gssapi.h revision 78527
1218885Sdim/* 2218885Sdim * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan 3218885Sdim * (Royal Institute of Technology, Stockholm, Sweden). 4218885Sdim * All rights reserved. 5218885Sdim * 6218885Sdim * Redistribution and use in source and binary forms, with or without 7218885Sdim * modification, are permitted provided that the following conditions 8218885Sdim * are met: 9218885Sdim * 10218885Sdim * 1. Redistributions of source code must retain the above copyright 11218885Sdim * notice, this list of conditions and the following disclaimer. 12218885Sdim * 13218885Sdim * 2. Redistributions in binary form must reproduce the above copyright 14218885Sdim * notice, this list of conditions and the following disclaimer in the 15218885Sdim * documentation and/or other materials provided with the distribution. 16218885Sdim * 17218885Sdim * 3. Neither the name of the Institute nor the names of its contributors 18218885Sdim * may be used to endorse or promote products derived from this software 19218885Sdim * without specific prior written permission. 20218885Sdim * 21218885Sdim * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22218885Sdim * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23218885Sdim * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24218885Sdim * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25218885Sdim * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26218885Sdim * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27218885Sdim * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28218885Sdim * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29218885Sdim * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30218885Sdim * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31218885Sdim * SUCH DAMAGE. 32218885Sdim */ 33218885Sdim 34218885Sdim/* $Id: gssapi.h,v 1.21 2001/05/04 13:52:02 assar Exp $ */ 35218885Sdim 36218885Sdim#ifndef GSSAPI_H_ 37218885Sdim#define GSSAPI_H_ 38218885Sdim 39218885Sdim/* 40218885Sdim * First, include stddef.h to get size_t defined. 41218885Sdim */ 42218885Sdim#include <stddef.h> 43218885Sdim 44218885Sdim#include <krb5-types.h> 45218885Sdim 46218885Sdim/* 47218885Sdim * Now define the three implementation-dependent types. 48218885Sdim */ 49218885Sdim 50218885Sdimtypedef u_int32_t OM_uint32; 51218885Sdim 52218885Sdimtypedef u_int32_t gss_uint32; 53218885Sdim 54218885Sdim/* 55218885Sdim * This is to avoid having to include <krb5.h> 56218885Sdim */ 57218885Sdim 58218885Sdimstruct krb5_auth_context_data; 59218885Sdim 60218885Sdimstruct Principal; 61218885Sdim 62/* typedef void *gss_name_t; */ 63 64typedef struct Principal *gss_name_t; 65 66typedef struct gss_ctx_id_t_desc_struct { 67 struct krb5_auth_context_data *auth_context; 68 gss_name_t source, target; 69 OM_uint32 flags; 70 enum { LOCAL = 1, OPEN = 2} more_flags; 71 struct krb5_ticket *ticket; 72} gss_ctx_id_t_desc; 73 74typedef gss_ctx_id_t_desc *gss_ctx_id_t; 75 76typedef struct gss_OID_desc_struct { 77 OM_uint32 length; 78 void *elements; 79} gss_OID_desc, *gss_OID; 80 81typedef struct gss_OID_set_desc_struct { 82 size_t count; 83 gss_OID elements; 84} gss_OID_set_desc, *gss_OID_set; 85 86struct krb5_keytab_data; 87 88struct krb5_ccache_data; 89 90typedef int gss_cred_usage_t; 91 92typedef struct gss_cred_id_t_desc_struct { 93 gss_name_t principal; 94 struct krb5_keytab_data *keytab; 95 OM_uint32 lifetime; 96 gss_cred_usage_t usage; 97 gss_OID_set mechanisms; 98 struct krb5_ccache_data *ccache; 99} gss_cred_id_t_desc; 100 101typedef gss_cred_id_t_desc *gss_cred_id_t; 102 103typedef struct gss_buffer_desc_struct { 104 size_t length; 105 void *value; 106} gss_buffer_desc, *gss_buffer_t; 107 108typedef struct gss_channel_bindings_struct { 109 OM_uint32 initiator_addrtype; 110 gss_buffer_desc initiator_address; 111 OM_uint32 acceptor_addrtype; 112 gss_buffer_desc acceptor_address; 113 gss_buffer_desc application_data; 114} *gss_channel_bindings_t; 115 116/* 117 * For now, define a QOP-type as an OM_uint32 118 */ 119typedef OM_uint32 gss_qop_t; 120 121/* 122 * Flag bits for context-level services. 