1 /* $NetBSD: gssapi_krb5.h,v 1.2 2017/01/28 21:31:46 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 /* Id */ 37 38 #ifndef GSSAPI_KRB5_H_ 39 #define GSSAPI_KRB5_H_ 40 41 #include <gssapi/gssapi.h> 42 #include <gssapi/gssapi_oid.h> 43 44 GSSAPI_CPP_START 45 46 #if !defined(__GNUC__) && !defined(__attribute__) 47 #define __attribute__(x) 48 #endif 49 50 #ifndef GSSKRB5_FUNCTION_DEPRECATED 51 #define GSSKRB5_FUNCTION_DEPRECATED __attribute__((deprecated)) 52 #endif 53 54 55 /* 56 * This is for kerberos5 names. 57 */ 58 59 extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc; 60 #define GSS_KRB5_NT_PRINCIPAL_NAME (&__gss_krb5_nt_principal_name_oid_desc) 61 62 #define GSS_KRB5_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc) 63 #define GSS_KRB5_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc) 64 #define GSS_KRB5_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc) 65 66 /* for compatibility with MIT api */ 67 68 #define gss_mech_krb5 GSS_KRB5_MECHANISM 69 #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME 70 71 /* 72 * kerberos mechanism specific functions 73 */ 74 75 struct krb5_keytab_data; 76 struct krb5_ccache_data; 77 struct Principal; 78 79 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 80 gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, 81 const char * /*name */, 82 const char ** /*out_name */); 83 84 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_register_acceptor_identity 85 (const char * /*identity*/); 86 87 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL krb5_gss_register_acceptor_identity 88 (const char * /*identity*/); 89 90 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_copy_ccache 91 (OM_uint32 * /*minor*/, 92 gss_cred_id_t /*cred*/, 93 struct krb5_ccache_data * /*out*/); 94 95 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 96 gss_krb5_import_cred(OM_uint32 * /*minor*/, 97 struct krb5_ccache_data * /*in*/, 98 struct Principal * /*keytab_principal*/, 99 struct krb5_keytab_data * /*keytab*/, 100 gss_cred_id_t * /*out*/); 101 102 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_get_tkt_flags 103 (OM_uint32 * /*minor*/, 104 gss_ctx_id_t /*context_handle*/, 105 OM_uint32 * /*tkt_flags*/); 106 107 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 108 gsskrb5_extract_authz_data_from_sec_context 109 (OM_uint32 * /*minor_status*/, 110 gss_ctx_id_t /*context_handle*/, 111 int /*ad_type*/, 112 gss_buffer_t /*ad_data*/); 113 114 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 115 gsskrb5_set_dns_canonicalize(int); 116 117 struct gsskrb5_send_to_kdc { 118 void *func; 119 void *ptr; 120 }; 121 122 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 123 gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *) 124 GSSKRB5_FUNCTION_DEPRECATED; 125 126 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 127 gsskrb5_set_default_realm(const char *); 128 129 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 130 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *); 131 132 struct EncryptionKey; 133 134 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 135 gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, 136 gss_ctx_id_t context_handle, 137 struct EncryptionKey **out); 138 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 139 gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, 140 gss_ctx_id_t context_handle, 141 struct EncryptionKey **out); 142 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 143 gsskrb5_get_subkey(OM_uint32 *minor_status, 144 gss_ctx_id_t context_handle, 145 struct EncryptionKey **out); 146 147 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 148 gsskrb5_set_time_offset(int); 149 150 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 151 gsskrb5_get_time_offset(int *); 152 153 struct gsskrb5_krb5_plugin { 154 int type; 155 char *name; 156 void *symbol; 157 }; 158 159 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 160 gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *); 161 162 163 /* 164 * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to 165 * do GSS content token handling in-kernel. 166 */ 167 168 typedef struct gss_krb5_lucid_key { 169 OM_uint32 type; 170 OM_uint32 length; 171 void * data; 172 } gss_krb5_lucid_key_t; 173 174 typedef struct gss_krb5_rfc1964_keydata { 175 OM_uint32 sign_alg; 176 OM_uint32 seal_alg; 177 gss_krb5_lucid_key_t ctx_key; 178 } gss_krb5_rfc1964_keydata_t; 179 180 typedef struct gss_krb5_cfx_keydata { 181 OM_uint32 have_acceptor_subkey; 182 gss_krb5_lucid_key_t ctx_key; 183 gss_krb5_lucid_key_t acceptor_subkey; 184 } gss_krb5_cfx_keydata_t; 185 186 typedef struct gss_krb5_lucid_context_v1 { 187 OM_uint32 version; 188 OM_uint32 initiate; 189 OM_uint32 endtime; 190 OM_uint64 send_seq; 191 OM_uint64 recv_seq; 192 OM_uint32 protocol; 193 gss_krb5_rfc1964_keydata_t rfc1964_kd; 194 gss_krb5_cfx_keydata_t cfx_kd; 195 } gss_krb5_lucid_context_v1_t; 196 197 typedef struct gss_krb5_lucid_context_version { 198 OM_uint32 version; /* Structure version number */ 199 } gss_krb5_lucid_context_version_t; 200 201 /* 202 * Function declarations 203 */ 204 205 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 206 gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, 207 gss_ctx_id_t *context_handle, 208 OM_uint32 version, 209 void **kctx); 210 211 212 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 213 gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, 214 void *kctx); 215 216 217 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 218 gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, 219 gss_cred_id_t cred, 220 OM_uint32 num_enctypes, 221 int32_t *enctypes); 222 223 GSSAPI_CPP_END 224 225 #endif /* GSSAPI_SPNEGO_H_ */ 226