1178825Sdfr/* 2178825Sdfr * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan 3178825Sdfr * (Royal Institute of Technology, Stockholm, Sweden). 4178825Sdfr * All rights reserved. 5178825Sdfr * 6178825Sdfr * Redistribution and use in source and binary forms, with or without 7178825Sdfr * modification, are permitted provided that the following conditions 8178825Sdfr * are met: 9178825Sdfr * 10178825Sdfr * 1. Redistributions of source code must retain the above copyright 11178825Sdfr * notice, this list of conditions and the following disclaimer. 12178825Sdfr * 13178825Sdfr * 2. Redistributions in binary form must reproduce the above copyright 14178825Sdfr * notice, this list of conditions and the following disclaimer in the 15178825Sdfr * documentation and/or other materials provided with the distribution. 16178825Sdfr * 17178825Sdfr * 3. Neither the name of the Institute nor the names of its contributors 18178825Sdfr * may be used to endorse or promote products derived from this software 19178825Sdfr * without specific prior written permission. 20178825Sdfr * 21178825Sdfr * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22178825Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23178825Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24178825Sdfr * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25178825Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26178825Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27178825Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28178825Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29178825Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30178825Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31178825Sdfr * SUCH DAMAGE. 32178825Sdfr */ 33178825Sdfr 34178825Sdfr/* $Id: gssapi_krb5.h 20385 2007-04-18 08:51:32Z lha $ */ 35178825Sdfr 36178825Sdfr#ifndef GSSAPI_KRB5_H_ 37178825Sdfr#define GSSAPI_KRB5_H_ 38178825Sdfr 39178825Sdfr#include <gssapi/gssapi.h> 40178825Sdfr 41178825Sdfr#ifdef __cplusplus 42178825Sdfrextern "C" { 43178825Sdfr#endif 44178825Sdfr 45178825Sdfr/* 46178825Sdfr * This is for kerberos5 names. 47178825Sdfr */ 48178825Sdfr 49178825Sdfrextern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; 50178825Sdfrextern gss_OID GSS_KRB5_NT_USER_NAME; 51178825Sdfrextern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; 52178825Sdfrextern gss_OID GSS_KRB5_NT_STRING_UID_NAME; 53178825Sdfr 54178825Sdfrextern gss_OID GSS_KRB5_MECHANISM; 55178825Sdfr 56178825Sdfr/* for compatibility with MIT api */ 57178825Sdfr 58178825Sdfr#define gss_mech_krb5 GSS_KRB5_MECHANISM 59178825Sdfr#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME 60178825Sdfr 61178825Sdfr/* Extensions set contexts options */ 62178825Sdfrextern gss_OID GSS_KRB5_COPY_CCACHE_X; 63178825Sdfrextern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X; 64178825Sdfrextern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X; 65178825Sdfrextern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X; 66178825Sdfrextern gss_OID GSS_KRB5_SEND_TO_KDC_X; 67178825Sdfrextern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X; 68178825Sdfrextern gss_OID GSS_KRB5_CCACHE_NAME_X; 69178825Sdfr/* Extensions inquire context */ 70178825Sdfrextern gss_OID GSS_KRB5_GET_TKT_FLAGS_X; 71178825Sdfrextern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X; 72178825Sdfrextern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO; 73178825Sdfrextern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X; 74178825Sdfrextern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X; 75178825Sdfrextern gss_OID GSS_KRB5_GET_SUBKEY_X; 76178825Sdfrextern gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X; 77178825Sdfrextern gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X; 78178825Sdfrextern gss_OID GSS_KRB5_GET_AUTHTIME_X; 79178825Sdfrextern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X; 80178825Sdfr/* Extensions creds */ 81178825Sdfrextern gss_OID GSS_KRB5_IMPORT_CRED_X; 82178825Sdfrextern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X; 83178825Sdfr 84178825Sdfr/* 85178825Sdfr * kerberos mechanism specific functions 86178825Sdfr */ 87178825Sdfr 88178825Sdfrstruct krb5_keytab_data; 89178825Sdfrstruct krb5_ccache_data; 90178825Sdfrstruct Principal; 91178825Sdfr 92178825SdfrOM_uint32 93178825Sdfrgss_krb5_ccache_name(OM_uint32 * /*minor_status*/, 94178825Sdfr const char * /*name */, 95178825Sdfr