1 /* 2 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #ifndef _GSSAPIP_SPNEGO_H_ 7 #define _GSSAPIP_SPNEGO_H_ 8 9 /* #pragma ident "@(#)gssapiP_spnego.h 1.3 03/09/18 SMI" */ 10 11 #ifdef __cplusplus 12 extern "C" { 13 #endif 14 15 #include <gssapi/gssapi.h> 16 #include <gssapi/gssapi_ext.h> 17 #include <syslog.h> 18 19 #define SEC_CONTEXT_TOKEN 1 20 #define SPNEGO_SIZE_OF_INT 4 21 22 #define ACCEPT_COMPLETE 0 23 #define ACCEPT_INCOMPLETE 1 24 #define REJECT 2 25 #define REQUEST_MIC 3 26 #define ACCEPT_DEFECTIVE_TOKEN 0xffffffffUL 27 28 /* 29 * constants for der encoding/decoding routines. 30 */ 31 32 #define MECH_OID 0x06 33 #define OCTET_STRING 0x04 34 #define CONTEXT 0xa0 35 #define SEQUENCE 0x30 36 #define SEQUENCE_OF 0x30 37 #define BIT_STRING 0x03 38 #define BIT_STRING_LENGTH 0x02 39 #define BIT_STRING_PADDING 0x01 40 #define ENUMERATED 0x0a 41 #define ENUMERATION_LENGTH 1 42 #define HEADER_ID 0x60 43 #define GENERAL_STRING 0x1b 44 45 /* 46 * SPNEGO specific error codes (minor status codes) 47 */ 48 #define ERR_SPNEGO_NO_MECHS_AVAILABLE 0x20000001 49 #define ERR_SPNEGO_NO_CREDS_ACQUIRED 0x20000002 50 #define ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR 0x20000003 51 #define ERR_SPNEGO_NEGOTIATION_FAILED 0x20000004 52 #define ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR 0x20000005 53 54 /* 55 * send_token_flag is used to indicate in later steps what type 56 * of token, if any should be sent or processed. 57 * NO_TOKEN_SEND = no token should be sent 58 * INIT_TOKEN_SEND = initial token will be sent 59 * CONT_TOKEN_SEND = continuing tokens to be sent 60 * CHECK_MIC = no token to be sent, but have a MIC to check. 61 * ERROR_TOKEN_SEND = error token from peer needs to be sent. 62 */ 63 64 typedef enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND, 65 CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag; 66 67 /* 68 * The Mech OID: 69 * { iso(1) org(3) dod(6) internet(1) security(5) 70 * mechanism(5) spnego(2) } 71 */ 72 73 #define SPNEGO_OID_LENGTH 6 74 #define SPNEGO_OID "\053\006\001\005\005\002" 75 76 typedef void *spnego_token_t; 77 78 /* spnego name structure for internal representation. */ 79 typedef struct { 80 gss_OID type; 81 gss_buffer_t buffer; 82 gss_OID mech_type; 83 gss_name_t mech_name; 84 } spnego_name_desc, *spnego_name_t; 85 86 /* Structure for context handle */ 87 typedef struct { 88 OM_uint32 magic_num; 89 gss_buffer_desc DER_mechTypes; 90 gss_OID internal_mech; 91 gss_ctx_id_t ctx_handle; 92 char *optionStr; 93 gss_cred_id_t default_cred; 94 int mic_reqd; 95 int mic_sent; 96 int mic_rcvd; 97 int firstpass; 98 int mech_complete; 99 int nego_done; 100 OM_uint32 ctx_flags; 101 gss_name_t internal_name; 102 gss_OID actual_mech; 103 } spnego_gss_ctx_id_rec, *spnego_gss_ctx_id_t; 104 105 /* 106 * The magic number must be less than a standard pagesize 107 * to avoid a possible collision with a real address. 