2 * include/kerberosIV/krb.h
4 * Copyright 1987, 1988, 1994, 2001, 2002 by the Massachusetts
5 * Institute of Technology. All Rights Reserved.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
26 * Include file for the Kerberos V4 library.
29 /* Only one time, please */
34 * For MacOS, don't expose prototypes of various private functions.
35 * Unfortuantely, they've leaked out everywhere else.
37 #if defined(__MACH__) && defined(__APPLE__)
38 # include <TargetConditionals.h>
39 # if TARGET_RT_MAC_CFM
40 # error "Use KfM 4.0 SDK headers for CFM compilation."
43 # define KRB_PRIVATE 0
47 # define KRB_PRIVATE 1
51 /* Define u_char, u_short, u_int, and u_long. */
52 /* XXX these typdef names are not standardized! */
53 #include <sys/types.h>
55 /* Need some defs from des.h */
56 #include <kerberosIV/des.h>
57 #include <kerberosIV/krb_err.h>
65 #ifndef KRBINT_BEGIN_DECLS
66 #define KRBINT_BEGIN_DECLS extern "C" {
67 #define KRBINT_END_DECLS }
70 #define KRBINT_BEGIN_DECLS
71 #define KRBINT_END_DECLS
79 #define KRB4_32 DES_INT32
80 #define KRB_INT32 DES_INT32
81 #define KRB_UINT32 DES_UINT32
83 #define MAX_KRB_ERRORS 256
86 /* ABI divergence on Mac for backwards compatibility. */
87 extern const char * const * const krb_err_txt;
89 extern const char * const krb_err_txt[MAX_KRB_ERRORS];
92 /* General definitions */
97 * Kerberos specific definitions
99 * KRBLOG is the log file for the kerberos master server. KRB_CONF is
100 * the configuration file where different host machines running master
101 * and slave servers can be found. KRB_MASTER is the name of the
102 * machine with the master database. The admin_server runs on this
103 * machine, and all changes to the db (as opposed to read-only
104 * requests, which can go to slaves) must go to it. KRB_HOST is the
105 * default machine * when looking for a kerberos slave server. Other
106 * possibilities are * in the KRB_CONF file. KRB_REALM is the name of
110 #define KRB_CONF "/etc/krb.conf"
111 #define KRB_RLM_TRANS "/etc/krb.realms"
112 #define KRB_MASTER "kerberos"
113 #define KRB_HOST KRB_MASTER
114 #define KRB_REALM "ATHENA.MIT.EDU"
116 /* The maximum sizes for aname, realm, sname, and instance +1 */
123 * NB: This overcounts due to NULs.
125 /* include space for '.' and '@' */
126 #define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
129 #define MSG_TYPE_SZ 1
130 #define DATE_SZ 26 /* RTI date output */
132 #define MAX_HSTNM 100
134 #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
135 #define DEFAULT_TKT_LIFE 120 /* default lifetime for krb_mk_req */
138 #define KRB_TICKET_GRANTING_TICKET "krbtgt"
140 /* Definition of text structure used to pass text around */
141 #define MAX_KTXT_LEN 1250
144 int length; /* Length of the text */
145 unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
146 unsigned long mbz; /* zero to catch runaway strings */
149 typedef struct ktext *KTEXT;
150 typedef struct ktext KTEXT_ST;
153 /* Definitions for send_to_kdc */
154 #define CLIENT_KRB_TIMEOUT 4 /* time between retries */
155 #define CLIENT_KRB_RETRY 5 /* retry this many times */
156 #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */
158 /* Definitions for ticket file utilities */
162 /* Definitions for cl_get_tgt */
