17c478bd9Sstevel@tonic-gate /* 2*5e01956fSGlenn Barry * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 37c478bd9Sstevel@tonic-gate */ 47c478bd9Sstevel@tonic-gate #ifndef _GSSAPIP_SPNEGO_H_ 57c478bd9Sstevel@tonic-gate #define _GSSAPIP_SPNEGO_H_ 67c478bd9Sstevel@tonic-gate 77c478bd9Sstevel@tonic-gate #ifdef __cplusplus 87c478bd9Sstevel@tonic-gate extern "C" { 97c478bd9Sstevel@tonic-gate #endif 107c478bd9Sstevel@tonic-gate 117c478bd9Sstevel@tonic-gate #include <gssapi/gssapi.h> 12ba7b222eSGlenn Barry #include <gssapi/gssapi_ext.h> 137c478bd9Sstevel@tonic-gate #include <syslog.h> 147c478bd9Sstevel@tonic-gate 157c478bd9Sstevel@tonic-gate #define SEC_CONTEXT_TOKEN 1 167c478bd9Sstevel@tonic-gate #define SPNEGO_SIZE_OF_INT 4 177c478bd9Sstevel@tonic-gate 187c478bd9Sstevel@tonic-gate #define ACCEPT_COMPLETE 0 197c478bd9Sstevel@tonic-gate #define ACCEPT_INCOMPLETE 1 207c478bd9Sstevel@tonic-gate #define REJECT 2 21ba7b222eSGlenn Barry #define REQUEST_MIC 3 22ba7b222eSGlenn Barry #define ACCEPT_DEFECTIVE_TOKEN 0xffffffffUL 237c478bd9Sstevel@tonic-gate 247c478bd9Sstevel@tonic-gate /* 257c478bd9Sstevel@tonic-gate * constants for der encoding/decoding routines. 267c478bd9Sstevel@tonic-gate */ 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate #define MECH_OID 0x06 297c478bd9Sstevel@tonic-gate #define OCTET_STRING 0x04 307c478bd9Sstevel@tonic-gate #define CONTEXT 0xa0 317c478bd9Sstevel@tonic-gate #define SEQUENCE 0x30 327c478bd9Sstevel@tonic-gate #define SEQUENCE_OF 0x30 33ba7b222eSGlenn Barry #define BIT_STRING 0x03 34ba7b222eSGlenn Barry #define BIT_STRING_LENGTH 0x02 35ba7b222eSGlenn Barry #define BIT_STRING_PADDING 0x01 367c478bd9Sstevel@tonic-gate #define ENUMERATED 0x0a 377c478bd9Sstevel@tonic-gate #define ENUMERATION_LENGTH 1 387c478bd9Sstevel@tonic-gate #define HEADER_ID 0x60 39ba7b222eSGlenn Barry #define GENERAL_STRING 0x1b 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate /* 427c478bd9Sstevel@tonic-gate * SPNEGO specific error codes (minor status codes) 437c478bd9Sstevel@tonic-gate */ 447c478bd9Sstevel@tonic-gate #define ERR_SPNEGO_NO_MECHS_AVAILABLE 0x20000001 457c478bd9Sstevel@tonic-gate #define ERR_SPNEGO_NO_CREDS_ACQUIRED 0x20000002 467c478bd9Sstevel@tonic-gate #define ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR 0x20000003 477c478bd9Sstevel@tonic-gate #define ERR_SPNEGO_NEGOTIATION_FAILED 0x20000004 487c478bd9Sstevel@tonic-gate #define ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR 0x20000005 497c478bd9Sstevel@tonic-gate 507c478bd9Sstevel@tonic-gate /* 517c478bd9Sstevel@tonic-gate * send_token_flag is used to indicate in later steps what type 527c478bd9Sstevel@tonic-gate * of token, if any should be sent or processed. 537c478bd9Sstevel@tonic-gate * NO_TOKEN_SEND = no token should be sent 547c478bd9Sstevel@tonic-gate * INIT_TOKEN_SEND = initial token will be sent 557c478bd9Sstevel@tonic-gate * CONT_TOKEN_SEND = continuing tokens to be sent 567c478bd9Sstevel@tonic-gate * CHECK_MIC = no token to be sent, but have a MIC to check. 577c478bd9Sstevel@tonic-gate * ERROR_TOKEN_SEND = error token from peer needs to be sent. 587c478bd9Sstevel@tonic-gate */ 597c478bd9Sstevel@tonic-gate 607c478bd9Sstevel@tonic-gate typedef enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND, 617c478bd9Sstevel@tonic-gate CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag; 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate /* 647c478bd9Sstevel@tonic-gate * The Mech OID: 657c478bd9Sstevel@tonic-gate * { iso(1) org(3) dod(6) internet(1) security(5) 667c478bd9Sstevel@tonic-gate * mechanism(5) spnego(2) } 677c478bd9Sstevel@tonic-gate */ 687c478bd9Sstevel@tonic-gate 697c478bd9Sstevel@tonic-gate #define SPNEGO_OID_LENGTH 6 707c478bd9Sstevel@tonic-gate #define SPNEGO_OID "\053\006\001\005\005\002" 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate typedef void *spnego_token_t; 737c478bd9Sstevel@tonic-gate 74ba7b222eSGlenn Barry /* spnego name structure for internal representation. */ 75ba7b222eSGlenn Barry typedef struct { 76ba7b222eSGlenn Barry gss_OID type; 77ba7b222eSGlenn Barry gss_buffer_t buffer; 78ba7b222eSGlenn Barry gss_OID mech_type; 79ba7b222eSGlenn Barry gss_name_t mech_name; 80ba7b222eSGlenn Barry } spnego_name_desc, *spnego_name_t; 81ba7b222eSGlenn Barry 827c478bd9Sstevel@tonic-gate /* Structure for context handle */ 837c478bd9Sstevel@tonic-gate typedef struct { 84ba7b222eSGlenn Barry OM_uint32 magic_num; 857c478bd9Sstevel@tonic-gate gss_buffer_desc DER_mechTypes; 867c478bd9Sstevel@tonic-gate gss_OID internal_mech; 877c478bd9Sstevel@tonic-gate gss_ctx_id_t ctx_handle; 887c478bd9Sstevel@tonic-gate char *optionStr; 89ba7b222eSGlenn Barry gss_cred_id_t default_cred; 90ba7b222eSGlenn Barry int mic_reqd; 91ba7b222eSGlenn Barry int mic_sent; 92ba7b222eSGlenn Barry int mic_rcvd; 93ba7b222eSGlenn Barry int firstpass; 94ba7b222eSGlenn Barry int mech_complete; 95ba7b222eSGlenn Barry int nego_done; 96ba7b222eSGlenn Barry OM_uint32 ctx_flags; 97ba7b222eSGlenn Barry gss_name_t internal_name; 98ba7b222eSGlenn Barry gss_OID actual_mech; 99*5e01956fSGlenn Barry struct errinfo err; 1007c478bd9Sstevel@tonic-gate } spnego_gss_ctx_id_rec, *spnego_gss_ctx_id_t; 1017c478bd9Sstevel@tonic-gate 102ba7b222eSGlenn Barry /* 103ba7b222eSGlenn Barry * The magic number must be less than a standard pagesize 104ba7b222eSGlenn Barry * to avoid a possible collision with a real address. 105ba7b222eSGlenn Barry */ 106ba7b222eSGlenn Barry #define SPNEGO_MAGIC_ID 0x00000fed 1077c478bd9Sstevel@tonic-gate 108ba7b222eSGlenn Barry /* SPNEGO oid declarations */ 109ba7b222eSGlenn Barry extern const gss_OID_desc * const gss_mech_spnego; 110ba7b222eSGlenn Barry extern const gss_OID_set_desc * const gss_mech_set_spnego; 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate 1137c478bd9Sstevel@tonic-gate #ifdef DEBUG 1147c478bd9Sstevel@tonic-gate #define dsyslog(a) syslog(LOG_DEBUG, a) 1157c478bd9Sstevel@tonic-gate #else 1167c478bd9Sstevel@tonic-gate #define dsyslog(a) 1177c478bd9Sstevel@tonic-gate #define SPNEGO_STATIC 1187c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate /* 1217c478bd9Sstevel@tonic-gate * declarations of internal name mechanism functions 1227c478bd9Sstevel@tonic-gate */ 1237c478bd9Sstevel@tonic-gate 1247c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_acquire_cred 1257c478bd9Sstevel@tonic-gate ( 126ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 127ba7b222eSGlenn Barry gss_name_t, /* desired_name */ 128ba7b222eSGlenn Barry OM_uint32, /* time_req */ 129ba7b222eSGlenn Barry gss_OID_set, /* desired_mechs */ 130ba7b222eSGlenn Barry gss_cred_usage_t, /* cred_usage */ 131ba7b222eSGlenn Barry gss_cred_id_t *, /* output_cred_handle */ 132ba7b222eSGlenn Barry gss_OID_set *, /* actual_mechs */ 133ba7b222eSGlenn Barry OM_uint32 * /* time_rec */ 134ba7b222eSGlenn Barry ); 135ba7b222eSGlenn Barry 136ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_acquire_cred 137ba7b222eSGlenn Barry ( 138ba7b222eSGlenn Barry void *, 1397c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 1407c478bd9Sstevel@tonic-gate gss_name_t, /* desired_name */ 1417c478bd9Sstevel@tonic-gate OM_uint32, /* time_req */ 1427c478bd9Sstevel@tonic-gate gss_OID_set, /* desired_mechs */ 1437c478bd9Sstevel@tonic-gate gss_cred_usage_t, /* cred_usage */ 1447c478bd9Sstevel@tonic-gate gss_cred_id_t *, /* output_cred_handle */ 1457c478bd9Sstevel@tonic-gate gss_OID_set *, /* actual_mechs */ 1467c478bd9Sstevel@tonic-gate OM_uint32 * /* time_rec */ 1477c478bd9Sstevel@tonic-gate ); 1487c478bd9Sstevel@tonic-gate 1497c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_release_cred 1507c478bd9Sstevel@tonic-gate ( 151ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 152ba7b222eSGlenn Barry /* CSTYLED */ 153ba7b222eSGlenn Barry gss_cred_id_t * /* cred_handle */ 154ba7b222eSGlenn Barry ); 155ba7b222eSGlenn Barry 156ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_release_cred 157ba7b222eSGlenn Barry ( 158ba7b222eSGlenn Barry void *, 1597c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 1607c478bd9Sstevel@tonic-gate /* CSTYLED */ 1617c478bd9Sstevel@tonic-gate gss_cred_id_t * /* cred_handle */ 1627c478bd9Sstevel@tonic-gate ); 1637c478bd9Sstevel@tonic-gate 1647c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_init_sec_context 1657c478bd9Sstevel@tonic-gate ( 1667c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 1677c478bd9Sstevel@tonic-gate gss_cred_id_t, /* claimant_cred_handle */ 1687c478bd9Sstevel@tonic-gate gss_ctx_id_t *, /* context_handle */ 1697c478bd9Sstevel@tonic-gate gss_name_t, /* target_name */ 1707c478bd9Sstevel@tonic-gate gss_OID, /* mech_type */ 1717c478bd9Sstevel@tonic-gate OM_uint32, /* req_flags */ 1727c478bd9Sstevel@tonic-gate OM_uint32, /* time_req */ 1737c478bd9Sstevel@tonic-gate gss_channel_bindings_t, /* input_chan_bindings */ 1747c478bd9Sstevel@tonic-gate gss_buffer_t, /* input_token */ 1757c478bd9Sstevel@tonic-gate gss_OID *, /* actual_mech_type */ 1767c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_token */ 1777c478bd9Sstevel@tonic-gate OM_uint32 *, /* ret_flags */ 1787c478bd9Sstevel@tonic-gate OM_uint32 * /* time_rec */ 1797c478bd9Sstevel@tonic-gate ); 1807c478bd9Sstevel@tonic-gate 181ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_init_sec_context 182ba7b222eSGlenn Barry ( 183ba7b222eSGlenn Barry void *, 184ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 185ba7b222eSGlenn Barry gss_cred_id_t, /* claimant_cred_handle */ 186ba7b222eSGlenn Barry gss_ctx_id_t *, /* context_handle */ 187ba7b222eSGlenn Barry gss_name_t, /* target_name */ 188ba7b222eSGlenn Barry gss_OID, /* mech_type */ 189ba7b222eSGlenn Barry OM_uint32, /* req_flags */ 190ba7b222eSGlenn Barry OM_uint32, /* time_req */ 191ba7b222eSGlenn Barry gss_channel_bindings_t, /* input_chan_bindings */ 192ba7b222eSGlenn Barry gss_buffer_t, /* input_token */ 193ba7b222eSGlenn Barry gss_OID *, /* actual_mech_type */ 194ba7b222eSGlenn Barry gss_buffer_t, /* output_token */ 195ba7b222eSGlenn Barry OM_uint32 *, /* ret_flags */ 196ba7b222eSGlenn Barry OM_uint32 * /* time_rec */ 197ba7b222eSGlenn Barry ); 198ba7b222eSGlenn Barry 199ba7b222eSGlenn Barry #ifndef LEAN_CLIENT 2007c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_accept_sec_context 2017c478bd9Sstevel@tonic-gate ( 202ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 203ba7b222eSGlenn Barry gss_ctx_id_t *, /* context_handle */ 204ba7b222eSGlenn Barry gss_cred_id_t, /* verifier_cred_handle */ 205ba7b222eSGlenn Barry gss_buffer_t, /* input_token_buffer */ 206ba7b222eSGlenn Barry gss_channel_bindings_t, /* input_chan_bindings */ 207ba7b222eSGlenn Barry gss_name_t *, /* src_name */ 208ba7b222eSGlenn Barry gss_OID *, /* mech_type */ 209ba7b222eSGlenn Barry gss_buffer_t, /* output_token */ 210ba7b222eSGlenn Barry OM_uint32 *, /* ret_flags */ 211ba7b222eSGlenn Barry OM_uint32 *, /* time_rec */ 212ba7b222eSGlenn Barry /* CSTYLED */ 213ba7b222eSGlenn Barry gss_cred_id_t * /* delegated_cred_handle */ 214ba7b222eSGlenn Barry ); 215ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_accept_sec_context 216ba7b222eSGlenn Barry ( 217ba7b222eSGlenn Barry void *, 2187c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2197c478bd9Sstevel@tonic-gate gss_ctx_id_t *, /* context_handle */ 2207c478bd9Sstevel@tonic-gate gss_cred_id_t, /* verifier_cred_handle */ 2217c478bd9Sstevel@tonic-gate gss_buffer_t, /* input_token_buffer */ 2227c478bd9Sstevel@tonic-gate gss_channel_bindings_t, /* input_chan_bindings */ 2237c478bd9Sstevel@tonic-gate gss_name_t *, /* src_name */ 2247c478bd9Sstevel@tonic-gate gss_OID *, /* mech_type */ 2257c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_token */ 2267c478bd9Sstevel@tonic-gate OM_uint32 *, /* ret_flags */ 2277c478bd9Sstevel@tonic-gate OM_uint32 *, /* time_rec */ 2287c478bd9Sstevel@tonic-gate /* CSTYLED */ 2297c478bd9Sstevel@tonic-gate gss_cred_id_t * /* delegated_cred_handle */ 2307c478bd9Sstevel@tonic-gate ); 2317c478bd9Sstevel@tonic-gate 232ba7b222eSGlenn Barry #endif /* LEAN_CLIENT */ 233ba7b222eSGlenn Barry 234ba7b222eSGlenn Barry OM_uint32 spnego_gss_compare_name 235ba7b222eSGlenn Barry ( 236ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 237ba7b222eSGlenn Barry const gss_name_t, /* name1 */ 238ba7b222eSGlenn Barry const gss_name_t, /* name2 */ 239ba7b222eSGlenn Barry int * /* name_equal */ 240ba7b222eSGlenn Barry ); 241ba7b222eSGlenn Barry 242ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_compare_name 243ba7b222eSGlenn Barry ( 244ba7b222eSGlenn Barry void *, 245ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 246ba7b222eSGlenn Barry const gss_name_t, /* name1 */ 247ba7b222eSGlenn Barry const gss_name_t, /* name2 */ 248ba7b222eSGlenn Barry int * /* name_equal */ 249ba7b222eSGlenn Barry ); 250ba7b222eSGlenn Barry 2517c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_display_name 252ba7b222eSGlenn Barry ( 253ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 254ba7b222eSGlenn Barry gss_name_t, /* input_name */ 255ba7b222eSGlenn Barry gss_buffer_t, /* output_name_buffer */ 256ba7b222eSGlenn Barry gss_OID * /* output_name_type */ 257ba7b222eSGlenn Barry ); 258ba7b222eSGlenn Barry 259ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_display_name 2607c478bd9Sstevel@tonic-gate ( 2617c478bd9Sstevel@tonic-gate void *, 2627c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2637c478bd9Sstevel@tonic-gate gss_name_t, /* input_name */ 2647c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_name_buffer */ 2657c478bd9Sstevel@tonic-gate gss_OID * /* output_name_type */ 2667c478bd9Sstevel@tonic-gate ); 2677c478bd9Sstevel@tonic-gate 2687c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_display_status 2697c478bd9Sstevel@tonic-gate ( 270ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 271ba7b222eSGlenn Barry OM_uint32, /* status_value */ 272ba7b222eSGlenn Barry int, /* status_type */ 273ba7b222eSGlenn Barry gss_OID, /* mech_type */ 274ba7b222eSGlenn Barry OM_uint32 *, /* message_context */ 275ba7b222eSGlenn Barry gss_buffer_t /* status_string */ 276ba7b222eSGlenn Barry ); 277ba7b222eSGlenn Barry 278*5e01956fSGlenn Barry OM_uint32 spnego_gss_display_status2 279*5e01956fSGlenn Barry ( 280*5e01956fSGlenn Barry OM_uint32 *, /* minor_status */ 281*5e01956fSGlenn Barry OM_uint32, /* status_value */ 282*5e01956fSGlenn Barry int, /* status_type */ 283*5e01956fSGlenn Barry gss_OID, /* mech_type */ 284*5e01956fSGlenn Barry OM_uint32 *, /* message_context */ 285*5e01956fSGlenn Barry gss_buffer_t /* status_string */ 286*5e01956fSGlenn Barry ); 287*5e01956fSGlenn Barry 288ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_display_status 289ba7b222eSGlenn Barry ( 290ba7b222eSGlenn Barry void *, 