1 /* 2 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * Copyright 2000 by the Massachusetts Institute of Technology. 8 * All Rights Reserved. 9 * 10 * Export of this software from the United States of America may 11 * require a specific license from the United States Government. 12 * It is the responsibility of any person or organization contemplating 13 * export to obtain such a license before exporting. 14 * 15 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 16 * distribute this software and its documentation for any purpose and 17 * without fee is hereby granted, provided that the above copyright 18 * notice appear in all copies and that both that copyright notice and 19 * this permission notice appear in supporting documentation, and that 20 * the name of M.I.T. not be used in advertising or publicity pertaining 21 * to distribution of the software without specific, written prior 22 * permission. Furthermore if you modify this software you must label 23 * your software as modified software and not distribute it in such a 24 * fashion that it might be confused with the original M.I.T. software. 25 * M.I.T. makes no representations about the suitability of 26 * this software for any purpose. It is provided "as is" without express 27 * or implied warranty. 28 * 29 */ 30 /* 31 * Copyright 1993 by OpenVision Technologies, Inc. 32 * 33 * Permission to use, copy, modify, distribute, and sell this software 34 * and its documentation for any purpose is hereby granted without fee, 35 * provided that the above copyright notice appears in all copies and 36 * that both that copyright notice and this permission notice appear in 37 * supporting documentation, and that the name of OpenVision not be used 38 * in advertising or publicity pertaining to distribution of the software 39 * without specific, written prior permission. OpenVision makes no 40 * representations about the suitability of this software for any 41 * purpose. It is provided "as is" without express or implied warranty. 42 * 43 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 44 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 45 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 46 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 47 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 48 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 49 * PERFORMANCE OF THIS SOFTWARE. 50 * 51 */ 52 53 #ifndef _GSSAPIP_KRB5_H 54 #define _GSSAPIP_KRB5_H 55 56 #pragma ident "%Z%%M% %I% %E% SMI" 57 58 /* 59 * $Id: gssapiP_krb5.h,v 1.40.6.2 2000/05/31 17:17:38 raeburn Exp $ 60 */ 61 62 #include <mechglueP.h> 63 #include <krb5.h> 64 #ifndef _KERNEL 65 #include <memory.h> 66 #endif 67 68 /* 69 * Solaris defines the minor() and major() macros for device numbers. 70 * Undefine them here so we don't cause confusion for the minor 71 * and major error numbers. 