164 #define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts"
166 #define CL_GTGT_INIT_FILE "/etc/k_in_tkts"
169 /* Parameters for rd_ap_req */
170 /* Maximum allowable clock skew in seconds */
171 #define CLOCK_SKEW 5*60
172 /* Filename for readservkey */
173 #define KEYFILE ((char*)krb__get_srvtabname("/etc/srvtab"))
175 /* Structure definition for rd_ap_req */
178 unsigned char k_flags; /* Flags from ticket */
179 char pname[ANAME_SZ]; /* Principal's name */
180 char pinst[INST_SZ]; /* His Instance */
181 char prealm[REALM_SZ]; /* His Realm */
182 unsigned KRB4_32 checksum; /* Data checksum (opt) */
183 C_Block session; /* Session Key */
184 int life; /* Life of ticket */
185 unsigned KRB4_32 time_sec; /* Time ticket issued */
186 unsigned KRB4_32 address; /* Address in ticket */
187 KTEXT_ST reply; /* Auth reply (opt) */
190 typedef struct auth_dat AUTH_DAT;
192 /* Structure definition for credentials returned by get_cred */
195 char service[ANAME_SZ]; /* Service name */
196 char instance[INST_SZ]; /* Instance */
197 char realm[REALM_SZ]; /* Auth domain */
198 C_Block session; /* Session key */
199 int lifetime; /* Lifetime */
200 int kvno; /* Key version number */
201 KTEXT_ST ticket_st; /* The ticket itself */
202 KRB4_32 issue_date; /* The issue time */
203 char pname[ANAME_SZ]; /* Principal's name */
204 char pinst[INST_SZ]; /* Principal's instance */
206 KRB_UINT32 address; /* Address in ticket */
207 KRB_UINT32 stk_type; /* string_to_key function needed */
210 char address[ADDR_SZ]; /* Address in ticket */
214 typedef struct credentials CREDENTIALS;
216 /* Structure definition for rd_private_msg and rd_safe_msg */
219 unsigned char *app_data; /* pointer to appl data */
220 unsigned KRB4_32 app_length; /* length of appl data */
221 unsigned KRB4_32 hash; /* hash to lookup replay */
222 int swap; /* swap bytes? */
223 KRB4_32 time_sec; /* msg timestamp seconds */
224 unsigned char time_5ms; /* msg timestamp 5ms units */
227 typedef struct msg_dat MSG_DAT;
230 /* Location of ticket file for save_cred and get_cred */
232 #define TKT_FILE "\\kerberos\\ticket.ses"
234 #define TKT_FILE tkt_string()
235 #define TKT_ROOT "/tmp/tkt"
239 * Error codes are now defined as offsets from com_err (krb_err.et)
242 #define KRB_ET(x) ((KRBET_ ## x) - ERROR_TABLE_BASE_krb)
244 /* Error codes returned from the KDC */
245 #define KDC_OK KRB_ET(KSUCCESS) /* 0 - Request OK */
246 #define KDC_NAME_EXP KRB_ET(KDC_NAME_EXP) /* 1 - Principal expired */
247 #define KDC_SERVICE_EXP KRB_ET(KDC_SERVICE_EXP) /* 2 - Service expired */
248 #define KDC_AUTH_EXP KRB_ET(KDC_AUTH_EXP) /* 3 - Auth expired */
249 #define KDC_PKT_VER KRB_ET(KDC_PKT_VER) /* 4 - Prot version unknown */
250 #define KDC_P_MKEY_VER KRB_ET(KDC_P_MKEY_VER) /* 5 - Wrong mkey version */
251 #define KDC_S_MKEY_VER KRB_ET(KDC_S_MKEY_VER) /* 6 - Wrong mkey version */
252 #define KDC_BYTE_ORDER KRB_ET(KDC_BYTE_ORDER) /* 7 - Byte order unknown */
253 #define KDC_PR_UNKNOWN KRB_ET(KDC_PR_UNKNOWN) /* 8 - Princ unknown */
254 #define KDC_PR_N_UNIQUE KRB_ET(KDC_PR_N_UNIQUE) /* 9 - Princ not unique */
255 #define KDC_NULL_KEY KRB_ET(KDC_NULL_KEY) /* 10 - Princ has null key */
256 #define KDC_GEN_ERR KRB_ET(KDC_GEN_ERR) /* 20 - Generic err frm KDC */
