1 /* 2 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * Copyright 2000 by the Massachusetts Institute of Technology. 10 * All Rights Reserved. 11 * 12 * Export of this software from the United States of America may 13 * require a specific license from the United States Government. 14 * It is the responsibility of any person or organization contemplating 15 * export to obtain such a license before exporting. 16 * 17 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 18 * distribute this software and its documentation for any purpose and 19 * without fee is hereby granted, provided that the above copyright 20 * notice appear in all copies and that both that copyright notice and 21 * this permission notice appear in supporting documentation, and that 22 * the name of M.I.T. not be used in advertising or publicity pertaining 23 * to distribution of the software without specific, written prior 24 * permission. Furthermore if you modify this software you must label 25 * your software as modified software and not distribute it in such a 26 * fashion that it might be confused with the original M.I.T. software. 27 * M.I.T. makes no representations about the suitability of 28 * this software for any purpose. It is provided "as is" without express 29 * or implied warranty. 30 * 31 */ 32 /* 33 * Copyright 1993 by OpenVision Technologies, Inc. 34 * 35 * Permission to use, copy, modify, distribute, and sell this software 36 * and its documentation for any purpose is hereby granted without fee, 37 * provided that the above copyright notice appears in all copies and 38 * that both that copyright notice and this permission notice appear in 39 * supporting documentation, and that the name of OpenVision not be used 40 * in advertising or publicity pertaining to distribution of the software 41 * without specific, written prior permission. OpenVision makes no 42 * representations about the suitability of this software for any 43 * purpose. It is provided "as is" without express or implied warranty. 44 * 45 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 46 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 47 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 48 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 49 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 50 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 51 * PERFORMANCE OF THIS SOFTWARE. 52 */ 53 54 #ifndef _GSSAPIP_KRB5_H_ 55 #define _GSSAPIP_KRB5_H_ 56 57 #include <k5-int.h> 58 59 #ifdef HAVE_MEMORY_H 60 #include <memory.h> 61 #endif 62 63 /* work around sunos braindamage */ 64 #ifdef major 65 #undef major 66 #endif 67 #ifdef minor 68 #undef minor 69 #endif 70 71 #include "gssapiP_generic.h" 72 73 /* The include of gssapi_krb5.h will dtrt with the above #defines in 74 * effect. 