1 /* 2 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 3 */ 4 /* 5 * Copyright 2000 by the Massachusetts Institute of Technology. 6 * All Rights Reserved. 7 * 8 * Export of this software from the United States of America may 9 * require a specific license from the United States Government. 10 * It is the responsibility of any person or organization contemplating 11 * export to obtain such a license before exporting. 12 * 13 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 14 * distribute this software and its documentation for any purpose and 15 * without fee is hereby granted, provided that the above copyright 16 * notice appear in all copies and that both that copyright notice and 17 * this permission notice appear in supporting documentation, and that 18 * the name of M.I.T. not be used in advertising or publicity pertaining 19 * to distribution of the software without specific, written prior 20 * permission. Furthermore if you modify this software you must label 21 * your software as modified software and not distribute it in such a 22 * fashion that it might be confused with the original M.I.T. software. 23 * M.I.T. makes no representations about the suitability of 24 * this software for any purpose. It is provided "as is" without express 25 * or implied warranty. 26 * 27 */ 28 /* 29 * Copyright 1993 by OpenVision Technologies, Inc. 30 * 31 * Permission to use, copy, modify, distribute, and sell this software 32 * and its documentation for any purpose is hereby granted without fee, 33 * provided that the above copyright notice appears in all copies and 34 * that both that copyright notice and this permission notice appear in 35 * supporting documentation, and that the name of OpenVision not be used 36 * in advertising or publicity pertaining to distribution of the software 37 * without specific, written prior permission. OpenVision makes no 38 * representations about the suitability of this software for any 39 * purpose. It is provided "as is" without express or implied warranty. 40 * 41 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 42 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 43 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 44 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 45 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 46 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 47 * PERFORMANCE OF THIS SOFTWARE. 48 */ 49 50 #ifndef _GSSAPIP_KRB5_H_ 51 #define _GSSAPIP_KRB5_H_ 52 53 #include <k5-int.h> 54 55 #ifdef HAVE_MEMORY_H 56 #include <memory.h> 57 #endif 58 59 /* work around sunos braindamage */ 60 #ifdef major 61 #undef major 62 #endif 63 #ifdef minor 64 #undef minor 65 #endif 66 67 #include "gssapiP_generic.h" 68 69 /* The include of gssapi_krb5.h will dtrt with the above #defines in 70 * effect. 71 */ 72 #include "gssapi_krb5.h" 73 #include "gssapi_err_krb5.h" 74 #include "gssapi_ext.h" 75 76 /* for debugging */ 77 #undef CFX_EXERCISE 78 79 /** constants **/ 80 81 #define GSS_MECH_KRB5_OID_LENGTH 9 82 #define GSS_MECH_KRB5_OID "\052\206\110\206\367\022\001\002\002" 83 84 #define GSS_MECH_KRB5_OLD_OID_LENGTH 5 85 #define GSS_MECH_KRB5_OLD_OID "\053\005\001\005\002" 86 87 /* Incorrect krb5 mech OID emitted by MS. */ 88 #define GSS_MECH_KRB5_WRONG_OID_LENGTH 9 89 #define GSS_MECH_KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002" 90 91 92 #define CKSUMTYPE_KG_CB 0x8003 93 