5_ap_req *,
- krb5_const_principal,
- krb5_keytab,
- krb5_flags *,
- krb5_ticket **);
-
-krb5_error_code krb5_rd_req_decoded_anyflag
- (krb5_context,
- krb5_auth_context *,
- const krb5_ap_req *,
- krb5_const_principal,
- krb5_keytab,
- krb5_flags *,
- krb5_ticket **);
-
-krb5_error_code KRB5_CALLCONV krb5_cc_register
- (krb5_context,
- const krb5_cc_ops *,
- krb5_boolean );
-krb5_error_code krb5_walk_realm_tree
- (krb5_context,
- const krb5_data *,
- const krb5_data *,
- krb5_principal **,
- int);
-krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype
- (krb5_context,
- krb5_auth_context,
- krb5_cksumtype);
-
-krb5_error_code krb5_auth_con_set_safe_cksumtype
- (krb5_context,
- krb5_auth_context,
- krb5_cksumtype);
-krb5_error_code krb5_auth_con_setivector
- (krb5_context,
- krb5_auth_context,
- krb5_pointer);
-
-krb5_error_code krb5_auth_con_getivector
- (krb5_context,
- krb5_auth_context,
- krb5_pointer *);
-
-krb5_error_code krb5_auth_con_setpermetypes
- (krb5_context,
- krb5_auth_context,
- const krb5_enctype *);
-
-krb5_error_code krb5_auth_con_getpermetypes
- (krb5_context,
- krb5_auth_context,
- krb5_enctype **);
-
-krb5_error_code krb5_auth_con_get_subkey_enctype
- (krb5_context context,
- krb5_auth_context,
- krb5_enctype *);
-
-krb5_error_code
-krb5_auth_con_get_authdata_context
- (krb5_context context,
- krb5_auth_context auth_context,
- krb5_authdata_context *ad_context);
-
-krb5_error_code
-krb5_auth_con_set_authdata_context
- (krb5_context context,
- krb5_auth_context auth_context,
- krb5_authdata_context ad_context);
+void krb5_free_realm_tree(krb5_context, krb5_principal *);
+
+void KRB5_CALLCONV krb5_free_authenticator_contents(krb5_context,
+ krb5_authenticator *);
+
+void KRB5_CALLCONV krb5_free_address(krb5_context, krb5_address *);
+
+void KRB5_CALLCONV krb5_free_enc_tkt_part(krb5_context, krb5_enc_tkt_part *);
+
+void KRB5_CALLCONV krb5_free_tickets(krb5_context, krb5_ticket **);
+void KRB5_CALLCONV krb5_free_kdc_req(krb5_context, krb5_kdc_req *);
+void KRB5_CALLCONV krb5_free_kdc_rep(krb5_context, krb5_kdc_rep *);
+void KRB5_CALLCONV krb5_free_last_req(krb5_context, krb5_last_req_entry **);
+void KRB5_CALLCONV krb5_free_enc_kdc_rep_part(krb5_context,
+ krb5_enc_kdc_rep_part *);
+void KRB5_CALLCONV krb5_free_ap_req(krb5_context, krb5_ap_req *);
+void KRB5_CALLCONV krb5_free_ap_rep(krb5_context, krb5_ap_rep *);
+void KRB5_CALLCONV krb5_free_cred(krb5_context, krb5_cred *);
+void KRB5_CALLCONV krb5_free_cred_enc_part(krb5_context, krb5_cred_enc_part *);
+void KRB5_CALLCONV krb5_free_pa_data(krb5_context, krb5_pa_data **);
+void KRB5_CALLCONV krb5_free_tkt_authent(krb5_context, krb5_tkt_authent *);
+void KRB5_CALLCONV krb5_free_pwd_data(krb5_context, krb5_pwd_data *);
+void KRB5_CALLCONV krb5_free_pwd_sequences(krb5_context,
+ passwd_phrase_element **);
+void KRB5_CALLCONV krb5_free_passwd_phrase_element(krb5_context,
+ passwd_phrase_element *);
+void KRB5_CALLCONV krb5_free_alt_method(krb5_context, krb5_alt_method *);
+void KRB5_CALLCONV krb5_free_enc_data(krb5_context, krb5_enc_data *);
+krb5_error_code krb5_set_config_files(krb5_context, const char **);
+
+krb5_error_code KRB5_CALLCONV krb5_get_default_config_files(char ***filenames);
+
+void KRB5_CALLCONV krb5_free_config_files(char **filenames);
+krb5_error_code krb5int_send_tgs(krb5_context, krb5_flags,
+ const krb5_ticket_times *,
+ const krb5_enctype *,
+ krb5_const_principal, krb5_address *const *,
+ krb5_authdata *const *,
+ krb5_pa_data *const *, const krb5_data *,
+ krb5_creds *,
+ krb5_error_code (*gcvt_fct)(krb5_context,
+ krb5_keyblock *,
+ krb5_kdc_req *,
+ void *),
+ void *gcvt_data, krb5_response *
+ krb5_keyblock **subkey);
+/* The subkey field is an output parameter; if a
+ * tgs-rep is received then the subkey will be filled
+ * in with the subkey needed to decrypt the TGS
+ * response. Otherwise it will be set to null.
+ */
+krb5_error_code krb5int_decode_tgs_rep(krb5_context, krb5_data *,
+ const krb5_keyblock *, krb5_keyusage,
+ krb5_kdc_rep ** );
+
+krb5_error_code krb5int_find_authdata(krb5_context context,
+ krb5_authdata *const *ticket_authdata,
+ krb5_authdata *const *ap_req_authdata,
+ krb5_authdatatype ad_type,
+ krb5_authdata ***results);
+
+krb5_error_code krb5_rd_req_decoded(krb5_context, krb5_auth_context *,
+ const krb5_ap_req *, krb5_const_principal,
+ krb5_keytab, krb5_flags *, krb5_ticket **);
+
+krb5_error_code krb5_rd_req_decoded_anyflag(krb5_context, krb5_auth_context *,
+ const krb5_ap_req *,
+ krb5_const_principal, krb5_keytab,
+ krb5_flags *, krb5_ticket **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_register(krb5_context, const krb5_cc_ops *, krb5_boolean );
+
+krb5_error_code krb5_walk_realm_tree(krb5_context, const krb5_data *,
+ const krb5_data *, krb5_principal **,
+ int);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_set_req_cksumtype(krb5_context, krb5_auth_context,
+ krb5_cksumtype);
+
+krb5_error_code
+krb5_auth_con_set_safe_cksumtype(krb5_context, krb5_auth_context,
+ krb5_cksumtype);
+
+krb5_error_code krb5_auth_con_setivector(krb5_context, krb5_auth_context,
+ krb5_pointer);
+
+krb5_error_code krb5_auth_con_getivector(krb5_context, krb5_auth_context,
+ krb5_pointer *);
+
+krb5_error_code krb5_auth_con_setpermetypes(krb5_context, krb5_auth_context,
+ const krb5_enctype *);
+
+krb5_error_code krb5_auth_con_getpermetypes(krb5_context, krb5_auth_context,
+ krb5_enctype **);
+
+krb5_error_code krb5_auth_con_get_subkey_enctype(krb5_context context,
+ krb5_auth_context,
+ krb5_enctype *);
+
+krb5_error_code
+krb5_auth_con_get_authdata_context(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_authdata_context *ad_context);
+
+krb5_error_code
+krb5_auth_con_set_authdata_context(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_authdata_context ad_context);
krb5_error_code KRB5_CALLCONV
-krb5int_server_decrypt_ticket_keyblock
- (krb5_context context,
- const krb5_keyblock *key,
- krb5_ticket *ticket);
-
-krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *);
-krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *);
-krb5_error_code krb5int_write_messages (krb5_context, krb5_pointer, krb5_data *, int);
-int krb5_net_read (krb5_context, int , char *, int);
-int krb5_net_write (krb5_context, int , const char *, int);
-
-krb5_error_code KRB5_CALLCONV krb5_get_realm_domain
- (krb5_context,
- const char *,
- char ** );
-
-krb5_error_code krb5_gen_portaddr
- (krb5_context,
- const krb5_address *,
- krb5_const_pointer,
- krb5_address **);
-krb5_error_code krb5_gen_replay_name
- (krb5_context,
- const krb5_address *,
- const char *,
- char **);
-krb5_error_code krb5_make_fulladdr
- (krb5_context,
- krb5_address *,
- krb5_address *,
- krb5_address *);
-
-krb5_error_code krb5_set_debugging_time
- (krb5_context, krb5_timestamp, krb5_int32);
-krb5_error_code krb5_use_natural_time
- (krb5_context);
-krb5_error_code krb5_set_time_offsets
- (krb5_context, krb5_timestamp, krb5_int32);
+krb5int_server_decrypt_ticket_keyblock(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_ticket *ticket);
+
+krb5_error_code krb5_read_message(krb5_context, krb5_pointer, krb5_data *);
+krb5_error_code krb5_write_message(krb5_context, krb5_pointer, krb5_data *);
+krb5_error_code krb5int_write_messages(krb5_context, krb5_pointer, krb5_data *,
+ int);
+int krb5_net_read(krb5_context, int , char *, int);
+int krb5_net_write(krb5_context, int , const char *, int);
+
+krb5_error_code KRB5_CALLCONV krb5_get_realm_domain(krb5_context,
+ const char *, char ** );
+
+krb5_error_code krb5_gen_portaddr(krb5_context, const krb5_address *,
+ krb5_const_pointer, krb5_address **);
+
+krb5_error_code krb5_gen_replay_name(krb5_context, const krb5_address *,
+ const char *, char **);
+krb5_error_code krb5_make_fulladdr(krb5_context, krb5_address *,
+ krb5_address *, krb5_address *);
+
+krb5_error_code krb5_set_debugging_time(krb5_context, krb5_timestamp,
+ krb5_int32);
+krb5_error_code krb5_use_natural_time(krb5_context);
+krb5_error_code krb5_set_time_offsets(krb5_context, krb5_timestamp,
+ krb5_int32);
krb5_error_code krb5int_check_clockskew(krb5_context, krb5_timestamp);
/*
* The realm iterator functions
*/
-krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create
- (krb5_context context, void **iter_p);
+krb5_error_code KRB5_CALLCONV
+krb5_realm_iterator_create(krb5_context context, void **iter_p);
-krb5_error_code KRB5_CALLCONV krb5_realm_iterator
- (krb5_context context, void **iter_p, char **ret_realm);
+krb5_error_code KRB5_CALLCONV
+krb5_realm_iterator(krb5_context context, void **iter_p, char **ret_realm);
-void KRB5_CALLCONV krb5_realm_iterator_free
- (krb5_context context, void **iter_p);
+void KRB5_CALLCONV
+krb5_realm_iterator_free(krb5_context context, void **iter_p);
-void KRB5_CALLCONV krb5_free_realm_string
- (krb5_context context, char *str);
+void KRB5_CALLCONV krb5_free_realm_string(krb5_context context, char *str);
/* Internal principal function used by KIM to avoid code duplication */
krb5_error_code KRB5_CALLCONV
data_eq(krb5_data d1, krb5_data d2)
{
return (d1.length == d2.length
- && !memcmp(d1.data, d2.data, d1.length));
+ && !memcmp(d1.data, d2.data, d1.length));
}
static inline krb5_data
authdata_eq(krb5_authdata a1, krb5_authdata a2)
{
return (a1.ad_type == a2.ad_type
- && a1.length == a2.length
- && !memcmp(a1.contents, a2.contents, a1.length));
+ && a1.length == a2.length
+ && !memcmp(a1.contents, a2.contents, a1.length));
}
/* Allocate zeroed memory; set *code to 0 on success or ENOMEM on failure. */
krb5_error_code KRB5_CALLCONV
krb5int_pac_sign(krb5_context context,
- krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server_key,
- const krb5_keyblock *privsvr_key,
- krb5_data *data);
+ krb5_pac pac,
+ krb5_timestamp authtime,
+ krb5_const_principal principal,
+ const krb5_keyblock *server_key,
+ const krb5_keyblock *privsvr_key,
+ krb5_data *data);
krb5_error_code KRB5_CALLCONV
krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
- krb5_ccache ccache,
- krb5_creds *in_creds,
- krb5_data *cert,
- krb5_creds **out_creds);
+ krb5_ccache ccache,
+ krb5_creds *in_creds,
+ krb5_data *cert,
+ krb5_creds **out_creds);
krb5_error_code KRB5_CALLCONV
krb5_get_credentials_for_proxy(krb5_context context,
- krb5_flags options,
- krb5_ccache ccache,
- krb5_creds *in_creds,
- krb5_ticket *evidence_tkt,
- krb5_creds **out_creds);
+ krb5_flags options,
+ krb5_ccache ccache,
+ krb5_creds *in_creds,
+ krb5_ticket *evidence_tkt,
+ krb5_creds **out_creds);
krb5_error_code KRB5_CALLCONV
krb5int_get_authdata_containee_types(krb5_context context,
- const krb5_authdata *container,
- unsigned int *nad_types,
- krb5_authdatatype **ad_types);
+ const krb5_authdata *container,
+ unsigned int *nad_types,
+ krb5_authdatatype **ad_types);
krb5_error_code krb5int_parse_enctype_list(krb5_context context, char *profstr,
- krb5_enctype *default_list,
- krb5_enctype **result);
+ krb5_enctype *default_list,
+ krb5_enctype **result);
#ifdef DEBUG_ERROR_LOCATIONS
-#define krb5_set_error_message(ctx, code, ...) \
+#define krb5_set_error_message(ctx, code, ...) \
krb5_set_error_message_fl(ctx, code, __FILE__, __LINE__, __VA_ARGS__)
#endif
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* $Header$
*
const char *krb5int_ipc_stream_data (k5_ipc_stream in_stream);
uint32_t krb5int_ipc_stream_read (k5_ipc_stream in_stream,
- void *io_data,
- uint64_t in_size);
+ void *io_data,
+ uint64_t in_size);
uint32_t krb5int_ipc_stream_write (k5_ipc_stream in_stream,
- const void *in_data,
- uint64_t in_size);
+ const void *in_data,
+ uint64_t in_size);
uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream io_stream,
- char **out_string);
+ char **out_string);
uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream io_stream,
- const char *in_string);
+ const char *in_string);
void krb5int_ipc_stream_free_string (char *in_string);
uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream io_stream,
- int32_t *out_int32);
+ int32_t *out_int32);
uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream,
- int32_t in_int32);
+ int32_t in_int32);
uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream io_stream,
- uint32_t *out_uint32);
+ uint32_t *out_uint32);
uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream,
- uint32_t in_uint32);
+ uint32_t in_uint32);
uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream io_stream,
- int64_t *out_int64);
+ int64_t *out_int64);
uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream,
- int64_t in_int64);
+ int64_t in_int64);
uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream io_stream,
- uint64_t *out_uint64);
+ uint64_t *out_uint64);
uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream,
- uint64_t in_uint64);
+ uint64_t in_uint64);
#endif /* K5_IPC_STREAM_H */
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* k5-platform.h
*
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
# include "k5-thread.h"
typedef struct { k5_once_t once; int error, did_run; void (*fn)(void); } k5_init_t;
# ifdef USE_LINKER_INIT_OPTION
-# define MAYBE_DUMMY_INIT(NAME) \
- void JOIN__2(NAME, auxinit) () { }
+# define MAYBE_DUMMY_INIT(NAME) \
+ void JOIN__2(NAME, auxinit) () { }
# else
# define MAYBE_DUMMY_INIT(NAME)
# endif
# ifdef __GNUC__
/* Do it in macro form so we get the file/line of the invocation if
the assertion fails. */
-# define k5_call_init_function(I) \
- (__extension__ ({ \
- k5_init_t *k5int_i = (I); \
- int k5int_err = k5_once(&k5int_i->once, k5int_i->fn); \
- (k5int_err \
- ? k5int_err \
- : (assert(k5int_i->did_run != 0), k5int_i->error)); \
- }))
+# define k5_call_init_function(I) \
+ (__extension__ ({ \
+ k5_init_t *k5int_i = (I); \
+ int k5int_err = k5_once(&k5int_i->once, k5int_i->fn); \
+ (k5int_err \
+ ? k5int_err \
+ : (assert(k5int_i->did_run != 0), k5int_i->error)); \
+ }))
# define MAYBE_DEFINE_CALLINIT_FUNCTION
# else
-# define MAYBE_DEFINE_CALLINIT_FUNCTION \
- static inline int k5_call_init_function(k5_init_t *i) \
- { \
- int err; \
- err = k5_once(&i->once, i->fn); \
- if (err) \
- return err; \
- assert (i->did_run != 0); \
- return i->error; \
- }
+# define MAYBE_DEFINE_CALLINIT_FUNCTION \
+ static inline int k5_call_init_function(k5_init_t *i) \
+ { \
+ int err; \
+ err = k5_once(&i->once, i->fn); \
+ if (err) \
+ return err; \
+ assert (i->did_run != 0); \
+ return i->error; \
+ }
# endif
-# define MAKE_INIT_FUNCTION(NAME) \
- static int NAME(void); \
- MAYBE_DUMMY_INIT(NAME) \
- /* forward declaration for use in initializer */ \
- static void JOIN__2(NAME, aux) (void); \
- static k5_init_t JOIN__2(NAME, once) = \
- { K5_ONCE_INIT, 0, 0, JOIN__2(NAME, aux) }; \
- MAYBE_DEFINE_CALLINIT_FUNCTION \
- static void JOIN__2(NAME, aux) (void) \
- { \
- JOIN__2(NAME, once).did_run = 1; \
- JOIN__2(NAME, once).error = NAME(); \
- } \
- /* so ';' following macro use won't get error */ \
- static int NAME(void)
-# define CALL_INIT_FUNCTION(NAME) \
- k5_call_init_function(& JOIN__2(NAME, once))
+# define MAKE_INIT_FUNCTION(NAME) \
+ static int NAME(void); \
+ MAYBE_DUMMY_INIT(NAME) \
+ /* forward declaration for use in initializer */ \
+ static void JOIN__2(NAME, aux) (void); \
+ static k5_init_t JOIN__2(NAME, once) = \
+ { K5_ONCE_INIT, 0, 0, JOIN__2(NAME, aux) }; \
+ MAYBE_DEFINE_CALLINIT_FUNCTION \
+ static void JOIN__2(NAME, aux) (void) \
+ { \
+ JOIN__2(NAME, once).did_run = 1; \
+ JOIN__2(NAME, once).error = NAME(); \
+ } \
+ /* so ';' following macro use won't get error */ \
+ static int NAME(void)
+# define CALL_INIT_FUNCTION(NAME) \
+ k5_call_init_function(& JOIN__2(NAME, once))
/* This should be called in finalization only, so we shouldn't have
multiple active threads mucking around in our library at this
point. So ignore the once_t object and just look at the flag.
application code should already be coordinating things such that
the library code is not in use by this point, and memory
synchronization will be needed there. */
-# define INITIALIZER_RAN(NAME) \
- (JOIN__2(NAME, once).did_run && JOIN__2(NAME, once).error == 0)
+# define INITIALIZER_RAN(NAME) \
+ (JOIN__2(NAME, once).did_run && JOIN__2(NAME, once).error == 0)
-# define PROGRAM_EXITING() (0)
+# define PROGRAM_EXITING() (0)
#elif defined(__GNUC__) && !defined(_WIN32) && defined(CONSTRUCTOR_ATTR_WORKS)
# ifdef USE_LINKER_INIT_OPTION
/* Both gcc and linker option?? Favor gcc. */
-# define MAYBE_DUMMY_INIT(NAME) \
- void JOIN__2(NAME, auxinit) () { }
+# define MAYBE_DUMMY_INIT(NAME) \
+ void JOIN__2(NAME, auxinit) () { }
# else
# define MAYBE_DUMMY_INIT(NAME)
# endif
typedef struct { int error; unsigned char did_run; } k5_init_t;
-# define MAKE_INIT_FUNCTION(NAME) \
- MAYBE_DUMMY_INIT(NAME) \
- static k5_init_t JOIN__2(NAME, ran) \
- = { 0, 2 }; \
- static void JOIN__2(NAME, aux)(void) \
- __attribute__((constructor)); \
- static int NAME(void); \
- static void JOIN__2(NAME, aux)(void) \
- { \
- JOIN__2(NAME, ran).error = NAME(); \
- JOIN__2(NAME, ran).did_run = 3; \
- } \
- static int NAME(void)
-# define CALL_INIT_FUNCTION(NAME) \
- (JOIN__2(NAME, ran).did_run == 3 \
- ? JOIN__2(NAME, ran).error \
- : (abort(),0))
-# define INITIALIZER_RAN(NAME) (JOIN__2(NAME,ran).did_run == 3 && JOIN__2(NAME, ran).error == 0)
-
-# define PROGRAM_EXITING() (0)
+# define MAKE_INIT_FUNCTION(NAME) \
+ MAYBE_DUMMY_INIT(NAME) \
+ static k5_init_t JOIN__2(NAME, ran) \
+ = { 0, 2 }; \
+ static void JOIN__2(NAME, aux)(void) \
+ __attribute__((constructor)); \
+ static int NAME(void); \
+ static void JOIN__2(NAME, aux)(void) \
+ { \
+ JOIN__2(NAME, ran).error = NAME(); \
+ JOIN__2(NAME, ran).did_run = 3; \
+ } \
+ static int NAME(void)
+# define CALL_INIT_FUNCTION(NAME) \
+ (JOIN__2(NAME, ran).did_run == 3 \
+ ? JOIN__2(NAME, ran).error \
+ : (abort(),0))
+# define INITIALIZER_RAN(NAME) (JOIN__2(NAME,ran).did_run == 3 && JOIN__2(NAME, ran).error == 0)
+
+# define PROGRAM_EXITING() (0)
#elif defined(USE_LINKER_INIT_OPTION) || defined(_WIN32)
/* Run initializer at load time, via linker magic, or in the
case of WIN32, win_glue.c hard-coded knowledge. */
typedef struct { int error; unsigned char did_run; } k5_init_t;
-# define MAKE_INIT_FUNCTION(NAME) \
- static k5_init_t JOIN__2(NAME, ran) \
- = { 0, 2 }; \
- static int NAME(void); \
- void JOIN__2(NAME, auxinit)() \
- { \
- JOIN__2(NAME, ran).error = NAME(); \
- JOIN__2(NAME, ran).did_run = 3; \
- } \
- static int NAME(void)
-# define CALL_INIT_FUNCTION(NAME) \
- (JOIN__2(NAME, ran).did_run == 3 \
- ? JOIN__2(NAME, ran).error \
- : (abort(),0))
-# define INITIALIZER_RAN(NAME) \
- (JOIN__2(NAME, ran).error == 0)
-
-# define PROGRAM_EXITING() (0)
+# define MAKE_INIT_FUNCTION(NAME) \
+ static k5_init_t JOIN__2(NAME, ran) \
+ = { 0, 2 }; \
+ static int NAME(void); \
+ void JOIN__2(NAME, auxinit)() \
+ { \
+ JOIN__2(NAME, ran).error = NAME(); \
+ JOIN__2(NAME, ran).did_run = 3; \
+ } \
+ static int NAME(void)
+# define CALL_INIT_FUNCTION(NAME) \
+ (JOIN__2(NAME, ran).did_run == 3 \
+ ? JOIN__2(NAME, ran).error \
+ : (abort(),0))
+# define INITIALIZER_RAN(NAME) \
+ (JOIN__2(NAME, ran).error == 0)
+
+# define PROGRAM_EXITING() (0)
#else
# error "Don't know how to do load-time initializers for this configuration."
-# define PROGRAM_EXITING() (0)
+# define PROGRAM_EXITING() (0)
#endif
# ifdef __hpux
/* On HP-UX, we need this auxiliary function. At dynamic load or
- unload time (but *not* program startup and termination for
- link-time specified libraries), the linker-indicated function
- is called with a handle on the library and a flag indicating
- whether it's being loaded or unloaded.
+ unload time (but *not* program startup and termination for
+ link-time specified libraries), the linker-indicated function
+ is called with a handle on the library and a flag indicating
+ whether it's being loaded or unloaded.
- The "real" fini function doesn't need to be exported, so
- declare it static.
+ The "real" fini function doesn't need to be exported, so
+ declare it static.
- As usual, the final declaration is just for syntactic
- convenience, so the top-level invocation of this macro can be
- followed by a semicolon. */
+ As usual, the final declaration is just for syntactic
+ convenience, so the top-level invocation of this macro can be
+ followed by a semicolon. */
# include <dl.h>
-# define MAKE_FINI_FUNCTION(NAME) \
- static void NAME(void); \
- void JOIN__2(NAME, auxfini)(shl_t, int); /* silence gcc warnings */ \
- void JOIN__2(NAME, auxfini)(shl_t h, int l) { if (!l) NAME(); } \
- static void NAME(void)
+# define MAKE_FINI_FUNCTION(NAME) \
+ static void NAME(void); \
+ void JOIN__2(NAME, auxfini)(shl_t, int); /* silence gcc warnings */ \
+ void JOIN__2(NAME, auxfini)(shl_t h, int l) { if (!l) NAME(); } \
+ static void NAME(void)
# else /* not hpux */
-# define MAKE_FINI_FUNCTION(NAME) \
- void NAME(void)
+# define MAKE_FINI_FUNCTION(NAME) \
+ void NAME(void)
# endif
function attribute that makes use of the same facility as C++.
XXX How do we know if the C++ support actually works? */
-# define MAKE_FINI_FUNCTION(NAME) \
- static void NAME(void) __attribute__((destructor))
+# define MAKE_FINI_FUNCTION(NAME) \
+ static void NAME(void) __attribute__((destructor))
#elif !defined(SHARED)
The code will still define the function, but we won't do anything
with it. Annoying: This may generate unused-function warnings. */
-# define MAKE_FINI_FUNCTION(NAME) \
- static void NAME(void)
+# define MAKE_FINI_FUNCTION(NAME) \
+ static void NAME(void)
#else
on most of our platforms except Windows, where we're not using
GCC. */
#ifdef __GNUC__
-# define PUT(SIZE,PTR,VAL) (((struct { uint##SIZE##_t i; } __attribute__((packed)) *)(PTR))->i = (VAL))
-# define GET(SIZE,PTR) (((const struct { uint##SIZE##_t i; } __attribute__((packed)) *)(PTR))->i)
-# define PUTSWAPPED(SIZE,PTR,VAL) PUT(SIZE,PTR,SWAP##SIZE(VAL))
-# define GETSWAPPED(SIZE,PTR) SWAP##SIZE(GET(SIZE,PTR))
+# define PUT(SIZE,PTR,VAL) (((struct { uint##SIZE##_t i; } __attribute__((packed)) *)(PTR))->i = (VAL))
+# define GET(SIZE,PTR) (((const struct { uint##SIZE##_t i; } __attribute__((packed)) *)(PTR))->i)
+# define PUTSWAPPED(SIZE,PTR,VAL) PUT(SIZE,PTR,SWAP##SIZE(VAL))
+# define GETSWAPPED(SIZE,PTR) SWAP##SIZE(GET(SIZE,PTR))
#endif
/* To do: Define SWAP16, SWAP32, SWAP64 macros to byte-swap values
with the indicated numbers of bits.
#if defined(HAVE_BYTESWAP_H) && defined(HAVE_BSWAP_16)
# include <byteswap.h>
-# define SWAP16 bswap_16
-# define SWAP32 bswap_32
+# define SWAP16 bswap_16
+# define SWAP32 bswap_32
# ifdef HAVE_BSWAP_64
-# define SWAP64 bswap_64
+# define SWAP64 bswap_64
# endif
#endif
#if TARGET_OS_MAC
# include <architecture/byte_order.h>
# if 0 /* This causes compiler warnings. */
-# define SWAP16 OSSwapInt16
+# define SWAP16 OSSwapInt16
# else
-# define SWAP16 k5_swap16
+# define SWAP16 k5_swap16
static inline unsigned int k5_swap16 (unsigned int x) {
x &= 0xffff;
return (x >> 8) | ((x & 0xff) << 8);
}
# endif
-# define SWAP32 OSSwapInt32
-# define SWAP64 OSSwapInt64
+# define SWAP32 OSSwapInt32
+# define SWAP64 OSSwapInt64
#endif
/* Note that on Windows at least this file can be included from C++
return GETSWAPPED(32,p);
#else
return (p[3] | (p[2] << 8)
- | ((uint32_t) p[1] << 16)
- | ((uint32_t) p[0] << 24));
+ | ((uint32_t) p[1] << 16)
+ | ((uint32_t) p[0] << 24));
#endif
}
static inline UINT64_TYPE
#ifdef HAVE_GETPWNAM_R
# ifndef GETPWNAM_R_4_ARGS
/* POSIX */
-# define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \
- (getpwnam_r(NAME,REC,BUF,BUFSIZE,OUT) == 0 \
- ? (*(OUT) == NULL ? -1 : 0) : -1)
+# define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \
+ (getpwnam_r(NAME,REC,BUF,BUFSIZE,OUT) == 0 \
+ ? (*(OUT) == NULL ? -1 : 0) : -1)
# else
/* POSIX drafts? */
# ifdef GETPWNAM_R_RETURNS_INT
-# define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \
- (getpwnam_r(NAME,REC,BUF,BUFSIZE) == 0 \
- ? (*(OUT) = REC, 0) \
- : (*(OUT) = NULL, -1))
+# define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \
+ (getpwnam_r(NAME,REC,BUF,BUFSIZE) == 0 \
+ ? (*(OUT) = REC, 0) \
+ : (*(OUT) = NULL, -1))
# else
# define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \
- (*(OUT) = getpwnam_r(NAME,REC,BUF,BUFSIZE), *(OUT) == NULL ? -1 : 0)
+ (*(OUT) = getpwnam_r(NAME,REC,BUF,BUFSIZE), *(OUT) == NULL ? -1 : 0)
# endif
# endif
#else /* no getpwnam_r, or can't figure out #args or return type */
/* Will get warnings about unused variables. */
# define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \
- (*(OUT) = getpwnam(NAME), *(OUT) == NULL ? -1 : 0)
+ (*(OUT) = getpwnam(NAME), *(OUT) == NULL ? -1 : 0)
#endif
/* int k5_getpwuid_r(uid_t, blah blah) */
#ifdef HAVE_GETPWUID_R
# ifndef GETPWUID_R_4_ARGS
/* POSIX */
-# define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \
- (getpwuid_r(UID,REC,BUF,BUFSIZE,OUT) == 0 \
- ? (*(OUT) == NULL ? -1 : 0) : -1)
+# define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \
+ (getpwuid_r(UID,REC,BUF,BUFSIZE,OUT) == 0 \
+ ? (*(OUT) == NULL ? -1 : 0) : -1)
# else
/* POSIX drafts? Yes, I mean to test GETPWNAM... here. Less junk to
do at configure time. */
# ifdef GETPWNAM_R_RETURNS_INT
-# define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \
- (getpwuid_r(UID,REC,BUF,BUFSIZE) == 0 \
- ? (*(OUT) = REC, 0) \
- : (*(OUT) = NULL, -1))
+# define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \
+ (getpwuid_r(UID,REC,BUF,BUFSIZE) == 0 \
+ ? (*(OUT) = REC, 0) \
+ : (*(OUT) = NULL, -1))
# else
# define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \
- (*(OUT) = getpwuid_r(UID,REC,BUF,BUFSIZE), *(OUT) == NULL ? -1 : 0)
+ (*(OUT) = getpwuid_r(UID,REC,BUF,BUFSIZE), *(OUT) == NULL ? -1 : 0)
# endif
# endif
#else /* no getpwuid_r, or can't figure out #args or return type */
/* Will get warnings about unused variables. */
# define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \
- (*(OUT) = getpwuid(UID), *(OUT) == NULL ? -1 : 0)
+ (*(OUT) = getpwuid(UID), *(OUT) == NULL ? -1 : 0)
#endif
/* Ensure, if possible, that the indicated file descriptor won't be
#if defined(F_SETFD)
# ifdef FD_CLOEXEC
if (fcntl(fd, F_SETFD, FD_CLOEXEC) != 0)
- return errno;
+ return errno;
# else
if (fcntl(fd, F_SETFD, 1) != 0)
- return errno;
+ return errno;
# endif
#endif
return 0;
with F_SETFD. */
#ifdef F_SETFD
# ifdef FD_CLOEXEC
-# define set_cloexec_fd(FD) (fcntl((FD), F_SETFD, FD_CLOEXEC) ? errno : 0)
+# define set_cloexec_fd(FD) (fcntl((FD), F_SETFD, FD_CLOEXEC) ? errno : 0)
# else
-# define set_cloexec_fd(FD) (fcntl((FD), F_SETFD, 1) ? errno : 0)
+# define set_cloexec_fd(FD) (fcntl((FD), F_SETFD, 1) ? errno : 0)
# endif
#else
-# define set_cloexec_fd(FD) ((FD),0)
+# define set_cloexec_fd(FD) ((FD),0)
#endif
-#define set_cloexec_file(F) set_cloexec_fd(fileno(F))
+#define set_cloexec_file(F) set_cloexec_fd(fileno(F))
#endif
#if defined(HAS_VA_COPY) || defined(va_copy)
/* Do nothing. */
#elif defined(CAN_COPY_VA_LIST)
-#define va_copy(dest, src) ((dest) = (src))
+#define va_copy(dest, src) ((dest) = (src))
#else
/* Assume array type, but still simply copyable.
allocate some storage pointed to by the va_list, and in that case
we'll just lose. If anyone cares, we could try to devise a test
for that case. */
-#define va_copy(dest, src) memcmp(dest, src, sizeof(va_list))
+#define va_copy(dest, src) memcmp(dest, src, sizeof(va_list))
#endif
/* Provide strlcpy/strlcat interfaces. */
length = _vscprintf(format, args_copy);
va_end(args_copy);
if (size)
- _vsnprintf(str, size, format, args);
+ _vsnprintf(str, size, format, args);
return length;
}
static inline int
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 2006 Massachusetts Institute of Technology.
* All Rights Reserved.
#define PLUGIN_SYMBOL_NAME(prefix, symbol) symbol
#endif
-struct plugin_file_handle; /* opaque */
+struct plugin_file_handle; /* opaque */
struct plugin_dir_handle {
/* This points to a NULL-terminated list of pointers to plugin_file_handle structs */
long KRB5_CALLCONV
krb5int_get_plugin_data (struct plugin_file_handle *, const char *, void **,
- struct errinfo *);
+ struct errinfo *);
long KRB5_CALLCONV
krb5int_get_plugin_func (struct plugin_file_handle *, const char *,
- void (**)(), struct errinfo *);
+ void (**)(), struct errinfo *);
long KRB5_CALLCONV
krb5int_open_plugin_dirs (const char * const *, const char * const *,
- struct plugin_dir_handle *, struct errinfo *);
+ struct plugin_dir_handle *, struct errinfo *);
void KRB5_CALLCONV
krb5int_close_plugin_dirs (struct plugin_dir_handle *);
long KRB5_CALLCONV
krb5int_get_plugin_dir_data (struct plugin_dir_handle *, const char *,
- void ***, struct errinfo *);
+ void ***, struct errinfo *);
void KRB5_CALLCONV
krb5int_free_plugin_dir_data (void **);
long KRB5_CALLCONV
krb5int_get_plugin_dir_func (struct plugin_dir_handle *, const char *,
- void (***)(void), struct errinfo *);
+ void (***)(void), struct errinfo *);
void KRB5_CALLCONV
krb5int_free_plugin_dir_func (void (**)(void));
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* include/k5-thread.h
*
\f/* Interface (tentative):
- Mutex support:
-
- // Between these two, we should be able to do pure compile-time
- // and pure run-time initialization.
- // POSIX: partial initializer is PTHREAD_MUTEX_INITIALIZER,
- // finish does nothing
- // Windows: partial initializer is an invalid handle,
- // finish does the real initialization work
- k5_mutex_t foo_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
- int k5_mutex_finish_init(k5_mutex_t *);
- // for dynamic allocation
- int k5_mutex_init(k5_mutex_t *);
- // Must work for both kinds of alloc, even if it means adding flags.
- int k5_mutex_destroy(k5_mutex_t *);
-
- // As before.
- int k5_mutex_lock(k5_mutex_t *);
- int k5_mutex_unlock(k5_mutex_t *);
-
- In each library, one new function to finish the static mutex init,
- and any other library-wide initialization that might be desired.
- On POSIX, this function would be called via the second support
- function (see below). On Windows, it would be called at library
- load time. These functions, or functions they calls, should be the
- only places that k5_mutex_finish_init gets called.
-
- A second function or macro called at various possible "first" entry
- points which either calls pthread_once on the first function
- (POSIX), or checks some flag set by the first function (Windows),
- and possibly returns an error. (In the non-threaded case, a simple
- flag can be used to avoid multiple invocations, and the mutexes
- don't need run-time initialization anyways.)
-
- A third function for library termination calls mutex_destroy on
- each mutex for the library. This function would be called
- automatically at library unload time. If it turns out to be needed
- at exit time for libraries that don't get unloaded, perhaps we
- should also use atexit(). Any static mutexes should be cleaned up
- with k5_mutex_destroy here.
-
- How does that second support function invoke the first support
- function only once? Through something modelled on pthread_once
- that I haven't written up yet. Probably:
-
- k5_once_t foo_once = K5_ONCE_INIT;
- k5_once(k5_once_t *, void (*)(void));
-
- For POSIX: Map onto pthread_once facility.
- For non-threaded case: A simple flag.
- For Windows: Not needed; library init code takes care of it.
-
- XXX: A general k5_once mechanism isn't possible for Windows,
- without faking it through named mutexes or mutexes initialized at
- startup. I was only using it in one place outside these headers,
- so I'm dropping the general scheme. Eventually the existing uses
- in k5-thread.h and k5-platform.h will be converted to pthread_once
- or static variables.
-\f
-
- Thread-specific data:
-
- // TSD keys are limited in number in gssapi/krb5/com_err; enumerate
- // them all. This allows support code init to allocate the
- // necessary storage for pointers all at once, and avoids any
- // possible error in key creation.
- enum { ... } k5_key_t;
- // Register destructor function. Called in library init code.
- int k5_key_register(k5_key_t, void (*destructor)(void *));
- // Returns NULL or data.
- void *k5_getspecific(k5_key_t);
- // Returns error if key out of bounds, or the pointer table can't
- // be allocated. A call to k5_key_register must have happened first.
- // This may trigger the calling of pthread_setspecific on POSIX.
- int k5_setspecific(k5_key_t, void *);
- // Called in library termination code.
- // Trashes data in all threads, calling the registered destructor
- // (but calling it from the current thread).
- int k5_key_delete(k5_key_t);
-
- For the non-threaded version, the support code will have a static
- array indexed by k5_key_t values, and get/setspecific simply access
- the array elements.
-
- The TSD destructor table is global state, protected by a mutex if
- threads are enabled.
-
-
- Any actual external symbols will use the krb5int_ prefix. The k5_
- names will be simple macros or inline functions to rename the
- external symbols, or slightly more complex ones to expand the
- implementation inline (e.g., map to POSIX versions and/or debug
- code using __FILE__ and the like).
-
-
- More to be added, perhaps. */
+ Mutex support:
+
+ // Between these two, we should be able to do pure compile-time
+ // and pure run-time initialization.
+ // POSIX: partial initializer is PTHREAD_MUTEX_INITIALIZER,
+ // finish does nothing
+ // Windows: partial initializer is an invalid handle,
+ // finish does the real initialization work
+ k5_mutex_t foo_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
+ int k5_mutex_finish_init(k5_mutex_t *);
+ // for dynamic allocation
+ int k5_mutex_init(k5_mutex_t *);
+ // Must work for both kinds of alloc, even if it means adding flags.
+ int k5_mutex_destroy(k5_mutex_t *);
+
+ // As before.
+ int k5_mutex_lock(k5_mutex_t *);
+ int k5_mutex_unlock(k5_mutex_t *);
+
+ In each library, one new function to finish the static mutex init,
+ and any other library-wide initialization that might be desired.
+ On POSIX, this function would be called via the second support
+ function (see below). On Windows, it would be called at library
+ load time. These functions, or functions they calls, should be the
+ only places that k5_mutex_finish_init gets called.
+
+ A second function or macro called at various possible "first" entry
+ points which either calls pthread_once on the first function
+ (POSIX), or checks some flag set by the first function (Windows),
+ and possibly returns an error. (In the non-threaded case, a simple
+ flag can be used to avoid multiple invocations, and the mutexes
+ don't need run-time initialization anyways.)
+
+ A third function for library termination calls mutex_destroy on
+ each mutex for the library. This function would be called
+ automatically at library unload time. If it turns out to be needed
+ at exit time for libraries that don't get unloaded, perhaps we
+ should also use atexit(). Any static mutexes should be cleaned up
+ with k5_mutex_destroy here.
+
+ How does that second support function invoke the first support
+ function only once? Through something modelled on pthread_once
+ that I haven't written up yet. Probably:
+
+ k5_once_t foo_once = K5_ONCE_INIT;
+ k5_once(k5_once_t *, void (*)(void));
+
+ For POSIX: Map onto pthread_once facility.
+ For non-threaded case: A simple flag.
+ For Windows: Not needed; library init code takes care of it.
+
+ XXX: A general k5_once mechanism isn't possible for Windows,
+ without faking it through named mutexes or mutexes initialized at
+ startup. I was only using it in one place outside these headers,
+ so I'm dropping the general scheme. Eventually the existing uses
+ in k5-thread.h and k5-platform.h will be converted to pthread_once
+ or static variables.
