gssapi.h revision 72445
1/* 2 * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34/* $Id: gssapi.h,v 1.20 2001/01/30 00:35:48 assar Exp $ */ 35 36#ifndef GSSAPI_H_ 37#define GSSAPI_H_ 38 39/* 40 * First, include stddef.h to get size_t defined. 41 */ 42#include <stddef.h> 43 44#ifdef HAVE_CONFIG_H 45#include <config.h> 46#endif 47 48#include <sys/types.h> 49 50#include <krb5-types.h> 51 52/* 53 * Now define the three implementation-dependent types. 54 */ 55 56typedef u_int32_t OM_uint32; 57 58typedef u_int32_t gss_uint32; 59 60/* 61 * This is to avoid having to include <krb5.h> 62 */ 63 64struct krb5_auth_context_data; 65 66struct Principal; 67 68/* typedef void *gss_name_t; */ 69 70typedef struct Principal *gss_name_t; 71 72typedef struct gss_ctx_id_t_desc_struct { 73 struct krb5_auth_context_data *auth_context; 74 gss_name_t source, target; 75 OM_uint32 flags; 76 enum { LOCAL = 1, OPEN = 2} more_flags; 77 struct krb5_ticket *ticket; 78} gss_ctx_id_t_desc; 79 80typedef gss_ctx_id_t_desc *gss_ctx_id_t; 81 82typedef struct gss_OID_desc_struct { 83 OM_uint32 length; 84 void *elements; 85} gss_OID_desc, *gss_OID; 86 87typedef struct gss_OID_set_desc_struct { 88 size_t count; 89 gss_OID elements; 90} gss_OID_set_desc, *gss_OID_set; 91 92struct krb5_keytab_data; 93 94struct krb5_ccache_data; 95 96typedef int gss_cred_usage_t; 97 98typedef struct gss_cred_id_t_desc_struct { 99 gss_name_t principal; 100 struct krb5_keytab_data *keytab; 101 OM_uint32 lifetime; 102 gss_cred_usage_t usage; 103 gss_OID_set mechanisms; 104 struct krb5_ccache_data *ccache; 105} gss_cred_id_t_desc; 106 107typedef gss_cred_id_t_desc *gss_cred_id_t; 108 109typedef struct gss_buffer_desc_struct { 110 size_t length; 111 void *value; 112} gss_buffer_desc, *gss_buffer_t; 113 114typedef struct gss_channel_bindings_struct { 115 OM_uint32 initiator_addrtype; 116 gss_buffer_desc initiator_address; 117 OM_uint32 acceptor_addrtype; 118 gss_buffer_desc acceptor_address; 119 gss_buffer_desc application_data; 120} *gss_channel_bindings_t; 121 122/* 123 * For now, define a QOP-type as an OM_uint32 124 */ 125typedef OM_uint32 gss_qop_t; 126 127/* 128 * Flag bits for context-level services. 129 */ 130#define GSS_C_DELEG_FLAG 1 131#define GSS_C_MUTUAL_FLAG 2 132#define GSS_C_REPLAY_FLAG 4 133#define GSS_C_SEQUENCE_FLAG 8 134#define GSS_C_CONF_FLAG 16 135#define GSS_C_INTEG_FLAG 32 136#define GSS_C_ANON_FLAG 64 137#define GSS_C_PROT_READY_FLAG 128 138#define GSS_C_TRANS_FLAG 256 139 140/* 141 * Credential usage options 142 */ 143#define GSS_C_BOTH 0 144#define GSS_C_INITIATE 1 145#define GSS_C_ACCEPT 2 146 147/* 148 * Status code types for gss_display_status 149 */ 150#define GSS_C_GSS_CODE 1 151#define GSS_C_MECH_CODE 2 152 153/* 154 * The constant definitions for channel-bindings address families 155 */ 156#define GSS_C_AF_UNSPEC 0 157#define GSS_C_AF_LOCAL 1 158#define GSS_C_AF_INET 2 159#define GSS_C_AF_IMPLINK 3 160#define GSS_C_AF_PUP 4 161#define GSS_C_AF_CHAOS 5 162#define GSS_C_AF_NS 6 163#define GSS_C_AF_NBS 7 164#define GSS_C_AF_ECMA 8 165#define GSS_C_AF_DATAKIT 9 166#define GSS_C_AF_CCITT 10 167#define GSS_C_AF_SNA 11 168#define GSS_C_AF_DECnet 12 169#define GSS_C_AF_DLI 13 170#define GSS_C_AF_LAT 14 171#define GSS_C_AF_HYLINK 15 172#define GSS_C_AF_APPLETALK 16 173#define GSS_C_AF_BSC 17 174#define GSS_C_AF_DSS 18 175#define GSS_C_AF_OSI 19 176#define GSS_C_AF_X25 21 177#define GSS_C_AF_INET6 24 178 179#define GSS_C_AF_NULLADDR 255 180 181/* 182 * Various Null values 183 */ 184#define GSS_C_NO_NAME ((gss_name_t) 0) 185#define GSS_C_NO_BUFFER ((gss_buffer_t) 0) 186#define GSS_C_NO_OID ((gss_OID) 0) 187#define GSS_C_NO_OID_SET ((gss_OID_set) 0) 188#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) 189#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) 190#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) 191#define GSS_C_EMPTY_BUFFER {0, NULL} 192 193/* 194 * Some alternate names for a couple of the above 195 * values. These are defined for V1 compatibility. 