xref: /illumos-gate/usr/src/uts/common/gssapi/gssapi.h (revision 71269a2275bf5a143dad6461eee2710a344e7261)
1 /*
2  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright 1993 by OpenVision Technologies, Inc.
8  *
9  * Permission to use, copy, modify, distribute, and sell this software
10  * and its documentation for any purpose is hereby granted without fee,
11  * provided that the above copyright notice appears in all copies and
12  * that both that copyright notice and this permission notice appear in
13  * supporting documentation, and that the name of OpenVision not be used
14  * in advertising or publicity pertaining to distribution of the software
15  * without specific, written prior permission. OpenVision makes no
16  * representations about the suitability of this software for any
17  * purpose.  It is provided "as is" without express or implied warranty.
18  *
19  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
20  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
21  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
22  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
23  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
24  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
25  * PERFORMANCE OF THIS SOFTWARE.
26  */
27 
28 #ifndef	_GSSAPI_H_
29 #define	_GSSAPI_H_
30 
31 #pragma ident	"%Z%%M%	%I%	%E% SMI"
32 
33 #ifdef	__cplusplus
34 extern "C" {
35 #endif
36 
37 
38 /*
39  * First, include sys/types.h to get size_t defined.
40  */
41 #include <sys/types.h>
42 
43 /*
44  * If the platform supports the xom.h header file, it should be
45  * included here.
46  */
47 #ifdef HAVE_XOM_H
48 #include <xom.h>
49 #endif
50 
51 /*
52  * Now define the three implementation-dependent types.
53  */
54 struct gss_ctx_id;
55 struct gss_cred_id;
56 struct gss_name;
57 
58 typedef struct gss_ctx_id  *gss_ctx_id_t;
59 typedef struct gss_cred_id *gss_cred_id_t;
60 typedef struct gss_name *gss_name_t;
61 
62 /*
63  * The following type must be defined as the smallest natural
64  * unsigned integer supported by the platform that has at least
65  * 32 bits of precision.
66  */
67 typedef unsigned int gss_uint32;
68 typedef int gss_int32;
69 
70 
71 #ifdef OM_STRING
72 /*
73  * We have included the xom.h header file.  Verify that OM_uint32
74  * is defined correctly.
75  */
76 
77 #if sizeof (gss_uint32) != sizeof (OM_uint32)
78 #error Incompatible definition of OM_uint32 from xom.h
79 #endif
80 
81 typedef OM_object_identifier gss_OID_desc, *gss_OID;
82 
83 #else
84 
85 
86 
87 /*
88  * We can't use X/Open definitions, so roll our own.
89  */
90 
91 typedef gss_uint32 OM_uint32;
92 
93 typedef struct gss_OID_desc_struct {
94 	OM_uint32 length;
95 	void*elements;
96 } gss_OID_desc, *gss_OID;
97 
98 #endif
99 
100 typedef struct gss_OID_set_desc_struct	{
101 	size_t  count;
102 	gss_OID elements;
103 } gss_OID_set_desc, *gss_OID_set;
104 
105 #ifdef	_SYSCALL32
106 typedef struct gss_OID_desc_struct32 {
107 	OM_uint32 length;
108 	caddr32_t elements;
109 } gss_OID_desc32, *gss_OID32;
110 #endif	/* _SYSCALL32 */
111 
112 typedef struct gss_buffer_desc_struct {
113 	size_t length;
114 	void *value;
115 } gss_buffer_desc, *gss_buffer_t;
116 
117 typedef struct gss_channel_bindings_struct {
118 	OM_uint32 initiator_addrtype;
119 	gss_buffer_desc initiator_address;
120 	OM_uint32 acceptor_addrtype;
121 	gss_buffer_desc acceptor_address;
122 	gss_buffer_desc application_data;
123 } *gss_channel_bindings_t;
124 
125 /*
126  * For now, define a QOP-type as an OM_uint32
127  */
128 typedef	OM_uint32 gss_qop_t;
129 typedef	int gss_cred_usage_t;
130 
131 /*
132  * Flag bits for context-level services.
