Print this page
3882 remove xmod & friends
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/uts/common/gssapi/mechs/krb5/include/gssapiP_krb5.h
+++ new/usr/src/uts/common/gssapi/mechs/krb5/include/gssapiP_krb5.h
1 1 /*
2 2 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
3 3 */
4 4 /*
5 5 * Copyright 2000 by the Massachusetts Institute of Technology.
6 6 * All Rights Reserved.
7 7 *
8 8 * Export of this software from the United States of America may
9 9 * require a specific license from the United States Government.
10 10 * It is the responsibility of any person or organization contemplating
11 11 * export to obtain such a license before exporting.
12 12 *
13 13 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
14 14 * distribute this software and its documentation for any purpose and
15 15 * without fee is hereby granted, provided that the above copyright
16 16 * notice appear in all copies and that both that copyright notice and
17 17 * this permission notice appear in supporting documentation, and that
18 18 * the name of M.I.T. not be used in advertising or publicity pertaining
19 19 * to distribution of the software without specific, written prior
20 20 * permission. Furthermore if you modify this software you must label
21 21 * your software as modified software and not distribute it in such a
22 22 * fashion that it might be confused with the original M.I.T. software.
23 23 * M.I.T. makes no representations about the suitability of
24 24 * this software for any purpose. It is provided "as is" without express
25 25 * or implied warranty.
26 26 *
27 27 */
28 28 /*
29 29 * Copyright 1993 by OpenVision Technologies, Inc.
30 30 *
31 31 * Permission to use, copy, modify, distribute, and sell this software
32 32 * and its documentation for any purpose is hereby granted without fee,
33 33 * provided that the above copyright notice appears in all copies and
34 34 * that both that copyright notice and this permission notice appear in
35 35 * supporting documentation, and that the name of OpenVision not be used
36 36 * in advertising or publicity pertaining to distribution of the software
37 37 * without specific, written prior permission. OpenVision makes no
38 38 * representations about the suitability of this software for any
39 39 * purpose. It is provided "as is" without express or implied warranty.
40 40 *
41 41 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
42 42 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
43 43 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
44 44 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
45 45 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
46 46 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
47 47 * PERFORMANCE OF THIS SOFTWARE.
48 48 */
49 49
50 50 #ifndef _GSSAPIP_KRB5_H_
51 51 #define _GSSAPIP_KRB5_H_
52 52
53 53 #include <k5-int.h>
54 54
55 55 #ifdef HAVE_MEMORY_H
56 56 #include <memory.h>
57 57 #endif
58 58
59 59 /* work around sunos braindamage */
60 60 #ifdef major
61 61 #undef major
62 62 #endif
63 63 #ifdef minor
64 64 #undef minor
65 65 #endif
66 66
67 67 #include "gssapiP_generic.h"
68 68
69 69 /* The include of gssapi_krb5.h will dtrt with the above #defines in
70 70 * effect.
71 71 */
72 72 #include "gssapi_krb5.h"
73 73 #include "gssapi_err_krb5.h"
74 74 #include "gssapi_ext.h"
75 75
76 76 /* for debugging */
77 77 #undef CFX_EXERCISE
78 78
79 79 /** constants **/
80 80
81 81 #define GSS_MECH_KRB5_OID_LENGTH 9
82 82 #define GSS_MECH_KRB5_OID "\052\206\110\206\367\022\001\002\002"
83 83
84 84 #define GSS_MECH_KRB5_OLD_OID_LENGTH 5
85 85 #define GSS_MECH_KRB5_OLD_OID "\053\005\001\005\002"
86 86
87 87 /* Incorrect krb5 mech OID emitted by MS. */
88 88 #define GSS_MECH_KRB5_WRONG_OID_LENGTH 9
