gssapi_krb5.h���������������������������������������������������������������������������������������0000644�����������������00000027045�14751151324�0007141 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
* Permission to use, copy, modify, distribute, and sell this software
* and its documentation for any purpose is hereby granted without fee,
* provided that the above copyright notice appears in all copies and
* that both that copyright notice and this permission notice appear in
* supporting documentation, and that the name of OpenVision not be used
* in advertising or publicity pertaining to distribution of the software
* without specific, written prior permission. OpenVision makes no
* representations about the suitability of this software for any
* purpose. It is provided "as is" without express or implied warranty.
*
* OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
* EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _GSSAPI_KRB5_H_
#define _GSSAPI_KRB5_H_
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>
#include <krb5.h>
#include <stdint.h>
/* C++ friendlyness */
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/* Reserved static storage for GSS_oids. See rfc 1964 for more details. */
/* 2.1.1. Kerberos Principal Name Form: */
GSS_DLLIMP extern const gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
/* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* krb5(2) krb5_name(1)}. The recommended symbolic name for this type
* is "GSS_KRB5_NT_PRINCIPAL_NAME". */
/* 2.1.2. Host-Based Service Name Form */
#define GSS_KRB5_NT_HOSTBASED_SERVICE_NAME GSS_C_NT_HOSTBASED_SERVICE
/* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) service_name(4)}. The previously recommended symbolic
* name for this type is "GSS_KRB5_NT_HOSTBASED_SERVICE_NAME". The
* currently preferred symbolic name for this type is
* "GSS_C_NT_HOSTBASED_SERVICE". */
/* 2.2.1. User Name Form */
#define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME
/* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) user_name(1)}. The recommended symbolic name for this
* type is "GSS_KRB5_NT_USER_NAME". */
/* 2.2.2. Machine UID Form */
#define GSS_KRB5_NT_MACHINE_UID_NAME GSS_C_NT_MACHINE_UID_NAME
/* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) machine_uid_name(2)}. The recommended symbolic name for
* this type is "GSS_KRB5_NT_MACHINE_UID_NAME". */
/* 2.2.3. String UID Form */
#define GSS_KRB5_NT_STRING_UID_NAME GSS_C_NT_STRING_UID_NAME
/* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) string_uid_name(3)}. The recommended symbolic name for
* this type is "GSS_KRB5_NT_STRING_UID_NAME". */
/* Kerberos Enterprise Name Form (see RFC 6806 section 5): */
GSS_DLLIMP extern const gss_OID GSS_KRB5_NT_ENTERPRISE_NAME;
/* {iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* krb5(2) krb5-enterprise-name(6)}. */
GSS_DLLIMP extern const gss_OID gss_mech_krb5;
GSS_DLLIMP extern const gss_OID gss_mech_krb5_old;
GSS_DLLIMP extern const gss_OID gss_mech_krb5_wrong;
GSS_DLLIMP extern const gss_OID gss_mech_iakerb;
GSS_DLLIMP extern const gss_OID_set gss_mech_set_krb5;
GSS_DLLIMP extern const gss_OID_set gss_mech_set_krb5_old;
GSS_DLLIMP extern const gss_OID_set gss_mech_set_krb5_both;
GSS_DLLIMP extern const gss_OID gss_nt_krb5_name;
GSS_DLLIMP extern const gss_OID gss_nt_krb5_principal;
GSS_DLLIMP extern const gss_OID_desc krb5_gss_oid_array[];
/*
* This OID can be used with gss_set_cred_option() to suppress the
* confidentiality and integrity flags from being asserted in initial context
* tokens.
*
* iso(1) member-body(2) Sweden(752) Stockholm University(43) Heimdal GSS-API
* Extensions(13) no_ci_flags(29)
*/
GSS_DLLIMP extern const gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X;
/*
* This OID can be used with gss_inquire_cred_by_oid(0 to retrieve the
* impersonator name (if any).
*
* iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* krb5(2) krb5-gssapi-ext(5) get-cred-impersonator(14)
*/
GSS_DLLIMP extern const gss_OID GSS_KRB5_GET_CRED_IMPERSONATOR;
#define gss_krb5_nt_general_name gss_nt_krb5_name
#define gss_krb5_nt_principal gss_nt_krb5_principal
#define gss_krb5_nt_service_name gss_nt_service_name
#define gss_krb5_nt_user_name gss_nt_user_name
#define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name
#define gss_krb5_nt_string_uid_name gss_nt_string_uid_name
typedef struct gss_krb5_lucid_key {
OM_uint32 type; /* key encryption type */
OM_uint32 length; /* length of key data */
void * data; /* actual key data */
} gss_krb5_lucid_key_t;
typedef struct gss_krb5_rfc1964_keydata {
OM_uint32 sign_alg; /* signing algorthm */
OM_uint32 seal_alg; /* seal/encrypt algorithm */
gss_krb5_lucid_key_t ctx_key;
/* Context key
(Kerberos session key or subkey) */
} gss_krb5_rfc1964_keydata_t;
typedef struct gss_krb5_cfx_keydata {
OM_uint32 have_acceptor_subkey;
/* 1 if there is an acceptor_subkey
present, 0 otherwise */
gss_krb5_lucid_key_t ctx_key;
/* Context key
(Kerberos session key or subkey) */
gss_krb5_lucid_key_t acceptor_subkey;
/* acceptor-asserted subkey or
0's if no acceptor subkey */
} gss_krb5_cfx_keydata_t;
typedef struct gss_krb5_lucid_context_v1 {
OM_uint32 version; /* Structure version number (1)
MUST be at beginning of struct! */
OM_uint32 initiate; /* Are we the initiator? */
OM_uint32 endtime; /* expiration time of context */
uint64_t send_seq; /* sender sequence number */
uint64_t recv_seq; /* receive sequence number */
OM_uint32 protocol; /* 0: rfc1964,
1: draft-ietf-krb-wg-gssapi-cfx-07 */
/*
* if (protocol == 0) rfc1964_kd should be used
* and cfx_kd contents are invalid and should be zero
* if (protocol == 1) cfx_kd should be used
* and rfc1964_kd contents are invalid and should be zero
*/
gss_krb5_rfc1964_keydata_t rfc1964_kd;
gss_krb5_cfx_keydata_t cfx_kd;
} gss_krb5_lucid_context_v1_t;
/*
* Mask for determining the version of a lucid context structure. Callers
* should not require this.
*/
typedef struct gss_krb5_lucid_context_version {
OM_uint32 version; /* Structure version number */
} gss_krb5_lucid_context_version_t;
/* Alias for Heimdal compat. */
#define gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity
OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *);
OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags(
OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
krb5_flags *ticket_flags);
/*
* Copy krb5 creds from cred_handle into out_ccache, which must already be
* initialized. Use gss_store_cred_into() (new in krb5 1.11) instead, if
* possible.
*/
OM_uint32 KRB5_CALLCONV gss_krb5_copy_ccache(
OM_uint32 *minor_status,
gss_cred_id_t cred_handle,
krb5_ccache out_ccache);
OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name(
OM_uint32 *minor_status, const char *name,
const char **out_name);
/*
* gss_krb5_set_allowable_enctypes
*
* This function may be called by a context initiator after calling
* gss_acquire_cred(), but before calling gss_init_sec_context(),
* to restrict the set of enctypes which will be negotiated during
* context establishment to those in the provided array.
*
* 'cred' must be a valid credential handle obtained via
* gss_acquire_cred(). It may not be GSS_C_NO_CREDENTIAL.
* gss_acquire_cred() may have been called to get a handle to
* the default credential.
*
* The purpose of this function is to limit the keys that may
* be exported via gss_krb5_export_lucid_sec_context(); thus it
* should limit the enctypes of all keys that will be needed
* after the security context has been established.