258 /* Values returned by get_credentials */
259 #define GC_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */
260 #define RET_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */
261 #define GC_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */
262 #define RET_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */
263 #define GC_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */
264 #define RET_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */
266 /* Values returned by mk_ap_req */
267 #define MK_AP_OK KRB_ET(KSUCCESS) /* 0 - Success */
268 #define MK_AP_TGTEXP KRB_ET(MK_AP_TGTEXP) /* 26 - TGT Expired */
270 /* Values returned by rd_ap_req */
271 #define RD_AP_OK KRB_ET(KSUCCESS) /* 0 - Request authentic */
272 #define RD_AP_UNDEC KRB_ET(RD_AP_UNDEC) /* 31 - Can't decode authent */
273 #define RD_AP_EXP KRB_ET(RD_AP_EXP) /* 32 - Ticket expired */
274 #define RD_AP_NYV KRB_ET(RD_AP_NYV) /* 33 - Ticket not yet valid */
275 #define RD_AP_REPEAT KRB_ET(RD_AP_REPEAT) /* 34 - Repeated request */
276 #define RD_AP_NOT_US KRB_ET(RD_AP_NOT_US) /* 35 - Ticket isn't for us */
277 #define RD_AP_INCON KRB_ET(RD_AP_INCON) /* 36 - Request inconsistent */
278 #define RD_AP_TIME KRB_ET(RD_AP_TIME) /* 37 - delta_t too big */
279 #define RD_AP_BADD KRB_ET(RD_AP_BADD) /* 38 - Incorrect net addr */
280 #define RD_AP_VERSION KRB_ET(RD_AP_VERSION) /* 39 - prot vers mismatch */
281 #define RD_AP_MSG_TYPE KRB_ET(RD_AP_MSG_TYPE) /* 40 - invalid msg type */
282 #define RD_AP_MODIFIED KRB_ET(RD_AP_MODIFIED) /* 41 - msg stream modified */
283 #define RD_AP_ORDER KRB_ET(RD_AP_ORDER) /* 42 - message out of order */
284 #define RD_AP_UNAUTHOR KRB_ET(RD_AP_UNAUTHOR) /* 43 - unauthorized request */
286 /* Values returned by get_pw_tkt */
287 #define GT_PW_OK KRB_ET(KSUCCESS) /* 0 - Got passwd chg tkt */
288 #define GT_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */
289 #define GT_PW_BADPW KRB_ET(GT_PW_BADPW) /* 52 - Wrong passwd */
290 #define GT_PW_PROT KRB_ET(GT_PW_PROT) /* 53 - Protocol Error */
291 #define GT_PW_KDCERR KRB_ET(GT_PW_KDCERR) /* 54 - Error ret by KDC */
292 #define GT_PW_NULLTKT KRB_ET(GT_PW_NULLTKT) /* 55 - Null tkt ret by KDC */
294 /* Values returned by send_to_kdc */
295 #define SKDC_OK KRB_ET(KSUCCESS) /* 0 - Response received */
296 #define SKDC_RETRY KRB_ET(SKDC_RETRY) /* 56 - Retry count exceeded */
297 #define SKDC_CANT KRB_ET(SKDC_CANT) /* 57 - Can't send request */
300 * Values returned by get_intkt
301 * (can also return SKDC_* and KDC errors)
304 #define INTK_OK KRB_ET(KSUCCESS) /* 0 - Ticket obtained */
305 #define INTK_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */
306 #define INTK_W_NOTALL KRB_ET(INTK_W_NOTALL) /* 61 - Not ALL tkts retd */
307 #define INTK_BADPW KRB_ET(INTK_BADPW) /* 62 - Incorrect password */
308 #define INTK_PROT KRB_ET(INTK_PROT) /* 63 - Protocol Error */
309 #define INTK_ERR KRB_ET(INTK_ERR) /* 70 - Other error */
311 /* Values returned by get_adtkt */
312 #define AD_OK KRB_ET(KSUCCESS) /* 0 - Ticket Obtained */
313 #define AD_NOTGT KRB_ET(AD_NOTGT) /* 71 - Don't have tgt */
315 /* Error codes returned by ticket file utilities */
316 #define NO_TKT_FIL KRB_ET(NO_TKT_FIL) /* 76 - No ticket file found */