89 89 #define GSS_MECH_KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002"
90 90
91 91
92 92 #define CKSUMTYPE_KG_CB 0x8003
93 93
94 94 #define KG_TOK_CTX_AP_REQ 0x0100
95 95 #define KG_TOK_CTX_AP_REP 0x0200
96 96 #define KG_TOK_CTX_ERROR 0x0300
97 97 #define KG_TOK_SIGN_MSG 0x0101
98 98 #define KG_TOK_SEAL_MSG 0x0201
99 99 #define KG_TOK_MIC_MSG 0x0101
100 100 #define KG_TOK_WRAP_MSG 0x0201
101 101 #define KG_TOK_DEL_CTX 0x0102
102 102
103 103 #define KG2_TOK_INITIAL 0x0101
104 104 #define KG2_TOK_RESPONSE 0x0202
105 105 #define KG2_TOK_MIC 0x0303
106 106 #define KG2_TOK_WRAP_INTEG 0x0404
107 107 #define KG2_TOK_WRAP_PRIV 0x0505
108 108
109 109 #define KRB5_GSS_FOR_CREDS_OPTION 1
110 110
111 111 #define KG2_RESP_FLAG_ERROR 0x0001
112 112 #define KG2_RESP_FLAG_DELEG_OK 0x0002
113 113
114 114 /* These are to be stored in little-endian order, i.e., des-mac is
115 115 stored as 02 00. */
116 116 enum sgn_alg {
117 117 SGN_ALG_DES_MAC_MD5 = 0x0000,
118 118 SGN_ALG_MD2_5 = 0x0001,
119 119 SGN_ALG_DES_MAC = 0x0002,
120 120 SGN_ALG_3 = 0x0003, /* not published */
121 121 SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */
122 122 SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004
123 123 };
124 124 enum seal_alg {
125 125 SEAL_ALG_NONE = 0xffff,
126 126 SEAL_ALG_DES = 0x0000,
127 127 SEAL_ALG_1 = 0x0001, /* not published */
128 128 SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */
129 129 SEAL_ALG_DES3KD = 0x0002
130 130 };
131 131
132 132 /* for 3DES */
133 133 #define KG_USAGE_SEAL 22
134 134 #define KG_USAGE_SIGN 23
135 135 #define KG_USAGE_SEQ 24
136 136
137 137 /* for draft-ietf-krb-wg-gssapi-cfx-01 */
138 138 #define KG_USAGE_ACCEPTOR_SEAL 22
139 139 #define KG_USAGE_ACCEPTOR_SIGN 23
140 140 #define KG_USAGE_INITIATOR_SEAL 24
141 141 #define KG_USAGE_INITIATOR_SIGN 25
142 142
143 143 enum qop {
144 144 GSS_KRB5_INTEG_C_QOP_MD5 = 0x0001, /* *partial* MD5 = "MD2.5" */
145 145 GSS_KRB5_INTEG_C_QOP_DES_MD5 = 0x0002,
146 146 GSS_KRB5_INTEG_C_QOP_DES_MAC = 0x0003,
147 147 GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004,
148 148 GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff,
149 149 GSS_KRB5_CONF_C_QOP_DES = 0x0100,
150 150 GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200,
151 151 GSS_KRB5_CONF_C_QOP_MASK = 0xff00
152 152 };
153 153
154 154 /** internal types **/
155 155
156 156 typedef krb5_principal krb5_gss_name_t;
157 157
158 158 typedef struct _krb5_gss_cred_id_rec {
159 159 /* protect against simultaneous accesses */
160 160 k5_mutex_t lock;
161 161
162 162 /* name/type of credential */
163 163 gss_cred_usage_t usage;
164 164 krb5_principal princ; /* this is not interned as a gss_name_t */
165 165 int prerfc_mech;
166 166 int rfc_mech;
167 167
168 168 /* keytab (accept) data */
169 169 krb5_keytab keytab;
170 170 krb5_rcache rcache;
171 171
172 172 /* ccache (init) data */
173 173 krb5_ccache ccache;
174 174 krb5_timestamp tgt_expire;
175 175 krb5_enctype *req_enctypes; /* limit negotiated enctypes to this list */
176 176 } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t;
177 177
178 178 typedef struct _krb5_gss_ctx_id_rec {
179 179 unsigned int initiate : 1; /* nonzero if initiating, zero if accepting */
180 180 unsigned int established : 1;
181 181 unsigned int big_endian : 1;
182 182 unsigned int have_acceptor_subkey : 1;
183 183 unsigned int seed_init : 1; /* XXX tested but never actually set */
184 184 OM_uint32 gss_flags;
185 185 unsigned char seed[16];
186 186 krb5_principal here;
187 187 krb5_principal there;
188 188 krb5_keyblock *subkey;
189 189 int signalg;
190 190 size_t cksum_size;
191 191 int sealalg;
192 192 krb5_keyblock *enc;
193 193 krb5_keyblock *seq;
194 194 krb5_timestamp endtime;
195 195 krb5_ticket_times krb_times;
196 196 krb5_flags krb_flags;