72 */ 73 #ifdef major 74 #undef major 75 #endif 76 #ifdef minor 77 #undef minor 78 #endif 79 80 #include "gssapiP_generic.h" 81 82 #ifndef _KERNEL 83 #ifdef DEBUG_ON 84 85 #define dprintf(a) printf(a) 86 #define dprintf1(a, b) printf(a, b) 87 88 #else 89 90 #define dprintf(a) 91 #define dprintf1(a, b) 92 #define DUMMY_STATIC 93 94 #endif /* DEBUG_ON */ 95 96 #else /* _KERNEL */ 97 98 #define dprintf(a) KRB5_LOG0(KRB5_INFO, a) 99 #define dprintf1(a, b) KRB5_LOG(KRB5_INFO, a, b) 100 #define DUMMY_STATIC static 101 102 #endif /* _KERNEL */ 103 104 /* The include of gssapi_krb5.h will dtrt with the above #defines in 105 * effect. 106 */ 107 108 #include <gssapi_krb5.h> 109 #include <gssapi_err_krb5.h> 110 #include <sys/systm.h> 111 112 /** constants **/ 113 114 #define CKSUMTYPE_KG_CB 0x8003 115 116 #define KG_TOK_CTX_AP_REQ 0x0100 117 #define KG_TOK_CTX_AP_REP 0x0200 118 #define KG_TOK_CTX_ERROR 0x0300 119 #define KG_TOK_SIGN_MSG 0x0101 120 #define KG_TOK_SEAL_MSG 0x0201 121 #define KG_TOK_MIC_MSG 0x0101 122 #define KG_TOK_WRAP_MSG 0x0201 123 #define KG_TOK_DEL_CTX 0x0102 124 125 #define KG2_TOK_INITIAL 0x0101 126 #define KG2_TOK_RESPONSE 0x0202 127 #define KG2_TOK_MIC 0x0303 128 #define KG2_TOK_WRAP_INTEG 0x0404 129 #define KG2_TOK_WRAP_PRIV 0x0505 130 131 #define KRB5_GSS_FOR_CREDS_OPTION 1 132 133 #define KG2_RESP_FLAG_ERROR 0x0001 134 #define KG2_RESP_FLAG_DELEG_OK 0x0002 135 136 /* These are to be stored in little-endian order, i.e., des-mac is 137 stored as 02 00. */ 138 enum sgn_alg { 139 SGN_ALG_DES_MAC_MD5 = 0x0000, 140 SGN_ALG_MD2_5 = 0x0001, 141 SGN_ALG_DES_MAC = 0x0002, 142 SGN_ALG_3 = 0x0003, /* not published */ 143 SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; no support */ 144 SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 145 }; 146 enum seal_alg { 147 SEAL_ALG_NONE = 0xffff, 148 SEAL_ALG_DES = 0x0000, 149 SEAL_ALG_1 = 0x0001, /* not published */ 150 SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; no support */ 151 SEAL_ALG_DES3KD = 0x0002 152 }; 153 154 /* for 3DES */ 155 #define KG_USAGE_SEAL 22 156 #define KG_USAGE_SIGN 23 157 #define KG_USAGE_SEQ 24 158 159 /* for draft-ietf-krb-wg-gssapi-cfx-01 */ 160 #define KG_USAGE_ACCEPTOR_SEAL 22 161 #define KG_USAGE_ACCEPTOR_SIGN 23 162 #define KG_USAGE_INITIATOR_SEAL 24 163 #define KG_USAGE_INITIATOR_SIGN 25 164 165 enum qop { 166 GSS_KRB5_INTEG_C_QOP_MD5 = 0x0001, /* *partial* MD5 = "MD2.5" */ 167 GSS_KRB5_INTEG_C_QOP_DES_MD5 = 0x0002, 168 GSS_KRB5_INTEG_C_QOP_DES_MAC = 0x0003, 169 GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004, 170 GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff, 171 GSS_KRB5_CONF_C_QOP_DES = 0x0100, 172 GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, 173 GSS_KRB5_CONF_C_QOP_MASK = 0xff00 174 }; 175 176 /** internal types **/ 177 178 typedef krb5_principal krb5_gss_name_t; 179 180 typedef struct _krb5_gss_cred_id_rec { 181 /* name/type of credential */ 182 gss_cred_usage_t usage; 183 krb5_principal princ; /* this is not interned as a gss_name_t */ 184 const gss_OID_set_desc *actual_mechs; 185 int prerfc_mech; /* these are a cache of the set above */ 186 int rfc_mech; 187 188 /* keytab (accept) data */ 189 krb5_keytab keytab; 190 krb5_rcache rcache; 191 192 /* ccache (init) data */ 193 krb5_ccache ccache; 194 krb5_timestamp tgt_expire; 195 } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; 196 197 typedef