317 #define TKT_FIL_ACC KRB_ET(TKT_FIL_ACC) /* 77 - Can't acc tktfile */
318 #define TKT_FIL_LCK KRB_ET(TKT_FIL_LCK) /* 78 - Can't lck tkt file */
319 #define TKT_FIL_FMT KRB_ET(TKT_FIL_FMT) /* 79 - Bad tkt file format */
320 #define TKT_FIL_INI KRB_ET(TKT_FIL_INI) /* 80 - tf_init not called */
322 /* Error code returned by kparse_name */
323 #define KNAME_FMT KRB_ET(KNAME_FMT) /* 81 - Bad krb name fmt */
325 /* Error code returned by krb_mk_safe */
326 #define SAFE_PRIV_ERROR (-1) /* syscall error */
328 /* Kerberos ticket flag field bit definitions */
329 #define K_FLAG_ORDER 0 /* bit 0 --> lsb */
330 #define K_FLAG_1 /* reserved */
331 #define K_FLAG_2 /* reserved */
332 #define K_FLAG_3 /* reserved */
333 #define K_FLAG_4 /* reserved */
334 #define K_FLAG_5 /* reserved */
335 #define K_FLAG_6 /* reserved */
336 #define K_FLAG_7 /* reserved, bit 7 --> msb */
338 /* Are these needed anymore? */
340 #define krb_mk_req mk_ap_req
341 #define krb_rd_req rd_ap_req
342 #define krb_kntoln an_to_ln
343 #define krb_set_key set_serv_key
344 #define krb_get_cred get_credentials
345 #define krb_mk_priv mk_private_msg
346 #define krb_rd_priv rd_private_msg
347 #define krb_mk_safe mk_safe_msg
348 #define krb_rd_safe rd_safe_msg
349 #define krb_mk_err mk_appl_err_msg
350 #define krb_rd_err rd_appl_err_msg
351 #define krb_ck_repl check_replay
352 #define krb_get_pw_in_tkt get_in_tkt
353 #define krb_get_svc_in_tkt get_svc_in_tkt
354 #define krb_get_pw_tkt get_pw_tkt
355 #define krb_realmofhost krb_getrealm
356 #define krb_get_phost get_phost
357 #define krb_get_krbhst get_krbhst
358 #define krb_get_lrealm get_krbrlm
359 #endif /* OLDNAMES */
361 /* Defines for krb_sendauth and krb_recvauth */
363 #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
364 #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */
365 #define KOPT_DONT_CANON 0x00000004 /* don't canonicalize inst as a host */
367 #define KRB_SENDAUTH_VLEN 8 /* length for version strings */
370 #define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */
371 #endif /* ATHENA_COMPAT */
375 #define TIME_GMT_UNIXSEC win_time_gmt_unixsec((unsigned KRB4_32 *)0)
376 #define TIME_GMT_UNIXSEC_US(us) win_time_gmt_unixsec((us))
377 #define CONVERT_TIME_EPOCH win_time_get_epoch()
379 /* until we do V4 compat under DOS, just turn this off */
380 #define _fmemcpy memcpy
381 #define _fstrncpy strncpy
382 #define far_fputs fputs
383 /* and likewise, just drag in the unix time interface */
384 #define TIME_GMT_UNIXSEC unix_time_gmt_unixsec((unsigned KRB4_32 *)0)
385 #define TIME_GMT_UNIXSEC_US(us) unix_time_gmt_unixsec((us))
386 #define CONVERT_TIME_EPOCH ((long)0) /* Unix epoch is Krb epoch */
389 /* Constants for KerberosProfileLib */
390 #define REALMS_V4_PROF_REALMS_SECTION "v4 realms"
391 #define REALMS_V4_PROF_KDC "kdc"
392 #define REALMS_V4_PROF_ADMIN_KDC "admin_server"
393 #define REALMS_V4_PROF_KPASSWD_KDC "kpasswd_server"
394 #define REALMS_V4_PROF_DOMAIN_SECTION "v4 domain_realm"
395 #define REALMS_V4_PROF_LIBDEFAULTS_SECTION "libdefaults"
396 #define REALMS_V4_PROF_LOCAL_REALM "default_realm"
397 #define REALMS_V4_PROF_STK "string_to_key_type"
398 #define REALMS_V4_MIT_STK "mit_string_to_key"