2917c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2927c478bd9Sstevel@tonic-gate OM_uint32, /* status_value */ 2937c478bd9Sstevel@tonic-gate int, /* status_type */ 2947c478bd9Sstevel@tonic-gate gss_OID, /* mech_type */ 2957c478bd9Sstevel@tonic-gate OM_uint32 *, /* message_context */ 2967c478bd9Sstevel@tonic-gate gss_buffer_t /* status_string */ 2977c478bd9Sstevel@tonic-gate ); 2987c478bd9Sstevel@tonic-gate 2997c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_import_name 3007c478bd9Sstevel@tonic-gate ( 3017c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3027c478bd9Sstevel@tonic-gate gss_buffer_t, /* input_name_buffer */ 3037c478bd9Sstevel@tonic-gate gss_OID, /* input_name_type */ 3047c478bd9Sstevel@tonic-gate /* CSTYLED */ 3057c478bd9Sstevel@tonic-gate gss_name_t * /* output_name */ 3067c478bd9Sstevel@tonic-gate ); 3077c478bd9Sstevel@tonic-gate 308ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_import_name 309ba7b222eSGlenn Barry ( 310ba7b222eSGlenn Barry void *, 311ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 312ba7b222eSGlenn Barry gss_buffer_t, /* input_name_buffer */ 313ba7b222eSGlenn Barry gss_OID, /* input_name_type */ 314ba7b222eSGlenn Barry /* CSTYLED */ 315ba7b222eSGlenn Barry gss_name_t * /* output_name */ 316ba7b222eSGlenn Barry ); 3177c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_release_name 3187c478bd9Sstevel@tonic-gate ( 319ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 320ba7b222eSGlenn Barry /* CSTYLED */ 321ba7b222eSGlenn Barry gss_name_t * /* input_name */ 322ba7b222eSGlenn Barry ); 323ba7b222eSGlenn Barry 324ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_release_name 325ba7b222eSGlenn Barry ( 326ba7b222eSGlenn Barry void *, 327ba7b222eSGlenn Barry 3287c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3297c478bd9Sstevel@tonic-gate /* CSTYLED */ 3307c478bd9Sstevel@tonic-gate gss_name_t * /* input_name */ 3317c478bd9Sstevel@tonic-gate ); 3327c478bd9Sstevel@tonic-gate 3337c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_inquire_names_for_mech 3347c478bd9Sstevel@tonic-gate ( 3357c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3367c478bd9Sstevel@tonic-gate gss_OID, /* mechanism */ 3377c478bd9Sstevel@tonic-gate gss_OID_set * /* name_types */ 3387c478bd9Sstevel@tonic-gate ); 3397c478bd9Sstevel@tonic-gate 340ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_inquire_names_for_mech 341ba7b222eSGlenn Barry ( 342ba7b222eSGlenn Barry void *, 343ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 344ba7b222eSGlenn Barry gss_OID, /* mechanism */ 345ba7b222eSGlenn Barry gss_OID_set * /* name_types */ 346ba7b222eSGlenn Barry ); 347ba7b222eSGlenn Barry 348ba7b222eSGlenn Barry OM_uint32 spnego_gss_unwrap 3497c478bd9Sstevel@tonic-gate ( 3507c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 3517c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle, 3527c478bd9Sstevel@tonic-gate gss_buffer_t input_message_buffer, 3537c478bd9Sstevel@tonic-gate gss_buffer_t output_message_buffer, 3547c478bd9Sstevel@tonic-gate int *conf_state, 355ba7b222eSGlenn Barry gss_qop_t *qop_state 3567c478bd9Sstevel@tonic-gate ); 3577c478bd9Sstevel@tonic-gate 358ba7b222eSGlenn Barry OM_uint32 spnego_gss_wrap 3597c478bd9Sstevel@tonic-gate ( 3607c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 3617c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle, 3627c478bd9Sstevel@tonic-gate int conf_req_flag, 363ba7b222eSGlenn Barry gss_qop_t qop_req, 3647c478bd9Sstevel@tonic-gate gss_buffer_t input_message_buffer, 3657c478bd9Sstevel@tonic-gate int *conf_state, 3667c478bd9Sstevel@tonic-gate gss_buffer_t output_message_buffer 3677c478bd9Sstevel@tonic-gate ); 3687c478bd9Sstevel@tonic-gate 3697c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_process_context_token 3707c478bd9Sstevel@tonic-gate ( 3717c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 3727c478bd9Sstevel@tonic-gate const gss_ctx_id_t context_handle, 3737c478bd9Sstevel@tonic-gate const gss_buffer_t token_buffer 3747c478bd9Sstevel@tonic-gate ); 3757c478bd9Sstevel@tonic-gate 3767c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_delete_sec_context 3777c478bd9Sstevel@tonic-gate ( 378ba7b222eSGlenn Barry OM_uint32 *minor_status, 379ba7b222eSGlenn Barry gss_ctx_id_t *context_handle, 380ba7b222eSGlenn Barry gss_buffer_t output_token 381ba7b222eSGlenn Barry ); 382ba7b222eSGlenn Barry 383ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_delete_sec_context 384ba7b222eSGlenn Barry ( 385ba7b222eSGlenn Barry void *, 386ba7b222eSGlenn Barry 3877c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 3887c478bd9Sstevel@tonic-gate gss_ctx_id_t *context_handle, 3897c478bd9Sstevel@tonic-gate gss_buffer_t output_token 3907c478bd9Sstevel@tonic-gate ); 3917c478bd9Sstevel@tonic-gate 3927c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_context_time 3937c478bd9Sstevel@tonic-gate ( 394ba7b222eSGlenn Barry OM_uint32 *minor_status, 395ba7b222eSGlenn Barry const gss_ctx_id_t context_handle, 396ba7b222eSGlenn Barry OM_uint32 *time_rec 397ba7b222eSGlenn Barry ); 398ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_context_time 399ba7b222eSGlenn Barry ( 400ba7b222eSGlenn Barry void *, 4017c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 4027c478bd9Sstevel@tonic-gate const gss_ctx_id_t context_handle, 4037c478bd9Sstevel@tonic-gate OM_uint32 *time_rec 4047c478bd9Sstevel@tonic-gate ); 4057c478bd9Sstevel@tonic-gate 406ba7b222eSGlenn Barry #ifndef LEAN_CLIENT 4077c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_export_sec_context 4087c478bd9Sstevel@tonic-gate ( 409ba7b222eSGlenn Barry OM_uint32 *minor_status, 410ba7b222eSGlenn Barry gss_ctx_id_t *context_handle, 411ba7b222eSGlenn Barry gss_buffer_t interprocess_token 412ba7b222eSGlenn Barry ); 413ba7b222eSGlenn Barry 414ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_export_sec_context 415ba7b222eSGlenn Barry ( 416ba7b222eSGlenn Barry void *, 4177c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 4187c478bd9Sstevel@tonic-gate gss_ctx_id_t *context_handle, 4197c478bd9Sstevel@tonic-gate gss_buffer_t interprocess_token 4207c478bd9Sstevel@tonic-gate ); 4217c478bd9Sstevel@tonic-gate 4227c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_import_sec_context 4237c478bd9Sstevel@tonic-gate ( 4247c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 4257c478bd9Sstevel@tonic-gate const gss_buffer_t interprocess_token, 4267c478bd9Sstevel@tonic-gate gss_ctx_id_t *context_handle 4277c478bd9Sstevel@tonic-gate ); 428ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_import_sec_context 429ba7b222eSGlenn Barry ( 430ba7b222eSGlenn Barry void *, 431ba7b222eSGlenn Barry OM_uint32 *minor_status, 432ba7b222eSGlenn Barry const gss_buffer_t interprocess_token, 433ba7b222eSGlenn Barry gss_ctx_id_t *context_handle 434ba7b222eSGlenn Barry ); 435ba7b222eSGlenn Barry #endif /* LEAN_CLIENT */ 436ba7b222eSGlenn Barry 437ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_inquire_context 438ba7b222eSGlenn Barry ( 439ba7b222eSGlenn Barry void *, 440ba7b222eSGlenn Barry OM_uint32 *minor_status, 441ba7b222eSGlenn Barry const gss_ctx_id_t context_handle, 442ba7b222eSGlenn Barry gss_name_t *src_name, 443ba7b222eSGlenn Barry gss_name_t *targ_name, 444ba7b222eSGlenn Barry OM_uint32 *lifetime_rec, 445ba7b222eSGlenn Barry gss_OID *mech_type, 446ba7b222eSGlenn