gssapi.h revision 120945
154359Sroberto/* 2285612Sdelphij * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan 3285612Sdelphij * (Royal Institute of Technology, Stockholm, Sweden). 454359Sroberto * All rights reserved. 554359Sroberto * 654359Sroberto * Redistribution and use in source and binary forms, with or without 754359Sroberto * modification, are permitted provided that the following conditions 854359Sroberto * are met: 954359Sroberto * 1054359Sroberto * 1. Redistributions of source code must retain the above copyright 11132451Sroberto * notice, this list of conditions and the following disclaimer. 1282498Sroberto * 1382498Sroberto * 2. Redistributions in binary form must reproduce the above copyright 14285612Sdelphij * notice, this list of conditions and the following disclaimer in the 1582498Sroberto * documentation and/or other materials provided with the distribution. 1682498Sroberto * 1782498Sroberto * 3. Neither the name of the Institute nor the names of its contributors 1882498Sroberto * may be used to endorse or promote products derived from this software 1954359Sroberto * without specific prior written permission. 2054359Sroberto * 2154359Sroberto * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 2254359Sroberto * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2354359Sroberto * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24285612Sdelphij * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 2554359Sroberto * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2654359Sroberto * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27285612Sdelphij * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2854359Sroberto * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2954359Sroberto * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3054359Sroberto * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3154359Sroberto * SUCH DAMAGE. 32285612Sdelphij */ 33285612Sdelphij 34285612Sdelphij/* $Id: gssapi.h,v 1.26.2.2 2003/05/07 11:12:21 lha Exp $ */ 35285612Sdelphij 36285612Sdelphij#ifndef GSSAPI_H_ 37285612Sdelphij#define GSSAPI_H_ 38285612Sdelphij 3954359Sroberto/* 4054359Sroberto * First, include stddef.h to get size_t defined. 41285612Sdelphij */ 42285612Sdelphij#include <stddef.h> 43285612Sdelphij 44285612Sdelphij#include <krb5-types.h> 45285612Sdelphij 46285612Sdelphij/* 47285612Sdelphij * Now define the three implementation-dependent types. 48285612Sdelphij */ 49285612Sdelphij 50285612Sdelphijtypedef u_int32_t OM_uint32; 51285612Sdelphij 52285612Sdelphijtypedef u_int32_t gss_uint32; 53285612Sdelphij 54285612Sdelphij/* 55285612Sdelphij * This is to avoid having to include <krb5.h> 56285612Sdelphij */ 57285612Sdelphij 58285612Sdelphijstruct krb5_auth_context_data; 59285612Sdelphij 60285612Sdelphijstruct Principal; 61285612Sdelphij 62285612Sdelphij/* typedef void *gss_name_t; */ 63285612Sdelphij 64285612Sdelphijtypedef struct Principal *gss_name_t; 65285612Sdelphij 66285612Sdelphijtypedef struct gss_ctx_id_t_desc_struct { 67285612Sdelphij struct krb5_auth_context_data *auth_context; 68285612Sdelphij gss_name_t source, target; 69285612Sdelphij OM_uint32 flags; 70285612Sdelphij enum { LOCAL = 1, OPEN = 2, 71285612Sdelphij COMPAT_OLD_DES3 = 4, COMPAT_OLD_DES3_SELECTED = 8 } more_flags; 72285612Sdelphij struct krb5_ticket *ticket; 73285612Sdelphij time_t lifetime; 74285612Sdelphij} gss_ctx_id_t_desc; 75285612Sdelphij 76285612Sdelphijtypedef gss_ctx_id_t_desc *gss_ctx_id_t; 77285612Sdelphij 78285612Sdelphijtypedef struct gss_OID_desc_struct { 79285612Sdelphij OM_uint32 length; 80285612Sdelphij void *elements; 81285612Sdelphij} gss_OID_desc, *gss_OID; 82285612Sdelphij 83285612Sdelphijtypedef struct gss_OID_set_desc_struct { 84285612Sdelphij size_t count; 85285612Sdelphij gss_OID elements; 86285612Sdelphij} gss_OID_set_desc, *gss_OID_set; 87285612Sdelphij 88285612Sdelphijstruct krb5_keytab_data; 89285612Sdelphij 90285612Sdelphijstruct krb5_ccache_data; 9154359Sroberto 9254359Srobertotypedef int gss_cred_usage_t; 9354359Sroberto 9454359Srobertotypedef struct gss_cred_id_t_desc_struct { 9554359Sroberto gss_name_t principal; 96132451Sroberto struct krb5_keytab_data *keytab; 97132451Sroberto OM_uint32 lifetime; 98132451Sroberto gss_cred_usage_t usage; 99132451Sroberto gss_OID_set mechanisms; 100132451Sroberto struct krb5_ccache_data *ccache; 101132451Sroberto} gss_cred_id_t_desc; 