183
181
/* Get string buffer support. */
184
182
#include "k5-buf.h"
184
/* Define tracing macros. */
185
#include "k5-trace.h"
186
187
/* cofiguration variables */
187
188
#define KRB5_CONF_ACL_FILE "acl_file"
188
#define KRB5_CONF_ADMIN_KEYTAB "admin_keytab"
189
189
#define KRB5_CONF_ADMIN_SERVER "admin_server"
190
190
#define KRB5_CONF_ALLOW_WEAK_CRYPTO "allow_weak_crypto"
191
191
#define KRB5_CONF_AP_REQ_CHECKSUM_TYPE "ap_req_checksum_type"
198
198
#define KRB5_CONF_DB_MODULE_DIR "db_module_dir"
199
199
#define KRB5_CONF_DEFAULT "default"
200
200
#define KRB5_CONF_DEFAULT_REALM "default_realm"
201
#define KRB5_CONF_DEFAULT_CCACHE_NAME "default_ccache_name"
202
#define KRB5_CONF_DEFAULT_CLIENT_KEYTAB_NAME "default_client_keytab_name"
201
203
#define KRB5_CONF_DEFAULT_DOMAIN "default_domain"
202
204
#define KRB5_CONF_DEFAULT_TKT_ENCTYPES "default_tkt_enctypes"
203
205
#define KRB5_CONF_DEFAULT_TGS_ENCTYPES "default_tgs_enctypes"
222
224
#define KRB5_CONF_IPROP_PORT "iprop_port"
223
225
#define KRB5_CONF_IPROP_SLAVE_POLL "iprop_slave_poll"
224
226
#define KRB5_CONF_IPROP_LOGFILE "iprop_logfile"
227
#define KRB5_CONF_IPROP_RESYNC_TIMEOUT "iprop_resync_timeout"
225
228
#define KRB5_CONF_K5LOGIN_AUTHORITATIVE "k5login_authoritative"
226
229
#define KRB5_CONF_K5LOGIN_DIRECTORY "k5login_directory"
227
230
#define KRB5_CONF_KADMIND_PORT "kadmind_port"
265
268
#define KRB5_CONF_REJECT_BAD_TRANSIT "reject_bad_transit"
266
269
#define KRB5_CONF_RENEW_LIFETIME "renew_lifetime"
267
270
#define KRB5_CONF_RESTRICT_ANONYMOUS_TO_TGT "restrict_anonymous_to_tgt"
271
#define KRB5_CONF_ASSUME_DES_CRC_SESSION "des_crc_session_supported"
268
272
#define KRB5_CONF_SAFE_CHECKSUM_TYPE "safe_checksum_type"
269
273
#define KRB5_CONF_SUPPORTED_ENCTYPES "supported_enctypes"
270
274
#define KRB5_CONF_TICKET_LIFETIME "ticket_lifetime"
273
277
#define KRB5_CONF_V4_INSTANCE_CONVERT "v4_instance_convert"
274
278
#define KRB5_CONF_V4_REALM "v4_realm"
275
279
#define KRB5_CONF_ASTERISK "*"
281
/* Cache configuration variables */
276
282
#define KRB5_CONF_FAST_AVAIL "fast_avail"
283
#define KRB5_CONF_PROXY_IMPERSONATOR "proxy_impersonator"
284
#define KRB5_CONF_REFRESH_TIME "refresh_time"
285
#define KRB5_CONF_PA_TYPE "pa_type"
286
#define KRB5_CONF_PA_CONFIG_DATA "pa_config_data"
278
288
/* Error codes used in KRB_ERROR protocol messages.
279
289
Return values of library routines are based on a different error table
377
387
to the IAKERB proxy */
380
* This structure is returned in the e-data field of the KRB-ERROR
381
* message when the error calling for an alternative form of
382
* authentication is returned, KRB_AP_METHOD.