197 197 /* XXX these used to be signed. the old spec is inspecific, and
198 198 the new spec specifies unsigned. I don't believe that the change
199 199 affects the wire encoding. */
200 200 gssint_uint64 seq_send;
201 201 gssint_uint64 seq_recv;
202 202 void *seqstate;
203 203 krb5_context k5_context;
204 204 krb5_auth_context auth_context;
205 205 gss_OID_desc *mech_used;
206 206 /* Protocol spec revision
207 207 0 => RFC 1964 with 3DES and RC4 enhancements
208 208 1 => draft-ietf-krb-wg-gssapi-cfx-01
209 209 No others defined so far. */
210 210 int proto;
211 211 krb5_cksumtype cksumtype; /* for "main" subkey */
212 212 krb5_keyblock *acceptor_subkey; /* CFX only */
213 213 krb5_cksumtype acceptor_subkey_cksumtype;
214 214 int cred_rcache; /* did we get rcache from creds? */
215 215 krb5_authdata **authdata;
216 216 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
217 217
218 218 extern g_set kg_vdb;
219 219
220 220 extern k5_mutex_t gssint_krb5_keytab_lock;
221 221
222 222 /* helper macros */
223 223
224 224 #define kg_save_name(name) g_save_name(&kg_vdb,name)
225 225 #define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred)
226 226 #define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx)
227 227 #define kg_save_lucidctx_id(lctx) g_save_lucidctx_id(&kg_vdb,lctx)
228 228
229 229 #define kg_validate_name(name) g_validate_name(&kg_vdb,name)
230 230 #define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred)
231 231 #define kg_validate_ctx_id(ctx) g_validate_ctx_id(&kg_vdb,ctx)
232 232 #define kg_validate_lucidctx_id(lctx) g_validate_lucidctx_id(&kg_vdb,lctx)
233 233
234 234 #define kg_delete_name(name) g_delete_name(&kg_vdb,name)
235 235 #define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred)
236 236 #define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx)
237 237 #define kg_delete_lucidctx_id(lctx) g_delete_lucidctx_id(&kg_vdb,lctx)
238 238
239 239 /** helper functions **/
240 240
241 241 OM_uint32 kg_get_defcred
242 242 (OM_uint32 *minor_status,
243 243 gss_cred_id_t *cred);
244 244
245 245 krb5_error_code kg_checksum_channel_bindings
246 246 (krb5_context context, gss_channel_bindings_t cb,
247 247 krb5_checksum *cksum,
248 248 int bigend);
249 249
250 250 krb5_error_code kg_make_seq_num (krb5_context context,
251 251 krb5_keyblock *key,
252 252 int direction, krb5_ui_4 seqnum, unsigned char *cksum,
253 253 unsigned char *buf);
254 254
255 255 krb5_error_code kg_get_seq_num (krb5_context context,
256 256 krb5_keyblock *key,
257 257 unsigned char *cksum, unsigned char *buf, int *direction,
258 258 krb5_ui_4 *seqnum);
259 259
260 260 krb5_error_code kg_make_seed (krb5_context context,
261 261 krb5_keyblock *key,
262 262 unsigned char *seed);
263 263
264 264 int kg_confounder_size (krb5_context context, krb5_keyblock *key);
265 265
266 266 krb5_error_code kg_make_confounder (krb5_context context,
267 267 krb5_keyblock *key, unsigned char *buf);
268 268
269 269 krb5_error_code kg_encrypt (krb5_context context,
270 270 krb5_keyblock *key, int usage,
271 271 krb5_pointer iv,
272 272 krb5_const_pointer in,
273 273 krb5_pointer out,
274 274 unsigned int length);
275 275 krb5_error_code
276 276 kg_arcfour_docrypt (krb5_context,
277 277 const krb5_keyblock *longterm_key , int ms_usage,
278 278 const unsigned char *kd_data, size_t kd_data_len,
279 279 const unsigned char *input_buf, size_t input_len,
280 280 unsigned char *output_buf);
281 281
282 282 krb5_error_code kg_decrypt (krb5_context context,
283 283 krb5_keyblock *key, int usage,
284 284 krb5_pointer iv,
285 285 krb5_const_pointer in,
286 286 krb5_pointer out,
287 287 unsigned int length);
288 288
289 289 OM_uint32 kg_seal (OM_uint32 *minor_status,
290 290 gss_ctx_id_t context_handle,
291 291 int conf_req_flag,
292 292 int qop_req,