+
+
+ Thread-specific data:
+
+ // TSD keys are limited in number in gssapi/krb5/com_err; enumerate
+ // them all. This allows support code init to allocate the
+ // necessary storage for pointers all at once, and avoids any
+ // possible error in key creation.
+ enum { ... } k5_key_t;
+ // Register destructor function. Called in library init code.
+ int k5_key_register(k5_key_t, void (*destructor)(void *));
+ // Returns NULL or data.
+ void *k5_getspecific(k5_key_t);
+ // Returns error if key out of bounds, or the pointer table can't
+ // be allocated. A call to k5_key_register must have happened first.
+ // This may trigger the calling of pthread_setspecific on POSIX.
+ int k5_setspecific(k5_key_t, void *);
+ // Called in library termination code.
+ // Trashes data in all threads, calling the registered destructor
+ // (but calling it from the current thread).
+ int k5_key_delete(k5_key_t);
+
+ For the non-threaded version, the support code will have a static
+ array indexed by k5_key_t values, and get/setspecific simply access
+ the array elements.
+
+ The TSD destructor table is global state, protected by a mutex if
+ threads are enabled.
+
+
+ Any actual external symbols will use the krb5int_ prefix. The k5_
+ names will be simple macros or inline functions to rename the
+ external symbols, or slightly more complex ones to expand the
+ implementation inline (e.g., map to POSIX versions and/or debug
+ code using __FILE__ and the like).
+
+
+ More to be added, perhaps. */
#include <assert.h>
\f
/* Define the OS mutex bit. */
typedef char k5_os_nothread_mutex;
-# define K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER 0
+# define K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER 0
/* Empty inline functions avoid the "statement with no effect"
warnings, and do better type-checking than functions that don't use
their arguments. */
3 - function has been run
4 - function is being run -- deadlock detected */
typedef unsigned char k5_os_nothread_once_t;
-# define K5_OS_NOTHREAD_ONCE_INIT 2
-# define k5_os_nothread_once(O,F) \
- (*(O) == 3 ? 0 \
- : *(O) == 2 ? (*(O) = 4, (F)(), *(O) = 3, 0) \
- : (assert(*(O) != 4), assert(*(O) == 2 || *(O) == 3), 0))
+# define K5_OS_NOTHREAD_ONCE_INIT 2
+# define k5_os_nothread_once(O,F) \
+ (*(O) == 3 ? 0 \
+ : *(O) == 2 ? (*(O) = 4, (F)(), *(O) = 3, 0) \
+ : (assert(*(O) != 4), assert(*(O) == 2 || *(O) == 3), 0))
#ifndef ENABLE_THREADS
typedef k5_os_nothread_mutex k5_os_mutex;
-# define K5_OS_MUTEX_PARTIAL_INITIALIZER \
- K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER
-# define k5_os_mutex_finish_init k5_os_nothread_mutex_finish_init
-# define k5_os_mutex_init k5_os_nothread_mutex_init
-# define k5_os_mutex_destroy k5_os_nothread_mutex_destroy
-# define k5_os_mutex_lock k5_os_nothread_mutex_lock
-# define k5_os_mutex_unlock k5_os_nothread_mutex_unlock
-
-# define k5_once_t k5_os_nothread_once_t
-# define K5_ONCE_INIT K5_OS_NOTHREAD_ONCE_INIT
-# define k5_once k5_os_nothread_once
+# define K5_OS_MUTEX_PARTIAL_INITIALIZER \
+ K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER
+# define k5_os_mutex_finish_init k5_os_nothread_mutex_finish_init
+# define k5_os_mutex_init k5_os_nothread_mutex_init
+# define k5_os_mutex_destroy k5_os_nothread_mutex_destroy
+# define k5_os_mutex_lock k5_os_nothread_mutex_lock
+# define k5_os_mutex_unlock k5_os_nothread_mutex_unlock
+
+# define k5_once_t k5_os_nothread_once_t
+# define K5_ONCE_INIT K5_OS_NOTHREAD_ONCE_INIT
+# define k5_once k5_os_nothread_once
#elif HAVE_PTHREAD
symbol tables of the current process. */
extern int krb5int_pthread_loaded(void)
#ifdef __GNUC__
- /* We should always get the same answer for the life of the process. */
- __attribute__((const))
+/* We should always get the same answer for the life of the process. */
+ __attribute__((const))
#endif
- ;
+ ;
#if defined(HAVE_PRAGMA_WEAK_REF) && !defined(NO_WEAK_PTHREADS)
# pragma weak pthread_once
# pragma weak pthread_mutex_lock
# pragma weak pthread_mutex_init
# pragma weak pthread_self
# pragma weak pthread_equal
-# define K5_PTHREADS_LOADED (krb5int_pthread_loaded())
+# define K5_PTHREADS_LOADED (krb5int_pthread_loaded())
# define USE_PTHREAD_LOCK_ONLY_IF_LOADED
/* Can't rely on useful stubs -- see above regarding Solaris. */
pthread_once_t o;
k5_os_nothread_once_t n;
} k5_once_t;
-# define K5_ONCE_INIT { PTHREAD_ONCE_INIT, K5_OS_NOTHREAD_ONCE_INIT }
-# define k5_once(O,F) (K5_PTHREADS_LOADED \
- ? pthread_once(&(O)->o,F) \
- : k5_os_nothread_once(&(O)->n,F))
+# define K5_ONCE_INIT { PTHREAD_ONCE_INIT, K5_OS_NOTHREAD_ONCE_INIT }
+# define k5_once(O,F) (K5_PTHREADS_LOADED \
+ ? pthread_once(&(O)->o,F) \
+ : k5_os_nothread_once(&(O)->n,F))
#else
/* no pragma weak support */
-# define K5_PTHREADS_LOADED (1)
+# define K5_PTHREADS_LOADED (1)
typedef pthread_once_t k5_once_t;
-# define K5_ONCE_INIT PTHREAD_ONCE_INIT
-# define k5_once pthread_once
+# define K5_ONCE_INIT PTHREAD_ONCE_INIT
+# define k5_once pthread_once
#endif
#endif
typedef pthread_mutex_t k5_os_mutex;
-# define K5_OS_MUTEX_PARTIAL_INITIALIZER \
- PTHREAD_MUTEX_INITIALIZER
+# define K5_OS_MUTEX_PARTIAL_INITIALIZER \
+ PTHREAD_MUTEX_INITIALIZER
#ifdef USE_PTHREAD_LOCK_ONLY_IF_LOADED
-# define k5_os_mutex_finish_init(M) (0)
-# define k5_os_mutex_init(M) \
- (K5_PTHREADS_LOADED ? pthread_mutex_init((M), 0) : 0)
-# define k5_os_mutex_destroy(M) \
- (K5_PTHREADS_LOADED ? pthread_mutex_destroy((M)) : 0)
-# define k5_os_mutex_lock(M) \
- (K5_PTHREADS_LOADED ? pthread_mutex_lock(M) : 0)
-# define k5_os_mutex_unlock(M) \
- (K5_PTHREADS_LOADED ? pthread_mutex_unlock(M) : 0)
+# define k5_os_mutex_finish_init(M) (0)
+# define k5_os_mutex_init(M) \
+ (K5_PTHREADS_LOADED ? pthread_mutex_init((M), 0) : 0)
+# define k5_os_mutex_destroy(M) \
+ (K5_PTHREADS_LOADED ? pthread_mutex_destroy((M)) : 0)
+# define k5_os_mutex_lock(M) \
+ (K5_PTHREADS_LOADED ? pthread_mutex_lock(M) : 0)
+# define k5_os_mutex_unlock(M) \
+ (K5_PTHREADS_LOADED ? pthread_mutex_unlock(M) : 0)
#else
static inline int k5_os_mutex_finish_init(k5_os_mutex *m) { return 0; }
-# define k5_os_mutex_init(M) pthread_mutex_init((M), 0)
-# define k5_os_mutex_destroy(M) pthread_mutex_destroy((M))
-# define k5_os_mutex_lock(M) pthread_mutex_lock(M)
-# define k5_os_mutex_unlock(M) pthread_mutex_unlock(M)
+# define k5_os_mutex_init(M) pthread_mutex_init((M), 0)
+# define k5_os_mutex_destroy(M) pthread_mutex_destroy((M))
+# define k5_os_mutex_lock(M) pthread_mutex_lock(M)
+# define k5_os_mutex_unlock(M) pthread_mutex_unlock(M)
#endif /* is pthreads always available? */
# define K5_OS_MUTEX_PARTIAL_INITIALIZER { INVALID_HANDLE_VALUE, 0 }
-# define k5_os_mutex_finish_init(M) \
- (assert((M)->h == INVALID_HANDLE_VALUE), \
- ((M)->h = CreateMutex(NULL, FALSE, NULL)) ? 0 : GetLastError())
-# define k5_os_mutex_init(M) \
- ((M)->is_locked = 0, \
- ((M)->h = CreateMutex(NULL, FALSE, NULL)) ? 0 : GetLastError())
-# define k5_os_mutex_destroy(M) \
- (CloseHandle((M)->h) ? ((M)->h = 0, 0) : GetLastError())
+# define k5_os_mutex_finish_init(M) \
+ (assert((M)->h == INVALID_HANDLE_VALUE), \
+ ((M)->h = CreateMutex(NULL, FALSE, NULL)) ? 0 : GetLastError())
+# define k5_os_mutex_init(M) \
+ ((M)->is_locked = 0, \
+ ((M)->h = CreateMutex(NULL, FALSE, NULL)) ? 0 : GetLastError())
+# define k5_os_mutex_destroy(M) \
+ (CloseHandle((M)->h) ? ((M)->h = 0, 0) : GetLastError())
static inline int k5_os_mutex_lock(k5_os_mutex *m)
{
DWORD res;
res = WaitForSingleObject(m->h, INFINITE);
if (res == WAIT_FAILED)
- return GetLastError();
+ return GetLastError();
/* Eventually these should be turned into some reasonable error
code. */
assert(res != WAIT_TIMEOUT);
return 0;
}
-# define k5_os_mutex_unlock(M) \
- (assert((M)->is_locked == 1), \
- (M)->is_locked = 0, \
- ReleaseMutex((M)->h) ? 0 : GetLastError())
+# define k5_os_mutex_unlock(M) \
+ (assert((M)->is_locked == 1), \
+ (M)->is_locked = 0, \
+ ReleaseMutex((M)->h) ? 0 : GetLastError())
#else
\f
typedef k5_os_mutex k5_mutex_t;
-#define K5_MUTEX_PARTIAL_INITIALIZER K5_OS_MUTEX_PARTIAL_INITIALIZER
+#define K5_MUTEX_PARTIAL_INITIALIZER K5_OS_MUTEX_PARTIAL_INITIALIZER
static inline int k5_mutex_init(k5_mutex_t *m)
{
return k5_os_mutex_init(m);
{
return k5_os_mutex_finish_init(m);
}
-#define k5_mutex_destroy(M) \
+#define k5_mutex_destroy(M) \
(k5_os_mutex_destroy(M))
#if __GNUC__ >= 4
return k5_os_mutex_lock(m);
}
-#define k5_mutex_unlock(M) \
- (k5_os_mutex_unlock(M))
+#define k5_mutex_unlock(M) \
+ (k5_os_mutex_unlock(M))
-#define k5_mutex_assert_locked(M) ((void)(M))
-#define k5_mutex_assert_unlocked(M) ((void)(M))
-#define k5_assert_locked k5_mutex_assert_locked
-#define k5_assert_unlocked k5_mutex_assert_unlocked
+#define k5_mutex_assert_locked(M) ((void)(M))
+#define k5_mutex_assert_unlocked(M) ((void)(M))
+#define k5_assert_locked k5_mutex_assert_locked
+#define k5_assert_unlocked k5_mutex_assert_unlocked
\f
/* Thread-specific data; implemented in a support file, because we'll
K5_KEY_MAX
} k5_key_t;
/* rename shorthand symbols for export */
-#define k5_key_register krb5int_key_register
-#define k5_getspecific krb5int_getspecific
-#define k5_setspecific krb5int_setspecific
-#define k5_key_delete krb5int_key_delete
+#define k5_key_register krb5int_key_register
+#define k5_getspecific krb5int_getspecific
+#define k5_setspecific krb5int_setspecific
+#define k5_key_delete krb5int_key_delete
extern int k5_key_register(k5_key_t, void (*)(void *));
extern void *k5_getspecific(k5_key_t);
extern int k5_setspecific(k5_key_t, void *);
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 2008 by the Massachusetts Institute of Technology,
* Cambridge, MA, USA. All Rights Reserved.
krb5_unicode *,
size_t);
-#define KRB5_UTF8_NOCASEFOLD 0x0U
-#define KRB5_UTF8_CASEFOLD 0x1U
-#define KRB5_UTF8_ARG1NFC 0x2U
-#define KRB5_UTF8_ARG2NFC 0x4U
-#define KRB5_UTF8_APPROX 0x8U
+#define KRB5_UTF8_NOCASEFOLD 0x0U
+#define KRB5_UTF8_CASEFOLD 0x1U
+#define KRB5_UTF8_ARG1NFC 0x2U
+#define KRB5_UTF8_ARG2NFC 0x4U
+#define KRB5_UTF8_APPROX 0x8U
krb5_error_code krb5int_utf8_normalize(
krb5_data *,
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 2008 by the Massachusetts Institute of Technology,
* Cambridge, MA, USA. All Rights Reserved.
#endif
#if INT_MAX == 0x7fff
-typedef unsigned int krb5_ucs2;
+typedef unsigned int krb5_ucs2;
#elif SHRT_MAX == 0x7fff
-typedef unsigned short krb5_ucs2;
+typedef unsigned short krb5_ucs2;
#else
#error undefined 16 bit type
#endif
#if INT_MAX == 0x7fffffffL
-typedef int krb5_ucs4;
+typedef int krb5_ucs4;
#elif LONG_MAX == 0x7fffffffL
-typedef long krb5_ucs4;
+typedef long krb5_ucs4;
#elif SHRT_MAX == 0x7fffffffL
-typedef short krb5_ucs4;
+typedef short krb5_ucs4;
#else
#error: undefined 32 bit type
#endif
int
krb5int_ucs2s_to_utf8s(const krb5_ucs2 *ucs2s,
- char **utf8s,
- size_t *utf8slen);
+ char **utf8s,
+ size_t *utf8slen);
int
krb5int_ucs2cs_to_utf8s(const krb5_ucs2 *ucs2s,
- size_t ucs2slen,
- char **utf8s,
- size_t *utf8slen);
+ size_t ucs2slen,
+ char **utf8s,
+ size_t *utf8slen);
int
krb5int_ucs2les_to_utf8s(const unsigned char *ucs2les,
- char **utf8s,
- size_t *utf8slen);
+ char **utf8s,
+ size_t *utf8slen);
int
krb5int_ucs2lecs_to_utf8s(const unsigned char *ucs2les,
- size_t ucs2leslen,
- char **utf8s,
- size_t *utf8slen);
+ size_t ucs2leslen,
+ char **utf8s,
+ size_t *utf8slen);
int
krb5int_utf8s_to_ucs2s(const char *utf8s,
- krb5_ucs2 **ucs2s,
- size_t *ucs2chars);
+ krb5_ucs2 **ucs2s,
+ size_t *ucs2chars);
int
krb5int_utf8cs_to_ucs2s(const char *utf8s,
- size_t utf8slen,
- krb5_ucs2 **ucs2s,
- size_t *ucs2chars);
+ size_t utf8slen,
+ krb5_ucs2 **ucs2s,
+ size_t *ucs2chars);
int
krb5int_utf8s_to_ucs2les(const char *utf8s,
- unsigned char **ucs2les,
- size_t *ucs2leslen);
+ unsigned char **ucs2les,
+ size_t *ucs2leslen);
int
krb5int_utf8cs_to_ucs2les(const char *utf8s,
- size_t utf8slen,
- unsigned char **ucs2les,
- size_t *ucs2leslen);
+ size_t utf8slen,
+ unsigned char **ucs2les,
+ size_t *ucs2leslen);
/* returns the number of bytes in the UTF-8 string */
size_t krb5int_utf8_bytes(const char *);
extern const char krb5int_utf8_lentab[128];
extern const char krb5int_utf8_mintab[32];
-#define KRB5_UTF8_ISASCII(p) ( !(*(const unsigned char *)(p) & 0x80 ) )
-#define KRB5_UTF8_CHARLEN(p) ( KRB5_UTF8_ISASCII(p) \
- ? 1 : krb5int_utf8_lentab[*(const unsigned char *)(p) ^ 0x80] )
+#define KRB5_UTF8_BV(p) (*(const unsigned char *)(p))
+#define KRB5_UTF8_ISASCII(p) (!(KRB5_UTF8_BV(p) & 0x80))
+#define KRB5_UTF8_CHARLEN(p) (KRB5_UTF8_ISASCII(p) ? 1 : \
+ krb5int_utf8_lentab[KRB5_UTF8_BV(p) ^ 0x80])
/* This is like CHARLEN but additionally validates to make sure
* the char used the shortest possible encoding.
* 'l' is used to temporarily hold the result of CHARLEN.
*/
-#define KRB5_UTF8_CHARLEN2(p, l) ( ( ( l = KRB5_UTF8_CHARLEN( p )) < 3 || \
- ( krb5int_utf8_mintab[*(const unsigned char *)(p) & 0x1f] & (p)[1] ) ) ? \
- l : 0 )
+#define KRB5_UTF8_CHARLEN2(p, l) ( \
+ ((l = KRB5_UTF8_CHARLEN(p)) < 3 || \
+ (krb5int_utf8_mintab[KRB5_UTF8_BV(p) & 0x1f] & (p)[1])) ? \
+ l : 0)
-#define KRB5_UTF8_OFFSET(p) ( KRB5_UTF8_ISASCII(p) \
- ? 1 : krb5int_utf8_offset((p)) )
+#define KRB5_UTF8_OFFSET(p) (KRB5_UTF8_ISASCII(p) \
+ ? 1 : krb5int_utf8_offset((p)) )
-#define KRB5_UTF8_COPY(d,s) ( KRB5_UTF8_ISASCII(s) \
- ? (*(d) = *(s), 1) : krb5int_utf8_copy((d),(s)) )
+#define KRB5_UTF8_COPY(d,s) (KRB5_UTF8_ISASCII(s) \
+ ? (*(d) = *(s), 1) : krb5int_utf8_copy((d),(s)))
-#define KRB5_UTF8_NEXT(p) ( KRB5_UTF8_ISASCII(p) \
- ? (char *)(p)+1 : krb5int_utf8_next((p)) )
+#define KRB5_UTF8_NEXT(p) (KRB5_UTF8_ISASCII(p) \
+ ? (char *)(p)+1 : krb5int_utf8_next((p)))
#define KRB5_UTF8_INCR(p) ((p) = KRB5_UTF8_NEXT(p))
* these macros assume 'x' is an ASCII x
* and assume the "C" locale
*/
-#define KRB5_ASCII(c) (!((c) & 0x80))
-#define KRB5_SPACE(c) ((c) == ' ' || (c) == '\t' || (c) == '\n')
-#define KRB5_DIGIT(c) ((c) >= '0' && (c) <= '9')
-#define KRB5_LOWER(c) ((c) >= 'a' && (c) <= 'z')
-#define KRB5_UPPER(c) ((c) >= 'A' && (c) <= 'Z')
-#define KRB5_ALPHA(c) (KRB5_LOWER(c) || KRB5_UPPER(c))
-#define KRB5_ALNUM(c) (KRB5_ALPHA(c) || KRB5_DIGIT(c))
-
-#define KRB5_LDH(c) (KRB5_ALNUM(c) || (c) == '-')
-
-#define KRB5_HEXLOWER(c) ((c) >= 'a' && (c) <= 'f')
-#define KRB5_HEXUPPER(c) ((c) >= 'A' && (c) <= 'F')
-#define KRB5_HEX(c) (KRB5_DIGIT(c) || \
- KRB5_HEXLOWER(c) || KRB5_HEXUPPER(c))
+#define KRB5_ASCII(c) (!((c) & 0x80))
+#define KRB5_SPACE(c) ((c) == ' ' || (c) == '\t' || (c) == '\n')
+#define KRB5_DIGIT(c) ((c) >= '0' && (c) <= '9')
+#define KRB5_LOWER(c) ((c) >= 'a' && (c) <= 'z')
+#define KRB5_UPPER(c) ((c) >= 'A' && (c) <= 'Z')
+#define KRB5_ALPHA(c) (KRB5_LOWER(c) || KRB5_UPPER(c))
+#define KRB5_ALNUM(c) (KRB5_ALPHA(c) || KRB5_DIGIT(c))
+
+#define KRB5_LDH(c) (KRB5_ALNUM(c) || (c) == '-')
+
+#define KRB5_HEXLOWER(c) ((c) >= 'a' && (c) <= 'f')
+#define KRB5_HEXUPPER(c) ((c) >= 'A' && (c) <= 'F')
+#define KRB5_HEX(c) (KRB5_DIGIT(c) || \
+ KRB5_HEXLOWER(c) || KRB5_HEXUPPER(c))
#endif /* K5_UTF8_H */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 1989-1998,2002 by the Massachusetts Institute of Technology,
* Cambridge, MA, USA. All Rights Reserved.
#ifndef krb5_seteuid
#if defined(HAVE_SETEUID)
-# define krb5_seteuid(EUID) (seteuid((uid_t)(EUID)))
+# define krb5_seteuid(EUID) (seteuid((uid_t)(EUID)))
#elif defined(HAVE_SETRESUID)
-# define krb5_seteuid(EUID) setresuid(getuid(), (uid_t)(EUID), geteuid())
+# define krb5_seteuid(EUID) setresuid(getuid(), (uid_t)(EUID), geteuid())
#elif defined(HAVE_SETREUID)
-# define krb5_seteuid(EUID) setreuid(geteuid(), (uid_t)(EUID))
+# define krb5_seteuid(EUID) setreuid(geteuid(), (uid_t)(EUID))
#else
- /* You need to add a case to deal with this operating system.*/
-# define krb5_seteuid(EUID) (errno = EPERM, -1)
+/* You need to add a case to deal with this operating system.*/
+# define krb5_seteuid(EUID) (errno = EPERM, -1)
#endif
#ifdef HAVE_SETEGID
-# define krb5_setegid(EGID) (setegid((gid_t)(EGID)))
+# define krb5_setegid(EGID) (setegid((gid_t)(EGID)))
#elif defined(HAVE_SETRESGID)
-# define krb5_setegid(EGID) (setresgid(getgid(), (gid_t)(EGID), getegid()))
+# define krb5_setegid(EGID) (setresgid(getgid(), (gid_t)(EGID), getegid()))
#elif defined(HAVE_SETREGID)
-# define krb5_setegid(EGID) (setregid(getegid(), (gid_t)(EGID)))
+# define krb5_setegid(EGID) (setregid(getegid(), (gid_t)(EGID)))
#else
- /* You need to add a case to deal with this operating system.*/
-# define krb5_setegid(EGID) (errno = EPERM, -1)
+/* You need to add a case to deal with this operating system.*/
+# define krb5_setegid(EGID) (errno = EPERM, -1)
#endif
#endif
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* include/krb5/kdb.h
*
#include <krb5.h>
/* Salt types */
-#define KRB5_KDB_SALTTYPE_NORMAL 0
-#define KRB5_KDB_SALTTYPE_V4 1
-#define KRB5_KDB_SALTTYPE_NOREALM 2
-#define KRB5_KDB_SALTTYPE_ONLYREALM 3
-#define KRB5_KDB_SALTTYPE_SPECIAL 4
-#define KRB5_KDB_SALTTYPE_AFS3 5
-#define KRB5_KDB_SALTTYPE_CERTHASH 6
+#define KRB5_KDB_SALTTYPE_NORMAL 0
+#define KRB5_KDB_SALTTYPE_V4 1
+#define KRB5_KDB_SALTTYPE_NOREALM 2
+#define KRB5_KDB_SALTTYPE_ONLYREALM 3
+#define KRB5_KDB_SALTTYPE_SPECIAL 4
+#define KRB5_KDB_SALTTYPE_AFS3 5
+#define KRB5_KDB_SALTTYPE_CERTHASH 6
/* Attributes */
-#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
-#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
-#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
-#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
-#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
-#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
-#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
-#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
-#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
-#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
-#define KRB5_KDB_DISALLOW_SVR 0x00001000
-#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
+#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
+#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
+#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
+#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
+#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
+#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
+#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
+#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
+#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
+#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
+#define KRB5_KDB_DISALLOW_SVR 0x00001000
+#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
#define KRB5_KDB_SUPPORT_DESMD5 0x00004000
-#define KRB5_KDB_NEW_PRINC 0x00008000
-#define KRB5_KDB_OK_AS_DELEGATE 0x00100000
-#define KRB5_KDB_OK_TO_AUTH_AS_DELEGATE 0x00200000 /* S4U2Self OK */
-#define KRB5_KDB_NO_AUTH_DATA_REQUIRED 0x00400000
+#define KRB5_KDB_NEW_PRINC 0x00008000
+#define KRB5_KDB_OK_AS_DELEGATE 0x00100000
+#define KRB5_KDB_OK_TO_AUTH_AS_DELEGATE 0x00200000 /* S4U2Self OK */
+#define KRB5_KDB_NO_AUTH_DATA_REQUIRED 0x00400000
/* Creation flags */
-#define KRB5_KDB_CREATE_BTREE 0x00000001
-#define KRB5_KDB_CREATE_HASH 0x00000002
+#define KRB5_KDB_CREATE_BTREE 0x00000001
+#define KRB5_KDB_CREATE_HASH 0x00000002
#if !defined(_WIN32)
* adding new tl_data types.
*/
typedef struct _krb5_tl_data {
- struct _krb5_tl_data* tl_data_next; /* NOT saved */
- krb5_int16 tl_data_type;
- krb5_ui_2 tl_data_length;
- krb5_octet * tl_data_contents;
+ struct _krb5_tl_data* tl_data_next; /* NOT saved */
+ krb5_int16 tl_data_type;
+ krb5_ui_2 tl_data_length;
+ krb5_octet * tl_data_contents;
} krb5_tl_data;
/*
* Currently the first type is the enctype and the second is the salt type.
*/
typedef struct _krb5_key_data {
- krb5_int16 key_data_ver; /* Version */
- krb5_int16 key_data_kvno; /* Key Version */
- krb5_int16 key_data_type[2]; /* Array of types */
- krb5_ui_2 key_data_length[2]; /* Array of lengths */
- krb5_octet * key_data_contents[2]; /* Array of pointers */
+ krb5_int16 key_data_ver; /* Version */
+ krb5_int16 key_data_kvno; /* Key Version */
+ krb5_int16 key_data_type[2]; /* Array of types */
+ krb5_ui_2 key_data_length[2]; /* Array of lengths */
+ krb5_octet * key_data_contents[2]; /* Array of pointers */
} krb5_key_data;
-#define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */
+#define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */
typedef struct _krb5_keysalt {
- krb5_int16 type;
- krb5_data data; /* Length, data */
+ krb5_int16 type;
+ krb5_data data; /* Length, data */
} krb5_keysalt;
typedef struct _krb5_db_entry_new {
- krb5_magic magic; /* NOT saved */
- krb5_ui_2 len;
+ krb5_magic magic; /* NOT saved */
+ krb5_ui_2 len;
krb5_ui_4 mask; /* members currently changed/set */
- krb5_flags attributes;
- krb5_deltat max_life;
- krb5_deltat max_renewable_life;
- krb5_timestamp expiration; /* When the client expires */
- krb5_timestamp pw_expiration; /* When its passwd expires */
- krb5_timestamp last_success; /* Last successful passwd */
- krb5_timestamp last_failed; /* Last failed passwd attempt */
- krb5_kvno fail_auth_count; /* # of failed passwd attempt */
- krb5_int16 n_tl_data;
- krb5_int16 n_key_data;
- krb5_ui_2 e_length; /* Length of extra data */
- krb5_octet * e_data; /* Extra data to be saved */
-
- krb5_principal princ; /* Length, data */
- krb5_tl_data * tl_data; /* Linked list */
- krb5_key_data * key_data; /* Array */
+ krb5_flags attributes;
+ krb5_deltat max_life;
+ krb5_deltat max_renewable_life;
+ krb5_timestamp expiration; /* When the client expires */
+ krb5_timestamp pw_expiration; /* When its passwd expires */
+ krb5_timestamp last_success; /* Last successful passwd */
+ krb5_timestamp last_failed; /* Last failed passwd attempt */
+ krb5_kvno fail_auth_count; /* # of failed passwd attempt */
+ krb5_int16 n_tl_data;
+ krb5_int16 n_key_data;
+ krb5_ui_2 e_length; /* Length of extra data */
+ krb5_octet * e_data; /* Extra data to be saved */
+
+ krb5_principal princ; /* Length, data */
+ krb5_tl_data * tl_data; /* Linked list */
+ krb5_key_data * key_data; /* Array */
} krb5_db_entry;
typedef struct _osa_policy_ent_t {
typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t);
typedef struct __krb5_key_salt_tuple {
- krb5_enctype ks_enctype;
- krb5_int32 ks_salttype;
+ krb5_enctype ks_enctype;
+ krb5_int32 ks_salttype;
} krb5_key_salt_tuple;
-#define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb
-#define KRB5_KDB_V1_BASE_LENGTH 38
+#define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb
+#define KRB5_KDB_V1_BASE_LENGTH 38
-#define KRB5_TL_LAST_PWD_CHANGE 0x0001
-#define KRB5_TL_MOD_PRINC 0x0002
-#define KRB5_TL_KADM_DATA 0x0003
-#define KRB5_TL_KADM5_E_DATA 0x0004
-#define KRB5_TL_RB1_CHALLENGE 0x0005
+#define KRB5_TL_LAST_PWD_CHANGE 0x0001
+#define KRB5_TL_MOD_PRINC 0x0002
+#define KRB5_TL_KADM_DATA 0x0003
+#define KRB5_TL_KADM5_E_DATA 0x0004
+#define KRB5_TL_RB1_CHALLENGE 0x0005
#ifdef SECURID
#define KRB5_TL_SECURID_STATE 0x0006
#define KRB5_TL_DB_ARGS 0x7fff
* Determines the number of failed KDC requests before DISALLOW_ALL_TIX is set
* on the principal.