* (i.e. context establishment may use a session key with a
* stronger enctype than in the provided array, however a
* subkey must be established within the enctype limits
* established by this function.)
*
*/
OM_uint32 KRB5_CALLCONV
gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
gss_cred_id_t cred,
OM_uint32 num_ktypes,
krb5_enctype *ktypes);
/*
* Returns a non-opaque (lucid) version of the internal context
* information.
*
* Note that context_handle must not be used again by the caller
* after this call. The GSS implementation is free to release any
* resources associated with the original context. It is up to the
* GSS implementation whether it returns pointers to existing data,
* or copies of the data. The caller should treat the returned
* lucid context as read-only.
*
* The caller must call gss_krb5_free_lucid_context() to free
* the context and allocated resources when it is finished with it.
*
* 'version' is an integer indicating the requested version of the lucid
* context. If the implementation does not understand the requested version,
* it will return an error.
*
* For example:
* void *return_ctx;
* gss_krb5_lucid_context_v1_t *ctx;
* OM_uint32 min_stat, maj_stat;
* OM_uint32 vers;
* gss_ctx_id_t *ctx_handle;
*
* maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
* ctx_handle, 1, &return_ctx);
* // Verify success
* ctx = (gss_krb5_lucid_context_v1_t *) return_ctx;
*/
OM_uint32 KRB5_CALLCONV
gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
OM_uint32 version,
void **kctx);
/*
* Frees the allocated storage associated with an
* exported struct gss_krb5_lucid_context.
*/
OM_uint32 KRB5_CALLCONV
gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
void *kctx);
OM_uint32 KRB5_CALLCONV
gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
int ad_type,
gss_buffer_t ad_data);
OM_uint32 KRB5_CALLCONV
gss_krb5_set_cred_rcache(OM_uint32 *minor_status,
gss_cred_id_t cred,
krb5_rcache rcache);
OM_uint32 KRB5_CALLCONV
gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, krb5_timestamp *);
OM_uint32 KRB5_CALLCONV
gss_krb5_import_cred(OM_uint32 *minor_status,
krb5_ccache id,
krb5_principal keytab_principal,
krb5_keytab keytab,
gss_cred_id_t *cred);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* _GSSAPI_KRB5_H_ */
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gssapi.h��������������������������������������������������������������������������������������������0000644�����������������00000072405�14751151324�0006216 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* This is the gssapi.h prologue. */
/* no xom.h */
/* End of gssapi.h prologue. */
/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
* Permission to use, copy, modify, distribute, and sell this software
* and its documentation for any purpose is hereby granted without fee,
* provided that the above copyright notice appears in all copies and
* that both that copyright notice and this permission notice appear in
* supporting documentation, and that the name of OpenVision not be used
* in advertising or publicity pertaining to distribution of the software
* without specific, written prior permission. OpenVision makes no
* representations about the suitability of this software for any
* purpose. It is provided "as is" without express or implied warranty.
*
* OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
* EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _GSSAPI_H_
#define _GSSAPI_H_
/*
* Determine platform-dependent configuration.
*/
#if defined(__MACH__) && defined(__APPLE__)
# include <TargetConditionals.h>
# if TARGET_RT_MAC_CFM
# error "Use KfM 4.0 SDK headers for CFM compilation."
# endif
#endif
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#if defined(TARGET_OS_MAC) && TARGET_OS_MAC
# pragma pack(push,2)
#endif
#if defined(_MSDOS) || defined(_WIN32)
#include <win-mac.h>
#endif
#ifndef KRB5_CALLCONV
#define KRB5_CALLCONV
#define KRB5_CALLCONV_C
#endif
#include <stdint.h>
/*
* First, include stddef.h to get size_t defined.
*/
#include <stddef.h>
/*
* POSIX says that sys/types.h is where size_t is defined.
*/
#include <sys/types.h>
/*
* $Id$
*/
/*
* First, define the three platform-dependent pointer types.
*/
struct gss_name_struct;
typedef struct gss_name_struct * gss_name_t;
struct gss_cred_id_struct;
typedef struct gss_cred_id_struct * gss_cred_id_t;
struct gss_ctx_id_struct;
typedef struct gss_ctx_id_struct * gss_ctx_id_t;
/*
* The following type must be defined as the smallest natural unsigned integer
* supported by the platform that has at least 32 bits of precision.
*/
typedef uint32_t gss_uint32;
typedef int32_t gss_int32;
#ifdef OM_STRING
/*
* We have included the xom.h header file. Use the definition for
* OM_object identifier.
*/
typedef OM_object_identifier gss_OID_desc, *gss_OID;
#else /* OM_STRING */
/*
* We can't use X/Open definitions, so roll our own.
*/
typedef gss_uint32 OM_uint32;
typedef struct gss_OID_desc_struct {
OM_uint32 length;
void *elements;
} gss_OID_desc, *gss_OID;
#endif /* OM_STRING */
typedef struct gss_OID_set_desc_struct {
size_t count;
gss_OID elements;
} gss_OID_set_desc, *gss_OID_set;
typedef struct gss_buffer_desc_struct {
size_t length;
void *value;
} gss_buffer_desc, *gss_buffer_t;
typedef struct gss_channel_bindings_struct {
OM_uint32 initiator_addrtype;
gss_buffer_desc initiator_address;
OM_uint32 acceptor_addrtype;
gss_buffer_desc acceptor_address;
gss_buffer_desc application_data;
} *gss_channel_bindings_t;
/*
* For now, define a QOP-type as an OM_uint32 (pending resolution of ongoing
* discussions).
*/
typedef OM_uint32 gss_qop_t;
typedef int gss_cred_usage_t;
/*
* Flag bits for context-level services.
*/
#define GSS_C_DELEG_FLAG 1
#define GSS_C_MUTUAL_FLAG 2
#define GSS_C_REPLAY_FLAG 4
#define GSS_C_SEQUENCE_FLAG 8
#define GSS_C_CONF_FLAG 16
#define GSS_C_INTEG_FLAG 32
#define GSS_C_ANON_FLAG 64
#define GSS_C_PROT_READY_FLAG 128
#define GSS_C_TRANS_FLAG 256
#define GSS_C_DELEG_POLICY_FLAG 32768
/*
* Credential usage options
*/
#define GSS_C_BOTH 0
#define GSS_C_INITIATE 1
#define GSS_C_ACCEPT 2
/*
* Status code types for gss_display_status
*/
#define GSS_C_GSS_CODE 1
#define GSS_C_MECH_CODE 2
/*
* The constant definitions for channel-bindings address families
*/
#define GSS_C_AF_UNSPEC 0
#define GSS_C_AF_LOCAL 1
#define GSS_C_AF_INET 2
#define GSS_C_AF_IMPLINK 3
#define GSS_C_AF_PUP 4
#define GSS_C_AF_CHAOS 5
#define GSS_C_AF_NS 6
#define GSS_C_AF_NBS 7
#define GSS_C_AF_ECMA 8
#define GSS_C_AF_DATAKIT 9
#define GSS_C_AF_CCITT 10
#define GSS_C_AF_SNA 11
#define GSS_C_AF_DECnet 12
#define GSS_C_AF_DLI 13
#define GSS_C_AF_LAT 14
#define GSS_C_AF_HYLINK 15
#define GSS_C_AF_APPLETALK 16
#define GSS_C_AF_BSC 17
#define GSS_C_AF_DSS 18
#define GSS_C_AF_OSI 19
#define GSS_C_AF_NETBIOS 20
#define GSS_C_AF_X25 21
#define GSS_C_AF_NULLADDR 255
/*
* Various Null values.
*/
#define GSS_C_NO_NAME ((gss_name_t) 0)
#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
#define GSS_C_NO_OID ((gss_OID) 0)
#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
#define GSS_C_EMPTY_BUFFER {0, NULL}
/*
* Some alternate names for a couple of the above values. These are defined
* for V1 compatibility.