struct _krb5_gss_ctx_id_rec { 198 unsigned int initiate : 1; /* nonzero if initiating, zero if accepting */ 199 unsigned int established : 1; 200 unsigned int big_endian : 1; 201 unsigned int have_acceptor_subkey : 1; 202 unsigned int seed_init : 1; /* XXX tested but never actually set */ 203 #ifdef CFX_EXERCISE 204 unsigned int testing_unknown_tokid : 1; /* for testing only */ 205 #endif 206 OM_uint32 gss_flags; 207 unsigned char seed[16]; 208 krb5_principal here; 209 krb5_principal there; 210 krb5_keyblock *subkey; 211 int signalg; 212 size_t cksum_size; 213 int sealalg; 214 krb5_keyblock *enc; 215 krb5_keyblock *seq; 216 krb5_timestamp endtime; 217 krb5_flags krb_flags; 218 /* XXX these used to be signed. the old spec is inspecific, and 219 the new spec specifies unsigned. I don't believe that the change 220 affects the wire encoding. */ 221 gssint_uint64 seq_send; 222 gssint_uint64 seq_recv; 223 void *seqstate; 224 krb5_auth_context auth_context; 225 /* 226 * SOLARIS KERBEROS: 227 * MIT uses a 'gss_OID_desc *' here, we do not use the pointer. 228 */ 229 gss_OID_desc mech_used; 230 /* Protocol spec revision 231 0 => RFC 1964 with 3DES and RC4 enhancements 232 1 => draft-ietf-krb-wg-gssapi-cfx-01 233 No others defined so far. */ 234 int proto; 235 krb5_cksumtype cksumtype; /* for "main" subkey */ 236 krb5_keyblock *acceptor_subkey; /* CFX only */ 237 krb5_cksumtype acceptor_subkey_cksumtype; 238 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t; 239 240 extern void *kg_vdb; 241 242 extern krb5_context kg_context; 243 #ifdef _KERNEL 244 extern kmutex_t krb5_mutex; 245 #else 246 extern mutex_t krb5_mutex; 247 #endif 248 249 /* helper macros */ 250 251 #define kg_save_name(name) g_save_name(&kg_vdb,name) 252 #define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred) 253 #define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx) 254 255 #define kg_validate_name(name) g_validate_name(&kg_vdb,name) 256 #define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred) 257 #define kg_validate_ctx_id(ctx) g_validate_ctx_id(&kg_vdb,ctx) 258 259 #define kg_delete_name(name) g_delete_name(&kg_vdb,name) 260 #define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred) 261 #define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx) 262 263 /** helper functions **/ 264 265 OM_uint32 kg_get_defcred ( 266 OM_uint32 *minor_status, 267 gss_cred_id_t *cred); 268 269 OM_uint32 kg_release_defcred (OM_uint32 *minor_status); 270 271 krb5_error_code kg_checksum_channel_bindings ( 272 krb5_context context, gss_channel_bindings_t cb, 273 krb5_checksum *cksum, 274 int bigend); 275 276 krb5_error_code kg_make_seq_num ( 277 krb5_context context, 278 krb5_keyblock *key, 279 int direction, 280 krb5_ui_4 seqnum, 281 unsigned char *cksum, 282 unsigned char *buf); 283 284 krb5_error_code kg_get_seq_num ( 285 krb5_context context, 286 krb5_keyblock *key, 287 unsigned char *cksum, 288 unsigned char *buf, 289 int *direction, 290 krb5_ui_4 *seqnum); 291 292 krb5_error_code kg_make_seed ( 293 krb5_context context, 294 krb5_keyblock *key, 295 unsigned char *seed); 296 297 int kg_confounder_size (krb5_context context, krb5_keyblock *key); 298 299 krb5_error_code kg_make_confounder (krb5_context context, 300 krb5_keyblock *key, unsigned char *buf); 301 302 int kg_encrypt_size ( 303 krb5_context context, 304 krb5_keyblock *key, 305 int n); 306 307 krb5_error_code kg_encrypt ( 308 krb5_context context, 309 krb5_keyblock *key, 310 int usage, 311 krb5_pointer iv, 312 krb5_pointer in, 313 krb5_pointer out, 314 int length); 315 316 krb5_error_code 317 kg_arcfour_docrypt (krb5_context, 318 const krb5_keyblock *longterm_key , int ms_usage, 319 const unsigned char *kd_data, size_t kd_data_len, 320 const unsigned char *input_buf, size_t input_len, 321 unsigned char *output_buf); 322 323 krb5_error_code kg_decrypt (krb5_context context, 324 krb5_keyblock *key, 325 int usage, 326 krb5_pointer iv, 327 krb5_pointer in, 328 krb5_pointer out, 329 int length); 330 331 OM_uint32 kg_seal ( 332 krb5_context context, 333 OM_uint32 *minor_status, 334 gss_ctx_id_t context_handle, 335 int conf_req_flag, 336 int qop_req, 337 gss_buffer_t input_message_buffer, 338 int *conf_state, 339 gss_buffer_t output_message_buffer, 340 int toktype); 341 342 OM_uint32 kg_unseal ( 343 krb5_context context, 344 OM_uint32 *minor_status, 345 gss_ctx_id_t context_handle, 346 gss_buffer_t input_token_buffer, 347 gss_buffer_t message_buffer, 348 int *conf_state, 349 int *qop_state, 350 int toktype); 351 352 OM_uint32 kg_seal_size ( 353 krb5_context context, 354 OM_uint32 *minor_status, 355 gss_ctx_id_t context_handle, 356 int conf_req_flag, 357 gss_qop_t qop_req, 358 OM_uint32 output_size, 359 OM_uint32 *input_size); 360 361 krb5_error_code kg_ctx_size ( 362 krb5_context kcontext, 363 krb5_pointer arg, 364 size_t *sizep); 365 366 krb5_error_code kg_ctx_externalize ( 367 krb5_context kcontext, 368 krb5_pointer arg, 369 krb5_octet **buffer, 370 size_t *lenremain); 371 372 krb5_error_code kg_ctx_internalize ( 373 krb5_context kcontext, 374 krb5_pointer *argp, 375 krb5_octet **buffer, 376 size_t *lenremain); 377 378 OM_uint32 kg_get_context ( 379 OM_uint32 *minor_status, 380 krb5_context *context); 381 382 OM_uint32 kg_sync_ccache_name (OM_uint32 *minor_status); 383 384 OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, 385 const char **out_name); 386 387 OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status, 388 const char *name); 389 390 struct kg2_option { 391 int option_id; /* set by caller */ 392 int length; /* filled in by parser */ 393 unsigned char *data; /* filled in by parser. points inside 394 passed-in token, so nothing needs to 395 be freed */ 396 }; 397 398 OM_uint32 399 kg2_parse_token (OM_uint32 *minor_status, 400 unsigned char *ptr, 401 int length, 402 krb5_ui_4 *flags, 403 int *nctypes, /* OUT */ 404 krb5_cksumtype **ctypes, /* OUT */ 405 int noptions, 406 struct kg2_option *options, /* INOUT */ 407 krb5_data *kmsg, 408 krb5_data *mic); 409 410 void kg2_intersect_ctypes (int *nc1, 411 krb5_cksumtype *c1, 412 int nc2, 413 const krb5_cksumtype *c2); 414 415 /** declarations of internal name mechanism functions **/ 416 417 OM_uint32 krb5_gss_acquire_cred ( 418 void *, /* krb5 context */ 419 