133  */
134 #define	GSS_C_DELEG_FLAG 1
135 #define	GSS_C_MUTUAL_FLAG 2
136 #define	GSS_C_REPLAY_FLAG 4
137 #define	GSS_C_SEQUENCE_FLAG 8
138 #define	GSS_C_CONF_FLAG 16
139 #define	GSS_C_INTEG_FLAG 32
140 #define	GSS_C_ANON_FLAG 64
141 #define	GSS_C_PROT_READY_FLAG 128
142 #define	GSS_C_TRANS_FLAG 256
143 
144 /*
145  * Credential usage options
146  */
147 #define	GSS_C_BOTH 0
148 #define	GSS_C_INITIATE 1
149 #define	GSS_C_ACCEPT 2
150 
151 /*
152  * Status code types for gss_display_status
153  */
154 #define	GSS_C_GSS_CODE 1
155 #define	GSS_C_MECH_CODE 2
156 
157 /*
158  * The constant definitions for channel-bindings address families
159  */
160 #define	GSS_C_AF_UNSPEC		0
161 #define	GSS_C_AF_LOCAL		1
162 #define	GSS_C_AF_INET		2
163 #define	GSS_C_AF_IMPLINK	3
164 #define	GSS_C_AF_PUP		4
165 #define	GSS_C_AF_CHAOS		5
166 #define	GSS_C_AF_NS		6
167 #define	GSS_C_AF_NBS		7
168 #define	GSS_C_AF_ECMA		8
169 #define	GSS_C_AF_DATAKIT	9
170 #define	GSS_C_AF_CCITT		10
171 #define	GSS_C_AF_SNA		11
172 #define	GSS_C_AF_DECnet		12
173 #define	GSS_C_AF_DLI		13
174 #define	GSS_C_AF_LAT		14
175 #define	GSS_C_AF_HYLINK		15
176 #define	GSS_C_AF_APPLETALK	16
177 #define	GSS_C_AF_BSC		17
178 #define	GSS_C_AF_DSS		18
179 #define	GSS_C_AF_OSI		19
180 #define	GSS_C_AF_X25		21
181 
182 #define	GSS_C_AF_NULLADDR	255
183 
184 /*
185  * Various Null values
186  */
187 #define	GSS_C_NO_NAME ((gss_name_t) 0)
188 #define	GSS_C_NO_BUFFER ((gss_buffer_t) 0)
189 #define	GSS_C_NO_OID ((gss_OID) 0)
190 #define	GSS_C_NO_OID_SET ((gss_OID_set) 0)
191 #define	GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
192 #define	GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
193 #define	GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
194 #define	GSS_C_EMPTY_BUFFER {0, NULL}
195 
196 /*
197  * Some alternate names for a couple of the above
198  * values.  These are defined for V1 compatibility.
199  */
200 #define	GSS_C_NULL_OID		GSS_C_NO_OID
201 #define	GSS_C_NULL_OID_SET	GSS_C_NO_OID_SET
202 
203 /*
204  * Define the default Quality of Protection for per-message
205  * services.  Note that an implementation that offers multiple
206  * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
207  * (as done here) to mean "default protection", or to a specific
208  * explicit QOP value.  However, a value of 0 should always be
209  * interpreted by a GSSAPI implementation as a request for the
210  * default protection level.
211  */
212 #define	GSS_C_QOP_DEFAULT 0
213 
214 /*
215  * Expiration time of 2^32-1 seconds means infinite lifetime for a
216  * credential or security context
217  */
218 #define	GSS_C_INDEFINITE ((OM_uint32) 0xfffffffful)
219 
220 /*
221  * The implementation must reserve static storage for a
222  * gss_OID_desc object containing the value
223  * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
224  *  "\x01\x02\x01\x01"},
225  * corresponding to an object-identifier value of
226  * {iso(1) member-body(2) United States(840) mit(113554)
227  *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
228  * GSS_C_NT_USER_NAME should be initialized to point
229  * to that gss_OID_desc.
230  */
231 extern const gss_OID GSS_C_NT_USER_NAME;
232 
233 /*
234  * The implementation must reserve static storage for a
235  * gss_OID_desc object containing the value
236  * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
237  *  "\x01\x02\x01\x02"},
238  * corresponding to an object-identifier value of
239  * {iso(1) member-body(2) United States(840) mit(113554)
240  *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
241  * The constant GSS_C_NT_MACHINE_UID_NAME should be
242  * initialized to point to that gss_OID_desc.