*/
-#define KRB5_MAX_FAIL_COUNT 5
+#define KRB5_MAX_FAIL_COUNT 5
/* XXX depends on knowledge of krb5_parse_name() formats */
-#define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */
+#define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */
/* prompts used by default when reading the KDC password from the keyboard. */
-#define KRB5_KDC_MKEY_1 "Enter KDC database master key"
-#define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify"
+#define KRB5_KDC_MKEY_1 "Enter KDC database master key"
+#define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify"
extern char *krb5_mkey_pwd_prompt1;
*/
#ifdef _KRB5_INT_H
#include "k5-platform.h"
-#define krb5_kdb_decode_int16(cp, i16) \
- *((krb5_int16 *) &(i16)) = load_16_le(cp)
-#define krb5_kdb_decode_int32(cp, i32) \
- *((krb5_int32 *) &(i32)) = load_32_le(cp)
-#define krb5_kdb_encode_int16(i16, cp) store_16_le(i16, cp)
-#define krb5_kdb_encode_int32(i32, cp) store_32_le(i32, cp)
+#define krb5_kdb_decode_int16(cp, i16) \
+ *((krb5_int16 *) &(i16)) = load_16_le(cp)
+#define krb5_kdb_decode_int32(cp, i32) \
+ *((krb5_int32 *) &(i32)) = load_32_le(cp)
+#define krb5_kdb_encode_int16(i16, cp) store_16_le(i16, cp)
+#define krb5_kdb_encode_int32(i32, cp) store_32_le(i32, cp)
#endif /* _KRB5_INT_H */
#define KRB5_KDB_OPEN_RW 0
krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode );
krb5_error_code krb5_db_unlock ( krb5_context kcontext );
krb5_error_code krb5_db_get_principal ( krb5_context kcontext,
- krb5_const_principal search_for,
- krb5_db_entry *entries,
- int *nentries,
- krb5_boolean *more );
+ krb5_const_principal search_for,
+ krb5_db_entry *entries,
+ int *nentries,
+ krb5_boolean *more );
krb5_error_code krb5_db_free_principal ( krb5_context kcontext,
- krb5_db_entry *entry,
- int count );
+ krb5_db_entry *entry,
+ int count );
krb5_error_code krb5_db_put_principal ( krb5_context kcontext,
- krb5_db_entry *entries,
- int *nentries);
+ krb5_db_entry *entries,
+ int *nentries);
krb5_error_code krb5_db_delete_principal ( krb5_context kcontext,
- krb5_principal search_for,
- int *nentries );
+ krb5_principal search_for,
+ int *nentries );
krb5_error_code krb5_db_iterate ( krb5_context kcontext,
- char *match_entry,
- int (*func) (krb5_pointer, krb5_db_entry *),
- krb5_pointer func_arg );
+ char *match_entry,
+ int (*func) (krb5_pointer, krb5_db_entry *),
+ krb5_pointer func_arg );
krb5_error_code krb5_supported_realms ( krb5_context kcontext,
- char **realms );
+ char **realms );
krb5_error_code krb5_free_supported_realms ( krb5_context kcontext,
- char **realms );
+ char **realms );
krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext,
- char *pwd,
- krb5_keyblock *key );
+ char *pwd,
+ krb5_keyblock *key );
krb5_error_code krb5_db_set_mkey ( krb5_context context,
- krb5_keyblock *key);
+ krb5_keyblock *key);
krb5_error_code krb5_db_get_mkey ( krb5_context kcontext,
- krb5_keyblock **key );
+ krb5_keyblock **key );
krb5_error_code krb5_db_set_mkey_list( krb5_context context,
krb5_keylist_node * keylist);
krb5_keylist_node ** keylist);
krb5_error_code krb5_db_free_master_key ( krb5_context kcontext,
- krb5_keyblock *key );
+ krb5_keyblock *key );
krb5_error_code krb5_db_store_master_key ( krb5_context kcontext,
- char *keyfile,
- krb5_principal mname,
- krb5_kvno kvno,
- krb5_keyblock *key,
- char *master_pwd);
+ char *keyfile,
+ krb5_principal mname,
+ krb5_kvno kvno,
+ krb5_keyblock *key,
+ char *master_pwd);
krb5_error_code krb5_db_store_master_key_list ( krb5_context kcontext,
- char *keyfile,
- krb5_principal mname,
- krb5_keylist_node *keylist,
- char *master_pwd);
+ char *keyfile,
+ krb5_principal mname,
+ krb5_keylist_node *keylist,
+ char *master_pwd);
krb5_error_code krb5_db_fetch_mkey ( krb5_context context,
- krb5_principal mname,
- krb5_enctype etype,
- krb5_boolean fromkeyboard,
- krb5_boolean twice,
- char *db_args,
+ krb5_principal mname,
+ krb5_enctype etype,
+ krb5_boolean fromkeyboard,
+ krb5_boolean twice,
+ char *db_args,
krb5_kvno *kvno,
- krb5_data *salt,
- krb5_keyblock *key);
+ krb5_data *salt,
+ krb5_keyblock *key);
krb5_error_code krb5_db_verify_master_key ( krb5_context kcontext,
- krb5_principal mprinc,
+ krb5_principal mprinc,
krb5_kvno kvno,
- krb5_keyblock *mkey );
+ krb5_keyblock *mkey );
krb5_error_code
krb5_db_fetch_mkey_list( krb5_context context,
- krb5_principal mname,
- const krb5_keyblock * mkey,
- krb5_kvno mkvno,
- krb5_keylist_node **mkeys_list );
+ krb5_principal mname,
+ const krb5_keyblock * mkey,
+ krb5_kvno mkvno,
+ krb5_keylist_node **mkeys_list );
krb5_error_code
krb5_db_free_mkey_list( krb5_context context,
- krb5_keylist_node *mkey_list );
+ krb5_keylist_node *mkey_list );
krb5_error_code
-krb5_dbe_find_enctype( krb5_context kcontext,
- krb5_db_entry *dbentp,
- krb5_int32 ktype,
- krb5_int32 stype,
- krb5_int32 kvno,
- krb5_key_data **kdatap);
+krb5_dbe_find_enctype( krb5_context kcontext,
+ krb5_db_entry *dbentp,
+ krb5_int32 ktype,
+ krb5_int32 stype,
+ krb5_int32 kvno,
+ krb5_key_data **kdatap);
krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext,
- krb5_db_entry *dbentp,
- krb5_int32 *start,
- krb5_int32 ktype,
- krb5_int32 stype,
- krb5_int32 kvno,
- krb5_key_data **kdatap);
+ krb5_db_entry *dbentp,
+ krb5_int32 *start,
+ krb5_int32 ktype,
+ krb5_int32 stype,
+ krb5_int32 kvno,
+ krb5_key_data **kdatap);
krb5_error_code
krb5_db_setup_mkey_name ( krb5_context context,
- const char *keyname,
- const char *realm,
- char **fullname,
- krb5_principal *principal);
+ const char *keyname,
+ const char *realm,
+ char **fullname,
+ krb5_principal *principal);
krb5_error_code
-krb5_dbekd_decrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt);
+krb5_dbekd_decrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_key_data * key_data,
+ krb5_keyblock * dbkey,
+ krb5_keysalt * keysalt);
krb5_error_code
-krb5_dbekd_encrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data);
+krb5_dbekd_encrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_keyblock * dbkey,
+ const krb5_keysalt * keysalt,
+ int keyver,
+ krb5_key_data * key_data);
krb5_error_code
krb5_dbe_fetch_act_key_list(krb5_context context,
- krb5_principal princ,
- krb5_actkvno_node **act_key_list);
+ krb5_principal princ,
+ krb5_actkvno_node **act_key_list);
krb5_error_code
krb5_dbe_find_act_mkey( krb5_context context,
krb5_keyblock ** act_mkey);
krb5_error_code
-krb5_dbe_find_mkey( krb5_context context,
+krb5_dbe_find_mkey( krb5_context context,
krb5_keylist_node * mkey_list,
krb5_db_entry * entry,
krb5_keyblock ** mkey);
krb5_error_code
krb5_dbe_lookup_mkvno( krb5_context context,
- krb5_db_entry * entry,
- krb5_kvno * mkvno);
+ krb5_db_entry * entry,
+ krb5_kvno * mkvno);
krb5_error_code
krb5_dbe_lookup_mod_princ_data( krb5_context context,
- krb5_db_entry * entry,
- krb5_timestamp * mod_time,
- krb5_principal * mod_princ);
+ krb5_db_entry * entry,
+ krb5_timestamp * mod_time,
+ krb5_principal * mod_princ);
krb5_error_code
krb5_dbe_lookup_mkey_aux( krb5_context context,
- krb5_db_entry * entry,
- krb5_mkey_aux_node ** mkey_aux_data_list);
+ krb5_db_entry * entry,
+ krb5_mkey_aux_node ** mkey_aux_data_list);
krb5_error_code
krb5_dbe_update_mkvno( krb5_context context,
- krb5_db_entry * entry,
- krb5_kvno mkvno);
+ krb5_db_entry * entry,
+ krb5_kvno mkvno);
krb5_error_code
krb5_dbe_lookup_actkvno( krb5_context context,
- krb5_db_entry * entry,
- krb5_actkvno_node ** actkvno_list);
+ krb5_db_entry * entry,
+ krb5_actkvno_node ** actkvno_list);
krb5_error_code
krb5_dbe_update_mkey_aux( krb5_context context,
- krb5_db_entry * entry,
- krb5_mkey_aux_node * mkey_aux_data_list);
+ krb5_db_entry * entry,
+ krb5_mkey_aux_node * mkey_aux_data_list);
krb5_error_code
krb5_dbe_update_actkvno(krb5_context context,
- krb5_db_entry * entry,
- const krb5_actkvno_node *actkvno_list);
+ krb5_db_entry * entry,
+ const krb5_actkvno_node *actkvno_list);
krb5_error_code
krb5_dbe_update_last_pwd_change( krb5_context context,
- krb5_db_entry * entry,
- krb5_timestamp stamp);
+ krb5_db_entry * entry,
+ krb5_timestamp stamp);
krb5_error_code
krb5_dbe_lookup_tl_data( krb5_context context,
- krb5_db_entry * entry,
- krb5_tl_data * ret_tl_data);
+ krb5_db_entry * entry,
+ krb5_tl_data * ret_tl_data);
krb5_error_code
krb5_dbe_create_key_data( krb5_context context,
- krb5_db_entry * entry);
+ krb5_db_entry * entry);
krb5_error_code
krb5_dbe_update_mod_princ_data( krb5_context context,
- krb5_db_entry * entry,
- krb5_timestamp mod_date,
- krb5_const_principal mod_princ);
+ krb5_db_entry * entry,
+ krb5_timestamp mod_date,
+ krb5_const_principal mod_princ);
void *krb5_db_alloc( krb5_context kcontext,
- void *ptr,
- size_t size );
+ void *ptr,
+ size_t size );
void krb5_db_free( krb5_context kcontext,
- void *ptr);
+ void *ptr);
krb5_error_code
krb5_dbe_lookup_last_pwd_change( krb5_context context,
- krb5_db_entry * entry,
- krb5_timestamp * stamp);
+ krb5_db_entry * entry,
+ krb5_timestamp * stamp);
krb5_error_code
krb5_dbe_delete_tl_data( krb5_context context,
krb5_error_code
krb5_dbe_update_tl_data( krb5_context context,
- krb5_db_entry * entry,
- krb5_tl_data * new_tl_data);
+ krb5_db_entry * entry,
+ krb5_tl_data * new_tl_data);
krb5_error_code
-krb5_dbe_cpw( krb5_context kcontext,
- krb5_keyblock * master_key,
- krb5_key_salt_tuple * ks_tuple,
- int ks_tuple_count,
- char * passwd,
- int new_kvno,
- krb5_boolean keepold,
- krb5_db_entry * db_entry);
+krb5_dbe_cpw( krb5_context kcontext,
+ krb5_keyblock * master_key,
+ krb5_key_salt_tuple * ks_tuple,
+ int ks_tuple_count,
+ char * passwd,
+ int new_kvno,
+ krb5_boolean keepold,
+ krb5_db_entry * db_entry);
krb5_error_code
-krb5_dbe_ark( krb5_context context,
- krb5_keyblock * master_key,
- krb5_key_salt_tuple * ks_tuple,
- int ks_tuple_count,
- krb5_db_entry * db_entry);
+krb5_dbe_ark( krb5_context context,
+ krb5_keyblock * master_key,
+ krb5_key_salt_tuple * ks_tuple,
+ int ks_tuple_count,
+ krb5_db_entry * db_entry);
krb5_error_code
-krb5_dbe_crk( krb5_context context,
- krb5_keyblock * master_key,
- krb5_key_salt_tuple * ks_tuple,
- int ks_tuple_count,
- krb5_boolean keepold,
- krb5_db_entry * db_entry);
+krb5_dbe_crk( krb5_context context,
+ krb5_keyblock * master_key,
+ krb5_key_salt_tuple * ks_tuple,
+ int ks_tuple_count,
+ krb5_boolean keepold,
+ krb5_db_entry * db_entry);
krb5_error_code
-krb5_dbe_apw( krb5_context context,
- krb5_keyblock * master_key,
- krb5_key_salt_tuple * ks_tuple,
- int ks_tuple_count,
- char * passwd,
- krb5_db_entry * db_entry);
+krb5_dbe_apw( krb5_context context,
+ krb5_keyblock * master_key,
+ krb5_key_salt_tuple * ks_tuple,
+ int ks_tuple_count,
+ char * passwd,
+ krb5_db_entry * db_entry);
int
-krb5_db_get_key_data_kvno( krb5_context context,
- int count,
- krb5_key_data * data);
+krb5_db_get_key_data_kvno( krb5_context context,
+ int count,
+ krb5_key_data * data);
/* default functions. Should not be directly called */
krb5_error_code
krb5_dbe_def_search_enctype( krb5_context kcontext,
- krb5_db_entry *dbentp,
- krb5_int32 *start,
- krb5_int32 ktype,
- krb5_int32 stype,
- krb5_int32 kvno,
- krb5_key_data **kdatap);
+ krb5_db_entry *dbentp,
+ krb5_int32 *start,
+ krb5_int32 ktype,
+ krb5_int32 stype,
+ krb5_int32 kvno,
+ krb5_key_data **kdatap);
krb5_error_code
krb5_def_store_mkey( krb5_context context,
- char *keyfile,
- krb5_principal mname,
- krb5_kvno kvno,
- krb5_keyblock *key,
- char *master_pwd);
+ char *keyfile,
+ krb5_principal mname,
+ krb5_kvno kvno,
+ krb5_keyblock *key,
+ char *master_pwd);
krb5_error_code
krb5_def_store_mkey_list( krb5_context context,
- char *keyfile,
- krb5_principal mname,
- krb5_keylist_node *keylist,
- char *master_pwd);
+ char *keyfile,
+ krb5_principal mname,
+ krb5_keylist_node *keylist,
+ char *master_pwd);
krb5_error_code
krb5_db_def_fetch_mkey( krb5_context context,
- krb5_principal mname,
- krb5_keyblock *key,
- krb5_kvno *kvno,
- char *db_args);
+ krb5_principal mname,
+ krb5_keyblock *key,
+ krb5_kvno *kvno,
+ char *db_args);
krb5_error_code
krb5_def_verify_master_key( krb5_context context,
- krb5_principal mprinc,
- krb5_kvno kvno,
- krb5_keyblock *mkey);
+ krb5_principal mprinc,
+ krb5_kvno kvno,
+ krb5_keyblock *mkey);
krb5_error_code
krb5_def_fetch_mkey_list( krb5_context context,
- krb5_principal mprinc,
- const krb5_keyblock *mkey,
- krb5_kvno mkvno,
- krb5_keylist_node **mkeys_list);
+ krb5_principal mprinc,
+ const krb5_keyblock *mkey,
+ krb5_kvno mkvno,
+ krb5_keylist_node **mkeys_list);
krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
- char *pwd,
- krb5_keyblock *key );
+ char *pwd,
+ krb5_keyblock *key );
krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
- krb5_keylist_node *keylist );
+ krb5_keylist_node *keylist );
krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
- krb5_keyblock **key );
+ krb5_keyblock **key );
krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext,
- krb5_keylist_node **keylist );
+ krb5_keylist_node **keylist );
krb5_error_code
-krb5_dbe_def_cpw( krb5_context context,
- krb5_keyblock * master_key,
- krb5_key_salt_tuple * ks_tuple,
- int ks_tuple_count,
- char * passwd,
- int new_kvno,
- krb5_boolean keepold,
- krb5_db_entry * db_entry);
+krb5_dbe_def_cpw( krb5_context context,
+ krb5_keyblock * master_key,
+ krb5_key_salt_tuple * ks_tuple,
+ int ks_tuple_count,
+ char * passwd,
+ int new_kvno,
+ krb5_boolean keepold,
+ krb5_db_entry * db_entry);
krb5_error_code
krb5_def_promote_db(krb5_context, char *, char **);
krb5_error_code
-krb5_dbekd_def_decrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt);
+krb5_dbekd_def_decrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_key_data * key_data,
+ krb5_keyblock * dbkey,
+ krb5_keysalt * keysalt);
krb5_error_code
-krb5_dbekd_def_encrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data);
+krb5_dbekd_def_encrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_keyblock * dbkey,
+ const krb5_keysalt * keysalt,
+ int keyver,
+ krb5_key_data * key_data);
krb5_error_code
-krb5_dbekd_def_decrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt);
+krb5_dbekd_def_decrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_key_data * key_data,
+ krb5_keyblock * dbkey,
+ krb5_keysalt * keysalt);
krb5_error_code
-krb5_dbekd_def_encrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data);
+krb5_dbekd_def_encrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_keyblock * dbkey,
+ const krb5_keysalt * keysalt,
+ int keyver,
+ krb5_key_data * key_data);
krb5_error_code
krb5_db_create_policy( krb5_context kcontext,
- osa_policy_ent_t policy);
+ osa_policy_ent_t policy);
krb5_error_code
krb5_db_get_policy ( krb5_context kcontext,
- char *name,
- osa_policy_ent_t *policy,
- int *nentries);
+ char *name,
+ osa_policy_ent_t *policy,
+ int *nentries);
krb5_error_code
krb5_db_put_policy( krb5_context kcontext,
- osa_policy_ent_t policy);
+ osa_policy_ent_t policy);
krb5_error_code
krb5_db_iter_policy( krb5_context kcontext,
- char *match_entry,
- osa_adb_iter_policy_func func,
- void *data);
+ char *match_entry,
+ osa_adb_iter_policy_func func,
+ void *data);
krb5_error_code
krb5_db_delete_policy( krb5_context kcontext,
- char *policy);
+ char *policy);
void
krb5_db_free_policy( krb5_context kcontext,
- osa_policy_ent_t policy);
+ osa_policy_ent_t policy);
krb5_error_code
-krb5_db_set_context
- (krb5_context, void *db_context);
+krb5_db_set_context(krb5_context, void *db_context);
krb5_error_code
-krb5_db_get_context
- (krb5_context, void **db_context);
+krb5_db_get_context(krb5_context, void **db_context);
void
krb5_dbe_free_key_data_contents(krb5_context, krb5_key_data *);
void
krb5_dbe_free_tl_data(krb5_context, krb5_tl_data *);
-#define KRB5_KDB_DEF_FLAGS 0
+#define KRB5_KDB_DEF_FLAGS 0
-#define KDB_MAX_DB_NAME 128
-#define KDB_REALM_SECTION "realms"
-#define KDB_MODULE_POINTER "database_module"
-#define KDB_MODULE_DEF_SECTION "dbdefaults"
-#define KDB_MODULE_SECTION "dbmodules"
-#define KDB_LIB_POINTER "db_library"
-#define KDB_DATABASE_CONF_FILE DEFAULT_SECURE_PROFILE_PATH
-#define KDB_DATABASE_ENV_PROF KDC_PROFILE_ENV
+#define KDB_MAX_DB_NAME 128
+#define KDB_REALM_SECTION "realms"
+#define KDB_MODULE_POINTER "database_module"
+#define KDB_MODULE_DEF_SECTION "dbdefaults"
+#define KDB_MODULE_SECTION "dbmodules"
+#define KDB_LIB_POINTER "db_library"
+#define KDB_DATABASE_CONF_FILE DEFAULT_SECURE_PROFILE_PATH
+#define KDB_DATABASE_ENV_PROF KDC_PROFILE_ENV
-#define KRB5_KDB_OPEN_RW 0
-#define KRB5_KDB_OPEN_RO 1
+#define KRB5_KDB_OPEN_RW 0
+#define KRB5_KDB_OPEN_RO 1
-#define KRB5_KDB_OPT_SET_DB_NAME 0
-#define KRB5_KDB_OPT_SET_LOCK_MODE 1
+#define KRB5_KDB_OPT_SET_DB_NAME 0
+#define KRB5_KDB_OPT_SET_LOCK_MODE 1
typedef struct _kdb_vftabl {
short int maj_ver;
krb5_error_code (*init_library)();
krb5_error_code (*fini_library)();
krb5_error_code (*init_module) ( krb5_context kcontext,
- char * conf_section,
- char ** db_args,
- int mode );
+ char * conf_section,
+ char ** db_args,
+ int mode );
krb5_error_code (*fini_module) ( krb5_context kcontext );
krb5_error_code (*db_create) ( krb5_context kcontext,
- char * conf_section,
- char ** db_args );
+ char * conf_section,
+ char ** db_args );
krb5_error_code (*db_destroy) ( krb5_context kcontext,
- char *conf_section,
- char ** db_args );
+ char *conf_section,
+ char ** db_args );
krb5_error_code (*db_get_age) ( krb5_context kcontext,
- char *db_name,
- time_t *age );
+ char *db_name,
+ time_t *age );
krb5_error_code (*db_set_option) ( krb5_context kcontext,
- int option,
- void *value );
+ int option,
+ void *value );
krb5_error_code (*db_lock) ( krb5_context kcontext,
- int mode );
+ int mode );
krb5_error_code (*db_unlock) ( krb5_context kcontext);
krb5_error_code (*db_get_principal) ( krb5_context kcontext,
- krb5_const_principal search_for,
- unsigned int flags,
- krb5_db_entry *entries,
- int *nentries,
- krb5_boolean *more );
+ krb5_const_principal search_for,
+ unsigned int flags,
+ krb5_db_entry *entries,
+ int *nentries,
+ krb5_boolean *more );
krb5_error_code (*db_free_principal) ( krb5_context kcontext,
- krb5_db_entry *entry,
- int count );
+ krb5_db_entry *entry,
+ int count );
krb5_error_code (*db_put_principal) ( krb5_context kcontext,
- krb5_db_entry *entries,
- int *nentries,
- char **db_args);
+ krb5_db_entry *entries,
+ int *nentries,
+ char **db_args);
krb5_error_code (*db_delete_principal) ( krb5_context kcontext,
- krb5_const_principal search_for,
- int *nentries );
+ krb5_const_principal search_for,
+ int *nentries );
krb5_error_code (*db_iterate) ( krb5_context kcontext,
- char *match_entry,
- int (*func) (krb5_pointer, krb5_db_entry *),
- krb5_pointer func_arg );
+ char *match_entry,
+ int (*func) (krb5_pointer, krb5_db_entry *),
+ krb5_pointer func_arg );
krb5_error_code (*db_create_policy) ( krb5_context kcontext,
- osa_policy_ent_t policy );
+ osa_policy_ent_t policy );
krb5_error_code (*db_get_policy) ( krb5_context kcontext,
- char *name,
- osa_policy_ent_t *policy,
- int *cnt);
+ char *name,
+ osa_policy_ent_t *policy,
+ int *cnt);
krb5_error_code (*db_put_policy) ( krb5_context kcontext,
- osa_policy_ent_t policy );
+ osa_policy_ent_t policy );
krb5_error_code (*db_iter_policy) ( krb5_context kcontext,
- char *match_entry,
- osa_adb_iter_policy_func func,
- void *data );
+ char *match_entry,
+ osa_adb_iter_policy_func func,
+ void *data );
krb5_error_code (*db_delete_policy) ( krb5_context kcontext,
- char *policy );
+ char *policy );
void (*db_free_policy) ( krb5_context kcontext,
- osa_policy_ent_t val );
+ osa_policy_ent_t val );
krb5_error_code (*db_supported_realms) ( krb5_context kcontext,
- char **realms );
+ char **realms );
krb5_error_code (*db_free_supported_realms) ( krb5_context kcontext,
- char **realms );
+ char **realms );
const char * (*errcode_2_string) ( krb5_context kcontext,
- long err_code );
+ long err_code );
void (*release_errcode_string) (krb5_context kcontext, const char *msg);
/* optional functions */
krb5_error_code (*set_master_key) ( krb5_context kcontext,
- char *pwd,
- krb5_keyblock *key);
+ char *pwd,
+ krb5_keyblock *key);
krb5_error_code (*get_master_key) ( krb5_context kcontext,
- krb5_keyblock **key);
+ krb5_keyblock **key);
krb5_error_code (*set_master_key_list) ( krb5_context kcontext,
- krb5_keylist_node *keylist);
+ krb5_keylist_node *keylist);
krb5_error_code (*get_master_key_list) ( krb5_context kcontext,
- krb5_keylist_node **keylist);
+ krb5_keylist_node **keylist);
krb5_error_code (*setup_master_key_name) ( krb5_context kcontext,
- char *keyname,
- char *realm,
- char **fullname,
- krb5_principal *principal);
+ char *keyname,
+ char *realm,
+ char **fullname,
+ krb5_principal *principal);
krb5_error_code (*store_master_key) ( krb5_context kcontext,
- char *db_arg,
- krb5_principal mname,
- krb5_kvno kvno,
- krb5_keyblock *key,
- char *master_pwd);
+ char *db_arg,
+ krb5_principal mname,
+ krb5_kvno kvno,
+ krb5_keyblock *key,
+ char *master_pwd);
krb5_error_code (*fetch_master_key) ( krb5_context kcontext,
- krb5_principal mname,
- krb5_keyblock *key,
- krb5_kvno *kvno,
- char *db_args);
+ krb5_principal mname,
+ krb5_keyblock *key,
+ krb5_kvno *kvno,
+ char *db_args);
krb5_error_code (*verify_master_key) ( krb5_context kcontext,
- krb5_principal mprinc,
- krb5_kvno kvno,
- krb5_keyblock *mkey );
+ krb5_principal mprinc,
+ krb5_kvno kvno,
+ krb5_keyblock *mkey );
krb5_error_code (*fetch_master_key_list) (krb5_context kcontext,
- krb5_principal mname,
- const krb5_keyblock *key,
- krb5_kvno kvno,
- krb5_keylist_node **mkeys_list);
+ krb5_principal mname,
+ const krb5_keyblock *key,
+ krb5_kvno kvno,
+ krb5_keylist_node **mkeys_list);
krb5_error_code (*store_master_key_list) ( krb5_context kcontext,
- char *db_arg,
- krb5_principal mname,
- krb5_keylist_node *keylist,
- char *master_pwd);
+ char *db_arg,
+ krb5_principal mname,
+ krb5_keylist_node *keylist,
+ char *master_pwd);
krb5_error_code (*dbe_search_enctype) ( krb5_context kcontext,
- krb5_db_entry *dbentp,
- krb5_int32 *start,
- krb5_int32 ktype,
- krb5_int32 stype,
- krb5_int32 kvno,
- krb5_key_data **kdatap);
+ krb5_db_entry *dbentp,
+ krb5_int32 *start,
+ krb5_int32 ktype,
+ krb5_int32 stype,
+ krb5_int32 kvno,
+ krb5_key_data **kdatap);
krb5_error_code
- (*db_change_pwd) ( krb5_context context,
- krb5_keyblock * master_key,
- krb5_key_salt_tuple * ks_tuple,
- int ks_tuple_count,
- char * passwd,
- int new_kvno,
- krb5_boolean keepold,
- krb5_db_entry * db_entry);
+ (*db_change_pwd) ( krb5_context context,
+ krb5_keyblock * master_key,
+ krb5_key_salt_tuple * ks_tuple,
+ int ks_tuple_count,
+ char * passwd,
+ int new_kvno,
+ krb5_boolean keepold,
+ krb5_db_entry * db_entry);
/* Promote a temporary database to be the live one. */
krb5_error_code (*promote_db) (krb5_context context,
- char *conf_section,
- char **db_args);
+ char *conf_section,
+ char **db_args);
krb5_error_code (*dbekd_decrypt_key_data) ( krb5_context kcontext,
- const krb5_keyblock *mkey,
- const krb5_key_data *key_data,
- krb5_keyblock *dbkey,
- krb5_keysalt *keysalt );
+ const krb5_keyblock *mkey,
+ const krb5_key_data *key_data,
+ krb5_keyblock *dbkey,
+ krb5_keysalt *keysalt );
krb5_error_code (*dbekd_encrypt_key_data) ( krb5_context kcontext,
- const krb5_keyblock *mkey,
- const krb5_keyblock *dbkey,
- const krb5_keysalt *keyselt,
- int keyver,
- krb5_key_data *key_data );
+ const krb5_keyblock *mkey,
+ const krb5_keyblock *dbkey,
+ const krb5_keysalt *keyselt,
+ int keyver,
+ krb5_key_data *key_data );
krb5_error_code
(*db_invoke) ( krb5_context context,
- unsigned int method,
- const krb5_data *req,
- krb5_data *rep );
+ unsigned int method,
+ const krb5_data *req,
+ krb5_data *rep );
} kdb_vftabl;
#endif /* !defined(_WIN32) */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* include/krb5/kdb_ext.h
*
#define KRB5_KDB5_EXT__
/* Private flag used to indicate principal is local TGS */
-#define KRB5_KDB_TICKET_GRANTING_SERVICE 0x01000000
+#define KRB5_KDB_TICKET_GRANTING_SERVICE 0x01000000
/* Private flag used to indicate xrealm relationship is non-transitive */
-#define KRB5_KDB_XREALM_NON_TRANSITIVE 0x02000000
+#define KRB5_KDB_XREALM_NON_TRANSITIVE 0x02000000
/* Entry get flags */
/* Name canonicalization requested */
-#define KRB5_KDB_FLAG_CANONICALIZE 0x00000010
+#define KRB5_KDB_FLAG_CANONICALIZE 0x00000010
/* Include authorization data generated by backend */
-#define KRB5_KDB_FLAG_INCLUDE_PAC 0x00000020
+#define KRB5_KDB_FLAG_INCLUDE_PAC 0x00000020
/* Is AS-REQ (client referrals only) */
-#define KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY 0x00000040
+#define KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY 0x00000040
/* Map cross-realm principals */
-#define KRB5_KDB_FLAG_MAP_PRINCIPALS 0x00000080
+#define KRB5_KDB_FLAG_MAP_PRINCIPALS 0x00000080
/* Protocol transition */
-#define KRB5_KDB_FLAG_PROTOCOL_TRANSITION 0x00000100
+#define KRB5_KDB_FLAG_PROTOCOL_TRANSITION 0x00000100
/* Constrained delegation */
-#define KRB5_KDB_FLAG_CONSTRAINED_DELEGATION 0x00000200
+#define KRB5_KDB_FLAG_CONSTRAINED_DELEGATION 0x00000200
/* User-to-user */
-#define KRB5_KDB_FLAG_USER_TO_USER 0x00000800
+#define KRB5_KDB_FLAG_USER_TO_USER 0x00000800
/* Cross-realm */
-#define KRB5_KDB_FLAG_CROSS_REALM 0x00001000
+#define KRB5_KDB_FLAG_CROSS_REALM 0x00001000
-#define KRB5_KDB_FLAGS_S4U ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION | \
- KRB5_KDB_FLAG_CONSTRAINED_DELEGATION )
+#define KRB5_KDB_FLAGS_S4U ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION | \
+ KRB5_KDB_FLAG_CONSTRAINED_DELEGATION )
-#define KRB5_TL_PAC_LOGON_INFO 0x0100 /* NDR encoded validation info */
-#define KRB5_TL_SERVER_REFERRAL 0x0200 /* ASN.1 encoded ServerReferralInfo */
-#define KRB5_TL_SVR_REFERRAL_DATA 0x0300 /* ASN.1 encoded PA-SVR-REFERRAL-DATA */
+#define KRB5_TL_PAC_LOGON_INFO 0x0100 /* NDR encoded validation info */
+#define KRB5_TL_SERVER_REFERRAL 0x0200 /* ASN.1 encoded ServerReferralInfo */
+#define KRB5_TL_SVR_REFERRAL_DATA 0x0300 /* ASN.1 encoded PA-SVR-REFERRAL-DATA */
#define KRB5_TL_CONSTRAINED_DELEGATION_ACL 0x0400 /* Each entry is a permitted SPN */
-#define KRB5_TL_LM_KEY 0x0500 /* LM OWF */
+#define KRB5_TL_LM_KEY 0x0500 /* LM OWF */
#define KRB5_TL_X509_SUBJECT_ISSUER_NAME 0x0600 /* <I>IssuerDN<S>SubjectDN */
krb5_error_code krb5_db_get_principal_ext ( krb5_context kcontext,
- krb5_const_principal search_for,
- unsigned int flags,
- krb5_db_entry *entries,
- int *nentries,
- krb5_boolean *more );
+ krb5_const_principal search_for,
+ unsigned int flags,
+ krb5_db_entry *entries,
+ int *nentries,
+ krb5_boolean *more );
krb5_error_code krb5_db_invoke ( krb5_context kcontext,
- unsigned int method,
- const krb5_data *req,
- krb5_data *rep );
+ unsigned int method,
+ const krb5_data *req,
+ krb5_data *rep );
/* db_invoke methods */
-#define KRB5_KDB_METHOD_SIGN_AUTH_DATA 0x00000010
-#define KRB5_KDB_METHOD_CHECK_TRANSITED_REALMS 0x00000020
-#define KRB5_KDB_METHOD_CHECK_POLICY_AS 0x00000030
-#define KRB5_KDB_METHOD_CHECK_POLICY_TGS 0x00000040
-#define KRB5_KDB_METHOD_AUDIT_AS 0x00000050
-#define KRB5_KDB_METHOD_AUDIT_TGS 0x00000060
-#define KRB5_KDB_METHOD_REFRESH_POLICY 0x00000070
-#define KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE 0x00000080
+#define KRB5_KDB_METHOD_SIGN_AUTH_DATA 0x00000010
+#define KRB5_KDB_METHOD_CHECK_TRANSITED_REALMS 0x00000020
+#define KRB5_KDB_METHOD_CHECK_POLICY_AS 0x00000030
+#define KRB5_KDB_METHOD_CHECK_POLICY_TGS 0x00000040
+#define KRB5_KDB_METHOD_AUDIT_AS 0x00000050
+#define KRB5_KDB_METHOD_AUDIT_TGS 0x00000060
+#define KRB5_KDB_METHOD_REFRESH_POLICY 0x00000070
+#define KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE 0x00000080
typedef struct _kdb_sign_auth_data_req {
krb5_magic magic;
- unsigned int flags; /* KRB5_KDB flags */
- krb5_const_principal client_princ; /* Client name used in ticket */
- krb5_db_entry *client; /* DB entry for client principal */
- krb5_db_entry *server; /* DB entry for server principal */
- krb5_db_entry *krbtgt; /* DB entry for ticket granting service principal */
- krb5_keyblock *client_key; /* Reply key, valid for AS-REQ only */
- krb5_keyblock *server_key; /* Key used to generate server signature */
- krb5_timestamp authtime; /* Authtime of TGT */
- krb5_authdata **auth_data; /* Authorization data from TGT */
- krb5_keyblock *session_key; /* Reply session key */
- krb5_keyblock *krbtgt_key; /* Key used to decrypt TGT, valid for TGS-REQ only */
+ unsigned int flags; /* KRB5_KDB flags */
+ krb5_const_principal client_princ; /* Client name used in ticket */
+ krb5_db_entry *client; /* DB entry for client principal */
+ krb5_db_entry *server; /* DB entry for server principal */
+ krb5_db_entry *krbtgt; /* DB entry for ticket granting service principal */
+ krb5_keyblock *client_key; /* Reply key, valid for AS-REQ only */
+ krb5_keyblock *server_key; /* Key used to generate server signature */
+ krb5_timestamp authtime; /* Authtime of TGT */
+ krb5_authdata **auth_data; /* Authorization data from TGT */
+ krb5_keyblock *session_key; /* Reply session key */
+ krb5_keyblock *krbtgt_key; /* Key used to decrypt TGT, valid for TGS-REQ only */
} kdb_sign_auth_data_req;
typedef struct _kdb_sign_auth_data_rep {
krb5_magic magic;
- krb5_authdata **auth_data; /* Signed authorization data */
+ krb5_authdata **auth_data; /* Signed authorization data */
} kdb_sign_auth_data_rep;
typedef struct _kdb_check_transited_realms_req {
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* include/krb5/kdb_kt.h
*
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
-#ifndef _KDB_LOG_H
-#define _KDB_LOG_H
+#ifndef _KDB_LOG_H
+#define _KDB_LOG_H
-/* #pragma ident "@(#)kdb_log.h 1.3 04/02/23 SMI" */
+/* #pragma ident "@(#)kdb_log.h 1.3 04/02/23 SMI" */
#include <iprop_hdr.h>
#include <iprop.h>
#include <limits.h>
#include "kdb.h"
-#ifdef __cplusplus
+#ifdef __cplusplus
extern "C" {
#endif
/*
* DB macros
*/
-#define INDEX(ulogaddr, i) ((unsigned long) ulogaddr + sizeof (kdb_hlog_t) + \
- (i*ulog->kdb_block))
+#define INDEX(ulogaddr, i) ((unsigned long) ulogaddr + sizeof (kdb_hlog_t) + \
+ (i*ulog->kdb_block))
/*
* Current DB version #
*/
-#define KDB_VERSION 1
+#define KDB_VERSION 1
/*
* DB log states
*/
-#define KDB_STABLE 1
-#define KDB_UNSTABLE 2
-#define KDB_CORRUPT 3
+#define KDB_STABLE 1
+#define KDB_UNSTABLE 2
+#define KDB_CORRUPT 3
/*
* DB log constants
*/
-#define KDB_ULOG_MAGIC 0x6661212
-#define KDB_ULOG_HDR_MAGIC 0x6662323
+#define KDB_ULOG_MAGIC 0x6661212
+#define KDB_ULOG_HDR_MAGIC 0x6662323
/*
* DB Flags
*/
-#define FKADMIND 1
-#define FKPROPLOG 2
-#define FKPROPD 3
-#define FKCOMMAND 4 /* Includes kadmin.local and kdb5_util */
+#define FKADMIND 1
+#define FKPROPLOG 2
+#define FKPROPD 3
+#define FKCOMMAND 4 /* Includes kadmin.local and kdb5_util */
/*
* Default ulog file attributes
*/
-#define MAX_ULOGENTRIES 2500
-#define DEF_ULOGENTRIES 1000
-#define ULOG_IDLE_TIME 10 /* in seconds */
+#define MAX_ULOGENTRIES 2500
+#define DEF_ULOGENTRIES 1000
+#define ULOG_IDLE_TIME 10 /* in seconds */
/*
* Max size of update entry + update header
* We make this large since resizing can be costly.
*/
-#define ULOG_BLOCK 2048 /* Default size of principal record */
+#define ULOG_BLOCK 2048 /* Default size of principal record */
-#define MAXLOGLEN 0x10000000 /* 256 MB log file */
+#define MAXLOGLEN 0x10000000 /* 256 MB log file */
/*
* Prototype declarations
*/
extern krb5_error_code ulog_map(krb5_context context,
- const char *logname, uint32_t entries,
- int caller,
- char **db_args);
+ const char *logname, uint32_t entries,
+ int caller,
+ char **db_args);
extern krb5_error_code ulog_add_update(krb5_context context,
- kdb_incr_update_t *upd);
+ kdb_incr_update_t *upd);
extern krb5_error_code ulog_delete_update(krb5_context context,
- kdb_incr_update_t *upd);
+ kdb_incr_update_t *upd);
extern krb5_error_code ulog_finish_update(krb5_context context,
- kdb_incr_update_t *upd);
+ kdb_incr_update_t *upd);
extern krb5_error_code ulog_get_entries(krb5_context context, kdb_last_t last,
- kdb_incr_result_t *ulog_handle);
-extern krb5_error_code ulog_replay(krb5_context context,
- kdb_incr_result_t *incr_ret, char **db_args);
-extern krb5_error_code ulog_conv_2logentry(krb5_context context,
- krb5_db_entry *entries, kdb_incr_update_t *updates, int nentries);
-extern krb5_error_code ulog_conv_2dbentry(krb5_context context,
- krb5_db_entry *entries, kdb_incr_update_t *updates, int nentries);
+ kdb_incr_result_t *ulog_handle);
+
+extern krb5_error_code
+ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args);
+
+extern krb5_error_code
+ulog_conv_2logentry(krb5_context context, krb5_db_entry *entries,
+ kdb_incr_update_t *updates, int nentries);
+
+extern krb5_error_code
+ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries,
+ kdb_incr_update_t *updates, int nentries);
+
extern void ulog_free_entries(kdb_incr_update_t *updates, int no_of_updates);
extern krb5_error_code ulog_set_role(krb5_context ctx, iprop_role role);
extern krb5_error_code ulog_lock(krb5_context ctx, int mode);
typedef struct kdb_hlog {
- uint32_t kdb_hmagic; /* Log header magic # */
- uint16_t db_version_num; /* Kerberos database version no. */
- uint32_t kdb_num; /* # of updates in log */
- kdbe_time_t kdb_first_time; /* Timestamp of first update */
- kdbe_time_t kdb_last_time; /* Timestamp of last update */
- kdb_sno_t kdb_first_sno; /* First serial # in the update log */
- kdb_sno_t kdb_last_sno; /* Last serial # in the update log */
- uint16_t kdb_state; /* State of update log */
- uint16_t kdb_block; /* Block size of each element */
+ uint32_t kdb_hmagic; /* Log header magic # */
+ uint16_t db_version_num; /* Kerberos database version no. */
+ uint32_t kdb_num; /* # of updates in log */
+ kdbe_time_t kdb_first_time; /* Timestamp of first update */
+ kdbe_time_t kdb_last_time; /* Timestamp of last update */
+ kdb_sno_t kdb_first_sno; /* First serial # in the update log */
+ kdb_sno_t kdb_last_sno; /* Last serial # in the update log */
+ uint16_t kdb_state; /* State of update log */
+ uint16_t kdb_block; /* Block size of each element */
} kdb_hlog_t;
typedef struct kdb_ent_header {
- uint32_t kdb_umagic; /* Update entry magic # */
- kdb_sno_t kdb_entry_sno; /* Serial # of entry */
- kdbe_time_t kdb_time; /* Timestamp of update */
- bool_t kdb_commit; /* Is the entry committed or not */
- uint32_t kdb_entry_size; /* Size of update entry */
- uint8_t entry_data[4]; /* Address of kdb_incr_update_t */
+ uint32_t kdb_umagic; /* Update entry magic # */
+ kdb_sno_t kdb_entry_sno; /* Serial # of entry */
+ kdbe_time_t kdb_time; /* Timestamp of update */
+ bool_t kdb_commit; /* Is the entry committed or not */
+ uint32_t kdb_entry_size; /* Size of update entry */
+ uint8_t entry_data[4]; /* Address of kdb_incr_update_t */
} kdb_ent_header_t;
typedef struct _kdb_log_context {
- iprop_role iproprole;
- kdb_hlog_t *ulog;
- uint32_t ulogentries;
- int ulogfd;
+ iprop_role iproprole;
+ kdb_hlog_t *ulog;
+ uint32_t ulogentries;
+ int ulogfd;
} kdb_log_context;
-#ifdef __cplusplus
+#ifdef __cplusplus
}
#endif
-#endif /* !_KDB_LOG_H */
+#endif /* !_KDB_LOG_H */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2005-2006 Massachusetts Institute of Technology.
* All Rights Reserved.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2005-2006 Massachusetts Institute of Technology.
* All Rights Reserved.
* \brief Get the next ccache in the cache collection.
*/
kim_error kim_ccache_iterator_next (kim_ccache_iterator in_ccache_iterator,
- kim_ccache *out_ccache);
+ kim_ccache *out_ccache);
/*!
* \param io_ccache_iterator a ccache iterator object to be freed. Set to NULL on exit.
/*!
* \param out_ccache on exit, a new cache object for a ccache containing a newly acquired
- * initial credential. Must be freed with kim_ccache_free().
+ * initial credential. Must be freed with kim_ccache_free().
* \param in_client_identity a client identity to obtain a credential for. Specify KIM_IDENTITY_ANY to
* allow the user to choose.
* \param in_options options to control credential acquisition.
/*!
* \param out_ccache on exit, a new cache object for a ccache containing a newly acquired
- * initial credential. Must be freed with kim_ccache_free().
+ * initial credential. Must be freed with kim_ccache_free().
* \param in_client_identity a client identity to obtain a credential for. Specify KIM_IDENTITY_ANY to
* allow the user to choose.
* \param in_options options to control credential acquisition.
/*!
* \param out_ccache on exit, a new ccache object containing an initial credential
- * for the client identity \a in_identity obtained using in_keytab.
- * Must be freed with kim_ccache_free().
+ * for the client identity \a in_identity obtained using in_keytab.
+ * Must be freed with kim_ccache_free().
* \param in_identity a client identity to obtain a credential for. Specify NULL for
- * the first client identity in the keytab.
+ * the first client identity in the keytab.
* \param in_options options to control credential acquisition.
* \param in_keytab a path to a keytab. Specify NULL for the default keytab location.
* \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
/*!
* \param out_ccache on exit, a new ccache object which is a copy of in_krb5_ccache.
- * Must be freed with kim_ccache_free().
+ * Must be freed with kim_ccache_free().
* \param in_krb5_context the krb5 context used to create \a in_krb5_ccache.
* \param in_krb5_ccache a krb5 ccache object.
* \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
/*!
* \param out_ccache on exit, the new ccache object which is a copy of in_ccache.
- * Must be freed with kim_ccache_free().
+ * Must be freed with kim_ccache_free().
* \param in_ccache a ccache object.
* \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
* \brief Copy a ccache.
* \param in_ccache a ccache object.
* \param in_krb5_context a krb5 context which will be used to create out_krb5_ccache.
* \param out_krb5_ccache on exit, a new krb5 ccache object which is a copy of in_ccache.
- * Must be freed with krb5_cc_close() or krb5_cc_destroy().
+ * Must be freed with krb5_cc_close() or krb5_cc_destroy().
* \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
* \brief Get a krb5 ccache for a ccache.
*/
* \param in_ccache a ccache object.
* \param out_display_name on exit, the type and name of \a in_ccache in a format appropriate for
* display to the user in command line programs. (ie: "<type>:<name>")
- * Must be freed with kim_string_free().
+ * Must be freed with kim_string_free().
* Note: this string can also be passed to krb5_cc_resolve().
* \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
* \brief Get the type and name for a ccache in display format.
/*!
* \param in_ccache a ccache object.
* \param out_client_identity on exit, an identity object containing the client identity of
- * \a in_ccache. Must be freed with kim_identity_free().
+ * \a in_ccache. Must be freed with kim_identity_free().
* \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
* \brief Get the client identity for a ccache.
*/
/*!
* \param in_ccache a ccache object.
* \param out_credential on exit, the first valid credential in \a in_ccache.
- * Must be freed with kim_credential_free(). Set to NULL
+ * Must be freed with kim_credential_free(). Set to NULL
* if you only want return value, not the actual credential.
* \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
* \brief Get the first valid credential in a ccache.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2005-2006 Massachusetts Institute of Technology.
* All Rights Reserved.
* \param in_credential a credential object.
* \param in_client_identity a client identity.
* \param out_ccache on exit, a ccache object containing \a in_credential with the client
- * identity \a in_client_identity. Must be freed with kim_ccache_free().
+ * identity \a in_client_identity. Must be freed with kim_ccache_free().
* Specify NULL if you don't want this return value.
* \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
* \brief Store a credential in a ccache in the cache collection.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2005-2006 Massachusetts Institute of Technology.
* All Rights Reserved.
* \brief Create a identity from a string.
*/
kim_error kim_identity_create_from_string (kim_identity *out_identity,
- kim_string in_string);
+ kim_string in_string);
/*!
* \param out_identity on exit, a new identity object. Must be freed with kim_identity_free().
* \brief Create a identity from a realm and component strings.
*/
kim_error kim_identity_create_from_components (kim_identity *out_identity,
- kim_string in_realm,
- kim_string in_1st_component,
- ...);
+ kim_string in_realm,
+ kim_string in_1st_component,
+ ...);
/*!
* \param out_identity on exit, a new identity object which is a copy of \a in_krb5_principal.
* \brief Create an identity object from a krb5_principal.
*/
kim_error kim_identity_create_from_krb5_principal (kim_identity *out_identity,
- krb5_context in_krb5_context,
- krb5_principal in_krb5_principal);
+ krb5_context in_krb5_context,
+ krb5_principal in_krb5_principal);
/*!
* \param out_identity on exit, a new identity object which is a copy of \a in_identity.
* \brief Copy an identity object.
*/
kim_error kim_identity_copy (kim_identity *out_identity,
- kim_identity in_identity);
+ kim_identity in_identity);
/*!
* \brief Compare identity objects for equivalency.
*/
kim_error kim_identity_compare (kim_identity in_identity,
- kim_identity in_compare_to_identity,
- kim_comparison *out_comparison);
+ kim_identity in_compare_to_identity,
+ kim_comparison *out_comparison);
/*!
* \param in_identity an identity object.
* \param out_string on exit, a string representation of \a in_identity.
* \note Special characters such as '@' and '/' will be escaped with '\'.
*/
kim_error kim_identity_get_string (kim_identity in_identity,
- kim_string *out_string);
+ kim_string *out_string);
/*!
* The result of this function should \em only be used to display to the user.
*/
kim_error kim_identity_get_display_string (kim_identity in_identity,
- kim_string *out_display_string);
+ kim_string *out_display_string);
/*!
* \param in_identity an identity object.
* \brief Get the realm string of an identity.
*/
kim_error kim_identity_get_realm (kim_identity in_identity,
- kim_string *out_realm_string);
+ kim_string *out_realm_string);
/*!
* \param in_identity an identity object.
* \brief Get the number of components of an identity.
*/
kim_error kim_identity_get_number_of_components (kim_identity in_identity,
- kim_count *out_number_of_components);
+ kim_count *out_number_of_components);
/*!
* \param in_identity an identity object.
* \brief Get the Nth component of an identity.
*/
kim_error kim_identity_get_component_at_index (kim_identity in_identity,
- kim_count in_index,
- kim_string *out_component_string);
+ kim_count in_index,
+ kim_string *out_component_string);
/*!
* \param in_identity an identity object.
* \brief Get the krb5_principal representation of an identity.
*/
kim_error kim_identity_get_krb5_principal (kim_identity in_identity,
- krb5_context in_krb5_context,
- krb5_principal *out_krb5_principal);
+ krb5_context in_krb5_context,
+ krb5_principal *out_krb5_principal);
/*!
* \param in_identity an identity object whose password will be changed.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2005-2008 Massachusetts Institute of Technology.
* All Rights Reserved.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2005-2006 Massachusetts Institute of Technology.
* All Rights Reserved.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2005-2006 Massachusetts Institute of Technology.
* All Rights Reserved.
* \brief Copy a preferences object.
*/
kim_error kim_preferences_copy (kim_preferences *out_preferences,
- kim_preferences in_preferences);
+ kim_preferences in_preferences);
/*!
* \param io_preferences a preferences object to modify.
* \sa kim_preferences_get_options()
*/
kim_error kim_preferences_set_options (kim_preferences io_preferences,
- kim_options in_options);
+ kim_options in_options);
/*!
* \param in_preferences a preferences object.
* \sa kim_preferences_set_options()
*/
kim_error kim_preferences_get_options (kim_preferences in_preferences,
- kim_options *out_options);
+ kim_options *out_options);
/*!
* \param io_preferences a preferences object to modify.
* \sa kim_preferences_get_remember_options()
*/
kim_error kim_preferences_set_remember_options (kim_preferences io_preferences,
- kim_boolean in_remember_options);
+ kim_boolean in_remember_options);
/*!
* \param in_preferences a preferences object.