75 */ 76 #include "gssapi_krb5.h" 77 #include "gssapi_err_krb5.h" 78 79 /* for debugging */ 80 #undef CFX_EXERCISE 81 82 /** constants **/ 83 84 #define GSS_MECH_KRB5_OID_LENGTH 9 85 #define GSS_MECH_KRB5_OID "\052\206\110\206\367\022\001\002\002" 86 87 #define GSS_MECH_KRB5_OLD_OID_LENGTH 5 88 #define GSS_MECH_KRB5_OLD_OID "\053\005\001\005\002" 89 90 /* Incorrect krb5 mech OID emitted by MS. */ 91 #define GSS_MECH_KRB5_WRONG_OID_LENGTH 9 92 #define GSS_MECH_KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002" 93 94 95 #define CKSUMTYPE_KG_CB 0x8003 96 97 #define KG_TOK_CTX_AP_REQ 0x0100 98 #define KG_TOK_CTX_AP_REP 0x0200 99 #define KG_TOK_CTX_ERROR 0x0300 100 #define KG_TOK_SIGN_MSG 0x0101 101 #define KG_TOK_SEAL_MSG 0x0201 102 #define KG_TOK_MIC_MSG 0x0101 103 #define KG_TOK_WRAP_MSG 0x0201 104 #define KG_TOK_DEL_CTX 0x0102 105 106 #define KG2_TOK_INITIAL 0x0101 107 #define KG2_TOK_RESPONSE 0x0202 108 #define KG2_TOK_MIC 0x0303 109 #define KG2_TOK_WRAP_INTEG 0x0404 110 #define KG2_TOK_WRAP_PRIV 0x0505 111 112 #define KRB5_GSS_FOR_CREDS_OPTION 1 113 114 #define KG2_RESP_FLAG_ERROR 0x0001 115 #define KG2_RESP_FLAG_DELEG_OK 0x0002 116 117 /* These are to be stored in little-endian order, i.e., des-mac is 118 stored as 02 00. */ 119 enum sgn_alg { 120 SGN_ALG_DES_MAC_MD5 = 0x0000, 121 SGN_ALG_MD2_5 = 0x0001, 122 SGN_ALG_DES_MAC = 0x0002, 123 SGN_ALG_3 = 0x0003, /* not published */ 124 SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */ 125 SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 126 }; 127 enum seal_alg { 128 SEAL_ALG_NONE = 0xffff, 129 SEAL_ALG_DES = 0x0000, 130 SEAL_ALG_1 = 0x0001, /* not published */ 131 SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */ 132 SEAL_ALG_DES3KD = 0x0002 133 }; 134 135 /* for 3DES */ 136 #define KG_USAGE_SEAL 22 137 #define KG_USAGE_SIGN 23 138 #define KG_USAGE_SEQ 24 139 140 /* for draft-ietf-krb-wg-gssapi-cfx-01 */ 141 #define KG_USAGE_ACCEPTOR_SEAL 22 142 #define KG_USAGE_ACCEPTOR_SIGN 23 143 #define KG_USAGE_INITIATOR_SEAL 24 144 #define KG_USAGE_INITIATOR_SIGN 25 145 146 enum qop { 147 GSS_KRB5_INTEG_C_QOP_MD5 = 0x0001, /* *partial* MD5 = "MD2.5" */ 148 GSS_KRB5_INTEG_C_QOP_DES_MD5 = 0x0002, 149 GSS_KRB5_INTEG_C_QOP_DES_MAC = 0x0003, 150 GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004, 151 GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff, 152 GSS_KRB5_CONF_C_QOP_DES = 0x0100, 153 GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, 154 GSS_KRB5_CONF_C_QOP_MASK = 0xff00 155 }; 156 157 /** internal types **/ 158 159 typedef krb5_principal krb5_gss_name_t; 160 161 typedef struct _krb5_gss_cred_id_rec { 162 /* protect against simultaneous accesses */ 163 k5_mutex_t lock; 164 165 /* name/type of credential */ 166 gss_cred_usage_t usage; 167 krb5_principal princ; /* this is not interned as a gss_name_t */ 168 int prerfc_mech; 169 int rfc_mech; 170 171 /* keytab (accept) data */ 172 krb5_keytab keytab; 173 krb5_rcache rcache; 174 175 /* ccache (init) data */ 176 krb5_ccache ccache; 177 krb5_timestamp tgt_expire; 178 krb5_enctype *req_enctypes; /* limit negotiated enctypes to this list */ 179 } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; 180 181 typedef struct _krb5_gss_ctx_id_rec { 182 unsigned int initiate : 1; /* nonzero if initiating, zero if accepting */ 183 unsigned int established : 1; 184 unsigned int big_endian : 1; 185 unsigned int have_acceptor_subkey : 1; 186 unsigned int seed_init : 1; /* XXX tested but never actually set */ 187 OM_uint32 gss_flags; 188 unsigned char seed[16]; 189 krb5_principal here; 190 krb5_principal there; 191 krb5_keyblock *subkey; 192 int signalg; 193 