2 * Copyright 1993 by OpenVision Technologies, Inc.
4 * Permission to use, copy, modify, distribute, and sell this software
5 * and its documentation for any purpose is hereby granted without fee,
6 * provided that the above copyright notice appears in all copies and
7 * that both that copyright notice and this permission notice appear in
8 * supporting documentation, and that the name of OpenVision not be used
9 * in advertising or publicity pertaining to distribution of the software
10 * without specific, written prior permission. OpenVision makes no
11 * representations about the suitability of this software for any
12 * purpose. It is provided "as is" without express or implied warranty.
14 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
15 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
16 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
17 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
18 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
19 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
20 * PERFORMANCE OF THIS SOFTWARE.
23 #ifndef _GSSAPIP_KRB5_H_
24 #define _GSSAPIP_KRB5_H_
27 #include "los-proto.h"
30 /* work around sunos braindamage */
38 /* this must be after "krb5.h", since krb5 #defines xfree(), too */
39 #include "../generic/gssapiP_generic.h"
40 #include "gssapi_krb5.h"
41 #include "gssapi_err_krb5.h"
45 #define CKSUMTYPE_KG_CB 0x8003
47 #define KG_TOK_CTX_AP_REQ 0x0100
48 #define KG_TOK_CTX_AP_REP 0x0200
49 #define KG_TOK_CTX_ERROR 0x0300
50 #define KG_TOK_SIGN_MSG 0x0101
51 #define KG_TOK_SEAL_MSG 0x0201
52 #define KG_TOK_DEL_CTX 0x0102
54 /** internal types **/
56 typedef krb5_principal krb5_gss_name_t;
58 typedef struct _krb5_gss_cred_id_rec {
59 /* name/type of credential */
61 krb5_principal princ; /* this is not interned as a gss_name_t */
63 /* keytab (accept) data */
66 /* ccache (init) data */
68 krb5_timestamp tgt_expire;
69 } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t;
71 typedef struct _krb5_gss_enc_desc {
74 krb5_encrypt_block eblock;
77 typedef struct _krb5_gss_ctx_id_rec {
78 int initiate; /* nonzero if initiating, zero if accepting */
81 unsigned char seed[16];
82 krb5_gss_cred_id_t cred;
85 krb5_keyblock *subkey;
86 krb5_gss_enc_desc enc;
87 krb5_gss_enc_desc seq;
88 krb5_timestamp endtime;
95 krb5_auth_context * auth_context;
96 } krb5_gss_ctx_id_rec, krb5_gss_ctx_id_t;
100 extern krb5_context kg_context;
104 #define kg_save_name(name) g_save_name(&kg_vdb,name)
105 #define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred)
106 #define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx)
108 #define kg_validate_name(name) g_validate_name(&kg_vdb,name)
109 #define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred)
110 #define kg_validate_ctx_id(ctx) g_validate_ctx_id(&kg_vdb,ctx)
112 #define kg_delete_name(name) g_delete_name(&kg_vdb,name)
113 #define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred)
114 #define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx)
116 /** helper functions **/
118 OM_uint32 INTERFACE kg_get_defcred
119 PROTOTYPE((OM_uint32 *minor_status,
120 gss_cred_id_t *cred));
122 OM_uint32 INTERFACE kg_release_defcred PROTOTYPE((OM_uint32 *minor_status));
