aboutsummaryrefslogtreecommitdiff
path: root/src/include/krb5/krb5.hin
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/krb5/krb5.hin')
-rw-r--r--src/include/krb5/krb5.hin184
1 files changed, 167 insertions, 17 deletions
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index accde60..c0fdcd2 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -244,17 +244,29 @@ typedef krb5_principal_data * krb5_principal;
*/
/* Name type not known */
-#define KRB5_NT_UNKNOWN 0
+#define KRB5_NT_UNKNOWN 0
/* Just the name of the principal as in DCE, or for users */
-#define KRB5_NT_PRINCIPAL 1
+#define KRB5_NT_PRINCIPAL 1
/* Service and other unique instance (krbtgt) */
-#define KRB5_NT_SRV_INST 2
+#define KRB5_NT_SRV_INST 2
/* Service with host name as instance (telnet, rcommands) */
-#define KRB5_NT_SRV_HST 3
+#define KRB5_NT_SRV_HST 3
/* Service with host as remaining components */
-#define KRB5_NT_SRV_XHST 4
+#define KRB5_NT_SRV_XHST 4
/* Unique ID */
-#define KRB5_NT_UID 5
+#define KRB5_NT_UID 5
+/* PKINIT */
+#define KRB5_NT_X500_PRINCIPAL 6
+/* Name in form of SMTP email name */
+#define KRB5_NT_SMTP_NAME 7
+/* Windows 2000 UPN */
+#define KRB5_NT_ENTERPRISE_PRINCIPAL 10
+/* Windows 2000 UPN and SID */
+#define KRB5_NT_MS_PRINCIPAL -128
+/* NT 4 style name */
+#define KRB5_NT_MS_PRINCIPAL_AND_ID -129
+/* NT 4 style name and SID */
+#define KRB5_NT_ENT_PRINCIPAL_AND_ID -130
/* constant version thereof: */
typedef const krb5_principal_data *krb5_const_principal;
@@ -303,6 +315,7 @@ typedef struct _krb5_address {
#define ADDRTYPE_XNS 0x0006
#define ADDRTYPE_ISO 0x0007
#define ADDRTYPE_DDP 0x0010
+#define ADDRTYPE_NETBIOS 0x0014
#define ADDRTYPE_INET6 0x0018
/* not yet in the spec... */
#define ADDRTYPE_ADDRPORT 0x0100
@@ -402,6 +415,7 @@ typedef struct _krb5_crypto_iov {
#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c
#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f
#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010
+#define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/
#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
/* The following are entropy source designations. Whenever
@@ -763,6 +777,7 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum
/* #define KDC_OPT_RESERVED 0x00080000 */
/* #define KDC_OPT_RESERVED 0x00040000 */
#define KDC_OPT_REQUEST_ANONYMOUS 0x00020000
+#define KDC_OPT_CNAME_IN_ADDL_TKT 0x00020000
#define KDC_OPT_CANONICALIZE 0x00010000
/* #define KDC_OPT_RESERVED 0x00008000 */
/* #define KDC_OPT_RESERVED 0x00004000 */
@@ -823,10 +838,10 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum
/* #define AP_OPTS_RESERVED 0x00000010 */
/* #define AP_OPTS_RESERVED 0x00000008 */
/* #define AP_OPTS_RESERVED 0x00000004 */
-/* #define AP_OPTS_RESERVED 0x00000002 */
-#define AP_OPTS_USE_SUBKEY 0x00000001
+#define AP_OPTS_ETYPE_NEGOTIATION 0x00000002
+#define AP_OPTS_USE_SUBKEY 0x00000001
-#define AP_OPTS_WIRE_MASK 0xfffffff0
+#define AP_OPTS_WIRE_MASK 0xfffffff0
/* definitions for ad_type fields. */
#define AD_TYPE_RESERVED 0x8000
@@ -876,13 +891,6 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum
#define LR_TYPE_INTERPRETATION_MASK 0x7fff
-/* definitions for ad_type fields. */
-#define AD_TYPE_EXTERNAL 0x4000
-#define AD_TYPE_REGISTERED 0x2000
-
-#define AD_TYPE_FIELD_TYPE_MASK 0x1fff
-#define AD_TYPE_INTERNAL_MASK 0x3fff
-
/* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */
#define MSEC_DIRBIT 0x8000
#define MSEC_VAL_MASK 0x7fff
@@ -950,12 +958,15 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum
#define KRB5_PADATA_PK_AS_REP 17 /* PKINIT */
#define KRB5_PADATA_ETYPE_INFO2 19