243  */
244 extern const gss_OID GSS_C_NT_MACHINE_UID_NAME;
245 
246 /*
247  * The implementation must reserve static storage for a
248  * gss_OID_desc object containing the value
249  * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
250  *  "\x01\x02\x01\x03"},
251  * corresponding to an object-identifier value of
252  * {iso(1) member-body(2) United States(840) mit(113554)
253  *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
254  * The constant GSS_C_NT_STRING_UID_NAME should be
255  * initialized to point to that gss_OID_desc.
256  */
257 extern const gss_OID GSS_C_NT_STRING_UID_NAME;
258 
259 /*
260  * The implementation must reserve static storage for a
261  * gss_OID_desc object containing the value
262  * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
263  * corresponding to an object-identifier value of
264  * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
265  * 6(nametypes), 2(gss-host-based-services)}.  The constant
266  * GSS_C_NT_HOSTBASED_SERVICE should be initialized to point
267  * to that gss_OID_desc.
268  */
269 extern const gss_OID GSS_C_NT_HOSTBASED_SERVICE;
270 
271 /*
272  * The implementation must reserve static storage for a
273  * gss_OID_desc object containing the value
274  * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
275  * corresponding to an object identifier value of
276  * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
277  * 6(nametypes), 3(gss-anonymous-name)}.  The constant
278  * and GSS_C_NT_ANONYMOUS should be initialized to point
279  * to that gss_OID_desc.
280  */
281 extern const gss_OID GSS_C_NT_ANONYMOUS;
282 
283 /*
284  * The implementation must reserve static storage for a
285  * gss_OID_desc object containing the value
286  * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
287  * corresponding to an object-identifier value of
288  * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
289  * 6(nametypes), 4(gss-api-exported-name)}.  The constant
290  * GSS_C_NT_EXPORT_NAME should be initialized to point
291  * to that gss_OID_desc.
292  */
293 extern const gss_OID GSS_C_NT_EXPORT_NAME;
294 
295 
296 /* Major status codes */
297 
298 #define	GSS_S_COMPLETE 0
299 
300 /*
301  * Some "helper" definitions to make the status code macros obvious.
302  */
303 #define	GSS_C_CALLING_ERROR_OFFSET 24
304 #define	GSS_C_ROUTINE_ERROR_OFFSET 16
305 #define	GSS_C_SUPPLEMENTARY_OFFSET 0
306 #define	GSS_C_CALLING_ERROR_MASK ((OM_uint32) 0377ul)
307 #define	GSS_C_ROUTINE_ERROR_MASK ((OM_uint32) 0377ul)
308 #define	GSS_C_SUPPLEMENTARY_MASK ((OM_uint32) 0177777ul)
309 
310 /*
311  * The macros that test status codes for error conditions.
312  * Note that the GSS_ERROR() macro has changed slightly from
313  * the V1 GSSAPI so that it now evaluates its argument
314  * only once.
315  */
316 #define	GSS_CALLING_ERROR(x) \
317 	((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
318 #define	GSS_ROUTINE_ERROR(x) \
319 	((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
320 #define	GSS_SUPPLEMENTARY_INFO(x) \
321 	((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
322 #define	GSS_ERROR(x) \
323 	((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
