1 /* -*- mode: c; indent-tabs-mode: nil -*- */
3 * Copyright 2000, 2008 by the Massachusetts Institute of Technology.
6 * Export of this software from the United States of America may
7 * require a specific license from the United States Government.
8 * It is the responsibility of any person or organization contemplating
9 * export to obtain such a license before exporting.
11 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12 * distribute this software and its documentation for any purpose and
13 * without fee is hereby granted, provided that the above copyright
14 * notice appear in all copies and that both that copyright notice and
15 * this permission notice appear in supporting documentation, and that
16 * the name of M.I.T. not be used in advertising or publicity pertaining
17 * to distribution of the software without specific, written prior
18 * permission. Furthermore if you modify this software you must label
19 * your software as modified software and not distribute it in such a
20 * fashion that it might be confused with the original M.I.T. software.
21 * M.I.T. makes no representations about the suitability of
22 * this software for any purpose. It is provided "as is" without express
23 * or implied warranty.
27 * Copyright 1993 by OpenVision Technologies, Inc.
29 * Permission to use, copy, modify, distribute, and sell this software
30 * and its documentation for any purpose is hereby granted without fee,
31 * provided that the above copyright notice appears in all copies and
32 * that both that copyright notice and this permission notice appear in
33 * supporting documentation, and that the name of OpenVision not be used
34 * in advertising or publicity pertaining to distribution of the software
35 * without specific, written prior permission. OpenVision makes no
36 * representations about the suitability of this software for any
37 * purpose. It is provided "as is" without express or implied warranty.
39 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
40 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
41 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
42 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
43 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
44 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
45 * PERFORMANCE OF THIS SOFTWARE.
48 #ifndef _GSSAPIP_KRB5_H_
49 #define _GSSAPIP_KRB5_H_
57 /* work around sunos braindamage */
65 #include "gssapiP_generic.h"
67 /* The include of gssapi_krb5.h will dtrt with the above #defines in
70 #include "gssapi_krb5.h"
71 #include "gssapi_err_krb5.h"
72 #include "gssapi_ext.h"
79 #define GSS_MECH_KRB5_OID_LENGTH 9
80 #define GSS_MECH_KRB5_OID "\052\206\110\206\367\022\001\002\002"
82 #define GSS_MECH_KRB5_OLD_OID_LENGTH 5
83 #define GSS_MECH_KRB5_OLD_OID "\053\005\001\005\002"
85 /* Incorrect krb5 mech OID emitted by MS. */
86 #define GSS_MECH_KRB5_WRONG_OID_LENGTH 9
87 #define GSS_MECH_KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002"
90 #define GSS_MECH_IAKERB_OID_LENGTH 6
91 #define GSS_MECH_IAKERB_OID "\053\006\001\005\002\005"
93 extern const gss_OID_set kg_all_mechs;
95 #define CKSUMTYPE_KG_CB 0x8003
97 #define KG_TOK_CTX_AP_REQ 0x0100
98 #define KG_TOK_CTX_AP_REP 0x0200
99 #define KG_TOK_CTX_ERROR 0x0300
100 #define KG_TOK_SIGN_MSG 0x0101
101 #define KG_TOK_SEAL_MSG 0x0201
102 #define KG_TOK_MIC_MSG 0x0101
103 #define KG_TOK_WRAP_MSG 0x0201
104 #define KG_TOK_DEL_CTX 0x0102
105 #define KG2_TOK_MIC_MSG 0x0404
106 #define KG2_TOK_WRAP_MSG 0x0504
107 #define KG2_TOK_DEL_CTX 0x0405
108 #define IAKERB_TOK_PROXY 0x0501
110 #define KRB5_GSS_FOR_CREDS_OPTION 1
112 #define KG2_RESP_FLAG_ERROR 0x0001
113 #define KG2_RESP_FLAG_DELEG_OK 0x0002
116 #define FLAG_SENDER_IS_ACCEPTOR 0x01
117 #define FLAG_WRAP_CONFIDENTIAL 0x02
118 #define FLAG_ACCEPTOR_SUBKEY 0x04
120 /* These are to be stored in little-endian order, i.e., des-mac is