196 */ 197#define GSS_C_NULL_OID GSS_C_NO_OID 198#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET 199 200/* 201 * Define the default Quality of Protection for per-message 202 * services. Note that an implementation that offers multiple 203 * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero 204 * (as done here) to mean "default protection", or to a specific 205 * explicit QOP value. However, a value of 0 should always be 206 * interpreted by a GSSAPI implementation as a request for the 207 * default protection level. 208 */ 209#define GSS_C_QOP_DEFAULT 0 210 211#define GSS_KRB5_CONF_C_QOP_DES 0x0100 212#define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 213 214/* 215 * Expiration time of 2^32-1 seconds means infinite lifetime for a 216 * credential or security context 217 */ 218#define GSS_C_INDEFINITE 0xfffffffful 219 220/* 221 * The implementation must reserve static storage for a 222 * gss_OID_desc object containing the value 223 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 224 * "\x01\x02\x01\x01"}, 225 * corresponding to an object-identifier value of 226 * {iso(1) member-body(2) United States(840) mit(113554) 227 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant 228 * GSS_C_NT_USER_NAME should be initialized to point 229 * to that gss_OID_desc. 230 */ 231extern gss_OID GSS_C_NT_USER_NAME; 232 233/* 234 * The implementation must reserve static storage for a 235 * gss_OID_desc object containing the value 236 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 237 * "\x01\x02\x01\x02"}, 238 * corresponding to an object-identifier value of 239 * {iso(1) member-body(2) United States(840) mit(113554) 240 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. 241 * The constant GSS_C_NT_MACHINE_UID_NAME should be 242 * initialized to point to that gss_OID_desc. 243 */ 244extern gss_OID GSS_C_NT_MACHINE_UID_NAME; 245 246/* 247 * The implementation must reserve static storage for a 248 * gss_OID_desc object containing the value 249 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 250 * "\x01\x02\x01\x03"}, 251 * corresponding to an object-identifier value of 252 * {iso(1) member-body(2) United States(840) mit(113554) 253 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. 254 * The constant GSS_C_NT_STRING_UID_NAME should be 255 * initialized to point to that gss_OID_desc. 256 */ 257extern gss_OID GSS_C_NT_STRING_UID_NAME; 258 259/* 260 * The implementation must reserve static storage for a 261 * gss_OID_desc object containing the value 262 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, 263 * corresponding to an object-identifier value of 264 * {iso(1) org(3) dod(6) internet(1) security(5) 265 * nametypes(6) gss-host-based-services(2)). The constant 266 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point 267 * to that gss_OID_desc. This is a deprecated OID value, and 268 * implementations wishing to support hostbased-service names 269 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, 270 * defined below, to identify such names; 271 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym 272 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input 273 * parameter, but should not be emitted by GSS-API 274 * implementations 275 */ 276extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; 277 278/* 279 * The implementation must reserve static