* Include file for the Data Encryption Standard library.
*/
-#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+#if defined(__MACH__) && defined(__APPLE__)
# include <TargetConditionals.h>
# if TARGET_RT_MAC_CFM
# error "Use KfM 4.0 SDK headers for CFM compilation."
KRBINT_BEGIN_DECLS
#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import on
-# endif
-# pragma options align=mac68k
+# pragma pack(push,2)
#endif
#if UINT_MAX >= 0xFFFFFFFFUL
typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16];
#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma enumsalwaysint reset
-# pragma import reset
-# endif
-# pragma options align=reset
+# pragma pack(pop)
#endif
KRBINT_END_DECLS
KRBINT_BEGIN_DECLS
#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import on
-# pragma enumsalwaysint on
-# endif
-# pragma options align=mac68k
+# pragma pack(push,2)
#endif
/* Windows declarations */
void des_cblock_print_file(des_cblock *, FILE *fp);
#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import reset
-# endif
-# pragma options align=reset
+# pragma pack(pop)
#endif
KRBINT_END_DECLS
#if !defined(_WIN32)
/* for compatibility with older versions... */
-extern void initialize_kadm_error_table () /*@modifies internalState@*/;
+extern void initialize_kadm_error_table (void) /*@modifies internalState@*/;
#else
#define initialize_kadm_error_table()
#endif
* For MacOS, don't expose prototypes of various private functions.
* Unfortuantely, they've leaked out everywhere else.
*/
-#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+#if defined(__MACH__) && defined(__APPLE__)
# include <TargetConditionals.h>
# if TARGET_RT_MAC_CFM
# error "Use KfM 4.0 SDK headers for CFM compilation."
KRBINT_BEGIN_DECLS
#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import on
-# pragma enumsalwaysint on
-# endif
-# pragma options align=mac68k
+# pragma pack(push,2)
#endif
#define KRB4_32 DES_INT32
#endif
#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import reset
-# endif
-# pragma options align=reset
+# pragma pack(pop)
#endif
KRBINT_END_DECLS
#if !defined(_WIN32)
/* for compatibility with older versions... */
-extern void initialize_krb_error_table () /*@modifies internalState@*/;
+extern void initialize_krb_error_table (void) /*@modifies internalState@*/;
#else
#define initialize_krb_error_table()
#endif
* Determine platform-dependent configuration.
*/
-#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+#if defined(__MACH__) && defined(__APPLE__)
# include <TargetConditionals.h>
# if TARGET_RT_MAC_CFM
# error "Use KfM 4.0 SDK headers for CFM compilation."
#endif /* __cplusplus */
#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import on
-# endif
# pragma options align=mac68k
#endif
#define KRB5_CALLCONV_C
#endif
-#define GSS_SIZEOF_INT SIZEOF_INT
-#define GSS_SIZEOF_LONG SIZEOF_LONG
-#define GSS_SIZEOF_SHORT SIZEOF_SHORT
-
/*
* First, include stddef.h to get size_t defined.
*/
-#if HAVE_STDDEF_H
#include <stddef.h>
-#endif /* HAVE_STDDEF_H */
/*
* POSIX says that sys/types.h is where size_t is defined.
#include <sys/types.h>
/*
- * If the platform supports the xom.h header file, it should be included here.
- */
-#if HAVE_XOM_H
-#include <xom.h>
-#endif /* HAVE_XOM_H */
-
-/*
* $Id$
*/
* The following type must be defined as the smallest natural unsigned integer
* supported by the platform that has at least 32 bits of precision.
*/
-#if (GSS_SIZEOF_SHORT == 4)
-typedef unsigned short gss_uint32;
-typedef short gss_int32;
-#elif (GSS_SIZEOF_INT == 4)
-typedef unsigned int gss_uint32;
-typedef int gss_int32;
-#elif (GSS_SIZEOF_LONG == 4)
-typedef unsigned long gss_uint32;
-typedef long gss_int32;
-#endif
+typedef uint32_t gss_uint32;
+typedef int32_t gss_int32;
#ifdef OM_STRING
/*
gss_OID_set * /* name_types */
);
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV gss_inquire_mechs_for_name(
+ OM_uint32 *, /* minor_status */
+ const gss_name_t, /* input_name */
+ gss_OID_set * /* mech_types */
+);
+
/*
* The following routines are obsolete variants of gss_get_mic, gss_wrap,
* gss_verify_mic and gss_unwrap. They should be provided by GSSAPI V2
);
#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import reset
-# endif
# pragma options align=reset
#endif
* generic(1) string_uid_name(3)}. The recommended symbolic name for
* this type is "GSS_KRB5_NT_STRING_UID_NAME". */
-extern const gss_OID_desc * const gss_mech_krb5;
-extern const gss_OID_desc * const gss_mech_krb5_old;
-extern const gss_OID_set_desc * const gss_mech_set_krb5;
-extern const gss_OID_set_desc * const gss_mech_set_krb5_old;
-extern const gss_OID_set_desc * const gss_mech_set_krb5_both;
+GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5;
+GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5_old;
+GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5_wrong;
+GSS_DLLIMP extern const gss_OID_set_desc * const gss_mech_set_krb5;
+GSS_DLLIMP extern const gss_OID_set_desc * const gss_mech_set_krb5_old;
+GSS_DLLIMP extern const gss_OID_set_desc * const gss_mech_set_krb5_both;
-extern const gss_OID_desc * const gss_nt_krb5_name;
-extern const gss_OID_desc * const gss_nt_krb5_principal;
+GSS_DLLIMP extern const gss_OID_desc * const gss_nt_krb5_name;
+GSS_DLLIMP extern const gss_OID_desc * const gss_nt_krb5_principal;
-extern const gss_OID_desc krb5_gss_oid_array[];
+GSS_DLLIMP extern const gss_OID_desc krb5_gss_oid_array[];
#define gss_krb5_nt_general_name gss_nt_krb5_name
#define gss_krb5_nt_principal gss_nt_krb5_principal
#define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name
#define gss_krb5_nt_string_uid_name gss_nt_string_uid_name
+
+#if defined(_WIN32)
+typedef unsigned __int64 gss_uint64;
+#else /*windows*/
+#include <inttypes.h>
+typedef uint64_t gss_uint64;
+#endif
+
+
+typedef struct gss_krb5_lucid_key {
+ OM_uint32 type; /* key encryption type */
+ OM_uint32 length; /* length of key data */
+ void * data; /* actual key data */
+} gss_krb5_lucid_key_t;
+
+typedef struct gss_krb5_rfc1964_keydata {
+ OM_uint32 sign_alg; /* signing algorthm */
+ OM_uint32 seal_alg; /* seal/encrypt algorthm */
+ gss_krb5_lucid_key_t ctx_key;
+ /* Context key
+ (Kerberos session key or subkey) */
+} gss_krb5_rfc1964_keydata_t;
+
+typedef struct gss_krb5_cfx_keydata {
+ OM_uint32 have_acceptor_subkey;
+ /* 1 if there is an acceptor_subkey
+ present, 0 otherwise */
+ gss_krb5_lucid_key_t ctx_key;
+ /* Context key
+ (Kerberos session key or subkey) */
+ gss_krb5_lucid_key_t acceptor_subkey;
+ /* acceptor-asserted subkey or
+ 0's if no acceptor subkey */
+} gss_krb5_cfx_keydata_t;
+
+typedef struct gss_krb5_lucid_context_v1 {
+ OM_uint32 version; /* Structure version number (1)
+ MUST be at beginning of struct! */
+ OM_uint32 initiate; /* Are we the initiator? */
+ OM_uint32 endtime; /* expiration time of context */
+ gss_uint64 send_seq; /* sender sequence number */
+ gss_uint64 recv_seq; /* receive sequence number */
+ OM_uint32 protocol; /* 0: rfc1964,
+ 1: draft-ietf-krb-wg-gssapi-cfx-07 */
+ /*
+ * if (protocol == 0) rfc1964_kd should be used
+ * and cfx_kd contents are invalid and should be zero
+ * if (protocol == 1) cfx_kd should be used
+ * and rfc1964_kd contents are invalid and should be zero
+ */
+ gss_krb5_rfc1964_keydata_t rfc1964_kd;
+ gss_krb5_cfx_keydata_t cfx_kd;
+} gss_krb5_lucid_context_v1_t;
+
+/*
+ * Mask for determining the returned structure version.
+ * See example below for usage.
+ */
+typedef struct gss_krb5_lucid_context_version {
+ OM_uint32 version; /* Structure version number */
+} gss_krb5_lucid_context_version_t;
+
+
+
+
/* Alias for Heimdal compat. */
#define gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity
(OM_uint32 *minor_status, const char *name,
const char **out_name);
+/*
+ * gss_krb5_set_allowable_enctypes
+ *
+ * This function may be called by a context initiator after calling
+ * gss_acquire_cred(), but before calling gss_init_sec_context(),
+ * to restrict the set of enctypes which will be negotiated during
+ * context establishment to those in the provided array.
+ *
+ * 'cred' must be a valid credential handle obtained via
+ * gss_acquire_cred(). It may not be GSS_C_NO_CREDENTIAL.
+ * gss_acquire_cred() may have been called to get a handle to
+ * the default credential.
+ *
+ * The purpose of this function is to limit the keys that may
+ * be exported via gss_krb5_export_lucid_sec_context(); thus it
+ * should limit the enctypes of all keys that will be needed
+ * after the security context has been established.
+ * (i.e. context establishment may use a session key with a
+ * stronger enctype than in the provided array, however a
+ * subkey must be established within the enctype limits
+ * established by this function.)
+ *
+ */
+OM_uint32 KRB5_CALLCONV
+gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
+ gss_cred_id_t cred,
+ OM_uint32 num_ktypes,
+ krb5_enctype *ktypes);
+
+/*
+ * Returns a non-opaque (lucid) version of the internal context
+ * information.
+ *
+ * Note that context_handle must not be used again by the caller
+ * after this call. The GSS implementation is free to release any
+ * resources associated with the original context. It is up to the
+ * GSS implementation whether it returns pointers to existing data,
+ * or copies of the data. The caller should treat the returned
+ * lucid context as read-only.
+ *
+ * The caller must call gss_krb5_free_lucid_context() to free
+ * the context and allocated resources when it is finished with it.
+ *
+ * 'version' is an integer indicating the highest version of lucid
+ * context understood by the caller. The highest version
+ * understood by both the caller and the GSS implementation must
+ * be returned. The caller can determine which version of the
+ * structure was actually returned by examining the version field
+ * of the returned structure. gss_krb5_lucid_context_version_t
+ * may be used as a mask to examine the returned structure version.
+ *
+ * If there are no common versions, an error should be returned.
+ * (XXX Need error definition(s))
+ *
+ * For example:
+ * void *return_ctx;
+ * gss_krb5_lucid_context_v1_t *ctx;
+ * OM_uint32 min_stat, maj_stat;
+ * OM_uint32 vers;
+ * gss_ctx_id_t *ctx_handle;
+ *
+ * maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
+ * ctx_handle, 1, &return_ctx);
+ * // Verify success
+ *
+ * vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version;
+ * switch (vers) {
+ * case 1:
+ * ctx = (gss_krb5_lucid_context_v1_t *) return_ctx;
+ * break;
+ * default:
+ * // Error, unknown version returned
+ * break;
+ * }
+ *
+ */
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ OM_uint32 version,
+ void **kctx);
+
+/*
+ * Frees the allocated storage associated with an
+ * exported struct gss_krb5_lucid_context.
+ */
+OM_uint32 KRB5_CALLCONV
+gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
+ void *kctx);
+
+
#ifdef __cplusplus
}
#endif /* __cplusplus */
-/*
- * include/krb5.h
- *
- * Copyright 1989,1990,1995,2001, 2003 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * General definitions for Kerberos version 5.
- */
+/* The MIT Kerberos header file krb5.h used to live here.
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. FundsXpress makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#ifndef KRB5_GENERAL__
-#define KRB5_GENERAL__
-
-/* By default, do not expose deprecated interfaces. */
-#ifndef KRB5_DEPRECATED
-#define KRB5_DEPRECATED 0
-#endif
-/* Do not expose private interfaces. Build system will override. */
-#ifndef KRB5_PRIVATE
-#define KRB5_PRIVATE 0
-#endif
-
-#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
-# include <TargetConditionals.h>
-# if TARGET_RT_MAC_CFM
-# error "Use KfM 4.0 SDK headers for CFM compilation."
-# endif
-#endif
-
-#if defined(_MSDOS) || defined(_WIN32)
-#include <win-mac.h>
-#endif
-
-#ifndef KRB5_CONFIG__
-#ifndef KRB5_CALLCONV
-#define KRB5_CALLCONV
-#define KRB5_CALLCONV_C
-#endif /* !KRB5_CALLCONV */
-#endif /* !KRB5_CONFIG__ */
-
-#ifndef KRB5_CALLCONV_WRONG
-#define KRB5_CALLCONV_WRONG
-#endif
-
-#ifndef THREEPARAMOPEN
-#define THREEPARAMOPEN(x,y,z) open(x,y,z)
-#endif
-
-#define KRB5_OLD_CRYPTO
-
-#include <stdlib.h>
-#include <limits.h> /* for *_MAX */
-
-#ifndef KRB5INT_BEGIN_DECLS
-#if defined(__cplusplus)
-#define KRB5INT_BEGIN_DECLS extern "C" {
-#define KRB5INT_END_DECLS }
-#else
-#define KRB5INT_BEGIN_DECLS
-#define KRB5INT_END_DECLS
-#endif
-#endif
-
-KRB5INT_BEGIN_DECLS
-
-#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import on
-# endif
-# pragma options align=mac68k
-#endif
-
-/* from profile.h */
-struct _profile_t;
-/* typedef struct _profile_t *profile_t; */
-
-/*
- * begin wordsize.h
- */
-
-/*
- * Word-size related definition.
- */
-
-typedef unsigned char krb5_octet;
-
-#if INT_MAX == 0x7fff
-typedef int krb5_int16;
-typedef unsigned int krb5_ui_2;
-#elif SHRT_MAX == 0x7fff
-typedef short krb5_int16;
-typedef unsigned short krb5_ui_2;
-#else
-#error undefined 16 bit type
-#endif
-
-#if INT_MAX == 0x7fffffffL
-typedef int krb5_int32;
-typedef unsigned int krb5_ui_4;
-#elif LONG_MAX == 0x7fffffffL
-typedef long krb5_int32;
-typedef unsigned long krb5_ui_4;
-#elif SHRT_MAX == 0x7fffffffL
-typedef short krb5_int32;
-typedef unsigned short krb5_ui_4;
-#else
-#error: undefined 32 bit type
-#endif
-
-#define VALID_INT_BITS INT_MAX
-#define VALID_UINT_BITS UINT_MAX
-
-#define KRB5_INT32_MAX 2147483647
-/* this strange form is necessary since - is a unary operator, not a sign
- indicator */
-#define KRB5_INT32_MIN (-KRB5_INT32_MAX-1)
-
-#define KRB5_INT16_MAX 65535
-/* this strange form is necessary since - is a unary operator, not a sign
- indicator */
-#define KRB5_INT16_MIN (-KRB5_INT16_MAX-1)
-
-/*
- * end wordsize.h
- */
-
-/*
- * begin "base-defs.h"
- */
-
-/*
- * Basic definitions for Kerberos V5 library
- */
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-#ifndef TRUE
-#define TRUE 1
-#endif
-
-typedef unsigned int krb5_boolean;
-typedef unsigned int krb5_msgtype;
-typedef unsigned int krb5_kvno;
-
-typedef krb5_int32 krb5_addrtype;
-typedef krb5_int32 krb5_enctype;
-typedef krb5_int32 krb5_cksumtype;
-typedef krb5_int32 krb5_authdatatype;
-typedef krb5_int32 krb5_keyusage;
-
-typedef krb5_int32 krb5_preauthtype; /* This may change, later on */
-typedef krb5_int32 krb5_flags;
-typedef krb5_int32 krb5_timestamp;
-typedef krb5_int32 krb5_error_code;
-typedef krb5_int32 krb5_deltat;
-
-typedef krb5_error_code krb5_magic;
-
-typedef struct _krb5_data {
- krb5_magic magic;
- unsigned int length;
- char *data;
-} krb5_data;
-
-/*
- * Hack length for crypto library to use the afs_string_to_key It is
- * equivalent to -1 without possible sign extension
- * We also overload for an unset salt type length - which is also -1, but
- * hey, why not....
-*/
-#define SALT_TYPE_AFS_LENGTH UINT_MAX
-#define SALT_TYPE_NO_LENGTH UINT_MAX
-
-typedef void * krb5_pointer;
-typedef void const * krb5_const_pointer;
-
-typedef struct krb5_principal_data {
- krb5_magic magic;
- krb5_data realm;
- krb5_data *data; /* An array of strings */
- krb5_int32 length;
- krb5_int32 type;
-} krb5_principal_data;
-
-typedef krb5_principal_data * krb5_principal;
-
-/*
- * Per V5 spec on definition of principal types
- */
-
-/* Name type not known */
-#define KRB5_NT_UNKNOWN 0
-/* Just the name of the principal as in DCE, or for users */
-#define KRB5_NT_PRINCIPAL 1
-/* Service and other unique instance (krbtgt) */
-#define KRB5_NT_SRV_INST 2
-/* Service with host name as instance (telnet, rcommands) */
-#define KRB5_NT_SRV_HST 3
-/* Service with host as remaining components */
-#define KRB5_NT_SRV_XHST 4
-/* Unique ID */
-#define KRB5_NT_UID 5
-
-/* constant version thereof: */
-typedef const krb5_principal_data *krb5_const_principal;
-
-#define krb5_princ_realm(context, princ) (&(princ)->realm)
-#define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value))
-#define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value)
-#define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value)
-#define krb5_princ_size(context, princ) (princ)->length
-#define krb5_princ_type(context, princ) (princ)->type
-#define krb5_princ_name(context, princ) (princ)->data
-#define krb5_princ_component(context, princ,i) \
- (((i) < krb5_princ_size(context, princ)) \
- ? (princ)->data + (i) \
- : NULL)
-
-/*
- * end "base-defs.h"
- */
-
-/*
- * begin "hostaddr.h"
- */
-
-/* structure for address */
-typedef struct _krb5_address {
- krb5_magic magic;
- krb5_addrtype addrtype;
- unsigned int length;
- krb5_octet *contents;
-} krb5_address;
-
-/* per Kerberos v5 protocol spec */
-#define ADDRTYPE_INET 0x0002
-#define ADDRTYPE_CHAOS 0x0005
-#define ADDRTYPE_XNS 0x0006
-#define ADDRTYPE_ISO 0x0007
-#define ADDRTYPE_DDP 0x0010
-#define ADDRTYPE_INET6 0x0018
-/* not yet in the spec... */
-#define ADDRTYPE_ADDRPORT 0x0100
-#define ADDRTYPE_IPPORT 0x0101
-
-/* macros to determine if a type is a local type */
-#define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000)
-
-/*
- * end "hostaddr.h"
- */
-
-
-struct _krb5_context;
-typedef struct _krb5_context * krb5_context;
-
-struct _krb5_auth_context;
-typedef struct _krb5_auth_context * krb5_auth_context;
-
-struct _krb5_cryptosystem_entry;
-
-/*
- * begin "encryption.h"
- */
-
-typedef struct _krb5_keyblock {
- krb5_magic magic;
- krb5_enctype enctype;
- unsigned int length;
- krb5_octet *contents;
-} krb5_keyblock;
-
-#ifdef KRB5_OLD_CRYPTO
-typedef struct _krb5_encrypt_block {
- krb5_magic magic;
- krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need
- this. it was a pointer, but it
- doesn't have to be. gross. */
- krb5_keyblock *key;
-} krb5_encrypt_block;
-#endif
-
-typedef struct _krb5_checksum {
- krb5_magic magic;
- krb5_cksumtype checksum_type; /* checksum type */
- unsigned int length;
- krb5_octet *contents;
-} krb5_checksum;
-
-typedef struct _krb5_enc_data {
- krb5_magic magic;
- krb5_enctype enctype;
- krb5_kvno kvno;
- krb5_data ciphertext;
-} krb5_enc_data;
-
-/* per Kerberos v5 protocol spec */
-#define ENCTYPE_NULL 0x0000
-#define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */
-#define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */
-#define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */
-#define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */
-/* XXX deprecated? */
-#define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */
-#define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */
-#define ENCTYPE_DES_HMAC_SHA1 0x0008
-#define ENCTYPE_DES3_CBC_SHA1 0x0010
-#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
-#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
-#define ENCTYPE_ARCFOUR_HMAC 0x0017
-#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
-#define ENCTYPE_UNKNOWN 0x01ff
-/* local crud */
-/* marc's DES-3 with 32-bit length */
-#define ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007
-
-#define CKSUMTYPE_CRC32 0x0001
-#define CKSUMTYPE_RSA_MD4 0x0002
-#define CKSUMTYPE_RSA_MD4_DES 0x0003
-#define CKSUMTYPE_DESCBC 0x0004
-/* des-mac-k */
-/* rsa-md4-des-k */
-#define CKSUMTYPE_RSA_MD5 0x0007
-#define CKSUMTYPE_RSA_MD5_DES 0x0008
-#define CKSUMTYPE_NIST_SHA 0x0009
-#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c
-#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f
-#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010
-#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
-
-/* The following are entropy source designations. Whenever
- * krb5_C_random_add_entropy is called, one of these source ids is passed
- * in. This allows the library to better estimate bits of
- * entropy in the sample and to keep track of what sources of entropy have
- * contributed enough entropy. Sources marked internal MUST NOT be
- * used by applications outside the Kerberos library
-*/
-
-enum {
- KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/
- KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/
- KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/
- /*This source should be used carefully; data in this category
- * should be from a third party trusted to give random bits
- * For example keys issued by the KDC in the application server.
- */
- KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/
- KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/
- KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/
-};
-
-#ifndef krb5_roundup
-/* round x up to nearest multiple of y */
-#define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y))
-#endif /* roundup */
-
-/* macro function definitions to help clean up code */
-
-#if 1
-#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
-#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
-#else
-#define krb5_x(ptr,args) ((*(ptr)) args)
-#define krb5_xc(ptr,args) ((*(ptr)) args)
-#endif
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_encrypt
- (krb5_context context, const krb5_keyblock *key,
- krb5_keyusage usage, const krb5_data *cipher_state,
- const krb5_data *input, krb5_enc_data *output);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_decrypt
- (krb5_context context, const krb5_keyblock *key,
- krb5_keyusage usage, const krb5_data *cipher_state,
- const krb5_enc_data *input, krb5_data *output);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_encrypt_length
- (krb5_context context, krb5_enctype enctype,
- size_t inputlen, size_t *length);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_block_size
- (krb5_context context, krb5_enctype enctype,
- size_t *blocksize);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_init_state
-(krb5_context context,
-const krb5_keyblock *key, krb5_keyusage usage,
-krb5_data *new_state);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_free_state
-(krb5_context context, const krb5_keyblock *key, krb5_data *state);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_make_random_key
- (krb5_context context, krb5_enctype enctype,
- krb5_keyblock *k5_random_key);
-
-/* Register a new entropy sample with the PRNG. may cause
-* the PRNG to be reseeded, although this is not guaranteed. See previous randsource definitions
-* for information on how each source should be used.
-*/
-krb5_error_code KRB5_CALLCONV
- krb5_c_random_add_entropy
-(krb5_context context, unsigned int randsource_id, const krb5_data *data);
-
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_random_make_octets
- (krb5_context context, krb5_data *data);
-
-/*
-* Collect entropy from the OS if possible. strong requests that as strong
-* of a source of entropy as available be used. Setting strong may
-* increase the probability of blocking and should not be used for normal
-* applications. Good uses include seeding the PRNG for kadmind
-* and realm setup.
-* If successful is non-null, then successful is set to 1 if the OS provided
-* entropy else zero.
-*/
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_os_entropy
-(krb5_context context, int strong, int *success);
-
-/*deprecated*/ krb5_error_code KRB5_CALLCONV
- krb5_c_random_seed
- (krb5_context context, krb5_data *data);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_string_to_key
- (krb5_context context, krb5_enctype enctype,
- const krb5_data *string, const krb5_data *salt,
- krb5_keyblock *key);
-krb5_error_code KRB5_CALLCONV
-krb5_c_string_to_key_with_params(krb5_context context,
- krb5_enctype enctype,
- const krb5_data *string,
- const krb5_data *salt,
- const krb5_data *params,
- krb5_keyblock *key);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_enctype_compare
- (krb5_context context, krb5_enctype e1, krb5_enctype e2,
- krb5_boolean *similar);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_make_checksum
- (krb5_context context, krb5_cksumtype cksumtype,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_data *input, krb5_checksum *cksum);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_verify_checksum
- (krb5_context context,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_data *data,
- const krb5_checksum *cksum,
- krb5_boolean *valid);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_checksum_length
- (krb5_context context, krb5_cksumtype cksumtype,
- size_t *length);
-
-krb5_error_code KRB5_CALLCONV
- krb5_c_keyed_checksum_types
- (krb5_context context, krb5_enctype enctype,
- unsigned int *count, krb5_cksumtype **cksumtypes);
-
-#define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1
-#define KRB5_KEYUSAGE_KDC_REP_TICKET 2
-#define KRB5_KEYUSAGE_AS_REP_ENCPART 3
-#define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4
-#define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5
-#define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6
-#define KRB5_KEYUSAGE_TGS_REQ_AUTH 7
-#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8
-#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9
-#define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10
-#define KRB5_KEYUSAGE_AP_REQ_AUTH 11
-#define KRB5_KEYUSAGE_AP_REP_ENCPART 12
-#define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13
-#define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14
-#define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15
-#define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16
-#define KRB5_KEYUSAGE_APP_DATA_CKSUM 17
-#define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18
-#define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19
-#define KRB5_KEYUSAGE_AD_MTE 20
-#define KRB5_KEYUSAGE_AD_ITE 21
-
-/* XXX need to register these */
-
-#define KRB5_KEYUSAGE_GSS_TOK_MIC 22
-#define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23
-#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24
-
-/* Defined in hardware preauth draft */
-
-#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25
-#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26
-#define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27
-
-krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype
- (krb5_enctype ktype);
-krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype
- (krb5_cksumtype ctype);
-krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum
- (krb5_cksumtype ctype);
-krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum
- (krb5_cksumtype ctype);
-
-#if KRB5_PRIVATE
-/* Use the above four instead. */
-krb5_boolean KRB5_CALLCONV valid_enctype
- (krb5_enctype ktype);
-krb5_boolean KRB5_CALLCONV valid_cksumtype
- (krb5_cksumtype ctype);
-krb5_boolean KRB5_CALLCONV is_coll_proof_cksum
- (krb5_cksumtype ctype);
-krb5_boolean KRB5_CALLCONV is_keyed_cksum
- (krb5_cksumtype ctype);
-#endif
-
-#ifdef KRB5_OLD_CRYPTO
-/*
- * old cryptosystem routine prototypes. These are now layered
- * on top of the functions above.
- */
-krb5_error_code KRB5_CALLCONV krb5_encrypt
- (krb5_context context,
- krb5_const_pointer inptr,
- krb5_pointer outptr,
- size_t size,
- krb5_encrypt_block * eblock,
- krb5_pointer ivec);
-krb5_error_code KRB5_CALLCONV krb5_decrypt
- (krb5_context context,
- krb5_const_pointer inptr,
- krb5_pointer outptr,
- size_t size,
- krb5_encrypt_block * eblock,
- krb5_pointer ivec);
-krb5_error_code KRB5_CALLCONV krb5_process_key
- (krb5_context context,
- krb5_encrypt_block * eblock,
- const krb5_keyblock * key);
-krb5_error_code KRB5_CALLCONV krb5_finish_key
- (krb5_context context,
- krb5_encrypt_block * eblock);
-krb5_error_code KRB5_CALLCONV krb5_string_to_key
- (krb5_context context,
- const krb5_encrypt_block * eblock,
- krb5_keyblock * keyblock,
- const krb5_data * data,
- const krb5_data * salt);
-krb5_error_code KRB5_CALLCONV krb5_init_random_key
- (krb5_context context,
- const krb5_encrypt_block * eblock,
- const krb5_keyblock * keyblock,
- krb5_pointer * ptr);
-krb5_error_code KRB5_CALLCONV krb5_finish_random_key
- (krb5_context context,
- const krb5_encrypt_block * eblock,
- krb5_pointer * ptr);
-krb5_error_code KRB5_CALLCONV krb5_random_key
- (krb5_context context,
- const krb5_encrypt_block * eblock,
- krb5_pointer ptr,
- krb5_keyblock ** keyblock);
-krb5_enctype KRB5_CALLCONV krb5_eblock_enctype
- (krb5_context context,
- const krb5_encrypt_block * eblock);
-krb5_error_code KRB5_CALLCONV krb5_use_enctype
- (krb5_context context,
- krb5_encrypt_block * eblock,
- krb5_enctype enctype);
-size_t KRB5_CALLCONV krb5_encrypt_size
- (size_t length,
- krb5_enctype crypto);
-size_t KRB5_CALLCONV krb5_checksum_size
- (krb5_context context,
- krb5_cksumtype ctype);
-krb5_error_code KRB5_CALLCONV krb5_calculate_checksum
- (krb5_context context,
- krb5_cksumtype ctype,
- krb5_const_pointer in, size_t in_length,
- krb5_const_pointer seed, size_t seed_length,
- krb5_checksum * outcksum);
-krb5_error_code KRB5_CALLCONV krb5_verify_checksum
- (krb5_context context,
- krb5_cksumtype ctype,
- const krb5_checksum * cksum,
- krb5_const_pointer in, size_t in_length,
- krb5_const_pointer seed, size_t seed_length);
-
-#if KRB5_PRIVATE
-krb5_error_code KRB5_CALLCONV krb5_random_confounder
- (size_t, krb5_pointer);
-
-krb5_error_code krb5_encrypt_data
- (krb5_context context, krb5_keyblock *key,
- krb5_pointer ivec, krb5_data *data,
- krb5_enc_data *enc_data);
-
-krb5_error_code krb5_decrypt_data
- (krb5_context context, krb5_keyblock *key,
- krb5_pointer ivec, krb5_enc_data *data,
- krb5_data *enc_data);
-#endif
-
-#endif /* KRB5_OLD_CRYPTO */
-
-/*
- * end "encryption.h"
- */
-
-/*
- * begin "fieldbits.h"
- */
-
-/* kdc_options for kdc_request */
-/* options is 32 bits; each host is responsible to put the 4 bytes
- representing these bits into net order before transmission */
-/* #define KDC_OPT_RESERVED 0x80000000 */
-#define KDC_OPT_FORWARDABLE 0x40000000
-#define KDC_OPT_FORWARDED 0x20000000
-#define KDC_OPT_PROXIABLE 0x10000000
-#define KDC_OPT_PROXY 0x08000000
-#define KDC_OPT_ALLOW_POSTDATE 0x04000000
-#define KDC_OPT_POSTDATED 0x02000000
-/* #define KDC_OPT_UNUSED 0x01000000 */
-#define KDC_OPT_RENEWABLE 0x00800000
-/* #define KDC_OPT_UNUSED 0x00400000 */
-/* #define KDC_OPT_RESERVED 0x00200000 */
-/* #define KDC_OPT_RESERVED 0x00100000 */
-/* #define KDC_OPT_RESERVED 0x00080000 */
-/* #define KDC_OPT_RESERVED 0x00040000 */
-#define KDC_OPT_REQUEST_ANONYMOUS 0x00020000
-/* #define KDC_OPT_RESERVED 0x00010000 */
-/* #define KDC_OPT_RESERVED 0x00008000 */
-/* #define KDC_OPT_RESERVED 0x00004000 */
-/* #define KDC_OPT_RESERVED 0x00002000 */
-/* #define KDC_OPT_RESERVED 0x00001000 */
-/* #define KDC_OPT_RESERVED 0x00000800 */
-/* #define KDC_OPT_RESERVED 0x00000400 */
-/* #define KDC_OPT_RESERVED 0x00000200 */
-/* #define KDC_OPT_RESERVED 0x00000100 */
-/* #define KDC_OPT_RESERVED 0x00000080 */
-/* #define KDC_OPT_RESERVED 0x00000040 */
-#define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020
-#define KDC_OPT_RENEWABLE_OK 0x00000010
-#define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008
-/* #define KDC_OPT_UNUSED 0x00000004 */
-#define KDC_OPT_RENEW 0x00000002
-#define KDC_OPT_VALIDATE 0x00000001
-
-/*
- * Mask of ticket flags in the TGT which should be converted into KDC
- * options when using the TGT to get derivitive tickets.