123 */ 124#define GSS_C_DELEG_FLAG 1 125#define GSS_C_MUTUAL_FLAG 2 126#define GSS_C_REPLAY_FLAG 4 127#define GSS_C_SEQUENCE_FLAG 8 128#define GSS_C_CONF_FLAG 16 129#define GSS_C_INTEG_FLAG 32 130#define GSS_C_ANON_FLAG 64 131#define GSS_C_PROT_READY_FLAG 128 132#define GSS_C_TRANS_FLAG 256 133 134/* 135 * Credential usage options 136 */ 137#define GSS_C_BOTH 0 138#define GSS_C_INITIATE 1 139#define GSS_C_ACCEPT 2 140 141/* 142 * Status code types for gss_display_status 143 */ 144#define GSS_C_GSS_CODE 1 145#define GSS_C_MECH_CODE 2 146 147/* 148 * The constant definitions for channel-bindings address families 149 */ 150#define GSS_C_AF_UNSPEC 0 151#define GSS_C_AF_LOCAL 1 152#define GSS_C_AF_INET 2 153#define GSS_C_AF_IMPLINK 3 154#define GSS_C_AF_PUP 4 155#define GSS_C_AF_CHAOS 5 156#define GSS_C_AF_NS 6 157#define GSS_C_AF_NBS 7 158#define GSS_C_AF_ECMA 8 159#define GSS_C_AF_DATAKIT 9 160#define GSS_C_AF_CCITT 10 161#define GSS_C_AF_SNA 11 162#define GSS_C_AF_DECnet 12 163#define GSS_C_AF_DLI 13 164#define GSS_C_AF_LAT 14 165#define GSS_C_AF_HYLINK 15 166#define GSS_C_AF_APPLETALK 16 167#define GSS_C_AF_BSC 17 168#define GSS_C_AF_DSS 18 169#define GSS_C_AF_OSI 19 170#define GSS_C_AF_X25 21 171#define GSS_C_AF_INET6 24 172 173#define GSS_C_AF_NULLADDR 255 174 175/* 176 * Various Null values 177 */ 178#define GSS_C_NO_NAME ((gss_name_t) 0) 179#define GSS_C_NO_BUFFER ((gss_buffer_t) 0) 180#define GSS_C_NO_OID ((gss_OID) 0) 181#define GSS_C_NO_OID_SET ((gss_OID_set) 0) 182#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) 183#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) 184#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) 185#define GSS_C_EMPTY_BUFFER {0, NULL} 186 187/* 188 * Some alternate names for a couple of the above 189 * values. These are defined for V1 compatibility. 190 */ 191#define GSS_C_NULL_OID GSS_C_NO_OID 192#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET 193 194/* 195 * Define the default Quality of Protection for per-message 196 * services. Note that an implementation that offers multiple 197 * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero 198 * (as done here) to mean "default protection", or to a specific 199 * explicit QOP value. However, a value of 0 should always be 200 * interpreted by a GSSAPI implementation as a request for the 201 * default protection level. 202 */ 203#define GSS_C_QOP_DEFAULT 0 204 205#define GSS_KRB5_CONF_C_QOP_DES 0x0100 206#define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 207 208/* 209 * Expiration time of 2^32-1 seconds means infinite lifetime for a 210 * credential or security context 211 */ 212#define GSS_C_INDEFINITE 0xfffffffful 213 214/* 215 * The implementation must reserve static storage for a 216 * gss_OID_desc object containing the value 217 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 218 * "\x01\x02\x01\x01"}, 219 * corresponding to an object-identifier value of 220 * {iso(1) member-body(2) United States(840) mit(113554) 221 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant 222 * GSS_C_NT_USER_NAME should be initialized to point 223 * to that gss_OID_desc. 224 */ 225extern gss_OID GSS_C_NT_USER_NAME; 226 227/* 228 * The implementation must reserve static storage for a 229 * gss_OID_desc object containing the value 230 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 231 * "\x01\x02\x01\x02"}, 232 * corresponding to an object-identifier value of 233 * {iso(1) member-body(2) United States(840) mit(113554) 234 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. 235 * The constant GSS_C_NT_MACHINE_UID_NAME should be 236 * initialized to point to that gss_OID_desc. 237 */ 238extern gss_OID GSS_C_NT_MACHINE_UID_NAME; 239 240/* 241 * The implementation must reserve static storage for a 242 * gss_OID_desc object containing the value 243 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 244 * "\x01\x02\x01\x03"}, 245 * corresponding to an object-identifier value of 246 * {iso(1) member-body(2) United States(840) mit(113554) 247 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. 