17c478bd9Sstevel@tonic-gate /* 25e01956fSGlenn Barry * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 37c478bd9Sstevel@tonic-gate */ 47c478bd9Sstevel@tonic-gate /* 57c478bd9Sstevel@tonic-gate * Copyright 2000 by the Massachusetts Institute of Technology. 67c478bd9Sstevel@tonic-gate * All Rights Reserved. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 97c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 107c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 117c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 12*55fea89dSDan Cross * 137c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 147c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 157c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 167c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 177c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 187c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 197c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 207c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 217c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 227c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 237c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 247c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 257c478bd9Sstevel@tonic-gate * or implied warranty. 26*55fea89dSDan Cross * 277c478bd9Sstevel@tonic-gate */ 287c478bd9Sstevel@tonic-gate /* 297c478bd9Sstevel@tonic-gate * Copyright 1993 by OpenVision Technologies, Inc. 30*55fea89dSDan Cross * 317c478bd9Sstevel@tonic-gate * Permission to use, copy, modify, distribute, and sell this software 327c478bd9Sstevel@tonic-gate * and its documentation for any purpose is hereby granted without fee, 337c478bd9Sstevel@tonic-gate * provided that the above copyright notice appears in all copies and 347c478bd9Sstevel@tonic-gate * that both that copyright notice and this permission notice appear in 357c478bd9Sstevel@tonic-gate * supporting documentation, and that the name of OpenVision not be used 367c478bd9Sstevel@tonic-gate * in advertising or publicity pertaining to distribution of the software 377c478bd9Sstevel@tonic-gate * without specific, written prior permission. OpenVision makes no 387c478bd9Sstevel@tonic-gate * representations about the suitability of this software for any 397c478bd9Sstevel@tonic-gate * purpose. It is provided "as is" without express or implied warranty. 40*55fea89dSDan Cross * 417c478bd9Sstevel@tonic-gate * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 427c478bd9Sstevel@tonic-gate * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 437c478bd9Sstevel@tonic-gate * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 447c478bd9Sstevel@tonic-gate * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 457c478bd9Sstevel@tonic-gate * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 467c478bd9Sstevel@tonic-gate * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 477c478bd9Sstevel@tonic-gate * PERFORMANCE OF THIS SOFTWARE. 487c478bd9Sstevel@tonic-gate */ 497c478bd9Sstevel@tonic-gate 50ab9b2e15Sgtb #ifndef _GSSAPIP_KRB5_H_ 51ab9b2e15Sgtb #define _GSSAPIP_KRB5_H_ 527c478bd9Sstevel@tonic-gate 53ab9b2e15Sgtb #include <k5-int.h> 547c478bd9Sstevel@tonic-gate 55ab9b2e15Sgtb #ifdef HAVE_MEMORY_H 567c478bd9Sstevel@tonic-gate #include <memory.h> 577c478bd9Sstevel@tonic-gate #endif 587c478bd9Sstevel@tonic-gate 59ab9b2e15Sgtb /* work around sunos braindamage */ 60ab9b2e15Sgtb #ifdef major 61ab9b2e15Sgtb #undef major 627c478bd9Sstevel@tonic-gate #endif 63ab9b2e15Sgtb #ifdef minor 64ab9b2e15Sgtb #undef minor 657c478bd9Sstevel@tonic-gate #endif 667c478bd9Sstevel@tonic-gate 677c478bd9Sstevel@tonic-gate #include "gssapiP_generic.h" 687c478bd9Sstevel@tonic-gate 697c478bd9Sstevel@tonic-gate /* The include of gssapi_krb5.h will dtrt with the above #defines in 707c478bd9Sstevel@tonic-gate * effect. 717c478bd9Sstevel@tonic-gate */ 72ab9b2e15Sgtb #include "gssapi_krb5.h" 73ab9b2e15Sgtb #include "gssapi_err_krb5.h" 74ba7b222eSGlenn Barry #include "gssapi_ext.h" 757c478bd9Sstevel@tonic-gate 76ab9b2e15Sgtb /* for debugging */ 77ab9b2e15Sgtb #undef CFX_EXERCISE 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate /** constants **/ 807c478bd9Sstevel@tonic-gate 81ab9b2e15Sgtb #define GSS_MECH_KRB5_OID_LENGTH 9 82ab9b2e15Sgtb #define GSS_MECH_KRB5_OID "\052\206\110\206\367\022\001\002\002" 83ab9b2e15Sgtb 84ab9b2e15Sgtb #define GSS_MECH_KRB5_OLD_OID_LENGTH 5 85ab9b2e15Sgtb #define GSS_MECH_KRB5_OLD_OID "\053\005\001\005\002" 86ab9b2e15Sgtb 87ab9b2e15Sgtb /* Incorrect krb5 mech OID emitted by MS. */ 88ab9b2e15Sgtb #define GSS_MECH_KRB5_WRONG_OID_LENGTH 9 89ab9b2e15Sgtb #define GSS_MECH_KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002" 90ab9b2e15Sgtb 91ab9b2e15Sgtb 927c478bd9Sstevel@tonic-gate #define CKSUMTYPE_KG_CB 0x8003 937c478bd9Sstevel@tonic-gate 947c478bd9Sstevel@tonic-gate #define KG_TOK_CTX_AP_REQ 0x0100 957c478bd9Sstevel@tonic-gate #define KG_TOK_CTX_AP_REP 0x0200 967c478bd9Sstevel@tonic-gate #define KG_TOK_CTX_ERROR 0x0300 977c478bd9Sstevel@tonic-gate #define KG_TOK_SIGN_MSG 0x0101 987c478bd9Sstevel@tonic-gate #define KG_TOK_SEAL_MSG 0x0201 997c478bd9Sstevel@tonic-gate #define KG_TOK_MIC_MSG 0x0101 1007c478bd9Sstevel@tonic-gate #define KG_TOK_WRAP_MSG 0x0201 1017c478bd9Sstevel@tonic-gate #define KG_TOK_DEL_CTX 0x0102 1027c478bd9Sstevel@tonic-gate 1037c478bd9Sstevel@tonic-gate #define KG2_TOK_INITIAL 0x0101 1047c478bd9Sstevel@tonic-gate #define KG2_TOK_RESPONSE 0x0202 1057c478bd9Sstevel@tonic-gate #define KG2_TOK_MIC 0x0303 1067c478bd9Sstevel@tonic-gate #define KG2_TOK_WRAP_INTEG 