size_t cksum_size; 194 int sealalg; 195 krb5_keyblock *enc; 196 krb5_keyblock *seq; 197 krb5_timestamp endtime; 198 krb5_flags krb_flags; 199 /* XXX these used to be signed. the old spec is inspecific, and 200 the new spec specifies unsigned. I don't believe that the change 201 affects the wire encoding. */ 202 gssint_uint64 seq_send; 203 gssint_uint64 seq_recv; 204 void *seqstate; 205 krb5_context k5_context; 206 krb5_auth_context auth_context; 207 gss_OID_desc *mech_used; 208 /* Protocol spec revision 209 0 => RFC 1964 with 3DES and RC4 enhancements 210 1 => draft-ietf-krb-wg-gssapi-cfx-01 211 No others defined so far. */ 212 int proto; 213 krb5_cksumtype cksumtype; /* for "main" subkey */ 214 krb5_keyblock *acceptor_subkey; /* CFX only */ 215 krb5_cksumtype acceptor_subkey_cksumtype; 216 int cred_rcache; /* did we get rcache from creds? */ 217 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t; 218 219 extern g_set kg_vdb; 220 221 extern k5_mutex_t gssint_krb5_keytab_lock; 222 223 /* helper macros */ 224 225 #define kg_save_name(name) g_save_name(&kg_vdb,name) 226 #define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred) 227 #define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx) 228 #define kg_save_lucidctx_id(lctx) g_save_lucidctx_id(&kg_vdb,lctx) 229 230 #define kg_validate_name(name) g_validate_name(&kg_vdb,name) 231 #define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred) 232 #define kg_validate_ctx_id(ctx) g_validate_ctx_id(&kg_vdb,ctx) 233 #define kg_validate_lucidctx_id(lctx) g_validate_lucidctx_id(&kg_vdb,lctx) 234 235 #define kg_delete_name(name) g_delete_name(&kg_vdb,name) 236 #define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred) 237 #define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx) 238 #define kg_delete_lucidctx_id(lctx) g_delete_lucidctx_id(&kg_vdb,lctx) 239 240 /** helper functions **/ 241 242 OM_uint32 kg_get_defcred 243 (OM_uint32 *minor_status, 244 gss_cred_id_t *cred); 245 246 krb5_error_code kg_checksum_channel_bindings 247 (krb5_context context, gss_channel_bindings_t cb, 248 krb5_checksum *cksum, 249 int bigend); 250 251 krb5_error_code kg_make_seq_num (krb5_context context, 252 krb5_keyblock *key, 253 int direction, krb5_ui_4 seqnum, unsigned char *cksum, 254 unsigned char *buf); 255 256 krb5_error_code kg_get_seq_num (krb5_context context, 257 krb5_keyblock *key, 258 unsigned char *cksum, unsigned char *buf, int *direction, 259 krb5_ui_4 *seqnum); 260 261 krb5_error_code kg_make_seed (krb5_context context, 262 krb5_keyblock *key, 263 unsigned char *seed); 264 265 int kg_confounder_size (krb5_context context, krb5_keyblock *key); 266 267 krb5_error_code kg_make_confounder (krb5_context context, 268 krb5_keyblock *key, unsigned char *buf); 269 270 krb5_error_code kg_encrypt (krb5_context context, 271 krb5_keyblock *key, int usage, 272 krb5_pointer iv, 273 krb5_pointer in, 274 krb5_pointer out, 275 unsigned int length); 276 krb5_error_code 277 kg_arcfour_docrypt (krb5_context, 278 const krb5_keyblock *longterm_key , int ms_usage, 279 const unsigned char *kd_data, size_t kd_data_len, 280 const unsigned char *input_buf, size_t input_len, 281 unsigned char *output_buf); 282 283 krb5_error_code kg_decrypt (krb5_context context, 284 krb5_keyblock *key, int usage, 285 krb5_pointer iv, 286 krb5_pointer in, 287 krb5_pointer out, 288 unsigned int length); 289 290 OM_uint32 kg_seal (OM_uint32 *minor_status, 291 gss_ctx_id_t context_handle, 292 int conf_req_flag, 293 int qop_req, 294 gss_buffer_t input_message_buffer, 295 int *conf_state, 296 gss_buffer_t output_message_buffer, 297 int toktype); 298 299 OM_uint32 kg_unseal (OM_uint32 *minor_status, 300 gss_ctx_id_t context_handle, 301 gss_buffer_t input_token_buffer, 302 gss_buffer_t message_buffer, 303 int *conf_state, 304 int *qop_state, 305 int toktype); 306 307 OM_uint32 kg_seal_size (OM_uint32 *minor_status, 308 gss_ctx_id_t context_handle, 309 int conf_req_flag, 310 gss_qop_t qop_req, 311 OM_uint32 output_size, 312 OM_uint32 *input_size); 313 314 krb5_error_code kg_ctx_size (krb5_context kcontext, 315 krb5_pointer arg, 316 size_t *sizep); 317 318 krb5_error_code kg_ctx_externalize (krb5_context kcontext, 319 krb5_pointer arg, 320 krb5_octet **buffer, 321 size_t *lenremain); 322 323 krb5_error_code kg_ctx_internalize (krb5_context kcontext, 324 krb5_pointer *argp, 325 krb5_octet **buffer, 326 size_t *lenremain); 327 328 OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status); 329 330 OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, 331 const char **out_name); 332 333 OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status, 334 const char *name); 335 336 /** declarations of internal name mechanism functions **/ 337 338 OM_uint32 krb5_gss_acquire_cred 339 (OM_uint32*, /* minor_status */ 340 gss_name_t, /* desired_name */ 341 OM_uint32, /* time_req */ 342 gss_OID_set, /* desired_mechs */ 343 gss_cred_usage_t, /* cred_usage */ 344 gss_cred_id_t*, /* output_cred_handle */ 345 gss_OID_set*, /* actual_mechs */ 346 OM_uint32* /* time_rec */ 347 ); 348 349 OM_uint32 krb5_gss_release_cred 350 (OM_uint32*, /* minor_status */ 351 gss_cred_id_t* /* cred_handle */ 352 ); 353 354 OM_uint32 krb5_gss_init_sec_context 355 (OM_uint32*, /* minor_status */ 356 gss_cred_id_t, /* claimant_cred_handle */ 357 gss_ctx_id_t*, /* context_handle */ 358 gss_name_t, /* target_name */ 359 gss_OID, /* mech_type */ 360 OM_uint32, /* req_flags */ 361 OM_uint32, /* time_req */ 362 gss_channel_bindings_t, 363 /* input_chan_bindings */ 364 gss_buffer_t, /* input_token */ 365 gss_OID*, /* actual_mech_type */ 366 gss_buffer_t, /* output_token */ 367 OM_uint32*, /* ret_flags */ 368 OM_uint32* /* time_rec */ 369 ); 370 371 OM_uint32 krb5_gss_accept_sec_context 372 (OM_uint32*, /* minor_status */ 373 gss_ctx_id_t*, /* context_handle */ 374 gss_cred_id_t, /* verifier_cred_handle */ 375 gss_buffer_t, /* input_token_buffer */ 376 gss_channel_bindings_t, 377 /* input_chan_bindings */ 378 gss_name_t*, /* src_name */ 379 gss_OID*, /* mech_type */ 380 gss_buffer_t, /* output_token */ 381 OM_uint32*, /* ret_flags */ 382 OM_uint32*, /* time_rec */ 383 gss_cred_id_t* /* delegated_cred_handle */ 384 ); 385 386 OM_uint32 krb5_gss_process_context_token 387 (OM_uint32*, /* minor_status */ 388 gss_ctx_id_t, /* context_handle */ 389 gss_buffer_t /* token_buffer */ 390 ); 391 392 OM_uint32 krb5_gss_delete_sec_context 393 (OM_uint32*, /* minor_status */ 394 