--- /dev/null
+#ifndef _MIT_INTERNALS_H_
+#define _MIT_INTERNALS_H_
+
+/* must be included after krb5.h to override definitons from there */
+
+/*
+ * MIT Kerberos 1.3.x replay cache implementation causes major problems
+ * with Microsoft Kerberos5 implementation by incorrectly detecting
+ * Microsoft authenticators as replays. The problem is being worked on
+ * by both MIT and Microsoft but until a definite fix is available, we
+ * must disable the replay cache in order to work with Microsoft clients.
+ * The only working way to do this seems to be overriding the function
+ * that stores authenticators in replay cache with one that does nothing.
+ * Note that disabling replay cache is potentially unsecure.
+ */
+
+/* Definition from MIT krb5-1.3.3 krb5.h */
+typedef struct _krb5_donot_replay {
+ krb5_magic magic;
+ char *server; /* null-terminated */
+ char *client; /* null-terminated */
+ krb5_int32 cusec;
+ krb5_timestamp ctime;
+} krb5_donot_replay;
+
+/* Definitions from MIT krb5-1.3.3 k5-int.h */
+struct _krb5_rc_ops {
+ krb5_magic magic;
+ char *type;
+ krb5_error_code (KRB5_CALLCONV *init)
+ (krb5_context, krb5_rcache,krb5_deltat); /* create */
+ krb5_error_code (KRB5_CALLCONV *recover)
+ (krb5_context, krb5_rcache); /* open */
+ krb5_error_code (KRB5_CALLCONV *destroy)
+ (krb5_context, krb5_rcache);
+ krb5_error_code (KRB5_CALLCONV *close)
+ (krb5_context, krb5_rcache);
+ krb5_error_code (KRB5_CALLCONV *store)
+ (krb5_context, krb5_rcache,krb5_donot_replay *);
+ krb5_error_code (KRB5_CALLCONV *expunge)
+ (krb5_context, krb5_rcache);
+ krb5_error_code (KRB5_CALLCONV *get_span)
+ (krb5_context, krb5_rcache,krb5_deltat *);
+ char *(KRB5_CALLCONV *get_name)
+ (krb5_context, krb5_rcache);
+ krb5_error_code (KRB5_CALLCONV *resolve)
+ (krb5_context, krb5_rcache, char *);
+};
+
+typedef struct _krb5_rc_ops krb5_rc_ops;
+
+/* Definitions from MIT krb5-1.3.3 rc_dfl.h */
+extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_init
+ (krb5_context,
+ krb5_rcache,
+ krb5_deltat);
+extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover
+ (krb5_context,
+ krb5_rcache);
+extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_destroy
+ (krb5_context,
+ krb5_rcache);
+extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_close
+ (krb5_context,
+ krb5_rcache);
+extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_expunge
+ (krb5_context,
+ krb5_rcache);
+extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_get_span
+ (krb5_context,
+ krb5_rcache,
+ krb5_deltat *);
+extern char * KRB5_CALLCONV krb5_rc_dfl_get_name
+ (krb5_context,
+ krb5_rcache);
+extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_resolve
+ (krb5_context,
+ krb5_rcache,
+ char *);
+
+/* Definition from MIT krb5-1.3.3 k5-int.h */
+/* kouril: use the _internal suffix in order to avoid conflicts with
+ * the definition in krb5.h */
+struct krb5_rc_st_internal {
+ krb5_magic magic;
+ const struct _krb5_rc_ops *ops;
+ krb5_pointer data;
+};
+
+typedef struct krb5_rc_st_internal *krb5_rcache_internal;
+
+/* Definitions from MIT krb5-1.3.3 gssapiP_krb5.h */
+typedef struct _krb5_gss_cred_id_rec {
+ /* name/type of credential */
+ gss_cred_usage_t usage;
+ krb5_principal princ; /* this is not interned as a gss_name_t */
+ int prerfc_mech;
+ int rfc_mech;
+
+ /* keytab (accept) data */
+ krb5_keytab keytab;
+ krb5_rcache_internal rcache;
+
+ /* ccache (init) data */
+ krb5_ccache ccache;
+ krb5_timestamp tgt_expire;
+} krb5_gss_cred_id_rec, *krb5_gss_cred_id_t;
+
+#endif _MIT_INTERNALS_H_
projects / mod_auth_kerb.cvs / .git / commitdiff