- *
- * New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE |
- * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE
- */
-#define KDC_TKT_COMMON_MASK 0x54800000
-
-/* definitions for ap_options fields */
-/* ap_options are 32 bits; each host is responsible to put the 4 bytes
- representing these bits into net order before transmission */
-#define AP_OPTS_RESERVED 0x80000000
-#define AP_OPTS_USE_SESSION_KEY 0x40000000
-#define AP_OPTS_MUTUAL_REQUIRED 0x20000000
-/* #define AP_OPTS_RESERVED 0x10000000 */
-/* #define AP_OPTS_RESERVED 0x08000000 */
-/* #define AP_OPTS_RESERVED 0x04000000 */
-/* #define AP_OPTS_RESERVED 0x02000000 */
-/* #define AP_OPTS_RESERVED 0x01000000 */
-/* #define AP_OPTS_RESERVED 0x00800000 */
-/* #define AP_OPTS_RESERVED 0x00400000 */
-/* #define AP_OPTS_RESERVED 0x00200000 */
-/* #define AP_OPTS_RESERVED 0x00100000 */
-/* #define AP_OPTS_RESERVED 0x00080000 */
-/* #define AP_OPTS_RESERVED 0x00040000 */
-/* #define AP_OPTS_RESERVED 0x00020000 */
-/* #define AP_OPTS_RESERVED 0x00010000 */
-/* #define AP_OPTS_RESERVED 0x00008000 */
-/* #define AP_OPTS_RESERVED 0x00004000 */
-/* #define AP_OPTS_RESERVED 0x00002000 */
-/* #define AP_OPTS_RESERVED 0x00001000 */
-/* #define AP_OPTS_RESERVED 0x00000800 */
-/* #define AP_OPTS_RESERVED 0x00000400 */
-/* #define AP_OPTS_RESERVED 0x00000200 */
-/* #define AP_OPTS_RESERVED 0x00000100 */
-/* #define AP_OPTS_RESERVED 0x00000080 */
-/* #define AP_OPTS_RESERVED 0x00000040 */
-/* #define AP_OPTS_RESERVED 0x00000020 */
-/* #define AP_OPTS_RESERVED 0x00000010 */
-/* #define AP_OPTS_RESERVED 0x00000008 */
-/* #define AP_OPTS_RESERVED 0x00000004 */
-/* #define AP_OPTS_RESERVED 0x00000002 */
-#define AP_OPTS_USE_SUBKEY 0x00000001
-
-#define AP_OPTS_WIRE_MASK 0xfffffff0
-
-/* definitions for ad_type fields. */
-#define AD_TYPE_RESERVED 0x8000
-#define AD_TYPE_EXTERNAL 0x4000
-#define AD_TYPE_REGISTERED 0x2000
-
-#define AD_TYPE_FIELD_TYPE_MASK 0x1fff
-
-/* Ticket flags */
-/* flags are 32 bits; each host is responsible to put the 4 bytes
- representing these bits into net order before transmission */
-/* #define TKT_FLG_RESERVED 0x80000000 */
-#define TKT_FLG_FORWARDABLE 0x40000000
-#define TKT_FLG_FORWARDED 0x20000000
-#define TKT_FLG_PROXIABLE 0x10000000
-#define TKT_FLG_PROXY 0x08000000
-#define TKT_FLG_MAY_POSTDATE 0x04000000
-#define TKT_FLG_POSTDATED 0x02000000
-#define TKT_FLG_INVALID 0x01000000
-#define TKT_FLG_RENEWABLE 0x00800000
-#define TKT_FLG_INITIAL 0x00400000
-#define TKT_FLG_PRE_AUTH 0x00200000
-#define TKT_FLG_HW_AUTH 0x00100000
-#define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000
-#define TKT_FLG_OK_AS_DELEGATE 0x00040000
-#define TKT_FLG_ANONYMOUS 0x00020000
-/* #define TKT_FLG_RESERVED 0x00010000 */
-/* #define TKT_FLG_RESERVED 0x00008000 */
-/* #define TKT_FLG_RESERVED 0x00004000 */
-/* #define TKT_FLG_RESERVED 0x00002000 */
-/* #define TKT_FLG_RESERVED 0x00001000 */
-/* #define TKT_FLG_RESERVED 0x00000800 */
-/* #define TKT_FLG_RESERVED 0x00000400 */
-/* #define TKT_FLG_RESERVED 0x00000200 */
-/* #define TKT_FLG_RESERVED 0x00000100 */
-/* #define TKT_FLG_RESERVED 0x00000080 */
-/* #define TKT_FLG_RESERVED 0x00000040 */
-/* #define TKT_FLG_RESERVED 0x00000020 */
-/* #define TKT_FLG_RESERVED 0x00000010 */
-/* #define TKT_FLG_RESERVED 0x00000008 */
-/* #define TKT_FLG_RESERVED 0x00000004 */
-/* #define TKT_FLG_RESERVED 0x00000002 */
-/* #define TKT_FLG_RESERVED 0x00000001 */
-
-/* definitions for lr_type fields. */
-#define LR_TYPE_THIS_SERVER_ONLY 0x8000
-
-#define LR_TYPE_INTERPRETATION_MASK 0x7fff
-
-/* definitions for ad_type fields. */
-#define AD_TYPE_EXTERNAL 0x4000
-#define AD_TYPE_REGISTERED 0x2000
-
-#define AD_TYPE_FIELD_TYPE_MASK 0x1fff
-#define AD_TYPE_INTERNAL_MASK 0x3fff
-
-/* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */
-#define MSEC_DIRBIT 0x8000
-#define MSEC_VAL_MASK 0x7fff
-
-/*
- * end "fieldbits.h"
- */
-
-/*
- * begin "proto.h"
- */
-
-/* Protocol version number */
-#define KRB5_PVNO 5
-
-/* Message types */
-
-#define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */
-#define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */
-#define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */
-#define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */
-#define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */
-#define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */
-#define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */
-#define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */
-#define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */
-#define KRB5_ERROR ((krb5_msgtype)30) /* Error response */
-
-/* LastReq types */
-#define KRB5_LRQ_NONE 0
-#define KRB5_LRQ_ALL_LAST_TGT 1
-#define KRB5_LRQ_ONE_LAST_TGT (-1)
-#define KRB5_LRQ_ALL_LAST_INITIAL 2
-#define KRB5_LRQ_ONE_LAST_INITIAL (-2)
-#define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3
-#define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3)
-#define KRB5_LRQ_ALL_LAST_RENEWAL 4
-#define KRB5_LRQ_ONE_LAST_RENEWAL (-4)
-#define KRB5_LRQ_ALL_LAST_REQ 5
-#define KRB5_LRQ_ONE_LAST_REQ (-5)
-#define KRB5_LRQ_ALL_PW_EXPTIME 6
-#define KRB5_LRQ_ONE_PW_EXPTIME (-6)
-
-/* PADATA types */
-#define KRB5_PADATA_NONE 0
-#define KRB5_PADATA_AP_REQ 1
-#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ
-#define KRB5_PADATA_ENC_TIMESTAMP 2
-#define KRB5_PADATA_PW_SALT 3
-#if 0 /* Not used */
-#define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */
-#endif
-#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */
-#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */
-#define KRB5_PADATA_SESAME 7 /* Sesame project */
-#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */
-#define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */
-#define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */
-#define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */
-#define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */
-#define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */
-#define KRB5_PADATA_PK_AS_REQ 14 /* PKINIT */
-#define KRB5_PADATA_PK_AS_REP 15 /* PKINIT */
-#define KRB5_PADATA_ETYPE_INFO2 19
-#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */
-#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */
-
-#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000
-#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000
-#define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */
-
-/* Reserved for SPX pre-authentication. */
-#define KRB5_PADATA_DASS 16
-
-/* Transited encoding types */
-#define KRB5_DOMAIN_X500_COMPRESS 1
-
-/* alternate authentication types */
-#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64
-
-/* authorization data types */
-#define KRB5_AUTHDATA_OSF_DCE 64
-#define KRB5_AUTHDATA_SESAME 65
-
-/* password change constants */
-
-#define KRB5_KPASSWD_SUCCESS 0
-#define KRB5_KPASSWD_MALFORMED 1
-#define KRB5_KPASSWD_HARDERROR 2
-#define KRB5_KPASSWD_AUTHERROR 3
-#define KRB5_KPASSWD_SOFTERROR 4
-/* These are Microsoft's extensions in RFC 3244, and it looks like
- they'll become standardized, possibly with other additions. */
-#define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */
-#define KRB5_KPASSWD_BAD_VERSION 6
-#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */
-
-/*
- * end "proto.h"
- */
-
-/* Time set */
-typedef struct _krb5_ticket_times {
- krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
- in ticket? otherwise client can't get this */
- krb5_timestamp starttime; /* optional in ticket, if not present,
- use authtime */
- krb5_timestamp endtime;
- krb5_timestamp renew_till;
-} krb5_ticket_times;
-
-/* structure for auth data */
-typedef struct _krb5_authdata {
- krb5_magic magic;
- krb5_authdatatype ad_type;
- unsigned int length;
- krb5_octet *contents;
-} krb5_authdata;
-
-/* structure for transited encoding */
-typedef struct _krb5_transited {
- krb5_magic magic;
- krb5_octet tr_type;
- krb5_data tr_contents;
-} krb5_transited;
-
-typedef struct _krb5_enc_tkt_part {
- krb5_magic magic;
- /* to-be-encrypted portion */
- krb5_flags flags; /* flags */
- krb5_keyblock *session; /* session key: includes enctype */
- krb5_principal client; /* client name/realm */
- krb5_transited transited; /* list of transited realms */
- krb5_ticket_times times; /* auth, start, end, renew_till */
- krb5_address **caddrs; /* array of ptrs to addresses */
- krb5_authdata **authorization_data; /* auth data */
-} krb5_enc_tkt_part;
-
-typedef struct _krb5_ticket {
- krb5_magic magic;
- /* cleartext portion */
- krb5_principal server; /* server name/realm */
- krb5_enc_data enc_part; /* encryption type, kvno, encrypted
- encoding */
- krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if
- available */
-} krb5_ticket;
-
-/* the unencrypted version */
-typedef struct _krb5_authenticator {
- krb5_magic magic;
- krb5_principal client; /* client name/realm */
- krb5_checksum *checksum; /* checksum, includes type, optional */
- krb5_int32 cusec; /* client usec portion */
- krb5_timestamp ctime; /* client sec portion */
- krb5_keyblock *subkey; /* true session key, optional */
- krb5_ui_4 seq_number; /* sequence #, optional */
- krb5_authdata **authorization_data; /* New add by Ari, auth data */
-} krb5_authenticator;
-
-typedef struct _krb5_tkt_authent {
- krb5_magic magic;
- krb5_ticket *ticket;
- krb5_authenticator *authenticator;
- krb5_flags ap_options;
-} krb5_tkt_authent;
-
-/* credentials: Ticket, session key, etc. */
-typedef struct _krb5_creds {
- krb5_magic magic;
- krb5_principal client; /* client's principal identifier */
- krb5_principal server; /* server's principal identifier */
- krb5_keyblock keyblock; /* session encryption key info */
- krb5_ticket_times times; /* lifetime info */
- krb5_boolean is_skey; /* true if ticket is encrypted in
- another ticket's skey */
- krb5_flags ticket_flags; /* flags in ticket */
- krb5_address **addresses; /* addrs in ticket */
- krb5_data ticket; /* ticket string itself */
- krb5_data second_ticket; /* second ticket, if related to
- ticket (via DUPLICATE-SKEY or
- ENC-TKT-IN-SKEY) */
- krb5_authdata **authdata; /* authorization data */
-} krb5_creds;
-
-/* Last request fields */
-typedef struct _krb5_last_req_entry {
- krb5_magic magic;
- krb5_int32 lr_type;
- krb5_timestamp value;
-} krb5_last_req_entry;
-
-/* pre-authentication data */
-typedef struct _krb5_pa_data {
- krb5_magic magic;
- krb5_preauthtype pa_type;
- unsigned int length;
- krb5_octet *contents;
-} krb5_pa_data;
-
-typedef struct _krb5_kdc_req {
- krb5_magic magic;
- krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */
- krb5_pa_data **padata; /* e.g. encoded AP_REQ */
- /* real body */
- krb5_flags kdc_options; /* requested options */
- krb5_principal client; /* includes realm; optional */
- krb5_principal server; /* includes realm (only used if no
- client) */
- krb5_timestamp from; /* requested starttime */
- krb5_timestamp till; /* requested endtime */
- krb5_timestamp rtime; /* (optional) requested renew_till */
- krb5_int32 nonce; /* nonce to match request/response */
- int nktypes; /* # of ktypes, must be positive */
- krb5_enctype *ktype; /* requested enctype(s) */
- krb5_address **addresses; /* requested addresses, optional */
- krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */
- krb5_authdata **unenc_authdata; /* unencrypted auth data,
- if available */
- krb5_ticket **second_ticket;/* second ticket array; OPTIONAL */
-} krb5_kdc_req;
-
-typedef struct _krb5_enc_kdc_rep_part {
- krb5_magic magic;
- /* encrypted part: */
- krb5_msgtype msg_type; /* krb5 message type */
- krb5_keyblock *session; /* session key */
- krb5_last_req_entry **last_req; /* array of ptrs to entries */
- krb5_int32 nonce; /* nonce from request */
- krb5_timestamp key_exp; /* expiration date */
- krb5_flags flags; /* ticket flags */
- krb5_ticket_times times; /* lifetime info */
- krb5_principal server; /* server's principal identifier */
- krb5_address **caddrs; /* array of ptrs to addresses,
- optional */
-} krb5_enc_kdc_rep_part;
-
-typedef struct _krb5_kdc_rep {
- krb5_magic magic;
- /* cleartext part: */
- krb5_msgtype msg_type; /* AS_REP or KDC_REP? */
- krb5_pa_data **padata; /* preauthentication data from KDC */
- krb5_principal client; /* client's principal identifier */
- krb5_ticket *ticket; /* ticket */
- krb5_enc_data enc_part; /* encryption type, kvno, encrypted
- encoding */
- krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */
-} krb5_kdc_rep;
-
-/* error message structure */
-typedef struct _krb5_error {
- krb5_magic magic;
- /* some of these may be meaningless in certain contexts */
- krb5_timestamp ctime; /* client sec portion; optional */
- krb5_int32 cusec; /* client usec portion; optional */
- krb5_int32 susec; /* server usec portion */
- krb5_timestamp stime; /* server sec portion */
- krb5_ui_4 error; /* error code (protocol error #'s) */
- krb5_principal client; /* client's principal identifier;
- optional */
- krb5_principal server; /* server's principal identifier */
- krb5_data text; /* descriptive text */
- krb5_data e_data; /* additional error-describing data */
-} krb5_error;
-
-typedef struct _krb5_ap_req {
- krb5_magic magic;
- krb5_flags ap_options; /* requested options */
- krb5_ticket *ticket; /* ticket */
- krb5_enc_data authenticator; /* authenticator (already encrypted) */
-} krb5_ap_req;
-
-typedef struct _krb5_ap_rep {
- krb5_magic magic;
- krb5_enc_data enc_part;
-} krb5_ap_rep;
-
-typedef struct _krb5_ap_rep_enc_part {
- krb5_magic magic;
- krb5_timestamp ctime; /* client time, seconds portion */
- krb5_int32 cusec; /* client time, microseconds portion */
- krb5_keyblock *subkey; /* true session key, optional */
- krb5_ui_4 seq_number; /* sequence #, optional */
-} krb5_ap_rep_enc_part;
-
-typedef struct _krb5_response {
- krb5_magic magic;
- krb5_octet message_type;
- krb5_data response;
- krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */
- krb5_timestamp request_time; /* When we made the request */
-} krb5_response;
-
-typedef struct _krb5_cred_info {
- krb5_magic magic;
- krb5_keyblock *session; /* session key used to encrypt */
- /* ticket */
- krb5_principal client; /* client name/realm, optional */
- krb5_principal server; /* server name/realm, optional */
- krb5_flags flags; /* ticket flags, optional */
- krb5_ticket_times times; /* auth, start, end, renew_till, */
- /* optional */
- krb5_address **caddrs; /* array of ptrs to addresses */
-} krb5_cred_info;
-
-typedef struct _krb5_cred_enc_part {
- krb5_magic magic;
- krb5_int32 nonce; /* nonce, optional */
- krb5_timestamp timestamp; /* client time */
- krb5_int32 usec; /* microsecond portion of time */
- krb5_address *s_address; /* sender address, optional */
- krb5_address *r_address; /* recipient address, optional */
- krb5_cred_info **ticket_info;
-} krb5_cred_enc_part;
-
-typedef struct _krb5_cred {
- krb5_magic magic;
- krb5_ticket **tickets; /* tickets */
- krb5_enc_data enc_part; /* encrypted part */
- krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/
-} krb5_cred;
-
-/* Sandia password generation structures */
-typedef struct _passwd_phrase_element {
- krb5_magic magic;
- krb5_data *passwd;
- krb5_data *phrase;
-} passwd_phrase_element;
-
-typedef struct _krb5_pwd_data {
- krb5_magic magic;
- int sequence_count;
- passwd_phrase_element **element;
-} krb5_pwd_data;
-
-/* these need to be here so the typedefs are available for the prototypes */
-
-/*
- * begin "safepriv.h"
- */
-
-#define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001
-#define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002
-#define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004
-#define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008
-#define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010
-#define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020
-
-typedef struct krb5_replay_data {
- krb5_timestamp timestamp;
- krb5_int32 usec;
- krb5_ui_4 seq;
-} krb5_replay_data;
-
-/* flags for krb5_auth_con_genaddrs() */
-#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001
-#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002
-#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004
-#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008
-
-/* type of function used as a callback to generate checksum data for
- * mk_req */
-
-typedef krb5_error_code
-(KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *,
- krb5_data **);
-
-/*
- * end "safepriv.h"
- */
-
-
-/*
- * begin "ccache.h"
- */
-
-typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */
-
-struct _krb5_ccache;
-typedef struct _krb5_ccache *krb5_ccache;
-struct _krb5_cc_ops;
-typedef struct _krb5_cc_ops krb5_cc_ops;
-
-/* for retrieve_cred */
-#define KRB5_TC_MATCH_TIMES 0x00000001
-#define KRB5_TC_MATCH_IS_SKEY 0x00000002
-#define KRB5_TC_MATCH_FLAGS 0x00000004
-#define KRB5_TC_MATCH_TIMES_EXACT 0x00000008
-#define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010
-#define KRB5_TC_MATCH_AUTHDATA 0x00000020
-#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040
-#define KRB5_TC_MATCH_2ND_TKT 0x00000080
-#define KRB5_TC_MATCH_KTYPE 0x00000100
-#define KRB5_TC_SUPPORTED_KTYPES 0x00000200
-
-/* for set_flags and other functions */
-#define KRB5_TC_OPENCLOSE 0x00000001
-
-const char * KRB5_CALLCONV
-krb5_cc_get_name (krb5_context context, krb5_ccache cache);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_gen_new (krb5_context context, krb5_ccache *cache);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_initialize(krb5_context context, krb5_ccache cache,
- krb5_principal principal);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_destroy (krb5_context context, krb5_ccache cache);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_close (krb5_context context, krb5_ccache cache);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
- krb5_creds *creds);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache,
- krb5_flags flags, krb5_creds *mcreds,
- krb5_creds *creds);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_get_principal (krb5_context context, krb5_ccache cache,
- krb5_principal *principal);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache,
- krb5_cc_cursor *cursor);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_next_cred (krb5_context context, krb5_ccache cache,
- krb5_cc_cursor *cursor, krb5_creds *creds);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache,
- krb5_cc_cursor *cursor);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags,
- krb5_creds *creds);
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags);
-
-const char * KRB5_CALLCONV
-krb5_cc_get_type (krb5_context context, krb5_ccache cache);
-
-/*
- * end "ccache.h"
- */
-
-/*
- * begin "rcache.h"
- */
-
-struct krb5_rc_st;
-typedef struct krb5_rc_st *krb5_rcache;
-
-#if KRB5_PRIVATE
-typedef struct _krb5_donot_replay {
- krb5_magic magic;
- char *server; /* null-terminated */
- char *client; /* null-terminated */
- krb5_int32 cusec;
- krb5_timestamp ctime;
-} krb5_donot_replay;
-
-krb5_error_code krb5_rc_default
- (krb5_context,
- krb5_rcache *);
-krb5_error_code krb5_rc_resolve_type
- (krb5_context,
- krb5_rcache *,char *);
-krb5_error_code krb5_rc_resolve_full
- (krb5_context,
- krb5_rcache *,char *);
-char * krb5_rc_get_type
- (krb5_context,
- krb5_rcache);
-char * krb5_rc_default_type
- (krb5_context);
-char * krb5_rc_default_name
- (krb5_context);
-krb5_error_code krb5_auth_to_rep
- (krb5_context,
- krb5_tkt_authent *,
- krb5_donot_replay *);
-
-
-krb5_error_code KRB5_CALLCONV krb5_rc_initialize
- (krb5_context, krb5_rcache,krb5_deltat);
-krb5_error_code KRB5_CALLCONV krb5_rc_recover
- (krb5_context, krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_destroy
- (krb5_context, krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_close
- (krb5_context, krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_store
- (krb5_context, krb5_rcache,krb5_donot_replay *);
-krb5_error_code KRB5_CALLCONV krb5_rc_expunge
- (krb5_context, krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan
- (krb5_context, krb5_rcache,krb5_deltat *);
-char *KRB5_CALLCONV krb5_rc_get_name
- (krb5_context, krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_resolve
- (krb5_context, krb5_rcache, char *);
-#endif /* KRB5_PRIVATE */
-/*
- * end "rcache.h"
- */
-
-/*
- * begin "keytab.h"
- */
-
-
-/* XXX */
-#define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */
-
-typedef krb5_pointer krb5_kt_cursor; /* XXX */
-
-typedef struct krb5_keytab_entry_st {
- krb5_magic magic;
- krb5_principal principal; /* principal of this key */
- krb5_timestamp timestamp; /* time entry written to keytable */
- krb5_kvno vno; /* key version number */
- krb5_keyblock key; /* the secret key */
-} krb5_keytab_entry;
-
-#if KRB5_PRIVATE
-struct _krb5_kt_ops;
-typedef struct _krb5_kt { /* should move into k5-int.h */
- krb5_magic magic;
- const struct _krb5_kt_ops *ops;
- krb5_pointer data;
-} *krb5_keytab;
-#else
-struct _krb5_kt;
-typedef struct _krb5_kt *krb5_keytab;
-#endif
-
-char * KRB5_CALLCONV
-krb5_kt_get_type (krb5_context, krb5_keytab keytab);
-krb5_error_code KRB5_CALLCONV
-krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name,
- unsigned int namelen);
-krb5_error_code KRB5_CALLCONV
-krb5_kt_close(krb5_context context, krb5_keytab keytab);
-krb5_error_code KRB5_CALLCONV
-krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
- krb5_const_principal principal, krb5_kvno vno,
- krb5_enctype enctype, krb5_keytab_entry *entry);
-krb5_error_code KRB5_CALLCONV
-krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
- krb5_kt_cursor *cursor);
-krb5_error_code KRB5_CALLCONV
-krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
- krb5_keytab_entry *entry, krb5_kt_cursor *cursor);
-krb5_error_code KRB5_CALLCONV
-krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
- krb5_kt_cursor *cursor);
-
-/*
- * end "keytab.h"
- */
-
-/*
- * begin "func-proto.h"
- */
-
-krb5_error_code KRB5_CALLCONV krb5_init_context
- (krb5_context *);
-krb5_error_code KRB5_CALLCONV krb5_init_secure_context
- (krb5_context *);
-void KRB5_CALLCONV krb5_free_context
- (krb5_context);
-
-#if KRB5_PRIVATE
-krb5_error_code krb5_set_default_in_tkt_ktypes
- (krb5_context,
- const krb5_enctype *);
-krb5_error_code krb5_get_default_in_tkt_ktypes
- (krb5_context,
- krb5_enctype **);
-
-krb5_error_code krb5_set_default_tgs_ktypes
- (krb5_context,
- const krb5_enctype *);
-#endif
-
-krb5_error_code KRB5_CALLCONV
-krb5_set_default_tgs_enctypes
- (krb5_context,
- const krb5_enctype *);
-#if KRB5_PRIVATE
-krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes
- (krb5_context,
- krb5_const_principal,
- krb5_enctype **);
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes
- (krb5_context, krb5_enctype **);
-
-#if KRB5_PRIVATE
-void KRB5_CALLCONV krb5_free_ktypes
- (krb5_context, krb5_enctype *);
-
-krb5_boolean krb5_is_permitted_enctype
- (krb5_context, krb5_enctype);
-#endif
-
-/* libkrb.spec */
-#if KRB5_PRIVATE
-krb5_error_code krb5_kdc_rep_decrypt_proc
- (krb5_context,
- const krb5_keyblock *,
- krb5_const_pointer,
- krb5_kdc_rep * );
-krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part
- (krb5_context,
- const krb5_keyblock *,
- krb5_ticket * );
-krb5_error_code krb5_get_cred_from_kdc
- (krb5_context,
- krb5_ccache, /* not const, as reading may save
- state */
- krb5_creds *,
- krb5_creds **,
- krb5_creds *** );
-krb5_error_code krb5_get_cred_from_kdc_validate
- (krb5_context,
- krb5_ccache, /* not const, as reading may save
- state */
- krb5_creds *,
- krb5_creds **,
- krb5_creds *** );
-krb5_error_code krb5_get_cred_from_kdc_renew
- (krb5_context,
- krb5_ccache, /* not const, as reading may save
- state */
- krb5_creds *,
- krb5_creds **,
- krb5_creds *** );
-#endif
-
-void KRB5_CALLCONV krb5_free_tgt_creds
- (krb5_context,
- krb5_creds **); /* XXX too hard to do with const */
-
-#define KRB5_GC_USER_USER 1 /* want user-user ticket */
-#define KRB5_GC_CACHED 2 /* want cached ticket only */
-
-krb5_error_code KRB5_CALLCONV krb5_get_credentials
- (krb5_context,
- krb5_flags,
- krb5_ccache,
- krb5_creds *,
- krb5_creds **);
-krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate
- (krb5_context,
- krb5_flags,
- krb5_ccache,
- krb5_creds *,
- krb5_creds **);
-krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew
- (krb5_context,
- krb5_flags,
- krb5_ccache,
- krb5_creds *,
- krb5_creds **);
-#if KRB5_PRIVATE
-krb5_error_code krb5_get_cred_via_tkt
- (krb5_context,
- krb5_creds *,
- krb5_flags,
- krb5_address * const *,
- krb5_creds *,
- krb5_creds **);
-#endif
-krb5_error_code KRB5_CALLCONV krb5_mk_req
- (krb5_context,
- krb5_auth_context *,
- krb5_flags,
- char *,
- char *,
- krb5_data *,
- krb5_ccache,
- krb5_data * );
-krb5_error_code KRB5_CALLCONV krb5_mk_req_extended
- (krb5_context,
- krb5_auth_context *,
- krb5_flags,
- krb5_data *,
- krb5_creds *,
- krb5_data * );
-krb5_error_code KRB5_CALLCONV krb5_mk_rep
- (krb5_context,
- krb5_auth_context,
- krb5_data *);
-krb5_error_code KRB5_CALLCONV krb5_rd_rep
- (krb5_context,
- krb5_auth_context,
- const krb5_data *,
- krb5_ap_rep_enc_part **);
-krb5_error_code KRB5_CALLCONV krb5_mk_error
- (krb5_context,
- const krb5_error *,
- krb5_data * );
-krb5_error_code KRB5_CALLCONV krb5_rd_error
- (krb5_context,
- const krb5_data *,
- krb5_error ** );
-krb5_error_code KRB5_CALLCONV krb5_rd_safe
- (krb5_context,
- krb5_auth_context,
- const krb5_data *,
- krb5_data *,
- krb5_replay_data *);
-krb5_error_code KRB5_CALLCONV krb5_rd_priv
- (krb5_context,
- krb5_auth_context,
- const krb5_data *,
- krb5_data *,
- krb5_replay_data *);
-krb5_error_code KRB5_CALLCONV krb5_parse_name
- (krb5_context,
- const char *,
- krb5_principal * );
-krb5_error_code KRB5_CALLCONV krb5_unparse_name
- (krb5_context,
- krb5_const_principal,
- char ** );
-krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext
- (krb5_context,
- krb5_const_principal,
- char **,
- unsigned int *);
-
-krb5_error_code KRB5_CALLCONV krb5_set_principal_realm
- (krb5_context, krb5_principal, const char *);
-
-krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search
- (krb5_context,
- const krb5_address *,
- krb5_address * const *);
-krb5_boolean KRB5_CALLCONV krb5_address_compare
- (krb5_context,
- const krb5_address *,
- const krb5_address *);
-int KRB5_CALLCONV krb5_address_order
- (krb5_context,
- const krb5_address *,
- const krb5_address *);
-krb5_boolean KRB5_CALLCONV krb5_realm_compare
- (krb5_context,
- krb5_const_principal,
- krb5_const_principal);
-krb5_boolean KRB5_CALLCONV krb5_principal_compare
- (krb5_context,
- krb5_const_principal,
- krb5_const_principal);
-krb5_error_code KRB5_CALLCONV krb5_init_keyblock
- (krb5_context, krb5_enctype enctype,
- size_t length, krb5_keyblock **out);
- /* Initialize a new keyblock and allocate storage
- * for the contents of the key, which will be freed along
- * with the keyblock when krb5_free_keyblock is called.
- * It is legal to pass in a length of 0, in which
- * case contents are left unallocated.
- */
-krb5_error_code KRB5_CALLCONV krb5_copy_keyblock
- (krb5_context,
- const krb5_keyblock *,
- krb5_keyblock **);
-krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents
- (krb5_context,
- const krb5_keyblock *,
- krb5_keyblock *);
-krb5_error_code KRB5_CALLCONV krb5_copy_creds
- (krb5_context,
- const krb5_creds *,
- krb5_creds **);
-krb5_error_code KRB5_CALLCONV krb5_copy_data
- (krb5_context,
- const krb5_data *,
- krb5_data **);
-krb5_error_code KRB5_CALLCONV krb5_copy_principal
- (krb5_context,
- krb5_const_principal,
- krb5_principal *);
-#if KRB5_PRIVATE
-krb5_error_code KRB5_CALLCONV krb5_copy_addr
- (krb5_context,
- const krb5_address *,
- krb5_address **);
-#endif
-krb5_error_code KRB5_CALLCONV krb5_copy_addresses
- (krb5_context,
- krb5_address * const *,
- krb5_address ***);
-krb5_error_code KRB5_CALLCONV krb5_copy_ticket
- (krb5_context,
- const krb5_ticket *,
- krb5_ticket **);
-krb5_error_code KRB5_CALLCONV krb5_copy_authdata
- (krb5_context,
- krb5_authdata * const *,
- krb5_authdata ***);
-krb5_error_code KRB5_CALLCONV krb5_copy_authenticator
- (krb5_context,
- const krb5_authenticator *,
- krb5_authenticator **);
-krb5_error_code KRB5_CALLCONV krb5_copy_checksum
- (krb5_context,
- const krb5_checksum *,
- krb5_checksum **);
-#if KRB5_PRIVATE
-void krb5_init_ets
- (krb5_context);
-void krb5_free_ets
- (krb5_context);
-krb5_error_code krb5_generate_subkey
- (krb5_context,
- const krb5_keyblock *, krb5_keyblock **);
-krb5_error_code krb5_generate_seq_number
- (krb5_context,
- const krb5_keyblock *, krb5_ui_4 *);
-#endif
-krb5_error_code KRB5_CALLCONV krb5_get_server_rcache
- (krb5_context,
- const krb5_data *, krb5_rcache *);
-krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext
- (krb5_context, krb5_principal *, unsigned int, const char *, ...);
-krb5_error_code KRB5_CALLCONV_C krb5_build_principal
- (krb5_context, krb5_principal *, unsigned int, const char *, ...);
-#ifdef va_start
-/* XXX depending on varargs include file defining va_start... */
-krb5_error_code KRB5_CALLCONV krb5_build_principal_va
- (krb5_context,
- krb5_principal, unsigned int, const char *, va_list);
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_425_conv_principal
- (krb5_context,
- const char *name,
- const char *instance, const char *realm,
- krb5_principal *princ);
-
-krb5_error_code KRB5_CALLCONV krb5_524_conv_principal
- (krb5_context context, krb5_const_principal princ,
- char *name, char *inst, char *realm);
-
-struct credentials;
-int KRB5_CALLCONV krb5_524_convert_creds
- (krb5_context context, krb5_creds *v5creds,
- struct credentials *v4creds);
-#if KRB5_DEPRECATED
-#define krb524_convert_creds_kdc krb5_524_convert_creds
-#define krb524_init_ets(x) (0)
-#endif
-
-/* libkt.spec */
-#if KRB5_PRIVATE
-krb5_error_code KRB5_CALLCONV krb5_kt_register
- (krb5_context,
- struct _krb5_kt_ops * );
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_kt_resolve
- (krb5_context,
- const char *,
- krb5_keytab * );
-krb5_error_code KRB5_CALLCONV krb5_kt_default_name
- (krb5_context,
- char *,
- int );
-krb5_error_code KRB5_CALLCONV krb5_kt_default
- (krb5_context,
- krb5_keytab * );
-krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents
- (krb5_context,
- krb5_keytab_entry * );
-#if KRB5_PRIVATE
-/* use krb5_free_keytab_entry_contents instead */
-krb5_error_code KRB5_CALLCONV krb5_kt_free_entry
- (krb5_context,
- krb5_keytab_entry * );
-#endif
-/* remove and add are functions, so that they can return NOWRITE
- if not a writable keytab */
-krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry
- (krb5_context,
- krb5_keytab,
- krb5_keytab_entry * );
-krb5_error_code KRB5_CALLCONV krb5_kt_add_entry
- (krb5_context,
- krb5_keytab,
- krb5_keytab_entry * );
-krb5_error_code krb5_principal2salt
- (krb5_context,
- krb5_const_principal, krb5_data *);
-#if KRB5_PRIVATE
-krb5_error_code krb5_principal2salt_norealm
- (krb5_context,
- krb5_const_principal, krb5_data *);
-#endif
-/* librc.spec--see rcache.h */
-
-/* libcc.spec */
-krb5_error_code KRB5_CALLCONV krb5_cc_resolve
- (krb5_context,
- const char *,
- krb5_ccache * );
-const char * KRB5_CALLCONV krb5_cc_default_name
- (krb5_context);
-krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name
- (krb5_context, const char *);
-krb5_error_code KRB5_CALLCONV krb5_cc_default
- (krb5_context,
- krb5_ccache *);
-#if KRB5_PRIVATE
-unsigned int KRB5_CALLCONV krb5_get_notification_message
- (void);
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds
- (krb5_context context,
- krb5_ccache incc,
- krb5_ccache outcc);
-
-
-/* chk_trans.c */
-#if KRB5_PRIVATE
-krb5_error_code krb5_check_transited_list
- (krb5_context, const krb5_data *trans,
- const krb5_data *realm1, const krb5_data *realm2);
-#endif
-
-/* free_rtree.c */
-#if KRB5_PRIVATE
-void krb5_free_realm_tree
- (krb5_context,
- krb5_principal *);
-#endif
-
-/* krb5_free.c */
-void KRB5_CALLCONV krb5_free_principal
- (krb5_context, krb5_principal );
-void KRB5_CALLCONV krb5_free_authenticator
- (krb5_context, krb5_authenticator * );
-#if KRB5_PRIVATE
-void KRB5_CALLCONV krb5_free_authenticator_contents
- (krb5_context, krb5_authenticator * );
-#endif
-void KRB5_CALLCONV krb5_free_addresses
- (krb5_context, krb5_address ** );
-#if KRB5_PRIVATE
-void KRB5_CALLCONV krb5_free_address
- (krb5_context, krb5_address * );
-#endif
-void KRB5_CALLCONV krb5_free_authdata
- (krb5_context, krb5_authdata ** );
-#if KRB5_PRIVATE
-void KRB5_CALLCONV krb5_free_enc_tkt_part
- (krb5_context, krb5_enc_tkt_part * );
-#endif
-void KRB5_CALLCONV krb5_free_ticket
- (krb5_context, krb5_ticket * );
-#if KRB5_PRIVATE
-void KRB5_CALLCONV krb5_free_tickets
- (krb5_context, krb5_ticket ** );
-void KRB5_CALLCONV krb5_free_kdc_req
- (krb5_context, krb5_kdc_req * );
-void KRB5_CALLCONV krb5_free_kdc_rep
- (krb5_context, krb5_kdc_rep * );
-void KRB5_CALLCONV krb5_free_last_req
- (krb5_context, krb5_last_req_entry ** );
-void KRB5_CALLCONV krb5_free_enc_kdc_rep_part
- (krb5_context, krb5_enc_kdc_rep_part * );
-#endif
-void KRB5_CALLCONV krb5_free_error
- (krb5_context, krb5_error * );
-#if KRB5_PRIVATE
-void KRB5_CALLCONV krb5_free_ap_req
- (krb5_context, krb5_ap_req * );
-void KRB5_CALLCONV krb5_free_ap_rep
- (krb5_context, krb5_ap_rep * );
-void KRB5_CALLCONV krb5_free_cred
- (krb5_context, krb5_cred *);
-#endif
-void KRB5_CALLCONV krb5_free_creds
- (krb5_context, krb5_creds *);
-void KRB5_CALLCONV krb5_free_cred_contents
- (krb5_context, krb5_creds *);
-#if KRB5_PRIVATE
-void KRB5_CALLCONV krb5_free_cred_enc_part
- (krb5_context, krb5_cred_enc_part *);
-#endif
-void KRB5_CALLCONV krb5_free_checksum
- (krb5_context, krb5_checksum *);
-void KRB5_CALLCONV krb5_free_checksum_contents
- (krb5_context, krb5_checksum *);
-void KRB5_CALLCONV krb5_free_keyblock
- (krb5_context, krb5_keyblock *);
-void KRB5_CALLCONV krb5_free_keyblock_contents
- (krb5_context, krb5_keyblock *);
-#if KRB5_PRIVATE
-void KRB5_CALLCONV krb5_free_pa_data
- (krb5_context, krb5_pa_data **);
-#endif
-void KRB5_CALLCONV krb5_free_ap_rep_enc_part
- (krb5_context, krb5_ap_rep_enc_part *);
-#if KRB5_PRIVATE
-void KRB5_CALLCONV krb5_free_tkt_authent
- (krb5_context, krb5_tkt_authent *);
-void KRB5_CALLCONV krb5_free_pwd_data
- (krb5_context, krb5_pwd_data *);
-void KRB5_CALLCONV krb5_free_pwd_sequences
- (krb5_context, passwd_phrase_element **);
-#endif
-void KRB5_CALLCONV krb5_free_data
- (krb5_context, krb5_data *);
-void KRB5_CALLCONV krb5_free_data_contents
- (krb5_context, krb5_data *);
-void KRB5_CALLCONV krb5_free_unparsed_name
- (krb5_context, char *);
-void KRB5_CALLCONV krb5_free_cksumtypes
- (krb5_context, krb5_cksumtype *);
-
-/* From krb5/os but needed but by the outside world */
-krb5_error_code KRB5_CALLCONV krb5_us_timeofday
- (krb5_context,
- krb5_int32 *,
- krb5_int32 * );
-krb5_error_code KRB5_CALLCONV krb5_timeofday
- (krb5_context,
- krb5_int32 * );
- /* get all the addresses of this host */
-krb5_error_code KRB5_CALLCONV krb5_os_localaddr
- (krb5_context,
- krb5_address ***);
-krb5_error_code KRB5_CALLCONV krb5_get_default_realm
- (krb5_context,
- char ** );
-krb5_error_code KRB5_CALLCONV krb5_set_default_realm
- (krb5_context,
- const char * );
-void KRB5_CALLCONV krb5_free_default_realm
- (krb5_context,
- char * );
-krb5_error_code KRB5_CALLCONV krb5_sname_to_principal
- (krb5_context,
- const char *,
- const char *,
- krb5_int32,
- krb5_principal *);
-krb5_error_code KRB5_CALLCONV
-krb5_change_password
- (krb5_context context, krb5_creds *creds, char *newpw,
- int *result_code, krb5_data *result_code_string,
- krb5_data *result_string);
-krb5_error_code KRB5_CALLCONV
-krb5_set_password
- (krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for,
- int *result_code, krb5_data *result_code_string, krb5_data *result_string);
-krb5_error_code KRB5_CALLCONV
-krb5_set_password_using_ccache
- (krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for,
- int *result_code, krb5_data *result_code_string, krb5_data *result_string);
-
-#if KRB5_PRIVATE
-#ifndef macintosh
-krb5_error_code krb5_set_config_files
- (krb5_context, const char **);
-
-krb5_error_code KRB5_CALLCONV krb5_get_default_config_files
- (char ***filenames);
-
-void KRB5_CALLCONV krb5_free_config_files
- (char **filenames);
-
-#endif
-#endif
-
-krb5_error_code KRB5_CALLCONV
-krb5_get_profile
- (krb5_context, struct _profile_t * /* profile_t */ *);
-
-#if KRB5_PRIVATE
-krb5_error_code krb5_send_tgs
- (krb5_context,
- krb5_flags,
- const krb5_ticket_times *,
- const krb5_enctype *,
- krb5_const_principal,
- krb5_address * const *,
- krb5_authdata * const *,
- krb5_pa_data * const *,
- const krb5_data *,
- krb5_creds *,
- krb5_response * );
-#endif
-
-#if KRB5_DEPRECATED
-krb5_error_code KRB5_CALLCONV krb5_get_in_tkt
- (krb5_context,
- krb5_flags,
- krb5_address * const *,
- krb5_enctype *,
- krb5_preauthtype *,
- krb5_error_code ( * )(krb5_context,
- krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **),
- krb5_const_pointer,
- krb5_error_code ( * )(krb5_context,
- const krb5_keyblock *,
- krb5_const_pointer,
- krb5_kdc_rep * ),
- krb5_const_pointer,
- krb5_creds *,
- krb5_ccache,
- krb5_kdc_rep ** );
-
-krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password
- (krb5_context,
- krb5_flags,
- krb5_address * const *,
- krb5_enctype *,
- krb5_preauthtype *,
- const char *,
- krb5_ccache,
- krb5_creds *,
- krb5_kdc_rep ** );
-
-krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey
- (krb5_context,
- krb5_flags,
- krb5_address * const *,
- krb5_enctype *,
- krb5_preauthtype *,
- const krb5_keyblock *,
- krb5_ccache,
- krb5_creds *,
- krb5_kdc_rep ** );
-
-krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab
- (krb5_context,
- krb5_flags,
- krb5_address * const *,
- krb5_enctype *,
- krb5_preauthtype *,
- krb5_keytab,
- krb5_ccache,
- krb5_creds *,
- krb5_kdc_rep ** );
-#endif /* KRB5_DEPRECATED */
-
-#if KRB5_PRIVATE
-krb5_error_code krb5_decode_kdc_rep
- (krb5_context,
- krb5_data *,
- const krb5_keyblock *,
- krb5_kdc_rep ** );
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_rd_req
- (krb5_context,
- krb5_auth_context *,
- const krb5_data *,
- krb5_const_principal,
- krb5_keytab,
- krb5_flags *,
- krb5_ticket **);
-
-#if KRB5_PRIVATE
-krb5_error_code krb5_rd_req_decoded
- (krb5_context,
- krb5_auth_context *,
- const krb5_ap_req *,
- krb5_const_principal,
- krb5_keytab,
- krb5_flags *,
- krb5_ticket **);
-
-krb5_error_code krb5_rd_req_decoded_anyflag
- (krb5_context,
- krb5_auth_context *,
- const krb5_ap_req *,
- krb5_const_principal,
- krb5_keytab,
- krb5_flags *,
- krb5_ticket **);
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key
- (krb5_context,
- krb5_pointer,
- krb5_principal,
- krb5_kvno,
- krb5_enctype,
- krb5_keyblock **);
-krb5_error_code KRB5_CALLCONV krb5_mk_safe
- (krb5_context,
- krb5_auth_context,
- const krb5_data *,
- krb5_data *,
- krb5_replay_data *);
-krb5_error_code KRB5_CALLCONV krb5_mk_priv
- (krb5_context,
- krb5_auth_context,
- const krb5_data *,
- krb5_data *,
- krb5_replay_data *);
-#if KRB5_PRIVATE
-krb5_error_code KRB5_CALLCONV krb5_cc_register
- (krb5_context,
- krb5_cc_ops *,
- krb5_boolean );
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_sendauth
- (krb5_context,
- krb5_auth_context *,
- krb5_pointer,
- char *,
- krb5_principal,
- krb5_principal,
- krb5_flags,
- krb5_data *,
- krb5_creds *,
- krb5_ccache,
- krb5_error **,
- krb5_ap_rep_enc_part **,
- krb5_creds **);
-
-krb5_error_code KRB5_CALLCONV krb5_recvauth
- (krb5_context,
- krb5_auth_context *,
- krb5_pointer,
- char *,
- krb5_principal,
- krb5_int32,
- krb5_keytab,
- krb5_ticket **);
-krb5_error_code KRB5_CALLCONV krb5_recvauth_version
- (krb5_context,
- krb5_auth_context *,
- krb5_pointer,
- krb5_principal,
- krb5_int32,
- krb5_keytab,
- krb5_ticket **,
- krb5_data *);
-
-#if KRB5_PRIVATE
-krb5_error_code krb5_walk_realm_tree
- (krb5_context,
- const krb5_data *,
- const krb5_data *,
- krb5_principal **,
- int);
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_mk_ncred
- (krb5_context,
- krb5_auth_context,
- krb5_creds **,
- krb5_data **,
- krb5_replay_data *);
-
-krb5_error_code KRB5_CALLCONV krb5_mk_1cred
- (krb5_context,
- krb5_auth_context,
- krb5_creds *,
- krb5_data **,
- krb5_replay_data *);
-
-krb5_error_code KRB5_CALLCONV krb5_rd_cred
- (krb5_context,
- krb5_auth_context,
- krb5_data *,
- krb5_creds ***,
- krb5_replay_data *);
-
-krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds
- (krb5_context,
- krb5_auth_context,
- char *,
- krb5_principal,
- krb5_principal,
- krb5_ccache,
- int forwardable,
- krb5_data *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_init
- (krb5_context,
- krb5_auth_context *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_free
- (krb5_context,
- krb5_auth_context);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags
- (krb5_context,
- krb5_auth_context,
- krb5_int32);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags
- (krb5_context,
- krb5_auth_context,
- krb5_int32 *);
-
-krb5_error_code KRB5_CALLCONV
-krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context,
- krb5_mk_req_checksum_func, void *);
-
-krb5_error_code KRB5_CALLCONV
-krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context,
- krb5_mk_req_checksum_func *, void **);
-
-krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs
- (krb5_context,
- krb5_auth_context,
- krb5_address *,
- krb5_address *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs
- (krb5_context,
- krb5_auth_context,
- krb5_address **,
- krb5_address **);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setports
- (krb5_context,
- krb5_auth_context,
- krb5_address *,
- krb5_address *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey
- (krb5_context,
- krb5_auth_context,
- krb5_keyblock *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey
- (krb5_context,
- krb5_auth_context,
- krb5_keyblock **);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey(
- krb5_context, krb5_auth_context, krb5_keyblock **);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey(
- krb5_context, krb5_auth_context, krb5_keyblock **);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey(
- krb5_context, krb5_auth_context, krb5_keyblock *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey(
- krb5_context, krb5_auth_context, krb5_keyblock *);
-
-#if KRB5_DEPRECATED
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey
- (krb5_context,
- krb5_auth_context,
- krb5_keyblock **);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey
- (krb5_context,
- krb5_auth_context,
- krb5_keyblock **);
-#endif
-
-#if KRB5_PRIVATE
-krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype
- (krb5_context,
- krb5_auth_context,
- krb5_cksumtype);
-
-krb5_error_code krb5_auth_con_set_safe_cksumtype
- (krb5_context,
- krb5_auth_context,
- krb5_cksumtype);
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber
- (krb5_context,
- krb5_auth_context,
- krb5_int32 *);
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber
- (krb5_context,
- krb5_auth_context,
- krb5_int32 *);
-
-#if KRB5_DEPRECATED
-krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector
- (krb5_context,
- krb5_auth_context);
-#endif
-
-#if KRB5_PRIVATE
-krb5_error_code krb5_auth_con_setivector
- (krb5_context,
- krb5_auth_context,
- krb5_pointer);
-
-krb5_error_code krb5_auth_con_getivector
- (krb5_context,
- krb5_auth_context,
- krb5_pointer *);
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache
- (krb5_context,
- krb5_auth_context,
- krb5_rcache);
-
-krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache
- (krb5_context,
- krb5_auth_context,
- krb5_rcache *);
-
-#if KRB5_PRIVATE
-krb5_error_code krb5_auth_con_setpermetypes
- (krb5_context,
- krb5_auth_context,
- const krb5_enctype *);
-
-krb5_error_code krb5_auth_con_getpermetypes
- (krb5_context,
- krb5_auth_context,
- krb5_enctype **);
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator
- (krb5_context,
- krb5_auth_context,
- krb5_authenticator **);
-
-#define KRB5_REALM_BRANCH_CHAR '.'
