1 /* 2 * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* $Id: gssapi.h,v 1.20 2001/01/30 00:35:48 assar Exp $ */ 35 36 #ifndef GSSAPI_H_ 37 #define GSSAPI_H_ 38 39 /* 40 * First, include stddef.h to get size_t defined. 41 */ 42 #include <stddef.h> 43 44 #ifdef HAVE_CONFIG_H 45 #include <config.h> 46 #endif 47 48 #include <sys/types.h> 49 50 #include <krb5-types.h> 51 52 /* 53 * Now define the three implementation-dependent types. 54 */ 55 56 typedef u_int32_t OM_uint32; 57 58 typedef u_int32_t gss_uint32; 59 60 /* 61 * This is to avoid having to include <krb5.h> 62 */ 63 64 struct krb5_auth_context_data; 65 66 struct Principal; 67 68 /* typedef void *gss_name_t; */ 69 70 typedef struct Principal *gss_name_t; 71 72 typedef struct gss_ctx_id_t_desc_struct { 73 struct krb5_auth_context_data *auth_context; 74 gss_name_t source, target; 75 OM_uint32 flags; 76 enum { LOCAL = 1, OPEN = 2} more_flags; 77 struct krb5_ticket *ticket; 78 } gss_ctx_id_t_desc; 79 80 typedef gss_ctx_id_t_desc *gss_ctx_id_t; 81 82 typedef struct gss_OID_desc_struct { 83 OM_uint32 length; 84 void *elements; 85 } gss_OID_desc, *gss_OID; 86 87 typedef struct gss_OID_set_desc_struct { 88 size_t count; 89 gss_OID elements; 90 } gss_OID_set_desc, *gss_OID_set; 91 92 struct krb5_keytab_data; 93 94 struct krb5_ccache_data; 95 96 typedef int gss_cred_usage_t; 97 98 typedef struct gss_cred_id_t_desc_struct { 99 gss_name_t principal; 100 struct krb5_keytab_data *keytab; 101 OM_uint32 lifetime; 102 gss_cred_usage_t usage; 103 gss_OID_set mechanisms; 104 struct krb5_ccache_data *ccache; 105 } gss_cred_id_t_desc; 106 107 typedef gss_cred_id_t_desc *gss_cred_id_t; 108 109 typedef struct gss_buffer_desc_struct { 110 size_t length; 111 void *value; 112 } gss_buffer_desc, *gss_buffer_t; 113 114 typedef struct gss_channel_bindings_struct { 115 OM_uint32 initiator_addrtype; 116 gss_buffer_desc initiator_address; 117 OM_uint32 acceptor_addrtype; 118 gss_buffer_desc acceptor_address; 119 gss_buffer_desc application_data; 120 } *gss_channel_bindings_t; 121 122 /* 123 * For now, define a QOP-type as an OM_uint32 124 */ 125 typedef OM_uint32 gss_qop_t; 126 127 /* 128 * Flag bits for context-level services. 129 */ 130 #define GSS_C_DELEG_FLAG 1 131 #define GSS_C_MUTUAL_FLAG 2 132 #define GSS_C_REPLAY_FLAG 4 133 #define GSS_C_SEQUENCE_FLAG 8 134 #define GSS_C_CONF_FLAG 16 135 #define GSS_C_INTEG_FLAG 32 136 #define GSS_C_ANON_FLAG 64 137 #define GSS_C_PROT_READY_FLAG 128 138 #define GSS_C_TRANS_FLAG 256 139 140 /* 141 * Credential usage options 142 */ 143 #define GSS_C_BOTH 0 144 #define GSS_C_INITIATE 1 145 #define GSS_C_ACCEPT 2 146 147 /* 148 * Status code types for gss_display_status 149 */ 150 #define GSS_C_GSS_CODE 1 151 #define GSS_C_MECH_CODE 2 152 153 /* 154 * The constant definitions for channel-bindings address families 155 */ 156 #define GSS_C_AF_UNSPEC 0 157 #define GSS_C_AF_LOCAL 1 158 #define GSS_C_AF_INET 2 159 #define GSS_C_AF_IMPLINK 3 160 #define GSS_C_AF_PUP 4 161 #define GSS_C_AF_CHAOS 5 162 #define GSS_C_AF_NS 6 163 #define GSS_C_AF_NBS 7 164 #define GSS_C_AF_ECMA 8 165 #define GSS_C_AF_DATAKIT 9 166 #define GSS_C_AF_CCITT 10 167 #define GSS_C_AF_SNA 11 168 #define GSS_C_AF_DECnet 12 169 #define GSS_C_AF_DLI 13 170 #define GSS_C_AF_LAT 14 171 #define GSS_C_AF_HYLINK 15 172 #define GSS_C_AF_APPLETALK 16 173 #define GSS_C_AF_BSC 17 174 #define GSS_C_AF_DSS 18 175 #define GSS_C_AF_OSI 19 176 #define GSS_C_AF_X25 21 177 #define GSS_C_AF_INET6 24 178 179 #define GSS_C_AF_NULLADDR 255 180 181 /* 182 * Various Null values 183 */ 184 #define GSS_C_NO_NAME ((gss_name_t) 0) 185 #define GSS_C_NO_BUFFER ((gss_buffer_t) 0) 186 #define GSS_C_NO_OID ((gss_OID) 0) 187 #define GSS_C_NO_OID_SET ((gss_OID_set) 0) 188 #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) 189 #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) 190 #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) 191 #define GSS_C_EMPTY_BUFFER {0, NULL} 192 193 /* 194 * Some alternate names for a couple of the above 195 * values. These are defined for V1 compatibility. 