0x0404 1077c478bd9Sstevel@tonic-gate #define KG2_TOK_WRAP_PRIV 0x0505 1087c478bd9Sstevel@tonic-gate 1097c478bd9Sstevel@tonic-gate #define KRB5_GSS_FOR_CREDS_OPTION 1 1107c478bd9Sstevel@tonic-gate 1117c478bd9Sstevel@tonic-gate #define KG2_RESP_FLAG_ERROR 0x0001 1127c478bd9Sstevel@tonic-gate #define KG2_RESP_FLAG_DELEG_OK 0x0002 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate /* These are to be stored in little-endian order, i.e., des-mac is 1157c478bd9Sstevel@tonic-gate stored as 02 00. */ 1167c478bd9Sstevel@tonic-gate enum sgn_alg { 1177c478bd9Sstevel@tonic-gate SGN_ALG_DES_MAC_MD5 = 0x0000, 1187c478bd9Sstevel@tonic-gate SGN_ALG_MD2_5 = 0x0001, 1197c478bd9Sstevel@tonic-gate SGN_ALG_DES_MAC = 0x0002, 1207c478bd9Sstevel@tonic-gate SGN_ALG_3 = 0x0003, /* not published */ 121ab9b2e15Sgtb SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */ 1227c478bd9Sstevel@tonic-gate SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 1237c478bd9Sstevel@tonic-gate }; 1247c478bd9Sstevel@tonic-gate enum seal_alg { 1257c478bd9Sstevel@tonic-gate SEAL_ALG_NONE = 0xffff, 1267c478bd9Sstevel@tonic-gate SEAL_ALG_DES = 0x0000, 1277c478bd9Sstevel@tonic-gate SEAL_ALG_1 = 0x0001, /* not published */ 128ab9b2e15Sgtb SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */ 1297c478bd9Sstevel@tonic-gate SEAL_ALG_DES3KD = 0x0002 1307c478bd9Sstevel@tonic-gate }; 1317c478bd9Sstevel@tonic-gate 1327c478bd9Sstevel@tonic-gate /* for 3DES */ 1337c478bd9Sstevel@tonic-gate #define KG_USAGE_SEAL 22 1347c478bd9Sstevel@tonic-gate #define KG_USAGE_SIGN 23 1357c478bd9Sstevel@tonic-gate #define KG_USAGE_SEQ 24 1367c478bd9Sstevel@tonic-gate 1377c478bd9Sstevel@tonic-gate /* for draft-ietf-krb-wg-gssapi-cfx-01 */ 1387c478bd9Sstevel@tonic-gate #define KG_USAGE_ACCEPTOR_SEAL 22 1397c478bd9Sstevel@tonic-gate #define KG_USAGE_ACCEPTOR_SIGN 23 140ab9b2e15Sgtb #define KG_USAGE_INITIATOR_SEAL 24 141ab9b2e15Sgtb #define KG_USAGE_INITIATOR_SIGN 25 1427c478bd9Sstevel@tonic-gate 1437c478bd9Sstevel@tonic-gate enum qop { 1447c478bd9Sstevel@tonic-gate GSS_KRB5_INTEG_C_QOP_MD5 = 0x0001, /* *partial* MD5 = "MD2.5" */ 1457c478bd9Sstevel@tonic-gate GSS_KRB5_INTEG_C_QOP_DES_MD5 = 0x0002, 1467c478bd9Sstevel@tonic-gate GSS_KRB5_INTEG_C_QOP_DES_MAC = 0x0003, 1477c478bd9Sstevel@tonic-gate GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004, 1487c478bd9Sstevel@tonic-gate GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff, 1497c478bd9Sstevel@tonic-gate GSS_KRB5_CONF_C_QOP_DES = 0x0100, 1507c478bd9Sstevel@tonic-gate GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, 1517c478bd9Sstevel@tonic-gate GSS_KRB5_CONF_C_QOP_MASK = 0xff00 1527c478bd9Sstevel@tonic-gate }; 1537c478bd9Sstevel@tonic-gate 1547c478bd9Sstevel@tonic-gate /** internal types **/ 1557c478bd9Sstevel@tonic-gate 1567c478bd9Sstevel@tonic-gate typedef krb5_principal krb5_gss_name_t; 1577c478bd9Sstevel@tonic-gate 1587c478bd9Sstevel@tonic-gate typedef struct _krb5_gss_cred_id_rec { 159ab9b2e15Sgtb /* protect against simultaneous accesses */ 160ab9b2e15Sgtb k5_mutex_t lock; 161ab9b2e15Sgtb 1627c478bd9Sstevel@tonic-gate /* name/type of credential */ 1637c478bd9Sstevel@tonic-gate gss_cred_usage_t usage; 1647c478bd9Sstevel@tonic-gate krb5_principal princ; /* this is not interned as a gss_name_t */ 165ab9b2e15Sgtb int prerfc_mech; 1667c478bd9Sstevel@tonic-gate int rfc_mech; 1677c478bd9Sstevel@tonic-gate 1687c478bd9Sstevel@tonic-gate /* keytab (accept) data */ 1697c478bd9Sstevel@tonic-gate krb5_keytab keytab; 1707c478bd9Sstevel@tonic-gate krb5_rcache rcache; 1717c478bd9Sstevel@tonic-gate 1727c478bd9Sstevel@tonic-gate /* ccache (init) data */ 1737c478bd9Sstevel@tonic-gate krb5_ccache ccache; 1747c478bd9Sstevel@tonic-gate krb5_timestamp tgt_expire; 175ab9b2e15Sgtb krb5_enctype *req_enctypes; /* limit negotiated enctypes to this list */ 176*55fea89dSDan Cross } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; 1777c478bd9Sstevel@tonic-gate 1787c478bd9Sstevel@tonic-gate typedef struct _krb5_gss_ctx_id_rec { 1797c478bd9Sstevel@tonic-gate unsigned int initiate : 1; /* nonzero if initiating, zero if accepting */ 1807c478bd9Sstevel@tonic-gate unsigned int established : 1; 1817c478bd9Sstevel@tonic-gate unsigned int big_endian : 1; 1827c478bd9Sstevel@tonic-gate unsigned int have_acceptor_subkey : 1; 1837c478bd9Sstevel@tonic-gate unsigned int seed_init : 1; /* XXX tested but never actually set */ 1847c478bd9Sstevel@tonic-gate OM_uint32 gss_flags; 1857c478bd9Sstevel@tonic-gate unsigned char seed[16]; 1867c478bd9Sstevel@tonic-gate krb5_principal here; 1877c478bd9Sstevel@tonic-gate krb5_principal there; 1887c478bd9Sstevel@tonic-gate krb5_keyblock *subkey; 1897c478bd9Sstevel@tonic-gate int signalg; 1907c478bd9Sstevel@tonic-gate size_t cksum_size; 1917c478bd9Sstevel@tonic-gate int sealalg; 1927c478bd9Sstevel@tonic-gate krb5_keyblock *enc; 1937c478bd9Sstevel@tonic-gate krb5_keyblock *seq; 1947c478bd9Sstevel@tonic-gate krb5_timestamp endtime; 195ba7b222eSGlenn Barry krb5_ticket_times krb_times; 1967c478bd9Sstevel@tonic-gate krb5_flags krb_flags; 1977c478bd9Sstevel@tonic-gate /* XXX these used to be signed. the old spec is inspecific, and 1987c478bd9Sstevel@tonic-gate the new spec specifies unsigned. I don't believe that the change 1997c478bd9Sstevel@tonic-gate affects the wire encoding. */ 2007c478bd9Sstevel@tonic-gate gssint_uint64 seq_send; 2017c478bd9Sstevel@tonic-gate gssint_uint64 seq_recv; 2027c478bd9Sstevel@tonic-gate void *seqstate; 203ab9b2e15Sgtb krb5_context k5_context; 2047c478bd9Sstevel@tonic-gate krb5_auth_context auth_context; 205ab9b2e15Sgtb gss_OID_desc *mech_used; 2067c478bd9Sstevel@tonic-gate /* Protocol spec revision 207ab9b2e15Sgtb 0 => RFC 1964 with 3DES and RC4 enhancements 208ab9b2e15Sgtb 1 => draft-ietf-krb-wg-gssapi-cfx-01 209ab9b2e15Sgtb No others defined so far. */ 2107c478bd9Sstevel@tonic-gate int proto; 2117c478bd9Sstevel@tonic-gate krb5_cksumtype cksumtype; /* for "main" subkey */ 2127c478bd9Sstevel@tonic-gate krb5_keyblock *acceptor_subkey; /* CFX only */ 2137c478bd9Sstevel@tonic-gate krb5_cksumtype acceptor_subkey_cksumtype; 214ab9b2e15Sgtb int cred_rcache; /* did we get rcache from creds? */ 215ba7b222eSGlenn Barry krb5_authdata **authdata; 2167c478bd9Sstevel@tonic-gate } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t; 2177c478bd9Sstevel@tonic-gate 218ab9b2e15Sgtb extern g_set kg_vdb; 2197c478bd9Sstevel@tonic-gate 220ab9b2e15Sgtb extern k5_mutex_t gssint_krb5_keytab_lock; 2217c478bd9Sstevel@tonic-gate 2227c478bd9Sstevel@tonic-gate /* helper macros */ 2237c478bd9Sstevel@tonic-gate 2247c478bd9Sstevel@tonic-gate #define kg_save_name(name) g_save_name(&kg_vdb,name) 2257c478bd9Sstevel@tonic-gate #define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred) 2267c478bd9Sstevel@tonic-gate #define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx) 227ab9b2e15Sgtb #define kg_save_lucidctx_id(lctx) g_save_lucidctx_id(&kg_vdb,lctx) 2287c478bd9Sstevel@tonic-gate 2297c478bd9Sstevel@tonic-gate #define kg_validate_name(name) g_validate_name(&kg_vdb,name) 2307c478bd9Sstevel@tonic-gate #define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred) 2317c478bd9Sstevel@tonic-gate #define kg_validate_ctx_id(ctx) g_validate_ctx_id(&kg_vdb,ctx) 232ab9b2e15Sgtb #define kg_validate_lucidctx_id(lctx) g_validate_lucidctx_id(&kg_vdb,lctx) 2337c478bd9Sstevel@tonic-gate 2347c478bd9Sstevel@tonic-gate #define kg_delete_name(name) g_delete_name(&kg_vdb,name) 2357c478bd9Sstevel@tonic-gate #define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred) 2367c478bd9Sstevel@tonic-gate #define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx) 237ab9b2e15Sgtb #define kg_delete_lucidctx_id(lctx) g_delete_lucidctx_id(&kg_vdb,lctx) 2387c478bd9Sstevel@tonic-gate 2397c478bd9Sstevel@tonic-gate /** helper functions **/ 2407c478bd9Sstevel@tonic-gate 241*55fea89dSDan Cross OM_uint32 kg_get_defcred 242*55fea89dSDan Cross (OM_uint32 *minor_status, 243ab9b2e15Sgtb gss_cred_id_t *cred); 244ab9b2e15Sgtb 245ab9b2e15Sgtb krb5_error_code kg_checksum_channel_bindings 246ab9b2e15Sgtb (krb5_context context, gss_channel_bindings_t cb, 247ab9b2e15Sgtb krb5_checksum *cksum, 248ab9b2e15Sgtb int bigend); 249ab9b2e15Sgtb 250ab9b2e15Sgtb krb5_error_code kg_make_seq_num (krb5_context context, 251ab9b2e15Sgtb krb5_keyblock *key, 252ab9b2e15Sgtb int direction, krb5_ui_4 seqnum, unsigned char *cksum, 253ab9b2e15Sgtb unsigned char *buf); 254ab9b2e15Sgtb 255ab9b2e15Sgtb krb5_error_code kg_get_seq_num (krb5_context context, 256ab9b2e15Sgtb krb5_keyblock *key, 257ab9b2e15Sgtb unsigned char *cksum, unsigned char *buf, int *direction, 258ab9b2e15Sgtb krb5_ui_4 *seqnum); 259ab9b2e15Sgtb 260ab9b2e15Sgtb krb5_error_code kg_make_seed (krb5_context context, 261ab9b2e15Sgtb krb5_keyblock *key, 262ab9b2e15Sgtb unsigned char *seed); 2637c478bd9Sstevel@tonic-gate 2647c478bd9Sstevel@tonic-gate int kg_confounder_size (krb5_context context, krb5_keyblock *key); 2657c478bd9Sstevel@tonic-gate 266*55fea89dSDan Cross krb5_error_code kg_make_confounder (krb5_context context, 2677c478bd9Sstevel@tonic-gate krb5_keyblock *key, unsigned char *buf); 2687c478bd9Sstevel@tonic-gate 269*55fea89dSDan Cross krb5_error_code kg_encrypt (krb5_context context, 270ab9b2e15Sgtb krb5_keyblock *key, int usage, 271ab9b2e15Sgtb krb5_pointer iv, 272159d09a2SMark Phalan krb5_const_pointer in, 273ab9b2e15Sgtb krb5_pointer out, 274ab9b2e15Sgtb unsigned int length); 2757c478bd9Sstevel@tonic-gate krb5_error_code 2767c478bd9Sstevel@tonic-gate kg_arcfour_docrypt (krb5_context, 277ab9b2e15Sgtb const krb5_keyblock *longterm_key , int ms_usage, 278ab9b2e15Sgtb const unsigned char *kd_data, size_t kd_data_len, 279ab9b2e15Sgtb const unsigned char *input_buf, size_t input_len, 280ab9b2e15Sgtb unsigned char *output_buf); 2817c478bd9Sstevel@tonic-gate 2827c478bd9Sstevel@tonic-gate krb5_error_code kg_decrypt (krb5_context context, 283ab9b2e15Sgtb krb5_keyblock *key, int usage, 284ab9b2e15Sgtb krb5_pointer iv, 285159d09a2SMark Phalan krb5_const_pointer in, 286ab9b2e15Sgtb krb5_pointer out, 287ab9b2e15Sgtb unsigned int length); 288ab9b2e15Sgtb 289ab9b2e15Sgtb OM_uint32 kg_seal (OM_uint32 *minor_status, 290ab9b2e15Sgtb gss_ctx_id_t context_handle, 291ab9b2e15Sgtb int conf_req_flag, 292ab9b2e15Sgtb int qop_req, 293ab9b2e15Sgtb gss_buffer_t input_message_buffer, 294ab9b2e15Sgtb int *conf_state, 295ab9b2e15Sgtb gss_buffer_t output_message_buffer, 296ab9b2e15Sgtb int toktype); 297ab9b2e15Sgtb 298ab9b2e15Sgtb OM_uint32 kg_unseal (OM_uint32 *minor_status, 299ab9b2e15Sgtb gss_ctx_id_t context_handle, 300ab9b2e15Sgtb gss_buffer_t input_token_buffer, 301ab9b2e15Sgtb gss_buffer_t message_buffer, 302ab9b2e15Sgtb int *conf_state, 303ab9b2e15Sgtb int *qop_state, 304ab9b2e15Sgtb int toktype); 305ab9b2e15Sgtb 306ab9b2e15Sgtb OM_uint32 kg_seal_size (OM_uint32 *minor_status, 307ab9b2e15Sgtb gss_ctx_id_t context_handle, 308ab9b2e15Sgtb int conf_req_flag, 309ab9b2e15Sgtb gss_qop_t qop_req, 310ab9b2e15Sgtb OM_uint32 output_size, 311ab9b2e15Sgtb OM_uint32 *input_size); 312ab9b2e15Sgtb 313ab9b2e15Sgtb krb5_error_code kg_ctx_size (krb5_context kcontext, 314ab9b2e15Sgtb krb5_pointer arg, 315ab9b2e15Sgtb size_t *sizep); 316ab9b2e15Sgtb 