108 */ 109 #define SPNEGO_MAGIC_ID 0x00000fed 110 111 /* SPNEGO oid declarations */ 112 extern const gss_OID_desc * const gss_mech_spnego; 113 extern const gss_OID_set_desc * const gss_mech_set_spnego; 114 115 /* SUNW17PACresync */ 116 #define TWRITE_STR(ptr, str, len) \ 117 memcpy((ptr), (char *)(str), (len)); \ 118 (ptr) += (len); 119 120 #ifdef DEBUG 121 #define dsyslog(a) syslog(LOG_DEBUG, a) 122 #else 123 #define dsyslog(a) 124 #define SPNEGO_STATIC 125 #endif /* DEBUG */ 126 127 /* 128 * declarations of internal name mechanism functions 129 */ 130 131 OM_uint32 spnego_gss_acquire_cred 132 ( 133 OM_uint32 *, /* minor_status */ 134 gss_name_t, /* desired_name */ 135 OM_uint32, /* time_req */ 136 gss_OID_set, /* desired_mechs */ 137 gss_cred_usage_t, /* cred_usage */ 138 gss_cred_id_t *, /* output_cred_handle */ 139 gss_OID_set *, /* actual_mechs */ 140 OM_uint32 * /* time_rec */ 141 ); 142 143 OM_uint32 glue_spnego_gss_acquire_cred 144 ( 145 void *, 146 OM_uint32 *, /* minor_status */ 147 gss_name_t, /* desired_name */ 148 OM_uint32, /* time_req */ 149 gss_OID_set, /* desired_mechs */ 150 gss_cred_usage_t, /* cred_usage */ 151 gss_cred_id_t *, /* output_cred_handle */ 152 gss_OID_set *, /* actual_mechs */ 153 OM_uint32 * /* time_rec */ 154 ); 155 156 OM_uint32 spnego_gss_release_cred 157 ( 158 OM_uint32 *, /* minor_status */ 159 /* CSTYLED */ 160 gss_cred_id_t * /* cred_handle */ 161 ); 162 163 OM_uint32 glue_spnego_gss_release_cred 164 ( 165 void *, 166 OM_uint32 *, /* minor_status */ 167 /* CSTYLED */ 168 gss_cred_id_t * /* cred_handle */ 169 ); 170 171 OM_uint32 spnego_gss_init_sec_context 172 ( 173 OM_uint32 *, /* minor_status */ 174 gss_cred_id_t, /* claimant_cred_handle */ 175 gss_ctx_id_t *, /* context_handle */ 176 gss_name_t, /* target_name */ 177 gss_OID, /* mech_type */ 178 OM_uint32, /* req_flags */ 179 OM_uint32, /* time_req */ 180 gss_channel_bindings_t, /* input_chan_bindings */ 181 gss_buffer_t, /* input_token */ 182 gss_OID *, /* actual_mech_type */ 183 gss_buffer_t, /* output_token */ 184 OM_uint32 *, /* ret_flags */ 185 OM_uint32 * /* time_rec */ 186 ); 187 188 OM_uint32 glue_spnego_gss_init_sec_context 189 ( 190 void *, 191 OM_uint32 *, /* minor_status */ 192 gss_cred_id_t, /* claimant_cred_handle */ 193 gss_ctx_id_t *, /* context_handle */ 194 gss_name_t, /* target_name */ 195 gss_OID, /* mech_type */ 196 OM_uint32, /* req_flags */ 197 OM_uint32, /* time_req */ 198 gss_channel_bindings_t, /* input_chan_bindings */ 199 gss_buffer_t, /* input_token */ 200 gss_OID *, /* actual_mech_type */ 201 gss_buffer_t, /* output_token */ 202 OM_uint32 *, /* ret_flags */ 203 OM_uint32 * /* time_rec */ 204 ); 205 206 #ifndef LEAN_CLIENT 207 OM_uint32 spnego_gss_accept_sec_context 208 ( 209 OM_uint32 *, /* minor_status */ 210 gss_ctx_id_t *, /* context_handle */ 211 gss_cred_id_t, /* verifier_cred_handle */ 212 gss_buffer_t, /* input_token_buffer */ 213 gss_channel_bindings_t, /* input_chan_bindings */ 214 gss_name_t *, /* src_name */ 215 gss_OID *, /* mech_type */ 216 gss_buffer_t, /* output_token */ 217 OM_uint32 *, /* ret_flags */ 218 OM_uint32 *, /* time_rec */ 219 /* CSTYLED */ 220 gss_cred_id_t * /* delegated_cred_handle */ 221 ); 222 OM_uint32 glue_spnego_gss_accept_sec_context 223 ( 224 void *, 225 OM_uint32 *, /* minor_status */ 226 gss_ctx_id_t *, /* context_handle */ 227 gss_cred_id_t, /* verifier_cred_handle */ 228 gss_buffer_t, /* input_token_buffer */ 229 gss_channel_bindings_t, /* input_chan_bindings */ 230 gss_name_t *, /* src_name */ 231 gss_OID *, /* mech_type */ 232 gss_buffer_t, /* output_token */ 233 OM_uint32 *, /* ret_flags */ 234 OM_uint32 *, /* time_rec */ 235 /* CSTYLED */ 236 gss_cred_id_t * /* delegated_cred_handle */ 237 ); 238 239 #endif /* LEAN_CLIENT */ 240 241 OM_uint32 spnego_gss_compare_name 242 ( 243 OM_uint32 *, /* minor_status */ 244 const gss_name_t, /* name1 */ 245 const gss_name_t, /* name2 */ 246 int * /* name_equal */ 247 ); 248 249 OM_uint32 glue_spnego_gss_compare_name 250 ( 251 void *, 252 OM_uint32 *, /* minor_status */ 253 const gss_name_t, /* name1 */ 254 const gss_name_t, /* name2 */ 255 int * /* name_equal */ 256 ); 257 258 OM_uint32 spnego_gss_display_name 259 ( 260 OM_uint32 *, /* minor_status */ 261 gss_name_t, /* input_name */ 262 gss_buffer_t, /* output_name_buffer */ 263 gss_OID * /* output_name_type */ 264 ); 265 266 OM_uint32 glue_spnego_gss_display_name 267 ( 268 void *, 269 OM_uint32 *, /* minor_status */ 270 gss_name_t, /* input_name */ 271 gss_buffer_t, /* output_name_buffer */ 272 gss_OID * /* output_name_type */ 273 ); 274 275 OM_uint32 spnego_gss_display_status 276 ( 277 OM_uint32 *, /* minor_status */ 278 OM_uint32, /* status_value */ 279 int, /* status_type */ 280 gss_OID, /* mech_type */ 281 OM_uint32 *, /* message_context */ 282 gss_buffer_t /* status_string */ 283 ); 284 285 OM_uint32 glue_spnego_gss_display_status 286 ( 287 void *, 288 OM_uint32 *, /* minor_status */ 289 OM_uint32, /* status_value */ 290 int, /* status_type */ 291 gss_OID, /* mech_type */ 292 OM_uint32 *, /* message_context */ 293 gss_buffer_t /* status_string */ 294 ); 295 296 OM_uint32 spnego_gss_import_name 297 ( 298 OM_uint32 *, /* minor_status */ 299 gss_buffer_t, /* input_name_buffer */ 300 gss_OID, /* input_name_type */ 301 /* CSTYLED */ 302 gss_name_t * /* output_name */ 303 ); 304 305 OM_uint32 glue_spnego_gss_import_name 306 ( 307 void *, 308 OM_uint32 *, /* minor_status */ 309 gss_buffer_t, /* input_name_buffer */ 310 gss_OID, /* input_name_type */ 311 /* CSTYLED */ 312 gss_name_t * /* output_name */ 313 ); 314 OM_uint32 spnego_gss_release_name 315 ( 316 OM_uint32 *, /* minor_status */ 317 /* CSTYLED */ 318 gss_name_t * /* input_name */ 319 ); 320 321 OM_uint32 glue_spnego_gss_release_name 322 ( 323 void *, 324 325 OM_uint32 *, /* minor_status */ 326 /* CSTYLED */ 327 gss_name_t * /* input_name */ 328 ); 329 330 OM_uint32 spnego_gss_inquire_names_for_mech 