10Sstevel@tonic-gate /* 2*13132SGlenn.Barry@oracle.com * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 30Sstevel@tonic-gate */ 40Sstevel@tonic-gate #ifndef _GSSAPIP_SPNEGO_H_ 50Sstevel@tonic-gate #define _GSSAPIP_SPNEGO_H_ 60Sstevel@tonic-gate 70Sstevel@tonic-gate #ifdef __cplusplus 80Sstevel@tonic-gate extern "C" { 90Sstevel@tonic-gate #endif 100Sstevel@tonic-gate 110Sstevel@tonic-gate #include <gssapi/gssapi.h> 1210598SGlenn.Barry@Sun.COM #include <gssapi/gssapi_ext.h> 130Sstevel@tonic-gate #include <syslog.h> 140Sstevel@tonic-gate 150Sstevel@tonic-gate #define SEC_CONTEXT_TOKEN 1 160Sstevel@tonic-gate #define SPNEGO_SIZE_OF_INT 4 170Sstevel@tonic-gate 180Sstevel@tonic-gate #define ACCEPT_COMPLETE 0 190Sstevel@tonic-gate #define ACCEPT_INCOMPLETE 1 200Sstevel@tonic-gate #define REJECT 2 2110598SGlenn.Barry@Sun.COM #define REQUEST_MIC 3 2210598SGlenn.Barry@Sun.COM #define ACCEPT_DEFECTIVE_TOKEN 0xffffffffUL 230Sstevel@tonic-gate 240Sstevel@tonic-gate /* 250Sstevel@tonic-gate * constants for der encoding/decoding routines. 260Sstevel@tonic-gate */ 270Sstevel@tonic-gate 280Sstevel@tonic-gate #define MECH_OID 0x06 290Sstevel@tonic-gate #define OCTET_STRING 0x04 300Sstevel@tonic-gate #define CONTEXT 0xa0 310Sstevel@tonic-gate #define SEQUENCE 0x30 320Sstevel@tonic-gate #define SEQUENCE_OF 0x30 3310598SGlenn.Barry@Sun.COM #define BIT_STRING 0x03 3410598SGlenn.Barry@Sun.COM #define BIT_STRING_LENGTH 0x02 3510598SGlenn.Barry@Sun.COM #define BIT_STRING_PADDING 0x01 360Sstevel@tonic-gate #define ENUMERATED 0x0a 370Sstevel@tonic-gate #define ENUMERATION_LENGTH 1 380Sstevel@tonic-gate #define HEADER_ID 0x60 3910598SGlenn.Barry@Sun.COM #define GENERAL_STRING 0x1b 400Sstevel@tonic-gate 410Sstevel@tonic-gate /* 420Sstevel@tonic-gate * SPNEGO specific error codes (minor status codes) 430Sstevel@tonic-gate */ 440Sstevel@tonic-gate #define ERR_SPNEGO_NO_MECHS_AVAILABLE 0x20000001 450Sstevel@tonic-gate #define ERR_SPNEGO_NO_CREDS_ACQUIRED 0x20000002 460Sstevel@tonic-gate #define ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR 0x20000003 470Sstevel@tonic-gate #define ERR_SPNEGO_NEGOTIATION_FAILED 0x20000004 480Sstevel@tonic-gate #define ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR 0x20000005 490Sstevel@tonic-gate 500Sstevel@tonic-gate /* 510Sstevel@tonic-gate * send_token_flag is used to indicate in later steps what type 520Sstevel@tonic-gate * of token, if any should be sent or processed. 530Sstevel@tonic-gate * NO_TOKEN_SEND = no token should be sent 540Sstevel@tonic-gate * INIT_TOKEN_SEND = initial token will be sent 550Sstevel@tonic-gate * CONT_TOKEN_SEND = continuing tokens to be sent 560Sstevel@tonic-gate * CHECK_MIC = no token to be sent, but have a MIC to check. 570Sstevel@tonic-gate * ERROR_TOKEN_SEND = error token from peer needs to be sent. 580Sstevel@tonic-gate */ 590Sstevel@tonic-gate 600Sstevel@tonic-gate typedef enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND, 610Sstevel@tonic-gate CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag; 620Sstevel@tonic-gate 630Sstevel@tonic-gate /* 640Sstevel@tonic-gate * The Mech OID: 650Sstevel@tonic-gate * { iso(1) org(3) dod(6) internet(1) security(5) 660Sstevel@tonic-gate * mechanism(5) spnego(2) } 670Sstevel@tonic-gate */ 680Sstevel@tonic-gate 690Sstevel@tonic-gate #define SPNEGO_OID_LENGTH 6 700Sstevel@tonic-gate #define SPNEGO_OID "\053\006\001\005\005\002" 710Sstevel@tonic-gate 720Sstevel@tonic-gate typedef void *spnego_token_t; 730Sstevel@tonic-gate 7410598SGlenn.Barry@Sun.COM /* spnego name structure for internal representation. */ 7510598SGlenn.Barry@Sun.COM typedef struct { 7610598SGlenn.Barry@Sun.COM