diff options
Diffstat (limited to 'src/include/krb5/krb5.hin')
-rw-r--r-- | src/include/krb5/krb5.hin | 184 |
1 files changed, 167 insertions, 17 deletions
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index accde60..c0fdcd2 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -244,17 +244,29 @@ typedef krb5_principal_data * krb5_principal; */ /* Name type not known */ -#define KRB5_NT_UNKNOWN 0 +#define KRB5_NT_UNKNOWN 0 /* Just the name of the principal as in DCE, or for users */ -#define KRB5_NT_PRINCIPAL 1 +#define KRB5_NT_PRINCIPAL 1 /* Service and other unique instance (krbtgt) */ -#define KRB5_NT_SRV_INST 2 +#define KRB5_NT_SRV_INST 2 /* Service with host name as instance (telnet, rcommands) */ -#define KRB5_NT_SRV_HST 3 +#define KRB5_NT_SRV_HST 3 /* Service with host as remaining components */ -#define KRB5_NT_SRV_XHST 4 +#define KRB5_NT_SRV_XHST 4 /* Unique ID */ -#define KRB5_NT_UID 5 +#define KRB5_NT_UID 5 +/* PKINIT */ +#define KRB5_NT_X500_PRINCIPAL 6 +/* Name in form of SMTP email name */ +#define KRB5_NT_SMTP_NAME 7 +/* Windows 2000 UPN */ +#define KRB5_NT_ENTERPRISE_PRINCIPAL 10 +/* Windows 2000 UPN and SID */ +#define KRB5_NT_MS_PRINCIPAL -128 +/* NT 4 style name */ +#define KRB5_NT_MS_PRINCIPAL_AND_ID -129 +/* NT 4 style name and SID */ +#define KRB5_NT_ENT_PRINCIPAL_AND_ID -130 /* constant version thereof: */ typedef const krb5_principal_data *krb5_const_principal; @@ -303,6 +315,7 @@ typedef struct _krb5_address { #define ADDRTYPE_XNS 0x0006 #define ADDRTYPE_ISO 0x0007 #define ADDRTYPE_DDP 0x0010 +#define ADDRTYPE_NETBIOS 0x0014 #define ADDRTYPE_INET6 0x0018 /* not yet in the spec... */ #define ADDRTYPE_ADDRPORT 0x0100 @@ -402,6 +415,7 @@ typedef struct _krb5_crypto_iov { #define CKSUMTYPE_HMAC_SHA1_DES3 0x000c #define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 +#define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/ #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ /* The following are entropy source designations. Whenever @@ -763,6 +777,7 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum /* #define KDC_OPT_RESERVED 0x00080000 */ /* #define KDC_OPT_RESERVED 0x00040000 */ #define KDC_OPT_REQUEST_ANONYMOUS 0x00020000 +#define KDC_OPT_CNAME_IN_ADDL_TKT 0x00020000 #define KDC_OPT_CANONICALIZE 0x00010000 /* #define KDC_OPT_RESERVED 0x00008000 */ /* #define KDC_OPT_RESERVED 0x00004000 */ @@ -823,10 +838,10 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum /* #define AP_OPTS_RESERVED 0x00000010 */ /* #define AP_OPTS_RESERVED 0x00000008 */ /* #define AP_OPTS_RESERVED 0x00000004 */ -/* #define AP_OPTS_RESERVED 0x00000002 */ -#define AP_OPTS_USE_SUBKEY 0x00000001 +#define AP_OPTS_ETYPE_NEGOTIATION 0x00000002 +#define AP_OPTS_USE_SUBKEY 0x00000001 -#define AP_OPTS_WIRE_MASK 0xfffffff0 +#define AP_OPTS_WIRE_MASK 0xfffffff0 /* definitions for ad_type fields. */ #define AD_TYPE_RESERVED 0x8000 @@ -876,13 +891,6 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum #define LR_TYPE_INTERPRETATION_MASK 0x7fff -/* definitions for ad_type fields. */ -#define AD_TYPE_EXTERNAL 0x4000 -#define AD_TYPE_REGISTERED 0x2000 - -#define AD_TYPE_FIELD_TYPE_MASK 0x1fff -#define AD_TYPE_INTERNAL_MASK 0x3fff - /* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */ #define MSEC_DIRBIT 0x8000 #define MSEC_VAL_MASK 0x7fff @@ -950,12 +958,15 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum #define KRB5_PADATA_PK_AS_REP 17 /* PKINIT */ #define KRB5_PADATA_ETYPE_INFO2 19 #define KRB5_PADATA_USE_SPECIFIED_KVNO 20 +#define