/* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ #ifndef _GSSAPIP_KRB5_H_ #define _GSSAPIP_KRB5_H_ /* * $Id$ */ #include #include /* work around sunos braindamage */ #ifdef major #undef major #endif #ifdef minor #undef minor #endif #ifndef macintosh #include "../generic/gssapiP_generic.h" #else #include "gssapiP_generic.h" #endif /* The include of gssapi_krb5.h will dtrt with the above #defines in * effect. */ #include "gssapi_krb5.h" #include "gssapi_err_krb5.h" /** constants **/ #define CKSUMTYPE_KG_CB 0x8003 #define KG_TOK_CTX_AP_REQ 0x0100 #define KG_TOK_CTX_AP_REP 0x0200 #define KG_TOK_CTX_ERROR 0x0300 #define KG_TOK_SIGN_MSG 0x0101 #define KG_TOK_SEAL_MSG 0x0201 #define KG_TOK_MIC_MSG 0x0101 #define KG_TOK_WRAP_MSG 0x0201 #define KG_TOK_DEL_CTX 0x0102 #define KG_IMPLFLAGS(x) (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | \ GSS_C_TRANS_FLAG | GSS_C_PROT_READY_FLAG | \ ((x) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \ GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG))) #define KG2_TOK_INITIAL 0x0101 #define KG2_TOK_RESPONSE 0x0202 #define KG2_TOK_MIC 0x0303 #define KG2_TOK_WRAP_INTEG 0x0404 #define KG2_TOK_WRAP_PRIV 0x0505 #define KRB5_GSS_FOR_CREDS_OPTION 1 #define KG2_RESP_FLAG_ERROR 0x0001 #define KG2_RESP_FLAG_DELEG_OK 0x0002 /** internal types **/ typedef krb5_principal krb5_gss_name_t; typedef struct _krb5_gss_cred_id_rec { /* name/type of credential */ gss_cred_usage_t usage; krb5_principal princ; /* this is not interned as a gss_name_t */ int prerfc_mech; int rfc_mech; int rfcv2_mech; /* keytab (accept) data */ krb5_keytab keytab; krb5_rcache rcache; /* ccache (init) data */ krb5_ccache ccache; krb5_timestamp tgt_expire; } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; typedef struct _krb5_gss_ctx_id_rec { int initiate; /* nonzero if initiating, zero if accepting */ OM_uint32 gss_flags; int seed_init; unsigned char seed[16]; krb5_principal here; krb5_principal there; krb5_keyblock *subkey; int signalg; int cksum_size; int sealalg; krb5_keyblock *enc; krb5_keyblock *seq; krb5_timestamp endtime; krb5_flags krb_flags; /* XXX these used to be signed. the old spec is inspecific, and the new spec specifies unsigned. I don't believe that the change affects the wire encoding. */ krb5_ui_4 seq_send; krb5_ui_4 seq_recv; void *seqstate; int established; int big_endian; krb5_auth_context auth_context; gss_OID_desc *mech_used; int gsskrb5_version; int nctypes; krb5_cksumtype *ctypes; } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t; extern void *kg_vdb; struct kg2_option { int option_id; /* set by caller */ int length; /* filled in by parser */ unsigned char *data; /* filled in by parser. points inside passed-in token, so nothing needs to be freed */ }; /* helper macros */ #define kg_save_name(name) g_save_name(&kg_vdb,name) #define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred) #define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx) #define kg_validate_name(name) g_validate_name(&kg_vdb,name) #define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred) #define kg_validate_ctx_id(ctx) g_validate_ctx_id(&kg_vdb,ctx) #define kg_delete_name(name) g_delete_name(&kg_vdb,name) #define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred) #define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx) /** helper functions **/ OM_uint32 kg_get_defcred PROTOTYPE((OM_uint32 *minor_status, gss_cred_id_t *cred)); OM_uint32 kg_release_defcred PROTOTYPE((OM_uint32 *minor_status)); krb5_error_code kg_checksum_channel_bindings PROTOTYPE((krb5_context context, gss_channel_bindings_t cb, krb5_checksum *cksum, int bigend)); krb5_error_code kg_make_seq_num PROTOTYPE((krb5_context context, krb5_keyblock *key, int direction, krb5_int32 seqnum, unsigned char *cksum, unsigned char *buf)); krb5_error_code kg_get_seq_num PROTOTYPE((krb5_context context, krb5_keyblock *key, unsigned char *cksum, unsigned char *buf, int *direction, krb5_int32 *seqnum)); krb5_error_code kg_make_seed PROTOTYPE((krb5_context context, krb5_keyblock *key, unsigned char *seed)); int kg_confounder_size PROTOTYPE((krb5_context context, krb5_keyblock *key)); krb5_error_code kg_make_confounder PROTOTYPE((krb5_context