storage for a 280 * gss_OID_desc object containing the value 281 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 282 * "\x01\x02\x01\x04"}, corresponding to an 283 * object-identifier value of {iso(1) member-body(2) 284 * Unites States(840) mit(113554) infosys(1) gssapi(2) 285 * generic(1) service_name(4)}. The constant 286 * GSS_C_NT_HOSTBASED_SERVICE should be initialized 287 * to point to that gss_OID_desc. 288 */ 289extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; 290 291/* 292 * The implementation must reserve static storage for a 293 * gss_OID_desc object containing the value 294 * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, 295 * corresponding to an object identifier value of 296 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 297 * 6(nametypes), 3(gss-anonymous-name)}. The constant 298 * and GSS_C_NT_ANONYMOUS should be initialized to point 299 * to that gss_OID_desc. 300 */ 301extern gss_OID GSS_C_NT_ANONYMOUS; 302 303/* 304 * The implementation must reserve static storage for a 305 * gss_OID_desc object containing the value 306 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, 307 * corresponding to an object-identifier value of 308 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 309 * 6(nametypes), 4(gss-api-exported-name)}. The constant 310 * GSS_C_NT_EXPORT_NAME should be initialized to point 311 * to that gss_OID_desc. 312 */ 313extern gss_OID GSS_C_NT_EXPORT_NAME; 314 315/* 316 * This if for kerberos5 names. 317 */ 318 319extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; 320extern gss_OID GSS_KRB5_NT_USER_NAME; 321extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; 322extern gss_OID GSS_KRB5_NT_STRING_UID_NAME; 323 324extern gss_OID GSS_KRB5_MECHANISM; 325 326/* for compatibility with MIT api */ 327 328#define gss_mech_krb5 GSS_KRB5_MECHANISM 329 330/* Major status codes */ 331 332#define GSS_S_COMPLETE 0 333 334/* 335 * Some "helper" definitions to make the status code macros obvious. 336 */ 337#define GSS_C_CALLING_ERROR_OFFSET 24 338#define GSS_C_ROUTINE_ERROR_OFFSET 16 339#define GSS_C_SUPPLEMENTARY_OFFSET 0 340#define GSS_C_CALLING_ERROR_MASK 0377ul 341#define GSS_C_ROUTINE_ERROR_MASK 0377ul 342#define GSS_C_SUPPLEMENTARY_MASK 0177777ul 343 344/* 345 * The macros that test status codes for error conditions. 346 * Note that the GSS_ERROR() macro has changed slightly from 347 * the V1 GSSAPI so that it now evaluates its argument 348 * only once. 349 */ 350#define GSS_CALLING_ERROR(x) \ 351 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) 352#define GSS_ROUTINE_ERROR(x) \ 353 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) 354#define GSS_SUPPLEMENTARY_INFO(x) \ 355 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) 356#define GSS_ERROR(x) \ 357 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ 358 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) 359 360/* 361 * Now the actual status code definitions 362 */ 363 364/* 365 * Calling errors: 366 */ 367#define GSS_S_CALL_INACCESSIBLE_READ \ 368 (1ul << GSS_C_CALLING_ERROR_OFFSET) 369#define GSS_S_CALL_INACCESSIBLE_WRITE \ 370 (2ul << GSS_C_CALLING_ERROR_OFFSET) 371#define GSS_S_CALL_BAD_STRUCTURE \ 372 (3ul << GSS_C_CALLING_ERROR_OFFSET) 373 374/* 375 * Routine errors: 376 */ 377#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET) 378#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET) 379#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET) 380 381#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET) 382#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET) 383#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET) 384#define GSS_S_BAD_MIC GSS_S_BAD_SIG 