1 /* 2 * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* $Id: gssapi_krb5.h 20385 2007-04-18 08:51:32Z lha $ */ 35 36 #ifndef GSSAPI_KRB5_H_ 37 #define GSSAPI_KRB5_H_ 38 39 #include <gssapi/gssapi.h> 40 41 #ifdef __cplusplus 42 extern "C" { 43 #endif 44 45 /* 46 * This is for kerberos5 names. 47 */ 48 49 extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; 50 extern gss_OID GSS_KRB5_NT_USER_NAME; 51 extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; 52 extern gss_OID GSS_KRB5_NT_STRING_UID_NAME; 53 54 extern gss_OID GSS_KRB5_MECHANISM; 55 56 /* for compatibility with MIT api */ 57 58 #define gss_mech_krb5 GSS_KRB5_MECHANISM 59 #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME 60 61 /* Extensions set contexts options */ 62 extern gss_OID GSS_KRB5_COPY_CCACHE_X; 63 extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X; 64 extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X; 65 extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X; 66 extern gss_OID GSS_KRB5_SEND_TO_KDC_X; 67 extern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X; 68 extern gss_OID GSS_KRB5_CCACHE_NAME_X; 69 /* Extensions inquire context */ 70 extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X; 71 extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X; 72 extern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO; 73 extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X; 74 extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X; 75 extern gss_OID GSS_KRB5_GET_SUBKEY_X; 76 extern gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X; 77 extern gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X; 78 extern gss_OID GSS_KRB5_GET_AUTHTIME_X; 79 extern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X; 80 /* Extensions creds */ 81 extern gss_OID GSS_KRB5_IMPORT_CRED_X; 82 extern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X; 83 84 /* 85 * kerberos mechanism specific functions 86 */ 87 88 struct krb5_keytab_data; 89 struct krb5_ccache_data; 90 struct Principal; 91 92 OM_uint32 93 gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, 94 const char * /*name */, 95 const char ** /*out_name */); 96 97 OM_uint32 gsskrb5_register_acceptor_identity 98 (const char */*identity*/); 99 100 OM_uint32 gss_krb5_copy_ccache 101 (OM_uint32 */*minor*/, 102 gss_cred_id_t /*cred*/, 103 struct krb5_ccache_data */*out*/); 104 105 OM_uint32 106 gss_krb5_import_cred(OM_uint32 */*minor*/, 107 struct krb5_ccache_data * /*in*/, 108 struct Principal * /*keytab_principal*/, 109 struct krb5_keytab_data * /*keytab*/, 110 gss_cred_id_t */*out*/); 111 112 OM_uint32 gss_krb5_get_tkt_flags 113 (OM_uint32 */*minor*/, 114 gss_ctx_id_t /*context_handle*/, 115 OM_uint32 */*tkt_flags*/); 116 117 OM_uint32 118 gsskrb5_extract_authz_data_from_sec_context 119 (OM_uint32 * /*minor_status*/, 120 gss_ctx_id_t /*context_handle*/, 121 int /*ad_type*/, 122 gss_buffer_t /*ad_data*/); 123 124 OM_uint32 125 gsskrb5_set_dns_canonicalize(int); 126 127 struct gsskrb5_send_to_kdc { 128 void *func; 129 void *ptr; 130 }; 131 132 OM_uint32 133 gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *); 134 135 OM_uint32 136 gsskrb5_set_default_realm(const char *); 137 138 OM_uint32 139 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *); 140 141 struct EncryptionKey; 142 143 OM_uint32 144 gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, 145 gss_ctx_id_t context_handle, 146 struct EncryptionKey **out); 147 OM_uint32 148 gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, 149 gss_ctx_id_t context_handle, 150 struct EncryptionKey **out); 151 OM_uint32 152 gsskrb5_get_subkey(OM_uint32 *minor_status, 153 gss_ctx_id_t context_handle, 154 struct EncryptionKey **out); 155 156 /* 157 * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to 158 * do GSS content token handling in-kernel. 159 */ 160 161 typedef struct gss_krb5_lucid_key { 162 OM_uint32 type; 163 OM_uint32 length; 164 void * data; 165 } gss_krb5_lucid_key_t; 166 167 typedef struct gss_krb5_rfc1964_keydata { 168 OM_uint32 sign_alg; 169 OM_uint32 seal_alg; 170 gss_krb5_lucid_key_t ctx_key; 171 } gss_krb5_rfc1964_keydata_t; 172 173 typedef struct gss_krb5_cfx_keydata { 174 OM_uint32 have_acceptor_subkey; 175 gss_krb5_lucid_key_t ctx_key; 176 gss_krb5_lucid_key_t acceptor_subkey; 177 } gss_krb5_cfx_keydata_t; 178 179 typedef struct gss_krb5_lucid_context_v1 { 180 OM_uint32 version; 181 OM_uint32 initiate; 182 OM_uint32 endtime; 183 OM_uint64 send_seq; 184 OM_uint64 recv_seq; 185 OM_uint32 protocol; 186 gss_krb5_rfc1964_keydata_t rfc1964_kd; 187 gss_krb5_cfx_keydata_t cfx_kd; 188 } gss_krb5_lucid_context_v1_t; 189 190 typedef struct gss_krb5_lucid_context_version { 191 OM_uint32 version; /* Structure version number */ 192 } gss_krb5_lucid_context_version_t; 193 194 /* 195 * Function declarations 196 */ 197 198 OM_uint32 199 gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, 200 gss_ctx_id_t *context_handle, 201 OM_uint32 version, 202 void **kctx); 203 204 205 OM_uint32 206 gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, 207 void *kctx); 208 209 210 OM_uint32 211 gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, 212 gss_cred_id_t cred, 213 OM_uint32 num_enctypes, 214 int32_t *enctypes); 215 216 #ifdef __cplusplus 217 } 218 #endif 219 220 #endif /* GSSAPI_SPNEGO_H_ */ 221