*/
#define GSS_C_NULL_OID GSS_C_NO_OID
#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
/*
* Define the default Quality of Protection for per-message services. Note
* that an implementation that offers multiple levels of QOP may either reserve
* a value (for example zero, as assumed here) to mean "default protection", or
* alternatively may simply equate GSS_C_QOP_DEFAULT to a specific explicit
* QOP value. However a value of 0 should always be interpreted by a GSSAPI
* implementation as a request for the default protection level.
*/
#define GSS_C_QOP_DEFAULT 0
/*
* Expiration time of 2^32-1 seconds means infinite lifetime for a
* credential or security context
*/
#define GSS_C_INDEFINITE ((OM_uint32) 0xfffffffful)
/* Major status codes */
#define GSS_S_COMPLETE 0
/*
* Some "helper" definitions to make the status code macros obvious.
*/
#define GSS_C_CALLING_ERROR_OFFSET 24
#define GSS_C_ROUTINE_ERROR_OFFSET 16
#define GSS_C_SUPPLEMENTARY_OFFSET 0
#define GSS_C_CALLING_ERROR_MASK ((OM_uint32) 0377ul)
#define GSS_C_ROUTINE_ERROR_MASK ((OM_uint32) 0377ul)
#define GSS_C_SUPPLEMENTARY_MASK ((OM_uint32) 0177777ul)
/*
* The macros that test status codes for error conditions. Note that the
* GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now
* evaluates its argument only once.
*/
#define GSS_CALLING_ERROR(x) \
((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
#define GSS_ROUTINE_ERROR(x) \
((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
#define GSS_SUPPLEMENTARY_INFO(x) \
((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
#define GSS_ERROR(x) \
((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
(GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
/*
* Now the actual status code definitions
*/
/*
* Calling errors:
*/
#define GSS_S_CALL_INACCESSIBLE_READ \
(((OM_uint32) 1ul) << GSS_C_CALLING_ERROR_OFFSET)
#define GSS_S_CALL_INACCESSIBLE_WRITE \
(((OM_uint32) 2ul) << GSS_C_CALLING_ERROR_OFFSET)
#define GSS_S_CALL_BAD_STRUCTURE \
(((OM_uint32) 3ul) << GSS_C_CALLING_ERROR_OFFSET)
/*
* Routine errors:
*/
#define GSS_S_BAD_MECH (((OM_uint32) 1ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_NAME (((OM_uint32) 2ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_NAMETYPE (((OM_uint32) 3ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_BINDINGS (((OM_uint32) 4ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_STATUS (((OM_uint32) 5ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_SIG (((OM_uint32) 6ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_MIC GSS_S_BAD_SIG
#define GSS_S_NO_CRED (((OM_uint32) 7ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_NO_CONTEXT (((OM_uint32) 8ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_DEFECTIVE_TOKEN (((OM_uint32) 9ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_DEFECTIVE_CREDENTIAL \
(((OM_uint32) 10ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_CREDENTIALS_EXPIRED \
(((OM_uint32) 11ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_CONTEXT_EXPIRED \
(((OM_uint32) 12ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_FAILURE (((OM_uint32) 13ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_QOP (((OM_uint32) 14ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_UNAUTHORIZED (((OM_uint32) 15ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_UNAVAILABLE (((OM_uint32) 16ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_DUPLICATE_ELEMENT \
(((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_NAME_NOT_MN \
(((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_MECH_ATTR \
(((OM_uint32) 19ul) << GSS_C_ROUTINE_ERROR_OFFSET)
/*
* Supplementary info bits:
*/
#define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
#define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
#define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
#define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
#define GSS_S_GAP_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
/*
* Finally, function prototypes for the GSSAPI routines.
*/
#if defined (_WIN32) && defined (_MSC_VER)
# ifdef GSS_DLL_FILE
# define GSS_DLLIMP __declspec(dllexport)
# else
# define GSS_DLLIMP __declspec(dllimport)
# endif
#else
# define GSS_DLLIMP
#endif
/* Reserved static storage for GSS_oids. Comments are quotes from RFC 2744.
*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"},
* corresponding to an object-identifier value of
* {iso(1) member-body(2) United States(840) mit(113554)
* infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
* GSS_C_NT_USER_NAME should be initialized to point
* to that gss_OID_desc.
*/
GSS_DLLIMP extern gss_OID GSS_C_NT_USER_NAME;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"},
* corresponding to an object-identifier value of
* {iso(1) member-body(2) United States(840) mit(113554)
* infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
* The constant GSS_C_NT_MACHINE_UID_NAME should be
* initialized to point to that gss_OID_desc.
*/
GSS_DLLIMP extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"},
* corresponding to an object-identifier value of
* {iso(1) member-body(2) United States(840) mit(113554)
* infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
* The constant GSS_C_NT_STRING_UID_NAME should be
* initialized to point to that gss_OID_desc.
*/
GSS_DLLIMP extern gss_OID GSS_C_NT_STRING_UID_NAME;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
* corresponding to an object-identifier value of
* {iso(1) org(3) dod(6) internet(1) security(5)
* nametypes(6) gss-host-based-services(2)). The constant
* GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
* to that gss_OID_desc. This is a deprecated OID value, and
* implementations wishing to support hostbased-service names
* should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
* defined below, to identify such names;
* GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
* for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
* parameter, but should not be emitted by GSS-API
* implementations
*/
GSS_DLLIMP extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
* "\x01\x02\x01\x04"}, corresponding to an
* object-identifier value of {iso(1) member-body(2)
* Unites States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) service_name(4)}. The constant
* GSS_C_NT_HOSTBASED_SERVICE should be initialized
* to point to that gss_OID_desc.
*/
GSS_DLLIMP extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {6, (void *)"\x2b\x06\01\x05\x06\x03"},
* corresponding to an object identifier value of
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
* 6(nametypes), 3(gss-anonymous-name)}. The constant
* and GSS_C_NT_ANONYMOUS should be initialized to point
* to that gss_OID_desc.
*/
GSS_DLLIMP extern gss_OID GSS_C_NT_ANONYMOUS;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
* corresponding to an object-identifier value of
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
* 6(nametypes), 4(gss-api-exported-name)}. The constant
* GSS_C_NT_EXPORT_NAME should be initialized to point
* to that gss_OID_desc.
