summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/generic/gssapi_ext.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/gssapi/generic/gssapi_ext.h')
-rw-r--r--src/lib/gssapi/generic/gssapi_ext.h261
1 files changed, 261 insertions, 0 deletions
diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h
new file mode 100644
index 000000000..40f5ab809
--- /dev/null
+++ b/src/lib/gssapi/generic/gssapi_ext.h
@@ -0,0 +1,261 @@
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#ifndef GSSAPI_EXT_H_
+#define GSSAPI_EXT_H_
+
+#include <gssapi/gssapi.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#if 0
+/*
+ * Solaris extensions
+ */
+int KRB5_CALLCONV gssd_pname_to_uid
+ (char *,
+ gss_OID,
+ gss_OID,
+ uid_t *);
+
+int KRB5_CALLCONV __gss_userok
+ (const gss_name_t /*name*/,
+ const char * /*username*/);
+#endif
+
+/*
+ * GGF extensions
+ */
+typedef struct gss_buffer_set_desc_struct {
+ size_t count;
+ gss_buffer_desc *elements;
+} gss_buffer_set_desc, *gss_buffer_set_t;
+
+#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0)
+
+OM_uint32 KRB5_CALLCONV gss_create_empty_buffer_set
+ (OM_uint32 * /*minor_status*/,
+ gss_buffer_set_t * /*buffer_set*/);
+
+OM_uint32 KRB5_CALLCONV gss_add_buffer_set_member
+ (OM_uint32 * /*minor_status*/,
+ const gss_buffer_t /*member_buffer*/,
+ gss_buffer_set_t * /*buffer_set*/);
+
+OM_uint32 KRB5_CALLCONV gss_release_buffer_set
+ (OM_uint32 * /*minor_status*/,
+ gss_buffer_set_t * /*buffer_set*/);
+
+OM_uint32 KRB5_CALLCONV gss_inquire_sec_context_by_oid
+ (OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_OID /*desired_object*/,
+ gss_buffer_set_t * /*data_set*/);
+
+OM_uint32 KRB5_CALLCONV gss_inquire_cred_by_oid
+ (OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*cred_handle*/,
+ const gss_OID /*desired_object*/,
+ gss_buffer_set_t * /*data_set*/);
+
+OM_uint32 KRB5_CALLCONV gss_set_sec_context_option
+ (OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*cred_handle*/,
+ const gss_OID /*desired_object*/,
+ const gss_buffer_t /*value*/);
+
+/* XXX do these really belong in this header? */
+OM_uint32 KRB5_CALLCONV gssspi_set_cred_option
+ (OM_uint32 * /*minor_status*/,
+ gss_cred_id_t /*cred*/,
+ const gss_OID /*desired_object*/,
+ const gss_buffer_t /*value*/);
+
+OM_uint32 KRB5_CALLCONV gssspi_mech_invoke
+ (OM_uint32 * /*minor_status*/,
+ const gss_OID /*desired_mech*/,
+ const gss_OID /*desired_object*/,
+ gss_buffer_t /*value*/);
+
+/*
+ * AEAD extensions
+ */
+
+OM_uint32 KRB5_CALLCONV gss_wrap_aead
+ (OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ gss_buffer_t /*input_assoc_buffer*/,
+ gss_buffer_t /*input_payload_buffer*/,
+ int * /*conf_state*/,
+ gss_buffer_t /*output_message_buffer*/);
+
+OM_uint32 KRB5_CALLCONV gss_unwrap_aead
+ (OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ gss_buffer_t /*input_message_buffer*/,
+ gss_buffer_t /*input_assoc_buffer*/,
+ gss_buffer_t /*output_payload_buffer*/,
+ int * /*conf_state*/,
+ gss_qop_t * /*qop_state*/);
+
+/*
+ * SSPI extensions
+ */
+#define GSS_C_DCE_STYLE 0x1000
+#define GSS_C_IDENTIFY_FLAG 0x2000
+#define GSS_C_EXTENDED_ERROR_FLAG 0x4000
+
+/*
+ * Returns a buffer set with the first member containing the
+ * session key for SSPI compatibility. The optional second
+ * member contains an OID identifying the session key type.
