1 /* 2 * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* $Id: gssapi.h,v 1.26.2.2 2003/05/07 11:12:21 lha Exp $ */ 35 36 #ifndef GSSAPI_H_ 37 #define GSSAPI_H_ 38 39 /* 40 * First, include stddef.h to get size_t defined. 41 */ 42 #include <stddef.h> 43 44 #include <krb5-types.h> 45 46 /* 47 * Now define the three implementation-dependent types. 48 */ 49 50 typedef u_int32_t OM_uint32; 51 52 typedef u_int32_t gss_uint32; 53 54 /* 55 * This is to avoid having to include <krb5.h> 56 */ 57 58 struct krb5_auth_context_data; 59 60 struct Principal; 61 62 /* typedef void *gss_name_t; */ 63 64 typedef struct Principal *gss_name_t; 65 66 typedef struct gss_ctx_id_t_desc_struct { 67 struct krb5_auth_context_data *auth_context; 68 gss_name_t source, target; 69 OM_uint32 flags; 70 enum { LOCAL = 1, OPEN = 2, 71 COMPAT_OLD_DES3 = 4, COMPAT_OLD_DES3_SELECTED = 8 } more_flags; 72 struct krb5_ticket *ticket; 73 time_t lifetime; 74 } gss_ctx_id_t_desc; 75 76 typedef gss_ctx_id_t_desc *gss_ctx_id_t; 77 78 typedef struct gss_OID_desc_struct { 79 OM_uint32 length; 80 void *elements; 81 } gss_OID_desc, *gss_OID; 82 83 typedef struct gss_OID_set_desc_struct { 84 size_t count; 85 gss_OID elements; 86 } gss_OID_set_desc, *gss_OID_set; 87 88 struct krb5_keytab_data; 89 90 struct krb5_ccache_data; 91 92 typedef int gss_cred_usage_t; 93 94 typedef struct gss_cred_id_t_desc_struct { 95 gss_name_t principal; 96 struct krb5_keytab_data *keytab; 97 OM_uint32 lifetime; 98 gss_cred_usage_t usage; 99 gss_OID_set mechanisms; 100 struct krb5_ccache_data *ccache; 101 } gss_cred_id_t_desc; 102 103 typedef gss_cred_id_t_desc *gss_cred_id_t; 104 105 typedef struct gss_buffer_desc_struct { 106 size_t length; 107 void *value; 108 } gss_buffer_desc, *gss_buffer_t; 109 110 typedef struct gss_channel_bindings_struct { 111 OM_uint32 initiator_addrtype; 112 gss_buffer_desc initiator_address; 113 OM_uint32 acceptor_addrtype; 114 gss_buffer_desc acceptor_address; 115 gss_buffer_desc application_data; 116 } *gss_channel_bindings_t; 117 118 /* 119 * For now, define a QOP-type as an OM_uint32 120 */ 121 typedef OM_uint32 gss_qop_t; 122 123 /* 124 * Flag bits for context-level services. 125 */ 126 #define GSS_C_DELEG_FLAG 1 127 #define GSS_C_MUTUAL_FLAG 2 128 #define GSS_C_REPLAY_FLAG 4 129 #define GSS_C_SEQUENCE_FLAG 8 130 #define GSS_C_CONF_FLAG 16 131 #define GSS_C_INTEG_FLAG 32 132 #define GSS_C_ANON_FLAG 64 133 #define GSS_C_PROT_READY_FLAG 128 134 #define GSS_C_TRANS_FLAG 256 135 136 /* 137 * Credential usage options 138 */ 139 #define GSS_C_BOTH 0 140 #define GSS_C_INITIATE 1 141 #define GSS_C_ACCEPT 2 142 143 /* 144 * Status code types for gss_display_status 145 */ 146 #define GSS_C_GSS_CODE 1 147 #define GSS_C_MECH_CODE 2 148 149 /* 150 * The constant definitions for channel-bindings address families 151 */ 152 #define GSS_C_AF_UNSPEC 0 153 #define GSS_C_AF_LOCAL 1 154 #define GSS_C_AF_INET 2 155 #define GSS_C_AF_IMPLINK 3 156 #define GSS_C_AF_PUP 4 157 #define GSS_C_AF_CHAOS 5 158 #define GSS_C_AF_NS 6 159 #define GSS_C_AF_NBS 7 160 #define GSS_C_AF_ECMA 8 161 #define GSS_C_AF_DATAKIT 9 162 #define GSS_C_AF_CCITT 10 163 #define GSS_C_AF_SNA 11 164 #define GSS_C_AF_DECnet 12 165 #define GSS_C_AF_DLI 13 166 #define GSS_C_AF_LAT 14 167 #define GSS_C_AF_HYLINK 15 168 #define GSS_C_AF_APPLETALK 16 169 #define GSS_C_AF_BSC 17 