1/*
2 * Copyright (C) 2002 Microsoft Corporation
3 * All rights reserved.
4 *
5 * THIS CODE AND INFORMATION IS PROVIDED "AS IS"
6 * WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
7 * OR IMPLIED, INCLUDING BUT NOT LIMITED
8 * TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY
9 * AND/OR FITNESS FOR A PARTICULAR PURPOSE.
10 *
11 * Date    - 10/08/2002
12 * Author  - Sanj Surati
13 */
14
15/*
16 * Copyright 2012 Nexenta Systems, Inc.  All rights reserved.
17 */
18
19/*
20 * spnego.h
21 *
22 * SPNEGO Token Handler Header File
23 *
24 * Contains the definitions required to interpret and create
25 * SPNEGO tokens so that Kerberos GSS tokens can be
26 * Unpackaged/packaged.
27 */
28
29#ifndef _SPNEGO_H
30#define	_SPNEGO_H
31
32#ifdef __cplusplus
33extern "C" {
34#endif
35
36/*
37 * Type Definitions
38 */
39
40/*
41 * Users of SPNEGO Token Handler API will request
42 * these as well as free them,
43 */
44typedef void*  SPNEGO_TOKEN_HANDLE;
45
46/*
47 * Defines the element types that are found
48 * in each of the tokens.
49 */
50
51typedef enum spnego_element_type
52{
53	spnego_element_min,  /* Lower bound */
54
55	/* Init token elements */
56	spnego_init_mechtypes,
57	spnego_init_reqFlags,
58	spnego_init_mechToken,
59	spnego_init_mechListMIC,
60
61	/* Targ token elements */
62	spnego_targ_negResult,
63	spnego_targ_supportedMech,
64	spnego_targ_responseToken,
65	spnego_targ_mechListMIC,
66
67	spnego_element_max   /* Upper bound */
68
69} SPNEGO_ELEMENT_TYPE;
70
71/*
72 * Token Element Availability.  Elements in both
73 * token types are optional.  Since there are only
74 * 4 elements in each Token, we will allocate space
75 * to hold the information, but we need a way to
76 * indicate whether or not an element is available
77 */
78
79#define	SPNEGO_TOKEN_ELEMENT_UNAVAILABLE 0
80#define	SPNEGO_TOKEN_ELEMENT_AVAILABLE 1
81
82/*
83 * Token type values.  SPNEGO has 2 token types:
84 * NegTokenInit and NegTokenTarg
85 */
86
87#define	SPNEGO_TOKEN_INIT 0
88#define	SPNEGO_TOKEN_TARG 1
89
90/*
91 * GSS Mechanism OID enumeration.  We only really handle
92 * 3 different OIDs.  These are stored in an array structure
93 * defined in the parsing code.
94 */
95
96typedef enum spnego_mech_oid
97{
98	/* Init token elements */
99	spnego_mech_oid_Kerberos_V5_Legacy, /* Really V5, but OID off by 1 */
100	spnego_mech_oid_Kerberos_V5,
101	spnego_mech_oid_Spnego,
102	spnego_mech_oid_NTLMSSP,
103	spnego_mech_oid_NotUsed = -1
104
105} SPNEGO_MECH_OID;
106
107/*
108 * Defines the negResult values.
109 */
110
111typedef enum spnego_negResult
112{
113	spnego_negresult_success,
114	spnego_negresult_incomplete,
115	spnego_negresult_rejected,
116	spnego_negresult_NotUsed = -1
117} SPNEGO_NEGRESULT;
118
119/*
120 * Context Flags in NegTokenInit
121 */
122
123/*
124 * ContextFlags values MUST be zero or a combination
125 * of the below
126 */
127
128#define	SPNEGO_NEGINIT_CONTEXT_DELEG_FLAG	0x80
129#define	SPNEGO_NEGINIT_CONTEXT_MUTUAL_FLAG	0x40
130#define	SPNEGO_NEGINIT_CONTEXT_REPLAY_FLAG	0x20
131#define	SPNEGO_NEGINIT_CONTEXT_SEQUENCE_FLAG	0x10
132#define	SPNEGO_NEGINIT_CONTEXT_ANON_FLAG	0x8
133#define	SPNEGO_NEGINIT_CONTEXT_CONF_FLAG	0x4
134#define	SPNEGO_NEGINIT_CONTEXT_INTEG_FLAG	0x2
135
136/*
137 * Mask to retrieve valid values.
138 */
139
140#define	SPNEGO_NEGINIT_CONTEXT_MASK	0xFE
141
142/*
143 * SPNEGO API return codes.
