2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 /* $Id: gssapi_locl.h,v 1.41 2005/10/12 15:20:37 lha Exp $ */
43 #include <krb5_locl.h>
50 #include "spnego_asn1.h"
58 typedef struct gss_ctx_id_t_desc_struct {
59 struct krb5_auth_context_data *auth_context;
60 gss_name_t source, target;
61 enum gss_ctx_id_t_state {
62 INITIATOR_START = 1, INITIATOR_WAIT_FOR_MUTAL = 2, INITIATOR_READY= 3,
63 ACCEPTOR_START = 11, ACCEPTOR_WAIT_FOR_DCESTYLE = 12, ACCEPTOR_READY = 13
69 COMPAT_OLD_DES3_SELECTED = 8,
72 struct krb5_ticket *ticket;
73 krb5_keyblock *service_keyblock;
76 HEIMDAL_MUTEX ctx_id_mutex;
77 struct gss_msg_order *order;
80 typedef struct gss_cred_id_t_desc_struct {
82 krb5_boolean made_keytab;
83 struct krb5_keytab_data *keytab;
85 gss_cred_usage_t usage;
86 gss_OID_set mechanisms;
87 krb5_boolean made_ccache;
88 struct krb5_ccache_data *ccache;
89 HEIMDAL_MUTEX cred_id_mutex;
96 extern krb5_context gssapi_krb5_context;
98 extern krb5_keytab gssapi_krb5_keytab;
99 extern HEIMDAL_MUTEX gssapi_keytab_mutex;
101 struct gssapi_thr_context {
110 krb5_error_code gssapi_krb5_init (void);
111 krb5_error_code gssapi_krb5_init_ev (void *event_context);
113 #define GSSAPI_KRB5_INIT() do { \
114 krb5_error_code kret_gss_init; \
115 if((kret_gss_init = gssapi_krb5_init ()) != 0) { \
116 *minor_status = kret_gss_init; \
117 return GSS_S_FAILURE; \
121 struct gssapi_thr_context *
122 gssapi_get_thread_context(int);
126 OM_uint32 * minor_status,
127 gss_ctx_id_t * context_handle,
128 const gss_channel_bindings_t input_chan_bindings,
129 enum gss_ctx_id_t_state state);
132 gsskrb5_is_cfx(gss_ctx_id_t, int *);
135 gssapi_krb5_create_8003_checksum (
136 OM_uint32 *minor_status,
137 const gss_channel_bindings_t input_chan_bindings,
139 const krb5_data *fwd_data,
143 gssapi_krb5_verify_8003_checksum (
144 OM_uint32 *minor_status,
145 const gss_channel_bindings_t input_chan_bindings,
146 const Checksum *cksum,
148 krb5_data *fwd_data);
151 _gssapi_encap_length (size_t data_len,
157 gssapi_krb5_encap_length (size_t data_len,
165 _gssapi_encapsulate(OM_uint32 *minor_status,
166 const krb5_data *in_data,
167 gss_buffer_t output_token,
172 gssapi_krb5_encapsulate(OM_uint32 *minor_status,
173 const krb5_data *in_data,
174 gss_buffer_t output_token,
179 gssapi_krb5_decapsulate(OM_uint32 *minor_status,
180 gss_buffer_t input_token_buffer,
186 gssapi_krb5_make_header (u_char *p,
192 _gssapi_make_mech_header(u_char *p,
197 _gssapi_verify_mech_header(u_char **str,
202 gssapi_krb5_verify_header(u_char **str,
208 _gssapi_decapsulate(OM_uint32 *minor_status,
209 gss_buffer_t input_token_buffer,
215 gssapi_krb5_get_mech (const u_char *, size_t, const u_char **);
218 _gssapi_verify_pad(gss_buffer_t, size_t, size_t *);
221 gss_verify_mic_internal(OM_uint32 * minor_status,
222 const gss_ctx_id_t context_handle,
223 const gss_buffer_t message_buffer,
224 const gss_buffer_t token_buffer,
225 gss_qop_t * qop_state,
229 gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
230 krb5_keyblock **key);
233 gss_address_to_krb5addr(OM_uint32 gss_addr_type,
234 gss_buffer_desc *gss_addr,
236 krb5_address *address);
238 /* sec_context flags */
240 #define SC_LOCAL_ADDRESS 0x01
241 #define SC_REMOTE_ADDRESS 0x02
242 #define SC_KEYBLOCK 0x04
243 #define SC_LOCAL_SUBKEY 0x08
244 #define SC_REMOTE_SUBKEY 0x10
247 gss_oid_equal(const gss_OID a, const gss_OID b);
250 gssapi_krb5_clear_status (void);
253 gssapi_krb5_set_status (const char *fmt, ...);
256 gssapi_krb5_set_error_string (void);
259 gssapi_krb5_get_error_string (void);
262 _gss_DES3_get_mic_compat(OM_uint32 *, gss_ctx_id_t);
265 _gss_spnego_require_mechlist_mic(OM_uint32 *, gss_ctx_id_t, krb5_boolean *);
268 _gss_check_compat(OM_uint32 *, gss_name_t, const char *,
269 krb5_boolean *, krb5_boolean);
272 gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *);
277 _gssapi_msg_order_create(OM_uint32 *, struct gss_msg_order **,
278 OM_uint32, OM_uint32, OM_uint32, int);
280 _gssapi_msg_order_destroy(struct gss_msg_order **);
283 _gssapi_msg_order_check(struct gss_msg_order *, OM_uint32);
286 _gssapi_msg_order_f(OM_uint32);
291 gssapi_encode_om_uint32(OM_uint32, u_char *);
294 gssapi_encode_be_om_uint32(OM_uint32, u_char *);
297 gssapi_decode_om_uint32(u_char *, OM_uint32 *);
300 gssapi_decode_be_om_uint32(u_char *, OM_uint32 *);