*/
GSS_DLLIMP extern gss_OID GSS_C_NT_EXPORT_NAME;
/* Function Prototypes */
OM_uint32 KRB5_CALLCONV
gss_acquire_cred(
OM_uint32 *, /* minor_status */
gss_name_t, /* desired_name */
OM_uint32, /* time_req */
gss_OID_set, /* desired_mechs */
gss_cred_usage_t, /* cred_usage */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *); /* time_rec */
OM_uint32 KRB5_CALLCONV
gss_release_cred(
OM_uint32 *, /* minor_status */
gss_cred_id_t *); /* cred_handle */
OM_uint32 KRB5_CALLCONV
gss_init_sec_context(
OM_uint32 *, /* minor_status */
gss_cred_id_t, /* claimant_cred_handle */
gss_ctx_id_t *, /* context_handle */
gss_name_t, /* target_name */
gss_OID, /* mech_type (used to be const) */
OM_uint32, /* req_flags */
OM_uint32, /* time_req */
gss_channel_bindings_t, /* input_chan_bindings */
gss_buffer_t, /* input_token */
gss_OID *, /* actual_mech_type */
gss_buffer_t, /* output_token */
OM_uint32 *, /* ret_flags */
OM_uint32 *); /* time_rec */
OM_uint32 KRB5_CALLCONV
gss_accept_sec_context(
OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
gss_cred_id_t, /* acceptor_cred_handle */
gss_buffer_t, /* input_token_buffer */
gss_channel_bindings_t, /* input_chan_bindings */
gss_name_t *, /* src_name */
gss_OID *, /* mech_type */
gss_buffer_t, /* output_token */
OM_uint32 *, /* ret_flags */
OM_uint32 *, /* time_rec */
gss_cred_id_t *); /* delegated_cred_handle */
OM_uint32 KRB5_CALLCONV
gss_process_context_token(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_buffer_t); /* token_buffer */
OM_uint32 KRB5_CALLCONV
gss_delete_sec_context(
OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
gss_buffer_t); /* output_token */
OM_uint32 KRB5_CALLCONV
gss_context_time(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
OM_uint32 *); /* time_rec */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_get_mic(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_qop_t, /* qop_req */
gss_buffer_t, /* message_buffer */
gss_buffer_t); /* message_token */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_verify_mic(OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_buffer_t, /* message_buffer */
gss_buffer_t, /* message_token */
gss_qop_t * /* qop_state */
);
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_wrap(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
gss_qop_t, /* qop_req */
gss_buffer_t, /* input_message_buffer */
int *, /* conf_state */
gss_buffer_t); /* output_message_buffer */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_unwrap(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_buffer_t, /* input_message_buffer */
gss_buffer_t, /* output_message_buffer */
int *, /* conf_state */
gss_qop_t *); /* qop_state */
OM_uint32 KRB5_CALLCONV
gss_display_status(
OM_uint32 *, /* minor_status */
OM_uint32, /* status_value */
int, /* status_type */
gss_OID, /* mech_type (used to be const) */
OM_uint32 *, /* message_context */
gss_buffer_t); /* status_string */
OM_uint32 KRB5_CALLCONV
gss_indicate_mechs(
OM_uint32 *, /* minor_status */
gss_OID_set *); /* mech_set */
OM_uint32 KRB5_CALLCONV
gss_compare_name(
OM_uint32 *, /* minor_status */
gss_name_t, /* name1 */
gss_name_t, /* name2 */
int *); /* name_equal */
OM_uint32 KRB5_CALLCONV
gss_display_name(
OM_uint32 *, /* minor_status */
gss_name_t, /* input_name */
gss_buffer_t, /* output_name_buffer */
gss_OID *); /* output_name_type */
OM_uint32 KRB5_CALLCONV
gss_import_name(
OM_uint32 *, /* minor_status */
gss_buffer_t, /* input_name_buffer */
gss_OID, /* input_name_type(used to be const) */
gss_name_t *); /* output_name */
OM_uint32 KRB5_CALLCONV
gss_release_name(
OM_uint32 *, /* minor_status */
gss_name_t *); /* input_name */
OM_uint32 KRB5_CALLCONV
gss_release_buffer(
OM_uint32 *, /* minor_status */
gss_buffer_t); /* buffer */
OM_uint32 KRB5_CALLCONV
gss_release_oid_set(
OM_uint32 *, /* minor_status */
gss_OID_set *); /* set */
OM_uint32 KRB5_CALLCONV
gss_inquire_cred(
OM_uint32 *, /* minor_status */
gss_cred_id_t, /* cred_handle */
gss_name_t *, /* name */
OM_uint32 *, /* lifetime */
gss_cred_usage_t *, /* cred_usage */
gss_OID_set *); /* mechanisms */
/* Last argument new for V2 */
OM_uint32 KRB5_CALLCONV
gss_inquire_context(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_name_t *, /* src_name */
gss_name_t *, /* targ_name */
OM_uint32 *, /* lifetime_rec */
gss_OID *, /* mech_type */
OM_uint32 *, /* ctx_flags */
int *, /* locally_initiated */
int *); /* open */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_wrap_size_limit(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
gss_qop_t, /* qop_req */
OM_uint32, /* req_output_size */
OM_uint32 *); /* max_input_size */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_import_name_object(
OM_uint32 *, /* minor_status */
void *, /* input_name */
gss_OID, /* input_name_type */
gss_name_t *); /* output_name */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_export_name_object(
OM_uint32 *, /* minor_status */
gss_name_t, /* input_name */
gss_OID, /* desired_name_type */
void **); /* output_name */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_add_cred(
OM_uint32 *, /* minor_status */
gss_cred_id_t, /* input_cred_handle */
gss_name_t, /* desired_name */
gss_OID, /* desired_mech */
gss_cred_usage_t, /* cred_usage */
OM_uint32, /* initiator_time_req */
OM_uint32, /* acceptor_time_req */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *, /* initiator_time_rec */
OM_uint32 *); /* acceptor_time_rec */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_inquire_cred_by_mech(
OM_uint32 *, /* minor_status */
gss_cred_id_t, /* cred_handle */
gss_OID, /* mech_type */
gss_name_t *, /* name */
OM_uint32 *, /* initiator_lifetime */
OM_uint32 *, /* acceptor_lifetime */
gss_cred_usage_t *); /* cred_usage */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_export_sec_context(
OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
gss_buffer_t); /* interprocess_token */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_import_sec_context(
OM_uint32 *, /* minor_status */
gss_buffer_t, /* interprocess_token */
gss_ctx_id_t *); /* context_handle */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_release_oid(
OM_uint32 *, /* minor_status */
gss_OID *); /* oid */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_create_empty_oid_set(
OM_uint32 *, /* minor_status */
gss_OID_set *); /* oid_set */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_add_oid_set_member(
OM_uint32 *, /* minor_status */
gss_OID, /* member_oid */
gss_OID_set *); /* oid_set */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_test_oid_set_member(
OM_uint32 *, /* minor_status */
gss_OID, /* member */
gss_OID_set, /* set */
int *); /* present */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_str_to_oid(
OM_uint32 *, /* minor_status */
gss_buffer_t, /* oid_str */
gss_OID *); /* oid */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_oid_to_str(
OM_uint32 *, /* minor_status */
gss_OID, /* oid */
gss_buffer_t); /* oid_str */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_inquire_names_for_mech(
OM_uint32 *, /* minor_status */
gss_OID, /* mechanism */
gss_OID_set *); /* name_types */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_inquire_mechs_for_name(
OM_uint32 *, /* minor_status */
const gss_name_t, /* input_name */
gss_OID_set *); /* mech_types */
/*
* The following routines are obsolete variants of gss_get_mic, gss_wrap,
* gss_verify_mic and gss_unwrap. They should be provided by GSSAPI V2
* implementations for backwards compatibility with V1 applications. Distinct
* entrypoints (as opposed to #defines) should be provided, to allow GSSAPI
* V1 applications to link against GSSAPI V2 implementations.