102132451Sroberto 103132451Srobertotypedef gss_cred_id_t_desc *gss_cred_id_t; 104132451Sroberto 105182007Srobertotypedef struct gss_buffer_desc_struct { 10654359Sroberto size_t length; 10754359Sroberto void *value; 108182007Sroberto} gss_buffer_desc, *gss_buffer_t; 10954359Sroberto 11054359Srobertotypedef struct gss_channel_bindings_struct { 11154359Sroberto OM_uint32 initiator_addrtype; 11254359Sroberto gss_buffer_desc initiator_address; 11354359Sroberto OM_uint32 acceptor_addrtype; 11454359Sroberto gss_buffer_desc acceptor_address; 11554359Sroberto gss_buffer_desc application_data; 11654359Sroberto} *gss_channel_bindings_t; 11754359Sroberto 11854359Sroberto/* 11954359Sroberto * For now, define a QOP-type as an OM_uint32 12054359Sroberto */ 12154359Srobertotypedef OM_uint32 gss_qop_t; 12254359Sroberto 12354359Sroberto/* 12454359Sroberto * Flag bits for context-level services. 12554359Sroberto */ 12654359Sroberto#define GSS_C_DELEG_FLAG 1 12754359Sroberto#define GSS_C_MUTUAL_FLAG 2 12854359Sroberto#define GSS_C_REPLAY_FLAG 4 129182007Sroberto#define GSS_C_SEQUENCE_FLAG 8 130182007Sroberto#define GSS_C_CONF_FLAG 16 13154359Sroberto#define GSS_C_INTEG_FLAG 32 132182007Sroberto#define GSS_C_ANON_FLAG 64 133182007Sroberto#define GSS_C_PROT_READY_FLAG 128 13454359Sroberto#define GSS_C_TRANS_FLAG 256 135182007Sroberto 13654359Sroberto/* 13754359Sroberto * Credential usage options 138182007Sroberto */ 13954359Sroberto#define GSS_C_BOTH 0 14054359Sroberto#define GSS_C_INITIATE 1 141182007Sroberto#define GSS_C_ACCEPT 2 14254359Sroberto 14354359Sroberto/* 14454359Sroberto * Status code types for gss_display_status 14554359Sroberto */ 14654359Sroberto#define GSS_C_GSS_CODE 1 147285612Sdelphij#define GSS_C_MECH_CODE 2 14854359Sroberto 14954359Sroberto/* 150132451Sroberto * The constant definitions for channel-bindings address families 151132451Sroberto */ 15254359Sroberto#define GSS_C_AF_UNSPEC 0 153182007Sroberto#define GSS_C_AF_LOCAL 1 15454359Sroberto#define GSS_C_AF_INET 2 15582498Sroberto#define GSS_C_AF_IMPLINK 3 15654359Sroberto#define GSS_C_AF_PUP 4 15754359Sroberto#define GSS_C_AF_CHAOS 5 158182007Sroberto#define GSS_C_AF_NS 6 15954359Sroberto#define GSS_C_AF_NBS 7 16082498Sroberto#define GSS_C_AF_ECMA 8 16154359Sroberto#define GSS_C_AF_DATAKIT 9 16254359Sroberto#define GSS_C_AF_CCITT 10 163182007Sroberto#define GSS_C_AF_SNA 11 16454359Sroberto#define GSS_C_AF_DECnet 12 16554359Sroberto#define GSS_C_AF_DLI 13 166182007Sroberto#define GSS_C_AF_LAT 14 16754359Sroberto#define GSS_C_AF_HYLINK 15 16854359Sroberto#define GSS_C_AF_APPLETALK 16 16954359Sroberto#define GSS_C_AF_BSC 17 170285612Sdelphij#define GSS_C_AF_DSS 18 17154359Sroberto#define GSS_C_AF_OSI 19 172182007Sroberto#define GSS_C_AF_X25 21 17354359Sroberto#define GSS_C_AF_INET6 24 17454359Sroberto 17554359Sroberto#define GSS_C_AF_NULLADDR 255 17654359Sroberto 17754359Sroberto/* 178182007Sroberto * Various Null values 17954359Sroberto */ 18054359Sroberto#define GSS_C_NO_NAME ((gss_name_t) 0) 181182007Sroberto#define GSS_C_NO_BUFFER ((gss_buffer_t) 0) 18254359Sroberto#define GSS_C_NO_OID ((gss_OID) 0) 18354359Sroberto#define GSS_C_NO_OID_SET ((gss_OID_set) 0) 18454359Sroberto#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) 18554359Sroberto#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) 18654359Sroberto#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) 18754359Sroberto#define GSS_C_EMPTY_BUFFER {0, NULL} 18854359Sroberto 18954359Sroberto/* 190182007Sroberto * Some alternate names for a couple of the above 19154359Sroberto * values. These are defined for V1 compatibility. 19254359Sroberto */ 193182007Sroberto#define GSS_C_NULL_OID GSS_C_NO_OID 19454359Sroberto#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET 19554359Sroberto 196182007Sroberto/* 19754359Sroberto * Define the default Quality of Protection for per-message 19854359Sroberto * services. Note that an implementation that offers multiple 199182007Sroberto * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero 20054359Sroberto * (as done here) to mean "default protection", or to a specific 20154359Sroberto * explicit QOP value. However, a value of 0 should always be 20254359Sroberto * interpreted by a GSSAPI implementation as a request for the 20354359Sroberto * default protection level. 