gssapi.h000064400000072405147205044720006220 0ustar00/* This is the gssapi.h prologue. */ /* no xom.h */ /* End of gssapi.h prologue. */ /* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ #ifndef _GSSAPI_H_ #define _GSSAPI_H_ /* * Determine platform-dependent configuration. */ #if defined(__MACH__) && defined(__APPLE__) # include # if TARGET_RT_MAC_CFM # error "Use KfM 4.0 SDK headers for CFM compilation." # endif #endif #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ #if defined(TARGET_OS_MAC) && TARGET_OS_MAC # pragma pack(push,2) #endif #if defined(_MSDOS) || defined(_WIN32) #include #endif #ifndef KRB5_CALLCONV #define KRB5_CALLCONV #define KRB5_CALLCONV_C #endif #include /* * First, include stddef.h to get size_t defined. */ #include /* * POSIX says that sys/types.h is where size_t is defined. */ #include /* * $Id$ */ /* * First, define the three platform-dependent pointer types. */ struct gss_name_struct; typedef struct gss_name_struct * gss_name_t; struct gss_cred_id_struct; typedef struct gss_cred_id_struct * gss_cred_id_t; struct gss_ctx_id_struct; typedef struct gss_ctx_id_struct * gss_ctx_id_t; /* * The following type must be defined as the smallest natural unsigned integer * supported by the platform that has at least 32 bits of precision. */ typedef uint32_t gss_uint32; typedef int32_t gss_int32; #ifdef OM_STRING /* * We have included the xom.h header file. Use the definition for * OM_object identifier. */ typedef OM_object_identifier gss_OID_desc, *gss_OID; #else /* OM_STRING */ /* * We can't use X/Open definitions, so roll our own. */ typedef gss_uint32 OM_uint32; typedef struct gss_OID_desc_struct { OM_uint32 length; void *elements; } gss_OID_desc, *gss_OID; #endif /* OM_STRING */ typedef struct gss_OID_set_desc_struct { size_t count; gss_OID elements; } gss_OID_set_desc, *gss_OID_set; typedef struct gss_buffer_desc_struct { size_t length; void *value; } gss_buffer_desc, *gss_buffer_t; typedef struct gss_channel_bindings_struct { OM_uint32 initiator_addrtype; gss_buffer_desc initiator_address; OM_uint32 acceptor_addrtype; gss_buffer_desc acceptor_address; gss_buffer_desc application_data; } *gss_channel_bindings_t; /* * For now, define a QOP-type as an OM_uint32 (pending resolution of ongoing * discussions). */ typedef OM_uint32 gss_qop_t; typedef int gss_cred_usage_t; /* * Flag bits for context-level services. */ #define GSS_C_DELEG_FLAG 1 #define GSS_C_MUTUAL_FLAG 2 #define GSS_C_REPLAY_FLAG 4 #define GSS_C_SEQUENCE_FLAG 8 #define GSS_C_CONF_FLAG 16 #define GSS_C_INTEG_FLAG 32 #define GSS_C_ANON_FLAG 64 #define GSS_C_PROT_READY_FLAG 128 #define GSS_C_TRANS_FLAG 256 #define GSS_C_DELEG_POLICY_FLAG 32768 /* * Credential usage options */ #define GSS_C_BOTH 0 #define GSS_C_INITIATE 1 #define GSS_C_ACCEPT 2 /* * Status code types for gss_display_status */ #define GSS_C_GSS_CODE 1 #define GSS_C_MECH_CODE 2 /* * The constant definitions for channel-bindings address families */ #define GSS_C_AF_UNSPEC 0 #define GSS_C_AF_LOCAL 1 #define GSS_C_AF_INET 2 #define GSS_C_AF_IMPLINK 3 #define GSS_C_AF_PUP 4 #define GSS_C_AF_CHAOS 5 #define GSS_C_AF_NS 6 #define GSS_C_AF_NBS 7 #define GSS_C_AF_ECMA 8 #define GSS_C_AF_DATAKIT 9 #define GSS_C_AF_CCITT 10 #define GSS_C_AF_SNA 11 #define GSS_C_AF_DECnet 12 #define GSS_C_AF_DLI 13 #define GSS_C_AF_LAT 14 #define GSS_C_AF_HYLINK 15 #define GSS_C_AF_APPLETALK 16 #define GSS_C_AF_BSC 17 #define GSS_C_AF_DSS 18 #define GSS_C_AF_OSI 19 #define GSS_C_AF_NETBIOS 20 #define GSS_C_AF_X25 21 #define GSS_C_AF_NULLADDR 255 /* * Various Null values. */ #define GSS_C_NO_NAME ((gss_name_t) 0) #define GSS_C_NO_BUFFER ((gss_buffer_t) 0) #define GSS_C_NO_OID ((gss_OID) 0) #define GSS_C_NO_OID_SET ((gss_OID_set) 0) #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) #define GSS_C_EMPTY_BUFFER {0, NULL} /* * Some alternate names for a couple of the above values. These are defined * for V1 compatibility. */ #define GSS_C_NULL_OID GSS_C_NO_OID #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET /* * Define the default Quality of Protection for per-message services. Note * that an implementation that offers multiple levels of QOP may either reserve * a value (for example zero, as assumed here) to mean "default protection", or * alternatively may simply equate GSS_C_QOP_DEFAULT to a specific explicit * QOP value. However a value of 0 should always be interpreted by a GSSAPI * implementation as a request for the default protection level. */ #define GSS_C_QOP_DEFAULT 0 /* * Expiration time of 2^32-1 seconds means infinite lifetime for a * credential or security context */ #define GSS_C_INDEFINITE ((OM_uint32) 0xfffffffful) /* Major status codes */ #define GSS_S_COMPLETE 0 /* * Some "helper" definitions to make the status code macros obvious. */ #define GSS_C_CALLING_ERROR_OFFSET 24 #define GSS_C_ROUTINE_ERROR_OFFSET 16 #define GSS_C_SUPPLEMENTARY_OFFSET 0 #define GSS_C_CALLING_ERROR_MASK ((OM_uint32) 0377ul) #define GSS_C_ROUTINE_ERROR_MASK ((OM_uint32) 0377ul) #define GSS_C_SUPPLEMENTARY_MASK ((OM_uint32) 0177777ul) /* * The macros that test status codes for error conditions. Note that the * GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now * evaluates its argument only once. */ #define GSS_CALLING_ERROR(x) \ ((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) #define GSS_ROUTINE_ERROR(x) \ ((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) #define GSS_SUPPLEMENTARY_INFO(x) \ ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) #define GSS_ERROR(x) \ ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) /* * Now the actual status code definitions */ /* * Calling errors: */ #define GSS_S_CALL_INACCESSIBLE_READ \ (((OM_uint32) 1ul) << GSS_C_CALLING_ERROR_OFFSET) #define GSS_S_CALL_INACCESSIBLE_WRITE \ (((OM_uint32) 2ul) << GSS_C_CALLING_ERROR_OFFSET) #define GSS_S_CALL_BAD_STRUCTURE \ (((OM_uint32) 3ul) << GSS_C_CALLING_ERROR_OFFSET) /* * Routine errors: */ #define GSS_S_BAD_MECH (((OM_uint32) 1ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_NAME (((OM_uint32) 2ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_NAMETYPE (((OM_uint32) 3ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_BINDINGS (((OM_uint32) 4ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_STATUS (((OM_uint32) 5ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_SIG (((OM_uint32) 6ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_MIC GSS_S_BAD_SIG #define GSS_S_NO_CRED (((OM_uint32) 7ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_NO_CONTEXT (((OM_uint32) 8ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_DEFECTIVE_TOKEN (((OM_uint32) 9ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_DEFECTIVE_CREDENTIAL \ (((OM_uint32) 10ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_CREDENTIALS_EXPIRED \ (((OM_uint32) 11ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_CONTEXT_EXPIRED \ (((OM_uint32) 12ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_FAILURE (((OM_uint32) 13ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_QOP (((OM_uint32) 14ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_UNAUTHORIZED (((OM_uint32) 15ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_UNAVAILABLE (((OM_uint32) 16ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_DUPLICATE_ELEMENT \ (((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_NAME_NOT_MN \ (((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_MECH_ATTR \ (((OM_uint32) 19ul) << GSS_C_ROUTINE_ERROR_OFFSET) /* * Supplementary info bits: */ #define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) #define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) #define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) #define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) #define GSS_S_GAP_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) /* * Finally, function prototypes for the GSSAPI routines. */ #if defined (_WIN32) && defined (_MSC_VER) # ifdef GSS_DLL_FILE # define GSS_DLLIMP __declspec(dllexport) # else # define GSS_DLLIMP __declspec(dllimport) # endif #else # define GSS_DLLIMP #endif /* Reserved static storage for GSS_oids. Comments are quotes from RFC 2744. * * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}, * corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant * GSS_C_NT_USER_NAME should be initialized to point * to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_USER_NAME; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"}, * corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. * The constant GSS_C_NT_MACHINE_UID_NAME should be * initialized to point to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_MACHINE_UID_NAME; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"}, * corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. * The constant GSS_C_NT_STRING_UID_NAME should be * initialized to point to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_STRING_UID_NAME; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, * corresponding to an object-identifier value of * {iso(1) org(3) dod(6) internet(1) security(5) * nametypes(6) gss-host-based-services(2)). The constant * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point * to that gss_OID_desc. This is a deprecated OID value, and * implementations wishing to support hostbased-service names * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, * defined below, to identify such names; * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input * parameter, but should not be emitted by GSS-API * implementations */ GSS_DLLIMP extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" * "\x01\x02\x01\x04"}, corresponding to an * object-identifier value of {iso(1) member-body(2) * Unites States(840) mit(113554) infosys(1) gssapi(2) * generic(1) service_name(4)}. The constant * GSS_C_NT_HOSTBASED_SERVICE should be initialized * to point to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, * corresponding to an object identifier value of * {1(iso), 3(org), 6(dod), 1(internet), 5(security), * 6(nametypes), 3(gss-anonymous-name)}. The constant * and GSS_C_NT_ANONYMOUS should be initialized to point * to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_ANONYMOUS; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, * corresponding to an object-identifier value of * {1(iso), 3(org), 6(dod), 1(internet), 5(security), * 6(nametypes), 4(gss-api-exported-name)}. The constant * GSS_C_NT_EXPORT_NAME should be initialized to point * to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_EXPORT_NAME; /* Function Prototypes */ OM_uint32 KRB5_CALLCONV gss_acquire_cred( OM_uint32 *, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ gss_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *); /* time_rec */ OM_uint32 KRB5_CALLCONV gss_release_cred( OM_uint32 *, /* minor_status */ gss_cred_id_t *); /* cred_handle */ OM_uint32 KRB5_CALLCONV gss_init_sec_context( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t *, /* context_handle */ gss_name_t, /* target_name */ gss_OID, /* mech_type (used to be const) */ OM_uint32, /* req_flags */ OM_uint32, /* time_req */ gss_channel_bindings_t, /* input_chan_bindings */ gss_buffer_t, /* input_token */ gss_OID *, /* actual_mech_type */ gss_buffer_t, /* output_token */ OM_uint32 *, /* ret_flags */ OM_uint32 *); /* time_rec */ OM_uint32 KRB5_CALLCONV gss_accept_sec_context( OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_cred_id_t, /* acceptor_cred_handle */ gss_buffer_t, /* input_token_buffer */ gss_channel_bindings_t, /* input_chan_bindings */ gss_name_t *, /* src_name */ gss_OID *, /* mech_type */ gss_buffer_t, /* output_token */ OM_uint32 *, /* ret_flags */ OM_uint32 *, /* time_rec */ gss_cred_id_t *); /* delegated_cred_handle */ OM_uint32 KRB5_CALLCONV gss_process_context_token( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t); /* token_buffer */ OM_uint32 KRB5_CALLCONV gss_delete_sec_context( OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t); /* output_token */ OM_uint32 KRB5_CALLCONV gss_context_time( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ OM_uint32 *); /* time_rec */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_get_mic( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ gss_buffer_t, /* message_buffer */ gss_buffer_t); /* message_token */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_verify_mic(OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* message_token */ gss_qop_t * /* qop_state */ ); /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_wrap( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ gss_buffer_t, /* input_message_buffer */ int *, /* conf_state */ gss_buffer_t); /* output_message_buffer */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_unwrap( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int *, /* conf_state */ gss_qop_t *); /* qop_state */ OM_uint32 KRB5_CALLCONV gss_display_status( OM_uint32 *, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ gss_OID, /* mech_type (used to be const) */ OM_uint32 *, /* message_context */ gss_buffer_t); /* status_string */ OM_uint32 KRB5_CALLCONV gss_indicate_mechs( OM_uint32 *, /* minor_status */ gss_OID_set *); /* mech_set */ OM_uint32 KRB5_CALLCONV gss_compare_name( OM_uint32 *, /* minor_status */ gss_name_t, /* name1 */ gss_name_t, /* name2 */ int *); /* name_equal */ OM_uint32 KRB5_CALLCONV gss_display_name( OM_uint32 *, /* minor_status */ gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID *); /* output_name_type */ OM_uint32 KRB5_CALLCONV gss_import_name( OM_uint32 *, /* minor_status */ gss_buffer_t, /* input_name_buffer */ gss_OID, /* input_name_type(used to be const) */ gss_name_t *); /* output_name */ OM_uint32 KRB5_CALLCONV gss_release_name( OM_uint32 *, /* minor_status */ gss_name_t *); /* input_name */ OM_uint32 KRB5_CALLCONV gss_release_buffer( OM_uint32 *, /* minor_status */ gss_buffer_t); /* buffer */ OM_uint32 KRB5_CALLCONV gss_release_oid_set( OM_uint32 *, /* minor_status */ gss_OID_set *); /* set */ OM_uint32 KRB5_CALLCONV gss_inquire_cred( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_name_t *, /* name */ OM_uint32 *, /* lifetime */ gss_cred_usage_t *, /* cred_usage */ gss_OID_set *); /* mechanisms */ /* Last argument new for V2 */ OM_uint32 KRB5_CALLCONV gss_inquire_context( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_name_t *, /* src_name */ gss_name_t *, /* targ_name */ OM_uint32 *, /* lifetime_rec */ gss_OID *, /* mech_type */ OM_uint32 *, /* ctx_flags */ int *, /* locally_initiated */ int *); /* open */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_wrap_size_limit( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ OM_uint32, /* req_output_size */ OM_uint32 *); /* max_input_size */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_import_name_object( OM_uint32 *, /* minor_status */ void *, /* input_name */ gss_OID, /* input_name_type */ gss_name_t *); /* output_name */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_export_name_object( OM_uint32 *, /* minor_status */ gss_name_t, /* input_name */ gss_OID, /* desired_name_type */ void **); /* output_name */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_add_cred( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ gss_name_t, /* desired_name */ gss_OID, /* desired_mech */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *, /* initiator_time_rec */ OM_uint32 *); /* acceptor_time_rec */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_inquire_cred_by_mech( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_OID, /* mech_type */ gss_name_t *, /* name */ OM_uint32 *, /* initiator_lifetime */ OM_uint32 *, /* acceptor_lifetime */ gss_cred_usage_t *); /* cred_usage */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_export_sec_context( OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t); /* interprocess_token */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_import_sec_context( OM_uint32 *, /* minor_status */ gss_buffer_t, /* interprocess_token */ gss_ctx_id_t *); /* context_handle */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_release_oid( OM_uint32 *, /* minor_status */ gss_OID *); /* oid */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_create_empty_oid_set( OM_uint32 *, /* minor_status */ gss_OID_set *); /* oid_set */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_add_oid_set_member( OM_uint32 *, /* minor_status */ gss_OID, /* member_oid */ gss_OID_set *); /* oid_set */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_test_oid_set_member( OM_uint32 *, /* minor_status */ gss_OID, /* member */ gss_OID_set, /* set */ int *); /* present */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_str_to_oid( OM_uint32 *, /* minor_status */ gss_buffer_t, /* oid_str */ gss_OID *); /* oid */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_oid_to_str( OM_uint32 *, /* minor_status */ gss_OID, /* oid */ gss_buffer_t); /* oid_str */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_inquire_names_for_mech( OM_uint32 *, /* minor_status */ gss_OID, /* mechanism */ gss_OID_set *); /* name_types */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_inquire_mechs_for_name( OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_OID_set *); /* mech_types */ /* * The following routines are obsolete variants of gss_get_mic, gss_wrap, * gss_verify_mic and gss_unwrap. They should be provided by GSSAPI V2 * implementations for backwards compatibility with V1 applications. Distinct * entrypoints (as opposed to #defines) should be provided, to allow GSSAPI * V1 applications to link against GSSAPI V2 implementations. */ OM_uint32 KRB5_CALLCONV gss_sign( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* qop_req */ gss_buffer_t, /* message_buffer */ gss_buffer_t); /* message_token */ OM_uint32 KRB5_CALLCONV gss_verify( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* token_buffer */ int *); /* qop_state */ OM_uint32 KRB5_CALLCONV gss_seal( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ int, /* qop_req */ gss_buffer_t, /* input_message_buffer */ int *, /* conf_state */ gss_buffer_t); /* output_message_buffer */ OM_uint32 KRB5_CALLCONV gss_unseal( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int *, /* conf_state */ int *); /* qop_state */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_export_name( OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_buffer_t); /* exported_name */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_duplicate_name( OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_name_t *); /* dest_name */ /* New for V2 */ OM_uint32 KRB5_CALLCONV gss_canonicalize_name( OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ const gss_OID, /* mech_type */ gss_name_t *); /* output_name */ /* RFC 4401 */ #define GSS_C_PRF_KEY_FULL 0 #define GSS_C_PRF_KEY_PARTIAL 1 OM_uint32 KRB5_CALLCONV gss_pseudo_random( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context */ int, /* prf_key */ const gss_buffer_t, /* prf_in */ ssize_t, /* desired_output_len */ gss_buffer_t); /* prf_out */ OM_uint32 KRB5_CALLCONV gss_store_cred( OM_uint32 *, /* minor_status */ const gss_cred_id_t,/* input_cred_handle */ gss_cred_usage_t, /* input_usage */ const gss_OID, /* desired_mech */ OM_uint32, /* overwrite_cred */ OM_uint32, /* default_cred */ gss_OID_set *, /* elements_stored */ gss_cred_usage_t *);/* cred_usage_stored */ OM_uint32 KRB5_CALLCONV gss_set_neg_mechs( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ const gss_OID_set); /* mech_set */ #if defined(TARGET_OS_MAC) && TARGET_OS_MAC # pragma pack(pop) #endif #ifdef __cplusplus } #endif /* XXXX these are not part of the GSSAPI C bindings! (but should be) */ #define GSS_CALLING_ERROR_FIELD(x) \ (((x) >> GSS_C_CALLING_ERROR_OFFSET) & GSS_C_CALLING_ERROR_MASK) #define GSS_ROUTINE_ERROR_FIELD(x) \ (((x) >> GSS_C_ROUTINE_ERROR_OFFSET) & GSS_C_ROUTINE_ERROR_MASK) #define GSS_SUPPLEMENTARY_INFO_FIELD(x) \ (((x) >> GSS_C_SUPPLEMENTARY_OFFSET) & GSS_C_SUPPLEMENTARY_MASK) /* XXXX This is a necessary evil until the spec is fixed */ #define GSS_S_CRED_UNAVAIL GSS_S_FAILURE /* * RFC 5587 */ typedef const gss_buffer_desc *gss_const_buffer_t; typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t; typedef const struct gss_ctx_id_struct *gss_const_ctx_id_t; typedef const struct gss_cred_id_struct *gss_const_cred_id_t; typedef const struct gss_name_struct *gss_const_name_t; typedef const gss_OID_desc *gss_const_OID; typedef const gss_OID_set_desc *gss_const_OID_set; OM_uint32 KRB5_CALLCONV gss_indicate_mechs_by_attrs( OM_uint32 *, /* minor_status */ gss_const_OID_set, /* desired_mech_attrs */ gss_const_OID_set, /* except_mech_attrs */ gss_const_OID_set, /* critical_mech_attrs */ gss_OID_set *); /* mechs */ OM_uint32 KRB5_CALLCONV gss_inquire_attrs_for_mech( OM_uint32 *, /* minor_status */ gss_const_OID, /* mech */ gss_OID_set *, /* mech_attrs */ gss_OID_set *); /* known_mech_attrs */ OM_uint32 KRB5_CALLCONV gss_display_mech_attr( OM_uint32 *, /* minor_status */ gss_const_OID, /* mech_attr */ gss_buffer_t, /* name */ gss_buffer_t, /* short_desc */ gss_buffer_t); /* long_desc */ GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_CONCRETE; GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_PSEUDO; GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_COMPOSITE; GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_NEGO; GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_GLUE; GSS_DLLIMP extern gss_const_OID GSS_C_MA_NOT_MECH; GSS_DLLIMP extern gss_const_OID GSS_C_MA_DEPRECATED; GSS_DLLIMP extern gss_const_OID GSS_C_MA_NOT_DFLT_MECH; GSS_DLLIMP extern gss_const_OID GSS_C_MA_ITOK_FRAMED; GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT; GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG; GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT_INIT; GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG_INIT; GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT_ANON; GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG_ANON; GSS_DLLIMP extern gss_const_OID GSS_C_MA_DELEG_CRED; GSS_DLLIMP extern gss_const_OID GSS_C_MA_INTEG_PROT; GSS_DLLIMP extern gss_const_OID GSS_C_MA_CONF_PROT; GSS_DLLIMP extern gss_const_OID GSS_C_MA_MIC; GSS_DLLIMP extern gss_const_OID GSS_C_MA_WRAP; GSS_DLLIMP extern gss_const_OID GSS_C_MA_PROT_READY; GSS_DLLIMP extern gss_const_OID GSS_C_MA_REPLAY_DET; GSS_DLLIMP extern gss_const_OID GSS_C_MA_OOS_DET; GSS_DLLIMP extern gss_const_OID GSS_C_MA_CBINDINGS; GSS_DLLIMP extern gss_const_OID GSS_C_MA_PFS; GSS_DLLIMP extern gss_const_OID GSS_C_MA_COMPRESS; GSS_DLLIMP extern gss_const_OID GSS_C_MA_CTX_TRANS; /* * RFC 5801 */ OM_uint32 KRB5_CALLCONV gss_inquire_saslname_for_mech( OM_uint32 *, /* minor_status */ const gss_OID, /* desired_mech */ gss_buffer_t, /* sasl_mech_name */ gss_buffer_t, /* mech_name */ gss_buffer_t /* mech_description */ ); OM_uint32 KRB5_CALLCONV gss_inquire_mech_for_saslname( OM_uint32 *, /* minor_status */ const gss_buffer_t, /* sasl_mech_name */ gss_OID * /* mech_type */ ); #endif /* _GSSAPI_H_ */ gssapi_alloc.h000064400000005120147205044720007360 0ustar00/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* To the extent possible under law, Painless Security, LLC has waived * all copyright and related or neighboring rights to GSS-API Memory * Management Header. This work is published from: United States. */ #ifndef GSSAPI_ALLOC_H #define GSSAPI_ALLOC_H #ifdef _WIN32 #include "winbase.h" #endif #include #if defined(_WIN32) static inline void gssalloc_free(void *value) { if (value) HeapFree(GetProcessHeap(), 0, value); } static inline void * gssalloc_malloc(size_t size) { return HeapAlloc(GetProcessHeap(), 0, size); } static inline void * gssalloc_calloc(size_t count, size_t size) { return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, count * size); } static inline void * gssalloc_realloc(void *value, size_t size) { /* Unlike realloc(), HeapReAlloc() does not work on null values. */ if (value == NULL) return HeapAlloc(GetProcessHeap(), 0, size); return HeapReAlloc(GetProcessHeap(), 0, value, size); } #elif defined(DEBUG_GSSALLOC) /* Be deliberately incompatible with malloc and free, to allow us to detect * mismatched malloc/gssalloc usage on Unix. */ static inline void gssalloc_free(void *value) { char *p = (char *)value - 8; if (value == NULL) return; if (memcmp(p, "gssalloc", 8) != 0) abort(); free(p); } static inline void * gssalloc_malloc(size_t size) { char *p = calloc(size + 8, 1); memcpy(p, "gssalloc", 8); return p + 8; } static inline void * gssalloc_calloc(size_t count, size_t size) { return gssalloc_malloc(count * size); } static inline void * gssalloc_realloc(void *value, size_t size) { char *p = (char *)value - 8; if (value == NULL) return gssalloc_malloc(size); if (memcmp(p, "gssalloc", 8) != 0) abort(); return (char *)realloc(p, size + 8) + 8; } #else /* not _WIN32 or DEBUG_GSSALLOC */ /* Normal Unix case, just use free/malloc/calloc/realloc. */ static inline void gssalloc_free(void *value) { free(value); } static inline void * gssalloc_malloc(size_t size) { return malloc(size); } static inline void * gssalloc_calloc(size_t count, size_t size) { return calloc(count, size); } static inline void * gssalloc_realloc(void *value, size_t size) { return realloc(value, size); } #endif /* not _WIN32 or DEBUG_GSSALLOC */ static inline char * gssalloc_strdup(const char *str) { size_t size = strlen(str)+1; char *copy = gssalloc_malloc(size); if (copy) { memcpy(copy, str, size); copy[size-1] = '\0'; } return copy; } #endif gssapi_ext.h000064400000050663147205044720007102 0ustar00/* * Copyright 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ #ifndef GSSAPI_EXT_H_ #define GSSAPI_EXT_H_ #include #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ /* * Solaris extensions */ #ifndef _WIN32 OM_uint32 KRB5_CALLCONV gss_pname_to_uid (OM_uint32 *minor, const gss_name_t name, const gss_OID mech_type, uid_t *uidOut); #endif /** * Provides a platform-specific name for a GSSAPI name as interpreted by a * given mechanism. * * @param [out] minor Minor status code * @param [in] name The gss name resulting from accept_sec_context * @param [in] mech_type The mechanism that will be asked to map @a name to a * local name * @param [out] localname Caller-allocated buffer to be filled in with the * local name on success */ OM_uint32 