1 #ifndef PUTTY_PGSSAPI_H 2 #define PUTTY_PGSSAPI_H 3 4 #include "putty.h" 5 6 #ifndef NO_GSSAPI 7 8 /* 9 * On Unix, if we're statically linking against GSSAPI, we leave the 10 * declaration of all this lot to the official header. If we're 11 * dynamically linking, we declare it ourselves, because that avoids 12 * us needing the official header at compile time. 13 * 14 * However, we still need the function pointer types, because even 15 * with statically linked GSSAPI we use the ssh_gss_library wrapper. 16 */ 17 #ifdef STATIC_GSSAPI 18 #include <gssapi/gssapi.h> 19 typedef gss_OID const_gss_OID; /* for our prototypes below */ 20 #else /* STATIC_GSSAPI */ 21 22 /******************************************************************************* 23 * GSSAPI Definitions, taken from RFC 2744 24 ******************************************************************************/ 25 26 /* GSSAPI Type Definitions */ 27 typedef uint32_t OM_uint32; 28 29 typedef struct gss_OID_desc_struct { 30 OM_uint32 length; 31 void *elements; 32 } gss_OID_desc; 33 typedef const gss_OID_desc *const_gss_OID; 34 typedef gss_OID_desc *gss_OID; 35 36 typedef struct gss_OID_set_desc_struct { 37 size_t count; 38 gss_OID elements; 39 } gss_OID_set_desc; 40 typedef const gss_OID_set_desc *const_gss_OID_set; 41 typedef gss_OID_set_desc *gss_OID_set; 42 43 typedef struct gss_buffer_desc_struct { 44 size_t length; 45 void *value; 46 } gss_buffer_desc, *gss_buffer_t; 47 48 typedef struct gss_channel_bindings_struct { 49 OM_uint32 initiator_addrtype; 50 gss_buffer_desc initiator_address; 51 OM_uint32 acceptor_addrtype; 52 gss_buffer_desc acceptor_address; 53 gss_buffer_desc application_data; 54 } *gss_channel_bindings_t; 55 56 typedef void * gss_ctx_id_t; 57 typedef void * gss_name_t; 58 typedef void * gss_cred_id_t; 59 60 typedef OM_uint32 gss_qop_t; 61 typedef int gss_cred_usage_t; 62 63 /* Flag bits for context-level services. */ 64 65 #define GSS_C_DELEG_FLAG 1 66 #define GSS_C_MUTUAL_FLAG 2 67 #define GSS_C_REPLAY_FLAG 4 68 #define GSS_C_SEQUENCE_FLAG 8 69 #define GSS_C_CONF_FLAG 16 70 #define GSS_C_INTEG_FLAG 32 71 #define GSS_C_ANON_FLAG 64 72 #define GSS_C_PROT_READY_FLAG 128 73 #define GSS_C_TRANS_FLAG 256 74 75 /* Credential usage options */ 76 #define GSS_C_BOTH 0 77 #define GSS_C_INITIATE 1 78 #define GSS_C_ACCEPT 2 79 80 /*- 81 * RFC 2744 Page 86 82 * Expiration time of 2^32-1 seconds means infinite lifetime for a 83 * credential or security context 84 */ 85 #define GSS_C_INDEFINITE 0xfffffffful 86 87 /* Status code types for gss_display_status */ 88 #define GSS_C_GSS_CODE 1 89 #define GSS_C_MECH_CODE 2 90 91 /* The constant definitions for channel-bindings address families */ 92 #define GSS_C_AF_UNSPEC 0 93 #define GSS_C_AF_LOCAL 1 94 #define GSS_C_AF_INET 2 95 #define GSS_C_AF_IMPLINK 3 96 #define GSS_C_AF_PUP 4 97 #define GSS_C_AF_CHAOS 5 98 #define GSS_C_AF_NS 6 99 #define GSS_C_AF_NBS 7 100 #define GSS_C_AF_ECMA 8 101 #define GSS_C_AF_DATAKIT 9 102 #define GSS_C_AF_CCITT 10 103 #define GSS_C_AF_SNA 11 104 #define GSS_C_AF_DECnet 12 105 #define GSS_C_AF_DLI 13 106 #define GSS_C_AF_LAT 14 107 #define GSS_C_AF_HYLINK 15 108 #define GSS_C_AF_APPLETALK 16 109 #define GSS_C_AF_BSC 17 110 #define GSS_C_AF_DSS 18 111 #define GSS_C_AF_OSI 19 112 #define GSS_C_AF_X25 21 113 114 #define GSS_C_AF_NULLADDR 255 115 116 /* Various Null values */ 117 #define GSS_C_NO_NAME ((gss_name_t) 0) 118 #define GSS_C_NO_BUFFER ((gss_buffer_t) 0) 119 #define GSS_C_NO_OID ((gss_OID) 0) 120 #define GSS_C_NO_OID_SET ((gss_OID_set) 0) 121 #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) 122 #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) 