2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 /* $Id: gssapi.h,v 1.37 2005/02/21 08:48:15 lukeh Exp $ */
40 * First, include stddef.h to get size_t defined.
44 #include <krb5-types.h>
47 * Now define the three implementation-dependent types.
50 typedef u_int32_t OM_uint32;
52 typedef u_int32_t gss_uint32;
55 * This is to avoid having to include <krb5.h>
58 struct krb5_auth_context_data;
62 /* typedef void *gss_name_t; */
64 typedef struct Principal *gss_name_t;
66 struct gss_ctx_id_t_desc_struct;
67 typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t;
69 typedef struct gss_OID_desc_struct {
72 } gss_OID_desc, *gss_OID;
74 typedef struct gss_OID_set_desc_struct {
77 } gss_OID_set_desc, *gss_OID_set;
79 struct krb5_keytab_data;
81 struct krb5_ccache_data;
83 typedef int gss_cred_usage_t;
85 struct gss_cred_id_t_desc_struct;
86 typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t;
88 typedef struct gss_buffer_desc_struct {
91 } gss_buffer_desc, *gss_buffer_t;
93 typedef struct gss_channel_bindings_struct {
94 OM_uint32 initiator_addrtype;
95 gss_buffer_desc initiator_address;
96 OM_uint32 acceptor_addrtype;
97 gss_buffer_desc acceptor_address;
98 gss_buffer_desc application_data;
99 } *gss_channel_bindings_t;
102 * For now, define a QOP-type as an OM_uint32
104 typedef OM_uint32 gss_qop_t;
107 * Flag bits for context-level services.
109 #define GSS_C_DELEG_FLAG 1 /* 0x00000001 */
110 #define GSS_C_MUTUAL_FLAG 2 /* 0x00000002 */
111 #define GSS_C_REPLAY_FLAG 4 /* 0x00000004 */
112 #define GSS_C_SEQUENCE_FLAG 8 /* 0x00000008 */
113 #define GSS_C_CONF_FLAG 16 /* 0x00000010 */
114 #define GSS_C_INTEG_FLAG 32 /* 0x00000020 */
115 #define GSS_C_ANON_FLAG 64 /* 0x00000040 */
116 #define GSS_C_PROT_READY_FLAG 128 /* 0x00000080 */
117 #define GSS_C_TRANS_FLAG 256 /* 0x00000100 */
119 /* these are from draft-brezak-win2k-krb-rc4-hmac-04.txt */
120 #define GSS_C_DCE_STYLE 4096 /* 0x00001000 */
121 #define GSS_C_IDENTIFY_FLAG 8192 /* 0x00002000 */
122 #define GSS_C_EXTENDED_ERROR_FLAG 16384 /* 0x00004000 */
125 * Credential usage options
128 #define GSS_C_INITIATE 1
129 #define GSS_C_ACCEPT 2
132 * Status code types for gss_display_status
134 #define GSS_C_GSS_CODE 1
135 #define GSS_C_MECH_CODE 2
138 * The constant definitions for channel-bindings address families
140 #define GSS_C_AF_UNSPEC 0
141 #define GSS_C_AF_LOCAL 1
142 #define GSS_C_AF_INET 2
143 #define GSS_C_AF_IMPLINK 3
144 #define GSS_C_AF_PUP 4
145 #define GSS_C_AF_CHAOS 5
146 #define GSS_C_AF_NS 6
147 #define GSS_C_AF_NBS 7
148 #define GSS_C_AF_ECMA 8
149 #define GSS_C_AF_DATAKIT 9
150 #define GSS_C_AF_CCITT 10
151 #define GSS_C_AF_SNA 11
152 #define GSS_C_AF_DECnet 12
153 #define GSS_C_AF_DLI 13
154 #define GSS_C_AF_LAT 14
155 #define GSS_C_AF_HYLINK 15
156 #define GSS_C_AF_APPLETALK 16
157 #define GSS_C_AF_BSC 17
158 #define GSS_C_AF_DSS 18
159 #define GSS_C_AF_OSI 19
160 #define GSS_C_AF_X25 21
161 #define GSS_C_AF_INET6 24
163 #define GSS_C_AF_NULLADDR 255
166 * Various Null values
168 #define GSS_C_NO_NAME ((gss_name_t) 0)
169 #define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
170 #define GSS_C_NO_OID ((gss_OID) 0)
171 #define GSS_C_NO_OID_SET ((gss_OID_set) 0)
172 #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
173 #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
174 #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
175 #define GSS_C_EMPTY_BUFFER {0, NULL}
178 * Some alternate names for a couple of the above
179 * values. These are defined for V1 compatibility.