context, krb5_keyblock *key, unsigned char *buf)); int kg_encrypt_size PROTOTYPE((krb5_context context, krb5_keyblock *key, int n)); krb5_error_code kg_encrypt PROTOTYPE((krb5_context context, krb5_keyblock *key, krb5_pointer iv, krb5_pointer in, krb5_pointer out, int length)); krb5_error_code kg_decrypt PROTOTYPE((krb5_context context, krb5_keyblock *key, krb5_pointer iv, krb5_pointer in, krb5_pointer out, int length)); OM_uint32 kg_seal PROTOTYPE((krb5_context context, OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, int qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer, int toktype)); OM_uint32 kg_unseal PROTOTYPE((krb5_context context, OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_buffer_t input_token_buffer, gss_buffer_t message_buffer, int *conf_state, int *qop_state, int toktype)); OM_uint32 kg_seal_size PROTOTYPE((krb5_context context, OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, OM_uint32 output_size, OM_uint32 *input_size)); krb5_error_code kg_ctx_size PROTOTYPE((krb5_context kcontext, krb5_pointer arg, size_t *sizep)); krb5_error_code kg_ctx_externalize PROTOTYPE((krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)); krb5_error_code kg_ctx_internalize PROTOTYPE((krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)); OM_uint32 kg_get_context PROTOTYPE((OM_uint32 *minor_status, krb5_context *context)); OM_uint32 kg2_parse_token PROTOTYPE((OM_uint32 *minor_status, unsigned char *ptr, int length, krb5_ui_4 *flags, int *nctypes, /* OUT */ krb5_cksumtype **ctypes, /* OUT */ int noptions, struct kg2_option *options, /* INOUT */ krb5_data *kmsg, krb5_data *mic)); void kg2_intersect_ctypes PROTOTYPE((int *nc1, krb5_cksumtype *c1, int nc2, const krb5_cksumtype *c2)); /** declarations of internal name mechanism functions **/ OM_uint32 krb5_gss_acquire_cred PROTOTYPE( (OM_uint32*, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ gss_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_cred_id_t*, /* output_cred_handle */ gss_OID_set*, /* actual_mechs */ OM_uint32* /* time_rec */ )); OM_uint32 krb5_gss_release_cred PROTOTYPE( (OM_uint32*, /* minor_status */ gss_cred_id_t* /* cred_handle */ )); OM_uint32 krb5_gss_init_sec_context PROTOTYPE( (OM_uint32*, /* minor_status */ gss_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t*, /* context_handle */ gss_name_t, /* target_name */ gss_OID, /* mech_type */ OM_uint32, /* req_flags */ OM_uint32, /* time_req */ gss_channel_bindings_t, /* input_chan_bindings */ gss_buffer_t, /* input_token */ gss_OID*, /* actual_mech_type */ gss_buffer_t, /* output_token */ OM_uint32*, /* ret_flags */ OM_uint32* /* time_rec */ )); OM_uint32 krb5_gss_accept_sec_context PROTOTYPE( (OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ gss_cred_id_t, /* verifier_cred_handle */ gss_buffer_t, /* input_token_buffer */ gss_channel_bindings_t, /* input_chan_bindings */ gss_name_t*, /* src_name */ gss_OID*, /* mech_type */ gss_buffer_t, /* output_token */ OM_uint32*, /* ret_flags */ OM_uint32*, /* time_rec */ gss_cred_id_t* /* delegated_cred_handle */ )); OM_uint32 krb5_gss_process_context_token PROTOTYPE( (OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t /* token_buffer */ )); OM_uint32 krb5_gss_delete_sec_context PROTOTYPE( (OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ gss_buffer_t /* output_token */ )); OM_uint32 krb5_gss_context_time PROTOTYPE( (OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ OM_uint32* /* time_rec */ )); OM_uint32 krb5_gss_sign PROTOTYPE( (OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* qop_req */ gss_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ )); OM_uint32 krb5_gss_verify PROTOTYPE( (OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* token_buffer */ int* /* qop_state */ )); OM_uint32 krb5_gss_seal PROTOTYPE( (OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ int, /* qop_req */ gss_buffer_t, /* input_message_buffer */ int*, /* conf_state */ gss_buffer_t /* output_message_buffer */ )); OM_uint32 krb5_gss_unseal PROTOTYPE( (OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int*, /* conf_state */ int* /* qop_state */ )); OM_uint32 krb5_gss_display_status