123 SGN_ALG_DES_MAC_MD5 = 0x0000,
124 SGN_ALG_MD2_5 = 0x0001,
125 SGN_ALG_DES_MAC = 0x0002,
126 SGN_ALG_3 = 0x0003, /* not published */
127 SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */
128 SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004
131 SEAL_ALG_NONE = 0xffff,
132 SEAL_ALG_DES = 0x0000,
133 SEAL_ALG_1 = 0x0001, /* not published */
134 SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */
135 SEAL_ALG_DES3KD = 0x0002
139 #define KG_USAGE_SEAL 22
140 #define KG_USAGE_SIGN 23
141 #define KG_USAGE_SEQ 24
143 /* for draft-ietf-krb-wg-gssapi-cfx-01 */
144 #define KG_USAGE_ACCEPTOR_SEAL 22
145 #define KG_USAGE_ACCEPTOR_SIGN 23
146 #define KG_USAGE_INITIATOR_SEAL 24
147 #define KG_USAGE_INITIATOR_SIGN 25
150 GSS_KRB5_INTEG_C_QOP_MD5 = 0x0001, /* *partial* MD5 = "MD2.5" */
151 GSS_KRB5_INTEG_C_QOP_DES_MD5 = 0x0002,
152 GSS_KRB5_INTEG_C_QOP_DES_MAC = 0x0003,
153 GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004,
154 GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff,
155 GSS_KRB5_CONF_C_QOP_DES = 0x0100,
156 GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200,
157 GSS_KRB5_CONF_C_QOP_MASK = 0xff00
160 /** internal types **/
162 typedef struct _krb5_gss_name_rec {
163 krb5_principal princ; /* immutable */
164 char *service; /* immutable */
165 char *host; /* immutable */
166 k5_mutex_t lock; /* protects ad_context only for now */
167 krb5_authdata_context ad_context;
168 } krb5_gss_name_rec, *krb5_gss_name_t;
170 typedef struct _krb5_gss_cred_id_rec {
171 /* protect against simultaneous accesses */
174 /* name/type of credential */
175 gss_cred_usage_t usage;
176 krb5_gss_name_t name;
177 krb5_principal impersonator;
178 unsigned int default_identity : 1;
179 unsigned int iakerb_mech : 1;
180 unsigned int destroy_ccache : 1;
181 unsigned int suppress_ci_flags : 1;
183 /* keytab (accept) data */
187 /* ccache (init) data */
189 krb5_keytab client_keytab;
190 krb5_boolean have_tgt;
191 krb5_timestamp expire;
192 krb5_timestamp refresh_time;
193 krb5_enctype *req_enctypes; /* limit negotiated enctypes to this list */
195 } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t;
197 typedef struct _krb5_gss_ctx_ext_rec {
202 } krb5_gss_ctx_ext_rec, *krb5_gss_ctx_ext_t;
204 typedef struct _krb5_gss_ctx_id_rec {
206 unsigned int initiate : 1; /* nonzero if initiating, zero if accepting */
207 unsigned int established : 1;
208 unsigned int have_acceptor_subkey : 1;
209 unsigned int seed_init : 1; /* XXX tested but never actually set */
210 unsigned int terminated : 1;
212 unsigned char seed[16];
213 krb5_gss_name_t here;
214 krb5_gss_name_t there;
215 krb5_key subkey; /* One of two potential keys to use with RFC 4121
216 * packets; this key must always be set. */
220 krb5_key enc; /* RFC 1964 encryption key; seq xored with a constant
221 * for DES, seq for other RFC 1964 enctypes */
222 krb5_key seq; /* RFC 1964 sequencing key */
223 krb5_ticket_times krb_times;
224 krb5_flags krb_flags;
225 /* XXX these used to be signed. the old spec is inspecific, and
226 the new spec specifies unsigned. I don't believe that the change
227 affects the wire encoding. */
230 g_seqnum_state seqstate;
231 krb5_context k5_context;
232 krb5_auth_context auth_context;
233 gss_OID_desc *mech_used;
234 /* Protocol spec revision for sending packets
235 0 => RFC 1964 with 3DES and RC4 enhancements
237 No others defined so far. It is always permitted to receive
238 tokens in RFC 4121 format. If enc is non-null, receiving RFC
239 1964 tokens is permitted.*/
241 krb5_cksumtype cksumtype; /* for "main" subkey */
242 krb5_key acceptor_subkey; /* CFX only */
243 krb5_cksumtype acceptor_subkey_cksumtype;
244 int cred_rcache; /* did we get rcache from creds? */
245 krb5_authdata **authdata;
246 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
251 extern k5_mutex_t gssint_krb5_keytab_lock;
252 #endif /* LEAN_CLIENT */