324 	(GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
325 
326 /*
327  * Now the actual status code definitions
328  */
329 
330 /*
331  * Calling errors:
332  */
333 #define	GSS_S_CALL_INACCESSIBLE_READ \
334 	(((OM_uint32) 1ul) << GSS_C_CALLING_ERROR_OFFSET)
335 #define	GSS_S_CALL_INACCESSIBLE_WRITE \
336 	(((OM_uint32) 2ul) << GSS_C_CALLING_ERROR_OFFSET)
337 #define	GSS_S_CALL_BAD_STRUCTURE \
338 	(((OM_uint32) 3ul) << GSS_C_CALLING_ERROR_OFFSET)
339 
340 /*
341  * Routine errors:
342  */
343 #define	GSS_S_BAD_MECH (((OM_uint32) 1ul) << GSS_C_ROUTINE_ERROR_OFFSET)
344 #define	GSS_S_BAD_NAME (((OM_uint32) 2ul) << GSS_C_ROUTINE_ERROR_OFFSET)
345 #define	GSS_S_BAD_NAMETYPE (((OM_uint32) 3ul) << GSS_C_ROUTINE_ERROR_OFFSET)
346 #define	GSS_S_BAD_BINDINGS (((OM_uint32) 4ul) << GSS_C_ROUTINE_ERROR_OFFSET)
347 #define	GSS_S_BAD_STATUS (((OM_uint32) 5ul) << GSS_C_ROUTINE_ERROR_OFFSET)
348 #define	GSS_S_BAD_SIG (((OM_uint32) 6ul) << GSS_C_ROUTINE_ERROR_OFFSET)
349 #define	GSS_S_BAD_MIC GSS_S_BAD_SIG
350 #define	GSS_S_NO_CRED (((OM_uint32) 7ul) << GSS_C_ROUTINE_ERROR_OFFSET)
351 #define	GSS_S_NO_CONTEXT (((OM_uint32) 8ul) << GSS_C_ROUTINE_ERROR_OFFSET)
352 #define	GSS_S_DEFECTIVE_TOKEN (((OM_uint32) 9ul) << GSS_C_ROUTINE_ERROR_OFFSET)
353 #define	GSS_S_DEFECTIVE_CREDENTIAL \
354 	(((OM_uint32) 10ul) << GSS_C_ROUTINE_ERROR_OFFSET)
355 #define	GSS_S_CREDENTIALS_EXPIRED \
356 	(((OM_uint32) 11ul) << GSS_C_ROUTINE_ERROR_OFFSET)
357 #define	GSS_S_CONTEXT_EXPIRED \
358 	(((OM_uint32) 12ul) << GSS_C_ROUTINE_ERROR_OFFSET)
359 #define	GSS_S_FAILURE (((OM_uint32) 13ul) << GSS_C_ROUTINE_ERROR_OFFSET)
360 #define	GSS_S_BAD_QOP (((OM_uint32) 14ul) << GSS_C_ROUTINE_ERROR_OFFSET)
361 #define	GSS_S_UNAUTHORIZED (((OM_uint32) 15ul) << GSS_C_ROUTINE_ERROR_OFFSET)
362 #define	GSS_S_UNAVAILABLE (((OM_uint32) 16ul) << GSS_C_ROUTINE_ERROR_OFFSET)
363 #define	GSS_S_DUPLICATE_ELEMENT \
364 	(((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET)
365 #define	GSS_S_NAME_NOT_MN (((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET)
366 
367 /*
368  * Supplementary info bits:
369  */
370 #define	GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
371 #define	GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
372 #define	GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
373 #define	GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
374 #define	GSS_S_GAP_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
375 
376 
377 /*
378  * Finally, function prototypes for the GSS-API routines.
379  */
380 
381 OM_uint32 gss_acquire_cred(
382 	OM_uint32 *,		/* minor_status */
383 	const gss_name_t,	/* desired_name */
384 	OM_uint32,		/* time_req */
385 	const gss_OID_set,	/* desired_mechs */
386 	gss_cred_usage_t,	/* cred_usage */
387 	gss_cred_id_t *,	/* output_cred_handle */
388 	gss_OID_set *,		/* actual_mechs */
389 	OM_uint32 *		/* time_rec */
390 );
391 
392 OM_uint32 gss_release_cred(
393 	OM_uint32 *,		/* minor_status */
394 	gss_cred_id_t *		/* cred_handle */
395 );
396 
397 OM_uint32 gss_init_sec_context(
398 	OM_uint32 *,		/* minor_status */
399 	const gss_cred_id_t,	/* initiator_cred_handle */
