kssl.h revision 109998
1109998Smarkm/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ 2109998Smarkm/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000. 3109998Smarkm * project 2000. 4109998Smarkm */ 5109998Smarkm/* ==================================================================== 6109998Smarkm * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 7109998Smarkm * 8109998Smarkm * Redistribution and use in source and binary forms, with or without 9109998Smarkm * modification, are permitted provided that the following conditions 10109998Smarkm * are met: 11109998Smarkm * 12109998Smarkm * 1. Redistributions of source code must retain the above copyright 13109998Smarkm * notice, this list of conditions and the following disclaimer. 14109998Smarkm * 15109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright 16109998Smarkm * notice, this list of conditions and the following disclaimer in 17109998Smarkm * the documentation and/or other materials provided with the 18109998Smarkm * distribution. 19109998Smarkm * 20109998Smarkm * 3. All advertising materials mentioning features or use of this 21109998Smarkm * software must display the following acknowledgment: 22109998Smarkm * "This product includes software developed by the OpenSSL Project 23109998Smarkm * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24109998Smarkm * 25109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26109998Smarkm * endorse or promote products derived from this software without 27109998Smarkm * prior written permission. For written permission, please contact 28109998Smarkm * licensing@OpenSSL.org. 29109998Smarkm * 30109998Smarkm * 5. Products derived from this software may not be called "OpenSSL" 31109998Smarkm * nor may "OpenSSL" appear in their names without prior written 32109998Smarkm * permission of the OpenSSL Project. 33109998Smarkm * 34109998Smarkm * 6. Redistributions of any form whatsoever must retain the following 35109998Smarkm * acknowledgment: 36109998Smarkm * "This product includes software developed by the OpenSSL Project 37109998Smarkm * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38109998Smarkm * 39109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42109998Smarkm * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE. 51109998Smarkm * ==================================================================== 52109998Smarkm * 53109998Smarkm * This product includes cryptographic software written by Eric Young 54109998Smarkm * (eay@cryptsoft.com). This product includes software written by Tim 55109998Smarkm * Hudson (tjh@cryptsoft.com). 56109998Smarkm * 57109998Smarkm */ 58109998Smarkm 59109998Smarkm/* 60109998Smarkm** 19990701 VRS Started. 61109998Smarkm*/ 62109998Smarkm 63109998Smarkm#ifndef KSSL_H 64109998Smarkm#define KSSL_H 65109998Smarkm 66109998Smarkm#include <openssl/opensslconf.h> 67109998Smarkm 68109998Smarkm#ifndef OPENSSL_NO_KRB5 69109998Smarkm 70109998Smarkm#include <stdio.h> 71109998Smarkm#include <ctype.h> 72109998Smarkm#include <krb5.h> 73109998Smarkm 74109998Smarkm#ifdef __cplusplus 75109998Smarkmextern "C" { 76109998Smarkm#endif 77109998Smarkm 78109998Smarkm/* 79109998Smarkm** Depending on which KRB5 implementation used, some types from 80109998Smarkm** the other may be missing. Resolve that here and now 81109998Smarkm*/ 82109998Smarkm#ifdef KRB5_HEIMDAL 83109998Smarkmtypedef unsigned char krb5_octet; 84109998Smarkm#define FAR 85109998Smarkm#endif 86109998Smarkm 87109998Smarkm/* Uncomment this to debug kssl problems or 88109998Smarkm** to trace usage of the Kerberos session key 89109998Smarkm** 90109998Smarkm** #define KSSL_DEBUG 91109998Smarkm*/ 92109998Smarkm 93109998Smarkm#ifndef KRB5SVC 94109998Smarkm#define KRB5SVC "host" 95109998Smarkm#endif 96109998Smarkm 97109998Smarkm#ifndef KRB5KEYTAB 98109998Smarkm#define KRB5KEYTAB "/etc/krb5.keytab" 99109998Smarkm#endif 100109998Smarkm 101109998Smarkm#ifndef KRB5SENDAUTH 102109998Smarkm#define KRB5SENDAUTH 1 103109998Smarkm#endif 104109998Smarkm 105109998Smarkm#ifndef KRB5CHECKAUTH 106109998Smarkm#define KRB5CHECKAUTH 1 107109998Smarkm#endif 108109998Smarkm 109109998Smarkm#ifndef KSSL_CLOCKSKEW 110109998Smarkm#define KSSL_CLOCKSKEW 300; 111109998Smarkm#endif 112109998Smarkm 113109998Smarkm#define KSSL_ERR_MAX 255 114109998Smarkmtypedef struct kssl_err_st { 115109998Smarkm int reason; 116109998Smarkm char text[KSSL_ERR_MAX+1]; 117109998Smarkm } KSSL_ERR; 118109998Smarkm 119109998Smarkm 120109998Smarkm/* Context for passing 121109998Smarkm** (1) Kerberos session key to SSL, and 122109998Smarkm** (2) Config data between application and SSL lib 123109998Smarkm*/ 124109998Smarkmtypedef struct kssl_ctx_st 125109998Smarkm { 126109998Smarkm /* used by: disposition: */ 127109998Smarkm char *service_name; /* C,S default ok (kssl) */ 128109998Smarkm char *service_host; /* C input, REQUIRED */ 129109998Smarkm char *client_princ; /* S output from krb5 ticket */ 130109998Smarkm char *keytab_file; /* S NULL (/etc/krb5.keytab) */ 131109998Smarkm char *cred_cache; /* C NULL (default) */ 132109998Smarkm krb5_enctype enctype; 133109998Smarkm int length; 134109998Smarkm krb5_octet FAR *key; 135109998Smarkm } KSSL_CTX; 136109998Smarkm 137109998Smarkm#define KSSL_CLIENT 1 138109998Smarkm#define KSSL_SERVER 2 139109998Smarkm#define KSSL_SERVICE 3 140109998Smarkm#define KSSL_KEYTAB 4 141109998Smarkm 142109998Smarkm#define KSSL_CTX_OK 0 143109998Smarkm#define KSSL_CTX_ERR 1 144109998Smarkm#define KSSL_NOMEM 2 145109998Smarkm 146109998Smarkm/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ 147109998Smarkmkrb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); 148109998SmarkmKSSL_CTX *kssl_ctx_new(void); 149109998SmarkmKSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); 150109998Smarkmvoid kssl_ctx_show(KSSL_CTX *kssl_ctx); 151109998Smarkmkrb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, 152109998Smarkm krb5_data *realm, krb5_data *entity); 153109998Smarkmkrb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, 154109998Smarkm krb5_data *authenp, KSSL_ERR *kssl_err); 155109998Smarkmkrb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, 156109998Smarkm krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); 157109998Smarkmkrb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); 158109998Smarkmvoid kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); 159109998Smarkmvoid kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); 160109998Smarkmkrb5_error_code kssl_build_principal_2(krb5_context context, 161109998Smarkm krb5_principal *princ, int rlen, const char *realm, 162109998Smarkm int slen, const char *svc, int hlen, const char *host); 163109998Smarkmkrb5_error_code kssl_validate_times(krb5_timestamp atime, 164109998Smarkm krb5_ticket_times *ttimes); 165109998Smarkmkrb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, 166109998Smarkm krb5_timestamp *atimep, KSSL_ERR *kssl_err); 167109998Smarkmunsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); 168109998Smarkm 169109998Smarkm#ifdef __cplusplus 170109998Smarkm} 171109998Smarkm#endif 172109998Smarkm#endif /* OPENSSL_NO_KRB5 */ 173109998Smarkm#endif /* KSSL_H */ 174