From 7b9c4c5e4fe85f4c669c37fedf1bc613482d2edb Mon Sep 17 00:00:00 2001 From: John Gilmore Date: Tue, 28 Feb 1995 07:56:00 +0000 Subject: [PATCH] * k5-int.h: Remove commented-out and . * krb5.h: Same as old krb5/krb5.h, as a start. Gradually things that don't need to be exported will be moved from krb5.h into k5-int.h (and vice verse for e.g. function prototypes). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5003 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/ChangeLog | 7 + src/include/k5-int.h | 9 +- src/include/krb5.h | 352 ++++++++++++++++++++++++++++++++++++++---- 3 files changed, 336 insertions(+), 32 deletions(-) diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 3f5fb4592..71dbb7977 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,10 @@ +Wed Feb 22 18:31:12 1995 John Gilmore (gnu at toad.com) + + * k5-int.h: Remove commented-out and . + * krb5.h: Same as old krb5/krb5.h, as a start. Gradually things + that don't need to be exported will be moved from krb5.h into + k5-int.h (and vice verse for e.g. function prototypes). + Wed Jan 25 19:19:38 1995 John Gilmore (gnu at toad.com) Make it possible to #include "..." without using slashes, diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 8280bf8a3..4580abbf0 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1,12 +1,13 @@ /* * This prototype for k5-int.h (Krb5 internals include file) - * simply includes every file - * in the lower krb5 directory, more or less. + * includes the user-visible definitions from krb5.h and then + * includes other definitions that are not user-visible but are + * required for compiling Kerberos internal routines. * * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995 */ -#include "krb5/krb5.h" +#include "krb5.h" /* krb5/krb5.h includes many other krb5/*.h files too. The ones that it doesn't include, we include below. */ @@ -22,11 +23,9 @@ #include "krb5/libos.h" #include "krb5/los-proto.h" #include "krb5/mit-des.h" -/* #include "krb5/narrow.h" -- used in encryption.h and others, custom usage */ #include "krb5/preauth.h" /* #include "krb5/rsa-md4.h" -- removed from krb5 to lib/crypto/md4 */ #include "krb5/rsa-md5.h" /* #include "krb5/stock" */ #include "krb5/sysincl.h" -/* #include "krb5/widen.h" -- used in encryption.h, custom usage. */ /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ diff --git a/src/include/krb5.h b/src/include/krb5.h index 15bffb5ef..4452f9556 100644 --- a/src/include/krb5.h +++ b/src/include/krb5.h @@ -1,31 +1,329 @@ /* - * This prototype for a globally useful krb5.h simply includes every file - * in the lower krb5 directory, in alphabetical order. + * include/krb5.h * - * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995 + * Copyright 1989,1990,1995 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * General definitions for Kerberos version 5. */ -#include "krb5/krb5.h" - -/* krb5/krb5.h includes many other krb5/*.h files too. The ones that it - doesn't include, we include below. */ - -#include "krb5/adm_defs.h" -#include "krb5/asn1.h" -#include "krb5/copyright.h" -/* #include "krb5/crc-32.h" -- removed from krb5 to lib/crypto/crc32 */ -#include "krb5/dbm.h" -#include "krb5/ext-proto.h" -#include "krb5/kdb.h" -#include "krb5/kdb_dbm.h" -#include "krb5/libos.h" -#include "krb5/los-proto.h" -#include "krb5/mit-des.h" -/* #include "krb5/narrow.h" -- used in encryption.h and others, custom usage */ -#include "krb5/preauth.h" -/* #include "krb5/rsa-md4.h" -- removed from krb5 to lib/crypto/md4 */ -#include "krb5/rsa-md5.h" -/* #include "krb5/stock" */ -#include "krb5/sysincl.h" -/* #include "krb5/widen.h" -- used in encryption.h, custom usage. */ -/* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ +#ifndef KRB5_GENERAL__ +#define KRB5_GENERAL__ + +#ifndef KRB5_SYSTYPES__ +#define KRB5_SYSTYPES__ +#include +#endif /* KRB5_SYSTYPES__ */ + +#include "k5-config.h" + +#include "base-defs.h" +#include "hostaddr.h" + +typedef struct _krb5_context { + krb5_magic magic; + krb5_enctype * etypes; + int etype_count; + void * os_context; +} * krb5_context; + +#include "encryption.h" +#include "fieldbits.h" +#include "errors.h" +#include "proto.h" +#include "macros.h" +#include "error_def.h" + +/* Time set */ +typedef struct _krb5_ticket_times { + krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime + in ticket? otherwise client can't get this */ + krb5_timestamp starttime; /* optional in ticket, if not present, + use authtime */ + krb5_timestamp endtime; + krb5_timestamp renew_till; +} krb5_ticket_times; + +/* structure