gss_OID type; 7710598SGlenn.Barry@Sun.COM gss_buffer_t buffer; 7810598SGlenn.Barry@Sun.COM gss_OID mech_type; 7910598SGlenn.Barry@Sun.COM gss_name_t mech_name; 8010598SGlenn.Barry@Sun.COM } spnego_name_desc, *spnego_name_t; 8110598SGlenn.Barry@Sun.COM 820Sstevel@tonic-gate /* Structure for context handle */ 830Sstevel@tonic-gate typedef struct { 8410598SGlenn.Barry@Sun.COM OM_uint32 magic_num; 850Sstevel@tonic-gate gss_buffer_desc DER_mechTypes; 860Sstevel@tonic-gate gss_OID internal_mech; 870Sstevel@tonic-gate gss_ctx_id_t ctx_handle; 880Sstevel@tonic-gate char *optionStr; 8910598SGlenn.Barry@Sun.COM gss_cred_id_t default_cred; 9010598SGlenn.Barry@Sun.COM int mic_reqd; 9110598SGlenn.Barry@Sun.COM int mic_sent; 9210598SGlenn.Barry@Sun.COM int mic_rcvd; 9310598SGlenn.Barry@Sun.COM int firstpass; 9410598SGlenn.Barry@Sun.COM int mech_complete; 9510598SGlenn.Barry@Sun.COM int nego_done; 9610598SGlenn.Barry@Sun.COM OM_uint32 ctx_flags; 9710598SGlenn.Barry@Sun.COM gss_name_t internal_name; 9810598SGlenn.Barry@Sun.COM gss_OID actual_mech; 99*13132SGlenn.Barry@oracle.com struct errinfo err; 1000Sstevel@tonic-gate } spnego_gss_ctx_id_rec, *spnego_gss_ctx_id_t; 1010Sstevel@tonic-gate 10210598SGlenn.Barry@Sun.COM /* 10310598SGlenn.Barry@Sun.COM * The magic number must be less than a standard pagesize 10410598SGlenn.Barry@Sun.COM * to avoid a possible collision with a real address. 10510598SGlenn.Barry@Sun.COM */ 10610598SGlenn.Barry@Sun.COM #define SPNEGO_MAGIC_ID 0x00000fed 1070Sstevel@tonic-gate 10810598SGlenn.Barry@Sun.COM /* SPNEGO oid declarations */ 10910598SGlenn.Barry@Sun.COM extern const gss_OID_desc * const gss_mech_spnego; 11010598SGlenn.Barry@Sun.COM extern const gss_OID_set_desc * const gss_mech_set_spnego; 1110Sstevel@tonic-gate 1120Sstevel@tonic-gate 1130Sstevel@tonic-gate #ifdef DEBUG 1140Sstevel@tonic-gate #define dsyslog(a) syslog(LOG_DEBUG, a) 1150Sstevel@tonic-gate #else 1160Sstevel@tonic-gate #define dsyslog(a) 1170Sstevel@tonic-gate #define SPNEGO_STATIC 1180Sstevel@tonic-gate #endif /* DEBUG */ 1190Sstevel@tonic-gate 1200Sstevel@tonic-gate /* 1210Sstevel@tonic-gate * declarations of internal name mechanism functions 1220Sstevel@tonic-gate */ 1230Sstevel@tonic-gate 1240Sstevel@tonic-gate OM_uint32 spnego_gss_acquire_cred 1250Sstevel@tonic-gate ( 12610598SGlenn.Barry@Sun.COM OM_uint32 *, /* minor_status */ 12710598SGlenn.Barry@Sun.COM gss_name_t, /* desired_name */ 12810598SGlenn.Barry@Sun.COM OM_uint32, /* time_req */ 12910598SGlenn.Barry@Sun.COM gss_OID_set, /* desired_mechs */ 13010598SGlenn.Barry@Sun.COM gss_cred_usage_t, /* cred_usage */ 13110598SGlenn.Barry@Sun.COM gss_cred_id_t *, /* output_cred_handle */ 13210598SGlenn.Barry@Sun.COM gss_OID_set *, /* actual_mechs */ 13310598SGlenn.Barry@Sun.COM OM_uint32 * /* time_rec */ 13410598SGlenn.Barry@Sun.COM ); 13510598SGlenn.Barry@Sun.COM 13610598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_acquire_cred 13710598SGlenn.Barry@Sun.COM ( 13810598SGlenn.Barry@Sun.COM void *, 1390Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 1400Sstevel@tonic-gate gss_name_t, /* desired_name */ 1410Sstevel@tonic-gate OM_uint32, /* time_req */ 1420Sstevel@tonic-gate gss_OID_set, /* desired_mechs */ 1430Sstevel@tonic-gate gss_cred_usage_t, /* cred_usage */ 1440Sstevel@tonic-gate gss_cred_id_t *, /* output_cred_handle */ 1450Sstevel@tonic-gate gss_OID_set *, /* actual_mechs */ 1460Sstevel@tonic-gate OM_uint32 * /* time_rec */ 1470Sstevel@tonic-gate ); 1480Sstevel@tonic-gate 1490Sstevel@tonic-gate OM_uint32 spnego_gss_release_cred 1500Sstevel@tonic-gate ( 15110598SGlenn.Barry@Sun.COM OM_uint32 *, /* minor_status */ 15210598SGlenn.Barry@Sun.COM /* CSTYLED */ 15310598SGlenn.Barry@Sun.COM gss_cred_id_t * /* cred_handle */ 15410598SGlenn.Barry@Sun.COM ); 15510598SGlenn.Barry@Sun.COM 15610598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_release_cred 15710598SGlenn.Barry@Sun.COM ( 15810598SGlenn.Barry@Sun.COM void *, 1590Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 1600Sstevel@tonic-gate /* CSTYLED */ 1610Sstevel@tonic-gate gss_cred_id_t * /* cred_handle */ 1620Sstevel@tonic-gate ); 1630Sstevel@tonic-gate 1640Sstevel@tonic-gate OM_uint32 spnego_gss_init_sec_context 1650Sstevel@tonic-gate ( 16610598SGlenn.Barry@Sun.COM OM_uint32 *, /* minor_status */ 16710598SGlenn.Barry@Sun.COM gss_cred_id_t, /* claimant_cred_handle */ 16810598SGlenn.Barry@Sun.COM gss_ctx_id_t *, /* context_handle */ 16910598SGlenn.Barry@Sun.COM gss_name_t, /* target_name */ 17010598SGlenn.Barry@Sun.COM gss_OID, /* mech_type */ 17110598SGlenn.Barry@Sun.COM OM_uint32, /* req_flags */ 17210598SGlenn.Barry@Sun.COM OM_uint32, /* time_req */ 17310598SGlenn.Barry@Sun.COM gss_channel_bindings_t, /* input_chan_bindings */ 17410598SGlenn.Barry@Sun.COM gss_buffer_t, /* input_token */ 17510598SGlenn.Barry@Sun.COM gss_OID *, /* actual_mech_type */ 17610598SGlenn.Barry@Sun.COM gss_buffer_t, /* output_token */ 17710598SGlenn.Barry@Sun.COM OM_uint32 *, /* ret_flags */ 17810598SGlenn.Barry@Sun.COM OM_uint32 * /* time_rec */ 17910598SGlenn.Barry@Sun.COM ); 18010598SGlenn.Barry@Sun.COM 18110598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_init_sec_context 18210598SGlenn.Barry@Sun.COM ( 18310598SGlenn.Barry@Sun.COM void *, 1840Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 1850Sstevel@tonic-gate gss_cred_id_t, /* claimant_cred_handle */ 1860Sstevel@tonic-gate gss_ctx_id_t *, /* context_handle */ 1870Sstevel@tonic-gate gss_name_t, /* target_name */ 1880Sstevel@tonic-gate gss_OID, /* mech_type */ 1890Sstevel@tonic-gate OM_uint32, /* req_flags */ 1900Sstevel@tonic-gate OM_uint32, /* time_req */ 1910Sstevel@tonic-gate gss_channel_bindings_t, /* input_chan_bindings */ 1920Sstevel@tonic-gate gss_buffer_t, /* input_token */ 1930Sstevel@tonic-gate gss_OID *, /* actual_mech_type */ 1940Sstevel@tonic-gate gss_buffer_t, /* output_token */ 1950Sstevel@tonic-gate OM_uint32 *, /* ret_flags */ 1960Sstevel@tonic-gate OM_uint32 * /* time_rec */ 1970Sstevel@tonic-gate ); 1980Sstevel@tonic-gate 19910598SGlenn.Barry@Sun.COM #ifndef LEAN_CLIENT 2000Sstevel@tonic-gate OM_uint32 spnego_gss_accept_sec_context 2010Sstevel@tonic-gate ( 20210598SGlenn.Barry@Sun.COM OM_uint32 *, /* minor_status */ 20310598SGlenn.Barry@Sun.COM gss_ctx_id_t *, /* context_handle */ 20410598SGlenn.Barry@Sun.COM gss_cred_id_t, /* verifier_cred_handle */ 20510598SGlenn.Barry@Sun.COM gss_buffer_t, /* input_token_buffer */ 20610598SGlenn.Barry@Sun.COM gss_channel_bindings_t, /* input_chan_bindings */ 20710598SGlenn.Barry@Sun.COM gss_name_t *, /* src_name */ 20810598SGlenn.Barry@Sun.COM gss_OID *, /* mech_type */ 20910598SGlenn.Barry@Sun.COM gss_buffer_t, /* output_token */ 21010598SGlenn.Barry@Sun.COM OM_uint32 *, /* ret_flags */ 21110598SGlenn.Barry@Sun.COM OM_uint32 *, /* time_rec */ 21210598SGlenn.Barry@Sun.COM /* CSTYLED */ 21310598SGlenn.Barry@Sun.COM gss_cred_id_t * /* delegated_cred_handle */ 21410598SGlenn.Barry@Sun.COM ); 21510598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_accept_sec_context 21610598SGlenn.Barry@Sun.COM ( 21710598SGlenn.Barry@Sun.COM void *, 2180Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2190Sstevel@tonic-gate gss_ctx_id_t *, /* context_handle */ 2200Sstevel@tonic-gate gss_cred_id_t, /* verifier_cred_handle */ 