*/
OM_uint32 KRB5_CALLCONV
gss_sign(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
int, /* qop_req */
gss_buffer_t, /* message_buffer */
gss_buffer_t); /* message_token */
OM_uint32 KRB5_CALLCONV
gss_verify(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_buffer_t, /* message_buffer */
gss_buffer_t, /* token_buffer */
int *); /* qop_state */
OM_uint32 KRB5_CALLCONV
gss_seal(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
int, /* qop_req */
gss_buffer_t, /* input_message_buffer */
int *, /* conf_state */
gss_buffer_t); /* output_message_buffer */
OM_uint32 KRB5_CALLCONV
gss_unseal(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_buffer_t, /* input_message_buffer */
gss_buffer_t, /* output_message_buffer */
int *, /* conf_state */
int *); /* qop_state */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_export_name(
OM_uint32 *, /* minor_status */
const gss_name_t, /* input_name */
gss_buffer_t); /* exported_name */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_duplicate_name(
OM_uint32 *, /* minor_status */
const gss_name_t, /* input_name */
gss_name_t *); /* dest_name */
/* New for V2 */
OM_uint32 KRB5_CALLCONV
gss_canonicalize_name(
OM_uint32 *, /* minor_status */
const gss_name_t, /* input_name */
const gss_OID, /* mech_type */
gss_name_t *); /* output_name */
/* RFC 4401 */
#define GSS_C_PRF_KEY_FULL 0
#define GSS_C_PRF_KEY_PARTIAL 1
OM_uint32 KRB5_CALLCONV
gss_pseudo_random(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context */
int, /* prf_key */
const gss_buffer_t, /* prf_in */
ssize_t, /* desired_output_len */
gss_buffer_t); /* prf_out */
OM_uint32 KRB5_CALLCONV
gss_store_cred(
OM_uint32 *, /* minor_status */
const gss_cred_id_t,/* input_cred_handle */
gss_cred_usage_t, /* input_usage */
const gss_OID, /* desired_mech */
OM_uint32, /* overwrite_cred */
OM_uint32, /* default_cred */
gss_OID_set *, /* elements_stored */
gss_cred_usage_t *);/* cred_usage_stored */
OM_uint32 KRB5_CALLCONV
gss_set_neg_mechs(
OM_uint32 *, /* minor_status */
gss_cred_id_t, /* cred_handle */
const gss_OID_set); /* mech_set */
#if defined(TARGET_OS_MAC) && TARGET_OS_MAC
# pragma pack(pop)
#endif
#ifdef __cplusplus
}
#endif
/* XXXX these are not part of the GSSAPI C bindings! (but should be) */
#define GSS_CALLING_ERROR_FIELD(x) \
(((x) >> GSS_C_CALLING_ERROR_OFFSET) & GSS_C_CALLING_ERROR_MASK)
#define GSS_ROUTINE_ERROR_FIELD(x) \
(((x) >> GSS_C_ROUTINE_ERROR_OFFSET) & GSS_C_ROUTINE_ERROR_MASK)
#define GSS_SUPPLEMENTARY_INFO_FIELD(x) \
(((x) >> GSS_C_SUPPLEMENTARY_OFFSET) & GSS_C_SUPPLEMENTARY_MASK)
/* XXXX This is a necessary evil until the spec is fixed */
#define GSS_S_CRED_UNAVAIL GSS_S_FAILURE
/*
* RFC 5587
*/
typedef const gss_buffer_desc *gss_const_buffer_t;
typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t;
typedef const struct gss_ctx_id_struct *gss_const_ctx_id_t;
typedef const struct gss_cred_id_struct *gss_const_cred_id_t;
typedef const struct gss_name_struct *gss_const_name_t;
typedef const gss_OID_desc *gss_const_OID;
typedef const gss_OID_set_desc *gss_const_OID_set;
OM_uint32 KRB5_CALLCONV
gss_indicate_mechs_by_attrs(
OM_uint32 *, /* minor_status */
gss_const_OID_set, /* desired_mech_attrs */
gss_const_OID_set, /* except_mech_attrs */
gss_const_OID_set, /* critical_mech_attrs */
gss_OID_set *); /* mechs */
OM_uint32 KRB5_CALLCONV
gss_inquire_attrs_for_mech(
OM_uint32 *, /* minor_status */
gss_const_OID, /* mech */
gss_OID_set *, /* mech_attrs */
gss_OID_set *); /* known_mech_attrs */
OM_uint32 KRB5_CALLCONV
gss_display_mech_attr(
OM_uint32 *, /* minor_status */
gss_const_OID, /* mech_attr */
gss_buffer_t, /* name */
gss_buffer_t, /* short_desc */
gss_buffer_t); /* long_desc */
GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_CONCRETE;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_PSEUDO;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_COMPOSITE;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_NEGO;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_GLUE;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_NOT_MECH;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_DEPRECATED;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_NOT_DFLT_MECH;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_ITOK_FRAMED;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT_INIT;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG_INIT;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT_ANON;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG_ANON;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_DELEG_CRED;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_INTEG_PROT;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_CONF_PROT;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_MIC;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_WRAP;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_PROT_READY;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_REPLAY_DET;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_OOS_DET;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_CBINDINGS;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_PFS;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_COMPRESS;
GSS_DLLIMP extern gss_const_OID GSS_C_MA_CTX_TRANS;
/*
* RFC 5801
*/
OM_uint32 KRB5_CALLCONV
gss_inquire_saslname_for_mech(
OM_uint32 *, /* minor_status */
const gss_OID, /* desired_mech */
gss_buffer_t, /* sasl_mech_name */
gss_buffer_t, /* mech_name */
gss_buffer_t /* mech_description */
);
OM_uint32 KRB5_CALLCONV
gss_inquire_mech_for_saslname(
OM_uint32 *, /* minor_status */
const gss_buffer_t, /* sasl_mech_name */
gss_OID * /* mech_type */
);
#endif /* _GSSAPI_H_ */
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gssapi_generic.h������������������������������������������������������������������������������������0000644�����������������00000004251�14751151324�0007704 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
* Permission to use, copy, modify, distribute, and sell this software
* and its documentation for any purpose is hereby granted without fee,
* provided that the above copyright notice appears in all copies and
* that both that copyright notice and this permission notice appear in
* supporting documentation, and that the name of OpenVision not be used
* in advertising or publicity pertaining to distribution of the software
* without specific, written prior permission. OpenVision makes no
* representations about the suitability of this software for any
* purpose. It is provided "as is" without express or implied warranty.
*
* OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
* EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _GSSAPI_GENERIC_H_
#define _GSSAPI_GENERIC_H_
/*
* $Id$
*/
#include <gssapi/gssapi.h>
#if defined(__cplusplus) && !defined(GSSAPIGENERIC_BEGIN_DECLS)
#define GSSAPIGENERIC_BEGIN_DECLS extern "C" {
#define GSSAPIGENERIC_END_DECLS }
#else
#define GSSAPIGENERIC_BEGIN_DECLS
#define GSSAPIGENERIC_END_DECLS
#endif
#define GSS_EMPTY_BUFFER(buf) ((buf) == NULL || \
(buf)->value == NULL || (buf)->length == 0)
GSSAPIGENERIC_BEGIN_DECLS
/* Deprecated MIT krb5 oid names provided for compatibility.
* The correct oids (GSS_C_NT_USER_NAME, etc) from rfc 2744
* are defined in gssapi.h. */
GSS_DLLIMP extern gss_OID gss_nt_user_name;
GSS_DLLIMP extern gss_OID gss_nt_machine_uid_name;
GSS_DLLIMP extern gss_OID gss_nt_string_uid_name;
extern gss_OID gss_nt_service_name_v2;
GSS_DLLIMP extern gss_OID gss_nt_service_name;
extern gss_OID gss_nt_exported_name;
GSSAPIGENERIC_END_DECLS
#endif /* _GSSAPI_GENERIC_H_ */
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������mechglue.h������������������������������������������������������������������������������������������0000644�����������������00000003164�14751151324�0006515 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* #ident "@(#)mechglue.h 1.13 95/08/07 SMI" */
/*
* Copyright 1996 by Sun Microsystems, Inc.
*
* Permission to use, copy, modify, distribute, and sell this software
* and its documentation for any purpose is hereby granted without fee,
* provided that the above copyright notice appears in all copies and
* that both that copyright notice and this permission notice appear in
* supporting documentation, and that the name of Sun Microsystems not be used
* in advertising or publicity pertaining to distribution of the software
* without specific, written prior permission. Sun Microsystems makes no
* representations about the suitability of this software for any
* purpose. It is provided "as is" without express or implied warranty.
*
* SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
* EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/*
* This header contains the mechglue definitions.
*/
#ifndef _GSS_MECHGLUE_H
#define _GSS_MECHGLUE_H
#include <gssapi/gssapi.h>
/********************************************************/
/* GSSAPI Extension functions -- these functions aren't */
/* in the GSSAPI, but they are provided in this library */
#include <gssapi/gssapi_ext.h>
void KRB5_CALLCONV gss_initialize(void);
#endif /* _GSS_MECHGLUE_H */
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gssapi_alloc.h��������������������������������������������������������������������������������������0000644�����������������00000005120�14751151324�0007356 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* To the extent possible under law, Painless Security, LLC has waived
* all copyright and related or neighboring rights to GSS-API Memory
* Management Header. This work is published from: United States.