OM_uint32*, /* minor_status */ 420 gss_name_t, /* desired_name */ 421 OM_uint32, /* time_req */ 422 gss_OID_set, /* desired_mechs */ 423 gss_cred_usage_t, /* cred_usage */ 424 gss_cred_id_t*, /* output_cred_handle */ 425 gss_OID_set*, /* actual_mechs */ 426 OM_uint32* /* time_rec */ 427 ); 428 429 OM_uint32 krb5_gss_acquire_cred_no_lock ( 430 void *, /* krb5 context */ 431 OM_uint32*, /* minor_status */ 432 gss_name_t, /* desired_name */ 433 OM_uint32, /* time_req */ 434 gss_OID_set, /* desired_mechs */ 435 gss_cred_usage_t, /* cred_usage */ 436 gss_cred_id_t*, /* output_cred_handle */ 437 gss_OID_set*, /* actual_mechs */ 438 OM_uint32* /* time_rec */ 439 ); 440 441 OM_uint32 krb5_gss_release_cred ( 442 void *, /* krb5 context */ 443 OM_uint32*, /* minor_status */ 444 gss_cred_id_t* /* cred_handle */ 445 ); 446 447 OM_uint32 krb5_gss_release_cred_no_lock ( 448 void *, /* krb5 context */ 449 OM_uint32*, /* minor_status */ 450 gss_cred_id_t* /* cred_handle */ 451 ); 452 453 OM_uint32 krb5_gss_store_cred ( 454 void *, /* krb5 context */ 455 OM_uint32 *, /* minor_status */ 456 const gss_cred_id_t, /* input_cred */ 457 gss_cred_usage_t, /* cred_usage */ 458 const gss_OID, /* desired_mech */ 459 OM_uint32, /* overwrite_cred */ 460 OM_uint32, /* default_cred */ 461 gss_OID_set *, /* elements_stored */ 462 gss_cred_usage_t * /* cred_usage_stored */ 463 ); 464 465 OM_uint32 krb5_gss_store_cred_no_lock ( 466 void *, /* krb5 context */ 467 OM_uint32 *, /* minor_status */ 468 const gss_cred_id_t, /* input_cred */ 469 gss_cred_usage_t, /* cred_usage */ 470 const gss_OID, /* desired_mech */ 471 OM_uint32, /* overwrite_cred */ 472 OM_uint32, /* default_cred */ 473 gss_OID_set *, /* elements_stored */ 474 gss_cred_usage_t * /* cred_usage_stored */ 475 ); 476 477 OM_uint32 krb5_gss_init_sec_context ( 478 void *, /* krb5 context */ 479 OM_uint32*, /* minor_status */ 480 gss_cred_id_t, /* claimant_cred_handle */ 481 gss_ctx_id_t*, /* context_handle */ 482 gss_name_t, /* target_name */ 483 gss_OID, /* mech_type */ 484 OM_uint32, /* req_flags */ 485 OM_uint32, /* time_req */ 486 gss_channel_bindings_t, 487 /* input_chan_bindings */ 488 gss_buffer_t, /* input_token */ 489 gss_OID*, /* actual_mech_type */ 490 gss_buffer_t, /* output_token */ 491 OM_uint32*, /* ret_flags */ 492 OM_uint32* /* time_rec */ 493 ); 494 495 OM_uint32 krb5_gss_accept_sec_context ( 496 void *, /* krb5 context */ 497 OM_uint32*, /* minor_status */ 498 gss_ctx_id_t*, /* context_handle */ 499 gss_cred_id_t, /* verifier_cred_handle */ 500 gss_buffer_t, /* input_token_buffer */ 501 gss_channel_bindings_t, 502 /* input_chan_bindings */ 503 gss_name_t*, /* src_name */ 504 gss_OID*, /* mech_type */ 505 gss_buffer_t, /* output_token */ 506 OM_uint32*, /* ret_flags */ 507 OM_uint32*, /* time_rec */ 508 gss_cred_id_t* /* delegated_cred_handle */ 509 ); 510 511 OM_uint32 krb5_gss_process_context_token ( 512 void *, /* krb5 context */ 513 OM_uint32*, /* minor_status */ 514 gss_ctx_id_t, /* context_handle */ 515 gss_buffer_t /* token_buffer */ 516 ); 517 518 OM_uint32 krb5_gss_delete_sec_context ( 519 void *, /* krb5 context */ 520 OM_uint32*, /* minor_status */ 521 gss_ctx_id_t*, /* context_handle */ 522 gss_buffer_t /* output_token */ 523 #ifdef _KERNEL 524 /* */, OM_uint32 /* context verifier */ 525 #endif 526 ); 527 528 OM_uint32 krb5_gss_delete_sec_context_no_lock ( 529 void *, /* krb5 context */ 530 OM_uint32*, /* minor_status */ 531 gss_ctx_id_t*, /* context_handle */ 532 gss_buffer_t /* output_token */ 533 #ifdef _KERNEL 534 /* */, OM_uint32 /* context verifier */ 535 #endif 536 ); 537 538 OM_uint32 krb5_gss_context_time ( 539 void *, /* krb5 context */ 540 OM_uint32*, /* minor_status */ 541 gss_ctx_id_t, /* context_handle */ 542 OM_uint32* /* time_rec */ 543 ); 544 545 OM_uint32 krb5_gss_sign ( 546 void *, /* krb5 context */ 547 OM_uint32*, /* minor_status */ 548 gss_ctx_id_t, /* context_handle */ 549 int, /* qop_req */ 550 gss_buffer_t, /* message_buffer */ 551 gss_buffer_t /* message_token */ 552 #ifdef _KERNEL 553 /* */, OM_uint32 /* context verifier */ 554 #endif 555 ); 556 557 OM_uint32 krb5_gss_verify ( 558 void *, /* krb5 context */ 559 OM_uint32*, /* minor_status */ 560 gss_ctx_id_t, /* context_handle */ 561 gss_buffer_t, /* message_buffer */ 562 gss_buffer_t, /* token_buffer */ 563 int* /* qop_state */ 564 #ifdef _KERNEL 565 /* */, OM_uint32 /* context verifier */ 566 #endif 567 ); 568 569 /* EXPORT DELETE START */ 570 OM_uint32 krb5_gss_seal ( 571 void *, /* krb5 context */ 572 OM_uint32*, /* minor_status */ 573 gss_ctx_id_t, /* context_handle */ 574 int, /* conf_req_flag */ 575 int, /* qop_req */ 576 gss_buffer_t, /* input_message_buffer */ 577 int*, /* conf_state */ 578 gss_buffer_t /* output_message_buffer */ 579 #ifdef _KERNEL 580 /* */, OM_uint32 /* context verifier */ 581 #endif 582 ); 583 584 OM_uint32 krb5_gss_unseal ( 585 void *, /* krb5 context */ 586 OM_uint32*, /* minor_status */ 587 gss_ctx_id_t, /* context_handle */ 588 gss_buffer_t, /* input_message_buffer */ 589 gss_buffer_t, /* output_message_buffer */ 590 int*, /* conf_state */ 591 int* /* qop_state */ 592 #ifdef _KERNEL 593 /* */, OM_uint32 /* context verifier */ 594 #endif 595 ); 596 /* EXPORT DELETE END */ 597 598 OM_uint32 krb5_gss_display_status ( 599 void *, /* krb5 context */ 600 OM_uint32*, /* minor_status */ 601 OM_uint32, /* status_value */ 602 int, /* status_type */ 603 gss_OID, /* mech_type */ 604 OM_uint32*, /* message_context */ 605 gss_buffer_t /* status_string */ 606 ); 607 608 OM_uint32 krb5_gss_indicate_mechs ( 609 void *, /* krb5 context */ 610 OM_uint32*, /* minor_status */ 611 gss_OID_set* /* mech_set */ 612 ); 613 614 OM_uint32 krb5_gss_compare_name ( 615 void *, /* krb5 context */ 616 OM_uint32*, /* minor_status */ 617 gss_name_t, /* name1 */ 618 gss_name_t, /* name2 */ 619 int* /* name_equal */ 620 ); 621 622 OM_uint32 krb5_gss_display_name ( 623 void *, /* krb5 context */ 624 OM_uint32*, /* minor_status */ 625 gss_name_t, /* input_name */ 626 gss_buffer_t, /* output_name_buffer */ 627 gss_OID* /* output_name_type */ 628 ); 629 630 OM_uint32 krb5_gss_import_name ( 631 void *, /* krb5 context */ 632 OM_uint32*, /* minor_status */ 633 gss_buffer_t, /* input_name_buffer */ 634 gss_OID, /* input_name_type */ 635 