src/lib/krb5/krb/int-proto.h

   1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
   2 /* lib/krb5/krb/int-proto.h - Prototypes for libkrb5 internal functions */
   3 /*
   4  * Copyright 1990,1991 the Massachusetts Institute of Technology.
   5  * All Rights Reserved.
   6  *
   7  * Export of this software from the United States of America may
   8  *   require a specific license from the United States Government.
   9  *   It is the responsibility of any person or organization contemplating
  10  *   export to obtain such a license before exporting.
  11  *
  12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  13  * distribute this software and its documentation for any purpose and
  14  * without fee is hereby granted, provided that the above copyright
  15  * notice appear in all copies and that both that copyright notice and
  16  * this permission notice appear in supporting documentation, and that
  17  * the name of M.I.T. not be used in advertising or publicity pertaining
  18  * to distribution of the software without specific, written prior
  19  * permission.  Furthermore if you modify this software you must label
  20  * your software as modified software and not distribute it in such a
  21  * fashion that it might be confused with the original M.I.T. software.
  22  * M.I.T. makes no representations about the suitability of
  23  * this software for any purpose.  It is provided "as is" without express
  24  * or implied warranty.
  25  */
  26
  27 #ifndef KRB5_INT_FUNC_PROTO__
  28 #define KRB5_INT_FUNC_PROTO__
  29
  30 struct krb5int_fast_request_state;
  31
  32 krb5_error_code
  33 krb5int_tgtname(krb5_context context, const krb5_data *, const krb5_data *,
  34                 krb5_principal *);
  35
  36 krb5_error_code
  37 krb5int_libdefault_boolean(krb5_context, const krb5_data *, const char *,
  38                            int *);
  39 krb5_error_code
  40 krb5int_libdefault_string(krb5_context context, const krb5_data *realm,
  41                           const char *option, char **ret_value);
  42
  43
  44 krb5_error_code krb5_ser_authdata_init (krb5_context);
  45 krb5_error_code krb5_ser_address_init (krb5_context);
  46 krb5_error_code krb5_ser_authenticator_init (krb5_context);
  47 krb5_error_code krb5_ser_checksum_init (krb5_context);
  48 krb5_error_code krb5_ser_keyblock_init (krb5_context);
  49 krb5_error_code krb5_ser_principal_init (krb5_context);
  50 krb5_error_code krb5_ser_authdata_context_init (krb5_context);
  51
  52 krb5_error_code
  53 krb5_preauth_supply_preauth_data(krb5_context context,
  54                                  krb5_gic_opt_ext *opte,
  55                                  const char *attr,
  56                                  const char *value);
  57
  58 krb5_error_code
  59 clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
  60                                      int min_ver, krb5_plugin_vtable vtable);
  61
  62 krb5_error_code
  63 clpreauth_encrypted_timestamp_initvt(krb5_context context, int maj_ver,
  64                                      int min_ver, krb5_plugin_vtable vtable);
  65
  66 krb5_error_code
  67 krb5int_construct_matching_creds(krb5_context context, krb5_flags options,
  68                                  krb5_creds *in_creds, krb5_creds *mcreds,
  69                                  krb5_flags *fields);
  70
  71 #define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew)
  72
  73 #define IS_TGS_PRINC(c, p)                                              \
  74     (krb5_princ_size((c), (p)) == 2 &&                                  \
  75      data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME))
  76
  77 krb5_error_code
  78 krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
  79                            krb5_flags kdcoptions, krb5_address *const *address,
  80                            krb5_pa_data **in_padata,
  81                            krb5_creds *in_cred,
  82                            krb5_error_code (*gcvt_fct)(krb5_context,
  83                                                        krb5_keyblock *,
  84                                                        krb5_kdc_req *,
  85                                                        void *),
  86                            void *gcvt_data,
  87                            krb5_pa_data ***out_padata,
  88                            krb5_pa_data ***enc_padata,
  89                            krb5_creds **out_cred,
  90                            krb5_keyblock **out_subkey);
  91
  92 krb5_error_code
  93 krb5int_make_tgs_request_ext(krb5_context context,
  94                              struct krb5int_fast_request_state *,
  95                              krb5_flags kdcoptions,
  96                              const krb5_ticket_times *timestruct,
  97                              const krb5_enctype *ktypes,
  98                              krb5_const_principal sname,