196 */ 197 #define GSS_C_NULL_OID GSS_C_NO_OID 198 #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET 199 200 /* 201 * Define the default Quality of Protection for per-message 202 * services. Note that an implementation that offers multiple 203 * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero 204 * (as done here) to mean "default protection", or to a specific 205 * explicit QOP value. However, a value of 0 should always be 206 * interpreted by a GSSAPI implementation as a request for the 207 * default protection level. 208 */ 209 #define GSS_C_QOP_DEFAULT 0 210 211 #define GSS_KRB5_CONF_C_QOP_DES 0x0100 212 #define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 213 214 /* 215 * Expiration time of 2^32-1 seconds means infinite lifetime for a 216 * credential or security context 217 */ 218 #define GSS_C_INDEFINITE 0xfffffffful 219 220 /* 221 * The implementation must reserve static storage for a 222 * gss_OID_desc object containing the value 223 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 224 * "\x01\x02\x01\x01"}, 225 * corresponding to an object-identifier value of 226 * {iso(1) member-body(2) United States(840) mit(113554) 227 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant 228 * GSS_C_NT_USER_NAME should be initialized to point 229 * to that gss_OID_desc. 230 */ 231 extern gss_OID GSS_C_NT_USER_NAME; 232 233 /* 234 * The implementation must reserve static storage for a 235 * gss_OID_desc object containing the value 236 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 237 * "\x01\x02\x01\x02"}, 238 * corresponding to an object-identifier value of 239 * {iso(1) member-body(2) United States(840) mit(113554) 240 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. 241 * The constant GSS_C_NT_MACHINE_UID_NAME should be 242 * initialized to point to that gss_OID_desc. 243 */ 244 extern gss_OID GSS_C_NT_MACHINE_UID_NAME; 245 246 /* 247 * The implementation must reserve static storage for a 248 * gss_OID_desc object containing the value 249 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 250 * "\x01\x02\x01\x03"}, 251 * corresponding to an object-identifier value of 252 * {iso(1) member-body(2) United States(840) mit(113554) 253 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. 254 * The constant GSS_C_NT_STRING_UID_NAME should be 255 * initialized to point to that gss_OID_desc. 256 */ 257 extern gss_OID GSS_C_NT_STRING_UID_NAME; 258 259 /* 260 * The implementation must reserve static storage for a 261 * gss_OID_desc object containing the value 262 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, 263 * corresponding to an object-identifier value of 264 * {iso(1) org(3) dod(6) internet(1) security(5) 265 * nametypes(6) gss-host-based-services(2)). The constant 266 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point 267 * to that gss_OID_desc. This is a deprecated OID value, and 268 * implementations wishing to support hostbased-service names 269 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, 270 * defined below, to identify such names; 271 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym 272 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input 273 * parameter, but should not be emitted by GSS-API 274 * implementations 275 */ 276 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; 277 278 /* 279 * The implementation must reserve static storage for a 280 * gss_OID_desc