317ab9b2e15Sgtb krb5_error_code kg_ctx_externalize (krb5_context kcontext, 318ab9b2e15Sgtb krb5_pointer arg, 319ab9b2e15Sgtb krb5_octet **buffer, 320ab9b2e15Sgtb size_t *lenremain); 321ab9b2e15Sgtb 322ab9b2e15Sgtb krb5_error_code kg_ctx_internalize (krb5_context kcontext, 323ab9b2e15Sgtb krb5_pointer *argp, 324ab9b2e15Sgtb krb5_octet **buffer, 325ab9b2e15Sgtb size_t *lenremain); 326ab9b2e15Sgtb 327ab9b2e15Sgtb OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status); 328ab9b2e15Sgtb 329*55fea89dSDan Cross OM_uint32 kg_caller_provided_ccache_name (OM_uint32 *minor_status, 330159d09a2SMark Phalan int *out_caller_provided_name); 331159d09a2SMark Phalan 332*55fea89dSDan Cross OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, 3337c478bd9Sstevel@tonic-gate const char **out_name); 3347c478bd9Sstevel@tonic-gate 335*55fea89dSDan Cross OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status, 3367c478bd9Sstevel@tonic-gate const char *name); 3377c478bd9Sstevel@tonic-gate 3387c478bd9Sstevel@tonic-gate /** declarations of internal name mechanism functions **/ 3397c478bd9Sstevel@tonic-gate 340ab9b2e15Sgtb OM_uint32 krb5_gss_acquire_cred 341ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 3427c478bd9Sstevel@tonic-gate gss_name_t, /* desired_name */ 3437c478bd9Sstevel@tonic-gate OM_uint32, /* time_req */ 3447c478bd9Sstevel@tonic-gate gss_OID_set, /* desired_mechs */ 3457c478bd9Sstevel@tonic-gate gss_cred_usage_t, /* cred_usage */ 3467c478bd9Sstevel@tonic-gate gss_cred_id_t*, /* output_cred_handle */ 3477c478bd9Sstevel@tonic-gate gss_OID_set*, /* actual_mechs */ 3487c478bd9Sstevel@tonic-gate OM_uint32* /* time_rec */ 3497c478bd9Sstevel@tonic-gate ); 3507c478bd9Sstevel@tonic-gate 351ab9b2e15Sgtb OM_uint32 krb5_gss_release_cred 352ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 3537c478bd9Sstevel@tonic-gate gss_cred_id_t* /* cred_handle */ 3547c478bd9Sstevel@tonic-gate ); 3557c478bd9Sstevel@tonic-gate 356ab9b2e15Sgtb OM_uint32 krb5_gss_init_sec_context 357ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 3587c478bd9Sstevel@tonic-gate gss_cred_id_t, /* claimant_cred_handle */ 3597c478bd9Sstevel@tonic-gate gss_ctx_id_t*, /* context_handle */ 3607c478bd9Sstevel@tonic-gate gss_name_t, /* target_name */ 3617c478bd9Sstevel@tonic-gate gss_OID, /* mech_type */ 3627c478bd9Sstevel@tonic-gate OM_uint32, /* req_flags */ 3637c478bd9Sstevel@tonic-gate OM_uint32, /* time_req */ 3647c478bd9Sstevel@tonic-gate gss_channel_bindings_t, 3657c478bd9Sstevel@tonic-gate /* input_chan_bindings */ 3667c478bd9Sstevel@tonic-gate gss_buffer_t, /* input_token */ 3677c478bd9Sstevel@tonic-gate gss_OID*, /* actual_mech_type */ 3687c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_token */ 3697c478bd9Sstevel@tonic-gate OM_uint32*, /* ret_flags */ 3707c478bd9Sstevel@tonic-gate OM_uint32* /* time_rec */ 3717c478bd9Sstevel@tonic-gate ); 3727c478bd9Sstevel@tonic-gate 373ab9b2e15Sgtb OM_uint32 krb5_gss_accept_sec_context 374ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 3757c478bd9Sstevel@tonic-gate gss_ctx_id_t*, /* context_handle */ 3767c478bd9Sstevel@tonic-gate gss_cred_id_t, /* verifier_cred_handle */ 3777c478bd9Sstevel@tonic-gate gss_buffer_t, /* input_token_buffer */ 3787c478bd9Sstevel@tonic-gate gss_channel_bindings_t, 3797c478bd9Sstevel@tonic-gate /* input_chan_bindings */ 3807c478bd9Sstevel@tonic-gate gss_name_t*, /* src_name */ 3817c478bd9Sstevel@tonic-gate gss_OID*, /* mech_type */ 3827c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_token */ 3837c478bd9Sstevel@tonic-gate OM_uint32*, /* ret_flags */ 3847c478bd9Sstevel@tonic-gate OM_uint32*, /* time_rec */ 3857c478bd9Sstevel@tonic-gate gss_cred_id_t* /* delegated_cred_handle */ 3867c478bd9Sstevel@tonic-gate ); 3877c478bd9Sstevel@tonic-gate 388ab9b2e15Sgtb OM_uint32 krb5_gss_process_context_token 389ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 3907c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 3917c478bd9Sstevel@tonic-gate gss_buffer_t /* token_buffer */ 3927c478bd9Sstevel@tonic-gate ); 3937c478bd9Sstevel@tonic-gate 394ab9b2e15Sgtb OM_uint32 krb5_gss_delete_sec_context 395ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 3967c478bd9Sstevel@tonic-gate gss_ctx_id_t*, /* context_handle */ 3977c478bd9Sstevel@tonic-gate gss_buffer_t /* output_token */ 3987c478bd9Sstevel@tonic-gate #ifdef _KERNEL 399ab9b2e15Sgtb /* */, OM_uint32 /* context verifier */ 4007c478bd9Sstevel@tonic-gate #endif 401ab9b2e15Sgtb ); 4027c478bd9Sstevel@tonic-gate 403ab9b2e15Sgtb OM_uint32 krb5_gss_context_time 404ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 4057c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 4067c478bd9Sstevel@tonic-gate OM_uint32* /* time_rec */ 4077c478bd9Sstevel@tonic-gate ); 4087c478bd9Sstevel@tonic-gate 409ab9b2e15Sgtb OM_uint32 krb5_gss_sign 410ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 4117c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 4127c478bd9Sstevel@tonic-gate int, /* qop_req */ 4137c478bd9Sstevel@tonic-gate gss_buffer_t, /* message_buffer */ 4147c478bd9Sstevel@tonic-gate gss_buffer_t /* message_token */ 4157c478bd9Sstevel@tonic-gate #ifdef _KERNEL 416ab9b2e15Sgtb /* */, OM_uint32 /* context verifier */ 4177c478bd9Sstevel@tonic-gate #endif 4187c478bd9Sstevel@tonic-gate ); 4197c478bd9Sstevel@tonic-gate 420ab9b2e15Sgtb OM_uint32 krb5_gss_verify 421ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 4227c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 4237c478bd9Sstevel@tonic-gate gss_buffer_t, /* message_buffer */ 4247c478bd9Sstevel@tonic-gate gss_buffer_t, /* token_buffer */ 4257c478bd9Sstevel@tonic-gate int* /* qop_state */ 4267c478bd9Sstevel@tonic-gate #ifdef _KERNEL 427ab9b2e15Sgtb /* */, OM_uint32 /* context verifier */ 4287c478bd9Sstevel@tonic-gate #endif 4297c478bd9Sstevel@tonic-gate ); 4307c478bd9Sstevel@tonic-gate 431ab9b2e15Sgtb OM_uint32 krb5_gss_seal 432ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 4337c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 4347c478bd9Sstevel@tonic-gate int, /* conf_req_flag */ 4357c478bd9Sstevel@tonic-gate int, /* qop_req */ 4367c478bd9Sstevel@tonic-gate gss_buffer_t, /* input_message_buffer */ 4377c478bd9Sstevel@tonic-gate int*, /* conf_state */ 4387c478bd9Sstevel@tonic-gate gss_buffer_t /* output_message_buffer */ 4397c478bd9Sstevel@tonic-gate #ifdef _KERNEL 440ab9b2e15Sgtb /* */, OM_uint32 /* context verifier */ 4417c478bd9Sstevel@tonic-gate #endif 4427c478bd9Sstevel@tonic-gate ); 4437c478bd9Sstevel@tonic-gate 444ab9b2e15Sgtb OM_uint32 krb5_gss_unseal 445ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 4467c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 4477c478bd9Sstevel@tonic-gate gss_buffer_t, /* input_message_buffer */ 4487c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_message_buffer */ 4497c478bd9Sstevel@tonic-gate int*, /* conf_state */ 4507c478bd9Sstevel@tonic-gate int* /* qop_state */ 4517c478bd9Sstevel@tonic-gate #ifdef _KERNEL 452ab9b2e15Sgtb /* */, OM_uint32 /* context verifier */ 4537c478bd9Sstevel@tonic-gate #endif 4547c478bd9Sstevel@tonic-gate ); 4557c478bd9Sstevel@tonic-gate 456ab9b2e15Sgtb OM_uint32 krb5_gss_display_status 457ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 4587c478bd9Sstevel@tonic-gate OM_uint32, /* status_value */ 4597c478bd9Sstevel@tonic-gate int, /* status_type */ 4607c478bd9Sstevel@tonic-gate gss_OID, /* mech_type */ 4617c478bd9Sstevel@tonic-gate OM_uint32*, /* message_context */ 4627c478bd9Sstevel@tonic-gate gss_buffer_t /* status_string */ 4637c478bd9Sstevel@tonic-gate ); 4647c478bd9Sstevel@tonic-gate 465ab9b2e15Sgtb OM_uint32 krb5_gss_indicate_mechs 466ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 4677c478bd9Sstevel@tonic-gate gss_OID_set* /* mech_set */ 4687c478bd9Sstevel@tonic-gate ); 4697c478bd9Sstevel@tonic-gate 470ab9b2e15Sgtb OM_uint32 krb5_gss_compare_name 471ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 4727c478bd9Sstevel@tonic-gate gss_name_t, /* name1 */ 4737c478bd9Sstevel@tonic-gate gss_name_t, /* name2 */ 4747c478bd9Sstevel@tonic-gate int* /* name_equal */ 4757c478bd9Sstevel@tonic-gate ); 4767c478bd9Sstevel@tonic-gate 477ab9b2e15Sgtb OM_uint32 krb5_gss_display_name 478ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 4797c478bd9Sstevel@tonic-gate gss_name_t, /* input_name */ 4807c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_name_buffer */ 4817c478bd9Sstevel@tonic-gate gss_OID* /* output_name_type */ 4827c478bd9Sstevel@tonic-gate ); 4837c478bd9Sstevel@tonic-gate 484ab9b2e15Sgtb OM_uint32 krb5_gss_import_name 485ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 4867c478bd9Sstevel@tonic-gate gss_buffer_t, /* input_name_buffer */ 4877c478bd9Sstevel@tonic-gate gss_OID, /* input_name_type */ 4887c478bd9Sstevel@tonic-gate gss_name_t* /* output_name */ 4897c478bd9Sstevel@tonic-gate ); 4907c478bd9Sstevel@tonic-gate 491ab9b2e15Sgtb OM_uint32 krb5_gss_release_name 492ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 4937c478bd9Sstevel@tonic-gate gss_name_t* /* input_name */ 4947c478bd9Sstevel@tonic-gate ); 4957c478bd9Sstevel@tonic-gate 496ab9b2e15Sgtb OM_uint32 krb5_gss_inquire_cred 497ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 4987c478bd9Sstevel@tonic-gate gss_cred_id_t, /* cred_handle */ 4997c478bd9Sstevel@tonic-gate gss_name_t *, /* name */ 5007c478bd9Sstevel@tonic-gate OM_uint32 *, /* lifetime */ 5017c478bd9Sstevel@tonic-gate gss_cred_usage_t*,/* cred_usage */ 5027c478bd9Sstevel@tonic-gate gss_OID_set * /* mechanisms */ 5037c478bd9Sstevel@tonic-gate ); 5047c478bd9Sstevel@tonic-gate 505ab9b2e15Sgtb OM_uint32 krb5_gss_inquire_context 506ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 5077c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 5087c478bd9Sstevel@tonic-gate gss_name_t*, /* initiator_name */ 5097c478bd9Sstevel@tonic-gate gss_name_t*, /* acceptor_name */ 5107c478bd9Sstevel@tonic-gate OM_uint32*, /* lifetime_rec */ 5117c478bd9Sstevel@tonic-gate gss_OID*, /* mech_type */ 5127c478bd9Sstevel@tonic-gate OM_uint32*, /* ret_flags */ 5137c478bd9Sstevel@tonic-gate int*, /* locally_initiated */ 5147c478bd9Sstevel@tonic-gate int* /* open */ 5157c478bd9Sstevel@tonic-gate ); 5167c478bd9Sstevel@tonic-gate 5177c478bd9Sstevel@tonic-gate /* New V2 entry points */ 518ab9b2e15Sgtb OM_uint32 krb5_gss_get_mic 519ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 5207c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 5217c478bd9Sstevel@tonic-gate gss_qop_t, /* qop_req */ 5227c478bd9Sstevel@tonic-gate gss_buffer_t, /* message_buffer */ 5237c478bd9Sstevel@tonic-gate gss_buffer_t /* message_token */ 5247c478bd9Sstevel@tonic-gate ); 5257c478bd9Sstevel@tonic-gate 526ab9b2e15Sgtb OM_uint32 krb5_gss_verify_mic 527ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 5287c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 5297c478bd9Sstevel@tonic-gate gss_buffer_t, /* message_buffer */ 5307c478bd9Sstevel@tonic-gate gss_buffer_t, /* message_token */ 5317c478bd9Sstevel@tonic-gate gss_qop_t * /* qop_state */ 5327c478bd9Sstevel@tonic-gate ); 5337c478bd9Sstevel@tonic-gate 534ab9b2e15Sgtb OM_uint32 krb5_gss_wrap 535ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 