2210Sstevel@tonic-gate gss_buffer_t, /* input_token_buffer */ 2220Sstevel@tonic-gate gss_channel_bindings_t, /* input_chan_bindings */ 2230Sstevel@tonic-gate gss_name_t *, /* src_name */ 2240Sstevel@tonic-gate gss_OID *, /* mech_type */ 2250Sstevel@tonic-gate gss_buffer_t, /* output_token */ 2260Sstevel@tonic-gate OM_uint32 *, /* ret_flags */ 2270Sstevel@tonic-gate OM_uint32 *, /* time_rec */ 2280Sstevel@tonic-gate /* CSTYLED */ 2290Sstevel@tonic-gate gss_cred_id_t * /* delegated_cred_handle */ 2300Sstevel@tonic-gate ); 2310Sstevel@tonic-gate 23210598SGlenn.Barry@Sun.COM #endif /* LEAN_CLIENT */ 23310598SGlenn.Barry@Sun.COM 23410598SGlenn.Barry@Sun.COM OM_uint32 spnego_gss_compare_name 23510598SGlenn.Barry@Sun.COM ( 23610598SGlenn.Barry@Sun.COM OM_uint32 *, /* minor_status */ 23710598SGlenn.Barry@Sun.COM const gss_name_t, /* name1 */ 23810598SGlenn.Barry@Sun.COM const gss_name_t, /* name2 */ 23910598SGlenn.Barry@Sun.COM int * /* name_equal */ 24010598SGlenn.Barry@Sun.COM ); 24110598SGlenn.Barry@Sun.COM 24210598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_compare_name 24310598SGlenn.Barry@Sun.COM ( 24410598SGlenn.Barry@Sun.COM void *, 24510598SGlenn.Barry@Sun.COM OM_uint32 *, /* minor_status */ 24610598SGlenn.Barry@Sun.COM const gss_name_t, /* name1 */ 24710598SGlenn.Barry@Sun.COM const gss_name_t, /* name2 */ 24810598SGlenn.Barry@Sun.COM int * /* name_equal */ 24910598SGlenn.Barry@Sun.COM ); 25010598SGlenn.Barry@Sun.COM 2510Sstevel@tonic-gate OM_uint32 spnego_gss_display_name 2520Sstevel@tonic-gate ( 25310598SGlenn.Barry@Sun.COM OM_uint32 *, /* minor_status */ 25410598SGlenn.Barry@Sun.COM gss_name_t, /* input_name */ 25510598SGlenn.Barry@Sun.COM gss_buffer_t, /* output_name_buffer */ 25610598SGlenn.Barry@Sun.COM gss_OID * /* output_name_type */ 25710598SGlenn.Barry@Sun.COM ); 25810598SGlenn.Barry@Sun.COM 25910598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_display_name 26010598SGlenn.Barry@Sun.COM ( 2610Sstevel@tonic-gate void *, 2620Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2630Sstevel@tonic-gate gss_name_t, /* input_name */ 2640Sstevel@tonic-gate gss_buffer_t, /* output_name_buffer */ 2650Sstevel@tonic-gate gss_OID * /* output_name_type */ 2660Sstevel@tonic-gate ); 2670Sstevel@tonic-gate 2680Sstevel@tonic-gate OM_uint32 spnego_gss_display_status 2690Sstevel@tonic-gate ( 27010598SGlenn.Barry@Sun.COM OM_uint32 *, /* minor_status */ 27110598SGlenn.Barry@Sun.COM OM_uint32, /* status_value */ 27210598SGlenn.Barry@Sun.COM int, /* status_type */ 27310598SGlenn.Barry@Sun.COM gss_OID, /* mech_type */ 27410598SGlenn.Barry@Sun.COM OM_uint32 *, /* message_context */ 27510598SGlenn.Barry@Sun.COM gss_buffer_t /* status_string */ 27610598SGlenn.Barry@Sun.COM ); 27710598SGlenn.Barry@Sun.COM 278*13132SGlenn.Barry@oracle.com OM_uint32 spnego_gss_display_status2 279*13132SGlenn.Barry@oracle.com ( 280*13132SGlenn.Barry@oracle.com OM_uint32 *, /* minor_status */ 281*13132SGlenn.Barry@oracle.com OM_uint32, /* status_value */ 282*13132SGlenn.Barry@oracle.com int, /* status_type */ 283*13132SGlenn.Barry@oracle.com gss_OID, /* mech_type */ 284*13132SGlenn.Barry@oracle.com OM_uint32 *, /* message_context */ 285*13132SGlenn.Barry@oracle.com gss_buffer_t /* status_string */ 286*13132SGlenn.Barry@oracle.com ); 287*13132SGlenn.Barry@oracle.com 28810598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_display_status 28910598SGlenn.Barry@Sun.COM ( 29010598SGlenn.Barry@Sun.COM void *, 2910Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2920Sstevel@tonic-gate OM_uint32, /* status_value */ 2930Sstevel@tonic-gate int, /* status_type */ 2940Sstevel@tonic-gate gss_OID, /* mech_type */ 2950Sstevel@tonic-gate OM_uint32 *, /* message_context */ 2960Sstevel@tonic-gate gss_buffer_t /* status_string */ 2970Sstevel@tonic-gate ); 2980Sstevel@tonic-gate 2990Sstevel@tonic-gate OM_uint32 spnego_gss_import_name 3000Sstevel@tonic-gate ( 3010Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3020Sstevel@tonic-gate gss_buffer_t, /* input_name_buffer */ 3030Sstevel@tonic-gate gss_OID, /* input_name_type */ 3040Sstevel@tonic-gate /* CSTYLED */ 3050Sstevel@tonic-gate gss_name_t * /* output_name */ 3060Sstevel@tonic-gate ); 3070Sstevel@tonic-gate 30810598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_import_name 30910598SGlenn.Barry@Sun.COM ( 31010598SGlenn.Barry@Sun.COM void *, 31110598SGlenn.Barry@Sun.COM OM_uint32 *, /* minor_status */ 31210598SGlenn.Barry@Sun.COM gss_buffer_t, /* input_name_buffer */ 31310598SGlenn.Barry@Sun.COM gss_OID, /* input_name_type */ 31410598SGlenn.Barry@Sun.COM /* CSTYLED */ 31510598SGlenn.Barry@Sun.COM gss_name_t * /* output_name */ 31610598SGlenn.Barry@Sun.COM ); 3170Sstevel@tonic-gate OM_uint32 spnego_gss_release_name 3180Sstevel@tonic-gate ( 31910598SGlenn.Barry@Sun.COM OM_uint32 *, /* minor_status */ 32010598SGlenn.Barry@Sun.COM /* CSTYLED */ 32110598SGlenn.Barry@Sun.COM gss_name_t * /* input_name */ 32210598SGlenn.Barry@Sun.COM ); 32310598SGlenn.Barry@Sun.COM 32410598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_release_name 32510598SGlenn.Barry@Sun.COM ( 32610598SGlenn.Barry@Sun.COM void *, 32710598SGlenn.Barry@Sun.COM 3280Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3290Sstevel@tonic-gate /* CSTYLED */ 3300Sstevel@tonic-gate gss_name_t * /* input_name */ 3310Sstevel@tonic-gate ); 3320Sstevel@tonic-gate 3330Sstevel@tonic-gate OM_uint32 spnego_gss_inquire_names_for_mech 3340Sstevel@tonic-gate ( 33510598SGlenn.Barry@Sun.COM OM_uint32 *, /* minor_status */ 33610598SGlenn.Barry@Sun.COM gss_OID, /* mechanism */ 33710598SGlenn.Barry@Sun.COM gss_OID_set * /* name_types */ 33810598SGlenn.Barry@Sun.COM ); 33910598SGlenn.Barry@Sun.COM 34010598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_inquire_names_for_mech 34110598SGlenn.Barry@Sun.COM ( 34210598SGlenn.Barry@Sun.COM void *, 3430Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3440Sstevel@tonic-gate gss_OID, /* mechanism */ 3450Sstevel@tonic-gate gss_OID_set * /* name_types */ 3460Sstevel@tonic-gate ); 3470Sstevel@tonic-gate 34810598SGlenn.Barry@Sun.COM OM_uint32 spnego_gss_unwrap 3490Sstevel@tonic-gate ( 3500Sstevel@tonic-gate OM_uint32 *minor_status, 3510Sstevel@tonic-gate gss_ctx_id_t context_handle, 3520Sstevel@tonic-gate gss_buffer_t input_message_buffer, 3530Sstevel@tonic-gate gss_buffer_t output_message_buffer, 3540Sstevel@tonic-gate int *conf_state, 35510598SGlenn.Barry@Sun.COM gss_qop_t *qop_state 3560Sstevel@tonic-gate ); 3570Sstevel@tonic-gate 35810598SGlenn.Barry@Sun.COM OM_uint32 spnego_gss_wrap 3590Sstevel@tonic-gate ( 3600Sstevel@tonic-gate OM_uint32 *minor_status, 3610Sstevel@tonic-gate gss_ctx_id_t context_handle, 3620Sstevel@tonic-gate int conf_req_flag, 36310598SGlenn.Barry@Sun.COM gss_qop_t qop_req, 3640Sstevel@tonic-gate gss_buffer_t input_message_buffer, 3650Sstevel@tonic-gate int *conf_state, 3660Sstevel@tonic-gate gss_buffer_t output_message_buffer 3670Sstevel@tonic-gate ); 3680Sstevel@tonic-gate 3690Sstevel@tonic-gate OM_uint32 spnego_gss_process_context_token 3700Sstevel@tonic-gate ( 3710Sstevel@tonic-gate OM_uint32 *minor_status, 3720Sstevel@tonic-gate const gss_ctx_id_t context_handle, 3730Sstevel@tonic-gate const gss_buffer_t token_buffer 3740Sstevel@tonic-gate ); 3750Sstevel@tonic-gate 3760Sstevel@tonic-gate OM_uint32 