20454359Sroberto */ 205182007Sroberto#define GSS_C_QOP_DEFAULT 0 20654359Sroberto 20754359Sroberto#define GSS_KRB5_CONF_C_QOP_DES 0x0100 208182007Sroberto#define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 20954359Sroberto 21054359Sroberto/* 211182007Sroberto * Expiration time of 2^32-1 seconds means infinite lifetime for a 21254359Sroberto * credential or security context 21354359Sroberto */ 21454359Sroberto#define GSS_C_INDEFINITE 0xfffffffful 21554359Sroberto 21654359Sroberto#ifdef __cplusplus 217182007Srobertoextern "C" { 218182007Sroberto#endif 219182007Sroberto 220182007Sroberto/* 221182007Sroberto * The implementation must reserve static storage for a 222182007Sroberto * gss_OID_desc object containing the value 22354359Sroberto * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 22454359Sroberto * "\x01\x02\x01\x01"}, 22554359Sroberto * corresponding to an object-identifier value of 22654359Sroberto * {iso(1) member-body(2) United States(840) mit(113554) 22754359Sroberto * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant 22854359Sroberto * GSS_C_NT_USER_NAME should be initialized to point 22954359Sroberto * to that gss_OID_desc. 23054359Sroberto */ 23154359Srobertoextern gss_OID GSS_C_NT_USER_NAME; 232285612Sdelphij 233285612Sdelphij/* 234285612Sdelphij * The implementation must reserve static storage for a 23554359Sroberto * gss_OID_desc object containing the value 236285612Sdelphij * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 237285612Sdelphij * "\x01\x02\x01\x02"}, 238285612Sdelphij * corresponding to an object-identifier value of 239285612Sdelphij * {iso(1) member-body(2) United States(840) mit(113554) 240285612Sdelphij * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. 241285612Sdelphij * The constant GSS_C_NT_MACHINE_UID_NAME should be 242285612Sdelphij * initialized to point to that gss_OID_desc. 243285612Sdelphij */ 244285612Sdelphijextern gss_OID GSS_C_NT_MACHINE_UID_NAME; 24554359Sroberto 246285612Sdelphij/* 247285612Sdelphij * The implementation must reserve static storage for a 248285612Sdelphij * gss_OID_desc object containing the value 249285612Sdelphij * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 250285612Sdelphij * "\x01\x02\x01\x03"}, 251285612Sdelphij * corresponding to an object-identifier value of 252285612Sdelphij * {iso(1) member-body(2) United States(840) mit(113554) 253285612Sdelphij * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. 254285612Sdelphij * The constant GSS_C_NT_STRING_UID_NAME should be 255285612Sdelphij * initialized to point to that gss_OID_desc. 256285612Sdelphij */ 257285612Sdelphijextern gss_OID GSS_C_NT_STRING_UID_NAME; 258285612Sdelphij 259285612Sdelphij/* 260285612Sdelphij * The implementation must reserve static storage for a 261285612Sdelphij * gss_OID_desc object containing the value 262285612Sdelphij * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, 263285612Sdelphij * corresponding to an object-identifier value of 264285612Sdelphij * {iso(1) org(3) dod(6) internet(1) security(5) 265285612Sdelphij * nametypes(6) gss-host-based-services(2)). The constant 266285612Sdelphij * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point 267285612Sdelphij * to that gss_OID_desc. This is a deprecated OID value, and 268285612Sdelphij * implementations wishing to support hostbased-service names 269285612Sdelphij * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, 270285612Sdelphij * defined below, to identify such names; 271285612Sdelphij * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym 272285612Sdelphij * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input 273285612Sdelphij * parameter, but should not be emitted by GSS-API 274285612Sdelphij * implementations 275285612Sdelphij */ 276285612Sdelphijextern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; 277285612Sdelphij 278285612Sdelphij/* 279285612Sdelphij * The implementation must reserve static storage for a 280285612Sdelphij * gss_OID_desc object containing the value 281285612Sdelphij * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 282285612Sdelphij * "\x01\x02\x01\x04"}, corresponding to an 283285612Sdelphij * object-identifier value of {iso(1) member-body(2) 284285612Sdelphij * Unites States(840) mit(113554) infosys(1) gssapi(2) 285285612Sdelphij * generic(1) service_name(4)}. The constant 286285612Sdelphij * GSS_C_NT_HOSTBASED_SERVICE should be initialized 28754359Sroberto * to point to that gss_OID_desc. 28854359Sroberto */ 28954359Srobertoextern gss_OID GSS_C_NT_HOSTBASED_SERVICE; 29054359Sroberto 29154359Sroberto/* 29254359Sroberto * The implementation must reserve static storage for a 29354359Sroberto * gss_OID_desc object containing the value 29454359Sroberto * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, 29554359Sroberto * corresponding to an object identifier value of 29654359Sroberto * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 29754359Sroberto * 6(nametypes), 3(gss-anonymous-name)}. The constant 29854359Sroberto * and GSS_C_NT_ANONYMOUS should be initialized to point 29954359Sroberto * to that gss_OID_desc. 30054359Sroberto */ 30154359Srobertoextern gss_OID GSS_C_NT_ANONYMOUS; 30254359Sroberto 30354359Sroberto/* 30454359Sroberto * The implementation must reserve static storage for a 30554359Sroberto * gss_OID_desc object containing the value 30654359Sroberto * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, 30754359Sroberto * corresponding to an object-identifier value of 30854359Sroberto * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 30954359Sroberto * 6(nametypes), 4(gss-api-exported-name)}. The constant 31054359Sroberto * GSS_C_NT_EXPORT_NAME should be initialized to point 31154359Sroberto * to that gss_OID_desc. 31254359Sroberto */ 31354359Srobertoextern gss_OID GSS_C_NT_EXPORT_NAME; 31454359Sroberto 31554359Sroberto/* 31654359Sroberto * This if for kerberos5 names. 31754359Sroberto */ 31854359Sroberto 31954359Srobertoextern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; 32054359Srobertoextern gss_OID GSS_KRB5_NT_USER_NAME; 32154359Srobertoextern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; 32254359Srobertoextern gss_OID GSS_KRB5_NT_STRING_UID_NAME; 32354359Sroberto 32454359Srobertoextern gss_OID GSS_KRB5_MECHANISM; 32554359Sroberto 32654359Sroberto/* for compatibility with MIT api */ 32754359Sroberto 32854359Sroberto#define gss_mech_krb5 GSS_KRB5_MECHANISM 32954359Sroberto 33054359Sroberto/* Major status codes */ 33154359Sroberto 33254359Sroberto#define GSS_S_COMPLETE 0 33354359Sroberto 33454359Sroberto/* 33554359Sroberto * Some "helper" definitions to make the status code macros obvious. 33654359Sroberto */ 33754359Sroberto#define GSS_C_CALLING_ERROR_OFFSET 24 33854359Sroberto#define GSS_C_ROUTINE_ERROR_OFFSET 16 33954359Sroberto#define GSS_C_SUPPLEMENTARY_OFFSET 0 34054359Sroberto#define GSS_C_CALLING_ERROR_MASK 0377ul 34154359Sroberto#define GSS_C_ROUTINE_ERROR_MASK 0377ul 34254359Sroberto#define GSS_C_SUPPLEMENTARY_MASK 0177777ul 34354359Sroberto 34454359Sroberto/* 34554359Sroberto * The macros that test status codes for error conditions. 34654359Sroberto * Note that the GSS_ERROR() macro has changed slightly from 34754359Sroberto * the V1 GSSAPI so that it now evaluates its argument 34854359Sroberto * only once. 34954359Sroberto */ 35054359Sroberto#define GSS_CALLING_ERROR(x) \ 35154359Sroberto (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) 35254359Sroberto#define GSS_ROUTINE_ERROR(x) \ 35354359Sroberto (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) 35454359Sroberto#define GSS_SUPPLEMENTARY_INFO(x) \ 355285612Sdelphij (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) 35654359Sroberto#define GSS_ERROR(x) \ 35754359Sroberto (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ 35854359Sroberto (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) 35954359Sroberto 360132451Sroberto/* 361132451Sroberto * Now the actual status code definitions 362132451Sroberto */ 363132451Sroberto 36454359Sroberto/* 365132451Sroberto * Calling errors: 366132451Sroberto */ 367132451Sroberto#define GSS_S_CALL_INACCESSIBLE_READ \ 368132451Sroberto (1ul << GSS_C_CALLING_ERROR_OFFSET) 369132451Sroberto#define GSS_S_CALL_INACCESSIBLE_WRITE \ 370182007Sroberto (2ul << GSS_C_CALLING_ERROR_OFFSET) 37154359Sroberto#define GSS_S_CALL_BAD_STRUCTURE \ 37254359Sroberto (3ul << GSS_C_CALLING_ERROR_OFFSET) 37354359Sroberto 37454359Sroberto/* 37554359Sroberto * Routine errors: 376132451Sroberto */ 377132451Sroberto#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET) 37854359Sroberto#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET) 37954359Sroberto#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET) 38054359Sroberto 381285612Sdelphij#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET) 382132451Sroberto#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET) 