PSARC 2006/027 Open Kerberos APIs

6381288 we should expose the krb5 api
author: gtb <none@none> 2006-04-07 14:00:07 -0700
committer: gtb <none@none> 2006-04-07 14:00:07 -0700
commit: 10db1377dafab8ba3feedef26db9c5d8539a5cd1 (patch)
tree: dd10e8021cd240a1c6f61f33a7c7878625ff240c /usr/src/uts/common/gssapi
parent: 48451833426400c4caea45c906663fcdc96fa797 (diff)
download: illumos-gate-10db1377dafab8ba3feedef26db9c5d8539a5cd1.tar.gz
2 files changed, 88 insertions, 7 deletions
diff --git a/usr/src/uts/common/gssapi/mechs/krb5/include/k5-int.h b/usr/src/uts/common/gssapi/mechs/krb5/include/k5-int.h
index b9e3372f7d..84b1a0adc7 100644
--- a/usr/src/uts/common/gssapi/mechs/krb5/include/k5-int.h
+++ b/usr/src/uts/common/gssapi/mechs/krb5/include/k5-int.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -680,6 +680,25 @@ extern int krb5int_grow_addrlist (struct addrlist *, int);
 extern int krb5int_add_host_to_list (struct addrlist *, const char *,
 			int, int, int, int);
 
+krb5_error_code
+krb5int_locate_server (krb5_context,
+		       const krb5_data *realm,
+		       struct addrlist *,
+		       /* Only meaningful for kdc, really...  */
+		       int want_masters,
+		       /* look up [realms]->$realm->$name in krb5.conf */
+		       const char *profilename,
+		       /* SRV record lookup */
+		       const char *dnsname,
+		       int is_stream_service,
+		       /* Port numbers, in network order!  For profile
+			  version only, DNS code gets port numbers
+			  itself.  Use 0 for dflport2 if there's no
+			  secondary port (most common, except kdc
+			  case).  */
+		       int dflport1, int dflport2,
+		       int family);
+
 #endif /* _KERNEL */
 
 #endif /* KRB5_LIBOS_PROTO__ */
@@ -1611,6 +1630,9 @@ krb5_error_code encode_krb5_enc_sam_response_enc_2
 krb5_error_code encode_krb5_sam_response_2
 	(const krb5_sam_response_2 * , krb5_data **);
 
+krb5_error_code encode_krb5_setpw_req
+        (const krb5_principal target, char *password, krb5_data **code);
+
 /*************************************************************************
  * End of prototypes for krb5_encode.c
  *************************************************************************/
diff --git a/usr/src/uts/common/gssapi/mechs/krb5/include/krb5.h b/usr/src/uts/common/gssapi/mechs/krb5/include/krb5.h
index fdb2e7654a..a49e204c12 100644
--- a/usr/src/uts/common/gssapi/mechs/krb5/include/krb5.h
+++ b/usr/src/uts/common/gssapi/mechs/krb5/include/krb5.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -158,9 +158,9 @@
 
 /*
  * Solaris Kerberos:
- *   KRB5_OLD_CRYPTO is not needed or supported anymore.
+ *   Samba needs a couple of these interfaces so old crypto is enabled.
  */
-/* #define KRB5_OLD_CRYPTO */
+#define KRB5_OLD_CRYPTO
 
 
 #ifndef KRB5INT_BEGIN_DECLS 
@@ -658,9 +658,28 @@ krb5_boolean KRB5_CALLCONV is_keyed_cksum
         (krb5_cksumtype ctype);
 #endif
 
-/* #ifdef KRB5_OLD_CRYPTO
- * this mit block removed for Solaris Kerberos
-#endif KRB5_OLD_CRYPTO */
+
+#ifdef KRB5_OLD_CRYPTO
+/*
+ * old cryptosystem routine prototypes.  These are now layered
+ * on top of the functions above.
+ */
+krb5_error_code KRB5_CALLCONV krb5_use_enctype
+        (krb5_context context,
+                krb5_encrypt_block * eblock,
+                krb5_enctype enctype);
+
+krb5_error_code KRB5_CALLCONV krb5_string_to_key
+        (krb5_context context,
+                const krb5_encrypt_block * eblock,
+                krb5_keyblock * keyblock,
+                const krb5_data * data,
+                const krb5_data * salt);
+
+size_t KRB5_CALLCONV krb5_checksum_size
+	(krb5_context context,
+		krb5_cksumtype ctype);
+#endif /* KRB5_OLD_CRYPTO */
 
 /*
  * end "encryption.h"
@@ -1560,6 +1579,46 @@ krb5_error_code KRB5_CALLCONV  krb5_init_keyblock
 		 * It is legal to pass in a length of 0, in which
 		 * case contents are left unallocated.
 		 */
+
+/*
+ * Solaris Kerberos
+ * Start - keyblock API (MIT will ship this also in a future release)
+ */
+/*
+ * Similiar to krb5_init_keyblock but this routine expects the
+ * keyblock to already be allocated.
+ */
+krb5_error_code KRB5_CALLCONV krb5_init_allocated_keyblock
+        (krb5_context,
+	        krb5_enctype,
+	        unsigned int,
+                krb5_keyblock *);
+
+krb5_enctype KRB5_CALLCONV krb5_get_key_enctype
+        (krb5_keyblock *);
+
+unsigned int KRB5_CALLCONV krb5_get_key_length
+        (krb5_keyblock *);
+
+krb5_octet KRB5_CALLCONV *krb5_get_key_data
+        (krb5_keyblock *);
+
+void KRB5_CALLCONV krb5_set_key_enctype
+        (krb5_keyblock *,
+                 krb5_enctype);
+
+void KRB5_CALLCONV krb5_set_key_data
+        (krb5_keyblock *,
+                 krb5_octet *);
+
+void KRB5_CALLCONV krb5_set_key_length
+        (krb5_keyblock *,
+                 unsigned int);
+/*
+ * Solaris Kerberos
+ * End - keyblock API
+ */
+
 krb5_error_code KRB5_CALLCONV krb5_copy_keyblock
 	(krb5_context,
 		const krb5_keyblock *,
author	gtb <none@none>	2006-04-07 14:00:07 -0700
committer	gtb <none@none>	2006-04-07 14:00:07 -0700
commit	10db1377dafab8ba3feedef26db9c5d8539a5cd1 (patch)
tree	dd10e8021cd240a1c6f61f33a7c7878625ff240c /usr/src/uts/common/gssapi
parent	48451833426400c4caea45c906663fcdc96fa797 (diff)
download	illumos-gate-10db1377dafab8ba3feedef26db9c5d8539a5cd1.tar.gz