2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 /* $Id: gssapi_locl.h,v 1.43 2005/11/02 08:51:17 lha Exp $ */
43 #include <krb5_locl.h>
50 #include "spnego_asn1.h"
58 typedef struct gss_ctx_id_t_desc_struct {
59 struct krb5_auth_context_data *auth_context;
60 gss_name_t source, target;
61 enum gss_ctx_id_t_state {
62 INITIATOR_START = 1, INITIATOR_WAIT_FOR_MUTAL = 2, INITIATOR_READY= 3,
63 ACCEPTOR_START = 11, ACCEPTOR_WAIT_FOR_DCESTYLE = 12, ACCEPTOR_READY = 13
69 COMPAT_OLD_DES3_SELECTED = 8,
72 struct krb5_ticket *ticket;
73 krb5_keyblock *service_keyblock;
76 HEIMDAL_MUTEX ctx_id_mutex;
77 struct gss_msg_order *order;
80 typedef struct gss_cred_id_t_desc_struct {
83 #define GSS_CF_DESTROY_CRED_ON_RELEASE 1
84 struct krb5_keytab_data *keytab;
86 gss_cred_usage_t usage;
87 gss_OID_set mechanisms;
88 struct krb5_ccache_data *ccache;
89 HEIMDAL_MUTEX cred_id_mutex;
96 extern krb5_context gssapi_krb5_context;
98 extern krb5_keytab gssapi_krb5_keytab;
99 extern HEIMDAL_MUTEX gssapi_keytab_mutex;
101 struct gssapi_thr_context {
110 krb5_error_code gssapi_krb5_init (void);
112 krb5_error_code gssapi_krb5_init_ev (void *);
114 #define GSSAPI_KRB5_INIT() do { \
115 krb5_error_code kret_gss_init; \
116 if((kret_gss_init = gssapi_krb5_init ()) != 0) { \
117 *minor_status = kret_gss_init; \
118 return GSS_S_FAILURE; \
122 struct gssapi_thr_context *
123 gssapi_get_thread_context(int);
127 OM_uint32 * minor_status,
128 gss_ctx_id_t * context_handle,
129 const gss_channel_bindings_t input_chan_bindings,
130 enum gss_ctx_id_t_state state);
133 gsskrb5_is_cfx(gss_ctx_id_t, int *);
136 gssapi_krb5_create_8003_checksum (
137 OM_uint32 *minor_status,
138 const gss_channel_bindings_t input_chan_bindings,
140 const krb5_data *fwd_data,
144 gssapi_krb5_verify_8003_checksum (
145 OM_uint32 *minor_status,
146 const gss_channel_bindings_t input_chan_bindings,
147 const Checksum *cksum,
149 krb5_data *fwd_data);
152 _gssapi_encap_length (size_t data_len,
158 gssapi_krb5_encap_length (size_t data_len,
166 _gssapi_encapsulate(OM_uint32 *minor_status,
167 const krb5_data *in_data,
168 gss_buffer_t output_token,
173 gssapi_krb5_encapsulate(OM_uint32 *minor_status,
174 const krb5_data *in_data,
175 gss_buffer_t output_token,
180 gssapi_krb5_decapsulate(OM_uint32 *minor_status,
181 gss_buffer_t input_token_buffer,
187 gssapi_krb5_make_header (u_char *p,
193 _gssapi_make_mech_header(u_char *p,
198 _gssapi_verify_mech_header(u_char **str,
203 gssapi_krb5_verify_header(u_char **str,
209 _gssapi_decapsulate(OM_uint32 *minor_status,
210 gss_buffer_t input_token_buffer,
216 gssapi_krb5_get_mech (const u_char *, size_t, const u_char **);
219 _gssapi_verify_pad(gss_buffer_t, size_t, size_t *);
222 gss_verify_mic_internal(OM_uint32 * minor_status,
223 const gss_ctx_id_t context_handle,
224 const gss_buffer_t message_buffer,
225 const gss_buffer_t token_buffer,
226 gss_qop_t * qop_state,
231 gss_address_to_krb5addr(OM_uint32 gss_addr_type,
232 gss_buffer_desc *gss_addr,
234 krb5_address *address);
236 /* sec_context flags */
238 #define SC_LOCAL_ADDRESS 0x01
239 #define SC_REMOTE_ADDRESS 0x02
240 #define SC_KEYBLOCK 0x04
241 #define SC_LOCAL_SUBKEY 0x08
242 #define SC_REMOTE_SUBKEY 0x10
245 gss_oid_equal(const gss_OID a, const gss_OID b);
248 gssapi_krb5_clear_status (void);
251 gssapi_krb5_set_status (const char *fmt, ...);
254 gssapi_krb5_set_error_string (void);
257 gssapi_krb5_get_error_string (void);
260 _gss_DES3_get_mic_compat(OM_uint32 *, gss_ctx_id_t);
263 _gss_spnego_require_mechlist_mic(OM_uint32 *, gss_ctx_id_t, krb5_boolean *);
266 _gss_check_compat(OM_uint32 *, gss_name_t, const char *,
267 krb5_boolean *, krb5_boolean);
270 gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *);
273 _gssapi_krb5_ccache_lifetime(OM_uint32 *, krb5_ccache,
274 krb5_principal, OM_uint32 *);
279 _gssapi_msg_order_create(OM_uint32 *, struct gss_msg_order **,
280 OM_uint32, OM_uint32, OM_uint32, int);
282 _gssapi_msg_order_destroy(struct gss_msg_order **);
285 _gssapi_msg_order_check(struct gss_msg_order *, OM_uint32);
288 _gssapi_msg_order_f(OM_uint32);
293 gssapi_encode_om_uint32(OM_uint32, u_char *);
296 gssapi_encode_be_om_uint32(OM_uint32, u_char *);
299 gssapi_decode_om_uint32(u_char *, OM_uint32 *);
302 gssapi_decode_be_om_uint32(u_char *, OM_uint32 *);