1109998Smarkm/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
2296465Sdelphij/*
3296465Sdelphij * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
4296465Sdelphij * 2000. project 2000.
5109998Smarkm */
6109998Smarkm/* ====================================================================
7109998Smarkm * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
8109998Smarkm *
9109998Smarkm * Redistribution and use in source and binary forms, with or without
10109998Smarkm * modification, are permitted provided that the following conditions
11109998Smarkm * are met:
12109998Smarkm *
13109998Smarkm * 1. Redistributions of source code must retain the above copyright
14296465Sdelphij *    notice, this list of conditions and the following disclaimer.
15109998Smarkm *
16109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright
17109998Smarkm *    notice, this list of conditions and the following disclaimer in
18109998Smarkm *    the documentation and/or other materials provided with the
19109998Smarkm *    distribution.
20109998Smarkm *
21109998Smarkm * 3. All advertising materials mentioning features or use of this
22109998Smarkm *    software must display the following acknowledgment:
23109998Smarkm *    "This product includes software developed by the OpenSSL Project
24109998Smarkm *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25109998Smarkm *
26109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27109998Smarkm *    endorse or promote products derived from this software without
28109998Smarkm *    prior written permission. For written permission, please contact
29109998Smarkm *    licensing@OpenSSL.org.
30109998Smarkm *
31109998Smarkm * 5. Products derived from this software may not be called "OpenSSL"
32109998Smarkm *    nor may "OpenSSL" appear in their names without prior written
33109998Smarkm *    permission of the OpenSSL Project.
34109998Smarkm *
35109998Smarkm * 6. Redistributions of any form whatsoever must retain the following
36109998Smarkm *    acknowledgment:
37109998Smarkm *    "This product includes software developed by the OpenSSL Project
38109998Smarkm *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39109998Smarkm *
40109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43109998Smarkm * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE.
52109998Smarkm * ====================================================================
53109998Smarkm *
54109998Smarkm * This product includes cryptographic software written by Eric Young
55109998Smarkm * (eay@cryptsoft.com).  This product includes software written by Tim
56109998Smarkm * Hudson (tjh@cryptsoft.com).
57109998Smarkm *
58109998Smarkm */
59109998Smarkm
60109998Smarkm/*
61296465Sdelphij **      19990701        VRS     Started.
62296465Sdelphij */
63109998Smarkm
64296465Sdelphij#ifndef KSSL_H
65296465Sdelphij# define KSSL_H
66109998Smarkm
67296465Sdelphij# include <openssl/opensslconf.h>
68109998Smarkm
69296465Sdelphij# ifndef OPENSSL_NO_KRB5
70109998Smarkm
71296465Sdelphij#  include <stdio.h>
72296465Sdelphij#  include <ctype.h>
73296465Sdelphij#  include <krb5.h>
74109998Smarkm
75109998Smarkm#ifdef  __cplusplus
76109998Smarkmextern "C" {
77109998Smarkm#endif
78109998Smarkm
79109998Smarkm/*
80296465Sdelphij *      Depending on which KRB5 implementation used, some types from
81296465Sdelphij *      the other may be missing.  Resolve that here and now
82296465Sdelphij */
83296465Sdelphij#  ifdef KRB5_HEIMDAL
84109998Smarkmtypedef unsigned char krb5_octet;
85296465Sdelphij#   define FAR
86296465Sdelphij#  else
87160814Ssimon
88296465Sdelphij#   ifndef FAR
89296465Sdelphij#    define FAR
90296465Sdelphij#   endif
91109998Smarkm
92296465Sdelphij#  endif
93160814Ssimon
94296465Sdelphij/*-
95296465Sdelphij *      Uncomment this to debug kssl problems or
96296465Sdelphij *      to trace usage of the Kerberos session key
97296465Sdelphij *
98296465Sdelphij *      #define         KSSL_DEBUG
99296465Sdelphij */
100109998Smarkm
101296465Sdelphij#  ifndef KRB5SVC
102296465Sdelphij#   define KRB5SVC "host"
103296465Sdelphij#  endif
104109998Smarkm
105296465Sdelphij#  ifndef KRB5KEYTAB