*/
#ifndef GSSAPI_ALLOC_H
#define GSSAPI_ALLOC_H
#ifdef _WIN32
#include "winbase.h"
#endif
#include <string.h>
#if defined(_WIN32)
static inline void
gssalloc_free(void *value)
{
if (value)
HeapFree(GetProcessHeap(), 0, value);
}
static inline void *
gssalloc_malloc(size_t size)
{
return HeapAlloc(GetProcessHeap(), 0, size);
}
static inline void *
gssalloc_calloc(size_t count, size_t size)
{
return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, count * size);
}
static inline void *
gssalloc_realloc(void *value, size_t size)
{
/* Unlike realloc(), HeapReAlloc() does not work on null values. */
if (value == NULL)
return HeapAlloc(GetProcessHeap(), 0, size);
return HeapReAlloc(GetProcessHeap(), 0, value, size);
}
#elif defined(DEBUG_GSSALLOC)
/* Be deliberately incompatible with malloc and free, to allow us to detect
* mismatched malloc/gssalloc usage on Unix. */
static inline void
gssalloc_free(void *value)
{
char *p = (char *)value - 8;
if (value == NULL)
return;
if (memcmp(p, "gssalloc", 8) != 0)
abort();
free(p);
}
static inline void *
gssalloc_malloc(size_t size)
{
char *p = calloc(size + 8, 1);
memcpy(p, "gssalloc", 8);
return p + 8;
}
static inline void *
gssalloc_calloc(size_t count, size_t size)
{
return gssalloc_malloc(count * size);
}
static inline void *
gssalloc_realloc(void *value, size_t size)
{
char *p = (char *)value - 8;
if (value == NULL)
return gssalloc_malloc(size);
if (memcmp(p, "gssalloc", 8) != 0)
abort();
return (char *)realloc(p, size + 8) + 8;
}
#else /* not _WIN32 or DEBUG_GSSALLOC */
/* Normal Unix case, just use free/malloc/calloc/realloc. */
static inline void
gssalloc_free(void *value)
{
free(value);
}
static inline void *
gssalloc_malloc(size_t size)
{
return malloc(size);
}
static inline void *
gssalloc_calloc(size_t count, size_t size)
{
return calloc(count, size);
}
static inline void *
gssalloc_realloc(void *value, size_t size)
{
return realloc(value, size);
}
#endif /* not _WIN32 or DEBUG_GSSALLOC */
static inline char *
gssalloc_strdup(const char *str)
{
size_t size = strlen(str)+1;
char *copy = gssalloc_malloc(size);
if (copy) {
memcpy(copy, str, size);
copy[size-1] = '\0';
}
return copy;
}
#endif
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������gssapi_ext.h����������������������������������������������������������������������������������������0000644�����������������00000050663�14751151324�0007100 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
#ifndef GSSAPI_EXT_H_
#define GSSAPI_EXT_H_
#include <gssapi/gssapi.h>
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/*
* Solaris extensions
*/
#ifndef _WIN32
OM_uint32 KRB5_CALLCONV
gss_pname_to_uid
(OM_uint32 *minor,
const gss_name_t name,
const gss_OID mech_type,
uid_t *uidOut);
#endif
/**
* Provides a platform-specific name for a GSSAPI name as interpreted by a
* given mechanism.
*
* @param [out] minor Minor status code
* @param [in] name The gss name resulting from accept_sec_context
* @param [in] mech_type The mechanism that will be asked to map @a name to a
* local name
* @param [out] localname Caller-allocated buffer to be filled in with the
* local name on success
*/
OM_uint32 KRB5_CALLCONV
gss_localname
(OM_uint32 *minor,
const gss_name_t name,
gss_const_OID mech_type,
gss_buffer_t localname);
/**
* Determine whether a mechanism name is authorized to act as a username.
*
* @param [in] name Mechanism name
* @param [in] username System username
*
* This is a simple wrapper around gss_authorize_localname(). It only supports
* system usernames as local names, and cannot distinguish between lack of
* authorization and other errors.
*
* @retval 1 @a name is authorized to act as @a username
* @retval 0 @a name is not authorized or an error occurred
*/
int KRB5_CALLCONV
gss_userok(const gss_name_t name,
const char *username);
/**
* Determine whether a mechanism name is authorized to act as a local name.
*
* @param [out] minor Minor status code
* @param [in] name Mechanism name
* @param [in] user Local name
*
* @a name is a mechanism name, typically the result of a completed
* gss_accept_sec_context(). @a user is an internal name representing a local
* name, such as a name imported by gss_import_name() with an @a
* input_name_type of @c GSS_C_NT_USER_NAME.
*
* @return Return GSS_S_COMPLETE if @a name is authorized to act as @a user,
* GSS_S_UNAUTHORIZED if not, or an appropriate GSS error code if an error
* occurred.
*
* @sa gss_userok
*/
OM_uint32 KRB5_CALLCONV
gss_authorize_localname(OM_uint32 *minor,
const gss_name_t name,
const gss_name_t user);
OM_uint32 KRB5_CALLCONV
gss_acquire_cred_with_password(
OM_uint32 *, /* minor_status */
const gss_name_t, /* desired_name */
const gss_buffer_t, /* password */
OM_uint32, /* time_req */
const gss_OID_set, /* desired_mechs */
gss_cred_usage_t, /* cred_usage */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *); /* time_rec */
OM_uint32 KRB5_CALLCONV
gss_add_cred_with_password(
OM_uint32 *, /* minor_status */
const gss_cred_id_t,/* input_cred_handle */
const gss_name_t, /* desired_name */
const gss_OID, /* desired_mech */
const gss_buffer_t, /* password */
gss_cred_usage_t, /* cred_usage */
OM_uint32, /* initiator_time_req */
OM_uint32, /* acceptor_time_req */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *, /* initiator_time_rec */
OM_uint32 *); /* acceptor_time_rec */
/*
* GGF extensions
*/
typedef struct gss_buffer_set_desc_struct {
size_t count;
gss_buffer_desc *elements;
} gss_buffer_set_desc, *gss_buffer_set_t;
#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0)
OM_uint32 KRB5_CALLCONV gss_create_empty_buffer_set
(OM_uint32 * /*minor_status*/,
gss_buffer_set_t * /*buffer_set*/);
OM_uint32 KRB5_CALLCONV gss_add_buffer_set_member
(OM_uint32 * /*minor_status*/,
const gss_buffer_t /*member_buffer*/,
gss_buffer_set_t * /*buffer_set*/);
OM_uint32 KRB5_CALLCONV gss_release_buffer_set
(OM_uint32 * /*minor_status*/,
gss_buffer_set_t * /*buffer_set*/);
OM_uint32 KRB5_CALLCONV gss_inquire_sec_context_by_oid
(OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
const gss_OID /*desired_object*/,
gss_buffer_set_t * /*data_set*/);
OM_uint32 KRB5_CALLCONV gss_inquire_cred_by_oid
(OM_uint32 * /*minor_status*/,
const gss_cred_id_t /*cred_handle*/,
const gss_OID /*desired_object*/,
gss_buffer_set_t * /*data_set*/);
OM_uint32 KRB5_CALLCONV gss_set_sec_context_option
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t * /*cred_handle*/,
const gss_OID /*desired_object*/,
const gss_buffer_t /*value*/);
/*
* Export import cred extensions from GGF, but using Heimdal's signatures
*/
OM_uint32 KRB5_CALLCONV gss_export_cred
(OM_uint32 * /* minor_status */,
gss_cred_id_t /* cred_handle */,
gss_buffer_t /* token */);
OM_uint32 KRB5_CALLCONV gss_import_cred
(OM_uint32 * /* minor_status */,
gss_buffer_t /* token */,
gss_cred_id_t * /* cred_handle */);
/*
* Heimdal extension
*/
OM_uint32 KRB5_CALLCONV gss_set_cred_option
(OM_uint32 * /*minor_status*/,
gss_cred_id_t * /*cred*/,
const gss_OID /*desired_object*/,
const gss_buffer_t /*value*/);
/*
* Call the given method on the given mechanism
*/
OM_uint32 KRB5_CALLCONV gssspi_mech_invoke
(OM_uint32 * /*minor_status*/,
const gss_OID /*desired_mech*/,
const gss_OID /*desired_object*/,
gss_buffer_t /*value*/);
/*
* AEAD extensions
*/
OM_uint32 KRB5_CALLCONV gss_wrap_aead
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
gss_qop_t /*qop_req*/,
gss_buffer_t /*input_assoc_buffer*/,
gss_buffer_t /*input_payload_buffer*/,
int * /*conf_state*/,
gss_buffer_t /*output_message_buffer*/);
OM_uint32 KRB5_CALLCONV gss_unwrap_aead
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
gss_buffer_t /*input_message_buffer*/,
gss_buffer_t /*input_assoc_buffer*/,
gss_buffer_t /*output_payload_buffer*/,
int * /*conf_state*/,
gss_qop_t * /*qop_state*/);
/*
* SSPI extensions
*/
#define GSS_C_DCE_STYLE 0x1000
#define GSS_C_IDENTIFY_FLAG 0x2000
#define GSS_C_EXTENDED_ERROR_FLAG 0x4000
/*
* Returns a buffer set with the first member containing the
* session key for SSPI compatibility. The optional second
* member contains an OID identifying the session key type.