248 * The constant GSS_C_NT_STRING_UID_NAME should be 249 * initialized to point to that gss_OID_desc. 250 */ 251extern gss_OID GSS_C_NT_STRING_UID_NAME; 252 253/* 254 * The implementation must reserve static storage for a 255 * gss_OID_desc object containing the value 256 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, 257 * corresponding to an object-identifier value of 258 * {iso(1) org(3) dod(6) internet(1) security(5) 259 * nametypes(6) gss-host-based-services(2)). The constant 260 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point 261 * to that gss_OID_desc. This is a deprecated OID value, and 262 * implementations wishing to support hostbased-service names 263 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, 264 * defined below, to identify such names; 265 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym 266 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input 267 * parameter, but should not be emitted by GSS-API 268 * implementations 269 */ 270extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; 271 272/* 273 * The implementation must reserve static storage for a 274 * gss_OID_desc object containing the value 275 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 276 * "\x01\x02\x01\x04"}, corresponding to an 277 * object-identifier value of {iso(1) member-body(2) 278 * Unites States(840) mit(113554) infosys(1) gssapi(2) 279 * generic(1) service_name(4)}. The constant 280 * GSS_C_NT_HOSTBASED_SERVICE should be initialized 281 * to point to that gss_OID_desc. 282 */ 283extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; 284 285/* 286 * The implementation must reserve static storage for a 287 * gss_OID_desc object containing the value 288 * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, 289 * corresponding to an object identifier value of 290 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 291 * 6(nametypes), 3(gss-anonymous-name)}. The constant 292 * and GSS_C_NT_ANONYMOUS should be initialized to point 293 * to that gss_OID_desc. 294 */ 295extern gss_OID GSS_C_NT_ANONYMOUS; 296 297/* 298 * The implementation must reserve static storage for a 299 * gss_OID_desc object containing the value 300 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, 301 * corresponding to an object-identifier value of 302 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 303 * 6(nametypes), 4(gss-api-exported-name)}. The constant 304 * GSS_C_NT_EXPORT_NAME should be initialized to point 305 * to that gss_OID_desc. 306 */ 307extern gss_OID GSS_C_NT_EXPORT_NAME; 308 309/* 310 * This if for kerberos5 names. 311 */ 312 313extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; 314extern gss_OID GSS_KRB5_NT_USER_NAME; 315extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; 316extern gss_OID GSS_KRB5_NT_STRING_UID_NAME; 317 318extern gss_OID GSS_KRB5_MECHANISM; 319 320/* for compatibility with MIT api */ 321 322#define gss_mech_krb5 GSS_KRB5_MECHANISM 323 324/* Major status codes */ 325 326#define GSS_S_COMPLETE 0 327 328/* 329 * Some "helper" definitions to make the status code macros obvious. 330 */ 331#define GSS_C_CALLING_ERROR_OFFSET 24 332#define GSS_C_ROUTINE_ERROR_OFFSET 16 333#define GSS_C_SUPPLEMENTARY_OFFSET 0 334#define GSS_C_CALLING_ERROR_MASK 0377ul 335#define GSS_C_ROUTINE_ERROR_MASK 0377ul 336#define GSS_C_SUPPLEMENTARY_MASK 0177777ul 337 338/* 339 * The macros that test status codes for error conditions. 