1*ae771770SStanislav Sedov /* 2*ae771770SStanislav Sedov * Copyright (c) 2009 Kungliga Tekniska Högskolan 3*ae771770SStanislav Sedov * (Royal Institute of Technology, Stockholm, Sweden). 4*ae771770SStanislav Sedov * All rights reserved. 5*ae771770SStanislav Sedov * 6*ae771770SStanislav Sedov * Redistribution and use in source and binary forms, with or without 7*ae771770SStanislav Sedov * modification, are permitted provided that the following conditions 8*ae771770SStanislav Sedov * are met: 9*ae771770SStanislav Sedov * 10*ae771770SStanislav Sedov * 1. Redistributions of source code must retain the above copyright 11*ae771770SStanislav Sedov * notice, this list of conditions and the following disclaimer. 12*ae771770SStanislav Sedov * 13*ae771770SStanislav Sedov * 2. Redistributions in binary form must reproduce the above copyright 14*ae771770SStanislav Sedov * notice, this list of conditions and the following disclaimer in the 15*ae771770SStanislav Sedov * documentation and/or other materials provided with the distribution. 16*ae771770SStanislav Sedov * 17*ae771770SStanislav Sedov * 3. Neither the name of the Institute nor the names of its contributors 18*ae771770SStanislav Sedov * may be used to endorse or promote products derived from this software 19*ae771770SStanislav Sedov * without specific prior written permission. 20*ae771770SStanislav Sedov * 21*ae771770SStanislav Sedov * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22*ae771770SStanislav Sedov * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23*ae771770SStanislav Sedov * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24*ae771770SStanislav Sedov * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25*ae771770SStanislav Sedov * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26*ae771770SStanislav Sedov * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27*ae771770SStanislav Sedov * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28*ae771770SStanislav Sedov * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29*ae771770SStanislav Sedov * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30*ae771770SStanislav Sedov * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31*ae771770SStanislav Sedov * SUCH DAMAGE. 32*ae771770SStanislav Sedov */ 33*ae771770SStanislav Sedov 34*ae771770SStanislav Sedov /*! @mainpage Heimdal GSS-API Library 35*ae771770SStanislav Sedov * 36*ae771770SStanislav Sedov * Heimdal implements the following mechanisms: 37*ae771770SStanislav Sedov * 38*ae771770SStanislav Sedov * - Kerberos 5 39*ae771770SStanislav Sedov * - SPNEGO 40*ae771770SStanislav Sedov * - NTLM 41*ae771770SStanislav Sedov * 42*ae771770SStanislav Sedov * See @ref gssapi_mechs for more describtion about these mechanisms. 43*ae771770SStanislav Sedov * 44*ae771770SStanislav Sedov * The project web page: http://www.h5l.org/ 45*ae771770SStanislav Sedov * 46*ae771770SStanislav Sedov * - @ref gssapi_services_intro 47*ae771770SStanislav Sedov * - @ref gssapi_mechs 48*ae771770SStanislav Sedov * - @ref gssapi_api_INvsMN 49*ae771770SStanislav Sedov */ 50*ae771770SStanislav Sedov 51*ae771770SStanislav Sedov /** 52*ae771770SStanislav Sedov * @page gssapi_services_intro Introduction to GSS-API services 53*ae771770SStanislav Sedov * @section gssapi_services GSS-API services 54*ae771770SStanislav Sedov * 55*ae771770SStanislav Sedov * @subsection gssapi_services_context Context creation 56*ae771770SStanislav Sedov * 57*ae771770SStanislav Sedov * - delegation 58*ae771770SStanislav Sedov * - mutual authentication 59*ae771770SStanislav Sedov * - anonymous 60*ae771770SStanislav Sedov * - use per message before context creation has completed 61*ae771770SStanislav Sedov * 62*ae771770SStanislav Sedov * return status: 63*ae771770SStanislav Sedov * - support conf 64*ae771770SStanislav Sedov * - support int 65*ae771770SStanislav Sedov * 66*ae771770SStanislav Sedov * @subsection gssapi_context_flags Context creation flags 67*ae771770SStanislav Sedov * 68*ae771770SStanislav Sedov * - GSS_C_DELEG_FLAG 69*ae771770SStanislav Sedov * - GSS_C_MUTUAL_FLAG 70*ae771770SStanislav Sedov * - GSS_C_REPLAY_FLAG 71*ae771770SStanislav Sedov * - GSS_C_SEQUENCE_FLAG 72*ae771770SStanislav Sedov * - GSS_C_CONF_FLAG 73*ae771770SStanislav Sedov * - GSS_C_INTEG_FLAG 74*ae771770SStanislav Sedov * - GSS_C_ANON_FLAG 75*ae771770SStanislav Sedov * - GSS_C_PROT_READY_FLAG 76*ae771770SStanislav Sedov * - GSS_C_TRANS_FLAG 77*ae771770SStanislav Sedov * - GSS_C_DCE_STYLE 78*ae771770SStanislav Sedov * - GSS_C_IDENTIFY_FLAG 79*ae771770SStanislav Sedov * - GSS_C_EXTENDED_ERROR_FLAG 80*ae771770SStanislav Sedov * - GSS_C_DELEG_POLICY_FLAG 81*ae771770SStanislav Sedov * 82*ae771770SStanislav Sedov * 83*ae771770SStanislav Sedov * @subsection gssapi_services_permessage Per-message services 84*ae771770SStanislav Sedov * 85*ae771770SStanislav Sedov * - conf 86*ae771770SStanislav Sedov * - int 87*ae771770SStanislav Sedov * - message integrity 88*ae771770SStanislav Sedov * - replay detection 89*ae771770SStanislav Sedov * - out of sequence 90*ae771770SStanislav Sedov * 91*ae771770SStanislav Sedov */ 92*ae771770SStanislav Sedov 93*ae771770SStanislav Sedov /** 94*ae771770SStanislav Sedov * @page gssapi_mechs_intro GSS-API mechanisms 95*ae771770SStanislav Sedov * @section gssapi_mechs GSS-API mechanisms 96*ae771770SStanislav Sedov * 97*ae771770SStanislav Sedov * - Kerberos 5 - GSS_KRB5_MECHANISM 98*ae771770SStanislav Sedov * - SPNEGO - GSS_SPNEGO_MECHANISM 99*ae771770SStanislav Sedov * - NTLM - GSS_NTLM_MECHANISM 100*ae771770SStanislav Sedov 101*ae771770SStanislav Sedov */ 102*ae771770SStanislav Sedov 103*ae771770SStanislav Sedov 104*ae771770SStanislav Sedov /** 105*ae771770SStanislav Sedov * @page internalVSmechname Internal names and mechanism names 106*ae771770SStanislav Sedov * @section gssapi_api_INvsMN Name forms 107*ae771770SStanislav Sedov * 108*ae771770SStanislav Sedov * There are two forms of name in GSS-API, Internal form and 109*ae771770SStanislav Sedov * Contiguous string ("flat") form. gss_export_name() and 110*ae771770SStanislav Sedov * gss_import_name() can be used to convert between the two forms. 111*ae771770SStanislav Sedov * 112*ae771770SStanislav Sedov * - The contiguous string form is described by an oid specificing the 113*ae771770SStanislav Sedov * type and an octet string. A special form of the contiguous 114*ae771770SStanislav Sedov * string form is the exported name object. The exported name 115*ae771770SStanislav Sedov * defined for each mechanism, is something that can be stored and 116*ae771770SStanislav Sedov * complared later. The exported name is what should be used for 117*ae771770SStanislav Sedov * ACLs comparisons. 118*ae771770SStanislav Sedov * 119*ae771770SStanislav Sedov * - The Internal form 120*ae771770SStanislav Sedov * 121*ae771770SStanislav Sedov * There is also special form of the Internal Name (IN), and that is 122*ae771770SStanislav Sedov * the Mechanism Name (MN). In the mechanism name all the generic 123*ae771770SStanislav Sedov * information is stripped of and only contain the information for 124*ae771770SStanislav Sedov * one mechanism. In GSS-API some function return MN and some 125*ae771770SStanislav Sedov * require MN as input. Each of these function is marked up as such. 126*ae771770SStanislav Sedov * 127*ae771770SStanislav Sedov * 128*ae771770SStanislav Sedov * Describe relationship between import_name, canonicalize_name, 129*ae771770SStanislav Sedov * export_name and friends. 130*ae771770SStanislav Sedov */ 131*ae771770SStanislav Sedov 132*ae771770SStanislav Sedov /** @defgroup gssapi Heimdal GSS-API functions */ 133