400 	gss_ctx_id_t *,		/* context_handle */
401 	const gss_name_t,	/* target_name */
402 	const gss_OID,		/* mech_type */
403 	OM_uint32,		/* req_flags */
404 	OM_uint32,		/* time_req */
405 	gss_channel_bindings_t,	/* input_chan_bindings */
406 	const gss_buffer_t,	/* input_token */
407 	gss_OID *,		/* actual_mech_type */
408 	gss_buffer_t,		/* output_token */
409 	OM_uint32 *,		/* ret_flags */
410 	OM_uint32 *		/* time_rec */
411 );
412 
413 OM_uint32 gss_accept_sec_context(
414 	OM_uint32 *,		/* minor_status */
415 	gss_ctx_id_t *,		/* context_handle */
416 	const gss_cred_id_t,	/* acceptor_cred_handle */
417 	const gss_buffer_t,	/* input_token_buffer */
418 	const gss_channel_bindings_t,	/* input_chan_bindings */
419 	gss_name_t *,		/* src_name */
420 	gss_OID *,		/* mech_type */
421 	gss_buffer_t,		/* output_token */
422 	OM_uint32 *,		/* ret_flags */
423 	OM_uint32 *,		/* time_rec */
424 	gss_cred_id_t *		/* delegated_cred_handle */
425 );
426 
427 OM_uint32 gss_process_context_token(
428 	OM_uint32 *,		/* minor_status */
429 	const gss_ctx_id_t,	/* context_handle */
430 	const gss_buffer_t	/* token_buffer */
431 );
432 
433 OM_uint32 gss_delete_sec_context(
434 	OM_uint32 *,		/* minor_status */
435 	gss_ctx_id_t *,		/* context_handle */
436 	gss_buffer_t		/* output_token */
437 );
438 
439 OM_uint32 gss_context_time(
440 	OM_uint32 *,		/* minor_status */
441 	const gss_ctx_id_t,	/* context_handle */
442 	OM_uint32 *		/* time_rec */
443 );
444 
445 OM_uint32 gss_get_mic(
446 	OM_uint32 *,		/* minor_status */
447 	const gss_ctx_id_t,	/* context_handle */
448 	gss_qop_t,		/* qop_req */
449 	const gss_buffer_t,	/* message_buffer */
450 	gss_buffer_t		/* message_token */
451 );
452 
453 OM_uint32 gss_verify_mic(
454 	OM_uint32 *,		/* minor_status */
455 	const gss_ctx_id_t,	/* context_handle */
456 	const gss_buffer_t,	/* message_buffer */
457 	const gss_buffer_t,	/* token_buffer */
458 	gss_qop_t *		/* qop_state */
459 );
460 
461 OM_uint32 gss_wrap(
462 	OM_uint32 *,		/* minor_status */
463 	const gss_ctx_id_t,	/* context_handle */
464 	int,			/* conf_req_flag */
465 	gss_qop_t,		/* qop_req */
466 	const gss_buffer_t,	/* input_message_buffer */
467 	int *,			/* conf_state */
468 	gss_buffer_t		/* output_message_buffer */
469 );
470 
471 OM_uint32 gss_unwrap(
472 	OM_uint32 *,		/* minor_status */
473 	const gss_ctx_id_t,	/* context_handle */
474 	const gss_buffer_t,	/* input_message_buffer */
475 	gss_buffer_t,		/* output_message_buffer */
476 	int *,			/* conf_state */
477 	gss_qop_t *		/* qop_state */
478 );
479 
480 OM_uint32 gss_display_status(
481 	OM_uint32 *,		/* minor_status */
482 	OM_uint32,		/* status_value */
483 	int,			/* status_type */
484 	const gss_OID,		/* mech_type */
485 	OM_uint32 *,		/* message_context */
486 	gss_buffer_t		/* status_string */
487 );
488 
489 OM_uint32 gss_indicate_mechs(
490 	OM_uint32 *,		/* minor_status */
491 	gss_OID_set *		/* mech_set */
492 );
493 
494 OM_uint32 gss_compare_name(
495 	OM_uint32 *,		/* minor_status */
496 	const gss_name_t,	/* name1 */
497 	const gss_name_t,	/* name2 */
498 	int *			/* name_equal */
499 );
500 
501 OM_uint32 gss_display_name(