+ */
+GSS_DLLIMP extern gss_OID GSS_C_INQ_SSPI_SESSION_KEY;
+
+OM_uint32 KRB5_CALLCONV gss_complete_auth_token
+ (OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer);
+
+typedef struct gss_iov_buffer_desc_struct {
+ OM_uint32 type;
+ gss_buffer_desc buffer;
+} gss_iov_buffer_desc, *gss_iov_buffer_t;
+
+#define GSS_C_NO_IOV_BUFFER ((gss_iov_buffer_t)0)
+
+#define GSS_IOV_BUFFER_TYPE_EMPTY 0
+#define GSS_IOV_BUFFER_TYPE_DATA 1 /* Packet data */
+#define GSS_IOV_BUFFER_TYPE_HEADER 2 /* Mechanism header */
+#define GSS_IOV_BUFFER_TYPE_MECH_PARAMS 3 /* Mechanism specific parameters */
+#define GSS_IOV_BUFFER_TYPE_TRAILER 7 /* Mechanism trailer */
+#define GSS_IOV_BUFFER_TYPE_PADDING 9 /* Padding */
+#define GSS_IOV_BUFFER_TYPE_STREAM 10 /* Complete wrap token */
+#define GSS_IOV_BUFFER_TYPE_SIGN_ONLY 11 /* Sign only packet data */
+
+#define GSS_IOV_BUFFER_FLAG_MASK 0xFFFF0000
+#define GSS_IOV_BUFFER_FLAG_ALLOCATE 0x00010000 /* indicates GSS should allocate */
+#define GSS_IOV_BUFFER_FLAG_ALLOCATED 0x00020000 /* indicates caller should free */
+
+#define GSS_IOV_BUFFER_TYPE(_type) ((_type) & ~(GSS_IOV_BUFFER_FLAG_MASK))
+#define GSS_IOV_BUFFER_FLAGS(_type) ((_type) & GSS_IOV_BUFFER_FLAG_MASK)
+
+/*
+ * Sign and optionally encrypt a sequence of buffers. The buffers
+ * shall be ordered HEADER | DATA | PADDING | TRAILER. Suitable
+ * space for the header, padding and trailer should be provided
+ * by calling gss_wrap_iov_length(), or the ALLOCATE flag should
+ * be set on those buffers.
+ *
+ * Encryption is in-place. SIGN_ONLY buffers are untouched. Only
+ * a single PADDING buffer should be provided. The order of the
+ * buffers in memory does not matter. Buffers in the IOV should
+ * be arranged in the order above, and in the case of multiple
+ * DATA buffers the sender and receiver should agree on the
+ * order.
+ *
+ * With GSS_C_DCE_STYLE it is acceptable to not provide PADDING
+ * and TRAILER, but the caller must guarantee the plaintext data
+ * being encrypted is correctly padded, otherwise an error will
+ * be returned.
+ *
+ * While applications that have knowledge of the underlying
+ * cryptosystem may request a specific configuration of data
+ * buffers, the only generally supported configurations are:
+ *
+ * HEADER | DATA | PADDING | TRAILER
+ *
+ * which will emit GSS_Wrap() compatible tokens, and:
+ *
+ * HEADER | SIGN_ONLY | DATA | PADDING | TRAILER
+ *
+ * for AEAD.
+ *
+ * The typical (special cased) usage for DCE is as follows:
+ *
+ * SIGN_ONLY_1 | DATA | SIGN_ONLY_2 | HEADER
+ */
+OM_uint32 KRB5_CALLCONV gss_wrap_iov
+(
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int, /* conf_req_flag */
+ gss_qop_t, /* qop_req */
+ int *, /* conf_state */
+ gss_iov_buffer_desc *, /* iov */
+ int); /* iov_count */
+
+/*
+ * Verify and optionally decrypt a sequence of buffers. To process
+ * a GSS-API message without separate buffer, pass STREAM | DATA.
+ * Upon return DATA will contain the decrypted or integrity
+ * protected message. Only a single DATA buffer may be provided
+ * with this usage. DATA by default will point into STREAM, but if
+ * the ALLOCATE flag is set a copy will be returned.
+ *
+ * Otherwise, decryption is in-place. SIGN_ONLY buffers are
+ * untouched.
+ */
+OM_uint32 KRB5_CALLCONV gss_unwrap_iov
+(
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int *, /* conf_state */
+ gss_qop_t *, /* qop_state */
+ gss_iov_buffer_desc *, /* iov */
+ int); /* iov_count */
+
+/*
+ * Query HEADER, PADDING and TRAILER buffer lengths. DATA buffers
+ * should be provided so the correct padding length can be determined.
+ */
+OM_uint32 KRB5_CALLCONV gss_wrap_iov_length
+(
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int, /* conf_req_flag */
+ gss_qop_t, /* qop_req */
+ int *, /* conf_state */
+ gss_iov_buffer_desc *, /* iov */
+ int); /* iov_count */
+
+/*
+ * Release buffers that have the ALLOCATED flag set.
+ */
+OM_uint32 KRB5_CALLCONV gss_release_iov_buffer
+(
+ OM_uint32 *, /* minor_status */
+ gss_iov_buffer_desc *, /* iov */
+ int); /* iov_count */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GSSAPI_EXT_H_ */
generated by cgit (git 2.34.1) at 2025-06-15 20:44:51 +0000