293 293 gss_buffer_t input_message_buffer,
294 294 int *conf_state,
295 295 gss_buffer_t output_message_buffer,
296 296 int toktype);
297 297
298 298 OM_uint32 kg_unseal (OM_uint32 *minor_status,
299 299 gss_ctx_id_t context_handle,
300 300 gss_buffer_t input_token_buffer,
301 301 gss_buffer_t message_buffer,
302 302 int *conf_state,
303 303 int *qop_state,
304 304 int toktype);
305 305
306 306 OM_uint32 kg_seal_size (OM_uint32 *minor_status,
307 307 gss_ctx_id_t context_handle,
308 308 int conf_req_flag,
309 309 gss_qop_t qop_req,
310 310 OM_uint32 output_size,
311 311 OM_uint32 *input_size);
312 312
313 313 krb5_error_code kg_ctx_size (krb5_context kcontext,
314 314 krb5_pointer arg,
315 315 size_t *sizep);
316 316
317 317 krb5_error_code kg_ctx_externalize (krb5_context kcontext,
318 318 krb5_pointer arg,
319 319 krb5_octet **buffer,
320 320 size_t *lenremain);
321 321
322 322 krb5_error_code kg_ctx_internalize (krb5_context kcontext,
323 323 krb5_pointer *argp,
324 324 krb5_octet **buffer,
325 325 size_t *lenremain);
326 326
327 327 OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status);
328 328
329 329 OM_uint32 kg_caller_provided_ccache_name (OM_uint32 *minor_status,
330 330 int *out_caller_provided_name);
331 331
332 332 OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status,
333 333 const char **out_name);
334 334
335 335 OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status,
336 336 const char *name);
337 337
338 338 /** declarations of internal name mechanism functions **/
339 339
340 340 OM_uint32 krb5_gss_acquire_cred
341 341 (OM_uint32*, /* minor_status */
342 342 gss_name_t, /* desired_name */
343 343 OM_uint32, /* time_req */
344 344 gss_OID_set, /* desired_mechs */
345 345 gss_cred_usage_t, /* cred_usage */
346 346 gss_cred_id_t*, /* output_cred_handle */
347 347 gss_OID_set*, /* actual_mechs */
348 348 OM_uint32* /* time_rec */
349 349 );
350 350
351 351 OM_uint32 krb5_gss_release_cred
352 352 (OM_uint32*, /* minor_status */
353 353 gss_cred_id_t* /* cred_handle */
354 354 );
355 355
356 356 OM_uint32 krb5_gss_init_sec_context
357 357 (OM_uint32*, /* minor_status */
358 358 gss_cred_id_t, /* claimant_cred_handle */
359 359 gss_ctx_id_t*, /* context_handle */
360 360 gss_name_t, /* target_name */
361 361 gss_OID, /* mech_type */
362 362 OM_uint32, /* req_flags */
363 363 OM_uint32, /* time_req */
364 364 gss_channel_bindings_t,
365 365 /* input_chan_bindings */
366 366 gss_buffer_t, /* input_token */
367 367 gss_OID*, /* actual_mech_type */
368 368 gss_buffer_t, /* output_token */
369 369 OM_uint32*, /* ret_flags */
370 370 OM_uint32* /* time_rec */
371 371 );
372 372
373 373 OM_uint32 krb5_gss_accept_sec_context
374 374 (OM_uint32*, /* minor_status */
375 375 gss_ctx_id_t*, /* context_handle */
376 376 gss_cred_id_t, /* verifier_cred_handle */
377 377 gss_buffer_t, /* input_token_buffer */
378 378 gss_channel_bindings_t,
379 379 /* input_chan_bindings */
380 380 gss_name_t*, /* src_name */
381 381 gss_OID*, /* mech_type */
382 382 gss_buffer_t, /* output_token */
383 383 OM_uint32*, /* ret_flags */
384 384 OM_uint32*, /* time_rec */
385 385 gss_cred_id_t* /* delegated_cred_handle */
386 386 );
387 387
388 388 OM_uint32 krb5_gss_process_context_token
389 389 (OM_uint32*, /* minor_status */
390 390 gss_ctx_id_t, /* context_handle */
391 391 gss_buffer_t /* token_buffer */
392 392 );
393 393
394 394 OM_uint32 krb5_gss_delete_sec_context
395 395 (OM_uint32*, /* minor_status */
396 396 gss_ctx_id_t*, /* context_handle */
397 397 gss_buffer_t /* output_token */
398 398 #ifdef _KERNEL
399 399 /* */, OM_uint32 /* context verifier */
400 400 #endif
401 401 );
402 402
403 403 OM_uint32 krb5_gss_context_time
404 404 (OM_uint32*, /* minor_status */
405 405 gss_ctx_id_t, /* context_handle */