PROTOTYPE( (OM_uint32*, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ gss_OID, /* mech_type */ OM_uint32*, /* message_context */ gss_buffer_t /* status_string */ )); OM_uint32 krb5_gss_indicate_mechs PROTOTYPE( (OM_uint32*, /* minor_status */ gss_OID_set* /* mech_set */ )); OM_uint32 krb5_gss_compare_name PROTOTYPE( (OM_uint32*, /* minor_status */ gss_name_t, /* name1 */ gss_name_t, /* name2 */ int* /* name_equal */ )); OM_uint32 krb5_gss_display_name PROTOTYPE( (OM_uint32*, /* minor_status */ gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID* /* output_name_type */ )); OM_uint32 krb5_gss_import_name PROTOTYPE( (OM_uint32*, /* minor_status */ gss_buffer_t, /* input_name_buffer */ gss_OID, /* input_name_type */ gss_name_t* /* output_name */ )); OM_uint32 krb5_gss_release_name PROTOTYPE( (OM_uint32*, /* minor_status */ gss_name_t* /* input_name */ )); OM_uint32 krb5_gss_inquire_cred PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_name_t *, /* name */ OM_uint32 *, /* lifetime */ gss_cred_usage_t*,/* cred_usage */ gss_OID_set * /* mechanisms */ )); OM_uint32 krb5_gss_inquire_context PROTOTYPE( (OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_name_t*, /* initiator_name */ gss_name_t*, /* acceptor_name */ OM_uint32*, /* lifetime_rec */ gss_OID*, /* mech_type */ OM_uint32*, /* ret_flags */ int*, /* locally_initiated */ int* /* open */ )); /* New V2 entry points */ OM_uint32 krb5_gss_get_mic PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ gss_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ )); OM_uint32 krb5_gss_verify_mic PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* message_token */ gss_qop_t * /* qop_state */ )); OM_uint32 krb5_gss_wrap PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ gss_buffer_t, /* input_message_buffer */ int *, /* conf_state */ gss_buffer_t /* output_message_buffer */ )); OM_uint32 krb5_gss_unwrap PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int *, /* conf_state */ gss_qop_t * /* qop_state */ )); OM_uint32 krb5_gss_wrap_size_limit PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ OM_uint32, /* req_output_size */ OM_uint32 * /* max_input_size */ )); OM_uint32 krb5_gss_import_name_object PROTOTYPE( (OM_uint32 *, /* minor_status */ void *, /* input_name */ gss_OID, /* input_name_type */ gss_name_t * /* output_name */ )); OM_uint32 krb5_gss_export_name_object PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_name_t, /* input_name */ gss_OID, /* desired_name_type */ void * * /* output_name */ )); OM_uint32 krb5_gss_add_cred PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ gss_name_t, /* desired_name */ gss_OID, /* desired_mech */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *, /* initiator_time_rec */ OM_uint32 * /* acceptor_time_rec */ )); OM_uint32 krb5_gss_inquire_cred_by_mech PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_OID, /* mech_type */ gss_name_t *, /* name */ OM_uint32 *, /* initiator_lifetime */ OM_uint32 *, /* acceptor_lifetime */ gss_cred_usage_t * /* cred_usage */ )); OM_uint32 krb5_gss_export_sec_context PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t /* interprocess_token */ )); OM_uint32 krb5_gss_import_sec_context PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ )); #if 0 OM_uint32 krb5_gss_release_oid PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_OID * /* oid */ )); #endif OM_uint32 krb5_gss_internal_release_oid PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_OID * /* oid */ )); OM_uint32 krb5_gss_inquire_names_for_mech PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_OID, /* mechanism */ gss_OID_set * /* name_types */ )); OM_uint32 krb5_gss_canonicalize_name PROTOTYPE( (OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ const gss_OID, /* mech_type */ gss_name_t * /* output_name */ )); OM_uint32 krb5_gss_export_name PROTOTYPE( (OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_buffer_t /* exported_name */ )); OM_uint32 krb5_gss_duplicate_name PROTOTYPE( (OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_name_t * /* dest_name */ )); OM_uint32 krb5_gss_validate_cred PROTOTYPE( (OM_uint32 *, /* minor_status */ gss_cred_id_t /* cred */ )); #endif /* _GSSAPIP_KRB5_H_ */