124 krb5_error_code INTERFACE kg_checksum_channel_bindings
125 PROTOTYPE((gss_channel_bindings_t cb,
126 krb5_checksum *cksum,
129 krb5_error_code INTERFACE kg_make_seq_num PROTOTYPE((krb5_gss_enc_desc *ed,
130 int direction, krb5_int32 seqnum, unsigned char *cksum,
131 unsigned char *buf));
133 krb5_error_code INTERFACE kg_make_seed PROTOTYPE((krb5_keyblock *key,
134 unsigned char *seed));
136 int INTERFACE kg_confounder_size PROTOTYPE((krb5_gss_enc_desc *ed));
138 krb5_error_code INTERFACE kg_make_confounder PROTOTYPE((krb5_gss_enc_desc *ed,
139 unsigned char *buf));
141 int INTERFACE kg_encrypt_size PROTOTYPE((krb5_gss_enc_desc *ed, int n));
143 krb5_error_code INTERFACE kg_encrypt PROTOTYPE((krb5_gss_enc_desc *ed,
144 krb5_pointer iv, krb5_pointer in, krb5_pointer out, int length));
146 krb5_error_code INTERFACE kg_decrypt PROTOTYPE((krb5_gss_enc_desc *ed,
147 krb5_pointer iv, krb5_pointer in, krb5_pointer out, int length));
149 OM_uint32 INTERFACE kg_seal PROTOTYPE((OM_uint32 *minor_status,
150 gss_ctx_id_t context_handle,
153 gss_buffer_t input_message_buffer,
155 gss_buffer_t output_message_buffer,
158 OM_uint32 INTERFACE kg_unseal PROTOTYPE((OM_uint32 *minor_status,
159 gss_ctx_id_t context_handle,
160 gss_buffer_t input_token_buffer,
161 gss_buffer_t message_buffer,
166 /** declarations of internal name mechanism functions **/
168 OM_uint32 INTERFACE krb5_gss_acquire_cred
169 PROTOTYPE( (krb5_context,
170 OM_uint32*, /* minor_status */
171 gss_name_t, /* desired_name */
172 OM_uint32, /* time_req */
173 gss_OID_set, /* desired_mechs */
174 int, /* cred_usage */
175 gss_cred_id_t*, /* output_cred_handle */
176 gss_OID_set*, /* actual_mechs */
177 OM_uint32* /* time_rec */
180 OM_uint32 INTERFACE krb5_gss_release_cred
181 PROTOTYPE( (krb5_context,
182 OM_uint32*, /* minor_status */
183 gss_cred_id_t* /* cred_handle */
186 OM_uint32 INTERFACE krb5_gss_init_sec_context
187 PROTOTYPE( (krb5_context,
188 OM_uint32*, /* minor_status */
189 gss_cred_id_t, /* claimant_cred_handle */
190 gss_ctx_id_t*, /* context_handle */
191 gss_name_t, /* target_name */
192 const_gss_OID, /* mech_type */
194 OM_uint32, /* time_req */
195 gss_channel_bindings_t,
196 /* input_chan_bindings */
197 gss_buffer_t, /* input_token */
198 gss_OID*, /* actual_mech_type */
199 gss_buffer_t, /* output_token */
200 int*, /* ret_flags */
201 OM_uint32* /* time_rec */
204 OM_uint32 INTERFACE krb5_gss_accept_sec_context
205 PROTOTYPE( (krb5_context,
206 OM_uint32*, /* minor_status */
207 gss_ctx_id_t*, /* context_handle */
208 gss_cred_id_t, /* verifier_cred_handle */
209 gss_buffer_t, /* input_token_buffer */
210 gss_channel_bindings_t,
211 /* input_chan_bindings */
212 gss_name_t*, /* src_name */
213 gss_OID*, /* mech_type */
214 gss_buffer_t, /* output_token */
215 int*, /* ret_flags */
216 OM_uint32*, /* time_rec */
217 gss_cred_id_t* /* delegated_cred_handle */
220 OM_uint32 INTERFACE krb5_gss_process_context_token
221 PROTOTYPE( (krb5_context,
222 OM_uint32*, /* minor_status */
223 gss_ctx_id_t, /* context_handle */
224 gss_buffer_t /* token_buffer */
227 OM_uint32 INTERFACE krb5_gss_delete_sec_context
228 PROTOTYPE( (krb5_context,