-
-/*
- * end "func-proto.h"
- */
-
-/*
- * begin stuff from libos.h
- */
-
-#if KRB5_PRIVATE
-krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *);
-krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *);
-int krb5_net_read (krb5_context, int , char *, int);
-int krb5_net_write (krb5_context, int , const char *, int);
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_read_password
- (krb5_context,
- const char *,
- const char *,
- char *,
- unsigned int * );
-krb5_error_code KRB5_CALLCONV krb5_aname_to_localname
- (krb5_context,
- krb5_const_principal,
- int,
- char * );
-krb5_error_code KRB5_CALLCONV krb5_get_host_realm
- (krb5_context,
- const char *,
- char *** );
-krb5_error_code KRB5_CALLCONV krb5_free_host_realm
- (krb5_context,
- char * const * );
-#if KRB5_PRIVATE
-krb5_error_code KRB5_CALLCONV krb5_get_realm_domain
- (krb5_context,
- const char *,
- char ** );
-#endif
-krb5_boolean KRB5_CALLCONV krb5_kuserok
- (krb5_context,
- krb5_principal, const char *);
-krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs
- (krb5_context,
- krb5_auth_context,
- int, int);
-#if KRB5_PRIVATE
-krb5_error_code krb5_gen_portaddr
- (krb5_context,
- const krb5_address *,
- krb5_const_pointer,
- krb5_address **);
-krb5_error_code krb5_gen_replay_name
- (krb5_context,
- const krb5_address *,
- const char *,
- char **);
-krb5_error_code krb5_make_fulladdr
- (krb5_context,
- krb5_address *,
- krb5_address *,
- krb5_address *);
-#endif
-
-krb5_error_code KRB5_CALLCONV krb5_set_real_time
- (krb5_context, krb5_int32, krb5_int32);
-
-#if KRB5_PRIVATE
-krb5_error_code krb5_set_debugging_time
- (krb5_context, krb5_int32, krb5_int32);
-krb5_error_code krb5_use_natural_time
- (krb5_context);
-#endif
-krb5_error_code KRB5_CALLCONV krb5_get_time_offsets
- (krb5_context, krb5_int32 *, krb5_int32 *);
-#if KRB5_PRIVATE
-krb5_error_code krb5_set_time_offsets
- (krb5_context, krb5_int32, krb5_int32);
-#endif
-
-/* str_conv.c */
-krb5_error_code KRB5_CALLCONV krb5_string_to_enctype
- (char *, krb5_enctype *);
-krb5_error_code KRB5_CALLCONV krb5_string_to_salttype
- (char *, krb5_int32 *);
-krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype
- (char *, krb5_cksumtype *);
-krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp
- (char *, krb5_timestamp *);
-krb5_error_code KRB5_CALLCONV krb5_string_to_deltat
- (char *, krb5_deltat *);
-krb5_error_code KRB5_CALLCONV krb5_enctype_to_string
- (krb5_enctype, char *, size_t);
-krb5_error_code KRB5_CALLCONV krb5_salttype_to_string
- (krb5_int32, char *, size_t);
-krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string
- (krb5_cksumtype, char *, size_t);
-krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string
- (krb5_timestamp, char *, size_t);
-krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring
- (krb5_timestamp, char *, size_t, char *);
-krb5_error_code KRB5_CALLCONV krb5_deltat_to_string
- (krb5_deltat, char *, size_t);
-
-
-
-/* The name of the Kerberos ticket granting service... and its size */
-#define KRB5_TGS_NAME "krbtgt"
-#define KRB5_TGS_NAME_SIZE 6
-
-/* flags for recvauth */
-#define KRB5_RECVAUTH_SKIP_VERSION 0x0001
-#define KRB5_RECVAUTH_BADAUTHVERS 0x0002
-/* initial ticket api functions */
-
-typedef struct _krb5_prompt {
- char *prompt;
- int hidden;
- krb5_data *reply;
-} krb5_prompt;
-
-typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context,
- void *data,
- const char *name,
- const char *banner,
- int num_prompts,
- krb5_prompt prompts[]);
-
-
-krb5_error_code KRB5_CALLCONV
-krb5_prompter_posix (krb5_context context,
- void *data,
- const char *name,
- const char *banner,
- int num_prompts,
- krb5_prompt prompts[]);
-
-typedef struct _krb5_get_init_creds_opt {
- krb5_flags flags;
- krb5_deltat tkt_life;
- krb5_deltat renew_life;
- int forwardable;
- int proxiable;
- krb5_enctype *etype_list;
- int etype_list_length;
- krb5_address **address_list;
- krb5_preauthtype *preauth_list;
- int preauth_list_length;
- krb5_data *salt;
-} krb5_get_init_creds_opt;
-
-#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
-#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
-#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
-#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
-#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
-#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
-#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
-#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
-
-
-void KRB5_CALLCONV
-krb5_get_init_creds_opt_init
-(krb5_get_init_creds_opt *opt);
-
-void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_tkt_life
-(krb5_get_init_creds_opt *opt,
- krb5_deltat tkt_life);
-
-void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_renew_life
-(krb5_get_init_creds_opt *opt,
- krb5_deltat renew_life);
-
-void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_forwardable
-(krb5_get_init_creds_opt *opt,
- int forwardable);
-
-void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_proxiable
-(krb5_get_init_creds_opt *opt,
- int proxiable);
-
-void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_etype_list
-(krb5_get_init_creds_opt *opt,
- krb5_enctype *etype_list,
- int etype_list_length);
-
-void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_address_list
-(krb5_get_init_creds_opt *opt,
- krb5_address **addresses);
-
-void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_preauth_list
-(krb5_get_init_creds_opt *opt,
- krb5_preauthtype *preauth_list,
- int preauth_list_length);
-
-void KRB5_CALLCONV
-krb5_get_init_creds_opt_set_salt
-(krb5_get_init_creds_opt *opt,
- krb5_data *salt);
-
-krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds_password
-(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- char *password,
- krb5_prompter_fct prompter,
- void *data,
- krb5_deltat start_time,
- char *in_tkt_service,
- krb5_get_init_creds_opt *k5_gic_options);
-
-krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds_keytab
-(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_keytab arg_keytab,
- krb5_deltat start_time,
- char *in_tkt_service,
- krb5_get_init_creds_opt *k5_gic_options);
-
-typedef struct _krb5_verify_init_creds_opt {
- krb5_flags flags;
- int ap_req_nofail;
-} krb5_verify_init_creds_opt;
-
-#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
-
-void KRB5_CALLCONV
-krb5_verify_init_creds_opt_init
-(krb5_verify_init_creds_opt *k5_vic_options);
-void KRB5_CALLCONV
-krb5_verify_init_creds_opt_set_ap_req_nofail
-(krb5_verify_init_creds_opt *k5_vic_options,
- int ap_req_nofail);
-
-krb5_error_code KRB5_CALLCONV
-krb5_verify_init_creds
-(krb5_context context,
- krb5_creds *creds,
- krb5_principal ap_req_server,
- krb5_keytab ap_req_keytab,
- krb5_ccache *ccache,
- krb5_verify_init_creds_opt *k5_vic_options);
-
-krb5_error_code KRB5_CALLCONV
-krb5_get_validated_creds
-(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_ccache ccache,
- char *in_tkt_service);
-
-krb5_error_code KRB5_CALLCONV
-krb5_get_renewed_creds
-(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_ccache ccache,
- char *in_tkt_service);
-
-krb5_error_code KRB5_CALLCONV
-krb5_decode_ticket
-(const krb5_data *code,
- krb5_ticket **rep);
-
-void KRB5_CALLCONV
-krb5_appdefault_string
-(krb5_context context,
- const char *appname,
- const krb5_data *realm,
- const char *option,
- const char *default_value,
- char ** ret_value);
-
-void KRB5_CALLCONV
-krb5_appdefault_boolean
-(krb5_context context,
- const char *appname,
- const krb5_data *realm,
- const char *option,
- int default_value,
- int *ret_value);
-
-#if KRB5_PRIVATE
-/*
- * The realm iterator functions
- */
-
-krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create
- (krb5_context context, void **iter_p);
-
-krb5_error_code KRB5_CALLCONV krb5_realm_iterator
- (krb5_context context, void **iter_p, char **ret_realm);
-
-void KRB5_CALLCONV krb5_realm_iterator_free
- (krb5_context context, void **iter_p);
-
-void KRB5_CALLCONV krb5_free_realm_string
- (krb5_context context, char *str);
-#endif
-
-/*
- * Prompter enhancements
- */
-
-#define KRB5_PROMPT_TYPE_PASSWORD 0x1
-#define KRB5_PROMPT_TYPE_NEW_PASSWORD 0x2
-#define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN 0x3
-#define KRB5_PROMPT_TYPE_PREAUTH 0x4
-
-typedef krb5_int32 krb5_prompt_type;
-
-krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types
- (krb5_context context);
-
-#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import reset
-# endif
-# pragma options align=reset
-#endif
-
-KRB5INT_END_DECLS
-
-/* Don't use this! We're going to phase it out. It's just here to keep
- applications from breaking right away. */
-#define krb5_const const
-
-#endif /* KRB5_GENERAL__ */
-
-/*
- * include/krb5_err.h:
- * This file is automatically generated; please do not edit it.
- */
-
-#include <com_err.h>
-
-#define KRB5KDC_ERR_NONE (-1765328384L)
-#define KRB5KDC_ERR_NAME_EXP (-1765328383L)
-#define KRB5KDC_ERR_SERVICE_EXP (-1765328382L)
-#define KRB5KDC_ERR_BAD_PVNO (-1765328381L)
-#define KRB5KDC_ERR_C_OLD_MAST_KVNO (-1765328380L)
-#define KRB5KDC_ERR_S_OLD_MAST_KVNO (-1765328379L)
-#define KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN (-1765328378L)
-#define KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (-1765328377L)
-#define KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE (-1765328376L)
-#define KRB5KDC_ERR_NULL_KEY (-1765328375L)
-#define KRB5KDC_ERR_CANNOT_POSTDATE (-1765328374L)
-#define KRB5KDC_ERR_NEVER_VALID (-1765328373L)
-#define KRB5KDC_ERR_POLICY (-1765328372L)
-#define KRB5KDC_ERR_BADOPTION (-1765328371L)
-#define KRB5KDC_ERR_ETYPE_NOSUPP (-1765328370L)
-#define KRB5KDC_ERR_SUMTYPE_NOSUPP (-1765328369L)
-#define KRB5KDC_ERR_PADATA_TYPE_NOSUPP (-1765328368L)
-#define KRB5KDC_ERR_TRTYPE_NOSUPP (-1765328367L)
-#define KRB5KDC_ERR_CLIENT_REVOKED (-1765328366L)
-#define KRB5KDC_ERR_SERVICE_REVOKED (-1765328365L)
-#define KRB5KDC_ERR_TGT_REVOKED (-1765328364L)
-#define KRB5KDC_ERR_CLIENT_NOTYET (-1765328363L)
-#define KRB5KDC_ERR_SERVICE_NOTYET (-1765328362L)
-#define KRB5KDC_ERR_KEY_EXP (-1765328361L)
-#define KRB5KDC_ERR_PREAUTH_FAILED (-1765328360L)
-#define KRB5KDC_ERR_PREAUTH_REQUIRED (-1765328359L)
-#define KRB5KDC_ERR_SERVER_NOMATCH (-1765328358L)
-#define KRB5PLACEHOLD_27 (-1765328357L)
-#define KRB5PLACEHOLD_28 (-1765328356L)
-#define KRB5PLACEHOLD_29 (-1765328355L)
-#define KRB5PLACEHOLD_30 (-1765328354L)
-#define KRB5KRB_AP_ERR_BAD_INTEGRITY (-1765328353L)
-#define KRB5KRB_AP_ERR_TKT_EXPIRED (-1765328352L)
-#define KRB5KRB_AP_ERR_TKT_NYV (-1765328351L)
-#define KRB5KRB_AP_ERR_REPEAT (-1765328350L)
-#define KRB5KRB_AP_ERR_NOT_US (-1765328349L)
-#define KRB5KRB_AP_ERR_BADMATCH (-1765328348L)
-#define KRB5KRB_AP_ERR_SKEW (-1765328347L)
-#define KRB5KRB_AP_ERR_BADADDR (-1765328346L)
-#define KRB5KRB_AP_ERR_BADVERSION (-1765328345L)
-#define KRB5KRB_AP_ERR_MSG_TYPE (-1765328344L)
-#define KRB5KRB_AP_ERR_MODIFIED (-1765328343L)
-#define KRB5KRB_AP_ERR_BADORDER (-1765328342L)
-#define KRB5KRB_AP_ERR_ILL_CR_TKT (-1765328341L)
-#define KRB5KRB_AP_ERR_BADKEYVER (-1765328340L)
-#define KRB5KRB_AP_ERR_NOKEY (-1765328339L)
-#define KRB5KRB_AP_ERR_MUT_FAIL (-1765328338L)
-#define KRB5KRB_AP_ERR_BADDIRECTION (-1765328337L)
-#define KRB5KRB_AP_ERR_METHOD (-1765328336L)
-#define KRB5KRB_AP_ERR_BADSEQ (-1765328335L)
-#define KRB5KRB_AP_ERR_INAPP_CKSUM (-1765328334L)
-#define KRB5KRB_AP_PATH_NOT_ACCEPTED (-1765328333L)
-#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
-#define KRB5PLACEHOLD_53 (-1765328331L)
-#define KRB5PLACEHOLD_54 (-1765328330L)
-#define KRB5PLACEHOLD_55 (-1765328329L)
-#define KRB5PLACEHOLD_56 (-1765328328L)
-#define KRB5PLACEHOLD_57 (-1765328327L)
-#define KRB5PLACEHOLD_58 (-1765328326L)
-#define KRB5PLACEHOLD_59 (-1765328325L)
-#define KRB5KRB_ERR_GENERIC (-1765328324L)
-#define KRB5KRB_ERR_FIELD_TOOLONG (-1765328323L)
-#define KRB5PLACEHOLD_62 (-1765328322L)
-#define KRB5PLACEHOLD_63 (-1765328321L)
-#define KRB5PLACEHOLD_64 (-1765328320L)
-#define KRB5PLACEHOLD_65 (-1765328319L)
-#define KRB5PLACEHOLD_66 (-1765328318L)
-#define KRB5PLACEHOLD_67 (-1765328317L)
-#define KRB5PLACEHOLD_68 (-1765328316L)
-#define KRB5PLACEHOLD_69 (-1765328315L)
-#define KRB5PLACEHOLD_70 (-1765328314L)
-#define KRB5PLACEHOLD_71 (-1765328313L)
-#define KRB5PLACEHOLD_72 (-1765328312L)
-#define KRB5PLACEHOLD_73 (-1765328311L)
-#define KRB5PLACEHOLD_74 (-1765328310L)
-#define KRB5PLACEHOLD_75 (-1765328309L)
-#define KRB5PLACEHOLD_76 (-1765328308L)
-#define KRB5PLACEHOLD_77 (-1765328307L)
-#define KRB5PLACEHOLD_78 (-1765328306L)
-#define KRB5PLACEHOLD_79 (-1765328305L)
-#define KRB5PLACEHOLD_80 (-1765328304L)
-#define KRB5PLACEHOLD_81 (-1765328303L)
-#define KRB5PLACEHOLD_82 (-1765328302L)
-#define KRB5PLACEHOLD_83 (-1765328301L)
-#define KRB5PLACEHOLD_84 (-1765328300L)
-#define KRB5PLACEHOLD_85 (-1765328299L)
-#define KRB5PLACEHOLD_86 (-1765328298L)
-#define KRB5PLACEHOLD_87 (-1765328297L)
-#define KRB5PLACEHOLD_88 (-1765328296L)
-#define KRB5PLACEHOLD_89 (-1765328295L)
-#define KRB5PLACEHOLD_90 (-1765328294L)
-#define KRB5PLACEHOLD_91 (-1765328293L)
-#define KRB5PLACEHOLD_92 (-1765328292L)
-#define KRB5PLACEHOLD_93 (-1765328291L)
-#define KRB5PLACEHOLD_94 (-1765328290L)
-#define KRB5PLACEHOLD_95 (-1765328289L)
-#define KRB5PLACEHOLD_96 (-1765328288L)
-#define KRB5PLACEHOLD_97 (-1765328287L)
-#define KRB5PLACEHOLD_98 (-1765328286L)
-#define KRB5PLACEHOLD_99 (-1765328285L)
-#define KRB5PLACEHOLD_100 (-1765328284L)
-#define KRB5PLACEHOLD_101 (-1765328283L)
-#define KRB5PLACEHOLD_102 (-1765328282L)
-#define KRB5PLACEHOLD_103 (-1765328281L)
-#define KRB5PLACEHOLD_104 (-1765328280L)
-#define KRB5PLACEHOLD_105 (-1765328279L)
-#define KRB5PLACEHOLD_106 (-1765328278L)
-#define KRB5PLACEHOLD_107 (-1765328277L)
-#define KRB5PLACEHOLD_108 (-1765328276L)
-#define KRB5PLACEHOLD_109 (-1765328275L)
-#define KRB5PLACEHOLD_110 (-1765328274L)
-#define KRB5PLACEHOLD_111 (-1765328273L)
-#define KRB5PLACEHOLD_112 (-1765328272L)
-#define KRB5PLACEHOLD_113 (-1765328271L)
-#define KRB5PLACEHOLD_114 (-1765328270L)
-#define KRB5PLACEHOLD_115 (-1765328269L)
-#define KRB5PLACEHOLD_116 (-1765328268L)
-#define KRB5PLACEHOLD_117 (-1765328267L)
-#define KRB5PLACEHOLD_118 (-1765328266L)
-#define KRB5PLACEHOLD_119 (-1765328265L)
-#define KRB5PLACEHOLD_120 (-1765328264L)
-#define KRB5PLACEHOLD_121 (-1765328263L)
-#define KRB5PLACEHOLD_122 (-1765328262L)
-#define KRB5PLACEHOLD_123 (-1765328261L)
-#define KRB5PLACEHOLD_124 (-1765328260L)
-#define KRB5PLACEHOLD_125 (-1765328259L)
-#define KRB5PLACEHOLD_126 (-1765328258L)
-#define KRB5PLACEHOLD_127 (-1765328257L)
-#define KRB5_ERR_RCSID (-1765328256L)
-#define KRB5_LIBOS_BADLOCKFLAG (-1765328255L)
-#define KRB5_LIBOS_CANTREADPWD (-1765328254L)
-#define KRB5_LIBOS_BADPWDMATCH (-1765328253L)
-#define KRB5_LIBOS_PWDINTR (-1765328252L)
-#define KRB5_PARSE_ILLCHAR (-1765328251L)
-#define KRB5_PARSE_MALFORMED (-1765328250L)
-#define KRB5_CONFIG_CANTOPEN (-1765328249L)
-#define KRB5_CONFIG_BADFORMAT (-1765328248L)
-#define KRB5_CONFIG_NOTENUFSPACE (-1765328247L)
-#define KRB5_BADMSGTYPE (-1765328246L)
-#define KRB5_CC_BADNAME (-1765328245L)
-#define KRB5_CC_UNKNOWN_TYPE (-1765328244L)
-#define KRB5_CC_NOTFOUND (-1765328243L)
-#define KRB5_CC_END (-1765328242L)
-#define KRB5_NO_TKT_SUPPLIED (-1765328241L)
-#define KRB5KRB_AP_WRONG_PRINC (-1765328240L)
-#define KRB5KRB_AP_ERR_TKT_INVALID (-1765328239L)
-#define KRB5_PRINC_NOMATCH (-1765328238L)
-#define KRB5_KDCREP_MODIFIED (-1765328237L)
-#define KRB5_KDCREP_SKEW (-1765328236L)
-#define KRB5_IN_TKT_REALM_MISMATCH (-1765328235L)
-#define KRB5_PROG_ETYPE_NOSUPP (-1765328234L)
-#define KRB5_PROG_KEYTYPE_NOSUPP (-1765328233L)
-#define KRB5_WRONG_ETYPE (-1765328232L)
-#define KRB5_PROG_SUMTYPE_NOSUPP (-1765328231L)
-#define KRB5_REALM_UNKNOWN (-1765328230L)
-#define KRB5_SERVICE_UNKNOWN (-1765328229L)
-#define KRB5_KDC_UNREACH (-1765328228L)
-#define KRB5_NO_LOCALNAME (-1765328227L)
-#define KRB5_MUTUAL_FAILED (-1765328226L)
-#define KRB5_RC_TYPE_EXISTS (-1765328225L)
-#define KRB5_RC_MALLOC (-1765328224L)
-#define KRB5_RC_TYPE_NOTFOUND (-1765328223L)
-#define KRB5_RC_UNKNOWN (-1765328222L)
-#define KRB5_RC_REPLAY (-1765328221L)
-#define KRB5_RC_IO (-1765328220L)
-#define KRB5_RC_NOIO (-1765328219L)
-#define KRB5_RC_PARSE (-1765328218L)
-#define KRB5_RC_IO_EOF (-1765328217L)
-#define KRB5_RC_IO_MALLOC (-1765328216L)
-#define KRB5_RC_IO_PERM (-1765328215L)
-#define KRB5_RC_IO_IO (-1765328214L)
-#define KRB5_RC_IO_UNKNOWN (-1765328213L)
-#define KRB5_RC_IO_SPACE (-1765328212L)
-#define KRB5_TRANS_CANTOPEN (-1765328211L)
-#define KRB5_TRANS_BADFORMAT (-1765328210L)
-#define KRB5_LNAME_CANTOPEN (-1765328209L)
-#define KRB5_LNAME_NOTRANS (-1765328208L)
-#define KRB5_LNAME_BADFORMAT (-1765328207L)
-#define KRB5_CRYPTO_INTERNAL (-1765328206L)
-#define KRB5_KT_BADNAME (-1765328205L)
-#define KRB5_KT_UNKNOWN_TYPE (-1765328204L)
-#define KRB5_KT_NOTFOUND (-1765328203L)
-#define KRB5_KT_END (-1765328202L)
-#define KRB5_KT_NOWRITE (-1765328201L)
-#define KRB5_KT_IOERR (-1765328200L)
-#define KRB5_NO_TKT_IN_RLM (-1765328199L)
-#define KRB5DES_BAD_KEYPAR (-1765328198L)
-#define KRB5DES_WEAK_KEY (-1765328197L)
-#define KRB5_BAD_ENCTYPE (-1765328196L)
-#define KRB5_BAD_KEYSIZE (-1765328195L)
-#define KRB5_BAD_MSIZE (-1765328194L)
-#define KRB5_CC_TYPE_EXISTS (-1765328193L)
-#define KRB5_KT_TYPE_EXISTS (-1765328192L)
-#define KRB5_CC_IO (-1765328191L)
-#define KRB5_FCC_PERM (-1765328190L)
-#define KRB5_FCC_NOFILE (-1765328189L)
-#define KRB5_FCC_INTERNAL (-1765328188L)
-#define KRB5_CC_WRITE (-1765328187L)
-#define KRB5_CC_NOMEM (-1765328186L)
-#define KRB5_CC_FORMAT (-1765328185L)
-#define KRB5_CC_NOT_KTYPE (-1765328184L)
-#define KRB5_INVALID_FLAGS (-1765328183L)
-#define KRB5_NO_2ND_TKT (-1765328182L)
-#define KRB5_NOCREDS_SUPPLIED (-1765328181L)
-#define KRB5_SENDAUTH_BADAUTHVERS (-1765328180L)
-#define KRB5_SENDAUTH_BADAPPLVERS (-1765328179L)
-#define KRB5_SENDAUTH_BADRESPONSE (-1765328178L)
-#define KRB5_SENDAUTH_REJECTED (-1765328177L)
-#define KRB5_PREAUTH_BAD_TYPE (-1765328176L)
-#define KRB5_PREAUTH_NO_KEY (-1765328175L)
-#define KRB5_PREAUTH_FAILED (-1765328174L)
-#define KRB5_RCACHE_BADVNO (-1765328173L)
-#define KRB5_CCACHE_BADVNO (-1765328172L)
-#define KRB5_KEYTAB_BADVNO (-1765328171L)
-#define KRB5_PROG_ATYPE_NOSUPP (-1765328170L)
-#define KRB5_RC_REQUIRED (-1765328169L)
-#define KRB5_ERR_BAD_HOSTNAME (-1765328168L)
-#define KRB5_ERR_HOST_REALM_UNKNOWN (-1765328167L)
-#define KRB5_SNAME_UNSUPP_NAMETYPE (-1765328166L)
-#define KRB5KRB_AP_ERR_V4_REPLY (-1765328165L)
-#define KRB5_REALM_CANT_RESOLVE (-1765328164L)
-#define KRB5_TKT_NOT_FORWARDABLE (-1765328163L)
-#define KRB5_FWD_BAD_PRINCIPAL (-1765328162L)
-#define KRB5_GET_IN_TKT_LOOP (-1765328161L)
-#define KRB5_CONFIG_NODEFREALM (-1765328160L)
-#define KRB5_SAM_UNSUPPORTED (-1765328159L)
-#define KRB5_SAM_INVALID_ETYPE (-1765328158L)
-#define KRB5_SAM_NO_CHECKSUM (-1765328157L)
-#define KRB5_SAM_BAD_CHECKSUM (-1765328156L)
-#define KRB5_KT_NAME_TOOLONG (-1765328155L)
-#define KRB5_KT_KVNONOTFOUND (-1765328154L)
-#define KRB5_APPL_EXPIRED (-1765328153L)
-#define KRB5_LIB_EXPIRED (-1765328152L)
-#define KRB5_CHPW_PWDNULL (-1765328151L)
-#define KRB5_CHPW_FAIL (-1765328150L)
-#define KRB5_KT_FORMAT (-1765328149L)
-#define KRB5_NOPERM_ETYPE (-1765328148L)
-#define KRB5_CONFIG_ETYPE_NOSUPP (-1765328147L)
-#define KRB5_OBSOLETE_FN (-1765328146L)
-#define KRB5_EAI_FAIL (-1765328145L)
-#define KRB5_EAI_NODATA (-1765328144L)
-#define KRB5_EAI_NONAME (-1765328143L)
-#define KRB5_EAI_SERVICE (-1765328142L)
-#define KRB5_ERR_NUMERIC_REALM (-1765328141L)
-#define KRB5_ERR_BAD_S2K_PARAMS (-1765328140L)
-#define KRB5_ERR_NO_SERVICE (-1765328139L)
-#define KRB5_CC_READONLY (-1765328138L)
-#define KRB5_CC_NOSUPP (-1765328137L)
-#define ERROR_TABLE_BASE_krb5 (-1765328384L)
-
-extern const struct error_table et_krb5_error_table;
-
-#if !defined(_WIN32)
-/* for compatibility with older versions... */
-extern void initialize_krb5_error_table () /*@modifies internalState@*/;
-#else
-#define initialize_krb5_error_table()
-#endif
-
-#if !defined(_WIN32)
-#define init_krb5_err_tbl initialize_krb5_error_table
-#define krb5_err_base ERROR_TABLE_BASE_krb5
-#endif
-/*
- * include/kdb5_err.h:
- * This file is automatically generated; please do not edit it.
- */
-
-#include <com_err.h>
-
-#define KRB5_KDB_RCSID (-1780008448L)
-#define KRB5_KDB_INUSE (-1780008447L)
-#define KRB5_KDB_UK_SERROR (-1780008446L)
-#define KRB5_KDB_UK_RERROR (-1780008445L)
-#define KRB5_KDB_UNAUTH (-1780008444L)
-#define KRB5_KDB_NOENTRY (-1780008443L)
-#define KRB5_KDB_ILL_WILDCARD (-1780008442L)
-#define KRB5_KDB_DB_INUSE (-1780008441L)
-#define KRB5_KDB_DB_CHANGED (-1780008440L)
-#define KRB5_KDB_TRUNCATED_RECORD (-1780008439L)
-#define KRB5_KDB_RECURSIVELOCK (-1780008438L)
-#define KRB5_KDB_NOTLOCKED (-1780008437L)
-#define KRB5_KDB_BADLOCKMODE (-1780008436L)
-#define KRB5_KDB_DBNOTINITED (-1780008435L)
-#define KRB5_KDB_DBINITED (-1780008434L)
-#define KRB5_KDB_ILLDIRECTION (-1780008433L)
-#define KRB5_KDB_NOMASTERKEY (-1780008432L)
-#define KRB5_KDB_BADMASTERKEY (-1780008431L)
-#define KRB5_KDB_INVALIDKEYSIZE (-1780008430L)
-#define KRB5_KDB_CANTREAD_STORED (-1780008429L)
-#define KRB5_KDB_BADSTORED_MKEY (-1780008428L)
-#define KRB5_KDB_CANTLOCK_DB (-1780008427L)
-#define KRB5_KDB_DB_CORRUPT (-1780008426L)
-#define KRB5_KDB_BAD_VERSION (-1780008425L)
-#define KRB5_KDB_BAD_SALTTYPE (-1780008424L)
-#define KRB5_KDB_BAD_ENCTYPE (-1780008423L)
-#define KRB5_KDB_BAD_CREATEFLAGS (-1780008422L)
-#define KRB5_KDB_NO_PERMITTED_KEY (-1780008421L)
-#define KRB5_KDB_NO_MATCHING_KEY (-1780008420L)
-#define ERROR_TABLE_BASE_kdb5 (-1780008448L)
-
-extern const struct error_table et_kdb5_error_table;
-
-#if !defined(_WIN32)
-/* for compatibility with older versions... */
-extern void initialize_kdb5_error_table () /*@modifies internalState@*/;
-#else
-#define initialize_kdb5_error_table()
-#endif
-
-#if !defined(_WIN32)
-#define init_kdb5_err_tbl initialize_kdb5_error_table
-#define kdb5_err_base ERROR_TABLE_BASE_kdb5
-#endif
-/*
- * include/kv5m_err.h:
- * This file is automatically generated; please do not edit it.