*/
GSS_DLLIMP extern gss_OID GSS_C_INQ_SSPI_SESSION_KEY;
GSS_DLLIMP extern gss_OID GSS_C_INQ_NEGOEX_KEY;
GSS_DLLIMP extern gss_OID GSS_C_INQ_NEGOEX_VERIFY_KEY;
OM_uint32 KRB5_CALLCONV gss_complete_auth_token
(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
gss_buffer_t input_message_buffer);
typedef struct gss_iov_buffer_desc_struct {
OM_uint32 type;
gss_buffer_desc buffer;
} gss_iov_buffer_desc, *gss_iov_buffer_t;
#define GSS_C_NO_IOV_BUFFER ((gss_iov_buffer_t)0)
#define GSS_IOV_BUFFER_TYPE_EMPTY 0
#define GSS_IOV_BUFFER_TYPE_DATA 1 /* Packet data */
#define GSS_IOV_BUFFER_TYPE_HEADER 2 /* Mechanism header */
#define GSS_IOV_BUFFER_TYPE_MECH_PARAMS 3 /* Mechanism specific parameters */
#define GSS_IOV_BUFFER_TYPE_TRAILER 7 /* Mechanism trailer */
#define GSS_IOV_BUFFER_TYPE_PADDING 9 /* Padding */
#define GSS_IOV_BUFFER_TYPE_STREAM 10 /* Complete wrap token */
#define GSS_IOV_BUFFER_TYPE_SIGN_ONLY 11 /* Sign only packet data */
#define GSS_IOV_BUFFER_TYPE_MIC_TOKEN 12 /* MIC token destination */
#define GSS_IOV_BUFFER_FLAG_MASK 0xFFFF0000
#define GSS_IOV_BUFFER_FLAG_ALLOCATE 0x00010000 /* indicates GSS should allocate */
#define GSS_IOV_BUFFER_FLAG_ALLOCATED 0x00020000 /* indicates caller should free */
#define GSS_IOV_BUFFER_TYPE(_type) ((_type) & ~(GSS_IOV_BUFFER_FLAG_MASK))
#define GSS_IOV_BUFFER_FLAGS(_type) ((_type) & GSS_IOV_BUFFER_FLAG_MASK)
/*
* Sign and optionally encrypt a sequence of buffers. The buffers
* shall be ordered HEADER | DATA | PADDING | TRAILER. Suitable
* space for the header, padding and trailer should be provided
* by calling gss_wrap_iov_length(), or the ALLOCATE flag should
* be set on those buffers.
*
* Encryption is in-place. SIGN_ONLY buffers are untouched. Only
* a single PADDING buffer should be provided. The order of the
* buffers in memory does not matter. Buffers in the IOV should
* be arranged in the order above, and in the case of multiple
* DATA buffers the sender and receiver should agree on the
* order.
*
* With GSS_C_DCE_STYLE it is acceptable to not provide PADDING
* and TRAILER, but the caller must guarantee the plaintext data
* being encrypted is correctly padded, otherwise an error will
* be returned.
*
* While applications that have knowledge of the underlying
* cryptosystem may request a specific configuration of data
* buffers, the only generally supported configurations are:
*
* HEADER | DATA | PADDING | TRAILER
*
* which will emit GSS_Wrap() compatible tokens, and:
*
* HEADER | SIGN_ONLY | DATA | PADDING | TRAILER
*
* for AEAD.
*
* The typical (special cased) usage for DCE is as follows:
*
* SIGN_ONLY_1 | DATA | SIGN_ONLY_2 | HEADER
*/
OM_uint32 KRB5_CALLCONV gss_wrap_iov
(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
gss_qop_t, /* qop_req */
int *, /* conf_state */
gss_iov_buffer_desc *, /* iov */
int); /* iov_count */
/*
* Verify and optionally decrypt a sequence of buffers. To process
* a GSS-API message without separate buffer, pass STREAM | DATA.
* Upon return DATA will contain the decrypted or integrity
* protected message. Only a single DATA buffer may be provided
* with this usage. DATA by default will point into STREAM, but if
* the ALLOCATE flag is set a copy will be returned.
*
* Otherwise, decryption is in-place. SIGN_ONLY buffers are
* untouched.
*/
OM_uint32 KRB5_CALLCONV gss_unwrap_iov
(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
int *, /* conf_state */
gss_qop_t *, /* qop_state */
gss_iov_buffer_desc *, /* iov */
int); /* iov_count */
/*
* Query HEADER, PADDING and TRAILER buffer lengths. DATA buffers
* should be provided so the correct padding length can be determined.
*/
OM_uint32 KRB5_CALLCONV gss_wrap_iov_length
(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
gss_qop_t, /* qop_req */
int *, /* conf_state */
gss_iov_buffer_desc *, /* iov */
int); /* iov_count */
/*
* Produce a GSSAPI MIC token for a sequence of buffers. All SIGN_ONLY and
* DATA buffers will be signed, in the order they appear. One MIC_TOKEN buffer
* must be included for the result. Suitable space should be provided for the
* MIC_TOKEN buffer by calling gss_get_mic_iov_length, or the ALLOCATE flag
* should be set on that buffer. If the ALLOCATE flag is used, use
* gss_release_iov_buffer to free the allocated buffer within the iov list when
* it is no longer needed.
*/
OM_uint32 KRB5_CALLCONV gss_get_mic_iov
(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_qop_t, /* qop_req */
gss_iov_buffer_desc *, /* iov */
int); /* iov_count */
/*
* Query the MIC_TOKEN buffer length within the iov list.
*/
OM_uint32 KRB5_CALLCONV gss_get_mic_iov_length(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_qop_t, /* qop_req */
gss_iov_buffer_desc *, /* iov */
int); /* iov_count */
/*
* Verify the MIC_TOKEN buffer within the iov list against the SIGN_ONLY and
* DATA buffers in the order they appear. Return values are the same as for
* gss_verify_mic.
*/
OM_uint32 KRB5_CALLCONV gss_verify_mic_iov
(
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_qop_t *, /* qop_state */
gss_iov_buffer_desc *, /* iov */
int); /* iov_count */
/*
* Release buffers that have the ALLOCATED flag set.