spnego_gss_delete_sec_context 3770Sstevel@tonic-gate ( 37810598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 37910598SGlenn.Barry@Sun.COM gss_ctx_id_t *context_handle, 38010598SGlenn.Barry@Sun.COM gss_buffer_t output_token 38110598SGlenn.Barry@Sun.COM ); 38210598SGlenn.Barry@Sun.COM 38310598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_delete_sec_context 38410598SGlenn.Barry@Sun.COM ( 38510598SGlenn.Barry@Sun.COM void *, 38610598SGlenn.Barry@Sun.COM 3870Sstevel@tonic-gate OM_uint32 *minor_status, 3880Sstevel@tonic-gate gss_ctx_id_t *context_handle, 3890Sstevel@tonic-gate gss_buffer_t output_token 3900Sstevel@tonic-gate ); 3910Sstevel@tonic-gate 3920Sstevel@tonic-gate OM_uint32 spnego_gss_context_time 3930Sstevel@tonic-gate ( 39410598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 39510598SGlenn.Barry@Sun.COM const gss_ctx_id_t context_handle, 39610598SGlenn.Barry@Sun.COM OM_uint32 *time_rec 39710598SGlenn.Barry@Sun.COM ); 39810598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_context_time 39910598SGlenn.Barry@Sun.COM ( 40010598SGlenn.Barry@Sun.COM void *, 4010Sstevel@tonic-gate OM_uint32 *minor_status, 4020Sstevel@tonic-gate const gss_ctx_id_t context_handle, 4030Sstevel@tonic-gate OM_uint32 *time_rec 4040Sstevel@tonic-gate ); 4050Sstevel@tonic-gate 40610598SGlenn.Barry@Sun.COM #ifndef LEAN_CLIENT 4070Sstevel@tonic-gate OM_uint32 spnego_gss_export_sec_context 4080Sstevel@tonic-gate ( 40910598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 41010598SGlenn.Barry@Sun.COM gss_ctx_id_t *context_handle, 41110598SGlenn.Barry@Sun.COM gss_buffer_t interprocess_token 41210598SGlenn.Barry@Sun.COM ); 41310598SGlenn.Barry@Sun.COM 41410598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_export_sec_context 41510598SGlenn.Barry@Sun.COM ( 41610598SGlenn.Barry@Sun.COM void *, 4170Sstevel@tonic-gate OM_uint32 *minor_status, 4180Sstevel@tonic-gate gss_ctx_id_t *context_handle, 4190Sstevel@tonic-gate gss_buffer_t interprocess_token 4200Sstevel@tonic-gate ); 4210Sstevel@tonic-gate 4220Sstevel@tonic-gate OM_uint32 spnego_gss_import_sec_context 4230Sstevel@tonic-gate ( 4240Sstevel@tonic-gate OM_uint32 *minor_status, 4250Sstevel@tonic-gate const gss_buffer_t interprocess_token, 4260Sstevel@tonic-gate gss_ctx_id_t *context_handle 4270Sstevel@tonic-gate ); 42810598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_import_sec_context 42910598SGlenn.Barry@Sun.COM ( 43010598SGlenn.Barry@Sun.COM void *, 43110598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 43210598SGlenn.Barry@Sun.COM const gss_buffer_t interprocess_token, 43310598SGlenn.Barry@Sun.COM gss_ctx_id_t *context_handle 43410598SGlenn.Barry@Sun.COM ); 43510598SGlenn.Barry@Sun.COM #endif /* LEAN_CLIENT */ 4360Sstevel@tonic-gate 43710598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_inquire_context 4380Sstevel@tonic-gate ( 43910598SGlenn.Barry@Sun.COM void *, 4400Sstevel@tonic-gate OM_uint32 *minor_status, 4410Sstevel@tonic-gate const gss_ctx_id_t context_handle, 4420Sstevel@tonic-gate gss_name_t *src_name, 4430Sstevel@tonic-gate gss_name_t *targ_name, 4440Sstevel@tonic-gate OM_uint32 *lifetime_rec, 4450Sstevel@tonic-gate gss_OID *mech_type, 4460Sstevel@tonic-gate OM_uint32 *ctx_flags, 4470Sstevel@tonic-gate int *locally_initiated, 44810598SGlenn.Barry@Sun.COM int *opened 44910598SGlenn.Barry@Sun.COM ); 45010598SGlenn.Barry@Sun.COM 45110598SGlenn.Barry@Sun.COM OM_uint32 spnego_gss_inquire_context 45210598SGlenn.Barry@Sun.COM ( 45310598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 45410598SGlenn.Barry@Sun.COM const gss_ctx_id_t context_handle, 45510598SGlenn.Barry@Sun.COM gss_name_t *src_name, 45610598SGlenn.Barry@Sun.COM gss_name_t *targ_name, 45710598SGlenn.Barry@Sun.COM OM_uint32 *lifetime_rec, 45810598SGlenn.Barry@Sun.COM gss_OID *mech_type, 45910598SGlenn.Barry@Sun.COM OM_uint32 *ctx_flags, 46010598SGlenn.Barry@Sun.COM int *locally_initiated, 46110598SGlenn.Barry@Sun.COM int *opened 4620Sstevel@tonic-gate ); 4630Sstevel@tonic-gate 4640Sstevel@tonic-gate OM_uint32 spnego_gss_wrap_size_limit 4650Sstevel@tonic-gate ( 46610598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 46710598SGlenn.Barry@Sun.COM const gss_ctx_id_t context_handle, 46810598SGlenn.Barry@Sun.COM int conf_req_flag, 46910598SGlenn.Barry@Sun.COM gss_qop_t qop_req, 47010598SGlenn.Barry@Sun.COM OM_uint32 req_output_size, 47110598SGlenn.Barry@Sun.COM OM_uint32 *max_input_size 47210598SGlenn.Barry@Sun.COM ); 47310598SGlenn.Barry@Sun.COM 47410598SGlenn.Barry@Sun.COM OM_uint32 glue_spnego_gss_wrap_size_limit 47510598SGlenn.Barry@Sun.COM ( 47610598SGlenn.Barry@Sun.COM void *, 4770Sstevel@tonic-gate OM_uint32 *minor_status, 4780Sstevel@tonic-gate const gss_ctx_id_t context_handle, 4790Sstevel@tonic-gate int conf_req_flag, 4800Sstevel@tonic-gate gss_qop_t qop_req, 4810Sstevel@tonic-gate OM_uint32 req_output_size, 4820Sstevel@tonic-gate OM_uint32 *max_input_size 4830Sstevel@tonic-gate ); 4840Sstevel@tonic-gate 48510598SGlenn.Barry@Sun.COM OM_uint32 spnego_gss_get_mic 4860Sstevel@tonic-gate ( 4870Sstevel@tonic-gate OM_uint32 *minor_status, 4880Sstevel@tonic-gate const gss_ctx_id_t context_handle, 48910598SGlenn.Barry@Sun.COM gss_qop_t qop_req, 4900Sstevel@tonic-gate const gss_buffer_t message_buffer, 4910Sstevel@tonic-gate gss_buffer_t message_token 4920Sstevel@tonic-gate ); 4930Sstevel@tonic-gate 49410598SGlenn.Barry@Sun.COM OM_uint32 spnego_gss_verify_mic 4950Sstevel@tonic-gate ( 4960Sstevel@tonic-gate OM_uint32 *minor_status, 4970Sstevel@tonic-gate const gss_ctx_id_t context_handle, 4980Sstevel@tonic-gate const gss_buffer_t msg_buffer, 4990Sstevel@tonic-gate const gss_buffer_t token_buffer, 50010598SGlenn.Barry@Sun.COM gss_qop_t *qop_state 50110598SGlenn.Barry@Sun.COM ); 50210598SGlenn.Barry@Sun.COM 50310598SGlenn.Barry@Sun.COM OM_uint32 50410598SGlenn.Barry@Sun.COM spnego_gss_inquire_sec_context_by_oid 50510598SGlenn.Barry@Sun.COM ( 50610598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 50710598SGlenn.Barry@Sun.COM const gss_ctx_id_t context_handle, 50810598SGlenn.Barry@Sun.COM const gss_OID desired_object, 50910598SGlenn.Barry@Sun.COM gss_buffer_set_t *data_set 51010598SGlenn.Barry@Sun.COM ); 51110598SGlenn.Barry@Sun.COM 51210598SGlenn.Barry@Sun.COM 51310598SGlenn.Barry@Sun.COM #if 0 /* SUNW17PACresync - will be needed for full MIT 1.7 resync */ 51410598SGlenn.Barry@Sun.COM OM_uint32 spnego_gss_wrap_aead 51510598SGlenn.Barry@Sun.COM ( 51610598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 51710598SGlenn.Barry@Sun.COM gss_ctx_id_t context_handle, 51810598SGlenn.Barry@Sun.COM int conf_req_flag, 51910598SGlenn.Barry@Sun.COM gss_qop_t qop_req, 52010598SGlenn.Barry@Sun.COM gss_buffer_t input_assoc_buffer, 52110598SGlenn.Barry@Sun.COM gss_buffer_t input_payload_buffer, 52210598SGlenn.Barry@Sun.COM int *conf_state, 52310598SGlenn.Barry@Sun.COM gss_buffer_t output_message_buffer 5240Sstevel@tonic-gate ); 5250Sstevel@tonic-gate 52610598SGlenn.Barry@Sun.COM OM_uint32 spnego_gss_unwrap_aead 527160Swyllys ( 528160Swyllys OM_uint32 *minor_status, 52910598SGlenn.Barry@Sun.COM gss_ctx_id_t context_handle, 53010598SGlenn.Barry@Sun.COM gss_buffer_t input_message_buffer, 53110598SGlenn.Barry@Sun.COM gss_buffer_t input_assoc_buffer, 53210598SGlenn.Barry@Sun.COM gss_buffer_t