gss_name_t* /* output_name */ 636 ); 637 638 OM_uint32 krb5_gss_release_name ( 639 void *, /* krb5 context */ 640 OM_uint32*, /* minor_status */ 641 gss_name_t* /* input_name */ 642 ); 643 644 OM_uint32 krb5_gss_release_name_no_lock ( 645 void *, /* krb5 context */ 646 OM_uint32*, /* minor_status */ 647 gss_name_t* /* input_name */ 648 ); 649 650 OM_uint32 krb5_gss_inquire_cred ( 651 void *, /* krb5 context */ 652 OM_uint32 *, /* minor_status */ 653 gss_cred_id_t, /* cred_handle */ 654 gss_name_t *, /* name */ 655 OM_uint32 *, /* lifetime */ 656 gss_cred_usage_t*,/* cred_usage */ 657 gss_OID_set * /* mechanisms */ 658 ); 659 660 OM_uint32 krb5_gss_inquire_cred_no_lock ( 661 void *, /* krb5 context */ 662 OM_uint32 *, /* minor_status */ 663 gss_cred_id_t, /* cred_handle */ 664 gss_name_t *, /* name */ 665 OM_uint32 *, /* lifetime */ 666 gss_cred_usage_t*,/* cred_usage */ 667 gss_OID_set * /* mechanisms */ 668 ); 669 670 OM_uint32 krb5_gss_inquire_context ( 671 void *, /* krb5 context */ 672 OM_uint32*, /* minor_status */ 673 gss_ctx_id_t, /* context_handle */ 674 gss_name_t*, /* initiator_name */ 675 gss_name_t*, /* acceptor_name */ 676 OM_uint32*, /* lifetime_rec */ 677 gss_OID*, /* mech_type */ 678 OM_uint32*, /* ret_flags */ 679 int*, /* locally_initiated */ 680 int* /* open */ 681 ); 682 683 /* New V2 entry points */ 684 OM_uint32 krb5_gss_get_mic ( 685 void *, /* krb5 context */ 686 OM_uint32 *, /* minor_status */ 687 gss_ctx_id_t, /* context_handle */ 688 gss_qop_t, /* qop_req */ 689 gss_buffer_t, /* message_buffer */ 690 gss_buffer_t /* message_token */ 691 ); 692 693 OM_uint32 krb5_gss_verify_mic ( 694 void *, /* krb5 context */ 695 OM_uint32 *, /* minor_status */ 696 gss_ctx_id_t, /* context_handle */ 697 gss_buffer_t, /* message_buffer */ 698 gss_buffer_t, /* message_token */ 699 gss_qop_t * /* qop_state */ 700 ); 701 702 OM_uint32 krb5_gss_wrap ( 703 void *, /* krb5 context */ 704 OM_uint32 *, /* minor_status */ 705 gss_ctx_id_t, /* context_handle */ 706 int, /* conf_req_flag */ 707 gss_qop_t, /* qop_req */ 708 gss_buffer_t, /* input_message_buffer */ 709 int *, /* conf_state */ 710 gss_buffer_t /* output_message_buffer */ 711 ); 712 713 OM_uint32 krb5_gss_unwrap ( 714 void *, /* krb5 context */ 715 OM_uint32 *, /* minor_status */ 716 gss_ctx_id_t, /* context_handle */ 717 gss_buffer_t, /* input_message_buffer */ 718 gss_buffer_t, /* output_message_buffer */ 719 int *, /* conf_state */ 720 gss_qop_t * /* qop_state */ 721 ); 722 723 OM_uint32 krb5_gss_wrap_size_limit ( 724 void *, /* krb5 context */ 725 OM_uint32 *, /* minor_status */ 726 gss_ctx_id_t, /* context_handle */ 727 int, /* conf_req_flag */ 728 gss_qop_t, /* qop_req */ 729 OM_uint32, /* req_output_size */ 730 OM_uint32 * /* max_input_size */ 731 ); 732 733 OM_uint32 krb5_gss_add_cred ( 734 void *, /* krb5 context */ 735 OM_uint32 *, /* minor_status */ 736 gss_cred_id_t, /* input_cred_handle */ 737 gss_name_t, /* desired_name */ 738 gss_OID, /* desired_mech */ 739 gss_cred_usage_t, /* cred_usage */ 740 OM_uint32, /* initiator_time_req */ 741 OM_uint32, /* acceptor_time_req */ 742 gss_cred_id_t *, /* output_cred_handle */ 743 gss_OID_set *, /* actual_mechs */ 744 OM_uint32 *, /* initiator_time_rec */ 745 OM_uint32 * /* acceptor_time_rec */ 746 ); 747 748 OM_uint32 krb5_gss_inquire_cred_by_mech ( 749 void *, /* krb5 context */ 750 OM_uint32 *, /* minor_status */ 751 gss_cred_id_t, /* cred_handle */ 752 gss_OID, /* mech_type */ 753 gss_name_t *, /* name */ 754 OM_uint32 *, /* initiator_lifetime */ 755 OM_uint32 *, /* acceptor_lifetime */ 756 gss_cred_usage_t * /* cred_usage */ 757 ); 758 759 OM_uint32 krb5_gss_export_sec_context ( 760 void *, /* krb5 context */ 761 OM_uint32 *, /* minor_status */ 762 gss_ctx_id_t *, /* context_handle */ 763 gss_buffer_t /* interprocess_token */ 764 ); 765 766 OM_uint32 krb5_gss_import_sec_context( 767 void *, /* krb5 context */ 768 OM_uint32 *, /* minor_status */ 769 gss_buffer_t, /* interprocess_token */ 770 gss_ctx_id_t * /* context_handle */ 771 ); 772 773 OM_uint32 krb5_gss_internal_release_oid ( 774 void *, /* krb5 context */ 775 OM_uint32 *, /* minor_status */ 776 gss_OID * /* oid */ 777 ); 778 779 OM_uint32 krb5_gss_inquire_names_for_mech ( 780 void *, /* krb5 context */ 781 OM_uint32 *, /* minor_status */ 782 gss_OID, /* mechanism */ 783 gss_OID_set * /* name_types */ 784 ); 785 786 OM_uint32 krb5_pname_to_uid( 787 void *, /* krb5 context */ 788 OM_uint32 *, /* minor status */ 789 const gss_name_t, /* pname */ 790 uid_t * /* uidOUt */ 791 ); 792 793 OM_uint32 krb5_gss_userok( 794 void *, /* krb5 context */ 795 OM_uint32 *, /* minor status */ 796 const gss_name_t, /* remote user principal name */ 797 const char *, /* local unix user name */ 798 int * /* remote user ok to login w/out pw? */ 799 ); 800 801 /* Solaris Kerberos: use gss_canonicalize_name() from /usr/src/lib/libgss 802 * or define a wrapper in mechglue 803 */ 804 #if 0 805 OM_uint32 krb5_gss_canonicalize_name 806 (OM_uint32 *, /* minor_status */ 807 const gss_name_t, /* input_name */ 808 const gss_OID, /* mech_type */ 809 gss_name_t * /* output_name */ 810 ); 811 #endif 812 813 OM_uint32 krb5_gss_export_name ( 814 OM_uint32 *, /* minor_status */ 815 const gss_name_t, /* input_name */ 816 gss_buffer_t /* exported_name */ 817 ); 818 819 OM_uint32 krb5_gss_duplicate_name ( 820 OM_uint32 *, /* minor_status */ 821 const gss_name_t, /* input_name */ 822 gss_name_t * /* dest_name */ 823 ); 824 825 OM_uint32 krb5_gss_validate_cred ( 826 void *, /* krb5 context */ 827 OM_uint32 *, /* minor_status */ 828 gss_cred_id_t /* cred */ 829 ); 830 831 OM_uint32 krb5_gss_validate_cred_no_lock ( 832 void *, /* krb5 context */ 833 OM_uint32 *, /* minor_status */ 834 gss_cred_id_t /* cred */ 835 ); 836 837 gss_OID_desc krb5_gss_convert_static_mech_oid ( 838 gss_OID oid 839 ); 840 841 krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context, 842 krb5_gss_ctx_id_rec *, 843 const gss_buffer_desc *, 844 gss_buffer_t, 845 int, int 846 ); 847 848 OM_uint32 849 gss_krb5int_unseal_token_v3(krb5_context, 850 OM_uint32 *, 851 krb5_gss_ctx_id_rec *, 852 unsigned char *, 853 int bodysize, 854 gss_buffer_t message_buffer, 855 int *conf_state, 856 int *qop_state, 857 int toktype); 858 859 #endif /* _GSSAPIP_KRB5_H */ 860