KRB5_CALLCONV gss_localname (OM_uint32 *minor, const gss_name_t name, gss_const_OID mech_type, gss_buffer_t localname); /** * Determine whether a mechanism name is authorized to act as a username. * * @param [in] name Mechanism name * @param [in] username System username * * This is a simple wrapper around gss_authorize_localname(). It only supports * system usernames as local names, and cannot distinguish between lack of * authorization and other errors. * * @retval 1 @a name is authorized to act as @a username * @retval 0 @a name is not authorized or an error occurred */ int KRB5_CALLCONV gss_userok(const gss_name_t name, const char *username); /** * Determine whether a mechanism name is authorized to act as a local name. * * @param [out] minor Minor status code * @param [in] name Mechanism name * @param [in] user Local name * * @a name is a mechanism name, typically the result of a completed * gss_accept_sec_context(). @a user is an internal name representing a local * name, such as a name imported by gss_import_name() with an @a * input_name_type of @c GSS_C_NT_USER_NAME. * * @return Return GSS_S_COMPLETE if @a name is authorized to act as @a user, * GSS_S_UNAUTHORIZED if not, or an appropriate GSS error code if an error * occurred. * * @sa gss_userok */ OM_uint32 KRB5_CALLCONV gss_authorize_localname(OM_uint32 *minor, const gss_name_t name, const gss_name_t user); OM_uint32 KRB5_CALLCONV gss_acquire_cred_with_password( OM_uint32 *, /* minor_status */ const gss_name_t, /* desired_name */ const gss_buffer_t, /* password */ OM_uint32, /* time_req */ const gss_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *); /* time_rec */ OM_uint32 KRB5_CALLCONV gss_add_cred_with_password( OM_uint32 *, /* minor_status */ const gss_cred_id_t,/* input_cred_handle */ const gss_name_t, /* desired_name */ const gss_OID, /* desired_mech */ const gss_buffer_t, /* password */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *, /* initiator_time_rec */ OM_uint32 *); /* acceptor_time_rec */ /* * GGF extensions */ typedef struct gss_buffer_set_desc_struct { size_t count; gss_buffer_desc *elements; } gss_buffer_set_desc, *gss_buffer_set_t; #define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0) OM_uint32 KRB5_CALLCONV gss_create_empty_buffer_set (OM_uint32 * /*minor_status*/, gss_buffer_set_t * /*buffer_set*/); OM_uint32 KRB5_CALLCONV gss_add_buffer_set_member (OM_uint32 * /*minor_status*/, const gss_buffer_t /*member_buffer*/, gss_buffer_set_t * /*buffer_set*/); OM_uint32 KRB5_CALLCONV gss_release_buffer_set (OM_uint32 * /*minor_status*/, gss_buffer_set_t * /*buffer_set*/); OM_uint32 KRB5_CALLCONV gss_inquire_sec_context_by_oid (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_OID /*desired_object*/, gss_buffer_set_t * /*data_set*/); OM_uint32 KRB5_CALLCONV gss_inquire_cred_by_oid (OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, const gss_OID /*desired_object*/, gss_buffer_set_t * /*data_set*/); OM_uint32 KRB5_CALLCONV gss_set_sec_context_option (OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*cred_handle*/, const gss_OID /*desired_object*/, const gss_buffer_t /*value*/); /* * Export import cred extensions from GGF, but using Heimdal's signatures */ OM_uint32 KRB5_CALLCONV gss_export_cred (OM_uint32 * /* minor_status */, gss_cred_id_t /* cred_handle */, gss_buffer_t /* token */); OM_uint32 KRB5_CALLCONV gss_import_cred (OM_uint32 * /* minor_status */, gss_buffer_t /* token */, gss_cred_id_t * /* cred_handle */); /* * Heimdal extension */ OM_uint32 KRB5_CALLCONV gss_set_cred_option (OM_uint32 * /*minor_status*/, gss_cred_id_t * /*cred*/, const gss_OID /*desired_object*/, const gss_buffer_t /*value*/); /* * Call the given method on the given mechanism */ OM_uint32 KRB5_CALLCONV gssspi_mech_invoke (OM_uint32 * /*minor_status*/, const gss_OID /*desired_mech*/, const gss_OID /*desired_object*/, gss_buffer_t /*value*/); /* * AEAD extensions */ OM_uint32 KRB5_CALLCONV gss_wrap_aead (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, int /*conf_req_flag*/, gss_qop_t /*qop_req*/, gss_buffer_t /*input_assoc_buffer*/, gss_buffer_t /*input_payload_buffer*/, int * /*conf_state*/, gss_buffer_t /*output_message_buffer*/); OM_uint32 KRB5_CALLCONV gss_unwrap_aead (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, gss_buffer_t /*input_message_buffer*/, gss_buffer_t /*input_assoc_buffer*/, gss_buffer_t /*output_payload_buffer*/, int * /*conf_state*/, gss_qop_t * /*qop_state*/); /* * SSPI extensions */ #define GSS_C_DCE_STYLE 0x1000 #define GSS_C_IDENTIFY_FLAG 0x2000 #define GSS_C_EXTENDED_ERROR_FLAG 0x4000 /* * Returns a buffer set with the first member containing the * session key for SSPI compatibility. The optional second * member contains an OID identifying the session key type. */ GSS_DLLIMP extern gss_OID GSS_C_INQ_SSPI_SESSION_KEY; GSS_DLLIMP extern gss_OID GSS_C_INQ_NEGOEX_KEY; GSS_DLLIMP extern gss_OID GSS_C_INQ_NEGOEX_VERIFY_KEY; OM_uint32 KRB5_CALLCONV gss_complete_auth_token (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer); typedef struct gss_iov_buffer_desc_struct { OM_uint32 type; gss_buffer_desc buffer; } gss_iov_buffer_desc, *gss_iov_buffer_t; #define GSS_C_NO_IOV_BUFFER ((gss_iov_buffer_t)0) #define GSS_IOV_BUFFER_TYPE_EMPTY 0 #define GSS_IOV_BUFFER_TYPE_DATA 1 /* Packet data */ #define GSS_IOV_BUFFER_TYPE_HEADER 2 /* Mechanism header */ #define GSS_IOV_BUFFER_TYPE_MECH_PARAMS 3 /* Mechanism specific parameters */ #define GSS_IOV_BUFFER_TYPE_TRAILER 7 /* Mechanism trailer */ #define GSS_IOV_BUFFER_TYPE_PADDING 9 /* Padding */ #define GSS_IOV_BUFFER_TYPE_STREAM 10 /* Complete wrap token */ #define GSS_IOV_BUFFER_TYPE_SIGN_ONLY 11 /* Sign only packet data */ #define GSS_IOV_BUFFER_TYPE_MIC_TOKEN 12 /* MIC token destination */ #define GSS_IOV_BUFFER_FLAG_MASK 0xFFFF0000 #define GSS_IOV_BUFFER_FLAG_ALLOCATE 0x00010000 /* indicates GSS should allocate */ #define GSS_IOV_BUFFER_FLAG_ALLOCATED 0x00020000 /* indicates caller should free */ #define GSS_IOV_BUFFER_TYPE(_type) ((_type) & ~(GSS_IOV_BUFFER_FLAG_MASK)) #define GSS_IOV_BUFFER_FLAGS(_type) ((_type) & GSS_IOV_BUFFER_FLAG_MASK) /* * Sign and optionally encrypt a sequence of buffers. The buffers * shall be ordered HEADER | DATA | PADDING | TRAILER. Suitable * space for the header, padding and trailer should be provided * by calling gss_wrap_iov_length(), or the ALLOCATE flag should * be set on those buffers. * * Encryption is in-place. SIGN_ONLY buffers are untouched. Only * a single PADDING buffer should be provided. The order of the * buffers in memory does not matter. Buffers in the