output_payload_buffer, 53310598SGlenn.Barry@Sun.COM int *conf_state, 53410598SGlenn.Barry@Sun.COM gss_qop_t *qop_state 53510598SGlenn.Barry@Sun.COM ); 53610598SGlenn.Barry@Sun.COM 53710598SGlenn.Barry@Sun.COM OM_uint32 spnego_gss_wrap_iov 53810598SGlenn.Barry@Sun.COM ( 53910598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 54010598SGlenn.Barry@Sun.COM gss_ctx_id_t context_handle, 54110598SGlenn.Barry@Sun.COM int conf_req_flag, 54210598SGlenn.Barry@Sun.COM gss_qop_t qop_req, 54310598SGlenn.Barry@Sun.COM int *conf_state, 54410598SGlenn.Barry@Sun.COM gss_iov_buffer_desc *iov, 54510598SGlenn.Barry@Sun.COM int iov_count 546160Swyllys ); 547160Swyllys 54810598SGlenn.Barry@Sun.COM OM_uint32 spnego_gss_unwrap_iov 54910598SGlenn.Barry@Sun.COM ( 55010598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 55110598SGlenn.Barry@Sun.COM gss_ctx_id_t context_handle, 55210598SGlenn.Barry@Sun.COM int *conf_state, 55310598SGlenn.Barry@Sun.COM gss_qop_t *qop_state, 55410598SGlenn.Barry@Sun.COM gss_iov_buffer_desc *iov, 55510598SGlenn.Barry@Sun.COM int iov_count 55610598SGlenn.Barry@Sun.COM ); 55710598SGlenn.Barry@Sun.COM 55810598SGlenn.Barry@Sun.COM OM_uint32 spnego_gss_wrap_iov_length 55910598SGlenn.Barry@Sun.COM ( 56010598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 56110598SGlenn.Barry@Sun.COM gss_ctx_id_t context_handle, 56210598SGlenn.Barry@Sun.COM int conf_req_flag, 56310598SGlenn.Barry@Sun.COM gss_qop_t qop_req, 56410598SGlenn.Barry@Sun.COM int *conf_state, 56510598SGlenn.Barry@Sun.COM gss_iov_buffer_desc *iov, 56610598SGlenn.Barry@Sun.COM int iov_count 56710598SGlenn.Barry@Sun.COM ); 56810598SGlenn.Barry@Sun.COM 56910598SGlenn.Barry@Sun.COM OM_uint32 57010598SGlenn.Barry@Sun.COM spnego_gss_complete_auth_token 57110598SGlenn.Barry@Sun.COM ( 57210598SGlenn.Barry@Sun.COM OM_uint32 *minor_status, 57310598SGlenn.Barry@Sun.COM const gss_ctx_id_t context_handle, 57410598SGlenn.Barry@Sun.COM gss_buffer_t input_message_buffer 57510598SGlenn.Barry@Sun.COM ); 57610598SGlenn.Barry@Sun.COM #endif /* 0 */ 577160Swyllys 578*13132SGlenn.Barry@oracle.com /* 579*13132SGlenn.Barry@oracle.com * Solaris SPNEGO 580*13132SGlenn.Barry@oracle.com * Cloned the krb5_*_error_message and krb5_gss_*_error_info APIs 581*13132SGlenn.Barry@oracle.com * to give similar functionality to SPNEGO mech. 582*13132SGlenn.Barry@oracle.com * See new files in this dir: 583*13132SGlenn.Barry@oracle.com * spnego_disp_status.c 584*13132SGlenn.Barry@oracle.com * spnego_kerrs.c 585*13132SGlenn.Barry@oracle.com * error_map.h 586*13132SGlenn.Barry@oracle.com */ 587*13132SGlenn.Barry@oracle.com typedef int spnego_error_code; 588*13132SGlenn.Barry@oracle.com void spnego_set_error_message (spnego_gss_ctx_id_t, spnego_error_code, const char *, ...); 589*13132SGlenn.Barry@oracle.com const char * spnego_get_error_message (spnego_gss_ctx_id_t, spnego_error_code); 590*13132SGlenn.Barry@oracle.com void spnego_free_error_message (spnego_gss_ctx_id_t, const char *); 591*13132SGlenn.Barry@oracle.com void spnego_clear_error_message (spnego_gss_ctx_id_t); 592*13132SGlenn.Barry@oracle.com 593*13132SGlenn.Barry@oracle.com void spnego_gss_save_error_info(OM_uint32 minor_code, spnego_gss_ctx_id_t ctx); 594*13132SGlenn.Barry@oracle.com char *spnego_gss_get_error_message(OM_uint32 minor_code); 595*13132SGlenn.Barry@oracle.com void spnego_gss_delete_error_info(void *p); 596*13132SGlenn.Barry@oracle.com 597*13132SGlenn.Barry@oracle.com OM_uint32 krb5_gss_display_status2(); 5980Sstevel@tonic-gate #ifdef __cplusplus 5990Sstevel@tonic-gate } 6000Sstevel@tonic-gate #endif 6010Sstevel@tonic-gate 6020Sstevel@tonic-gate #endif /* _GSSAPIP_SPNEGO_H_ */ 603