xref: /titanic_44/usr/src/lib/libsmbfs/smb/spnego.h (revision 7014882c6a3672fd0e5d60200af8643ae53c5928)
1 // Copyright (C) 2002 Microsoft Corporation
2 // All rights reserved.
3 //
4 // THIS CODE AND INFORMATION IS PROVIDED "AS IS"
5 // WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
6 // OR IMPLIED, INCLUDING BUT NOT LIMITED
7 // TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY
8 // AND/OR FITNESS FOR A PARTICULAR PURPOSE.
9 //
10 // Date    - 10/08/2002
11 // Author  - Sanj Surati
12 
13 /////////////////////////////////////////////////////////////
14 //
15 // SPNEGO.H
16 //
17 // SPNEGO Token Handler Header File
18 //
19 // Contains the definitions required to interpret and create
20 // SPNEGO tokens so that Kerberos GSS tokens can be
21 // Unpackaged/packaged.
22 //
23 /////////////////////////////////////////////////////////////
24 
25 #pragma ident	"%Z%%M%	%I%	%E% SMI"
26 
27 #ifndef __SPNEGO_H__
28 #define __SPNEGO_H__
29 
30 // C++ Specific
31 #if defined(__cplusplus)
32 extern "C"
33 {
34 #endif
35 
36 // Type Definitions
37 
38 //
39 // Users of SPNEGO Token Handler API will request
40 // these as well as free them,
41 //
42 typedef void*  SPNEGO_TOKEN_HANDLE;
43 
44 //
45 // Defines the element types that are found
46 // in each of the tokens.
47 //
48 
49 typedef enum spnego_element_type
50 {
51    spnego_element_min,  // Lower bound
52 
53    // Init token elements
54    spnego_init_mechtypes,
55    spnego_init_reqFlags,
56    spnego_init_mechToken,
57    spnego_init_mechListMIC,
58 
59    // Targ token elements
60    spnego_targ_negResult,
61    spnego_targ_supportedMech,
62    spnego_targ_responseToken,
63    spnego_targ_mechListMIC,
64 
65    spnego_element_max   // Upper bound
66 
67 } SPNEGO_ELEMENT_TYPE;
68 
69 //
70 // Token Element Availability.  Elements in both
71 // token types are optional.  Since there are only
72 // 4 elements in each Token, we will allocate space
73 // to hold the information, but we need a way to
74 // indicate whether or not an element is available
75 //
76 
77 #define SPNEGO_TOKEN_ELEMENT_UNAVAILABLE 0
78 #define SPNEGO_TOKEN_ELEMENT_AVAILABLE 1
79 
80 //
81 // Token type values.  SPNEGO has 2 token types:
82 // NegTokenInit and NegTokenTarg
83 //
84 
85 #define SPNEGO_TOKEN_INIT 0
86 #define SPNEGO_TOKEN_TARG 1
87 
88 //
89 // GSS Mechanism OID enumeration.  We only really handle
90 // 3 different OIDs.  These are stored in an array structure
91 // defined in the parsing code.
92 //
93 
94 typedef enum spnego_mech_oid
95 {
96    // Init token elements
97    spnego_mech_oid_Kerberos_V5_Legacy, // Really V5, but OID off by 1 bit
98    spnego_mech_oid_Kerberos_V5,
99    spnego_mech_oid_Spnego,
100    spnego_mech_oid_NTLMSSP,
101    spnego_mech_oid_NotUsed = -1
102 
103 } SPNEGO_MECH_OID;
104 
105 //
106 // Defines the negResult values.
107 //
108 
109 typedef enum spnego_negResult
110 {
111    spnego_negresult_success,
112    spnego_negresult_incomplete,
113    spnego_negresult_rejected,
114    spnego_negresult_NotUsed = -1
115 } SPNEGO_NEGRESULT;
116 
117 //
118 // Context Flags in NegTokenInit
119 //
120 
121 //
122 // ContextFlags values MUST be zero or a combination
123 // of the below
124 //
125 
126 #define SPNEGO_NEGINIT_CONTEXT_DELEG_FLAG    0x80
127 #define SPNEGO_NEGINIT_CONTEXT_MUTUAL_FLAG   0x40
128 #define SPNEGO_NEGINIT_CONTEXT_REPLAY_FLAG   0x20
129 #define SPNEGO_NEGINIT_CONTEXT_SEQUENCE_FLAG 0x10
130 #define SPNEGO_NEGINIT_CONTEXT_ANON_FLAG     0x8
131 #define SPNEGO_NEGINIT_CONTEXT_CONF_FLAG     0x4
132 #define SPNEGO_NEGINIT_CONTEXT_INTEG_FLAG    0x2
133 
134 //
135 // Mask to retrieve valid values.