406 406 OM_uint32* /* time_rec */
407 407 );
408 408
409 409 OM_uint32 krb5_gss_sign
410 410 (OM_uint32*, /* minor_status */
411 411 gss_ctx_id_t, /* context_handle */
412 412 int, /* qop_req */
413 413 gss_buffer_t, /* message_buffer */
414 414 gss_buffer_t /* message_token */
415 415 #ifdef _KERNEL
416 416 /* */, OM_uint32 /* context verifier */
417 417 #endif
418 418 );
419 419
420 420 OM_uint32 krb5_gss_verify
↓ open down ↓ |
420 lines elided |
↑ open up ↑ |
421 421 (OM_uint32*, /* minor_status */
422 422 gss_ctx_id_t, /* context_handle */
423 423 gss_buffer_t, /* message_buffer */
424 424 gss_buffer_t, /* token_buffer */
425 425 int* /* qop_state */
426 426 #ifdef _KERNEL
427 427 /* */, OM_uint32 /* context verifier */
428 428 #endif
429 429 );
430 430
431 -/* EXPORT DELETE START */
432 431 OM_uint32 krb5_gss_seal
433 432 (OM_uint32*, /* minor_status */
434 433 gss_ctx_id_t, /* context_handle */
435 434 int, /* conf_req_flag */
436 435 int, /* qop_req */
437 436 gss_buffer_t, /* input_message_buffer */
438 437 int*, /* conf_state */
439 438 gss_buffer_t /* output_message_buffer */
440 439 #ifdef _KERNEL
441 440 /* */, OM_uint32 /* context verifier */
442 441 #endif
443 442 );
444 443
445 444 OM_uint32 krb5_gss_unseal
↓ open down ↓ |
4 lines elided |
↑ open up ↑ |
446 445 (OM_uint32*, /* minor_status */
447 446 gss_ctx_id_t, /* context_handle */
448 447 gss_buffer_t, /* input_message_buffer */
449 448 gss_buffer_t, /* output_message_buffer */
450 449 int*, /* conf_state */
451 450 int* /* qop_state */
452 451 #ifdef _KERNEL
453 452 /* */, OM_uint32 /* context verifier */
454 453 #endif
455 454 );
456 -/* EXPORT DELETE END */
457 455
458 456 OM_uint32 krb5_gss_display_status
459 457 (OM_uint32*, /* minor_status */
460 458 OM_uint32, /* status_value */
461 459 int, /* status_type */
462 460 gss_OID, /* mech_type */
463 461 OM_uint32*, /* message_context */
464 462 gss_buffer_t /* status_string */
465 463 );
466 464
467 465 OM_uint32 krb5_gss_indicate_mechs
468 466 (OM_uint32*, /* minor_status */
469 467 gss_OID_set* /* mech_set */
470 468 );
471 469
472 470 OM_uint32 krb5_gss_compare_name
473 471 (OM_uint32*, /* minor_status */
474 472 gss_name_t, /* name1 */
475 473 gss_name_t, /* name2 */
476 474 int* /* name_equal */
477 475 );
478 476
479 477 OM_uint32 krb5_gss_display_name
480 478 (OM_uint32*, /* minor_status */
481 479 gss_name_t, /* input_name */
482 480 gss_buffer_t, /* output_name_buffer */
483 481 gss_OID* /* output_name_type */
484 482 );
485 483
486 484 OM_uint32 krb5_gss_import_name
487 485 (OM_uint32*, /* minor_status */
488 486 gss_buffer_t, /* input_name_buffer */
489 487 gss_OID, /* input_name_type */
490 488 gss_name_t* /* output_name */
491 489 );
492 490
493 491 OM_uint32 krb5_gss_release_name
494 492 (OM_uint32*, /* minor_status */
495 493 gss_name_t* /* input_name */
496 494 );
497 495
498 496 OM_uint32 krb5_gss_inquire_cred
499 497 (OM_uint32 *, /* minor_status */
500 498 gss_cred_id_t, /* cred_handle */
501 499 gss_name_t *, /* name */
502 500 OM_uint32 *, /* lifetime */
503 501 gss_cred_usage_t*,/* cred_usage */
504 502 gss_OID_set * /* mechanisms */
505 503 );
506 504
507 505 OM_uint32 krb5_gss_inquire_context
508 506 (OM_uint32*, /* minor_status */
509 507 gss_ctx_id_t, /* context_handle */
510 508 gss_name_t*, /* initiator_name */
511 509 gss_name_t*, /* acceptor_name */
512 510 OM_uint32*, /* lifetime_rec */
513 511 gss_OID*, /* mech_type */
514 512 OM_uint32*, /* ret_flags */
515 513 int*, /* locally_initiated */
516 514 int* /* open */
517 515 );
518 516
519 517 /* New V2 entry points */
520 518 OM_uint32 krb5_gss_get_mic
521 519 (OM_uint32 *, /* minor_status */
522 520 gss_ctx_id_t, /* context_handle */
523 521 gss_qop_t, /* qop_req */
524 522 gss_buffer_t, /* message_buffer */
