From 42c4dd4abdc0bfc0ceb8ea8185fa15228cfcfcb3 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Mon, 28 Aug 1995 20:01:39 +0000 Subject: [PATCH] Added two new data structures: krb5_alt_method and krb5_etype_info (and krb5_etype_info_entry). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6604 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/ChangeLog | 5 + src/include/k5-int.h | 1059 +++++++++++++++++++++-------------------- 2 files changed, 554 insertions(+), 510 deletions(-) diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 726922140..db1333416 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,8 @@ +Mon Aug 28 15:58:14 1995 + + * k5-int.h: Added two new data structures: krb5_alt_method and + krb5_etype_info (and krb5_etype_info_entry). + Fri Aug 25 17:12:37 1995 Theodore Y. Ts'o * k5-int.h: Added prototypes for encode_krb5_padata_sequence and diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 6fdfc0212..8c9e46b63 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -453,407 +453,170 @@ int win_socket_initialize(); */ /* - * Begin "asn1.h" + * This structure is returned in the e-data field of the KRB-ERROR + * message when the error calling for an alternative form of + * authentication is returned, KRB_AP_METHOD. */ -#ifndef KRB5_ASN1__ -#define KRB5_ASN1__ +typedef struct _krb5_alt_method { + krb5_magic magic; + krb5_int32 method; + krb5_int32 length; + krb5_octet *data; +} krb5_alt_method; -/* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */ -/* here we use some knowledge of ASN.1 encodings */ -/* - Ticket is APPLICATION 1. - Authenticator is APPLICATION 2. - AS_REQ is APPLICATION 10. - AS_REP is APPLICATION 11. - TGS_REQ is APPLICATION 12. - TGS_REP is APPLICATION 13. - AP_REQ is APPLICATION 14. - AP_REP is APPLICATION 15. - KRB_SAFE is APPLICATION 20. - KRB_PRIV is APPLICATION 21. - KRB_CRED is APPLICATION 22. - EncASRepPart is APPLICATION 25. - EncTGSRepPart is APPLICATION 26. - EncAPRepPart is APPLICATION 27. - EncKrbPrivPart is APPLICATION 28. - EncKrbCredPart is APPLICATION 29. - KRB_ERROR is APPLICATION 30. +/* + * A null-terminated array of this structure is returned by the KDC as + * the data part of the ETYPE_INFO preauth type. It informs the + * client which encryption types are supported. */ -/* allow either constructed or primitive encoding, so check for bit 6 - set or reset */ -#define krb5_is_krb_ticket(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\ - (dat)->data[0] == 0x41)) -#define krb5_is_krb_authenticator(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\ - (dat)->data[0] == 0x42)) -#define krb5_is_as_req(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\ - (dat)->data[0] == 0x4a)) -#define krb5_is_as_rep(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\ - (dat)->data[0] == 0x4b)) -#define krb5_is_tgs_req(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\ - (dat)->data[0] == 0x4c)) -#define krb5_is_tgs_rep(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\ - (dat)->data[0] == 0x4d)) -#define krb5_is_ap_req(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\ - (dat)->data[0] == 0x4e)) -#define krb5_is_ap_rep(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\ - (dat)->data[0] == 0x4f)) -#define krb5_is_krb_safe(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\ - (dat)->data[0] == 0x54)) -#define krb5_is_krb_priv(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\ - (dat)->data[0] == 0x55)) -#define krb5_is_krb_cred(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\ - (dat)->data[0] == 0x56)) -#define krb5_is_krb_enc_as_rep_part(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\ - (dat)->data[0] == 0x59)) -#define krb5_is_krb_enc_tgs_rep_part(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\ - (dat)->data[0] == 0x5a)) -#define krb5_is_krb_enc_ap_rep_part(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\ - (dat)->data[0] == 0x5b)) -#define krb5_is_krb_enc_krb_priv_part(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\ - (dat)->data[0] == 0x5c)) -#define krb5_is_krb_enc_krb_cred_part(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\ - (dat)->data[0] == 0x5d)) -#define krb5_is_krb_error(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\ - (dat)->data[0] == 0x5e)) +typedef struct _krb5_etype_info_entry { + krb5_magic magic; + krb5_int32 etype; + krb5_int32 length; + krb5_octet *salt; +} krb5_etype_info_entry; -/************************************************************************* - * Prototypes for krb5_encode.c - *************************************************************************/ +typedef krb5_etype_info_entry ** krb5_etype_info; /* - krb5_error_code encode_krb5_structure(const krb5_structure *rep, - krb5_data **code); - modifies *code - effects Returns the ASN.1 encoding of *rep in **code. - Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep. - Returns ENOMEM if memory runs out. -*/ - -krb5_error_code encode_krb5_authenticator - KRB5_PROTOTYPE((const krb5_authenticator *rep, krb5_data **code)); + * Begin "dbm.h" + */ +#ifndef KRB5_DBM_COMPAT__ +#define KRB5_DBM_COMPAT__ -krb5_error_code encode_krb5_ticket - KRB5_PROTOTYPE((const krb5_ticket *rep, krb5_data **code)); +#include "osconf.h" -krb5_error_code encode_krb5_encryption_key - KRB5_PROTOTYPE((const krb5_keyblock *rep, krb5_data **code)); +#ifndef ODBM +#include +#else /* ODBM */ +#ifdef unicos61 +#include +#else +#include +#endif +#endif /*ODBM */ -krb5_error_code encode_krb5_enc_tkt_part - KRB5_PROTOTYPE((const krb5_enc_tkt_part *rep, krb5_data **code)); +#ifndef ODBM +#define dbm_next(db,key) dbm_nextkey(db) +#else /* OLD DBM */ +typedef char DBM; -krb5_error_code encode_krb5_enc_kdc_rep_part - KRB5_PROTOTYPE((const krb5_enc_kdc_rep_part *rep, krb5_data **code)); +/* Macros to convert ndbm names to dbm names. + * Note that dbm_nextkey() cannot be simply converted using a macro, since + * it is invoked giving the database, and nextkey() needs the previous key. + * + * Instead, all routines call "dbm_next" instead. + */ -/* yes, the translation is identical to that used for KDC__REP */ -krb5_error_code encode_krb5_as_rep - KRB5_PROTOTYPE((const krb5_kdc_rep *rep, krb5_data **code)); +#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0)) +#define dbm_fetch(db, key) fetch(key) +#define dbm_store(db, key, content, flag) store(key, content) +#define dbm_delete(db, key) delete(key) +#define dbm_firstkey(db) firstkey() +#define dbm_next(db,key) nextkey(key) +#define dbm_close(db) dbmclose() +#endif /* OLD DBM */ -/* yes, the translation is identical to that used for KDC__REP */ -krb5_error_code encode_krb5_tgs_rep - KRB5_PROTOTYPE((const krb5_kdc_rep *rep, krb5_data **code)); +#endif /* KRB5_DBM_COMPAT__ */ +/* + * End "dbm.h" + */ -krb5_error_code encode_krb5_ap_req - KRB5_PROTOTYPE((const krb5_ap_req *rep, krb5_data **code)); +/* + * Begin "ext-proto.h" + */ +#ifndef KRB5_EXT_PROTO__ +#define KRB5_EXT_PROTO__ -krb5_error_code encode_krb5_ap_rep - KRB5_PROTOTYPE((const krb5_ap_rep *rep, krb5_data **code)); +#ifdef HAS_STDLIB_H +#include +#else +#if defined(__STDC__) || defined(_WINDOWS) +#ifdef NO_STDLIB_H +#include +#else +#include +#endif /* NO_STDLIB_H */ +#else +extern char *malloc(), *realloc(), *calloc(); +extern char *getenv(); +#endif /* ! __STDC__ */ +#endif /* HAS_STDLIB_H */ -krb5_error_code encode_krb5_ap_rep_enc_part - KRB5_PROTOTYPE((const krb5_ap_rep_enc_part *rep, krb5_data **code)); +#ifdef USE_STRING_H +#include +#else +#include +#endif -krb5_error_code encode_krb5_as_req - KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code)); +#ifndef HAS_STRDUP +extern char *strdup KRB5_PROTOTYPE((const char *)); +#endif -krb5_error_code encode_krb5_tgs_req - KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code)); +#ifdef HAS_UNISTD_H +#include +#endif -krb5_error_code encode_krb5_kdc_req_body - KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code)); +#endif /* KRB5_EXT_PROTO__ */ +/* + * End "ext-proto.h" + */ -krb5_error_code encode_krb5_safe - KRB5_PROTOTYPE((const krb5_safe *rep, krb5_data **code)); +/* + * Begin "sysincl.h" + */ +#ifndef KRB5_SYSINCL__ +#define KRB5_SYSINCL__ -krb5_error_code encode_krb5_priv - KRB5_PROTOTYPE((const krb5_priv *rep, krb5_data **code)); +#ifndef KRB5_SYSTYPES__ +#define KRB5_SYSTYPES__ +/* needed for much of the rest -- but already handled in krb5.h? */ +/* #include */ +#endif /* KRB5_SYSTYPES__ */ -krb5_error_code encode_krb5_enc_priv_part - KRB5_PROTOTYPE((const krb5_priv_enc_part *rep, krb5_data **code)); +#include "osconf.h" /* USE*TIME_H macros */ +#ifdef HAVE_SYS_TIME_H +#include +#ifdef TIME_WITH_SYS_TIME +#include +#endif +#else +#include +#endif -krb5_error_code encode_krb5_cred - KRB5_PROTOTYPE((const krb5_cred *rep, krb5_data **code)); +#ifdef HAVE_SYS_STAT_H +#include /* struct stat, stat() */ +#endif -krb5_error_code encode_krb5_enc_cred_part - KRB5_PROTOTYPE((const krb5_cred_enc_part *rep, krb5_data **code)); +#ifdef HAVE_SYS_PARAM_H +#include /* MAXPATHLEN */ +#endif -krb5_error_code encode_krb5_error - KRB5_PROTOTYPE((const krb5_error *rep, krb5_data **code)); +#ifdef HAVE_SYS_FILE_H +#include /* prototypes for file-related + syscalls; flags for open & + friends */ +#endif -krb5_error_code encode_krb5_authdata - KRB5_PROTOTYPE((const krb5_authdata **rep, krb5_data **code)); +#if defined(SYSV) || defined(_AIX) +#include +#endif +#ifdef NEED_SYS_FCNTL_H +#include +#endif -krb5_error_code encode_krb5_pwd_sequence - KRB5_PROTOTYPE((const passwd_phrase_element *rep, krb5_data **code)); +#endif /* KRB5_SYSINCL__ */ +/* + * End "sysincl.h" + */ -krb5_error_code encode_krb5_pwd_data - KRB5_PROTOTYPE((const krb5_pwd_data *rep, krb5_data **code)); +/* + * Begin "los-proto.h" + */ +#ifndef KRB5_LIBOS_PROTO__ +#define KRB5_LIBOS_PROTO__ -krb5_error_code encode_krb5_padata_sequence - KRB5_PROTOTYPE((const krb5_pa_data ** rep, krb5_data **code)); - -/************************************************************************* - * End of prototypes for krb5_encode.c - *************************************************************************/ - - -/************************************************************************* - * Prototypes for krb5_decode.c - *************************************************************************/ - -/* - krb5_error_code decode_krb5_structure(const krb5_data *code, - krb5_structure **rep); - - requires Expects **rep to not have been allocated; - a new *rep is allocated regardless of the old value. - effects Decodes *code into **rep. - Returns ENOMEM if memory is exhausted. - Returns asn1 and krb5 errors. -*/ - -krb5_error_code decode_krb5_authenticator - KRB5_PROTOTYPE((const krb5_data *code, krb5_authenticator **rep)); - -krb5_error_code decode_krb5_ticket - KRB5_PROTOTYPE((const krb5_data *code, krb5_ticket **rep)); - -krb5_error_code decode_krb5_encryption_key - KRB5_PROTOTYPE((const krb5_data *output, krb5_keyblock **rep)); - -krb5_error_code decode_krb5_enc_tkt_part - KRB5_PROTOTYPE((const krb5_data *output, krb5_enc_tkt_part **rep)); - -krb5_error_code decode_krb5_enc_kdc_rep_part - KRB5_PROTOTYPE((const krb5_data *output, krb5_enc_kdc_rep_part **rep)); - -krb5_error_code decode_krb5_as_rep - KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_rep **rep)); - -krb5_error_code decode_krb5_tgs_rep - KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_rep **rep)); - -krb5_error_code decode_krb5_ap_req - KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_req **rep)); - -krb5_error_code decode_krb5_ap_rep - KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_rep **rep)); - -krb5_error_code decode_krb5_ap_rep_enc_part - KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_rep_enc_part **rep)); - -krb5_error_code decode_krb5_as_req - KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep)); - -krb5_error_code decode_krb5_tgs_req - KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep)); - -krb5_error_code decode_krb5_kdc_req_body - KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep)); - -krb5_error_code decode_krb5_safe - KRB5_PROTOTYPE((const krb5_data *output, krb5_safe **rep)); - -krb5_error_code decode_krb5_priv - KRB5_PROTOTYPE((const krb5_data *output, krb5_priv **rep)); - -krb5_error_code decode_krb5_enc_priv_part - KRB5_PROTOTYPE((const krb5_data *output, krb5_priv_enc_part **rep)); - -krb5_error_code decode_krb5_cred - KRB5_PROTOTYPE((const krb5_data *output, krb5_cred **rep)); - -krb5_error_code decode_krb5_enc_cred_part - KRB5_PROTOTYPE((const krb5_data *output, krb5_cred_enc_part **rep)); - -krb5_error_code decode_krb5_error - KRB5_PROTOTYPE((const krb5_data *output, krb5_error **rep)); - -krb5_error_code decode_krb5_authdata - KRB5_PROTOTYPE((const krb5_data *output, krb5_authdata ***rep)); - -krb5_error_code decode_krb5_pwd_sequence - KRB5_PROTOTYPE((const krb5_data *output, passwd_phrase_element **rep)); - -krb5_error_code decode_krb5_pwd_data - KRB5_PROTOTYPE((const krb5_data *output, krb5_pwd_data **rep)); - -krb5_error_code decode_krb5_padata_sequence - KRB5_PROTOTYPE((const krb5_data *output, krb5_pa_data ***rep)); - -/************************************************************************* - * End of prototypes for krb5_decode.c - *************************************************************************/ - -#endif /* KRB5_ASN1__ */ -/* - * End "asn1.h" - */ - -/* - * Begin "dbm.h" - */ -#ifndef KRB5_DBM_COMPAT__ -#define KRB5_DBM_COMPAT__ - -#include "osconf.h" - -#ifndef ODBM -#include -#else /* ODBM */ -#ifdef unicos61 -#include -#else -#include -#endif -#endif /*ODBM */ - -#ifndef ODBM -#define dbm_next(db,key) dbm_nextkey(db) -#else /* OLD DBM */ -typedef char DBM; - -/* Macros to convert ndbm names to dbm names. - * Note that dbm_nextkey() cannot be simply converted using a macro, since - * it is invoked giving the database, and nextkey() needs the previous key. - * - * Instead, all routines call "dbm_next" instead. - */ - -#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0)) -#define dbm_fetch(db, key) fetch(key) -#define dbm_store(db, key, content, flag) store(key, content) -#define dbm_delete(db, key) delete(key) -#define dbm_firstkey(db) firstkey() -#define dbm_next(db,key) nextkey(key) -#define dbm_close(db) dbmclose() -#endif /* OLD DBM */ - -#endif /* KRB5_DBM_COMPAT__ */ -/* - * End "dbm.h" - */ - -/* - * Begin "ext-proto.h" - */ -#ifndef KRB5_EXT_PROTO__ -#define KRB5_EXT_PROTO__ - -#ifdef HAS_STDLIB_H -#include -#else -#if defined(__STDC__) || defined(_WINDOWS) -#ifdef NO_STDLIB_H -#include -#else -#include -#endif /* NO_STDLIB_H */ -#else -extern char *malloc(), *realloc(), *calloc(); -extern char *getenv(); -#endif /* ! __STDC__ */ -#endif /* HAS_STDLIB_H */ - -#ifdef USE_STRING_H -#include -#else -#include -#endif - -#ifndef HAS_STRDUP -extern char *strdup KRB5_PROTOTYPE((const char *)); -#endif - -#ifdef HAS_UNISTD_H -#include -#endif - -#endif /* KRB5_EXT_PROTO__ */ -/* - * End "ext-proto.h" - */ - -/* - * Begin "sysincl.h" - */ -#ifndef KRB5_SYSINCL__ -#define KRB5_SYSINCL__ - -#ifndef KRB5_SYSTYPES__ -#define KRB5_SYSTYPES__ -/* needed for much of the rest -- but already handled in krb5.h? */ -/* #include */ -#endif /* KRB5_SYSTYPES__ */ - -#include "osconf.h" /* USE*TIME_H macros */ -#ifdef HAVE_SYS_TIME_H -#include -#ifdef TIME_WITH_SYS_TIME -#include -#endif -#else -#include -#endif - -#ifdef HAVE_SYS_STAT_H -#include /* struct stat, stat() */ -#endif - -#ifdef HAVE_SYS_PARAM_H -#include /* MAXPATHLEN */ -#endif - -#ifdef HAVE_SYS_FILE_H -#include /* prototypes for file-related - syscalls; flags for open & - friends */ -#endif - -#if defined(SYSV) || defined(_AIX) -#include -#endif -#ifdef NEED_SYS_FCNTL_H -#include -#endif - -#endif /* KRB5_SYSINCL__ */ -/* - * End "sysincl.h" - */ - -/* - * Begin "los-proto.h" - */ -#ifndef KRB5_LIBOS_PROTO__ -#define KRB5_LIBOS_PROTO__ - -#include +#include /* libos.spec */ krb5_error_code krb5_read_password @@ -935,173 +698,449 @@ krb5_error_code krb5_sync_disk_file FILE *fp)); -krb5_error_code krb5_read_message - KRB5_PROTOTYPE((krb5_context, - krb5_pointer, - krb5_data *)); -krb5_error_code krb5_write_message - KRB5_PROTOTYPE((krb5_context, - krb5_pointer, - krb5_data *)); +krb5_error_code krb5_read_message + KRB5_PROTOTYPE((krb5_context, + krb5_pointer, + krb5_data *)); +krb5_error_code krb5_write_message + KRB5_PROTOTYPE((krb5_context, + krb5_pointer, + krb5_data *)); + +krb5_error_code krb5_os_init_context + KRB5_PROTOTYPE((krb5_context)); + +void krb5_os_free_context + KRB5_PROTOTYPE((krb5_context)); + +krb5_error_code krb5_find_config_files + KRB5_PROTOTYPE(()); + +krb5_error_code krb5_make_fulladdr + KRB5_PROTOTYPE((krb5_context, + krb5_address *, + krb5_address *, + krb5_address *)); + +/* in here to deal with stuff from lib/crypto/os */ + +krb5_error_code krb5_crypto_os_localaddr + KRB5_PROTOTYPE((krb5_address ***)); + +krb5_error_code krb5_crypto_us_timeofday + KRB5_PROTOTYPE((krb5_int32 *, + krb5_int32 *)); + +time_t gmt_mktime KRB5_PROTOTYPE((struct tm *)); + +#endif /* KRB5_LIBOS_PROTO__ */ +/* + * End "los-proto.h" + */ + +/* + * Include the KDB definitions. + */ +#include "kdb.h" +#include "kdb_dbm.h" + +/* + * Begin "libos.h" + */ +#ifndef KRB5_LIBOS__ +#define KRB5_LIBOS__ + +typedef struct _krb5_os_context { + krb5_magic magic; +} *krb5_os_context; + +/* lock mode flags */ +#define KRB5_LOCKMODE_SHARED 0x0001 +#define KRB5_LOCKMODE_EXCLUSIVE 0x0002 +#define KRB5_LOCKMODE_DONTBLOCK 0x0004 +#define KRB5_LOCKMODE_UNLOCK 0x0008 + +#endif /* KRB5_LIBOS__ */ +/* + * End "libos.h" + */ + +/* + * Define our view of the size of a DES key. + */ +#define KRB5_MIT_DES_KEYSIZE 8 +/* + * Check if des_int.h has been included before us. If so, then check to see + * that our view of the DES key size is the same as des_int.h's. + */ +#ifdef MIT_DES_KEYSIZE +#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE +error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) +#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ +#endif /* MIT_DES_KEYSIZE */ + +/* + * Begin "preauth.h" + * + * (Originally written by Glen Machin at Sandia Labs.) + */ +/* + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for + * any purpose. It is provided "as is" without express or implied warranty. + * + */ +#ifndef KRB5_PREAUTH__ +#define KRB5_PREAUTH__ + +#define MAX_PREAUTH_SIZE 20 /* Maximum size of PreAuthenticator.data */ + +/* + * Note: these typedefs are subject to change.... [tytso:19920903.1609EDT] + */ +typedef krb5_error_code (krb5_preauth_obtain_proc) + KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, + krb5_pa_data *pa_data)); + +typedef krb5_error_code (krb5_preauth_verify_proc) + KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, + krb5_data *data)); + +typedef struct _krb5_preauth_ops { + krb5_magic magic; + int type; + int flags; + krb5_preauth_obtain_proc *obtain; + krb5_preauth_verify_proc *verify; +} krb5_preauth_ops; + +/* + * Preauthentication property flags + */ +#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001 +#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002 + +#if 0 +krb5_error_code get_random_padata + KRB5_PROTOTYPE((krb5_principal client, krb5_address **src_addr, + krb5_pa_data *data)); + +krb5_error_code verify_random_padata + KRB5_PROTOTYPE((krb5_principal client, krb5_address **src_addr, + krb5_data *data)); +#endif + +krb5_error_code get_unixtime_padata + KRB5_PROTOTYPE((krb5_context, krb5_principal client, + krb5_address **src_addr, krb5_pa_data *data)); + +krb5_error_code verify_unixtime_padata + KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, + krb5_data *data)); + +krb5_error_code get_securid_padata + KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, + krb5_pa_data *data)); + +krb5_error_code verify_securid_padata + KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, + krb5_data *data)); + +#endif /* KRB5_PREAUTH__ */ +/* + * End "preauth.h" + */ + +/* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ +#if !defined(_MACINTOSH) +#include "profile.h" +#else +typedef unsigned long profile_t; +#endif + +struct _krb5_context { + krb5_magic magic; + krb5_enctype FAR *etypes; + int etype_count; + void FAR *os_context; + char FAR *default_realm; + profile_t profile; + void FAR *db_context; +}; + +/* + * Begin "asn1.h" + */ +#ifndef KRB5_ASN1__ +#define KRB5_ASN1__ + +/* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */ +/* here we use some knowledge of ASN.1 encodings */ +/* + Ticket is APPLICATION 1. + Authenticator is APPLICATION 2. + AS_REQ is APPLICATION 10. + AS_REP is APPLICATION 11. + TGS_REQ is APPLICATION 12. + TGS_REP is APPLICATION 13. + AP_REQ is APPLICATION 14. + AP_REP is APPLICATION 15. + KRB_SAFE is APPLICATION 20. + KRB_PRIV is APPLICATION 21. + KRB_CRED is APPLICATION 22. + EncASRepPart is APPLICATION 25. + EncTGSRepPart is APPLICATION 26. + EncAPRepPart is APPLICATION 27. + EncKrbPrivPart is APPLICATION 28. + EncKrbCredPart is APPLICATION 29. + KRB_ERROR is APPLICATION 30. + */ +/* allow either constructed or primitive encoding, so check for