KRB5_PADATA_SVR_REFERRAL_INFO 20 /* Windows 2000 referrals */ #define KRB5_PADATA_SAM_REDIRECT 21 #define KRB5_PADATA_GET_FROM_TYPED_DATA 22 #define KRB5_PADATA_REFERRAL 25 /* draft referral system */ #define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */ #define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */ - +#define KRB5_PADATA_PAC_REQUEST 128 /* include Windows PAC */ +#define KRB5_PADATA_FOR_USER 129 /* username protocol transition request */ +#define KRB5_PADATA_S4U_X509_USER 130 /* certificate protocol transition request */ #define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 #define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 #define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */ @@ -977,6 +988,8 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum #define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS 9 #define KRB5_AUTHDATA_OSF_DCE 64 #define KRB5_AUTHDATA_SESAME 65 +#define KRB5_AUTHDATA_WIN2K_PAC 128 +#define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */ /* password change constants */ @@ -1129,6 +1142,7 @@ typedef struct _krb5_enc_kdc_rep_part { krb5_principal server; /* server's principal identifier */ krb5_address **caddrs; /* array of ptrs to addresses, optional */ + krb5_pa_data **enc_padata; /* Windows 2000 compat */ } krb5_enc_kdc_rep_part; typedef struct _krb5_kdc_rep { @@ -1230,6 +1244,27 @@ typedef struct _krb5_pwd_data { } krb5_pwd_data; /* these need to be here so the typedefs are available for the prototypes */ +/* + * Note for Windows 2000 compatibility this is encoded + * in the enc_padata field of the krb5_enc_kdc_rep_part. + */ +typedef struct _krb5_pa_svr_referral_data { + /* Referred name, only realm is required */ + krb5_principal principal; +} krb5_pa_svr_referral_data; + +typedef struct _krb5_pa_server_referral_data { + krb5_data *referred_realm; + krb5_principal true_principal_name; + krb5_principal requested_principal_name; + krb5_timestamp referral_valid_until; + krb5_checksum rep_cksum; +} krb5_pa_server_referral_data; + +typedef struct _krb5_pa_pac_req { + /* TRUE if a PAC should be included in TGS-REP */ + krb5_boolean include_pac; +} krb5_pa_pac_req; /* * begin "safepriv.h" @@ -1495,6 +1530,7 @@ void KRB5_CALLCONV krb5_free_tgt_creds #define KRB5_GC_USER_USER 1 /* want user-user ticket */ #define KRB5_GC_CACHED 2 /* want cached ticket only */ +#define KRB5_GC_CANONICALIZE 4 /* set canonicalize KDC option */ krb5_error_code KRB5_CALLCONV krb5_get_credentials (krb5_context, @@ -1534,11 +1570,20 @@ krb5_error_code KRB5_CALLCONV krb5_mk_rep (krb5_context, krb5_auth_context, krb5_data *); +krb5_error_code KRB5_CALLCONV krb5_mk_rep_dce + (krb5_context, + krb5_auth_context, + krb5_data *); krb5_error_code KRB5_CALLCONV krb5_rd_rep (krb5_context, krb5_auth_context, const krb5_data *, krb5_ap_rep_enc_part **); +krb5_error_code KRB5_CALLCONV krb5_rd_rep_dce + (krb5_context, + krb5_auth_context, + const krb5_data *, + krb5_ui_4 *); krb5_error_code KRB5_CALLCONV krb5_mk_error (krb5_context, const krb5_error *, @@ -1563,6 +1608,14 @@ krb5_error_code KRB5_CALLCONV krb5_parse_name (krb5_context, const char *, krb5_principal * ); +#define KRB5_PRINCIPAL_PARSE_NO_REALM 0x1 +#define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM 0x2 +#define KRB5_PRINCIPAL_PARSE_ENTERPRISE 0x4 +krb5_error_code KRB5_CALLCONV krb5_parse_name_flags + (krb5_context, + const char *, + int, + krb5_principal * ); krb5_error_code KRB5_CALLCONV krb5_unparse_name (krb5_context, krb5_const_principal, @@ -1572,6 +1625,20 @@ krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext krb5_const_principal, char **, unsigned int *); +#define KRB5_PRINCIPAL_UNPARSE_SHORT 0x1 +#define KRB5_PRINCIPAL_UNPARSE_NO_REALM 0x2 +#define KRB5_PRINCIPAL_UNPARSE_DISPLAY 0x4 +krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags + (krb5_context, + krb5_const_principal, + int, + char **); +krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags_ext + (krb5_context, + krb5_const_principal, + int, + char **, + unsigned int *); krb5_error_code KRB5_CALLCONV krb5_set_principal_realm (krb5_context, krb5_principal, const char *); @@ -1596,6 +1663,20 @@ krb5_boolean KRB5_CALLCONV krb5_principal_compare (krb5_context, krb5_const_principal, krb5_const_principal); +krb5_boolean KRB5_CALLCONV krb5_principal_compare_any_realm + (krb5_context, + krb5_const_principal, + krb5_const_principal); +#define KRB5_PRINCIPAL_COMPARE_IGNORE_REALM 1 +#define KRB5_PRINCIPAL_COMPARE_ENTERPRISE 2 /* compare UPNs as real principals */ +#define KRB5_PRINCIPAL_COMPARE_CASEFOLD 4 /* case-insensitive comparison */ +#define KRB5_PRINCIPAL_COMPARE_UTF8 8 /* treat principals as UTF-8 */ + +krb5_boolean KRB5_CALLCONV krb5_principal_compare_flags + (krb5_context, + krb5_const_principal, + krb5_const_principal, + int); krb5_error_code KRB5_CALLCONV krb5_init_keyblock (krb5_context, krb5_enctype enctype, size_t length, krb5_keyblock **out); @@ -2199,6 +2280,7 @@ typedef struct _krb5_get_init_creds_opt { #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 #define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100 +#define KRB5_GET_INIT_CREDS_OPT_CANONICALIZE 0x0200 krb5_error_code KRB5_CALLCONV @@ -2236,6 +2318,11 @@ krb5_get_init_creds_opt_set_proxiable int proxiable); void KRB5_CALLCONV +krb5_get_init_creds_opt_set_canonicalize +(krb5_get_init_creds_opt *opt, + int canonicalize); + +void KRB5_CALLCONV krb5_get_init_creds_opt_set_etype_list (krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, @@ -2412,6 +2499,69 @@ krb5_free_error_message (krb5_context, const char *); void KRB5_CALLCONV krb5_clear_error_message (krb5_context); +krb5_error_code KRB5_CALLCONV +krb5_decode_authdata_container(krb5_context context, + krb5_authdatatype type, + const krb5_authdata *container, + krb5_authdata ***authdata); +krb5_error_code KRB5_CALLCONV +krb5_encode_authdata_container(krb5_context context, + krb5_authdatatype type, + krb5_authdata * const*authdata, + krb5_authdata ***container); + +/* + * Windows PAC + */ +struct krb5_pac_data; +typedef struct krb5_pac_data *krb5_pac; + +krb5_error_code KRB5_CALLCONV +krb5_pac_add_buffer +(krb5_context context, + krb5_pac pac, + krb5_ui_4 type, + const krb5_data *data); + +void KRB5_CALLCONV +krb5_pac_free +(krb5_context context, + krb5_pac pac); + +krb5_error_code KRB5_CALLCONV +krb5_pac_get_buffer +(krb5_context context, + krb5_pac pac, + krb5_ui_4 type, + krb5_data *data); + +krb5_error_code KRB5_CALLCONV +krb5_pac_get_types +(krb5_context context, + krb5_pac pac, + size_t *len, + krb5_ui_4 **types); + +krb5_error_code KRB5_CALLCONV +krb5_pac_init +(krb5_context context, + krb5_pac *pac); + +krb5_error_code KRB5_CALLCONV +krb5_pac_parse +(krb5_context context, + const void *ptr, + size_t len, + krb5_pac *pac); + +krb5_error_code KRB5_CALLCONV +krb5_pac_verify +(krb5_context context, + const krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal, + const krb5_keyblock *server, + const krb5_keyblock *privsvr); #if TARGET_OS_MAC # pragma pack(pop) |