1178825Sdfr/*
2233294Sstas * Copyright (c) 1997 - 2006 Kungliga Tekniska H��gskolan
3233294Sstas * (Royal Institute of Technology, Stockholm, Sweden).
4233294Sstas * All rights reserved.
5178825Sdfr *
6233294Sstas * Redistribution and use in source and binary forms, with or without
7233294Sstas * modification, are permitted provided that the following conditions
8233294Sstas * are met:
9178825Sdfr *
10233294Sstas * 1. Redistributions of source code must retain the above copyright
11233294Sstas *    notice, this list of conditions and the following disclaimer.
12178825Sdfr *
13233294Sstas * 2. Redistributions in binary form must reproduce the above copyright
14233294Sstas *    notice, this list of conditions and the following disclaimer in the
15233294Sstas *    documentation and/or other materials provided with the distribution.
16178825Sdfr *
17233294Sstas * 3. Neither the name of the Institute nor the names of its contributors
18233294Sstas *    may be used to endorse or promote products derived from this software
19233294Sstas *    without specific prior written permission.
20178825Sdfr *
21233294Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22233294Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23233294Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24233294Sstas * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25233294Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26233294Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27233294Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28233294Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29233294Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30233294Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31233294Sstas * SUCH DAMAGE.
32178825Sdfr */
33178825Sdfr
34233294Sstas/* $Id$ */
35178825Sdfr
36178825Sdfr#ifndef GSSAPI_KRB5_H_
37178825Sdfr#define GSSAPI_KRB5_H_
38178825Sdfr
39252409Shrs#include <gssapi/gssapi.h>
40178825Sdfr
41233294SstasGSSAPI_CPP_START
42233294Sstas
43233294Sstas#if !defined(__GNUC__) && !defined(__attribute__)
44233294Sstas#define __attribute__(x)
45178825Sdfr#endif
46178825Sdfr
47233294Sstas#ifndef GSSKRB5_FUNCTION_DEPRECATED
48233294Sstas#define GSSKRB5_FUNCTION_DEPRECATED __attribute__((deprecated))
49233294Sstas#endif
50233294Sstas
51233294Sstas
52178825Sdfr/*
53178825Sdfr * This is for kerberos5 names.
54178825Sdfr */
55178825Sdfr
56233294Sstasextern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc;
57233294Sstas#define GSS_KRB5_NT_PRINCIPAL_NAME (&__gss_krb5_nt_principal_name_oid_desc)
58178825Sdfr
59233294Sstas#define GSS_KRB5_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc)
60233294Sstas#define GSS_KRB5_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc)
61233294Sstas#define GSS_KRB5_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc)
62178825Sdfr
63233294Sstasextern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc;
64233294Sstas#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc)
65233294Sstas
66178825Sdfr/* for compatibility with MIT api */
67178825Sdfr
68178825Sdfr#define gss_mech_krb5 GSS_KRB5_MECHANISM
69178825Sdfr#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
70178825Sdfr
71178825Sdfr/*
72178825Sdfr * kerberos mechanism specific functions
73178825Sdfr */
74178825Sdfr
75178825Sdfrstruct krb5_keytab_data;
76178825Sdfrstruct krb5_ccache_data;
77178825Sdfrstruct Principal;
78178825Sdfr
79233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
80233294Sstasgss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
81178825Sdfr		     const char * /*name */,
82178825Sdfr		     const char ** /*out_name */);
83178825Sdfr
84233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_register_acceptor_identity
85233294Sstas        (const char * /*identity*/);
86178825Sdfr
87233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL krb5_gss_register_acceptor_identity
88233294Sstas	(const char * /*identity*/);
89233294Sstas
90233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_copy_ccache
91233294Sstas	(OM_uint32 * /*minor*/,
92178825Sdfr	 gss_cred_id_t /*cred*/,
93233294Sstas	 struct krb5_ccache_data * /*out*/);
94178825Sdfr
95233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
96233294Sstasgss_krb5_import_cred(OM_uint32 * /*minor*/,
97178825Sdfr		     struct krb5_ccache_data * /*in*/,
98178825Sdfr		     struct Principal * /*keytab_principal*/,
99178825Sdfr		     struct krb5_keytab_data * /*keytab*/,
100233294Sstas		     gss_cred_id_t * /*out*/);
101178825Sdfr
102233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_get_tkt_flags
103233294Sstas	(OM_uint32 * /*minor*/,
104178825Sdfr	 gss_ctx_id_t /*context_handle*/,
105233294Sstas	 OM_uint32 * /*tkt_flags*/);