106296465Sdelphij#   define KRB5KEYTAB      "/etc/krb5.keytab"
107296465Sdelphij#  endif
108109998Smarkm
109296465Sdelphij#  ifndef KRB5SENDAUTH
110296465Sdelphij#   define KRB5SENDAUTH    1
111296465Sdelphij#  endif
112109998Smarkm
113296465Sdelphij#  ifndef KRB5CHECKAUTH
114296465Sdelphij#   define KRB5CHECKAUTH   1
115296465Sdelphij#  endif
116109998Smarkm
117296465Sdelphij#  ifndef KSSL_CLOCKSKEW
118296465Sdelphij#   define KSSL_CLOCKSKEW  300;
119296465Sdelphij#  endif
120109998Smarkm
121296465Sdelphij#  define KSSL_ERR_MAX    255
122296465Sdelphijtypedef struct kssl_err_st {
123296465Sdelphij    int reason;
124296465Sdelphij    char text[KSSL_ERR_MAX + 1];
125296465Sdelphij} KSSL_ERR;
126109998Smarkm
127296465Sdelphij/*-     Context for passing
128296465Sdelphij *              (1) Kerberos session key to SSL, and
129296465Sdelphij *              (2)     Config data between application and SSL lib
130296465Sdelphij */
131296465Sdelphijtypedef struct kssl_ctx_st {
132296465Sdelphij    /*      used by:    disposition:            */
133296465Sdelphij    char *service_name;         /* C,S default ok (kssl) */
134296465Sdelphij    char *service_host;         /* C input, REQUIRED */
135296465Sdelphij    char *client_princ;         /* S output from krb5 ticket */
136296465Sdelphij    char *keytab_file;          /* S NULL (/etc/krb5.keytab) */
137296465Sdelphij    char *cred_cache;           /* C NULL (default) */
138296465Sdelphij    krb5_enctype enctype;
139296465Sdelphij    int length;
140296465Sdelphij    krb5_octet FAR *key;
141296465Sdelphij} KSSL_CTX;
142109998Smarkm
143296465Sdelphij#  define KSSL_CLIENT     1
144296465Sdelphij#  define KSSL_SERVER     2
145296465Sdelphij#  define KSSL_SERVICE    3
146296465Sdelphij#  define KSSL_KEYTAB     4
147109998Smarkm
148296465Sdelphij#  define KSSL_CTX_OK     0
149296465Sdelphij#  define KSSL_CTX_ERR    1
150296465Sdelphij#  define KSSL_NOMEM      2
151109998Smarkm
152109998Smarkm/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
153109998Smarkmkrb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
154109998SmarkmKSSL_CTX *kssl_ctx_new(void);
155109998SmarkmKSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
156109998Smarkmvoid kssl_ctx_show(KSSL_CTX *kssl_ctx);
157109998Smarkmkrb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
158296465Sdelphij                                  krb5_data *realm, krb5_data *entity,
159296465Sdelphij                                  int nentities);
160296465Sdelphijkrb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
161296465Sdelphij                              krb5_data *authenp, KSSL_ERR *kssl_err);
162296465Sdelphijkrb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
163296465Sdelphij                              krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
164109998Smarkmkrb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
165296465Sdelphijvoid kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
166109998Smarkmvoid kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
167296465Sdelphijkrb5_error_code kssl_build_principal_2(krb5_context context,
168296465Sdelphij                                       krb5_principal *princ, int rlen,
169296465Sdelphij                                       const char *realm, int slen,
170296465Sdelphij                                       const char *svc, int hlen,
171296465Sdelphij                                       const char *host);
172296465Sdelphijkrb5_error_code kssl_validate_times(krb5_timestamp atime,
173296465Sdelphij                                    krb5_ticket_times *ttimes);
174296465Sdelphijkrb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
175296465Sdelphij                                   krb5_timestamp *atimep,
176296465Sdelphij                                   KSSL_ERR *kssl_err);
177296465Sdelphijunsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
178109998Smarkm
179109998Smarkm#ifdef  __cplusplus
180109998Smarkm}
181109998Smarkm#endif
182296465Sdelphij# endif                         /* OPENSSL_NO_KRB5 */
183296465Sdelphij#endif                          /* KSSL_H */
184