144 */
145
146/* API function was successful */
147#define	SPNEGO_E_SUCCESS		0
148
149/* The supplied Token was invalid */
150#define	SPNEGO_E_INVALID_TOKEN		-1
151
152/* An invalid length was encountered */
153#define	SPNEGO_E_INVALID_LENGTH		-2
154
155/* The Token Parse failed */
156#define	SPNEGO_E_PARSE_FAILED		-3
157
158/* The requested value was not found */
159#define	SPNEGO_E_NOT_FOUND		-4
160
161/* The requested element is not available */
162#define	SPNEGO_E_ELEMENT_UNAVAILABLE	-5
163
164/* Out of Memory */
165#define	SPNEGO_E_OUT_OF_MEMORY		-6
166
167/* Not Implemented */
168#define	SPNEGO_E_NOT_IMPLEMENTED	-7
169
170/* Invalid Parameter */
171#define	SPNEGO_E_INVALID_PARAMETER	-8
172
173/* Token Handler encountered an unexpected OID */
174#define	SPNEGO_E_UNEXPECTED_OID		-9
175
176/* The requested token was not found */
177#define	SPNEGO_E_TOKEN_NOT_FOUND	-10
178
179/* An unexpected type was encountered in the encoding */
180#define	SPNEGO_E_UNEXPECTED_TYPE	-11
181
182/* The buffer was too small */
183#define	SPNEGO_E_BUFFER_TOO_SMALL	-12
184
185/* A Token Element was invalid (e.g. improper length or value) */
186#define	SPNEGO_E_INVALID_ELEMENT	-13
187
188/* Miscelaneous API Functions */
189
190/* Frees opaque data */
191void spnegoFreeData(SPNEGO_TOKEN_HANDLE hSpnegoToken);
192
193/* Initializes SPNEGO_TOKEN structure from DER encoded binary data */
194int spnegoInitFromBinary(unsigned char *pbTokenData, unsigned long ulLength,
195	SPNEGO_TOKEN_HANDLE* phSpnegoToken);
196
197/* Initializes SPNEGO_TOKEN structure for a NegTokenInit type */
198int spnegoCreateNegTokenHint(SPNEGO_MECH_OID *pMechTypeList, int MechTypeCnt,
199	unsigned char *pbPrincipal, SPNEGO_TOKEN_HANDLE* phSpnegoToken);
200
201/* Initializes SPNEGO_TOKEN structure for a NegTokenInit type */
202int spnegoCreateNegTokenInit(SPNEGO_MECH_OID MechType,
203	unsigned char ucContextFlags, unsigned char *pbMechToken,
204	unsigned long ulMechTokenLen, unsigned char *pbMechTokenMIC,
205	unsigned long ulMechTokenMIC, SPNEGO_TOKEN_HANDLE *phSpnegoToken);
206
207/* Initializes SPNEGO_TOKEN structure for a NegTokenTarg type */
208int spnegoCreateNegTokenTarg(SPNEGO_MECH_OID MechType,
209	SPNEGO_NEGRESULT spnegoNegResult, unsigned char *pbMechToken,
210	unsigned long ulMechTokenLen, unsigned char *pbMechListMIC,
211	unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE* phSpnegoToken);
212
213/* Copies binary representation of SPNEGO Data into user supplied buffer */
214int spnegoTokenGetBinary(SPNEGO_TOKEN_HANDLE hSpnegoToken,
215	unsigned char *pbTokenData, unsigned long *pulDataLen);
216
217/* Returns SPNEGO Token Type */
218int spnegoGetTokenType(SPNEGO_TOKEN_HANDLE hSpnegoToken, int *piTokenType);
219
220/* Reading an Init Token */
221
222/* Returns the Initial Mech Type in the MechList element in the NegInitToken. */
223int spnegoIsMechTypeAvailable(SPNEGO_TOKEN_HANDLE hSpnegoToken,
224	SPNEGO_MECH_OID MechOID, int *piMechTypeIndex);
225
226/* Returns the value from the context flags element in the NegInitToken */
227int spnegoGetContextFlags(SPNEGO_TOKEN_HANDLE hSpnegoToken,
228	unsigned char *pucContextFlags);
229
230/* Reading a Response Token */
231
232/*
233 * Returns the value from the negResult element
234 * (Status code of GSS call - 0,1,2)
235 */
236int spnegoGetNegotiationResult(SPNEGO_TOKEN_HANDLE hSpnegoToken,
237	SPNEGO_NEGRESULT* pnegResult);
238
239/* Returns the Supported Mech Type from the NegTokenTarg. */
240int spnegoGetSupportedMechType(SPNEGO_TOKEN_HANDLE hSpnegoToken,
241	SPNEGO_MECH_OID* pMechOID);
242
243/* Reading either Token Type */
244
245/*
246 * Returns the actual Mechanism data from the token
247 * (this is what is passed into GSS-API functions
248 */
249int spnegoGetMechToken(SPNEGO_TOKEN_HANDLE hSpnegoToken,
250	unsigned char *pbTokenData, unsigned long *pulDataLen);
251
252/* Returns the Message Integrity BLOB in the token */
253int spnegoGetMechListMIC(SPNEGO_TOKEN_HANDLE hSpnegoToken,
254	unsigned char *pbMICData, unsigned long *pulDataLen);
255
256#ifdef __cplusplus
257}
258#endif
259
260#endif /* _SPNEGO_H */
261