331 ( 332 OM_uint32 *, /* minor_status */ 333 gss_OID, /* mechanism */ 334 gss_OID_set * /* name_types */ 335 ); 336 337 OM_uint32 glue_spnego_gss_inquire_names_for_mech 338 ( 339 void *, 340 OM_uint32 *, /* minor_status */ 341 gss_OID, /* mechanism */ 342 gss_OID_set * /* name_types */ 343 ); 344 345 OM_uint32 spnego_gss_unwrap 346 ( 347 OM_uint32 *minor_status, 348 gss_ctx_id_t context_handle, 349 gss_buffer_t input_message_buffer, 350 gss_buffer_t output_message_buffer, 351 int *conf_state, 352 gss_qop_t *qop_state 353 ); 354 355 OM_uint32 spnego_gss_wrap 356 ( 357 OM_uint32 *minor_status, 358 gss_ctx_id_t context_handle, 359 int conf_req_flag, 360 gss_qop_t qop_req, 361 gss_buffer_t input_message_buffer, 362 int *conf_state, 363 gss_buffer_t output_message_buffer 364 ); 365 366 OM_uint32 spnego_gss_process_context_token 367 ( 368 OM_uint32 *minor_status, 369 const gss_ctx_id_t context_handle, 370 const gss_buffer_t token_buffer 371 ); 372 373 OM_uint32 spnego_gss_delete_sec_context 374 ( 375 OM_uint32 *minor_status, 376 gss_ctx_id_t *context_handle, 377 gss_buffer_t output_token 378 ); 379 380 OM_uint32 glue_spnego_gss_delete_sec_context 381 ( 382 void *, 383 384 OM_uint32 *minor_status, 385 gss_ctx_id_t *context_handle, 386 gss_buffer_t output_token 387 ); 388 389 OM_uint32 spnego_gss_context_time 390 ( 391 OM_uint32 *minor_status, 392 const gss_ctx_id_t context_handle, 393 OM_uint32 *time_rec 394 ); 395 OM_uint32 glue_spnego_gss_context_time 396 ( 397 void *, 398 OM_uint32 *minor_status, 399 const gss_ctx_id_t context_handle, 400 OM_uint32 *time_rec 401 ); 402 403 #ifndef LEAN_CLIENT 404 OM_uint32 spnego_gss_export_sec_context 405 ( 406 OM_uint32 *minor_status, 407 gss_ctx_id_t *context_handle, 408 gss_buffer_t interprocess_token 409 ); 410 411 OM_uint32 glue_spnego_gss_export_sec_context 412 ( 413 void *, 414 OM_uint32 *minor_status, 415 gss_ctx_id_t *context_handle, 416 gss_buffer_t interprocess_token 417 ); 418 419 OM_uint32 spnego_gss_import_sec_context 420 ( 421 OM_uint32 *minor_status, 422 const gss_buffer_t interprocess_token, 423 gss_ctx_id_t *context_handle 424 ); 425 OM_uint32 glue_spnego_gss_import_sec_context 426 ( 427 void *, 428 OM_uint32 *minor_status, 429 const gss_buffer_t interprocess_token, 430 gss_ctx_id_t *context_handle 431 ); 432 #endif /* LEAN_CLIENT */ 433 434 OM_uint32 glue_spnego_gss_inquire_context 435 ( 436 void *, 437 OM_uint32 *minor_status, 438 const gss_ctx_id_t context_handle, 439 gss_name_t *src_name, 440 gss_name_t *targ_name, 441 OM_uint32 *lifetime_rec, 442 gss_OID *mech_type, 443 OM_uint32 *ctx_flags, 444 int *locally_initiated, 445 int *opened 446 ); 447 448 OM_uint32 spnego_gss_inquire_context 449 ( 450 OM_uint32 *minor_status, 451 const gss_ctx_id_t context_handle, 452 gss_name_t *src_name, 453 gss_name_t *targ_name, 454 OM_uint32 *lifetime_rec, 455 gss_OID *mech_type, 456 OM_uint32 *ctx_flags, 457 int *locally_initiated, 458 int *opened 