* \sa kim_preferences_set_remember_options()
*/
kim_error kim_preferences_get_remember_options (kim_preferences in_preferences,
- kim_boolean *out_remember_options);
+ kim_boolean *out_remember_options);
/*!
* \param io_preferences a preferences object to modify.
* \sa kim_preferences_get_client_identity()
*/
kim_error kim_preferences_set_client_identity (kim_preferences io_preferences,
- kim_identity in_client_identity);
+ kim_identity in_client_identity);
/*!
* \param in_preferences a preferences object.
* \sa kim_preferences_set_client_identity()
*/
kim_error kim_preferences_get_client_identity (kim_preferences in_preferences,
- kim_identity *out_client_identity);
+ kim_identity *out_client_identity);
/*!
* \param io_preferences a preferences object to modify.
* \sa kim_preferences_get_remember_client_identity()
*/
kim_error kim_preferences_set_remember_client_identity (kim_preferences io_preferences,
- kim_boolean in_remember_client_identity);
+ kim_boolean in_remember_client_identity);
/*!
* \param in_preferences a preferences object.
* \sa kim_preferences_set_remember_client_identity()
*/
kim_error kim_preferences_get_remember_client_identity (kim_preferences in_preferences,
- kim_boolean *out_remember_client_identity);
+ kim_boolean *out_remember_client_identity);
/*!
* \param io_preferences a preferences object to modify.
* \sa kim_preferences_get_minimum_lifetime()
*/
kim_error kim_preferences_set_minimum_lifetime (kim_preferences io_preferences,
- kim_lifetime in_minimum_lifetime);
+ kim_lifetime in_minimum_lifetime);
/*!
* \param in_preferences a preferences object.
* \sa kim_preferences_set_minimum_lifetime()
*/
kim_error kim_preferences_get_minimum_lifetime (kim_preferences in_preferences,
- kim_lifetime *out_minimum_lifetime);
+ kim_lifetime *out_minimum_lifetime);
/*!
* \param io_preferences a preferences object to modify.
* \sa kim_preferences_get_maximum_lifetime()
*/
kim_error kim_preferences_set_maximum_lifetime (kim_preferences io_preferences,
- kim_lifetime in_maximum_lifetime);
+ kim_lifetime in_maximum_lifetime);
/*!
* \param in_preferences a preferences object.
* \sa kim_preferences_set_maximum_lifetime()
*/
kim_error kim_preferences_get_maximum_lifetime (kim_preferences in_preferences,
- kim_lifetime *out_maximum_lifetime);
+ kim_lifetime *out_maximum_lifetime);
/*!
* \param io_preferences a preferences object to modify.
* \sa kim_preferences_get_minimum_renewal_lifetime()
*/
kim_error kim_preferences_set_minimum_renewal_lifetime (kim_preferences io_preferences,
- kim_lifetime in_minimum_renewal_lifetime);
+ kim_lifetime in_minimum_renewal_lifetime);
/*!
* \param in_preferences a preferences object.
* \sa kim_preferences_set_minimum_renewal_lifetime()
*/
kim_error kim_preferences_get_minimum_renewal_lifetime (kim_preferences in_preferences,
- kim_lifetime *out_minimum_renewal_lifetime);
+ kim_lifetime *out_minimum_renewal_lifetime);
/*!
* \param io_preferences a preferences object to modify.
* \sa kim_preferences_get_minimum_renewal_lifetime()
*/
kim_error kim_preferences_set_maximum_renewal_lifetime (kim_preferences io_preferences,
- kim_lifetime in_maximum_renewal_lifetime);
+ kim_lifetime in_maximum_renewal_lifetime);
/*!
* \param in_preferences a preferences object.
* \sa kim_preferences_set_minimum_renewal_lifetime()
*/
kim_error kim_preferences_get_maximum_renewal_lifetime (kim_preferences in_preferences,
- kim_lifetime *out_maximum_renewal_lifetime);
+ kim_lifetime *out_maximum_renewal_lifetime);
/*!
* \param in_preferences a preferences object.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2005-2006 Massachusetts Institute of Technology.
* All Rights Reserved.
* \brief Create a new selection hints object.
*/
kim_error kim_selection_hints_create (kim_selection_hints *out_selection_hints,
- kim_string in_application_identifier);
+ kim_string in_application_identifier);
/*!
* \param out_selection_hints on exit, a new selection hints object which is a copy of in_selection_hints.
* \brief Copy a selection hints object.
*/
kim_error kim_selection_hints_copy (kim_selection_hints *out_selection_hints,
- kim_selection_hints in_selection_hints);
+ kim_selection_hints in_selection_hints);
/*!
* \param io_selection_hints a selection hints object to modify.
* \sa kim_selection_hints_get_explanation()
*/
kim_error kim_selection_hints_set_explanation (kim_selection_hints io_selection_hints,
- kim_string in_explanation);
+ kim_string in_explanation);
/*!
* \param in_selection_hints a selection hints object.
* \sa kim_selection_hints_set_explanation()
*/
kim_error kim_selection_hints_get_explanation (kim_selection_hints in_selection_hints,
- kim_string *out_explanation);
+ kim_string *out_explanation);
/*!
* \sa kim_selection_hints_get_options()
*/
kim_error kim_selection_hints_set_options (kim_selection_hints io_selection_hints,
- kim_options in_options);
+ kim_options in_options);
/*!
* \param in_selection_hints a selection hints object.
* \sa kim_selection_hints_set_options()
*/
kim_error kim_selection_hints_get_options (kim_selection_hints in_selection_hints,
- kim_options *out_options);
+ kim_options *out_options);
/*!
* \param in_selection_hints a selection hints object to modify
* \sa kim_selection_hints_get_allow_user_interaction
*/
kim_error kim_selection_hints_set_allow_user_interaction (kim_selection_hints in_selection_hints,
- kim_boolean in_allow_user_interaction);
+ kim_boolean in_allow_user_interaction);
/*!
* \param in_selection_hints a selection hints object to modify
* \sa kim_selection_hints_set_allow_user_interaction
*/
kim_error kim_selection_hints_get_allow_user_interaction (kim_selection_hints in_selection_hints,
- kim_boolean *out_allow_user_interaction);
+ kim_boolean *out_allow_user_interaction);
/*!
* \param in_selection_hints a selection hints object to modify
* \sa kim_selection_hints_get_remember_identity
*/
kim_error kim_selection_hints_set_remember_identity (kim_selection_hints in_selection_hints,
- kim_boolean in_remember_identity);
+ kim_boolean in_remember_identity);
/*!
* \param in_selection_hints a selection hints object to modify
* \sa kim_selection_hints_set_remember_identity
*/
kim_error kim_selection_hints_get_remember_identity (kim_selection_hints in_selection_hints,
- kim_boolean *out_remember_identity);
+ kim_boolean *out_remember_identity);
/*!
* \param in_selection_hints the selection hints to add to the cache.
*/
kim_error kim_selection_hints_get_identity (kim_selection_hints in_selection_hints,
- kim_identity *out_identity);
+ kim_identity *out_identity);
/*!
* \param in_selection_hints the selection hints to add to the cache.
*/
kim_error kim_selection_hints_remember_identity (kim_selection_hints in_selection_hints,
- kim_identity in_identity);
+ kim_identity in_identity);
/*!
* \param in_selection_hints the selection hints to remove from the cache.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2005-2006 Massachusetts Institute of Technology.
* All Rights Reserved.
/*!
* \param out_string on exit, a new string object which is a copy of \a in_string.
- Must be freed with kim_string_free().
+ Must be freed with kim_string_free().
* \param in_string the string to copy.
* \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
* \brief Copy a string.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2005-2006 Massachusetts Institute of Technology.
* All Rights Reserved.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2008 Massachusetts Institute of Technology.
* All Rights Reserved.
typedef struct kim_ui_plugin_ftable_v0 {
- int minor_version; /* currently 0 */
+ int minor_version; /* currently 0 */
/* Called before other calls to allow the UI to initialize.
* Return an error if you can't display your UI in this environment.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* The MIT Kerberos header file krb5.h used to live here.
As of the 1.5 release, we're installing multiple Kerberos headers,
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* krb5/authdata_plugin.h
*
* client (barring other problems).
*/
krb5_error_code (*authdata_proc)(krb5_context,
- struct _krb5_db_entry_new *client,
- krb5_data *req_pkt,
- krb5_kdc_req *request,
- krb5_enc_tkt_part *enc_tkt_reply);
+ struct _krb5_db_entry_new *client,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_enc_tkt_part *enc_tkt_reply);
} krb5plugin_server_authdata_ftable_v0;
typedef krb5plugin_server_authdata_ftable_v0 krb5plugin_authdata_ftable_v0;
* client (barring other problems).
*/
krb5_error_code (*authdata_proc)(krb5_context,
- unsigned int flags,
- struct _krb5_db_entry_new *client,
- struct _krb5_db_entry_new *server,
- struct _krb5_db_entry_new *tgs,
- krb5_keyblock *client_key,
- krb5_keyblock *server_key,
- krb5_keyblock *tgs_key,
- krb5_data *req_pkt,
- krb5_kdc_req *request,
- krb5_const_principal for_user_princ,
- krb5_enc_tkt_part *enc_tkt_request,
- krb5_enc_tkt_part *enc_tkt_reply);
+ unsigned int flags,
+ struct _krb5_db_entry_new *client,
+ struct _krb5_db_entry_new *server,
+ struct _krb5_db_entry_new *tgs,
+ krb5_keyblock *client_key,
+ krb5_keyblock *server_key,
+ krb5_keyblock *tgs_key,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_const_principal for_user_princ,
+ krb5_enc_tkt_part *enc_tkt_request,
+ krb5_enc_tkt_part *enc_tkt_reply);
} krb5plugin_authdata_server_ftable_v2;
typedef krb5plugin_authdata_server_ftable_v2 krb5plugin_authdata_ftable_v2;
typedef krb5_error_code
(*authdata_client_plugin_init_proc)(krb5_context context,
- void **plugin_context);
+ void **plugin_context);
-#define AD_USAGE_AS_REQ 0x01
-#define AD_USAGE_TGS_REQ 0x02
-#define AD_USAGE_AP_REQ 0x04
-#define AD_USAGE_KDC_ISSUED 0x08
-#define AD_USAGE_MASK 0x0F
-#define AD_INFORMATIONAL 0x10
+#define AD_USAGE_AS_REQ 0x01
+#define AD_USAGE_TGS_REQ 0x02
+#define AD_USAGE_AP_REQ 0x04
+#define AD_USAGE_KDC_ISSUED 0x08
+#define AD_USAGE_MASK 0x0F
+#define AD_INFORMATIONAL 0x10
struct _krb5_authdata_context;
typedef void
(*authdata_client_plugin_flags_proc)(krb5_context kcontext,
- void *plugin_context,
- krb5_authdatatype ad_type,
- krb5_flags *flags);
+ void *plugin_context,
+ krb5_authdatatype ad_type,
+ krb5_flags *flags);
typedef void
(*authdata_client_plugin_fini_proc)(krb5_context kcontext,
- void *plugin_context);
+ void *plugin_context);
typedef krb5_error_code
(*authdata_client_request_init_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void **request_context);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void **request_context);
typedef void
(*authdata_client_request_fini_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context);
typedef krb5_error_code
(*authdata_client_import_authdata_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- krb5_authdata **authdata,
- krb5_boolean kdc_issued_flag,
- krb5_const_principal issuer);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ krb5_authdata **authdata,
+ krb5_boolean kdc_issued_flag,
+ krb5_const_principal issuer);
typedef krb5_error_code
(*authdata_client_export_authdata_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- krb5_flags usage,
- krb5_authdata ***authdata);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ krb5_flags usage,
+ krb5_authdata ***authdata);
typedef krb5_error_code
(*authdata_client_get_attribute_types_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- krb5_data **attrs);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ krb5_data **attrs);
typedef krb5_error_code
(*authdata_client_get_attribute_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- const krb5_data *attribute,
- krb5_boolean *authenticated,
- krb5_boolean *complete,
- krb5_data *value,
- krb5_data *display_value,
- int *more);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ const krb5_data *attribute,
+ krb5_boolean *authenticated,
+ krb5_boolean *complete,
+ krb5_data *value,
+ krb5_data *display_value,
+ int *more);
typedef krb5_error_code
(*authdata_client_set_attribute_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- krb5_boolean complete,
- const krb5_data *attribute,
- const krb5_data *value);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ krb5_boolean complete,
+ const krb5_data *attribute,
+ const krb5_data *value);
typedef krb5_error_code
(*authdata_client_delete_attribute_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- const krb5_data *attribute);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ const krb5_data *attribute);
typedef krb5_error_code
(*authdata_client_export_internal_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- krb5_boolean restrict_authenticated,
- void **ptr);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ krb5_boolean restrict_authenticated,
+ void **ptr);
typedef void
(*authdata_client_free_internal_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- void *ptr);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ void *ptr);
typedef krb5_error_code
(*authdata_client_verify_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- const krb5_auth_context *auth_context,
- const krb5_keyblock *key,
- const krb5_ap_req *req);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ const krb5_auth_context *auth_context,
+ const krb5_keyblock *key,
+ const krb5_ap_req *req);
typedef krb5_error_code
(*authdata_client_size_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- size_t *sizep);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ size_t *sizep);
typedef krb5_error_code
(*authdata_client_externalize_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- krb5_octet **buffer,
- size_t *lenremain);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ krb5_octet **buffer,
+ size_t *lenremain);
typedef krb5_error_code
(*authdata_client_internalize_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- krb5_octet **buffer,
- size_t *lenremain);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ krb5_octet **buffer,
+ size_t *lenremain);
typedef krb5_error_code
(*authdata_client_copy_proc)(krb5_context kcontext,
- struct _krb5_authdata_context *context,
- void *plugin_context,
- void *request_context,
- void *dst_plugin_context,
- void *dst_request_context);
+ struct _krb5_authdata_context *context,
+ void *plugin_context,
+ void *request_context,
+ void *dst_plugin_context,
+ void *dst_request_context);
typedef struct krb5plugin_authdata_client_ftable_v0 {
char *name;
-/* -*- c -*-
- * include/krb5.h
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/krb5.h
*
* Copyright 1989,1990,1995,2001, 2003, 2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
#endif
#if defined(__MACH__) && defined(__APPLE__)
-# include <TargetConditionals.h>
+# include <TargetConditionals.h>
# if TARGET_RT_MAC_CFM
-# error "Use KfM 4.0 SDK headers for CFM compilation."
+# error "Use KfM 4.0 SDK headers for CFM compilation."
# endif
#endif
#define KRB5_OLD_CRYPTO
#include <stdlib.h>
-#include <limits.h> /* for *_MAX */
+#include <limits.h> /* for *_MAX */
#include <stdarg.h>
#ifndef KRB5INT_BEGIN_DECLS
#if defined(__cplusplus)
-#define KRB5INT_BEGIN_DECLS extern "C" {
-#define KRB5INT_END_DECLS }
+#define KRB5INT_BEGIN_DECLS extern "C" {
+#define KRB5INT_END_DECLS }
#else
#define KRB5INT_BEGIN_DECLS
#define KRB5INT_END_DECLS
* Word-size related definition.
*/
-typedef unsigned char krb5_octet;
+typedef unsigned char krb5_octet;
#if INT_MAX == 0x7fff
-typedef int krb5_int16;
-typedef unsigned int krb5_ui_2;
+typedef int krb5_int16;
+typedef unsigned int krb5_ui_2;
#elif SHRT_MAX == 0x7fff
-typedef short krb5_int16;
-typedef unsigned short krb5_ui_2;
+typedef short krb5_int16;
+typedef unsigned short krb5_ui_2;
#else
#error undefined 16 bit type
#endif
#if INT_MAX == 0x7fffffffL
-typedef int krb5_int32;
-typedef unsigned int krb5_ui_4;
+typedef int krb5_int32;
+typedef unsigned int krb5_ui_4;
#elif LONG_MAX == 0x7fffffffL
-typedef long krb5_int32;
-typedef unsigned long krb5_ui_4;
+typedef long krb5_int32;
+typedef unsigned long krb5_ui_4;
#elif SHRT_MAX == 0x7fffffffL
-typedef short krb5_int32;
-typedef unsigned short krb5_ui_4;
+typedef short krb5_int32;
+typedef unsigned short krb5_ui_4;
#else
#error: undefined 32 bit type
#endif
-#define VALID_INT_BITS INT_MAX
-#define VALID_UINT_BITS UINT_MAX
+#define VALID_INT_BITS INT_MAX
+#define VALID_UINT_BITS UINT_MAX
-#define KRB5_INT32_MAX 2147483647
+#define KRB5_INT32_MAX 2147483647
/* this strange form is necessary since - is a unary operator, not a sign
indicator */
-#define KRB5_INT32_MIN (-KRB5_INT32_MAX-1)
+#define KRB5_INT32_MIN (-KRB5_INT32_MAX-1)
#define KRB5_INT16_MAX 65535
/* this strange form is necessary since - is a unary operator, not a sign
indicator */
-#define KRB5_INT16_MIN (-KRB5_INT16_MAX-1)
+#define KRB5_INT16_MIN (-KRB5_INT16_MAX-1)
/*
* end wordsize.h
*/
#ifndef FALSE
-#define FALSE 0
+#define FALSE 0
#endif
#ifndef TRUE
-#define TRUE 1
+#define TRUE 1
#endif
-typedef unsigned int krb5_boolean;
-typedef unsigned int krb5_msgtype;
-typedef unsigned int krb5_kvno;
+typedef unsigned int krb5_boolean;
+typedef unsigned int krb5_msgtype;
+typedef unsigned int krb5_kvno;
-typedef krb5_int32 krb5_addrtype;
+typedef krb5_int32 krb5_addrtype;
typedef krb5_int32 krb5_enctype;
typedef krb5_int32 krb5_cksumtype;
typedef krb5_int32 krb5_authdatatype;
typedef krb5_int32 krb5_keyusage;
typedef krb5_int32 krb5_cryptotype;
-typedef krb5_int32 krb5_preauthtype; /* This may change, later on */
-typedef krb5_int32 krb5_flags;
-typedef krb5_int32 krb5_timestamp;
-typedef krb5_int32 krb5_error_code;
-typedef krb5_int32 krb5_deltat;
+typedef krb5_int32 krb5_preauthtype; /* This may change, later on */
+typedef krb5_int32 krb5_flags;
+typedef krb5_int32 krb5_timestamp;
+typedef krb5_int32 krb5_error_code;
+typedef krb5_int32 krb5_deltat;
-typedef krb5_error_code krb5_magic;
+typedef krb5_error_code krb5_magic;
typedef struct _krb5_data {
- krb5_magic magic;
- unsigned int length;
- char *data;
+ krb5_magic magic;
+ unsigned int length;
+ char *data;
} krb5_data;
typedef struct _krb5_octet_data {
- krb5_magic magic;
- unsigned int length;
- krb5_octet *data;
+ krb5_magic magic;
+ unsigned int length;
+ krb5_octet *data;
} krb5_octet_data;
/*
* equivalent to -1 without possible sign extension
* We also overload for an unset salt type length - which is also -1, but
* hey, why not....
-*/
+ */
#define SALT_TYPE_AFS_LENGTH UINT_MAX
#define SALT_TYPE_NO_LENGTH UINT_MAX
-typedef void * krb5_pointer;
+typedef void * krb5_pointer;
typedef void const * krb5_const_pointer;
typedef struct krb5_principal_data {
krb5_magic magic;
krb5_data realm;
- krb5_data *data; /* An array of strings */
+ krb5_data *data; /* An array of strings */
krb5_int32 length;
krb5_int32 type;
} krb5_principal_data;
-typedef krb5_principal_data * krb5_principal;
+typedef krb5_principal_data * krb5_principal;
/*
* Per V5 spec on definition of principal types
*/
/* Name type not known */
-#define KRB5_NT_UNKNOWN 0
+#define KRB5_NT_UNKNOWN 0
/* Just the name of the principal as in DCE, or for users */
-#define KRB5_NT_PRINCIPAL 1
+#define KRB5_NT_PRINCIPAL 1
/* Service and other unique instance (krbtgt) */
-#define KRB5_NT_SRV_INST 2
+#define KRB5_NT_SRV_INST 2
/* Service with host name as instance (telnet, rcommands) */
-#define KRB5_NT_SRV_HST 3
+#define KRB5_NT_SRV_HST 3
/* Service with host as remaining components */
-#define KRB5_NT_SRV_XHST 4
+#define KRB5_NT_SRV_XHST 4
/* Unique ID */
-#define KRB5_NT_UID 5
+#define KRB5_NT_UID 5
/* PKINIT */
-#define KRB5_NT_X500_PRINCIPAL 6
+#define KRB5_NT_X500_PRINCIPAL 6
/* Name in form of SMTP email name */
-#define KRB5_NT_SMTP_NAME 7
+#define KRB5_NT_SMTP_NAME 7
/* Windows 2000 UPN */
-#define KRB5_NT_ENTERPRISE_PRINCIPAL 10
+#define KRB5_NT_ENTERPRISE_PRINCIPAL 10
/* Windows 2000 UPN and SID */
-#define KRB5_NT_MS_PRINCIPAL -128
+#define KRB5_NT_MS_PRINCIPAL -128
/* NT 4 style name */
-#define KRB5_NT_MS_PRINCIPAL_AND_ID -129
+#define KRB5_NT_MS_PRINCIPAL_AND_ID -129
/* NT 4 style name and SID */
-#define KRB5_NT_ENT_PRINCIPAL_AND_ID -130
+#define KRB5_NT_ENT_PRINCIPAL_AND_ID -130
/* constant version thereof: */
typedef const krb5_principal_data *krb5_const_principal;
#define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value))
#define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value)
#define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value)
-#define krb5_princ_size(context, princ) (princ)->length
-#define krb5_princ_type(context, princ) (princ)->type
-#define krb5_princ_name(context, princ) (princ)->data
-#define krb5_princ_component(context, princ,i) \
- (((i) < krb5_princ_size(context, princ)) \
- ? (princ)->data + (i) \
- : NULL)
+#define krb5_princ_size(context, princ) (princ)->length
+#define krb5_princ_type(context, princ) (princ)->type
+#define krb5_princ_name(context, princ) (princ)->data
+#define krb5_princ_component(context, princ,i) \
+ (((i) < krb5_princ_size(context, princ)) \
+ ? (princ)->data + (i) \
+ : NULL)
/*
* Constants for realm referrals.
*/
-#define KRB5_REFERRAL_REALM ""
+#define KRB5_REFERRAL_REALM ""
/*
* Referral-specific functions.
} krb5_address;
/* per Kerberos v5 protocol spec */
-#define ADDRTYPE_INET 0x0002
-#define ADDRTYPE_CHAOS 0x0005
-#define ADDRTYPE_XNS 0x0006
-#define ADDRTYPE_ISO 0x0007
-#define ADDRTYPE_DDP 0x0010
-#define ADDRTYPE_NETBIOS 0x0014
-#define ADDRTYPE_INET6 0x0018
+#define ADDRTYPE_INET 0x0002
+#define ADDRTYPE_CHAOS 0x0005
+#define ADDRTYPE_XNS 0x0006
+#define ADDRTYPE_ISO 0x0007
+#define ADDRTYPE_DDP 0x0010
+#define ADDRTYPE_NETBIOS 0x0014
+#define ADDRTYPE_INET6 0x0018
/* not yet in the spec... */
-#define ADDRTYPE_ADDRPORT 0x0100
-#define ADDRTYPE_IPPORT 0x0101
+#define ADDRTYPE_ADDRPORT 0x0100
+#define ADDRTYPE_IPPORT 0x0101
/* macros to determine if a type is a local type */
#define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000)
#ifdef KRB5_OLD_CRYPTO
typedef struct _krb5_encrypt_block {
krb5_magic magic;
- krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need
- this. it was a pointer, but it
- doesn't have to be. gross. */
+ krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need
+ this. it was a pointer, but it
+ doesn't have to be. gross. */
krb5_keyblock *key;
} krb5_encrypt_block;
#endif
typedef struct _krb5_checksum {
krb5_magic magic;
- krb5_cksumtype checksum_type; /* checksum type */
+ krb5_cksumtype checksum_type; /* checksum type */
unsigned int length;
krb5_octet *contents;
} krb5_checksum;
} krb5_crypto_iov;
/* per Kerberos v5 protocol spec */
-#define ENCTYPE_NULL 0x0000
-#define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */
-#define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */
-#define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */
-#define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */
+#define ENCTYPE_NULL 0x0000
+#define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */
+#define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */
+#define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */
+#define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */
/* XXX deprecated? */
-#define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */
-#define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */
-#define ENCTYPE_DES_HMAC_SHA1 0x0008
+#define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */
+#define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */
+#define ENCTYPE_DES_HMAC_SHA1 0x0008
/* PKINIT */
-#define ENCTYPE_DSA_SHA1_CMS 0x0009 /* DSA with SHA1, CMS signature */
-#define ENCTYPE_MD5_RSA_CMS 0x000a /* MD5 with RSA, CMS signature */
-#define ENCTYPE_SHA1_RSA_CMS 0x000b /* SHA1 with RSA, CMS signature */
-#define ENCTYPE_RC2_CBC_ENV 0x000c /* RC2 cbc mode, CMS enveloped data */
-#define ENCTYPE_RSA_ENV 0x000d /* RSA encryption, CMS enveloped data */
-#define ENCTYPE_RSA_ES_OAEP_ENV 0x000e /* RSA w/OEAP encryption, CMS enveloped data */
-#define ENCTYPE_DES3_CBC_ENV 0x000f /* DES-3 cbc mode, CMS enveloped data */
-
-#define ENCTYPE_DES3_CBC_SHA1 0x0010
-#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
-#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
-#define ENCTYPE_ARCFOUR_HMAC 0x0017
+#define ENCTYPE_DSA_SHA1_CMS 0x0009 /* DSA with SHA1, CMS signature */
+#define ENCTYPE_MD5_RSA_CMS 0x000a /* MD5 with RSA, CMS signature */
+#define ENCTYPE_SHA1_RSA_CMS 0x000b /* SHA1 with RSA, CMS signature */
+#define ENCTYPE_RC2_CBC_ENV 0x000c /* RC2 cbc mode, CMS enveloped data */
+#define ENCTYPE_RSA_ENV 0x000d /* RSA encryption, CMS enveloped data */
+#define ENCTYPE_RSA_ES_OAEP_ENV 0x000e /* RSA w/OEAP encryption, CMS enveloped data */
+#define ENCTYPE_DES3_CBC_ENV 0x000f /* DES-3 cbc mode, CMS enveloped data */
+
+#define ENCTYPE_DES3_CBC_SHA1 0x0010
+#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
+#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
+#define ENCTYPE_ARCFOUR_HMAC 0x0017
#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
-#define ENCTYPE_UNKNOWN 0x01ff
+#define ENCTYPE_UNKNOWN 0x01ff
-#define CKSUMTYPE_CRC32 0x0001
-#define CKSUMTYPE_RSA_MD4 0x0002
-#define CKSUMTYPE_RSA_MD4_DES 0x0003
-#define CKSUMTYPE_DESCBC 0x0004
+#define CKSUMTYPE_CRC32 0x0001
+#define CKSUMTYPE_RSA_MD4 0x0002
+#define CKSUMTYPE_RSA_MD4_DES 0x0003
+#define CKSUMTYPE_DESCBC 0x0004
/* des-mac-k */
/* rsa-md4-des-k */
-#define CKSUMTYPE_RSA_MD5 0x0007
-#define CKSUMTYPE_RSA_MD5_DES 0x0008
-#define CKSUMTYPE_NIST_SHA 0x0009
-#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c
-#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f
-#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010
+#define CKSUMTYPE_RSA_MD5 0x0007
+#define CKSUMTYPE_RSA_MD5_DES 0x0008
+#define CKSUMTYPE_NIST_SHA 0x0009
+#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c
+#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f
+#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010
#define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/
#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
* entropy in the sample and to keep track of what sources of entropy have
* contributed enough entropy. Sources marked internal MUST NOT be
* used by applications outside the Kerberos library
-*/
+ */
enum {
- KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/
- KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/
- KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/
- /*This source should be used carefully; data in this category
- * should be from a third party trusted to give random bits
- * For example keys issued by the KDC in the application server.
- */
- KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/
- KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/
- KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/
+ KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/
+ KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/
+ KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/
+ /*This source should be used carefully; data in this category
+ * should be from a third party trusted to give random bits
+ * For example keys issued by the KDC in the application server.
+ */
+ KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/
+ KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/
+ KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/
};
#ifndef krb5_roundup
#endif
krb5_error_code KRB5_CALLCONV
- krb5_c_encrypt
- (krb5_context context, const krb5_keyblock *key,
- krb5_keyusage usage, const krb5_data *cipher_state,
- const krb5_data *input, krb5_enc_data *output);
+krb5_c_encrypt(krb5_context context, const krb5_keyblock *key,
+ krb5_keyusage usage, const krb5_data *cipher_state,
+ const krb5_data *input, krb5_enc_data *output);
krb5_error_code KRB5_CALLCONV
- krb5_c_decrypt
- (krb5_context context, const krb5_keyblock *key,
- krb5_keyusage usage, const krb5_data *cipher_state,
- const krb5_enc_data *input, krb5_data *output);
+krb5_c_decrypt(krb5_context context, const krb5_keyblock *key,
+ krb5_keyusage usage, const krb5_data *cipher_state,
+ const krb5_enc_data *input, krb5_data *output);
krb5_error_code KRB5_CALLCONV
- krb5_c_encrypt_length
- (krb5_context context, krb5_enctype enctype,
- size_t inputlen, size_t *length);
+krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype,
+ size_t inputlen, size_t *length);
krb5_error_code KRB5_CALLCONV
- krb5_c_block_size
- (krb5_context context, krb5_enctype enctype,
- size_t *blocksize);
+krb5_c_block_size(krb5_context context, krb5_enctype enctype,
+ size_t *blocksize);
krb5_error_code KRB5_CALLCONV
- krb5_c_keylengths
- (krb5_context context, krb5_enctype enctype,
- size_t *keybytes, size_t *keylength);
+krb5_c_keylengths(krb5_context context, krb5_enctype enctype,
+ size_t *keybytes, size_t *keylength);
krb5_error_code KRB5_CALLCONV
- krb5_c_init_state
-(krb5_context context,
-const krb5_keyblock *key, krb5_keyusage usage,
-krb5_data *new_state);
+krb5_c_init_state(krb5_context context, const krb5_keyblock *key,
+ krb5_keyusage usage, krb5_data *new_state);
krb5_error_code KRB5_CALLCONV
- krb5_c_free_state
-(krb5_context context, const krb5_keyblock *key, krb5_data *state);
+krb5_c_free_state(krb5_context context, const krb5_keyblock *key,
+ krb5_data *state);
krb5_error_code KRB5_CALLCONV
- krb5_c_prf (krb5_context, const krb5_keyblock *,
- krb5_data *in, krb5_data *out);
+krb5_c_prf(krb5_context, const krb5_keyblock *, krb5_data *in, krb5_data *out);
krb5_error_code KRB5_CALLCONV
- krb5_c_prf_length (krb5_context, krb5_enctype, size_t *outlen);
+krb5_c_prf_length(krb5_context, krb5_enctype, size_t *outlen);
+
krb5_error_code KRB5_CALLCONV
krb5_c_fx_cf2_simple(krb5_context context,
- krb5_keyblock *k1, const char *pepper1,
- krb5_keyblock *k2, const char *pepper2,
- krb5_keyblock **out);
- /* Returns KRB-FX-CF2 in a newly allocated
- * keyblock on success or an error code on error.
- * This function is simple in that it assumes
- * pepper1 and pepper2 are C strings with no
- * internal nulls and that the enctype of the
- * result will be the same as that of k1. Both
- * of these assumptions are true of current
- * specs.
- */
-
+ krb5_keyblock *k1, const char *pepper1,
+ krb5_keyblock *k2, const char *pepper2,
+ krb5_keyblock **out);
+/* Returns KRB-FX-CF2 in a newly allocated
+ * keyblock on success or an error code on error.
+ * This function is simple in that it assumes
+ * pepper1 and pepper2 are C strings with no
+ * internal nulls and that the enctype of the
+ * result will be the same as that of k1. Both
+ * of these assumptions are true of current
+ * specs.
+ */
krb5_error_code KRB5_CALLCONV
- krb5_c_make_random_key
- (krb5_context context, krb5_enctype enctype,
- krb5_keyblock *k5_random_key);
+krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
+ krb5_keyblock *k5_random_key);
krb5_error_code KRB5_CALLCONV
- krb5_c_random_to_key
- (krb5_context context, krb5_enctype enctype,
- krb5_data *random_data, krb5_keyblock *k5_random_key);
+krb5_c_random_to_key(krb5_context context, krb5_enctype enctype,
+ krb5_data *random_data, krb5_keyblock *k5_random_key);
-/* Register a new entropy sample with the PRNG. may cause
-* the PRNG to be reseeded, although this is not guaranteed. See previous randsource definitions
-* for information on how each source should be used.
-*/
+/*
+ * Register a new entropy sample with the PRNG. may cause the PRNG to be
+ * reseeded, although this is not guaranteed. See previous randsource
+ * definitions for information on how each source should be used.
+ */
krb5_error_code KRB5_CALLCONV
- krb5_c_random_add_entropy
-(krb5_context context, unsigned int randsource_id, const krb5_data *data);
-
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource_id,
+ const krb5_data *data);
krb5_error_code KRB5_CALLCONV
- krb5_c_random_make_octets
- (krb5_context context, krb5_data *data);
+krb5_c_random_make_octets(krb5_context context, krb5_data *data);
/*
-* Collect entropy from the OS if possible. strong requests that as strong
-* of a source of entropy as available be used. Setting strong may
-* increase the probability of blocking and should not be used for normal
-* applications. Good uses include seeding the PRNG for kadmind
-* and realm setup.
-* If successful is non-null, then successful is set to 1 if the OS provided
-* entropy else zero.
-*/
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_os_entropy
-(krb5_context context, int strong, int *success);
+ * Collect entropy from the OS if possible. strong requests that as strong
+ * of a source of entropy as available be used. Setting strong may
+ * increase the probability of blocking and should not be used for normal
+ * applications. Good uses include seeding the PRNG for kadmind
+ * and realm setup.
+ * If successful is non-null, then successful is set to 1 if the OS provided
+ * entropy else zero.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success);
/*deprecated*/ krb5_error_code KRB5_CALLCONV
- krb5_c_random_seed
- (krb5_context context, krb5_data *data);
+krb5_c_random_seed(krb5_context context, krb5_data *data);
krb5_error_code KRB5_CALLCONV
- krb5_c_string_to_key
- (krb5_context context, krb5_enctype enctype,
- const krb5_data *string, const krb5_data *salt,
- krb5_keyblock *key);
+krb5_c_string_to_key(krb5_context context, krb5_enctype enctype,
+ const krb5_data *string, const krb5_data *salt,
+ krb5_keyblock *key);
+
krb5_error_code KRB5_CALLCONV
krb5_c_string_to_key_with_params(krb5_context context,
- krb5_enctype enctype,
- const krb5_data *string,
- const krb5_data *salt,
- const krb5_data *params,
- krb5_keyblock *key);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_enctype_compare
- (krb5_context context, krb5_enctype e1, krb5_enctype e2,
- krb5_boolean *similar);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_make_checksum
- (krb5_context context, krb5_cksumtype cksumtype,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_data *input, krb5_checksum *cksum);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_verify_checksum
- (krb5_context context,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_data *data,
- const krb5_checksum *cksum,
- krb5_boolean *valid);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_checksum_length
- (krb5_context context, krb5_cksumtype cksumtype,
- size_t *length);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_keyed_checksum_types
- (krb5_context context, krb5_enctype enctype,
- unsigned int *count, krb5_cksumtype **cksumtypes);
-
-#define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1
-#define KRB5_KEYUSAGE_KDC_REP_TICKET 2
-#define KRB5_KEYUSAGE_AS_REP_ENCPART 3
-#define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4
-#define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5
-#define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6
-#define KRB5_KEYUSAGE_TGS_REQ_AUTH 7
-#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8
-#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9
-#define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10
-#define KRB5_KEYUSAGE_AP_REQ_AUTH 11
-#define KRB5_KEYUSAGE_AP_REP_ENCPART 12
-#define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13
-#define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14
-#define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15
-#define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16
-#define KRB5_KEYUSAGE_APP_DATA_CKSUM 17
-#define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18
-#define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19
-#define KRB5_KEYUSAGE_AD_MTE 20
-#define KRB5_KEYUSAGE_AD_ITE 21
+ krb5_enctype enctype,
+ const krb5_data *string,
+ const krb5_data *salt,
+ const krb5_data *params,
+ krb5_keyblock *key);
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2,
+ krb5_boolean *similar);
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
+ const krb5_keyblock *key, krb5_keyusage usage,
+ const krb5_data *input, krb5_checksum *cksum);
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
+ krb5_keyusage usage, const krb5_data *data,
+ const krb5_checksum *cksum, krb5_boolean *valid);
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype,
+ size_t *length);
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype,
+ unsigned int *count, krb5_cksumtype **cksumtypes);
+
+#define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1
+#define KRB5_KEYUSAGE_KDC_REP_TICKET 2
+#define KRB5_KEYUSAGE_AS_REP_ENCPART 3
+#define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4
+#define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5
+#define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6
+#define KRB5_KEYUSAGE_TGS_REQ_AUTH 7
+#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8
+#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9
+#define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10
+#define KRB5_KEYUSAGE_AP_REQ_AUTH 11
+#define KRB5_KEYUSAGE_AP_REP_ENCPART 12
+#define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13
+#define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14
+#define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15
+#define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16
+#define KRB5_KEYUSAGE_APP_DATA_CKSUM 17
+#define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18
+#define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19
+#define KRB5_KEYUSAGE_AD_MTE 20
+#define KRB5_KEYUSAGE_AD_ITE 21
/* XXX need to register these */
-#define KRB5_KEYUSAGE_GSS_TOK_MIC 22
-#define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23
-#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24
+#define KRB5_KEYUSAGE_GSS_TOK_MIC 22
+#define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23
+#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24
/* Defined in hardware preauth draft */
-#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25
-#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26
-#define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27
+#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25
+#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26
+#define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27
/* Defined in KDC referrals draft */
-#define KRB5_KEYUSAGE_PA_REFERRAL 26 /* XXX note conflict with above */
+#define KRB5_KEYUSAGE_PA_REFERRAL 26 /* XXX note conflict with above */
/* Defined in [MS-SFU] */
-#define KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST 26 /* XXX note conflict with above */
-#define KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY 27 /* XXX note conflict with above */
+#define KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST 26 /* XXX note conflict with above */
+#define KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY 27 /* XXX note conflict with above */
-#define KRB5_KEYUSAGE_AD_SIGNEDPATH -21
+#define KRB5_KEYUSAGE_AD_SIGNEDPATH -21
/* define in draft-ietf-krb-wg-preauth-framework*/
#define KRB5_KEYUSAGE_FAST_REQ_CHKSUM 50
#define KRB5_KEYUSAGE_ENC_CHALLENGE_KDC 55
#define KRB5_KEYUSAGE_FAST_REP 52
-krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype
- (krb5_enctype ktype);
-krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype
- (krb5_cksumtype ctype);
-krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum
- (krb5_cksumtype ctype);
-krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum
- (krb5_cksumtype ctype);
+krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype(krb5_enctype ktype);
+krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype(krb5_cksumtype ctype);
+krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype);
+krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum(krb5_cksumtype ctype);
/* AEAD APIs */
-#define KRB5_CRYPTO_TYPE_EMPTY 0 /* [in] ignored */
-#define KRB5_CRYPTO_TYPE_HEADER 1 /* [out] header */
-#define KRB5_CRYPTO_TYPE_DATA 2 /* [in, out] plaintext */
-#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 /* [in] associated data */
-#define KRB5_CRYPTO_TYPE_PADDING 4 /* [out] padding */
-#define KRB5_CRYPTO_TYPE_TRAILER 5 /* [out] checksum for encrypt */
-#define KRB5_CRYPTO_TYPE_CHECKSUM 6 /* [out] checksum for MIC */
-#define KRB5_CRYPTO_TYPE_STREAM 7 /* [in] entire message */
+#define KRB5_CRYPTO_TYPE_EMPTY 0 /* [in] ignored */
+#define KRB5_CRYPTO_TYPE_HEADER 1 /* [out] header */
+#define KRB5_CRYPTO_TYPE_DATA 2 /* [in, out] plaintext */
+#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 /* [in] associated data */
+#define KRB5_CRYPTO_TYPE_PADDING 4 /* [out] padding */
+#define KRB5_CRYPTO_TYPE_TRAILER 5 /* [out] checksum for encrypt */
+#define KRB5_CRYPTO_TYPE_CHECKSUM 6 /* [out] checksum for MIC */
+#define KRB5_CRYPTO_TYPE_STREAM 7 /* [in] entire message */
krb5_error_code KRB5_CALLCONV
- krb5_c_make_checksum_iov
- (krb5_context context, krb5_cksumtype cksumtype,
- const krb5_keyblock *key, krb5_keyusage usage,
- krb5_crypto_iov *data, size_t num_data);
+krb5_c_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
+ const krb5_keyblock *key, krb5_keyusage usage,
+ krb5_crypto_iov *data, size_t num_data);
krb5_error_code KRB5_CALLCONV
- krb5_c_verify_checksum_iov
- (krb5_context context,
- krb5_cksumtype cksumtype,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_crypto_iov *data, size_t num_data,
- krb5_boolean *valid);
+krb5_c_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
+ const krb5_keyblock *key, krb5_keyusage usage,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_boolean *valid);
krb5_error_code KRB5_CALLCONV
- krb5_c_encrypt_iov
- (krb5_context context, const krb5_keyblock *key,
- krb5_keyusage usage, const krb5_data *cipher_state,
- krb5_crypto_iov *data, size_t num_data);
+krb5_c_encrypt_iov(krb5_context context, const krb5_keyblock *key,
+ krb5_keyusage usage, const krb5_data *cipher_state,
+ krb5_crypto_iov *data, size_t num_data);
krb5_error_code KRB5_CALLCONV
- krb5_c_decrypt_iov
- (krb5_context context, const krb5_keyblock *key,
- krb5_keyusage usage, const krb5_data *cipher_state,
- krb5_crypto_iov *data, size_t num_data);
+krb5_c_decrypt_iov(krb5_context context, const krb5_keyblock *key,
+ krb5_keyusage usage, const krb5_data *cipher_state,
+ krb5_crypto_iov *data, size_t num_data);
krb5_error_code KRB5_CALLCONV
- krb5_c_crypto_length
- (krb5_context context, krb5_enctype enctype,
- krb5_cryptotype type, unsigned int *size);
+krb5_c_crypto_length(krb5_context context, krb5_enctype enctype,
+ krb5_cryptotype type, unsigned int *size);
krb5_error_code KRB5_CALLCONV
- krb5_c_crypto_length_iov
- (krb5_context context, krb5_enctype enctype,
- krb5_crypto_iov *data, size_t num_data);
+krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype,
+ krb5_crypto_iov *data, size_t num_data);
krb5_error_code KRB5_CALLCONV
- krb5_c_padding_length
- (krb5_context context, krb5_enctype enctype,
- size_t data_length, unsigned int *size);
+krb5_c_padding_length(krb5_context context, krb5_enctype enctype,
+ size_t data_length, unsigned int *size);
krb5_error_code KRB5_CALLCONV
krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data,
- krb5_key *out);
+ krb5_key *out);
/* Keys are logically immutable and can be "copied" by reference count. */
void KRB5_CALLCONV krb5_k_reference_key(krb5_context context, krb5_key key);
krb5_error_code KRB5_CALLCONV
krb5_k_key_keyblock(krb5_context context, krb5_key key,
- krb5_keyblock **key_data);
+ krb5_keyblock **key_data);
krb5_enctype KRB5_CALLCONV
krb5_k_key_enctype(krb5_context context, krb5_key key);
krb5_error_code KRB5_CALLCONV
krb5_k_encrypt(krb5_context context, krb5_key key, krb5_keyusage usage,
- const krb5_data *cipher_state, const krb5_data *input,
- krb5_enc_data *output);
+ const krb5_data *cipher_state, const krb5_data *input,
+ krb5_enc_data *output);
krb5_error_code KRB5_CALLCONV
krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
- const krb5_data *cipher_state, krb5_crypto_iov *data,
- size_t num_data);
+ const krb5_data *cipher_state, krb5_crypto_iov *data,
+ size_t num_data);
krb5_error_code KRB5_CALLCONV
krb5_k_decrypt(krb5_context context, krb5_key key, krb5_keyusage usage,
- const krb5_data *cipher_state, const krb5_enc_data *input,
- krb5_data *output);
+ const krb5_data *cipher_state, const krb5_enc_data *input,
+ krb5_data *output);
krb5_error_code KRB5_CALLCONV
krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
- const krb5_data *cipher_state, krb5_crypto_iov *data,
- size_t num_data);
+ const krb5_data *cipher_state, krb5_crypto_iov *data,
+ size_t num_data);
krb5_error_code KRB5_CALLCONV
krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
- krb5_key key, krb5_keyusage usage, const krb5_data *input,
- krb5_checksum *cksum);
+ krb5_key key, krb5_keyusage usage, const krb5_data *input,
+ krb5_checksum *cksum);
krb5_error_code KRB5_CALLCONV
krb5_k_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
- krb5_key key, krb5_keyusage usage,
- krb5_crypto_iov *data, size_t num_data);
+ krb5_key key, krb5_keyusage usage,
+ krb5_crypto_iov *data, size_t num_data);
krb5_error_code KRB5_CALLCONV
krb5_k_verify_checksum(krb5_context context, krb5_key key, krb5_keyusage usage,
- const krb5_data *data, const krb5_checksum *cksum,
- krb5_boolean *valid);
+ const krb5_data *data, const krb5_checksum *cksum,
+ krb5_boolean *valid);
krb5_error_code KRB5_CALLCONV
krb5_k_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
- krb5_key key, krb5_keyusage usage,
- const krb5_crypto_iov *data, size_t num_data,
- krb5_boolean *valid);
+ krb5_key key, krb5_keyusage usage,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_boolean *valid);
#ifdef KRB5_OLD_CRYPTO
/*
* old cryptosystem routine prototypes. These are now layered
* on top of the functions above.