gss_ctx_id_t*, /* context_handle */ 395 gss_buffer_t /* output_token */ 396 #ifdef _KERNEL 397 /* */, OM_uint32 /* context verifier */ 398 #endif 399 ); 400 401 OM_uint32 krb5_gss_context_time 402 (OM_uint32*, /* minor_status */ 403 gss_ctx_id_t, /* context_handle */ 404 OM_uint32* /* time_rec */ 405 ); 406 407 OM_uint32 krb5_gss_sign 408 (OM_uint32*, /* minor_status */ 409 gss_ctx_id_t, /* context_handle */ 410 int, /* qop_req */ 411 gss_buffer_t, /* message_buffer */ 412 gss_buffer_t /* message_token */ 413 #ifdef _KERNEL 414 /* */, OM_uint32 /* context verifier */ 415 #endif 416 ); 417 418 OM_uint32 krb5_gss_verify 419 (OM_uint32*, /* minor_status */ 420 gss_ctx_id_t, /* context_handle */ 421 gss_buffer_t, /* message_buffer */ 422 gss_buffer_t, /* token_buffer */ 423 int* /* qop_state */ 424 #ifdef _KERNEL 425 /* */, OM_uint32 /* context verifier */ 426 #endif 427 ); 428 429 /* EXPORT DELETE START */ 430 OM_uint32 krb5_gss_seal 431 (OM_uint32*, /* minor_status */ 432 gss_ctx_id_t, /* context_handle */ 433 int, /* conf_req_flag */ 434 int, /* qop_req */ 435 gss_buffer_t, /* input_message_buffer */ 436 int*, /* conf_state */ 437 gss_buffer_t /* output_message_buffer */ 438 #ifdef _KERNEL 439 /* */, OM_uint32 /* context verifier */ 440 #endif 441 ); 442 443 OM_uint32 krb5_gss_unseal 444 (OM_uint32*, /* minor_status */ 445 gss_ctx_id_t, /* context_handle */ 446 gss_buffer_t, /* input_message_buffer */ 447 gss_buffer_t, /* output_message_buffer */ 448 int*, /* conf_state */ 449 int* /* qop_state */ 450 #ifdef _KERNEL 451 /* */, OM_uint32 /* context verifier */ 452 #endif 453 ); 454 /* EXPORT DELETE END */ 455 456 OM_uint32 krb5_gss_display_status 457 (OM_uint32*, /* minor_status */ 458 OM_uint32, /* status_value */ 459 int, /* status_type */ 460 gss_OID, /* mech_type */ 461 OM_uint32*, /* message_context */ 462 gss_buffer_t /* status_string */ 463 ); 464 465 OM_uint32 krb5_gss_indicate_mechs 466 (OM_uint32*, /* minor_status */ 467 gss_OID_set* /* mech_set */ 468 ); 469 470 OM_uint32 krb5_gss_compare_name 471 (OM_uint32*, /* minor_status */ 472 gss_name_t, /* name1 */ 473 gss_name_t, /* name2 */ 474 int* /* name_equal */ 475 ); 476 477 OM_uint32 krb5_gss_display_name 478 (OM_uint32*, /* minor_status */ 479 gss_name_t, /* input_name */ 480 gss_buffer_t, /* output_name_buffer */ 481 gss_OID* /* output_name_type */ 482 ); 483 484 OM_uint32 krb5_gss_import_name 485 (OM_uint32*, /* minor_status */ 486 gss_buffer_t, /* input_name_buffer */ 487 gss_OID, /* input_name_type */ 488 gss_name_t* /* output_name */ 489 ); 490 491 OM_uint32 krb5_gss_release_name 492 (OM_uint32*, /* minor_status */ 493 gss_name_t* /* input_name */ 494 ); 495 496 OM_uint32 krb5_gss_inquire_cred 497 (OM_uint32 *, /* minor_status */ 498 gss_cred_id_t, /* cred_handle */ 499 gss_name_t *, /* name */ 500 OM_uint32 *, /* lifetime */ 501 gss_cred_usage_t*,/* cred_usage */ 502 gss_OID_set * /* mechanisms */ 503 ); 504 505 OM_uint32 krb5_gss_inquire_context 506 (OM_uint32*, /* minor_status */ 507 gss_ctx_id_t, /* context_handle */ 508 gss_name_t*, /* initiator_name */ 509 gss_name_t*, /* acceptor_name */ 510 OM_uint32*, /* lifetime_rec */ 511 gss_OID*, /* mech_type */ 512 OM_uint32*, /* ret_flags */ 513 