254 /** helper functions **/
256 OM_uint32 kg_get_defcred
257 (OM_uint32 *minor_status,
258 gss_cred_id_t *cred);
260 krb5_error_code kg_checksum_channel_bindings
261 (krb5_context context, gss_channel_bindings_t cb,
262 krb5_checksum *cksum);
264 krb5_error_code kg_make_seq_num (krb5_context context,
266 int direction, krb5_ui_4 seqnum, unsigned char *cksum,
269 krb5_error_code kg_get_seq_num (krb5_context context,
271 unsigned char *cksum, unsigned char *buf, int *direction,
274 krb5_error_code kg_make_seed (krb5_context context,
276 unsigned char *seed);
279 kg_setup_keys(krb5_context context,
280 krb5_gss_ctx_id_rec *ctx,
282 krb5_cksumtype *cksumtype);
284 int kg_confounder_size (krb5_context context, krb5_enctype enctype);
286 krb5_error_code kg_make_confounder (krb5_context context,
287 krb5_enctype enctype, unsigned char *buf);
289 krb5_error_code kg_encrypt (krb5_context context,
290 krb5_key key, int usage,
292 krb5_const_pointer in,
294 unsigned int length);
296 /* Encrypt length bytes at ptr in place, with the given key and usage. If
297 * iv is not NULL, use it as the cipher state. */
298 krb5_error_code kg_encrypt_inplace(krb5_context context, krb5_key key,
299 int usage, krb5_pointer iv,
300 krb5_pointer ptr, unsigned int length);
302 krb5_error_code kg_encrypt_iov (krb5_context context,
303 int proto, int dce_style,
304 size_t ec, size_t rrc,
305 krb5_key key, int usage,
307 gss_iov_buffer_desc *iov,
311 kg_arcfour_docrypt (const krb5_keyblock *keyblock, int usage,
312 const unsigned char *kd_data, size_t kd_data_len,
313 const unsigned char *input_buf, size_t input_len,
314 unsigned char *output_buf);
317 kg_arcfour_docrypt_iov (krb5_context context,
318 const krb5_keyblock *keyblock, int usage,
319 const unsigned char *kd_data, size_t kd_data_len,
320 gss_iov_buffer_desc *iov,
323 krb5_error_code kg_decrypt (krb5_context context,
324 krb5_key key, int usage,
326 krb5_const_pointer in,
328 unsigned int length);
330 krb5_error_code kg_decrypt_iov (krb5_context context,
331 int proto, int dce_style,
332 size_t ec, size_t rrc,
333 krb5_key key, int usage,
335 gss_iov_buffer_desc *iov,
338 OM_uint32 kg_seal (OM_uint32 *minor_status,
339 gss_ctx_id_t context_handle,
342 gss_buffer_t input_message_buffer,
344 gss_buffer_t output_message_buffer,
347 OM_uint32 kg_unseal (OM_uint32 *minor_status,
348 gss_ctx_id_t context_handle,
349 gss_buffer_t input_token_buffer,
350 gss_buffer_t message_buffer,
352 gss_qop_t *qop_state,
355 OM_uint32 kg_seal_size (OM_uint32 *minor_status,
356 gss_ctx_id_t context_handle,
359 OM_uint32 output_size,
360 OM_uint32 *input_size);
362 krb5_error_code kg_ctx_size (krb5_context kcontext,
366 krb5_error_code kg_ctx_externalize (krb5_context kcontext,
371 krb5_error_code kg_ctx_internalize (krb5_context kcontext,
376 OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status);
378 OM_uint32 kg_caller_provided_ccache_name (OM_uint32 *minor_status,
379 int *out_caller_provided_name);
381 OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status,
382 const char **out_name);
384 OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status,
389 krb5_error_code gss_krb5int_make_seal_token_v3_iov(krb5_context context,
390 krb5_gss_ctx_id_rec *ctx,
393 gss_iov_buffer_desc *iov,
397 OM_uint32 gss_krb5int_unseal_v3_iov(krb5_context context,
398 OM_uint32 *minor_status,
399 krb5_gss_ctx_id_rec *ctx,
400 gss_iov_buffer_desc *iov,
403 gss_qop_t *qop_state,
406 gss_iov_buffer_t kg_locate_iov (gss_iov_buffer_desc *iov,
410 gss_iov_buffer_t kg_locate_header_iov(gss_iov_buffer_desc *iov, int iov_count,
413 void kg_iov_msglen(gss_iov_buffer_desc *iov,
416 size_t *assoc_data_length);
418 void kg_release_iov(gss_iov_buffer_desc *iov,
421 krb5_error_code kg_make_checksum_iov_v1(krb5_context context,
423 size_t token_cksum_len,
425 krb5_key enc, /* for conf len */
426 krb5_keyusage sign_usage,