*/
-krb5_error_code KRB5_CALLCONV krb5_encrypt
- (krb5_context context,
- krb5_const_pointer inptr,
- krb5_pointer outptr,
- size_t size,
- krb5_encrypt_block * eblock,
- krb5_pointer ivec);
-krb5_error_code KRB5_CALLCONV krb5_decrypt
- (krb5_context context,
- krb5_const_pointer inptr,
- krb5_pointer outptr,
- size_t size,
- krb5_encrypt_block * eblock,
- krb5_pointer ivec);
-krb5_error_code KRB5_CALLCONV krb5_process_key
- (krb5_context context,
- krb5_encrypt_block * eblock,
- const krb5_keyblock * key);
-krb5_error_code KRB5_CALLCONV krb5_finish_key
- (krb5_context context,
- krb5_encrypt_block * eblock);
-krb5_error_code KRB5_CALLCONV krb5_string_to_key
- (krb5_context context,
- const krb5_encrypt_block * eblock,
- krb5_keyblock * keyblock,
- const krb5_data * data,
- const krb5_data * salt);
-krb5_error_code KRB5_CALLCONV krb5_init_random_key
- (krb5_context context,
- const krb5_encrypt_block * eblock,
- const krb5_keyblock * keyblock,
- krb5_pointer * ptr);
-krb5_error_code KRB5_CALLCONV krb5_finish_random_key
- (krb5_context context,
- const krb5_encrypt_block * eblock,
- krb5_pointer * ptr);
-krb5_error_code KRB5_CALLCONV krb5_random_key
- (krb5_context context,
- const krb5_encrypt_block * eblock,
- krb5_pointer ptr,
- krb5_keyblock ** keyblock);
-krb5_enctype KRB5_CALLCONV krb5_eblock_enctype
- (krb5_context context,
- const krb5_encrypt_block * eblock);
-krb5_error_code KRB5_CALLCONV krb5_use_enctype
- (krb5_context context,
- krb5_encrypt_block * eblock,
- krb5_enctype enctype);
-size_t KRB5_CALLCONV krb5_encrypt_size
- (size_t length,
- krb5_enctype crypto);
-size_t KRB5_CALLCONV krb5_checksum_size
- (krb5_context context,
- krb5_cksumtype ctype);
-krb5_error_code KRB5_CALLCONV krb5_calculate_checksum
- (krb5_context context,
- krb5_cksumtype ctype,
- krb5_const_pointer in, size_t in_length,
- krb5_const_pointer seed, size_t seed_length,
- krb5_checksum * outcksum);
-krb5_error_code KRB5_CALLCONV krb5_verify_checksum
- (krb5_context context,
- krb5_cksumtype ctype,
- const krb5_checksum * cksum,
- krb5_const_pointer in, size_t in_length,
- krb5_const_pointer seed, size_t seed_length);
+krb5_error_code KRB5_CALLCONV
+krb5_encrypt(krb5_context context, krb5_const_pointer inptr,
+ krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
+ krb5_pointer ivec);
+
+krb5_error_code KRB5_CALLCONV
+krb5_decrypt(krb5_context context, krb5_const_pointer inptr,
+ krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
+ krb5_pointer ivec);
+
+krb5_error_code KRB5_CALLCONV
+krb5_process_key(krb5_context context, krb5_encrypt_block *eblock,
+ const krb5_keyblock * key);
+
+krb5_error_code KRB5_CALLCONV
+krb5_finish_key(krb5_context context, krb5_encrypt_block * eblock);
+
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_key(krb5_context context, const krb5_encrypt_block *eblock,
+ krb5_keyblock * keyblock, const krb5_data *data,
+ const krb5_data *salt);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock,
+ const krb5_keyblock *keyblock, krb5_pointer *ptr);
+
+krb5_error_code KRB5_CALLCONV
+krb5_finish_random_key(krb5_context context, const krb5_encrypt_block *eblock,
+ krb5_pointer *ptr);
+
+krb5_error_code KRB5_CALLCONV
+krb5_random_key(krb5_context context, const krb5_encrypt_block *eblock,
+ krb5_pointer ptr, krb5_keyblock **keyblock);
+
+krb5_enctype KRB5_CALLCONV
+krb5_eblock_enctype(krb5_context context, const krb5_encrypt_block *eblock);
+
+krb5_error_code KRB5_CALLCONV
+krb5_use_enctype(krb5_context context, krb5_encrypt_block *eblock,
+ krb5_enctype enctype);
+
+size_t KRB5_CALLCONV
+krb5_encrypt_size(size_t length, krb5_enctype crypto);
+
+size_t KRB5_CALLCONV
+krb5_checksum_size(krb5_context context, krb5_cksumtype ctype);
+
+krb5_error_code KRB5_CALLCONV
+krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
+ krb5_const_pointer in, size_t in_length,
+ krb5_const_pointer seed, size_t seed_length,
+ krb5_checksum * outcksum);
+
+krb5_error_code KRB5_CALLCONV
+krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
+ const krb5_checksum * cksum, krb5_const_pointer in,
+ size_t in_length, krb5_const_pointer seed,
+ size_t seed_length);
#endif /* KRB5_OLD_CRYPTO */
/* kdc_options for kdc_request */
/* options is 32 bits; each host is responsible to put the 4 bytes
representing these bits into net order before transmission */
-/* #define KDC_OPT_RESERVED 0x80000000 */
-#define KDC_OPT_FORWARDABLE 0x40000000
-#define KDC_OPT_FORWARDED 0x20000000
-#define KDC_OPT_PROXIABLE 0x10000000
-#define KDC_OPT_PROXY 0x08000000
-#define KDC_OPT_ALLOW_POSTDATE 0x04000000
-#define KDC_OPT_POSTDATED 0x02000000
-/* #define KDC_OPT_UNUSED 0x01000000 */
-#define KDC_OPT_RENEWABLE 0x00800000
-/* #define KDC_OPT_UNUSED 0x00400000 */
-/* #define KDC_OPT_RESERVED 0x00200000 */
-/* #define KDC_OPT_RESERVED 0x00100000 */
-/* #define KDC_OPT_RESERVED 0x00080000 */
-/* #define KDC_OPT_RESERVED 0x00040000 */
-#define KDC_OPT_REQUEST_ANONYMOUS 0x00020000
-#define KDC_OPT_CNAME_IN_ADDL_TKT 0x00020000
-#define KDC_OPT_CANONICALIZE 0x00010000
-/* #define KDC_OPT_RESERVED 0x00008000 */
-/* #define KDC_OPT_RESERVED 0x00004000 */
-/* #define KDC_OPT_RESERVED 0x00002000 */
-/* #define KDC_OPT_RESERVED 0x00001000 */
-/* #define KDC_OPT_RESERVED 0x00000800 */
-/* #define KDC_OPT_RESERVED 0x00000400 */
-/* #define KDC_OPT_RESERVED 0x00000200 */
-/* #define KDC_OPT_RESERVED 0x00000100 */
-/* #define KDC_OPT_RESERVED 0x00000080 */
-/* #define KDC_OPT_RESERVED 0x00000040 */
-#define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020
-#define KDC_OPT_RENEWABLE_OK 0x00000010
-#define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008
-/* #define KDC_OPT_UNUSED 0x00000004 */
-#define KDC_OPT_RENEW 0x00000002
-#define KDC_OPT_VALIDATE 0x00000001
+/* #define KDC_OPT_RESERVED 0x80000000 */
+#define KDC_OPT_FORWARDABLE 0x40000000
+#define KDC_OPT_FORWARDED 0x20000000
+#define KDC_OPT_PROXIABLE 0x10000000
+#define KDC_OPT_PROXY 0x08000000
+#define KDC_OPT_ALLOW_POSTDATE 0x04000000
+#define KDC_OPT_POSTDATED 0x02000000
+/* #define KDC_OPT_UNUSED 0x01000000 */
+#define KDC_OPT_RENEWABLE 0x00800000
+/* #define KDC_OPT_UNUSED 0x00400000 */
+/* #define KDC_OPT_RESERVED 0x00200000 */
+/* #define KDC_OPT_RESERVED 0x00100000 */
+/* #define KDC_OPT_RESERVED 0x00080000 */
+/* #define KDC_OPT_RESERVED 0x00040000 */
+#define KDC_OPT_REQUEST_ANONYMOUS 0x00020000
+#define KDC_OPT_CNAME_IN_ADDL_TKT 0x00020000
+#define KDC_OPT_CANONICALIZE 0x00010000
+/* #define KDC_OPT_RESERVED 0x00008000 */
+/* #define KDC_OPT_RESERVED 0x00004000 */
+/* #define KDC_OPT_RESERVED 0x00002000 */
+/* #define KDC_OPT_RESERVED 0x00001000 */
+/* #define KDC_OPT_RESERVED 0x00000800 */
+/* #define KDC_OPT_RESERVED 0x00000400 */
+/* #define KDC_OPT_RESERVED 0x00000200 */
+/* #define KDC_OPT_RESERVED 0x00000100 */
+/* #define KDC_OPT_RESERVED 0x00000080 */
+/* #define KDC_OPT_RESERVED 0x00000040 */
+#define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020
+#define KDC_OPT_RENEWABLE_OK 0x00000010
+#define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008
+/* #define KDC_OPT_UNUSED 0x00000004 */
+#define KDC_OPT_RENEW 0x00000002
+#define KDC_OPT_VALIDATE 0x00000001
/*
* Mask of ticket flags in the TGT which should be converted into KDC
* options when using the TGT to get derivitive tickets.
*
* New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE |
- * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE
+ * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE
*/
-#define KDC_TKT_COMMON_MASK 0x54800000
+#define KDC_TKT_COMMON_MASK 0x54800000
/* definitions for ap_options fields */
/* ap_options are 32 bits; each host is responsible to put the 4 bytes
representing these bits into net order before transmission */
-#define AP_OPTS_RESERVED 0x80000000
-#define AP_OPTS_USE_SESSION_KEY 0x40000000
-#define AP_OPTS_MUTUAL_REQUIRED 0x20000000
-/* #define AP_OPTS_RESERVED 0x10000000 */
-/* #define AP_OPTS_RESERVED 0x08000000 */
-/* #define AP_OPTS_RESERVED 0x04000000 */
-/* #define AP_OPTS_RESERVED 0x02000000 */
-/* #define AP_OPTS_RESERVED 0x01000000 */
-/* #define AP_OPTS_RESERVED 0x00800000 */
-/* #define AP_OPTS_RESERVED 0x00400000 */
-/* #define AP_OPTS_RESERVED 0x00200000 */
-/* #define AP_OPTS_RESERVED 0x00100000 */
-/* #define AP_OPTS_RESERVED 0x00080000 */
-/* #define AP_OPTS_RESERVED 0x00040000 */
-/* #define AP_OPTS_RESERVED 0x00020000 */
-/* #define AP_OPTS_RESERVED 0x00010000 */
-/* #define AP_OPTS_RESERVED 0x00008000 */
-/* #define AP_OPTS_RESERVED 0x00004000 */
-/* #define AP_OPTS_RESERVED 0x00002000 */
-/* #define AP_OPTS_RESERVED 0x00001000 */
-/* #define AP_OPTS_RESERVED 0x00000800 */
-/* #define AP_OPTS_RESERVED 0x00000400 */
-/* #define AP_OPTS_RESERVED 0x00000200 */
-/* #define AP_OPTS_RESERVED 0x00000100 */
-/* #define AP_OPTS_RESERVED 0x00000080 */
-/* #define AP_OPTS_RESERVED 0x00000040 */
-/* #define AP_OPTS_RESERVED 0x00000020 */
-/* #define AP_OPTS_RESERVED 0x00000010 */
-/* #define AP_OPTS_RESERVED 0x00000008 */
-/* #define AP_OPTS_RESERVED 0x00000004 */
-#define AP_OPTS_ETYPE_NEGOTIATION 0x00000002
-#define AP_OPTS_USE_SUBKEY 0x00000001
-
-#define AP_OPTS_WIRE_MASK 0xfffffff0
+#define AP_OPTS_RESERVED 0x80000000
+#define AP_OPTS_USE_SESSION_KEY 0x40000000
+#define AP_OPTS_MUTUAL_REQUIRED 0x20000000
+/* #define AP_OPTS_RESERVED 0x10000000 */
+/* #define AP_OPTS_RESERVED 0x08000000 */
+/* #define AP_OPTS_RESERVED 0x04000000 */
+/* #define AP_OPTS_RESERVED 0x02000000 */
+/* #define AP_OPTS_RESERVED 0x01000000 */
+/* #define AP_OPTS_RESERVED 0x00800000 */
+/* #define AP_OPTS_RESERVED 0x00400000 */
+/* #define AP_OPTS_RESERVED 0x00200000 */
+/* #define AP_OPTS_RESERVED 0x00100000 */
+/* #define AP_OPTS_RESERVED 0x00080000 */
+/* #define AP_OPTS_RESERVED 0x00040000 */
+/* #define AP_OPTS_RESERVED 0x00020000 */
+/* #define AP_OPTS_RESERVED 0x00010000 */
+/* #define AP_OPTS_RESERVED 0x00008000 */
+/* #define AP_OPTS_RESERVED 0x00004000 */
+/* #define AP_OPTS_RESERVED 0x00002000 */
+/* #define AP_OPTS_RESERVED 0x00001000 */
+/* #define AP_OPTS_RESERVED 0x00000800 */
+/* #define AP_OPTS_RESERVED 0x00000400 */
+/* #define AP_OPTS_RESERVED 0x00000200 */
+/* #define AP_OPTS_RESERVED 0x00000100 */
+/* #define AP_OPTS_RESERVED 0x00000080 */
+/* #define AP_OPTS_RESERVED 0x00000040 */
+/* #define AP_OPTS_RESERVED 0x00000020 */
+/* #define AP_OPTS_RESERVED 0x00000010 */
+/* #define AP_OPTS_RESERVED 0x00000008 */
+/* #define AP_OPTS_RESERVED 0x00000004 */
+#define AP_OPTS_ETYPE_NEGOTIATION 0x00000002
+#define AP_OPTS_USE_SUBKEY 0x00000001
+
+#define AP_OPTS_WIRE_MASK 0xfffffff0
/* definitions for ad_type fields. */
-#define AD_TYPE_RESERVED 0x8000
-#define AD_TYPE_EXTERNAL 0x4000
-#define AD_TYPE_REGISTERED 0x2000
+#define AD_TYPE_RESERVED 0x8000
+#define AD_TYPE_EXTERNAL 0x4000
+#define AD_TYPE_REGISTERED 0x2000
-#define AD_TYPE_FIELD_TYPE_MASK 0x1fff
+#define AD_TYPE_FIELD_TYPE_MASK 0x1fff
/* Ticket flags */
/* flags are 32 bits; each host is responsible to put the 4 bytes
representing these bits into net order before transmission */
-/* #define TKT_FLG_RESERVED 0x80000000 */
-#define TKT_FLG_FORWARDABLE 0x40000000
-#define TKT_FLG_FORWARDED 0x20000000
-#define TKT_FLG_PROXIABLE 0x10000000
-#define TKT_FLG_PROXY 0x08000000
-#define TKT_FLG_MAY_POSTDATE 0x04000000
-#define TKT_FLG_POSTDATED 0x02000000
-#define TKT_FLG_INVALID 0x01000000
-#define TKT_FLG_RENEWABLE 0x00800000
-#define TKT_FLG_INITIAL 0x00400000
-#define TKT_FLG_PRE_AUTH 0x00200000
-#define TKT_FLG_HW_AUTH 0x00100000
-#define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000
-#define TKT_FLG_OK_AS_DELEGATE 0x00040000
-#define TKT_FLG_ANONYMOUS 0x00020000
-/* #define TKT_FLG_RESERVED 0x00010000 */
-/* #define TKT_FLG_RESERVED 0x00008000 */
-/* #define TKT_FLG_RESERVED 0x00004000 */
-/* #define TKT_FLG_RESERVED 0x00002000 */
-/* #define TKT_FLG_RESERVED 0x00001000 */
-/* #define TKT_FLG_RESERVED 0x00000800 */
-/* #define TKT_FLG_RESERVED 0x00000400 */
-/* #define TKT_FLG_RESERVED 0x00000200 */
-/* #define TKT_FLG_RESERVED 0x00000100 */
-/* #define TKT_FLG_RESERVED 0x00000080 */
-/* #define TKT_FLG_RESERVED 0x00000040 */
-/* #define TKT_FLG_RESERVED 0x00000020 */
-/* #define TKT_FLG_RESERVED 0x00000010 */
-/* #define TKT_FLG_RESERVED 0x00000008 */
-/* #define TKT_FLG_RESERVED 0x00000004 */
-/* #define TKT_FLG_RESERVED 0x00000002 */
-/* #define TKT_FLG_RESERVED 0x00000001 */
+/* #define TKT_FLG_RESERVED 0x80000000 */
+#define TKT_FLG_FORWARDABLE 0x40000000
+#define TKT_FLG_FORWARDED 0x20000000
+#define TKT_FLG_PROXIABLE 0x10000000
+#define TKT_FLG_PROXY 0x08000000
+#define TKT_FLG_MAY_POSTDATE 0x04000000
+#define TKT_FLG_POSTDATED 0x02000000
+#define TKT_FLG_INVALID 0x01000000
+#define TKT_FLG_RENEWABLE 0x00800000
+#define TKT_FLG_INITIAL 0x00400000
+#define TKT_FLG_PRE_AUTH 0x00200000
+#define TKT_FLG_HW_AUTH 0x00100000
+#define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000
+#define TKT_FLG_OK_AS_DELEGATE 0x00040000
+#define TKT_FLG_ANONYMOUS 0x00020000
+/* #define TKT_FLG_RESERVED 0x00010000 */
+/* #define TKT_FLG_RESERVED 0x00008000 */
+/* #define TKT_FLG_RESERVED 0x00004000 */
+/* #define TKT_FLG_RESERVED 0x00002000 */
+/* #define TKT_FLG_RESERVED 0x00001000 */
+/* #define TKT_FLG_RESERVED 0x00000800 */
+/* #define TKT_FLG_RESERVED 0x00000400 */
+/* #define TKT_FLG_RESERVED 0x00000200 */
+/* #define TKT_FLG_RESERVED 0x00000100 */
+/* #define TKT_FLG_RESERVED 0x00000080 */
+/* #define TKT_FLG_RESERVED 0x00000040 */
+/* #define TKT_FLG_RESERVED 0x00000020 */
+/* #define TKT_FLG_RESERVED 0x00000010 */
+/* #define TKT_FLG_RESERVED 0x00000008 */
+/* #define TKT_FLG_RESERVED 0x00000004 */
+/* #define TKT_FLG_RESERVED 0x00000002 */
+/* #define TKT_FLG_RESERVED 0x00000001 */
/* definitions for lr_type fields. */
-#define LR_TYPE_THIS_SERVER_ONLY 0x8000
+#define LR_TYPE_THIS_SERVER_ONLY 0x8000
-#define LR_TYPE_INTERPRETATION_MASK 0x7fff
+#define LR_TYPE_INTERPRETATION_MASK 0x7fff
/* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */
-#define MSEC_DIRBIT 0x8000
-#define MSEC_VAL_MASK 0x7fff
+#define MSEC_DIRBIT 0x8000
+#define MSEC_VAL_MASK 0x7fff
/*
* end "fieldbits.h"
*/
/* Protocol version number */
-#define KRB5_PVNO 5
+#define KRB5_PVNO 5
/* Message types */
-#define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */
-#define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */
-#define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */
-#define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */
-#define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */
-#define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */
-#define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */
-#define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */
-#define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */
-#define KRB5_ERROR ((krb5_msgtype)30) /* Error response */
+#define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */
+#define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */
+#define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */
+#define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */
+#define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */
+#define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */
+#define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */
+#define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */
+#define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */
+#define KRB5_ERROR ((krb5_msgtype)30) /* Error response */
/* LastReq types */
-#define KRB5_LRQ_NONE 0
-#define KRB5_LRQ_ALL_LAST_TGT 1
-#define KRB5_LRQ_ONE_LAST_TGT (-1)
-#define KRB5_LRQ_ALL_LAST_INITIAL 2
-#define KRB5_LRQ_ONE_LAST_INITIAL (-2)
-#define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3
-#define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3)
-#define KRB5_LRQ_ALL_LAST_RENEWAL 4
-#define KRB5_LRQ_ONE_LAST_RENEWAL (-4)
-#define KRB5_LRQ_ALL_LAST_REQ 5
-#define KRB5_LRQ_ONE_LAST_REQ (-5)
-#define KRB5_LRQ_ALL_PW_EXPTIME 6
-#define KRB5_LRQ_ONE_PW_EXPTIME (-6)
+#define KRB5_LRQ_NONE 0
+#define KRB5_LRQ_ALL_LAST_TGT 1
+#define KRB5_LRQ_ONE_LAST_TGT (-1)
+#define KRB5_LRQ_ALL_LAST_INITIAL 2
+#define KRB5_LRQ_ONE_LAST_INITIAL (-2)
+#define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3
+#define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3)
+#define KRB5_LRQ_ALL_LAST_RENEWAL 4
+#define KRB5_LRQ_ONE_LAST_RENEWAL (-4)
+#define KRB5_LRQ_ALL_LAST_REQ 5
+#define KRB5_LRQ_ONE_LAST_REQ (-5)
+#define KRB5_LRQ_ALL_PW_EXPTIME 6
+#define KRB5_LRQ_ONE_PW_EXPTIME (-6)
/* PADATA types */
-#define KRB5_PADATA_NONE 0
-#define KRB5_PADATA_AP_REQ 1
-#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ
-#define KRB5_PADATA_ENC_TIMESTAMP 2
-#define KRB5_PADATA_PW_SALT 3
-#if 0 /* Not used */
-#define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */
+#define KRB5_PADATA_NONE 0
+#define KRB5_PADATA_AP_REQ 1
+#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ
+#define KRB5_PADATA_ENC_TIMESTAMP 2
+#define KRB5_PADATA_PW_SALT 3
+#if 0 /* Not used */
+#define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */
#endif
-#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */
-#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */
-#define KRB5_PADATA_SESAME 7 /* Sesame project */
-#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */
-#define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */
-#define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */
-#define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */
-#define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */
-#define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */
-#define KRB5_PADATA_PK_AS_REQ_OLD 14 /* PKINIT */
-#define KRB5_PADATA_PK_AS_REP_OLD 15 /* PKINIT */
-#define KRB5_PADATA_PK_AS_REQ 16 /* PKINIT */
-#define KRB5_PADATA_PK_AS_REP 17 /* PKINIT */
-#define KRB5_PADATA_ETYPE_INFO2 19
-#define KRB5_PADATA_USE_SPECIFIED_KVNO 20
-#define KRB5_PADATA_SVR_REFERRAL_INFO 20 /* Windows 2000 referrals */
-#define KRB5_PADATA_SAM_REDIRECT 21
-#define KRB5_PADATA_GET_FROM_TYPED_DATA 22
-#define KRB5_PADATA_REFERRAL 25 /* draft referral system */
-#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */
-#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */
-#define KRB5_PADATA_PAC_REQUEST 128 /* include Windows PAC */
-#define KRB5_PADATA_FOR_USER 129 /* username protocol transition request */
-#define KRB5_PADATA_S4U_X509_USER 130 /* certificate protocol transition request */
+#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */
+#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */
+#define KRB5_PADATA_SESAME 7 /* Sesame project */
+#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */
+#define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */
+#define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */
+#define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */
+#define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */
+#define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */
+#define KRB5_PADATA_PK_AS_REQ_OLD 14 /* PKINIT */
+#define KRB5_PADATA_PK_AS_REP_OLD 15 /* PKINIT */
+#define KRB5_PADATA_PK_AS_REQ 16 /* PKINIT */
+#define KRB5_PADATA_PK_AS_REP 17 /* PKINIT */
+#define KRB5_PADATA_ETYPE_INFO2 19
+#define KRB5_PADATA_USE_SPECIFIED_KVNO 20
+#define KRB5_PADATA_SVR_REFERRAL_INFO 20 /* Windows 2000 referrals */
+#define KRB5_PADATA_SAM_REDIRECT 21
+#define KRB5_PADATA_GET_FROM_TYPED_DATA 22
+#define KRB5_PADATA_REFERRAL 25 /* draft referral system */
+#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */
+#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */
+#define KRB5_PADATA_PAC_REQUEST 128 /* include Windows PAC */
+#define KRB5_PADATA_FOR_USER 129 /* username protocol transition request */
+#define KRB5_PADATA_S4U_X509_USER 130 /* certificate protocol transition request */
#define KRB5_PADATA_FX_COOKIE 133
#define KRB5_PADATA_FX_FAST 136
#define KRB5_PADATA_FX_ERROR 137
#define KRB5_PADATA_ENCRYPTED_CHALLENGE 138
-#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000
-#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000
-#define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */
+#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000
+#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000
+#define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */
/* Reserved for SPX pre-authentication. */
-#define KRB5_PADATA_DASS 16
+#define KRB5_PADATA_DASS 16
/* Transited encoding types */
-#define KRB5_DOMAIN_X500_COMPRESS 1
+#define KRB5_DOMAIN_X500_COMPRESS 1
/* alternate authentication types */
-#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64
+#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64
/* authorization data types */
#define KRB5_AUTHDATA_IF_RELEVANT 1
#define KRB5_AUTHDATA_KDC_ISSUED 4
-#define KRB5_AUTHDATA_AND_OR 5
-#define KRB5_AUTHDATA_MANDATORY_FOR_KDC 8
-#define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS 9
-#define KRB5_AUTHDATA_OSF_DCE 64
-#define KRB5_AUTHDATA_SESAME 65
-#define KRB5_AUTHDATA_WIN2K_PAC 128
-#define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */
-#define KRB5_AUTHDATA_SIGNTICKET 142
+#define KRB5_AUTHDATA_AND_OR 5
+#define KRB5_AUTHDATA_MANDATORY_FOR_KDC 8
+#define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS 9
+#define KRB5_AUTHDATA_OSF_DCE 64
+#define KRB5_AUTHDATA_SESAME 65
+#define KRB5_AUTHDATA_WIN2K_PAC 128
+#define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */
+#define KRB5_AUTHDATA_SIGNTICKET 142
#define KRB5_AUTHDATA_FX_ARMOR 71
/* password change constants */
-#define KRB5_KPASSWD_SUCCESS 0
-#define KRB5_KPASSWD_MALFORMED 1
-#define KRB5_KPASSWD_HARDERROR 2
-#define KRB5_KPASSWD_AUTHERROR 3
-#define KRB5_KPASSWD_SOFTERROR 4
+#define KRB5_KPASSWD_SUCCESS 0
+#define KRB5_KPASSWD_MALFORMED 1
+#define KRB5_KPASSWD_HARDERROR 2
+#define KRB5_KPASSWD_AUTHERROR 3
+#define KRB5_KPASSWD_SOFTERROR 4
/* These are Microsoft's extensions in RFC 3244, and it looks like
they'll become standardized, possibly with other additions. */
-#define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */
-#define KRB5_KPASSWD_BAD_VERSION 6
-#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */
+#define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */
+#define KRB5_KPASSWD_BAD_VERSION 6
+#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */
/*
* end "proto.h"
/* Time set */
typedef struct _krb5_ticket_times {
krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
- in ticket? otherwise client can't get this */
- krb5_timestamp starttime; /* optional in ticket, if not present,
- use authtime */
+ in ticket? otherwise client can't get this */
+ krb5_timestamp starttime; /* optional in ticket, if not present,
+ use authtime */
krb5_timestamp endtime;
krb5_timestamp renew_till;
} krb5_ticket_times;
typedef struct _krb5_enc_tkt_part {
krb5_magic magic;
/* to-be-encrypted portion */
- krb5_flags flags; /* flags */
- krb5_keyblock *session; /* session key: includes enctype */
- krb5_principal client; /* client name/realm */
- krb5_transited transited; /* list of transited realms */
- krb5_ticket_times times; /* auth, start, end, renew_till */
- krb5_address **caddrs; /* array of ptrs to addresses */
+ krb5_flags flags; /* flags */
+ krb5_keyblock *session; /* session key: includes enctype */
+ krb5_principal client; /* client name/realm */
+ krb5_transited transited; /* list of transited realms */
+ krb5_ticket_times times; /* auth, start, end, renew_till */
+ krb5_address **caddrs; /* array of ptrs to addresses */
krb5_authdata **authorization_data; /* auth data */
} krb5_enc_tkt_part;
typedef struct _krb5_ticket {
krb5_magic magic;
/* cleartext portion */
- krb5_principal server; /* server name/realm */
- krb5_enc_data enc_part; /* encryption type, kvno, encrypted
- encoding */
- krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if
- available */
+ krb5_principal server; /* server name/realm */
+ krb5_enc_data enc_part; /* encryption type, kvno, encrypted
+ encoding */
+ krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if
+ available */
} krb5_ticket;
/* the unencrypted version */
typedef struct _krb5_authenticator {
krb5_magic magic;
- krb5_principal client; /* client name/realm */
- krb5_checksum *checksum; /* checksum, includes type, optional */
- krb5_int32 cusec; /* client usec portion */
- krb5_timestamp ctime; /* client sec portion */
- krb5_keyblock *subkey; /* true session key, optional */
- krb5_ui_4 seq_number; /* sequence #, optional */
+ krb5_principal client; /* client name/realm */
+ krb5_checksum *checksum; /* checksum, includes type, optional */
+ krb5_int32 cusec; /* client usec portion */
+ krb5_timestamp ctime; /* client sec portion */
+ krb5_keyblock *subkey; /* true session key, optional */
+ krb5_ui_4 seq_number; /* sequence #, optional */
krb5_authdata **authorization_data; /* New add by Ari, auth data */
} krb5_authenticator;
krb5_flags ap_options;
} krb5_tkt_authent;
-/* credentials: Ticket, session key, etc. */
+/* credentials: Ticket, session key, etc. */
typedef struct _krb5_creds {
krb5_magic magic;
- krb5_principal client; /* client's principal identifier */
- krb5_principal server; /* server's principal identifier */
- krb5_keyblock keyblock; /* session encryption key info */
- krb5_ticket_times times; /* lifetime info */
- krb5_boolean is_skey; /* true if ticket is encrypted in
- another ticket's skey */
- krb5_flags ticket_flags; /* flags in ticket */
- krb5_address **addresses; /* addrs in ticket */
- krb5_data ticket; /* ticket string itself */
- krb5_data second_ticket; /* second ticket, if related to
- ticket (via DUPLICATE-SKEY or
- ENC-TKT-IN-SKEY) */
- krb5_authdata **authdata; /* authorization data */
+ krb5_principal client; /* client's principal identifier */
+ krb5_principal server; /* server's principal identifier */
+ krb5_keyblock keyblock; /* session encryption key info */
+ krb5_ticket_times times; /* lifetime info */
+ krb5_boolean is_skey; /* true if ticket is encrypted in
+ another ticket's skey */
+ krb5_flags ticket_flags; /* flags in ticket */
+ krb5_address **addresses; /* addrs in ticket */
+ krb5_data ticket; /* ticket string itself */
+ krb5_data second_ticket; /* second ticket, if related to
+ ticket (via DUPLICATE-SKEY or
+ ENC-TKT-IN-SKEY) */
+ krb5_authdata **authdata; /* authorization data */
} krb5_creds;
/* Last request fields */
typedef struct _krb5_kdc_req {
krb5_magic magic;
- krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */
- krb5_pa_data **padata; /* e.g. encoded AP_REQ */
+ krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */
+ krb5_pa_data **padata; /* e.g. encoded AP_REQ */
/* real body */
- krb5_flags kdc_options; /* requested options */
- krb5_principal client; /* includes realm; optional */
- krb5_principal server; /* includes realm (only used if no
- client) */
- krb5_timestamp from; /* requested starttime */
- krb5_timestamp till; /* requested endtime */
- krb5_timestamp rtime; /* (optional) requested renew_till */
- krb5_int32 nonce; /* nonce to match request/response */
- int nktypes; /* # of ktypes, must be positive */
- krb5_enctype *ktype; /* requested enctype(s) */
- krb5_address **addresses; /* requested addresses, optional */
- krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */
+ krb5_flags kdc_options; /* requested options */
+ krb5_principal client; /* includes realm; optional */
+ krb5_principal server; /* includes realm (only used if no
+ client) */
+ krb5_timestamp from; /* requested starttime */
+ krb5_timestamp till; /* requested endtime */
+ krb5_timestamp rtime; /* (optional) requested renew_till */
+ krb5_int32 nonce; /* nonce to match request/response */
+ int nktypes; /* # of ktypes, must be positive */
+ krb5_enctype *ktype; /* requested enctype(s) */
+ krb5_address **addresses; /* requested addresses, optional */
+ krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */
krb5_authdata **unenc_authdata; /* unencrypted auth data,
- if available */
+ if available */
krb5_ticket **second_ticket;/* second ticket array; OPTIONAL */
/* the following field is added in March 2009; it is a hack so
* that FAST state can be carried to pre-authentication plugins.