525 523 gss_buffer_t /* message_token */
526 524 );
527 525
528 526 OM_uint32 krb5_gss_verify_mic
529 527 (OM_uint32 *, /* minor_status */
530 528 gss_ctx_id_t, /* context_handle */
531 529 gss_buffer_t, /* message_buffer */
532 530 gss_buffer_t, /* message_token */
533 531 gss_qop_t * /* qop_state */
534 532 );
535 533
536 534 OM_uint32 krb5_gss_wrap
537 535 (OM_uint32 *, /* minor_status */
538 536 gss_ctx_id_t, /* context_handle */
539 537 int, /* conf_req_flag */
540 538 gss_qop_t, /* qop_req */
541 539 gss_buffer_t, /* input_message_buffer */
542 540 int *, /* conf_state */
543 541 gss_buffer_t /* output_message_buffer */
544 542 );
545 543
546 544 OM_uint32 krb5_gss_unwrap
547 545 (OM_uint32 *, /* minor_status */
548 546 gss_ctx_id_t, /* context_handle */
549 547 gss_buffer_t, /* input_message_buffer */
550 548 gss_buffer_t, /* output_message_buffer */
551 549 int *, /* conf_state */
552 550 gss_qop_t * /* qop_state */
553 551 );
554 552
555 553 OM_uint32 krb5_gss_wrap_size_limit
556 554 (OM_uint32 *, /* minor_status */
557 555 gss_ctx_id_t, /* context_handle */
558 556 int, /* conf_req_flag */
559 557 gss_qop_t, /* qop_req */
560 558 OM_uint32, /* req_output_size */
561 559 OM_uint32 * /* max_input_size */
562 560 );
563 561
564 562 OM_uint32 krb5_gss_import_name_object
565 563 (OM_uint32 *, /* minor_status */
566 564 void *, /* input_name */
567 565 gss_OID, /* input_name_type */
568 566 gss_name_t * /* output_name */
569 567 );
570 568
571 569 OM_uint32 krb5_gss_export_name_object
572 570 (OM_uint32 *, /* minor_status */
573 571 gss_name_t, /* input_name */
574 572 gss_OID, /* desired_name_type */
575 573 void * * /* output_name */
576 574 );
577 575
578 576 OM_uint32 krb5_gss_add_cred
579 577 (OM_uint32 *, /* minor_status */
580 578 gss_cred_id_t, /* input_cred_handle */
581 579 gss_name_t, /* desired_name */
582 580 gss_OID, /* desired_mech */
583 581 gss_cred_usage_t, /* cred_usage */
584 582 OM_uint32, /* initiator_time_req */
585 583 OM_uint32, /* acceptor_time_req */
586 584 gss_cred_id_t *, /* output_cred_handle */
587 585 gss_OID_set *, /* actual_mechs */
588 586 OM_uint32 *, /* initiator_time_rec */
589 587 OM_uint32 * /* acceptor_time_rec */
590 588 );
591 589
592 590 OM_uint32 krb5_gss_inquire_cred_by_mech
593 591 (OM_uint32 *, /* minor_status */
594 592 gss_cred_id_t, /* cred_handle */
595 593 gss_OID, /* mech_type */
596 594 gss_name_t *, /* name */
597 595 OM_uint32 *, /* initiator_lifetime */
598 596 OM_uint32 *, /* acceptor_lifetime */
599 597 gss_cred_usage_t * /* cred_usage */
600 598 );
601 599
602 600 OM_uint32 krb5_gss_export_sec_context
603 601 (OM_uint32 *, /* minor_status */
604 602 gss_ctx_id_t *, /* context_handle */
605 603 gss_buffer_t /* interprocess_token */
606 604 );
607 605
608 606 OM_uint32 krb5_gss_import_sec_context
609 607 (OM_uint32 *, /* minor_status */
610 608 gss_buffer_t, /* interprocess_token */
611 609 gss_ctx_id_t * /* context_handle */
612 610 /* Note no _KERNEL context verifier */
613 611 );
614 612
615 613 krb5_error_code krb5_gss_ser_init(krb5_context);
616 614
617 615 OM_uint32 krb5_gss_release_oid
618 616 (OM_uint32 *, /* minor_status */
619 617 gss_OID * /* oid */
620 618 );
621 619
622 620 OM_uint32 krb5_gss_internal_release_oid
623 621 (OM_uint32 *, /* minor_status */
624 622 gss_OID * /* oid */
625 623 );
626 624
627 625 OM_uint32 krb5_gss_inquire_names_for_mech
628 626 (OM_uint32 *, /* minor_status */
629 627 gss_OID, /* mechanism */
630 628 gss_OID_set * /* name_types */
631 629 );
632 630
633 631 /* SUNW15resync - XXX nullify? */
634 632 OM_uint32 krb5_gss_canonicalize_name
635 633 (OM_uint32 *, /* minor_status */
636 634 const gss_name_t, /* input_name */
637 635 const gss_OID, /* mech_type */
638 636 gss_name_t * /* output_name */