170 #define GSS_C_AF_DSS 18 171 #define GSS_C_AF_OSI 19 172 #define GSS_C_AF_X25 21 173 #define GSS_C_AF_INET6 24 174 175 #define GSS_C_AF_NULLADDR 255 176 177 /* 178 * Various Null values 179 */ 180 #define GSS_C_NO_NAME ((gss_name_t) 0) 181 #define GSS_C_NO_BUFFER ((gss_buffer_t) 0) 182 #define GSS_C_NO_OID ((gss_OID) 0) 183 #define GSS_C_NO_OID_SET ((gss_OID_set) 0) 184 #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) 185 #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) 186 #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) 187 #define GSS_C_EMPTY_BUFFER {0, NULL} 188 189 /* 190 * Some alternate names for a couple of the above 191 * values. These are defined for V1 compatibility. 192 */ 193 #define GSS_C_NULL_OID GSS_C_NO_OID 194 #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET 195 196 /* 197 * Define the default Quality of Protection for per-message 198 * services. Note that an implementation that offers multiple 199 * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero 200 * (as done here) to mean "default protection", or to a specific 201 * explicit QOP value. However, a value of 0 should always be 202 * interpreted by a GSSAPI implementation as a request for the 203 * default protection level. 204 */ 205 #define GSS_C_QOP_DEFAULT 0 206 207 #define GSS_KRB5_CONF_C_QOP_DES 0x0100 208 #define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 209 210 /* 211 * Expiration time of 2^32-1 seconds means infinite lifetime for a 212 * credential or security context 213 */ 214 #define GSS_C_INDEFINITE 0xfffffffful 215 216 #ifdef __cplusplus 217 extern "C" { 218 #endif 219 220 /* 221 * The implementation must reserve static storage for a 222 * gss_OID_desc object containing the value 223 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 224 * "\x01\x02\x01\x01"}, 225 * corresponding to an object-identifier value of 226 * {iso(1) member-body(2) United States(840) mit(113554) 227 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant 228 * GSS_C_NT_USER_NAME should be initialized to point 229 * to that gss_OID_desc. 230 */ 231 extern gss_OID GSS_C_NT_USER_NAME; 232 233 /* 234 * The implementation must reserve static storage for a 235 * gss_OID_desc object containing the value 236 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 237 * "\x01\x02\x01\x02"}, 238 * corresponding to an object-identifier value of 239 * {iso(1) member-body(2) United States(840) mit(113554) 240 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. 241 * The constant GSS_C_NT_MACHINE_UID_NAME should be 242 * initialized to point to that gss_OID_desc. 243 */ 244 extern gss_OID GSS_C_NT_MACHINE_UID_NAME; 245 246 /* 247 * The implementation must reserve static storage for a 248 * gss_OID_desc object containing the value 249 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 250 * "\x01\x02\x01\x03"}, 251 * corresponding to an object-identifier value of 252 * {iso(1) member-body(2) United States(840) mit(113554) 253 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. 