- */
-
-#include <com_err.h>
-
-#define KV5M_NONE (-1760647424L)
-#define KV5M_PRINCIPAL (-1760647423L)
-#define KV5M_DATA (-1760647422L)
-#define KV5M_KEYBLOCK (-1760647421L)
-#define KV5M_CHECKSUM (-1760647420L)
-#define KV5M_ENCRYPT_BLOCK (-1760647419L)
-#define KV5M_ENC_DATA (-1760647418L)
-#define KV5M_CRYPTOSYSTEM_ENTRY (-1760647417L)
-#define KV5M_CS_TABLE_ENTRY (-1760647416L)
-#define KV5M_CHECKSUM_ENTRY (-1760647415L)
-#define KV5M_AUTHDATA (-1760647414L)
-#define KV5M_TRANSITED (-1760647413L)
-#define KV5M_ENC_TKT_PART (-1760647412L)
-#define KV5M_TICKET (-1760647411L)
-#define KV5M_AUTHENTICATOR (-1760647410L)
-#define KV5M_TKT_AUTHENT (-1760647409L)
-#define KV5M_CREDS (-1760647408L)
-#define KV5M_LAST_REQ_ENTRY (-1760647407L)
-#define KV5M_PA_DATA (-1760647406L)
-#define KV5M_KDC_REQ (-1760647405L)
-#define KV5M_ENC_KDC_REP_PART (-1760647404L)
-#define KV5M_KDC_REP (-1760647403L)
-#define KV5M_ERROR (-1760647402L)
-#define KV5M_AP_REQ (-1760647401L)
-#define KV5M_AP_REP (-1760647400L)
-#define KV5M_AP_REP_ENC_PART (-1760647399L)
-#define KV5M_RESPONSE (-1760647398L)
-#define KV5M_SAFE (-1760647397L)
-#define KV5M_PRIV (-1760647396L)
-#define KV5M_PRIV_ENC_PART (-1760647395L)
-#define KV5M_CRED (-1760647394L)
-#define KV5M_CRED_INFO (-1760647393L)
-#define KV5M_CRED_ENC_PART (-1760647392L)
-#define KV5M_PWD_DATA (-1760647391L)
-#define KV5M_ADDRESS (-1760647390L)
-#define KV5M_KEYTAB_ENTRY (-1760647389L)
-#define KV5M_CONTEXT (-1760647388L)
-#define KV5M_OS_CONTEXT (-1760647387L)
-#define KV5M_ALT_METHOD (-1760647386L)
-#define KV5M_ETYPE_INFO_ENTRY (-1760647385L)
-#define KV5M_DB_CONTEXT (-1760647384L)
-#define KV5M_AUTH_CONTEXT (-1760647383L)
-#define KV5M_KEYTAB (-1760647382L)
-#define KV5M_RCACHE (-1760647381L)
-#define KV5M_CCACHE (-1760647380L)
-#define KV5M_PREAUTH_OPS (-1760647379L)
-#define KV5M_SAM_CHALLENGE (-1760647378L)
-#define KV5M_SAM_CHALLENGE_2 (-1760647377L)
-#define KV5M_SAM_KEY (-1760647376L)
-#define KV5M_ENC_SAM_RESPONSE_ENC (-1760647375L)
-#define KV5M_ENC_SAM_RESPONSE_ENC_2 (-1760647374L)
-#define KV5M_SAM_RESPONSE (-1760647373L)
-#define KV5M_SAM_RESPONSE_2 (-1760647372L)
-#define KV5M_PREDICTED_SAM_RESPONSE (-1760647371L)
-#define KV5M_PASSWD_PHRASE_ELEMENT (-1760647370L)
-#define KV5M_GSS_OID (-1760647369L)
-#define KV5M_GSS_QUEUE (-1760647368L)
-#define ERROR_TABLE_BASE_kv5m (-1760647424L)
-
-extern const struct error_table et_kv5m_error_table;
-
-#if !defined(_WIN32)
-/* for compatibility with older versions... */
-extern void initialize_kv5m_error_table () /*@modifies internalState@*/;
-#else
-#define initialize_kv5m_error_table()
-#endif
-
-#if !defined(_WIN32)
-#define init_kv5m_err_tbl initialize_kv5m_error_table
-#define kv5m_err_base ERROR_TABLE_BASE_kv5m
-#endif
-/*
- * include/krb524_err.h:
- * This file is automatically generated; please do not edit it.
- */
-
-#include <com_err.h>
-
-#define KRB524_BADKEY (-1750206208L)
-#define KRB524_BADADDR (-1750206207L)
-#define KRB524_BADPRINC (-1750206206L)
-#define KRB524_BADREALM (-1750206205L)
-#define KRB524_V4ERR (-1750206204L)
-#define KRB524_ENCFULL (-1750206203L)
-#define KRB524_DECEMPTY (-1750206202L)
-#define KRB524_NOTRESP (-1750206201L)
-#define KRB524_KRB4_DISABLED (-1750206200L)
-#define ERROR_TABLE_BASE_k524 (-1750206208L)
-
-extern const struct error_table et_k524_error_table;
-
-#if !defined(_WIN32)
-/* for compatibility with older versions... */
-extern void initialize_k524_error_table () /*@modifies internalState@*/;
-#else
-#define initialize_k524_error_table()
-#endif
-
-#if !defined(_WIN32)
-#define init_k524_err_tbl initialize_k524_error_table
-#define k524_err_base ERROR_TABLE_BASE_k524
-#endif
-/*
- * include/asn1_err.h:
- * This file is automatically generated; please do not edit it.
- */
-
-#include <com_err.h>
-
-#define ASN1_BAD_TIMEFORMAT (1859794432L)
-#define ASN1_MISSING_FIELD (1859794433L)
-#define ASN1_MISPLACED_FIELD (1859794434L)
-#define ASN1_TYPE_MISMATCH (1859794435L)
-#define ASN1_OVERFLOW (1859794436L)
-#define ASN1_OVERRUN (1859794437L)
-#define ASN1_BAD_ID (1859794438L)
-#define ASN1_BAD_LENGTH (1859794439L)
-#define ASN1_BAD_FORMAT (1859794440L)
-#define ASN1_PARSE_ERROR (1859794441L)
-#define ASN1_BAD_GMTIME (1859794442L)
-#define ASN1_MISMATCH_INDEF (1859794443L)
-#define ASN1_MISSING_EOC (1859794444L)
-#define ERROR_TABLE_BASE_asn1 (1859794432L)
-
-extern const struct error_table et_asn1_error_table;
-
-#if !defined(_WIN32)
-/* for compatibility with older versions... */
-extern void initialize_asn1_error_table () /*@modifies internalState@*/;
-#else
-#define initialize_asn1_error_table()
-#endif
-
-#if !defined(_WIN32)
-#define init_asn1_err_tbl initialize_asn1_error_table
-#define asn1_err_base ERROR_TABLE_BASE_asn1
-#endif
+ As of the 1.5 release, we're installing multiple Kerberos headers,
+ so they're all moving to a krb5/ subdirectory. This file is
+ present just to keep old software still compiling. Please update
+ your code to use the new path for the header. */
+#include <krb5/krb5.h>
--- /dev/null
+/*
+ * include/krb5.h
+ *
+ * Copyright 1989,1990,1995,2001, 2003 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * General definitions for Kerberos version 5.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef KRB5_GENERAL__
+#define KRB5_GENERAL__
+
+/* By default, do not expose deprecated interfaces. */
+#ifndef KRB5_DEPRECATED
+#define KRB5_DEPRECATED 0
+#endif
+/* Do not expose private interfaces. Build system will override. */
+#ifndef KRB5_PRIVATE
+#define KRB5_PRIVATE 0
+#endif
+
+#if defined(__MACH__) && defined(__APPLE__)
+# include <TargetConditionals.h>
+# if TARGET_RT_MAC_CFM
+# error "Use KfM 4.0 SDK headers for CFM compilation."
+# endif
+#endif
+
+#if defined(_MSDOS) || defined(_WIN32)
+#include <win-mac.h>
+#endif
+
+#ifndef KRB5_CONFIG__
+#ifndef KRB5_CALLCONV
+#define KRB5_CALLCONV
+#define KRB5_CALLCONV_C
+#endif /* !KRB5_CALLCONV */
+#endif /* !KRB5_CONFIG__ */
+
+#ifndef KRB5_CALLCONV_WRONG
+#define KRB5_CALLCONV_WRONG
+#endif
+
+#ifndef THREEPARAMOPEN
+#define THREEPARAMOPEN(x,y,z) open(x,y,z)
+#endif
+
+#define KRB5_OLD_CRYPTO
+
+#include <stdlib.h>
+#include <limits.h> /* for *_MAX */
+
+#ifndef KRB5INT_BEGIN_DECLS
+#if defined(__cplusplus)
+#define KRB5INT_BEGIN_DECLS extern "C" {
+#define KRB5INT_END_DECLS }
+#else
+#define KRB5INT_BEGIN_DECLS
+#define KRB5INT_END_DECLS
+#endif
+#endif
+
+KRB5INT_BEGIN_DECLS
+
+#if TARGET_OS_MAC
+# pragma options align=mac68k
+#endif
+
+/* from profile.h */
+struct _profile_t;
+/* typedef struct _profile_t *profile_t; */
+
+/*
+ * begin wordsize.h
+ */
+
+/*
+ * Word-size related definition.
+ */
+
+typedef unsigned char krb5_octet;
+
+#if INT_MAX == 0x7fff
+typedef int krb5_int16;
+typedef unsigned int krb5_ui_2;
+#elif SHRT_MAX == 0x7fff
+typedef short krb5_int16;
+typedef unsigned short krb5_ui_2;
+#else
+#error undefined 16 bit type
+#endif
+
+#if INT_MAX == 0x7fffffffL
+typedef int krb5_int32;
+typedef unsigned int krb5_ui_4;
+#elif LONG_MAX == 0x7fffffffL
+typedef long krb5_int32;
+typedef unsigned long krb5_ui_4;
+#elif SHRT_MAX == 0x7fffffffL
+typedef short krb5_int32;
+typedef unsigned short krb5_ui_4;
+#else
+#error: undefined 32 bit type
+#endif
+
+#define VALID_INT_BITS INT_MAX
+#define VALID_UINT_BITS UINT_MAX
+
+#define KRB5_INT32_MAX 2147483647
+/* this strange form is necessary since - is a unary operator, not a sign
+ indicator */
+#define KRB5_INT32_MIN (-KRB5_INT32_MAX-1)
+
+#define KRB5_INT16_MAX 65535
+/* this strange form is necessary since - is a unary operator, not a sign
+ indicator */
+#define KRB5_INT16_MIN (-KRB5_INT16_MAX-1)
+
+/*
+ * end wordsize.h
+ */
+
+/*
+ * begin "base-defs.h"
+ */
+
+/*
+ * Basic definitions for Kerberos V5 library
+ */
+
+#ifndef FALSE
+#define FALSE 0
+#endif
+#ifndef TRUE
+#define TRUE 1
+#endif
+
+typedef unsigned int krb5_boolean;
+typedef unsigned int krb5_msgtype;
+typedef unsigned int krb5_kvno;
+
+typedef krb5_int32 krb5_addrtype;
+typedef krb5_int32 krb5_enctype;
+typedef krb5_int32 krb5_cksumtype;
+typedef krb5_int32 krb5_authdatatype;
+typedef krb5_int32 krb5_keyusage;
+
+typedef krb5_int32 krb5_preauthtype; /* This may change, later on */
+typedef krb5_int32 krb5_flags;
+typedef krb5_int32 krb5_timestamp;
+typedef krb5_int32 krb5_error_code;
+typedef krb5_int32 krb5_deltat;
+
+typedef krb5_error_code krb5_magic;
+
+typedef struct _krb5_data {
+ krb5_magic magic;
+ unsigned int length;
+ char *data;
+} krb5_data;
+
+/*
+ * Hack length for crypto library to use the afs_string_to_key It is
+ * equivalent to -1 without possible sign extension
+ * We also overload for an unset salt type length - which is also -1, but
+ * hey, why not....
+*/
+#define SALT_TYPE_AFS_LENGTH UINT_MAX
+#define SALT_TYPE_NO_LENGTH UINT_MAX
+
+typedef void * krb5_pointer;
+typedef void const * krb5_const_pointer;
+
+typedef struct krb5_principal_data {
+ krb5_magic magic;
+ krb5_data realm;
+ krb5_data *data; /* An array of strings */
+ krb5_int32 length;
+ krb5_int32 type;
+} krb5_principal_data;
+
+typedef krb5_principal_data * krb5_principal;
+
+/*
+ * Per V5 spec on definition of principal types
+ */
+
+/* Name type not known */
+#define KRB5_NT_UNKNOWN 0
+/* Just the name of the principal as in DCE, or for users */
+#define KRB5_NT_PRINCIPAL 1
+/* Service and other unique instance (krbtgt) */
+#define KRB5_NT_SRV_INST 2
+/* Service with host name as instance (telnet, rcommands) */
+#define KRB5_NT_SRV_HST 3
+/* Service with host as remaining components */
+#define KRB5_NT_SRV_XHST 4
+/* Unique ID */
+#define KRB5_NT_UID 5
+
+/* constant version thereof: */
+typedef const krb5_principal_data *krb5_const_principal;
+
+#define krb5_princ_realm(context, princ) (&(princ)->realm)
+#define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value))
+#define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value)
+#define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value)
+#define krb5_princ_size(context, princ) (princ)->length
+#define krb5_princ_type(context, princ) (princ)->type
+#define krb5_princ_name(context, princ) (princ)->data
+#define krb5_princ_component(context, princ,i) \
+ (((i) < krb5_princ_size(context, princ)) \
+ ? (princ)->data + (i) \
+ : NULL)
+
+/*
+ * end "base-defs.h"
+ */
+
+/*
+ * begin "hostaddr.h"
+ */
+
+/* structure for address */
+typedef struct _krb5_address {
+ krb5_magic magic;
+ krb5_addrtype addrtype;
+ unsigned int length;
+ krb5_octet *contents;
+} krb5_address;
+
+/* per Kerberos v5 protocol spec */
+#define ADDRTYPE_INET 0x0002
+#define ADDRTYPE_CHAOS 0x0005
+#define ADDRTYPE_XNS 0x0006
+#define ADDRTYPE_ISO 0x0007
+#define ADDRTYPE_DDP 0x0010
+#define ADDRTYPE_INET6 0x0018
+/* not yet in the spec... */
+#define ADDRTYPE_ADDRPORT 0x0100
+#define ADDRTYPE_IPPORT 0x0101
+
+/* macros to determine if a type is a local type */
+#define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000)
+
+/*
+ * end "hostaddr.h"
+ */
+
+
+struct _krb5_context;
+typedef struct _krb5_context * krb5_context;
+
+struct _krb5_auth_context;
+typedef struct _krb5_auth_context * krb5_auth_context;
+
+struct _krb5_cryptosystem_entry;
+
+/*
+ * begin "encryption.h"
+ */
+
+typedef struct _krb5_keyblock {
+ krb5_magic magic;
+ krb5_enctype enctype;
+ unsigned int length;
+ krb5_octet *contents;
+} krb5_keyblock;
+
+#ifdef KRB5_OLD_CRYPTO
+typedef struct _krb5_encrypt_block {
+ krb5_magic magic;
+ krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need
+ this. it was a pointer, but it
+ doesn't have to be. gross. */
+ krb5_keyblock *key;
+} krb5_encrypt_block;
+#endif
+
+typedef struct _krb5_checksum {
+ krb5_magic magic;
+ krb5_cksumtype checksum_type; /* checksum type */
+ unsigned int length;
+ krb5_octet *contents;
+} krb5_checksum;
+
+typedef struct _krb5_enc_data {
+ krb5_magic magic;
+ krb5_enctype enctype;
+ krb5_kvno kvno;
+ krb5_data ciphertext;
+} krb5_enc_data;
+
+/* per Kerberos v5 protocol spec */
+#define ENCTYPE_NULL 0x0000
+#define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */
+#define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */
+#define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */
+#define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */
+/* XXX deprecated? */
+#define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */
+#define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */
+#define ENCTYPE_DES_HMAC_SHA1 0x0008
+#define ENCTYPE_DES3_CBC_SHA1 0x0010
+#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
+#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
+#define ENCTYPE_ARCFOUR_HMAC 0x0017
+#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
+#define ENCTYPE_UNKNOWN 0x01ff
+
+#define CKSUMTYPE_CRC32 0x0001
+#define CKSUMTYPE_RSA_MD4 0x0002
+#define CKSUMTYPE_RSA_MD4_DES 0x0003
+#define CKSUMTYPE_DESCBC 0x0004
+/* des-mac-k */
+/* rsa-md4-des-k */
+#define CKSUMTYPE_RSA_MD5 0x0007
+#define CKSUMTYPE_RSA_MD5_DES 0x0008
+#define CKSUMTYPE_NIST_SHA 0x0009
+#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c
+#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f
+#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010
+#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
+
+/* The following are entropy source designations. Whenever
+ * krb5_C_random_add_entropy is called, one of these source ids is passed
+ * in. This allows the library to better estimate bits of
+ * entropy in the sample and to keep track of what sources of entropy have
+ * contributed enough entropy. Sources marked internal MUST NOT be
+ * used by applications outside the Kerberos library
+*/
+
+enum {
+ KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/
+ KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/
+ KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/
+ /*This source should be used carefully; data in this category
+ * should be from a third party trusted to give random bits
+ * For example keys issued by the KDC in the application server.
+ */
+ KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/
+ KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/
+ KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/
+};
+
+#ifndef krb5_roundup
+/* round x up to nearest multiple of y */
+#define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y))
+#endif /* roundup */
+
+/* macro function definitions to help clean up code */
+
+#if 1
+#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
+#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
+#else
+#define krb5_x(ptr,args) ((*(ptr)) args)
+#define krb5_xc(ptr,args) ((*(ptr)) args)
+#endif
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_encrypt
+ (krb5_context context, const krb5_keyblock *key,
+ krb5_keyusage usage, const krb5_data *cipher_state,
+ const krb5_data *input, krb5_enc_data *output);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_decrypt
+ (krb5_context context, const krb5_keyblock *key,
+ krb5_keyusage usage, const krb5_data *cipher_state,
+ const krb5_enc_data *input, krb5_data *output);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_encrypt_length
+ (krb5_context context, krb5_enctype enctype,
+ size_t inputlen, size_t *length);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_block_size
+ (krb5_context context, krb5_enctype enctype,
+ size_t *blocksize);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_init_state
+(krb5_context context,
+const krb5_keyblock *key, krb5_keyusage usage,
+krb5_data *new_state);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_free_state
+(krb5_context context, const krb5_keyblock *key, krb5_data *state);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_prf (krb5_context, const krb5_keyblock *,
+ krb5_data *in, krb5_data *out);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_prf_length (krb5_context, krb5_enctype, size_t *outlen);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_make_random_key
+ (krb5_context context, krb5_enctype enctype,
+ krb5_keyblock *k5_random_key);
+
+/* Register a new entropy sample with the PRNG. may cause
+* the PRNG to be reseeded, although this is not guaranteed. See previous randsource definitions
+* for information on how each source should be used.
+*/
+krb5_error_code KRB5_CALLCONV
+ krb5_c_random_add_entropy
+(krb5_context context, unsigned int randsource_id, const krb5_data *data);
+
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_random_make_octets
+ (krb5_context context, krb5_data *data);
+
+/*
+* Collect entropy from the OS if possible. strong requests that as strong
+* of a source of entropy as available be used. Setting strong may
+* increase the probability of blocking and should not be used for normal
+* applications. Good uses include seeding the PRNG for kadmind
+* and realm setup.
+* If successful is non-null, then successful is set to 1 if the OS provided
+* entropy else zero.
+*/
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_os_entropy
+(krb5_context context, int strong, int *success);
+
+/*deprecated*/ krb5_error_code KRB5_CALLCONV
+ krb5_c_random_seed
+ (krb5_context context, krb5_data *data);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_string_to_key
+ (krb5_context context, krb5_enctype enctype,
+ const krb5_data *string, const krb5_data *salt,
+ krb5_keyblock *key);
+krb5_error_code KRB5_CALLCONV
+krb5_c_string_to_key_with_params(krb5_context context,
+ krb5_enctype enctype,
+ const krb5_data *string,
+ const krb5_data *salt,
+ const krb5_data *params,
+ krb5_keyblock *key);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_enctype_compare
+ (krb5_context context, krb5_enctype e1, krb5_enctype e2,
+ krb5_boolean *similar);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_make_checksum
+ (krb5_context context, krb5_cksumtype cksumtype,
+ const krb5_keyblock *key, krb5_keyusage usage,
+ const krb5_data *input, krb5_checksum *cksum);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_verify_checksum
+ (krb5_context context,
+ const krb5_keyblock *key, krb5_keyusage usage,
+ const krb5_data *data,
+ const krb5_checksum *cksum,
+ krb5_boolean *valid);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_checksum_length
+ (krb5_context context, krb5_cksumtype cksumtype,
+ size_t *length);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_keyed_checksum_types
+ (krb5_context context, krb5_enctype enctype,
+ unsigned int *count, krb5_cksumtype **cksumtypes);
+
+#define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1
+#define KRB5_KEYUSAGE_KDC_REP_TICKET 2
+#define KRB5_KEYUSAGE_AS_REP_ENCPART 3
+#define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4
+#define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5
+#define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6
+#define KRB5_KEYUSAGE_TGS_REQ_AUTH 7
+#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8
+#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9
+#define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10
+#define KRB5_KEYUSAGE_AP_REQ_AUTH 11
+#define KRB5_KEYUSAGE_AP_REP_ENCPART 12
+#define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13
+#define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14
+#define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15
+#define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16
+#define KRB5_KEYUSAGE_APP_DATA_CKSUM 17
+#define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18
+#define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19
+#define KRB5_KEYUSAGE_AD_MTE 20
+#define KRB5_KEYUSAGE_AD_ITE 21
+
+/* XXX need to register these */
+
+#define KRB5_KEYUSAGE_GSS_TOK_MIC 22
+#define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23
+#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24
+
+/* Defined in hardware preauth draft */
+
+#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25
+#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26
+#define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27
+
+krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype
+ (krb5_enctype ktype);
+krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype
+ (krb5_cksumtype ctype);
+krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum
+ (krb5_cksumtype ctype);
+krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum
+ (krb5_cksumtype ctype);
+
+#if KRB5_PRIVATE
+/* Use the above four instead. */
+krb5_boolean KRB5_CALLCONV valid_enctype
+ (krb5_enctype ktype);
+krb5_boolean KRB5_CALLCONV valid_cksumtype
+ (krb5_cksumtype ctype);
+krb5_boolean KRB5_CALLCONV is_coll_proof_cksum
+ (krb5_cksumtype ctype);
+krb5_boolean KRB5_CALLCONV is_keyed_cksum
+ (krb5_cksumtype ctype);
+#endif
+
+#ifdef KRB5_OLD_CRYPTO
+/*
+ * old cryptosystem routine prototypes. These are now layered
+ * on top of the functions above.
+ */
+krb5_error_code KRB5_CALLCONV krb5_encrypt
+ (krb5_context context,
+ krb5_const_pointer inptr,
+ krb5_pointer outptr,
+ size_t size,
+ krb5_encrypt_block * eblock,
+ krb5_pointer ivec);
+krb5_error_code KRB5_CALLCONV krb5_decrypt
+ (krb5_context context,
+ krb5_const_pointer inptr,
+ krb5_pointer outptr,
+ size_t size,
+ krb5_encrypt_block * eblock,
+ krb5_pointer ivec);
+krb5_error_code KRB5_CALLCONV krb5_process_key
+ (krb5_context context,
+ krb5_encrypt_block * eblock,
+ const krb5_keyblock * key);
+krb5_error_code KRB5_CALLCONV krb5_finish_key
+ (krb5_context context,
+ krb5_encrypt_block * eblock);
+krb5_error_code KRB5_CALLCONV krb5_string_to_key
+ (krb5_context context,
+ const krb5_encrypt_block * eblock,
+ krb5_keyblock * keyblock,
+ const krb5_data * data,
+ const krb5_data * salt);
+krb5_error_code KRB5_CALLCONV krb5_init_random_key
+ (krb5_context context,
+ const krb5_encrypt_block * eblock,
+ const krb5_keyblock * keyblock,
+ krb5_pointer * ptr);
+krb5_error_code KRB5_CALLCONV krb5_finish_random_key
+ (krb5_context context,
+ const krb5_encrypt_block * eblock,
+ krb5_pointer * ptr);
+krb5_error_code KRB5_CALLCONV krb5_random_key
+ (krb5_context context,
+ const krb5_encrypt_block * eblock,
+ krb5_pointer ptr,
+ krb5_keyblock ** keyblock);
+krb5_enctype KRB5_CALLCONV krb5_eblock_enctype
+ (krb5_context context,
+ const krb5_encrypt_block * eblock);
+krb5_error_code KRB5_CALLCONV krb5_use_enctype
+ (krb5_context context,
+ krb5_encrypt_block * eblock,
+ krb5_enctype enctype);
+size_t KRB5_CALLCONV krb5_encrypt_size
+ (size_t length,
+ krb5_enctype crypto);
+size_t KRB5_CALLCONV krb5_checksum_size
+ (krb5_context context,
+ krb5_cksumtype ctype);
+krb5_error_code KRB5_CALLCONV krb5_calculate_checksum
+ (krb5_context context,
+ krb5_cksumtype ctype,
+ krb5_const_pointer in, size_t in_length,
+ krb5_const_pointer seed, size_t seed_length,
+ krb5_checksum * outcksum);
+krb5_error_code KRB5_CALLCONV krb5_verify_checksum
+ (krb5_context context,
+ krb5_cksumtype ctype,
+ const krb5_checksum * cksum,
+ krb5_const_pointer in, size_t in_length,
+ krb5_const_pointer seed, size_t seed_length);
+
+#if KRB5_PRIVATE
+krb5_error_code KRB5_CALLCONV krb5_random_confounder
+ (size_t, krb5_pointer);
+
+krb5_error_code krb5_encrypt_data
+ (krb5_context context, krb5_keyblock *key,
+ krb5_pointer ivec, krb5_data *data,
+ krb5_enc_data *enc_data);
+
+krb5_error_code krb5_decrypt_data
+ (krb5_context context, krb5_keyblock *key,
+ krb5_pointer ivec, krb5_enc_data *data,
+ krb5_data *enc_data);
+#endif
+
+#endif /* KRB5_OLD_CRYPTO */
+
+/*
+ * end "encryption.h"
+ */
+
+/*
+ * begin "fieldbits.h"
+ */
+
+/* kdc_options for kdc_request */
+/* options is 32 bits; each host is responsible to put the 4 bytes
+ representing these bits into net order before transmission */
+/* #define KDC_OPT_RESERVED 0x80000000 */
+#define KDC_OPT_FORWARDABLE 0x40000000
+#define KDC_OPT_FORWARDED 0x20000000
+#define KDC_OPT_PROXIABLE 0x10000000
+#define KDC_OPT_PROXY 0x08000000
+#define KDC_OPT_ALLOW_POSTDATE 0x04000000
+#define KDC_OPT_POSTDATED 0x02000000
+/* #define KDC_OPT_UNUSED 0x01000000 */
+#define KDC_OPT_RENEWABLE 0x00800000
+/* #define KDC_OPT_UNUSED 0x00400000 */
+/* #define KDC_OPT_RESERVED 0x00200000 */
+/* #define KDC_OPT_RESERVED 0x00100000 */
+/* #define KDC_OPT_RESERVED 0x00080000 */
+/* #define KDC_OPT_RESERVED 0x00040000 */
+#define KDC_OPT_REQUEST_ANONYMOUS 0x00020000
+/* #define KDC_OPT_RESERVED 0x00010000 */
+/* #define KDC_OPT_RESERVED 0x00008000 */
+/* #define KDC_OPT_RESERVED 0x00004000 */
+/* #define KDC_OPT_RESERVED 0x00002000 */
+/* #define KDC_OPT_RESERVED 0x00001000 */
+/* #define KDC_OPT_RESERVED 0x00000800 */
+/* #define KDC_OPT_RESERVED 0x00000400 */
+/* #define KDC_OPT_RESERVED 0x00000200 */
+/* #define KDC_OPT_RESERVED 0x00000100 */
+/* #define KDC_OPT_RESERVED 0x00000080 */
+/* #define KDC_OPT_RESERVED 0x00000040 */
+#define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020
+#define KDC_OPT_RENEWABLE_OK 0x00000010
+#define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008
+/* #define KDC_OPT_UNUSED 0x00000004 */
+#define KDC_OPT_RENEW 0x00000002
+#define KDC_OPT_VALIDATE 0x00000001
+
+/*
+ * Mask of ticket flags in the TGT which should be converted into KDC
+ * options when using the TGT to get derivitive tickets.