object containing the value 281 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 282 * "\x01\x02\x01\x04"}, corresponding to an 283 * object-identifier value of {iso(1) member-body(2) 284 * Unites States(840) mit(113554) infosys(1) gssapi(2) 285 * generic(1) service_name(4)}. The constant 286 * GSS_C_NT_HOSTBASED_SERVICE should be initialized 287 * to point to that gss_OID_desc. 288 */ 289 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; 290 291 /* 292 * The implementation must reserve static storage for a 293 * gss_OID_desc object containing the value 294 * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, 295 * corresponding to an object identifier value of 296 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 297 * 6(nametypes), 3(gss-anonymous-name)}. The constant 298 * and GSS_C_NT_ANONYMOUS should be initialized to point 299 * to that gss_OID_desc. 300 */ 301 extern gss_OID GSS_C_NT_ANONYMOUS; 302 303 /* 304 * The implementation must reserve static storage for a 305 * gss_OID_desc object containing the value 306 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, 307 * corresponding to an object-identifier value of 308 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 309 * 6(nametypes), 4(gss-api-exported-name)}. The constant 310 * GSS_C_NT_EXPORT_NAME should be initialized to point 311 * to that gss_OID_desc. 312 */ 313 extern gss_OID GSS_C_NT_EXPORT_NAME; 314 315 /* 316 * This if for kerberos5 names. 317 */ 318 319 extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; 320 extern gss_OID GSS_KRB5_NT_USER_NAME; 321 extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; 322 extern gss_OID GSS_KRB5_NT_STRING_UID_NAME; 323 324 extern gss_OID GSS_KRB5_MECHANISM; 325 326 /* for compatibility with MIT api */ 327 328 #define gss_mech_krb5 GSS_KRB5_MECHANISM 329 330 /* Major status codes */ 331 332 #define GSS_S_COMPLETE 0 333 334 /* 335 * Some "helper" definitions to make the status code macros obvious. 336 */ 337 #define GSS_C_CALLING_ERROR_OFFSET 24 338 #define GSS_C_ROUTINE_ERROR_OFFSET 16 339 #define GSS_C_SUPPLEMENTARY_OFFSET 0 340 #define GSS_C_CALLING_ERROR_MASK 0377ul 341 #define GSS_C_ROUTINE_ERROR_MASK 0377ul 342 #define GSS_C_SUPPLEMENTARY_MASK 0177777ul 343 344 /* 345 * The macros that test status codes for error conditions. 346 * Note that the GSS_ERROR() macro has changed slightly from 347 * the V1 GSSAPI so that it now evaluates its argument 348 * only once. 349 */ 350 #define GSS_CALLING_ERROR(x) \ 351 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) 352 #define GSS_ROUTINE_ERROR(x) \ 353 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) 354 #define GSS_SUPPLEMENTARY_INFO(x) \ 355 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) 356 #define GSS_ERROR(x) \ 357 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ 358 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) 359 360 /* 361 * Now the actual status code definitions 362 */ 363 364 /* 365 * Calling errors: 366 */ 367 #define GSS_S_CALL_INACCESSIBLE_READ \ 368 (1ul << GSS_C_CALLING_ERROR_OFFSET) 369 #define GSS_S_CALL_INACCESSIBLE_WRITE \ 370 (2ul << GSS_C_CALLING_ERROR_OFFSET) 371 #define GSS_S_CALL_BAD_STRUCTURE \ 372 (3ul << GSS_C_CALLING_ERROR_OFFSET) 373 374 /* 375 * Routine errors: 376 */ 377 #define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET) 378 #define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET) 379 #define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET) 380 381 #define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET) 382 #define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET) 383 #define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET) 384 #define GSS_S_BAD_MIC GSS_S_BAD_SIG 385 #define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET) 386 #define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET) 387 #define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET) 388 #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) 389 #define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) 390 #define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) 391 #define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) 392 #define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) 393 #define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) 394 #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) 395 #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) 396 #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) 397 398 /* 399 * Supplementary info bits: 400 */ 401 #define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) 402 #define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) 403 #define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) 404 #define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) 405 #define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) 406 407 /* 408 * From RFC1964: 409 * 410 * 4.1.1. Non-Kerberos-specific codes 411 */ 412 413 #define GSS_KRB5_S_G_BAD_SERVICE_NAME 1 414 /* "No @ in SERVICE-NAME name string" */ 415 #define GSS_KRB5_S_G_BAD_STRING_UID 2 416 /* "STRING-UID-NAME contains nondigits" */ 417 #define GSS_KRB5_S_G_NOUSER 3 418 /* "UID does not resolve to username" */ 419 #define GSS_KRB5_S_G_VALIDATE_FAILED 4 420 /* "Validation error" */ 421 #define GSS_KRB5_S_G_BUFFER_ALLOC 5 422 /* "Couldn't allocate gss_buffer_t data" */ 423 #define GSS_KRB5_S_G_BAD_MSG_CTX 6 424 /* "Message context invalid" */ 425 #define GSS_KRB5_S_G_WRONG_SIZE 7 426 /* "Buffer is the wrong size" */ 427 #define GSS_KRB5_S_G_BAD_USAGE 8 428 /* "Credential usage type is unknown" */ 429 #define GSS_KRB5_S_G_UNKNOWN_QOP 9 430 /* "Unknown quality of protection specified" */ 431 432 /* 433 * 4.1.2. Kerberos-specific-codes 434 */ 435 436 #define GSS_KRB5_S_KG_CCACHE_NOMATCH 10 437 /* "Principal in credential cache does not match desired name" */ 438 #define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11 439 /* "No principal in keytab matches desired name" */ 440 #define GSS_KRB5_S_KG_TGT_MISSING 12 441 /* "Credential cache has no TGT" */ 442 #define GSS_KRB5_S_KG_NO_SUBKEY 13 443 /* "Authenticator has no subkey" */ 444 #define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14 445 /* "Context is already fully established" */ 446 #define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15 447 /* "Unknown signature type in token" */ 448 #define GSS_KRB5_S_KG_BAD_LENGTH 16 449 /* "Invalid field length in token" */ 450 #define GSS_KRB5_S_KG_CTX_INCOMPLETE 17 451 /* "Attempt to use incomplete security context" */ 452 453 /* 454 * Finally, function prototypes for the GSS-API routines. 455 */ 456 457 OM_uint32 gss_acquire_cred 458 (OM_uint32 * minor_status, 459 const gss_name_t desired_name, 460 OM_uint32 time_req, 461 const gss_OID_set desired_mechs, 462 gss_cred_usage_t cred_usage, 463 gss_cred_id_t * output_cred_handle, 464 gss_OID_set * actual_mechs, 465 OM_uint32 * time_rec 466 ); 467 468 OM_uint32 gss_release_cred 469 (OM_uint32 * minor_status, 470 gss_cred_id_t * cred_handle 471 ); 472 473 OM_uint32 gss_init_sec_context 474 (OM_uint32 * minor_status, 475 const gss_cred_id_t initiator_cred_handle, 476 gss_ctx_id_t * context_handle, 477 const gss_name_t target_name, 478 const gss_OID mech_type, 479 OM_uint32 req_flags, 480 OM_uint32 time_req, 481 const gss_channel_bindings_t input_chan_bindings, 482 const gss_buffer_t input_token, 483 gss_OID * actual_mech_type, 484 gss_buffer_t output_token, 485 