94 #define KG_TOK_CTX_AP_REQ 0x0100 95 #define KG_TOK_CTX_AP_REP 0x0200 96 #define KG_TOK_CTX_ERROR 0x0300 97 #define KG_TOK_SIGN_MSG 0x0101 98 #define KG_TOK_SEAL_MSG 0x0201 99 #define KG_TOK_MIC_MSG 0x0101 100 #define KG_TOK_WRAP_MSG 0x0201 101 #define KG_TOK_DEL_CTX 0x0102 102 103 #define KG2_TOK_INITIAL 0x0101 104 #define KG2_TOK_RESPONSE 0x0202 105 #define KG2_TOK_MIC 0x0303 106 #define KG2_TOK_WRAP_INTEG 0x0404 107 #define KG2_TOK_WRAP_PRIV 0x0505 108 109 #define KRB5_GSS_FOR_CREDS_OPTION 1 110 111 #define KG2_RESP_FLAG_ERROR 0x0001 112 #define KG2_RESP_FLAG_DELEG_OK 0x0002 113 114 /* These are to be stored in little-endian order, i.e., des-mac is 115 stored as 02 00. */ 116 enum sgn_alg { 117 SGN_ALG_DES_MAC_MD5 = 0x0000, 118 SGN_ALG_MD2_5 = 0x0001, 119 SGN_ALG_DES_MAC = 0x0002, 120 SGN_ALG_3 = 0x0003, /* not published */ 121 SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */ 122 SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 123 }; 124 enum seal_alg { 125 SEAL_ALG_NONE = 0xffff, 126 SEAL_ALG_DES = 0x0000, 127 SEAL_ALG_1 = 0x0001, /* not published */ 128 SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */ 129 SEAL_ALG_DES3KD = 0x0002 130 }; 131 132 /* for 3DES */ 133 #define KG_USAGE_SEAL 22 134 #define KG_USAGE_SIGN 23 135 #define KG_USAGE_SEQ 24 136 137 /* for draft-ietf-krb-wg-gssapi-cfx-01 */ 138 #define KG_USAGE_ACCEPTOR_SEAL 22 139 #define KG_USAGE_ACCEPTOR_SIGN 23 140 #define KG_USAGE_INITIATOR_SEAL 24 141 #define KG_USAGE_INITIATOR_SIGN 25 142 143 enum qop { 144 GSS_KRB5_INTEG_C_QOP_MD5 = 0x0001, /* *partial* MD5 = "MD2.5" */ 145 GSS_KRB5_INTEG_C_QOP_DES_MD5 = 0x0002, 146 GSS_KRB5_INTEG_C_QOP_DES_MAC = 0x0003, 147 GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004, 148 GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff, 149 GSS_KRB5_CONF_C_QOP_DES = 0x0100, 150 GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, 151 GSS_KRB5_CONF_C_QOP_MASK = 0xff00 152 }; 153 154 /** internal types **/ 155 156 typedef krb5_principal krb5_gss_name_t; 157 158 typedef struct _krb5_gss_cred_id_rec { 159 /* protect against simultaneous accesses */ 160 k5_mutex_t lock; 161 162 /* name/type of credential */ 163 gss_cred_usage_t usage; 164 krb5_principal princ; /* this is not interned as a gss_name_t */ 165 int prerfc_mech; 166 int rfc_mech; 167 168 /* keytab (accept) data */ 169 krb5_keytab keytab; 170 krb5_rcache rcache; 171 172 /* ccache (init) data */ 173 krb5_ccache ccache; 174 krb5_timestamp tgt_expire; 175 krb5_enctype *req_enctypes; /* limit negotiated enctypes to this list */ 176 } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; 177 178 typedef struct _krb5_gss_ctx_id_rec { 179 unsigned int initiate : 1; /* nonzero if initiating, zero if accepting */ 180 unsigned int established : 1; 181 unsigned int big_endian : 1; 182 unsigned int have_acceptor_subkey : 1; 183 unsigned int seed_init : 1; /* XXX tested but never actually set */ 184 OM_uint32 gss_flags; 185 unsigned char seed[16]; 186 krb5_principal here; 187 krb5_principal there; 188 krb5_keyblock *subkey; 189 int signalg; 190 size_t cksum_size; 191 int sealalg; 192 krb5_keyblock *enc; 193 krb5_keyblock *seq; 194 krb5_timestamp endtime; 195 krb5_ticket_times krb_times; 196 krb5_flags krb_flags; 197 /* XXX these used to be signed. the old spec is inspecific, and 198 the new spec specifies unsigned. I don't believe that the change 199 affects the wire