+ *
+ * New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE |
+ * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE
+ */
+#define KDC_TKT_COMMON_MASK 0x54800000
+
+/* definitions for ap_options fields */
+/* ap_options are 32 bits; each host is responsible to put the 4 bytes
+ representing these bits into net order before transmission */
+#define AP_OPTS_RESERVED 0x80000000
+#define AP_OPTS_USE_SESSION_KEY 0x40000000
+#define AP_OPTS_MUTUAL_REQUIRED 0x20000000
+/* #define AP_OPTS_RESERVED 0x10000000 */
+/* #define AP_OPTS_RESERVED 0x08000000 */
+/* #define AP_OPTS_RESERVED 0x04000000 */
+/* #define AP_OPTS_RESERVED 0x02000000 */
+/* #define AP_OPTS_RESERVED 0x01000000 */
+/* #define AP_OPTS_RESERVED 0x00800000 */
+/* #define AP_OPTS_RESERVED 0x00400000 */
+/* #define AP_OPTS_RESERVED 0x00200000 */
+/* #define AP_OPTS_RESERVED 0x00100000 */
+/* #define AP_OPTS_RESERVED 0x00080000 */
+/* #define AP_OPTS_RESERVED 0x00040000 */
+/* #define AP_OPTS_RESERVED 0x00020000 */
+/* #define AP_OPTS_RESERVED 0x00010000 */
+/* #define AP_OPTS_RESERVED 0x00008000 */
+/* #define AP_OPTS_RESERVED 0x00004000 */
+/* #define AP_OPTS_RESERVED 0x00002000 */
+/* #define AP_OPTS_RESERVED 0x00001000 */
+/* #define AP_OPTS_RESERVED 0x00000800 */
+/* #define AP_OPTS_RESERVED 0x00000400 */
+/* #define AP_OPTS_RESERVED 0x00000200 */
+/* #define AP_OPTS_RESERVED 0x00000100 */
+/* #define AP_OPTS_RESERVED 0x00000080 */
+/* #define AP_OPTS_RESERVED 0x00000040 */
+/* #define AP_OPTS_RESERVED 0x00000020 */
+/* #define AP_OPTS_RESERVED 0x00000010 */
+/* #define AP_OPTS_RESERVED 0x00000008 */
+/* #define AP_OPTS_RESERVED 0x00000004 */
+/* #define AP_OPTS_RESERVED 0x00000002 */
+#define AP_OPTS_USE_SUBKEY 0x00000001
+
+#define AP_OPTS_WIRE_MASK 0xfffffff0
+
+/* definitions for ad_type fields. */
+#define AD_TYPE_RESERVED 0x8000
+#define AD_TYPE_EXTERNAL 0x4000
+#define AD_TYPE_REGISTERED 0x2000
+
+#define AD_TYPE_FIELD_TYPE_MASK 0x1fff
+
+/* Ticket flags */
+/* flags are 32 bits; each host is responsible to put the 4 bytes
+ representing these bits into net order before transmission */
+/* #define TKT_FLG_RESERVED 0x80000000 */
+#define TKT_FLG_FORWARDABLE 0x40000000
+#define TKT_FLG_FORWARDED 0x20000000
+#define TKT_FLG_PROXIABLE 0x10000000
+#define TKT_FLG_PROXY 0x08000000
+#define TKT_FLG_MAY_POSTDATE 0x04000000
+#define TKT_FLG_POSTDATED 0x02000000
+#define TKT_FLG_INVALID 0x01000000
+#define TKT_FLG_RENEWABLE 0x00800000
+#define TKT_FLG_INITIAL 0x00400000
+#define TKT_FLG_PRE_AUTH 0x00200000
+#define TKT_FLG_HW_AUTH 0x00100000
+#define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000
+#define TKT_FLG_OK_AS_DELEGATE 0x00040000
+#define TKT_FLG_ANONYMOUS 0x00020000
+/* #define TKT_FLG_RESERVED 0x00010000 */
+/* #define TKT_FLG_RESERVED 0x00008000 */
+/* #define TKT_FLG_RESERVED 0x00004000 */
+/* #define TKT_FLG_RESERVED 0x00002000 */
+/* #define TKT_FLG_RESERVED 0x00001000 */
+/* #define TKT_FLG_RESERVED 0x00000800 */
+/* #define TKT_FLG_RESERVED 0x00000400 */
+/* #define TKT_FLG_RESERVED 0x00000200 */
+/* #define TKT_FLG_RESERVED 0x00000100 */
+/* #define TKT_FLG_RESERVED 0x00000080 */
+/* #define TKT_FLG_RESERVED 0x00000040 */
+/* #define TKT_FLG_RESERVED 0x00000020 */
+/* #define TKT_FLG_RESERVED 0x00000010 */
+/* #define TKT_FLG_RESERVED 0x00000008 */
+/* #define TKT_FLG_RESERVED 0x00000004 */
+/* #define TKT_FLG_RESERVED 0x00000002 */
+/* #define TKT_FLG_RESERVED 0x00000001 */
+
+/* definitions for lr_type fields. */
+#define LR_TYPE_THIS_SERVER_ONLY 0x8000
+
+#define LR_TYPE_INTERPRETATION_MASK 0x7fff
+
+/* definitions for ad_type fields. */
+#define AD_TYPE_EXTERNAL 0x4000
+#define AD_TYPE_REGISTERED 0x2000
+
+#define AD_TYPE_FIELD_TYPE_MASK 0x1fff
+#define AD_TYPE_INTERNAL_MASK 0x3fff
+
+/* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */
+#define MSEC_DIRBIT 0x8000
+#define MSEC_VAL_MASK 0x7fff
+
+/*
+ * end "fieldbits.h"
+ */
+
+/*
+ * begin "proto.h"
+ */
+
+/* Protocol version number */
+#define KRB5_PVNO 5
+
+/* Message types */
+
+#define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */
+#define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */
+#define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */
+#define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */
+#define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */
+#define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */
+#define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */
+#define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */
+#define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */
+#define KRB5_ERROR ((krb5_msgtype)30) /* Error response */
+
+/* LastReq types */
+#define KRB5_LRQ_NONE 0
+#define KRB5_LRQ_ALL_LAST_TGT 1
+#define KRB5_LRQ_ONE_LAST_TGT (-1)
+#define KRB5_LRQ_ALL_LAST_INITIAL 2
+#define KRB5_LRQ_ONE_LAST_INITIAL (-2)
+#define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3
+#define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3)
+#define KRB5_LRQ_ALL_LAST_RENEWAL 4
+#define KRB5_LRQ_ONE_LAST_RENEWAL (-4)
+#define KRB5_LRQ_ALL_LAST_REQ 5
+#define KRB5_LRQ_ONE_LAST_REQ (-5)
+#define KRB5_LRQ_ALL_PW_EXPTIME 6
+#define KRB5_LRQ_ONE_PW_EXPTIME (-6)
+
+/* PADATA types */
+#define KRB5_PADATA_NONE 0
+#define KRB5_PADATA_AP_REQ 1
+#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ
+#define KRB5_PADATA_ENC_TIMESTAMP 2
+#define KRB5_PADATA_PW_SALT 3
+#if 0 /* Not used */
+#define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */
+#endif
+#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */
+#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */
+#define KRB5_PADATA_SESAME 7 /* Sesame project */
+#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */
+#define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */
+#define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */
+#define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */
+#define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */
+#define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */
+#define KRB5_PADATA_PK_AS_REQ 14 /* PKINIT */
+#define KRB5_PADATA_PK_AS_REP 15 /* PKINIT */
+#define KRB5_PADATA_ETYPE_INFO2 19
+#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */
+#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */
+
+#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000
+#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000
+#define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */
+
+/* Reserved for SPX pre-authentication. */
+#define KRB5_PADATA_DASS 16
+
+/* Transited encoding types */
+#define KRB5_DOMAIN_X500_COMPRESS 1
+
+/* alternate authentication types */
+#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64
+
+/* authorization data types */
+#define KRB5_AUTHDATA_OSF_DCE 64
+#define KRB5_AUTHDATA_SESAME 65
+
+/* password change constants */
+
+#define KRB5_KPASSWD_SUCCESS 0
+#define KRB5_KPASSWD_MALFORMED 1
+#define KRB5_KPASSWD_HARDERROR 2
+#define KRB5_KPASSWD_AUTHERROR 3
+#define KRB5_KPASSWD_SOFTERROR 4
+/* These are Microsoft's extensions in RFC 3244, and it looks like
+ they'll become standardized, possibly with other additions. */
+#define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */
+#define KRB5_KPASSWD_BAD_VERSION 6
+#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */
+
+/*
+ * end "proto.h"
+ */
+
+/* Time set */
+typedef struct _krb5_ticket_times {
+ krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
+ in ticket? otherwise client can't get this */
+ krb5_timestamp starttime; /* optional in ticket, if not present,
+ use authtime */
+ krb5_timestamp endtime;
+ krb5_timestamp renew_till;
+} krb5_ticket_times;
+
+/* structure for auth data */
+typedef struct _krb5_authdata {
+ krb5_magic magic;
+ krb5_authdatatype ad_type;
+ unsigned int length;
+ krb5_octet *contents;
+} krb5_authdata;
+
+/* structure for transited encoding */
+typedef struct _krb5_transited {
+ krb5_magic magic;
+ krb5_octet tr_type;
+ krb5_data tr_contents;
+} krb5_transited;
+
+typedef struct _krb5_enc_tkt_part {
+ krb5_magic magic;
+ /* to-be-encrypted portion */
+ krb5_flags flags; /* flags */
+ krb5_keyblock *session; /* session key: includes enctype */
+ krb5_principal client; /* client name/realm */
+ krb5_transited transited; /* list of transited realms */
+ krb5_ticket_times times; /* auth, start, end, renew_till */
+ krb5_address **caddrs; /* array of ptrs to addresses */
+ krb5_authdata **authorization_data; /* auth data */
+} krb5_enc_tkt_part;
+
+typedef struct _krb5_ticket {
+ krb5_magic magic;
+ /* cleartext portion */
+ krb5_principal server; /* server name/realm */
+ krb5_enc_data enc_part; /* encryption type, kvno, encrypted
+ encoding */
+ krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if
+ available */
+} krb5_ticket;
+
+/* the unencrypted version */
+typedef struct _krb5_authenticator {
+ krb5_magic magic;
+ krb5_principal client; /* client name/realm */
+ krb5_checksum *checksum; /* checksum, includes type, optional */
+ krb5_int32 cusec; /* client usec portion */
+ krb5_timestamp ctime; /* client sec portion */
+ krb5_keyblock *subkey; /* true session key, optional */
+ krb5_ui_4 seq_number; /* sequence #, optional */
+ krb5_authdata **authorization_data; /* New add by Ari, auth data */
+} krb5_authenticator;
+
+typedef struct _krb5_tkt_authent {
+ krb5_magic magic;
+ krb5_ticket *ticket;
+ krb5_authenticator *authenticator;
+ krb5_flags ap_options;
+} krb5_tkt_authent;
+
+/* credentials: Ticket, session key, etc. */
+typedef struct _krb5_creds {
+ krb5_magic magic;
+ krb5_principal client; /* client's principal identifier */
+ krb5_principal server; /* server's principal identifier */
+ krb5_keyblock keyblock; /* session encryption key info */
+ krb5_ticket_times times; /* lifetime info */
+ krb5_boolean is_skey; /* true if ticket is encrypted in
+ another ticket's skey */
+ krb5_flags ticket_flags; /* flags in ticket */
+ krb5_address **addresses; /* addrs in ticket */
+ krb5_data ticket; /* ticket string itself */
+ krb5_data second_ticket; /* second ticket, if related to
+ ticket (via DUPLICATE-SKEY or
+ ENC-TKT-IN-SKEY) */
+ krb5_authdata **authdata; /* authorization data */
+} krb5_creds;
+
+/* Last request fields */
+typedef struct _krb5_last_req_entry {
+ krb5_magic magic;
+ krb5_int32 lr_type;
+ krb5_timestamp value;
+} krb5_last_req_entry;
+
+/* pre-authentication data */
+typedef struct _krb5_pa_data {
+ krb5_magic magic;
+ krb5_preauthtype pa_type;
+ unsigned int length;
+ krb5_octet *contents;
+} krb5_pa_data;
+
+typedef struct _krb5_kdc_req {
+ krb5_magic magic;
+ krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */
+ krb5_pa_data **padata; /* e.g. encoded AP_REQ */
+ /* real body */
+ krb5_flags kdc_options; /* requested options */
+ krb5_principal client; /* includes realm; optional */
+ krb5_principal server; /* includes realm (only used if no
+ client) */
+ krb5_timestamp from; /* requested starttime */
+ krb5_timestamp till; /* requested endtime */
+ krb5_timestamp rtime; /* (optional) requested renew_till */
+ krb5_int32 nonce; /* nonce to match request/response */
+ int nktypes; /* # of ktypes, must be positive */
+ krb5_enctype *ktype; /* requested enctype(s) */
+ krb5_address **addresses; /* requested addresses, optional */
+ krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */
+ krb5_authdata **unenc_authdata; /* unencrypted auth data,
+ if available */
+ krb5_ticket **second_ticket;/* second ticket array; OPTIONAL */
+} krb5_kdc_req;
+
+typedef struct _krb5_enc_kdc_rep_part {
+ krb5_magic magic;
+ /* encrypted part: */
+ krb5_msgtype msg_type; /* krb5 message type */
+ krb5_keyblock *session; /* session key */
+ krb5_last_req_entry **last_req; /* array of ptrs to entries */
+ krb5_int32 nonce; /* nonce from request */
+ krb5_timestamp key_exp; /* expiration date */
+ krb5_flags flags; /* ticket flags */
+ krb5_ticket_times times; /* lifetime info */
+ krb5_principal server; /* server's principal identifier */
+ krb5_address **caddrs; /* array of ptrs to addresses,
+ optional */
+} krb5_enc_kdc_rep_part;
+
+typedef struct _krb5_kdc_rep {
+ krb5_magic magic;
+ /* cleartext part: */
+ krb5_msgtype msg_type; /* AS_REP or KDC_REP? */
+ krb5_pa_data **padata; /* preauthentication data from KDC */
+ krb5_principal client; /* client's principal identifier */
+ krb5_ticket *ticket; /* ticket */
+ krb5_enc_data enc_part; /* encryption type, kvno, encrypted
+ encoding */
+ krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */
+} krb5_kdc_rep;
+
+/* error message structure */
+typedef struct _krb5_error {
+ krb5_magic magic;
+ /* some of these may be meaningless in certain contexts */
+ krb5_timestamp ctime; /* client sec portion; optional */
+ krb5_int32 cusec; /* client usec portion; optional */
+ krb5_int32 susec; /* server usec portion */
+ krb5_timestamp stime; /* server sec portion */
+ krb5_ui_4 error; /* error code (protocol error #'s) */
+ krb5_principal client; /* client's principal identifier;
+ optional */
+ krb5_principal server; /* server's principal identifier */
+ krb5_data text; /* descriptive text */
+ krb5_data e_data; /* additional error-describing data */
+} krb5_error;
+
+typedef struct _krb5_ap_req {
+ krb5_magic magic;
+ krb5_flags ap_options; /* requested options */
+ krb5_ticket *ticket; /* ticket */
+ krb5_enc_data authenticator; /* authenticator (already encrypted) */
+} krb5_ap_req;
+
+typedef struct _krb5_ap_rep {
+ krb5_magic magic;
+ krb5_enc_data enc_part;
+} krb5_ap_rep;
+
+typedef struct _krb5_ap_rep_enc_part {
+ krb5_magic magic;
+ krb5_timestamp ctime; /* client time, seconds portion */
+ krb5_int32 cusec; /* client time, microseconds portion */
+ krb5_keyblock *subkey; /* true session key, optional */
+ krb5_ui_4 seq_number; /* sequence #, optional */
+} krb5_ap_rep_enc_part;
+
+typedef struct _krb5_response {
+ krb5_magic magic;
+ krb5_octet message_type;
+ krb5_data response;
+ krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */
+ krb5_timestamp request_time; /* When we made the request */
+} krb5_response;
+
+typedef struct _krb5_cred_info {
+ krb5_magic magic;
+ krb5_keyblock *session; /* session key used to encrypt */
+ /* ticket */
+ krb5_principal client; /* client name/realm, optional */
+ krb5_principal server; /* server name/realm, optional */
+ krb5_flags flags; /* ticket flags, optional */
+ krb5_ticket_times times; /* auth, start, end, renew_till, */
+ /* optional */
+ krb5_address **caddrs; /* array of ptrs to addresses */
+} krb5_cred_info;
+
+typedef struct _krb5_cred_enc_part {
+ krb5_magic magic;
+ krb5_int32 nonce; /* nonce, optional */
+ krb5_timestamp timestamp; /* client time */
+ krb5_int32 usec; /* microsecond portion of time */
+ krb5_address *s_address; /* sender address, optional */
+ krb5_address *r_address; /* recipient address, optional */
+ krb5_cred_info **ticket_info;
+} krb5_cred_enc_part;
+
+typedef struct _krb5_cred {
+ krb5_magic magic;
+ krb5_ticket **tickets; /* tickets */
+ krb5_enc_data enc_part; /* encrypted part */
+ krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/
+} krb5_cred;
+
+/* Sandia password generation structures */
+typedef struct _passwd_phrase_element {
+ krb5_magic magic;
+ krb5_data *passwd;
+ krb5_data *phrase;
+} passwd_phrase_element;
+
+typedef struct _krb5_pwd_data {
+ krb5_magic magic;
+ int sequence_count;
+ passwd_phrase_element **element;
+} krb5_pwd_data;
+
+/* these need to be here so the typedefs are available for the prototypes */
+
+/*
+ * begin "safepriv.h"
+ */
+
+#define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001
+#define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002
+#define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004
+#define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008
+#define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010
+#define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020
+
+typedef struct krb5_replay_data {
+ krb5_timestamp timestamp;
+ krb5_int32 usec;
+ krb5_ui_4 seq;
+} krb5_replay_data;
+
+/* flags for krb5_auth_con_genaddrs() */
+#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001
+#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002
+#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004
+#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008
+
+/* type of function used as a callback to generate checksum data for
+ * mk_req */
+
+typedef krb5_error_code
+(KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *,
+ krb5_data **);
+
+/*
+ * end "safepriv.h"
+ */
+
+
+/*
+ * begin "ccache.h"
+ */
+
+typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */
+
+struct _krb5_ccache;
+typedef struct _krb5_ccache *krb5_ccache;
+struct _krb5_cc_ops;
+typedef struct _krb5_cc_ops krb5_cc_ops;
+
+/* for retrieve_cred */
+#define KRB5_TC_MATCH_TIMES 0x00000001
+#define KRB5_TC_MATCH_IS_SKEY 0x00000002
+#define KRB5_TC_MATCH_FLAGS 0x00000004
+#define KRB5_TC_MATCH_TIMES_EXACT 0x00000008
+#define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010
+#define KRB5_TC_MATCH_AUTHDATA 0x00000020
+#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040
+#define KRB5_TC_MATCH_2ND_TKT 0x00000080
+#define KRB5_TC_MATCH_KTYPE 0x00000100
+#define KRB5_TC_SUPPORTED_KTYPES 0x00000200
+
+/* for set_flags and other functions */
+#define KRB5_TC_OPENCLOSE 0x00000001
+#define KRB5_TC_NOTICKET 0x00000002
+
+const char * KRB5_CALLCONV
+krb5_cc_get_name (krb5_context context, krb5_ccache cache);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_gen_new (krb5_context context, krb5_ccache *cache);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_initialize(krb5_context context, krb5_ccache cache,
+ krb5_principal principal);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_destroy (krb5_context context, krb5_ccache cache);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_close (krb5_context context, krb5_ccache cache);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
+ krb5_creds *creds);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache,
+ krb5_flags flags, krb5_creds *mcreds,
+ krb5_creds *creds);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_principal (krb5_context context, krb5_ccache cache,
+ krb5_principal *principal);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache,
+ krb5_cc_cursor *cursor);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_next_cred (krb5_context context, krb5_ccache cache,
+ krb5_cc_cursor *cursor, krb5_creds *creds);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache,
+ krb5_cc_cursor *cursor);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags,
+ krb5_creds *creds);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_flags (krb5_context context, krb5_ccache cache, krb5_flags *flags);
+
+const char * KRB5_CALLCONV
+krb5_cc_get_type (krb5_context context, krb5_ccache cache);
+
+/*
+ * end "ccache.h"
+ */
+
+/*
+ * begin "rcache.h"
+ */
+
+struct krb5_rc_st;
+typedef struct krb5_rc_st *krb5_rcache;
+
+/*
+ * end "rcache.h"
+ */
+
+/*
+ * begin "keytab.h"
+ */
+
+
+/* XXX */
+#define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */
+
+typedef krb5_pointer krb5_kt_cursor; /* XXX */
+
+typedef struct krb5_keytab_entry_st {
+ krb5_magic magic;
+ krb5_principal principal; /* principal of this key */
+ krb5_timestamp timestamp; /* time entry written to keytable */
+ krb5_kvno vno; /* key version number */
+ krb5_keyblock key; /* the secret key */
+} krb5_keytab_entry;
+
+#if KRB5_PRIVATE
+struct _krb5_kt_ops;
+typedef struct _krb5_kt { /* should move into k5-int.h */
+ krb5_magic magic;
+ const struct _krb5_kt_ops *ops;
+ krb5_pointer data;
+} *krb5_keytab;
+#else
+struct _krb5_kt;
+typedef struct _krb5_kt *krb5_keytab;
+#endif
+
+char * KRB5_CALLCONV
+krb5_kt_get_type (krb5_context, krb5_keytab keytab);
+krb5_error_code KRB5_CALLCONV
+krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name,
+ unsigned int namelen);
+krb5_error_code KRB5_CALLCONV
+krb5_kt_close(krb5_context context, krb5_keytab keytab);
+krb5_error_code KRB5_CALLCONV
+krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
+ krb5_const_principal principal, krb5_kvno vno,
+ krb5_enctype enctype, krb5_keytab_entry *entry);
+krb5_error_code KRB5_CALLCONV
+krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
+ krb5_kt_cursor *cursor);
+krb5_error_code KRB5_CALLCONV
+krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
+ krb5_keytab_entry *entry, krb5_kt_cursor *cursor);
+krb5_error_code KRB5_CALLCONV
+krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
+ krb5_kt_cursor *cursor);
+
+/*
+ * end "keytab.h"
+ */
+
+/*
+ * begin "func-proto.h"
+ */
+
+krb5_error_code KRB5_CALLCONV krb5_init_context
+ (krb5_context *);
+krb5_error_code KRB5_CALLCONV krb5_init_secure_context
+ (krb5_context *);
+void KRB5_CALLCONV krb5_free_context
+ (krb5_context);
+krb5_error_code KRB5_CALLCONV krb5_copy_context
+ (krb5_context, krb5_context *);
+
+#if KRB5_PRIVATE
+krb5_error_code krb5_set_default_in_tkt_ktypes
+ (krb5_context,
+ const krb5_enctype *);
+krb5_error_code krb5_get_default_in_tkt_ktypes
+ (krb5_context,
+ krb5_enctype **);
+
+krb5_error_code krb5_set_default_tgs_ktypes
+ (krb5_context,
+ const krb5_enctype *);
+#endif
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_default_tgs_enctypes
+ (krb5_context,
+ const krb5_enctype *);
+#if KRB5_PRIVATE
+krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes
+ (krb5_context,
+ krb5_const_principal,
+ krb5_enctype **);
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes
+ (krb5_context, krb5_enctype **);
+
+#if KRB5_PRIVATE
+void KRB5_CALLCONV krb5_free_ktypes
+ (krb5_context, krb5_enctype *);
+
+krb5_boolean krb5_is_permitted_enctype
+ (krb5_context, krb5_enctype);
+#endif
+
+krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void);
+
+/* libkrb.spec */
+#if KRB5_PRIVATE
+krb5_error_code krb5_kdc_rep_decrypt_proc
+ (krb5_context,
+ const krb5_keyblock *,
+ krb5_const_pointer,
+ krb5_kdc_rep * );
+krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part
+ (krb5_context,
+ const krb5_keyblock *,
+ krb5_ticket * );
+krb5_error_code krb5_get_cred_from_kdc
+ (krb5_context,
+ krb5_ccache, /* not const, as reading may save
+ state */
+ krb5_creds *,
+ krb5_creds **,
+ krb5_creds *** );
+krb5_error_code krb5_get_cred_from_kdc_validate
+ (krb5_context,
+ krb5_ccache, /* not const, as reading may save
+ state */
+ krb5_creds *,
+ krb5_creds **,
+ krb5_creds *** );
+krb5_error_code krb5_get_cred_from_kdc_renew
+ (krb5_context,
+ krb5_ccache, /* not const, as reading may save
+ state */
+ krb5_creds *,
+ krb5_creds **,
+ krb5_creds *** );
+#endif
+
+void KRB5_CALLCONV krb5_free_tgt_creds
+ (krb5_context,
+ krb5_creds **); /* XXX too hard to do with const */
+
+#define KRB5_GC_USER_USER 1 /* want user-user ticket */
+#define KRB5_GC_CACHED 2 /* want cached ticket only */
+
+krb5_error_code KRB5_CALLCONV krb5_get_credentials
+ (krb5_context,
+ krb5_flags,
+ krb5_ccache,
+ krb5_creds *,
+ krb5_creds **);
+krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate
+ (krb5_context,
+ krb5_flags,
+ krb5_ccache,
+ krb5_creds *,
+ krb5_creds **);
+krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew
+ (krb5_context,
+ krb5_flags,
+ krb5_ccache,
+ krb5_creds *,
+ krb5_creds **);
+#if KRB5_PRIVATE
+krb5_error_code krb5_get_cred_via_tkt
+ (krb5_context,
+ krb5_creds *,
+ krb5_flags,
+ krb5_address * const *,
+ krb5_creds *,
+ krb5_creds **);
+#endif
+krb5_error_code KRB5_CALLCONV krb5_mk_req
+ (krb5_context,
+ krb5_auth_context *,
+ krb5_flags,
+ char *,
+ char *,
+ krb5_data *,
+ krb5_ccache,
+ krb5_data * );
+krb5_error_code KRB5_CALLCONV krb5_mk_req_extended
+ (krb5_context,
+ krb5_auth_context *,
+ krb5_flags,
+ krb5_data *,
+ krb5_creds *,
+ krb5_data * );
+krb5_error_code KRB5_CALLCONV krb5_mk_rep
+ (krb5_context,
+ krb5_auth_context,
+ krb5_data *);
+krb5_error_code KRB5_CALLCONV krb5_rd_rep
+ (krb5_context,
+ krb5_auth_context,
+ const krb5_data *,
+ krb5_ap_rep_enc_part **);
+krb5_error_code KRB5_CALLCONV krb5_mk_error
+ (krb5_context,
+ const krb5_error *,
+ krb5_data * );
+krb5_error_code KRB5_CALLCONV krb5_rd_error
+ (krb5_context,
+ const krb5_data *,
+ krb5_error ** );
+krb5_error_code KRB5_CALLCONV krb5_rd_safe
+ (krb5_context,
+ krb5_auth_context,
+ const krb5_data *,
+ krb5_data *,
+ krb5_replay_data *);
+krb5_error_code KRB5_CALLCONV krb5_rd_priv
+ (krb5_context,
+ krb5_auth_context,
+ const krb5_data *,
+ krb5_data *,
+ krb5_replay_data *);
+krb5_error_code KRB5_CALLCONV krb5_parse_name
+ (krb5_context,
+ const char *,
+ krb5_principal * );
+krb5_error_code KRB5_CALLCONV krb5_unparse_name
+ (krb5_context,
+ krb5_const_principal,
+ char ** );
+krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext
+ (krb5_context,
+ krb5_const_principal,
+ char **,
+ unsigned int *);
+
+krb5_error_code KRB5_CALLCONV krb5_set_principal_realm
+ (krb5_context, krb5_principal, const char *);
+
+krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search
+ (krb5_context,
+ const krb5_address *,
+ krb5_address * const *);
+krb5_boolean KRB5_CALLCONV krb5_address_compare
+ (krb5_context,
+ const krb5_address *,
+ const krb5_address *);
+int KRB5_CALLCONV krb5_address_order
+ (krb5_context,
+ const krb5_address *,
+ const krb5_address *);
+krb5_boolean KRB5_CALLCONV krb5_realm_compare
+ (krb5_context,
+ krb5_const_principal,
+ krb5_const_principal);
+krb5_boolean KRB5_CALLCONV krb5_principal_compare
+ (krb5_context,
+ krb5_const_principal,
+ krb5_const_principal);
+krb5_error_code KRB5_CALLCONV krb5_init_keyblock
+ (krb5_context, krb5_enctype enctype,
+ size_t length, krb5_keyblock **out);
+ /* Initialize a new keyblock and allocate storage
+ * for the contents of the key, which will be freed along
+ * with the keyblock when krb5_free_keyblock is called.
+ * It is legal to pass in a length of 0, in which
+ * case contents are left unallocated.
+ */
+krb5_error_code KRB5_CALLCONV krb5_copy_keyblock
+ (krb5_context,
+ const krb5_keyblock *,
+ krb5_keyblock **);
+krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents
+ (krb5_context,
+ const krb5_keyblock *,
+ krb5_keyblock *);
+krb5_error_code KRB5_CALLCONV krb5_copy_creds
+ (krb5_context,
+ const krb5_creds *,
+ krb5_creds **);
+krb5_error_code KRB5_CALLCONV krb5_copy_data
+ (krb5_context,
+ const krb5_data *,
+ krb5_data **);
+krb5_error_code KRB5_CALLCONV krb5_copy_principal
+ (krb5_context,
+ krb5_const_principal,
+ krb5_principal *);
+#if KRB5_PRIVATE
+krb5_error_code KRB5_CALLCONV krb5_copy_addr
+ (krb5_context,
+ const krb5_address *,
+ krb5_address **);
+#endif
+krb5_error_code KRB5_CALLCONV krb5_copy_addresses
+ (krb5_context,
+ krb5_address * const *,
+ krb5_address ***);
+krb5_error_code KRB5_CALLCONV krb5_copy_ticket
+ (krb5_context,
+ const krb5_ticket *,
+ krb5_ticket **);
+krb5_error_code KRB5_CALLCONV krb5_copy_authdata
+ (krb5_context,
+ krb5_authdata * const *,
+ krb5_authdata ***);
+krb5_error_code KRB5_CALLCONV krb5_copy_authenticator
+ (krb5_context,
+ const krb5_authenticator *,
+ krb5_authenticator **);
+krb5_error_code KRB5_CALLCONV krb5_copy_checksum
+ (krb5_context,
+ const krb5_checksum *,
+ krb5_checksum **);
+#if KRB5_PRIVATE
+void krb5_init_ets
+ (krb5_context);
+void krb5_free_ets
+ (krb5_context);
+krb5_error_code krb5_generate_subkey
+ (krb5_context,
+ const krb5_keyblock *, krb5_keyblock **);
+krb5_error_code krb5_generate_seq_number
+ (krb5_context,
+ const krb5_keyblock *, krb5_ui_4 *);
+#endif
+krb5_error_code KRB5_CALLCONV krb5_get_server_rcache
+ (krb5_context,
+ const krb5_data *, krb5_rcache *);
+krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext
+ (krb5_context, krb5_principal *, unsigned int, const char *, ...);
+krb5_error_code KRB5_CALLCONV_C krb5_build_principal
+ (krb5_context, krb5_principal *, unsigned int, const char *, ...);
+#ifdef va_start
+/* XXX depending on varargs include file defining va_start... */
+krb5_error_code KRB5_CALLCONV krb5_build_principal_va
+ (krb5_context,
+ krb5_principal, unsigned int, const char *, va_list);
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_425_conv_principal
+ (krb5_context,
+ const char *name,
+ const char *instance, const char *realm,
+ krb5_principal *princ);
+
+krb5_error_code KRB5_CALLCONV krb5_524_conv_principal
+ (krb5_context context, krb5_const_principal princ,
+ char *name, char *inst, char *realm);
+
+struct credentials;
+int KRB5_CALLCONV krb5_524_convert_creds
+ (krb5_context context, krb5_creds *v5creds,
+ struct credentials *v4creds);
+#if KRB5_DEPRECATED
+#define krb524_convert_creds_kdc krb5_524_convert_creds
+#define krb524_init_ets(x) (0)
+#endif
+
+/* libkt.spec */
+#if KRB5_PRIVATE
+krb5_error_code KRB5_CALLCONV krb5_kt_register
+ (krb5_context,
+ const struct _krb5_kt_ops * );
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_kt_resolve
+ (krb5_context,
+ const char *,
+ krb5_keytab * );
+krb5_error_code KRB5_CALLCONV krb5_kt_default_name
+ (krb5_context,
+ char *,
+ int );
+krb5_error_code KRB5_CALLCONV krb5_kt_default
+ (krb5_context,
+ krb5_keytab * );
+krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents
+ (krb5_context,
+ krb5_keytab_entry * );
+#if KRB5_PRIVATE
+/* use krb5_free_keytab_entry_contents instead */
+krb5_error_code KRB5_CALLCONV krb5_kt_free_entry
+ (krb5_context,
+ krb5_keytab_entry * );
+#endif
+/* remove and add are functions, so that they can return NOWRITE
+ if not a writable keytab */
+krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry
+ (krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry * );
+krb5_error_code KRB5_CALLCONV krb5_kt_add_entry
+ (krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry * );
+krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt
+ (krb5_context,
+ krb5_const_principal, krb5_data *);
+#if KRB5_PRIVATE
+krb5_error_code krb5_principal2salt_norealm
+ (krb5_context,
+ krb5_const_principal, krb5_data *);
+#endif
+/* librc.spec--see rcache.h */
+
+/* libcc.spec */
+krb5_error_code KRB5_CALLCONV krb5_cc_resolve
+ (krb5_context,
+ const char *,
+ krb5_ccache * );
+const char * KRB5_CALLCONV krb5_cc_default_name
+ (krb5_context);
+krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name
+ (krb5_context, const char *);
+krb5_error_code KRB5_CALLCONV krb5_cc_default
+ (krb5_context,
+ krb5_ccache *);
+#if KRB5_PRIVATE
+unsigned int KRB5_CALLCONV krb5_get_notification_message
+ (void);
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds
+ (krb5_context context,
+ krb5_ccache incc,
+ krb5_ccache outcc);
+
+
+/* chk_trans.c */
+#if KRB5_PRIVATE
+krb5_error_code krb5_check_transited_list
+ (krb5_context, const krb5_data *trans,
+ const krb5_data *realm1, const krb5_data *realm2);
+#endif
+
+/* free_rtree.c */
+#if KRB5_PRIVATE
+void krb5_free_realm_tree
+ (krb5_context,
+ krb5_principal *);
+#endif
+
+/* krb5_free.c */
+void KRB5_CALLCONV krb5_free_principal
+ (krb5_context, krb5_principal );
+void KRB5_CALLCONV krb5_free_authenticator
+ (krb5_context, krb5_authenticator * );
+#if KRB5_PRIVATE
+void KRB5_CALLCONV krb5_free_authenticator_contents
+ (krb5_context, krb5_authenticator * );
+#endif
+void KRB5_CALLCONV krb5_free_addresses
+ (krb5_context, krb5_address ** );
+#if KRB5_PRIVATE
+void KRB5_CALLCONV krb5_free_address
+ (krb5_context, krb5_address * );
+#endif
+void KRB5_CALLCONV krb5_free_authdata
+ (krb5_context, krb5_authdata ** );
+#if KRB5_PRIVATE
+void KRB5_CALLCONV krb5_free_enc_tkt_part
+ (krb5_context, krb5_enc_tkt_part * );
+#endif
+void KRB5_CALLCONV krb5_free_ticket
+ (krb5_context, krb5_ticket * );
+#if KRB5_PRIVATE
+void KRB5_CALLCONV krb5_free_tickets
+ (krb5_context, krb5_ticket ** );
+void KRB5_CALLCONV krb5_free_kdc_req
+ (krb5_context, krb5_kdc_req * );
+void KRB5_CALLCONV krb5_free_kdc_rep
+ (krb5_context, krb5_kdc_rep * );
+void KRB5_CALLCONV krb5_free_last_req
+ (krb5_context, krb5_last_req_entry ** );
+void KRB5_CALLCONV krb5_free_enc_kdc_rep_part
+ (krb5_context, krb5_enc_kdc_rep_part * );
+#endif
+void KRB5_CALLCONV krb5_free_error
+ (krb5_context, krb5_error * );
+#if KRB5_PRIVATE
+void KRB5_CALLCONV krb5_free_ap_req
+ (krb5_context, krb5_ap_req * );
+void KRB5_CALLCONV krb5_free_ap_rep
+ (krb5_context, krb5_ap_rep * );
+void KRB5_CALLCONV krb5_free_cred
+ (krb5_context, krb5_cred *);
+#endif
+void KRB5_CALLCONV krb5_free_creds
+ (krb5_context, krb5_creds *);
+void KRB5_CALLCONV krb5_free_cred_contents
+ (krb5_context, krb5_creds *);
+#if KRB5_PRIVATE
+void KRB5_CALLCONV krb5_free_cred_enc_part
+ (krb5_context, krb5_cred_enc_part *);
+#endif
+void KRB5_CALLCONV krb5_free_checksum
+ (krb5_context, krb5_checksum *);
+void KRB5_CALLCONV krb5_free_checksum_contents
+ (krb5_context, krb5_checksum *);
+void KRB5_CALLCONV krb5_free_keyblock
+ (krb5_context, krb5_keyblock *);
+void KRB5_CALLCONV krb5_free_keyblock_contents
+ (krb5_context, krb5_keyblock *);
+#if KRB5_PRIVATE
+void KRB5_CALLCONV krb5_free_pa_data
+ (krb5_context, krb5_pa_data **);
+#endif
+void KRB5_CALLCONV krb5_free_ap_rep_enc_part
+ (krb5_context, krb5_ap_rep_enc_part *);
+#if KRB5_PRIVATE
+void KRB5_CALLCONV krb5_free_tkt_authent
+ (krb5_context, krb5_tkt_authent *);
+void KRB5_CALLCONV krb5_free_pwd_data
+ (krb5_context, krb5_pwd_data *);
+void KRB5_CALLCONV krb5_free_pwd_sequences
+ (krb5_context, passwd_phrase_element **);
+#endif
+void KRB5_CALLCONV krb5_free_data
+ (krb5_context, krb5_data *);
+void KRB5_CALLCONV krb5_free_data_contents
+ (krb5_context, krb5_data *);
+void KRB5_CALLCONV krb5_free_unparsed_name
+ (krb5_context, char *);
+void KRB5_CALLCONV krb5_free_cksumtypes
+ (krb5_context, krb5_cksumtype *);
+
+/* From krb5/os but needed but by the outside world */
+krb5_error_code KRB5_CALLCONV krb5_us_timeofday
+ (krb5_context,
+ krb5_timestamp *,
+ krb5_int32 * );
+krb5_error_code KRB5_CALLCONV krb5_timeofday
+ (krb5_context,
+ krb5_timestamp * );
+ /* get all the addresses of this host */
+krb5_error_code KRB5_CALLCONV krb5_os_localaddr
+ (krb5_context,
+ krb5_address ***);
+krb5_error_code KRB5_CALLCONV krb5_get_default_realm
+ (krb5_context,
+ char ** );
+krb5_error_code KRB5_CALLCONV krb5_set_default_realm
+ (krb5_context,
+ const char * );
+void KRB5_CALLCONV krb5_free_default_realm
+ (krb5_context,
+ char * );
+krb5_error_code KRB5_CALLCONV krb5_sname_to_principal
+ (krb5_context,
+ const char *,
+ const char *,
+ krb5_int32,
+ krb5_principal *);
+krb5_error_code KRB5_CALLCONV
+krb5_change_password
+ (krb5_context context, krb5_creds *creds, char *newpw,
+ int *result_code, krb5_data *result_code_string,
+ krb5_data *result_string);
+krb5_error_code KRB5_CALLCONV
+krb5_set_password
+ (krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for,
+ int *result_code, krb5_data *result_code_string, krb5_data *result_string);
+krb5_error_code KRB5_CALLCONV
+krb5_set_password_using_ccache
+ (krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for,
+ int *result_code, krb5_data *result_code_string, krb5_data *result_string);
+
+#if KRB5_PRIVATE
+krb5_error_code krb5_set_config_files
+ (krb5_context, const char **);
+
+krb5_error_code KRB5_CALLCONV krb5_get_default_config_files
+ (char ***filenames);
+
+void KRB5_CALLCONV krb5_free_config_files
+ (char **filenames);
+#endif
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_profile
+ (krb5_context, struct _profile_t * /* profile_t */ *);
+
+#if KRB5_PRIVATE
+krb5_error_code krb5_send_tgs
+ (krb5_context,
+ krb5_flags,
+ const krb5_ticket_times *,
+ const krb5_enctype *,
+ krb5_const_principal,
+ krb5_address * const *,
+ krb5_authdata * const *,
+ krb5_pa_data * const *,
+ const krb5_data *,
+ krb5_creds *,
+ krb5_response * );
+#endif
+
+#if KRB5_DEPRECATED
+krb5_error_code KRB5_CALLCONV krb5_get_in_tkt
+ (krb5_context,
+ krb5_flags,
+ krb5_address * const *,
+ krb5_enctype *,
+ krb5_preauthtype *,
+ krb5_error_code ( * )(krb5_context,
+ krb5_enctype,
+ krb5_data *,
+ krb5_const_pointer,
+ krb5_keyblock **),
+ krb5_const_pointer,
+ krb5_error_code ( * )(krb5_context,
+ const krb5_keyblock *,
+ krb5_const_pointer,
+ krb5_kdc_rep * ),
+ krb5_const_pointer,
+ krb5_creds *,
+ krb5_ccache,
+ krb5_kdc_rep ** );
+
+krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password
+ (krb5_context,
+ krb5_flags,
+ krb5_address * const *,
+ krb5_enctype *,
+ krb5_preauthtype *,
+ const char *,
+ krb5_ccache,
+ krb5_creds *,
+ krb5_kdc_rep ** );
+
+krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey
+ (krb5_context,
+ krb5_flags,
+ krb5_address * const *,
+ krb5_enctype *,
+ krb5_preauthtype *,
+ const krb5_keyblock *,
+ krb5_ccache,
+ krb5_creds *,
+ krb5_kdc_rep ** );
+
+krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab
+ (krb5_context,
+ krb5_flags,
+ krb5_address * const *,
+ krb5_enctype *,
+ krb5_preauthtype *,
+ krb5_keytab,
+ krb5_ccache,
+ krb5_creds *,
+ krb5_kdc_rep ** );
+#endif /* KRB5_DEPRECATED */
+
+#if KRB5_PRIVATE
+krb5_error_code krb5_decode_kdc_rep
+ (krb5_context,
+ krb5_data *,
+ const krb5_keyblock *,
+ krb5_kdc_rep ** );
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_rd_req
+ (krb5_context,
+ krb5_auth_context *,
+ const krb5_data *,
+ krb5_const_principal,
+ krb5_keytab,
+ krb5_flags *,
+ krb5_ticket **);
+
+#if KRB5_PRIVATE
+krb5_error_code krb5_rd_req_decoded
+ (krb5_context,
+ krb5_auth_context *,
+ const krb5_ap_req *,
+ krb5_const_principal,
+ krb5_keytab,
+ krb5_flags *,
+ krb5_ticket **);
+
+krb5_error_code krb5_rd_req_decoded_anyflag
+ (krb5_context,
+ krb5_auth_context *,
+ const krb5_ap_req *,
+ krb5_const_principal,
+ krb5_keytab,
+ krb5_flags *,
+ krb5_ticket **);
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key
+ (krb5_context,
+ krb5_pointer,
+ krb5_principal,
+ krb5_kvno,
+ krb5_enctype,
+ krb5_keyblock **);
+krb5_error_code KRB5_CALLCONV krb5_mk_safe
+ (krb5_context,
+ krb5_auth_context,
+ const krb5_data *,
+ krb5_data *,
+ krb5_replay_data *);
+krb5_error_code KRB5_CALLCONV krb5_mk_priv
+ (krb5_context,
+ krb5_auth_context,
+ const krb5_data *,
+ krb5_data *,
+ krb5_replay_data *);
+#if KRB5_PRIVATE
+krb5_error_code KRB5_CALLCONV krb5_cc_register
+ (krb5_context,
+ krb5_cc_ops *,
+ krb5_boolean );
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_sendauth
+ (krb5_context,
+ krb5_auth_context *,
+ krb5_pointer,
+ char *,
+ krb5_principal,
+ krb5_principal,
+ krb5_flags,
+ krb5_data *,
+ krb5_creds *,
+ krb5_ccache,
+ krb5_error **,
+ krb5_ap_rep_enc_part **,
+ krb5_creds **);
+
+krb5_error_code KRB5_CALLCONV krb5_recvauth
+ (krb5_context,
+ krb5_auth_context *,
+ krb5_pointer,
+ char *,
+ krb5_principal,
+ krb5_int32,
+ krb5_keytab,
+ krb5_ticket **);
+krb5_error_code KRB5_CALLCONV krb5_recvauth_version
+ (krb5_context,
+ krb5_auth_context *,
+ krb5_pointer,
+ krb5_principal,
+ krb5_int32,
+ krb5_keytab,
+ krb5_ticket **,
+ krb5_data *);
+
+#if KRB5_PRIVATE
+krb5_error_code krb5_walk_realm_tree
+ (krb5_context,
+ const krb5_data *,
+ const krb5_data *,
+ krb5_principal **,
+ int);
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_mk_ncred
+ (krb5_context,
+ krb5_auth_context,
+ krb5_creds **,
+ krb5_data **,
+ krb5_replay_data *);
+
+krb5_error_code KRB5_CALLCONV krb5_mk_1cred
+ (krb5_context,
+ krb5_auth_context,
+ krb5_creds *,
+ krb5_data **,
+ krb5_replay_data *);
+
+krb5_error_code KRB5_CALLCONV krb5_rd_cred
+ (krb5_context,
+ krb5_auth_context,
+ krb5_data *,
+ krb5_creds ***,
+ krb5_replay_data *);
+
+krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds
+ (krb5_context,
+ krb5_auth_context,
+ char *,
+ krb5_principal,
+ krb5_principal,
+ krb5_ccache,
+ int forwardable,
+ krb5_data *);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_init
+ (krb5_context,
+ krb5_auth_context *);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_free
+ (krb5_context,
+ krb5_auth_context);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags
+ (krb5_context,
+ krb5_auth_context,
+ krb5_int32);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags
+ (krb5_context,
+ krb5_auth_context,
+ krb5_int32 *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context,
+ krb5_mk_req_checksum_func, void *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context,
+ krb5_mk_req_checksum_func *, void **);
+
+krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs
+ (krb5_context,
+ krb5_auth_context,
+ krb5_address *,
+ krb5_address *);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs
+ (krb5_context,
+ krb5_auth_context,
+ krb5_address **,
+ krb5_address **);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_setports
+ (krb5_context,
+ krb5_auth_context,
+ krb5_address *,
+ krb5_address *);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey
+ (krb5_context,
+ krb5_auth_context,
+ krb5_keyblock *);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey
+ (krb5_context,
+ krb5_auth_context,
+ krb5_keyblock **);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey(
+ krb5_context, krb5_auth_context, krb5_keyblock **);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey(
+ krb5_context, krb5_auth_context, krb5_keyblock **);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey(
+ krb5_context, krb5_auth_context, krb5_keyblock *);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey(
+ krb5_context, krb5_auth_context, krb5_keyblock *);
+
+#if KRB5_DEPRECATED
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey
+ (krb5_context,
+ krb5_auth_context,
+ krb5_keyblock **);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey
+ (krb5_context,
+ krb5_auth_context,
+ krb5_keyblock **);
+#endif
+
+#if KRB5_PRIVATE
+krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype
+ (krb5_context,
+ krb5_auth_context,
+ krb5_cksumtype);
+
+krb5_error_code krb5_auth_con_set_safe_cksumtype
+ (krb5_context,
+ krb5_auth_context,
+ krb5_cksumtype);
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber
+ (krb5_context,
+ krb5_auth_context,
+ krb5_int32 *);
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber
+ (krb5_context,
+ krb5_auth_context,
+ krb5_int32 *);
+
+#if KRB5_DEPRECATED
+krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector
+ (krb5_context,
+ krb5_auth_context);
+#endif
+
+#if KRB5_PRIVATE
+krb5_error_code krb5_auth_con_setivector
+ (krb5_context,
+ krb5_auth_context,
+ krb5_pointer);
+
+krb5_error_code krb5_auth_con_getivector
+ (krb5_context,
+ krb5_auth_context,
+ krb5_pointer *);
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache
+ (krb5_context,
+ krb5_auth_context,
+ krb5_rcache);
+
+krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache
+ (krb5_context,
+ krb5_auth_context,
+ krb5_rcache *);
+
+#if KRB5_PRIVATE
+krb5_error_code krb5_auth_con_setpermetypes
+ (krb5_context,
+ krb5_auth_context,
+ const krb5_enctype *);
+
+krb5_error_code krb5_auth_con_getpermetypes
+ (krb5_context,
+ krb5_auth_context,
+ krb5_enctype **);
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator
+ (krb5_context,
+ krb5_auth_context,
+ krb5_authenticator **);
+
+#define KRB5_REALM_BRANCH_CHAR '.'