Barry OM_uint32 *ctx_flags, 447ba7b222eSGlenn Barry int *locally_initiated, 448ba7b222eSGlenn Barry int *opened 449ba7b222eSGlenn Barry ); 4507c478bd9Sstevel@tonic-gate 4517c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_inquire_context 4527c478bd9Sstevel@tonic-gate ( 4537c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 4547c478bd9Sstevel@tonic-gate const gss_ctx_id_t context_handle, 4557c478bd9Sstevel@tonic-gate gss_name_t *src_name, 4567c478bd9Sstevel@tonic-gate gss_name_t *targ_name, 4577c478bd9Sstevel@tonic-gate OM_uint32 *lifetime_rec, 4587c478bd9Sstevel@tonic-gate gss_OID *mech_type, 4597c478bd9Sstevel@tonic-gate OM_uint32 *ctx_flags, 4607c478bd9Sstevel@tonic-gate int *locally_initiated, 461ba7b222eSGlenn Barry int *opened 4627c478bd9Sstevel@tonic-gate ); 4637c478bd9Sstevel@tonic-gate 4647c478bd9Sstevel@tonic-gate OM_uint32 spnego_gss_wrap_size_limit 4657c478bd9Sstevel@tonic-gate ( 4667c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 4677c478bd9Sstevel@tonic-gate const gss_ctx_id_t context_handle, 4687c478bd9Sstevel@tonic-gate int conf_req_flag, 4697c478bd9Sstevel@tonic-gate gss_qop_t qop_req, 4707c478bd9Sstevel@tonic-gate OM_uint32 req_output_size, 4717c478bd9Sstevel@tonic-gate OM_uint32 *max_input_size 4727c478bd9Sstevel@tonic-gate ); 4737c478bd9Sstevel@tonic-gate 474ba7b222eSGlenn Barry OM_uint32 glue_spnego_gss_wrap_size_limit 475ba7b222eSGlenn Barry ( 476ba7b222eSGlenn Barry void *, 477ba7b222eSGlenn Barry OM_uint32 *minor_status, 478ba7b222eSGlenn Barry const gss_ctx_id_t context_handle, 479ba7b222eSGlenn Barry int conf_req_flag, 480ba7b222eSGlenn Barry gss_qop_t qop_req, 481ba7b222eSGlenn Barry OM_uint32 req_output_size, 482ba7b222eSGlenn Barry OM_uint32 *max_input_size 483ba7b222eSGlenn Barry ); 484ba7b222eSGlenn Barry 485ba7b222eSGlenn Barry OM_uint32 spnego_gss_get_mic 4867c478bd9Sstevel@tonic-gate ( 4877c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 4887c478bd9Sstevel@tonic-gate const gss_ctx_id_t context_handle, 489ba7b222eSGlenn Barry gss_qop_t qop_req, 4907c478bd9Sstevel@tonic-gate const gss_buffer_t message_buffer, 4917c478bd9Sstevel@tonic-gate gss_buffer_t message_token 4927c478bd9Sstevel@tonic-gate ); 4937c478bd9Sstevel@tonic-gate 494ba7b222eSGlenn Barry OM_uint32 spnego_gss_verify_mic 4957c478bd9Sstevel@tonic-gate ( 4967c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 4977c478bd9Sstevel@tonic-gate const gss_ctx_id_t context_handle, 4987c478bd9Sstevel@tonic-gate const gss_buffer_t msg_buffer, 4997c478bd9Sstevel@tonic-gate const gss_buffer_t token_buffer, 500ba7b222eSGlenn Barry gss_qop_t *qop_state 5017c478bd9Sstevel@tonic-gate ); 5027c478bd9Sstevel@tonic-gate 503ba7b222eSGlenn Barry OM_uint32 504ba7b222eSGlenn Barry spnego_gss_inquire_sec_context_by_oid 505354d1447Swyllys ( 506354d1447Swyllys OM_uint32 *minor_status, 507ba7b222eSGlenn Barry const gss_ctx_id_t context_handle, 508ba7b222eSGlenn Barry const gss_OID desired_object, 509ba7b222eSGlenn Barry gss_buffer_set_t *data_set 510ba7b222eSGlenn Barry ); 511ba7b222eSGlenn Barry 512ba7b222eSGlenn Barry 513ba7b222eSGlenn Barry #if 0 /* SUNW17PACresync - will be needed for full MIT 1.7 resync */ 514ba7b222eSGlenn Barry OM_uint32 spnego_gss_wrap_aead 515ba7b222eSGlenn Barry ( 516ba7b222eSGlenn Barry OM_uint32 *minor_status, 517ba7b222eSGlenn Barry gss_ctx_id_t context_handle, 518ba7b222eSGlenn Barry int conf_req_flag, 519ba7b222eSGlenn Barry gss_qop_t qop_req, 520ba7b222eSGlenn Barry gss_buffer_t input_assoc_buffer, 521ba7b222eSGlenn Barry gss_buffer_t input_payload_buffer, 522ba7b222eSGlenn Barry int *conf_state, 523ba7b222eSGlenn Barry gss_buffer_t output_message_buffer 524ba7b222eSGlenn Barry ); 