136 //
137 
138 #define SPNEGO_NEGINIT_CONTEXT_MASK          0xFE  // Logical combination of above flags
139 
140 //
141 // SPNEGO API return codes.
142 //
143 
144 // API function was successful
145 #define SPNEGO_E_SUCCESS               0
146 
147 // The supplied Token was invalid
148 #define SPNEGO_E_INVALID_TOKEN         -1
149 
150 // An invalid length was encountered
151 #define SPNEGO_E_INVALID_LENGTH        -2
152 
153 // The Token Parse failed
154 #define SPNEGO_E_PARSE_FAILED          -3
155 
156 // The requested value was not found
157 #define SPNEGO_E_NOT_FOUND             -4
158 
159 // The requested element is not available
160 #define SPNEGO_E_ELEMENT_UNAVAILABLE   -5
161 
162 // Out of Memory
163 #define SPNEGO_E_OUT_OF_MEMORY         -6
164 
165 // Not Implemented
166 #define SPNEGO_E_NOT_IMPLEMENTED       -7
167 
168 // Invalid Parameter
169 #define SPNEGO_E_INVALID_PARAMETER     -8
170 
171 // Token Handler encountered an unexpected OID
172 #define SPNEGO_E_UNEXPECTED_OID        -9
173 
174 // The requested token was not found
175 #define SPNEGO_E_TOKEN_NOT_FOUND       -10
176 
177 // An unexpected type was encountered in the encoding
178 #define SPNEGO_E_UNEXPECTED_TYPE       -11
179 
180 // The buffer was too small
181 #define SPNEGO_E_BUFFER_TOO_SMALL      -12
182 
183 // A Token Element was invalid (e.g. improper length or value)
184 #define SPNEGO_E_INVALID_ELEMENT       -13
185 
186 /* Miscelaneous API Functions */
187 
188 // Frees opaque data
189 void spnegoFreeData( SPNEGO_TOKEN_HANDLE hSpnegoToken );
190 
191 // Initializes SPNEGO_TOKEN structure from DER encoded binary data
192 int spnegoInitFromBinary( unsigned char* pbTokenData, unsigned long ulLength, SPNEGO_TOKEN_HANDLE* phSpnegoToken );
193 
194 // Initializes SPNEGO_TOKEN structure for a NegTokenInit type using the
195 // supplied parameters
196 int spnegoCreateNegTokenInit( SPNEGO_MECH_OID MechType,
197           unsigned char ucContextFlags, unsigned char* pbMechToken,
198           unsigned long ulMechTokenLen, unsigned char* pbMechTokenMIC,
199           unsigned long ulMechTokenMIC, SPNEGO_TOKEN_HANDLE* phSpnegoToken );
200 
201 // Initializes SPNEGO_TOKEN structure for a NegTokenTarg type using the
202 // supplied parameters
203 int spnegoCreateNegTokenTarg( SPNEGO_MECH_OID MechType,
204           SPNEGO_NEGRESULT spnegoNegResult, unsigned char* pbMechToken,
205           unsigned long ulMechTokenLen, unsigned char* pbMechListMIC,
206           unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE* phSpnegoToken );
207 
208 // Copies binary representation of SPNEGO Data into user supplied buffer
209 int spnegoTokenGetBinary( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbTokenData,
210                            unsigned long * pulDataLen );
211 
212 // Returns SPNEGO Token Type
213 int spnegoGetTokenType( SPNEGO_TOKEN_HANDLE hSpnegoToken, int * piTokenType );
214 
215 /* Reading an Init Token */
216 
217 // Returns the Initial Mech Type in the MechList element in the NegInitToken.
218 int spnegoIsMechTypeAvailable( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID MechOID, int * piMechTypeIndex );
219 
220 // Returns the value from the context flags element in the NegInitToken as an unsigned long
221 int spnegoGetContextFlags( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pucContextFlags );
222 
223 /* Reading a Response Token */
224 
225 // Returns the value from the negResult element (Status code of GSS call - 0,1,2)
226 int spnegoGetNegotiationResult( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_NEGRESULT* pnegResult );
227 
228 // Returns the Supported Mech Type from the NegTokenTarg.
229 int spnegoGetSupportedMechType( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID* pMechOID  );
230 
231 /* Reading either Token Type */
232 
233 // Returns the actual Mechanism data from the token (this is what is passed into GSS-API functions
234 int spnegoGetMechToken( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbTokenData, unsigned long* pulDataLen );
235 
236 // Returns the Message Integrity BLOB in the token
237 int spnegoGetMechListMIC( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbMICData, unsigned long* pulDataLen );
238 
239 // C++ Specific
240 #if defined(__cplusplus)
241 }
242 #endif
243 
244 #endif
245