340 * Note that the GSS_ERROR() macro has changed slightly from 341 * the V1 GSSAPI so that it now evaluates its argument 342 * only once. 343 */ 344#define GSS_CALLING_ERROR(x) \ 345 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) 346#define GSS_ROUTINE_ERROR(x) \ 347 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) 348#define GSS_SUPPLEMENTARY_INFO(x) \ 349 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) 350#define GSS_ERROR(x) \ 351 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ 352 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) 353 354/* 355 * Now the actual status code definitions 356 */ 357 358/* 359 * Calling errors: 360 */ 361#define GSS_S_CALL_INACCESSIBLE_READ \ 362 (1ul << GSS_C_CALLING_ERROR_OFFSET) 363#define GSS_S_CALL_INACCESSIBLE_WRITE \ 364 (2ul << GSS_C_CALLING_ERROR_OFFSET) 365#define GSS_S_CALL_BAD_STRUCTURE \ 366 (3ul << GSS_C_CALLING_ERROR_OFFSET) 367 368/* 369 * Routine errors: 370 */ 371#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET) 372#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET) 373#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET) 374 375#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET) 376#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET) 377#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET) 378#define GSS_S_BAD_MIC GSS_S_BAD_SIG 379#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET) 380#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET) 381#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET) 382#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) 383#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) 384#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) 385#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) 386#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) 387#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) 388#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) 389#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) 390#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) 391 392/* 393 * Supplementary info bits: 394 */ 395#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) 396#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) 397#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) 398#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) 399#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) 400 401/* 402 * From RFC1964: 403 * 404 * 4.1.1. Non-Kerberos-specific codes 405 */ 406 407#define GSS_KRB5_S_G_BAD_SERVICE_NAME 1 408 /* "No @ in SERVICE-NAME name string" */ 409#define GSS_KRB5_S_G_BAD_STRING_UID 2 410 /* "STRING-UID-NAME contains nondigits" */ 411#define GSS_KRB5_S_G_NOUSER 3 412 /* "UID does not resolve to username" */ 413#define GSS_KRB5_S_G_VALIDATE_FAILED 4 414 /* "Validation error" */ 415#define GSS_KRB5_S_G_BUFFER_ALLOC 5 416 /* "Couldn't allocate gss_buffer_t data" */ 417#define GSS_KRB5_S_G_BAD_MSG_CTX 6 418 /* "Message context invalid" */ 419#define GSS_KRB5_S_G_WRONG_SIZE 7 420 /* "Buffer is the wrong size" */ 421#define GSS_KRB5_S_G_BAD_USAGE 8 422 /* "Credential usage type is unknown" */ 423#define GSS_KRB5_S_G_UNKNOWN_QOP 9 424 /* "Unknown quality of protection specified" */ 425 426 /* 427 * 4.1.2. Kerberos-specific-codes 428 */ 429 430#define GSS_KRB5_S_KG_CCACHE_NOMATCH 10 431 /* "Principal in credential cache does not match desired name" */ 432#define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11 433 /* "No principal in keytab matches desired name" */ 434#define GSS_KRB5_S_KG_TGT_MISSING 12 435 /* "Credential cache has no TGT" */ 436#define GSS_KRB5_S_KG_NO_SUBKEY 13 437 /* "Authenticator has no subkey" */ 438#define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14 439 /* "Context is already fully established" */ 440#define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15 441 /* "Unknown signature type in token" */ 442#define GSS_KRB5_S_KG_BAD_LENGTH 16 443 /* "Invalid field length in token" */ 444#define GSS_KRB5_S_KG_CTX_INCOMPLETE 17 445 /* "Attempt to use incomplete security context" */ 446 447/* 448 * Finally, function prototypes for the GSS-API routines. 