254 * The constant GSS_C_NT_STRING_UID_NAME should be 255 * initialized to point to that gss_OID_desc. 256 */ 257 extern gss_OID GSS_C_NT_STRING_UID_NAME; 258 259 /* 260 * The implementation must reserve static storage for a 261 * gss_OID_desc object containing the value 262 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, 263 * corresponding to an object-identifier value of 264 * {iso(1) org(3) dod(6) internet(1) security(5) 265 * nametypes(6) gss-host-based-services(2)). The constant 266 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point 267 * to that gss_OID_desc. This is a deprecated OID value, and 268 * implementations wishing to support hostbased-service names 269 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, 270 * defined below, to identify such names; 271 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym 272 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input 273 * parameter, but should not be emitted by GSS-API 274 * implementations 275 */ 276 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; 277 278 /* 279 * The implementation must reserve static storage for a 280 * gss_OID_desc object containing the value 281 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 282 * "\x01\x02\x01\x04"}, corresponding to an 283 * object-identifier value of {iso(1) member-body(2) 284 * Unites States(840) mit(113554) infosys(1) gssapi(2) 285 * generic(1) service_name(4)}. The constant 286 * GSS_C_NT_HOSTBASED_SERVICE should be initialized 287 * to point to that gss_OID_desc. 288 */ 289 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; 290 291 /* 292 * The implementation must reserve static storage for a 293 * gss_OID_desc object containing the value 294 * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, 295 * corresponding to an object identifier value of 296 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 297 * 6(nametypes), 3(gss-anonymous-name)}. The constant 298 * and GSS_C_NT_ANONYMOUS should be initialized to point 299 * to that gss_OID_desc. 300 */ 301 extern gss_OID GSS_C_NT_ANONYMOUS; 302 303 /* 304 * The implementation must reserve static storage for a 305 * gss_OID_desc object containing the value 306 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, 307 * corresponding to an object-identifier value of 308 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 309 * 6(nametypes), 4(gss-api-exported-name)}. The constant 310 * GSS_C_NT_EXPORT_NAME should be initialized to point 311 * to that gss_OID_desc. 312 */ 313 extern gss_OID GSS_C_NT_EXPORT_NAME; 314 315 /* 316 * This if for kerberos5 names. 317 */ 318 319 extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; 320 extern gss_OID GSS_KRB5_NT_USER_NAME; 321 extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; 322 extern gss_OID GSS_KRB5_NT_STRING_UID_NAME; 323 324 extern gss_OID GSS_KRB5_MECHANISM; 325 326 /* for compatibility with MIT api */ 327 328 #define gss_mech_krb5 GSS_KRB5_MECHANISM 329 330 /* Major status codes */ 331 332 #define GSS_S_COMPLETE 0 333 334 /* 335 * Some "helper" definitions to make the status code macros obvious. 336 */ 337 #define GSS_C_CALLING_ERROR_OFFSET 24 338 #define GSS_C_ROUTINE_ERROR_OFFSET 16 339 #define GSS_C_SUPPLEMENTARY_OFFSET 0 340 #define GSS_C_CALLING_ERROR_MASK 0377ul 341 #define GSS_C_ROUTINE_ERROR_MASK 0377ul 342 #define GSS_C_SUPPLEMENTARY_MASK 0177777ul 343 344 /* 345 * The macros that test status codes for error conditions. 346 * Note that the GSS_ERROR() macro has changed slightly from 347 * the V1 GSSAPI so that it now evaluates its argument 348 * only once. 349 */ 350 #define GSS_CALLING_ERROR(x) \ 351 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) 352 #define GSS_ROUTINE_ERROR(x) \ 353 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) 354 #define GSS_SUPPLEMENTARY_INFO(x) \ 355 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) 356 #define GSS_ERROR(x) \ 357 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ 358 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) 359 360 /* 361 * Now the actual status code definitions 362 */ 363 364 /* 365 * Calling errors: 366 */ 367 #define GSS_S_CALL_INACCESSIBLE_READ \ 368 (1ul << GSS_C_CALLING_ERROR_OFFSET) 369 #define GSS_S_CALL_INACCESSIBLE_WRITE \ 370 (2ul << GSS_C_CALLING_ERROR_OFFSET) 371 #define GSS_S_CALL_BAD_STRUCTURE \ 372 (3ul << GSS_C_CALLING_ERROR_OFFSET) 373 374 /* 375 * Routine errors: 376 */ 377 #define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET) 378 #define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET) 379 #define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET) 380 381 #define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET) 382 #define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET) 383 #define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET) 384 #define GSS_S_BAD_MIC GSS_S_BAD_SIG 385 #define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET) 386 #define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET) 387 #define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET) 388 #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) 389 #define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) 390 #define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) 391 #define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) 392 #define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) 393 #define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) 394 #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) 395 #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) 396 #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) 397 398 /* 399 * Supplementary info bits: 400 */ 401 #define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) 402 #define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) 403 #define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) 404 #define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) 405 #define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) 406 407 /* 408 * From RFC1964: 409 * 410 * 4.1.1. Non-Kerberos-specific codes 411 */ 412 413 #define GSS_KRB5_S_G_BAD_SERVICE_NAME 1 414 /* "No @ in SERVICE-NAME name string" */ 415 #define GSS_KRB5_S_G_BAD_STRING_UID 2 416 /* "STRING-UID-NAME contains nondigits" */ 417 #define GSS_KRB5_S_G_NOUSER 3 418 /* "UID does not resolve to username" */ 419 #define GSS_KRB5_S_G_VALIDATE_FAILED 4 420 /* "Validation error" */ 421 #define GSS_KRB5_S_G_BUFFER_ALLOC 5 422 /* "Couldn't allocate gss_buffer_t data" */ 423 #define GSS_KRB5_S_G_BAD_MSG_CTX 6 424 /* "Message context invalid" */ 425 #define GSS_KRB5_S_G_WRONG_SIZE 7 426 /* "Buffer is the wrong size" */ 427 #define GSS_KRB5_S_G_BAD_USAGE 8 428 /* "Credential usage type is unknown" */ 429 #define GSS_KRB5_S_G_UNKNOWN_QOP 9 430 /* "Unknown quality of protection specified" */ 431 432 /* 433 * 4.1.2. Kerberos-specific-codes 434 */ 435 436 #define GSS_KRB5_S_KG_CCACHE_NOMATCH 10 437 /* "Principal in credential cache does not match desired name" */ 438 #define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11 439 /* "No principal in keytab matches desired name" */ 440 #define GSS_KRB5_S_KG_TGT_MISSING 12 441 /* "Credential cache has no TGT" */ 442 #define GSS_KRB5_S_KG_NO_SUBKEY 13 443 /* "Authenticator has no subkey" */ 444 #define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14 445 /* "Context is already fully established" */ 446 #define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15 447 /* "Unknown signature type in token" */ 448 #define GSS_KRB5_S_KG_BAD_LENGTH 16 449 /* "Invalid field length in token" */ 450 #define GSS_KRB5_S_KG_CTX_INCOMPLETE 17 451 /* "Attempt to use incomplete security context" */ 452 453 /* 454 * Finally, function prototypes for the GSS-API routines. 455 */ 456 457 OM_uint32 gss_acquire_cred 458 (OM_uint32 * /*minor_status*/, 459 const gss_name_t /*desired_name*/, 460 OM_uint32 /*time_req*/, 461 const gss_OID_set /*desired_mechs*/, 462 gss_cred_usage_t /*cred_usage*/, 463 gss_cred_id_t * /*output_cred_handle*/, 464 gss_OID_set * /*actual_mechs*/, 465 OM_uint32 * /*time_rec*/ 466 ); 467 468 OM_uint32 gss_release_cred 469 (OM_uint32 * /*minor_status*/, 470 gss_cred_id_t * /*cred_handle*/ 471 ); 472 473 OM_uint32 gss_init_sec_context 474 (OM_uint32 * /*minor_status*/, 475 const gss_cred_id_t /*initiator_cred_handle*/, 476 gss_ctx_id_t * /*context_handle*/, 477 const gss_name_t /*target_name*/, 478 const gss_OID /*mech_type*/, 479 OM_uint32 /*req_flags*/, 480 OM_uint32 /*time_req*/, 481 const gss_channel_bindings_t /*input_chan_bindings*/, 482 const gss_buffer_t /*input_token*/, 483 gss_OID * /*actual_mech_type*/, 484 gss_buffer_t /*output_token*/, 485 OM_uint32 * /*ret_flags*/, 486 OM_uint32 * /*time_rec*/ 487 ); 488 489 OM_uint32 gss_accept_sec_context 490 (OM_uint32 * /*minor_status*/, 491 gss_ctx_id_t * /*context_handle*/, 492 const gss_cred_id_t /*acceptor_cred_handle*/, 493 const gss_buffer_t /*input_token_buffer*/, 494 const gss_channel_bindings_t /*input_chan_bindings*/, 495 gss_name_t * /*src_name*/, 496 gss_OID * /*mech_type*/, 497 gss_buffer_t /*output_token*/, 498 OM_uint32 * /*ret_flags*/, 499 OM_uint32 * /*time_rec*/, 500 gss_cred_id_t * /*delegated_cred_handle*/ 501 ); 502 503 OM_uint32 gss_process_context_token 504 (OM_uint32 * /*minor_status*/, 505 const gss_ctx_id_t /*context_handle*/, 506 const gss_buffer_t /*token_buffer*/ 507 ); 508 509 OM_uint32 gss_delete_sec_context 510 (OM_uint32 * /*minor_status*/, 511 gss_ctx_id_t * /*context_handle*/, 512 gss_buffer_t /*output_token*/ 513 ); 514 515 OM_uint32 gss_context_time 516 (OM_uint32 * /*minor_status*/, 517 const gss_ctx_id_t /*context_handle*/, 518 OM_uint32 * /*time_rec*/ 519 ); 520 521 OM_uint32 gss_get_mic 522 (OM_uint32 * /*minor_status*/, 523 const gss_ctx_id_t /*context_handle*/, 524 gss_qop_t /*qop_req*/, 525 const gss_buffer_t /*message_buffer*/, 526 gss_buffer_t /*message_token*/ 527 ); 528 529 OM_uint32 gss_verify_mic 530 (OM_uint32 * /*minor_status*/, 531 const gss_ctx_id_t /*context_handle*/, 532 const gss_buffer_t /*message_buffer*/, 533 const gss_buffer_t /*token_buffer*/, 534 gss_qop_t * /*qop_state*/ 535 ); 536 537 OM_uint32 gss_wrap 538 (OM_uint32 * /*minor_status*/, 539 const gss_ctx_id_t /*context_handle*/, 540 int /*conf_req_flag*/, 541 gss_qop_t /*qop_req*/, 542 const gss_buffer_t /*input_message_buffer*/, 543 int * /*conf_state*/, 544 gss_buffer_t /*output_message_buffer*/ 545 ); 546 547 OM_uint32 gss_unwrap 548 (OM_uint32 * /*minor_status*/, 549 const gss_ctx_id_t /*context_handle*/, 550 const gss_buffer_t /*input_message_buffer*/, 551 gss_buffer_t /*output_message_buffer*/, 552 int * /*conf_state*/, 553 gss_qop_t * /*qop_state*/ 554 ); 555 556 OM_uint32 gss_display_status 557 (OM_uint32 * /*minor_status*/, 558 OM_uint32 /*status_value*/, 559 int /*status_type*/, 560 const gss_OID /*mech_type*/, 561 OM_uint32 * /*message_context*/, 562 gss_buffer_t /*status_string*/ 563 ); 564 565 OM_uint32 gss_indicate_mechs 566 (OM_uint32 * /*minor_status*/, 567 gss_OID_set * /*mech_set*/ 568 ); 569 570 OM_uint32 gss_compare_name 571 (OM_uint32 * /*minor_status*/, 572 const gss_name_t /*name1*/, 573 const gss_name_t /*name2*/, 574 int * /*name_equal*/ 575 ); 576 577 OM_uint32 gss_display_name 578 (OM_uint32 * /*minor_status*/, 579 const gss_name_t /*input_name*/, 580 gss_buffer_t /*output_name_buffer*/, 581 gss_OID * /*output_name_type*/ 582 ); 583 584 OM_uint32 gss_import_name 585 (OM_uint32 * /*minor_status*/, 586 const gss_buffer_t /*input_name_buffer*/, 587 const gss_OID /*input_name_type*/, 588 gss_name_t * /*output_name*/ 589 ); 590 591 OM_uint32 gss_export_name 592 (OM_uint32 * /*minor_status*/, 593 const gss_name_t /*input_name*/, 594 gss_buffer_t /*exported_name*/ 595 ); 596 597 OM_uint32 gss_release_name 598 (OM_uint32 * /*minor_status*/, 599 gss_name_t * /*input_name*/ 600 ); 601 602 OM_uint32 gss_release_buffer 603 (OM_uint32 * /*minor_status*/, 604 gss_buffer_t /*buffer*/ 605 ); 606 607 OM_uint32 gss_release_oid_set 608 (OM_uint32 * /*minor_status*/, 609 gss_OID_set * /*set*/ 610 ); 611 612 OM_uint32 gss_inquire_cred 613 (OM_uint32 * /*minor_status*/, 614 const gss_cred_id_t /*cred_handle*/, 615 gss_name_t * /*name*/, 616 OM_uint32 * /*lifetime*/, 617 gss_cred_usage_t * /*cred_usage*/, 618 gss_OID_set * /*mechanisms*/ 619 ); 620 621 OM_uint32 gss_inquire_context ( 622 OM_uint32 * /*minor_status*/, 623 const gss_ctx_id_t /*context_handle*/, 624 gss_name_t * /*src_name*/, 625 gss_name_t * /*targ_name*/, 626 OM_uint32 * /*lifetime_rec*/, 627 gss_OID * /*mech_type*/, 628 OM_uint32 * /*ctx_flags*/, 629 int * /*locally_initiated*/, 630 int * /*open_context*/ 631 ); 632 633 OM_uint32 gss_wrap_size_limit ( 634 OM_uint32 * /*minor_status*/, 635 const gss_ctx_id_t /*context_handle*/, 636 int /*conf_req_flag*/, 637 gss_qop_t /*qop_req*/, 638 OM_uint32 /*req_output_size*/, 639 OM_uint32 * /*max_input_size*/ 640 ); 641 642 OM_uint32 gss_add_cred ( 643 OM_uint32 * /*minor_status*/, 644 const gss_cred_id_t /*input_cred_handle*/, 645 const gss_name_t /*desired_name*/, 646 const gss_OID /*desired_mech*/, 647 gss_cred_usage_t /*cred_usage*/, 648 OM_uint32 /*initiator_time_req*/, 649 OM_uint32 /*acceptor_time_req*/, 650 gss_cred_id_t * /*output_cred_handle*/, 651 gss_OID_set * /*actual_mechs*/, 652 OM_uint32 * /*initiator_time_rec*/, 653 OM_uint32 * /*acceptor_time_rec*/ 654 ); 655 656 OM_uint32 gss_inquire_cred_by_mech ( 657 OM_uint32 * /*minor_status*/, 658 const gss_cred_id_t /*cred_handle*/, 659 const gss_OID /*mech_type*/, 660 gss_name_t * /*name*/, 661 OM_uint32 * /*initiator_lifetime*/, 662 OM_uint32 * /*acceptor_lifetime*/, 663 gss_cred_usage_t * /*cred_usage*/ 664 ); 665 666 OM_uint32 gss_export_sec_context ( 667 OM_uint32 * /*minor_status*/, 668 gss_ctx_id_t * /*context_handle*/, 669 gss_buffer_t /*interprocess_token*/ 670 ); 671 672 OM_uint32 gss_import_sec_context ( 673 OM_uint32 * /*minor_status*/, 674 const gss_buffer_t /*interprocess_token*/, 675 gss_ctx_id_t * /*context_handle*/ 676 ); 677 678 OM_uint32 gss_create_empty_oid_set ( 679 OM_uint32 * /*minor_status*/, 680 gss_OID_set * /*oid_set*/ 681 ); 682 683 OM_uint32 gss_add_oid_set_member ( 684 OM_uint32 * /*minor_status*/, 685 const gss_OID /*member_oid*/, 686 gss_OID_set * /*oid_set*/ 687 ); 688 689 OM_uint32 gss_test_oid_set_member ( 690 OM_uint32 * /*minor_status*/, 691 const gss_OID /*member*/, 692 const gss_OID_set /*set*/, 693 int * /*present*/ 694 ); 695 696 OM_uint32 gss_inquire_names_for_mech ( 697 OM_uint32 * /*minor_status*/, 698 const gss_OID /*mechanism*/, 699 gss_OID_set * /*name_types*/ 700 ); 701 702 OM_uint32 gss_inquire_mechs_for_name ( 703 OM_uint32 * /*minor_status*/, 704 const gss_name_t /*input_name*/, 705 gss_OID_set * /*mech_types*/ 706 ); 707 708 OM_uint32 gss_canonicalize_name ( 709 OM_uint32 * /*minor_status*/, 710 const gss_name_t /*input_name*/, 711 const gss_OID /*mech_type*/, 712 gss_name_t * /*output_name*/ 713 ); 714 715 OM_uint32 gss_duplicate_name ( 716 OM_uint32 * /*minor_status*/, 717 const gss_name_t /*src_name*/, 718 gss_name_t * /*dest_name*/ 719 ); 720 721 /* 722 * The following routines are obsolete variants of gss_get_mic, 723 * gss_verify_mic, gss_wrap and gss_unwrap. They should be 724 * provided by GSSAPI V2 implementations for backwards 725 * compatibility with V1 applications. Distinct entrypoints 726 * (as opposed to #defines) should be provided, both to allow 727 * GSSAPI V1 applications to link against GSSAPI V2 implementations, 728 * and to retain the slight parameter type differences between the 729 * obsolete versions of these routines and their current forms. 730 */ 731 732 OM_uint32 gss_sign 733 (OM_uint32 * /*minor_status*/, 734 gss_ctx_id_t /*context_handle*/, 735 int /*qop_req*/, 736 gss_buffer_t /*message_buffer*/, 737 gss_buffer_t /*message_token*/ 738 ); 739 740 OM_uint32 gss_verify 741 (OM_uint32 * /*minor_status*/, 742 gss_ctx_id_t /*context_handle*/, 743 gss_buffer_t /*message_buffer*/, 744 gss_buffer_t /*token_buffer*/, 745 int * /*qop_state*/ 746 ); 747 748 OM_uint32 gss_seal 749 (OM_uint32 * /*minor_status*/, 750 gss_ctx_id_t /*context_handle*/, 751 int /*conf_req_flag*/, 752 int /*qop_req*/, 753 gss_buffer_t /*input_message_buffer*/, 754 int * /*conf_state*/, 755 gss_buffer_t /*output_message_buffer*/ 756 ); 757 758 OM_uint32 gss_unseal 759 (OM_uint32 * /*minor_status*/, 760 gss_ctx_id_t /*context_handle*/, 761 gss_buffer_t /*input_message_buffer*/, 762 gss_buffer_t /*output_message_buffer*/, 763 int * /*conf_state*/, 764 int * /*qop_state*/ 765 ); 766 767 /* 768 * kerberos mechanism specific functions 769 */ 770 771 OM_uint32 gsskrb5_register_acceptor_identity 772 (const char */*identity*/); 773 774 OM_uint32 gss_krb5_copy_ccache 775 (OM_uint32 */*minor*/, 776 gss_cred_id_t /*cred*/, 777 struct krb5_ccache_data */*out*/); 778 779 #define GSS_C_KRB5_COMPAT_DES3_MIC 1 780 781 OM_uint32 782 gss_krb5_compat_des3_mic(OM_uint32 *, gss_ctx_id_t, int); 783 784 #ifdef __cplusplus 785 } 786 #endif 787 788 #endif /* GSSAPI_H_ */ 789