*/
OM_uint32 KRB5_CALLCONV gss_release_iov_buffer
(
OM_uint32 *, /* minor_status */
gss_iov_buffer_desc *, /* iov */
int); /* iov_count */
/*
* Protocol transition
*/
OM_uint32 KRB5_CALLCONV
gss_acquire_cred_impersonate_name(
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* impersonator_cred_handle */
const gss_name_t, /* desired_name */
OM_uint32, /* time_req */
const gss_OID_set, /* desired_mechs */
gss_cred_usage_t, /* cred_usage */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *); /* time_rec */
OM_uint32 KRB5_CALLCONV
gss_add_cred_impersonate_name(
OM_uint32 *, /* minor_status */
gss_cred_id_t, /* input_cred_handle */
const gss_cred_id_t, /* impersonator_cred_handle */
const gss_name_t, /* desired_name */
const gss_OID, /* desired_mech */
gss_cred_usage_t, /* cred_usage */
OM_uint32, /* initiator_time_req */
OM_uint32, /* acceptor_time_req */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *, /* initiator_time_rec */
OM_uint32 *); /* acceptor_time_rec */
/*
* Naming extensions
*/
GSS_DLLIMP extern gss_buffer_t GSS_C_ATTR_LOCAL_LOGIN_USER;
GSS_DLLIMP extern gss_OID GSS_C_NT_COMPOSITE_EXPORT;
OM_uint32 KRB5_CALLCONV gss_display_name_ext
(
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_OID, /* display_as_name_type */
gss_buffer_t /* display_name */
);
OM_uint32 KRB5_CALLCONV gss_inquire_name
(
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
int *, /* name_is_MN */
gss_OID *, /* MN_mech */
gss_buffer_set_t * /* attrs */
);
OM_uint32 KRB5_CALLCONV gss_get_name_attribute
(
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t, /* attr */
int *, /* authenticated */
int *, /* complete */
gss_buffer_t, /* value */
gss_buffer_t, /* display_value */
int * /* more */
);
OM_uint32 KRB5_CALLCONV gss_set_name_attribute
(
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
int, /* complete */
gss_buffer_t, /* attr */
gss_buffer_t /* value */
);
OM_uint32 KRB5_CALLCONV gss_delete_name_attribute
(
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t /* attr */
);
OM_uint32 KRB5_CALLCONV gss_export_name_composite
(
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t /* exp_composite_name */
);
typedef struct gss_any *gss_any_t;
OM_uint32 KRB5_CALLCONV gss_map_name_to_any
(
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
int, /* authenticated */
gss_buffer_t, /* type_id */
gss_any_t * /* output */
);
OM_uint32 KRB5_CALLCONV gss_release_any_name_mapping
(
OM_uint32 *, /* minor_status */
gss_name_t, /* name */
gss_buffer_t, /* type_id */
gss_any_t * /* input */
);
/* draft-josefsson-gss-capsulate */
OM_uint32 KRB5_CALLCONV gss_encapsulate_token
(
gss_const_buffer_t, /* input_token */
gss_const_OID, /* token_oid */
gss_buffer_t /* output_token */
);
OM_uint32 KRB5_CALLCONV gss_decapsulate_token
(
gss_const_buffer_t, /* input_token */
gss_const_OID, /* token_oid */
gss_buffer_t /* output_token */
);
int KRB5_CALLCONV gss_oid_equal
(
gss_const_OID, /* first_oid */
gss_const_OID /* second_oid */
);
/* Credential store extensions */
struct gss_key_value_element_struct {
const char *key;
const char *value;
};
typedef struct gss_key_value_element_struct gss_key_value_element_desc;
struct gss_key_value_set_struct {
OM_uint32 count;
gss_key_value_element_desc *elements;
};
typedef struct gss_key_value_set_struct gss_key_value_set_desc;
typedef const gss_key_value_set_desc *gss_const_key_value_set_t;
#define GSS_C_NO_CRED_STORE ((gss_const_key_value_set_t) 0)
OM_uint32 KRB5_CALLCONV
gss_acquire_cred_from(
OM_uint32 *, /* minor_status */
gss_name_t, /* desired_name */
OM_uint32, /* time_req */
gss_OID_set, /* desired_mechs */
gss_cred_usage_t, /* cred_usage */
gss_const_key_value_set_t, /* cred_store */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *); /* time_rec */
OM_uint32 KRB5_CALLCONV
gss_add_cred_from(
OM_uint32 *, /* minor_status */
gss_cred_id_t, /* input_cred_handle */
gss_name_t, /* desired_name */
gss_OID, /* desired_mech */
gss_cred_usage_t, /* cred_usage */
OM_uint32, /* initiator_time_req */
OM_uint32, /* acceptor_time_req */
gss_const_key_value_set_t, /* cred_store */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *, /* initiator_time_rec */
OM_uint32 *); /* acceptor_time_rec */
OM_uint32 KRB5_CALLCONV
gss_store_cred_into(
OM_uint32 *, /* minor_status */
gss_cred_id_t, /* input_cred_handle */
gss_cred_usage_t, /* input_usage */
gss_OID, /* desired_mech */
OM_uint32, /* overwrite_cred */
OM_uint32, /* default_cred */
gss_const_key_value_set_t, /* cred_store */
gss_OID_set *, /* elements_stored */
gss_cred_usage_t *); /* cred_usage_stored */
/*
* A mech can make itself negotiable via NegoEx (draft-zhu-negoex) by
* implementing the following three SPIs, and also implementing
* gss_inquire_sec_context_by_oid() and answering the GSS_C_INQ_NEGOEX_KEY and
* GSS_C_INQ_NEGOEX_VERIFY_KEY OIDs. The answer must be in two buffers: the
* first contains the key contents, and the second contains the key enctype as
* a four-byte little-endian integer.
*
* By default, NegoEx mechanisms will not be directly negotiated via SPNEGO.
* If direct SPNEGO negotiation is required for interoperability, implement
* gss_inquire_attrs_for_mech() and assert the GSS_C_MA_NEGOEX_AND_SPNEGO
* attribute (along with any applicable RFC 5587 attributes).
*/
#define GSS_C_CHANNEL_BOUND_FLAG 2048 /* 0x00000800 */
OM_uint32 KRB5_CALLCONV
gssspi_query_meta_data(
OM_uint32 *minor_status,
gss_const_OID mech_oid,
gss_cred_id_t cred_handle,
gss_ctx_id_t *context_handle,
const gss_name_t targ_name,
OM_uint32 req_flags,
gss_buffer_t meta_data);
OM_uint32 KRB5_CALLCONV
gssspi_exchange_meta_data(
OM_uint32 *minor_status,
gss_const_OID mech_oid,
gss_cred_id_t cred_handle,
gss_ctx_id_t *context_handle,
const gss_name_t targ_name,
OM_uint32 req_flags,
gss_const_buffer_t meta_data);
OM_uint32 KRB5_CALLCONV
gssspi_query_mechanism_info(
OM_uint32 *minor_status,
gss_const_OID mech_oid,
unsigned char auth_scheme[16]);
GSS_DLLIMP extern gss_const_OID GSS_C_MA_NEGOEX_AND_SPNEGO;
#ifdef __cplusplus
}
#endif
/*
* When used with gss_inquire_sec_context_by_oid(), return a buffer set with
* the first member containing an unsigned 32-bit integer in network byte
* order. This is the Security Strength Factor (SSF) associated with the
* secure channel established by the security context. NOTE: This value is
* made available solely as an indication for use by APIs like Cyrus SASL that
* classify the strength of a secure channel via this number. The strength of
* a channel cannot necessarily be represented by a simple number.
*/
GSS_DLLIMP extern gss_OID GSS_C_SEC_CONTEXT_SASL_SSF;
#endif /* GSSAPI_EXT_H_ */
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������