399 #define REALMS_V4_AFS_STK "afs_string_to_key"
400 #define REALMS_V4_COLUMBIA_STK "columbia_string_to_key"
401 #define REALMS_V4_DEFAULT_REALM "default_realm"
402 #define REALMS_V4_NO_ADDRESSES "noaddresses"
404 /* ask to disable IP address checking in the library */
405 extern int krb_ignore_ip_address;
407 /* Debugging printfs shouldn't even be compiled on many systems that don't
408 support printf! Use it like DEB (("Oops - %s\n", string)); */
411 #define DEB(x) if (krb_debug) printf x
412 extern int krb_debug;
414 #define DEB(x) /* nothing */
417 /* Define a couple of function types including parameters. These
418 are needed on MS-Windows to convert arguments of the function pointers
419 to the proper types during calls. */
421 typedef int (KRB5_CALLCONV *key_proc_type)
422 (char *, char *, char *,
424 #define KEY_PROC_TYPE_DEFINED
426 typedef int (KRB5_CALLCONV *decrypt_tkt_type)
427 (char *, char *, char *,
428 char *, key_proc_type, KTEXT *);
429 #define DECRYPT_TKT_TYPE_DEFINED
431 extern struct _krb5_context * krb5__krb4_context;
434 * Function Prototypes for Kerberos V4.
440 int KRB5_CALLCONV dest_tkt
443 const char * KRB5_CALLCONV krb_get_err_text
446 /* Previously not KRB5_CALLCONV */
447 int KRB5_CALLCONV get_ad_tkt
448 (char *service, char *sinst, char *realm, int lifetime);
450 int KRB5_CALLCONV krb_get_admhst
451 (char *host, char *realm, int idx);
453 int KRB5_CALLCONV krb_get_cred
454 (char *service, char *instance, char *realm,
457 /* Previously not KRB5_CALLCONV */
458 int KRB5_CALLCONV krb_get_in_tkt
459 (char *k_user, char *instance, char *realm,
460 char *service, char *sinst, int life,
461 key_proc_type, decrypt_tkt_type, char *arg);
463 /* Previously not KRB5_CALLCONV */
464 int KRB5_CALLCONV krb_get_in_tkt_preauth
465 (char *k_user, char *instance, char *realm,
466 char *service, char *sinst, int life,
467 key_proc_type, decrypt_tkt_type, char *arg,
468 char *preauth_p, int preauth_len);
471 int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *,
472 int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *);
475 int KRB5_CALLCONV krb_get_krbhst
476 (char *host, const char *realm, int idx);
478 int KRB5_CALLCONV krb_get_lrealm
479 (char *realm, int idx);
481 char * KRB5_CALLCONV krb_get_phost
484 int KRB5_CALLCONV get_pw_tkt
485 (char *, char *, char *, char *);
487 int KRB5_CALLCONV krb_get_pw_in_tkt
488 (char *k_user, char *instance, char *realm,
489 char *service, char *sinstance,
490 int life, char *password);
492 int KRB5_CALLCONV krb_get_pw_in_tkt_preauth
493 (char *k_user, char *instance, char *realm,
494 char *service, char *sinstance,
495 int life, char *password);
498 krb_get_pw_in_tkt_creds(char *, char *, char *,
499 char *, char *, int, char *, CREDENTIALS *);
502 int KRB5_CALLCONV krb_get_svc_in_tkt
503 (char *k_user, char *instance, char *realm,
504 char *service, char *sinstance,
505 int life, char *srvtab);
508 int KRB5_CALLCONV krb_get_tf_fullname
509 (const char *ticket_file, char *name, char *inst, char *realm);
511 int KRB5_CALLCONV krb_get_tf_realm
512 (const char *ticket_file, char *realm);
514 int KRB5_CALLCONV krb_get_ticket_for_service
516 char *buf, unsigned KRB4_32 *buflen,
517 int checksum, des_cblock, Key_schedule,