181 #define GSS_C_NULL_OID GSS_C_NO_OID
182 #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
185 * Define the default Quality of Protection for per-message
186 * services. Note that an implementation that offers multiple
187 * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
188 * (as done here) to mean "default protection", or to a specific
189 * explicit QOP value. However, a value of 0 should always be
190 * interpreted by a GSSAPI implementation as a request for the
191 * default protection level.
193 #define GSS_C_QOP_DEFAULT 0
195 #define GSS_KRB5_CONF_C_QOP_DES 0x0100
196 #define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200
199 * Expiration time of 2^32-1 seconds means infinite lifetime for a
200 * credential or security context
202 #define GSS_C_INDEFINITE 0xfffffffful
209 * The implementation must reserve static storage for a
210 * gss_OID_desc object containing the value
211 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
212 * "\x01\x02\x01\x01"},
213 * corresponding to an object-identifier value of
214 * {iso(1) member-body(2) United States(840) mit(113554)
215 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
216 * GSS_C_NT_USER_NAME should be initialized to point
217 * to that gss_OID_desc.
219 extern gss_OID GSS_C_NT_USER_NAME;
222 * The implementation must reserve static storage for a
223 * gss_OID_desc object containing the value
224 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
225 * "\x01\x02\x01\x02"},
226 * corresponding to an object-identifier value of
227 * {iso(1) member-body(2) United States(840) mit(113554)
228 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
229 * The constant GSS_C_NT_MACHINE_UID_NAME should be
230 * initialized to point to that gss_OID_desc.
232 extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
235 * The implementation must reserve static storage for a
236 * gss_OID_desc object containing the value
237 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
238 * "\x01\x02\x01\x03"},
239 * corresponding to an object-identifier value of
240 * {iso(1) member-body(2) United States(840) mit(113554)
241 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
242 * The constant GSS_C_NT_STRING_UID_NAME should be
243 * initialized to point to that gss_OID_desc.
245 extern gss_OID GSS_C_NT_STRING_UID_NAME;
248 * The implementation must reserve static storage for a
249 * gss_OID_desc object containing the value
250 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
251 * corresponding to an object-identifier value of
252 * {iso(1) org(3) dod(6) internet(1) security(5)
253 * nametypes(6) gss-host-based-services(2)). The constant
254 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
255 * to that gss_OID_desc. This is a deprecated OID value, and
256 * implementations wishing to support hostbased-service names
257 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
258 * defined below, to identify such names;
259 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
260 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
261 * parameter, but should not be emitted by GSS-API
264 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
267 * The implementation must reserve static storage for a
268 * gss_OID_desc object containing the value
269 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
270 * "\x01\x02\x01\x04"}, corresponding to an
271 * object-identifier value of {iso(1) member-body(2)
272 * Unites States(840) mit(113554) infosys(1) gssapi(2)
273 * generic(1) service_name(4)}. The constant
274 * GSS_C_NT_HOSTBASED_SERVICE should be initialized
275 * to point to that gss_OID_desc.
277 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
280 * The implementation must reserve static storage for a
281 * gss_OID_desc object containing the value
282 * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
283 * corresponding to an object identifier value of
284 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
285 * 6(nametypes), 3(gss-anonymous-name)}. The constant
286 * and GSS_C_NT_ANONYMOUS should be initialized to point
287 * to that gss_OID_desc.
289 extern gss_OID GSS_C_NT_ANONYMOUS;
292 * The implementation must reserve static storage for a
293 * gss_OID_desc object containing the value
294 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
295 * corresponding to an object-identifier value of
296 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
297 * 6(nametypes), 4(gss-api-exported-name)}. The constant
298 * GSS_C_NT_EXPORT_NAME should be initialized to point
299 * to that gss_OID_desc.
301 extern gss_OID GSS_C_NT_EXPORT_NAME;
305 * The security mechanism of the initial
306 * negotiation token is identified by the Object Identifier
307 * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
309 extern gss_OID GSS_SPNEGO_MECHANISM;
312 * This if for kerberos5 names.