OM_uint32 * ret_flags, 486 OM_uint32 * time_rec 487 ); 488 489 OM_uint32 gss_accept_sec_context 490 (OM_uint32 * minor_status, 491 gss_ctx_id_t * context_handle, 492 const gss_cred_id_t acceptor_cred_handle, 493 const gss_buffer_t input_token_buffer, 494 const gss_channel_bindings_t input_chan_bindings, 495 gss_name_t * src_name, 496 gss_OID * mech_type, 497 gss_buffer_t output_token, 498 OM_uint32 * ret_flags, 499 OM_uint32 * time_rec, 500 gss_cred_id_t * delegated_cred_handle 501 ); 502 503 OM_uint32 gss_process_context_token 504 (OM_uint32 * minor_status, 505 const gss_ctx_id_t context_handle, 506 const gss_buffer_t token_buffer 507 ); 508 509 OM_uint32 gss_delete_sec_context 510 (OM_uint32 * minor_status, 511 gss_ctx_id_t * context_handle, 512 gss_buffer_t output_token 513 ); 514 515 OM_uint32 gss_context_time 516 (OM_uint32 * minor_status, 517 const gss_ctx_id_t context_handle, 518 OM_uint32 * time_rec 519 ); 520 521 OM_uint32 gss_get_mic 522 (OM_uint32 * minor_status, 523 const gss_ctx_id_t context_handle, 524 gss_qop_t qop_req, 525 const gss_buffer_t message_buffer, 526 gss_buffer_t message_token 527 ); 528 529 OM_uint32 gss_verify_mic 530 (OM_uint32 * minor_status, 531 const gss_ctx_id_t context_handle, 532 const gss_buffer_t message_buffer, 533 const gss_buffer_t token_buffer, 534 gss_qop_t * qop_state 535 ); 536 537 OM_uint32 gss_wrap 538 (OM_uint32 * minor_status, 539 const gss_ctx_id_t context_handle, 540 int conf_req_flag, 541 gss_qop_t qop_req, 542 const gss_buffer_t input_message_buffer, 543 int * conf_state, 544 gss_buffer_t output_message_buffer 545 ); 546 547 OM_uint32 gss_unwrap 548 (OM_uint32 * minor_status, 549 const gss_ctx_id_t context_handle, 550 const gss_buffer_t input_message_buffer, 551 gss_buffer_t output_message_buffer, 552 int * conf_state, 553 gss_qop_t * qop_state 554 ); 555 556 OM_uint32 gss_display_status 557 (OM_uint32 * minor_status, 558 OM_uint32 status_value, 559 int status_type, 560 const gss_OID mech_type, 561 OM_uint32 * message_context, 562 gss_buffer_t status_string 563 ); 564 565 OM_uint32 gss_indicate_mechs 566 (OM_uint32 * minor_status, 567 gss_OID_set * mech_set 568 ); 569 570 OM_uint32 gss_compare_name 571 (OM_uint32 * minor_status, 572 const gss_name_t name1, 573 const gss_name_t name2, 574 int * name_equal 575 ); 576 577 OM_uint32 gss_display_name 578 (OM_uint32 * minor_status, 579 const gss_name_t input_name, 580 gss_buffer_t output_name_buffer, 581 gss_OID * output_name_type 582 ); 583 584 OM_uint32 gss_import_name 585 (OM_uint32 * minor_status, 586 const gss_buffer_t input_name_buffer, 587 const gss_OID input_name_type, 588 gss_name_t * output_name 589 ); 590 591 OM_uint32 gss_export_name 592 (OM_uint32 * minor_status, 593 const gss_name_t input_name, 594 gss_buffer_t exported_name 595 ); 596 597 OM_uint32 gss_release_name 598 (OM_uint32 * minor_status, 599 gss_name_t * input_name 600 ); 601 602 OM_uint32 gss_release_buffer 603 (OM_uint32 * minor_status, 604 gss_buffer_t buffer 605 ); 606 607 OM_uint32 gss_release_oid_set 608 (OM_uint32 * minor_status, 609 gss_OID_set * set 610 ); 611 612 OM_uint32 gss_inquire_cred 613 (OM_uint32 * minor_status, 614 const gss_cred_id_t cred_handle, 615 gss_name_t * name, 616 OM_uint32 * lifetime, 617 gss_cred_usage_t * cred_usage, 618 gss_OID_set * mechanisms 619 ); 620 621 OM_uint32 gss_inquire_context ( 622 OM_uint32 * minor_status, 623 const gss_ctx_id_t context_handle, 624 gss_name_t * src_name, 625 gss_name_t * targ_name, 626 OM_uint32 * lifetime_rec, 627 gss_OID * mech_type, 628 OM_uint32 * ctx_flags, 629 int * locally_initiated, 630 int * open 631 ); 632 633 OM_uint32 gss_wrap_size_limit ( 634 OM_uint32 * minor_status, 635 const gss_ctx_id_t context_handle, 636 int conf_req_flag, 