518 char *version, int includeVersion);
521 int KRB5_CALLCONV in_tkt
522 (char *name, char *inst);
523 int KRB5_CALLCONV krb_in_tkt
524 (char *pname, char *pinst, char *realm);
528 int KRB5_CALLCONV kname_parse
529 (char *name, char *inst, char *realm,
531 /* Merged from KfM */
532 int KRB5_CALLCONV kname_unparse
533 (char *, const char *, const char *, const char *);
535 int KRB5_CALLCONV k_isname
537 int KRB5_CALLCONV k_isinst
539 int KRB5_CALLCONV k_isrealm
544 int KRB5_CALLCONV kuserok
545 (AUTH_DAT *kdata, char *luser);
548 KRB4_32 KRB5_CALLCONV krb_life_to_time
549 (KRB4_32 start, int life);
550 int KRB5_CALLCONV krb_time_to_life
551 (KRB4_32 start, KRB4_32 end);
554 int KRB5_CALLCONV krb_check_auth
555 (KTEXT, unsigned KRB4_32 cksum, MSG_DAT *,
556 C_Block, Key_schedule,
557 struct sockaddr_in * local_addr,
558 struct sockaddr_in * foreign_addr);
559 int KRB5_CALLCONV krb_mk_auth
560 (long k4_options, KTEXT ticket,
561 char *service, char *inst, char *realm,
562 unsigned KRB4_32 checksum, char *version, KTEXT buf);
564 long KRB5_CALLCONV krb_mk_err
565 (u_char *out, KRB4_32 k4_code, char *text);
569 (char **preauth_p, int *preauth_len, key_proc_type,
570 char *name, char *inst, char *realm, char *password,
572 void krb_free_preauth
573 (char * preauth_p, int len);
576 long KRB5_CALLCONV krb_mk_priv
577 (u_char *in, u_char *out,
578 unsigned KRB4_32 length,
579 Key_schedule, C_Block *,
580 struct sockaddr_in * sender,
581 struct sockaddr_in * receiver);
583 int KRB5_CALLCONV krb_mk_req
585 char *service, char *instance, char *realm,
587 /* Merged from KfM */
588 int KRB5_CALLCONV krb_mk_req_creds(KTEXT, CREDENTIALS *, KRB_INT32);
590 /* Added CALLCONV (KfM exports w/o INTERFACE, but KfW doesn't export?) */
591 int KRB5_CALLCONV krb_set_lifetime(int newval);
594 long KRB5_CALLCONV krb_mk_safe
595 (u_char *in, u_char *out, unsigned KRB4_32 length,
597 struct sockaddr_in *sender,
598 struct sockaddr_in *receiver);
602 (int fd, char *buf, int len);
605 (int fd, char *buf, int len);
612 int KRB5_CALLCONV put_svc_key
614 char *name, char *inst, char *realm,
615 int newvno, char *key);
618 int KRB5_CALLCONV krb_rd_err
619 (u_char *in, u_long in_length,
620 long *k4_code, MSG_DAT *m_data);
622 long KRB5_CALLCONV krb_rd_priv
623 (u_char *in,unsigned KRB4_32 in_length,
624 Key_schedule, C_Block *,
625 struct sockaddr_in *sender,
626 struct sockaddr_in *receiver,
629 int KRB5_CALLCONV krb_rd_req
630 (KTEXT, char *service, char *inst,
631 unsigned KRB4_32 from_addr, AUTH_DAT *,
633 /* Merged from KfM */
635 krb_rd_req_int(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, C_Block);
638 long KRB5_CALLCONV krb_rd_safe
639 (u_char *in, unsigned KRB4_32 in_length,
641 struct sockaddr_in *sender,
642 struct sockaddr_in *receiver,
645 int KRB5_CALLCONV read_service_key
646 (char *service, char *instance, char *realm,
647 int kvno, char *file, char *key);
648 int KRB5_CALLCONV get_service_key
649 (char *service, char *instance, char *realm,
650 int *kvno, char *file, char *key);
653 char * KRB5_CALLCONV krb_realmofhost
656 int KRB5_CALLCONV krb_recvauth
657 (long k4_options, int fd, KTEXT ticket,
658 char *service, char *instance,
659 struct sockaddr_in *foreign_addr,