315 extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
316 extern gss_OID GSS_KRB5_NT_USER_NAME;
317 extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
318 extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
320 extern gss_OID GSS_KRB5_MECHANISM;
322 /* for compatibility with MIT api */
324 #define gss_mech_krb5 GSS_KRB5_MECHANISM
325 #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
327 /* Major status codes */
329 #define GSS_S_COMPLETE 0
332 * Some "helper" definitions to make the status code macros obvious.
334 #define GSS_C_CALLING_ERROR_OFFSET 24
335 #define GSS_C_ROUTINE_ERROR_OFFSET 16
336 #define GSS_C_SUPPLEMENTARY_OFFSET 0
337 #define GSS_C_CALLING_ERROR_MASK 0377ul
338 #define GSS_C_ROUTINE_ERROR_MASK 0377ul
339 #define GSS_C_SUPPLEMENTARY_MASK 0177777ul
342 * The macros that test status codes for error conditions.
343 * Note that the GSS_ERROR() macro has changed slightly from
344 * the V1 GSSAPI so that it now evaluates its argument
347 #define GSS_CALLING_ERROR(x) \
348 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
349 #define GSS_ROUTINE_ERROR(x) \
350 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
351 #define GSS_SUPPLEMENTARY_INFO(x) \
352 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
353 #define GSS_ERROR(x) \
354 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
355 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
358 * Now the actual status code definitions
364 #define GSS_S_CALL_INACCESSIBLE_READ \
365 (1ul << GSS_C_CALLING_ERROR_OFFSET)
366 #define GSS_S_CALL_INACCESSIBLE_WRITE \
367 (2ul << GSS_C_CALLING_ERROR_OFFSET)
368 #define GSS_S_CALL_BAD_STRUCTURE \
369 (3ul << GSS_C_CALLING_ERROR_OFFSET)
374 #define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
375 #define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
376 #define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
378 #define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
379 #define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
380 #define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
381 #define GSS_S_BAD_MIC GSS_S_BAD_SIG
382 #define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
383 #define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
384 #define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
385 #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
386 #define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
387 #define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
388 #define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
389 #define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
390 #define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
391 #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
392 #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
393 #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
396 * Supplementary info bits:
398 #define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
399 #define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
400 #define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
401 #define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
402 #define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
407 * 4.1.1. Non-Kerberos-specific codes
410 #define GSS_KRB5_S_G_BAD_SERVICE_NAME 1
411 /* "No @ in SERVICE-NAME name string" */
412 #define GSS_KRB5_S_G_BAD_STRING_UID 2
413 /* "STRING-UID-NAME contains nondigits" */
414 #define GSS_KRB5_S_G_NOUSER 3
415 /* "UID does not resolve to username" */
416 #define GSS_KRB5_S_G_VALIDATE_FAILED 4
417 /* "Validation error" */
418 #define GSS_KRB5_S_G_BUFFER_ALLOC 5
419 /* "Couldn't allocate gss_buffer_t data" */
420 #define GSS_KRB5_S_G_BAD_MSG_CTX 6
421 /* "Message context invalid" */
422 #define GSS_KRB5_S_G_WRONG_SIZE 7
423 /* "Buffer is the wrong size" */
424 #define GSS_KRB5_S_G_BAD_USAGE 8
425 /* "Credential usage type is unknown" */
426 #define GSS_KRB5_S_G_UNKNOWN_QOP 9
427 /* "Unknown quality of protection specified" */
430 * 4.1.2. Kerberos-specific-codes
433 #define GSS_KRB5_S_KG_CCACHE_NOMATCH 10
434 /* "Principal in credential cache does not match desired name" */
435 #define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11
436 /* "No principal in keytab matches desired name" */
437 #define GSS_KRB5_S_KG_TGT_MISSING 12
438 /* "Credential cache has no TGT" */
439 #define GSS_KRB5_S_KG_NO_SUBKEY 13
440 /* "Authenticator has no subkey" */
441 #define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14
442 /* "Context is already fully established" */
443 #define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15
444 /* "Unknown signature type in token" */
445 #define GSS_KRB5_S_KG_BAD_LENGTH 16
446 /* "Invalid field length in token" */
447 #define GSS_KRB5_S_KG_CTX_INCOMPLETE 17
448 /* "Attempt to use incomplete security context" */
451 * Finally, function prototypes for the GSS-API routines.