385#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET) 386#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET) 387#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET) 388#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) 389#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) 390#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) 391#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) 392#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) 393#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) 394#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) 395#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) 396#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) 397 398/* 399 * Supplementary info bits: 400 */ 401#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) 402#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) 403#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) 404#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) 405#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) 406 407/* 408 * From RFC1964: 409 * 410 * 4.1.1. Non-Kerberos-specific codes 411 */ 412 413#define GSS_KRB5_S_G_BAD_SERVICE_NAME 1 414 /* "No @ in SERVICE-NAME name string" */ 415#define GSS_KRB5_S_G_BAD_STRING_UID 2 416 /* "STRING-UID-NAME contains nondigits" */ 417#define GSS_KRB5_S_G_NOUSER 3 418 /* "UID does not resolve to username" */ 419#define GSS_KRB5_S_G_VALIDATE_FAILED 4 420 /* "Validation error" */ 421#define GSS_KRB5_S_G_BUFFER_ALLOC 5 422 /* "Couldn't allocate gss_buffer_t data" */ 423#define GSS_KRB5_S_G_BAD_MSG_CTX 6 424 /* "Message context invalid" */ 425#define GSS_KRB5_S_G_WRONG_SIZE 7 426 /* "Buffer is the wrong size" */ 427#define GSS_KRB5_S_G_BAD_USAGE 8 428 /* "Credential usage type is unknown" */ 429#define GSS_KRB5_S_G_UNKNOWN_QOP 9 430 /* "Unknown quality of protection specified" */ 431 432 /* 433 * 4.1.2. Kerberos-specific-codes 434 */ 435 436#define GSS_KRB5_S_KG_CCACHE_NOMATCH 10 437 /* "Principal in credential cache does not match desired name" */ 438#define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11 439 /* "No principal in keytab matches desired name" */ 440#define GSS_KRB5_S_KG_TGT_MISSING 12 441 /* "Credential cache has no TGT" */ 442#define GSS_KRB5_S_KG_NO_SUBKEY 13 443 /* "Authenticator has no subkey" */ 444#define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14 445 /* "Context is already fully established" */ 446#define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15 447 /* "Unknown signature type in token" */ 448#define GSS_KRB5_S_KG_BAD_LENGTH 16 449 /* "Invalid field length in token" */ 450#define GSS_KRB5_S_KG_CTX_INCOMPLETE 17 451 /* "Attempt to use incomplete security context" */ 452 453/* 454 * Finally, function prototypes for the GSS-API routines. 455 */ 456 457OM_uint32 gss_acquire_cred 458 (OM_uint32 * minor_status, 459 const gss_name_t desired_name, 460 OM_uint32 time_req, 461 const gss_OID_set desired_mechs, 462 gss_cred_usage_t cred_usage, 463 gss_cred_id_t * output_cred_handle, 464 gss_OID_set * actual_mechs, 465 OM_uint32 * time_rec 466 ); 467 468OM_uint32 gss_release_cred 469 (OM_uint32 * minor_status, 470 gss_cred_id_t * cred_handle 471 ); 472 473OM_uint32 gss_init_sec_context 474 (OM_uint32 * minor_status, 475 const gss_cred_id_t initiator_cred_handle, 476 gss_ctx_id_t * context_handle, 477 const gss_name_t target_name, 478 const gss_OID mech_type, 479 OM_uint32 req_flags, 480 OM_uint32 time_req, 481 const gss_channel_bindings_t input_chan_bindings, 482 const gss_buffer_t input_token, 483 gss_OID * actual_mech_type, 484 gss_buffer_t output_token, 485 OM_uint32 * ret_flags, 486 OM_uint32 * time_rec 487 ); 488 