const char ** /*out_name */); 96178825Sdfr 97178825SdfrOM_uint32 gsskrb5_register_acceptor_identity 98178825Sdfr (const char */*identity*/); 99178825Sdfr 100178825SdfrOM_uint32 gss_krb5_copy_ccache 101178825Sdfr (OM_uint32 */*minor*/, 102178825Sdfr gss_cred_id_t /*cred*/, 103178825Sdfr struct krb5_ccache_data */*out*/); 104178825Sdfr 105178825SdfrOM_uint32 106178825Sdfrgss_krb5_import_cred(OM_uint32 */*minor*/, 107178825Sdfr struct krb5_ccache_data * /*in*/, 108178825Sdfr struct Principal * /*keytab_principal*/, 109178825Sdfr struct krb5_keytab_data * /*keytab*/, 110178825Sdfr gss_cred_id_t */*out*/); 111178825Sdfr 112178825SdfrOM_uint32 gss_krb5_get_tkt_flags 113178825Sdfr (OM_uint32 */*minor*/, 114178825Sdfr gss_ctx_id_t /*context_handle*/, 115178825Sdfr OM_uint32 */*tkt_flags*/); 116178825Sdfr 117178825SdfrOM_uint32 118178825Sdfrgsskrb5_extract_authz_data_from_sec_context 119178825Sdfr (OM_uint32 * /*minor_status*/, 120178825Sdfr gss_ctx_id_t /*context_handle*/, 121178825Sdfr int /*ad_type*/, 122178825Sdfr gss_buffer_t /*ad_data*/); 123178825Sdfr 124178825SdfrOM_uint32 125178825Sdfrgsskrb5_set_dns_canonicalize(int); 126178825Sdfr 127178825Sdfrstruct gsskrb5_send_to_kdc { 128178825Sdfr void *func; 129178825Sdfr void *ptr; 130178825Sdfr}; 131178825Sdfr 132178825SdfrOM_uint32 133178825Sdfrgsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *); 134178825Sdfr 135178825SdfrOM_uint32 136178825Sdfrgsskrb5_set_default_realm(const char *); 137178825Sdfr 138178825SdfrOM_uint32 139178825Sdfrgsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *); 140178825Sdfr 141178825Sdfrstruct EncryptionKey; 142178825Sdfr 143178825SdfrOM_uint32 144178825Sdfrgsskrb5_extract_service_keyblock(OM_uint32 *minor_status, 145178825Sdfr gss_ctx_id_t context_handle, 146178825Sdfr struct EncryptionKey **out); 147178825SdfrOM_uint32 148178825Sdfrgsskrb5_get_initiator_subkey(OM_uint32 *minor_status, 149178825Sdfr gss_ctx_id_t context_handle, 150178825Sdfr struct EncryptionKey **out); 151178825SdfrOM_uint32 152178825Sdfrgsskrb5_get_subkey(OM_uint32 *minor_status, 153178825Sdfr gss_ctx_id_t context_handle, 154178825Sdfr struct EncryptionKey **out); 155178825Sdfr 156178825Sdfr/* 157178825Sdfr * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to 158178825Sdfr * do GSS content token handling in-kernel. 159178825Sdfr */ 160178825Sdfr 161178825Sdfrtypedef struct gss_krb5_lucid_key { 162178825Sdfr OM_uint32 type; 163178825Sdfr OM_uint32 length; 164178825Sdfr void * data; 165178825Sdfr} gss_krb5_lucid_key_t; 166178825Sdfr 167178825Sdfrtypedef struct gss_krb5_rfc1964_keydata { 168178825Sdfr OM_uint32 sign_alg; 169178825Sdfr OM_uint32 seal_alg; 170178825Sdfr gss_krb5_lucid_key_t ctx_key; 171178825Sdfr} gss_krb5_rfc1964_keydata_t; 172178825Sdfr 173178825Sdfrtypedef struct gss_krb5_cfx_keydata { 174178825Sdfr OM_uint32 have_acceptor_subkey; 175178825Sdfr gss_krb5_lucid_key_t ctx_key; 176178825Sdfr gss_krb5_lucid_key_t acceptor_subkey; 177178825Sdfr} gss_krb5_cfx_keydata_t; 178178825Sdfr 179178825Sdfrtypedef struct gss_krb5_lucid_context_v1 { 180178825Sdfr OM_uint32 version; 181178825Sdfr OM_uint32 initiate; 182178825Sdfr OM_uint32 endtime; 183178825Sdfr OM_uint64 send_seq; 184178825Sdfr OM_uint64 recv_seq; 185178825Sdfr OM_uint32 protocol; 186178825Sdfr gss_krb5_rfc1964_keydata_t rfc1964_kd; 187178825Sdfr gss_krb5_cfx_keydata_t cfx_kd; 188178825Sdfr} gss_krb5_lucid_context_v1_t; 189178825Sdfr 190178825Sdfrtypedef struct gss_krb5_lucid_context_version { 191178825Sdfr OM_uint32 version; /* Structure version number */ 192178825Sdfr} gss_krb5_lucid_context_version_t; 193178825Sdfr 194178825Sdfr/* 195178825Sdfr * Function declarations 196178825Sdfr */ 197178825Sdfr 198178825SdfrOM_uint32 199178825Sdfrgss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, 200178825Sdfr gss_ctx_id_t *context_handle, 201178825Sdfr OM_uint32 version, 202178825Sdfr void **kctx); 203178825Sdfr 204178825Sdfr 205178825SdfrOM_uint32 206178825Sdfrgss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, 207178825Sdfr void *kctx); 208178825Sdfr 209178825Sdfr 210178825SdfrOM_uint32 211178825Sdfrgss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, 212178825Sdfr gss_cred_id_t cred, 213178825Sdfr OM_uint32 num_enctypes, 214178825Sdfr int32_t *enctypes); 215178825Sdfr 216178825Sdfr#ifdef __cplusplus 217178825Sdfr} 218178825Sdfr#endif 219178825Sdfr 220178825Sdfr#endif /* GSSAPI_SPNEGO_H_ */ 221