kssl.h revision 160814
11590Srgrimes/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ 21590Srgrimes/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000. 31590Srgrimes * project 2000. 41590Srgrimes */ 51590Srgrimes/* ==================================================================== 61590Srgrimes * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 71590Srgrimes * 81590Srgrimes * Redistribution and use in source and binary forms, with or without 91590Srgrimes * modification, are permitted provided that the following conditions 101590Srgrimes * are met: 111590Srgrimes * 121590Srgrimes * 1. Redistributions of source code must retain the above copyright 131590Srgrimes * notice, this list of conditions and the following disclaimer. 141590Srgrimes * 151590Srgrimes * 2. Redistributions in binary form must reproduce the above copyright 161590Srgrimes * notice, this list of conditions and the following disclaimer in 171590Srgrimes * the documentation and/or other materials provided with the 181590Srgrimes * distribution. 191590Srgrimes * 201590Srgrimes * 3. All advertising materials mentioning features or use of this 211590Srgrimes * software must display the following acknowledgment: 221590Srgrimes * "This product includes software developed by the OpenSSL Project 231590Srgrimes * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 241590Srgrimes * 251590Srgrimes * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 261590Srgrimes * endorse or promote products derived from this software without 271590Srgrimes * prior written permission. For written permission, please contact 281590Srgrimes * licensing@OpenSSL.org. 291590Srgrimes * 301590Srgrimes * 5. Products derived from this software may not be called "OpenSSL" 311590Srgrimes * nor may "OpenSSL" appear in their names without prior written 321590Srgrimes * permission of the OpenSSL Project. 3387712Smarkm * 3487712Smarkm * 6. Redistributions of any form whatsoever must retain the following 3587712Smarkm * acknowledgment: 3687712Smarkm * "This product includes software developed by the OpenSSL Project 371590Srgrimes * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3887712Smarkm * 3969528Sasmodai * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 401590Srgrimes * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 411590Srgrimes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 421590Srgrimes * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4387712Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4487712Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4587712Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 461590Srgrimes * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 471590Srgrimes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 481590Srgrimes * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 491590Srgrimes * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5087712Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE. 5187712Smarkm * ==================================================================== 521590Srgrimes * 531590Srgrimes * This product includes cryptographic software written by Eric Young 541590Srgrimes * (eay@cryptsoft.com). This product includes software written by Tim 551590Srgrimes * Hudson (tjh@cryptsoft.com). 561590Srgrimes * 571590Srgrimes */ 581590Srgrimes 591590Srgrimes/* 601590Srgrimes** 19990701 VRS Started. 