int*, /* locally_initiated */ 514 int* /* open */ 515 ); 516 517 /* New V2 entry points */ 518 OM_uint32 krb5_gss_get_mic 519 (OM_uint32 *, /* minor_status */ 520 gss_ctx_id_t, /* context_handle */ 521 gss_qop_t, /* qop_req */ 522 gss_buffer_t, /* message_buffer */ 523 gss_buffer_t /* message_token */ 524 ); 525 526 OM_uint32 krb5_gss_verify_mic 527 (OM_uint32 *, /* minor_status */ 528 gss_ctx_id_t, /* context_handle */ 529 gss_buffer_t, /* message_buffer */ 530 gss_buffer_t, /* message_token */ 531 gss_qop_t * /* qop_state */ 532 ); 533 534 OM_uint32 krb5_gss_wrap 535 (OM_uint32 *, /* minor_status */ 536 gss_ctx_id_t, /* context_handle */ 537 int, /* conf_req_flag */ 538 gss_qop_t, /* qop_req */ 539 gss_buffer_t, /* input_message_buffer */ 540 int *, /* conf_state */ 541 gss_buffer_t /* output_message_buffer */ 542 ); 543 544 OM_uint32 krb5_gss_unwrap 545 (OM_uint32 *, /* minor_status */ 546 gss_ctx_id_t, /* context_handle */ 547 gss_buffer_t, /* input_message_buffer */ 548 gss_buffer_t, /* output_message_buffer */ 549 int *, /* conf_state */ 550 gss_qop_t * /* qop_state */ 551 ); 552 553 OM_uint32 krb5_gss_wrap_size_limit 554 (OM_uint32 *, /* minor_status */ 555 gss_ctx_id_t, /* context_handle */ 556 int, /* conf_req_flag */ 557 gss_qop_t, /* qop_req */ 558 OM_uint32, /* req_output_size */ 559 OM_uint32 * /* max_input_size */ 560 ); 561 562 OM_uint32 krb5_gss_import_name_object 563 (OM_uint32 *, /* minor_status */ 564 void *, /* input_name */ 565 gss_OID, /* input_name_type */ 566 gss_name_t * /* output_name */ 567 ); 568 569 OM_uint32 krb5_gss_export_name_object 570 (OM_uint32 *, /* minor_status */ 571 gss_name_t, /* input_name */ 572 gss_OID, /* desired_name_type */ 573 void * * /* output_name */ 574 ); 575 576 OM_uint32 krb5_gss_add_cred 577 (OM_uint32 *, /* minor_status */ 578 gss_cred_id_t, /* input_cred_handle */ 579 gss_name_t, /* desired_name */ 580 gss_OID, /* desired_mech */ 581 gss_cred_usage_t, /* cred_usage */ 582 OM_uint32, /* initiator_time_req */ 583 OM_uint32, /* acceptor_time_req */ 584 gss_cred_id_t *, /* output_cred_handle */ 585 gss_OID_set *, /* actual_mechs */ 586 OM_uint32 *, /* initiator_time_rec */ 587 OM_uint32 * /* acceptor_time_rec */ 588 ); 589 590 OM_uint32 krb5_gss_inquire_cred_by_mech 591 (OM_uint32 *, /* minor_status */ 592 gss_cred_id_t, /* cred_handle */ 593 gss_OID, /* mech_type */ 594 gss_name_t *, /* name */ 595 OM_uint32 *, /* initiator_lifetime */ 596 OM_uint32 *, /* acceptor_lifetime */ 597 gss_cred_usage_t * /* cred_usage */ 598 ); 599 600 OM_uint32 krb5_gss_export_sec_context 601 (OM_uint32 *, /* minor_status */ 602 gss_ctx_id_t *, /* context_handle */ 603 gss_buffer_t /* interprocess_token */ 604 ); 605 606 OM_uint32 krb5_gss_import_sec_context 607 (OM_uint32 *, /* minor_status */ 608 gss_buffer_t, /* interprocess_token */ 609 gss_ctx_id_t * /* context_handle */ 610 /* Note no _KERNEL context verifier */ 611 ); 612 613 krb5_error_code krb5_gss_ser_init(krb5_context); 614 615 OM_uint32 krb5_gss_release_oid 616 (OM_uint32 *, /* minor_status */ 617 gss_OID * /* oid */ 618 ); 619 620 OM_uint32 krb5_gss_internal_release_oid 621 (OM_uint32 *, /* minor_status */ 622 gss_OID * /* oid */ 623 ); 624 625 OM_uint32 krb5_gss_inquire_names_for_mech 