383132451Sroberto#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET) 384132451Sroberto#define GSS_S_BAD_MIC GSS_S_BAD_SIG 385132451Sroberto#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET) 386132451Sroberto#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET) 387132451Sroberto#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET) 38854359Sroberto#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) 38954359Sroberto#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) 39054359Sroberto#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) 39154359Sroberto#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) 39254359Sroberto#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) 39354359Sroberto#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) 39454359Sroberto#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) 39554359Sroberto#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) 39654359Sroberto#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) 39754359Sroberto 39854359Sroberto/* 39954359Sroberto * Supplementary info bits: 40054359Sroberto */ 40154359Sroberto#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) 40254359Sroberto#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) 40354359Sroberto#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) 40454359Sroberto#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) 40554359Sroberto#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) 40654359Sroberto 40754359Sroberto/* 40854359Sroberto * From RFC1964: 40954359Sroberto * 41054359Sroberto * 4.1.1. Non-Kerberos-specific codes 41154359Sroberto */ 41254359Sroberto 41354359Sroberto#define GSS_KRB5_S_G_BAD_SERVICE_NAME 1 41454359Sroberto /* "No @ in SERVICE-NAME name string" */ 41554359Sroberto#define GSS_KRB5_S_G_BAD_STRING_UID 2 41654359Sroberto /* "STRING-UID-NAME contains nondigits" */ 41754359Sroberto#define GSS_KRB5_S_G_NOUSER 3 41854359Sroberto /* "UID does not resolve to username" */ 41954359Sroberto#define GSS_KRB5_S_G_VALIDATE_FAILED 4 42054359Sroberto /* "Validation error" */ 42154359Sroberto#define GSS_KRB5_S_G_BUFFER_ALLOC 5 42254359Sroberto /* "Couldn't allocate gss_buffer_t data" */ 42354359Sroberto#define GSS_KRB5_S_G_BAD_MSG_CTX 6 42454359Sroberto /* "Message context invalid" */ 42554359Sroberto#define GSS_KRB5_S_G_WRONG_SIZE 7 42654359Sroberto /* "Buffer is the wrong size" */ 42754359Sroberto#define GSS_KRB5_S_G_BAD_USAGE 8 42854359Sroberto /* "Credential usage type is unknown" */ 42954359Sroberto#define GSS_KRB5_S_G_UNKNOWN_QOP 9 43054359Sroberto /* "Unknown quality of protection specified" */ 431285612Sdelphij 432285612Sdelphij /* 43354359Sroberto * 4.1.2. Kerberos-specific-codes 43454359Sroberto */ 43554359Sroberto 43654359Sroberto#define GSS_KRB5_S_KG_CCACHE_NOMATCH 10 43754359Sroberto /* "Principal in credential cache does not match desired name" */ 43854359Sroberto#define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11 43954359Sroberto /* "No principal in keytab matches desired name" */ 440132451Sroberto#define GSS_KRB5_S_KG_TGT_MISSING 12 441132451Sroberto /* "Credential cache has no TGT" */ 442132451Sroberto#define GSS_KRB5_S_KG_NO_SUBKEY 13 443132451Sroberto /* "Authenticator has no subkey" */ 44454359Sroberto#define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14 445132451Sroberto /* "Context is already fully established" */ 446132451Sroberto#define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15 447132451Sroberto /* "Unknown signature type in token" */ 448132451Sroberto#define GSS_KRB5_S_KG_BAD_LENGTH 16 449132451Sroberto /* "Invalid field length in token" */ 450182007Sroberto#define GSS_KRB5_S_KG_CTX_INCOMPLETE 17 45154359Sroberto /* "Attempt to use incomplete security context" */ 45254359Sroberto 45354359Sroberto/* 45454359Sroberto * Finally, function prototypes for the GSS-API routines. 