427 gss_iov_buffer_desc *iov,
430 krb5_checksum *checksum);
432 krb5_error_code kg_make_checksum_iov_v3(krb5_context context,
436 krb5_keyusage sign_usage,
437 gss_iov_buffer_desc *iov,
441 krb5_error_code kg_verify_checksum_iov_v3(krb5_context context,
445 krb5_keyusage sign_usage,
446 gss_iov_buffer_desc *iov,
449 krb5_boolean *valid);
451 OM_uint32 kg_seal_iov (OM_uint32 *minor_status,
452 gss_ctx_id_t context_handle,
456 gss_iov_buffer_desc *iov,
460 OM_uint32 kg_unseal_iov (OM_uint32 *minor_status,
461 gss_ctx_id_t context_handle,
463 gss_qop_t *qop_state,
464 gss_iov_buffer_desc *iov,
468 OM_uint32 kg_seal_iov_length(OM_uint32 *minor_status,
469 gss_ctx_id_t context_handle,
473 gss_iov_buffer_desc *iov,
477 krb5_cryptotype kg_translate_flag_iov(OM_uint32 type);
479 OM_uint32 kg_fixup_padding_iov(OM_uint32 *minor_status,
480 gss_iov_buffer_desc *iov,
483 krb5_boolean kg_integ_only_iov(gss_iov_buffer_desc *iov, int iov_count);
485 krb5_error_code kg_allocate_iov(gss_iov_buffer_t iov, size_t size);
488 krb5_to_gss_cred(krb5_context context,
490 krb5_gss_cred_id_t *out_cred);
493 kg_cred_time_to_refresh(krb5_context context, krb5_gss_cred_id_rec *cred);
496 kg_cred_set_initial_refresh(krb5_context context, krb5_gss_cred_id_rec *cred,
497 krb5_ticket_times *times);
500 kg_cred_resolve(OM_uint32 *minor_status, krb5_context context,
501 gss_cred_id_t cred_handle, gss_name_t target_name);
503 /** declarations of internal name mechanism functions **/
505 OM_uint32 KRB5_CALLCONV krb5_gss_acquire_cred
506 (OM_uint32*, /* minor_status */
507 gss_name_t, /* desired_name */
508 OM_uint32, /* time_req */
509 gss_OID_set, /* desired_mechs */
510 gss_cred_usage_t, /* cred_usage */
511 gss_cred_id_t*, /* output_cred_handle */
512 gss_OID_set*, /* actual_mechs */
513 OM_uint32* /* time_rec */
516 OM_uint32 KRB5_CALLCONV iakerb_gss_acquire_cred
517 (OM_uint32*, /* minor_status */
518 gss_name_t, /* desired_name */
519 OM_uint32, /* time_req */
520 gss_OID_set, /* desired_mechs */
521 gss_cred_usage_t, /* cred_usage */
522 gss_cred_id_t*, /* output_cred_handle */
523 gss_OID_set*, /* actual_mechs */
524 OM_uint32* /* time_rec */
527 OM_uint32 KRB5_CALLCONV
528 krb5_gss_acquire_cred_with_password(
529 OM_uint32 *minor_status,
530 const gss_name_t desired_name,
531 const gss_buffer_t password,
533 const gss_OID_set desired_mechs,
535 gss_cred_id_t *output_cred_handle,
536 gss_OID_set *actual_mechs,
537 OM_uint32 *time_rec);
539 OM_uint32 KRB5_CALLCONV
540 iakerb_gss_acquire_cred_with_password(
541 OM_uint32 *minor_status,
542 const gss_name_t desired_name,
543 const gss_buffer_t password,
545 const gss_OID_set desired_mechs,
547 gss_cred_id_t *output_cred_handle,
548 gss_OID_set *actual_mechs,
549 OM_uint32 *time_rec);
551 OM_uint32 KRB5_CALLCONV krb5_gss_release_cred
552 (OM_uint32*, /* minor_status */
553 gss_cred_id_t* /* cred_handle */
556 OM_uint32 KRB5_CALLCONV krb5_gss_init_sec_context
557 (OM_uint32*, /* minor_status */
558 gss_cred_id_t, /* claimant_cred_handle */
559 gss_ctx_id_t*, /* context_handle */
560 gss_name_t, /* target_name */
561 gss_OID, /* mech_type */
562 OM_uint32, /* req_flags */
563 OM_uint32, /* time_req */
564 gss_channel_bindings_t,
565 /* input_chan_bindings */
566 gss_buffer_t, /* input_token */
567 gss_OID*, /* actual_mech_type */
568 gss_buffer_t, /* output_token */
569 OM_uint32*, /* ret_flags */
570 OM_uint32* /* time_rec */
573 OM_uint32 krb5_gss_init_sec_context_ext
574 (OM_uint32*, /* minor_status */
575 gss_cred_id_t, /* claimant_cred_handle */
576 gss_ctx_id_t*, /* context_handle */
577 gss_name_t, /* target_name */
578 gss_OID, /* mech_type */
579 OM_uint32, /* req_flags */
580 OM_uint32, /* time_req */
581 gss_channel_bindings_t,
582 /* input_chan_bindings */
583 gss_buffer_t, /* input_token */
584 gss_OID*, /* actual_mech_type */
585 gss_buffer_t, /* output_token */
586 OM_uint32*, /* ret_flags */