626 (OM_uint32 *, /* minor_status */ 627 gss_OID, /* mechanism */ 628 gss_OID_set * /* name_types */ 629 ); 630 631 /* SUNW15resync - XXX nullify? */ 632 OM_uint32 krb5_gss_canonicalize_name 633 (OM_uint32 *, /* minor_status */ 634 const gss_name_t, /* input_name */ 635 const gss_OID, /* mech_type */ 636 gss_name_t * /* output_name */ 637 ); 638 639 OM_uint32 krb5_gss_export_name 640 (OM_uint32 *, /* minor_status */ 641 const gss_name_t, /* input_name */ 642 gss_buffer_t /* exported_name */ 643 ); 644 645 OM_uint32 krb5_gss_duplicate_name 646 (OM_uint32 *, /* minor_status */ 647 const gss_name_t, /* input_name */ 648 gss_name_t * /* dest_name */ 649 ); 650 651 OM_uint32 krb5_gss_validate_cred 652 (OM_uint32 *, /* minor_status */ 653 gss_cred_id_t /* cred */ 654 ); 655 656 OM_uint32 657 krb5_gss_validate_cred_1(OM_uint32 * /* minor_status */, 658 gss_cred_id_t /* cred_handle */, 659 krb5_context /* context */); 660 661 gss_OID krb5_gss_convert_static_mech_oid(gss_OID oid); 662 663 krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context, 664 krb5_gss_ctx_id_rec *, 665 const gss_buffer_desc *, 666 gss_buffer_t, 667 int, int); 668 669 OM_uint32 gss_krb5int_unseal_token_v3(krb5_context context, 670 OM_uint32 *minor_status, 671 krb5_gss_ctx_id_rec *ctx, 672 unsigned char *ptr, int bodysize, 673 gss_buffer_t message_buffer, 674 int *conf_state, int *qop_state, 675 int toktype); 676 677 /* 678 * SUNW15resync 679 * Solaris specific interfaces start 680 */ 681 682 OM_uint32 krb5_gss_store_cred ( 683 OM_uint32 *, /* minor_status */ 684 const gss_cred_id_t, /* input_cred */ 685 gss_cred_usage_t, /* cred_usage */ 686 const gss_OID, /* desired_mech */ 687 OM_uint32, /* overwrite_cred */ 688 OM_uint32, /* default_cred */ 689 gss_OID_set *, /* elements_stored */ 690 gss_cred_usage_t * /* cred_usage_stored */ 691 ); 692 693 OM_uint32 krb5_pname_to_uid( 694 OM_uint32 *, /* minor status */ 695 const gss_name_t, /* pname */ 696 uid_t * /* uidOUt */ 697 ); 698 699 OM_uint32 krb5_gss_userok( 700 OM_uint32 *, /* minor status */ 701 const gss_name_t, /* remote user principal name */ 702 const char *, /* local unix user name */ 703 int * /* remote user ok to login w/out pw? */ 704 ); 705 706 707 /* 708 * SUNW15resync 709 * Solaris specific interfaces end 710 */ 711 712 713 /* 714 * These take unglued krb5-mech-specific contexts. 715 */ 716 717 OM_uint32 KRB5_CALLCONV gss_krb5int_get_tkt_flags 718 (OM_uint32 *minor_status, 719 gss_ctx_id_t context_handle, 720 krb5_flags *ticket_flags); 721 722 OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache 723 (OM_uint32 *minor_status, 724 gss_cred_id_t cred_handle, 725 krb5_ccache out_ccache); 726 727 OM_uint32 KRB5_CALLCONV 728 gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, 729 gss_cred_id_t cred, 730 OM_uint32 num_ktypes, 731 krb5_enctype *ktypes); 732 733 OM_uint32 KRB5_CALLCONV 734 gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status, 735 gss_ctx_id_t *context_handle, 736 OM_uint32 version, 737 void **kctx); 738 739 740 extern k5_mutex_t kg_kdc_flag_mutex; 741 krb5_error_code krb5_gss_init_context (krb5_context *ctxp); 742 743 krb5_error_code krb5_gss_use_kdc_context(void); 744 745 #endif /* _GSSAPIP_KRB5_H_ */ 746