455 OM_uint32 gss_acquire_cred
456 (OM_uint32 * /*minor_status*/,
457 const gss_name_t /*desired_name*/,
458 OM_uint32 /*time_req*/,
459 const gss_OID_set /*desired_mechs*/,
460 gss_cred_usage_t /*cred_usage*/,
461 gss_cred_id_t * /*output_cred_handle*/,
462 gss_OID_set * /*actual_mechs*/,
463 OM_uint32 * /*time_rec*/
466 OM_uint32 gss_release_cred
467 (OM_uint32 * /*minor_status*/,
468 gss_cred_id_t * /*cred_handle*/
471 OM_uint32 gss_init_sec_context
472 (OM_uint32 * /*minor_status*/,
473 const gss_cred_id_t /*initiator_cred_handle*/,
474 gss_ctx_id_t * /*context_handle*/,
475 const gss_name_t /*target_name*/,
476 const gss_OID /*mech_type*/,
477 OM_uint32 /*req_flags*/,
478 OM_uint32 /*time_req*/,
479 const gss_channel_bindings_t /*input_chan_bindings*/,
480 const gss_buffer_t /*input_token*/,
481 gss_OID * /*actual_mech_type*/,
482 gss_buffer_t /*output_token*/,
483 OM_uint32 * /*ret_flags*/,
484 OM_uint32 * /*time_rec*/
487 OM_uint32 gss_accept_sec_context
488 (OM_uint32 * /*minor_status*/,
489 gss_ctx_id_t * /*context_handle*/,
490 const gss_cred_id_t /*acceptor_cred_handle*/,
491 const gss_buffer_t /*input_token_buffer*/,
492 const gss_channel_bindings_t /*input_chan_bindings*/,
493 gss_name_t * /*src_name*/,
494 gss_OID * /*mech_type*/,
495 gss_buffer_t /*output_token*/,
496 OM_uint32 * /*ret_flags*/,
497 OM_uint32 * /*time_rec*/,
498 gss_cred_id_t * /*delegated_cred_handle*/
501 OM_uint32 gss_process_context_token
502 (OM_uint32 * /*minor_status*/,
503 const gss_ctx_id_t /*context_handle*/,
504 const gss_buffer_t /*token_buffer*/
507 OM_uint32 gss_delete_sec_context
508 (OM_uint32 * /*minor_status*/,
509 gss_ctx_id_t * /*context_handle*/,
510 gss_buffer_t /*output_token*/
513 OM_uint32 gss_context_time
514 (OM_uint32 * /*minor_status*/,
515 const gss_ctx_id_t /*context_handle*/,
516 OM_uint32 * /*time_rec*/
519 OM_uint32 gss_get_mic
520 (OM_uint32 * /*minor_status*/,
521 const gss_ctx_id_t /*context_handle*/,
522 gss_qop_t /*qop_req*/,
523 const gss_buffer_t /*message_buffer*/,
524 gss_buffer_t /*message_token*/
527 OM_uint32 gss_verify_mic
528 (OM_uint32 * /*minor_status*/,
529 const gss_ctx_id_t /*context_handle*/,
530 const gss_buffer_t /*message_buffer*/,
531 const gss_buffer_t /*token_buffer*/,
532 gss_qop_t * /*qop_state*/
536 (OM_uint32 * /*minor_status*/,
537 const gss_ctx_id_t /*context_handle*/,
538 int /*conf_req_flag*/,
539 gss_qop_t /*qop_req*/,
540 const gss_buffer_t /*input_message_buffer*/,
541 int * /*conf_state*/,
542 gss_buffer_t /*output_message_buffer*/
546 (OM_uint32 * /*minor_status*/,
547 const gss_ctx_id_t /*context_handle*/,
548 const gss_buffer_t /*input_message_buffer*/,
549 gss_buffer_t /*output_message_buffer*/,
550 int * /*conf_state*/,
551 gss_qop_t * /*qop_state*/
554 OM_uint32 gss_display_status
555 (OM_uint32 * /*minor_status*/,
556 OM_uint32 /*status_value*/,
558 const gss_OID /*mech_type*/,
559 OM_uint32 * /*message_context*/,
560 gss_buffer_t /*status_string*/
563 OM_uint32 gss_indicate_mechs
564 (OM_uint32 * /*minor_status*/,
565 gss_OID_set * /*mech_set*/
568 OM_uint32 gss_compare_name
569 (OM_uint32 * /*minor_status*/,
