1/* 2 Unix SMB/CIFS implementation. 3 4 Kerberos backend for GENSEC 5 6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005 7 Copyright (C) Stefan Metzmacher <metze@samba.org> 2004-2005 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License as published by 11 the Free Software Foundation; either version 3 of the License, or 12 (at your option) any later version. 13 14 This program is distributed in the hope that it will be useful, 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 GNU General Public License for more details. 18 19 20 You should have received a copy of the GNU General Public License 21 along with this program. If not, see <http://www.gnu.org/licenses/>. 22*/ 23 24/* This structure described here, so the RPC-PAC test can get at the PAC provided */ 25 26enum gensec_gssapi_sasl_state 27{ 28 STAGE_GSS_NEG, 29 STAGE_SASL_SSF_NEG, 30 STAGE_SASL_SSF_ACCEPT, 31 STAGE_DONE 32}; 33 34#define NEG_SEAL 0x4 35#define NEG_SIGN 0x2 36#define NEG_NONE 0x1 37 38struct gensec_gssapi_state { 39 gss_ctx_id_t gssapi_context; 40 struct gss_channel_bindings_struct *input_chan_bindings; 41 gss_name_t server_name; 42 gss_name_t client_name; 43 OM_uint32 want_flags, got_flags; 44 gss_OID gss_oid; 45 46 DATA_BLOB session_key; 47 DATA_BLOB pac; 48 49 struct smb_krb5_context *smb_krb5_context; 50 struct gssapi_creds_container *client_cred; 51 struct gssapi_creds_container *server_cred; 52 gss_krb5_lucid_context_v1_t *lucid; 53 54 gss_cred_id_t delegated_cred_handle; 55 56 bool sasl; /* We have two different mechs in this file: One 57 * for SASL wrapped GSSAPI and another for normal 58 * GSSAPI */ 59 enum gensec_gssapi_sasl_state sasl_state; 60 uint8_t sasl_protection; /* What was negotiated at the SASL 61 * layer, independent of the GSSAPI 62 * layer... */ 63 64 size_t max_wrap_buf_size; 65 int gss_exchange_count; 66 size_t sig_size; 67}; 68 69