5367c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 5377c478bd9Sstevel@tonic-gate int, /* conf_req_flag */ 5387c478bd9Sstevel@tonic-gate gss_qop_t, /* qop_req */ 5397c478bd9Sstevel@tonic-gate gss_buffer_t, /* input_message_buffer */ 5407c478bd9Sstevel@tonic-gate int *, /* conf_state */ 5417c478bd9Sstevel@tonic-gate gss_buffer_t /* output_message_buffer */ 5427c478bd9Sstevel@tonic-gate ); 5437c478bd9Sstevel@tonic-gate 544ab9b2e15Sgtb OM_uint32 krb5_gss_unwrap 545ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 5467c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 5477c478bd9Sstevel@tonic-gate gss_buffer_t, /* input_message_buffer */ 5487c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_message_buffer */ 5497c478bd9Sstevel@tonic-gate int *, /* conf_state */ 5507c478bd9Sstevel@tonic-gate gss_qop_t * /* qop_state */ 5517c478bd9Sstevel@tonic-gate ); 5527c478bd9Sstevel@tonic-gate 553ab9b2e15Sgtb OM_uint32 krb5_gss_wrap_size_limit 554ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 5557c478bd9Sstevel@tonic-gate gss_ctx_id_t, /* context_handle */ 5567c478bd9Sstevel@tonic-gate int, /* conf_req_flag */ 5577c478bd9Sstevel@tonic-gate gss_qop_t, /* qop_req */ 5587c478bd9Sstevel@tonic-gate OM_uint32, /* req_output_size */ 5597c478bd9Sstevel@tonic-gate OM_uint32 * /* max_input_size */ 5607c478bd9Sstevel@tonic-gate ); 5617c478bd9Sstevel@tonic-gate 562ab9b2e15Sgtb OM_uint32 krb5_gss_import_name_object 563ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 564ab9b2e15Sgtb void *, /* input_name */ 565ab9b2e15Sgtb gss_OID, /* input_name_type */ 566ab9b2e15Sgtb gss_name_t * /* output_name */ 567ab9b2e15Sgtb ); 568ab9b2e15Sgtb 569ab9b2e15Sgtb OM_uint32 krb5_gss_export_name_object 570ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 571ab9b2e15Sgtb gss_name_t, /* input_name */ 572ab9b2e15Sgtb gss_OID, /* desired_name_type */ 573ab9b2e15Sgtb void * * /* output_name */ 574ab9b2e15Sgtb ); 575ab9b2e15Sgtb 576ab9b2e15Sgtb OM_uint32 krb5_gss_add_cred 577ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 5787c478bd9Sstevel@tonic-gate gss_cred_id_t, /* input_cred_handle */ 5797c478bd9Sstevel@tonic-gate gss_name_t, /* desired_name */ 5807c478bd9Sstevel@tonic-gate gss_OID, /* desired_mech */ 5817c478bd9Sstevel@tonic-gate gss_cred_usage_t, /* cred_usage */ 5827c478bd9Sstevel@tonic-gate OM_uint32, /* initiator_time_req */ 5837c478bd9Sstevel@tonic-gate OM_uint32, /* acceptor_time_req */ 5847c478bd9Sstevel@tonic-gate gss_cred_id_t *, /* output_cred_handle */ 5857c478bd9Sstevel@tonic-gate gss_OID_set *, /* actual_mechs */ 5867c478bd9Sstevel@tonic-gate OM_uint32 *, /* initiator_time_rec */ 5877c478bd9Sstevel@tonic-gate OM_uint32 * /* acceptor_time_rec */ 5887c478bd9Sstevel@tonic-gate ); 5897c478bd9Sstevel@tonic-gate 590ab9b2e15Sgtb OM_uint32 krb5_gss_inquire_cred_by_mech 591ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 5927c478bd9Sstevel@tonic-gate gss_cred_id_t, /* cred_handle */ 5937c478bd9Sstevel@tonic-gate gss_OID, /* mech_type */ 5947c478bd9Sstevel@tonic-gate gss_name_t *, /* name */ 5957c478bd9Sstevel@tonic-gate OM_uint32 *, /* initiator_lifetime */ 5967c478bd9Sstevel@tonic-gate OM_uint32 *, /* acceptor_lifetime */ 5977c478bd9Sstevel@tonic-gate gss_cred_usage_t * /* cred_usage */ 5987c478bd9Sstevel@tonic-gate ); 5997c478bd9Sstevel@tonic-gate 600ab9b2e15Sgtb OM_uint32 krb5_gss_export_sec_context 601ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 6027c478bd9Sstevel@tonic-gate gss_ctx_id_t *, /* context_handle */ 6037c478bd9Sstevel@tonic-gate gss_buffer_t /* interprocess_token */ 6047c478bd9Sstevel@tonic-gate ); 6057c478bd9Sstevel@tonic-gate 606ab9b2e15Sgtb OM_uint32 krb5_gss_import_sec_context 607ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 608ab9b2e15Sgtb gss_buffer_t, /* interprocess_token */ 609ab9b2e15Sgtb gss_ctx_id_t * /* context_handle */ 610ab9b2e15Sgtb /* Note no _KERNEL context verifier */ 611ab9b2e15Sgtb ); 612ab9b2e15Sgtb 613ab9b2e15Sgtb krb5_error_code krb5_gss_ser_init(krb5_context); 614ab9b2e15Sgtb 615ab9b2e15Sgtb OM_uint32 krb5_gss_release_oid 616ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 617ab9b2e15Sgtb gss_OID * /* oid */ 618ab9b2e15Sgtb ); 6197c478bd9Sstevel@tonic-gate 620ab9b2e15Sgtb OM_uint32 krb5_gss_internal_release_oid 621ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 6227c478bd9Sstevel@tonic-gate gss_OID * /* oid */ 6237c478bd9Sstevel@tonic-gate ); 6247c478bd9Sstevel@tonic-gate 625ab9b2e15Sgtb OM_uint32 krb5_gss_inquire_names_for_mech 626ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 6277c478bd9Sstevel@tonic-gate gss_OID, /* mechanism */ 6287c478bd9Sstevel@tonic-gate gss_OID_set * /* name_types */ 6297c478bd9Sstevel@tonic-gate ); 6307c478bd9Sstevel@tonic-gate 631ab9b2e15Sgtb /* SUNW15resync - XXX nullify? */ 6327c478bd9Sstevel@tonic-gate OM_uint32 krb5_gss_canonicalize_name 633ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 6347c478bd9Sstevel@tonic-gate const gss_name_t, /* input_name */ 6357c478bd9Sstevel@tonic-gate const gss_OID, /* mech_type */ 6367c478bd9Sstevel@tonic-gate gss_name_t * /* output_name */ 6377c478bd9Sstevel@tonic-gate ); 638*55fea89dSDan Cross 639ab9b2e15Sgtb OM_uint32 krb5_gss_export_name 640ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 6417c478bd9Sstevel@tonic-gate const gss_name_t, /* input_name */ 6427c478bd9Sstevel@tonic-gate gss_buffer_t /* exported_name */ 6437c478bd9Sstevel@tonic-gate ); 6447c478bd9Sstevel@tonic-gate 645ab9b2e15Sgtb OM_uint32 krb5_gss_duplicate_name 646ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 6477c478bd9Sstevel@tonic-gate