typedef struct _krb5_enc_kdc_rep_part {
krb5_magic magic;
/* encrypted part: */
- krb5_msgtype msg_type; /* krb5 message type */
- krb5_keyblock *session; /* session key */
+ krb5_msgtype msg_type; /* krb5 message type */
+ krb5_keyblock *session; /* session key */
krb5_last_req_entry **last_req; /* array of ptrs to entries */
- krb5_int32 nonce; /* nonce from request */
- krb5_timestamp key_exp; /* expiration date */
- krb5_flags flags; /* ticket flags */
- krb5_ticket_times times; /* lifetime info */
- krb5_principal server; /* server's principal identifier */
- krb5_address **caddrs; /* array of ptrs to addresses,
- optional */
- krb5_pa_data **enc_padata; /* Windows 2000 compat */
+ krb5_int32 nonce; /* nonce from request */
+ krb5_timestamp key_exp; /* expiration date */
+ krb5_flags flags; /* ticket flags */
+ krb5_ticket_times times; /* lifetime info */
+ krb5_principal server; /* server's principal identifier */
+ krb5_address **caddrs; /* array of ptrs to addresses,
+ optional */
+ krb5_pa_data **enc_padata; /* Windows 2000 compat */
} krb5_enc_kdc_rep_part;
typedef struct _krb5_kdc_rep {
krb5_magic magic;
/* cleartext part: */
- krb5_msgtype msg_type; /* AS_REP or KDC_REP? */
- krb5_pa_data **padata; /* preauthentication data from KDC */
- krb5_principal client; /* client's principal identifier */
- krb5_ticket *ticket; /* ticket */
- krb5_enc_data enc_part; /* encryption type, kvno, encrypted
- encoding */
+ krb5_msgtype msg_type; /* AS_REP or KDC_REP? */
+ krb5_pa_data **padata; /* preauthentication data from KDC */
+ krb5_principal client; /* client's principal identifier */
+ krb5_ticket *ticket; /* ticket */
+ krb5_enc_data enc_part; /* encryption type, kvno, encrypted
+ encoding */
krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */
} krb5_kdc_rep;
typedef struct _krb5_error {
krb5_magic magic;
/* some of these may be meaningless in certain contexts */
- krb5_timestamp ctime; /* client sec portion; optional */
- krb5_int32 cusec; /* client usec portion; optional */
- krb5_int32 susec; /* server usec portion */
- krb5_timestamp stime; /* server sec portion */
- krb5_ui_4 error; /* error code (protocol error #'s) */
- krb5_principal client; /* client's principal identifier;
- optional */
- krb5_principal server; /* server's principal identifier */
- krb5_data text; /* descriptive text */
- krb5_data e_data; /* additional error-describing data */
+ krb5_timestamp ctime; /* client sec portion; optional */
+ krb5_int32 cusec; /* client usec portion; optional */
+ krb5_int32 susec; /* server usec portion */
+ krb5_timestamp stime; /* server sec portion */
+ krb5_ui_4 error; /* error code (protocol error #'s) */
+ krb5_principal client; /* client's principal identifier;
+ optional */
+ krb5_principal server; /* server's principal identifier */
+ krb5_data text; /* descriptive text */
+ krb5_data e_data; /* additional error-describing data */
} krb5_error;
typedef struct _krb5_ap_req {
krb5_magic magic;
- krb5_flags ap_options; /* requested options */
- krb5_ticket *ticket; /* ticket */
- krb5_enc_data authenticator; /* authenticator (already encrypted) */
+ krb5_flags ap_options; /* requested options */
+ krb5_ticket *ticket; /* ticket */
+ krb5_enc_data authenticator; /* authenticator (already encrypted) */
} krb5_ap_req;
typedef struct _krb5_ap_rep {
typedef struct _krb5_ap_rep_enc_part {
krb5_magic magic;
- krb5_timestamp ctime; /* client time, seconds portion */
- krb5_int32 cusec; /* client time, microseconds portion */
- krb5_keyblock *subkey; /* true session key, optional */
- krb5_ui_4 seq_number; /* sequence #, optional */
+ krb5_timestamp ctime; /* client time, seconds portion */
+ krb5_int32 cusec; /* client time, microseconds portion */
+ krb5_keyblock *subkey; /* true session key, optional */
+ krb5_ui_4 seq_number; /* sequence #, optional */
} krb5_ap_rep_enc_part;
typedef struct _krb5_response {
krb5_magic magic;
krb5_octet message_type;
krb5_data response;
- krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */
+ krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */
krb5_timestamp request_time; /* When we made the request */
} krb5_response;
typedef struct _krb5_cred_info {
krb5_magic magic;
- krb5_keyblock *session; /* session key used to encrypt */
- /* ticket */
- krb5_principal client; /* client name/realm, optional */
- krb5_principal server; /* server name/realm, optional */
- krb5_flags flags; /* ticket flags, optional */
- krb5_ticket_times times; /* auth, start, end, renew_till, */
- /* optional */
- krb5_address **caddrs; /* array of ptrs to addresses */
+ krb5_keyblock *session; /* session key used to encrypt */
+ /* ticket */
+ krb5_principal client; /* client name/realm, optional */
+ krb5_principal server; /* server name/realm, optional */
+ krb5_flags flags; /* ticket flags, optional */
+ krb5_ticket_times times; /* auth, start, end, renew_till, */
+ /* optional */
+ krb5_address **caddrs; /* array of ptrs to addresses */
} krb5_cred_info;
typedef struct _krb5_cred_enc_part {
krb5_magic magic;
- krb5_int32 nonce; /* nonce, optional */
- krb5_timestamp timestamp; /* client time */
- krb5_int32 usec; /* microsecond portion of time */
- krb5_address *s_address; /* sender address, optional */
- krb5_address *r_address; /* recipient address, optional */
+ krb5_int32 nonce; /* nonce, optional */
+ krb5_timestamp timestamp; /* client time */
+ krb5_int32 usec; /* microsecond portion of time */
+ krb5_address *s_address; /* sender address, optional */
+ krb5_address *r_address; /* recipient address, optional */
krb5_cred_info **ticket_info;
} krb5_cred_enc_part;
typedef struct _krb5_cred {
krb5_magic magic;
- krb5_ticket **tickets; /* tickets */
- krb5_enc_data enc_part; /* encrypted part */
- krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/
+ krb5_ticket **tickets; /* tickets */
+ krb5_enc_data enc_part; /* encrypted part */
+ krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/
} krb5_cred;
/* Sandia password generation structures */
* begin "safepriv.h"
*/
-#define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001
-#define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002
-#define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004
-#define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008
-#define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010
-#define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020
+#define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001
+#define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002
+#define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004
+#define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008
+#define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010
+#define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020
typedef struct krb5_replay_data {
- krb5_timestamp timestamp;
- krb5_int32 usec;
- krb5_ui_4 seq;
+ krb5_timestamp timestamp;
+ krb5_int32 usec;
+ krb5_ui_4 seq;
} krb5_replay_data;
/* flags for krb5_auth_con_genaddrs() */
-#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001
-#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002
-#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004
-#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008
+#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001
+#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002
+#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004
+#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008
/* type of function used as a callback to generate checksum data for
* mk_req */
typedef krb5_error_code
(KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *,
- krb5_data **);
+ krb5_data **);
/*
* end "safepriv.h"
* begin "ccache.h"
*/
-typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */
+typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */
struct _krb5_ccache;
typedef struct _krb5_ccache *krb5_ccache;
typedef struct _krb5_cccol_cursor *krb5_cccol_cursor;
/* for retrieve_cred */
-#define KRB5_TC_MATCH_TIMES 0x00000001
-#define KRB5_TC_MATCH_IS_SKEY 0x00000002
-#define KRB5_TC_MATCH_FLAGS 0x00000004
-#define KRB5_TC_MATCH_TIMES_EXACT 0x00000008
-#define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010
-#define KRB5_TC_MATCH_AUTHDATA 0x00000020
-#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040
-#define KRB5_TC_MATCH_2ND_TKT 0x00000080
-#define KRB5_TC_MATCH_KTYPE 0x00000100
-#define KRB5_TC_SUPPORTED_KTYPES 0x00000200
+#define KRB5_TC_MATCH_TIMES 0x00000001
+#define KRB5_TC_MATCH_IS_SKEY 0x00000002
+#define KRB5_TC_MATCH_FLAGS 0x00000004
+#define KRB5_TC_MATCH_TIMES_EXACT 0x00000008
+#define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010
+#define KRB5_TC_MATCH_AUTHDATA 0x00000020
+#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040
+#define KRB5_TC_MATCH_2ND_TKT 0x00000080
+#define KRB5_TC_MATCH_KTYPE 0x00000100
+#define KRB5_TC_SUPPORTED_KTYPES 0x00000200
/* for set_flags and other functions */
-#define KRB5_TC_OPENCLOSE 0x00000001
+#define KRB5_TC_OPENCLOSE 0x00000001
#define KRB5_TC_NOTICKET 0x00000002
const char * KRB5_CALLCONV
-krb5_cc_get_name (krb5_context context, krb5_ccache cache);
+krb5_cc_get_name(krb5_context context, krb5_ccache cache);
krb5_error_code KRB5_CALLCONV
krb5_cc_gen_new (krb5_context context, krb5_ccache *cache);
krb5_error_code KRB5_CALLCONV
krb5_cc_initialize(krb5_context context, krb5_ccache cache,
- krb5_principal principal);
+ krb5_principal principal);
krb5_error_code KRB5_CALLCONV
-krb5_cc_destroy (krb5_context context, krb5_ccache cache);
+krb5_cc_destroy(krb5_context context, krb5_ccache cache);
krb5_error_code KRB5_CALLCONV
-krb5_cc_close (krb5_context context, krb5_ccache cache);
+krb5_cc_close(krb5_context context, krb5_ccache cache);
krb5_error_code KRB5_CALLCONV
-krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
- krb5_creds *creds);
+krb5_cc_store_cred(krb5_context context, krb5_ccache cache, krb5_creds *creds);
krb5_error_code KRB5_CALLCONV
-krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache,
- krb5_flags flags, krb5_creds *mcreds,
- krb5_creds *creds);
+krb5_cc_retrieve_cred(krb5_context context, krb5_ccache cache,
+ krb5_flags flags, krb5_creds *mcreds,
+ krb5_creds *creds);
krb5_error_code KRB5_CALLCONV
-krb5_cc_get_principal (krb5_context context, krb5_ccache cache,
- krb5_principal *principal);
+krb5_cc_get_principal(krb5_context context, krb5_ccache cache,
+ krb5_principal *principal);
krb5_error_code KRB5_CALLCONV
-krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache,
- krb5_cc_cursor *cursor);
+krb5_cc_start_seq_get(krb5_context context, krb5_ccache cache,
+ krb5_cc_cursor *cursor);
krb5_error_code KRB5_CALLCONV
-krb5_cc_next_cred (krb5_context context, krb5_ccache cache,
- krb5_cc_cursor *cursor, krb5_creds *creds);
+krb5_cc_next_cred(krb5_context context, krb5_ccache cache,
+ krb5_cc_cursor *cursor, krb5_creds *creds);
krb5_error_code KRB5_CALLCONV
-krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache,
- krb5_cc_cursor *cursor);
+krb5_cc_end_seq_get(krb5_context context, krb5_ccache cache,
+ krb5_cc_cursor *cursor);
krb5_error_code KRB5_CALLCONV
-krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags,
- krb5_creds *creds);
+krb5_cc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
+ krb5_creds *creds);
krb5_error_code KRB5_CALLCONV
-krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags);
+krb5_cc_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags);
krb5_error_code KRB5_CALLCONV
-krb5_cc_get_flags (krb5_context context, krb5_ccache cache, krb5_flags *flags);
+krb5_cc_get_flags(krb5_context context, krb5_ccache cache, krb5_flags *flags);
const char * KRB5_CALLCONV
-krb5_cc_get_type (krb5_context context, krb5_ccache cache);
+krb5_cc_get_type(krb5_context context, krb5_ccache cache);
krb5_error_code KRB5_CALLCONV
-krb5_cc_move (krb5_context context, krb5_ccache src, krb5_ccache dst);
+krb5_cc_move(krb5_context context, krb5_ccache src, krb5_ccache dst);
krb5_error_code KRB5_CALLCONV
-krb5_cc_last_change_time (
- krb5_context context,
- krb5_ccache ccache,
- krb5_timestamp *change_time);
+krb5_cc_last_change_time(krb5_context context, krb5_ccache ccache,
+ krb5_timestamp *change_time);
krb5_error_code KRB5_CALLCONV
-krb5_cc_lock (krb5_context context, krb5_ccache ccache);
+krb5_cc_lock(krb5_context context, krb5_ccache ccache);
krb5_error_code KRB5_CALLCONV
-krb5_cc_unlock (krb5_context context, krb5_ccache ccache);
-
+krb5_cc_unlock(krb5_context context, krb5_ccache ccache);
krb5_error_code KRB5_CALLCONV
krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor);
krb5_error_code KRB5_CALLCONV
-krb5_cccol_cursor_next(
- krb5_context context,
- krb5_cccol_cursor cursor,
- krb5_ccache *ccache);
+krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
+ krb5_ccache *ccache);
krb5_error_code KRB5_CALLCONV
krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor);
krb5_cccol_unlock(krb5_context context);
krb5_error_code KRB5_CALLCONV
-krb5_cc_new_unique(
- krb5_context context,
- const char *type,
- const char *hint,
- krb5_ccache *id);
+krb5_cc_new_unique(krb5_context context, const char *type, const char *hint,
+ krb5_ccache *id);
/*
* end "ccache.h"
/* XXX */
#define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */
-typedef krb5_pointer krb5_kt_cursor; /* XXX */
+typedef krb5_pointer krb5_kt_cursor; /* XXX */
typedef struct krb5_keytab_entry_st {
krb5_magic magic;
- krb5_principal principal; /* principal of this key */
- krb5_timestamp timestamp; /* time entry written to keytable */
- krb5_kvno vno; /* key version number */
- krb5_keyblock key; /* the secret key */
+ krb5_principal principal; /* principal of this key */
+ krb5_timestamp timestamp; /* time entry written to keytable */
+ krb5_kvno vno; /* key version number */
+ krb5_keyblock key; /* the secret key */
} krb5_keytab_entry;
struct _krb5_kt;
typedef struct _krb5_kt *krb5_keytab;
const char * KRB5_CALLCONV
-krb5_kt_get_type (krb5_context, krb5_keytab keytab);
+krb5_kt_get_type(krb5_context, krb5_keytab keytab);
+
krb5_error_code KRB5_CALLCONV
krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name,
- unsigned int namelen);
+ unsigned int namelen);
+
krb5_error_code KRB5_CALLCONV
krb5_kt_close(krb5_context context, krb5_keytab keytab);
+
krb5_error_code KRB5_CALLCONV
krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
- krb5_const_principal principal, krb5_kvno vno,
- krb5_enctype enctype, krb5_keytab_entry *entry);
+ krb5_const_principal principal, krb5_kvno vno,
+ krb5_enctype enctype, krb5_keytab_entry *entry);
+
krb5_error_code KRB5_CALLCONV
krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
- krb5_kt_cursor *cursor);
+ krb5_kt_cursor *cursor);
+
krb5_error_code KRB5_CALLCONV
krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
- krb5_keytab_entry *entry, krb5_kt_cursor *cursor);
+ krb5_keytab_entry *entry, krb5_kt_cursor *cursor);
+
krb5_error_code KRB5_CALLCONV
krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
- krb5_kt_cursor *cursor);
+ krb5_kt_cursor *cursor);
/*
* end "keytab.h"
* begin "func-proto.h"
*/
-krb5_error_code KRB5_CALLCONV krb5_init_context
- (krb5_context *);
-krb5_error_code KRB5_CALLCONV krb5_init_secure_context
- (krb5_context *);
-void KRB5_CALLCONV krb5_free_context
- (krb5_context);
-krb5_error_code KRB5_CALLCONV krb5_copy_context
- (krb5_context, krb5_context *);
+krb5_error_code KRB5_CALLCONV krb5_init_context(krb5_context *);
+krb5_error_code KRB5_CALLCONV krb5_init_secure_context(krb5_context *);
+void KRB5_CALLCONV krb5_free_context(krb5_context);
+krb5_error_code KRB5_CALLCONV krb5_copy_context(krb5_context, krb5_context *);
krb5_error_code KRB5_CALLCONV
-krb5_set_default_tgs_enctypes
- (krb5_context,
- const krb5_enctype *);
+krb5_set_default_tgs_enctypes(krb5_context, const krb5_enctype *);
-krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes
- (krb5_context, krb5_enctype **);
+krb5_error_code KRB5_CALLCONV
+krb5_get_permitted_enctypes(krb5_context, krb5_enctype **);
krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void);
/* libkrb.spec */
krb5_error_code KRB5_CALLCONV
-krb5_server_decrypt_ticket_keytab
- (krb5_context context,
- const krb5_keytab kt,
- krb5_ticket *ticket);
-
-void KRB5_CALLCONV krb5_free_tgt_creds
- (krb5_context,
- krb5_creds **); /* XXX too hard to do with const */
-
-#define KRB5_GC_USER_USER 1 /* want user-user ticket */
-#define KRB5_GC_CACHED 2 /* want cached ticket only */
-#define KRB5_GC_CANONICALIZE 4 /* set canonicalize KDC option */
-#define KRB5_GC_NO_STORE 8 /* do not store in credentials cache */
-#define KRB5_GC_FORWARDABLE 16 /* acquire forwardable tickets */
-#define KRB5_GC_NO_TRANSIT_CHECK 32 /* disable transited check */
-#define KRB5_GC_CONSTRAINED_DELEGATION 64 /* constrained delegation */
-
-krb5_error_code KRB5_CALLCONV krb5_get_credentials
- (krb5_context,
- krb5_flags,
- krb5_ccache,
- krb5_creds *,
- krb5_creds **);
-krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate
- (krb5_context,
- krb5_flags,
- krb5_ccache,
- krb5_creds *,
- krb5_creds **);
-krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew
- (krb5_context,
- krb5_flags,
- krb5_ccache,
- krb5_creds *,
- krb5_creds **);
-krb5_error_code KRB5_CALLCONV krb5_mk_req
- (krb5_context,
- krb5_auth_context *,
- krb5_flags,
- char *,
- char *,
- krb5_data *,
- krb5_ccache,
- krb5_data * );
-krb5_error_code KRB5_CALLCONV krb5_mk_req_extended
- (krb5_context,
- krb5_auth_context *,
- krb5_flags,
- krb5_data *,
- krb5_creds *,
- krb5_data * );
-krb5_error_code KRB5_CALLCONV krb5_mk_rep
- (krb5_context,
- krb5_auth_context,
- krb5_data *);
-krb5_error_code KRB5_CALLCONV krb5_mk_rep_dce
- (krb5_context,
- krb5_auth_context,
- krb5_data *);
-krb5_error_code KRB5_CALLCONV krb5_rd_rep
- (krb5_context,
- krb5_auth_context,
- const krb5_data *,
- krb5_ap_rep_enc_part **);
-krb5_error_code KRB5_CALLCONV krb5_rd_rep_dce
- (krb5_context,
- krb5_auth_context,
- const krb5_data *,
- krb5_ui_4 *);
-krb5_error_code KRB5_CALLCONV krb5_mk_error
- (krb5_context,
- const krb5_error *,
- krb5_data * );
-krb5_error_code KRB5_CALLCONV krb5_rd_error
- (krb5_context,
- const krb5_data *,
- krb5_error ** );
-krb5_error_code KRB5_CALLCONV krb5_rd_safe
- (krb5_context,
- krb5_auth_context,
- const krb5_data *,
- krb5_data *,
- krb5_replay_data *);
-krb5_error_code KRB5_CALLCONV krb5_rd_priv
- (krb5_context,
- krb5_auth_context,
- const krb5_data *,
- krb5_data *,
- krb5_replay_data *);
-krb5_error_code KRB5_CALLCONV krb5_parse_name
- (krb5_context,
- const char *,
- krb5_principal * );
-#define KRB5_PRINCIPAL_PARSE_NO_REALM 0x1
-#define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM 0x2
-#define KRB5_PRINCIPAL_PARSE_ENTERPRISE 0x4
-krb5_error_code KRB5_CALLCONV krb5_parse_name_flags
- (krb5_context,
- const char *,
- int,
- krb5_principal * );
-krb5_error_code KRB5_CALLCONV krb5_unparse_name
- (krb5_context,
- krb5_const_principal,
- char ** );
-krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext
- (krb5_context,
- krb5_const_principal,
- char **,
- unsigned int *);
-#define KRB5_PRINCIPAL_UNPARSE_SHORT 0x1
-#define KRB5_PRINCIPAL_UNPARSE_NO_REALM 0x2
-#define KRB5_PRINCIPAL_UNPARSE_DISPLAY 0x4
-krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags
- (krb5_context,
- krb5_const_principal,
- int,
- char **);
-krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags_ext
- (krb5_context,
- krb5_const_principal,
- int,
- char **,
- unsigned int *);
-
-krb5_error_code KRB5_CALLCONV krb5_set_principal_realm
- (krb5_context, krb5_principal, const char *);
-
-krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search
- (krb5_context,
- const krb5_address *,
- krb5_address * const *);
-krb5_boolean KRB5_CALLCONV krb5_address_compare
- (krb5_context,
- const krb5_address *,
- const krb5_address *);
-int KRB5_CALLCONV krb5_address_order
- (krb5_context,
- const krb5_address *,
- const krb5_address *);
-krb5_boolean KRB5_CALLCONV krb5_realm_compare
- (krb5_context,
- krb5_const_principal,
- krb5_const_principal);
-krb5_boolean KRB5_CALLCONV krb5_principal_compare
- (krb5_context,
- krb5_const_principal,
- krb5_const_principal);
-krb5_boolean KRB5_CALLCONV krb5_principal_compare_any_realm
- (krb5_context,
- krb5_const_principal,
- krb5_const_principal);
-#define KRB5_PRINCIPAL_COMPARE_IGNORE_REALM 1
-#define KRB5_PRINCIPAL_COMPARE_ENTERPRISE 2 /* compare UPNs as real principals */
-#define KRB5_PRINCIPAL_COMPARE_CASEFOLD 4 /* case-insensitive comparison */
-#define KRB5_PRINCIPAL_COMPARE_UTF8 8 /* treat principals as UTF-8 */
-
-krb5_boolean KRB5_CALLCONV krb5_principal_compare_flags
- (krb5_context,
- krb5_const_principal,
- krb5_const_principal,
- int);
-krb5_error_code KRB5_CALLCONV krb5_init_keyblock
- (krb5_context, krb5_enctype enctype,
- size_t length, krb5_keyblock **out);
- /* Initialize a new keyblock and allocate storage
- * for the contents of the key, which will be freed along
- * with the keyblock when krb5_free_keyblock is called.
- * It is legal to pass in a length of 0, in which
- * case contents are left unallocated.
- */
-krb5_error_code KRB5_CALLCONV krb5_copy_keyblock
- (krb5_context,
- const krb5_keyblock *,
- krb5_keyblock **);
-krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents
- (krb5_context,
- const krb5_keyblock *,
- krb5_keyblock *);
-krb5_error_code KRB5_CALLCONV krb5_copy_creds
- (krb5_context,
- const krb5_creds *,
- krb5_creds **);
-krb5_error_code KRB5_CALLCONV krb5_copy_data
- (krb5_context,
- const krb5_data *,
- krb5_data **);
-krb5_error_code KRB5_CALLCONV krb5_copy_principal
- (krb5_context,
- krb5_const_principal,
- krb5_principal *);
-krb5_error_code KRB5_CALLCONV krb5_copy_addresses
- (krb5_context,
- krb5_address * const *,
- krb5_address ***);
-krb5_error_code KRB5_CALLCONV krb5_copy_ticket
- (krb5_context,
- const krb5_ticket *,
- krb5_ticket **);
-krb5_error_code KRB5_CALLCONV krb5_copy_authdata
- (krb5_context,
- krb5_authdata * const *,
- krb5_authdata ***);
-krb5_error_code KRB5_CALLCONV krb5_merge_authdata
- (krb5_context,
- krb5_authdata * const *,
- krb5_authdata *const *,
- krb5_authdata ***);
+krb5_server_decrypt_ticket_keytab(krb5_context context, const krb5_keytab kt,
+ krb5_ticket *ticket);
+
+void KRB5_CALLCONV krb5_free_tgt_creds(krb5_context, krb5_creds **);
+
+#define KRB5_GC_USER_USER 1 /* want user-user ticket */
+#define KRB5_GC_CACHED 2 /* want cached ticket only */
+#define KRB5_GC_CANONICALIZE 4 /* set canonicalize KDC option */
+#define KRB5_GC_NO_STORE 8 /* do not store in credentials cache */
+#define KRB5_GC_FORWARDABLE 16 /* acquire forwardable tickets */
+#define KRB5_GC_NO_TRANSIT_CHECK 32 /* disable transited check */
+#define KRB5_GC_CONSTRAINED_DELEGATION 64 /* constrained delegation */
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials(krb5_context, krb5_flags, krb5_ccache, krb5_creds *,
+ krb5_creds **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials_validate(krb5_context, krb5_flags, krb5_ccache,
+ krb5_creds *, krb5_creds **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials_renew(krb5_context, krb5_flags, krb5_ccache, krb5_creds *,
+ krb5_creds **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_req(krb5_context, krb5_auth_context *, krb5_flags, char *, char *,
+ krb5_data *, krb5_ccache, krb5_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_req_extended(krb5_context, krb5_auth_context *, krb5_flags,
+ krb5_data *, krb5_creds *, krb5_data * );
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_rep(krb5_context, krb5_auth_context, krb5_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_rep_dce(krb5_context, krb5_auth_context, krb5_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_rep(krb5_context, krb5_auth_context, const krb5_data *,
+ krb5_ap_rep_enc_part **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_rep_dce(krb5_context, krb5_auth_context, const krb5_data *,
+ krb5_ui_4 *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_error(krb5_context, const krb5_error *, krb5_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_error(krb5_context, const krb5_data *, krb5_error **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_safe(krb5_context, krb5_auth_context, const krb5_data *, krb5_data *,
+ krb5_replay_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_priv(krb5_context, krb5_auth_context, const krb5_data *, krb5_data *,
+ krb5_replay_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_parse_name(krb5_context, const char *, krb5_principal *);
+
+#define KRB5_PRINCIPAL_PARSE_NO_REALM 0x1
+#define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM 0x2
+#define KRB5_PRINCIPAL_PARSE_ENTERPRISE 0x4
+krb5_error_code KRB5_CALLCONV
+krb5_parse_name_flags(krb5_context, const char *, int, krb5_principal *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name(krb5_context, krb5_const_principal, char **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name_ext(krb5_context, krb5_const_principal, char **,
+ unsigned int *);
+
+#define KRB5_PRINCIPAL_UNPARSE_SHORT 0x1
+#define KRB5_PRINCIPAL_UNPARSE_NO_REALM 0x2
+#define KRB5_PRINCIPAL_UNPARSE_DISPLAY 0x4
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name_flags(krb5_context, krb5_const_principal, int, char **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name_flags_ext(krb5_context, krb5_const_principal, int,
+ char **, unsigned int *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_principal_realm(krb5_context, krb5_principal, const char *);
+
+krb5_boolean KRB5_CALLCONV_WRONG
+krb5_address_search(krb5_context, const krb5_address *, krb5_address *const *);
+
+krb5_boolean KRB5_CALLCONV
+krb5_address_compare(krb5_context, const krb5_address *, const krb5_address *);
+
+int KRB5_CALLCONV
+krb5_address_order(krb5_context, const krb5_address *, const krb5_address *);
+
+krb5_boolean KRB5_CALLCONV
+krb5_realm_compare(krb5_context, krb5_const_principal, krb5_const_principal);
+
+krb5_boolean KRB5_CALLCONV
+krb5_principal_compare(krb5_context, krb5_const_principal,
+ krb5_const_principal);
+
+krb5_boolean KRB5_CALLCONV
+krb5_principal_compare_any_realm(krb5_context, krb5_const_principal,
+ krb5_const_principal);
+
+#define KRB5_PRINCIPAL_COMPARE_IGNORE_REALM 1
+#define KRB5_PRINCIPAL_COMPARE_ENTERPRISE 2 /* UPNs as real principals */
+#define KRB5_PRINCIPAL_COMPARE_CASEFOLD 4 /* case-insensitive */
+#define KRB5_PRINCIPAL_COMPARE_UTF8 8 /* treat principals as UTF-8 */
+
+krb5_boolean KRB5_CALLCONV
+krb5_principal_compare_flags(krb5_context, krb5_const_principal,
+ krb5_const_principal, int);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_keyblock(krb5_context, krb5_enctype enctype, size_t length,
+ krb5_keyblock **out);
+
+/* Initialize a new keyblock and allocate storage
+ * for the contents of the key, which will be freed along
+ * with the keyblock when krb5_free_keyblock is called.
+ * It is legal to pass in a length of 0, in which
+ * case contents are left unallocated.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_keyblock(krb5_context, const krb5_keyblock *, krb5_keyblock **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_keyblock_contents(krb5_context, const krb5_keyblock *,
+ krb5_keyblock *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_creds(krb5_context, const krb5_creds *, krb5_creds **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_data(krb5_context, const krb5_data *, krb5_data **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_principal(krb5_context, krb5_const_principal, krb5_principal *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_addresses(krb5_context, krb5_address * const *, krb5_address ***);
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_ticket(krb5_context, const krb5_ticket *, krb5_ticket **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_authdata(krb5_context, krb5_authdata * const *, krb5_authdata ***);
+
/* Merge two authdata arrays, such as the array from a ticket
- * and authenticator */
-
-krb5_error_code KRB5_CALLCONV krb5_copy_authenticator
- (krb5_context,
- const krb5_authenticator *,
- krb5_authenticator **);
-krb5_error_code KRB5_CALLCONV krb5_copy_checksum
- (krb5_context,
- const krb5_checksum *,
- krb5_checksum **);
-krb5_error_code KRB5_CALLCONV krb5_get_server_rcache
- (krb5_context,
- const krb5_data *, krb5_rcache *);
-krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext
- (krb5_context, krb5_principal *, unsigned int, const char *, ...);
-krb5_error_code KRB5_CALLCONV_C krb5_build_principal
- (krb5_context, krb5_principal *, unsigned int, const char *, ...)
+ * and authenticator. */
+krb5_error_code KRB5_CALLCONV
+krb5_merge_authdata(krb5_context, krb5_authdata * const *,
+ krb5_authdata *const *, krb5_authdata ***);
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_authenticator(krb5_context, const krb5_authenticator *,
+ krb5_authenticator **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_checksum(krb5_context, const krb5_checksum *, krb5_checksum **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_server_rcache(krb5_context, const krb5_data *, krb5_rcache *);
+
+krb5_error_code KRB5_CALLCONV_C
+krb5_build_principal_ext(krb5_context, krb5_principal *, unsigned int,
+ const char *, ...);
+
+krb5_error_code KRB5_CALLCONV_C
+krb5_build_principal(krb5_context, krb5_principal *, unsigned int,
+ const char *, ...)
#if __GNUC__ >= 4
__attribute__ ((sentinel))
#endif
;
#if KRB5_DEPRECATED
-KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_build_principal_va
- (krb5_context,
- krb5_principal, unsigned int, const char *, va_list);
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_build_principal_va(krb5_context, krb5_principal, unsigned int,
+ const char *, va_list);
#endif
/* Version of krb5_build_principal_va which allocates krb5_principal_data */
-krb5_error_code KRB5_CALLCONV krb5_build_principal_alloc_va
- (krb5_context, krb5_principal *, unsigned int, const char *, va_list);
+krb5_error_code KRB5_CALLCONV
+krb5_build_principal_alloc_va(krb5_context, krb5_principal *, unsigned int,
+ const char *, va_list);
-krb5_error_code KRB5_CALLCONV krb5_425_conv_principal
- (krb5_context,
- const char *name,
- const char *instance, const char *realm,
- krb5_principal *princ);
+krb5_error_code KRB5_CALLCONV
+krb5_425_conv_principal(krb5_context, const char *name, const char *instance,
+ const char *realm, krb5_principal *princ);
-krb5_error_code KRB5_CALLCONV krb5_524_conv_principal
- (krb5_context context, krb5_const_principal princ,
- char *name, char *inst, char *realm);
+krb5_error_code KRB5_CALLCONV
+krb5_524_conv_principal(krb5_context context, krb5_const_principal princ,
+ char *name, char *inst, char *realm);
struct credentials;
-int KRB5_CALLCONV krb5_524_convert_creds
- (krb5_context context, krb5_creds *v5creds,
- struct credentials *v4creds);
+int KRB5_CALLCONV
+krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
+ struct credentials *v4creds);
#if KRB5_DEPRECATED
#define krb524_convert_creds_kdc krb5_524_convert_creds
#define krb524_init_ets(x) (0)
#endif
/* libkt.spec */
-krb5_error_code KRB5_CALLCONV krb5_kt_resolve
- (krb5_context,
- const char *,
- krb5_keytab * );
-krb5_error_code KRB5_CALLCONV krb5_kt_default_name
- (krb5_context,
- char *,
- int );
-krb5_error_code KRB5_CALLCONV krb5_kt_default
- (krb5_context,
- krb5_keytab * );
-krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents
- (krb5_context,
- krb5_keytab_entry * );
+krb5_error_code KRB5_CALLCONV
+krb5_kt_resolve(krb5_context, const char *, krb5_keytab *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_default_name(krb5_context, char *, int);
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_default(krb5_context, krb5_keytab * );
+
+krb5_error_code KRB5_CALLCONV
+krb5_free_keytab_entry_contents(krb5_context, krb5_keytab_entry *);
+
/* remove and add are functions, so that they can return NOWRITE
if not a writable keytab */
-krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry
- (krb5_context,
- krb5_keytab,
- krb5_keytab_entry * );
-krb5_error_code KRB5_CALLCONV krb5_kt_add_entry
- (krb5_context,
- krb5_keytab,
- krb5_keytab_entry * );
-krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt
- (krb5_context,
- krb5_const_principal, krb5_data *);
+krb5_error_code KRB5_CALLCONV
+krb5_kt_remove_entry(krb5_context, krb5_keytab, krb5_keytab_entry *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_add_entry(krb5_context, krb5_keytab, krb5_keytab_entry *);
+
+krb5_error_code KRB5_CALLCONV_WRONG
+krb5_principal2salt(krb5_context, krb5_const_principal, krb5_data *);
/* librc.spec--see rcache.h */
/* libcc.spec */
-krb5_error_code KRB5_CALLCONV krb5_cc_resolve
- (krb5_context,
- const char *,
- krb5_ccache * );
-const char * KRB5_CALLCONV krb5_cc_default_name
- (krb5_context);
-krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name
- (krb5_context, const char *);
-krb5_error_code KRB5_CALLCONV krb5_cc_default
- (krb5_context,
- krb5_ccache *);
-
-krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds
- (krb5_context context,
- krb5_ccache incc,
- krb5_ccache outcc);
+krb5_error_code KRB5_CALLCONV
+krb5_cc_resolve(krb5_context, const char *, krb5_ccache *);
+
+const char *KRB5_CALLCONV
+krb5_cc_default_name(krb5_context);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_default_name(krb5_context, const char *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_default(krb5_context, krb5_ccache *);
+krb5_error_code KRB5_CALLCONV
+krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc);
/* krb5_free.c */
-void KRB5_CALLCONV krb5_free_principal
- (krb5_context, krb5_principal );
-void KRB5_CALLCONV krb5_free_authenticator
- (krb5_context, krb5_authenticator * );
-void KRB5_CALLCONV krb5_free_addresses
- (krb5_context, krb5_address ** );
-void KRB5_CALLCONV krb5_free_authdata
- (krb5_context, krb5_authdata ** );
-void KRB5_CALLCONV krb5_free_ticket
- (krb5_context, krb5_ticket * );
-void KRB5_CALLCONV krb5_free_error
- (krb5_context, krb5_error * );
-void KRB5_CALLCONV krb5_free_creds
- (krb5_context, krb5_creds *);
-void KRB5_CALLCONV krb5_free_cred_contents
- (krb5_context, krb5_creds *);
-void KRB5_CALLCONV krb5_free_checksum
- (krb5_context, krb5_checksum *);
-void KRB5_CALLCONV krb5_free_checksum_contents
- (krb5_context, krb5_checksum *);
-void KRB5_CALLCONV krb5_free_keyblock
- (krb5_context, krb5_keyblock *);
-void KRB5_CALLCONV krb5_free_keyblock_contents
- (krb5_context, krb5_keyblock *);
-void KRB5_CALLCONV krb5_free_ap_rep_enc_part
- (krb5_context, krb5_ap_rep_enc_part *);
-void KRB5_CALLCONV krb5_free_data
- (krb5_context, krb5_data *);
-void KRB5_CALLCONV krb5_free_data_contents
- (krb5_context, krb5_data *);
-void KRB5_CALLCONV krb5_free_unparsed_name
- (krb5_context, char *);
-void KRB5_CALLCONV krb5_free_cksumtypes
- (krb5_context, krb5_cksumtype *);
+void KRB5_CALLCONV krb5_free_principal(krb5_context, krb5_principal );
+void KRB5_CALLCONV krb5_free_authenticator(krb5_context,
+ krb5_authenticator * );
+void KRB5_CALLCONV krb5_free_addresses(krb5_context, krb5_address ** );
+void KRB5_CALLCONV krb5_free_authdata(krb5_context, krb5_authdata ** );
+void KRB5_CALLCONV krb5_free_ticket(krb5_context, krb5_ticket * );
+void KRB5_CALLCONV krb5_free_error(krb5_context, krb5_error * );
+void KRB5_CALLCONV krb5_free_creds(krb5_context, krb5_creds *);
+void KRB5_CALLCONV krb5_free_cred_contents(krb5_context, krb5_creds *);
+void KRB5_CALLCONV krb5_free_checksum(krb5_context, krb5_checksum *);
+void KRB5_CALLCONV krb5_free_checksum_contents(krb5_context, krb5_checksum *);
+void KRB5_CALLCONV krb5_free_keyblock(krb5_context, krb5_keyblock *);
+void KRB5_CALLCONV krb5_free_keyblock_contents(krb5_context, krb5_keyblock *);
+void KRB5_CALLCONV krb5_free_ap_rep_enc_part(krb5_context,
+ krb5_ap_rep_enc_part *);
+void KRB5_CALLCONV krb5_free_data(krb5_context, krb5_data *);
+void KRB5_CALLCONV krb5_free_data_contents(krb5_context, krb5_data *);
+void KRB5_CALLCONV krb5_free_unparsed_name(krb5_context, char *);
+void KRB5_CALLCONV krb5_free_cksumtypes(krb5_context, krb5_cksumtype *);
/* From krb5/os but needed but by the outside world */
-krb5_error_code KRB5_CALLCONV krb5_us_timeofday
- (krb5_context,
- krb5_timestamp *,
- krb5_int32 * );
-krb5_error_code KRB5_CALLCONV krb5_timeofday
- (krb5_context,
- krb5_timestamp * );
- /* get all the addresses of this host */
-krb5_error_code KRB5_CALLCONV krb5_os_localaddr
- (krb5_context,
- krb5_address ***);
-krb5_error_code KRB5_CALLCONV krb5_get_default_realm
- (krb5_context,
- char ** );
-krb5_error_code KRB5_CALLCONV krb5_set_default_realm
- (krb5_context,
- const char * );
-void KRB5_CALLCONV krb5_free_default_realm
- (krb5_context,
- char * );
-krb5_error_code KRB5_CALLCONV krb5_sname_to_principal
- (krb5_context,
- const char *,
- const char *,
- krb5_int32,
- krb5_principal *);
-krb5_error_code KRB5_CALLCONV
-krb5_change_password
- (krb5_context context, krb5_creds *creds, char *newpw,
- int *result_code, krb5_data *result_code_string,
- krb5_data *result_string);
-krb5_error_code KRB5_CALLCONV
-krb5_set_password
- (krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for,
- int *result_code, krb5_data *result_code_string, krb5_data *result_string);
-krb5_error_code KRB5_CALLCONV
-krb5_set_password_using_ccache
- (krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for,
- int *result_code, krb5_data *result_code_string, krb5_data *result_string);
-
-krb5_error_code KRB5_CALLCONV
-krb5_get_profile
- (krb5_context, struct _profile_t * /* profile_t */ *);
+krb5_error_code KRB5_CALLCONV
+krb5_us_timeofday(krb5_context, krb5_timestamp *, krb5_int32 *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_timeofday(krb5_context, krb5_timestamp *);
+
+/* get all the addresses of this host */
+krb5_error_code KRB5_CALLCONV
+krb5_os_localaddr(krb5_context, krb5_address ***);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_default_realm(krb5_context, char **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_default_realm(krb5_context, const char * );
+
+void KRB5_CALLCONV
+krb5_free_default_realm(krb5_context, char * );
+
+krb5_error_code KRB5_CALLCONV
+krb5_sname_to_principal(krb5_context, const char *, const char *, krb5_int32,
+ krb5_principal *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw,
+ int *result_code, krb5_data *result_code_string,
+ krb5_data *result_string);
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_password(krb5_context context, krb5_creds *creds, char *newpw,
+ krb5_principal change_password_for, int *result_code,
+ krb5_data *result_code_string, krb5_data *result_string);
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache,
+ char *newpw, krb5_principal change_password_for,
+ int *result_code, krb5_data *result_code_string,
+ krb5_data *result_string);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_profile(krb5_context, struct _profile_t * /* profile_t */ *);
#if KRB5_DEPRECATED
-KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt
- (krb5_context,
- krb5_flags,
- krb5_address * const *,
- krb5_enctype *,
- krb5_preauthtype *,
- krb5_error_code ( * )(krb5_context,
- krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **),
- krb5_const_pointer,
- krb5_error_code ( * )(krb5_context,
- const krb5_keyblock *,
- krb5_const_pointer,
- krb5_kdc_rep * ),
- krb5_const_pointer,
- krb5_creds *,
- krb5_ccache,
- krb5_kdc_rep ** );
-
-KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password
- (krb5_context,
- krb5_flags,
- krb5_address * const *,
- krb5_enctype *,
- krb5_preauthtype *,
- const char *,
- krb5_ccache,
- krb5_creds *,
- krb5_kdc_rep ** );
-
-KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey
- (krb5_context,
- krb5_flags,
- krb5_address * const *,
- krb5_enctype *,
- krb5_preauthtype *,
- const krb5_keyblock *,
- krb5_ccache,
- krb5_creds *,
- krb5_kdc_rep ** );
-
-KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab
- (krb5_context,
- krb5_flags,
- krb5_address * const *,
- krb5_enctype *,
- krb5_preauthtype *,
- krb5_keytab,
- krb5_ccache,
- krb5_creds *,
- krb5_kdc_rep ** );
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt(krb5_context, krb5_flags, krb5_address *const *,
+ krb5_enctype *, krb5_preauthtype *,
+ krb5_error_code (*)(krb5_context, krb5_enctype, krb5_data *,
+ krb5_const_pointer, krb5_keyblock **),
+ krb5_const_pointer,
+ krb5_error_code (*)(krb5_context, const krb5_keyblock *,
+ krb5_const_pointer, krb5_kdc_rep * ),
+ krb5_const_pointer, krb5_creds *, krb5_ccache,
+ krb5_kdc_rep **);
+
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_password(krb5_context, krb5_flags, krb5_address *const *,
+ krb5_enctype *, krb5_preauthtype *, const char *,
+ krb5_ccache, krb5_creds *, krb5_kdc_rep **);
+
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_skey(krb5_context, krb5_flags, krb5_address *const *,
+ krb5_enctype *, krb5_preauthtype *,
+ const krb5_keyblock *, krb5_ccache, krb5_creds *,
+ krb5_kdc_rep **);
+
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_keytab(krb5_context, krb5_flags, krb5_address *const *,
+ krb5_enctype *, krb5_preauthtype *, krb5_keytab,
+ krb5_ccache, krb5_creds *, krb5_kdc_rep ** );
#endif /* KRB5_DEPRECATED */
-krb5_error_code KRB5_CALLCONV krb5_rd_req
- (krb5_context,
- krb5_auth_context *,
- const krb5_data *,
- krb5_const_principal,
- krb5_keytab,
- krb5_flags *,
- krb5_ticket **);
-
-krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key
- (krb5_context,
- krb5_pointer,
- krb5_principal,
- krb5_kvno,
- krb5_enctype,
- krb5_keyblock **);
-krb5_error_code KRB5_CALLCONV krb5_mk_safe
- (krb5_context,
- krb5_auth_context,
- const krb5_data *,
- krb5_data *,
- krb5_replay_data *);
-krb5_error_code KRB5_CALLCONV krb5_mk_priv
- (krb5_context,
- krb5_auth_context,
- const krb5_data *,
- krb5_data *,
- krb5_replay_data *);
-
-krb5_error_code KRB5_CALLCONV krb5_sendauth
- (krb5_context,
- krb5_auth_context *,
- krb5_pointer,
- char *,
- krb5_principal,
- krb5_principal,
- krb5_flags,
- krb5_data *,
- krb5_creds *,
- krb5_ccache,
- krb5_error **,
- krb5_ap_rep_enc_part **,
- krb5_creds **);
-
-krb5_error_code KRB5_CALLCONV krb5_recvauth
- (krb5_context,
- krb5_auth_context *,
- krb5_pointer,
- char *,
- krb5_principal,
- krb5_int32,
- krb5_keytab,
- krb5_ticket **);
-krb5_error_code KRB5_CALLCONV krb5_recvauth_version
- (krb5_context,
- krb5_auth_context *,
- krb5_pointer,
- krb5_principal,
- krb5_int32,
- krb5_keytab,
- krb5_ticket **,
- krb5_data *);
-
-krb5_error_code KRB5_CALLCONV krb5_mk_ncred
- (krb5_context,
- krb5_auth_context,
- krb5_creds **,
- krb5_data **,
- krb5_replay_data *);
-
-krb5_error_code KRB5_CALLCONV krb5_mk_1cred
- (krb5_context,
- krb5_auth_context,
- krb5_creds *,
- krb5_data **,
- krb5_replay_data *);
-
-krb5_error_code KRB5_CALLCONV krb5_rd_cred
- (krb5_context,
- krb5_auth_context,
- krb5_data *,
- krb5_creds ***,
- krb5_replay_data *);
-
-krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds
- (krb5_context,
- krb5_auth_context,
- char *,
- krb5_principal,
- krb5_principal,
- krb5_ccache,
- int forwardable,
- krb5_data *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_init
- (krb5_context,
- krb5_auth_context *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_free
- (krb5_context,
- krb5_auth_context);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags
- (krb5_context,
- krb5_auth_context,
- krb5_int32);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags
- (krb5_context,
- krb5_auth_context,
- krb5_int32 *);
-
-krb5_error_code KRB5_CALLCONV
-krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context,
- krb5_mk_req_checksum_func, void *);
-
-krb5_error_code KRB5_CALLCONV
-krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context,
- krb5_mk_req_checksum_func *, void **);
-
-krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs
- (krb5_context,
- krb5_auth_context,
- krb5_address *,
- krb5_address *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs
- (krb5_context,
- krb5_auth_context,
- krb5_address **,
- krb5_address **);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setports
- (krb5_context,
- krb5_auth_context,
- krb5_address *,
- krb5_address *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey
- (krb5_context,
- krb5_auth_context,
- krb5_keyblock *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey
- (krb5_context,
- krb5_auth_context,
- krb5_keyblock **);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey(
- krb5_context, krb5_auth_context, krb5_keyblock **);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey(
- krb5_context, krb5_auth_context, krb5_keyblock **);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey(
- krb5_context, krb5_auth_context, krb5_keyblock *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey(
- krb5_context, krb5_auth_context, krb5_keyblock *);
+krb5_error_code KRB5_CALLCONV
+krb5_rd_req(krb5_context, krb5_auth_context *, const krb5_data *,
+ krb5_const_principal, krb5_keytab, krb5_flags *, krb5_ticket **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_read_service_key(krb5_context, krb5_pointer, krb5_principal, krb5_kvno,
+ krb5_enctype, krb5_keyblock **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_safe(krb5_context, krb5_auth_context, const krb5_data *, krb5_data *,
+ krb5_replay_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_priv(krb5_context, krb5_auth_context, const krb5_data *, krb5_data *,
+ krb5_replay_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_sendauth(krb5_context, krb5_auth_context *, krb5_pointer, char *,
+ krb5_principal, krb5_principal, krb5_flags, krb5_data *,
+ krb5_creds *, krb5_ccache, krb5_error **,
+ krb5_ap_rep_enc_part **, krb5_creds **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_recvauth(krb5_context, krb5_auth_context *, krb5_pointer, char *,
+ krb5_principal, krb5_int32, krb5_keytab, krb5_ticket **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_recvauth_version(krb5_context, krb5_auth_context *, krb5_pointer,
+ krb5_principal, krb5_int32, krb5_keytab, krb5_ticket **,
+ krb5_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_ncred(krb5_context, krb5_auth_context, krb5_creds **, krb5_data **,
+ krb5_replay_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_1cred(krb5_context, krb5_auth_context, krb5_creds *, krb5_data **,
+ krb5_replay_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_cred(krb5_context, krb5_auth_context, krb5_data *, krb5_creds ***,
+ krb5_replay_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_fwd_tgt_creds(krb5_context, krb5_auth_context, char *, krb5_principal,
+ krb5_principal, krb5_ccache, int forwardable, krb5_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_init(krb5_context, krb5_auth_context *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_free(krb5_context, krb5_auth_context);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setflags(krb5_context, krb5_auth_context, krb5_int32);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getflags(krb5_context, krb5_auth_context, krb5_int32 *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_set_checksum_func(krb5_context, krb5_auth_context,
+ krb5_mk_req_checksum_func, void *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_get_checksum_func(krb5_context, krb5_auth_context,
+ krb5_mk_req_checksum_func *, void **);
+
+krb5_error_code KRB5_CALLCONV_WRONG
+krb5_auth_con_setaddrs(krb5_context, krb5_auth_context, krb5_address *,
+ krb5_address *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getaddrs(krb5_context, krb5_auth_context, krb5_address **,
+ krb5_address **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setports(krb5_context, krb5_auth_context, krb5_address *,
+ krb5_address *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setuseruserkey(krb5_context, krb5_auth_context, krb5_keyblock *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getkey(krb5_context, krb5_auth_context, krb5_keyblock **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getsendsubkey(krb5_context, krb5_auth_context, krb5_keyblock **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getrecvsubkey(krb5_context, krb5_auth_context, krb5_keyblock **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setsendsubkey(krb5_context, krb5_auth_context, krb5_keyblock *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setrecvsubkey(krb5_context, krb5_auth_context, krb5_keyblock *);
#if KRB5_DEPRECATED
-KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey
- (krb5_context,
- krb5_auth_context,
- krb5_keyblock **);
-
-KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey
- (krb5_context,
- krb5_auth_context,
- krb5_keyblock **);
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getlocalsubkey(krb5_context, krb5_auth_context,
+ krb5_keyblock **);
+
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getremotesubkey(krb5_context, krb5_auth_context,
+ krb5_keyblock **);
#endif
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber
- (krb5_context,
- krb5_auth_context,
- krb5_int32 *);
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getlocalseqnumber(krb5_context, krb5_auth_context, krb5_int32 *);
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber
- (krb5_context,
- krb5_auth_context,
- krb5_int32 *);
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getremoteseqnumber(krb5_context, krb5_auth_context,
+ krb5_int32 *);
#if KRB5_DEPRECATED
-KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector
- (krb5_context,
- krb5_auth_context);
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_auth_con_initivector(krb5_context, krb5_auth_context);
#endif
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache
- (krb5_context,
- krb5_auth_context,
- krb5_rcache);
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setrcache(krb5_context, krb5_auth_context, krb5_rcache);
-krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache
- (krb5_context,
- krb5_auth_context,
- krb5_rcache *);
+krb5_error_code KRB5_CALLCONV_WRONG
+krb5_auth_con_getrcache(krb5_context, krb5_auth_context, krb5_rcache *);
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator
- (krb5_context,
- krb5_auth_context,
- krb5_authenticator **);
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getauthenticator(krb5_context, krb5_auth_context,
+ krb5_authenticator **);
#define KRB5_REALM_BRANCH_CHAR '.'