+
+/*
+ * end "func-proto.h"
+ */
+
+/*
+ * begin stuff from libos.h
+ */
+
+#if KRB5_PRIVATE
+krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *);
+krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *);
+int krb5_net_read (krb5_context, int , char *, int);
+int krb5_net_write (krb5_context, int , const char *, int);
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_read_password
+ (krb5_context,
+ const char *,
+ const char *,
+ char *,
+ unsigned int * );
+krb5_error_code KRB5_CALLCONV krb5_aname_to_localname
+ (krb5_context,
+ krb5_const_principal,
+ int,
+ char * );
+krb5_error_code KRB5_CALLCONV krb5_get_host_realm
+ (krb5_context,
+ const char *,
+ char *** );
+krb5_error_code KRB5_CALLCONV krb5_free_host_realm
+ (krb5_context,
+ char * const * );
+#if KRB5_PRIVATE
+krb5_error_code KRB5_CALLCONV krb5_get_realm_domain
+ (krb5_context,
+ const char *,
+ char ** );
+#endif
+krb5_boolean KRB5_CALLCONV krb5_kuserok
+ (krb5_context,
+ krb5_principal, const char *);
+krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs
+ (krb5_context,
+ krb5_auth_context,
+ int, int);
+#if KRB5_PRIVATE
+krb5_error_code krb5_gen_portaddr
+ (krb5_context,
+ const krb5_address *,
+ krb5_const_pointer,
+ krb5_address **);
+krb5_error_code krb5_gen_replay_name
+ (krb5_context,
+ const krb5_address *,
+ const char *,
+ char **);
+krb5_error_code krb5_make_fulladdr
+ (krb5_context,
+ krb5_address *,
+ krb5_address *,
+ krb5_address *);
+#endif
+
+krb5_error_code KRB5_CALLCONV krb5_set_real_time
+ (krb5_context, krb5_timestamp, krb5_int32);
+
+#if KRB5_PRIVATE
+krb5_error_code krb5_set_debugging_time
+ (krb5_context, krb5_timestamp, krb5_int32);
+krb5_error_code krb5_use_natural_time
+ (krb5_context);
+#endif
+krb5_error_code KRB5_CALLCONV krb5_get_time_offsets
+ (krb5_context, krb5_timestamp *, krb5_int32 *);
+#if KRB5_PRIVATE
+krb5_error_code krb5_set_time_offsets
+ (krb5_context, krb5_timestamp, krb5_int32);
+#endif
+
+/* str_conv.c */
+krb5_error_code KRB5_CALLCONV krb5_string_to_enctype
+ (char *, krb5_enctype *);
+krb5_error_code KRB5_CALLCONV krb5_string_to_salttype
+ (char *, krb5_int32 *);
+krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype
+ (char *, krb5_cksumtype *);
+krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp
+ (char *, krb5_timestamp *);
+krb5_error_code KRB5_CALLCONV krb5_string_to_deltat
+ (char *, krb5_deltat *);
+krb5_error_code KRB5_CALLCONV krb5_enctype_to_string
+ (krb5_enctype, char *, size_t);
+krb5_error_code KRB5_CALLCONV krb5_salttype_to_string
+ (krb5_int32, char *, size_t);
+krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string
+ (krb5_cksumtype, char *, size_t);
+krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string
+ (krb5_timestamp, char *, size_t);
+krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring
+ (krb5_timestamp, char *, size_t, char *);
+krb5_error_code KRB5_CALLCONV krb5_deltat_to_string
+ (krb5_deltat, char *, size_t);
+
+
+
+/* The name of the Kerberos ticket granting service... and its size */
+#define KRB5_TGS_NAME "krbtgt"
+#define KRB5_TGS_NAME_SIZE 6
+
+/* flags for recvauth */
+#define KRB5_RECVAUTH_SKIP_VERSION 0x0001
+#define KRB5_RECVAUTH_BADAUTHVERS 0x0002
+/* initial ticket api functions */
+
+typedef struct _krb5_prompt {
+ char *prompt;
+ int hidden;
+ krb5_data *reply;
+} krb5_prompt;
+
+typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context,
+ void *data,
+ const char *name,
+ const char *banner,
+ int num_prompts,
+ krb5_prompt prompts[]);
+
+
+krb5_error_code KRB5_CALLCONV
+krb5_prompter_posix (krb5_context context,
+ void *data,
+ const char *name,
+ const char *banner,
+ int num_prompts,
+ krb5_prompt prompts[]);
+
+typedef struct _krb5_get_init_creds_opt {
+ krb5_flags flags;
+ krb5_deltat tkt_life;
+ krb5_deltat renew_life;
+ int forwardable;
+ int proxiable;
+ krb5_enctype *etype_list;
+ int etype_list_length;
+ krb5_address **address_list;
+ krb5_preauthtype *preauth_list;
+ int preauth_list_length;
+ krb5_data *salt;
+} krb5_get_init_creds_opt;
+
+#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
+#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
+#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
+#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
+#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
+#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
+#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
+#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
+
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_init
+(krb5_get_init_creds_opt *opt);
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_tkt_life
+(krb5_get_init_creds_opt *opt,
+ krb5_deltat tkt_life);
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_renew_life
+(krb5_get_init_creds_opt *opt,
+ krb5_deltat renew_life);
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_forwardable
+(krb5_get_init_creds_opt *opt,
+ int forwardable);
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_proxiable
+(krb5_get_init_creds_opt *opt,
+ int proxiable);
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_etype_list
+(krb5_get_init_creds_opt *opt,
+ krb5_enctype *etype_list,
+ int etype_list_length);
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_address_list
+(krb5_get_init_creds_opt *opt,
+ krb5_address **addresses);
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_preauth_list
+(krb5_get_init_creds_opt *opt,
+ krb5_preauthtype *preauth_list,
+ int preauth_list_length);
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_salt
+(krb5_get_init_creds_opt *opt,
+ krb5_data *salt);
+
+
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_password
+(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ char *password,
+ krb5_prompter_fct prompter,
+ void *data,
+ krb5_deltat start_time,
+ char *in_tkt_service,
+ krb5_get_init_creds_opt *k5_gic_options);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_keytab
+(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ krb5_keytab arg_keytab,
+ krb5_deltat start_time,
+ char *in_tkt_service,
+ krb5_get_init_creds_opt *k5_gic_options);
+
+typedef struct _krb5_verify_init_creds_opt {
+ krb5_flags flags;
+ int ap_req_nofail;
+} krb5_verify_init_creds_opt;
+
+#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
+
+void KRB5_CALLCONV
+krb5_verify_init_creds_opt_init
+(krb5_verify_init_creds_opt *k5_vic_options);
+void KRB5_CALLCONV
+krb5_verify_init_creds_opt_set_ap_req_nofail
+(krb5_verify_init_creds_opt *k5_vic_options,
+ int ap_req_nofail);
+
+krb5_error_code KRB5_CALLCONV
+krb5_verify_init_creds
+(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal ap_req_server,
+ krb5_keytab ap_req_keytab,
+ krb5_ccache *ccache,
+ krb5_verify_init_creds_opt *k5_vic_options);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_validated_creds
+(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ krb5_ccache ccache,
+ char *in_tkt_service);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_renewed_creds
+(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ krb5_ccache ccache,
+ char *in_tkt_service);
+
+krb5_error_code KRB5_CALLCONV
+krb5_decode_ticket
+(const krb5_data *code,
+ krb5_ticket **rep);
+
+void KRB5_CALLCONV
+krb5_appdefault_string
+(krb5_context context,
+ const char *appname,
+ const krb5_data *realm,
+ const char *option,
+ const char *default_value,
+ char ** ret_value);
+
+void KRB5_CALLCONV
+krb5_appdefault_boolean
+(krb5_context context,
+ const char *appname,
+ const krb5_data *realm,
+ const char *option,
+ int default_value,
+ int *ret_value);
+
+#if KRB5_PRIVATE
+/*
+ * The realm iterator functions
+ */
+
+krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create
+ (krb5_context context, void **iter_p);
+
+krb5_error_code KRB5_CALLCONV krb5_realm_iterator
+ (krb5_context context, void **iter_p, char **ret_realm);
+
+void KRB5_CALLCONV krb5_realm_iterator_free
+ (krb5_context context, void **iter_p);
+
+void KRB5_CALLCONV krb5_free_realm_string
+ (krb5_context context, char *str);
+#endif
+
+/*
+ * Prompter enhancements
+ */
+
+#define KRB5_PROMPT_TYPE_PASSWORD 0x1
+#define KRB5_PROMPT_TYPE_NEW_PASSWORD 0x2
+#define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN 0x3
+#define KRB5_PROMPT_TYPE_PREAUTH 0x4
+
+typedef krb5_int32 krb5_prompt_type;
+
+krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types
+ (krb5_context context);
+
+/* Error reporting */
+void KRB5_CALLCONV_C
+krb5_set_error_message (krb5_context, krb5_error_code, const char *, ...);
+#ifdef va_start
+void KRB5_CALLCONV
+krb5_vset_error_message (krb5_context, krb5_error_code, const char *, va_list);
+#endif
+/*
+ * The behavior of krb5_get_error_message is only defined the first
+ * time it is called after a failed call to a krb5 function using the
+ * same context, and only when the error code passed in is the same as
+ * that returned by the krb5 function. Future versions may return the
+ * same string for the second and following calls.
+ *
+ * The string returned by this function must be freed using
+ * krb5_free_error_message.
+ */
+char * KRB5_CALLCONV
+krb5_get_error_message (krb5_context, krb5_error_code);
+void KRB5_CALLCONV
+krb5_free_error_message (krb5_context, char *);
+void KRB5_CALLCONV
+krb5_clear_error_message (krb5_context);
+
+
+#if TARGET_OS_MAC
+# pragma options align=reset
+#endif
+
+KRB5INT_END_DECLS
+
+/* Don't use this! We're going to phase it out. It's just here to keep
+ applications from breaking right away. */
+#define krb5_const const
+
+#endif /* KRB5_GENERAL__ */
+
+/*
+ * include/krb5_err.h:
+ * This file is automatically generated; please do not edit it.
+ */
+
+#include <com_err.h>
+
+#define KRB5KDC_ERR_NONE (-1765328384L)
+#define KRB5KDC_ERR_NAME_EXP (-1765328383L)
+#define KRB5KDC_ERR_SERVICE_EXP (-1765328382L)
+#define KRB5KDC_ERR_BAD_PVNO (-1765328381L)
+#define KRB5KDC_ERR_C_OLD_MAST_KVNO (-1765328380L)
+#define KRB5KDC_ERR_S_OLD_MAST_KVNO (-1765328379L)
+#define KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN (-1765328378L)
+#define KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (-1765328377L)
+#define KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE (-1765328376L)
+#define KRB5KDC_ERR_NULL_KEY (-1765328375L)
+#define KRB5KDC_ERR_CANNOT_POSTDATE (-1765328374L)
+#define KRB5KDC_ERR_NEVER_VALID (-1765328373L)
+#define KRB5KDC_ERR_POLICY (-1765328372L)
+#define KRB5KDC_ERR_BADOPTION (-1765328371L)
+#define KRB5KDC_ERR_ETYPE_NOSUPP (-1765328370L)
+#define KRB5KDC_ERR_SUMTYPE_NOSUPP (-1765328369L)
+#define KRB5KDC_ERR_PADATA_TYPE_NOSUPP (-1765328368L)
+#define KRB5KDC_ERR_TRTYPE_NOSUPP (-1765328367L)
+#define KRB5KDC_ERR_CLIENT_REVOKED (-1765328366L)
+#define KRB5KDC_ERR_SERVICE_REVOKED (-1765328365L)
+#define KRB5KDC_ERR_TGT_REVOKED (-1765328364L)
+#define KRB5KDC_ERR_CLIENT_NOTYET (-1765328363L)
+#define KRB5KDC_ERR_SERVICE_NOTYET (-1765328362L)
+#define KRB5KDC_ERR_KEY_EXP (-1765328361L)
+#define KRB5KDC_ERR_PREAUTH_FAILED (-1765328360L)
+#define KRB5KDC_ERR_PREAUTH_REQUIRED (-1765328359L)
+#define KRB5KDC_ERR_SERVER_NOMATCH (-1765328358L)
+#define KRB5PLACEHOLD_27 (-1765328357L)
+#define KRB5PLACEHOLD_28 (-1765328356L)
+#define KRB5PLACEHOLD_29 (-1765328355L)
+#define KRB5PLACEHOLD_30 (-1765328354L)
+#define KRB5KRB_AP_ERR_BAD_INTEGRITY (-1765328353L)
+#define KRB5KRB_AP_ERR_TKT_EXPIRED (-1765328352L)
+#define KRB5KRB_AP_ERR_TKT_NYV (-1765328351L)
+#define KRB5KRB_AP_ERR_REPEAT (-1765328350L)
+#define KRB5KRB_AP_ERR_NOT_US (-1765328349L)
+#define KRB5KRB_AP_ERR_BADMATCH (-1765328348L)
+#define KRB5KRB_AP_ERR_SKEW (-1765328347L)
+#define KRB5KRB_AP_ERR_BADADDR (-1765328346L)
+#define KRB5KRB_AP_ERR_BADVERSION (-1765328345L)
+#define KRB5KRB_AP_ERR_MSG_TYPE (-1765328344L)
+#define KRB5KRB_AP_ERR_MODIFIED (-1765328343L)
+#define KRB5KRB_AP_ERR_BADORDER (-1765328342L)
+#define KRB5KRB_AP_ERR_ILL_CR_TKT (-1765328341L)
+#define KRB5KRB_AP_ERR_BADKEYVER (-1765328340L)
+#define KRB5KRB_AP_ERR_NOKEY (-1765328339L)
+#define KRB5KRB_AP_ERR_MUT_FAIL (-1765328338L)
+#define KRB5KRB_AP_ERR_BADDIRECTION (-1765328337L)
+#define KRB5KRB_AP_ERR_METHOD (-1765328336L)
+#define KRB5KRB_AP_ERR_BADSEQ (-1765328335L)
+#define KRB5KRB_AP_ERR_INAPP_CKSUM (-1765328334L)
+#define KRB5KRB_AP_PATH_NOT_ACCEPTED (-1765328333L)
+#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
+#define KRB5PLACEHOLD_53 (-1765328331L)
+#define KRB5PLACEHOLD_54 (-1765328330L)
+#define KRB5PLACEHOLD_55 (-1765328329L)
+#define KRB5PLACEHOLD_56 (-1765328328L)
+#define KRB5PLACEHOLD_57 (-1765328327L)
+#define KRB5PLACEHOLD_58 (-1765328326L)
+#define KRB5PLACEHOLD_59 (-1765328325L)
+#define KRB5KRB_ERR_GENERIC (-1765328324L)
+#define KRB5KRB_ERR_FIELD_TOOLONG (-1765328323L)
+#define KRB5PLACEHOLD_62 (-1765328322L)
+#define KRB5PLACEHOLD_63 (-1765328321L)
+#define KRB5PLACEHOLD_64 (-1765328320L)
+#define KRB5PLACEHOLD_65 (-1765328319L)
+#define KRB5PLACEHOLD_66 (-1765328318L)
+#define KRB5PLACEHOLD_67 (-1765328317L)
+#define KRB5PLACEHOLD_68 (-1765328316L)
+#define KRB5PLACEHOLD_69 (-1765328315L)
+#define KRB5PLACEHOLD_70 (-1765328314L)
+#define KRB5PLACEHOLD_71 (-1765328313L)
+#define KRB5PLACEHOLD_72 (-1765328312L)
+#define KRB5PLACEHOLD_73 (-1765328311L)
+#define KRB5PLACEHOLD_74 (-1765328310L)
+#define KRB5PLACEHOLD_75 (-1765328309L)
+#define KRB5PLACEHOLD_76 (-1765328308L)
+#define KRB5PLACEHOLD_77 (-1765328307L)
+#define KRB5PLACEHOLD_78 (-1765328306L)
+#define KRB5PLACEHOLD_79 (-1765328305L)
+#define KRB5PLACEHOLD_80 (-1765328304L)
+#define KRB5PLACEHOLD_81 (-1765328303L)
+#define KRB5PLACEHOLD_82 (-1765328302L)
+#define KRB5PLACEHOLD_83 (-1765328301L)
+#define KRB5PLACEHOLD_84 (-1765328300L)
+#define KRB5PLACEHOLD_85 (-1765328299L)
+#define KRB5PLACEHOLD_86 (-1765328298L)
+#define KRB5PLACEHOLD_87 (-1765328297L)
+#define KRB5PLACEHOLD_88 (-1765328296L)
+#define KRB5PLACEHOLD_89 (-1765328295L)
+#define KRB5PLACEHOLD_90 (-1765328294L)
+#define KRB5PLACEHOLD_91 (-1765328293L)
+#define KRB5PLACEHOLD_92 (-1765328292L)
+#define KRB5PLACEHOLD_93 (-1765328291L)
+#define KRB5PLACEHOLD_94 (-1765328290L)
+#define KRB5PLACEHOLD_95 (-1765328289L)
+#define KRB5PLACEHOLD_96 (-1765328288L)
+#define KRB5PLACEHOLD_97 (-1765328287L)
+#define KRB5PLACEHOLD_98 (-1765328286L)
+#define KRB5PLACEHOLD_99 (-1765328285L)
+#define KRB5PLACEHOLD_100 (-1765328284L)
+#define KRB5PLACEHOLD_101 (-1765328283L)
+#define KRB5PLACEHOLD_102 (-1765328282L)
+#define KRB5PLACEHOLD_103 (-1765328281L)
+#define KRB5PLACEHOLD_104 (-1765328280L)
+#define KRB5PLACEHOLD_105 (-1765328279L)
+#define KRB5PLACEHOLD_106 (-1765328278L)
+#define KRB5PLACEHOLD_107 (-1765328277L)
+#define KRB5PLACEHOLD_108 (-1765328276L)
+#define KRB5PLACEHOLD_109 (-1765328275L)
+#define KRB5PLACEHOLD_110 (-1765328274L)
+#define KRB5PLACEHOLD_111 (-1765328273L)
+#define KRB5PLACEHOLD_112 (-1765328272L)
+#define KRB5PLACEHOLD_113 (-1765328271L)
+#define KRB5PLACEHOLD_114 (-1765328270L)
+#define KRB5PLACEHOLD_115 (-1765328269L)
+#define KRB5PLACEHOLD_116 (-1765328268L)
+#define KRB5PLACEHOLD_117 (-1765328267L)
+#define KRB5PLACEHOLD_118 (-1765328266L)
+#define KRB5PLACEHOLD_119 (-1765328265L)
+#define KRB5PLACEHOLD_120 (-1765328264L)
+#define KRB5PLACEHOLD_121 (-1765328263L)
+#define KRB5PLACEHOLD_122 (-1765328262L)
+#define KRB5PLACEHOLD_123 (-1765328261L)
+#define KRB5PLACEHOLD_124 (-1765328260L)
+#define KRB5PLACEHOLD_125 (-1765328259L)
+#define KRB5PLACEHOLD_126 (-1765328258L)
+#define KRB5PLACEHOLD_127 (-1765328257L)
+#define KRB5_ERR_RCSID (-1765328256L)
+#define KRB5_LIBOS_BADLOCKFLAG (-1765328255L)
+#define KRB5_LIBOS_CANTREADPWD (-1765328254L)
+#define KRB5_LIBOS_BADPWDMATCH (-1765328253L)
+#define KRB5_LIBOS_PWDINTR (-1765328252L)
+#define KRB5_PARSE_ILLCHAR (-1765328251L)
+#define KRB5_PARSE_MALFORMED (-1765328250L)
+#define KRB5_CONFIG_CANTOPEN (-1765328249L)
+#define KRB5_CONFIG_BADFORMAT (-1765328248L)
+#define KRB5_CONFIG_NOTENUFSPACE (-1765328247L)
+#define KRB5_BADMSGTYPE (-1765328246L)
+#define KRB5_CC_BADNAME (-1765328245L)
+#define KRB5_CC_UNKNOWN_TYPE (-1765328244L)
+#define KRB5_CC_NOTFOUND (-1765328243L)
+#define KRB5_CC_END (-1765328242L)
+#define KRB5_NO_TKT_SUPPLIED (-1765328241L)
+#define KRB5KRB_AP_WRONG_PRINC (-1765328240L)
+#define KRB5KRB_AP_ERR_TKT_INVALID (-1765328239L)
+#define KRB5_PRINC_NOMATCH (-1765328238L)
+#define KRB5_KDCREP_MODIFIED (-1765328237L)
+#define KRB5_KDCREP_SKEW (-1765328236L)
+#define KRB5_IN_TKT_REALM_MISMATCH (-1765328235L)
+#define KRB5_PROG_ETYPE_NOSUPP (-1765328234L)
+#define KRB5_PROG_KEYTYPE_NOSUPP (-1765328233L)
+#define KRB5_WRONG_ETYPE (-1765328232L)
+#define KRB5_PROG_SUMTYPE_NOSUPP (-1765328231L)
+#define KRB5_REALM_UNKNOWN (-1765328230L)
+#define KRB5_SERVICE_UNKNOWN (-1765328229L)
+#define KRB5_KDC_UNREACH (-1765328228L)
+#define KRB5_NO_LOCALNAME (-1765328227L)
+#define KRB5_MUTUAL_FAILED (-1765328226L)
+#define KRB5_RC_TYPE_EXISTS (-1765328225L)
+#define KRB5_RC_MALLOC (-1765328224L)
+#define KRB5_RC_TYPE_NOTFOUND (-1765328223L)
+#define KRB5_RC_UNKNOWN (-1765328222L)
+#define KRB5_RC_REPLAY (-1765328221L)
+#define KRB5_RC_IO (-1765328220L)
+#define KRB5_RC_NOIO (-1765328219L)
+#define KRB5_RC_PARSE (-1765328218L)
+#define KRB5_RC_IO_EOF (-1765328217L)
+#define KRB5_RC_IO_MALLOC (-1765328216L)
+#define KRB5_RC_IO_PERM (-1765328215L)
+#define KRB5_RC_IO_IO (-1765328214L)
+#define KRB5_RC_IO_UNKNOWN (-1765328213L)
+#define KRB5_RC_IO_SPACE (-1765328212L)
+#define KRB5_TRANS_CANTOPEN (-1765328211L)
+#define KRB5_TRANS_BADFORMAT (-1765328210L)
+#define KRB5_LNAME_CANTOPEN (-1765328209L)
+#define KRB5_LNAME_NOTRANS (-1765328208L)
+#define KRB5_LNAME_BADFORMAT (-1765328207L)
+#define KRB5_CRYPTO_INTERNAL (-1765328206L)
+#define KRB5_KT_BADNAME (-1765328205L)
+#define KRB5_KT_UNKNOWN_TYPE (-1765328204L)
+#define KRB5_KT_NOTFOUND (-1765328203L)
+#define KRB5_KT_END (-1765328202L)
+#define KRB5_KT_NOWRITE (-1765328201L)
+#define KRB5_KT_IOERR (-1765328200L)
+#define KRB5_NO_TKT_IN_RLM (-1765328199L)
+#define KRB5DES_BAD_KEYPAR (-1765328198L)
+#define KRB5DES_WEAK_KEY (-1765328197L)
+#define KRB5_BAD_ENCTYPE (-1765328196L)
+#define KRB5_BAD_KEYSIZE (-1765328195L)
+#define KRB5_BAD_MSIZE (-1765328194L)
+#define KRB5_CC_TYPE_EXISTS (-1765328193L)
+#define KRB5_KT_TYPE_EXISTS (-1765328192L)
+#define KRB5_CC_IO (-1765328191L)
+#define KRB5_FCC_PERM (-1765328190L)
+#define KRB5_FCC_NOFILE (-1765328189L)
+#define KRB5_FCC_INTERNAL (-1765328188L)
+#define KRB5_CC_WRITE (-1765328187L)
+#define KRB5_CC_NOMEM (-1765328186L)
+#define KRB5_CC_FORMAT (-1765328185L)
+#define KRB5_CC_NOT_KTYPE (-1765328184L)
+#define KRB5_INVALID_FLAGS (-1765328183L)
+#define KRB5_NO_2ND_TKT (-1765328182L)
+#define KRB5_NOCREDS_SUPPLIED (-1765328181L)
+#define KRB5_SENDAUTH_BADAUTHVERS (-1765328180L)
+#define KRB5_SENDAUTH_BADAPPLVERS (-1765328179L)
+#define KRB5_SENDAUTH_BADRESPONSE (-1765328178L)
+#define KRB5_SENDAUTH_REJECTED (-1765328177L)
+#define KRB5_PREAUTH_BAD_TYPE (-1765328176L)
+#define KRB5_PREAUTH_NO_KEY (-1765328175L)
+#define KRB5_PREAUTH_FAILED (-1765328174L)
+#define KRB5_RCACHE_BADVNO (-1765328173L)
+#define KRB5_CCACHE_BADVNO (-1765328172L)
+#define KRB5_KEYTAB_BADVNO (-1765328171L)
+#define KRB5_PROG_ATYPE_NOSUPP (-1765328170L)
+#define KRB5_RC_REQUIRED (-1765328169L)
+#define KRB5_ERR_BAD_HOSTNAME (-1765328168L)
+#define KRB5_ERR_HOST_REALM_UNKNOWN (-1765328167L)
+#define KRB5_SNAME_UNSUPP_NAMETYPE (-1765328166L)
+#define KRB5KRB_AP_ERR_V4_REPLY (-1765328165L)
+#define KRB5_REALM_CANT_RESOLVE (-1765328164L)
+#define KRB5_TKT_NOT_FORWARDABLE (-1765328163L)
+#define KRB5_FWD_BAD_PRINCIPAL (-1765328162L)
+#define KRB5_GET_IN_TKT_LOOP (-1765328161L)
+#define KRB5_CONFIG_NODEFREALM (-1765328160L)
+#define KRB5_SAM_UNSUPPORTED (-1765328159L)
+#define KRB5_SAM_INVALID_ETYPE (-1765328158L)
+#define KRB5_SAM_NO_CHECKSUM (-1765328157L)
+#define KRB5_SAM_BAD_CHECKSUM (-1765328156L)
+#define KRB5_KT_NAME_TOOLONG (-1765328155L)
+#define KRB5_KT_KVNONOTFOUND (-1765328154L)
+#define KRB5_APPL_EXPIRED (-1765328153L)
+#define KRB5_LIB_EXPIRED (-1765328152L)
+#define KRB5_CHPW_PWDNULL (-1765328151L)
+#define KRB5_CHPW_FAIL (-1765328150L)
+#define KRB5_KT_FORMAT (-1765328149L)
+#define KRB5_NOPERM_ETYPE (-1765328148L)
+#define KRB5_CONFIG_ETYPE_NOSUPP (-1765328147L)
+#define KRB5_OBSOLETE_FN (-1765328146L)
+#define KRB5_EAI_FAIL (-1765328145L)
+#define KRB5_EAI_NODATA (-1765328144L)
+#define KRB5_EAI_NONAME (-1765328143L)
+#define KRB5_EAI_SERVICE (-1765328142L)
+#define KRB5_ERR_NUMERIC_REALM (-1765328141L)
+#define KRB5_ERR_BAD_S2K_PARAMS (-1765328140L)
+#define KRB5_ERR_NO_SERVICE (-1765328139L)
+#define KRB5_CC_READONLY (-1765328138L)
+#define KRB5_CC_NOSUPP (-1765328137L)
+#define KRB5_DELTAT_BADFORMAT (-1765328136L)
+#define KRB5_PLUGIN_NO_HANDLE (-1765328135L)
+#define ERROR_TABLE_BASE_krb5 (-1765328384L)
+
+extern const struct error_table et_krb5_error_table;
+
+#if !defined(_WIN32)
+/* for compatibility with older versions... */
+extern void initialize_krb5_error_table (void) /*@modifies internalState@*/;
+#else
+#define initialize_krb5_error_table()
+#endif
+
+#if !defined(_WIN32)
+#define init_krb5_err_tbl initialize_krb5_error_table
+#define krb5_err_base ERROR_TABLE_BASE_krb5
+#endif
+/*
+ * include/kdb5_err.h:
+ * This file is automatically generated; please do not edit it.
+ */
+
+#include <com_err.h>
+
+#define KRB5_KDB_RCSID (-1780008448L)
+#define KRB5_KDB_INUSE (-1780008447L)
+#define KRB5_KDB_UK_SERROR (-1780008446L)
+#define KRB5_KDB_UK_RERROR (-1780008445L)
+#define KRB5_KDB_UNAUTH (-1780008444L)
+#define KRB5_KDB_NOENTRY (-1780008443L)
+#define KRB5_KDB_ILL_WILDCARD (-1780008442L)
+#define KRB5_KDB_DB_INUSE (-1780008441L)
+#define KRB5_KDB_DB_CHANGED (-1780008440L)
+#define KRB5_KDB_TRUNCATED_RECORD (-1780008439L)
+#define KRB5_KDB_RECURSIVELOCK (-1780008438L)
+#define KRB5_KDB_NOTLOCKED (-1780008437L)
+#define KRB5_KDB_BADLOCKMODE (-1780008436L)
+#define KRB5_KDB_DBNOTINITED (-1780008435L)
+#define KRB5_KDB_DBINITED (-1780008434L)
+#define KRB5_KDB_ILLDIRECTION (-1780008433L)
+#define KRB5_KDB_NOMASTERKEY (-1780008432L)
+#define KRB5_KDB_BADMASTERKEY (-1780008431L)
+#define KRB5_KDB_INVALIDKEYSIZE (-1780008430L)
+#define KRB5_KDB_CANTREAD_STORED (-1780008429L)
+#define KRB5_KDB_BADSTORED_MKEY (-1780008428L)
+#define KRB5_KDB_CANTLOCK_DB (-1780008427L)
+#define KRB5_KDB_DB_CORRUPT (-1780008426L)
+#define KRB5_KDB_BAD_VERSION (-1780008425L)
+#define KRB5_KDB_BAD_SALTTYPE (-1780008424L)
+#define KRB5_KDB_BAD_ENCTYPE (-1780008423L)
+#define KRB5_KDB_BAD_CREATEFLAGS (-1780008422L)
+#define KRB5_KDB_NO_PERMITTED_KEY (-1780008421L)
+#define KRB5_KDB_NO_MATCHING_KEY (-1780008420L)
+#define KRB5_KDB_DBTYPE_NOTFOUND (-1780008419L)
+#define KRB5_KDB_DBTYPE_NOSUP (-1780008418L)
+#define KRB5_KDB_DBTYPE_INIT (-1780008417L)
+#define KRB5_KDB_SERVER_INTERNAL_ERR (-1780008416L)
+#define KRB5_KDB_ACCESS_ERROR (-1780008415L)
+#define KRB5_KDB_INTERNAL_ERROR (-1780008414L)
+#define KRB5_KDB_CONSTRAINT_VIOLATION (-1780008413L)
+#define ERROR_TABLE_BASE_kdb5 (-1780008448L)
+
+extern const struct error_table et_kdb5_error_table;
+
+#if !defined(_WIN32)
+/* for compatibility with older versions... */
+extern void initialize_kdb5_error_table (void) /*@modifies internalState@*/;
+#else
+#define initialize_kdb5_error_table()
+#endif
+
+#if !defined(_WIN32)
+#define init_kdb5_err_tbl initialize_kdb5_error_table
+#define kdb5_err_base ERROR_TABLE_BASE_kdb5
+#endif
+/*
+ * include/kv5m_err.h:
+ * This file is automatically generated; please do not edit it.
+ */
+
+#include <com_err.h>
+
+#define KV5M_NONE (-1760647424L)
+#define KV5M_PRINCIPAL (-1760647423L)
+#define KV5M_DATA (-1760647422L)
+#define KV5M_KEYBLOCK (-1760647421L)
+#define KV5M_CHECKSUM (-1760647420L)
+#define KV5M_ENCRYPT_BLOCK (-1760647419L)
+#define KV5M_ENC_DATA (-1760647418L)
+#define KV5M_CRYPTOSYSTEM_ENTRY (-1760647417L)
+#define KV5M_CS_TABLE_ENTRY (-1760647416L)
+#define KV5M_CHECKSUM_ENTRY (-1760647415L)
+#define KV5M_AUTHDATA (-1760647414L)
+#define KV5M_TRANSITED (-1760647413L)
+#define KV5M_ENC_TKT_PART (-1760647412L)
+#define KV5M_TICKET (-1760647411L)
+#define KV5M_AUTHENTICATOR (-1760647410L)
+#define KV5M_TKT_AUTHENT (-1760647409L)
+#define KV5M_CREDS (-1760647408L)
+#define KV5M_LAST_REQ_ENTRY (-1760647407L)
+#define KV5M_PA_DATA (-1760647406L)
+#define KV5M_KDC_REQ (-1760647405L)
+#define KV5M_ENC_KDC_REP_PART (-1760647404L)
+#define KV5M_KDC_REP (-1760647403L)
+#define KV5M_ERROR (-1760647402L)
+#define KV5M_AP_REQ (-1760647401L)
+#define KV5M_AP_REP (-1760647400L)
+#define KV5M_AP_REP_ENC_PART (-1760647399L)
+#define KV5M_RESPONSE (-1760647398L)
+#define KV5M_SAFE (-1760647397L)
+#define KV5M_PRIV (-1760647396L)
+#define KV5M_PRIV_ENC_PART (-1760647395L)
+#define KV5M_CRED (-1760647394L)
+#define KV5M_CRED_INFO (-1760647393L)
+#define KV5M_CRED_ENC_PART (-1760647392L)
+#define KV5M_PWD_DATA (-1760647391L)
+#define KV5M_ADDRESS (-1760647390L)
+#define KV5M_KEYTAB_ENTRY (-1760647389L)
+#define KV5M_CONTEXT (-1760647388L)
+#define KV5M_OS_CONTEXT (-1760647387L)
+#define KV5M_ALT_METHOD (-1760647386L)
+#define KV5M_ETYPE_INFO_ENTRY (-1760647385L)
+#define KV5M_DB_CONTEXT (-1760647384L)
+#define KV5M_AUTH_CONTEXT (-1760647383L)
+#define KV5M_KEYTAB (-1760647382L)
+#define KV5M_RCACHE (-1760647381L)
+#define KV5M_CCACHE (-1760647380L)
+#define KV5M_PREAUTH_OPS (-1760647379L)
+#define KV5M_SAM_CHALLENGE (-1760647378L)
+#define KV5M_SAM_CHALLENGE_2 (-1760647377L)
+#define KV5M_SAM_KEY (-1760647376L)
+#define KV5M_ENC_SAM_RESPONSE_ENC (-1760647375L)
+#define KV5M_ENC_SAM_RESPONSE_ENC_2 (-1760647374L)
+#define KV5M_SAM_RESPONSE (-1760647373L)
+#define KV5M_SAM_RESPONSE_2 (-1760647372L)
+#define KV5M_PREDICTED_SAM_RESPONSE (-1760647371L)
+#define KV5M_PASSWD_PHRASE_ELEMENT (-1760647370L)
+#define KV5M_GSS_OID (-1760647369L)
+#define KV5M_GSS_QUEUE (-1760647368L)
+#define ERROR_TABLE_BASE_kv5m (-1760647424L)
+
+extern const struct error_table et_kv5m_error_table;
+
+#if !defined(_WIN32)
+/* for compatibility with older versions... */
+extern void initialize_kv5m_error_table (void) /*@modifies internalState@*/;
+#else
+#define initialize_kv5m_error_table()
+#endif
+
+#if !defined(_WIN32)
+#define init_kv5m_err_tbl initialize_kv5m_error_table
+#define kv5m_err_base ERROR_TABLE_BASE_kv5m
+#endif
+/*
+ * include/krb524_err.h:
+ * This file is automatically generated; please do not edit it.