const gss_name_t, /* input_name */ 6487c478bd9Sstevel@tonic-gate gss_name_t * /* dest_name */ 6497c478bd9Sstevel@tonic-gate ); 6507c478bd9Sstevel@tonic-gate 651ab9b2e15Sgtb OM_uint32 krb5_gss_validate_cred 652ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 6537c478bd9Sstevel@tonic-gate gss_cred_id_t /* cred */ 6547c478bd9Sstevel@tonic-gate ); 6557c478bd9Sstevel@tonic-gate 656ab9b2e15Sgtb OM_uint32 657ab9b2e15Sgtb krb5_gss_validate_cred_1(OM_uint32 * /* minor_status */, 658ab9b2e15Sgtb gss_cred_id_t /* cred_handle */, 659ab9b2e15Sgtb krb5_context /* context */); 6607c478bd9Sstevel@tonic-gate 661ab9b2e15Sgtb gss_OID krb5_gss_convert_static_mech_oid(gss_OID oid); 662*55fea89dSDan Cross 6637c478bd9Sstevel@tonic-gate krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context, 664ab9b2e15Sgtb krb5_gss_ctx_id_rec *, 665ab9b2e15Sgtb const gss_buffer_desc *, 666ab9b2e15Sgtb gss_buffer_t, 667ab9b2e15Sgtb int, int); 668ab9b2e15Sgtb 669159d09a2SMark Phalan OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr, 670ab9b2e15Sgtb OM_uint32 *minor_status, 671ab9b2e15Sgtb krb5_gss_ctx_id_rec *ctx, 672ab9b2e15Sgtb unsigned char *ptr, int bodysize, 673ab9b2e15Sgtb gss_buffer_t message_buffer, 674*55fea89dSDan Cross int *conf_state, int *qop_state, 675ab9b2e15Sgtb int toktype); 676ab9b2e15Sgtb 677ab9b2e15Sgtb /* 678ab9b2e15Sgtb * SUNW15resync 679ab9b2e15Sgtb * Solaris specific interfaces start 680ab9b2e15Sgtb */ 681ab9b2e15Sgtb 682ab9b2e15Sgtb OM_uint32 krb5_gss_store_cred ( 683ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 684ab9b2e15Sgtb const gss_cred_id_t, /* input_cred */ 685ab9b2e15Sgtb gss_cred_usage_t, /* cred_usage */ 686ab9b2e15Sgtb const gss_OID, /* desired_mech */ 687ab9b2e15Sgtb OM_uint32, /* overwrite_cred */ 688ab9b2e15Sgtb OM_uint32, /* default_cred */ 689ab9b2e15Sgtb gss_OID_set *, /* elements_stored */ 690ab9b2e15Sgtb gss_cred_usage_t * /* cred_usage_stored */ 691ab9b2e15Sgtb ); 692ab9b2e15Sgtb 693ab9b2e15Sgtb OM_uint32 krb5_pname_to_uid( 694ab9b2e15Sgtb OM_uint32 *, /* minor status */ 695ab9b2e15Sgtb const gss_name_t, /* pname */ 696ab9b2e15Sgtb uid_t * /* uidOUt */ 697ab9b2e15Sgtb ); 698ab9b2e15Sgtb 699ab9b2e15Sgtb OM_uint32 krb5_gss_userok( 700ab9b2e15Sgtb OM_uint32 *, /* minor status */ 701ab9b2e15Sgtb const gss_name_t, /* remote user principal name */ 702ab9b2e15Sgtb const char *, /* local unix user name */ 703ab9b2e15Sgtb int * /* remote user ok to login w/out pw? */ 7047c478bd9Sstevel@tonic-gate ); 7057c478bd9Sstevel@tonic-gate 706ab9b2e15Sgtb 707ab9b2e15Sgtb /* 708ab9b2e15Sgtb * SUNW15resync 709ab9b2e15Sgtb * Solaris specific interfaces end 710ab9b2e15Sgtb */ 711ab9b2e15Sgtb 712ab9b2e15Sgtb 713ab9b2e15Sgtb /* 714ab9b2e15Sgtb * These take unglued krb5-mech-specific contexts. 715ab9b2e15Sgtb */ 716ab9b2e15Sgtb 717ba7b222eSGlenn Barry #define GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH 11 718ba7b222eSGlenn Barry #define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01" 719ba7b222eSGlenn Barry 720ba7b222eSGlenn Barry #ifndef _KERNEL 721ba7b222eSGlenn Barry OM_uint32 gss_krb5int_get_tkt_flags 722ba7b222eSGlenn Barry (OM_uint32 *minor_status, 723ba7b222eSGlenn Barry const gss_ctx_id_t context_handle, 724ba7b222eSGlenn Barry const gss_OID desired_object, 725ba7b222eSGlenn Barry gss_buffer_set_t *data_set); 726ba7b222eSGlenn Barry 727ab9b2e15Sgtb 728ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache 729ab9b2e15Sgtb (OM_uint32 *minor_status, 730ab9b2e15Sgtb gss_cred_id_t cred_handle, 731ab9b2e15Sgtb krb5_ccache out_ccache); 732ab9b2e15Sgtb 733ba7b222eSGlenn Barry #define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH 11 734ba7b222eSGlenn Barry #define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04" 735ba7b222eSGlenn Barry 736ba7b222eSGlenn Barry struct krb5_gss_set_allowable_enctypes_req { 737ba7b222eSGlenn Barry OM_uint32 num_ktypes; 738ba7b222eSGlenn Barry krb5_enctype *ktypes; 739ba7b222eSGlenn Barry }; 740ba7b222eSGlenn Barry 741ba7b222eSGlenn Barry #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11 742ba7b222eSGlenn Barry #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" 743ba7b222eSGlenn Barry 744ba7b222eSGlenn Barry OM_uint32 745ba7b222eSGlenn Barry gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *); 746ba7b222eSGlenn Barry 747ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV 748*55fea89dSDan Cross gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, 749ab9b2e15Sgtb gss_cred_id_t cred, 750ab9b2e15Sgtb OM_uint32 num_ktypes, 751ab9b2e15Sgtb krb5_enctype *ktypes); 752ab9b2e15Sgtb 753ba7b222eSGlenn Barry #endif /* _KERNEL */ 754ba7b222eSGlenn Barry 755ba7b222eSGlenn Barry #if 0 756ba7b222eSGlenn Barry /* 757ba7b222eSGlenn Barry * SUNW17PACresync 758ba7b222eSGlenn Barry * These two functions not needed yet, revisit for full 1.7 resync. 