449 */ 450 451OM_uint32 gss_acquire_cred 452 (OM_uint32 * minor_status, 453 const gss_name_t desired_name, 454 OM_uint32 time_req, 455 const gss_OID_set desired_mechs, 456 gss_cred_usage_t cred_usage, 457 gss_cred_id_t * output_cred_handle, 458 gss_OID_set * actual_mechs, 459 OM_uint32 * time_rec 460 ); 461 462OM_uint32 gss_release_cred 463 (OM_uint32 * minor_status, 464 gss_cred_id_t * cred_handle 465 ); 466 467OM_uint32 gss_init_sec_context 468 (OM_uint32 * minor_status, 469 const gss_cred_id_t initiator_cred_handle, 470 gss_ctx_id_t * context_handle, 471 const gss_name_t target_name, 472 const gss_OID mech_type, 473 OM_uint32 req_flags, 474 OM_uint32 time_req, 475 const gss_channel_bindings_t input_chan_bindings, 476 const gss_buffer_t input_token, 477 gss_OID * actual_mech_type, 478 gss_buffer_t output_token, 479 OM_uint32 * ret_flags, 480 OM_uint32 * time_rec 481 ); 482 483OM_uint32 gss_accept_sec_context 484 (OM_uint32 * minor_status, 485 gss_ctx_id_t * context_handle, 486 const gss_cred_id_t acceptor_cred_handle, 487 const gss_buffer_t input_token_buffer, 488 const gss_channel_bindings_t input_chan_bindings, 489 gss_name_t * src_name, 490 gss_OID * mech_type, 491 gss_buffer_t output_token, 492 OM_uint32 * ret_flags, 493 OM_uint32 * time_rec, 494 gss_cred_id_t * delegated_cred_handle 495 ); 496 497OM_uint32 gss_process_context_token 498 (OM_uint32 * minor_status, 499 const gss_ctx_id_t context_handle, 500 const gss_buffer_t token_buffer 501 ); 502 503OM_uint32 gss_delete_sec_context 504 (OM_uint32 * minor_status, 505 gss_ctx_id_t * context_handle, 506 gss_buffer_t output_token 507 ); 508 509OM_uint32 gss_context_time 510 (OM_uint32 * minor_status, 511 const gss_ctx_id_t context_handle, 512 OM_uint32 * time_rec 513 ); 514 515OM_uint32 gss_get_mic 516 (OM_uint32 * minor_status, 517 const gss_ctx_id_t context_handle, 518 gss_qop_t qop_req, 519 const gss_buffer_t message_buffer, 520 gss_buffer_t message_token 521 ); 522 523OM_uint32 gss_verify_mic 524 (OM_uint32 * minor_status, 525 const gss_ctx_id_t context_handle, 526 const gss_buffer_t message_buffer, 527 const gss_buffer_t token_buffer, 528 gss_qop_t * qop_state 529 ); 530 531OM_uint32 gss_wrap 532 (OM_uint32 * minor_status, 533 const gss_ctx_id_t context_handle, 534 int conf_req_flag, 535 gss_qop_t qop_req, 536 const gss_buffer_t input_message_buffer, 537 int * conf_state, 538 gss_buffer_t output_message_buffer 539 ); 540 541OM_uint32 gss_unwrap 542 (OM_uint32 * minor_status, 543 const gss_ctx_id_t context_handle, 544 const gss_buffer_t input_message_buffer, 545 gss_buffer_t output_message_buffer, 546 int * conf_state, 547 gss_qop_t * qop_state 548 ); 549 550OM_uint32 gss_display_status 551 (OM_uint32 * minor_status, 552 OM_uint32 status_value, 553 int status_type, 554 const gss_OID mech_type, 555 OM_uint32 * message_context, 556 gss_buffer_t status_string 557 ); 558 559OM_uint32 gss_indicate_mechs 560 (OM_uint32 * minor_status, 561 gss_OID_set * mech_set 562 ); 563 564OM_uint32 gss_compare_name 565 (OM_uint32 * minor_status, 566 const gss_name_t name1, 567 const gss_name_t name2, 568 int * name_equal 569 ); 570 571OM_uint32 gss_display_name 572 (OM_uint32 * minor_status, 573 const gss_name_t input_name, 574 gss_buffer_t output_name_buffer, 575 gss_OID * output_name_type 576 ); 577 578OM_uint32 gss_import_name 579 (OM_uint32 * minor_status, 580 const gss_buffer_t input_name_buffer, 581 const gss_OID input_name_type, 582 gss_name_t * output_name 583 ); 584 585OM_uint32 gss_export_name 586 (OM_uint32 * minor_status, 587 const gss_name_t input_name, 588 gss_buffer_t exported_name 589 ); 590 591OM_uint32 gss_release_name 592 (OM_uint32 * minor_status, 593 gss_name_t * input_name 594 ); 595 596OM_uint32 gss_release_buffer 597 (OM_uint32 * minor_status, 598 gss_buffer_t buffer 599 ); 600 601OM_uint32 gss_release_oid_set 602 (OM_uint32 * minor_status, 603 gss_OID_set * set 604 ); 605 606OM_uint32 gss_inquire_cred 607 (OM_uint32 * minor_status, 608 const gss_cred_id_t cred_handle, 609 gss_name_t * name, 610 OM_uint32 * lifetime, 611 gss_cred_usage_t * cred_usage, 612 gss_OID_set * mechanisms 613 ); 614 615OM_uint32 gss_inquire_context ( 616 OM_uint32 * minor_status, 617 const gss_ctx_id_t context_handle, 618 gss_name_t * src_name, 