1178825Sdfr/*
2178825Sdfr * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
3178825Sdfr * (Royal Institute of Technology, Stockholm, Sweden).
4178825Sdfr * All rights reserved.
5178825Sdfr *
6178825Sdfr * Redistribution and use in source and binary forms, with or without
7178825Sdfr * modification, are permitted provided that the following conditions
8178825Sdfr * are met:
9178825Sdfr *
10178825Sdfr * 1. Redistributions of source code must retain the above copyright
11178825Sdfr *    notice, this list of conditions and the following disclaimer.
12178825Sdfr *
13178825Sdfr * 2. Redistributions in binary form must reproduce the above copyright
14178825Sdfr *    notice, this list of conditions and the following disclaimer in the
15178825Sdfr *    documentation and/or other materials provided with the distribution.
16178825Sdfr *
17178825Sdfr * 3. Neither the name of the Institute nor the names of its contributors
18178825Sdfr *    may be used to endorse or promote products derived from this software
19178825Sdfr *    without specific prior written permission.
20178825Sdfr *
21178825Sdfr * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22178825Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23178825Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24178825Sdfr * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25178825Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26178825Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27178825Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28178825Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29178825Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30178825Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31178825Sdfr * SUCH DAMAGE.
32178825Sdfr */
33178825Sdfr
34178825Sdfr/* $Id: gssapi_krb5.h 20385 2007-04-18 08:51:32Z lha $ */
35178825Sdfr
36178825Sdfr#ifndef GSSAPI_KRB5_H_
37178825Sdfr#define GSSAPI_KRB5_H_
38178825Sdfr
39178825Sdfr#include <gssapi/gssapi.h>
40178825Sdfr
41178825Sdfr#ifdef __cplusplus
42178825Sdfrextern "C" {
43178825Sdfr#endif
44178825Sdfr
45178825Sdfr/*
46178825Sdfr * This is for kerberos5 names.
47178825Sdfr */
48178825Sdfr
49178825Sdfrextern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
50178825Sdfrextern gss_OID GSS_KRB5_NT_USER_NAME;
51178825Sdfrextern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
52178825Sdfrextern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
53178825Sdfr
54178825Sdfrextern gss_OID GSS_KRB5_MECHANISM;
55178825Sdfr
56178825Sdfr/* for compatibility with MIT api */
57178825Sdfr
58178825Sdfr#define gss_mech_krb5 GSS_KRB5_MECHANISM
59178825Sdfr#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
60178825Sdfr
61178825Sdfr/* Extensions set contexts options */
62178825Sdfrextern gss_OID GSS_KRB5_COPY_CCACHE_X;
63178825Sdfrextern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X;
64178825Sdfrextern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X;
65178825Sdfrextern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X;
66178825Sdfrextern gss_OID GSS_KRB5_SEND_TO_KDC_X;
67178825Sdfrextern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X;
68178825Sdfrextern gss_OID GSS_KRB5_CCACHE_NAME_X;
69178825Sdfr/* Extensions inquire context */
70178825Sdfrextern gss_OID GSS_KRB5_GET_TKT_FLAGS_X;
71178825Sdfrextern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X;
72178825Sdfrextern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO;
73178825Sdfrextern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X;
74178825Sdfrextern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X;
75178825Sdfrextern gss_OID GSS_KRB5_GET_SUBKEY_X;
76178825Sdfrextern gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X;
77178825Sdfrextern gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X;
78178825Sdfrextern gss_OID GSS_KRB5_GET_AUTHTIME_X;
79178825Sdfrextern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X;
80178825Sdfr/* Extensions creds */
81178825Sdfrextern gss_OID GSS_KRB5_IMPORT_CRED_X;
82178825Sdfrextern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X;
83178825Sdfr
84178825Sdfr/*
85178825Sdfr * kerberos mechanism specific functions
86178825Sdfr */
87178825Sdfr
88178825Sdfrstruct krb5_keytab_data;
89178825Sdfrstruct krb5_ccache_data;
90178825Sdfrstruct Principal;
91178825Sdfr
92178825SdfrOM_uint32
93178825Sdfrgss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
94178825Sdfr		     const char * /*name */,
95178825Sdfr		     const char ** /*out_name */);