bit 6 + set or reset */ +#define krb5_is_krb_ticket(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\ + (dat)->data[0] == 0x41)) +#define krb5_is_krb_authenticator(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\ + (dat)->data[0] == 0x42)) +#define krb5_is_as_req(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\ + (dat)->data[0] == 0x4a)) +#define krb5_is_as_rep(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\ + (dat)->data[0] == 0x4b)) +#define krb5_is_tgs_req(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\ + (dat)->data[0] == 0x4c)) +#define krb5_is_tgs_rep(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\ + (dat)->data[0] == 0x4d)) +#define krb5_is_ap_req(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\ + (dat)->data[0] == 0x4e)) +#define krb5_is_ap_rep(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\ + (dat)->data[0] == 0x4f)) +#define krb5_is_krb_safe(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\ + (dat)->data[0] == 0x54)) +#define krb5_is_krb_priv(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\ + (dat)->data[0] == 0x55)) +#define krb5_is_krb_cred(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\ + (dat)->data[0] == 0x56)) +#define krb5_is_krb_enc_as_rep_part(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\ + (dat)->data[0] == 0x59)) +#define krb5_is_krb_enc_tgs_rep_part(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\ + (dat)->data[0] == 0x5a)) +#define krb5_is_krb_enc_ap_rep_part(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\ + (dat)->data[0] == 0x5b)) +#define krb5_is_krb_enc_krb_priv_part(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\ + (dat)->data[0] == 0x5c)) +#define krb5_is_krb_enc_krb_cred_part(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\ + (dat)->data[0] == 0x5d)) +#define krb5_is_krb_error(dat)\ + ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\ + (dat)->data[0] == 0x5e)) + +/************************************************************************* + * Prototypes for krb5_encode.c + *************************************************************************/ + +/* + krb5_error_code encode_krb5_structure(const krb5_structure *rep, + krb5_data **code); + modifies *code + effects Returns the ASN.1 encoding of *rep in **code. + Returns ASN1_MISSING_FIELD if a required field is emtpy in *rep. + Returns ENOMEM if memory runs out. +*/ + +krb5_error_code encode_krb5_authenticator + KRB5_PROTOTYPE((const krb5_authenticator *rep, krb5_data **code)); + +krb5_error_code encode_krb5_ticket + KRB5_PROTOTYPE((const krb5_ticket *rep, krb5_data **code)); + +krb5_error_code encode_krb5_encryption_key + KRB5_PROTOTYPE((const krb5_keyblock *rep, krb5_data **code)); + +krb5_error_code encode_krb5_enc_tkt_part + KRB5_PROTOTYPE((const krb5_enc_tkt_part *rep, krb5_data **code)); + +krb5_error_code encode_krb5_enc_kdc_rep_part + KRB5_PROTOTYPE((const krb5_enc_kdc_rep_part *rep, krb5_data **code)); + +/* yes, the translation is identical to that used for KDC__REP */ +krb5_error_code encode_krb5_as_rep + KRB5_PROTOTYPE((const krb5_kdc_rep *rep, krb5_data **code)); + +/* yes, the translation is identical to that used for KDC__REP */ +krb5_error_code encode_krb5_tgs_rep + KRB5_PROTOTYPE((const krb5_kdc_rep *rep, krb5_data **code)); + +krb5_error_code encode_krb5_ap_req + KRB5_PROTOTYPE((const krb5_ap_req *rep, krb5_data **code)); + +krb5_error_code encode_krb5_ap_rep + KRB5_PROTOTYPE((const krb5_ap_rep *rep, krb5_data **code)); -krb5_error_code krb5_os_init_context - KRB5_PROTOTYPE((krb5_context)); +krb5_error_code encode_krb5_ap_rep_enc_part + KRB5_PROTOTYPE((const krb5_ap_rep_enc_part *rep, krb5_data **code)); -void krb5_os_free_context - KRB5_PROTOTYPE((krb5_context)); +krb5_error_code encode_krb5_as_req + KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code)); -krb5_error_code krb5_find_config_files - KRB5_PROTOTYPE(()); +krb5_error_code encode_krb5_tgs_req + KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code)); -krb5_error_code krb5_make_fulladdr - KRB5_PROTOTYPE((krb5_context, - krb5_address *, - krb5_address *, - krb5_address *)); +krb5_error_code encode_krb5_kdc_req_body + KRB5_PROTOTYPE((const krb5_kdc_req *rep, krb5_data **code)); -/* in here to deal with stuff from lib/crypto/os */ +krb5_error_code encode_krb5_safe + KRB5_PROTOTYPE((const krb5_safe *rep, krb5_data **code)); -krb5_error_code krb5_crypto_os_localaddr - KRB5_PROTOTYPE((krb5_address ***)); +krb5_error_code encode_krb5_priv + KRB5_PROTOTYPE((const krb5_priv *rep, krb5_data **code)); -krb5_error_code krb5_crypto_us_timeofday - KRB5_PROTOTYPE((krb5_int32 *, - krb5_int32 *)); +krb5_error_code encode_krb5_enc_priv_part + KRB5_PROTOTYPE((const krb5_priv_enc_part *rep, krb5_data **code)); -time_t gmt_mktime KRB5_PROTOTYPE((struct tm *)); +krb5_error_code encode_krb5_cred + KRB5_PROTOTYPE((const krb5_cred *rep, krb5_data **code)); -#endif /* KRB5_LIBOS_PROTO__ */ -/* - * End "los-proto.h" - */ +krb5_error_code encode_krb5_enc_cred_part + KRB5_PROTOTYPE((const krb5_cred_enc_part *rep, krb5_data **code)); -/* - * Include the KDB definitions. - */ -#include "kdb.h" -#include "kdb_dbm.h" +krb5_error_code encode_krb5_error + KRB5_PROTOTYPE((const krb5_error *rep, krb5_data **code)); -/* - * Begin "libos.h" - */ -#ifndef KRB5_LIBOS__ -#define KRB5_LIBOS__ +krb5_error_code encode_krb5_authdata + KRB5_PROTOTYPE((const krb5_authdata **rep, krb5_data **code)); -typedef struct _krb5_os_context { - krb5_magic magic; -} *krb5_os_context; +krb5_error_code encode_krb5_pwd_sequence + KRB5_PROTOTYPE((const passwd_phrase_element *rep, krb5_data **code)); -/* lock mode flags */ -#define KRB5_LOCKMODE_SHARED 0x0001 -#define KRB5_LOCKMODE_EXCLUSIVE 0x0002 -#define KRB5_LOCKMODE_DONTBLOCK 0x0004 -#define KRB5_LOCKMODE_UNLOCK 0x0008 +krb5_error_code encode_krb5_pwd_data + KRB5_PROTOTYPE((const krb5_pwd_data *rep, krb5_data **code)); -#endif /* KRB5_LIBOS__ */ -/* - * End "libos.h" - */ +krb5_error_code encode_krb5_padata_sequence + KRB5_PROTOTYPE((const krb5_pa_data ** rep, krb5_data **code)); -/* - * Define our view of the size of a DES key. - */ -#define KRB5_MIT_DES_KEYSIZE 8 -/* - * Check if des_int.h has been included before us. If so, then check to see - * that our view of the DES key size is the same as des_int.h's. - */ -#ifdef MIT_DES_KEYSIZE -#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE -error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) -#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ -#endif /* MIT_DES_KEYSIZE */ +krb5_error_code encode_krb5_alt_method + KRB5_PROTOTYPE((const krb5_alt_method *, krb5_data **code)); -/* - * Begin "preauth.h" - * - * (Originally written by Glen Machin at Sandia Labs.) - */ -/* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for - * any purpose. It is provided "as is" without express or implied warranty. - * - */ -#ifndef KRB5_PREAUTH__ -#define KRB5_PREAUTH__ +krb5_error_code encode_krb5_etype_info + KRB5_PROTOTYPE((const krb5_etype_info_entry **, krb5_data **code)); -#define MAX_PREAUTH_SIZE 20 /* Maximum size of PreAuthenticator.data */ +/************************************************************************* + * End of prototypes for krb5_encode.c + *************************************************************************/ + + +/************************************************************************* + * Prototypes for krb5_decode.c + *************************************************************************/ /* - * Note: these typedefs are subject to change.... [tytso:19920903.1609EDT] - */ -typedef krb5_error_code (krb5_preauth_obtain_proc) - KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, - krb5_pa_data *pa_data)); + krb5_error_code decode_krb5_structure(const krb5_data *code, + krb5_structure **rep); + + requires Expects **rep to not have been allocated; + a new *rep is allocated regardless of the old value. + effects Decodes *code into **rep. + Returns ENOMEM if memory is exhausted. + Returns asn1 and krb5 errors. +*/ -typedef krb5_error_code (krb5_preauth_verify_proc) - KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, - krb5_data *data)); +krb5_error_code decode_krb5_authenticator + KRB5_PROTOTYPE((const krb5_data *code, krb5_authenticator **rep)); -typedef struct _krb5_preauth_ops { - krb5_magic magic; - int type; - int flags; - krb5_preauth_obtain_proc *obtain; - krb5_preauth_verify_proc *verify; -} krb5_preauth_ops; +krb5_error_code decode_krb5_ticket + KRB5_PROTOTYPE((const krb5_data *code, krb5_ticket **rep)); -/* - * Preauthentication property flags - */ -#define KRB5_PREAUTH_FLAGS_ENCRYPT 0x00000001 -#define KRB5_PREAUTH_FLAGS_HARDWARE 0x00000002 +krb5_error_code decode_krb5_encryption_key + KRB5_PROTOTYPE((const krb5_data *output, krb5_keyblock **rep)); -#if 0 -krb5_error_code get_random_padata - KRB5_PROTOTYPE((krb5_principal client, krb5_address **src_addr, - krb5_pa_data *data)); +krb5_error_code decode_krb5_enc_tkt_part + KRB5_PROTOTYPE((const krb5_data *output, krb5_enc_tkt_part **rep)); -krb5_error_code verify_random_padata - KRB5_PROTOTYPE((krb5_principal client, krb5_address **src_addr, - krb5_data *data)); -#endif +krb5_error_code decode_krb5_enc_kdc_rep_part + KRB5_PROTOTYPE((const krb5_data *output, krb5_enc_kdc_rep_part **rep)); -krb5_error_code get_unixtime_padata - KRB5_PROTOTYPE((krb5_context, krb5_principal client, - krb5_address **src_addr, krb5_pa_data *data)); +krb5_error_code decode_krb5_as_rep + KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_rep **rep)); -krb5_error_code verify_unixtime_padata - KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, - krb5_data *data)); +krb5_error_code decode_krb5_tgs_rep + KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_rep **rep)); -krb5_error_code get_securid_padata - KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, - krb5_pa_data *data)); +krb5_error_code decode_krb5_ap_req + KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_req **rep)); -krb5_error_code verify_securid_padata - KRB5_PROTOTYPE((krb5_context, krb5_principal client, krb5_address **src_addr, - krb5_data *data)); +krb5_error_code decode_krb5_ap_rep + KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_rep **rep)); -#endif /* KRB5_PREAUTH__ */ +krb5_error_code decode_krb5_ap_rep_enc_part + KRB5_PROTOTYPE((const krb5_data *output, krb5_ap_rep_enc_part **rep)); + +krb5_error_code decode_krb5_as_req + KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep)); + +krb5_error_code decode_krb5_tgs_req + KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep)); + +krb5_error_code decode_krb5_kdc_req_body + KRB5_PROTOTYPE((const krb5_data *output, krb5_kdc_req **rep)); + +krb5_error_code decode_krb5_safe + KRB5_PROTOTYPE((const krb5_data *output, krb5_safe **rep)); + +krb5_error_code decode_krb5_priv + KRB5_PROTOTYPE((const krb5_data *output, krb5_priv **rep)); + +krb5_error_code decode_krb5_enc_priv_part + KRB5_PROTOTYPE((const krb5_data *output, krb5_priv_enc_part **rep)); + +krb5_error_code decode_krb5_cred + KRB5_PROTOTYPE((const krb5_data *output, krb5_cred **rep)); + +krb5_error_code decode_krb5_enc_cred_part + KRB5_PROTOTYPE((const krb5_data *output, krb5_cred_enc_part **rep)); + +krb5_error_code decode_krb5_error + KRB5_PROTOTYPE((const krb5_data *output, krb5_error **rep)); + +krb5_error_code decode_krb5_authdata + KRB5_PROTOTYPE((const krb5_data *output, krb5_authdata ***rep)); + +krb5_error_code decode_krb5_pwd_sequence + KRB5_PROTOTYPE((const krb5_data *output, passwd_phrase_element **rep)); + +krb5_error_code decode_krb5_pwd_data + KRB5_PROTOTYPE((const krb5_data *output, krb5_pwd_data **rep)); + +krb5_error_code decode_krb5_padata_sequence + KRB5_PROTOTYPE((const krb5_data *output, krb5_pa_data ***rep)); + +krb5_error_code decode_krb5_alt_method + KRB5_PROTOTYPE((const krb5_data *output, krb5_alt_method **rep)); + +krb5_error_code decode_krb5_etype_info + KRB5_PROTOTYPE((const krb5_data *output, krb5_etype_info_entry ***rep)); + +/************************************************************************* + * End of prototypes for krb5_decode.c + *************************************************************************/ + +#endif /* KRB5_ASN1__ */ /* - * End "preauth.h" + * End "asn1.h" */ -/* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ -#if !defined(_MACINTOSH) -#include "profile.h" -#else -typedef unsigned long profile_t; -#endif - -struct _krb5_context { - krb5_magic magic; - krb5_enctype FAR *etypes; - int etype_count; - void FAR *os_context; - char FAR *default_realm; - profile_t profile; - void FAR *db_context; -}; #endif /* _KRB5_INT_H */ -- 2.26.2