  99                              krb5_address *const *addrs,
 100                              krb5_authdata *const *authorization_data,
 101                              krb5_pa_data *const *padata,
 102                              const krb5_data *second_ticket,
 103                              krb5_creds *in_cred,
 104                              krb5_error_code (*pacb_fct)(krb5_context,
 105                                                          krb5_keyblock *,
 106                                                          krb5_kdc_req *,
 107                                                          void *),
 108                              void *pacb_data,
 109                              krb5_data *request_data,
 110                              krb5_timestamp *timestamp,
 111                              krb5_int32 *nonce,
 112                              krb5_keyblock **subkey);
 113
 114 krb5_error_code
 115 krb5int_make_tgs_request(krb5_context context,
 116                          struct krb5int_fast_request_state *,
 117                          krb5_creds *tkt,
 118                          krb5_flags kdcoptions,
 119                          krb5_address *const *address,
 120                          krb5_pa_data **in_padata,
 121                          krb5_creds *in_cred,
 122                          krb5_error_code (*pacb_fct)(krb5_context,
 123                                                      krb5_keyblock *,
 124                                                      krb5_kdc_req *,
 125                                                      void *),
 126                          void *pacb_data,
 127                          krb5_data *request_data,
 128                          krb5_timestamp *timestamp,
 129                          krb5_int32 *nonce,
 130                          krb5_keyblock **subkey);
 131
 132 krb5_error_code
 133 krb5int_process_tgs_reply(krb5_context context,
 134                           struct krb5int_fast_request_state *,
 135                           krb5_data *response_data,
 136                           krb5_creds *tkt,
 137                           krb5_flags kdcoptions,
 138                           krb5_address *const *address,
 139                           krb5_pa_data **in_padata,
 140                           krb5_creds *in_cred,
 141                           krb5_timestamp timestamp,
 142                           krb5_int32 nonce,
 143                           krb5_keyblock *subkey,
 144                           krb5_pa_data ***out_padata,
 145                           krb5_pa_data ***out_enc_padata,
 146                           krb5_creds **out_cred);
 147
 148 /* The subkey field is an output parameter; if a
 149  * tgs-rep is received then the subkey will be filled
 150  * in with the subkey needed to decrypt the TGS
 151  * response. Otherwise it will be set to null.
 152  */
 153 krb5_error_code krb5int_decode_tgs_rep(krb5_context,
 154                                        struct krb5int_fast_request_state *,
 155                                        krb5_data *,
 156                                        const krb5_keyblock *, krb5_keyusage,
 157                                        krb5_kdc_rep ** );
 158
 159 /* Utility functions for zero-terminated enctype lists. */
 160 size_t krb5int_count_etypes(const krb5_enctype *list);
 161 krb5_error_code krb5int_copy_etypes(const krb5_enctype *old_list,
 162                                     krb5_enctype **new_list);
 163
 164 krb5_error_code
 165 krb5int_validate_times(krb5_context, krb5_ticket_times *);
 166
 167 krb5_error_code
 168 krb5int_copy_authdatum(krb5_context, const krb5_authdata *, krb5_authdata **);
 169
 170 krb5_boolean
 171 k5_privsafe_check_seqnum(krb5_context ctx, krb5_auth_context ac,
 172                          krb5_ui_4 in_seq);
 173
 174 krb5_error_code
 175 k5_privsafe_check_addrs(krb5_context context, krb5_auth_context ac,
 176                         krb5_address *msg_s_addr, krb5_address *msg_r_addr);
 177
 178 krb5_error_code
 179 krb5int_mk_chpw_req(krb5_context context, krb5_auth_context auth_context,
 180                     krb5_data *ap_req, char *passwd, krb5_data *packet);
 181
 182 krb5_error_code
 183 krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
 184                     krb5_data *packet, int *result_code,
 185                     krb5_data *result_data);
 186
 187 krb5_error_code KRB5_CALLCONV
 188 krb5_chpw_result_code_string(krb5_context context, int result_code,
 189                              char **result_codestr);
 190
 191 krb5_error_code
 192 krb5int_mk_setpw_req(krb5_context context, krb5_auth_context auth_context,
 193                      krb5_data *ap_req, krb5_principal targetprinc,
 194                      char *passwd, krb5_data *packet);
 195
 196 void
 197 k5_ccselect_free_context(krb5_context context);
 198
 199 #endif /* KRB5_INT_FUNC_PROTO__ */