587 OM_uint32*, /* time_rec */
588 krb5_gss_ctx_ext_t /* exts */
592 OM_uint32 KRB5_CALLCONV krb5_gss_accept_sec_context
593 (OM_uint32*, /* minor_status */
594 gss_ctx_id_t*, /* context_handle */
595 gss_cred_id_t, /* verifier_cred_handle */
596 gss_buffer_t, /* input_token_buffer */
597 gss_channel_bindings_t,
598 /* input_chan_bindings */
599 gss_name_t*, /* src_name */
600 gss_OID*, /* mech_type */
601 gss_buffer_t, /* output_token */
602 OM_uint32*, /* ret_flags */
603 OM_uint32*, /* time_rec */
604 gss_cred_id_t* /* delegated_cred_handle */
607 OM_uint32 KRB5_CALLCONV krb5_gss_accept_sec_context_ext
608 (OM_uint32*, /* minor_status */
609 gss_ctx_id_t*, /* context_handle */
610 gss_cred_id_t, /* verifier_cred_handle */
611 gss_buffer_t, /* input_token_buffer */
612 gss_channel_bindings_t,
613 /* input_chan_bindings */
614 gss_name_t*, /* src_name */
615 gss_OID*, /* mech_type */
616 gss_buffer_t, /* output_token */
617 OM_uint32*, /* ret_flags */
618 OM_uint32*, /* time_rec */
619 gss_cred_id_t*, /* delegated_cred_handle */
620 krb5_gss_ctx_ext_t/*exts */
622 #endif /* LEAN_CLIENT */
624 OM_uint32 KRB5_CALLCONV krb5_gss_inquire_sec_context_by_oid
625 (OM_uint32*, /* minor_status */
628 const gss_OID, /* desired_object */
629 gss_buffer_set_t* /* data_set */
632 OM_uint32 KRB5_CALLCONV krb5_gss_set_sec_context_option
633 (OM_uint32*, /* minor_status */
634 gss_ctx_id_t*, /* context_handle */
635 const gss_OID, /* desired_object */
636 const gss_buffer_t/* value */
639 OM_uint32 KRB5_CALLCONV krb5_gss_process_context_token
640 (OM_uint32*, /* minor_status */
641 gss_ctx_id_t, /* context_handle */
642 gss_buffer_t /* token_buffer */
645 OM_uint32 KRB5_CALLCONV krb5_gss_delete_sec_context
646 (OM_uint32*, /* minor_status */
647 gss_ctx_id_t*, /* context_handle */
648 gss_buffer_t /* output_token */
651 OM_uint32 KRB5_CALLCONV krb5_gss_context_time
652 (OM_uint32*, /* minor_status */
653 gss_ctx_id_t, /* context_handle */
654 OM_uint32* /* time_rec */
657 OM_uint32 KRB5_CALLCONV krb5_gss_display_status
658 (OM_uint32*, /* minor_status */
659 OM_uint32, /* status_value */
660 int, /* status_type */
661 gss_OID, /* mech_type */
662 OM_uint32*, /* message_context */
663 gss_buffer_t /* status_string */
666 OM_uint32 KRB5_CALLCONV krb5_gss_indicate_mechs
667 (OM_uint32*, /* minor_status */
668 gss_OID_set* /* mech_set */
671 OM_uint32 KRB5_CALLCONV krb5_gss_compare_name
672 (OM_uint32*, /* minor_status */
673 gss_name_t, /* name1 */
674 gss_name_t, /* name2 */
675 int* /* name_equal */
678 OM_uint32 KRB5_CALLCONV krb5_gss_display_name
679 (OM_uint32*, /* minor_status */
680 gss_name_t, /* input_name */
681 gss_buffer_t, /* output_name_buffer */
682 gss_OID* /* output_name_type */
686 OM_uint32 KRB5_CALLCONV krb5_gss_import_name
687 (OM_uint32*, /* minor_status */
688 gss_buffer_t, /* input_name_buffer */
689 gss_OID, /* input_name_type */
690 gss_name_t* /* output_name */
693 OM_uint32 KRB5_CALLCONV krb5_gss_release_name
694 (OM_uint32*, /* minor_status */
695 gss_name_t* /* input_name */
698 OM_uint32 KRB5_CALLCONV krb5_gss_inquire_cred
699 (OM_uint32 *, /* minor_status */
700 gss_cred_id_t, /* cred_handle */
701 gss_name_t *, /* name */
702 OM_uint32 *, /* lifetime */
703 gss_cred_usage_t*,/* cred_usage */
704 gss_OID_set * /* mechanisms */
707 OM_uint32 KRB5_CALLCONV krb5_gss_inquire_context
708 (OM_uint32*, /* minor_status */
709 gss_ctx_id_t, /* context_handle */
710 gss_name_t*, /* initiator_name */
711 gss_name_t*, /* acceptor_name */
712 OM_uint32*, /* lifetime_rec */
713 gss_OID*, /* mech_type */
714 OM_uint32*, /* ret_flags */
715 int*, /* locally_initiated */
719 /* New V2 entry points */
720 OM_uint32 KRB5_CALLCONV krb5_gss_get_mic
721 (OM_uint32 *, /* minor_status */
722 gss_ctx_id_t, /* context_handle */
723 gss_qop_t, /* qop_req */
724 gss_buffer_t, /* message_buffer */
725 gss_buffer_t /* message_token */