639 637 );
640 638
641 639 OM_uint32 krb5_gss_export_name
642 640 (OM_uint32 *, /* minor_status */
643 641 const gss_name_t, /* input_name */
644 642 gss_buffer_t /* exported_name */
645 643 );
646 644
647 645 OM_uint32 krb5_gss_duplicate_name
648 646 (OM_uint32 *, /* minor_status */
649 647 const gss_name_t, /* input_name */
650 648 gss_name_t * /* dest_name */
651 649 );
652 650
653 651 OM_uint32 krb5_gss_validate_cred
654 652 (OM_uint32 *, /* minor_status */
655 653 gss_cred_id_t /* cred */
656 654 );
657 655
658 656 OM_uint32
659 657 krb5_gss_validate_cred_1(OM_uint32 * /* minor_status */,
660 658 gss_cred_id_t /* cred_handle */,
661 659 krb5_context /* context */);
662 660
663 661 gss_OID krb5_gss_convert_static_mech_oid(gss_OID oid);
664 662
665 663 krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context,
666 664 krb5_gss_ctx_id_rec *,
667 665 const gss_buffer_desc *,
668 666 gss_buffer_t,
669 667 int, int);
670 668
671 669 OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr,
672 670 OM_uint32 *minor_status,
673 671 krb5_gss_ctx_id_rec *ctx,
674 672 unsigned char *ptr, int bodysize,
675 673 gss_buffer_t message_buffer,
676 674 int *conf_state, int *qop_state,
677 675 int toktype);
678 676
679 677 /*
680 678 * SUNW15resync
681 679 * Solaris specific interfaces start
682 680 */
683 681
684 682 OM_uint32 krb5_gss_store_cred (
685 683 OM_uint32 *, /* minor_status */
686 684 const gss_cred_id_t, /* input_cred */
687 685 gss_cred_usage_t, /* cred_usage */
688 686 const gss_OID, /* desired_mech */
689 687 OM_uint32, /* overwrite_cred */
690 688 OM_uint32, /* default_cred */
691 689 gss_OID_set *, /* elements_stored */
692 690 gss_cred_usage_t * /* cred_usage_stored */
693 691 );
694 692
695 693 OM_uint32 krb5_pname_to_uid(
696 694 OM_uint32 *, /* minor status */
697 695 const gss_name_t, /* pname */
698 696 uid_t * /* uidOUt */
699 697 );
700 698
701 699 OM_uint32 krb5_gss_userok(
702 700 OM_uint32 *, /* minor status */
703 701 const gss_name_t, /* remote user principal name */
704 702 const char *, /* local unix user name */
705 703 int * /* remote user ok to login w/out pw? */
706 704 );
707 705
708 706
709 707 /*
710 708 * SUNW15resync
711 709 * Solaris specific interfaces end
712 710 */
713 711
714 712
715 713 /*
716 714 * These take unglued krb5-mech-specific contexts.
717 715 */
718 716
719 717 #define GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH 11
720 718 #define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01"
721 719
722 720 #ifndef _KERNEL
723 721 OM_uint32 gss_krb5int_get_tkt_flags
724 722 (OM_uint32 *minor_status,
725 723 const gss_ctx_id_t context_handle,
726 724 const gss_OID desired_object,
727 725 gss_buffer_set_t *data_set);
728 726
729 727
730 728 OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache
731 729 (OM_uint32 *minor_status,
732 730 gss_cred_id_t cred_handle,
733 731 krb5_ccache out_ccache);
734 732
735 733 #define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH 11
736 734 #define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04"
737 735
738 736 struct krb5_gss_set_allowable_enctypes_req {
739 737 OM_uint32 num_ktypes;
740 738 krb5_enctype *ktypes;
741 739 };
742 740
743 741 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11
744 742 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"
745 743
746 744 OM_uint32
747 745 gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
748 746
749 747 OM_uint32 KRB5_CALLCONV
750 748 gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
751 749 gss_cred_id_t cred,
752 750 OM_uint32 num_ktypes,
753 751 krb5_enctype *ktypes);
754 752
755 753 #endif /* _KERNEL */
756 754
757 755 #if 0
758 756 /*
759 757 * SUNW17PACresync
760 758 * These two functions not needed yet, revisit for full 1.7 resync.