619 gss_name_t * targ_name, 620 OM_uint32 * lifetime_rec, 621 gss_OID * mech_type, 622 OM_uint32 * ctx_flags, 623 int * locally_initiated, 624 int * open 625 ); 626 627OM_uint32 gss_wrap_size_limit ( 628 OM_uint32 * minor_status, 629 const gss_ctx_id_t context_handle, 630 int conf_req_flag, 631 gss_qop_t qop_req, 632 OM_uint32 req_output_size, 633 OM_uint32 * max_input_size 634 ); 635 636OM_uint32 gss_add_cred ( 637 OM_uint32 * minor_status, 638 const gss_cred_id_t input_cred_handle, 639 const gss_name_t desired_name, 640 const gss_OID desired_mech, 641 gss_cred_usage_t cred_usage, 642 OM_uint32 initiator_time_req, 643 OM_uint32 acceptor_time_req, 644 gss_cred_id_t * output_cred_handle, 645 gss_OID_set * actual_mechs, 646 OM_uint32 * initiator_time_rec, 647 OM_uint32 * acceptor_time_rec 648 ); 649 650OM_uint32 gss_inquire_cred_by_mech ( 651 OM_uint32 * minor_status, 652 const gss_cred_id_t cred_handle, 653 const gss_OID mech_type, 654 gss_name_t * name, 655 OM_uint32 * initiator_lifetime, 656 OM_uint32 * acceptor_lifetime, 657 gss_cred_usage_t * cred_usage 658 ); 659 660OM_uint32 gss_export_sec_context ( 661 OM_uint32 * minor_status, 662 gss_ctx_id_t * context_handle, 663 gss_buffer_t interprocess_token 664 ); 665 666OM_uint32 gss_import_sec_context ( 667 OM_uint32 * minor_status, 668 const gss_buffer_t interprocess_token, 669 gss_ctx_id_t * context_handle 670 ); 671 672OM_uint32 gss_create_empty_oid_set ( 673 OM_uint32 * minor_status, 674 gss_OID_set * oid_set 675 ); 676 677OM_uint32 gss_add_oid_set_member ( 678 OM_uint32 * minor_status, 679 const gss_OID member_oid, 680 gss_OID_set * oid_set 681 ); 682 683OM_uint32 gss_test_oid_set_member ( 684 OM_uint32 * minor_status, 685 const gss_OID member, 686 const gss_OID_set set, 687 int * present 688 ); 689 690OM_uint32 gss_inquire_names_for_mech ( 691 OM_uint32 * minor_status, 692 const gss_OID mechanism, 693 gss_OID_set * name_types 694 ); 695 696OM_uint32 gss_inquire_mechs_for_name ( 697 OM_uint32 * minor_status, 698 const gss_name_t input_name, 699 gss_OID_set * mech_types 700 ); 701 702OM_uint32 gss_canonicalize_name ( 703 OM_uint32 * minor_status, 704 const gss_name_t input_name, 705 const gss_OID mech_type, 706 gss_name_t * output_name 707 ); 708 709OM_uint32 gss_duplicate_name ( 710 OM_uint32 * minor_status, 711 const gss_name_t src_name, 712 gss_name_t * dest_name 713 ); 714 715/* 716 * The following routines are obsolete variants of gss_get_mic, 717 * gss_verify_mic, gss_wrap and gss_unwrap. They should be 718 * provided by GSSAPI V2 implementations for backwards 719 * compatibility with V1 applications. Distinct entrypoints 720 * (as opposed to #defines) should be provided, both to allow 721 * GSSAPI V1 applications to link against GSSAPI V2 implementations, 722 * and to retain the slight parameter type differences between the 723 * obsolete versions of these routines and their current forms. 724 */ 725 726OM_uint32 gss_sign 727 (OM_uint32 * minor_status, 728 gss_ctx_id_t context_handle, 729 int qop_req, 730 gss_buffer_t message_buffer, 731 gss_buffer_t message_token 732 ); 733 734OM_uint32 gss_verify 735 (OM_uint32 * minor_status, 736 gss_ctx_id_t context_handle, 737 gss_buffer_t message_buffer, 738 gss_buffer_t token_buffer, 739 int * qop_state 740 ); 741 742OM_uint32 gss_seal 743 (OM_uint32 * minor_status, 744 gss_ctx_id_t context_handle, 745 int conf_req_flag, 746 int qop_req, 747 gss_buffer_t input_message_buffer, 748 int * conf_state, 749 gss_buffer_t output_message_buffer 750 ); 751 752OM_uint32 gss_unseal 753 (OM_uint32 * minor_status, 754 gss_ctx_id_t context_handle, 755 gss_buffer_t input_message_buffer, 756 gss_buffer_t output_message_buffer, 757 int * conf_state, 758 int * qop_state 759 ); 760 761/* 762 * kerberos mechanism specific functions 763 */ 764 765OM_uint32 gsskrb5_register_acceptor_identity 766 (char *identity); 767 768OM_uint32 gss_krb5_copy_ccache 769 (OM_uint32 *minor, 770 gss_cred_id_t cred, 771 struct krb5_ccache_data *out); 772 773#endif /* GSSAPI_H_ */ 774