96178825Sdfr
97178825SdfrOM_uint32 gsskrb5_register_acceptor_identity
98178825Sdfr        (const char */*identity*/);
99178825Sdfr
100178825SdfrOM_uint32 gss_krb5_copy_ccache
101178825Sdfr	(OM_uint32 */*minor*/,
102178825Sdfr	 gss_cred_id_t /*cred*/,
103178825Sdfr	 struct krb5_ccache_data */*out*/);
104178825Sdfr
105178825SdfrOM_uint32
106178825Sdfrgss_krb5_import_cred(OM_uint32 */*minor*/,
107178825Sdfr		     struct krb5_ccache_data * /*in*/,
108178825Sdfr		     struct Principal * /*keytab_principal*/,
109178825Sdfr		     struct krb5_keytab_data * /*keytab*/,
110178825Sdfr		     gss_cred_id_t */*out*/);
111178825Sdfr
112178825SdfrOM_uint32 gss_krb5_get_tkt_flags
113178825Sdfr	(OM_uint32 */*minor*/,
114178825Sdfr	 gss_ctx_id_t /*context_handle*/,
115178825Sdfr	 OM_uint32 */*tkt_flags*/);
116178825Sdfr
117178825SdfrOM_uint32
118178825Sdfrgsskrb5_extract_authz_data_from_sec_context
119178825Sdfr	(OM_uint32 * /*minor_status*/,
120178825Sdfr	 gss_ctx_id_t /*context_handle*/,
121178825Sdfr	 int /*ad_type*/,
122178825Sdfr	 gss_buffer_t /*ad_data*/);
123178825Sdfr
124178825SdfrOM_uint32
125178825Sdfrgsskrb5_set_dns_canonicalize(int);
126178825Sdfr
127178825Sdfrstruct gsskrb5_send_to_kdc {
128178825Sdfr    void *func;
129178825Sdfr    void *ptr;
130178825Sdfr};
131178825Sdfr
132178825SdfrOM_uint32
133178825Sdfrgsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *);
134178825Sdfr
135178825SdfrOM_uint32
136178825Sdfrgsskrb5_set_default_realm(const char *);
137178825Sdfr
138178825SdfrOM_uint32
139178825Sdfrgsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *);
140178825Sdfr
141178825Sdfrstruct EncryptionKey;
142178825Sdfr
143178825SdfrOM_uint32
144178825Sdfrgsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
145178825Sdfr				 gss_ctx_id_t context_handle,
146178825Sdfr				 struct EncryptionKey **out);
147178825SdfrOM_uint32
148178825Sdfrgsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
149178825Sdfr				 gss_ctx_id_t context_handle,
150178825Sdfr				 struct EncryptionKey **out);
151178825SdfrOM_uint32
152178825Sdfrgsskrb5_get_subkey(OM_uint32 *minor_status,
153178825Sdfr		   gss_ctx_id_t context_handle,
154178825Sdfr		   struct EncryptionKey **out);
155178825Sdfr
156178825Sdfr/*
157178825Sdfr * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to
158178825Sdfr * do GSS content token handling in-kernel.
159178825Sdfr */
160178825Sdfr
161178825Sdfrtypedef struct gss_krb5_lucid_key {
162178825Sdfr	OM_uint32	type;
163178825Sdfr	OM_uint32	length;
164178825Sdfr	void *		data;
165178825Sdfr} gss_krb5_lucid_key_t;
166178825Sdfr
167178825Sdfrtypedef struct gss_krb5_rfc1964_keydata {
168178825Sdfr	OM_uint32		sign_alg;
169178825Sdfr	OM_uint32		seal_alg;
170178825Sdfr	gss_krb5_lucid_key_t	ctx_key;
171178825Sdfr} gss_krb5_rfc1964_keydata_t;
172178825Sdfr
173178825Sdfrtypedef struct gss_krb5_cfx_keydata {
174178825Sdfr	OM_uint32		have_acceptor_subkey;
175178825Sdfr	gss_krb5_lucid_key_t	ctx_key;
176178825Sdfr	gss_krb5_lucid_key_t	acceptor_subkey;
177178825Sdfr} gss_krb5_cfx_keydata_t;
178178825Sdfr
179178825Sdfrtypedef struct gss_krb5_lucid_context_v1 {
180178825Sdfr	OM_uint32	version;
181178825Sdfr	OM_uint32	initiate;
182178825Sdfr	OM_uint32	endtime;
183178825Sdfr	OM_uint64	send_seq;
184178825Sdfr	OM_uint64	recv_seq;
185178825Sdfr	OM_uint32	protocol;
186178825Sdfr	gss_krb5_rfc1964_keydata_t rfc1964_kd;
187178825Sdfr	gss_krb5_cfx_keydata_t	   cfx_kd;
188178825Sdfr} gss_krb5_lucid_context_v1_t;
189178825Sdfr
190178825Sdfrtypedef struct gss_krb5_lucid_context_version {
191178825Sdfr	OM_uint32	version;	/* Structure version number */
192178825Sdfr} gss_krb5_lucid_context_version_t;
193178825Sdfr
194178825Sdfr/*
195178825Sdfr * Function declarations
196178825Sdfr */
197178825Sdfr
198178825SdfrOM_uint32
199178825Sdfrgss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
200178825Sdfr				  gss_ctx_id_t *context_handle,
201178825Sdfr				  OM_uint32 version,
202178825Sdfr				  void **kctx);
203178825Sdfr
204178825Sdfr
205178825SdfrOM_uint32
206178825Sdfrgss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
207178825Sdfr				void *kctx);
208178825Sdfr
209178825Sdfr
210178825SdfrOM_uint32
211178825Sdfrgss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
212178825Sdfr				gss_cred_id_t cred,
213178825Sdfr				OM_uint32 num_enctypes,
214178825Sdfr				int32_t *enctypes);
215178825Sdfr
216178825Sdfr#ifdef __cplusplus
217178825Sdfr}
218178825Sdfr#endif
219178825Sdfr
220178825Sdfr#endif /* GSSAPI_SPNEGO_H_ */
221