525ba7b222eSGlenn Barry 526ba7b222eSGlenn Barry OM_uint32 spnego_gss_unwrap_aead 527ba7b222eSGlenn Barry ( 528ba7b222eSGlenn Barry OM_uint32 *minor_status, 529ba7b222eSGlenn Barry gss_ctx_id_t context_handle, 530ba7b222eSGlenn Barry gss_buffer_t input_message_buffer, 531ba7b222eSGlenn Barry gss_buffer_t input_assoc_buffer, 532ba7b222eSGlenn Barry gss_buffer_t output_payload_buffer, 533ba7b222eSGlenn Barry int *conf_state, 534ba7b222eSGlenn Barry gss_qop_t *qop_state 535354d1447Swyllys ); 536354d1447Swyllys 537ba7b222eSGlenn Barry OM_uint32 spnego_gss_wrap_iov 538ba7b222eSGlenn Barry ( 539ba7b222eSGlenn Barry OM_uint32 *minor_status, 540ba7b222eSGlenn Barry gss_ctx_id_t context_handle, 541ba7b222eSGlenn Barry int conf_req_flag, 542ba7b222eSGlenn Barry gss_qop_t qop_req, 543ba7b222eSGlenn Barry int *conf_state, 544ba7b222eSGlenn Barry gss_iov_buffer_desc *iov, 545ba7b222eSGlenn Barry int iov_count 546ba7b222eSGlenn Barry ); 547ba7b222eSGlenn Barry 548ba7b222eSGlenn Barry OM_uint32 spnego_gss_unwrap_iov 549ba7b222eSGlenn Barry ( 550ba7b222eSGlenn Barry OM_uint32 *minor_status, 551ba7b222eSGlenn Barry gss_ctx_id_t context_handle, 552ba7b222eSGlenn Barry int *conf_state, 553ba7b222eSGlenn Barry gss_qop_t *qop_state, 554ba7b222eSGlenn Barry gss_iov_buffer_desc *iov, 555ba7b222eSGlenn Barry int iov_count 556ba7b222eSGlenn Barry ); 557ba7b222eSGlenn Barry 558ba7b222eSGlenn Barry OM_uint32 spnego_gss_wrap_iov_length 559ba7b222eSGlenn Barry ( 560ba7b222eSGlenn Barry OM_uint32 *minor_status, 561ba7b222eSGlenn Barry gss_ctx_id_t context_handle, 562ba7b222eSGlenn Barry int conf_req_flag, 563ba7b222eSGlenn Barry gss_qop_t qop_req, 564ba7b222eSGlenn Barry int *conf_state, 565ba7b222eSGlenn Barry gss_iov_buffer_desc *iov, 566ba7b222eSGlenn Barry int iov_count 567ba7b222eSGlenn Barry ); 568ba7b222eSGlenn Barry 569ba7b222eSGlenn Barry OM_uint32 570ba7b222eSGlenn Barry spnego_gss_complete_auth_token 571ba7b222eSGlenn Barry ( 572ba7b222eSGlenn Barry OM_uint32 *minor_status, 573ba7b222eSGlenn Barry const gss_ctx_id_t context_handle, 574ba7b222eSGlenn Barry gss_buffer_t input_message_buffer 575ba7b222eSGlenn Barry ); 576ba7b222eSGlenn Barry #endif /* 0 */ 577354d1447Swyllys 578*5e01956fSGlenn Barry /* 579*5e01956fSGlenn Barry * Solaris SPNEGO 580*5e01956fSGlenn Barry * Cloned the krb5_*_error_message and krb5_gss_*_error_info APIs 581*5e01956fSGlenn Barry * to give similar functionality to SPNEGO mech. 582*5e01956fSGlenn Barry * See new files in this dir: 583*5e01956fSGlenn Barry * spnego_disp_status.c 584*5e01956fSGlenn Barry * spnego_kerrs.c 585*5e01956fSGlenn Barry * error_map.h 586*5e01956fSGlenn Barry */ 587*5e01956fSGlenn Barry typedef int spnego_error_code; 588*5e01956fSGlenn Barry void spnego_set_error_message (spnego_gss_ctx_id_t, spnego_error_code, const char *, ...); 589*5e01956fSGlenn Barry const char * spnego_get_error_message (spnego_gss_ctx_id_t, spnego_error_code); 590*5e01956fSGlenn Barry void spnego_free_error_message (spnego_gss_ctx_id_t, const char *); 591*5e01956fSGlenn Barry void spnego_clear_error_message (spnego_gss_ctx_id_t); 592*5e01956fSGlenn Barry 593*5e01956fSGlenn Barry void spnego_gss_save_error_info(OM_uint32 minor_code, spnego_gss_ctx_id_t ctx); 594*5e01956fSGlenn Barry char *spnego_gss_get_error_message(OM_uint32 minor_code); 595*5e01956fSGlenn Barry void spnego_gss_delete_error_info(void *p); 596*5e01956fSGlenn Barry 597*5e01956fSGlenn Barry OM_uint32 krb5_gss_display_status2(); 5987c478bd9Sstevel@tonic-gate #ifdef __cplusplus 5997c478bd9Sstevel@tonic-gate } 6007c478bd9Sstevel@tonic-gate #endif 6017c478bd9Sstevel@tonic-gate 6027c478bd9Sstevel@tonic-gate #endif /* _GSSAPIP_SPNEGO_H_ */ 603