502 	OM_uint32 *,		/* minor_status */
503 	const gss_name_t,	/* input_name */
504 	gss_buffer_t,		/* output_name_buffer */
505 	gss_OID *		/* output_name_type */
506 );
507 
508 OM_uint32 gss_import_name(
509 	OM_uint32 *,		/* minor_status */
510 	const gss_buffer_t,	/* input_name_buffer */
511 	const gss_OID,		/* input_name_type */
512 	gss_name_t *		/* output_name */
513 );
514 
515 OM_uint32 gss_export_name(
516 	OM_uint32 *,		/* minor_status */
517 	const gss_name_t,  	/* input_name */
518 	gss_buffer_t 		/* exported_name */
519 );
520 
521 OM_uint32 gss_release_name(
522 	OM_uint32 *,		/* minor_status */
523 	gss_name_t *		/* input_name */
524 );
525 
526 OM_uint32 gss_release_buffer(
527 	OM_uint32 *,		/* minor_status */
528 	gss_buffer_t		/* buffer */
529 );
530 
531 OM_uint32 gss_release_oid_set(
532 	OM_uint32 *,		/* minor_status */
533 	gss_OID_set *		/* set */
534 );
535 
536 OM_uint32 gss_inquire_cred(
537 	OM_uint32 *,		/* minor_status */
538 	const gss_cred_id_t,	/* cred_handle */
539 	gss_name_t *,		/* name */
540 	OM_uint32 *,		/* lifetime */
541 	gss_cred_usage_t *,	/* cred_usage */
542 	gss_OID_set *		/* mechanisms */
543 );
544 
545 OM_uint32 gss_inquire_context(
546 	OM_uint32 *,		/* minor_status */
547 	const gss_ctx_id_t,	/* context_handle */
548 	gss_name_t *,		/* src_name */
549 	gss_name_t *,		/* targ_name */
550 	OM_uint32 *,		/* lifetime_rec */
551 	gss_OID *,		/* mech_type */
552 	OM_uint32 *,		/* ctx_flags */
553 	int *,			/* locally_initiated */
554 	int *			/* open */
555 );
556 
557 OM_uint32 gss_wrap_size_limit(
558 	OM_uint32 *,		/* minor_status */
559 	const gss_ctx_id_t,	/* context_handle */
560 	int,			/* conf_req_flag */
561 	gss_qop_t,		/* qop_req */
562 	OM_uint32,		/* req_output_size */
563 	OM_uint32 *		/* max_input_size */
564 );
565 
566 OM_uint32 gss_add_cred(
567 	OM_uint32 *,		/* minor_status */
568 	const gss_cred_id_t,	/* input_cred_handle */
569 	const gss_name_t,	/* desired_name */
570 	const gss_OID,		/* desired_mech */
571 	gss_cred_usage_t,	/* cred_usage */
572 	OM_uint32,		/* initiator_time_req */
573 	OM_uint32,		/* acceptor_time_req */
574 	gss_cred_id_t *,	/* output_cred_handle */
575 	gss_OID_set *,		/* actual_mechs */
576 	OM_uint32 *,		/* initiator_time_rec */
577 	OM_uint32 *		/* acceptor_time_rec */
578 );
579 
580 OM_uint32 gss_store_cred(
581 	OM_uint32 *,		/* minor_status */
582 	const gss_cred_id_t,	/* input_cred */
583 	gss_cred_usage_t,	/* cred_usage */
584 	const gss_OID,		/* desired_mech */
585 	OM_uint32,		/* overwrite_cred */
586 	OM_uint32,		/* default_cred */
587 	gss_OID_set *,		/* elements_stored */
588 	gss_cred_usage_t *	/* cred_usage_stored */
589 );
590 
591 OM_uint32 gss_inquire_cred_by_mech(
592 	OM_uint32  *,		/* minor_status */
593 	const gss_cred_id_t,	/* cred_handle */
594 	const gss_OID,		/* mech_type */
595 	gss_name_t *,		/* name */
596 	OM_uint32 *,		/* initiator_lifetime */
597 	OM_uint32 *,		/* acceptor_lifetime */
598 	gss_cred_usage_t *	/* cred_usage */
599 );
600 
601 OM_uint32 gss_export_sec_context(
602 	OM_uint32 *,		/* minor_status */
603 	gss_ctx_id_t *,		/* context_handle */
604 	gss_buffer_t		/* interprocess_token */