761 759 */
762 760 OM_uint32 KRB5_CALLCONV
763 761 gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
764 762 gss_cred_id_t cred,
765 763 const gss_OID desired_oid,
766 764 const gss_buffer_t value);
767 765
768 766 OM_uint32 KRB5_CALLCONV
769 767 gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status,
770 768 gss_ctx_id_t *context_handle,
771 769 OM_uint32 version,
772 770 void **kctx);
773 771 #endif
774 772
775 773 #ifndef _KERNEL
776 774 #define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH 11
777 775 #define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06"
778 776
779 777 OM_uint32
780 778 gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status,
781 779 const gss_ctx_id_t context_handle,
782 780 const gss_OID desired_object,
783 781 gss_buffer_set_t *data_set);
784 782
785 783 #define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH 11
786 784 #define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07"
787 785
788 786 OM_uint32
789 787 gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID,
790 788 const gss_OID, gss_buffer_t);
791 789
792 790
793 791 extern k5_mutex_t kg_kdc_flag_mutex;
794 792 krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
795 793
796 794
797 795 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11
798 796 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"
799 797
800 798 OM_uint32
801 799 gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
802 800
803 801
804 802 #define GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH 11
805 803 #define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08"
806 804
807 805 OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID,
808 806 const gss_OID, gss_buffer_t);
809 807
810 808 krb5_error_code krb5_gss_use_kdc_context(void);
811 809
812 810 #define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH 11
813 811 #define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09"
814 812
815 813 OM_uint32
816 814 gss_krb5int_register_acceptor_identity(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
817 815
818 816 #define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 11
819 817 #define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0a"
820 818
821 819 OM_uint32
822 820 gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
823 821 const gss_ctx_id_t context_handle,
824 822 const gss_OID desired_object,
825 823 gss_buffer_set_t *ad_data);
826 824
827 825 #define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11
828 826 #define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b"
829 827
830 828 OM_uint32
831 829 gss_krb5int_set_cred_rcache(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss_buffer_t);
832 830
833 831 #define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11
834 832 #define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c"
835 833
836 834 OM_uint32
837 835 gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *,
838 836 const gss_ctx_id_t,
839 837 const gss_OID,
840 838 gss_buffer_set_t *);
841 839 #endif /* _KERNEL */
842 840
843 841 OM_uint32 gss_krb5int_initialize_library(void);
844 842 void gss_krb5int_cleanup_library(void);
845 843
846 844 /* For error message handling. */
847 845 /* Returns a shared string, not a private copy! */
848 846 extern char *
849 847 krb5_gss_get_error_message(OM_uint32 minor_code);
850 848 extern void
851 849 krb5_gss_save_error_string(OM_uint32 minor_code, char *msg);
852 850 extern void
853 851 krb5_gss_save_error_message(OM_uint32 minor_code, const char *format, ...)
854 852 #if !defined(__cplusplus) && (__GNUC__ > 2)
855 853 __attribute__((__format__(__printf__, 2, 3)))
856 854 #endif
857 855 ;
858 856 extern void
859 857 krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx);
860 858 #define get_error_message krb5_gss_get_error_message
861 859 #define save_error_string krb5_gss_save_error_string
862 860 #define save_error_message krb5_gss_save_error_message
863 861
864 862
865 863 /* Solaris Kerberos */
866 864 #ifdef _KERNEL
867 865 #define save_error_info(m, ctx)
868 866 #else
869 867 #define save_error_info krb5_gss_save_error_info
870 868 #endif
871 869
872 870 extern void krb5_gss_delete_error_info(void *p);
873 871
874 872 /* Prefix concatenated with Kerberos encryption type */
875 873 #define GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH 10
876 874 #define GSS_KRB5_SESSION_KEY_ENCTYPE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04"
877 875
878 876 #endif /* _GSSAPIP_KRB5_H_ */
↓ open down ↓ |
412 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX