xref: /freebsd/crypto/heimdal/lib/gssapi/gssapi.h (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1 /*
2  * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 /* $Id: gssapi.h,v 1.26.2.2 2003/05/07 11:12:21 lha Exp $ */
35 
36 #ifndef GSSAPI_H_
37 #define GSSAPI_H_
38 
39 /*
40  * First, include stddef.h to get size_t defined.
41  */
42 #include <stddef.h>
43 
44 #include <krb5-types.h>
45 
46 /*
47  * Now define the three implementation-dependent types.
48  */
49 
50 typedef u_int32_t OM_uint32;
51 
52 typedef u_int32_t gss_uint32;
53 
54 /*
55  * This is to avoid having to include <krb5.h>
56  */
57 
58 struct krb5_auth_context_data;
59 
60 struct Principal;
61 
62 /* typedef void *gss_name_t; */
63 
64 typedef struct Principal *gss_name_t;
65 
66 typedef struct gss_ctx_id_t_desc_struct {
67   struct krb5_auth_context_data *auth_context;
68   gss_name_t source, target;
69   OM_uint32 flags;
70   enum { LOCAL = 1, OPEN = 2,
71 	 COMPAT_OLD_DES3 = 4, COMPAT_OLD_DES3_SELECTED = 8 } more_flags;
72   struct krb5_ticket *ticket;
73   time_t lifetime;
74 } gss_ctx_id_t_desc;
75 
76 typedef gss_ctx_id_t_desc *gss_ctx_id_t;
77 
78 typedef struct gss_OID_desc_struct {
79       OM_uint32 length;
80       void      *elements;
81 } gss_OID_desc, *gss_OID;
82 
83 typedef struct gss_OID_set_desc_struct  {
84       size_t     count;
85       gss_OID    elements;
86 } gss_OID_set_desc, *gss_OID_set;
87 
88 struct krb5_keytab_data;
89 
90 struct krb5_ccache_data;
91 
92 typedef int gss_cred_usage_t;
93 
94 typedef struct gss_cred_id_t_desc_struct {
95   gss_name_t principal;
96   struct krb5_keytab_data *keytab;
97   OM_uint32 lifetime;
98   gss_cred_usage_t usage;
99   gss_OID_set mechanisms;
100   struct krb5_ccache_data *ccache;
101 } gss_cred_id_t_desc;
102 
103 typedef gss_cred_id_t_desc *gss_cred_id_t;
104 
105 typedef struct gss_buffer_desc_struct {
106       size_t length;
107       void *value;
108 } gss_buffer_desc, *gss_buffer_t;
109 
110 typedef struct gss_channel_bindings_struct {
111       OM_uint32 initiator_addrtype;
112       gss_buffer_desc initiator_address;
113       OM_uint32 acceptor_addrtype;
114       gss_buffer_desc acceptor_address;
115       gss_buffer_desc application_data;
116 } *gss_channel_bindings_t;
117 
118 /*
119  * For now, define a QOP-type as an OM_uint32
120  */
121 typedef OM_uint32 gss_qop_t;
122 
123 /*
124  * Flag bits for context-level services.
125  */
126 #define GSS_C_DELEG_FLAG 1
127 #define GSS_C_MUTUAL_FLAG 2
128 #define GSS_C_REPLAY_FLAG 4
129 #define GSS_C_SEQUENCE_FLAG 8
130 #define GSS_C_CONF_FLAG 16
131 #define GSS_C_INTEG_FLAG 32
132 #define GSS_C_ANON_FLAG 64
133 #define GSS_C_PROT_READY_FLAG 128
134 #define GSS_C_TRANS_FLAG 256
135 
136 /*
137  * Credential usage options
138  */
139 #define GSS_C_BOTH 0
140 #define GSS_C_INITIATE 1
141 #define GSS_C_ACCEPT 2
142 
143 /*
144  * Status code types for gss_display_status
145  */
146 #define GSS_C_GSS_CODE 1
147 #define GSS_C_MECH_CODE 2
148 
149 /*
150  * The constant definitions for channel-bindings address families
151  */
152 #define GSS_C_AF_UNSPEC     0
153 #define GSS_C_AF_LOCAL      1
154 #define GSS_C_AF_INET       2
155 #define GSS_C_AF_IMPLINK    3
156 #define GSS_C_AF_PUP        4
157 #define GSS_C_AF_CHAOS      5
158 #define GSS_C_AF_NS         6
159 #define GSS_C_AF_NBS        7
160 #define GSS_C_AF_ECMA       8
161 #define GSS_C_AF_DATAKIT    9
162 #define GSS_C_AF_CCITT      10
163 #define GSS_C_AF_SNA        11
164 #define GSS_C_AF_DECnet     12
165 #define GSS_C_AF_DLI        13
166 #define GSS_C_AF_LAT        14
167 #define GSS_C_AF_HYLINK     15
168 #define GSS_C_AF_APPLETALK  16
169 #define GSS_C_AF_BSC        17
170 #define GSS_C_AF_DSS        18
171 #define GSS_C_AF_OSI        19
172 #define GSS_C_AF_X25        21
173 #define GSS_C_AF_INET6	    24
174 
175 #define GSS_C_AF_NULLADDR   255
176 
177 /*
178  * Various Null values
179  */
180 #define GSS_C_NO_NAME ((gss_name_t) 0)
181 #define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
182 #define GSS_C_NO_OID ((gss_OID) 0)
183 #define GSS_C_NO_OID_SET ((gss_OID_set) 0)
184 #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
185 #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
186 #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
187 #define GSS_C_EMPTY_BUFFER {0, NULL}
188 
189 /*
190  * Some alternate names for a couple of the above
191  * values.  These are defined for V1 compatibility.
192  */
193 #define GSS_C_NULL_OID GSS_C_NO_OID
194 #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
195 
196 /*
197  * Define the default Quality of Protection for per-message
198  * services.  Note that an implementation that offers multiple
199  * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
200  * (as done here) to mean "default protection", or to a specific
201  * explicit QOP value.  However, a value of 0 should always be
202  * interpreted by a GSSAPI implementation as a request for the
203  * default protection level.
204  */
205 #define GSS_C_QOP_DEFAULT 0
206 
207 #define GSS_KRB5_CONF_C_QOP_DES		0x0100
208 #define GSS_KRB5_CONF_C_QOP_DES3_KD	0x0200
209 
210 /*
211  * Expiration time of 2^32-1 seconds means infinite lifetime for a
212  * credential or security context
213  */
214 #define GSS_C_INDEFINITE 0xfffffffful
215 
216 #ifdef __cplusplus
217 extern "C" {
218 #endif
219 
220 /*
221  * The implementation must reserve static storage for a
222  * gss_OID_desc object containing the value
223  * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
224  *              "\x01\x02\x01\x01"},
225  * corresponding to an object-identifier value of
226  * {iso(1) member-body(2) United States(840) mit(113554)
227  *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
228  * GSS_C_NT_USER_NAME should be initialized to point
229  * to that gss_OID_desc.
230  */
231 extern gss_OID GSS_C_NT_USER_NAME;
232 
233 /*
234  * The implementation must reserve static storage for a
235  * gss_OID_desc object containing the value
236  * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
237  *              "\x01\x02\x01\x02"},
238  * corresponding to an object-identifier value of
239  * {iso(1) member-body(2) United States(840) mit(113554)
240  *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
241  * The constant GSS_C_NT_MACHINE_UID_NAME should be
242  * initialized to point to that gss_OID_desc.
243  */
244 extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
245 
246 /*
247  * The implementation must reserve static storage for a
248  * gss_OID_desc object containing the value
249  * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
250  *              "\x01\x02\x01\x03"},
251  * corresponding to an object-identifier value of
252  * {iso(1) member-body(2) United States(840) mit(113554)
253  *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
254  * The constant GSS_C_NT_STRING_UID_NAME should be
255  * initialized to point to that gss_OID_desc.
256  */
257 extern gss_OID GSS_C_NT_STRING_UID_NAME;
258 
259 /*
260  * The implementation must reserve static storage for a
261  * gss_OID_desc object containing the value
262  * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
263  * corresponding to an object-identifier value of
264  * {iso(1) org(3) dod(6) internet(1) security(5)
265  * nametypes(6) gss-host-based-services(2)).  The constant
266  * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
267  * to that gss_OID_desc.  This is a deprecated OID value, and
268  * implementations wishing to support hostbased-service names
269  * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
270  * defined below, to identify such names;
271  * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
272  * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
273  * parameter, but should not be emitted by GSS-API
274  * implementations
275  */
276 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
277 
278 /*
279  * The implementation must reserve static storage for a
280  * gss_OID_desc object containing the value
281  * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
282  *              "\x01\x02\x01\x04"}, corresponding to an
283  * object-identifier value of {iso(1) member-body(2)
284  * Unites States(840) mit(113554) infosys(1) gssapi(2)
285  * generic(1) service_name(4)}.  The constant
286  * GSS_C_NT_HOSTBASED_SERVICE should be initialized
287  * to point to that gss_OID_desc.
288  */
289 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
290 
291 /*
292  * The implementation must reserve static storage for a
293  * gss_OID_desc object containing the value
294  * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
295  * corresponding to an object identifier value of
296  * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
297  * 6(nametypes), 3(gss-anonymous-name)}.  The constant
298  * and GSS_C_NT_ANONYMOUS should be initialized to point
299  * to that gss_OID_desc.
300  */
301 extern gss_OID GSS_C_NT_ANONYMOUS;
302 
303 /*
304  * The implementation must reserve static storage for a
305  * gss_OID_desc object containing the value
306  * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
307  * corresponding to an object-identifier value of
308  * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
309  * 6(nametypes), 4(gss-api-exported-name)}.  The constant
310  * GSS_C_NT_EXPORT_NAME should be initialized to point
311  * to that gss_OID_desc.
312  */
313 extern gss_OID GSS_C_NT_EXPORT_NAME;
314 
315 /*
316  * This if for kerberos5 names.
317  */
318 
319 extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
320 extern gss_OID GSS_KRB5_NT_USER_NAME;
321 extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
322 extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
323 
324 extern gss_OID GSS_KRB5_MECHANISM;
325 
326 /* for compatibility with MIT api */
327 
328 #define gss_mech_krb5 GSS_KRB5_MECHANISM
329 
330 /* Major status codes */
331 
332 #define GSS_S_COMPLETE 0
333 
334 /*
335  * Some "helper" definitions to make the status code macros obvious.
336  */
337 #define GSS_C_CALLING_ERROR_OFFSET 24
338 #define GSS_C_ROUTINE_ERROR_OFFSET 16
339 #define GSS_C_SUPPLEMENTARY_OFFSET 0
340 #define GSS_C_CALLING_ERROR_MASK 0377ul
341 #define GSS_C_ROUTINE_ERROR_MASK 0377ul
342 #define GSS_C_SUPPLEMENTARY_MASK 0177777ul
343 
344 /*
345  * The macros that test status codes for error conditions.
346  * Note that the GSS_ERROR() macro has changed slightly from
347  * the V1 GSSAPI so that it now evaluates its argument
348  * only once.
349  */
350 #define GSS_CALLING_ERROR(x) \
351   (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
352 #define GSS_ROUTINE_ERROR(x) \
353   (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
354 #define GSS_SUPPLEMENTARY_INFO(x) \
355   (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
356 #define GSS_ERROR(x) \
357   (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
358         (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
359 
360 /*
361  * Now the actual status code definitions
362  */
363 
364 /*
365  * Calling errors:
366  */
367 #define GSS_S_CALL_INACCESSIBLE_READ \
368                              (1ul << GSS_C_CALLING_ERROR_OFFSET)
369 #define GSS_S_CALL_INACCESSIBLE_WRITE \
370                              (2ul << GSS_C_CALLING_ERROR_OFFSET)
371 #define GSS_S_CALL_BAD_STRUCTURE \
372                              (3ul << GSS_C_CALLING_ERROR_OFFSET)
373 
374 /*
375  * Routine errors:
376  */
377 #define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
378 #define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
379 #define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
380 
381 #define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
382 #define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
383 #define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
384 #define GSS_S_BAD_MIC GSS_S_BAD_SIG
385 #define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
386 #define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
387 #define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
388 #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
389 #define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
390 #define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
391 #define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
392 #define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
393 #define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
394 #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
395 #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
396 #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
397 
398 /*
399  * Supplementary info bits:
400  */
401 #define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
402 #define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
403 #define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
404 #define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
405 #define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
406 
407 /*
408  * From RFC1964:
409  *
410  * 4.1.1. Non-Kerberos-specific codes
411  */
412 
413 #define GSS_KRB5_S_G_BAD_SERVICE_NAME 1
414            /* "No @ in SERVICE-NAME name string" */
415 #define GSS_KRB5_S_G_BAD_STRING_UID 2
416            /* "STRING-UID-NAME contains nondigits" */
417 #define GSS_KRB5_S_G_NOUSER 3
418            /* "UID does not resolve to username" */
419 #define GSS_KRB5_S_G_VALIDATE_FAILED 4
420            /* "Validation error" */
421 #define GSS_KRB5_S_G_BUFFER_ALLOC 5
422            /* "Couldn't allocate gss_buffer_t data" */
423 #define GSS_KRB5_S_G_BAD_MSG_CTX 6
424            /* "Message context invalid" */
425 #define GSS_KRB5_S_G_WRONG_SIZE 7
426            /* "Buffer is the wrong size" */
427 #define GSS_KRB5_S_G_BAD_USAGE 8
428            /* "Credential usage type is unknown" */
429 #define GSS_KRB5_S_G_UNKNOWN_QOP 9
430            /* "Unknown quality of protection specified" */
431 
432   /*
433    * 4.1.2. Kerberos-specific-codes
434    */
435 
436 #define GSS_KRB5_S_KG_CCACHE_NOMATCH 10
437            /* "Principal in credential cache does not match desired name" */
438 #define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11
439            /* "No principal in keytab matches desired name" */
440 #define GSS_KRB5_S_KG_TGT_MISSING 12
441            /* "Credential cache has no TGT" */
442 #define GSS_KRB5_S_KG_NO_SUBKEY 13
443            /* "Authenticator has no subkey" */
444 #define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14
445            /* "Context is already fully established" */
446 #define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15
447            /* "Unknown signature type in token" */
448 #define GSS_KRB5_S_KG_BAD_LENGTH 16
449            /* "Invalid field length in token" */
450 #define GSS_KRB5_S_KG_CTX_INCOMPLETE 17
451            /* "Attempt to use incomplete security context" */
452 
453 /*
454  * Finally, function prototypes for the GSS-API routines.
455  */
456 
457 OM_uint32 gss_acquire_cred
458            (OM_uint32 * /*minor_status*/,
459             const gss_name_t /*desired_name*/,
460             OM_uint32 /*time_req*/,
461             const gss_OID_set /*desired_mechs*/,
462             gss_cred_usage_t /*cred_usage*/,
463             gss_cred_id_t * /*output_cred_handle*/,
464             gss_OID_set * /*actual_mechs*/,
465             OM_uint32 * /*time_rec*/
466            );
467 
468 OM_uint32 gss_release_cred
469            (OM_uint32 * /*minor_status*/,
470             gss_cred_id_t * /*cred_handle*/
471            );
472 
473 OM_uint32 gss_init_sec_context
474            (OM_uint32 * /*minor_status*/,
475             const gss_cred_id_t /*initiator_cred_handle*/,
476             gss_ctx_id_t * /*context_handle*/,
477             const gss_name_t /*target_name*/,
478             const gss_OID /*mech_type*/,
479             OM_uint32 /*req_flags*/,
480             OM_uint32 /*time_req*/,
481             const gss_channel_bindings_t /*input_chan_bindings*/,
482             const gss_buffer_t /*input_token*/,
483             gss_OID * /*actual_mech_type*/,
484             gss_buffer_t /*output_token*/,
485             OM_uint32 * /*ret_flags*/,
486             OM_uint32 * /*time_rec*/
487            );
488 
489 OM_uint32 gss_accept_sec_context
490            (OM_uint32 * /*minor_status*/,
491             gss_ctx_id_t * /*context_handle*/,
492             const gss_cred_id_t /*acceptor_cred_handle*/,
493             const gss_buffer_t /*input_token_buffer*/,
494             const gss_channel_bindings_t /*input_chan_bindings*/,
495             gss_name_t * /*src_name*/,
496             gss_OID * /*mech_type*/,
497             gss_buffer_t /*output_token*/,
498             OM_uint32 * /*ret_flags*/,
499             OM_uint32 * /*time_rec*/,
500             gss_cred_id_t * /*delegated_cred_handle*/
501            );
502 
503 OM_uint32 gss_process_context_token
504            (OM_uint32 * /*minor_status*/,
505             const gss_ctx_id_t /*context_handle*/,
506             const gss_buffer_t /*token_buffer*/
507            );
508 
509 OM_uint32 gss_delete_sec_context
510            (OM_uint32 * /*minor_status*/,
511             gss_ctx_id_t * /*context_handle*/,
512             gss_buffer_t /*output_token*/
513            );
514 
515 OM_uint32 gss_context_time
516            (OM_uint32 * /*minor_status*/,
517             const gss_ctx_id_t /*context_handle*/,
518             OM_uint32 * /*time_rec*/
519            );
520 
521 OM_uint32 gss_get_mic
522            (OM_uint32 * /*minor_status*/,
523             const gss_ctx_id_t /*context_handle*/,
524             gss_qop_t /*qop_req*/,
525             const gss_buffer_t /*message_buffer*/,
526             gss_buffer_t /*message_token*/
527            );
528 
529 OM_uint32 gss_verify_mic
530            (OM_uint32 * /*minor_status*/,
531             const gss_ctx_id_t /*context_handle*/,
532             const gss_buffer_t /*message_buffer*/,
533             const gss_buffer_t /*token_buffer*/,
534             gss_qop_t * /*qop_state*/
535            );
536 
537 OM_uint32 gss_wrap
538            (OM_uint32 * /*minor_status*/,
539             const gss_ctx_id_t /*context_handle*/,
540             int /*conf_req_flag*/,
541             gss_qop_t /*qop_req*/,
542             const gss_buffer_t /*input_message_buffer*/,
543             int * /*conf_state*/,
544             gss_buffer_t /*output_message_buffer*/
545            );
546 
547 OM_uint32 gss_unwrap
548            (OM_uint32 * /*minor_status*/,
549             const gss_ctx_id_t /*context_handle*/,
550             const gss_buffer_t /*input_message_buffer*/,
551             gss_buffer_t /*output_message_buffer*/,
552             int * /*conf_state*/,
553             gss_qop_t * /*qop_state*/
554            );
555 
556 OM_uint32 gss_display_status
557            (OM_uint32 * /*minor_status*/,
558             OM_uint32 /*status_value*/,
559             int /*status_type*/,
560             const gss_OID /*mech_type*/,
561             OM_uint32 * /*message_context*/,
562             gss_buffer_t /*status_string*/
563            );
564 
565 OM_uint32 gss_indicate_mechs
566            (OM_uint32 * /*minor_status*/,
567             gss_OID_set * /*mech_set*/
568            );
569 
570 OM_uint32 gss_compare_name
571            (OM_uint32 * /*minor_status*/,
572             const gss_name_t /*name1*/,
573             const gss_name_t /*name2*/,
574             int * /*name_equal*/
575            );
576 
577 OM_uint32 gss_display_name
578            (OM_uint32 * /*minor_status*/,
579             const gss_name_t /*input_name*/,
580             gss_buffer_t /*output_name_buffer*/,
581             gss_OID * /*output_name_type*/
582            );
583 
584 OM_uint32 gss_import_name
585            (OM_uint32 * /*minor_status*/,
586             const gss_buffer_t /*input_name_buffer*/,
587             const gss_OID /*input_name_type*/,
588             gss_name_t * /*output_name*/
589            );
590 
591 OM_uint32 gss_export_name
592            (OM_uint32  * /*minor_status*/,
593             const gss_name_t /*input_name*/,
594             gss_buffer_t /*exported_name*/
595            );
596 
597 OM_uint32 gss_release_name
598            (OM_uint32 * /*minor_status*/,
599             gss_name_t * /*input_name*/
600            );
601 
602 OM_uint32 gss_release_buffer
603            (OM_uint32 * /*minor_status*/,
604             gss_buffer_t /*buffer*/
605            );
606 
607 OM_uint32 gss_release_oid_set
608            (OM_uint32 * /*minor_status*/,
609             gss_OID_set * /*set*/
610            );
611 
612 OM_uint32 gss_inquire_cred
613            (OM_uint32 * /*minor_status*/,
614             const gss_cred_id_t /*cred_handle*/,
615             gss_name_t * /*name*/,
616             OM_uint32 * /*lifetime*/,
617             gss_cred_usage_t * /*cred_usage*/,
618             gss_OID_set * /*mechanisms*/
619            );
620 
621 OM_uint32 gss_inquire_context (
622             OM_uint32 * /*minor_status*/,
623             const gss_ctx_id_t /*context_handle*/,
624             gss_name_t * /*src_name*/,
625             gss_name_t * /*targ_name*/,
626             OM_uint32 * /*lifetime_rec*/,
627             gss_OID * /*mech_type*/,
628             OM_uint32 * /*ctx_flags*/,
629             int * /*locally_initiated*/,
630             int * /*open_context*/
631            );
632 
633 OM_uint32 gss_wrap_size_limit (
634             OM_uint32 * /*minor_status*/,
635             const gss_ctx_id_t /*context_handle*/,
636             int /*conf_req_flag*/,
637             gss_qop_t /*qop_req*/,
638             OM_uint32 /*req_output_size*/,
639             OM_uint32 * /*max_input_size*/
640            );
641 
642 OM_uint32 gss_add_cred (
643             OM_uint32 * /*minor_status*/,
644             const gss_cred_id_t /*input_cred_handle*/,
645             const gss_name_t /*desired_name*/,
646             const gss_OID /*desired_mech*/,
647             gss_cred_usage_t /*cred_usage*/,
648             OM_uint32 /*initiator_time_req*/,
649             OM_uint32 /*acceptor_time_req*/,
650             gss_cred_id_t * /*output_cred_handle*/,
651             gss_OID_set * /*actual_mechs*/,
652             OM_uint32 * /*initiator_time_rec*/,
653             OM_uint32 * /*acceptor_time_rec*/
654            );
655 
656 OM_uint32 gss_inquire_cred_by_mech (
657             OM_uint32 * /*minor_status*/,
658             const gss_cred_id_t /*cred_handle*/,
659             const gss_OID /*mech_type*/,
660             gss_name_t * /*name*/,
661             OM_uint32 * /*initiator_lifetime*/,
662             OM_uint32 * /*acceptor_lifetime*/,
663             gss_cred_usage_t * /*cred_usage*/
664            );
665 
666 OM_uint32 gss_export_sec_context (
667             OM_uint32 * /*minor_status*/,
668             gss_ctx_id_t * /*context_handle*/,
669             gss_buffer_t /*interprocess_token*/
670            );
671 
672 OM_uint32 gss_import_sec_context (
673             OM_uint32 * /*minor_status*/,
674             const gss_buffer_t /*interprocess_token*/,
675             gss_ctx_id_t * /*context_handle*/
676            );
677 
678 OM_uint32 gss_create_empty_oid_set (
679             OM_uint32 * /*minor_status*/,
680             gss_OID_set * /*oid_set*/
681            );
682 
683 OM_uint32 gss_add_oid_set_member (
684             OM_uint32 * /*minor_status*/,
685             const gss_OID /*member_oid*/,
686             gss_OID_set * /*oid_set*/
687            );
688 
689 OM_uint32 gss_test_oid_set_member (
690             OM_uint32 * /*minor_status*/,
691             const gss_OID /*member*/,
692             const gss_OID_set /*set*/,
693             int * /*present*/
694            );
695 
696 OM_uint32 gss_inquire_names_for_mech (
697             OM_uint32 * /*minor_status*/,
698             const gss_OID /*mechanism*/,
699             gss_OID_set * /*name_types*/
700            );
701 
702 OM_uint32 gss_inquire_mechs_for_name (
703             OM_uint32 * /*minor_status*/,
704             const gss_name_t /*input_name*/,
705             gss_OID_set * /*mech_types*/
706            );
707 
708 OM_uint32 gss_canonicalize_name (
709             OM_uint32 * /*minor_status*/,
710             const gss_name_t /*input_name*/,
711             const gss_OID /*mech_type*/,
712             gss_name_t * /*output_name*/
713            );
714 
715 OM_uint32 gss_duplicate_name (
716             OM_uint32 * /*minor_status*/,
717             const gss_name_t /*src_name*/,
718             gss_name_t * /*dest_name*/
719            );
720 
721 /*
722  * The following routines are obsolete variants of gss_get_mic,
723  * gss_verify_mic, gss_wrap and gss_unwrap.  They should be
724  * provided by GSSAPI V2 implementations for backwards
725  * compatibility with V1 applications.  Distinct entrypoints
726  * (as opposed to #defines) should be provided, both to allow
727  * GSSAPI V1 applications to link against GSSAPI V2 implementations,
728  * and to retain the slight parameter type differences between the
729  * obsolete versions of these routines and their current forms.
730  */
731 
732 OM_uint32 gss_sign
733            (OM_uint32 * /*minor_status*/,
734             gss_ctx_id_t /*context_handle*/,
735             int /*qop_req*/,
736             gss_buffer_t /*message_buffer*/,
737             gss_buffer_t /*message_token*/
738            );
739 
740 OM_uint32 gss_verify
741            (OM_uint32 * /*minor_status*/,
742             gss_ctx_id_t /*context_handle*/,
743             gss_buffer_t /*message_buffer*/,
744             gss_buffer_t /*token_buffer*/,
745             int * /*qop_state*/
746            );
747 
748 OM_uint32 gss_seal
749            (OM_uint32 * /*minor_status*/,
750             gss_ctx_id_t /*context_handle*/,
751             int /*conf_req_flag*/,
752             int /*qop_req*/,
753             gss_buffer_t /*input_message_buffer*/,
754             int * /*conf_state*/,
755             gss_buffer_t /*output_message_buffer*/
756            );
757 
758 OM_uint32 gss_unseal
759            (OM_uint32 * /*minor_status*/,
760             gss_ctx_id_t /*context_handle*/,
761             gss_buffer_t /*input_message_buffer*/,
762             gss_buffer_t /*output_message_buffer*/,
763             int * /*conf_state*/,
764             int * /*qop_state*/
765            );
766 
767 /*
768  * kerberos mechanism specific functions
769  */
770 
771 OM_uint32 gsskrb5_register_acceptor_identity
772         (const char */*identity*/);
773 
774 OM_uint32 gss_krb5_copy_ccache
775 	(OM_uint32 */*minor*/,
776 	 gss_cred_id_t /*cred*/,
777 	 struct krb5_ccache_data */*out*/);
778 
779 #define GSS_C_KRB5_COMPAT_DES3_MIC 1
780 
781 OM_uint32
782 gss_krb5_compat_des3_mic(OM_uint32 *, gss_ctx_id_t, int);
783 
784 #ifdef __cplusplus
785 }
786 #endif
787 
788 #endif /* GSSAPI_H_ */
789