637 gss_qop_t qop_req, 638 OM_uint32 req_output_size, 639 OM_uint32 * max_input_size 640 ); 641 642 OM_uint32 gss_add_cred ( 643 OM_uint32 * minor_status, 644 const gss_cred_id_t input_cred_handle, 645 const gss_name_t desired_name, 646 const gss_OID desired_mech, 647 gss_cred_usage_t cred_usage, 648 OM_uint32 initiator_time_req, 649 OM_uint32 acceptor_time_req, 650 gss_cred_id_t * output_cred_handle, 651 gss_OID_set * actual_mechs, 652 OM_uint32 * initiator_time_rec, 653 OM_uint32 * acceptor_time_rec 654 ); 655 656 OM_uint32 gss_inquire_cred_by_mech ( 657 OM_uint32 * minor_status, 658 const gss_cred_id_t cred_handle, 659 const gss_OID mech_type, 660 gss_name_t * name, 661 OM_uint32 * initiator_lifetime, 662 OM_uint32 * acceptor_lifetime, 663 gss_cred_usage_t * cred_usage 664 ); 665 666 OM_uint32 gss_export_sec_context ( 667 OM_uint32 * minor_status, 668 gss_ctx_id_t * context_handle, 669 gss_buffer_t interprocess_token 670 ); 671 672 OM_uint32 gss_import_sec_context ( 673 OM_uint32 * minor_status, 674 const gss_buffer_t interprocess_token, 675 gss_ctx_id_t * context_handle 676 ); 677 678 OM_uint32 gss_create_empty_oid_set ( 679 OM_uint32 * minor_status, 680 gss_OID_set * oid_set 681 ); 682 683 OM_uint32 gss_add_oid_set_member ( 684 OM_uint32 * minor_status, 685 const gss_OID member_oid, 686 gss_OID_set * oid_set 687 ); 688 689 OM_uint32 gss_test_oid_set_member ( 690 OM_uint32 * minor_status, 691 const gss_OID member, 692 const gss_OID_set set, 693 int * present 694 ); 695 696 OM_uint32 gss_inquire_names_for_mech ( 697 OM_uint32 * minor_status, 698 const gss_OID mechanism, 699 gss_OID_set * name_types 700 ); 701 702 OM_uint32 gss_inquire_mechs_for_name ( 703 OM_uint32 * minor_status, 704 const gss_name_t input_name, 705 gss_OID_set * mech_types 706 ); 707 708 OM_uint32 gss_canonicalize_name ( 709 OM_uint32 * minor_status, 710 const gss_name_t input_name, 711 const gss_OID mech_type, 712 gss_name_t * output_name 713 ); 714 715 OM_uint32 gss_duplicate_name ( 716 OM_uint32 * minor_status, 717 const gss_name_t src_name, 718 gss_name_t * dest_name 719 ); 720 721 /* 722 * The following routines are obsolete variants of gss_get_mic, 723 * gss_verify_mic, gss_wrap and gss_unwrap. They should be 724 * provided by GSSAPI V2 implementations for backwards 725 * compatibility with V1 applications. Distinct entrypoints 726 * (as opposed to #defines) should be provided, both to allow 727 * GSSAPI V1 applications to link against GSSAPI V2 implementations, 728 * and to retain the slight parameter type differences between the 729 * obsolete versions of these routines and their current forms. 730 */ 731 732 OM_uint32 gss_sign 733 (OM_uint32 * minor_status, 734 gss_ctx_id_t context_handle, 735 int qop_req, 736 gss_buffer_t message_buffer, 737 gss_buffer_t message_token 738 ); 739 740 OM_uint32 gss_verify 741 (OM_uint32 * minor_status, 742 gss_ctx_id_t context_handle, 743 gss_buffer_t message_buffer, 744 gss_buffer_t token_buffer, 745 int * qop_state 746 ); 747 748 OM_uint32 gss_seal 749 (OM_uint32 * minor_status, 750 gss_ctx_id_t context_handle, 751 int conf_req_flag, 752 int qop_req, 753 gss_buffer_t input_message_buffer, 754 int * conf_state, 755 gss_buffer_t output_message_buffer 756 ); 757 758 OM_uint32 gss_unseal 759 (OM_uint32 * minor_status, 760 gss_ctx_id_t context_handle, 761 gss_buffer_t input_message_buffer, 762 gss_buffer_t output_message_buffer, 763 int * conf_state, 764 int * qop_state 765 ); 766 767 /* 768 * kerberos mechanism specific functions 769 */ 770 771 OM_uint32 gsskrb5_register_acceptor_identity 772 (char *identity); 773 774 OM_uint32 gss_krb5_copy_ccache 775 (OM_uint32 *minor, 776 gss_cred_id_t cred, 777 struct krb5_ccache_data *out); 778 779 #endif /* GSSAPI_H_ */ 780