123 #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) 124 #define GSS_C_EMPTY_BUFFER {0, NULL} 125 126 /* Major status codes */ 127 #define GSS_S_COMPLETE 0 128 129 /* Some "helper" definitions to make the status code macros obvious. */ 130 #define GSS_C_CALLING_ERROR_OFFSET 24 131 #define GSS_C_ROUTINE_ERROR_OFFSET 16 132 133 #define GSS_C_SUPPLEMENTARY_OFFSET 0 134 #define GSS_C_CALLING_ERROR_MASK 0377ul 135 #define GSS_C_ROUTINE_ERROR_MASK 0377ul 136 #define GSS_C_SUPPLEMENTARY_MASK 0177777ul 137 138 /* 139 * The macros that test status codes for error conditions. 140 * Note that the GSS_ERROR() macro has changed slightly from 141 * the V1 GSS-API so that it now evaluates its argument 142 * only once. 143 */ 144 #define GSS_CALLING_ERROR(x) \ 145 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) 146 #define GSS_ROUTINE_ERROR(x) \ 147 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) 148 #define GSS_SUPPLEMENTARY_INFO(x) \ 149 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) 150 #define GSS_ERROR(x) \ 151 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ 152 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) 153 154 /* Now the actual status code definitions */ 155 156 /* Calling errors: */ 157 #define GSS_S_CALL_INACCESSIBLE_READ \ 158 (1ul << GSS_C_CALLING_ERROR_OFFSET) 159 #define GSS_S_CALL_INACCESSIBLE_WRITE \ 160 (2ul << GSS_C_CALLING_ERROR_OFFSET) 161 #define GSS_S_CALL_BAD_STRUCTURE \ 162 (3ul << GSS_C_CALLING_ERROR_OFFSET) 163 164 /* Routine errors: */ 165 #define GSS_S_BAD_MECH (1ul << \ 166 GSS_C_ROUTINE_ERROR_OFFSET) 167 #define GSS_S_BAD_NAME (2ul << \ 168 GSS_C_ROUTINE_ERROR_OFFSET) 169 #define GSS_S_BAD_NAMETYPE (3ul << \ 170 GSS_C_ROUTINE_ERROR_OFFSET) 171 #define GSS_S_BAD_BINDINGS (4ul << \ 172 GSS_C_ROUTINE_ERROR_OFFSET) 173 #define GSS_S_BAD_STATUS (5ul << \ 174 GSS_C_ROUTINE_ERROR_OFFSET) 175 #define GSS_S_BAD_SIG (6ul << \ 176 GSS_C_ROUTINE_ERROR_OFFSET) 177 #define GSS_S_BAD_MIC GSS_S_BAD_SIG 178 #define GSS_S_NO_CRED (7ul << \ 179 GSS_C_ROUTINE_ERROR_OFFSET) 180 #define GSS_S_NO_CONTEXT (8ul << \ 181 GSS_C_ROUTINE_ERROR_OFFSET) 182 #define GSS_S_DEFECTIVE_TOKEN (9ul << \ 183 GSS_C_ROUTINE_ERROR_OFFSET) 184 #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << \ 185 GSS_C_ROUTINE_ERROR_OFFSET) 186 #define GSS_S_CREDENTIALS_EXPIRED (11ul << \ 187 GSS_C_ROUTINE_ERROR_OFFSET) 188 #define GSS_S_CONTEXT_EXPIRED (12ul << \ 189 GSS_C_ROUTINE_ERROR_OFFSET) 190 #define GSS_S_FAILURE (13ul << \ 191 GSS_C_ROUTINE_ERROR_OFFSET) 192 #define GSS_S_BAD_QOP (14ul << \ 193 GSS_C_ROUTINE_ERROR_OFFSET) 194 #define GSS_S_UNAUTHORIZED (15ul << \ 195 GSS_C_ROUTINE_ERROR_OFFSET) 196 #define GSS_S_UNAVAILABLE (16ul << \ 197 GSS_C_ROUTINE_ERROR_OFFSET) 198 #define GSS_S_DUPLICATE_ELEMENT (17ul << \ 199 GSS_C_ROUTINE_ERROR_OFFSET) 200 #define GSS_S_NAME_NOT_MN (18ul << \ 201 GSS_C_ROUTINE_ERROR_OFFSET) 202 203 /* Supplementary info bits: */ 204 #define GSS_S_CONTINUE_NEEDED \ 205 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) 206 #define GSS_S_DUPLICATE_TOKEN \ 207 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) 208 #define GSS_S_OLD_TOKEN \ 209 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) 210 #define GSS_S_UNSEQ_TOKEN \ 211 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) 212 #define GSS_S_GAP_TOKEN \ 213 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) 214 215 extern const_gss_OID GSS_C_NT_USER_NAME; 216 extern const_gss_OID GSS_C_NT_MACHINE_UID_NAME; 217 extern const_gss_OID GSS_C_NT_STRING_UID_NAME; 218 extern const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; 219 extern const_gss_OID