* begin stuff from libos.h
*/
-krb5_error_code KRB5_CALLCONV krb5_read_password
- (krb5_context,
- const char *,
- const char *,
- char *,
- unsigned int * );
-krb5_error_code KRB5_CALLCONV krb5_aname_to_localname
- (krb5_context,
- krb5_const_principal,
- int,
- char * );
-krb5_error_code KRB5_CALLCONV krb5_get_host_realm
- (krb5_context,
- const char *,
- char *** );
-krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm
- (krb5_context,
- krb5_data *,
- char *** );
-krb5_error_code KRB5_CALLCONV krb5_free_host_realm
- (krb5_context,
- char * const * );
-krb5_boolean KRB5_CALLCONV krb5_kuserok
- (krb5_context,
- krb5_principal, const char *);
-krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs
- (krb5_context,
- krb5_auth_context,
- int, int);
-krb5_error_code KRB5_CALLCONV krb5_set_real_time
- (krb5_context, krb5_timestamp, krb5_int32);
-
-krb5_error_code KRB5_CALLCONV krb5_get_time_offsets
- (krb5_context, krb5_timestamp *, krb5_int32 *);
+krb5_error_code KRB5_CALLCONV
+krb5_read_password(krb5_context, const char *, const char *, char *,
+ unsigned int * );
+
+krb5_error_code KRB5_CALLCONV
+krb5_aname_to_localname(krb5_context, krb5_const_principal, int, char *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_host_realm(krb5_context, const char *, char ***);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_fallback_host_realm(krb5_context, krb5_data *, char ***);
+
+krb5_error_code KRB5_CALLCONV
+krb5_free_host_realm(krb5_context, char * const * );
+
+krb5_boolean KRB5_CALLCONV
+krb5_kuserok(krb5_context, krb5_principal, const char *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_genaddrs(krb5_context, krb5_auth_context, int, int);
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_real_time(krb5_context, krb5_timestamp, krb5_int32);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_time_offsets(krb5_context, krb5_timestamp *, krb5_int32 *);
/* str_conv.c */
-krb5_error_code KRB5_CALLCONV krb5_string_to_enctype
- (char *, krb5_enctype *);
-krb5_error_code KRB5_CALLCONV krb5_string_to_salttype
- (char *, krb5_int32 *);
-krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype
- (char *, krb5_cksumtype *);
-krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp
- (char *, krb5_timestamp *);
-krb5_error_code KRB5_CALLCONV krb5_string_to_deltat
- (char *, krb5_deltat *);
-krb5_error_code KRB5_CALLCONV krb5_enctype_to_string
- (krb5_enctype, char *, size_t);
-krb5_error_code KRB5_CALLCONV krb5_salttype_to_string
- (krb5_int32, char *, size_t);
-krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string
- (krb5_cksumtype, char *, size_t);
-krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string
- (krb5_timestamp, char *, size_t);
-krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring
- (krb5_timestamp, char *, size_t, char *);
-krb5_error_code KRB5_CALLCONV krb5_deltat_to_string
- (krb5_deltat, char *, size_t);
+krb5_error_code KRB5_CALLCONV krb5_string_to_enctype(char *, krb5_enctype *);
+krb5_error_code KRB5_CALLCONV krb5_string_to_salttype(char *, krb5_int32 *);
+krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype(char *,
+ krb5_cksumtype *);
+krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp(char *,
+ krb5_timestamp *);
+krb5_error_code KRB5_CALLCONV krb5_string_to_deltat(char *, krb5_deltat *);
+krb5_error_code KRB5_CALLCONV krb5_enctype_to_string(krb5_enctype, char *,
+ size_t);
+krb5_error_code KRB5_CALLCONV krb5_salttype_to_string(krb5_int32, char *,
+ size_t);
+krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string(krb5_cksumtype, char *,
+ size_t);
+krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string(krb5_timestamp, char *,
+ size_t);
+krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring(krb5_timestamp,
+ char *, size_t,
+ char *);
+krb5_error_code KRB5_CALLCONV krb5_deltat_to_string(krb5_deltat, char *,
+ size_t);
/* The name of the Kerberos ticket granting service... and its size */
-#define KRB5_TGS_NAME "krbtgt"
-#define KRB5_TGS_NAME_SIZE 6
+#define KRB5_TGS_NAME "krbtgt"
+#define KRB5_TGS_NAME_SIZE 6
/* flags for recvauth */
-#define KRB5_RECVAUTH_SKIP_VERSION 0x0001
-#define KRB5_RECVAUTH_BADAUTHVERS 0x0002
+#define KRB5_RECVAUTH_SKIP_VERSION 0x0001
+#define KRB5_RECVAUTH_BADAUTHVERS 0x0002
/* initial ticket api functions */
typedef struct _krb5_prompt {
krb5_data *reply;
} krb5_prompt;
-typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context,
- void *data,
- const char *name,
- const char *banner,
- int num_prompts,
- krb5_prompt prompts[]);
-
+typedef krb5_error_code
+(KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context, void *data,
+ const char *name, const char *banner,
+ int num_prompts, krb5_prompt prompts[]);
krb5_error_code KRB5_CALLCONV
-krb5_prompter_posix (krb5_context context,
- void *data,
- const char *name,
- const char *banner,
- int num_prompts,
- krb5_prompt prompts[]);
+krb5_prompter_posix(krb5_context context, void *data, const char *name,
+ const char *banner, int num_prompts,
+ krb5_prompt prompts[]);
typedef struct _krb5_get_init_creds_opt {
krb5_flags flags;
krb5_data *salt;
} krb5_get_init_creds_opt;
-#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
-#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
-#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
-#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
-#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
-#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
-#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
-#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
-#define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100
-#define KRB5_GET_INIT_CREDS_OPT_CANONICALIZE 0x0200
+#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
+#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
+#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
+#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
+#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
+#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
+#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
+#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
+#define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100
+#define KRB5_GET_INIT_CREDS_OPT_CANONICALIZE 0x0200
krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds_opt_alloc
-(krb5_context context,
- krb5_get_init_creds_opt **opt);
+krb5_get_init_creds_opt_alloc(krb5_context context,
+ krb5_get_init_creds_opt **opt);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_free
-(krb5_context context,
- krb5_get_init_creds_opt *opt);
+krb5_get_init_creds_opt_free(krb5_context context,
+ krb5_get_init_creds_opt *opt);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_init
-(krb5_get_init_creds_opt *opt);
+krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_tkt_life
-(krb5_get_init_creds_opt *opt,
- krb5_deltat tkt_life);
+krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
+ krb5_deltat tkt_life);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_renew_life
-(krb5_get_init_creds_opt *opt,
- krb5_deltat renew_life);
+krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
+ krb5_deltat renew_life);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_forwardable
-(krb5_get_init_creds_opt *opt,
- int forwardable);
+krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
+ int forwardable);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_proxiable
-(krb5_get_init_creds_opt *opt,
- int proxiable);
+krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
+ int proxiable);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_canonicalize
-(krb5_get_init_creds_opt *opt,
- int canonicalize);
+krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opt,
+ int canonicalize);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_etype_list
-(krb5_get_init_creds_opt *opt,
- krb5_enctype *etype_list,
- int etype_list_length);
+krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
+ krb5_enctype *etype_list,
+ int etype_list_length);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_address_list
-(krb5_get_init_creds_opt *opt,
- krb5_address **addresses);
+krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
+ krb5_address **addresses);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_preauth_list
-(krb5_get_init_creds_opt *opt,
- krb5_preauthtype *preauth_list,
- int preauth_list_length);
+krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
+ krb5_preauthtype *preauth_list,
+ int preauth_list_length);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_salt
-(krb5_get_init_creds_opt *opt,
- krb5_data *salt);
+krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
+ krb5_data *salt);
void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_change_password_prompt
-(krb5_get_init_creds_opt *opt,
- int prompt);
+krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt
+ *opt, int prompt);
/* Generic preauth option attribute/value pairs */
typedef struct _krb5_gic_opt_pa_data {
* obtained using krb5_get_init_creds_opt_alloc()
*/
krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds_opt_set_pa
- (krb5_context context,
- krb5_get_init_creds_opt *opt,
- const char *attr,
- const char *value);
-
-krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_set_fast_ccache_name
-(krb5_context context, krb5_get_init_creds_opt *opt,
- const char * fast_ccache_name);
- /* This API sets a ccache name that will contain some TGT on
- calls to get_init_creds functions. If set, this ccache will
- be used for FAST (draft-ietf-krb-wg-preauth-framework) to
- protect the AS-REQ from observation and active attack. If
- the fast_ccache_name is set, then FAST may be required by the
- client library. In this version FAST is required.*/
-krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds_password
-(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- char *password,
- krb5_prompter_fct prompter,
- void *data,
- krb5_deltat start_time,
- char *in_tkt_service,
- krb5_get_init_creds_opt *k5_gic_options);
-
-krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds_keytab
-(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_keytab arg_keytab,
- krb5_deltat start_time,
- char *in_tkt_service,
- krb5_get_init_creds_opt *k5_gic_options);
+krb5_get_init_creds_opt_set_pa(krb5_context context,
+ krb5_get_init_creds_opt *opt, const char *attr,
+ const char *value);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ const char *fast_ccache_name);
+
+/* This API sets a ccache name that will contain some TGT on
+ calls to get_init_creds functions. If set, this ccache will
+ be used for FAST (draft-ietf-krb-wg-preauth-framework) to
+ protect the AS-REQ from observation and active attack. If
+ the fast_ccache_name is set, then FAST may be required by the
+ client library. In this version FAST is required.*/
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_password(krb5_context context, krb5_creds *creds,
+ krb5_principal client, char *password,
+ krb5_prompter_fct prompter, void *data,
+ krb5_deltat start_time, char *in_tkt_service,
+ krb5_get_init_creds_opt *k5_gic_options);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_keytab(krb5_context context, krb5_creds *creds,
+ krb5_principal client, krb5_keytab arg_keytab,
+ krb5_deltat start_time, char *in_tkt_service,
+ krb5_get_init_creds_opt *k5_gic_options);
typedef struct _krb5_verify_init_creds_opt {
krb5_flags flags;
int ap_req_nofail;
} krb5_verify_init_creds_opt;
-#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
+#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
void KRB5_CALLCONV
-krb5_verify_init_creds_opt_init
-(krb5_verify_init_creds_opt *k5_vic_options);
+krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *k5_vic_options);
+
void KRB5_CALLCONV
-krb5_verify_init_creds_opt_set_ap_req_nofail
-(krb5_verify_init_creds_opt *k5_vic_options,
- int ap_req_nofail);
+krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *
+ k5_vic_options,
+ int ap_req_nofail);
krb5_error_code KRB5_CALLCONV
-krb5_verify_init_creds
-(krb5_context context,
- krb5_creds *creds,
- krb5_principal ap_req_server,
- krb5_keytab ap_req_keytab,
- krb5_ccache *ccache,
- krb5_verify_init_creds_opt *k5_vic_options);
+krb5_verify_init_creds(krb5_context context, krb5_creds *creds,
+ krb5_principal ap_req_server, krb5_keytab ap_req_keytab,
+ krb5_ccache *ccache,
+ krb5_verify_init_creds_opt *k5_vic_options);
krb5_error_code KRB5_CALLCONV
-krb5_get_validated_creds
-(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_ccache ccache,
- char *in_tkt_service);
+krb5_get_validated_creds(krb5_context context, krb5_creds *creds,
+ krb5_principal client, krb5_ccache ccache,
+ char *in_tkt_service);
krb5_error_code KRB5_CALLCONV
-krb5_get_renewed_creds
-(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_ccache ccache,
- char *in_tkt_service);
+krb5_get_renewed_creds(krb5_context context, krb5_creds *creds,
+ krb5_principal client, krb5_ccache ccache,
+ char *in_tkt_service);
krb5_error_code KRB5_CALLCONV
-krb5_decode_ticket
-(const krb5_data *code,
- krb5_ticket **rep);
+krb5_decode_ticket(const krb5_data *code, krb5_ticket **rep);
void KRB5_CALLCONV
-krb5_appdefault_string
-(krb5_context context,
- const char *appname,
- const krb5_data *realm,
- const char *option,
- const char *default_value,
- char ** ret_value);
+krb5_appdefault_string(krb5_context context, const char *appname,
+ const krb5_data *realm, const char *option,
+ const char *default_value, char ** ret_value);
void KRB5_CALLCONV
-krb5_appdefault_boolean
-(krb5_context context,
- const char *appname,
- const krb5_data *realm,
- const char *option,
- int default_value,
- int *ret_value);
+krb5_appdefault_boolean(krb5_context context, const char *appname,
+ const krb5_data *realm, const char *option,
+ int default_value, int *ret_value);
/*
* Prompter enhancements
typedef krb5_int32 krb5_prompt_type;
-krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types
- (krb5_context context);
+krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types(krb5_context context);
/* Error reporting */
void KRB5_CALLCONV_C
-krb5_set_error_message (krb5_context, krb5_error_code, const char *, ...)
+krb5_set_error_message(krb5_context, krb5_error_code, const char *, ...)
#if !defined(__cplusplus) && (__GNUC__ > 2)
__attribute__((__format__(__printf__, 3, 4)))
#endif
;
void KRB5_CALLCONV
-krb5_vset_error_message (krb5_context, krb5_error_code, const char *, va_list)
+krb5_vset_error_message(krb5_context, krb5_error_code, const char *, va_list)
#if !defined(__cplusplus) && (__GNUC__ > 2)
__attribute__((__format__(__printf__, 3, 0)))
#endif
;
void KRB5_CALLCONV
-krb5_copy_error_message (krb5_context, krb5_context);
+krb5_copy_error_message(krb5_context, krb5_context);
/*
* The behavior of krb5_get_error_message is only defined the first
* krb5_free_error_message.
*/
const char * KRB5_CALLCONV
-krb5_get_error_message (krb5_context, krb5_error_code);
+krb5_get_error_message(krb5_context, krb5_error_code);
void KRB5_CALLCONV
-krb5_free_error_message (krb5_context, const char *);
+krb5_free_error_message(krb5_context, const char *);
void KRB5_CALLCONV
-krb5_clear_error_message (krb5_context);
+krb5_clear_error_message(krb5_context);
krb5_error_code KRB5_CALLCONV
krb5_decode_authdata_container(krb5_context context,
- krb5_authdatatype type,
- const krb5_authdata *container,
- krb5_authdata ***authdata);
+ krb5_authdatatype type,
+ const krb5_authdata *container,
+ krb5_authdata ***authdata);
+
krb5_error_code KRB5_CALLCONV
krb5_encode_authdata_container(krb5_context context,
- krb5_authdatatype type,
- krb5_authdata * const*authdata,
- krb5_authdata ***container);
+ krb5_authdatatype type,
+ krb5_authdata * const*authdata,
+ krb5_authdata ***container);
/*
* AD-KDCIssued
*/
krb5_error_code KRB5_CALLCONV
krb5_make_authdata_kdc_issued(krb5_context context,
- const krb5_keyblock *key,
- krb5_const_principal issuer,
- krb5_authdata *const *authdata,
- krb5_authdata ***ad_kdcissued);
+ const krb5_keyblock *key,
+ krb5_const_principal issuer,
+ krb5_authdata *const *authdata,
+ krb5_authdata ***ad_kdcissued);
+
krb5_error_code KRB5_CALLCONV
krb5_verify_authdata_kdc_issued(krb5_context context,
- const krb5_keyblock *key,
- const krb5_authdata *ad_kdcissued,
- krb5_principal *issuer,
- krb5_authdata ***authdata);
+ const krb5_keyblock *key,
+ const krb5_authdata *ad_kdcissued,
+ krb5_principal *issuer,
+ krb5_authdata ***authdata);
/*
* Windows PAC
typedef struct krb5_pac_data *krb5_pac;
krb5_error_code KRB5_CALLCONV
-krb5_pac_add_buffer
-(krb5_context context,
- krb5_pac pac,
- krb5_ui_4 type,
- const krb5_data *data);
+krb5_pac_add_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type,
+ const krb5_data *data);
void KRB5_CALLCONV
-krb5_pac_free
-(krb5_context context,
- krb5_pac pac);
+krb5_pac_free(krb5_context context, krb5_pac pac);
krb5_error_code KRB5_CALLCONV
-krb5_pac_get_buffer
-(krb5_context context,
- krb5_pac pac,
- krb5_ui_4 type,
- krb5_data *data);
+krb5_pac_get_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type,
+ krb5_data *data);
krb5_error_code KRB5_CALLCONV
-krb5_pac_get_types
-(krb5_context context,
- krb5_pac pac,
- size_t *len,
- krb5_ui_4 **types);
+krb5_pac_get_types(krb5_context context, krb5_pac pac, size_t *len,
+ krb5_ui_4 **types);
krb5_error_code KRB5_CALLCONV
-krb5_pac_init
-(krb5_context context,
- krb5_pac *pac);
+krb5_pac_init(krb5_context context, krb5_pac *pac);
krb5_error_code KRB5_CALLCONV
-krb5_pac_parse
-(krb5_context context,
- const void *ptr,
- size_t len,
- krb5_pac *pac);
+krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
+ krb5_pac *pac);
krb5_error_code KRB5_CALLCONV
-krb5_pac_verify
-(krb5_context context,
- const krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server,
- const krb5_keyblock *privsvr);
+krb5_pac_verify(krb5_context context, const krb5_pac pac,
+ krb5_timestamp authtime, krb5_const_principal principal,
+ const krb5_keyblock *server, const krb5_keyblock *privsvr);
#if TARGET_OS_MAC
# pragma pack(pop)
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* <krb5/locate_plugin.h>
*
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
};
typedef struct krb5plugin_service_locate_ftable {
- int minor_version; /* currently 0 */
+ int minor_version; /* currently 0 */
/* Per-context setup and teardown. Returned void* blob is
private to the plugin. */
krb5_error_code (*init)(krb5_context, void **);
lookup function should only return an error if it detects a
problem, not if the callback function tells it to quit. */
krb5_error_code (*lookup)(void *,
- enum locate_service_type svc, const char *realm,
- int socktype, int family,
- int (*cbfunc)(void *,int,struct sockaddr *),
- void *cbdata);
+ enum locate_service_type svc, const char *realm,
+ int socktype, int family,
+ int (*cbfunc)(void *,int,struct sockaddr *),
+ void *cbdata);
} krb5plugin_service_locate_ftable;
/* extern krb5plugin_service_locate_ftable service_locator; */
#endif
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* <krb5/preauth_plugin.h>
*
/* Provides a real answer which we can send back to the KDC (client-only). The
* client assumes that one real answer will be enough. */
-#define PA_REAL 0x00000001
+#define PA_REAL 0x00000001
/* Doesn't provide a real answer, but must be given a chance to run before any
* REAL mechanism callbacks (client-only). */
-#define PA_INFO 0x00000002
+#define PA_INFO 0x00000002
/* Causes the KDC to include this mechanism in a list of supported preauth
* types if the user's DB entry flags the user as requiring hardware-based
* preauthentication (server-only). */
-#define PA_HARDWARE 0x00000004
+#define PA_HARDWARE 0x00000004
/* Causes the KDC to include this mechanism in a list of supported preauth
* types if the user's DB entry flags the user as requiring preauthentication,
* and to fail preauthentication if we can't verify the client data. The
* flipside of PA_SUFFICIENT (server-only). */
-#define PA_REQUIRED 0x00000008
+#define PA_REQUIRED 0x00000008
/* Causes the KDC to include this mechanism in a list of supported preauth
* types if the user's DB entry flags the user as requiring preauthentication,
* and to mark preauthentication as successful if we can verify the client
* data. The flipside of PA_REQUIRED (server-only). */
-#define PA_SUFFICIENT 0x00000010
+#define PA_SUFFICIENT 0x00000010
/* Marks this preauthentication mechanism as one which changes the key which is
* used for encrypting the response to the client. Modules which have this
* flag have their server_return_proc called before modules which do not, and
* are passed over if a previously-called module has modified the encrypting
* key (server-only). */
-#define PA_REPLACES_KEY 0x00000020
+#define PA_REPLACES_KEY 0x00000020
/* Causes the KDC to check with this preauthentication module even if the
* client has no entry in the realm database. If the module returns a success
* code, continue processing and assume that its return_padata callback will
* supply us with a key for encrypting the AS reply (server-only). */
-/* #define PA_VIRTUAL (0x00000040 | PA_REPLACES_KEY) */
+/* #define PA_VIRTUAL (0x00000040 | PA_REPLACES_KEY) */
/* Not really a padata type, so don't include it in any list of preauth types
* which gets sent over the wire. */
-#define PA_PSEUDO 0x00000080
+#define PA_PSEUDO 0x00000080
/***************************************************************************
*/
typedef krb5_error_code
(*preauth_get_as_key_proc)(krb5_context,
- krb5_principal,
- krb5_enctype,
- krb5_prompter_fct,
- void *prompter_data,
- krb5_data *salt,
- krb5_data *s2kparams,
- krb5_keyblock *as_key,
- void *gak_data);
+ krb5_principal,
+ krb5_enctype,
+ krb5_prompter_fct,
+ void *prompter_data,
+ krb5_data *salt,
+ krb5_data *s2kparams,
+ krb5_keyblock *as_key,
+ void *gak_data);
/*
* A client module's callback functions are allowed to request various
* acceptable to set data to NULL and free the keyblock using
* krb5_free_keyblock; in that case, this frees the krb5_data
* only.*/
-krb5plugin_preauth_client_free_fast_armor = 4,
+ krb5plugin_preauth_client_free_fast_armor = 4,
};
typedef krb5_error_code
(*preauth_get_client_data_proc)(krb5_context,
- struct _krb5_preauth_client_rock *,
- krb5_int32 request_type,
- krb5_data **);
+ struct _krb5_preauth_client_rock *,
+ krb5_int32 request_type,
+ krb5_data **);
/* Per-plugin initialization/cleanup. The init function is called
* by libkrb5 when the plugin is loaded, and the fini function is
* the krb5_context */
typedef krb5_error_code
(*preauth_client_plugin_init_proc)(krb5_context context,
- void **plugin_context);
+ void **plugin_context);
typedef void
(*preauth_client_plugin_fini_proc)(krb5_context context,
- void *plugin_context);
+ void *plugin_context);
/* A callback which returns flags indicating if the module is a "real" or
* an "info" mechanism, and so on. This function is called for each entry
* in the client_pa_type_list. */
typedef int
(*preauth_client_get_flags_proc)(krb5_context context,
- krb5_preauthtype pa_type);
+ krb5_preauthtype pa_type);
/* Per-request initialization/cleanup. The request_init function is
* called when beginning to process a get_init_creds request and the
* the lifetime of a krb5_context. */
typedef void
(*preauth_client_request_init_proc)(krb5_context context,
- void *plugin_context,
- void **request_context);
+ void *plugin_context,
+ void **request_context);
typedef void
(*preauth_client_request_fini_proc)(krb5_context context,
- void *plugin_context,
- void *request_context);
+ void *plugin_context,
+ void *request_context);
/* Client function which processes server-supplied data in pa_data,
* returns created data in out_pa_data, storing any of its own state in
* obtained from a previous call to this function. */
typedef krb5_error_code
(*preauth_client_process_proc)(krb5_context context,
- void *plugin_context,
- void *request_context,
- krb5_get_init_creds_opt *opt,
- preauth_get_client_data_proc get_data_proc,
- struct _krb5_preauth_client_rock *rock,
- krb5_kdc_req *request,
- krb5_data *encoded_request_body,
- krb5_data *encoded_previous_request,
- krb5_pa_data *pa_data,
- krb5_prompter_fct prompter,
- void *prompter_data,
- preauth_get_as_key_proc gak_fct,
- void *gak_data,
- krb5_data *salt,
- krb5_data *s2kparams,
- krb5_keyblock *as_key,
- krb5_pa_data ***out_pa_data);
+ void *plugin_context,
+ void *request_context,
+ krb5_get_init_creds_opt *opt,
+ preauth_get_client_data_proc get_data_proc,
+ struct _krb5_preauth_client_rock *rock,
+ krb5_kdc_req *request,
+ krb5_data *encoded_request_body,
+ krb5_data *encoded_previous_request,
+ krb5_pa_data *pa_data,
+ krb5_prompter_fct prompter,
+ void *prompter_data,
+ preauth_get_as_key_proc gak_fct,
+ void *gak_data,
+ krb5_data *salt,
+ krb5_data *s2kparams,
+ krb5_keyblock *as_key,
+ krb5_pa_data ***out_pa_data);
/* Client function which can attempt to use e-data in the error response to
* try to recover from the given error. If this function is not NULL, and
* of in_pa_data, then the client library will retransmit the request. */
typedef krb5_error_code
(*preauth_client_tryagain_proc)(krb5_context context,
- void *plugin_context,
- void *request_context,
- krb5_get_init_creds_opt *opt,
- preauth_get_client_data_proc get_data_proc,
- struct _krb5_preauth_client_rock *rock,
- krb5_kdc_req *request,
- krb5_data *encoded_request_body,
- krb5_data *encoded_previous_request,
- krb5_pa_data *in_pa_data,
- krb5_error *error,
- krb5_prompter_fct prompter,
- void *prompter_data,
- preauth_get_as_key_proc gak_fct,
- void *gak_data,
- krb5_data *salt,
- krb5_data *s2kparams,
- krb5_keyblock *as_key,
- krb5_pa_data ***out_pa_data);
+ void *plugin_context,
+ void *request_context,
+ krb5_get_init_creds_opt *opt,
+ preauth_get_client_data_proc get_data_proc,
+ struct _krb5_preauth_client_rock *rock,
+ krb5_kdc_req *request,
+ krb5_data *encoded_request_body,
+ krb5_data *encoded_previous_request,
+ krb5_pa_data *in_pa_data,
+ krb5_error *error,
+ krb5_prompter_fct prompter,
+ void *prompter_data,
+ preauth_get_as_key_proc gak_fct,
+ void *gak_data,
+ krb5_data *salt,
+ krb5_data *s2kparams,
+ krb5_keyblock *as_key,
+ krb5_pa_data ***out_pa_data);
/*
* Client function which receives krb5_get_init_creds_opt information.
*/
typedef krb5_error_code
(*preauth_client_supply_gic_opts_proc)(krb5_context context,
- void *plugin_context,
- krb5_get_init_creds_opt *opt,
- const char *attr,
- const char *value);
+ void *plugin_context,
+ krb5_get_init_creds_opt *opt,
+ const char *attr,
+ const char *value);
/*
* The function table / structure which a preauth client module must export as
and free the keyblock using krb5_free_keyblock; in that case,
this function simply frees the data*/
krb5plugin_preauth_free_fast_armor = 6,
- };
+};
typedef krb5_error_code
(*preauth_get_entry_data_proc)(krb5_context,
- krb5_kdc_req *,
- struct _krb5_db_entry_new *,
- krb5_int32 request_type,
- krb5_data **);
+ krb5_kdc_req *,
+ struct _krb5_db_entry_new *,
+ krb5_int32 request_type,
+ krb5_data **);
/* Preauth plugin initialization function */
typedef krb5_error_code
(*preauth_server_init_proc)(krb5_context context,
- void **plugin_context,
- const char** realmnames);
+ void **plugin_context,
+ const char** realmnames);
/* Preauth plugin cleanup function */
typedef void
* case a context might otherwise hang around forever. */
typedef krb5_error_code
(*preauth_server_edata_proc)(krb5_context,
- krb5_kdc_req *request,
- struct _krb5_db_entry_new *client,
- struct _krb5_db_entry_new *server,
- preauth_get_entry_data_proc,
- void *pa_module_context,
- krb5_pa_data *data);
+ krb5_kdc_req *request,
+ struct _krb5_db_entry_new *client,
+ struct _krb5_db_entry_new *server,
+ preauth_get_entry_data_proc,
+ void *pa_module_context,
+ krb5_pa_data *data);
/* Verify preauthentication data sent by the client, setting the
* TKT_FLG_PRE_AUTH or TKT_FLG_HW_AUTH flag in the enc_tkt_reply's "flags"
* context data for consumption by the return_proc or freepa_proc below. */
typedef krb5_error_code
(*preauth_server_verify_proc)(krb5_context context,
- struct _krb5_db_entry_new *client,
- krb5_data *req_pkt,
- krb5_kdc_req *request,
- krb5_enc_tkt_part *enc_tkt_reply,
- krb5_pa_data *data,
- preauth_get_entry_data_proc,
- void *pa_module_context,
- void **pa_request_context,
- krb5_data **e_data,
- krb5_authdata ***authz_data);
+ struct _krb5_db_entry_new *client,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_enc_tkt_part *enc_tkt_reply,
+ krb5_pa_data *data,
+ preauth_get_entry_data_proc,
+ void *pa_module_context,
+ void **pa_request_context,
+ krb5_data **e_data,
+ krb5_authdata ***authz_data);
/* Generate preauthentication response data to send to the client as part
* of the AS-REP. If it needs to override the key which is used to encrypt
* context data it saved in "pa_request_context". */
typedef krb5_error_code
(*preauth_server_return_proc)(krb5_context context,
- krb5_pa_data * padata,
- struct _krb5_db_entry_new *client,
- krb5_data *req_pkt,
- krb5_kdc_req *request,
- krb5_kdc_rep *reply,
- struct _krb5_key_data *client_keys,
- krb5_keyblock *encrypting_key,
- krb5_pa_data **send_pa,
- preauth_get_entry_data_proc,
- void *pa_module_context,
- void **pa_request_context);
+ krb5_pa_data * padata,
+ struct _krb5_db_entry_new *client,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_kdc_rep *reply,
+ struct _krb5_key_data *client_keys,
+ krb5_keyblock *encrypting_key,
+ krb5_pa_data **send_pa,
+ preauth_get_entry_data_proc,
+ void *pa_module_context,
+ void **pa_request_context);
/* Free up the server-side per-request context, in cases where
* server_return_proc() didn't or for whatever reason was not called.
* Can be NULL. */
typedef krb5_error_code
(*preauth_server_free_reqcontext_proc)(krb5_context,
- void *pa_module_context,
- void **request_pa_context);
+ void *pa_module_context,
+ void **request_pa_context);
/*
* The function table / structure which a preauth server module must export as
* obtained using krb5_get_init_creds_opt_alloc()
*/
krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds_opt_get_pa
- (krb5_context context,
- krb5_get_init_creds_opt *opt,
- int *num_preauth_data,
- krb5_gic_opt_pa_data **preauth_data);
+krb5_get_init_creds_opt_get_pa(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ int *num_preauth_data,
+ krb5_gic_opt_pa_data **preauth_data);
/*
* This function frees the preauth_data that was returned by
* krb5_get_init_creds_opt_get_pa().
*/
void KRB5_CALLCONV
-krb5_get_init_creds_opt_free_pa
- (krb5_context context,
- int num_preauth_data,
- krb5_gic_opt_pa_data *preauth_data);
+krb5_get_init_creds_opt_free_pa(krb5_context context,
+ int num_preauth_data,
+ krb5_gic_opt_pa_data *preauth_data);
#endif /* KRB5_PREAUTH_PLUGIN_H_INCLUDED */
-/* -*- c -*-
- * include/krb5/stock/osconf.h
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/krb5/stock/osconf.h
*
* Copyright 1990,1991,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
#define KRB5_OSCONF__
#if !defined(_WIN32)
- /* Don't try to pull in autoconf.h for Windows, since it's not used */
+/* Don't try to pull in autoconf.h for Windows, since it's not used */
#ifndef KRB5_AUTOCONF__
#define KRB5_AUTOCONF__
#include "autoconf.h"
#if defined(_WIN32)
#define DEFAULT_PROFILE_FILENAME "krb5.ini"
-#define DEFAULT_LNAME_FILENAME "/aname"
-#define DEFAULT_KEYTAB_NAME "FILE:%s\\krb5kt"
+#define DEFAULT_LNAME_FILENAME "/aname"
+#define DEFAULT_KEYTAB_NAME "FILE:%s\\krb5kt"
#else /* !_WINDOWS */
#if TARGET_OS_MAC
#define DEFAULT_SECURE_PROFILE_PATH "/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:@SYSCONFDIR/krb5.conf"
#define KDB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosDatabasePlugins"
#define KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosAuthDataPlugins"
#else
-#define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf:@SYSCONFDIR/krb5.conf"
+#define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf:@SYSCONFDIR/krb5.conf"
#define DEFAULT_PROFILE_PATH DEFAULT_SECURE_PROFILE_PATH
#endif
-#define DEFAULT_KEYTAB_NAME "FILE:/etc/krb5.keytab"
-#define DEFAULT_LNAME_FILENAME "@PREFIX/lib/krb5.aname"
+#define DEFAULT_KEYTAB_NAME "FILE:/etc/krb5.keytab"
+#define DEFAULT_LNAME_FILENAME "@PREFIX/lib/krb5.aname"
#endif /* _WINDOWS */
#define DEFAULT_KDB_FILE "@LOCALSTATEDIR/krb5kdc/principal"
-#define DEFAULT_KEYFILE_STUB "@LOCALSTATEDIR/krb5kdc/.k5."
-#define KRB5_DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/krb5_adm.acl"
+#define DEFAULT_KEYFILE_STUB "@LOCALSTATEDIR/krb5kdc/.k5."