384
typedef struct _krb5_alt_method {
392
390
* A null-terminated array of this structure is returned by the KDC as
393
391
* the data part of the ETYPE_INFO preauth type. It informs the
394
392
* client which encryption types are supported.
419
417
krb5_enctype *etypes;
420
418
} krb5_etype_list;
423
* a sam_challenge is returned for alternate preauth
426
SAMFlags ::= BIT STRING {
428
send-encrypted-sad[1],
429
must-pk-encrypt-sad[2]
433
PA-SAM-CHALLENGE ::= SEQUENCE {
435
sam-flags[1] SAMFlags,
436
sam-type-name[2] GeneralString OPTIONAL,
437
sam-track-id[3] GeneralString OPTIONAL,
438
sam-challenge-label[4] GeneralString OPTIONAL,
439
sam-challenge[5] GeneralString OPTIONAL,
440
sam-response-prompt[6] GeneralString OPTIONAL,
441
sam-pk-for-sad[7] EncryptionKey OPTIONAL,
442
sam-nonce[8] INTEGER OPTIONAL,
443
sam-cksum[9] Checksum OPTIONAL
446
420
/* sam_type values -- informational only */
447
421
#define PA_SAM_TYPE_ENIGMA 1 /* Enigma Logic */
448
422
#define PA_SAM_TYPE_DIGI_PATH 2 /* Digital Pathways */
459
433
#define PA_SAM_TYPE_GRAIL (PA_SAM_TYPE_EXP_BASE+0) /* testing */
460
434
#define PA_SAM_TYPE_SECURID_PREDICT (PA_SAM_TYPE_EXP_BASE+1) /* special */
462
typedef struct _krb5_predicted_sam_response {
464
krb5_keyblock sam_key;
465
krb5_flags sam_flags; /* Makes key munging easier */
466
krb5_timestamp stime; /* time on server, for replay detection */
468
krb5_principal client;
469
krb5_data msd; /* mechanism specific data */
470
} krb5_predicted_sam_response;
472
typedef struct _krb5_sam_challenge {
474
krb5_int32 sam_type; /* information */
475
krb5_flags sam_flags; /* KRB5_SAM_* values */
476
krb5_data sam_type_name;
477
krb5_data sam_track_id;
478
krb5_data sam_challenge_label;
479
krb5_data sam_challenge;
480
krb5_data sam_response_prompt;
481
krb5_data sam_pk_for_sad;
482
krb5_int32 sam_nonce;
483
krb5_checksum sam_cksum;
484
} krb5_sam_challenge;
486
typedef struct _krb5_sam_key { /* reserved for future use */
488
krb5_keyblock sam_key;
491
typedef struct _krb5_enc_sam_response_enc {
493
krb5_int32 sam_nonce;
494
krb5_timestamp sam_timestamp;
497
} krb5_enc_sam_response_enc;
499
typedef struct _krb5_sam_response {
501
krb5_int32 sam_type; /* informational */
502
krb5_flags sam_flags; /* KRB5_SAM_* values */
503
krb5_data sam_track_id; /* copied */
504
krb5_enc_data sam_enc_key; /* krb5_sam_key - future use */
505
krb5_enc_data sam_enc_nonce_or_ts; /* krb5_enc_sam_response_enc */
506
krb5_int32 sam_nonce;
507
krb5_timestamp sam_patimestamp;
510
436
typedef struct _krb5_sam_challenge_2 {
511
437
krb5_data sam_challenge_2_body;
512
438
krb5_checksum **sam_cksum; /* Array of checksums */
549
475
#include "k5-int-pkinit.h"
477
#define KRB5_OTP_FLAG_NEXTOTP 0x40000000
478
#define KRB5_OTP_FLAG_COMBINE 0x20000000
479
#define KRB5_OTP_FLAG_COLLECT_PIN 0x10000000
480
#define KRB5_OTP_FLAG_NO_COLLECT_PIN 0x08000000
481
#define KRB5_OTP_FLAG_ENCRYPT_NONCE 0x04000000
482
#define KRB5_OTP_FLAG_SEPARATE_PIN 0x02000000
483
#define KRB5_OTP_FLAG_CHECK_DIGIT 0x01000000
485
#define KRB5_OTP_FORMAT_DECIMAL 0x00000000
486
#define KRB5_OTP_FORMAT_HEXADECIMAL 0x00000001
487
#define KRB5_OTP_FORMAT_ALPHANUMERIC 0x00000002
488
#define KRB5_OTP_FORMAT_BINARY 0x00000003
489
#define KRB5_OTP_FORMAT_BASE64 0x00000004
491
typedef struct _krb5_otp_tokeninfo {
495
krb5_int32 length; /* -1 for unspecified */
496
krb5_int32 format; /* -1 for unspecified */
499
krb5_algorithm_identifier **supported_hash_alg;
500
krb5_int32 iteration_count; /* -1 for unspecified */
501
} krb5_otp_tokeninfo;
503
typedef struct _krb5_pa_otp_challenge {
506
krb5_otp_tokeninfo **tokeninfo;
509
} krb5_pa_otp_challenge;
511
typedef struct _krb5_pa_otp_req {
514
krb5_enc_data enc_data;
515
krb5_algorithm_identifier *hash_alg;
516
krb5_int32 iteration_count; /* -1 for unspecified */
522
krb5_int32 format; /* -1 for unspecified */
551
528
#include <stdlib.h>
552
529
#include <string.h>
750
737
char * default_ccname;
751
738
} *krb5_os_context;
740
/* Get the current time of day plus a specified offset. */
741
krb5_error_code k5_time_with_offset(krb5_timestamp offset,
742
krb5_int32 offset_usec,
743
krb5_timestamp *time_out,
744
krb5_int32 *usec_out);
754
747
* Flags for the os_flags field
806
799
#include <krb5/preauth_plugin.h>
801
typedef struct k5_response_items_st k5_response_items;
802
struct krb5_responder_context_st {
803
k5_response_items *items;
808
806
typedef krb5_error_code
809
807
(*krb5_gic_get_as_key_fct)(krb5_context, krb5_principal, krb5_enctype,
810
808
krb5_prompter_fct, void *prompter_data,
811
809
krb5_data *salt, krb5_data *s2kparams,
812
krb5_keyblock *as_key, void *gak_data);
814
#define CLIENT_ROCK_MAGIC 0x4352434b
816
* This structure is passed into the clpreauth methods and passed back to
817
* clpreauth callbacks so that they can locate the requested information. It
818
* is opaque to the plugin code and can be expanded in the future as new types
819
* of requests are defined which may require other things to be passed through.
820
* All pointer fields are aliases and should not be freed.
822
struct krb5int_fast_request_state;
823
struct krb5_clpreauth_rock_st {
826
struct krb5int_fast_request_state *fast_state;
829
* These fields allow gak_fct to be called via the rock. The
830
* gak_fct and gak_data fields have an extra level of indirection
831
* since they can change in the init_creds context.
833
krb5_keyblock *as_key;
834
krb5_gic_get_as_key_fct *gak_fct;
837
krb5_data *s2kparams;
838
krb5_principal client;
839
krb5_prompter_fct prompter;
810
krb5_keyblock *as_key, void *gak_data,
811
k5_response_items *ritems);
843
813
typedef struct _krb5_pa_enc_ts {
844
814
krb5_timestamp patimestamp;
1084
1057
krb5int_get_init_creds(krb5_context context, krb5_creds *creds,
1085
1058
krb5_principal client, krb5_prompter_fct prompter,
1086
1059
void *prompter_data, krb5_deltat start_time,
1087
char *in_tkt_service, krb5_get_init_creds_opt *options,
1060
const char *in_tkt_service,
1061
krb5_get_init_creds_opt *options,
1088
1062
krb5_gic_get_as_key_fct gak, void *gak_data,
1089
1063
int *master, krb5_kdc_rep **as_reply);
1123
1097
void KRB5_CALLCONV krb5_preauth_request_context_fini(krb5_context);
1125
1099
void KRB5_CALLCONV
1126
krb5_free_sam_challenge(krb5_context, krb5_sam_challenge *);
1129
1100
krb5_free_sam_challenge_2(krb5_context, krb5_sam_challenge_2 *);
1131
1102
void KRB5_CALLCONV
1132
1103
krb5_free_sam_challenge_2_body(krb5_context, krb5_sam_challenge_2_body *);
1134
1105
void KRB5_CALLCONV
1135
krb5_free_sam_response(krb5_context, krb5_sam_response *);
1138
1106
krb5_free_sam_response_2(krb5_context, krb5_sam_response_2 *);
1140
1108
void KRB5_CALLCONV
1141
krb5_free_predicted_sam_response(krb5_context, krb5_predicted_sam_response *);
1144
krb5_free_enc_sam_response_enc(krb5_context, krb5_enc_sam_response_enc *);
1147
1109
krb5_free_enc_sam_response_enc_2(krb5_context, krb5_enc_sam_response_enc_2 *);
1149
1111
void KRB5_CALLCONV
1150
krb5_free_sam_challenge_contents(krb5_context, krb5_sam_challenge *);
1153
1112
krb5_free_sam_challenge_2_contents(krb5_context, krb5_sam_challenge_2 *);
1155
1114
void KRB5_CALLCONV
1157
1116
krb5_sam_challenge_2_body *);
1159
1118
void KRB5_CALLCONV
1160
krb5_free_sam_response_contents(krb5_context, krb5_sam_response *);
1163
1119
krb5_free_sam_response_2_contents(krb5_context, krb5_sam_response_2 *);
1165
1121
void KRB5_CALLCONV
1166
krb5_free_predicted_sam_response_contents(krb5_context,
1167
krb5_predicted_sam_response * );
1170
krb5_free_enc_sam_response_enc_contents(krb5_context,
1171
krb5_enc_sam_response_enc * );
1174
1122
krb5_free_enc_sam_response_enc_2_contents(krb5_context,
1175
1123
krb5_enc_sam_response_enc_2 * );
1187
1135
krb5_free_pa_s4u_x509_user(krb5_context, krb5_pa_s4u_x509_user *);
1189
1137
void KRB5_CALLCONV
1190
krb5_free_pa_svr_referral_data(krb5_context, krb5_pa_svr_referral_data *);
1193
krb5_free_pa_server_referral_data(krb5_context,
1194
krb5_pa_server_referral_data * );
1197
1138
krb5_free_pa_pac_req(krb5_context, krb5_pa_pac_req * );
1199
1140
void KRB5_CALLCONV
1210
1151
void KRB5_CALLCONV krb5_free_iakerb_header(krb5_context, krb5_iakerb_header *);
1211
1152
void KRB5_CALLCONV krb5_free_iakerb_finished(krb5_context,
1212
1153
krb5_iakerb_finished *);
1154
void k5_free_algorithm_identifier(krb5_context context,
1155
krb5_algorithm_identifier *val);
1156
void k5_free_otp_tokeninfo(krb5_context context, krb5_otp_tokeninfo *val);
1157
void k5_free_pa_otp_challenge(krb5_context context,
1158
krb5_pa_otp_challenge *val);
1159
void k5_free_pa_otp_req(krb5_context context, krb5_pa_otp_req *val);
1214
1161
/* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
1215
1162
#include "com_err.h"
1388
1335
/* A list of plugin interface IDs. Make sure to increment
1389
* PLUGIN_NUM_INTERFACES when a new interface is added. */
1336
* PLUGIN_NUM_INTERFACES when a new interface is added, and add an entry to the
1337
* interface_names table in lib/krb5/krb/plugin.c. */
1390
1338
#define PLUGIN_INTERFACE_PWQUAL 0
1391
1339
#define PLUGIN_INTERFACE_KADM5_HOOK 1
1392
1340
#define PLUGIN_INTERFACE_CLPREAUTH 2
1664
1612
encode_krb5_authdata(krb5_authdata *const *rep, krb5_data **code);
1666
1614
krb5_error_code
1667
encode_krb5_authdata_elt(const krb5_authdata *rep, krb5_data **code);
1670
encode_krb5_pwd_sequence(const passwd_phrase_element *rep, krb5_data **code);
1673
encode_krb5_pwd_data(const krb5_pwd_data *rep, krb5_data **code);
1676
1615
encode_krb5_padata_sequence(krb5_pa_data *const *rep, krb5_data **code);
1678
1617
krb5_error_code
1679
encode_krb5_alt_method(const krb5_alt_method *, krb5_data **code);
1618
encode_krb5_typed_data(krb5_pa_data *const *rep, krb5_data **code);
1681
1620
krb5_error_code
1682
1621
encode_krb5_etype_info(krb5_etype_info_entry *const *, krb5_data **code);
1688
1627
encode_krb5_pa_enc_ts(const krb5_pa_enc_ts *, krb5_data **);
1690
1629
krb5_error_code
1691
encode_krb5_sam_challenge(const krb5_sam_challenge * , krb5_data **);
1694
encode_krb5_sam_key(const krb5_sam_key * , krb5_data **);
1697
encode_krb5_enc_sam_response_enc(const krb5_enc_sam_response_enc *,
1701
encode_krb5_sam_response(const krb5_sam_response *, krb5_data **);
1704
1630
encode_krb5_sam_challenge_2(const krb5_sam_challenge_2 * , krb5_data **);
1706
1632
krb5_error_code
1735
1657
encode_krb5_pa_s4u_x509_user(const krb5_pa_s4u_x509_user *, krb5_data **);
1737
1659
krb5_error_code
1738
encode_krb5_pa_svr_referral_data(const krb5_pa_svr_referral_data *,
1742
encode_krb5_pa_server_referral_data(const krb5_pa_server_referral_data *,
1746
1660
encode_krb5_pa_pac_req(const krb5_pa_pac_req *, krb5_data **);
1748
1662
krb5_error_code
1775
1689
krb5_error_code
1776
1690
encode_krb5_ad_signedpath_data(const krb5_ad_signedpath_data *, krb5_data **);
1693
encode_krb5_otp_tokeninfo(const krb5_otp_tokeninfo *, krb5_data **);
1696
encode_krb5_pa_otp_challenge(const krb5_pa_otp_challenge *, krb5_data **);
1699
encode_krb5_pa_otp_req(const krb5_pa_otp_req *, krb5_data **);
1702
encode_krb5_pa_otp_enc_req(const krb5_data *, krb5_data **);
1778
1704
/*************************************************************************
1779
1705
* End of prototypes for krb5_encode.c
1780
1706
*************************************************************************/
1782
1708
krb5_error_code
1783
decode_krb5_sam_challenge(const krb5_data *, krb5_sam_challenge **);
1786
decode_krb5_enc_sam_key(const krb5_data *, krb5_sam_key **);
1789
decode_krb5_enc_sam_response_enc(const krb5_data *,
1790
krb5_enc_sam_response_enc **);
1793
decode_krb5_sam_response(const krb5_data *, krb5_sam_response **);
1796
decode_krb5_predicted_sam_response(const krb5_data *,
1797
krb5_predicted_sam_response **);
1800
1709
decode_krb5_sam_challenge_2(const krb5_data *, krb5_sam_challenge_2 **);
1802
1711
krb5_error_code
1894
1803
decode_krb5_authdata(const krb5_data *output, krb5_authdata ***rep);
1896
1805
krb5_error_code
1897
decode_krb5_pwd_sequence(const krb5_data *output, passwd_phrase_element **rep);
1900
decode_krb5_pwd_data(const krb5_data *output, krb5_pwd_data **rep);
1903
1806
decode_krb5_padata_sequence(const krb5_data *output, krb5_pa_data ***rep);
1905
1808
krb5_error_code
1906
decode_krb5_alt_method(const krb5_data *output, krb5_alt_method **rep);
1809
decode_krb5_typed_data(const krb5_data *, krb5_pa_data ***);
1908
1811
krb5_error_code
1909
1812
decode_krb5_etype_info(const krb5_data *output, krb5_etype_info_entry ***rep);
1918
1821
decode_krb5_pa_enc_ts(const krb5_data *output, krb5_pa_enc_ts **rep);
1920
1823
krb5_error_code
1921
decode_krb5_sam_key(const krb5_data *, krb5_sam_key **);
1924
1824
decode_krb5_setpw_req(const krb5_data *, krb5_data **, krb5_principal *);
1926
1826
krb5_error_code
1930
1830
decode_krb5_pa_s4u_x509_user(const krb5_data *, krb5_pa_s4u_x509_user **);
1932
1832
krb5_error_code
1933
decode_krb5_pa_svr_referral_data(const krb5_data *,
1934
krb5_pa_svr_referral_data **);
1937
decode_krb5_pa_server_referral_data(const krb5_data *,
1938
krb5_pa_server_referral_data **);
1941
1833
decode_krb5_pa_pac_req(const krb5_data *, krb5_pa_pac_req **);
1943
1835
krb5_error_code
1967
1859
krb5_error_code
1968
1860
decode_krb5_iakerb_finished(const krb5_data *, krb5_iakerb_finished **);
1863
decode_krb5_otp_tokeninfo(const krb5_data *, krb5_otp_tokeninfo **);
1866
decode_krb5_pa_otp_challenge(const krb5_data *, krb5_pa_otp_challenge **);
1869
decode_krb5_pa_otp_req(const krb5_data *, krb5_pa_otp_req **);
1872
decode_krb5_pa_otp_enc_req(const krb5_data *, krb5_data **);
1970
1874
struct _krb5_key_data; /* kdb.h */
1972
1876
struct ldap_seqof_key_data {
1973
1877
krb5_int32 mkvno; /* Master key version number */
1878
krb5_int16 kvno; /* kvno of key_data elements (all the same) */
1974
1879
struct _krb5_key_data *key_data;
1975
1880
krb5_int16 n_key_data;
1981
1886
krb5_data **code);
1983
1888
krb5_error_code
1984
krb5int_ldap_decode_sequence_of_keys(krb5_data *in,
1889
krb5int_ldap_decode_sequence_of_keys(const krb5_data *in,
1985
1890
ldap_seqof_key_data **rep);
1987
1892
/*************************************************************************
2092
1997
krb5_cc_retrieve_cred_default(krb5_context, krb5_ccache, krb5_flags,
2093
1998
krb5_creds *, krb5_creds *);
2001
krb5int_build_conf_principals(krb5_context context, krb5_ccache id,
2002
krb5_const_principal principal,
2003
const char *name, krb5_creds *cred);
2095
2005
krb5_boolean KRB5_CALLCONV
2096
2006
krb5_creds_compare(krb5_context in_context, krb5_creds *in_creds,
2097
2007
krb5_creds *in_compare_creds);
2144
2054
/* To keep happy libraries which are (for now) accessing internal stuff */
2146
2056
/* Make sure to increment by one when changing the struct */
2147
#define KRB5INT_ACCESS_STRUCT_VERSION 18
2057
#define KRB5INT_ACCESS_STRUCT_VERSION 21
2150
struct ktext; /* from krb.h, for krb524 support */
2152
2059
typedef struct _krb5int_access {
2154
krb5_error_code (*arcfour_gsscrypt)(const krb5_keyblock *keyblock,
2155
krb5_keyusage usage,
2156
const krb5_data *kd_data,
2157
krb5_crypto_iov *data,
2160
2060
krb5_error_code (*auth_con_get_subkey_enctype)(krb5_context,
2161
2061
krb5_auth_context,
2162
2062
krb5_enctype *);
2248
2145
(*decode_krb5_pa_pk_as_rep)(const krb5_data *, krb5_pa_pk_as_rep **);
2250
2147
krb5_error_code
2251
(*decode_krb5_pa_pk_as_rep_draft9)(const krb5_data *,
2252
krb5_pa_pk_as_rep_draft9 **);
2255
2148
(*decode_krb5_kdc_dh_key_info)(const krb5_data *, krb5_kdc_dh_key_info **);
2257
2150
krb5_error_code
2276
2169
krb5_error_code
2277
(*decode_krb5_typed_data)(const krb5_data *, krb5_typed_data ***);
2280
(*decode_krb5_as_req)(const krb5_data *output, krb5_kdc_req **rep);
2283
2170
(*encode_krb5_kdc_req_body)(const krb5_kdc_req *rep, krb5_data **code);
2286
2173
(KRB5_CALLCONV *free_kdc_req)(krb5_context, krb5_kdc_req * );
2288
2175
(*set_prompt_types)(krb5_context, krb5_prompt_type *);
2291
(*encode_krb5_authdata_elt)(const krb5_authdata *rep, krb5_data **code);
2293
/* Exported for testing only! */
2295
(*encode_krb5_sam_response_2)(const krb5_sam_response_2 *rep,
2298
(*encode_krb5_enc_sam_response_enc_2)(const
2299
krb5_enc_sam_response_enc_2 *rep,
2301
2176
} krb5int_access;
2303
2178
#define KRB5INT_ACCESS_VERSION \
2396
2268
krb5_timestamp ctime;
2397
2269
} krb5_donot_replay;
2271
krb5_error_code KRB5_CALLCONV
2272
krb5int_cc_user_set_default_name(krb5_context context, const char *name);
2399
2274
krb5_error_code krb5_rc_default(krb5_context, krb5_rcache *);
2400
2275
krb5_error_code krb5_rc_resolve_type(krb5_context, krb5_rcache *,char *);
2401
2276
krb5_error_code krb5_rc_resolve_full(krb5_context, krb5_rcache *,char *);
2480
2355
krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
2483
* Referral definitions, debugging hooks, and subfunctions.
2358
* Referral definitions and subfunctions.
2485
2360
#define KRB5_REFERRAL_MAXHOPS 10
2486
/* #define DEBUG_REFERRALS */
2488
#ifdef DEBUG_REFERRALS
2489
void krb5int_dbgref_dump_principal(char *, krb5_principal);
2492
2362
/* Common hostname-parsing code. */
2493
2363
krb5_error_code
2494
2364
krb5int_clean_hostname(krb5_context, const char *, char *, size_t);
2498
* There are no IANA assignments for these enctypes or cksumtypes yet. They
2499
* must be defined to local-use negative numbers at build time for Camellia
2500
* support to function at the moment. If one is defined, they should all be
2501
* defined. When IANA assignments exist, these definitions should move to the
2502
* appropriate places in krb5.hin and all CAMELLIA conditional code should be
2503
* made unconditional.
2505
* The present code is experimental and may not be compatible with the
2506
* standardized version.
2508
#define ENCTYPE_CAMELLIA128_CTS_CMAC -XXX /* Camellia CTS mode, 128-bit key */
2509
#define ENCTYPE_CAMELLIA256_CTS_CMAC -YYY /* Camellia CTS mode, 256-bit key */
2510
#define CKSUMTYPE_CMAC_CAMELLIA128 -XXX /* CMAC, 128-bit Camellia key */
2511
#define CKSUMTYPE_CMAC_CAMELLIA256 -YYY /* CMAC, 256-bit Camellia key */
2514
#ifdef ENCTYPE_CAMELLIA128_CTS_CMAC
2518
2366
struct _krb5_kt { /* should move into k5-int.h */
2519
2367
krb5_magic magic;
2520
2368
const struct _krb5_kt_ops *ops;
2537
2385
krb5_boolean krb5_is_permitted_enctype(krb5_context, krb5_enctype);
2541
krb5_enctype *etype;
2542
krb5_boolean *etype_ok;
2543
krb5_int32 etype_count;
2544
} krb5_etypes_permitted;
2546
krb5_boolean krb5_is_permitted_enctype_ext(krb5_context,
2547
krb5_etypes_permitted *);
2549
2387
krb5_boolean KRB5_CALLCONV krb5int_c_weak_enctype(krb5_enctype);
2551
2389
krb5_error_code krb5_kdc_rep_decrypt_proc(krb5_context, const krb5_keyblock *,
2578
2416
krb5_error_code k5_kt_get_principal(krb5_context context, krb5_keytab keytab,
2579
2417
krb5_principal *princ_out);
2419
krb5_error_code k5_kt_client_default_name(krb5_context context,
2581
2422
krb5_error_code krb5_principal2salt_norealm(krb5_context, krb5_const_principal,
2610
2451
void KRB5_CALLCONV krb5_free_cred_enc_part(krb5_context, krb5_cred_enc_part *);
2611
2452
void KRB5_CALLCONV krb5_free_pa_data(krb5_context, krb5_pa_data **);
2612
2453
void KRB5_CALLCONV krb5_free_tkt_authent(krb5_context, krb5_tkt_authent *);
2613
void KRB5_CALLCONV krb5_free_pwd_data(krb5_context, krb5_pwd_data *);
2614
void KRB5_CALLCONV krb5_free_pwd_sequences(krb5_context,
2615
passwd_phrase_element **);
2616
void KRB5_CALLCONV krb5_free_passwd_phrase_element(krb5_context,
2617
passwd_phrase_element *);
2618
void KRB5_CALLCONV krb5_free_alt_method(krb5_context, krb5_alt_method *);
2619
2454
void KRB5_CALLCONV krb5_free_enc_data(krb5_context, krb5_enc_data *);
2620
2455
krb5_error_code krb5_set_config_files(krb5_context, const char **);
2701
2536
krb5_error_code krb5_use_natural_time(krb5_context);
2702
2537
krb5_error_code krb5_set_time_offsets(krb5_context, krb5_timestamp,
2705
* The realm iterator functions
2708
krb5_error_code KRB5_CALLCONV
2709
krb5_realm_iterator_create(krb5_context context, void **iter_p);
2711
krb5_error_code KRB5_CALLCONV
2712
krb5_realm_iterator(krb5_context context, void **iter_p, char **ret_realm);
2715
krb5_realm_iterator_free(krb5_context context, void **iter_p);
2717
void KRB5_CALLCONV krb5_free_realm_string(krb5_context context, char *str);
2719
/* Internal principal function used by KIM to avoid code duplication */
2720
krb5_error_code KRB5_CALLCONV
2721
krb5int_build_principal_alloc_va(krb5_context context,
2722
krb5_principal *princ,
2728
2540
/* Some data comparison and conversion functions. */
2729
2541
static inline int
2821
2633
krb5_enctype *default_list,
2822
2634
krb5_enctype **result);
2636
/* Utility functions for zero-terminated enctype lists. */
2637
size_t k5_count_etypes(const krb5_enctype *list);
2638
krb5_error_code k5_copy_etypes(const krb5_enctype *old_list,
2639
krb5_enctype **new_list);
2640
krb5_boolean k5_etypes_contains(const krb5_enctype *list, krb5_enctype etype);
2824
2642
#ifdef DEBUG_ERROR_LOCATIONS
2825
2643
#define krb5_set_error_message(ctx, code, ...) \
2826
2644
krb5_set_error_message_fl(ctx, code, __FILE__, __LINE__, __VA_ARGS__)