489OM_uint32 gss_accept_sec_context 490 (OM_uint32 * minor_status, 491 gss_ctx_id_t * context_handle, 492 const gss_cred_id_t acceptor_cred_handle, 493 const gss_buffer_t input_token_buffer, 494 const gss_channel_bindings_t input_chan_bindings, 495 gss_name_t * src_name, 496 gss_OID * mech_type, 497 gss_buffer_t output_token, 498 OM_uint32 * ret_flags, 499 OM_uint32 * time_rec, 500 gss_cred_id_t * delegated_cred_handle 501 ); 502 503OM_uint32 gss_process_context_token 504 (OM_uint32 * minor_status, 505 const gss_ctx_id_t context_handle, 506 const gss_buffer_t token_buffer 507 ); 508 509OM_uint32 gss_delete_sec_context 510 (OM_uint32 * minor_status, 511 gss_ctx_id_t * context_handle, 512 gss_buffer_t output_token 513 ); 514 515OM_uint32 gss_context_time 516 (OM_uint32 * minor_status, 517 const gss_ctx_id_t context_handle, 518 OM_uint32 * time_rec 519 ); 520 521OM_uint32 gss_get_mic 522 (OM_uint32 * minor_status, 523 const gss_ctx_id_t context_handle, 524 gss_qop_t qop_req, 525 const gss_buffer_t message_buffer, 526 gss_buffer_t message_token 527 ); 528 529OM_uint32 gss_verify_mic 530 (OM_uint32 * minor_status, 531 const gss_ctx_id_t context_handle, 532 const gss_buffer_t message_buffer, 533 const gss_buffer_t token_buffer, 534 gss_qop_t * qop_state 535 ); 536 537OM_uint32 gss_wrap 538 (OM_uint32 * minor_status, 539 const gss_ctx_id_t context_handle, 540 int conf_req_flag, 541 gss_qop_t qop_req, 542 const gss_buffer_t input_message_buffer, 543 int * conf_state, 544 gss_buffer_t output_message_buffer 545 ); 546 547OM_uint32 gss_unwrap 548 (OM_uint32 * minor_status, 549 const gss_ctx_id_t context_handle, 550 const gss_buffer_t input_message_buffer, 551 gss_buffer_t output_message_buffer, 552 int * conf_state, 553 gss_qop_t * qop_state 554 ); 555 556OM_uint32 gss_display_status 557 (OM_uint32 * minor_status, 558 OM_uint32 status_value, 559 int status_type, 560 const gss_OID mech_type, 561 OM_uint32 * message_context, 562 gss_buffer_t status_string 563 ); 564 565OM_uint32 gss_indicate_mechs 566 (OM_uint32 * minor_status, 567 gss_OID_set * mech_set 568 ); 569 570OM_uint32 gss_compare_name 571 (OM_uint32 * minor_status, 572 const gss_name_t name1, 573 const gss_name_t name2, 574 int * name_equal 575 ); 576 577OM_uint32 gss_display_name 578 (OM_uint32 * minor_status, 579 const gss_name_t input_name, 580 gss_buffer_t output_name_buffer, 581 gss_OID * output_name_type 582 ); 583 584OM_uint32 gss_import_name 585 (OM_uint32 * minor_status, 586 const gss_buffer_t input_name_buffer, 587 const gss_OID input_name_type, 588 gss_name_t * output_name 589 ); 590 591OM_uint32 gss_export_name 592 (OM_uint32 * minor_status, 593 const gss_name_t input_name, 594 gss_buffer_t exported_name 595 ); 596 597OM_uint32 gss_release_name 598 (OM_uint32 * minor_status, 599 gss_name_t * input_name 600 ); 601 602OM_uint32 gss_release_buffer 603 (OM_uint32 * minor_status, 604 gss_buffer_t buffer 605 ); 606 607OM_uint32 gss_release_oid_set 608 (OM_uint32 * minor_status, 609 gss_OID_set * set 610 ); 611 612OM_uint32 gss_inquire_cred 613 (OM_uint32 * minor_status, 614 const gss_cred_id_t cred_handle, 615 gss_name_t * name, 616 OM_uint32 * lifetime, 617 gss_cred_usage_t * cred_usage, 618 gss_OID_set * mechanisms 619 ); 620 621OM_uint32 gss_inquire_context ( 622 OM_uint32 * minor_status, 623 const gss_ctx_id_t context_handle, 624 gss_name_t * src_name, 625 gss_name_t * targ_name, 626 OM_uint32 * lifetime_rec, 627 gss_OID * mech_type, 628 OM_uint32 * ctx_flags, 629 int * locally_initiated, 630 int * open 631 ); 632 633OM_uint32 gss_wrap_size_limit ( 634 OM_uint32 * minor_status, 635 const gss_ctx_id_t context_handle, 636 int conf_req_flag, 637 gss_qop_t qop_req, 638 