1178825Sdfr/* $OpenBSD: ssh-gss.h,v 1.16 2024/05/17 06:42:04 jsg Exp $ */ 2142403Snectar/* 3178825Sdfr * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4178825Sdfr * 5178825Sdfr * Redistribution and use in source and binary forms, with or without 6178825Sdfr * modification, are permitted provided that the following conditions 7178825Sdfr * are met: 8142403Snectar * 1. Redistributions of source code must retain the above copyright 9120945Snectar * notice, this list of conditions and the following disclaimer. 10120945Snectar * 2. Redistributions in binary form must reproduce the above copyright 11120945Snectar * notice, this list of conditions and the following disclaimer in the 12120945Snectar * documentation and/or other materials provided with the distribution. 13120945Snectar * 14120945Snectar * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR 15120945Snectar * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16120945Snectar * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17120945Snectar * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1890926Snectar * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1990926Snectar * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 2090926Snectar * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2190926Snectar * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2272445Sassar * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2372445Sassar * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2472445Sassar */ 2572445Sassar 2672445Sassar#ifndef _SSH_GSS_H 2772445Sassar#define _SSH_GSS_H 2872445Sassar 2972445Sassar#ifdef GSSAPI 3072445Sassar 3172445Sassar#include <gssapi.h> 3272445Sassar 3372445Sassar/* draft-ietf-secsh-gsskeyex-06 */ 3472445Sassar#define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60 3572445Sassar#define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61 3672445Sassar#define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63 3772445Sassar#define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64 3872445Sassar#define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65 3972445Sassar#define SSH2_MSG_USERAUTH_GSSAPI_MIC 66 4072445Sassar 4172445Sassar#define SSH_GSS_OIDTYPE 0x06 4272445Sassar 4372445Sassartypedef struct { 4472445Sassar char *filename; 4572445Sassar char *envvar; 4672445Sassar char *envval; 4772445Sassar void *data; 4872445Sassar} ssh_gssapi_ccache; 4972445Sassar 5072445Sassartypedef struct { 5155682Smarkm gss_buffer_desc displayname; 5255682Smarkm gss_buffer_desc exportedname; 5355682Smarkm gss_cred_id_t creds; 5455682Smarkm struct ssh_gssapi_mech_struct *mech; 5555682Smarkm ssh_gssapi_ccache store; 5655682Smarkm} ssh_gssapi_client; 5755682Smarkm 5855682Smarkmtypedef struct ssh_gssapi_mech_struct { 5955682Smarkm char *enc_name; 6055682Smarkm char *name; 6155682Smarkm gss_OID_desc oid; 6255682Smarkm int (*dochild) (ssh_gssapi_client *); 6355682Smarkm int (*userok) (ssh_gssapi_client *, char *); 6455682Smarkm int (*localname) (ssh_gssapi_client *, char **); 6555682Smarkm void (*storecreds) (ssh_gssapi_client *); 6655682Smarkm} ssh_gssapi_mech; 6755682Smarkm 6855682Smarkmtypedef struct { 6955682Smarkm OM_uint32 major; /* both */ 7055682Smarkm OM_uint32 minor; /* both */ 7155682Smarkm gss_ctx_id_t context; /* both */ 7255682Smarkm gss_name_t name; /* both */ 7355682Smarkm gss_OID oid; /* client */ 7455682Smarkm gss_cred_id_t creds; /* server */ 7555682Smarkm gss_name_t client; /* server */ 7655682Smarkm gss_cred_id_t client_creds; /* server */ 7755682Smarkm} Gssctxt; 7855682Smarkm 7955682Smarkmextern ssh_gssapi_mech *supported_mechs[]; 8055682Smarkm 8155682Smarkmint ssh_gssapi_check_oid(Gssctxt *, void *, size_t); 8255682Smarkmvoid ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); 8355682Smarkmvoid ssh_gssapi_set_oid(Gssctxt *, gss_OID); 8455682Smarkmvoid ssh_gssapi_supported_oids(gss_OID_set *); 8555682Smarkmvoid ssh_gssapi_prepare_supported_oids(void); 8655682SmarkmOM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *); 8755682Smarkm 8855682Smarkmstruct sshbuf; 8955682Smarkmint ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *); 9055682Smarkm 9155682SmarkmOM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); 9255682SmarkmOM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, 9355682Smarkm gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); 9455682SmarkmOM_uint32 ssh_gssapi_accept_ctx(Gssctxt *, 9555682Smarkm gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); 9655682SmarkmOM_uint32 ssh_gssapi_getclient(Gssctxt *, ssh_gssapi_client *); 9755682Smarkmvoid ssh_gssapi_error(Gssctxt *); 9855682Smarkmchar *ssh_gssapi_last_error(Gssctxt *, OM_uint32 *, OM_uint32 *); 9955682Smarkmvoid ssh_gssapi_build_ctx(Gssctxt **); 10055682Smarkmvoid ssh_gssapi_delete_ctx(Gssctxt **); 10155682SmarkmOM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); 10255682Smarkmvoid ssh_gssapi_buildmic(struct sshbuf *, const char *, 10355682Smarkm const char *, const char *, const struct sshbuf *); 10455682Smarkmint ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); 10555682Smarkm 10655682Smarkm/* In the server */ 10755682SmarkmOM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); 10855682Smarkmint ssh_gssapi_userok(char *name); 10955682SmarkmOM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); 11055682Smarkmvoid ssh_gssapi_do_child(char ***, u_int *); 11155682Smarkmvoid ssh_gssapi_cleanup_creds(void); 11255682Smarkmvoid ssh_gssapi_storecreds(void); 11355682Smarkmconst char *ssh_gssapi_displayname(void); 11455682Smarkm 11555682Smarkm#endif /* GSSAPI */ 11655682Smarkm 11755682Smarkm#endif /* _SSH_GSS_H */ 11855682Smarkm