45554359Sroberto */ 456132451Sroberto 457132451SrobertoOM_uint32 gss_acquire_cred 458132451Sroberto (OM_uint32 * /*minor_status*/, 45954359Sroberto const gss_name_t /*desired_name*/, 46054359Sroberto OM_uint32 /*time_req*/, 46154359Sroberto const gss_OID_set /*desired_mechs*/, 46254359Sroberto gss_cred_usage_t /*cred_usage*/, 46354359Sroberto gss_cred_id_t * /*output_cred_handle*/, 46454359Sroberto gss_OID_set * /*actual_mechs*/, 46554359Sroberto OM_uint32 * /*time_rec*/ 46654359Sroberto ); 46754359Sroberto 46854359SrobertoOM_uint32 gss_release_cred 46954359Sroberto (OM_uint32 * /*minor_status*/, 47054359Sroberto gss_cred_id_t * /*cred_handle*/ 47154359Sroberto ); 47254359Sroberto 47354359SrobertoOM_uint32 gss_init_sec_context 47454359Sroberto (OM_uint32 * /*minor_status*/, 47554359Sroberto const gss_cred_id_t /*initiator_cred_handle*/, 47654359Sroberto gss_ctx_id_t * /*context_handle*/, 47754359Sroberto const gss_name_t /*target_name*/, 47854359Sroberto const gss_OID /*mech_type*/, 47954359Sroberto OM_uint32 /*req_flags*/, 48054359Sroberto OM_uint32 /*time_req*/, 48154359Sroberto const gss_channel_bindings_t /*input_chan_bindings*/, 48254359Sroberto const gss_buffer_t /*input_token*/, 48354359Sroberto gss_OID * /*actual_mech_type*/, 48454359Sroberto gss_buffer_t /*output_token*/, 48554359Sroberto OM_uint32 * /*ret_flags*/, 48654359Sroberto OM_uint32 * /*time_rec*/ 48754359Sroberto ); 48854359Sroberto 48954359SrobertoOM_uint32 gss_accept_sec_context 49054359Sroberto (OM_uint32 * /*minor_status*/, 49154359Sroberto gss_ctx_id_t * /*context_handle*/, 49254359Sroberto const gss_cred_id_t /*acceptor_cred_handle*/, 493285612Sdelphij const gss_buffer_t /*input_token_buffer*/, 494132451Sroberto const gss_channel_bindings_t /*input_chan_bindings*/, 495132451Sroberto gss_name_t * /*src_name*/, 496132451Sroberto gss_OID * /*mech_type*/, 497132451Sroberto gss_buffer_t /*output_token*/, 498285612Sdelphij OM_uint32 * /*ret_flags*/, 499132451Sroberto OM_uint32 * /*time_rec*/, 500132451Sroberto gss_cred_id_t * /*delegated_cred_handle*/ 501132451Sroberto ); 502132451Sroberto 503132451SrobertoOM_uint32 gss_process_context_token 50454359Sroberto (OM_uint32 * /*minor_status*/, 50554359Sroberto const gss_ctx_id_t /*context_handle*/, 50654359Sroberto const gss_buffer_t /*token_buffer*/ 50754359Sroberto ); 50854359Sroberto 50954359SrobertoOM_uint32 gss_delete_sec_context 510285612Sdelphij (OM_uint32 * /*minor_status*/, 51154359Sroberto gss_ctx_id_t * /*context_handle*/, 51254359Sroberto gss_buffer_t /*output_token*/ 51354359Sroberto ); 51454359Sroberto 51554359SrobertoOM_uint32 gss_context_time 51654359Sroberto (OM_uint32 * /*minor_status*/, 51754359Sroberto const gss_ctx_id_t /*context_handle*/, 51854359Sroberto OM_uint32 * /*time_rec*/ 519285612Sdelphij ); 52054359Sroberto 52154359SrobertoOM_uint32 gss_get_mic 52254359Sroberto (OM_uint32 * /*minor_status*/, 52354359Sroberto const gss_ctx_id_t /*context_handle*/, 52454359Sroberto gss_qop_t /*qop_req*/, 52554359Sroberto const gss_buffer_t /*message_buffer*/, 526182007Sroberto gss_buffer_t /*message_token*/ 527182007Sroberto ); 528285612Sdelphij 529285612SdelphijOM_uint32 gss_verify_mic 530285612Sdelphij (OM_uint32 * /*minor_status*/, 531182007Sroberto const gss_ctx_id_t /*context_handle*/, 532285612Sdelphij const gss_buffer_t /*message_buffer*/, 533285612Sdelphij const gss_buffer_t /*token_buffer*/, 534285612Sdelphij gss_qop_t * /*qop_state*/ 535182007Sroberto ); 536285612Sdelphij 537285612SdelphijOM_uint32 gss_wrap 538285612Sdelphij (OM_uint32 * /*minor_status*/, 539182007Sroberto const gss_ctx_id_t /*context_handle*/, 540285612Sdelphij int /*conf_req_flag*/, 541285612Sdelphij gss_qop_t /*qop_req*/, 542285612Sdelphij const gss_buffer_t /*input_message_buffer*/, 543285612Sdelphij int * /*conf_state*/, 544285612Sdelphij gss_buffer_t /*output_message_buffer*/ 545285612Sdelphij ); 546285612Sdelphij 547285612SdelphijOM_uint32 gss_unwrap 548285612Sdelphij (OM_uint32 * /*minor_status*/, 549285612Sdelphij const gss_ctx_id_t /*context_handle*/, 550285612Sdelphij const gss_buffer_t /*input_message_buffer*/, 551285612Sdelphij gss_buffer_t /*output_message_buffer*/, 552285612Sdelphij int * /*conf_state*/, 553285612Sdelphij gss_qop_t * /*qop_state*/ 554285612Sdelphij ); 555285612Sdelphij 556285612SdelphijOM_uint32 gss_display_status 557285612Sdelphij (OM_uint32 * /*minor_status*/, 558285612Sdelphij OM_uint32 /*status_value*/, 559285612Sdelphij int /*status_type*/, 560285612Sdelphij const gss_OID /*mech_type*/, 561285612Sdelphij OM_uint32 * /*message_context*/, 562285612Sdelphij gss_buffer_t /*status_string*/ 563285612Sdelphij ); 564285612Sdelphij 565285612SdelphijOM_uint32 gss_indicate_mechs 566285612Sdelphij (OM_uint32 * /*minor_status*/, 567285612Sdelphij gss_OID_set * /*mech_set*/ 568285612Sdelphij ); 569285612Sdelphij 570285612SdelphijOM_uint32 gss_compare_name 571285612Sdelphij (OM_uint32 * /*minor_status*/, 