encoding. */ 200 gssint_uint64 seq_send; 201 gssint_uint64 seq_recv; 202 void *seqstate; 203 krb5_context k5_context; 204 krb5_auth_context auth_context; 205 gss_OID_desc *mech_used; 206 /* Protocol spec revision 207 0 => RFC 1964 with 3DES and RC4 enhancements 208 1 => draft-ietf-krb-wg-gssapi-cfx-01 209 No others defined so far. */ 210 int proto; 211 krb5_cksumtype cksumtype; /* for "main" subkey */ 212 krb5_keyblock *acceptor_subkey; /* CFX only */ 213 krb5_cksumtype acceptor_subkey_cksumtype; 214 int cred_rcache; /* did we get rcache from creds? */ 215 krb5_authdata **authdata; 216 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t; 217 218 extern g_set kg_vdb; 219 220 extern k5_mutex_t gssint_krb5_keytab_lock; 221 222 /* helper macros */ 223 224 #define kg_save_name(name) g_save_name(&kg_vdb,name) 225 #define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred) 226 #define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx) 227 #define kg_save_lucidctx_id(lctx) g_save_lucidctx_id(&kg_vdb,lctx) 228 229 #define kg_validate_name(name) g_validate_name(&kg_vdb,name) 230 #define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred) 231 #define kg_validate_ctx_id(ctx) g_validate_ctx_id(&kg_vdb,ctx) 232 #define kg_validate_lucidctx_id(lctx) g_validate_lucidctx_id(&kg_vdb,lctx) 233 234 #define kg_delete_name(name) g_delete_name(&kg_vdb,name) 235 #define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred) 236 #define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx) 237 #define kg_delete_lucidctx_id(lctx) g_delete_lucidctx_id(&kg_vdb,lctx) 238 239 /** helper functions **/ 240 241 OM_uint32 kg_get_defcred 242 (OM_uint32 *minor_status, 243 gss_cred_id_t *cred); 244 245 krb5_error_code kg_checksum_channel_bindings 246 (krb5_context context, gss_channel_bindings_t cb, 247 krb5_checksum *cksum, 248 int bigend); 249 250 krb5_error_code kg_make_seq_num (krb5_context context, 251 krb5_keyblock *key, 252 int direction, krb5_ui_4 seqnum, unsigned char *cksum, 253 unsigned char *buf); 254 255 krb5_error_code kg_get_seq_num (krb5_context context, 256 krb5_keyblock *key, 257 unsigned char *cksum, unsigned char *buf, int *direction, 258 krb5_ui_4 *seqnum); 259 260 krb5_error_code kg_make_seed (krb5_context context, 261 krb5_keyblock *key, 262 unsigned char *seed); 263 264 int kg_confounder_size (krb5_context context, krb5_keyblock *key); 265 266 krb5_error_code kg_make_confounder (krb5_context context, 267 krb5_keyblock *key, unsigned char *buf); 268 269 krb5_error_code kg_encrypt (krb5_context context, 270 krb5_keyblock *key, int usage, 271 krb5_pointer iv, 272 krb5_const_pointer in, 273 krb5_pointer out, 274 unsigned int length); 275 krb5_error_code 276 kg_arcfour_docrypt (krb5_context, 277 const krb5_keyblock *longterm_key , int ms_usage, 278 const unsigned char *kd_data, size_t kd_data_len, 279 const unsigned char *input_buf, size_t input_len, 280 unsigned char *output_buf); 281 282 krb5_error_code kg_decrypt (krb5_context context, 283 krb5_keyblock *key, int usage, 284 krb5_pointer iv, 285 krb5_const_pointer in, 286 krb5_pointer out, 287 unsigned int length); 288 289 OM_uint32 kg_seal (OM_uint32 *minor_status, 290 gss_ctx_id_t context_handle, 291 int conf_req_flag, 292 int qop_req, 293 gss_buffer_t input_message_buffer, 294 int *conf_state, 295 gss_buffer_t output_message_buffer, 296 int toktype); 297 298 OM_uint32 kg_unseal (OM_uint32 *minor_status, 299 gss_ctx_id_t context_handle, 300 gss_buffer_t input_token_buffer, 301 gss_buffer_t message_buffer, 302 int *conf_state, 303 int *qop_state, 304 int toktype); 305 306 OM_uint32 kg_seal_size (OM_uint32 *minor_status, 307 gss_ctx_id_t context_handle, 308 int conf_req_flag, 309 gss_qop_t qop_req, 310 OM_uint32 output_size, 311 OM_uint32 *input_size); 312 313 krb5_error_code kg_ctx_size (krb5_context kcontext, 314 krb5_pointer arg, 315 size_t *sizep); 316 317 krb5_error_code kg_ctx_externalize (krb5_context kcontext, 318 krb5_pointer arg, 319 krb5_octet **buffer, 320 size_t *lenremain); 321 322 krb5_error_code kg_ctx_internalize (krb5_context kcontext, 323 krb5_pointer *argp, 324 krb5_octet **buffer, 325 size_t *lenremain); 326 327 OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status); 328 329 OM_uint32 kg_caller_provided_ccache_name (OM_uint32 *minor_status, 330 int *out_caller_provided_name); 331 332 OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, 333 const char **out_name); 334 335 OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status, 336 const char *name); 337 338 /** declarations of internal name mechanism functions **/ 339 340 OM_uint32 krb5_gss_acquire_cred 341 (OM_uint32*, /* minor_status */ 342 gss_name_t, /* desired_name */ 343 OM_uint32, /* time_req */ 344 gss_OID_set, /* desired_mechs */ 345 gss_cred_usage_t, /* cred_usage */ 346 gss_cred_id_t*, /* output_cred_handle */ 347 gss_OID_set*, /* actual_mechs */ 348 OM_uint32* /* time_rec */ 349 ); 350 351 OM_uint32 krb5_gss_release_cred 352 (OM_uint32*, /* minor_status */ 353 gss_cred_id_t* /* cred_handle */ 354 ); 355 356 OM_uint32 krb5_gss_init_sec_context 357 (OM_uint32*, /* minor_status */ 358 gss_cred_id_t, /* claimant_cred_handle */ 359 gss_ctx_id_t*, /* context_handle */ 360 gss_name_t, /* target_name */ 361 gss_OID, /* mech_type */ 362 OM_uint32, /* req_flags */ 363 OM_uint32, /* time_req */ 364 gss_channel_bindings_t, 365 /* input_chan_bindings */ 366 gss_buffer_t, /* input_token */ 367 gss_OID*, /* actual_mech_type */ 368 gss_buffer_t, /* output_token */ 369 OM_uint32*, /* ret_flags */ 370 OM_uint32* /* time_rec */ 371 ); 372 373 OM_uint32 krb5_gss_accept_sec_context 374 (OM_uint32*, /* minor_status */ 375 gss_ctx_id_t*, /* context_handle */ 376 gss_cred_id_t, /* verifier_cred_handle */ 377 gss_buffer_t, /* input_token_buffer */ 378 gss_channel_bindings_t, 379 /* input_chan_bindings */ 380 gss_name_t*, /* src_name */ 381 gss_OID*, /* mech_type */ 382 gss_buffer_t, /* output_token */ 383 OM_uint32*, /* ret_flags */ 384 OM_uint32*, /* time_rec */ 385 gss_cred_id_t* /* delegated_cred_handle */ 386 ); 387 388 OM_uint32 krb5_gss_process_context_token 389 (OM_uint32*, /* minor_status */ 390 gss_ctx_id_t, /* context_handle */ 391 gss_buffer_t /* token_buffer */ 392 ); 393 394 OM_uint32 krb5_gss_delete_sec_context 395 (OM_uint32*, /* minor_status */ 396 gss_ctx_id_t*, /* context_handle */ 397 gss_buffer_t /* output_token */ 398 #ifdef _KERNEL 399 /* */, OM_uint32 /* context verifier */ 400 #endif 401 ); 402 403 OM_uint32 krb5_gss_context_time 404 (OM_uint32*, /* minor_status */ 405 gss_ctx_id_t, /* context_handle */ 406 OM_uint32* /* time_rec */ 407 ); 408 409 OM_uint32 krb5_gss_sign 410 (OM_uint32*, /* minor_status */ 411 gss_ctx_id_t, /* context_handle */ 412 int, /* qop_req */ 413 gss_buffer_t, /* message_buffer */ 414 gss_buffer_t /* message_token */ 415 #ifdef _KERNEL 416 /* */, OM_uint32 /* context verifier */ 417 #endif 418 ); 419 420 OM_uint32 krb5_gss_verify 421 (OM_uint32*, /* minor_status */ 422 gss_ctx_id_t, /* context_handle */ 423 gss_buffer_t, /* message_buffer */ 424 gss_buffer_t, /* token_buffer */ 425 int* /* qop_state */ 426 #ifdef _KERNEL 427 /* */, OM_uint32 /* context verifier */ 428 #endif 429 ); 430 431 /* EXPORT DELETE START */ 432 OM_uint32 krb5_gss_seal 433 (OM_uint32*, /* minor_status */ 434 gss_ctx_id_t, /* context_handle */ 435 int, /* conf_req_flag */ 436 int, /* qop_req */ 437 gss_buffer_t, /* input_message_buffer */ 438 int*, /* conf_state */ 439 gss_buffer_t /* output_message_buffer */ 440 #ifdef _KERNEL 441 /* */, OM_uint32 /* context verifier */ 442 #endif 443 ); 444 445 OM_uint32 krb5_gss_unseal 446 (OM_uint32*, /* minor_status */ 447 gss_ctx_id_t, /* context_handle */ 448 gss_buffer_t, /* input_message_buffer */ 449 gss_buffer_t, /* output_message_buffer */ 450 int*, /* conf_state */ 451 int* /* qop_state */ 452 #ifdef _KERNEL 453 /* */, OM_uint32 /* context verifier */ 454 #endif 455 ); 456 /* EXPORT DELETE END */ 457 458 OM_uint32 krb5_gss_display_status 459 (OM_uint32*, /* minor_status */ 460 OM_uint32, /* status_value */ 461 int, /* status_type */ 462 gss_OID, /* mech_type */ 463 OM_uint32*, /* message_context */ 464 gss_buffer_t /* status_string */ 465 ); 466 467 OM_uint32 krb5_gss_indicate_mechs 468 (OM_uint32*, /* minor_status */ 469 gss_OID_set* /* mech_set */ 470 ); 471 472 OM_uint32 krb5_gss_compare_name 473 (OM_uint32*, /* minor_status */ 474 gss_name_t, /* name1 */ 475 gss_name_t, /* name2 */ 476 int* /* name_equal */ 477 ); 478 479 OM_uint32 krb5_gss_display_name 480 (OM_uint32*, /* minor_status */ 481 gss_name_t, /* input_name */ 482 gss_buffer_t, /* output_name_buffer */ 483 gss_OID* /* output_name_type */ 484 ); 485 486 OM_uint32 krb5_gss_import_name 487 (OM_uint32*, /* minor_status */ 488 gss_buffer_t, /* input_name_buffer */ 489 gss_OID, /* input_name_type */ 490 gss_name_t* /* output_name */ 491 ); 492 493 OM_uint32 krb5_gss_release_name 494 (OM_uint32*, /* minor_status */ 495 gss_name_t* /* input_name */ 496 ); 497 498 OM_uint32 krb5_gss_inquire_cred 499 (OM_uint32 *, /* minor_status */ 500 gss_cred_id_t, /* cred_handle */ 501 gss_name_t *, /* name */ 502 OM_uint32 *, /* lifetime */ 503 gss_cred_usage_t*,/* cred_usage */ 504 gss_OID_set * /* mechanisms */ 505 ); 506 507 OM_uint32 krb5_gss_inquire_context 508 (OM_uint32*, /* minor_status */ 509 gss_ctx_id_t, /* context_handle */ 510 gss_name_t*, /* initiator_name */ 511 gss_name_t*, /* acceptor_name */ 512 OM_uint32*, /* lifetime_rec */ 513 gss_OID*, /* mech_type */ 514 OM_uint32*, /* ret_flags */ 515 int*, /* locally_initiated */ 516 int* /* open */ 517 ); 518 519 /* New V2 entry points */ 520 OM_uint32 krb5_gss_get_mic 521 (OM_uint32 *, /* minor_status */ 522 gss_ctx_id_t, /* context_handle */ 523 gss_qop_t, /* qop_req */ 524 gss_buffer_t, /* message_buffer */ 525 gss_buffer_t /* message_token */ 526 ); 527 528 OM_uint32 krb5_gss_verify_mic 529 (OM_uint32 *, /* minor_status */ 530 gss_ctx_id_t, /* context_handle */ 531 gss_buffer_t, /* message_buffer */ 532 gss_buffer_t, /* message_token */ 533 gss_qop_t * /* qop_state */ 534 ); 535 536 OM_uint32 krb5_gss_wrap 537 (OM_uint32 *, /* minor_status */ 538 gss_ctx_id_t, /* context_handle */ 539 int, /* conf_req_flag */ 540 gss_qop_t, /* qop_req */ 541 gss_buffer_t, /* input_message_buffer */ 542 int *, /* conf_state */ 543 gss_buffer_t /* output_message_buffer */ 544 ); 545 546 OM_uint32 krb5_gss_unwrap 547 (OM_uint32 *, /* minor_status */ 548 gss_ctx_id_t, /* context_handle */ 549 gss_buffer_t, /* input_message_buffer */ 550 gss_buffer_t, /* output_message_buffer */ 551 int *, /* conf_state */ 552 gss_qop_t * /* qop_state */ 553 ); 554 555 OM_uint32 krb5_gss_wrap_size_limit 556 (OM_uint32 *, /* minor_status */ 557 gss_ctx_id_t, /* context_handle */ 558 int, /* conf_req_flag */ 559 gss_qop_t, /* qop_req */ 560 OM_uint32, /* req_output_size */ 561 OM_uint32 * /* max_input_size */ 562 ); 563 564 OM_uint32 krb5_gss_import_name_object 565 (OM_uint32 *, /* minor_status */ 566 void *, /* input_name */ 567 gss_OID, /* input_name_type */ 568 gss_name_t * /* output_name */ 569 ); 570 571 OM_uint32 krb5_gss_export_name_object 572 (OM_uint32 *, /* minor_status */ 573 gss_name_t, /* input_name */ 574 gss_OID, /* desired_name_type */ 575 void * * /* output_name */ 576 ); 577 578 OM_uint32 krb5_gss_add_cred 579 (OM_uint32 *, /* minor_status */ 580 gss_cred_id_t, /* input_cred_handle */ 581 gss_name_t, /* desired_name */ 582 gss_OID, /* desired_mech */ 583 gss_cred_usage_t, /* cred_usage */ 584 OM_uint32, /* initiator_time_req */ 585 OM_uint32, /* acceptor_time_req */ 586 gss_cred_id_t *, /* output_cred_handle */ 587 gss_OID_set *, /* actual_mechs */ 588 OM_uint32 *, /* initiator_time_rec */ 589 OM_uint32 * /* acceptor_time_rec */ 590 ); 591 592 OM_uint32 krb5_gss_inquire_cred_by_mech 593 (OM_uint32 *, /* minor_status */ 594 gss_cred_id_t, /* cred_handle */ 595 gss_OID, /* mech_type */ 596 gss_name_t *, /* name */ 597 OM_uint32 *, /* initiator_lifetime */ 598 OM_uint32 *, /* acceptor_lifetime */ 599 gss_cred_usage_t * /* cred_usage */ 600 ); 601 602 OM_uint32 krb5_gss_export_sec_context 603 (OM_uint32 *, /* minor_status */ 604 gss_ctx_id_t *, /* context_handle */ 605 gss_buffer_t /* interprocess_token */ 606 ); 607 608 OM_uint32 krb5_gss_import_sec_context 609 (OM_uint32 *, /* minor_status */ 610 gss_buffer_t, /* interprocess_token */ 611 gss_ctx_id_t * /* context_handle */ 612 /* Note no _KERNEL context verifier */ 613 ); 614 615 krb5_error_code krb5_gss_ser_init(krb5_context); 616 617 OM_uint32 krb5_gss_release_oid 618 (OM_uint32 *, /* minor_status */ 619 gss_OID * /* oid */ 620 ); 621 622 OM_uint32 krb5_gss_internal_release_oid 623 (OM_uint32 *, /* minor_status */ 624 gss_OID * /* oid */ 625 ); 626 627 OM_uint32 krb5_gss_inquire_names_for_mech 628 (OM_uint32 *, /* minor_status */ 629 gss_OID, /* mechanism */ 630 gss_OID_set * /* name_types */ 631 ); 632 633 /* SUNW15resync - XXX nullify? */ 634 OM_uint32 krb5_gss_canonicalize_name 635 (OM_uint32 *, /* minor_status */ 636 const gss_name_t, /* input_name */ 637 const gss_OID, /* mech_type */ 638 gss_name_t * /* output_name */ 639 ); 640 641 OM_uint32 krb5_gss_export_name 642 (OM_uint32 *, /* minor_status */ 643 const gss_name_t, /* input_name */ 644 gss_buffer_t /* exported_name */ 645 ); 646 647 OM_uint32 krb5_gss_duplicate_name 648 (OM_uint32 *, /* minor_status */ 649 const gss_name_t, /* input_name */ 650 gss_name_t * /* dest_name */ 651 ); 652 653 OM_uint32 krb5_gss_validate_cred 654 (OM_uint32 *, /* minor_status */ 655 gss_cred_id_t /* cred */ 656 ); 657 658 OM_uint32 659 krb5_gss_validate_cred_1(OM_uint32 * /* minor_status */, 660 gss_cred_id_t /* cred_handle */, 661 krb5_context /* context */); 662 663 gss_OID krb5_gss_convert_static_mech_oid(gss_OID oid); 664 665 krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context, 666 krb5_gss_ctx_id_rec *, 667 const gss_buffer_desc *, 668 gss_buffer_t, 669 int, int); 670 671 OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr, 672 OM_uint32 *minor_status, 673 krb5_gss_ctx_id_rec *ctx, 674 unsigned char *ptr, int bodysize, 675 gss_buffer_t message_buffer, 676 int *conf_state, int *qop_state, 677 int toktype); 678 679 /* 680 * SUNW15resync 681 * Solaris specific interfaces start 682 */ 683 684 OM_uint32 krb5_gss_store_cred ( 685 OM_uint32 *, /* minor_status */ 686 const gss_cred_id_t, /* input_cred */ 687 gss_cred_usage_t, /* cred_usage */ 688 const gss_OID, /* desired_mech */ 689 OM_uint32, /* overwrite_cred */ 690 OM_uint32, /* default_cred */ 691 gss_OID_set *, /* elements_stored */ 692 gss_cred_usage_t * /* cred_usage_stored */ 693 ); 694 695 OM_uint32 krb5_pname_to_uid( 696 OM_uint32 *, /* minor status */ 697 const gss_name_t, /* pname */ 698 uid_t * /* uidOUt */ 699 ); 700 701 OM_uint32 krb5_gss_userok( 702 OM_uint32 *, /* minor status */ 703 const gss_name_t, /* remote user principal name */ 704 const char *, /* local unix user name */ 705 int * /* remote user ok to login w/out pw? */ 706 ); 707 708 709 /* 710 * SUNW15resync 711 * Solaris specific interfaces end 712 */ 713 714 715 /* 716 * These take unglued krb5-mech-specific contexts. 717 */ 718 719 #define GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH 11 720 #define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01" 721 722 #ifndef _KERNEL 723 OM_uint32 gss_krb5int_get_tkt_flags 724 (OM_uint32 *minor_status, 725 const gss_ctx_id_t context_handle, 726 const gss_OID desired_object, 727 gss_buffer_set_t *data_set); 728 729 730 OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache 731 (OM_uint32 *minor_status, 732 gss_cred_id_t cred_handle, 733 krb5_ccache out_ccache); 734 735 #define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH 11 736 #define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04" 737 738 struct krb5_gss_set_allowable_enctypes_req { 739 OM_uint32 num_ktypes; 740 krb5_enctype *ktypes; 741 }; 742 743 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11 744 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" 745 746 OM_uint32 747 gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *); 748 749 OM_uint32 KRB5_CALLCONV 750 gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, 751 gss_cred_id_t cred, 752 OM_uint32 num_ktypes, 753 krb5_enctype *ktypes); 754 755 #endif /* _KERNEL */ 756 757 #if 0 758 /* 759 * SUNW17PACresync 760 * These two functions not needed yet, revisit for full 1.7 resync. 761 */ 762 OM_uint32 KRB5_CALLCONV 763 gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, 764 gss_cred_id_t cred, 765 const gss_OID desired_oid, 766 const gss_buffer_t value); 767 768 OM_uint32 KRB5_CALLCONV 769 gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status, 770 gss_ctx_id_t *context_handle, 771 OM_uint32 version, 772 void **kctx); 773 #endif 774 775 #ifndef _KERNEL 776 #define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH 11 777 #define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06" 778 779 OM_uint32 780 gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status, 781 const gss_ctx_id_t context_handle, 