605 );
606 
607 OM_uint32 gss_import_sec_context(
608 	OM_uint32 *,		/* minor_status */
609 	const gss_buffer_t,	/* interprocess_token */
610 	gss_ctx_id_t *		/* context_handle */
611 );
612 
613 OM_uint32 gss_create_empty_oid_set(
614 	OM_uint32 *, 		/* minor_status */
615 	gss_OID_set *		/* oid_set */
616 );
617 
618 OM_uint32 gss_add_oid_set_member(
619 	OM_uint32 *, 		/* minor_status */
620 	const gss_OID,  	/* member_oid */
621 	gss_OID_set *		/* oid_set */
622 );
623 
624 OM_uint32 gss_test_oid_set_member(
625 	OM_uint32 *, 		/* minor_status */
626 	const gss_OID,  	/* member */
627 	const gss_OID_set, 	/* set */
628 	int *  			/* present */
629 );
630 
631 OM_uint32 gss_inquire_names_for_mech(
632 	OM_uint32 *, 		/* minor_status */
633 	const gss_OID,  	/* mechanism */
634 	gss_OID_set *		/* name_types */
635 );
636 
637 OM_uint32 gss_inquire_mechs_for_name(
638 	OM_uint32 *, 		/* minor_status */
639 	const gss_name_t,  	/* input_name */
640 	gss_OID_set *		/* mech_types */
641 );
642 
643 OM_uint32 gss_canonicalize_name(
644 	OM_uint32 *, 		/* minor_status */
645 	const gss_name_t,  	/* input_name */
646 	const gss_OID,  	/* mech_type */
647 	gss_name_t * 		/* output_name */
648 );
649 
650 OM_uint32 gss_duplicate_name(
651 	OM_uint32 *, 		/* minor_status */
652 	const gss_name_t,  	/* src_name */
653 	gss_name_t * 		/* dest_name */
654 );
655 
656 
657 OM_uint32 gss_release_oid(
658 	OM_uint32 *,		/* minor_status */
659 	gss_OID *		/* oid */
660 );
661 
662 OM_uint32 gss_str_to_oid(
663 	OM_uint32 *,		/* minor_status */
664 	const gss_buffer_t,	/* oid_str */
665 	gss_OID *		/* oid */
666 );
667 
668 OM_uint32 gss_oid_to_str(
669 	OM_uint32 *,		/* minor_status */
670 	const gss_OID,		/* oid */
671 	gss_buffer_t		/* oid_str */
672 );
673 
674 
675 /*
676  * The following routines are obsolete variants of gss_get_mic,
677  * gss_verify_mic, gss_wrap and gss_unwrap.  They should be
678  * provided by GSSAPI V2 implementations for backwards
679  * compatibility with V1 applications.  Distinct entrypoints
680  * (as opposed to #defines) should be provided, both to allow
681  * GSSAPI V1 applications to link against GSSAPI V2 implementations,
682  * and to retain the slight parameter type differences between the
683  * obsolete versions of these routines and their current forms.
684  */
685 
686 OM_uint32 gss_sign(
687 	OM_uint32 *,		/* minor_status */
688 	gss_ctx_id_t,		/* context_handle */
689 	int,			/* qop_req */
690 	gss_buffer_t,		/* message_buffer */
691 	gss_buffer_t		/* message_token */
692 );
693 
694 OM_uint32 gss_verify(
695 	OM_uint32 *,		/* minor_status */
696 	gss_ctx_id_t,		/* context_handle */
697 	gss_buffer_t,		/* message_buffer */
698 	gss_buffer_t,		/* token_buffer */
699 	int *			/* qop_state */
700 );
701 
702 OM_uint32 gss_seal(
703 	OM_uint32 *,		/* minor_status */
704 	gss_ctx_id_t,		/* context_handle */
705 	int,			/* conf_req_flag */
706 	int,			/* qop_req */
707 	gss_buffer_t,		/* input_message_buffer */
708 	int *,			/* conf_state */
709 	gss_buffer_t		/* output_message_buffer */
710 );
711 
712 OM_uint32 gss_unseal(
713 	OM_uint32 *,		/* minor_status */