728 OM_uint32 KRB5_CALLCONV krb5_gss_get_mic_iov
729 (OM_uint32 *, /* minor_status */
730 gss_ctx_id_t, /* context_handle */
731 gss_qop_t, /* qop_req */
732 gss_iov_buffer_desc *, /* iov */
736 OM_uint32 KRB5_CALLCONV krb5_gss_get_mic_iov_length
737 (OM_uint32 *, /* minor_status */
738 gss_ctx_id_t, /* context_handle */
739 gss_qop_t, /* qop_req */
740 gss_iov_buffer_desc *, /* iov */
744 OM_uint32 KRB5_CALLCONV krb5_gss_verify_mic
745 (OM_uint32 *, /* minor_status */
746 gss_ctx_id_t, /* context_handle */
747 gss_buffer_t, /* message_buffer */
748 gss_buffer_t, /* message_token */
749 gss_qop_t * /* qop_state */
752 OM_uint32 KRB5_CALLCONV krb5_gss_verify_mic_iov
753 (OM_uint32 *, /* minor_status */
754 gss_ctx_id_t, /* context_handle */
755 gss_qop_t *, /* qop_state */
756 gss_iov_buffer_desc *, /* iov */
760 OM_uint32 KRB5_CALLCONV krb5_gss_wrap
761 (OM_uint32 *, /* minor_status */
762 gss_ctx_id_t, /* context_handle */
763 int, /* conf_req_flag */
764 gss_qop_t, /* qop_req */
765 gss_buffer_t, /* input_message_buffer */
766 int *, /* conf_state */
767 gss_buffer_t /* output_message_buffer */
770 OM_uint32 KRB5_CALLCONV krb5_gss_wrap_iov
771 (OM_uint32 *, /* minor_status */
772 gss_ctx_id_t, /* context_handle */
773 int, /* conf_req_flag */
774 gss_qop_t, /* qop_req */
775 int *, /* conf_state */
776 gss_iov_buffer_desc *, /* iov */
780 OM_uint32 KRB5_CALLCONV krb5_gss_wrap_iov_length
781 (OM_uint32 *, /* minor_status */
782 gss_ctx_id_t, /* context_handle */
783 int, /* conf_req_flag */
784 gss_qop_t, /* qop_req */
785 int *, /* conf_state */
786 gss_iov_buffer_desc *, /* iov */
790 OM_uint32 KRB5_CALLCONV krb5_gss_unwrap
791 (OM_uint32 *, /* minor_status */
792 gss_ctx_id_t, /* context_handle */
793 gss_buffer_t, /* input_message_buffer */
794 gss_buffer_t, /* output_message_buffer */
795 int *, /* conf_state */
796 gss_qop_t * /* qop_state */
799 OM_uint32 KRB5_CALLCONV krb5_gss_unwrap_iov
800 (OM_uint32 *, /* minor_status */
801 gss_ctx_id_t, /* context_handle */
802 int *, /* conf_state */
803 gss_qop_t *, /* qop_state */
804 gss_iov_buffer_desc *, /* iov */
808 OM_uint32 KRB5_CALLCONV krb5_gss_wrap_size_limit
809 (OM_uint32 *, /* minor_status */
810 gss_ctx_id_t, /* context_handle */
811 int, /* conf_req_flag */
812 gss_qop_t, /* qop_req */
813 OM_uint32, /* req_output_size */
814 OM_uint32 * /* max_input_size */
817 OM_uint32 KRB5_CALLCONV krb5_gss_import_name_object
818 (OM_uint32 *, /* minor_status */
819 void *, /* input_name */
820 gss_OID, /* input_name_type */
821 gss_name_t * /* output_name */
824 OM_uint32 KRB5_CALLCONV krb5_gss_export_name_object
825 (OM_uint32 *, /* minor_status */
826 gss_name_t, /* input_name */
827 gss_OID, /* desired_name_type */
828 void * * /* output_name */
831 OM_uint32 KRB5_CALLCONV krb5_gss_inquire_cred_by_mech
832 (OM_uint32 *, /* minor_status */
833 gss_cred_id_t, /* cred_handle */
834 gss_OID, /* mech_type */
835 gss_name_t *, /* name */
836 OM_uint32 *, /* initiator_lifetime */
837 OM_uint32 *, /* acceptor_lifetime */
838 gss_cred_usage_t * /* cred_usage */
841 OM_uint32 KRB5_CALLCONV krb5_gss_export_sec_context
842 (OM_uint32 *, /* minor_status */
843 gss_ctx_id_t *, /* context_handle */
844 gss_buffer_t /* interprocess_token */
847 OM_uint32 KRB5_CALLCONV krb5_gss_import_sec_context
848 (OM_uint32 *, /* minor_status */
849 gss_buffer_t, /* interprocess_token */
850 gss_ctx_id_t * /* context_handle */
852 #endif /* LEAN_CLIENT */
854 krb5_error_code krb5_gss_ser_init(krb5_context);
856 OM_uint32 krb5_gss_release_oid
857 (OM_uint32 *, /* minor_status */
861 OM_uint32 KRB5_CALLCONV krb5_gss_internal_release_oid
862 (OM_uint32 *, /* minor_status */
866 OM_uint32 KRB5_CALLCONV krb5_gss_inquire_names_for_mech
867 (OM_uint32 *, /* minor_status */
868 gss_OID, /* mechanism */
869 gss_OID_set * /* name_types */
872 OM_uint32 krb5_gss_canonicalize_name
