1 /*
2  * Copyright 2003,2006,2007,2009,2011,2012 Red Hat, Inc.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, and the entire permission notice in its entirety,
9  *    including the disclaimer of warranties.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. The name of the author may not be used to endorse or promote
14  *    products derived from this software without specific prior
15  *    written permission.
16  *
17  * ALTERNATIVELY, this product may be distributed under the terms of the
18  * GNU Lesser General Public License, in which case the provisions of the
19  * LGPL are required INSTEAD OF the above restrictions.
20  *
21  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
22  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
23  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
24  * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
27  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
28  * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 #ifndef pam_krb5_v5_h
34 #define pam_krb5_v5_h
35 
36 #include "options.h"
37 #include "stash.h"
38 #include "userinfo.h"
39 
40 #define PAM_KRB5_PRINCIPAL_COMPONENT_SEPARATORS ",/@"
41 
42 int v5_get_creds(krb5_context ctx,
43 		 pam_handle_t *pamh,
44 		 krb5_ccache *ccache,
45 		 krb5_ccache *armor_ccache,
46 		 const char *user,
47 		 struct _pam_krb5_user_info *userinfo,
48 		 struct _pam_krb5_options *options,
49 		 char *service,
50 		 char *password,
51 		 krb5_get_init_creds_opt *gic_options,
52 		 krb5_error_code prompter(krb5_context,
53 					  void *,
54 					  const char *,
55 					  const char *,
56 					  int,
57 					  krb5_prompt[]),
58 		 int *expired,
59 		 int *result);
60 
61 int v5_save_for_user(krb5_context ctx,
62 		     struct _pam_krb5_stash *stash,
63 		     const char *user,
64 		     struct _pam_krb5_user_info *userinfo,
65 		     struct _pam_krb5_options *options,
66 		     const char **ccname);
67 int v5_save_for_kuserok(krb5_context ctx,
68 			struct _pam_krb5_stash *stash,
69 			const char *user,
70 			struct _pam_krb5_user_info *userinfo,
71 			struct _pam_krb5_options *options,
72 			const char **ccname);
73 void v5_destroy(krb5_context ctx, struct _pam_krb5_stash *stash,
74 	        struct _pam_krb5_options *options);
75 
76 krb5_error_code v5_ccache_has_tgt(krb5_context ctx, krb5_ccache ccache,
77 				  const char *tgs_realm, krb5_creds *creds);
78 krb5_error_code v5_ccache_has_pwc(krb5_context ctx, krb5_ccache ccache,
79 				  krb5_creds *creds);
80 krb5_error_code v5_cc_copy(krb5_context ctx, const char *tgt_realm,
81 			   krb5_ccache occache, krb5_ccache *nccache);
82 int v5_creds_check_initialized(krb5_context ctx, krb5_creds *creds);
83 int v5_creds_check_initialized_pwc(krb5_context ctx, krb5_creds *creds);
84 int v5_creds_get_etype(krb5_creds *creds);
85 void v5_creds_set_etype(krb5_context ctx, krb5_creds *creds, int etype);
86 krb5_keyblock *v5_creds_get_key(krb5_creds *creds);
87 int v5_enctype_to_string(krb5_context ctx, krb5_enctype enctype,
88 			 char *buf, size_t length);
89 
90 krb5_principal v5_ticket_get_client(krb5_ticket *ticket);
91 krb5_error_code v5_auth_con_setuserkey(krb5_context ctx,
92 				       krb5_auth_context auth_con,
93 				       krb5_keyblock *key);
94 
95 void v5_free_unparsed_name(krb5_context ctx, char *name);
96 void v5_free_default_realm(krb5_context ctx, char *realm);
97 void v5_appdefault_string(krb5_context context,
98 			  const char *realm,
99 			  const char *option,
100 			  const char *default_value,
101 			  char **ret_value);
102 void v5_appdefault_boolean(krb5_context context,
103 			   const char *realm,
104 			   const char *option,
105 			   krb5_boolean default_value,
106 			   krb5_boolean *ret_value);
107 
108 const char *v5_error_message(int error);
109 const char *v5_passwd_error_message(int error);
110 
111 int v5_set_principal_realm(krb5_context ctx, krb5_principal *principal,
112 			   const char *realm);
113 
114 int v5_cc_retrieve_match(void);
115 
116 krb5_keyblock *v5_creds_key(krb5_creds *creds);
117 int v5_creds_key_type(krb5_creds *creds);
118 int v5_creds_key_length(krb5_creds *creds);
119 const unsigned char *v5_creds_key_contents(krb5_creds *creds);
120 krb5_flags v5_creds_get_flags(krb5_creds *creds);
121 krb5_boolean v5_creds_get_is_skey(krb5_creds *creds);
122 int v5_creds_address_count(krb5_creds *creds);
123 int v5_creds_address_type(krb5_creds *creds, int i);
124 int v5_creds_address_length(krb5_creds *creds, int i);
125 const unsigned char *v5_creds_address_contents(krb5_creds *creds, int i);
126 int v5_creds_authdata_count(krb5_creds *creds);
127 int v5_creds_authdata_type(krb5_creds *creds, int i);
128 int v5_creds_authdata_length(krb5_creds *creds, int i);
129 const unsigned char *v5_creds_authdata_contents(krb5_creds *creds, int i);
130 int v5_princ_component_count(krb5_principal princ);
131 int v5_princ_component_type(krb5_principal princ, int i);
132 int v5_princ_component_length(krb5_principal princ, int i);
133 const char *v5_princ_component_contents(krb5_principal princ, int i);
134 int v5_princ_realm_length(krb5_principal princ);
135 const char *v5_princ_realm_contents(krb5_principal princ);
136 
137 krb5_error_code v5_parse_name(krb5_context ctx,
138 			      struct _pam_krb5_options *options,
139 			      const char *name,
140 			      krb5_principal *principal);
141 krb5_error_code v5_alloc_get_init_creds_opt(krb5_context ctx,
142 					    krb5_get_init_creds_opt **opt);
143 void v5_free_get_init_creds_opt(krb5_context ctx,
144 				krb5_get_init_creds_opt *opt);
145 char *v5_user_info_subst(krb5_context ctx,
146 			 const char *user,
147 			 struct _pam_krb5_user_info *userinfo,
148 			 struct _pam_krb5_options *options,
149 			 const char *template_value);
150 int v5_change_password(krb5_context ctx, krb5_creds *creds, char *password,
151 		       int *result_code, krb5_data *result_code_string,
152 		       krb5_data *result_string);
153 #endif
154