106178825Sdfr
107233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
108178825Sdfrgsskrb5_extract_authz_data_from_sec_context
109178825Sdfr	(OM_uint32 * /*minor_status*/,
110178825Sdfr	 gss_ctx_id_t /*context_handle*/,
111178825Sdfr	 int /*ad_type*/,
112178825Sdfr	 gss_buffer_t /*ad_data*/);
113178825Sdfr
114233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
115178825Sdfrgsskrb5_set_dns_canonicalize(int);
116178825Sdfr
117178825Sdfrstruct gsskrb5_send_to_kdc {
118178825Sdfr    void *func;
119178825Sdfr    void *ptr;
120178825Sdfr};
121178825Sdfr
122233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
123233294Sstasgsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *)
124233294Sstas    GSSKRB5_FUNCTION_DEPRECATED;
125178825Sdfr
126233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
127178825Sdfrgsskrb5_set_default_realm(const char *);
128178825Sdfr
129233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
130178825Sdfrgsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *);
131178825Sdfr
132178825Sdfrstruct EncryptionKey;
133178825Sdfr
134233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
135178825Sdfrgsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
136178825Sdfr				 gss_ctx_id_t context_handle,
137178825Sdfr				 struct EncryptionKey **out);
138233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
139178825Sdfrgsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
140178825Sdfr				 gss_ctx_id_t context_handle,
141178825Sdfr				 struct EncryptionKey **out);
142233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
143178825Sdfrgsskrb5_get_subkey(OM_uint32 *minor_status,
144178825Sdfr		   gss_ctx_id_t context_handle,
145178825Sdfr		   struct EncryptionKey **out);
146178825Sdfr
147233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
148233294Sstasgsskrb5_set_time_offset(int);
149233294Sstas
150233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
151233294Sstasgsskrb5_get_time_offset(int *);
152233294Sstas
153233294Sstasstruct gsskrb5_krb5_plugin {
154233294Sstas    int type;
155233294Sstas    char *name;
156233294Sstas    void *symbol;
157233294Sstas};
158233294Sstas
159233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
160233294Sstasgsskrb5_plugin_register(struct gsskrb5_krb5_plugin *);
161233294Sstas
162233294Sstas
163178825Sdfr/*
164178825Sdfr * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to
165178825Sdfr * do GSS content token handling in-kernel.
166178825Sdfr */
167178825Sdfr
168178825Sdfrtypedef struct gss_krb5_lucid_key {
169178825Sdfr	OM_uint32	type;
170178825Sdfr	OM_uint32	length;
171178825Sdfr	void *		data;
172178825Sdfr} gss_krb5_lucid_key_t;
173178825Sdfr
174178825Sdfrtypedef struct gss_krb5_rfc1964_keydata {
175178825Sdfr	OM_uint32		sign_alg;
176178825Sdfr	OM_uint32		seal_alg;
177178825Sdfr	gss_krb5_lucid_key_t	ctx_key;
178178825Sdfr} gss_krb5_rfc1964_keydata_t;
179178825Sdfr
180178825Sdfrtypedef struct gss_krb5_cfx_keydata {
181178825Sdfr	OM_uint32		have_acceptor_subkey;
182178825Sdfr	gss_krb5_lucid_key_t	ctx_key;
183178825Sdfr	gss_krb5_lucid_key_t	acceptor_subkey;
184178825Sdfr} gss_krb5_cfx_keydata_t;
185178825Sdfr
186178825Sdfrtypedef struct gss_krb5_lucid_context_v1 {
187178825Sdfr	OM_uint32	version;
188178825Sdfr	OM_uint32	initiate;
189178825Sdfr	OM_uint32	endtime;
190178825Sdfr	OM_uint64	send_seq;
191178825Sdfr	OM_uint64	recv_seq;
192178825Sdfr	OM_uint32	protocol;
193178825Sdfr	gss_krb5_rfc1964_keydata_t rfc1964_kd;
194178825Sdfr	gss_krb5_cfx_keydata_t	   cfx_kd;
195178825Sdfr} gss_krb5_lucid_context_v1_t;
196178825Sdfr
197178825Sdfrtypedef struct gss_krb5_lucid_context_version {
198178825Sdfr	OM_uint32	version;	/* Structure version number */
199178825Sdfr} gss_krb5_lucid_context_version_t;
200178825Sdfr
201178825Sdfr/*
202178825Sdfr * Function declarations
203178825Sdfr */
204178825Sdfr
205233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
206178825Sdfrgss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
207178825Sdfr				  gss_ctx_id_t *context_handle,
208178825Sdfr				  OM_uint32 version,
209178825Sdfr				  void **kctx);
210178825Sdfr
211178825Sdfr
212233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
213178825Sdfrgss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
214178825Sdfr				void *kctx);
215178825Sdfr
216178825Sdfr
217233294SstasGSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
218233294Sstasgss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
219178825Sdfr				gss_cred_id_t cred,
220178825Sdfr				OM_uint32 num_enctypes,
221178825Sdfr				int32_t *enctypes);
222178825Sdfr
223233294SstasGSSAPI_CPP_END
224178825Sdfr
225178825Sdfr#endif /* GSSAPI_SPNEGO_H_ */
226