873 (OM_uint32 *, /* minor_status */
874 const gss_name_t, /* input_name */
875 const gss_OID, /* mech_type */
876 gss_name_t * /* output_name */
879 OM_uint32 KRB5_CALLCONV krb5_gss_export_name
880 (OM_uint32 *, /* minor_status */
881 const gss_name_t, /* input_name */
882 gss_buffer_t /* exported_name */
885 OM_uint32 KRB5_CALLCONV krb5_gss_duplicate_name
886 (OM_uint32 *, /* minor_status */
887 const gss_name_t, /* input_name */
888 gss_name_t * /* dest_name */
891 OM_uint32 krb5_gss_validate_cred
892 (OM_uint32 *, /* minor_status */
893 gss_cred_id_t /* cred */
896 OM_uint32 KRB5_CALLCONV krb5_gss_acquire_cred_impersonate_name(
897 OM_uint32 *, /* minor_status */
898 const gss_cred_id_t, /* impersonator_cred_handle */
899 const gss_name_t, /* desired_name */
900 OM_uint32, /* time_req */
901 const gss_OID_set, /* desired_mechs */
902 gss_cred_usage_t, /* cred_usage */
903 gss_cred_id_t *, /* output_cred_handle */
904 gss_OID_set *, /* actual_mechs */
905 OM_uint32 *); /* time_rec */
908 krb5_gss_validate_cred_1(OM_uint32 * /* minor_status */,
909 gss_cred_id_t /* cred_handle */,
910 krb5_context /* context */);
912 gss_OID krb5_gss_convert_static_mech_oid(gss_OID oid);
914 krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context,
915 krb5_gss_ctx_id_rec *,
916 const gss_buffer_desc *,
920 OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr,
921 OM_uint32 *minor_status,
922 krb5_gss_ctx_id_rec *ctx,
924 unsigned int bodysize,
925 gss_buffer_t message_buffer,
926 int *conf_state, gss_qop_t *qop_state,
929 int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc);
932 #define KG_INIT_NAME_NO_COPY 0x1
935 kg_init_name(krb5_context context, krb5_principal principal,
936 char *service, char *host, krb5_authdata_context ad_context,
937 krb5_flags flags, krb5_gss_name_t *name);
940 kg_release_name(krb5_context context, krb5_gss_name_t *name);
943 kg_duplicate_name(krb5_context context, const krb5_gss_name_t src,
944 krb5_gss_name_t *dst);
947 kg_compare_name(krb5_context context,
948 krb5_gss_name_t name1,
949 krb5_gss_name_t name2);
952 kg_acceptor_princ(krb5_context context, krb5_gss_name_t name,
953 krb5_principal *princ_out);
955 OM_uint32 KRB5_CALLCONV
956 krb5_gss_display_name_ext(OM_uint32 *minor_status,
958 gss_OID display_as_name_type,
959 gss_buffer_t display_name);
961 OM_uint32 KRB5_CALLCONV
962 krb5_gss_inquire_name(OM_uint32 *minor_status,
966 gss_buffer_set_t *attrs);
968 OM_uint32 KRB5_CALLCONV
969 krb5_gss_get_name_attribute(OM_uint32 *minor_status,
975 gss_buffer_t display_value,
978 OM_uint32 KRB5_CALLCONV
979 krb5_gss_set_name_attribute(OM_uint32 *minor_status,
985 OM_uint32 KRB5_CALLCONV
986 krb5_gss_delete_name_attribute(OM_uint32 *minor_status,
990 OM_uint32 KRB5_CALLCONV
991 krb5_gss_export_name_composite(OM_uint32 *minor_status,
993 gss_buffer_t exp_composite_name);
995 OM_uint32 KRB5_CALLCONV
996 krb5_gss_map_name_to_any(OM_uint32 *minor_status,
999 gss_buffer_t type_id,
1002 OM_uint32 KRB5_CALLCONV
1003 krb5_gss_release_any_name_mapping(OM_uint32 *minor_status,
1005 gss_buffer_t type_id,
1008 OM_uint32 KRB5_CALLCONV
1009 krb5_gss_pseudo_random(OM_uint32 *minor_status,
1010 gss_ctx_id_t context,
1012 const gss_buffer_t prf_in,
1013 ssize_t desired_output_len,
1014 gss_buffer_t prf_out);
1016 OM_uint32 KRB5_CALLCONV
1017 krb5_gss_store_cred(OM_uint32 *minor_status,
1018 gss_cred_id_t input_cred_handle,
1019 gss_cred_usage_t cred_usage,
1020 const gss_OID desired_mech,
1021 OM_uint32 overwrite_cred,
1022 OM_uint32 default_cred,
1023 gss_OID_set *elements_stored,
1024 gss_cred_usage_t *cred_usage_stored);
1026 /* s4u_gss_glue.c */
1028 kg_compose_deleg_cred(OM_uint32 *minor_status,
1029 krb5_gss_cred_id_t impersonator_cred,
1030 krb5_creds *subject_creds,
1032 krb5_gss_cred_id_t *output_cred,
1033 OM_uint32 *time_rec,
1034 krb5_context context);
1037 * These take unglued krb5-mech-specific contexts.