GSS_C_NT_HOSTBASED_SERVICE; 220 extern const_gss_OID GSS_C_NT_ANONYMOUS; 221 extern const_gss_OID GSS_C_NT_EXPORT_NAME; 222 223 #endif /* STATIC_GSSAPI */ 224 225 extern const gss_OID GSS_MECH_KRB5; 226 227 /* GSSAPI functions we use. 228 * TODO: Replace with all GSSAPI functions from RFC? 229 */ 230 231 /* Calling convention, just in case we need one. */ 232 #ifndef GSS_CC 233 #define GSS_CC 234 #endif /*GSS_CC*/ 235 236 typedef OM_uint32 (GSS_CC *t_gss_release_cred) 237 (OM_uint32 * /*minor_status*/, 238 gss_cred_id_t * /*cred_handle*/); 239 240 typedef OM_uint32 (GSS_CC *t_gss_init_sec_context) 241 (OM_uint32 * /*minor_status*/, 242 const gss_cred_id_t /*initiator_cred_handle*/, 243 gss_ctx_id_t * /*context_handle*/, 244 const gss_name_t /*target_name*/, 245 const gss_OID /*mech_type*/, 246 OM_uint32 /*req_flags*/, 247 OM_uint32 /*time_req*/, 248 const gss_channel_bindings_t /*input_chan_bindings*/, 249 const gss_buffer_t /*input_token*/, 250 gss_OID * /*actual_mech_type*/, 251 gss_buffer_t /*output_token*/, 252 OM_uint32 * /*ret_flags*/, 253 OM_uint32 * /*time_rec*/); 254 255 typedef OM_uint32 (GSS_CC *t_gss_delete_sec_context) 256 (OM_uint32 * /*minor_status*/, 257 gss_ctx_id_t * /*context_handle*/, 258 gss_buffer_t /*output_token*/); 259 260 typedef OM_uint32 (GSS_CC *t_gss_get_mic) 261 (OM_uint32 * /*minor_status*/, 262 const gss_ctx_id_t /*context_handle*/, 263 gss_qop_t /*qop_req*/, 264 const gss_buffer_t /*message_buffer*/, 265 gss_buffer_t /*msg_token*/); 266 267 typedef OM_uint32 (GSS_CC *t_gss_verify_mic) 268 (OM_uint32 * /*minor_status*/, 269 const gss_ctx_id_t /*context_handle*/, 270 const gss_buffer_t /*message_buffer*/, 271 const gss_buffer_t /*msg_token*/, 272 gss_qop_t * /*qop_state*/); 273 274 typedef OM_uint32 (GSS_CC *t_gss_display_status) 275 (OM_uint32 * /*minor_status*/, 276 OM_uint32 /*status_value*/, 277 int /*status_type*/, 278 const gss_OID /*mech_type*/, 279 OM_uint32 * /*message_context*/, 280 gss_buffer_t /*status_string*/); 281 282 283 typedef OM_uint32 (GSS_CC *t_gss_import_name) 284 (OM_uint32 * /*minor_status*/, 285 const gss_buffer_t /*input_name_buffer*/, 286 const_gss_OID /*input_name_type*/, 287 gss_name_t * /*output_name*/); 288 289 290 typedef OM_uint32 (GSS_CC *t_gss_release_name) 291 (OM_uint32 * /*minor_status*/, 292 gss_name_t * /*name*/); 293 294 typedef OM_uint32 (GSS_CC *t_gss_release_buffer) 295 (OM_uint32 * /*minor_status*/, 296 gss_buffer_t /*buffer*/); 297 298 typedef OM_uint32 (GSS_CC *t_gss_acquire_cred) 299 (OM_uint32 * /*minor_status*/, 300 const gss_name_t /*desired_name*/, 301 OM_uint32 /*time_req*/, 302 const gss_OID_set /*desired_mechs*/, 303 gss_cred_usage_t /*cred_usage*/, 304 gss_cred_id_t * /*output_cred_handle*/, 305 gss_OID_set * /*actual_mechs*/, 306 OM_uint32 * /*time_rec*/); 307 308 typedef OM_uint32 (GSS_CC *t_gss_inquire_cred_by_mech) 309 (OM_uint32 * /*minor_status*/, 310 const gss_cred_id_t /*cred_handle*/, 311 const gss_OID /*mech_type*/, 312 gss_name_t * /*name*/, 313 OM_uint32 * /*initiator_lifetime*/, 314 OM_uint32 * /*acceptor_lifetime*/, 315 gss_cred_usage_t * /*cred_usage*/); 316 317 struct gssapi_functions { 318 t_gss_delete_sec_context delete_sec_context; 319 t_gss_display_status display_status; 320 t_gss_get_mic get_mic; 321 t_gss_verify_mic verify_mic; 322 t_gss_import_name import_name; 323 t_gss_init_sec_context init_sec_context; 324 t_gss_release_buffer release_buffer; 325 t_gss_release_cred release_cred; 326 t_gss_release_name release_name; 327 t_gss_acquire_cred acquire_cred; 328 t_gss_inquire_cred_by_mech inquire_cred_by_mech; 329 }; 330 331 #endif /* NO_GSSAPI */ 332 333 #endif /* PUTTY_PGSSAPI_H */ 334