#define KRB5_PADATA_USE_SPECIFIED_KVNO 20
+#define KRB5_PADATA_SVR_REFERRAL_INFO 20 /* Windows 2000 referrals */
#define KRB5_PADATA_SAM_REDIRECT 21
#define KRB5_PADATA_GET_FROM_TYPED_DATA 22
#define KRB5_PADATA_REFERRAL 25 /* draft referral system */
#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */
#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */
-
+#define KRB5_PADATA_PAC_REQUEST 128 /* include Windows PAC */
+#define KRB5_PADATA_FOR_USER 129 /* username protocol transition request */
+#define KRB5_PADATA_S4U_X509_USER 130 /* certificate protocol transition request */
#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000
#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000
#define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */
@@ -977,6 +988,8 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum
#define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS 9
#define KRB5_AUTHDATA_OSF_DCE 64
#define KRB5_AUTHDATA_SESAME 65
+#define KRB5_AUTHDATA_WIN2K_PAC 128
+#define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */
/* password change constants */
@@ -1129,6 +1142,7 @@ typedef struct _krb5_enc_kdc_rep_part {
krb5_principal server; /* server's principal identifier */
krb5_address **caddrs; /* array of ptrs to addresses,
optional */
+ krb5_pa_data **enc_padata; /* Windows 2000 compat */
} krb5_enc_kdc_rep_part;
typedef struct _krb5_kdc_rep {
@@ -1230,6 +1244,27 @@ typedef struct _krb5_pwd_data {
} krb5_pwd_data;
/* these need to be here so the typedefs are available for the prototypes */
+/*
+ * Note for Windows 2000 compatibility this is encoded
+ * in the enc_padata field of the krb5_enc_kdc_rep_part.
+ */
+typedef struct _krb5_pa_svr_referral_data {
+ /* Referred name, only realm is required */
+ krb5_principal principal;
+} krb5_pa_svr_referral_data;
+
+typedef struct _krb5_pa_server_referral_data {
+ krb5_data *referred_realm;
+ krb5_principal true_principal_name;
+ krb5_principal requested_principal_name;
+ krb5_timestamp referral_valid_until;
+ krb5_checksum rep_cksum;
+} krb5_pa_server_referral_data;
+
+typedef struct _krb5_pa_pac_req {
+ /* TRUE if a PAC should be included in TGS-REP */
+ krb5_boolean include_pac;
+} krb5_pa_pac_req;
/*
* begin "safepriv.h"
@@ -1495,6 +1530,7 @@ void KRB5_CALLCONV krb5_free_tgt_creds
#define KRB5_GC_USER_USER 1 /* want user-user ticket */
#define KRB5_GC_CACHED 2 /* want cached ticket only */
+#define KRB5_GC_CANONICALIZE 4 /* set canonicalize KDC option */
krb5_error_code KRB5_CALLCONV krb5_get_credentials
(krb5_context,
@@ -1534,11 +1570,20 @@ krb5_error_code KRB5_CALLCONV krb5_mk_rep
(krb5_context,
krb5_auth_context,
krb5_data *);
+krb5_error_code KRB5_CALLCONV krb5_mk_rep_dce
+ (krb5_context,
+ krb5_auth_context,
+ krb5_data *);
krb5_error_code KRB5_CALLCONV krb5_rd_rep
(krb5_context,
krb5_auth_context,
const krb5_data *,
krb5_ap_rep_enc_part **);
+krb5_error_code KRB5_CALLCONV krb5_rd_rep_dce
+ (krb5_context,
+ krb5_auth_context,
+ const krb5_data *,
+ krb5_ui_4 *);
krb5_error_code KRB5_CALLCONV krb5_mk_error
(krb5_context,
const krb5_error *,
@@ -1563,6 +1608,14 @@ krb5_error_code KRB5_CALLCONV krb5_parse_name
(krb5_context,
const char *,
krb5_principal * );
+#define KRB5_PRINCIPAL_PARSE_NO_REALM 0x1
+#define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM 0x2
+#define KRB5_PRINCIPAL_PARSE_ENTERPRISE 0x4
+krb5_error_code KRB5_CALLCONV krb5_parse_name_flags
+ (krb5_context,
+ const char *,
+ int,
+ krb5_principal * );
krb5_error_code KRB5_CALLCONV krb5_unparse_name
(krb5_context,
krb5_const_principal,
@@ -1572,6 +1625,20 @@ krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext
krb5_const_principal,
char **,
unsigned int *);
+#define KRB5_PRINCIPAL_UNPARSE_SHORT 0x1
+#define KRB5_PRINCIPAL_UNPARSE_NO_REALM 0x2
+#define KRB5_PRINCIPAL_UNPARSE_DISPLAY 0x4
+krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags
+ (krb5_context,
+ krb5_const_principal,
+ int,
+ char **);
+krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags_ext
+ (krb5_context,
+ krb5_const_principal,
+ int,
+ char **,
+ unsigned int *);
krb5_error_code KRB5_CALLCONV krb5_set_principal_realm
(krb5_context, krb5_principal, const char *);
@@ -1596,6 +1663,20 @@ krb5_boolean KRB5_CALLCONV krb5_principal_compare
(krb5_context,
krb5_const_principal,
krb5_const_principal);
+krb5_boolean KRB5_CALLCONV krb5_principal_compare_any_realm
+ (krb5_context,
+ krb5_const_principal,
+ krb5_const_principal);
+#define KRB5_PRINCIPAL_COMPARE_IGNORE_REALM 1
+#define KRB5_PRINCIPAL_COMPARE_ENTERPRISE 2 /* compare UPNs as real principals */
+#define KRB5_PRINCIPAL_COMPARE_CASEFOLD 4 /* case-insensitive comparison */
+#define KRB5_PRINCIPAL_COMPARE_UTF8 8 /* treat principals as UTF-8 */
+
+krb5_boolean KRB5_CALLCONV krb5_principal_compare_flags
+ (krb5_context,
+ krb5_const_principal,
+ krb5_const_principal,
+ int);
krb5_error_code KRB5_CALLCONV krb5_init_keyblock
(krb5_context, krb5_enctype enctype,
size_t length, krb5_keyblock **out);
@@ -2199,6 +2280,7 @@ typedef struct _krb5_get_init_creds_opt {
#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
#define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100
+#define KRB5_GET_INIT_CREDS_OPT_CANONICALIZE 0x0200
krb5_error_code KRB5_CALLCONV
@@ -2236,6 +2318,11 @@ krb5_get_init_creds_opt_set_proxiable
int proxiable);
void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_canonicalize
+(krb5_get_init_creds_opt *opt,
+ int canonicalize);
+
+void KRB5_CALLCONV
krb5_get_init_creds_opt_set_etype_list
(krb5_get_init_creds_opt *opt,
krb5_enctype *etype_list,
@@ -2412,6 +2499,69 @@ krb5_free_error_message (krb5_context, const char *);
void KRB5_CALLCONV
krb5_clear_error_message (krb5_context);
+krb5_error_code KRB5_CALLCONV
+krb5_decode_authdata_container(krb5_context context,
+ krb5_authdatatype type,
+ const krb5_authdata *container,
+ krb5_authdata ***authdata);
+krb5_error_code KRB5_CALLCONV
+krb5_encode_authdata_container(krb5_context context,
+ krb5_authdatatype type,
+ krb5_authdata * const*authdata,
+ krb5_authdata ***container);
+
+/*
+ * Windows PAC
+ */
+struct krb5_pac_data;
+typedef struct krb5_pac_data *krb5_pac;
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_add_buffer
+(krb5_context context,
+ krb5_pac pac,
+ krb5_ui_4 type,
+ const krb5_data *data);
+
+void KRB5_CALLCONV
+krb5_pac_free
+(krb5_context context,
+ krb5_pac pac);
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_get_buffer
+(krb5_context context,
+ krb5_pac pac,
+ krb5_ui_4 type,
+ krb5_data *data);
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_get_types
+(krb5_context context,
+ krb5_pac pac,
+ size_t *len,
+ krb5_ui_4 **types);
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_init
+(krb5_context context,
+ krb5_pac *pac);
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_parse
+(krb5_context context,
+ const void *ptr,
+ size_t len,
+ krb5_pac *pac);
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_verify
+(krb5_context context,
+ const krb5_pac pac,
+ krb5_timestamp authtime,
+ krb5_const_principal principal,
+ const krb5_keyblock *server,
+ const krb5_keyblock *privsvr);
#if TARGET_OS_MAC
# pragma pack(pop)
generated by cgit v1.1 at 2024-08-02 08:06:50 +0000