From 4185cec91422e9daabc0bc0a1eca6955889a021b Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Sat, 6 Dec 1997 07:58:22 +0000 Subject: [PATCH] * krb5.hin: Add constants and prototypes for the Cygnus password changing API. Add krb5_cc_copy_creds. Add support for Cygnus initial credentials API. * k5-int.h: Add additional preauth types. Add additional parameter to krb5_sendto_kdc for designating whether to use the master. Add functions to support Cygnus initial credentials API. Add prototypes for sam functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10318 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/ChangeLog | 11 +++ src/include/k5-int.h | 79 +++++++++++++++++- src/include/krb5.hin | 185 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 273 insertions(+), 2 deletions(-) diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 7853a60d0..6ba9ccfa3 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,14 @@ +Sat Dec 6 02:20:11 1997 Tom Yu + + * krb5.hin: Add constants and prototypes for the Cygnus password + changing API. Add krb5_cc_copy_creds. Add support for Cygnus + initial credentials API. + + * k5-int.h: Add additional preauth types. Add additional + parameter to krb5_sendto_kdc for designating whether to use the + master. Add functions to support Cygnus initial credentials API. + Add prototypes for sam functions. + Tue Sep 30 18:56:05 1997 Tom Yu * win-mac.h: Replace HAS_STDLIB_H with something more sane. diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 7ce040901..ab30d14fd 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -298,7 +298,12 @@ typedef krb5_etype_info_entry ** krb5_etype_info; #define PA_SAM_TYPE_SKEY_K0 3 /* S/key where KDC has key 0 */ #define PA_SAM_TYPE_SKEY 4 /* Traditional S/Key */ #define PA_SAM_TYPE_SECURID 5 /* Security Dynamics */ -#define PA_SAM_TYPE_GRAIL 128 /* experimental */ +#define PA_SAM_TYPE_ACTIVCARD_DEC 6 /* ActivCard decimal mode */ +#define PA_SAM_TYPE_ACTIVCARD_HEX 7 /* ActivCard hex mode */ +#define PA_SAM_TYPE_DIGI_PATH_HEX 8 /* Digital Pathways hex mode */ +#define PA_SAM_TYPE_EXP_BASE 128 /* experimental */ +#define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */ +#define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */ typedef struct _krb5_predicted_sam_response { krb5_magic magic; @@ -452,7 +457,8 @@ krb5_error_code krb5_sendto_kdc KRB5_PROTOTYPE((krb5_context, const krb5_data *, const krb5_data *, - krb5_data * )); + krb5_data *, + int *)); krb5_error_code krb5_get_krbhst KRB5_PROTOTYPE((krb5_context, const krb5_data *, @@ -761,6 +767,41 @@ void krb5_free_etype_info * End "preauth.h" */ + +typedef krb5_error_code (*krb5_gic_get_as_key_fct) + KRB5_NPROTOTYPE((krb5_context, + krb5_principal, + krb5_enctype, + krb5_prompter_fct, + void *prompter_data, + krb5_data *salt, + krb5_keyblock *as_key, + void *gak_data)); + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_get_init_creds +KRB5_PROTOTYPE((krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_prompter_fct prompter, + void *prompter_data, + krb5_deltat start_time, + char *in_tkt_service, + krb5_get_init_creds_opt *options, + krb5_gic_get_as_key_fct gak, + void *gak_data, + int *master, + krb5_kdc_rep **as_reply)); + + +krb5_error_code krb5_do_preauth +KRB5_PROTOTYPE((krb5_context, krb5_kdc_req *, + krb5_pa_data **, krb5_pa_data ***, + krb5_data *, krb5_keyblock *, + krb5_prompter_fct, void *, + krb5_gic_get_as_key_fct, void *)); + + /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ #include "profile.h" @@ -984,15 +1025,49 @@ krb5_error_code encode_krb5_sam_response krb5_error_code encode_krb5_predicted_sam_response KRB5_PROTOTYPE((const krb5_predicted_sam_response * , krb5_data **)); +krb5_error_code encode_krb5_sam_challenge + KRB5_PROTOTYPE((const krb5_sam_challenge * , krb5_data **)); + +krb5_error_code encode_krb5_sam_key + KRB5_PROTOTYPE((const krb5_sam_key * , krb5_data **)); + +krb5_error_code encode_krb5_enc_sam_response_enc + KRB5_PROTOTYPE((const krb5_enc_sam_response_enc * , krb5_data **)); + +krb5_error_code encode_krb5_sam_response + KRB5_PROTOTYPE((const krb5_sam_response * , krb5_data **)); + +krb5_error_code encode_krb5_predicted_sam_response + KRB5_PROTOTYPE((const krb5_predicted_sam_response * , krb5_data **)); + /************************************************************************* * End of prototypes for krb5_encode.c *************************************************************************/ +krb5_error_code decode_krb5_sam_challenge + KRB5_PROTOTYPE((const krb5_data *, krb5_sam_challenge **)); + +krb5_error_code decode_krb5_sam_key + KRB5_PROTOTYPE((const krb5_data *, krb5_sam_key **)); + +krb5_error_code decode_krb5_enc_sam_response_enc + KRB5_PROTOTYPE((const krb5_data *, krb5_enc_sam_response_enc **)); + +krb5_error_code decode_krb5_sam_response + KRB5_PROTOTYPE((const krb5_data *, krb5_sam_response **)); + +krb5_error_code decode_krb5_predicted_sam_response + KRB5_PROTOTYPE((const krb5_data *, krb5_predicted_sam_response **)); + /************************************************************************* * Prototypes for krb5_decode.c *************************************************************************/ +krb5_error_code krb5_validate_times + KRB5_PROTOTYPE((krb5_context, + krb5_ticket_times *)); + /* krb5_error_code decode_krb5_structure(const krb5_data *code, krb5_structure **rep); diff --git a/src/include/krb5.hin b/src/include/krb5.hin index 884281b50..0e58be1be 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -663,6 +663,14 @@ krb5_error_code krb5_decrypt_data #define KRB5_AUTHDATA_OSF_DCE 64 #define KRB5_AUTHDATA_SESAME 65 +/* password change constants */ + +#define KRB5_KPASSWD_SUCCESS 0 +#define KRB5_KPASSWD_MALFORMED 1 +#define KRB5_KPASSWD_HARDERROR 2 +#define KRB5_KPASSWD_AUTHERROR 3 +#define KRB5_KPASSWD_SOFTERROR 4 + /* * end "proto.h" */ @@ -1478,6 +1486,17 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_524_conv_principal KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_principal princ, char FAR *name, char FAR *inst, char FAR *realm)); +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_mk_chpw_req + KRB5_PROTOTYPE((krb5_context context, krb5_auth_context auth_context, + krb5_data *ap_req, char *passwd, krb5_data *packet)); +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_rd_chpw_rep + KRB5_PROTOTYPE((krb5_context context, krb5_auth_context auth_context, + krb5_data *packet, int *result_code, + krb5_data *result_data)); +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string + KRB5_PROTOTYPE((krb5_context context, int result_code, + char **result_codestr)); + /* libkt.spec */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_kt_register KRB5_PROTOTYPE((krb5_context, @@ -1528,6 +1547,12 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_default KRB5_DLLIMP unsigned int KRB5_CALLCONV krb5_get_notification_message KRB5_PROTOTYPE((void)); +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds + KRB5_PROTOTYPE((krb5_context context, + krb5_ccache incc, + krb5_ccache outcc)); + + /* chk_trans.c */ krb5_error_code krb5_check_transited_list KRB5_PROTOTYPE((krb5_context, @@ -1632,6 +1657,11 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_sname_to_principal krb5_const char FAR *, krb5_int32, krb5_principal FAR *)); +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_change_password + KRB5_PROTOTYPE((krb5_context context, krb5_creds *creds, char *newpw, + int *result_code, krb5_data *result_code_string, + krb5_data *result_string)); krb5_error_code krb5_set_config_files KRB5_PROTOTYPE ((krb5_context, krb5_const char FAR * FAR *)); @@ -2037,5 +2067,160 @@ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_deltat_to_string /* flags for recvauth */ #define KRB5_RECVAUTH_SKIP_VERSION 0x0001 #define KRB5_RECVAUTH_BADAUTHVERS 0x0002 +/* initial ticket api functions */ + +typedef struct _krb5_prompt { + char *prompt; + int hidden; + krb5_data *reply; +} krb5_prompt; + +typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context, + void *data, + const char *banner, + int num_prompts, + krb5_prompt prompts[]); + + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_prompter_posix +KRB5_PROTOTYPE((krb5_context context, + void *data, + const char *banner, + int num_prompts, + krb5_prompt prompts[])); + +typedef struct _krb5_get_init_creds_opt { + krb5_flags flags; + krb5_deltat tkt_life; + krb5_deltat renew_life; + int forwardable; + int proxiable; + krb5_enctype *etype_list; + int etype_list_length; + krb5_address **address_list; + krb5_preauthtype *preauth_list; + int preauth_list_length; + krb5_data *salt; +} krb5_get_init_creds_opt; + +#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 +#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 +#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 +#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 +#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 +#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 +#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 +#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 + + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_get_init_creds_opt_init +KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt)); + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_get_init_creds_opt_set_tkt_life +KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, + krb5_deltat tkt_life)); + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_get_init_creds_opt_set_renew_life +KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, + krb5_deltat renew_life)); + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_get_init_creds_opt_set_forwardable +KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, + int forwardable)); + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_get_init_creds_opt_set_proxiable +KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, + int proxiable)); + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_get_init_creds_opt_set_etype_list +KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, + krb5_enctype *etype_list, + int etype_list_length)); + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_get_init_creds_opt_set_address_list +KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, + krb5_address **addresses)); + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_get_init_creds_opt_set_preauth_list +KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, + krb5_preauthtype *preauth_list, + int preauth_list_length)); + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_get_init_creds_opt_set_salt +KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, + krb5_data *salt)); + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_get_init_creds_password +KRB5_PROTOTYPE((krb5_context context, + krb5_creds *creds, + krb5_principal client, + char *password, + krb5_prompter_fct prompter, + void *data, + krb5_deltat start_time, + char *in_tkt_service, + krb5_get_init_creds_opt *options)); + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_get_init_creds_keytab +KRB5_PROTOTYPE((krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_keytab arg_keytab, + krb5_deltat start_time, + char *in_tkt_service, + krb5_get_init_creds_opt *options)); + +typedef struct _krb5_verify_init_creds_opt { + krb5_flags flags; + int ap_req_nofail; +} krb5_verify_init_creds_opt; + +#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 + +KRB5_DLLIMP void KRB5_CALLCONV +krb5_verify_init_creds_opt_init +KRB5_PROTOTYPE((krb5_verify_init_creds_opt *options)); +KRB5_DLLIMP void KRB5_CALLCONV +krb5_verify_init_creds_opt_set_ap_req_nofail +KRB5_PROTOTYPE((krb5_verify_init_creds_opt *options, + int ap_req_nofail)); + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_verify_init_creds +KRB5_PROTOTYPE((krb5_context context, + krb5_creds *creds, + krb5_principal ap_req_server, + krb5_keytab ap_req_keytab, + krb5_ccache *ccache, + krb5_verify_init_creds_opt *options)); + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_get_validated_creds +KRB5_PROTOTYPE((krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_ccache ccache, + char *in_tkt_service)); + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_get_renewed_creds +KRB5_PROTOTYPE((krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_ccache ccache, + char *in_tkt_service)); + #endif /* KRB5_GENERAL__ */ -- 2.26.2