570 const gss_name_t /*name1*/,
571 const gss_name_t /*name2*/,
575 OM_uint32 gss_display_name
576 (OM_uint32 * /*minor_status*/,
577 const gss_name_t /*input_name*/,
578 gss_buffer_t /*output_name_buffer*/,
579 gss_OID * /*output_name_type*/
582 OM_uint32 gss_import_name
583 (OM_uint32 * /*minor_status*/,
584 const gss_buffer_t /*input_name_buffer*/,
585 const gss_OID /*input_name_type*/,
586 gss_name_t * /*output_name*/
589 OM_uint32 gss_export_name
590 (OM_uint32 * /*minor_status*/,
591 const gss_name_t /*input_name*/,
592 gss_buffer_t /*exported_name*/
595 OM_uint32 gss_release_name
596 (OM_uint32 * /*minor_status*/,
597 gss_name_t * /*input_name*/
600 OM_uint32 gss_release_buffer
601 (OM_uint32 * /*minor_status*/,
602 gss_buffer_t /*buffer*/
605 OM_uint32 gss_release_oid_set
606 (OM_uint32 * /*minor_status*/,
607 gss_OID_set * /*set*/
610 OM_uint32 gss_inquire_cred
611 (OM_uint32 * /*minor_status*/,
612 const gss_cred_id_t /*cred_handle*/,
613 gss_name_t * /*name*/,
614 OM_uint32 * /*lifetime*/,
615 gss_cred_usage_t * /*cred_usage*/,
616 gss_OID_set * /*mechanisms*/
619 OM_uint32 gss_inquire_context (
620 OM_uint32 * /*minor_status*/,
621 const gss_ctx_id_t /*context_handle*/,
622 gss_name_t * /*src_name*/,
623 gss_name_t * /*targ_name*/,
624 OM_uint32 * /*lifetime_rec*/,
625 gss_OID * /*mech_type*/,
626 OM_uint32 * /*ctx_flags*/,
627 int * /*locally_initiated*/,
628 int * /*open_context*/
631 OM_uint32 gss_wrap_size_limit (
632 OM_uint32 * /*minor_status*/,
633 const gss_ctx_id_t /*context_handle*/,
634 int /*conf_req_flag*/,
635 gss_qop_t /*qop_req*/,
636 OM_uint32 /*req_output_size*/,
637 OM_uint32 * /*max_input_size*/
640 OM_uint32 gss_add_cred (
641 OM_uint32 * /*minor_status*/,
642 const gss_cred_id_t /*input_cred_handle*/,
643 const gss_name_t /*desired_name*/,
644 const gss_OID /*desired_mech*/,
645 gss_cred_usage_t /*cred_usage*/,
646 OM_uint32 /*initiator_time_req*/,
647 OM_uint32 /*acceptor_time_req*/,
648 gss_cred_id_t * /*output_cred_handle*/,
649 gss_OID_set * /*actual_mechs*/,
650 OM_uint32 * /*initiator_time_rec*/,
651 OM_uint32 * /*acceptor_time_rec*/
654 OM_uint32 gss_inquire_cred_by_mech (
655 OM_uint32 * /*minor_status*/,
656 const gss_cred_id_t /*cred_handle*/,
657 const gss_OID /*mech_type*/,
658 gss_name_t * /*name*/,
659 OM_uint32 * /*initiator_lifetime*/,
660 OM_uint32 * /*acceptor_lifetime*/,
661 gss_cred_usage_t * /*cred_usage*/
664 OM_uint32 gss_export_sec_context (
665 OM_uint32 * /*minor_status*/,
666 gss_ctx_id_t * /*context_handle*/,
667 gss_buffer_t /*interprocess_token*/
670 OM_uint32 gss_import_sec_context (
671 OM_uint32 * /*minor_status*/,
672 const gss_buffer_t /*interprocess_token*/,
673 gss_ctx_id_t * /*context_handle*/
676 OM_uint32 gss_create_empty_oid_set (
677 OM_uint32 * /*minor_status*/,
678 gss_OID_set * /*oid_set*/
681 OM_uint32 gss_add_oid_set_member (
682 OM_uint32 * /*minor_status*/,
683 const gss_OID /*member_oid*/,
684 gss_OID_set * /*oid_set*/
687 OM_uint32 gss_test_oid_set_member (
688 OM_uint32 * /*minor_status*/,
689 const gss_OID /*member*/,
690 const gss_OID_set /*set*/,
694 OM_uint32 gss_inquire_names_for_mech (