572285612Sdelphij const gss_name_t /*name1*/, 573285612Sdelphij const gss_name_t /*name2*/, 574285612Sdelphij int * /*name_equal*/ 575285612Sdelphij ); 576285612Sdelphij 577285612SdelphijOM_uint32 gss_display_name 578182007Sroberto (OM_uint32 * /*minor_status*/, 57954359Sroberto const gss_name_t /*input_name*/, 58054359Sroberto gss_buffer_t /*output_name_buffer*/, 58154359Sroberto gss_OID * /*output_name_type*/ 58254359Sroberto ); 58354359Sroberto 58454359SrobertoOM_uint32 gss_import_name 58554359Sroberto (OM_uint32 * /*minor_status*/, 58654359Sroberto const gss_buffer_t /*input_name_buffer*/, 58754359Sroberto const gss_OID /*input_name_type*/, 58854359Sroberto gss_name_t * /*output_name*/ 58954359Sroberto ); 590285612Sdelphij 591132451SrobertoOM_uint32 gss_export_name 592285612Sdelphij (OM_uint32 * /*minor_status*/, 593285612Sdelphij const gss_name_t /*input_name*/, 59454359Sroberto gss_buffer_t /*exported_name*/ 595132451Sroberto ); 59654359Sroberto 59754359SrobertoOM_uint32 gss_release_name 59854359Sroberto (OM_uint32 * /*minor_status*/, 59954359Sroberto gss_name_t * /*input_name*/ 60054359Sroberto ); 60154359Sroberto 60254359SrobertoOM_uint32 gss_release_buffer 60354359Sroberto (OM_uint32 * /*minor_status*/, 60454359Sroberto gss_buffer_t /*buffer*/ 60554359Sroberto ); 60654359Sroberto 60754359SrobertoOM_uint32 gss_release_oid_set 60854359Sroberto (OM_uint32 * /*minor_status*/, 60954359Sroberto gss_OID_set * /*set*/ 61054359Sroberto ); 61154359Sroberto 61282498SrobertoOM_uint32 gss_inquire_cred 61382498Sroberto (OM_uint32 * /*minor_status*/, 61454359Sroberto const gss_cred_id_t /*cred_handle*/, 61554359Sroberto gss_name_t * /*name*/, 61654359Sroberto OM_uint32 * /*lifetime*/, 61754359Sroberto gss_cred_usage_t * /*cred_usage*/, 61854359Sroberto gss_OID_set * /*mechanisms*/ 619182007Sroberto ); 62054359Sroberto 62154359SrobertoOM_uint32 gss_inquire_context ( 62254359Sroberto OM_uint32 * /*minor_status*/, 62354359Sroberto const gss_ctx_id_t /*context_handle*/, 62454359Sroberto gss_name_t * /*src_name*/, 62554359Sroberto gss_name_t * /*targ_name*/, 62654359Sroberto OM_uint32 * /*lifetime_rec*/, 62754359Sroberto gss_OID * /*mech_type*/, 62854359Sroberto OM_uint32 * /*ctx_flags*/, 62954359Sroberto int * /*locally_initiated*/, 63054359Sroberto int * /*open_context*/ 63154359Sroberto ); 63254359Sroberto 63354359SrobertoOM_uint32 gss_wrap_size_limit ( 63454359Sroberto OM_uint32 * /*minor_status*/, 63554359Sroberto const gss_ctx_id_t /*context_handle*/, 63654359Sroberto int /*conf_req_flag*/, 63754359Sroberto gss_qop_t /*qop_req*/, 63854359Sroberto OM_uint32 /*req_output_size*/, 63954359Sroberto OM_uint32 * /*max_input_size*/ 64054359Sroberto ); 64154359Sroberto 64254359SrobertoOM_uint32 gss_add_cred ( 64354359Sroberto OM_uint32 * /*minor_status*/, 64454359Sroberto const gss_cred_id_t /*input_cred_handle*/, 64554359Sroberto const gss_name_t /*desired_name*/, 64654359Sroberto const gss_OID /*desired_mech*/, 64754359Sroberto gss_cred_usage_t /*cred_usage*/, 64854359Sroberto OM_uint32 /*initiator_time_req*/, 64954359Sroberto OM_uint32 /*acceptor_time_req*/, 65054359Sroberto gss_cred_id_t * /*output_cred_handle*/, 65154359Sroberto gss_OID_set * /*actual_mechs*/, 65254359Sroberto OM_uint32 * /*initiator_time_rec*/, 65354359Sroberto OM_uint32 * /*acceptor_time_rec*/ 65454359Sroberto ); 65554359Sroberto 65654359SrobertoOM_uint32 gss_inquire_cred_by_mech ( 65754359Sroberto OM_uint32 * /*minor_status*/, 65854359Sroberto const gss_cred_id_t /*cred_handle*/, 65954359Sroberto const gss_OID /*mech_type*/, 66054359Sroberto gss_name_t * /*name*/, 66154359Sroberto OM_uint32 * /*initiator_lifetime*/, 66254359Sroberto OM_uint32 * /*acceptor_lifetime*/, 66354359Sroberto gss_cred_usage_t * /*cred_usage*/ 66454359Sroberto ); 66554359Sroberto 66654359SrobertoOM_uint32 gss_export_sec_context ( 66754359Sroberto OM_uint32 * /*minor_status*/, 66854359Sroberto gss_ctx_id_t * /*context_handle*/, 66954359Sroberto gss_buffer_t /*interprocess_token*/ 67054359Sroberto ); 67154359Sroberto 67254359SrobertoOM_uint32 gss_import_sec_context ( 67354359Sroberto OM_uint32 * /*minor_status*/, 67454359Sroberto const gss_buffer_t /*interprocess_token*/, 67554359Sroberto gss_ctx_id_t * /*context_handle*/ 67654359Sroberto ); 67754359Sroberto 67854359SrobertoOM_uint32 gss_create_empty_oid_set ( 67954359Sroberto OM_uint32 * /*minor_status*/, 68054359Sroberto gss_OID_set * /*oid_set*/ 681132451Sroberto ); 682285612Sdelphij 68354359SrobertoOM_uint32 gss_add_oid_set_member ( 68454359Sroberto OM_uint32 * /*minor_status*/, 68554359Sroberto const gss_OID /*member_oid*/, 68654359Sroberto gss_OID_set * /*oid_set*/ 687132451Sroberto ); 68854359Sroberto 689132451SrobertoOM_uint32 gss_test_oid_set_member ( 690132451Sroberto OM_uint32 * /*minor_status*/, 691132451Sroberto const gss_OID /*member*/, 692132451Sroberto const gss_OID_set /*set*/, 693132451Sroberto int * /*present*/ 694132451Sroberto ); 695285612Sdelphij 696285612SdelphijOM_uint32 gss_inquire_names_for_mech ( 697285612Sdelphij OM_uint32 * /*minor_status*/, 698285612Sdelphij const gss_OID /*mechanism*/, 699132451Sroberto gss_OID_set * /*name_types*/ 700132451Sroberto ); 701132451Sroberto 702132451SrobertoOM_uint32 gss_inquire_mechs_for_name ( 703132451Sroberto OM_uint32 * /*minor_status*/, 704132451Sroberto const gss_name_t /*input_name*/, 705132451Sroberto gss_OID_set * /*mech_types*/ 706132451Sroberto ); 707285612Sdelphij 708132451SrobertoOM_uint32 gss_canonicalize_name ( 709132451Sroberto OM_uint32 * /*minor_status*/, 710132451Sroberto const gss_name_t /*input_name*/, 711132451Sroberto const gss_OID /*mech_type*/, 712285612Sdelphij gss_name_t * /*output_name*/ 71354359Sroberto ); 71454359Sroberto 715132451SrobertoOM_uint32 gss_duplicate_name ( 716132451Sroberto OM_uint32 * /*minor_status*/, 717132451Sroberto const gss_name_t /*src_name*/, 71854359Sroberto gss_name_t * /*dest_name*/ 719132451Sroberto ); 720132451Sroberto 721132451Sroberto/* 722132451Sroberto * The following routines are obsolete variants of gss_get_mic, 723132451Sroberto * gss_verify_mic, gss_wrap and gss_unwrap. They should be 724182007Sroberto * provided by GSSAPI V2 implementations for backwards 725285612Sdelphij * compatibility with V1 applications. Distinct entrypoints 72654359Sroberto * (as opposed to #defines) should be provided, both to allow 72754359Sroberto * GSSAPI V1 applications to link against GSSAPI V2 implementations, 728285612Sdelphij * and to retain the slight parameter type differences between the 72954359Sroberto * obsolete versions of these routines and their current forms. 730132451Sroberto */ 731132451Sroberto 732285612SdelphijOM_uint32 gss_sign 73354359Sroberto (OM_uint32 * /*minor_status*/, 73454359Sroberto gss_ctx_id_t /*context_handle*/, 73554359Sroberto int /*qop_req*/, 73654359Sroberto gss_buffer_t /*message_buffer*/, 737285612Sdelphij gss_buffer_t /*message_token*/ 73854359Sroberto ); 73954359Sroberto 74054359SrobertoOM_uint32 gss_verify 74154359Sroberto (OM_uint32 * /*minor_status*/, 74254359Sroberto gss_ctx_id_t /*context_handle*/, 74354359Sroberto gss_buffer_t /*message_buffer*/, 74454359Sroberto gss_buffer_t /*token_buffer*/, 74554359Sroberto int * /*qop_state*/ 74654359Sroberto ); 74754359Sroberto 74854359SrobertoOM_uint32 gss_seal 74954359Sroberto (OM_uint32 * /*minor_status*/, 75054359Sroberto gss_ctx_id_t /*context_handle*/, 75154359Sroberto int /*conf_req_flag*/, 75254359Sroberto int /*qop_req*/, 75354359Sroberto gss_buffer_t /*input_message_buffer*/, 754132451Sroberto int * /*conf_state*/, 755285612Sdelphij gss_buffer_t /*output_message_buffer*/ 756285612Sdelphij ); 75754359Sroberto 75854359SrobertoOM_uint32 gss_unseal 75954359Sroberto (OM_uint32 * /*minor_status*/, 76054359Sroberto gss_ctx_id_t /*context_handle*/, 761132451Sroberto gss_buffer_t /*input_message_buffer*/, 76254359Sroberto gss_buffer_t /*output_message_buffer*/, 763132451Sroberto int * /*conf_state*/, 764132451Sroberto int * /*qop_state*/ 765132451Sroberto ); 766132451Sroberto 767132451Sroberto/* 768132451Sroberto * kerberos mechanism specific functions 769285612Sdelphij */ 770285612Sdelphij 771285612SdelphijOM_uint32 gsskrb5_register_acceptor_identity 772285612Sdelphij (const char */*identity*/); 773285612Sdelphij 774285612SdelphijOM_uint32 gss_krb5_copy_ccache 775132451Sroberto (OM_uint32 */*minor*/, 776132451Sroberto gss_cred_id_t /*cred*/, 777132451Sroberto struct krb5_ccache_data */*out*/); 778132451Sroberto 779132451Sroberto#define GSS_C_KRB5_COMPAT_DES3_MIC 1 780132451Sroberto 781132451SrobertoOM_uint32 782132451Srobertogss_krb5_compat_des3_mic(OM_uint32 *, gss_ctx_id_t, int); 783285612Sdelphij 784132451Sroberto#ifdef __cplusplus 785132451Sroberto} 786132451Sroberto#endif 787132451Sroberto 788285612Sdelphij#endif /* GSSAPI_H_ */ 78954359Sroberto