229 OM_uint32*, /* minor_status */
230 gss_ctx_id_t*, /* context_handle */
231 gss_buffer_t /* output_token */
234 OM_uint32 INTERFACE krb5_gss_context_time
235 PROTOTYPE( (krb5_context,
236 OM_uint32*, /* minor_status */
237 gss_ctx_id_t, /* context_handle */
238 OM_uint32* /* time_rec */
241 OM_uint32 INTERFACE krb5_gss_sign
242 PROTOTYPE( (krb5_context,
243 OM_uint32*, /* minor_status */
244 gss_ctx_id_t, /* context_handle */
246 gss_buffer_t, /* message_buffer */
247 gss_buffer_t /* message_token */
250 OM_uint32 INTERFACE krb5_gss_verify
251 PROTOTYPE( (krb5_context,
252 OM_uint32*, /* minor_status */
253 gss_ctx_id_t, /* context_handle */
254 gss_buffer_t, /* message_buffer */
255 gss_buffer_t, /* token_buffer */
259 OM_uint32 INTERFACE krb5_gss_seal
260 PROTOTYPE( (krb5_context,
261 OM_uint32*, /* minor_status */
262 gss_ctx_id_t, /* context_handle */
263 int, /* conf_req_flag */
265 gss_buffer_t, /* input_message_buffer */
266 int*, /* conf_state */
267 gss_buffer_t /* output_message_buffer */
270 OM_uint32 INTERFACE krb5_gss_unseal
271 PROTOTYPE( (krb5_context,
272 OM_uint32*, /* minor_status */
273 gss_ctx_id_t, /* context_handle */
274 gss_buffer_t, /* input_message_buffer */
275 gss_buffer_t, /* output_message_buffer */
276 int*, /* conf_state */
280 OM_uint32 INTERFACE krb5_gss_display_status
281 PROTOTYPE( (krb5_context,
282 OM_uint32*, /* minor_status */
283 OM_uint32, /* status_value */
284 int, /* status_type */
285 const_gss_OID, /* mech_type */
286 int*, /* message_context */
287 gss_buffer_t /* status_string */
290 OM_uint32 INTERFACE krb5_gss_indicate_mechs
291 PROTOTYPE( (krb5_context,
292 OM_uint32*, /* minor_status */
293 gss_OID_set* /* mech_set */
296 OM_uint32 INTERFACE krb5_gss_compare_name
297 PROTOTYPE( (krb5_context,
298 OM_uint32*, /* minor_status */
299 gss_name_t, /* name1 */
300 gss_name_t, /* name2 */
301 int* /* name_equal */
304 OM_uint32 INTERFACE krb5_gss_display_name
305 PROTOTYPE( (krb5_context,
306 OM_uint32*, /* minor_status */
307 gss_name_t, /* input_name */
308 gss_buffer_t, /* output_name_buffer */
309 gss_OID* /* output_name_type */
312 OM_uint32 INTERFACE krb5_gss_import_name
313 PROTOTYPE( (krb5_context,
314 OM_uint32*, /* minor_status */
315 gss_buffer_t, /* input_name_buffer */
316 const_gss_OID, /* input_name_type */
317 gss_name_t* /* output_name */
320 OM_uint32 INTERFACE krb5_gss_release_name
321 PROTOTYPE( (krb5_context,
322 OM_uint32*, /* minor_status */
323 gss_name_t* /* input_name */
326 OM_uint32 INTERFACE krb5_gss_inquire_cred
327 PROTOTYPE( (krb5_context,
328 OM_uint32 *, /* minor_status */
329 gss_cred_id_t, /* cred_handle */
330 gss_name_t *, /* name */
331 OM_uint32 *, /* lifetime */
332 int *, /* cred_usage */
333 gss_OID_set * /* mechanisms */
336 OM_uint32 INTERFACE krb5_gss_inquire_context
337 PROTOTYPE( (krb5_context,
338 OM_uint32*, /* minor_status */
339 gss_ctx_id_t, /* context_handle */
340 gss_name_t*, /* initiator_name */
341 gss_name_t*, /* acceptor_name */
342 OM_uint32*, /* lifetime_rec */
343 gss_OID*, /* mech_type */
344 int*, /* ret_flags */
345 int* /* locally_initiated */
348 OM_uint32 INTERFACE kg_get_context();
350 #endif /* _GSSAPIP_KRB5_H_ */