695 OM_uint32 * /*minor_status*/,
696 const gss_OID /*mechanism*/,
697 gss_OID_set * /*name_types*/
700 OM_uint32 gss_inquire_mechs_for_name (
701 OM_uint32 * /*minor_status*/,
702 const gss_name_t /*input_name*/,
703 gss_OID_set * /*mech_types*/
706 OM_uint32 gss_canonicalize_name (
707 OM_uint32 * /*minor_status*/,
708 const gss_name_t /*input_name*/,
709 const gss_OID /*mech_type*/,
710 gss_name_t * /*output_name*/
713 OM_uint32 gss_duplicate_name (
714 OM_uint32 * /*minor_status*/,
715 const gss_name_t /*src_name*/,
716 gss_name_t * /*dest_name*/
720 * The following routines are obsolete variants of gss_get_mic,
721 * gss_verify_mic, gss_wrap and gss_unwrap. They should be
722 * provided by GSSAPI V2 implementations for backwards
723 * compatibility with V1 applications. Distinct entrypoints
724 * (as opposed to #defines) should be provided, both to allow
725 * GSSAPI V1 applications to link against GSSAPI V2 implementations,
726 * and to retain the slight parameter type differences between the
727 * obsolete versions of these routines and their current forms.
731 (OM_uint32 * /*minor_status*/,
732 gss_ctx_id_t /*context_handle*/,
734 gss_buffer_t /*message_buffer*/,
735 gss_buffer_t /*message_token*/
739 (OM_uint32 * /*minor_status*/,
740 gss_ctx_id_t /*context_handle*/,
741 gss_buffer_t /*message_buffer*/,
742 gss_buffer_t /*token_buffer*/,
747 (OM_uint32 * /*minor_status*/,
748 gss_ctx_id_t /*context_handle*/,
749 int /*conf_req_flag*/,
751 gss_buffer_t /*input_message_buffer*/,
752 int * /*conf_state*/,
753 gss_buffer_t /*output_message_buffer*/
757 (OM_uint32 * /*minor_status*/,
758 gss_ctx_id_t /*context_handle*/,
759 gss_buffer_t /*input_message_buffer*/,
760 gss_buffer_t /*output_message_buffer*/,
761 int * /*conf_state*/,
766 * kerberos mechanism specific functions
769 OM_uint32 gsskrb5_acquire_cred
770 (OM_uint32 * minor_status,
771 struct krb5_keytab_data *keytab,
772 struct krb5_ccache_data *ccache,
773 const gss_name_t desired_name,
775 const gss_OID_set desired_mechs,
776 gss_cred_usage_t cred_usage,
777 gss_cred_id_t * output_cred_handle,
778 gss_OID_set * actual_mechs,
783 gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
784 const char * /*name */,
785 const char ** /*out_name */);
787 OM_uint32 gsskrb5_register_acceptor_identity
788 (const char */*identity*/);
790 OM_uint32 gss_krb5_copy_ccache
791 (OM_uint32 */*minor*/,
792 gss_cred_id_t /*cred*/,
793 struct krb5_ccache_data */*out*/);
795 OM_uint32 gss_krb5_copy_service_keyblock
796 (OM_uint32 *minor_status,
797 gss_ctx_id_t context_handle,
798 struct EncryptionKey **out);
800 OM_uint32 gss_krb5_get_tkt_flags
801 (OM_uint32 */*minor*/,
802 gss_ctx_id_t /*context_handle*/,
803 OM_uint32 */*tkt_flags*/);
806 gsskrb5_extract_authz_data_from_sec_context
807 (OM_uint32 * /*minor_status*/,
808 gss_ctx_id_t /*context_handle*/,
810 gss_buffer_t /*ad_data*/);
812 gsskrb5_get_initiator_subkey
813 (OM_uint32 * /*minor_status*/,
814 const gss_ctx_id_t context_handle,
815 gss_buffer_t /* subkey */);
817 #define GSS_C_KRB5_COMPAT_DES3_MIC 1
820 gss_krb5_compat_des3_mic(OM_uint32 *, gss_ctx_id_t, int);
826 #endif /* GSSAPI_H_ */