1 /* 2 * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* $Id$ */ 35 36 #ifndef GSSAPI_KRB5_H_ 37 #define GSSAPI_KRB5_H_ 38 39 #include <gssapi/gssapi.h> 40 41 GSSAPI_CPP_START 42 43 #if !defined(__GNUC__) && !defined(__attribute__) 44 #define __attribute__(x) 45 #endif 46 47 #ifndef GSSKRB5_FUNCTION_DEPRECATED 48 #define GSSKRB5_FUNCTION_DEPRECATED __attribute__((deprecated)) 49 #endif 50 51 52 /* 53 * This is for kerberos5 names. 54 */ 55 56 extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc; 57 #define GSS_KRB5_NT_PRINCIPAL_NAME (&__gss_krb5_nt_principal_name_oid_desc) 58 59 #define GSS_KRB5_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc) 60 #define GSS_KRB5_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc) 61 #define GSS_KRB5_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc) 62 63 extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc; 64 #define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc) 65 66 /* for compatibility with MIT api */ 67 68 #define gss_mech_krb5 GSS_KRB5_MECHANISM 69 #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME 70 71 /* 72 * kerberos mechanism specific functions 73 */ 74 75 struct krb5_keytab_data; 76 struct krb5_ccache_data; 77 struct Principal; 78 79 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 80 gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, 81 const char * /*name */, 82 const char ** /*out_name */); 83 84 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_register_acceptor_identity 85 (const char * /*identity*/); 86 87 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL krb5_gss_register_acceptor_identity 88 (const char * /*identity*/); 89 90 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_copy_ccache 91 (OM_uint32 * /*minor*/, 92 gss_cred_id_t /*cred*/, 93 struct krb5_ccache_data * /*out*/); 94 95 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 96 gss_krb5_import_cred(OM_uint32 * /*minor*/, 97 struct krb5_ccache_data * /*in*/, 98 struct Principal * /*keytab_principal*/, 99 struct krb5_keytab_data * /*keytab*/, 100 gss_cred_id_t * /*out*/); 101 102 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_get_tkt_flags 103 (OM_uint32 * /*minor*/, 104 gss_ctx_id_t /*context_handle*/, 105 OM_uint32 * /*tkt_flags*/); 106 107 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 108 gsskrb5_extract_authz_data_from_sec_context 109 (OM_uint32 * /*minor_status*/, 110 gss_ctx_id_t /*context_handle*/, 111 int /*ad_type*/, 112 gss_buffer_t /*ad_data*/); 113 114 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 115 gsskrb5_set_dns_canonicalize(int); 116 117 struct gsskrb5_send_to_kdc { 118 void *func; 119 void *ptr; 120 }; 121 122 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 123 gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *) 124 GSSKRB5_FUNCTION_DEPRECATED; 125 126 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 127 gsskrb5_set_default_realm(const char *); 128 129 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 130 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *); 131 132 struct EncryptionKey; 133 134 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 135 gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, 136 gss_ctx_id_t context_handle, 137 struct EncryptionKey **out); 138 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 139 gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, 140 gss_ctx_id_t context_handle, 141 struct EncryptionKey **out); 142 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 143 gsskrb5_get_subkey(OM_uint32 *minor_status, 144 gss_ctx_id_t context_handle, 145 struct EncryptionKey **out); 146 147 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 148 gsskrb5_set_time_offset(int); 149 150 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 151 gsskrb5_get_time_offset(int *); 152 153 struct gsskrb5_krb5_plugin { 154 int type; 155 char *name; 156 void *symbol; 157 }; 158 159 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 160 gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *); 161 162 163 /* 164 * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to 165 * do GSS content token handling in-kernel. 166 */ 167 168 typedef struct gss_krb5_lucid_key { 169 OM_uint32 type; 170 OM_uint32 length; 171 void * data; 172 } gss_krb5_lucid_key_t; 173 174 typedef struct gss_krb5_rfc1964_keydata { 175 OM_uint32 sign_alg; 176 OM_uint32 seal_alg; 177 gss_krb5_lucid_key_t ctx_key; 178 } gss_krb5_rfc1964_keydata_t; 179 180 typedef struct gss_krb5_cfx_keydata { 181 OM_uint32 have_acceptor_subkey; 182 gss_krb5_lucid_key_t ctx_key; 183 gss_krb5_lucid_key_t acceptor_subkey; 184 } gss_krb5_cfx_keydata_t; 185 186 typedef struct gss_krb5_lucid_context_v1 { 187 OM_uint32 version; 188 OM_uint32 initiate; 189 OM_uint32 endtime; 190 OM_uint64 send_seq; 191 OM_uint64 recv_seq; 192 OM_uint32 protocol; 193 gss_krb5_rfc1964_keydata_t rfc1964_kd; 194 gss_krb5_cfx_keydata_t cfx_kd; 195 } gss_krb5_lucid_context_v1_t; 196 197 typedef struct gss_krb5_lucid_context_version { 198 OM_uint32 version; /* Structure version number */ 199 } gss_krb5_lucid_context_version_t; 200 201 /* 202 * Function declarations 203 */ 204 205 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 206 gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, 207 gss_ctx_id_t *context_handle, 208 OM_uint32 version, 209 void **kctx); 210 211 212 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 213 gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, 214 void *kctx); 215 216 217 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 218 gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, 219 gss_cred_id_t cred, 220 OM_uint32 num_enctypes, 221 int32_t *enctypes); 222 223 GSSAPI_CPP_END 224 225 #endif /* GSSAPI_SPNEGO_H_ */ 226