+ */
+
+#include <com_err.h>
+
+#define KRB524_BADKEY (-1750206208L)
+#define KRB524_BADADDR (-1750206207L)
+#define KRB524_BADPRINC (-1750206206L)
+#define KRB524_BADREALM (-1750206205L)
+#define KRB524_V4ERR (-1750206204L)
+#define KRB524_ENCFULL (-1750206203L)
+#define KRB524_DECEMPTY (-1750206202L)
+#define KRB524_NOTRESP (-1750206201L)
+#define KRB524_KRB4_DISABLED (-1750206200L)
+#define ERROR_TABLE_BASE_k524 (-1750206208L)
+
+extern const struct error_table et_k524_error_table;
+
+#if !defined(_WIN32)
+/* for compatibility with older versions... */
+extern void initialize_k524_error_table (void) /*@modifies internalState@*/;
+#else
+#define initialize_k524_error_table()
+#endif
+
+#if !defined(_WIN32)
+#define init_k524_err_tbl initialize_k524_error_table
+#define k524_err_base ERROR_TABLE_BASE_k524
+#endif
+/*
+ * include/asn1_err.h:
+ * This file is automatically generated; please do not edit it.
+ */
+
+#include <com_err.h>
+
+#define ASN1_BAD_TIMEFORMAT (1859794432L)
+#define ASN1_MISSING_FIELD (1859794433L)
+#define ASN1_MISPLACED_FIELD (1859794434L)
+#define ASN1_TYPE_MISMATCH (1859794435L)
+#define ASN1_OVERFLOW (1859794436L)
+#define ASN1_OVERRUN (1859794437L)
+#define ASN1_BAD_ID (1859794438L)
+#define ASN1_BAD_LENGTH (1859794439L)
+#define ASN1_BAD_FORMAT (1859794440L)
+#define ASN1_PARSE_ERROR (1859794441L)
+#define ASN1_BAD_GMTIME (1859794442L)
+#define ASN1_MISMATCH_INDEF (1859794443L)
+#define ASN1_MISSING_EOC (1859794444L)
+#define ERROR_TABLE_BASE_asn1 (1859794432L)
+
+extern const struct error_table et_asn1_error_table;
+
+#if !defined(_WIN32)
+/* for compatibility with older versions... */
+extern void initialize_asn1_error_table (void) /*@modifies internalState@*/;
+#else
+#define initialize_asn1_error_table()
+#endif
+
+#if !defined(_WIN32)
+#define init_asn1_err_tbl initialize_asn1_error_table
+#define asn1_err_base ERROR_TABLE_BASE_asn1
+#endif
#include <win-mac.h>
#endif
-#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+#if defined(__MACH__) && defined(__APPLE__)
# include <TargetConditionals.h>
# if TARGET_RT_MAC_CFM
# error "Use KfM 4.0 SDK headers for CFM compilation."
extern "C" {
#endif /* __cplusplus */
-#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import on
-# endif
-#endif
-
typedef char* profile_filespec_t; /* path as C string */
typedef char* profile_filespec_list_t; /* list of : separated paths, C string */
typedef const char * const_profile_filespec_t; /* path as C string */
long KRB5_CALLCONV profile_flush
(profile_t profile);
+long KRB5_CALLCONV profile_flush_to_file
+ (profile_t profile, const_profile_filespec_t outfile);
+long KRB5_CALLCONV profile_flush_to_buffer
+ (profile_t profile, char **bufp);
+void KRB5_CALLCONV profile_free_buffer
+ (profile_t profile, char *buf);
+
+long KRB5_CALLCONV profile_is_writable
+ (profile_t profile, int *writable);
+long KRB5_CALLCONV profile_is_modified
+ (profile_t profile, int *modified);
void KRB5_CALLCONV profile_abandon
(profile_t profile);
(profile_t profile, const char **names, char ***ret_names);
long KRB5_CALLCONV profile_iterator_create
- (profile_t profile, const char **names,
+ (profile_t profile, const char *const *names,
int flags, void **ret_iter);
void KRB5_CALLCONV profile_iterator_free
(profile_t profile, const char **names,
const char *new_value);
-#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import reset
-# endif
-#endif
-
#ifdef __cplusplus
}
#endif /* __cplusplus */
#if !defined(_WIN32)
/* for compatibility with older versions... */
-extern void initialize_prof_error_table () /*@modifies internalState@*/;
+extern void initialize_prof_error_table (void) /*@modifies internalState@*/;
#else
#define initialize_prof_error_table()
#endif
#else /* ! RES_ONLY */
+/* To ensure backward compatibility of the ABI use 32-bit time_t on
+ * 32-bit Windows.
+ */
+#ifdef _KRB5_INT_H
+#ifdef KRB5_GENERAL__
+#error krb5.h included before k5-int.h
+#endif /* KRB5_GENERAL__ */
+#if _INTEGRAL_MAX_BITS >= 64 && _MSC_VER >= 1400 && !defined(_WIN64) && !defined(_USE_32BIT_TIME_T)
+#if defined(_TIME_T_DEFINED) || defined(_INC_IO) || defined(_INC_TIME) || defined(_INC_WCHAR)
+#error time_t has been defined as a 64-bit integer which is incompatible with Kerberos on this platform.
+#endif /* _TIME_T_DEFINED */
+#define _USE_32BIT_TIME_T
+#endif
+#endif
+
#define SIZEOF_INT 4
#define SIZEOF_SHORT 2
#define SIZEOF_LONG 4
#include <windows.h>
#include <limits.h>
-#define HAVE_LABS
-
#ifndef SIZE_MAX /* in case Microsoft defines max size of size_t */
+#ifdef MAX_SIZE /* Microsoft defines MAX_SIZE as max size of size_t */
+#define SIZE_MAX MAX_SIZE
+#else
#define SIZE_MAX UINT_MAX
#endif
+#endif
#ifndef KRB5_CALLCONV
# define KRB5_CALLCONV __stdcall
#ifndef KRB5_SYSTYPES__
#define KRB5_SYSTYPES__
#include <sys/types.h>
-typedef unsigned long u_long; /* Not part of sys/types.h on the pc */
-typedef unsigned int u_int;
-typedef unsigned short u_short;
-typedef unsigned char u_char;
+typedef unsigned long u_long; /* Not part of sys/types.h on the pc */
+typedef unsigned int u_int;
+typedef unsigned short u_short;
+typedef unsigned char u_char;
+typedef unsigned int uint32_t;
+typedef int int32_t;
+#if _INTEGRAL_MAX_BITS >= 64
+typedef unsigned __int64 uint64_t;
+typedef __int64 int64_t;
+#endif
#endif /* KRB5_SYSTYPES__ */
#define MAXHOSTNAMELEN 512
#define HAVE_SRAND
#define HAVE_ERRNO
#define HAVE_STRDUP
+#define HAVE_GETADDRINFO
+#define HAVE_GETNAMEINFO
#define NO_USERID
#define NO_PASSWORD
+#define HAVE_STRERROR
+#define SYS_ERRLIST_DECLARED
+/* if __STDC_VERSION__ >= 199901L this shouldn't be needed */
+#define inline __inline
+#define KRB5_USE_INET6
+#define NEED_INSIXADDR_ANY
+#define ENABLE_THREADS
#define WM_KERBEROS5_CHANGED "Kerberos5 Changed"
#ifdef KRB4
HINSTANCE get_lib_instance(void);
+#define GETSOCKNAME_ARG2_TYPE struct sockaddr
+#define GETSOCKNAME_ARG3_TYPE size_t
+#define GETPEERNAME_ARG2_TYPE GETSOCKNAME_ARG2_TYPE
+#define GETPEERNAME_ARG3_TYPE GETSOCKNAME_ARG3_TYPE
+
#endif /* !RES_ONLY */
#endif /* _WIN32 */
#include <krb.h>
-typedef struct {
- int dlgtype;
#define DLGTYPE_PASSWD 0
#define DLGTYPE_CHPASSWD 1
+typedef struct {
+ int dlgtype;
// Tells whether dialog box is in change pwd more or init ticket mode???
// (verify this):
int dlgstatemax; // What is this???
LPSTR principal;
} LSH_DLGINFO, FAR *LPLSH_DLGINFO;
-#define LEASH_USERNAME_SZ 64
-#define LEASH_REALM_SZ 192
+#define LEASH_USERNAME_SZ 64
+#define LEASH_REALM_SZ 192
+#define LEASH_TITLE_SZ 128
+#define LEASH_CCACHE_NAME_SZ 264
typedef struct {
- DWORD size;
+ DWORD size;
int dlgtype;
-#define DLGTYPE_PASSWD 0
-#define DLGTYPE_CHPASSWD 1
- // Tells whether dialog box is in change pwd more or init ticket mode???
- // (verify this):
- LPSTR title;
- LPSTR username;
- LPSTR realm;
- int use_defaults;
- int forwardable;
- int noaddresses;
- int lifetime;
- int renew_till;
- int proxiable;
- int publicip;
- // Version 1 of this structure ended here
+ // Tells whether dialog box is in change pwd mode or init ticket mode
+ LPSTR title; // in v3, set to in.title
+ LPSTR username; // in v3, set to in.username
+ LPSTR realm; // in v3, set to in.realm
+ int use_defaults;
+ int forwardable;
+ int noaddresses;
+ int lifetime;
+ int renew_till;
+ int proxiable;
+ int publicip;
+ // Version 1 of this structure ends here
struct {
char username[LEASH_USERNAME_SZ];
char realm[LEASH_REALM_SZ];
+ // Version 2 of this structure ends here
+ char ccache[LEASH_CCACHE_NAME_SZ];
} out;
-} LSH_DLGINFO_EX, FAR *LPLSH_DLGINFO_EX;
+ struct {
+ char title[LEASH_TITLE_SZ];
+ char username[LEASH_USERNAME_SZ];
+ char realm[LEASH_REALM_SZ];
+ char ccache[LEASH_CCACHE_NAME_SZ];
+ } in;
+} LSH_DLGINFO_EX, *LPLSH_DLGINFO_EX;
#define LSH_DLGINFO_EX_V1_SZ (sizeof(DWORD) + 3 * sizeof(LPSTR) + 8 * sizeof(int))
-#define LSH_DLGINFO_EX_V2_SZ (sizeof(DWORD) + 3 * sizeof(LPSTR) + 8 * sizeof(int) + max(LEASH_USERNAME_SZ,LEASH_REALM_SZ))
+#define LSH_DLGINFO_EX_V2_SZ (LSH_DLGINFO_EX_V1_SZ + LEASH_USERNAME_SZ + LEASH_REALM_SZ)
+#define LSH_DLGINFO_EX_V3_SZ (LSH_DLGINFO_EX_V2_SZ + LEASH_TITLE_SZ + LEASH_USERNAME_SZ + LEASH_REALM_SZ + 2 * LEASH_CCACHE_NAME_SZ)
+
+#ifndef NETIDMGR
+#define NETID_USERNAME_SZ 128
+#define NETID_REALM_SZ 192
+#define NETID_TITLE_SZ 256
+#define NETID_CCACHE_NAME_SZ 264
-typedef struct {
+#define NETID_DLGTYPE_TGT 0
+#define NETID_DLGTYPE_CHPASSWD 1
+typedef struct {
+ DWORD size;
+ DWORD dlgtype;
+ // Tells whether dialog box is in change pwd mode or init ticket mode
+ struct {
+ WCHAR title[NETID_TITLE_SZ];
+ WCHAR username[NETID_USERNAME_SZ];
+ WCHAR realm[NETID_REALM_SZ];
+ WCHAR ccache[NETID_CCACHE_NAME_SZ];
+ DWORD use_defaults;
+ DWORD forwardable;
+ DWORD noaddresses;
+ DWORD lifetime;
+ DWORD renew_till;
+ DWORD proxiable;
+ DWORD publicip;
+ DWORD must_use_specified_principal;
+ } in;
+ struct {
+ WCHAR username[NETID_USERNAME_SZ];
+ WCHAR realm[NETID_REALM_SZ];
+ WCHAR ccache[NETID_CCACHE_NAME_SZ];
+ } out;
+ // Version 1 of this structure ends here
+} NETID_DLGINFO, *LPNETID_DLGINFO;
+
+#define NETID_DLGINFO_V1_SZ (10 * sizeof(DWORD) \
+ + sizeof(WCHAR) * (NETID_TITLE_SZ + \
+ 2 * NETID_USERNAME_SZ + 2 * NETID_REALM_SZ + \
+ 2 * NETID_CCACHE_NAME_SZ))
+#endif /* NETIDMGR */
+
+typedef struct {
char principal[MAX_K_NAME_SZ]; /* Principal name/instance/realm */
int btickets; /* Do we have tickets? */
long lifetime; /* Lifetime -- needs to have
#include "loadfuncs.h"
#include <com_err.h>
+#if defined(_WIN64)
+#define COMERR_DLL "comerr64.dll"
+#else
#define COMERR_DLL "comerr32.dll"
+#endif
TYPEDEF_FUNC(
void,
#include "loadfuncs.h"
#include <krb5.h>
+#if defined(_WIN64)
+#define KRB5_DLL "krb5_64.dll"
+#else
#define KRB5_DLL "krb5_32.dll"
+#endif
TYPEDEF_FUNC(
void,
#include "loadfuncs.h"
#include <leashwin.h>
+#if defined(_WIN64)
+#define LEASH_DLL "leashw64.dll"
+#else
#define LEASH_DLL "leashw32.dll"
+#endif
#define CALLCONV_C
#include "loadfuncs.h"
#include <profile.h>
+#if defined(_WIN64)
+#define PROFILE_DLL "xpprof64.dll"
+#else
#define PROFILE_DLL "xpprof32.dll"
+#endif
TYPEDEF_FUNC(
long,
#include <loadfuncs.h>
#include <wshelper.h>
+#if defined(_WIN64)
+#define WSHELPER_DLL "wshelp64.dll"
+#else
#define WSHELPER_DLL "wshelp32.dll"
+#endif
#define CALLCONV_C
TYPEDEF_FUNC(
--- /dev/null
+/*
+ * Copyright (c) 2005 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#ifndef __KHIMAIRA_HASHTABLE_H
+#define __KHIMAIRA_HASHTABLE_H
+
+/*! \addtogroup util
+ @{ */
+
+/*! \defgroup util_ht Hashtable
+ @{*/
+
+#include<khdefs.h>
+#include<khlist.h>
+
+/*! \brief A hash function
+
+ The function should take a key as a parameter and return an
+ khm_int32 that serves as the hash of the key.
+ */
+typedef khm_int32 (*hash_function_t)(const void *key);
+
+/*! \brief A comparison function
+
+ The function takes two keys and returns a value indicating the
+ relative ordering of the two keys.
+
+ The return value should be:
+ - \b Zero if \a key1 == \a key2
+ - \b Negative if \a key1 < \a key2
+ - \b Positive if \a key1 > \a key2
+ */
+typedef khm_int32 (*comp_function_t)(const void *key1, const void *key2);
+
+/*! \brief Add-reference function
+
+ When an object is successfully added to a hashtable, this function
+ will be called with the \a key and \a data used to add the object.
+ The function is allowed to modify \a data, however, the
+ modification should not alter the \a key or the relationship
+ between \a key and \a data.
+ */
+typedef void (*add_ref_function_t)(const void *key, void *data);
+
+/*! \brief Delete-reference function
+
+ When an object is successfully removed from the hashtable, this
+ function will be called. As with the add-ref function, the object
+ can be modified, but the \a key and the relationship between \a
+ key and \a data should remain intact.
+
+ An object is removed if it is explicitly removed from the
+ hashtable or another object with the same \a key is added to the
+ hashtable. There should be a 1-1 correspondence with keys and
+ objects in the hashtable. The delete-reference function will be
+ called on all the remaining objects in the hashtable when the
+ hashtable is deleted.
+ */
+typedef void (*del_ref_function_t)(const void *key, void *data);
+
+typedef struct tag_hash_bin {
+ void * data;
+ void * key;
+
+ LDCL(struct tag_hash_bin);
+} hash_bin;
+
+typedef struct hashtable_t {
+ khm_int32 n;
+ hash_function_t hash;
+ comp_function_t comp;
+ add_ref_function_t addr;
+ del_ref_function_t delr;
+ hash_bin ** bins;
+} hashtable;
+
+/*! \brief Create a new hashtable
+
+ \param[in] n Number of bins in hashtable.
+ \param[in] hash A hash function. Required.
+ \param[in] comp A comparator. Required.
+ \param[in] addr An add-ref function. Optional; can be NULL.
+ \param[in] delr A del-ref function. Optional; can be NULL.
+
+ */
+KHMEXP hashtable * KHMAPI hash_new_hashtable(khm_int32 n,
+ hash_function_t hash,
+ comp_function_t comp,
+ add_ref_function_t addr,
+ del_ref_function_t delr);
+
+/*! \brief Delete a hashtable
+
+ \note Not thread-safe. Applications must serialize calls that
+ reference the same hashtable.
+ */
+KHMEXP void KHMAPI hash_del_hashtable(hashtable * h);
+
+/*! \brief Add an object to a hashtable
+
+ Creates an association between the \a key and \a data in the
+ hashtable \a h. If there is an add-ref function defined for the
+ hashtable, it will be called with \a key and \data after the
+ object is added. If there is already an object with the same key
+ in the hashtable, that object will be removed (and the del-ref
+ function called, if appilcable) before adding the new object and
+ before the add-ref function is called for the new object.
+
+ Note that two keys \a key1 and \a key2 are equal (or same) in a
+ hashtable if the comparator returns zero when called with \a key1
+ and \a key2.
+
+ Also note that all additions and removals to the hashtable are
+ done by reference. No data is copied. Any objects pointed to are
+ expected to exist for the duration that the object and key are
+ contained in the hashtable.
+
+ \param[in] h Hashtable
+ \param[in] key A key. If \a key points to a location in memory,
+ it should be within the object pointed to by \a data, or be a
+ constant. Can be NULL.
+ \param[in] data Data. Cannot be NULL.
+
+ \note Not thread-safe. Applications must serialize calls that
+ reference the same hashtable.
+ */
+KHMEXP void KHMAPI hash_add(hashtable * h, void * key, void * data);
+
+/*! \brief Delete an object from a hashtable
+
+ Deletes the object in the hashtable \a h that is associated with
+ key \a key. An object is associated with key \a key if the key \a
+ key_o that the object is associated with is the same as \a key as
+ determined by the comparator. If the del-ref function is defined
+ for the hash-table, it will be called with the \a key_o and \a
+ data that was used to add the object.
+
+ \note Not thread-safe. Applications must serialize calls that
+ reference the same hashtable.
+ */
+KHMEXP void KHMAPI hash_del(hashtable * h, void * key);
+
+/*! \brief Resolve and association
+
+ Return the object that is associated with key \a key in hashtable
+ \a h. An object \a data is associated with key \a key in \a h if
+ the key \a key_o that was used to add \a data to \a h is equal to
+ \a key as determined by the comparator.
+
+ Returns NULL if no association is found.
+
+ \note Not thread-safe. Applications must serialize calls that
+ reference the same hashtable.
+ */
+KHMEXP void * KHMAPI hash_lookup(hashtable * h, void * key);
+
+/*! \brief Check for the presence of an association
+
+ Returns non-zero if there exists an association between key \a key
+ and some object in hashtable \a h. See hash_lookup() for
+ definition of "association".
+
+ Returns zero if there is no association.
+
+ \note (hash_lookup(h,key) == NULL) iff (hash_exist(h,key)==0)
+
+ \note Not thead-safe. Application must serialize calls that
+ reference the same hashtable.
+ */
+KHMEXP khm_boolean KHMAPI hash_exist(hashtable * h, void * key);
+
+/*! \brief Compute a hashvalue for a unicode string
+
+ The hash value is computed using DJB with parameter 13331.
+
+ This function is suitable for use as the hash function for a
+ hashtable if the keys are NULL terminated safe unicode strings
+ that are either part of the data objects or are constants.
+
+ \param[in] str A pointer to a NULL terminated wchar_t string cast
+ as (void *).
+ */
+KHMEXP khm_int32 hash_string(const void *str);
+
+/*! \brief Compare two strings
+
+ Compares two strings are returns a value that is in accordance
+ with the comparator for a hashtable.
+
+ \param[in] vs1 A pointer to a NULL terminated wchar_t string cast
+ as (void *).
+ \param[in] vs2 A pointer to a NULL terminated wchar_t string cast
+ as (void *).
+ */
+KHMEXP khm_int32 hash_string_comp(const void *vs1, const void *vs2);
+
+/*@}*/
+/*@}*/
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2005 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#ifndef __KHIMAIRA_KCONFIG_H
+#define __KHIMAIRA_KCONFIG_H
+
+#include<khdefs.h>
+#include<mstring.h>
+
+/*! \defgroup kconf NetIDMgr Configuration Provider */
+/*@{*/
+
+/*! \brief Configuration schema descriptor record
+
+ The schema descriptor is a convenient way to provide a default set
+ of configuration options for a part of an application. It
+ describes the configuration spaces and the values and subspaces
+ contained in each space.
+
+ \see kconf_load_schema()
+*/
+typedef struct tag_kconf_schema {
+ wchar_t * name; /*!< name of the object being described.
+ Optional for KC_ENDSPACE type object,
+ but required for everything else.
+ Names can be upto KCONF_MAXCCH_NAME
+ characters in length. */
+ khm_int32 type; /*!< type of the object. Can be one of
+ KC_SPACE, KC_ENDSPACE, KC_INT32,
+ KC_INT64, KC_STRING or KC_BINARY */
+ khm_ui_8 value; /*!< the value of the object. It is not
+ used for KC_SPACE and KC_ENDSPACE
+ typed objects. For a KC_STRING, this
+ contains a pointer to the string
+ value. The string should not be
+ longer than KCONF_MAXCCH_STRING
+ characters. KC_INT32 and KC_INT64
+ objects store the value directly in
+ this field, while KC_BINARY objects do
+ not support defining a default value
+ here. */
+ wchar_t * description;/*!< a friendly description of the value
+ or configuration space. */
+} kconf_schema;
+
+/*! \name Configuration data types
+ @{*/
+/*! \brief Not a known type */
+#define KC_NONE 0
+
+/*! \brief When used as ::kconf_schema \a type, defines the start of a configuration space.
+
+ There should be a subsequent KC_ENDSPACE record in the schema
+ which defines the end of this configuration space.
+
+ \a name specifies the name of the configuration space. Optionally
+ use \a description to provide a description.*/
+#define KC_SPACE 1
+
+/*! \brief Ends a configuration space started with KC_SPACE */
+#define KC_ENDSPACE 2
+
+/*! \brief A 32 bit integer
+
+ Specifies a configuration parameter named \a name which is of this
+ type. Use \a description to provide an optional description of
+ the value.
+
+ \a value specifies a default value for this parameter in the lower
+ 32 bits.
+*/
+#define KC_INT32 3
+
+/*! \brief A 64 bit integer
+
+ Specifies a configuration parameter named \a name which is of this
+ type. Use \a description to provide an optional description of
+ the value.
+
+ \a value specifies a default value for this parameter.
+*/
+#define KC_INT64 4
+
+/*! \brief A unicode string
+
+ Specifies a configuration parameter named \a name which is of this
+ type. Use \a description to provide an optional description of
+ the value.
+
+ \a value specifies a default value for this parameter which should
+ be a pointer to a NULL terminated unicode string of no more than
+ ::KCONF_MAXCCH_STRING characters.
+*/
+#define KC_STRING 5
+
+/*! \brief An unparsed binary stream
+
+ Specifies a configuration parameter named \a name which is of this
+ type. Use \a description to provide an optional description of
+ the value.
+
+ Default values are not supported for binary streams. \a value is
+ ignored.
+*/
+#define KC_BINARY 6
+/*@}*/
+
+/*! \brief This is the root configuration space */
+#define KCONF_FLAG_ROOT 0x00000001
+
+/*! \brief Indicates the configuration store which stores user-specific information */
+#define KCONF_FLAG_USER 0x00000002
+
+/*! \brief Indicates the configuration store which stores machine-specific information */
+#define KCONF_FLAG_MACHINE 0x00000004
+
+/*! \brief Indicates the configuration store which stores the schema */
+#define KCONF_FLAG_SCHEMA 0x00000008
+
+/*! \brief Indicates that the last component of the given configuration path is to be considered to be a configuration value */
+#define KCONF_FLAG_TRAILINGVALUE 0x00000020
+
+/*! \brief Only write values back there is a change
+
+ Any write operations using the handle with check if the value
+ being written is different from the value being read from the
+ handle. It will only be written if the value is different.
+
+ \note Note that the value being read from a handle takes schema and
+ shadowed configuration handles into consideration while the value
+ being written is only written to the topmost layer of
+ configuration that can be written to.
+
+ \note Note also that this flag does not affect binary values.
+ */
+#define KCONF_FLAG_WRITEIFMOD 0x00000040
+
+/*! \brief Use case-insensitive comparison for KCONF_FLAG_WRITEIFMOD
+
+ When used in combination with \a KCONF_FLAG_WRITEIFMOD , the
+ string comparison used when determining whether the string read
+ from the configuration handle is the same as the string being
+ written will be case insensitive. If this flag is not set, the
+ comparison will be case sensitive.
+ */
+#define KCONF_FLAG_IFMODCI 0x00000080
+
+/*! \brief Do not parse the configuration space name
+
+ If set, disables the parsing of the configuration space for
+ subspaces. The space name is taken verbatim to be a configuration
+ space name. This can be used when there can be forward slashes or
+ backslahes in the name which are not escaped.
+
+ By default, the configuration space name,
+
+ \code
+ L"foo\\bar"
+ \endcode
+
+ is taken to mean the configuration space \a bar which is a
+ subspace of \a foo. If ::KCONF_FLAG_NOPARSENAME is set, then this
+ is taken to mean configuration space \a foo\\bar.
+ */
+#define KCONF_FLAG_NOPARSENAME 0x00000040
+
+/*! \brief Maximum number of allowed characters (including terminating NULL) in a name
+
+ \note This is a hard limit in Windows, since we are mapping
+ configuration spaces to registry keys.
+*/
+#define KCONF_MAXCCH_NAME 256
+
+/*! \brief Maximum number of allowed bytes (including terminating NULL) in a name */
+#define KCONF_MAXCB_NAME (KCONF_MAXCCH_NAME * sizeof(wchar_t))
+
+/*! \brief Maximum level of nesting for configuration spaces
+ */
+#define KCONF_MAX_DEPTH 16
+
+/*! \brief Maximum number of allowed characters (including terminating NULL) in a configuration path */
+#define KCONF_MAXCCH_PATH (KCONF_MAXCCH_NAME * KCONF_MAX_DEPTH)
+
+/*! \brief Maximum number of allowed bytes (including terminating NULL) in a configuration path */
+#define KCONF_MAXCB_PATH (KCONF_MAXCCH_PATH * sizeof(wchar_t))
+
+/*! \brief Maximum number of allowed characters (including terminating NULL) in a string */
+#define KCONF_MAXCCH_STRING KHM_MAXCCH_STRING
+
+/*! \brief Maximum number of allowed bytes (including terminating NULL) in a string */
+#define KCONF_MAXCB_STRING (KCONF_MAXCCH_STRING * sizeof(wchar_t))
+
+/*! \brief Open a configuration space
+
+ Opens the configuration space specified by \a cspace. By default,
+ the opened space includes user,machine and schema configuration
+ stores. However, you can specify a subset of these.
+
+ If the configuration space does not exist and the \a flags specify
+ KHM_FLAG_CREATE, then the configuration space is created. The
+ stores that are affected by the create operation depend on \a
+ flags. If the \a flags only specifies ::KCONF_FLAG_MACHINE, then
+ the configuration space is created in the machine store. If \a
+ flags specifies any combination of stores including \a
+ ::KCONF_FLAG_USER, then the configuration space is created in the
+ user store. Note that ::KCONF_FLAG_SCHEMA is readonly.
+
+ Once opened, use khc_close_space() to close the configuration
+ space.
+
+ \param[in] parent The parent configuration space. The path
+ specified in \a cspace is relative to the parent. Set this to
+ NULL to indicate the root configuration space.
+
+ \param[in] cspace The confiuration path. This can be up to
+ ::KCONF_MAXCCH_PATH characters in length. Use either
+ backslashes or forward slashes to specify hiearchy. Set this
+ to NULL to reopen the parent configuration space.
+
+ \param[in] flags Flags. This can be a combination of KCONF_FLAG_*
+ constants and KHM_FLAG_CREATE. If none of ::KCONF_FLAG_USER,
+ ::KCONF_FLAG_MACHINE or ::KCONF_FLAG_SCHEMA is specified, then
+ it defaults to all three.
+
+ \param[out] result Pointer to a handle which receives the handle
+ to the opened configuration space if the call succeeds.
+
+ \note You can re-open a configuration space with different flags
+ such as ::KCONF_FLAG_MACHINE by specifying NULL for \a cspace
+ and settings \a flags to the required flags.
+
+*/
+KHMEXP khm_int32 KHMAPI
+khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags,
+ khm_handle * result);
+
+/*! \brief Set the shadow space for a configuration handle
+
+ The handle specified by \a lower becomes a shadow for the handle
+ specified by \a upper. Any configuration value that is queried in
+ \a upper that does not exist in \a upper will be queried in \a
+ lower.
+
+ If \a upper already had a shadow handle, that handle will be
+ replaced by \a lower. The handle \a lower still needs to be
+ closed by a call to khc_close_space(). However, closing \a lower
+ will not affect \a upper which will still treat the configuration
+ space pointed to by \a lower to be it's shadow.
+
+ Shadows are specific to handles and not configuration spaces.
+ Shadowing a configuration space using one handle does not affect
+ any other handles which may be obtained for the same configuration
+ space.
+
+ Specify NULL for \a lower to remove any prior shadow.
+ */
+KHMEXP khm_int32 KHMAPI
+khc_shadow_space(khm_handle upper, khm_handle lower);
+
+/*! \brief Close a handle opened with khc_open_space()
+*/
+KHMEXP khm_int32 KHMAPI
+khc_close_space(khm_handle conf);
+
+/*! \brief Read a string value from a configuration space
+
+ The \a value_name parameter specifies the value to read from the
+ configuration space. This can be either a value name or a value
+ path consisting of a series nested configuration space names
+ followed by the value name all separated by backslashes or forward
+ slashes.
+
+ For example: If \a conf is a handle to the configuration space \c
+ 'A/B/C', then the value name \c 'D/E/v' refers to the value named
+ \c 'v' in the configuration space \c 'A/B/C/D/E'.
+
+ The specific configuration store that is used to access the value
+ depends on the flags that were specified in the call to
+ khc_open_space(). The precedence of configuration stores are as
+ follows:
+
+ - If KCONF_FLAG_USER was specified, then the user configuration
+ space.
+
+ - Otherwise, if KCONF_FLAG_MACHINE was specified, then the machine
+ configuration space.
+
+ - Otherwise, if KCONF_FLAG_SCHEMA was specified, the the schema
+ store.
+
+ Note that not specifying any of the configuration store specifiers
+ in the call to khc_open_space() is equivalent to specifying all
+ three.
+
+ If the value is not found in the configuration space and any
+ shadowed configuration spaces, the function returns \a
+ KHM_ERROR_NOT_FOUND. In this case, the buffer is left unmodified.
+
+ \param[in] buf Buffer to copy the string to. Specify NULL to just
+ retrieve the number of required bytes.
+
+ \param[in,out] bufsize On entry, specifies the number of bytes of
+ space available at the location specified by \a buf. On exit
+ specifies the number of bytes actually copied or the size of
+ the required buffer if \a buf is NULL or insufficient.
+
+ \retval KHM_ERROR_NOT_READY The configuration provider has not started
+ \retval KHM_ERROR_INVALID_PARAM One or more of the supplied parameters are not valid
+ \retval KHM_ERROR_TYPE_MISMATCH The specified value is not a string
+ \retval KHM_ERROR_TOO_LONG \a buf was NULL or the size of the buffer was insufficient. The required size is in bufsize.
+ \retval KHM_ERROR_SUCCESS Success. The number of bytes copied is in bufsize.
+ \retval KHM_ERROR_NOT_FOUND The value was not found.
+
+ \see khc_open_space()
+*/
+KHMEXP khm_int32 KHMAPI
+khc_read_string(khm_handle conf,
+ const wchar_t * value_name,
+ wchar_t * buf,
+ khm_size * bufsize);
+
+/*! \brief Read a multi-string value from a configuration space
+
+ The \a value_name parameter specifies the value to read from the
+ configuration space. This can be either a value name or a value
+ path consisting of a series nested configuration space names
+ followed by the value name all separated by backslashes or forward
+ slashes.
+
+ For example: If \a conf is a handle to the configuration space \c
+ 'A/B/C', then the value name \c 'D/E/v' refers to the value named
+ \c 'v' in the configuration space \c 'A/B/C/D/E'.
+
+ The specific configuration store that is used to access the value
+ depends on the flags that were specified in the call to
+ khc_open_space(). The precedence of configuration stores are as
+ follows:
+
+ - If KCONF_FLAG_USER was specified, then the user configuration
+ space.
+
+ - Otherwise, if KCONF_FLAG_MACHINE was specified, then the machine
+ configuration space.
+
+ - Otherwise, if KCONF_FLAG_SCHEMA was specified, the the schema
+ store.
+
+ A multi-string is a pseudo data type. The value in the
+ configuration store should contain a CSV string. Each comma
+ separated value in the CSV string is considered to be a separate
+ value. Empty values are not allowed. The buffer pointed to by \a
+ buf will receive these values in the form of a series of NULL
+ terminated strings terminated by an empty string (or equivalently,
+ the last string will be terminated by a double NULL).
+
+ Note that not specifying any of the configuration store specifiers
+ in the call to khc_open_space() is equivalent to specifying all
+ three.
+
+ If the value is not found in the configuration space and any
+ shadowed configuration spaces, the function returns \a
+ KHM_ERROR_NOT_FOUND. In this case, the buffer is left unmodified.
+
+ \param[in] buf Buffer to copy the multi-string to. Specify NULL
+ to just retrieve the number of required bytes.
+
+ \param[in,out] bufsize On entry, specifies the number of bytes of
+ space available at the location specified by \a buf. On exit
+ specifies the number of bytes actually copied or the size of
+ the required buffer if \a buf is NULL or insufficient.
+
+ \retval KHM_ERROR_NOT_READY The configuration provider has not started
+ \retval KHM_ERROR_INVALID_PARAM One or more of the supplied parameters are not valid
+ \retval KHM_ERROR_TYPE_MISMATCH The specified value is not a string
+ \retval KHM_ERROR_TOO_LONG \a buf was NULL or the size of the buffer was insufficient. The required size is in bufsize.
+ \retval KHM_ERROR_SUCCESS Success. The number of bytes copied is in bufsize.
+ \retval KHM_ERROR_NOT_FOUND The value was not found.
+
+ \see khc_open_space()
+*/
+KHMEXP khm_int32 KHMAPI
+khc_read_multi_string(khm_handle conf,
+ const wchar_t * value_name,
+ wchar_t * buf,
+ khm_size * bufsize);
+
+/*! \brief Read a 32 bit integer value from a configuration space
+
+ The \a value_name parameter specifies the value to read from the
+ configuration space. This can be either a value name or a value
+ path consisting of a series nested configuration space names
+ followed by the value name all separated by backslashes or forward
+ slashes.
+
+ For example: If \a conf is a handle to the configuration space \c
+ 'A/B/C', then the value name \c 'D/E/v' refers to the value named
+ \c 'v' in the configuration space \c 'A/B/C/D/E'.
+
+ The specific configuration store that is used to access the value
+ depends on the flags that were specified in the call to
+ khc_open_space(). The precedence of configuration stores are as
+ follows:
+
+ - If KCONF_FLAG_USER was specified, then the user configuration
+ space.
+
+ - Otherwise, if KCONF_FLAG_MACHINE was specified, then the machine
+ configuration space.
+
+ - Otherwise, if KCONF_FLAG_SCHEMA was specified, the the schema
+ store.
+
+ Note that not specifying any of the configuration store specifiers
+ in the call to khc_open_space() is equivalent to specifying all
+ three.
+
+ If the value is not found in the configuration space and any
+ shadowed configuration spaces, the function returns \a
+ KHM_ERROR_NOT_FOUND. In this case, the buffer is left unmodified.