459 ); 460 461 OM_uint32 spnego_gss_wrap_size_limit 462 ( 463 OM_uint32 *minor_status, 464 const gss_ctx_id_t context_handle, 465 int conf_req_flag, 466 gss_qop_t qop_req, 467 OM_uint32 req_output_size, 468 OM_uint32 *max_input_size 469 ); 470 471 OM_uint32 glue_spnego_gss_wrap_size_limit 472 ( 473 void *, 474 OM_uint32 *minor_status, 475 const gss_ctx_id_t context_handle, 476 int conf_req_flag, 477 gss_qop_t qop_req, 478 OM_uint32 req_output_size, 479 OM_uint32 *max_input_size 480 ); 481 482 OM_uint32 spnego_gss_get_mic 483 ( 484 OM_uint32 *minor_status, 485 const gss_ctx_id_t context_handle, 486 gss_qop_t qop_req, 487 const gss_buffer_t message_buffer, 488 gss_buffer_t message_token 489 ); 490 491 OM_uint32 spnego_gss_verify_mic 492 ( 493 OM_uint32 *minor_status, 494 const gss_ctx_id_t context_handle, 495 const gss_buffer_t msg_buffer, 496 const gss_buffer_t token_buffer, 497 gss_qop_t *qop_state 498 ); 499 500 OM_uint32 501 spnego_gss_inquire_sec_context_by_oid 502 ( 503 OM_uint32 *minor_status, 504 const gss_ctx_id_t context_handle, 505 const gss_OID desired_object, 506 gss_buffer_set_t *data_set 507 ); 508 509 510 #ifdef _GSS_STATIC_LINK 511 int gss_spnegoint_lib_init(void); 512 void gss_spnegoint_lib_fini(void); 513 #else 514 gss_mechanism KRB5_CALLCONV gss_mech_initialize(void); 515 #endif /* _GSS_STATIC_LINK */ 516 517 #if 0 /* SUNW17PACresync - will be needed for full MIT 1.7 resync */ 518 OM_uint32 spnego_gss_wrap_aead 519 ( 520 OM_uint32 *minor_status, 521 gss_ctx_id_t context_handle, 522 int conf_req_flag, 523 gss_qop_t qop_req, 524 gss_buffer_t input_assoc_buffer, 525 gss_buffer_t input_payload_buffer, 526 int *conf_state, 527 gss_buffer_t output_message_buffer 528 ); 529 530 OM_uint32 spnego_gss_unwrap_aead 531 ( 532 OM_uint32 *minor_status, 533 gss_ctx_id_t context_handle, 534 gss_buffer_t input_message_buffer, 535 gss_buffer_t input_assoc_buffer, 536 gss_buffer_t output_payload_buffer, 537 int *conf_state, 538 gss_qop_t *qop_state 539 ); 540 541 OM_uint32 spnego_gss_wrap_iov 542 ( 543 OM_uint32 *minor_status, 544 gss_ctx_id_t context_handle, 545 int conf_req_flag, 546 gss_qop_t qop_req, 547 int *conf_state, 548 gss_iov_buffer_desc *iov, 549 int iov_count 550 ); 551 552 OM_uint32 spnego_gss_unwrap_iov 553 ( 554 OM_uint32 *minor_status, 555 gss_ctx_id_t context_handle, 556 int *conf_state, 557 gss_qop_t *qop_state, 558 gss_iov_buffer_desc *iov, 559 int iov_count 560 ); 561 562 OM_uint32 spnego_gss_wrap_iov_length 563 ( 564 OM_uint32 *minor_status, 565 gss_ctx_id_t context_handle, 566 int conf_req_flag, 567 gss_qop_t qop_req, 568 int *conf_state, 569 gss_iov_buffer_desc *iov, 570 int iov_count 571 ); 572 573 OM_uint32 574 spnego_gss_complete_auth_token 575 ( 576 OM_uint32 *minor_status, 577 const gss_ctx_id_t context_handle, 578 gss_buffer_t input_message_buffer 579 ); 580 #endif /* 0 */ 581 582 #ifdef __cplusplus 583 } 584 #endif 585 586 #endif /* _GSSAPIP_SPNEGO_H_ */ 587