2 * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #ifndef GSSAPI_KRB5_H_
37 #define GSSAPI_KRB5_H_
43 #if !defined(__GNUC__) && !defined(__attribute__)
44 #define __attribute__(x)
47 #ifndef GSSKRB5_FUNCTION_DEPRECATED
48 #define GSSKRB5_FUNCTION_DEPRECATED __attribute__((deprecated))
53 * This is for kerberos5 names.
56 extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc;
57 #define GSS_KRB5_NT_PRINCIPAL_NAME (&__gss_krb5_nt_principal_name_oid_desc)
59 #define GSS_KRB5_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc)
60 #define GSS_KRB5_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc)
61 #define GSS_KRB5_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc)
63 extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc;
64 #define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc)
66 /* for compatibility with MIT api */
68 #define gss_mech_krb5 GSS_KRB5_MECHANISM
69 #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
71 /* Extensions set contexts options */
72 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc;
73 #define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc)
75 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc;
76 #define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc)
78 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc;
79 #define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc)
81 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc;
82 #define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc)
84 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc;
85 #define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc)
87 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc;
88 #define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc)
90 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc;
91 #define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc)
93 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc;
94 #define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc)
96 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc;
97 #define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc)
99 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc;
100 #define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc)
102 /* Extensions inquire context */
103 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc;
104 #define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc)
106 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
107 #define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc)
109 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc;
110 #define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc)
112 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc;
113 #define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc)
115 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc;
116 #define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc)
118 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc;
119 #define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc)
121 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc;
122 #define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc)
124 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc;
125 #define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc)
127 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc;
128 #define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc)
130 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc;
131 #define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc)
133 /* Extensions creds */
135 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc;
136 #define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc)
138 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc;
139 #define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc)
141 extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc;
142 #define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc)
145 * kerberos mechanism specific functions
148 struct krb5_keytab_data;
149 struct krb5_ccache_data;
152 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
153 gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
154 const char * /*name */,
155 const char ** /*out_name */);
157 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_register_acceptor_identity
158 (const char * /*identity*/);
160 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL krb5_gss_register_acceptor_identity
161 (const char * /*identity*/);
163 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_copy_ccache
164 (OM_uint32 * /*minor*/,
165 gss_cred_id_t /*cred*/,
166 struct krb5_ccache_data * /*out*/);
168 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
169 gss_krb5_import_cred(OM_uint32 * /*minor*/,
170 struct krb5_ccache_data * /*in*/,
171 struct Principal * /*keytab_principal*/,
172 struct krb5_keytab_data * /*keytab*/,
173 gss_cred_id_t * /*out*/);
175 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_get_tkt_flags
176 (OM_uint32 * /*minor*/,
177 gss_ctx_id_t /*context_handle*/,
178 OM_uint32 * /*tkt_flags*/);
180 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
181 gsskrb5_extract_authz_data_from_sec_context
182 (OM_uint32 * /*minor_status*/,
183 gss_ctx_id_t /*context_handle*/,
185 gss_buffer_t /*ad_data*/);
187 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
188 gsskrb5_set_dns_canonicalize(int);
190 struct gsskrb5_send_to_kdc {
195 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
196 gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *)
197 GSSKRB5_FUNCTION_DEPRECATED;
199 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
200 gsskrb5_set_default_realm(const char *);
202 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
203 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *);
205 struct EncryptionKey;
207 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
208 gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
209 gss_ctx_id_t context_handle,
210 struct EncryptionKey **out);
211 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
212 gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
213 gss_ctx_id_t context_handle,
214 struct EncryptionKey **out);
215 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
216 gsskrb5_get_subkey(OM_uint32 *minor_status,
217 gss_ctx_id_t context_handle,
218 struct EncryptionKey **out);
220 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
221 gsskrb5_set_time_offset(int);
223 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
224 gsskrb5_get_time_offset(int *);
226 struct gsskrb5_krb5_plugin {
232 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
233 gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *);
237 * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to
238 * do GSS content token handling in-kernel.
241 typedef struct gss_krb5_lucid_key {
245 } gss_krb5_lucid_key_t;
247 typedef struct gss_krb5_rfc1964_keydata {
250 gss_krb5_lucid_key_t ctx_key;
251 } gss_krb5_rfc1964_keydata_t;
253 typedef struct gss_krb5_cfx_keydata {
254 OM_uint32 have_acceptor_subkey;
255 gss_krb5_lucid_key_t ctx_key;
256 gss_krb5_lucid_key_t acceptor_subkey;
257 } gss_krb5_cfx_keydata_t;
259 typedef struct gss_krb5_lucid_context_v1 {
266 gss_krb5_rfc1964_keydata_t rfc1964_kd;
267 gss_krb5_cfx_keydata_t cfx_kd;
268 } gss_krb5_lucid_context_v1_t;
270 typedef struct gss_krb5_lucid_context_version {
271 OM_uint32 version; /* Structure version number */
272 } gss_krb5_lucid_context_version_t;
275 * Function declarations
278 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
279 gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
280 gss_ctx_id_t *context_handle,
285 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
286 gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
290 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
291 gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
293 OM_uint32 num_enctypes,
298 #endif /* GSSAPI_SPNEGO_H_ */