+
+ \param[in] conf Handle to a configuration space
+ \param[in] value The value to query
+ \param[out] buf The buffer to receive the value
+
+ \retval KHM_ERROR_NOT_READY The configuration provider has not started.
+ \retval KHM_ERROR_SUCCESS Success. The value that was read was placed in \a buf
+ \retval KHM_ERROR_NOT_FOUND The specified value was not found
+ \retval KHM_ERROR_INVALID_PARAM One or more parameters were invalid
+ \retval KHM_ERROR_TYPE_MISMATCH The specified value was found but was not of the correct type.
+ \see khc_open_space()
+*/
+KHMEXP khm_int32 KHMAPI
+khc_read_int32(khm_handle conf,
+ const wchar_t * value_name,
+ khm_int32 * buf);
+
+/*! \brief Read a 64 bit integer value from a configuration space
+
+ The \a value_name parameter specifies the value to read from the
+ configuration space. This can be either a value name or a value
+ path consisting of a series nested configuration space names
+ followed by the value name all separated by backslashes or forward
+ slashes.
+
+ For example: If \a conf is a handle to the configuration space \c
+ 'A/B/C', then the value name \c 'D/E/v' refers to the value named
+ \c 'v' in the configuration space \c 'A/B/C/D/E'.
+
+ The specific configuration store that is used to access the value
+ depends on the flags that were specified in the call to
+ khc_open_space(). The precedence of configuration stores are as
+ follows:
+
+ - If KCONF_FLAG_USER was specified, then the user configuration
+ space.
+
+ - Otherwise, if KCONF_FLAG_MACHINE was specified, then the machine
+ configuration space.
+
+ - Otherwise, if KCONF_FLAG_SCHEMA was specified, the the schema
+ store.
+
+ Note that not specifying any of the configuration store specifiers
+ in the call to khc_open_space() is equivalent to specifying all
+ three.
+
+ If the value is not found in the configuration space and any
+ shadowed configuration spaces, the function returns \a
+ KHM_ERROR_NOT_FOUND. In this case, the buffer is left unmodified.
+
+ \param[in] conf Handle to a configuration space
+ \param[in] value_name The value to query
+ \param[out] buf The buffer to receive the value
+
+ \retval KHM_ERROR_NOT_READY The configuration provider has not started
+ \retval KHM_ERROR_SUCCESS Success. The value that was read was placed in \a buf
+ \retval KHM_ERROR_NOT_FOUND The specified value was not found
+ \retval KHM_ERROR_INVALID_PARAM One or more parameters were invalid
+ \retval KHM_ERROR_TYPE_MISMATCH The specified value was found but was not the correct data type.
+
+ \see khc_open_space()
+*/
+KHMEXP khm_int32 KHMAPI
+khc_read_int64(khm_handle conf,
+ const wchar_t * value_name,
+ khm_int64 * buf);
+
+/*! \brief Read a binary value from a configuration space
+
+ The \a value_name parameter specifies the value to read from the
+ configuration space. This can be either a value name or a value
+ path consisting of a series nested configuration space names
+ followed by the value name all separated by backslashes or forward
+ slashes.
+
+ For example: If \a conf is a handle to the configuration space \c
+ 'A/B/C', then the value name \c 'D/E/v' refers to the value named
+ \c 'v' in the configuration space \c 'A/B/C/D/E'.
+
+ The specific configuration store that is used to access the value
+ depends on the flags that were specified in the call to
+ khc_open_space(). The precedence of configuration stores are as
+ follows:
+
+ - If KCONF_FLAG_USER was specified, then the user configuration
+ space.
+
+ - Otherwise, if KCONF_FLAG_MACHINE was specified, then the machine
+ configuration space.
+
+ Note that not specifying any of the configuration store specifiers
+ in the call to khc_open_space() is equivalent to specifying all
+ three. Also note that the schema store (KCONF_FLAG_SCHEMA) does
+ not support binary values.
+
+ If the value is not found in the configuration space and any
+ shadowed configuration spaces, the function returns \a
+ KHM_ERROR_NOT_FOUND. In this case, the buffer is left unmodified.
+
+ \param[in] buf Buffer to copy the string to. Specify NULL to just
+ retrieve the number of required bytes.
+
+ \param[in,out] bufsize On entry, specifies the number of bytes of
+ space available at the location specified by \a buf. On exit
+ specifies the number of bytes actually copied or the size of
+ the required buffer if \a buf is NULL or insufficient.
+
+ \retval KHM_ERROR_SUCCESS Success. The data was copied to \a buf. The number of bytes copied is stored in \a bufsize
+ \retval KHM_ERROR_NOT_FOUND The specified value was not found
+ \retval KHM_ERROR_INVALID_PARAM One or more parameters were invalid.
+
+ \see khc_open_space()
+*/
+KHMEXP khm_int32 KHMAPI
+khc_read_binary(khm_handle conf,
+ const wchar_t * value_name,
+ void * buf,
+ khm_size * bufsize);
+
+/*! \brief Write a string value to a configuration space
+
+ The \a value_name parameter specifies the value to write to the
+ configuration space. This can be either a value name or a value
+ path consisting of a series nested configuration space names
+ followed by the value name all separated by backslashes or forward
+ slashes.
+
+ For example: If \a conf is a handle to the configuration space \c
+ 'A/B/C', then the value name \c 'D/E/v' refers to the value named
+ \c 'v' in the configuration space \c 'A/B/C/D/E'.
+
+ The specific configuration store that is used to write the value
+ depends on the flags that were specified in the call to
+ khc_open_space(). The precedence of configuration stores are as
+ follows:
+
+ - If \a KCONF_FLAG_USER was specified, then the user configuration
+ space.
+
+ - Otherwise, if \a KCONF_FLAG_MACHINE was specified, then the
+ machine configuration space.
+
+ Note that not specifying any of the configuration store specifiers
+ in the call to khc_open_space() is equivalent to specifying all
+ three. Also note that the schema store (KCONF_FLAG_SCHEMA) is
+ readonly.
+
+ If the \a KCONF_FLAG_WRITEIFMOD flag is specified in the call to
+ khc_open_space() for obtaining the configuration handle, the
+ specified string will only be written if it is different from the
+ value being read from the handle.
+
+ If the \a KCONF_FLAG_IFMODCI flag is specified along with the \a
+ KCONF_FLAG_WRITEIFMOD flag, then the string comparison used will
+ be case insensitive.
+
+ \param[in] conf Handle to a configuration space
+ \param[in] value_name Name of value to write
+ \param[in] buf A NULL terminated unicode string not exceeding KCONF_MAXCCH_STRING in characters including terminating NULL
+
+ \see khc_open_space()
+*/
+KHMEXP khm_int32 KHMAPI
+khc_write_string(khm_handle conf,
+ const wchar_t * value_name,
+ wchar_t * buf);
+
+/*! \brief Write a multi-string value to a configuration space
+
+ The \a value_name parameter specifies the value to write to the
+ configuration space. This can be either a value name or a value
+ path consisting of a series nested configuration space names
+ followed by the value name all separated by backslashes or forward
+ slashes.
+
+ For example: If \a conf is a handle to the configuration space \c
+ 'A/B/C', then the value name \c 'D/E/v' refers to the value named
+ \c 'v' in the configuration space \c 'A/B/C/D/E'.
+
+ The specific configuration store that is used to write the value
+ depends on the flags that were specified in the call to
+ khc_open_space(). The precedence of configuration stores are as
+ follows:
+
+ A multi-string is a pseudo data type. The buffer pointed to by \a
+ buf should contain a sequence of NULL terminated strings
+ terminated by an empty string (or equivalently, the last string
+ should terminate with a double NULL). This will be stored in the
+ value as a CSV string.
+
+ - If KCONF_FLAG_USER was specified, then the user configuration
+ space.
+
+ - Otherwise, if KCONF_FLAG_MACHINE was specified, then the machine
+ configuration space.
+
+ Note that not specifying any of the configuration store specifiers
+ in the call to khc_open_space() is equivalent to specifying all
+ three. Also note that the schema store (KCONF_FLAG_SCHEMA) is
+ readonly.
+
+ If the \a KCONF_FLAG_WRITEIFMOD flag is specified in the call to
+ khc_open_space() for obtaining the configuration handle, the
+ specified string will only be written if it is different from the
+ value being read from the handle.
+
+ If the \a KCONF_FLAG_IFMODCI flag is specified along with the \a
+ KCONF_FLAG_WRITEIFMOD flag, then the string comparison used will
+ be case insensitive.
+
+ \see khc_open_space()
+*/
+KHMEXP khm_int32 KHMAPI
+khc_write_multi_string(khm_handle conf,
+ const wchar_t * value_name,
+ wchar_t * buf);
+
+/*! \brief Write a 32 bit integer value to a configuration space
+
+ The \a value_name parameter specifies the value to write to the
+ configuration space. This can be either a value name or a value
+ path consisting of a series nested configuration space names
+ followed by the value name all separated by backslashes or forward
+ slashes.
+
+ For example: If \a conf is a handle to the configuration space \c
+ 'A/B/C', then the value name \c 'D/E/v' refers to the value named
+ \c 'v' in the configuration space \c 'A/B/C/D/E'.
+
+ The specific configuration store that is used to write the value
+ depends on the flags that were specified in the call to
+ khc_open_space(). The precedence of configuration stores are as
+ follows:
+
+ - If KCONF_FLAG_USER was specified, then the user configuration
+ space.
+
+ - Otherwise, if KCONF_FLAG_MACHINE was specified, then the machine
+ configuration space.
+
+ Note that not specifying any of the configuration store specifiers
+ in the call to khc_open_space() is equivalent to specifying all
+ three. Also note that the schema store (KCONF_FLAG_SCHEMA) is
+ readonly.
+
+ If the \a KCONF_FLAG_WRITEIFMOD flag is specified in the call to
+ khc_open_space() for obtaining the configuration handle, the
+ specified string will only be written if it is different from the
+ value being read from the handle.
+
+ \see khc_open_space()
+*/
+KHMEXP khm_int32 KHMAPI
+khc_write_int32(khm_handle conf,
+ const wchar_t * value_name,
+ khm_int32 buf);
+
+/*! \brief Write a 64 bit integer value to a configuration space
+
+ The \a value_name parameter specifies the value to write to the
+ configuration space. This can be either a value name or a value
+ path consisting of a series nested configuration space names
+ followed by the value name all separated by backslashes or forward
+ slashes.
+
+ For example: If \a conf is a handle to the configuration space \c
+ 'A/B/C', then the value name \c 'D/E/v' refers to the value named
+ \c 'v' in the configuration space \c 'A/B/C/D/E'.
+
+ The specific configuration store that is used to write the value
+ depends on the flags that were specified in the call to
+ khc_open_space(). The precedence of configuration stores are as
+ follows:
+
+ - If KCONF_FLAG_USER was specified, then the user configuration
+ space.
+
+ - Otherwise, if KCONF_FLAG_MACHINE was specified, then the machine
+ configuration space.
+
+ Note that not specifying any of the configuration store specifiers
+ in the call to khc_open_space() is equivalent to specifying all
+ three. Also note that the schema store (KCONF_FLAG_SCHEMA) is
+ readonly.
+
+ If the \a KCONF_FLAG_WRITEIFMOD flag is specified in the call to
+ khc_open_space() for obtaining the configuration handle, the
+ specified string will only be written if it is different from the
+ value being read from the handle.
+
+ \see khc_open_space()
+*/
+KHMEXP khm_int32 KHMAPI
+khc_write_int64(khm_handle conf,
+ const wchar_t * value_name,
+ khm_int64 buf);
+
+/*! \brief Write a binary value to a configuration space
+
+ The \a value_name parameter specifies the value to write to the
+ configuration space. This can be either a value name or a value
+ path consisting of a series nested configuration space names
+ followed by the value name all separated by backslashes or forward
+ slashes.
+
+ For example: If \a conf is a handle to the configuration space \c
+ 'A/B/C', then the value name \c 'D/E/v' refers to the value named
+ \c 'v' in the configuration space \c 'A/B/C/D/E'.
+
+ The specific configuration store that is used to write the value
+ depends on the flags that were specified in the call to
+ khc_open_space(). The precedence of configuration stores are as
+ follows:
+
+ - If KCONF_FLAG_USER was specified, then the user configuration
+ space.
+
+ - Otherwise, if KCONF_FLAG_MACHINE was specified, then the machine
+ configuration space.
+
+ Note that not specifying any of the configuration store specifiers
+ in the call to khc_open_space() is equivalent to specifying all
+ three. Also note that the schema store (KCONF_FLAG_SCHEMA) is
+ readonly.
+
+ \see khc_open_space()
+*/
+KHMEXP khm_int32 KHMAPI
+khc_write_binary(khm_handle conf,
+ const wchar_t * value_name,
+ void * buf,
+ khm_size bufsize);
+
+/*! \brief Get the type of a value in a configuration space
+
+ \return The return value is the type of the specified value, or
+ KC_NONE if the value does not exist.
+ */
+KHMEXP khm_int32 KHMAPI
+khc_get_type(khm_handle conf, const wchar_t * value_name);
+
+/*! \brief Check which configuration stores contain a specific value.
+
+ Each value in a configuration space can be contained in zero or
+ more configuration stores. Use this function to determine which
+ configuration stores contain the specific value.
+
+ The returned bitmask always indicates a subset of the
+ configuration stores that were specified when opening the
+ configuration space corresponding to \a conf.
+
+ \return A combination of ::KCONF_FLAG_MACHINE, ::KCONF_FLAG_USER
+ and ::KCONF_FLAG_SCHEMA indicating which stores contain the
+ value.
+ */
+KHMEXP khm_int32 KHMAPI
+khc_value_exists(khm_handle conf, const wchar_t * value);
+
+/*! \brief Remove a value from a configuration space
+
+ Removes a value from one or more configuration stores.
+
+ A value can exist in multiple configuration stores. Only the
+ values that are stored in writable stores can be removed. When
+ the function searches for values to remove, it will only look in
+ configuration stores that are specified in the handle. In
+ addition, the configuration stores affected can be further
+ narrowed by specifying them in the \a flags parameter. If \a
+ flags is zero, then all the stores visible to the handle are
+ searched. If \a flags specifies ::KCONF_FLAG_USER or
+ ::KCONF_FLAG_MACHINE or both, then only the specified stores are
+ searched, provided that the stores are visible to the handle.
+
+ This function only operates on the topmost configuration space
+ visible to the handle. If the configuration handle is shadowed,
+ the shadowed configuration spaces are unaffected by the removal.
+
+ \param[in] conf Handle to configuration space to remove value from
+
+ \param[in] value_name Value to remove
+
+ \param[in] flags Specifies which configuration stores will be
+ affected by the removal. See above.
+
+ \retval KHM_ERROR_SUCCESS The value was removed from all the
+ specified configuration stores.
+
+ \retval KHM_ERROR_NOT_FOUND The value was not found.
+
+ \retval KHM_ERROR_UNKNOWN An unknown error occurred while trying
+ to remove the value.
+
+ \retval KHM_ERROR_PARTIAL The value was successfully removed from
+ one or more stores, but the operation failed on one or more
+ other stores.
+ */
+KHMEXP khm_int32 KHMAPI
+khc_remove_value(khm_handle conf, const wchar_t * value_name, khm_int32 flags);
+
+/*! \brief Get the name of a configuration space
+
+ \param[in] conf Handle to a configuration space
+
+ \param[out] buf The buffer to receive the name. Set to NULL if
+ only the size of the buffer is required.
+
+ \param[in,out] bufsize On entry, holds the size of the buffer
+ pointed to by \a buf. On exit, holds the number of bytes
+ copied into the buffer including the NULL terminator.
+ */
+KHMEXP khm_int32 KHMAPI
+khc_get_config_space_name(khm_handle conf,
+ wchar_t * buf,
+ khm_size * bufsize);
+
+/*! \brief Get a handle to the parent space
+
+ \param[in] conf Handle to a configuration space
+
+ \param[out] parent Handle to the parent configuration space if the
+ call succeeds. Receives NULL otherwise. The returned handle
+ must be closed using khc_close_space()
+ */
+KHMEXP khm_int32 KHMAPI
+khc_get_config_space_parent(khm_handle conf,
+ khm_handle * parent);
+
+/*! \brief Load a configuration schema into the specified configuration space
+
+ \param[in] conf Handle to a configuration space or NULL to use the
+ root configuration space.
+
+ \param[in] schema The schema to load. The schema is assumed to be
+ well formed.
+
+ \see khc_unload_schema()
+ */
+KHMEXP khm_int32 KHMAPI
+khc_load_schema(khm_handle conf,
+ const kconf_schema * schema);
+
+/*! \brief Unload a schema from a configuration space
+ */
+KHMEXP khm_int32 KHMAPI
+khc_unload_schema(khm_handle conf,
+ const kconf_schema * schema);
+
+/*! \brief Enumerate the subspaces of a configuration space
+
+ Prepares a configuration space for enumeration and returns the
+ child spaces in no particular order.
+
+ \param[in] conf The configuration space to enumerate child spaces
+
+ \param[in] prev The previous configuration space returned by
+ khc_enum_subspaces() or NULL if this is the first call. If
+ this is not NULL, then the handle passed in \a prev will be
+ freed.
+
+ \param[out] next If \a prev was NULL, receives the first sub space
+ found in \a conf. You must \b either call
+ khc_enum_subspaces() again with the returned handle or call
+ khc_close_space() to free the returned handle if no more
+ subspaces are required. \a next can point to the same handle
+ specified in \a prev.
+
+ \retval KHM_ERROR_SUCCESS The call succeeded. There is a valid
+ handle to a configuration space in \a first_subspace.
+
+ \retval KHM_ERROR_INVALID_PARAM Either \a conf or \a prev was not a
+ valid configuration space handle or \a first_subspace is NULL.
+ Note that \a prev can be NULL.
+
+ \retval KHM_ERROR_NOT_FOUND There were no subspaces in the
+ configuration space pointed to by \a conf.
+
+ \note The configuration spaces that are enumerated directly belong
+ to the configuration space given by \a conf. This function
+ does not enumerate subspaces of shadowed configuration spaces
+ (see khc_shadow_space()). Even if \a conf was obtained on a
+ restricted domain (i.e. you specified one or more
+ configuration stores when you openend the handle and didn't
+ include all the configuration stores. See khc_open_space()),
+ the subspaces that are returned are the union of all
+ configuration spaces in all the configuration stores. This is
+ not a bug. This is a feature. In NetIDMgr, a configuartion
+ space exists if some configuration store defines it (or it was
+ created with a call to khc_open_space() even if no
+ configuration store defines it yet). This is the tradeoff you
+ make when using a layered configuration system.
+
+ However, the returned handle has the same domain restrictions
+ as \a conf.
+ */
+KHMEXP khm_int32 KHMAPI
+khc_enum_subspaces(khm_handle conf,
+ khm_handle prev,
+ khm_handle * next);
+
+/*! \brief Remove a configuration space
+
+ The configuration space will be marked for removal. Once all the
+ handles for the space have been released, it will be deleted. The
+ configuration stores that will be affected are the write enabled
+ configuration stores for the handle.
+ */
+KHMEXP khm_int32 KHMAPI
+khc_remove_space(khm_handle conf);
+/*@}*/
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2005 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#ifndef __KHIMAIRA_KCREDDB_H__
+#define __KHIMAIRA_KCREDDB_H__
+
+#include<khdefs.h>
+#include<time.h>
+
+
+/*! \defgroup kcdb NetIDMgr Credentials Database */
+/*@{*/
+
+/*! \brief Maximum length in characters of short description
+
+ The length includes the terminating \a NULL character.
+ */
+#define KCDB_MAXCCH_SHORT_DESC 256
+
+/*! \brief Maximum length in bytes of short description
+
+ The length includes the terminating \a NULL character.
+ */
+#define KCDB_MAXCB_SHORT_DESC (sizeof(wchar_t) * KCDB_MAXCCH_SHORT_DESC)
+
+/*! \brief Maximum length in characters of long description
+
+ The length includes the terminating \a NULL character.
+ */
+#define KCDB_MAXCCH_LONG_DESC 8192
+
+/*! \brief Maximum length in characters of long description
+
+ The length includes the terminating \a NULL character.
+ */
+#define KCDB_MAXCB_LONG_DESC (sizeof(wchar_t) * KCDB_MAXCCH_LONG_DESC)
+
+/*! \brief Maximum length in characters of name
+
+ The length includes the terminating \a NULL character.
+ */
+#define KCDB_MAXCCH_NAME 256
+
+/*! \brief Maximum length in bytes of short description
+
+ The length includes the terminating \a NULL character.
+ */
+#define KCDB_MAXCB_NAME (sizeof(wchar_t) * KCDB_MAXCCH_NAME)
+
+/*! \brief Automatically determine the number of bytes required
+
+ Can be used in most places where a count of bytes is required.
+ For many objects, the number of bytes that are required can be
+ determined through context and may be ommited. In such cases you
+ can use the \a KCDB_CBSIZE_AUTO value to specify that the function
+ is to determine the size automatically.
+
+ \note Not all functions that take a count of bytes support the \a
+ KCDB_CBSIZE_AUTO value.
+*/
+#define KCDB_CBSIZE_AUTO (-1)
+
+/*!
+\defgroup kcdb_ident Identities
+
+Functions, macros etc. for manipulating identities.
+*/
+
+/*@{*/
+
+/*! \brief The maximum number of characters (including terminator) that can
+ be specified as an identity name */
+#define KCDB_IDENT_MAXCCH_NAME 256
+
+/*! \brief The maximum number of bytes that can be specified as an identity
+ name */
+#define KCDB_IDENT_MAXCB_NAME (sizeof(wchar_t) * KCDB_IDENT_MAXCCH_NAME)
+
+/*! \brief Valid characters in an identity name */
+#define KCDB_IDENT_VALID_CHARS L"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ._@-/"
+
+/*!
+\name Flags for identities */
+/*@{*/
+
+/*! \brief Create the identity if it doesn't already exist.
+ \note Only to be used with kcdb_identity_create() */
+#define KCDB_IDENT_FLAG_CREATE 0x10000000L
+
+/*! \brief Has configuration information
+
+ Indicates that the identity has persistent configuration
+ information associated with it.
+ */
+#define KCDB_IDENT_FLAG_CONFIG 0x00800000L
+
+/*! \brief Marks the identity as active.
+
+ An active identity is one that is in active use within NetIDMgr.
+
+ \note This flag is readonly and cannot be specified when creating
+ or modifying an identity. Once an identity is deleted, it will
+ no longer have this flag. */
+#define KCDB_IDENT_FLAG_ACTIVE 0x02000000L
+
+
+/*! \brief The identity has custom attributes assigned
+ */
+#define KCDB_IDENT_FLAG_ATTRIBS 0x08000000L
+
+/*! \brief This is the default identity.
+
+ At most one identity will have this flag set at any given time.
+ To set or reset the flag, use kcdb_identity_set_default() */
+#define KCDB_IDENT_FLAG_DEFAULT 0x00000001L
+
+/*! \brief This identity can be searched.
+
+ The meaning of this flag is left to be interpreted by individual
+ plugins. */
+#define KCDB_IDENT_FLAG_SEARCHABLE 0x00000002L
+
+/*! \brief Hidden identity.
+
+ The identity will not show up in the identity list window. Once
+ the hidden is switched off, the identity (and all associated
+ credentials) will re-appear in the window */
+#define KCDB_IDENT_FLAG_HIDDEN 0x00000004L
+
+/*! \brief Invalid identity
+
+ For one reason or another, this identity is invalid. This flag
+ can be set by an identity provider to indicate that this identity
+ does not correspond to an actual identity because an external
+ entity (such as a KDC) has denied it's existence.
+
+ The absence of this flag does not imply that the identity is
+ valid. The ::KCDB_IDENT_FLAG_VALID bit must be set for that to be
+ the case. If neither flag is set, then the status of the identity
+ is not known.
+*/
+#define KCDB_IDENT_FLAG_INVALID 0x00000008L
+
+/*! \brief Valid identity
+
+ The identity has been validated through an external entity, or
+ it's validity implied through the existence of credentials for the
+ identity.
+
+ The absence of this flag does not imply that the identity is
+ invalid. The ::KCDB_IDENT_FLAG_INVALID bit must be set for that
+ to be the case. If neither flag is set, then the status of the
+ identity is not known.
+ */
+#define KCDB_IDENT_FLAG_VALID 0x00000010L
+
+/*! \brief Expired identity
+
+ This identity has expired and can not be actively used to obtain
+ credentials. This determination is made based on the input of
+ some external entity. This flag may only be set by an identity
+ provider.
+*/
+#define KCDB_IDENT_FLAG_EXPIRED 0x00000020L
+
+/*! \brief Empty identity
+
+ The identity does not have actual credentials associated with it.
+ */
+#define KCDB_IDENT_FLAG_EMPTY 0x00000040L
+
+/*! \brief Renewable identity
+
+ The initial credentials associated with this identity are
+ renewable. Thus making the whole identity renewable.
+ */
+#define KCDB_IDENT_FLAG_RENEWABLE 0x00000080L
+
+/*! \brief Required user interaction
+
+ The identity is in a state which requires user interaction to
+ activate. Currently, the identity may not be in a state where it
+ can be used to obtain credentials.
+
+ A typical example of this is when the primary password for an
+ identity has expired.
+ */
+#define KCDB_IDENT_FLAG_INTERACT 0x00000100L
+
+/*! \brief Has expired credentials
+
+ The identity has expired credentials associated with it.
+ */
+#define KCDB_IDENT_FLAG_CRED_EXP 0x00000200L
+
+/*! \brief Has renewable credentials
+
+ The identity has renewable credentials associated with it. If the
+ initial credentials of the identity are renewable, then identity
+ is renewable. Hence the ::KCDB_IDENT_FLAG_RENEWABLE should also
+ be set.
+ */
+#define KCDB_IDENT_FLAG_CRED_RENEW 0x00000400L
+
+/*! \brief Sticky identity
+
+ Sticky identities are identities that are always visible in the
+ credentials display even if no credentials are associated with it.
+ */
+#define KCDB_IDENT_FLAG_STICKY 0x00000800L
+
+/*! \brief Read/write flags mask.
+
+ A bitmask that correspond to all the read/write flags in the mask.
+*/
+#define KCDB_IDENT_FLAGMASK_RDWR 0x00000fffL
+
+/*@}*/
+
+/*! \name Identity Provider Data Structures
+@{*/
+
+/*! \brief Name transfer structure
+
+ Used when the KCDB is communicating with the identity provider to
+ exchange string names of identities. See individual ::KMSG_IDENT
+ message subtypes for the usage of this structure.
+ */
+typedef struct tag_kcdb_ident_name_xfer {
+ const wchar_t * name_src; /*!< An identity name. Does not
+ exceed KCDB_IDENT_MAXCCH_NAME
+ characters including terminating
+ NULL. */
+ const wchar_t * name_alt; /*!< An identity name. Does not
+ exceed KCDB_IDENT_MAXCCH_NAME
+ characters including terminating
+ NULL. */
+ wchar_t * name_dest; /*!< Pointer to a buffer that is to
+ receive a response string. The
+ size of the buffer in bytes is
+ specified in \a cb_name_dest. */
+ khm_size cb_name_dest; /*!< Size of buffer pointed to by \a
+ name_dest in bytes. */
+ khm_int32 result; /*!< Receives a result value, which is
+ usually an error code defined in
+ kherror.h, though it is not
+ always. */
+} kcdb_ident_name_xfer;
+
+typedef struct tag_kcdb_ident_info {
+ khm_handle identity;
+ khm_int32 fields;
+
+ FILETIME expiration;
+} kcdb_ident_info;
+
+/*@}*/
+
+/*! \name Identity provider interface functions
+
+ These functions encapsulate safe calls to the current identity
+ provider. While these functions are exported, applications should
+ not call these functions directly. They are provided for use by
+ the NetIDMgr core application.
+@{*/
+
+/*! \brief Validate an identity name
+
+ The name that is provided will be passed through sets of
+ validations. One set, which doesn't depend on the identity
+ provider checks whether the length of the identity name and
+ whether there are any invalid characters in the identity name. If
+ the name passes those tests, then the name is passed down to the
+ identity provider's name validation handler.
+
+ \retval KHM_ERROR_SUCCESS The name is valid
+ \retval KHM_ERROR_TOO_LONG Too many characters in name
+ \retval KHM_ERROR_INVALID_NAME There were invalid characters in the name.
+ \retval KHM_ERROR_NO_PROVIDER There is no identity provider;
+ however the name passed the length and character tests.
+ \retval KHM_ERROR_NOT_IMPLEMENTED The identity provider doesn't
+ implement a name validation handler; however the name passed
+ the length and character tests.
+
+ \see ::KMSG_IDENT_VALIDATE_NAME
+ */
+KHMEXP khm_int32 KHMAPI
+kcdb_identpro_validate_name(const wchar_t * name);
+
+/*! \brief Validate an identity
+
+ The identity itself needs to be validated. This may involve
+ communicating with an external entity.
+
+ \see ::KMSG_IDENT_VALIDATE_IDENTITY
+ */
+KHMEXP khm_int32 KHMAPI
+kcdb_identpro_validate_identity(khm_handle identity);
+
+/*! \brief Canonicalize the name
+
+
+ \see ::KMSG_IDENT_CANON_NAME
+*/
+KHMEXP khm_int32 KHMAPI
+kcdb_identpro_canon_name(const wchar_t * name_in,
+ wchar_t * name_out,
+ khm_size * cb_name_out);
+
+/*! \brief Compare two identity names
+
+ \see ::KMSG_IDENT_COMPARE_NAME
+*/
+KHMEXP khm_int32 KHMAPI
+kcdb_identpro_compare_name(const wchar_t * name1,
+ const wchar_t * name2);
+
+/*! \brief Set the specified identity as the default
+
+ \see ::KMSG_IDENT_SET_DEFAULT
+*/
+KHMEXP khm_int32 KHMAPI
+kcdb_identpro_set_default(khm_handle identity);
+
+/*! \brief Set the specified identity as searchable
+
+ \see ::KMSG_IDENT_SET_SEARCHABLE
+*/
+KHMEXP khm_int32 KHMAPI
+kcdb_identpro_set_searchable(khm_handle identity,
+ khm_boolean searchable);
+
+/*! \brief Update the specified identity
+
+ \see ::KMSG_IDENT_UPDATE
+*/
+KHMEXP khm_int32 KHMAPI
+kcdb_identpro_update(khm_handle identity);
+
+/*! \brief Obtain the UI callback
+
+ \a rock is actually a pointer to a ::khui_ident_new_creds_cb which
+ is to receive the callback.
+
+ \see ::KMSG_IDENT_GET_UI_CALLBACK
+ */
+KHMEXP khm_int32 KHMAPI
+kcdb_identpro_get_ui_cb(void * rock);
+
+/*! \brief Notify an identity provider of the creation of a new identity
+
+ \see ::KMSG_IDENT_NOTIFY_CREATE
+*/
+KHMEXP khm_int32 KHMAPI
+kcdb_identpro_notify_create(khm_handle identity);
+
+/*@}*/
+
+/*! \brief Check if the given name is a valid identity name
+
+ \return TRUE or FALSE to the question, is this valid?
+*/
+KHMEXP khm_boolean KHMAPI
+kcdb_identity_is_valid_name(const wchar_t * name);
+
+/*! \brief Create or open an identity.
+
+ If the KCDB_IDENT_FLAG_CREATE flag is specified in the flags
+ parameter a new identity will be created if one does not already
+ exist with the given name. If an identity by that name already
+ exists, then the existing identity will be opened. The result
+ parameter will receive a held reference to the opened identity.
+ Use kcdb_identity_release() to release the handle.
+
+ \param[in] name Name of identity to create
+ \param[in] flags If KCDB_IDENT_FLAG_CREATE is specified, then the
+ identity will be created if it doesn't already exist.
+ Additional flags can be set here which will be assigned to the
+ identity if it is created. Additional flags have no effect if
+ an existing identity is opened.
+ \param[out] result If the call is successful, this receives a held
+ reference to the identity. The caller should call
+ kcdb_identity_release() to release the identity once it is no
+ longer needed.
+ */
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_create(const wchar_t *name,
+ khm_int32 flags,
+ khm_handle * result);
+
+/*! \brief Mark an identity for deletion.
+
+ The identity will be marked for deletion. The
+ KCDB_IDENT_FLAG_ACTIVE will no longer be present for this
+ identity. Once all references to the identity are released, it
+ will be removed from memory. All associated credentials will also
+ be removed. */
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_delete(khm_handle id);
+
+/*! \brief Set or unset the specified flags in the specified identity.
+
+ Only flags that are in KCDB_IDENT_FLAGMASK_RDWR can be specifed in
+ the \a flags parameter or the \a mask parameter. The flags set in
+ the \a mask parameter of the identity will be set to the
+ corresponding values in the \a flags parameter.
+
+ If ::KCDB_IDENT_FLAG_INVALID is set using this function, then the
+ ::KCDB_IDENT_FLAG_VALID will be automatically reset, and vice
+ versa. Resetting either bit does not undo this change, and will
+ leave the identity's validity unspecified.
+
+ Note that setting or resetting certain flags have other semantic
+ side-effects:
+
+ - ::KCDB_IDENT_FLAG_DEFAULT : Setting this is equivalent to
+ calling kcdb_identity_set_default() with \a id. Resetting this
+ is equivalent to calling kcdb_identity_set_default() with NULL.
+
+ - ::KCDB_IDENT_FLAG_SEARCHABLE : Setting this will result in the
+ identity provider getting notified of the change. If the
+ identity provider indicates that searchable flag should not be
+ set or reset on the identity, then kcdb_identity_set_flags()
+ will return an error.
+
+ \note kcdb_identity_set_flags() is not atomic. Even if the
+ function returns a failure code, some flags in the identity may
+ have been set. When calling kcdb_identity_set_flags() always
+ check the flags in the identity using kcdb_identity_get_flags() to
+ check which flags have been set and which have failed.
+*/
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_set_flags(khm_handle id,
+ khm_int32 flags,
+ khm_int32 mask);
+
+/*! \brief Return all the flags for the identity
+
+ The returned flags may include internal flags.
+*/
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_get_flags(khm_handle id,
+ khm_int32 * flags);
+
+/*! \brief Return the name of the identity
+
+ \param[out] buffer Buffer to copy the identity name into. The
+ maximum size of an identity name is \a KCDB_IDENT_MAXCB_NAME.
+ If \a buffer is \a NULL, then the required size of the buffer
+ is returned in \a pcbsize.
+
+ \param[in,out] pcbsize Size of buffer in bytes. */
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_get_name(khm_handle id,
+ wchar_t * buffer,
+ khm_size * pcbsize);
+
+/*! \brief Set the specified identity as the default.
+
+ Specifying NULL effectively makes none of the identities the
+ default.
+
+ \see kcdb_identity_set_flags()
+*/
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_set_default(khm_handle id);
+
+/*! \brief Mark the specified identity as the default.
+
+ This API is reserved for use by identity providers as a means of
+ specifying which identity is default. The difference between
+ kcdb_identity_set_default() and kcdb_identity_set_default_int() is
+ in semantics.
+
+ - kcdb_identity_set_default() is used to request the KCDB to
+ designate the specified identity as the default. When
+ processing the request, the KCDB invokes the identity provider
+ to do the necessary work to make the identity the default.
+
+ - kcdb_identity_set_default_int() is used by the identity provider
+ to notify the KCDB that the specified identity is the default.
+ This does not result in the invocation of any other semantics to
+ make the identity the default other than releasing the previous
+ defualt identity and making the specified one the default. As
+ an additional side effect, the notification <::KMSG_KCDB,
+ ::KMSG_KCDB_IDENT, ::KCDB_OP_NEW_DEFAULT> will also not be sent.
+ */
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_set_default_int(khm_handle id);
+
+/*! \brief Get the default identity
+
+ Obtain a held handle to the default identity if there is one. The
+ handle must be freed using kcdb_identity_release().
+
+ If there is no default identity, then the handle pointed to by \a
+ pvid is set to \a NULL and the function returns
+ KHM_ERROR_NOT_FOUND. */
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_get_default(khm_handle * pvid);
+
+/*! \brief Get the configuration space for the identity.
+
+ If the configuration space for the identity does not exist and the
+ flags parameter does not specify ::KHM_FLAG_CREATE, then the
+ function will return a failure code as specified in
+ ::khc_open_space(). Depending on whether or not a configuration
+ space was found, the ::KCDB_IDENT_FLAG_CONFIG flag will be set or
+ reset for the identity.
+
+ \param[in] id Identity for which the configuraiton space is requested
+
+ \param[in] flags Flags used when calling khc_open_space(). If \a
+ flags specifies KHM_FLAG_CREATE, then the configuration space
+ is created.
+
+ \param[out] result The resulting handle. If the call is
+ successful, this receives a handle to the configuration space.
+ Use khc_close_space() to close the handle.
+*/
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_get_config(khm_handle id,
+ khm_int32 flags,
+ khm_handle * result);
+
+/*! \brief Hold a reference to an identity.
+
+ A reference to an identity (a handle) is only valid while it is
+ held. \note Once the handle is released, it can not be
+ revalidated by calling kcdb_identity_hold(). Doing so would lead
+ to unpredictable consequences. */
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_hold(khm_handle id);
+
+/*! \brief Release a reference to an identity.
+ \see kcdb_identity_hold() */
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_release(khm_handle id);
+
+/*! \brief Set the identity provider subscription
+
+ If there was a previous subscription, that subscription will be
+ automatically deleted.
+
+ \param[in] sub New identity provider subscription
+*/
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_set_provi
git://git.openafs.org / openafs.git / commitdiff