611590Srgrimes*/ 621590Srgrimes 631590Srgrimes#ifndef KSSL_H 6417339Sadam#define KSSL_H 65193488Sbrian 661590Srgrimes#include <openssl/opensslconf.h> 6769552Sasmodai 6869552Sasmodai#ifndef OPENSSL_NO_KRB5 691590Srgrimes 701590Srgrimes#include <stdio.h> 711590Srgrimes#include <ctype.h> 721590Srgrimes#include <krb5.h> 7317825Speter 741590Srgrimes#ifdef __cplusplus 751590Srgrimesextern "C" { 761590Srgrimes#endif 771590Srgrimes 781590Srgrimes/* 791590Srgrimes** Depending on which KRB5 implementation used, some types from 801590Srgrimes** the other may be missing. Resolve that here and now 811590Srgrimes*/ 821590Srgrimes#ifdef KRB5_HEIMDAL 83193488Sbriantypedef unsigned char krb5_octet; 84172719Skib#define FAR 8517339Sadam#else 861590Srgrimes 871590Srgrimes#ifndef FAR 881590Srgrimes#define FAR 891590Srgrimes#endif 901590Srgrimes 911590Srgrimes#endif 921590Srgrimes 931590Srgrimes/* Uncomment this to debug kssl problems or 941590Srgrimes** to trace usage of the Kerberos session key 951590Srgrimes** 961590Srgrimes** #define KSSL_DEBUG 971590Srgrimes*/ 981590Srgrimes 991590Srgrimes#ifndef KRB5SVC 1001590Srgrimes#define KRB5SVC "host" 1011590Srgrimes#endif 1021590Srgrimes 1031590Srgrimes#ifndef KRB5KEYTAB 1041590Srgrimes#define KRB5KEYTAB "/etc/krb5.keytab" 1051590Srgrimes#endif 1061590Srgrimes 1071590Srgrimes#ifndef KRB5SENDAUTH 1081590Srgrimes#define KRB5SENDAUTH 1 1091590Srgrimes#endif 1101590Srgrimes 1111590Srgrimes#ifndef KRB5CHECKAUTH 1121590Srgrimes#define KRB5CHECKAUTH 1 1131590Srgrimes#endif 1141590Srgrimes 11587712Smarkm#ifndef KSSL_CLOCKSKEW 11687712Smarkm#define KSSL_CLOCKSKEW 300; 1171590Srgrimes#endif 1181590Srgrimes 119172719Skib#define KSSL_ERR_MAX 255 120172719Skibtypedef struct kssl_err_st { 12117341Sadam int reason; 1221590Srgrimes char text[KSSL_ERR_MAX+1]; 1231590Srgrimes } KSSL_ERR; 1241590Srgrimes 1251590Srgrimes 1261590Srgrimes/* Context for passing 1271590Srgrimes** (1) Kerberos session key to SSL, and 1281590Srgrimes** (2) Config data between application and SSL lib 1291590Srgrimes*/ 1301590Srgrimestypedef struct kssl_ctx_st 1311590Srgrimes { 1321590Srgrimes /* used by: disposition: */ 1331590Srgrimes char *service_name; /* C,S default ok (kssl) */ 13417339Sadam char *service_host; /* C input, REQUIRED */ 135193488Sbrian char *client_princ; /* S output from krb5 ticket */ 1361590Srgrimes char *keytab_file; /* S NULL (/etc/krb5.keytab) */ 1371590Srgrimes char *cred_cache; /* C NULL (default) */ 138116156Smarkm krb5_enctype enctype; 1391590Srgrimes int length; 1401590Srgrimes krb5_octet FAR *key; 14187712Smarkm } KSSL_CTX; 142172719Skib 14387712Smarkm#define KSSL_CLIENT 1 144116156Smarkm#define KSSL_SERVER 2 1451590Srgrimes#define KSSL_SERVICE 3 146245184Sdelphij#define KSSL_KEYTAB 4 147245184Sdelphij 148173285Scharnier#define KSSL_CTX_OK 0 1491590Srgrimes#define KSSL_CTX_ERR 1 150172719Skib#define KSSL_NOMEM 2 1511590Srgrimes 1521590Srgrimes/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ 1531590Srgrimeskrb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); 1541590SrgrimesKSSL_CTX *kssl_ctx_new(void); 15517825SpeterKSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); 1561590Srgrimesvoid kssl_ctx_show(KSSL_CTX *kssl_ctx); 1571590Srgrimeskrb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, 1581590Srgrimes krb5_data *realm, krb5_data *entity, int nentities); 1591590Srgrimeskrb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, 160116156Smarkm krb5_data *authenp, KSSL_ERR *kssl_err); 16187712Smarkmkrb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, 16287712Smarkm krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); 16387712Smarkmkrb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); 16417825Spetervoid kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); 1651590Srgrimesvoid kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); 16687712Smarkmkrb5_error_code kssl_build_principal_2(krb5_context context, 1671590Srgrimes krb5_principal *princ, int rlen, const char *realm, 1681590Srgrimes int slen, const char *svc, int hlen, const char *host); 1691590Srgrimeskrb5_error_code kssl_validate_times(krb5_timestamp atime, 1701590Srgrimes krb5_ticket_times *ttimes); 1711590Srgrimeskrb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, 1721590Srgrimes krb5_timestamp *atimep, KSSL_ERR *kssl_err); 1731590Srgrimesunsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); 1741590Srgrimes 1751590Srgrimes#ifdef __cplusplus 176193488Sbrian} 177172719Skib#endif 178172719Skib#endif /* OPENSSL_NO_KRB5 */ 1791590Srgrimes#endif /* KSSL_H */ 1801590Srgrimes