714 	gss_ctx_id_t,		/* context_handle */
715 	gss_buffer_t,		/* input_message_buffer */
716 	gss_buffer_t,		/* output_message_buffer */
717 	int *,			/* conf_state */
718 	int *			/* qop_state */
719 );
720 
721 
722 #ifdef _KERNEL /* For kernel */
723 
724 #include <rpc/types.h>
725 
726 void kgss_free_oid(gss_OID oid);
727 
728 OM_uint32 kgss_acquire_cred(
729 	OM_uint32 *,
730 	const gss_name_t,
731 	OM_uint32,
732 	const gss_OID_set,
733 	int,
734 	gss_cred_id_t *,
735 	gss_OID_set *,
736 	OM_uint32 *,
737 	uid_t);
738 
739 OM_uint32 kgss_add_cred(
740 	OM_uint32 *,
741 	gss_cred_id_t,
742 	gss_name_t,
743 	gss_OID,
744 	int,
745 	int,
746 	int,
747 	gss_OID_set *,
748 	OM_uint32 *,
749 	OM_uint32 *,
750 	uid_t);
751 
752 OM_uint32 kgss_release_cred(
753 	OM_uint32 *,
754 	gss_cred_id_t *,
755 	uid_t);
756 
757 OM_uint32 kgss_init_sec_context(
758 	OM_uint32 *,
759 	const gss_cred_id_t,
760 	gss_ctx_id_t *,
761 	const gss_name_t,
762 	const gss_OID,
763 	int,
764 	OM_uint32,
765 	const gss_channel_bindings_t,
766 	const gss_buffer_t,
767 	gss_OID *,
768 	gss_buffer_t,
769 	int *,
770 	OM_uint32 *,
771 	uid_t);
772 
773 OM_uint32 kgss_accept_sec_context(
774 	OM_uint32 *,
775 	gss_ctx_id_t *,
776 	const gss_cred_id_t,
777 	const gss_buffer_t,
778 	const gss_channel_bindings_t,
779 	const gss_buffer_t,
780 	gss_OID *,
781 	gss_buffer_t,
782 	int *,
783 	OM_uint32 *,
784 	gss_cred_id_t *,
785 	uid_t);
786 
787 OM_uint32 kgss_process_context_token(
788 	OM_uint32 *,
789 	const gss_ctx_id_t,
790 	const gss_buffer_t,
791 	uid_t);
792 
793 OM_uint32 kgss_delete_sec_context(
794 	OM_uint32 *,
795 	gss_ctx_id_t *,
796 	gss_buffer_t);
797 
798 OM_uint32 kgss_export_sec_context(
799 	OM_uint32 *,
800 	const gss_ctx_id_t,
801 	gss_buffer_t);
802 
803 OM_uint32 kgss_import_sec_context(
804 	OM_uint32  *,
805 	const gss_buffer_t,
806 	gss_ctx_id_t);
807 
808 OM_uint32 kgss_context_time(
809 	OM_uint32 *,
810 	const gss_ctx_id_t,
811 	OM_uint32 *,
812 	uid_t);
813 
814 OM_uint32 kgss_sign(
815 	OM_uint32 *,
816 	const gss_ctx_id_t,
817 	int,
818 	const gss_buffer_t,
819 	gss_buffer_t);
820 
821 
822 OM_uint32 kgss_verify(
823 	OM_uint32 *,
824 	const gss_ctx_id_t,
825 	const gss_buffer_t,
826 	const gss_buffer_t,
827 	int *);
828 
829 OM_uint32 kgss_seal(
830 	OM_uint32 *,
831 	const gss_ctx_id_t,
832 	int,
833 	int,
834 	const gss_buffer_t,
835 	int *,
836 	gss_buffer_t);
837 
838 OM_uint32 kgss_unseal(
839 	OM_uint32 *,
840 	const gss_ctx_id_t,
841 	const gss_buffer_t,
842 	gss_buffer_t,
843 	int *,
844 	int *);
845 
846 OM_uint32 kgss_display_status(
847 	OM_uint32 *,
848 	OM_uint32,
849 	int,
850 	const gss_OID,
851 	int *,
852 	gss_buffer_t,
853 	uid_t);
854 
855 OM_uint32 kgss_indicate_mechs(
856 	OM_uint32 *,
857 	gss_OID_set *,
858 	uid_t);
859 
860 OM_uint32 kgss_inquire_cred(
861 	OM_uint32 *,
862 	const gss_cred_id_t,
863 	gss_name_t *,
864 	OM_uint32 *,
865 	int *,
866 	gss_OID_set *,
867 	uid_t);
868 
869 OM_uint32 kgss_inquire_cred_by_mech(
870 	OM_uint32 *,
871 	gss_cred_id_t,
872 	gss_OID,
873 	uid_t);
874 
875 
876 #endif /* if _KERNEL */
877 
878 #ifdef	__cplusplus
879 }
880 #endif
881 
882 #endif	/* _GSSAPI_H_ */
883