+#define KRB5_DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/krb5_adm.acl"
/* Used by old admin server */
-#define DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/kadm_old.acl"
+#define DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/kadm_old.acl"
/* Location of KDC profile */
-#define DEFAULT_KDC_PROFILE "@LOCALSTATEDIR/krb5kdc/kdc.conf"
-#define KDC_PROFILE_ENV "KRB5_KDC_PROFILE"
+#define DEFAULT_KDC_PROFILE "@LOCALSTATEDIR/krb5kdc/kdc.conf"
+#define KDC_PROFILE_ENV "KRB5_KDC_PROFILE"
#if TARGET_OS_MAC
-#define DEFAULT_KDB_LIB_PATH { KDB5_PLUGIN_BUNDLE_DIR, "@MODULEDIR/kdb", NULL }
+#define DEFAULT_KDB_LIB_PATH { KDB5_PLUGIN_BUNDLE_DIR, "@MODULEDIR/kdb", NULL }
#else
-#define DEFAULT_KDB_LIB_PATH { "@MODULEDIR/kdb", NULL }
+#define DEFAULT_KDB_LIB_PATH { "@MODULEDIR/kdb", NULL }
#endif
-#define DEFAULT_KDC_ENCTYPE ENCTYPE_DES3_CBC_SHA1
-#define KDCRCACHE "dfl:krb5kdc_rcache"
+#define DEFAULT_KDC_ENCTYPE ENCTYPE_DES3_CBC_SHA1
+#define KDCRCACHE "dfl:krb5kdc_rcache"
-#define KDC_PORTNAME "kerberos" /* for /etc/services or equiv. */
-#define KDC_SECONDARY_PORTNAME "kerberos-sec" /* For backwards */
- /* compatibility with */
- /* port 750 clients */
+#define KDC_PORTNAME "kerberos" /* for /etc/services or equiv. */
+#define KDC_SECONDARY_PORTNAME "kerberos-sec" /* For backwards */
+/* compatibility with */
+/* port 750 clients */
-#define KRB5_DEFAULT_PORT 88
-#define KRB5_DEFAULT_SEC_PORT 750
+#define KRB5_DEFAULT_PORT 88
+#define KRB5_DEFAULT_SEC_PORT 750
-#define DEFAULT_KPASSWD_PORT 464
+#define DEFAULT_KPASSWD_PORT 464
#define KPASSWD_PORTNAME "kpasswd"
#define DEFAULT_KDC_UDP_PORTLIST "88,750"
/*
* Defaults for the KADM5 admin system.
*/
-#define DEFAULT_KADM5_KEYTAB "@LOCALSTATEDIR/krb5kdc/kadm5.keytab"
-#define DEFAULT_KADM5_ACL_FILE "@LOCALSTATEDIR/krb5kdc/kadm5.acl"
-#define DEFAULT_KADM5_PORT 749 /* assigned by IANA */
+#define DEFAULT_KADM5_KEYTAB "@LOCALSTATEDIR/krb5kdc/kadm5.keytab"
+#define DEFAULT_KADM5_ACL_FILE "@LOCALSTATEDIR/krb5kdc/kadm5.acl"
+#define DEFAULT_KADM5_PORT 749 /* assigned by IANA */
-#define KRB5_DEFAULT_SUPPORTED_ENCTYPES \
- "aes256-cts-hmac-sha1-96:normal " \
- "aes128-cts-hmac-sha1-96:normal " \
- "des3-cbc-sha1:normal arcfour-hmac-md5:normal"
+#define KRB5_DEFAULT_SUPPORTED_ENCTYPES \
+ "aes256-cts-hmac-sha1-96:normal " \
+ "aes128-cts-hmac-sha1-96:normal " \
+ "des3-cbc-sha1:normal arcfour-hmac-md5:normal"
-#define MAX_DGRAM_SIZE 4096
+#define MAX_DGRAM_SIZE 4096
#define MAX_SKDC_TIMEOUT 30
-#define SKDC_TIMEOUT_SHIFT 2 /* left shift of timeout for backoff */
-#define SKDC_TIMEOUT_1 1 /* seconds for first timeout */
+#define SKDC_TIMEOUT_SHIFT 2 /* left shift of timeout for backoff */
+#define SKDC_TIMEOUT_1 1 /* seconds for first timeout */
-#define RCTMPDIR "@KRB5RCTMPDIR" /* directory to store replay caches */
+#define RCTMPDIR "@KRB5RCTMPDIR" /* directory to store replay caches */
-#define KRB5_PATH_TTY "/dev/tty"
-#define KRB5_PATH_LOGIN "@SBINDIR/login.krb5"
+#define KRB5_PATH_TTY "/dev/tty"
+#define KRB5_PATH_LOGIN "@SBINDIR/login.krb5"
#define KRB5_PATH_RLOGIN "@BINDIR/rlogin"
-#define KRB5_ENV_CCNAME "KRB5CCNAME"
+#define KRB5_ENV_CCNAME "KRB5CCNAME"
/*
* krb5 slave support follows
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (c) 2004-2008 Apple Inc. All Rights Reserved.
*
* Created 19 May 2004 by Doug Mitchell.
*/
-#ifndef _PKINIT_APPLE_UTILS_H_
+#ifndef _PKINIT_APPLE_UTILS_H_
#define _PKINIT_APPLE_UTILS_H_
#include <krb5/krb5.h>
#define PKI_DEBUG 0
#endif
-#if PKI_DEBUG
+#if PKI_DEBUG
#include <stdio.h>
#else
#define pkiDebug(args...)
#define pkiCssmErr(str, rtn)
-#endif /* PKI_DEBUG */
+#endif /* PKI_DEBUG */
/*
* Macros used to initialize a declared CSSM_DATA and krb5_data to zero/NULL values.
*/
krb5_error_code pkiDataToInt(
const CSSM_DATA *cdata,
- krb5_int32 *i); /* RETURNED */
+ krb5_int32 *i); /* RETURNED */
krb5_error_code pkiIntToData(
- krb5_int32 num,
+ krb5_int32 num,
CSSM_DATA *cdata, /* allocated in coder space and RETURNED */
SecAsn1CoderRef coder);
krb5_error_code pkiDataToKrb5Data(
const void *data,
unsigned dataLen,
- krb5_data *kd); /* content mallocd and RETURNED */
+ krb5_data *kd); /* content mallocd and RETURNED */
/*
* CSSM_DATA <--> krb5_data
*/
krb5_error_code pkiCssmDataToKrb5Data(
const CSSM_DATA *cd,
- krb5_data *kd); /* content mallocd and RETURNED */
+ krb5_data *kd); /* content mallocd and RETURNED */
krb5_error_code pkiKrb5DataToCssm(
* CFDataRef --> krb5_data, mallocing the destination contents.
*/
krb5_error_code pkiCfDataToKrb5Data(
- CFDataRef cfData,
- krb5_data *kd); /* content mallocd and RETURNED */
+ CFDataRef cfData,
+ krb5_data *kd); /* content mallocd and RETURNED */
/*
* Non-mallocing conversion between CSSM_DATA and krb5_data
*/
-#define PKI_CSSM_TO_KRB_DATA(cd, kd) \
- (kd)->data = (char *)(cd)->Data; \
- (kd)->length = (cd)->Length;
+#define PKI_CSSM_TO_KRB_DATA(cd, kd) \
+ (kd)->data = (char *)(cd)->Data; \
+ (kd)->length = (cd)->Length;
-#define PKI_KRB_TO_CSSM_DATA(kd, cd) \
- (cd)->Data = (uint8 *)(kd)->data; \
- (cd)->Length = (kd)->length;
+#define PKI_KRB_TO_CSSM_DATA(kd, cd) \
+ (cd)->Data = (uint8 *)(kd)->data; \
+ (cd)->Length = (kd)->length;
/*
* Compare to CSSM_DATAs. Return TRUE if they're the same else FALSE.
*/
krb5_error_code pkiKrbTimestampToStr(
krb5_timestamp kts,
- char **str); /* mallocd and RETURNED */
+ char **str); /* mallocd and RETURNED */
krb5_error_code pkiTimeStrToKrbTimestamp(
- const char *str,
- unsigned len,
- krb5_timestamp *kts); /* RETURNED */
+ const char *str,
+ unsigned len,
+ krb5_timestamp *kts); /* RETURNED */
/*
* How many items in a NULL-terminated array of pointers?
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (c) 2004-2008 Apple Inc. All Rights Reserved.
*
* Created 18 May 2004 by Doug Mitchell.
*/
-#ifndef _PKINIT_ASN1_H_
+#ifndef _PKINIT_ASN1_H_
#define _PKINIT_ASN1_H_
#include <krb5/krb5.h>
/* RFC 3280 AlgorithmIdentifier */
typedef struct {
- krb5_data algorithm; /* OID */
- krb5_data parameters; /* ASN_ANY, defined by algorithm */
+ krb5_data algorithm; /* OID */
+ krb5_data parameters; /* ASN_ANY, defined by algorithm */
} krb5int_algorithm_id;
/*
* Encode and decode AuthPack, public key version (no Diffie-Hellman components).
*/
krb5_error_code krb5int_pkinit_auth_pack_encode(
- krb5_timestamp kctime,
- krb5_int32 cusec, /* microseconds */
- krb5_ui_4 nonce,
- const krb5_checksum *pa_checksum,
- const krb5int_algorithm_id *cms_types, /* optional */
- krb5_ui_4 num_cms_types,
- krb5_data *auth_pack); /* mallocd and RETURNED */
+ krb5_timestamp kctime,
+ krb5_int32 cusec, /* microseconds */
+ krb5_ui_4 nonce,
+ const krb5_checksum *pa_checksum,
+ const krb5int_algorithm_id *cms_types, /* optional */
+ krb5_ui_4 num_cms_types,
+ krb5_data *auth_pack); /* mallocd and RETURNED */
/* all returned values are optional - pass NULL if you don't want them */
krb5_error_code krb5int_pkinit_auth_pack_decode(
- const krb5_data *auth_pack, /* DER encoded */
- krb5_timestamp *kctime, /* RETURNED */
- krb5_ui_4 *cusec, /* microseconds, RETURNED */
- krb5_ui_4 *nonce, /* RETURNED */
- krb5_checksum *pa_checksum, /* contents mallocd and RETURNED */
- krb5int_algorithm_id **cms_types, /* mallocd and RETURNED */
- krb5_ui_4 *num_cms_types); /* RETURNED */
+ const krb5_data *auth_pack, /* DER encoded */
+ krb5_timestamp *kctime, /* RETURNED */
+ krb5_ui_4 *cusec, /* microseconds, RETURNED */
+ krb5_ui_4 *nonce, /* RETURNED */
+ krb5_checksum *pa_checksum, /* contents mallocd and RETURNED */
+ krb5int_algorithm_id **cms_types, /* mallocd and RETURNED */
+ krb5_ui_4 *num_cms_types); /* RETURNED */
/*
* IssuerAndSerialNumber.
*/
krb5_error_code krb5int_pkinit_issuer_serial_encode(
- const krb5_data *issuer, /* DER encoded */
+ const krb5_data *issuer, /* DER encoded */
const krb5_data *serial_num,
krb5_data *issuer_and_serial); /* content mallocd and RETURNED */
*/
krb5_error_code krb5int_pkinit_issuer_serial_decode(
const krb5_data *issuer_and_serial, /* DER encoded */
- krb5_data *issuer, /* DER encoded, RETURNED */
- krb5_data *serial_num); /* RETURNED */
+ krb5_data *issuer, /* DER encoded, RETURNED */
+ krb5_data *serial_num); /* RETURNED */
/*
* Top-level encode for PA-PK-AS-REQ.
* specific tag 0, during encode.
*/
krb5_error_code krb5int_pkinit_pa_pk_as_req_encode(
- const krb5_data *signed_auth_pack, /* DER encoded ContentInfo */
- const krb5_data *trusted_CAs, /* optional: trustedCertifiers. Contents are
- * DER-encoded issuer/serialNumbers. */
- krb5_ui_4 num_trusted_CAs,
- const krb5_data *kdc_cert, /* optional kdcPkId, DER encoded issuer/serial */
- krb5_data *pa_pk_as_req); /* mallocd and RETURNED */
+ const krb5_data *signed_auth_pack, /* DER encoded ContentInfo */
+ const krb5_data *trusted_CAs, /* optional: trustedCertifiers. Contents are
+ * DER-encoded issuer/serialNumbers. */
+ krb5_ui_4 num_trusted_CAs,
+ const krb5_data *kdc_cert, /* optional kdcPkId, DER encoded issuer/serial */
+ krb5_data *pa_pk_as_req); /* mallocd and RETURNED */
/*
* Top-level decode for PA-PK-AS-REQ. Does not perform cert verification on the
*/
krb5_error_code krb5int_pkinit_pa_pk_as_req_decode(
const krb5_data *pa_pk_as_req,
- krb5_data *signed_auth_pack, /* DER encoded ContentInfo, RETURNED */
+ krb5_data *signed_auth_pack, /* DER encoded ContentInfo, RETURNED */
/*
* Remainder are optionally RETURNED (specify NULL for pointers to
* items you're not interested in).
*/
- krb5_ui_4 *num_trusted_CAs, /* sizeof trusted_CAs */
- krb5_data **trusted_CAs, /* mallocd array of DER-encoded TrustedCAs
- * issuer/serial */
- krb5_data *kdc_cert); /* DER encoded issuer/serial */
+ krb5_ui_4 *num_trusted_CAs, /* sizeof trusted_CAs */
+ krb5_data **trusted_CAs, /* mallocd array of DER-encoded TrustedCAs
+ * issuer/serial */
+ krb5_data *kdc_cert); /* DER encoded issuer/serial */
/*
* Encode a ReplyKeyPack. The result is used as the Content of a SignedData.
krb5_error_code krb5int_pkinit_reply_key_pack_encode(
const krb5_keyblock *key_block,
const krb5_checksum *checksum,
- krb5_data *reply_key_pack); /* mallocd and RETURNED */
+ krb5_data *reply_key_pack); /* mallocd and RETURNED */
/*
* Decode a ReplyKeyPack.
*/
krb5_error_code krb5int_pkinit_reply_key_pack_decode(
- const krb5_data *reply_key_pack,
- krb5_keyblock *key_block, /* RETURNED */
- krb5_checksum *checksum); /* contents mallocd and RETURNED */
+ const krb5_data *reply_key_pack,
+ krb5_keyblock *key_block, /* RETURNED */
+ krb5_checksum *checksum); /* contents mallocd and RETURNED */
/*
* Encode a PA-PK-AS-REP.
*/
krb5_error_code krb5int_pkinit_pa_pk_as_rep_encode(
const krb5_data *dh_signed_data,
- const krb5_data *enc_key_pack, /* EnvelopedData(signedData(ReplyKeyPack) */
- krb5_data *pa_pk_as_rep); /* mallocd and RETURNED */
+ const krb5_data *enc_key_pack, /* EnvelopedData(signedData(ReplyKeyPack) */
+ krb5_data *pa_pk_as_rep); /* mallocd and RETURNED */
/*
* Decode a PA-PK-AS-REP.
*/
krb5_error_code krb5int_pkinit_pa_pk_as_rep_decode(
const krb5_data *pa_pk_as_rep,
- krb5_data *dh_signed_data,
- krb5_data *enc_key_pack);
+ krb5_data *dh_signed_data,
+ krb5_data *enc_key_pack);
/*
* Given a DER encoded certificate, obtain the associated IssuerAndSerialNumber.
*/
krb5_error_code krb5int_pkinit_get_issuer_serial(
- const krb5_data *cert,
- krb5_data *issuer_and_serial);
+ const krb5_data *cert,
+ krb5_data *issuer_and_serial);
#ifdef __cplusplus
}
#endif
-#endif /* _PKINIT_ASN1_H_ */
+#endif /* _PKINIT_ASN1_H_ */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (c) 2004-2008 Apple Inc. All Rights Reserved.
*
* Created 26 May 2004 by Doug Mitchell at Apple.
*/
-#ifndef _PKINIT_CERT_STORE_H_
+#ifndef _PKINIT_CERT_STORE_H_
#define _PKINIT_CERT_STORE_H_
#ifdef __cplusplus
* Returns KRB5_PRINC_NOMATCH if client cert not found.
*/
krb5_error_code krb5_pkinit_get_client_cert(
- const char *principal, /* full principal string */
- krb5_pkinit_signing_cert_t *client_cert); /* RETURNED */
+ const char *principal, /* full principal string */
+ krb5_pkinit_signing_cert_t *client_cert); /* RETURNED */
/*
* Determine if the specified client has a signing cert. Returns TRUE
* if so, else returns FALSE.
*/
krb5_boolean krb5_pkinit_have_client_cert(
- const char *principal); /* full principal string */
+ const char *principal); /* full principal string */
/*
* Store the specified certificate (or, more likely, some platform-dependent
* in the cert storage.
*/
krb5_error_code krb5_pkinit_set_client_cert_from_signing_cert(
- const char *principal, /* full principal string */
- krb5_pkinit_signing_cert_t client_cert);
+ const char *principal, /* full principal string */
+ krb5_pkinit_signing_cert_t client_cert);
krb5_error_code krb5_pkinit_set_client_cert(
- const char *principal, /* full principal string */
- krb5_pkinit_cert_t client_cert);
+ const char *principal, /* full principal string */
+ krb5_pkinit_cert_t client_cert);
/*
* Obtain a reference to the client's cert database. Specify either principal
* name or client_cert as obtained from krb5_pkinit_get_client_cert().
*/
krb5_error_code krb5_pkinit_get_client_cert_db(
- const char *principal, /* optional, full principal string */
- krb5_pkinit_signing_cert_t client_cert, /* optional, from krb5_pkinit_get_client_cert() */
- krb5_pkinit_cert_db_t *client_cert_db); /* RETURNED */
+ const char *principal, /* optional, full principal string */
+ krb5_pkinit_signing_cert_t client_cert, /* optional, from krb5_pkinit_get_client_cert() */
+ krb5_pkinit_cert_db_t *client_cert_db); /* RETURNED */
/*
* Obtain the KDC signing cert, with optional CA and specific cert specifiers.
*
*/
krb5_error_code krb5_pkinit_get_kdc_cert(
- krb5_ui_4 num_trusted_CAs, /* sizeof *trusted_CAs */
- krb5_data *trusted_CAs, /* optional */
- krb5_data *client_spec, /* optional */
- krb5_pkinit_signing_cert_t *kdc_cert); /* RETURNED */
+ krb5_ui_4 num_trusted_CAs, /* sizeof *trusted_CAs */
+ krb5_data *trusted_CAs, /* optional */
+ krb5_data *client_spec, /* optional */
+ krb5_pkinit_signing_cert_t *kdc_cert); /* RETURNED */
/*
* Obtain a reference to the KDC's cert database.
*/
krb5_error_code krb5_pkinit_get_kdc_cert_db(
- krb5_pkinit_cert_db_t *kdc_cert_db); /* RETURNED */
+ krb5_pkinit_cert_db_t *kdc_cert_db); /* RETURNED */
/*
* Release certificate references obtained via krb5_pkinit_get_client_cert() and
* krb5_pkinit_get_kdc_cert_db().
*/
extern void krb5_pkinit_release_cert_db(
- krb5_pkinit_cert_db_t cert_db);
+ krb5_pkinit_cert_db_t cert_db);
/*
* Obtain a mallocd C-string representation of a certificate's SHA1 digest.
krb5_error_code krb5_pkinit_get_server_certs(
const char *client_principal,
const char *server_principal,
- krb5_data **trusted_CAs, /* RETURNED, though return value may be NULL */
- krb5_ui_4 *num_trusted_CAs, /* RETURNED */
- krb5_data *kdc_cert); /* RETURNED, though may be 0/NULL */
+ krb5_data **trusted_CAs, /* RETURNED, though return value may be NULL */
+ krb5_ui_4 *num_trusted_CAs, /* RETURNED */
+ krb5_data *kdc_cert); /* RETURNED, though may be 0/NULL */
#ifdef __cplusplus
}
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (c) 2004-2008 Apple Inc. All Rights Reserved.
*
* Create a PA-PK-AS-REQ message.
*/
krb5_error_code krb5int_pkinit_as_req_create(
- krb5_context context,
- krb5_timestamp kctime,
- krb5_int32 cusec, /* microseconds */
- krb5_ui_4 nonce,
- const krb5_checksum *cksum,
- krb5_pkinit_signing_cert_t client_cert, /* required! */
+ krb5_context context,
+ krb5_timestamp kctime,
+ krb5_int32 cusec, /* microseconds */
+ krb5_ui_4 nonce,
+ const krb5_checksum *cksum,
+ krb5_pkinit_signing_cert_t client_cert, /* required! */
/*
* trusted_CAs correponds to PA-PK-AS-REQ.trustedCertifiers.
* Expressed here as an optional list of DER-encoded certs.
*/
- const krb5_data *trusted_CAs,
- krb5_ui_4 num_trusted_CAs,
+ const krb5_data *trusted_CAs,
+ krb5_ui_4 num_trusted_CAs,
/* optional PA-PK-AS-REQ.kdcPkId, expressed here as a
* DER-encoded cert */
- const krb5_data *kdc_cert,
- krb5_data *as_req); /* mallocd and RETURNED */
+ const krb5_data *kdc_cert,
+ krb5_data *as_req); /* mallocd and RETURNED */
/*
* Parse PA-PK-AS-REP message. Optionally evaluates the message's certificate chain.
* Optionally returns various components.
*/
krb5_error_code krb5int_pkinit_as_rep_parse(
- krb5_context context,
- const krb5_data *as_rep,
- krb5_pkinit_signing_cert_t client_cert, /* required for decryption */
- krb5_keyblock *key_block, /* RETURNED */
- krb5_checksum *checksum, /* checksum of corresponding AS-REQ */
- /* contents mallocd and RETURNED */
- krb5int_cert_sig_status *cert_status, /* RETURNED */
+ krb5_context context,
+ const krb5_data *as_rep,
+ krb5_pkinit_signing_cert_t client_cert, /* required for decryption */
+ krb5_keyblock *key_block, /* RETURNED */
+ krb5_checksum *checksum, /* checksum of corresponding AS-REQ */
+ /* contents mallocd and RETURNED */
+ krb5int_cert_sig_status *cert_status, /* RETURNED */
/*
* Cert fields, all optionally RETURNED.
* all_certs is an array of all of the certs in the incoming SignedData,
* in full DER-encoded form.
*/
- krb5_data *signer_cert, /* content mallocd */
- unsigned *num_all_certs, /* sizeof *all_certs */
- krb5_data **all_certs); /* krb5_data's and their content mallocd */
+ krb5_data *signer_cert, /* content mallocd */
+ unsigned *num_all_certs, /* sizeof *all_certs */
+ krb5_data **all_certs); /* krb5_data's and their content mallocd */
#ifdef __cplusplus
}
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (c) 2004-2008 Apple Inc. All Rights Reserved.
*
*/
enum {
pki_cs_good = 0,
- pki_not_signed, /* message not signed */
- pki_not_evaluated, /* signed, but not evaluated per caller request */
+ pki_not_signed, /* message not signed */
+ pki_not_evaluated, /* signed, but not evaluated per caller request */
/* remainder imply good signature on the message proper, i.e., these
* are all certificate errors. */
pki_cs_sig_verify_fail, /* signature verification failed */
- pki_cs_bad_leaf, /* leaf/subject cert itself is plain bad */
- pki_cs_no_root, /* looks good but not verifiable to any root */
+ pki_cs_bad_leaf, /* leaf/subject cert itself is plain bad */
+ pki_cs_no_root, /* looks good but not verifiable to any root */
pki_cs_unknown_root, /* verified to root we don't recognize */
- pki_cs_expired, /* expired */
+ pki_cs_expired, /* expired */
pki_cs_not_valid_yet, /* cert not valid yet */
- pki_cs_revoked, /* revoked via CRL or OCSP */
- pki_cs_untrusted, /* marked by user as untrusted */
- pki_bad_cms, /* CMS Format precluded verification */
- pki_bad_key_use, /* Bad ExtendedKeyUse or KeyUsage extension */
- pki_bad_digest, /* unacceptable CMS digest algorithm */
- pki_cs_other_err /* other cert verify error */
+ pki_cs_revoked, /* revoked via CRL or OCSP */
+ pki_cs_untrusted, /* marked by user as untrusted */
+ pki_bad_cms, /* CMS Format precluded verification */
+ pki_bad_key_use, /* Bad ExtendedKeyUse or KeyUsage extension */
+ pki_bad_digest, /* unacceptable CMS digest algorithm */
+ pki_cs_other_err /* other cert verify error */
};
typedef krb5_int32 krb5int_cert_sig_status;
* creation of the CMS message.
*/
krb5_error_code krb5int_pkinit_create_cms_msg(
- const krb5_data *content, /* Content */
- krb5_pkinit_signing_cert_t signing_cert, /* optional: signed by this cert */
- const krb5_data *recip_cert, /* optional: encrypted with this cert */
- krb5int_cms_content_type content_type, /* OID for EncapsulatedData */
- krb5_ui_4 num_cms_types, /* optional */
- const krb5int_algorithm_id *cms_types, /* optional */
- krb5_data *content_info); /* contents mallocd and RETURNED */
+ const krb5_data *content, /* Content */
+ krb5_pkinit_signing_cert_t signing_cert, /* optional: signed by this cert */
+ const krb5_data *recip_cert, /* optional: encrypted with this cert */
+ krb5int_cms_content_type content_type, /* OID for EncapsulatedData */
+ krb5_ui_4 num_cms_types, /* optional */
+ const krb5int_algorithm_id *cms_types, /* optional */
+ krb5_data *content_info); /* contents mallocd and RETURNED */
/*
* Parse a ContentInfo as best we can. All returned fields are optional -
*/
krb5_error_code krb5int_pkinit_parse_cms_msg(
const krb5_data *content_info,
- krb5_pkinit_cert_db_t cert_db, /* may be required for SignedData */
- krb5_boolean is_client_msg, /* TRUE : msg is from client */
- krb5_boolean *is_signed, /* RETURNED */
- krb5_boolean *is_encrypted, /* RETURNED */
- krb5_data *raw_data, /* RETURNED */
- krb5int_cms_content_type *inner_content_type,/* Returned, ContentType of */
- /* EncapsulatedData if */
- /* *is_signed true */
+ krb5_pkinit_cert_db_t cert_db, /* may be required for SignedData */
+ krb5_boolean is_client_msg, /* TRUE : msg is from client */
+ krb5_boolean *is_signed, /* RETURNED */
+ krb5_boolean *is_encrypted, /* RETURNED */
+ krb5_data *raw_data, /* RETURNED */
+ krb5int_cms_content_type *inner_content_type,/* Returned, ContentType of
+ * EncapsulatedData if
+ * *is_signed true */
/* returned for type SignedData only */
- krb5_data *signer_cert, /* RETURNED */
+ krb5_data *signer_cert, /* RETURNED */
krb5int_cert_sig_status *signer_cert_status,/* RETURNED */
- unsigned *num_all_certs, /* size of *all_certs RETURNED */
- krb5_data **all_certs); /* entire cert chain RETURNED */
+ unsigned *num_all_certs, /* size of *all_certs RETURNED */
+ krb5_data **all_certs); /* entire cert chain RETURNED */
/*
* An AuthPack contains an optional set of AlgorithmIdentifiers
* from krb5int_pkinit_get_cms_types() as necessary.
*/
krb5_error_code krb5int_pkinit_get_cms_types(
- krb5int_algorithm_id **supported_cms_types, /* RETURNED */
- krb5_ui_4 *num_supported_cms_types); /* RETURNED */
+ krb5int_algorithm_id **supported_cms_types, /* RETURNED */
+ krb5_ui_4 *num_supported_cms_types); /* RETURNED */
krb5_error_code krb5int_pkinit_free_cms_types(
krb5int_algorithm_id *supported_cms_types,
- krb5_ui_4 num_supported_cms_types);
+ krb5_ui_4 num_supported_cms_types);
#ifdef __cplusplus
}
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
#ifndef _PORT_SOCKET_H
#define _PORT_SOCKET_H
#if defined(_WIN32)
typedef WSABUF sg_buf;
-#define SG_ADVANCE(SG, N) \
- ((SG)->len < (N) \
- ? (abort(), 0) \
- : ((SG)->buf += (N), (SG)->len -= (N), 0))
+#define SG_ADVANCE(SG, N) \
+ ((SG)->len < (N) \
+ ? (abort(), 0) \
+ : ((SG)->buf += (N), (SG)->len -= (N), 0))
-#define SG_LEN(SG) ((SG)->len + 0)
-#define SG_BUF(SG) ((SG)->buf + 0)
-#define SG_SET(SG, B, N) ((SG)->buf = (char *)(B),(SG)->len = (N))
+#define SG_LEN(SG) ((SG)->len + 0)
+#define SG_BUF(SG) ((SG)->buf + 0)
+#define SG_SET(SG, B, N) ((SG)->buf = (char *)(B),(SG)->len = (N))
#define SOCKET_INITIALIZE() 0
#define SOCKET_CLEANUP()
#define SOCKET_NFDS(f) (0) /* select()'s first arg is ignored */
#define SOCKET_READ(fd, b, l) (recv(fd, b, l, 0))
#define SOCKET_WRITE(fd, b, l) (send(fd, b, l, 0))
-#define SOCKET_CONNECT connect /* XXX */
-#define SOCKET_GETSOCKNAME getsockname /* XXX */
-#define SOCKET_CLOSE close /* XXX */
+#define SOCKET_CONNECT connect /* XXX */
+#define SOCKET_GETSOCKNAME getsockname /* XXX */
+#define SOCKET_CLOSE close /* XXX */
#define SOCKET_EINTR WSAEINTR
/* Return -1 for error or number of bytes written.
must be used by this macro (to avoid compiler warnings). */
/* WSASend returns 0 or SOCKET_ERROR. */
#define SOCKET_WRITEV_TEMP DWORD
-#define SOCKET_WRITEV(FD, SG, LEN, TMP) \
- (WSASend((FD), (SG), (LEN), &(TMP), 0, 0, 0) ? -1 : (TMP))
+#define SOCKET_WRITEV(FD, SG, LEN, TMP) \
+ (WSASend((FD), (SG), (LEN), &(TMP), 0, 0, 0) ? -1 : (TMP))
-#define SHUTDOWN_READ SD_RECEIVE
-#define SHUTDOWN_WRITE SD_SEND
-#define SHUTDOWN_BOTH SD_BOTH
+#define SHUTDOWN_READ SD_RECEIVE
+#define SHUTDOWN_WRITE SD_SEND
+#define SHUTDOWN_BOTH SD_BOTH
#ifndef EINPROGRESS
#define EINPROGRESS WSAEINPROGRESS
#include "autoconf.h"
#include <sys/types.h>
-#include <netinet/in.h> /* For struct sockaddr_in and in_addr */
-#include <arpa/inet.h> /* For inet_ntoa */
+#include <netinet/in.h> /* For struct sockaddr_in and in_addr */
+#include <arpa/inet.h> /* For inet_ntoa */
#include <netdb.h>
#ifndef HAVE_NETDB_H_H_ERRNO
-extern int h_errno; /* In case it's missing, e.g., HP-UX 10.20. */
+extern int h_errno; /* In case it's missing, e.g., HP-UX 10.20. */
#endif
-#include <sys/param.h> /* For MAXHOSTNAMELEN */
-#include <sys/socket.h> /* For SOCK_*, AF_*, etc */
-#include <sys/time.h> /* For struct timeval */
-#include <net/if.h> /* For struct ifconf, for localaddr.c */
+#include <sys/param.h> /* For MAXHOSTNAMELEN */
+#include <sys/socket.h> /* For SOCK_*, AF_*, etc */
+#include <sys/time.h> /* For struct timeval */
+#include <net/if.h> /* For struct ifconf, for localaddr.c */
#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h> /* For struct iovec, for sg_buf */
+#include <sys/uio.h> /* For struct iovec, for sg_buf */
#endif
#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h> /* For FIONBIO on Solaris. */
+#include <sys/filio.h> /* For FIONBIO on Solaris. */
#endif
/* Either size_t or int or unsigned int is probably right. Under
/*
* Compatability with WinSock calls on MS-Windows...
*/
-#define SOCKET int
-#define INVALID_SOCKET ((SOCKET)~0)
-#define closesocket close
-#define ioctlsocket ioctl
-#define SOCKET_ERROR (-1)
+#define SOCKET int
+#define INVALID_SOCKET ((SOCKET)~0)
+#define closesocket close
+#define ioctlsocket ioctl
+#define SOCKET_ERROR (-1)
typedef struct iovec sg_buf;
-#define SG_ADVANCE(SG, N) \
- ((SG)->iov_len < (N) \
- ? (abort(), 0) \
- : ((SG)->iov_base = (char *) (SG)->iov_base + (N), \
- (SG)->iov_len -= (N), 0))
+#define SG_ADVANCE(SG, N) \
+ ((SG)->iov_len < (N) \
+ ? (abort(), 0) \
+ : ((SG)->iov_base = (char *) (SG)->iov_base + (N), \
+ (SG)->iov_len -= (N), 0))
-#define SG_LEN(SG) ((SG)->iov_len + 0)
-#define SG_BUF(SG) ((char*)(SG)->iov_base + 0)
-#define SG_SET(SG, B, L) ((SG)->iov_base = (char*)(B), (SG)->iov_len = (L))
+#define SG_LEN(SG) ((SG)->iov_len + 0)
+#define SG_BUF(SG) ((char*)(SG)->iov_base + 0)
+#define SG_SET(SG, B, L) ((SG)->iov_base = (char*)(B), (SG)->iov_len = (L))
/* Some of our own infrastructure where the WinSock stuff was too hairy
to dump into a clean Unix program... */
-#define SOCKET_INITIALIZE() (0) /* No error (or anything else) */
-#define SOCKET_CLEANUP() /* nothing */
-#define SOCKET_ERRNO errno
-#define SOCKET_SET_ERRNO(x) (errno = (x))
-#define SOCKET_NFDS(f) ((f)+1) /* select() arg for a single fd */
-#define SOCKET_READ read
-#define SOCKET_WRITE write
-#define SOCKET_CONNECT connect
-#define SOCKET_GETSOCKNAME getsockname
-#define SOCKET_CLOSE close
-#define SOCKET_EINTR EINTR
+#define SOCKET_INITIALIZE() (0) /* No error (or anything else) */
+#define SOCKET_CLEANUP() /* nothing */
+#define SOCKET_ERRNO errno
+#define SOCKET_SET_ERRNO(x) (errno = (x))
+#define SOCKET_NFDS(f) ((f)+1) /* select() arg for a single fd */
+#define SOCKET_READ read
+#define SOCKET_WRITE write
+#define SOCKET_CONNECT connect
+#define SOCKET_GETSOCKNAME getsockname
+#define SOCKET_CLOSE close
+#define SOCKET_EINTR EINTR
#define SOCKET_WRITEV_TEMP int
/* Use TMP to avoid compiler warnings and keep things consistent with
Windoze version. */
-#define SOCKET_WRITEV(FD, SG, LEN, TMP) \
- ((TMP) = writev((FD), (SG), (LEN)), (TMP))
+#define SOCKET_WRITEV(FD, SG, LEN, TMP) \
+ ((TMP) = writev((FD), (SG), (LEN)), (TMP))
-#define SHUTDOWN_READ 0
-#define SHUTDOWN_WRITE 1
-#define SHUTDOWN_BOTH 2
+#define SHUTDOWN_READ 0
+#define SHUTDOWN_WRITE 1
+#define SHUTDOWN_BOTH 2
#ifndef HAVE_INET_NTOP
-#define inet_ntop(AF,SRC,DST,CNT) \
- ((AF) == AF_INET \
- ? ((CNT) < 16 \
- ? (SOCKET_SET_ERRNO(ENOSPC), (const char *)NULL) \
- : (sprintf((DST), "%d.%d.%d.%d", \
- ((const unsigned char *)(const void *)(SRC))[0] & 0xff, \
- ((const unsigned char *)(const void *)(SRC))[1] & 0xff, \
- ((const unsigned char *)(const void *)(SRC))[2] & 0xff, \
- ((const unsigned char *)(const void *)(SRC))[3] & 0xff), \
- (DST))) \
+#define inet_ntop(AF,SRC,DST,CNT) \
+ ((AF) == AF_INET \
+ ? ((CNT) < 16 \
+ ? (SOCKET_SET_ERRNO(ENOSPC), (const char *)NULL) \
+ : (sprintf((DST), "%d.%d.%d.%d", \
+ ((const unsigned char *)(const void *)(SRC))[0] & 0xff, \
+ ((const unsigned char *)(const void *)(SRC))[1] & 0xff, \
+ ((const unsigned char *)(const void *)(SRC))[2] & 0xff, \
+ ((const unsigned char *)(const void *)(SRC))[3] & 0xff), \
+ (DST))) \
: (SOCKET_SET_ERRNO(EAFNOSUPPORT), (const char *)NULL))
#define HAVE_INET_NTOP
#endif
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 2001,2005 by the Massachusetts Institute of Technology,
* Cambridge, MA, USA. All Rights Reserved.
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* spnego-asn1.h
*
/* Context flags recognized by SPNEGO*/
enum {
- SPNEGO_DELEG_FLAG = 0x80,
- SPNEGO_MUTUAL_FLAG = 0x40,
- SPNEGO_ANON_FLAG=0x20,
- SPNEGO_CONF_FLAG = 0x10
+ SPNEGO_DELEG_FLAG = 0x80,
+ SPNEGO_MUTUAL_FLAG = 0x40,
+ SPNEGO_ANON_FLAG=0x20,
+ SPNEGO_CONF_FLAG = 0x10
};
/* Results of a negotiation*/
enum {
- SPNEGO_ACCEPT_COMPLETED = 0,
- SPNEGO_ACCEPT_INCOMPLETE = 1,
- SPNEGO_REJECT = 2,
- SPNEGO_UNSPEC_RESULT = 3
+ SPNEGO_ACCEPT_COMPLETED = 0,
+ SPNEGO_ACCEPT_INCOMPLETE = 1,
+ SPNEGO_REJECT = 2,
+ SPNEGO_UNSPEC_RESULT = 3
};
typedef krb5_data spnego_oid;
krb5_error_code krb5int_encode_spnego_acceptor_token
(krb5_context , spnego_acceptor_token *,
- krb5_data **);
+ krb5_data **);
krb5_error_code krb5int_encode_spnego_initiator_token
(krb5_context, spnego_initiator_token *,
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* This file is now only used on Windows
*/
#ifndef KRB5_SYSTYPES__
#define KRB5_SYSTYPES__
#include <sys/types.h>
-typedef unsigned long u_long; /* Not part of sys/types.h on the pc */
-typedef unsigned int u_int;
-typedef unsigned short u_short;
-typedef unsigned char u_char;
+typedef unsigned long u_long; /* Not part of sys/types.h on the pc */
+typedef unsigned int u_int;
+typedef unsigned short u_short;
+typedef unsigned char u_char;
typedef unsigned int uint32_t;
typedef int int32_t;
#if _INTEGRAL_MAX_BITS >= 64
#undef ssize_t
#endif
#ifdef _WIN64
-typedef __int64 ssize_t;
+typedef __int64 ssize_t;
#else
-typedef _W64 int ssize_t;
+typedef _W64 int ssize_t;
#endif
#define SSIZE_T_DEFINED
#endif
#ifdef CYGNUS
#define KERBEROS_HLP "kerbnet.hlp"
#else
-#define KERBEROS_HLP "krb5clnt.hlp"
+#define KERBEROS_HLP "krb5clnt.hlp"
#endif
#define INI_DEFAULTS "Defaults"
#define INI_USER "User" /* Default user */
#define INI_KRB_CONF "krb.conf" /* Location of krb.conf file */
#define DEF_KRB_CONF "krb.conf" /* Default name for krb.conf file */
#else
-#define INI_KRB5_CONF "krb5.ini" /* From k5-config.h */
-#define INI_KRB_CONF INI_KRB5_CONF /* Location of krb.conf file */
-#define DEF_KRB_CONF INI_KRB5_CONF /* Default name for krb.conf file */
+#define INI_KRB5_CONF "krb5.ini" /* From k5-config.h */
+#define INI_KRB_CONF INI_KRB5_CONF /* Location of krb.conf file */
+#define DEF_KRB_CONF INI_KRB5_CONF /* Default name for krb.conf file */
#define INI_TICKETOPTS "TicketOptions" /* Ticket options */
#define INI_FORWARDABLE "Forwardable" /* get forwardable tickets */
-#define INI_KRB_CCACHE "krb5cc" /* From k5-config.h */
+#define INI_KRB_CCACHE "krb5cc" /* From k5-config.h */
#endif
#define INI_KRB_REALMS "krb.realms" /* Location of krb.realms file */
#define DEF_KRB_REALMS "krb.realms" /* Default name for krb.realms file */
HINSTANCE get_lib_instance(void);
-#define GETSOCKNAME_ARG2_TYPE struct sockaddr
-#define GETSOCKNAME_ARG3_TYPE size_t
-#define GETPEERNAME_ARG2_TYPE GETSOCKNAME_ARG2_TYPE
-#define GETPEERNAME_ARG3_TYPE GETSOCKNAME_ARG3_TYPE
+#define GETSOCKNAME_ARG2_TYPE struct sockaddr
+#define GETSOCKNAME_ARG3_TYPE size_t
+#define GETPEERNAME_ARG2_TYPE GETSOCKNAME_ARG2_TYPE
+#define GETPEERNAME_ARG3_TYPE GETSOCKNAME_ARG3_TYPE
#endif /* !RES_ONLY */
projects / krb5.git / commitdiff