for auth data */ +typedef struct _krb5_authdata { + krb5_magic magic; + krb5_authdatatype ad_type; + int length; + krb5_octet *contents; +} krb5_authdata; + +/* structure for transited encoding */ +typedef struct _krb5_transited { + krb5_magic magic; + krb5_octet tr_type; + krb5_data tr_contents; +} krb5_transited; + +typedef struct _krb5_enc_tkt_part { + krb5_magic magic; + /* to-be-encrypted portion */ + krb5_flags flags; /* flags */ + krb5_keyblock *session; /* session key: includes keytype */ + krb5_principal client; /* client name/realm */ + krb5_transited transited; /* list of transited realms */ + krb5_ticket_times times; /* auth, start, end, renew_till */ + krb5_address **caddrs; /* array of ptrs to addresses */ + krb5_authdata **authorization_data; /* auth data */ +} krb5_enc_tkt_part; + +typedef struct _krb5_ticket { + krb5_magic magic; + /* cleartext portion */ + krb5_principal server; /* server name/realm */ + krb5_enc_data enc_part; /* encryption type, kvno, encrypted + encoding */ + krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if + available */ +} krb5_ticket; + +/* the unencrypted version */ +typedef struct _krb5_authenticator { + krb5_magic magic; + krb5_principal client; /* client name/realm */ + krb5_checksum *checksum; /* checksum, includes type, optional */ + krb5_int32 cusec; /* client usec portion */ + krb5_timestamp ctime; /* client sec portion */ + krb5_keyblock *subkey; /* true session key, optional */ + krb5_int32 seq_number; /* sequence #, optional */ + krb5_authdata **authorization_data; /* New add by Ari, auth data */ +} krb5_authenticator; + +typedef struct _krb5_tkt_authent { + krb5_magic magic; + krb5_ticket *ticket; + krb5_authenticator *authenticator; + krb5_flags ap_options; +} krb5_tkt_authent; + +/* credentials: Ticket, session key, etc. */ +typedef struct _krb5_creds { + krb5_magic magic; + krb5_principal client; /* client's principal identifier */ + krb5_principal server; /* server's principal identifier */ + krb5_keyblock keyblock; /* session encryption key info */ + krb5_ticket_times times; /* lifetime info */ + krb5_boolean is_skey; /* true if ticket is encrypted in + another ticket's skey */ + krb5_flags ticket_flags; /* flags in ticket */ + krb5_address **addresses; /* addrs in ticket */ + krb5_data ticket; /* ticket string itself */ + krb5_data second_ticket; /* second ticket, if related to + ticket (via DUPLICATE-SKEY or + ENC-TKT-IN-SKEY) */ + krb5_authdata **authdata; /* authorization data */ +} krb5_creds; + +/* Last request fields */ +typedef struct _krb5_last_req_entry { + krb5_magic magic; + krb5_octet lr_type; + krb5_timestamp value; +} krb5_last_req_entry; + +/* pre-authentication data */ +typedef struct _krb5_pa_data { + krb5_magic magic; + krb5_ui_2 pa_type; + int length; + krb5_octet *contents; +} krb5_pa_data; + +typedef struct _krb5_kdc_req { + krb5_magic magic; + krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */ + krb5_pa_data **padata; /* e.g. encoded AP_REQ */ + /* real body */ + krb5_flags kdc_options; /* requested options */ + krb5_principal client; /* includes realm; optional */ + krb5_principal server; /* includes realm (only used if no + client) */ + krb5_timestamp from; /* requested starttime */ + krb5_timestamp till; /* requested endtime */ + krb5_timestamp rtime; /* (optional) requested renew_till */ + krb5_int32 nonce; /* nonce to match request/response */ + int netypes; /* # of etypes, must be positive */ + krb5_enctype *etype; /* requested encryption type(s) */ + krb5_address **addresses; /* requested addresses, optional */ + krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */ + krb5_authdata **unenc_authdata; /* unencrypted auth data, + if available */ + krb5_ticket **second_ticket; /* second ticket array; OPTIONAL */ +} krb5_kdc_req; + +typedef struct _krb5_enc_kdc_rep_part { + krb5_magic magic; + /* encrypted part: */ + krb5_msgtype msg_type; /* krb5 message type */ + krb5_keyblock *session; /* session key */ + krb5_last_req_entry **last_req; /* array of ptrs to entries */ + krb5_int32 nonce; /* nonce from request */ + krb5_timestamp key_exp; /* expiration date */ + krb5_flags flags; /* ticket flags */ + krb5_ticket_times times; /* lifetime info */ + krb5_principal server; /* server's principal identifier */ + krb5_address **caddrs; /* array of ptrs to addresses, + optional */ +} krb5_enc_kdc_rep_part; + +typedef struct _krb5_kdc_rep { + krb5_magic magic; + /* cleartext part: */ + krb5_msgtype msg_type; /* AS_REP or KDC_REP? */ + krb5_pa_data **padata; /* preauthentication data from KDC */ + krb5_principal client; /* client's principal identifier */ + krb5_ticket *ticket; /* ticket */ + krb5_enc_data enc_part; /* encryption type, kvno, encrypted + encoding */ + krb5_enc_kdc_rep_part *enc_part2; /* unencrypted version, if available */ +} krb5_kdc_rep; + +/* error message structure */ +typedef struct _krb5_error { + krb5_magic magic; + /* some of these may be meaningless in certain contexts */ + krb5_timestamp ctime; /* client sec portion; optional */ + krb5_int32 cusec; /* client usec portion; optional */ + krb5_int32 susec; /* server usec portion */ + krb5_timestamp stime; /* server sec portion */ + krb5_ui_4 error; /* error code (protocol error #'s) */ + krb5_principal client; /* client's principal identifier; + optional */ + krb5_principal server; /* server's principal identifier */ + krb5_data text; /* descriptive text */ + krb5_data e_data; /* additional error-describing data */ +} krb5_error; + +typedef struct _krb5_ap_req { + krb5_magic magic; + krb5_flags ap_options; /* requested options */ + krb5_ticket *ticket; /* ticket */ + krb5_enc_data authenticator; /* authenticator (already encrypted) */ +} krb5_ap_req; + +typedef struct _krb5_ap_rep { + krb5_magic magic; + krb5_enc_data enc_part; +} krb5_ap_rep; + +typedef struct _krb5_ap_rep_enc_part { + krb5_magic magic; + krb5_timestamp ctime; /* client time, seconds portion */ + krb5_int32 cusec; /* client time, microseconds portion */ + krb5_keyblock *subkey; /* true session key, optional */ + krb5_int32 seq_number; /* sequence #, optional */ +} krb5_ap_rep_enc_part; + +typedef struct _krb5_response { + krb5_magic magic; + krb5_octet message_type; + krb5_data response; +} krb5_response; + +typedef struct _krb5_safe { + krb5_magic magic; + krb5_data user_data; /* user data */ + krb5_timestamp timestamp; /* client time, optional */ + krb5_int32 usec; /* microsecond portion of time, + optional */ + krb5_int32 seq_number; /* sequence #, optional */ + krb5_address *s_address; /* sender address */ + krb5_address *r_address; /* recipient address, optional */ + krb5_checksum *checksum; /* data integrity checksum */ +} krb5_safe; + +typedef struct _krb5_priv { + krb5_magic magic; + krb5_enc_data enc_part; /* encrypted part */ +} krb5_priv; + +typedef struct _krb5_priv_enc_part { + krb5_magic magic; + krb5_data user_data; /* user data */ + krb5_timestamp timestamp; /* client time, optional */ + krb5_int32 usec; /* microsecond portion of time, opt. */ + krb5_int32 seq_number; /* sequence #, optional */ + krb5_address *s_address; /* sender address */ + krb5_address *r_address; /* recipient address, optional */ +} krb5_priv_enc_part; + +typedef struct _krb5_cred_info { + krb5_magic magic; + krb5_keyblock* session; /* session key used to encrypt */ + /* ticket */ + krb5_principal client; /* client name/realm, optional */ + krb5_principal server; /* server name/realm, optional */ + krb5_flags flags; /* ticket flags, optional */ + krb5_ticket_times times; /* auth, start, end, renew_till, */ + /* optional */ + krb5_address **caddrs; /* array of ptrs to addresses */ +} krb5_cred_info; + +typedef struct _krb5_cred_enc_part { + krb5_magic magic; + krb5_int32 nonce; /* nonce, optional */ + krb5_timestamp timestamp; /* client time */ + krb5_int32 usec; /* microsecond portion of time */ + krb5_address *s_address; /* sender address, optional */ + krb5_address *r_address; /* recipient address, optional */ + krb5_cred_info **ticket_info; +} krb5_cred_enc_part; + +typedef struct _krb5_cred { + krb5_magic magic; + krb5_ticket **tickets; /* tickets */ + krb5_enc_data enc_part; /* encrypted part */ + krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/ +} krb5_cred; + +/* Sandia password generation structures */ +typedef struct _passwd_phrase_element { + krb5_magic magic; + krb5_data *passwd; + krb5_data *phrase; +} passwd_phrase_element; + +typedef struct _krb5_pwd_data { + krb5_magic magic; + int sequence_count; + passwd_phrase_element **element; +} krb5_pwd_data; + +/* these need to be here so the typedefs are available for the prototypes */ +#include "safepriv.h" +#include "ccache.h" +#include "rcache.h" +#include "keytab.h" +#include "func-proto.h" +#include "k5-free.h" + +/* The name of the Kerberos ticket granting service... and its size */ +#define KRB5_TGS_NAME "krbtgt" +#define KRB5_TGS_NAME_SIZE 6 + +/* flags for recvauth */ +#define KRB5_RECVAUTH_SKIP_VERSION 0x0001 +#define KRB5_RECVAUTH_BADAUTHVERS 0x0002 + +#endif /* KRB5_GENERAL__ */ -- 2.26.2