IOV should * be arranged in the order above, and in the case of multiple * DATA buffers the sender and receiver should agree on the * order. * * With GSS_C_DCE_STYLE it is acceptable to not provide PADDING * and TRAILER, but the caller must guarantee the plaintext data * being encrypted is correctly padded, otherwise an error will * be returned. * * While applications that have knowledge of the underlying * cryptosystem may request a specific configuration of data * buffers, the only generally supported configurations are: * * HEADER | DATA | PADDING | TRAILER * * which will emit GSS_Wrap() compatible tokens, and: * * HEADER | SIGN_ONLY | DATA | PADDING | TRAILER * * for AEAD. * * The typical (special cased) usage for DCE is as follows: * * SIGN_ONLY_1 | DATA | SIGN_ONLY_2 | HEADER */ OM_uint32 KRB5_CALLCONV gss_wrap_iov ( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ int *, /* conf_state */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Verify and optionally decrypt a sequence of buffers. To process * a GSS-API message without separate buffer, pass STREAM | DATA. * Upon return DATA will contain the decrypted or integrity * protected message. Only a single DATA buffer may be provided * with this usage. DATA by default will point into STREAM, but if * the ALLOCATE flag is set a copy will be returned. * * Otherwise, decryption is in-place. SIGN_ONLY buffers are * untouched. */ OM_uint32 KRB5_CALLCONV gss_unwrap_iov ( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int *, /* conf_state */ gss_qop_t *, /* qop_state */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Query HEADER, PADDING and TRAILER buffer lengths. DATA buffers * should be provided so the correct padding length can be determined. */ OM_uint32 KRB5_CALLCONV gss_wrap_iov_length ( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ int *, /* conf_state */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Produce a GSSAPI MIC token for a sequence of buffers. All SIGN_ONLY and * DATA buffers will be signed, in the order they appear. One MIC_TOKEN buffer * must be included for the result. Suitable space should be provided for the * MIC_TOKEN buffer by calling gss_get_mic_iov_length, or the ALLOCATE flag * should be set on that buffer. If the ALLOCATE flag is used, use * gss_release_iov_buffer to free the allocated buffer within the iov list when * it is no longer needed. */ OM_uint32 KRB5_CALLCONV gss_get_mic_iov ( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Query the MIC_TOKEN buffer length within the iov list. */ OM_uint32 KRB5_CALLCONV gss_get_mic_iov_length( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Verify the MIC_TOKEN buffer within the iov list against the SIGN_ONLY and * DATA buffers in the order they appear. Return values are the same as for * gss_verify_mic. */ OM_uint32 KRB5_CALLCONV gss_verify_mic_iov ( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_qop_t *, /* qop_state */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Release buffers that have the ALLOCATED flag set. */ OM_uint32 KRB5_CALLCONV gss_release_iov_buffer ( OM_uint32 *, /* minor_status */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Protocol transition */ OM_uint32 KRB5_CALLCONV gss_acquire_cred_impersonate_name( OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* impersonator_cred_handle */ const gss_name_t, /* desired_name */ OM_uint32, /* time_req */ const gss_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *); /* time_rec */ OM_uint32 KRB5_CALLCONV gss_add_cred_impersonate_name( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ const gss_cred_id_t, /* impersonator_cred_handle */ const gss_name_t, /* desired_name */ const gss_OID, /* desired_mech */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *, /* initiator_time_rec */ OM_uint32 *); /* acceptor_time_rec */ /* * Naming extensions */ GSS_DLLIMP extern gss_buffer_t GSS_C_ATTR_LOCAL_LOGIN_USER; GSS_DLLIMP extern gss_OID GSS_C_NT_COMPOSITE_EXPORT; OM_uint32 KRB5_CALLCONV gss_display_name_ext ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ gss_OID, /* display_as_name_type */ gss_buffer_t /* display_name */ ); OM_uint32 KRB5_CALLCONV gss_inquire_name ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ int *, /* name_is_MN */ gss_OID *, /* MN_mech */ gss_buffer_set_t * /* attrs */ ); OM_uint32 KRB5_CALLCONV gss_get_name_attribute ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ gss_buffer_t, /* attr */ int *, /* authenticated */ int *, /* complete */ gss_buffer_t, /* value */ gss_buffer_t, /* display_value */ int * /* more */ ); OM_uint32 KRB5_CALLCONV gss_set_name_attribute ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ int, /* complete */ gss_buffer_t, /* attr */ gss_buffer_t /* value */ ); OM_uint32 KRB5_CALLCONV gss_delete_name_attribute ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ gss_buffer_t /* attr */ ); OM_uint32 KRB5_CALLCONV gss_export_name_composite ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ gss_buffer_t /* exp_composite_name */ ); typedef struct gss_any *gss_any_t; OM_uint32 KRB5_CALLCONV gss_map_name_to_any ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ int, /* authenticated */ gss_buffer_t, /* type_id */ gss_any_t * /* output */ ); OM_uint32 KRB5_CALLCONV gss_release_any_name_mapping ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ gss_buffer_t, /* type_id */ gss_any_t * /* input */ ); /* draft-josefsson-gss-capsulate */ OM_uint32 KRB5_CALLCONV gss_encapsulate_token ( gss_const_buffer_t, /* input_token */ gss_const_OID, /* token_oid */ gss_buffer_t /* output_token */ ); OM_uint32 KRB5_CALLCONV gss_decapsulate_token ( gss_const_buffer_t, /* input_token */ gss_const_OID, /* token_oid */ gss_buffer_t /* output_token */ ); int KRB5_CALLCONV gss_oid_equal ( gss_const_OID, /* first_oid */ gss_const_OID /* second_oid */ ); /* Credential store extensions */ struct gss_key_value_element_struct { const char *key; const char *value; }; typedef struct gss_key_value_element_struct gss_key_value_element_desc; struct gss_key_value_set_struct { OM_uint32 count; gss_key_value_element_desc *elements; }; typedef struct gss_key_value_set_struct gss_key_value_set_desc; typedef const gss_key_value_set_desc *gss_const_key_value_set_t; #define GSS_C_NO_CRED_STORE ((gss_const_key_value_set_t) 0) OM_uint32 KRB5_CALLCONV gss_acquire_cred_from( OM_uint32 *, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ gss_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_const_key_value_set_t, /* cred_store */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *); /* time_rec */ OM_uint32 KRB5_CALLCONV gss_add_cred_from( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ gss_name_t, /* desired_name */ gss_OID, /* desired_mech */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ gss_const_key_value_set_t, /* cred_store */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *, /* initiator_time_rec */ OM_uint32 *); /* acceptor_time_rec */ OM_uint32 KRB5_CALLCONV gss_store_cred_into( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ gss_cred_usage_t, /* input_usage */ gss_OID, /* desired_mech */ OM_uint32, /* overwrite_cred */ OM_uint32, /* default_cred */ gss_const_key_value_set_t, /* cred_store */ gss_OID_set *, /* elements_stored */ gss_cred_usage_t *); /* cred_usage_stored */ /* * A mech can make itself negotiable via NegoEx (draft-zhu-negoex) by * implementing the following three SPIs, and also implementing * gss_inquire_sec_context_by_oid() and answering the GSS_C_INQ_NEGOEX_KEY and * GSS_C_INQ_NEGOEX_VERIFY_KEY OIDs. The answer must be in two buffers: the * first contains the key contents, and the second contains the key enctype as * a four-byte little-endian integer. * * By default, NegoEx mechanisms will not be directly negotiated via SPNEGO. * If direct SPNEGO negotiation is required for interoperability, implement * gss_inquire_attrs_for_mech() and assert the GSS_C_MA_NEGOEX_AND_SPNEGO * attribute (along with any applicable RFC 5587 attributes). */ #define GSS_C_CHANNEL_BOUND_FLAG 2048 /* 0x00000800 */ OM_uint32 KRB5_CALLCONV gssspi_query_meta_data( OM_uint32 *minor_status, gss_const_OID mech_oid, gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle, const gss_name_t targ_name, OM_uint32 req_flags, gss_buffer_t meta_data); OM_uint32 KRB5_CALLCONV gssspi_exchange_meta_data( OM_uint32 *minor_status, gss_const_OID mech_oid, gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle, const gss_name_t targ_name, OM_uint32 req_flags, gss_const_buffer_t meta_data); OM_uint32 KRB5_CALLCONV gssspi_query_mechanism_info( OM_uint32 *minor_status, gss_const_OID mech_oid, unsigned char auth_scheme[16]); GSS_DLLIMP extern gss_const_OID GSS_C_MA_NEGOEX_AND_SPNEGO; #ifdef __cplusplus } #endif /* * When used with gss_inquire_sec_context_by_oid(), return a buffer set with * the first member containing an unsigned 32-bit integer in network byte * order. This is the Security Strength Factor (SSF) associated with the * secure channel established by the security context. NOTE: This value is * made available solely as an indication for use by APIs like Cyrus SASL that * classify the strength of a secure channel via this number. The strength of * a channel cannot necessarily be represented by a simple number. */ GSS_DLLIMP extern gss_OID GSS_C_SEC_CONTEXT_SASL_SSF; #endif /* GSSAPI_EXT_H_ */ gssapi_generic.h000064400000004251147205044720007706 0ustar00/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ #ifndef _GSSAPI_GENERIC_H_ #define _GSSAPI_GENERIC_H_ /* * $Id$ */ #include #if defined(__cplusplus) && !defined(GSSAPIGENERIC_BEGIN_DECLS) #define GSSAPIGENERIC_BEGIN_DECLS extern "C" { #define GSSAPIGENERIC_END_DECLS } #else #define GSSAPIGENERIC_BEGIN_DECLS #define GSSAPIGENERIC_END_DECLS #endif #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL || \ (buf)->value == NULL || (buf)->length == 0) GSSAPIGENERIC_BEGIN_DECLS /* Deprecated MIT krb5 oid names provided for compatibility. * The correct oids (GSS_C_NT_USER_NAME, etc) from rfc 2744 * are defined in gssapi.h. */ GSS_DLLIMP extern gss_OID gss_nt_user_name; GSS_DLLIMP extern gss_OID gss_nt_machine_uid_name; GSS_DLLIMP extern gss_OID gss_nt_string_uid_name; extern gss_OID gss_nt_service_name_v2; GSS_DLLIMP extern gss_OID gss_nt_service_name; extern gss_OID gss_nt_exported_name; GSSAPIGENERIC_END_DECLS #endif /* _GSSAPI_GENERIC_H_ */ gssapi_krb5.h000064400000027045147205044720007143 0ustar00/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ #ifndef _GSSAPI_KRB5_H_ #define _GSSAPI_KRB5_H_ #include #include #include #include /* C++ friendlyness */ #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ /* Reserved static storage for GSS_oids. See rfc 1964 for more details. */ /* 2.1.1. Kerberos Principal Name Form: */ GSS_DLLIMP extern const gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * krb5(2) krb5_name(1)}. The recommended symbolic name for this type * is "GSS_KRB5_NT_PRINCIPAL_NAME". */ /* 2.1.2. Host-Based Service Name Form */ #define GSS_KRB5_NT_HOSTBASED_SERVICE_NAME GSS_C_NT_HOSTBASED_SERVICE /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) service_name(4)}. The previously recommended symbolic * name for this type is "GSS_KRB5_NT_HOSTBASED_SERVICE_NAME". The * currently preferred symbolic name for this type is * "GSS_C_NT_HOSTBASED_SERVICE". */ /* 2.2.1. User Name Form */ #define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) user_name(1)}. The recommended symbolic name for this * type is "GSS_KRB5_NT_USER_NAME". */ /* 2.2.2. Machine UID Form */ #define GSS_KRB5_NT_MACHINE_UID_NAME GSS_C_NT_MACHINE_UID_NAME /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) machine_uid_name(2)}. The recommended symbolic name for * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". */ /* 2.2.3. String UID Form */ #define GSS_KRB5_NT_STRING_UID_NAME GSS_C_NT_STRING_UID_NAME /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) string_uid_name(3)}. The recommended symbolic name for * this type is "GSS_KRB5_NT_STRING_UID_NAME". */ /* Kerberos Enterprise Name Form (see RFC 6806 section 5): */ GSS_DLLIMP extern const gss_OID GSS_KRB5_NT_ENTERPRISE_NAME; /* {iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * krb5(2) krb5-enterprise-name(6)}. */ GSS_DLLIMP extern const gss_OID gss_mech_krb5; GSS_DLLIMP extern const gss_OID gss_mech_krb5_old; GSS_DLLIMP extern const gss_OID gss_mech_krb5_wrong; GSS_DLLIMP extern const gss_OID gss_mech_iakerb; GSS_DLLIMP extern const gss_OID_set gss_mech_set_krb5; GSS_DLLIMP extern const gss_OID_set gss_mech_set_krb5_old; GSS_DLLIMP extern const gss_OID_set gss_mech_set_krb5_both; GSS_DLLIMP extern const gss_OID gss_nt_krb5_name; GSS_DLLIMP extern const gss_OID gss_nt_krb5_principal; GSS_DLLIMP extern const gss_OID_desc krb5_gss_oid_array[]; /* * This OID can be used with gss_set_cred_option() to suppress the * confidentiality and integrity flags from being asserted in initial context * tokens. * * iso(1) member-body(2) Sweden(752) Stockholm University(43) Heimdal GSS-API * Extensions(13) no_ci_flags(29) */ GSS_DLLIMP extern const gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X; /* * This OID can be used with