759ba7b222eSGlenn Barry */ 760ba7b222eSGlenn Barry OM_uint32 KRB5_CALLCONV 761ba7b222eSGlenn Barry gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, 762ba7b222eSGlenn Barry gss_cred_id_t cred, 763ba7b222eSGlenn Barry const gss_OID desired_oid, 764ba7b222eSGlenn Barry const gss_buffer_t value); 765ba7b222eSGlenn Barry 766ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV 767ab9b2e15Sgtb gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status, 768ab9b2e15Sgtb gss_ctx_id_t *context_handle, 769ab9b2e15Sgtb OM_uint32 version, 770ab9b2e15Sgtb void **kctx); 771ba7b222eSGlenn Barry #endif 772ba7b222eSGlenn Barry 773ba7b222eSGlenn Barry #ifndef _KERNEL 774ba7b222eSGlenn Barry #define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH 11 775ba7b222eSGlenn Barry #define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06" 776ba7b222eSGlenn Barry 777ba7b222eSGlenn Barry OM_uint32 778ba7b222eSGlenn Barry gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status, 779ba7b222eSGlenn Barry const gss_ctx_id_t context_handle, 780ba7b222eSGlenn Barry const gss_OID desired_object, 781ba7b222eSGlenn Barry gss_buffer_set_t *data_set); 782ba7b222eSGlenn Barry 783ba7b222eSGlenn Barry #define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH 11 784ba7b222eSGlenn Barry #define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07" 785ba7b222eSGlenn Barry 786ba7b222eSGlenn Barry OM_uint32 787ba7b222eSGlenn Barry gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID, 788ba7b222eSGlenn Barry const gss_OID, gss_buffer_t); 789ab9b2e15Sgtb 790ab9b2e15Sgtb 791ab9b2e15Sgtb extern k5_mutex_t kg_kdc_flag_mutex; 792ab9b2e15Sgtb krb5_error_code krb5_gss_init_context (krb5_context *ctxp); 793ab9b2e15Sgtb 794ba7b222eSGlenn Barry 795ba7b222eSGlenn Barry #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11 796ba7b222eSGlenn Barry #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" 797ba7b222eSGlenn Barry 798ba7b222eSGlenn Barry OM_uint32 799ba7b222eSGlenn Barry gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *); 800ba7b222eSGlenn Barry 801ba7b222eSGlenn Barry 802ba7b222eSGlenn Barry #define GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH 11 803ba7b222eSGlenn Barry #define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08" 804ba7b222eSGlenn Barry 805ba7b222eSGlenn Barry OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID, 806ba7b222eSGlenn Barry const gss_OID, gss_buffer_t); 807ba7b222eSGlenn Barry 808ab9b2e15Sgtb krb5_error_code krb5_gss_use_kdc_context(void); 809ab9b2e15Sgtb 810ba7b222eSGlenn Barry #define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH 11 811ba7b222eSGlenn Barry #define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09" 812ba7b222eSGlenn Barry 813ba7b222eSGlenn Barry OM_uint32 814ba7b222eSGlenn Barry gss_krb5int_register_acceptor_identity(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t); 815ba7b222eSGlenn Barry 816ba7b222eSGlenn Barry #define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 11 817ba7b222eSGlenn Barry #define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0a" 818ba7b222eSGlenn Barry 819ba7b222eSGlenn Barry OM_uint32 820ba7b222eSGlenn Barry gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status, 821ba7b222eSGlenn Barry const gss_ctx_id_t context_handle, 822ba7b222eSGlenn Barry const gss_OID desired_object, 823ba7b222eSGlenn Barry gss_buffer_set_t *ad_data); 824ba7b222eSGlenn Barry 825ba7b222eSGlenn Barry #define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11 826ba7b222eSGlenn Barry #define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b" 827ba7b222eSGlenn Barry 828ba7b222eSGlenn Barry OM_uint32 829ba7b222eSGlenn Barry gss_krb5int_set_cred_rcache(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss_buffer_t); 830ba7b222eSGlenn Barry 831ba7b222eSGlenn Barry #define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11 832ba7b222eSGlenn Barry #define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c" 833ba7b222eSGlenn Barry 834ba7b222eSGlenn Barry OM_uint32 835ba7b222eSGlenn Barry gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *, 836ba7b222eSGlenn Barry const gss_ctx_id_t, 837ba7b222eSGlenn Barry const gss_OID, 838ba7b222eSGlenn Barry gss_buffer_set_t *); 839ba7b222eSGlenn Barry #endif /* _KERNEL */ 840ba7b222eSGlenn Barry 8415e01956fSGlenn Barry OM_uint32 gss_krb5int_initialize_library(void); 8425e01956fSGlenn Barry void gss_krb5int_cleanup_library(void); 8435e01956fSGlenn Barry 844ba7b222eSGlenn Barry /* For error message handling. */ 845ba7b222eSGlenn Barry /* Returns a shared string, not a private copy! */ 846ba7b222eSGlenn Barry extern char * 847ba7b222eSGlenn Barry krb5_gss_get_error_message(OM_uint32 minor_code); 848ba7b222eSGlenn Barry extern void 849ba7b222eSGlenn Barry krb5_gss_save_error_string(OM_uint32 minor_code, char *msg); 850ba7b222eSGlenn Barry extern void 851ba7b222eSGlenn Barry krb5_gss_save_error_message(OM_uint32 minor_code, const char *format, ...) 852ba7b222eSGlenn Barry #if !defined(__cplusplus) && (__GNUC__ > 2) 853ba7b222eSGlenn Barry __attribute__((__format__(__printf__, 2, 3))) 854ba7b222eSGlenn Barry #endif 855ba7b222eSGlenn Barry ; 856ba7b222eSGlenn Barry extern void 857ba7b222eSGlenn Barry krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx); 858ba7b222eSGlenn Barry #define get_error_message krb5_gss_get_error_message 859ba7b222eSGlenn Barry #define save_error_string krb5_gss_save_error_string 860ba7b222eSGlenn Barry #define save_error_message krb5_gss_save_error_message 861ba7b222eSGlenn Barry 862ba7b222eSGlenn Barry 8635e01956fSGlenn Barry /* Solaris Kerberos */ 8645e01956fSGlenn Barry #ifdef _KERNEL 8655e01956fSGlenn Barry #define save_error_info(m, ctx) 8665e01956fSGlenn Barry #else 867ba7b222eSGlenn Barry #define save_error_info krb5_gss_save_error_info 868ba7b222eSGlenn Barry #endif 869ba7b222eSGlenn Barry 870ba7b222eSGlenn Barry extern void krb5_gss_delete_error_info(void *p); 871ba7b222eSGlenn Barry 872ba7b222eSGlenn Barry /* Prefix concatenated with Kerberos encryption type */ 873ba7b222eSGlenn Barry #define GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH 10 874ba7b222eSGlenn Barry #define GSS_KRB5_SESSION_KEY_ENCTYPE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04" 875ba7b222eSGlenn Barry 876ab9b2e15Sgtb #endif /* _GSSAPIP_KRB5_H_ */ 877