1 /* $NetBSD: gssapi_krb5.h,v 1.1.1.2 2011/04/14 14:08:25 elric Exp $ */ 2 3 /* 4 * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 /* Id */ 37 38 #ifndef GSSAPI_KRB5_H_ 39 #define GSSAPI_KRB5_H_ 40 41 #include <gssapi/gssapi.h> 42 43 GSSAPI_CPP_START 44 45 #if !defined(__GNUC__) && !defined(__attribute__) 46 #define __attribute__(x) 47 #endif 48 49 #ifndef GSSKRB5_FUNCTION_DEPRECATED 50 #define GSSKRB5_FUNCTION_DEPRECATED __attribute__((deprecated)) 51 #endif 52 53 54 /* 55 * This is for kerberos5 names. 56 */ 57 58 extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc; 59 #define GSS_KRB5_NT_PRINCIPAL_NAME (&__gss_krb5_nt_principal_name_oid_desc) 60 61 #define GSS_KRB5_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc) 62 #define GSS_KRB5_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc) 63 #define GSS_KRB5_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc) 64 65 extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc; 66 #define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc) 67 68 /* for compatibility with MIT api */ 69 70 #define gss_mech_krb5 GSS_KRB5_MECHANISM 71 #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME 72 73 /* 74 * kerberos mechanism specific functions 75 */ 76 77 struct krb5_keytab_data; 78 struct krb5_ccache_data; 79 struct Principal; 80 81 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 82 gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, 83 const char * /*name */, 84 const char ** /*out_name */); 85 86 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_register_acceptor_identity 87 (const char * /*identity*/); 88 89 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL krb5_gss_register_acceptor_identity 90 (const char * /*identity*/); 91 92 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_copy_ccache 93 (OM_uint32 * /*minor*/, 94 gss_cred_id_t /*cred*/, 95 struct krb5_ccache_data * /*out*/); 96 97 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 98 gss_krb5_import_cred(OM_uint32 * /*minor*/, 99 struct krb5_ccache_data * /*in*/, 100 struct Principal * /*keytab_principal*/, 101 struct krb5_keytab_data * /*keytab*/, 102 gss_cred_id_t * /*out*/); 103 104 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_get_tkt_flags 105 (OM_uint32 * /*minor*/, 106 gss_ctx_id_t /*context_handle*/, 107 OM_uint32 * /*tkt_flags*/); 108 109 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 110 gsskrb5_extract_authz_data_from_sec_context 111 (OM_uint32 * /*minor_status*/, 112 gss_ctx_id_t /*context_handle*/, 113 int /*ad_type*/, 114 gss_buffer_t /*ad_data*/); 115 116 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 117 gsskrb5_set_dns_canonicalize(int); 118 119 struct gsskrb5_send_to_kdc { 120 void *func; 121 void *ptr; 122 }; 123 124 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 125 gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *) 126 GSSKRB5_FUNCTION_DEPRECATED; 127 128 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 129 gsskrb5_set_default_realm(const char *); 130 131 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 132 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *); 133 134 struct EncryptionKey; 135 136 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 137 gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, 138 gss_ctx_id_t context_handle, 139 struct EncryptionKey **out); 140 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 141 gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, 142 gss_ctx_id_t context_handle, 143 struct EncryptionKey **out); 144 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 145 gsskrb5_get_subkey(OM_uint32 *minor_status, 146 gss_ctx_id_t context_handle, 147 struct EncryptionKey **out); 148 149 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 150 gsskrb5_set_time_offset(int); 151 152 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 153 gsskrb5_get_time_offset(int *); 154 155 struct gsskrb5_krb5_plugin { 156 int type; 157 char *name; 158 void *symbol; 159 }; 160 161 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 162 gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *); 163 164 165 /* 166 * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to 167 * do GSS content token handling in-kernel. 168 */ 169 170 typedef struct gss_krb5_lucid_key { 171 OM_uint32 type; 172 OM_uint32 length; 173 void * data; 174 } gss_krb5_lucid_key_t; 175 176 typedef struct gss_krb5_rfc1964_keydata { 177 OM_uint32 sign_alg; 178 OM_uint32 seal_alg; 179 gss_krb5_lucid_key_t ctx_key; 180 } gss_krb5_rfc1964_keydata_t; 181 182 typedef struct gss_krb5_cfx_keydata { 183 OM_uint32 have_acceptor_subkey; 184 gss_krb5_lucid_key_t ctx_key; 185 gss_krb5_lucid_key_t acceptor_subkey; 186 } gss_krb5_cfx_keydata_t; 187 188 typedef struct gss_krb5_lucid_context_v1 { 189 OM_uint32 version; 190 OM_uint32 initiate; 191 OM_uint32 endtime; 192 OM_uint64 send_seq; 193 OM_uint64 recv_seq; 194 OM_uint32 protocol; 195 gss_krb5_rfc1964_keydata_t rfc1964_kd; 196 gss_krb5_cfx_keydata_t cfx_kd; 197 } gss_krb5_lucid_context_v1_t; 198 199 typedef struct gss_krb5_lucid_context_version { 200 OM_uint32 version; /* Structure version number */ 201 } gss_krb5_lucid_context_version_t; 202 203 /* 204 * Function declarations 205 */ 206 207 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 208 gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, 209 gss_ctx_id_t *context_handle, 210 OM_uint32 version, 211 void **kctx); 212 213 214 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 215 gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, 216 void *kctx); 217 218 219 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 220 gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, 221 gss_cred_id_t cred, 222 OM_uint32 num_enctypes, 223 int32_t *enctypes); 224 225 GSSAPI_CPP_END 226 227 #endif /* GSSAPI_SPNEGO_H_ */ 228