782 const gss_OID desired_object, 783 gss_buffer_set_t *data_set); 784 785 #define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH 11 786 #define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07" 787 788 OM_uint32 789 gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID, 790 const gss_OID, gss_buffer_t); 791 792 793 extern k5_mutex_t kg_kdc_flag_mutex; 794 krb5_error_code krb5_gss_init_context (krb5_context *ctxp); 795 796 797 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11 798 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" 799 800 OM_uint32 801 gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *); 802 803 804 #define GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH 11 805 #define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08" 806 807 OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID, 808 const gss_OID, gss_buffer_t); 809 810 krb5_error_code krb5_gss_use_kdc_context(void); 811 812 #define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH 11 813 #define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09" 814 815 OM_uint32 816 gss_krb5int_register_acceptor_identity(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t); 817 818 #define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 11 819 #define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0a" 820 821 OM_uint32 822 gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status, 823 const gss_ctx_id_t context_handle, 824 const gss_OID desired_object, 825 gss_buffer_set_t *ad_data); 826 827 #define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11 828 #define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b" 829 830 OM_uint32 831 gss_krb5int_set_cred_rcache(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss_buffer_t); 832 833 #define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11 834 #define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c" 835 836 OM_uint32 837 gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *, 838 const gss_ctx_id_t, 839 const gss_OID, 840 gss_buffer_set_t *); 841 #endif /* _KERNEL */ 842 843 OM_uint32 gss_krb5int_initialize_library(void); 844 void gss_krb5int_cleanup_library(void); 845 846 /* For error message handling. */ 847 /* Returns a shared string, not a private copy! */ 848 extern char * 849 krb5_gss_get_error_message(OM_uint32 minor_code); 850 extern void 851 krb5_gss_save_error_string(OM_uint32 minor_code, char *msg); 852 extern void 853 krb5_gss_save_error_message(OM_uint32 minor_code, const char *format, ...) 854 #if !defined(__cplusplus) && (__GNUC__ > 2) 855 __attribute__((__format__(__printf__, 2, 3))) 856 #endif 857 ; 858 extern void 859 krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx); 860 #define get_error_message krb5_gss_get_error_message 861 #define save_error_string krb5_gss_save_error_string 862 #define save_error_message krb5_gss_save_error_message 863 864 865 /* Solaris Kerberos */ 866 #ifdef _KERNEL 867 #define save_error_info(m, ctx) 868 #else 869 #define save_error_info krb5_gss_save_error_info 870 #endif 871 872 extern void krb5_gss_delete_error_info(void *p); 873 874 /* Prefix concatenated with Kerberos encryption type */ 875 #define GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH 10 876 #define GSS_KRB5_SESSION_KEY_ENCTYPE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04" 877 878 #endif /* _GSSAPIP_KRB5_H_ */ 879