660 struct sockaddr_in *local_addr,
661 AUTH_DAT *kdata, char *srvtab,
662 Key_schedule schedule, char *version);
664 int KRB5_CALLCONV krb_sendauth
665 (long k4_options, int fd, KTEXT ticket,
666 char *service, char *inst, char *realm,
667 unsigned KRB4_32 checksum, MSG_DAT *msg_data,
668 CREDENTIALS *cred, Key_schedule schedule,
669 struct sockaddr_in *laddr, struct sockaddr_in *faddr,
674 int KRB5_CALLCONV krb_save_credentials
675 (char *service, char *instance, char *realm,
676 C_Block session, int lifetime, int kvno,
677 KTEXT ticket, long issue_date);
679 /* XXX PRIVATE? KfM doesn't export. */
681 (KTEXT pkt, KTEXT rpkt, char *realm);
685 /* Used to return pointer to non-const char */
686 const char * KRB5_CALLCONV tkt_string
688 /* Previously not KRB5_CALLCONV, and previously took pointer to non-const. */
689 void KRB5_CALLCONV krb_set_tkt_string
694 int KRB5_CALLCONV tf_init (const char *tf_name, int rw);
696 int KRB5_CALLCONV tf_get_pname (char *p);
698 int KRB5_CALLCONV tf_get_pinst (char *p);
700 int KRB5_CALLCONV tf_get_cred (CREDENTIALS *c);
702 void KRB5_CALLCONV tf_close (void);
707 unsigned KRB4_32 KRB5_CALLCONV unix_time_gmt_unixsec
708 (unsigned KRB4_32 *);
711 * Internal prototypes
713 extern int krb_set_key
714 (char *key, int cvt);
716 /* This is exported by KfM. It was previously not KRB5_CALLCONV. */
717 extern int KRB5_CALLCONV decomp_ticket
718 (KTEXT tkt, unsigned char *flags, char *pname,
719 char *pinstance, char *prealm, unsigned KRB4_32 *paddress,
720 C_Block session, int *life, unsigned KRB4_32 *time_sec,
721 char *sname, char *sinstance, C_Block,
725 extern void cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm,
726 u_long time_ws, u_long e, char *e_string);
728 extern int create_ciph(KTEXT c, C_Block session, char *service,
729 char *instance, char *realm, unsigned long life,
730 int kvno, KTEXT tkt, unsigned long kdc_time,
734 extern int krb_create_ticket(KTEXT tkt, unsigned int flags, char *pname,
735 char *pinstance, char *prealm, long paddress,
736 char *session, int life, long time_sec,
737 char *sname, char *sinstance, C_Block key);
739 #endif /* KRB_PRIVATE */
741 /* This function is used by KEYFILE above. Do not call it directly */
742 extern char * krb__get_srvtabname(const char *);
746 extern int krb_kntoln(AUTH_DAT *, char *);
748 #ifdef KRB5_GENERAL__
749 extern int krb_cr_tkt_krb5(KTEXT tkt, unsigned int flags, char *pname,
750 char *pinstance, char *prealm, long paddress,
751 char *session, int life, long time_sec,
752 char *sname, char *sinstance,
753 krb5_keyblock *k5key);
755 extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key);
759 #endif /* KRB_PRIVATE */
762 * krb_change_password -- merged from KfM
764 /* change_password.c */
765 int KRB5_CALLCONV krb_change_password(char *, char *, char *, char *, char *);
768 * RealmsConfig-glue.c -- merged from KfM
770 int KRB5_CALLCONV krb_get_profile(profile_t *);
773 HINSTANCE get_lib_instance(void);
774 unsigned int krb_get_notification_message(void);
775 char * KRB5_CALLCONV krb_get_default_user(void);
776 int KRB5_CALLCONV krb_set_default_user(char *);
777 unsigned KRB4_32 win_time_gmt_unixsec(unsigned KRB4_32 *);
778 long win_time_get_epoch(void);
787 #endif /* KRB_DEFS */