gss_inquire_cred_by_oid(0 to retrieve the * impersonator name (if any). * * iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * krb5(2) krb5-gssapi-ext(5) get-cred-impersonator(14) */ GSS_DLLIMP extern const gss_OID GSS_KRB5_GET_CRED_IMPERSONATOR; #define gss_krb5_nt_general_name gss_nt_krb5_name #define gss_krb5_nt_principal gss_nt_krb5_principal #define gss_krb5_nt_service_name gss_nt_service_name #define gss_krb5_nt_user_name gss_nt_user_name #define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name #define gss_krb5_nt_string_uid_name gss_nt_string_uid_name typedef struct gss_krb5_lucid_key { OM_uint32 type; /* key encryption type */ OM_uint32 length; /* length of key data */ void * data; /* actual key data */ } gss_krb5_lucid_key_t; typedef struct gss_krb5_rfc1964_keydata { OM_uint32 sign_alg; /* signing algorthm */ OM_uint32 seal_alg; /* seal/encrypt algorithm */ gss_krb5_lucid_key_t ctx_key; /* Context key (Kerberos session key or subkey) */ } gss_krb5_rfc1964_keydata_t; typedef struct gss_krb5_cfx_keydata { OM_uint32 have_acceptor_subkey; /* 1 if there is an acceptor_subkey present, 0 otherwise */ gss_krb5_lucid_key_t ctx_key; /* Context key (Kerberos session key or subkey) */ gss_krb5_lucid_key_t acceptor_subkey; /* acceptor-asserted subkey or 0's if no acceptor subkey */ } gss_krb5_cfx_keydata_t; typedef struct gss_krb5_lucid_context_v1 { OM_uint32 version; /* Structure version number (1) MUST be at beginning of struct! */ OM_uint32 initiate; /* Are we the initiator? */ OM_uint32 endtime; /* expiration time of context */ uint64_t send_seq; /* sender sequence number */ uint64_t recv_seq; /* receive sequence number */ OM_uint32 protocol; /* 0: rfc1964, 1: draft-ietf-krb-wg-gssapi-cfx-07 */ /* * if (protocol == 0) rfc1964_kd should be used * and cfx_kd contents are invalid and should be zero * if (protocol == 1) cfx_kd should be used * and rfc1964_kd contents are invalid and should be zero */ gss_krb5_rfc1964_keydata_t rfc1964_kd; gss_krb5_cfx_keydata_t cfx_kd; } gss_krb5_lucid_context_v1_t; /* * Mask for determining the version of a lucid context structure. Callers * should not require this. */ typedef struct gss_krb5_lucid_context_version { OM_uint32 version; /* Structure version number */ } gss_krb5_lucid_context_version_t; /* Alias for Heimdal compat. */ #define gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *); OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags( OM_uint32 *minor_status, gss_ctx_id_t context_handle, krb5_flags *ticket_flags); /* * Copy krb5 creds from cred_handle into out_ccache, which must already be * initialized. Use gss_store_cred_into() (new in krb5 1.11) instead, if * possible. */ OM_uint32 KRB5_CALLCONV gss_krb5_copy_ccache( OM_uint32 *minor_status, gss_cred_id_t cred_handle, krb5_ccache out_ccache); OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name( OM_uint32 *minor_status, const char *name, const char **out_name); /* * gss_krb5_set_allowable_enctypes * * This function may be called by a context initiator after calling * gss_acquire_cred(), but before calling gss_init_sec_context(), * to restrict the set of enctypes which will be negotiated during * context establishment to those in the provided array. * * 'cred' must be a valid credential handle obtained via * gss_acquire_cred(). It may not be GSS_C_NO_CREDENTIAL. * gss_acquire_cred() may have been called to get a handle to * the default credential. * * The purpose of this function is to limit the keys that may * be exported via gss_krb5_export_lucid_sec_context(); thus it * should limit the enctypes of all keys that will be needed * after the security context has been established. * (i.e. context establishment may use a session key with a * stronger enctype than in the provided array, however a * subkey must be established within the enctype limits * established by this function.) * */ OM_uint32 KRB5_CALLCONV gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, gss_cred_id_t cred, OM_uint32 num_ktypes, krb5_enctype *ktypes); /* * Returns a non-opaque (lucid) version of the internal context * information. * * Note that context_handle must not be used again by the caller * after this call. The GSS implementation is free to release any * resources associated with the original context. It is up to the * GSS implementation whether it returns pointers to existing data, * or copies of the data. The caller should treat the returned * lucid context as read-only. * * The caller must call gss_krb5_free_lucid_context() to free * the context and allocated resources when it is finished with it. * * 'version' is an integer indicating the requested version of the lucid * context. If the implementation does not understand the requested version, * it will return an error. * * For example: * void *return_ctx; * gss_krb5_lucid_context_v1_t *ctx; * OM_uint32 min_stat, maj_stat; * OM_uint32 vers; * gss_ctx_id_t *ctx_handle; * * maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, * ctx_handle, 1, &return_ctx); * // Verify success * ctx = (gss_krb5_lucid_context_v1_t *) return_ctx; */ OM_uint32 KRB5_CALLCONV gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, OM_uint32 version, void **kctx); /* * Frees the allocated storage associated with an * exported struct gss_krb5_lucid_context. */ OM_uint32 KRB5_CALLCONV gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *kctx); OM_uint32 KRB5_CALLCONV gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int ad_type, gss_buffer_t ad_data); OM_uint32 KRB5_CALLCONV gss_krb5_set_cred_rcache(OM_uint32 *minor_status, gss_cred_id_t cred, krb5_rcache rcache); OM_uint32 KRB5_CALLCONV gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, krb5_timestamp *); OM_uint32 KRB5_CALLCONV gss_krb5_import_cred(OM_uint32 *minor_status, krb5_ccache id, krb5_principal keytab_principal, krb5_keytab keytab, gss_cred_id_t *cred); #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* _GSSAPI_KRB5_H_ */ mechglue.h000064400000003164147205044720006517 0ustar00/* #ident "@(#)mechglue.h 1.13 95/08/07 SMI" */ /* * Copyright 1996 by Sun Microsystems, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of Sun Microsystems not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ /* * This header contains the mechglue definitions. */ #ifndef _GSS_MECHGLUE_H #define _GSS_MECHGLUE_H #include /********************************************************/ /* GSSAPI Extension functions -- these functions aren't */ /* in the GSSAPI, but they are provided in this library */ #include void KRB5_CALLCONV gss_initialize(void); #endif /* _GSS_MECHGLUE_H */