OM_uint32 req_output_size, 639 OM_uint32 * max_input_size 640 ); 641 642OM_uint32 gss_add_cred ( 643 OM_uint32 * minor_status, 644 const gss_cred_id_t input_cred_handle, 645 const gss_name_t desired_name, 646 const gss_OID desired_mech, 647 gss_cred_usage_t cred_usage, 648 OM_uint32 initiator_time_req, 649 OM_uint32 acceptor_time_req, 650 gss_cred_id_t * output_cred_handle, 651 gss_OID_set * actual_mechs, 652 OM_uint32 * initiator_time_rec, 653 OM_uint32 * acceptor_time_rec 654 ); 655 656OM_uint32 gss_inquire_cred_by_mech ( 657 OM_uint32 * minor_status, 658 const gss_cred_id_t cred_handle, 659 const gss_OID mech_type, 660 gss_name_t * name, 661 OM_uint32 * initiator_lifetime, 662 OM_uint32 * acceptor_lifetime, 663 gss_cred_usage_t * cred_usage 664 ); 665 666OM_uint32 gss_export_sec_context ( 667 OM_uint32 * minor_status, 668 gss_ctx_id_t * context_handle, 669 gss_buffer_t interprocess_token 670 ); 671 672OM_uint32 gss_import_sec_context ( 673 OM_uint32 * minor_status, 674 const gss_buffer_t interprocess_token, 675 gss_ctx_id_t * context_handle 676 ); 677 678OM_uint32 gss_create_empty_oid_set ( 679 OM_uint32 * minor_status, 680 gss_OID_set * oid_set 681 ); 682 683OM_uint32 gss_add_oid_set_member ( 684 OM_uint32 * minor_status, 685 const gss_OID member_oid, 686 gss_OID_set * oid_set 687 ); 688 689OM_uint32 gss_test_oid_set_member ( 690 OM_uint32 * minor_status, 691 const gss_OID member, 692 const gss_OID_set set, 693 int * present 694 ); 695 696OM_uint32 gss_inquire_names_for_mech ( 697 OM_uint32 * minor_status, 698 const gss_OID mechanism, 699 gss_OID_set * name_types 700 ); 701 702OM_uint32 gss_inquire_mechs_for_name ( 703 OM_uint32 * minor_status, 704 const gss_name_t input_name, 705 gss_OID_set * mech_types 706 ); 707 708OM_uint32 gss_canonicalize_name ( 709 OM_uint32 * minor_status, 710 const gss_name_t input_name, 711 const gss_OID mech_type, 712 gss_name_t * output_name 713 ); 714 715OM_uint32 gss_duplicate_name ( 716 OM_uint32 * minor_status, 717 const gss_name_t src_name, 718 gss_name_t * dest_name 719 ); 720 721/* 722 * The following routines are obsolete variants of gss_get_mic, 723 * gss_verify_mic, gss_wrap and gss_unwrap. They should be 724 * provided by GSSAPI V2 implementations for backwards 725 * compatibility with V1 applications. Distinct entrypoints 726 * (as opposed to #defines) should be provided, both to allow 727 * GSSAPI V1 applications to link against GSSAPI V2 implementations, 728 * and to retain the slight parameter type differences between the 729 * obsolete versions of these routines and their current forms. 730 */ 731 732OM_uint32 gss_sign 733 (OM_uint32 * minor_status, 734 gss_ctx_id_t context_handle, 735 int qop_req, 736 gss_buffer_t message_buffer, 737 gss_buffer_t message_token 738 ); 739 740OM_uint32 gss_verify 741 (OM_uint32 * minor_status, 742 gss_ctx_id_t context_handle, 743 gss_buffer_t message_buffer, 744 gss_buffer_t token_buffer, 745 int * qop_state 746 ); 747 748OM_uint32 gss_seal 749 (OM_uint32 * minor_status, 750 gss_ctx_id_t context_handle, 751 int conf_req_flag, 752 int qop_req, 753 gss_buffer_t input_message_buffer, 754 int * conf_state, 755 gss_buffer_t output_message_buffer 756 ); 757 758OM_uint32 gss_unseal 759 (OM_uint32 * minor_status, 760 gss_ctx_id_t context_handle, 761 gss_buffer_t input_message_buffer, 762 gss_buffer_t output_message_buffer, 763 int * conf_state, 764 int * qop_state 765 ); 766 767/* 768 * kerberos mechanism specific functions 769 */ 770 771OM_uint32 gsskrb5_register_acceptor_identity 772 (char *identity); 773 774OM_uint32 gss_krb5_copy_ccache 775 (OM_uint32 *minor, 776 gss_cred_id_t cred, 777 struct krb5_ccache_data *out); 778 779#endif /* GSSAPI_H_ */ 780