1040 #define GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH 11
1041 #define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01"
1043 OM_uint32 gss_krb5int_get_tkt_flags
1044 (OM_uint32 *minor_status,
1045 const gss_ctx_id_t context_handle,
1046 const gss_OID desired_object,
1047 gss_buffer_set_t *data_set);
1049 #define GSS_KRB5_COPY_CCACHE_OID_LENGTH 11
1050 #define GSS_KRB5_COPY_CCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x02"
1052 OM_uint32 gss_krb5int_copy_ccache
1053 (OM_uint32 *minor_status,
1054 gss_cred_id_t *cred_handle,
1055 const gss_OID desired_oid,
1056 const gss_buffer_t value);
1058 #define GSS_KRB5_CCACHE_NAME_OID_LENGTH 11
1059 #define GSS_KRB5_CCACHE_NAME_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x03"
1061 struct krb5_gss_ccache_name_req {
1063 const char **out_name;
1067 gss_krb5int_ccache_name(OM_uint32 *minor_status, const gss_OID, const gss_OID,
1068 const gss_buffer_t);
1070 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11
1071 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"
1074 gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
1076 #define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH 11
1077 #define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04"
1079 struct krb5_gss_set_allowable_enctypes_req {
1080 OM_uint32 num_ktypes;
1081 krb5_enctype *ktypes;
1085 gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
1086 gss_cred_id_t *cred,
1087 const gss_OID desired_oid,
1088 const gss_buffer_t value);
1090 #define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH 11
1091 #define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06"
1094 gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status,
1095 const gss_ctx_id_t context_handle,
1096 const gss_OID desired_object,
1097 gss_buffer_set_t *data_set);
1099 #define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH 11
1100 #define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07"
1103 gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID,
1104 const gss_OID, gss_buffer_t);
1106 extern k5_mutex_t kg_kdc_flag_mutex;
1107 krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
1109 #define GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH 11
1110 #define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08"
1112 OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID,
1113 const gss_OID, gss_buffer_t);
1115 krb5_error_code krb5_gss_use_kdc_context(void);
1117 #define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH 11
1118 #define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09"
1121 gss_krb5int_register_acceptor_identity(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
1123 #define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 11
1124 #define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0a"
1127 gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
1128 const gss_ctx_id_t context_handle,
1129 const gss_OID desired_object,
1130 gss_buffer_set_t *ad_data);
1132 #define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11
1133 #define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b"
1136 gss_krb5int_set_cred_rcache(OM_uint32 *, gss_cred_id_t *, const gss_OID, const gss_buffer_t);
1138 #define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11
1139 #define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c"
1142 gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *,
1145 gss_buffer_set_t *);
1147 #define GSS_KRB5_IMPORT_CRED_OID_LENGTH 11
1148 #define GSS_KRB5_IMPORT_CRED_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0d"
1150 struct krb5_gss_import_cred_req {
1152 krb5_principal keytab_principal;
1157 gss_krb5int_import_cred(OM_uint32 *minor_status,
1158 gss_cred_id_t *cred,
1159 const gss_OID desired_oid,
1160 const gss_buffer_t value);
1162 #ifdef _GSS_STATIC_LINK
1163 int gss_krb5int_lib_init(void);
1164 void gss_krb5int_lib_fini(void);
1165 #endif /* _GSS_STATIC_LINK */
1167 OM_uint32 gss_krb5int_initialize_library(void);
1168 void gss_krb5int_cleanup_library(void);
1170 /* For error message handling. */
1171 /* Returns a shared string, not a private copy! */
1173 krb5_gss_get_error_message(OM_uint32 minor_code);
1175 krb5_gss_save_error_string(OM_uint32 minor_code, char *msg);
1177 krb5_gss_save_error_message(OM_uint32 minor_code, const char *format, ...)
1178 #if !defined(__cplusplus) && (__GNUC__ > 2)
1179 __attribute__((__format__(__printf__, 2, 3)))
1183 krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx);
1184 #define get_error_message krb5_gss_get_error_message
1185 #define save_error_string krb5_gss_save_error_string
1186 #define save_error_message krb5_gss_save_error_message
1188 /* Error messages aren't needed in the kernel, so reduce dependencies. */
1189 #define save_error_info(x,y)
1191 #define save_error_info krb5_gss_save_error_info
1193 extern void krb5_gss_delete_error_info(void *p);
1195 /* Prefix concatenated with Kerberos encryption type */
1196 #define GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH 10
1197 #define GSS_KRB5_SESSION_KEY_ENCTYPE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04"
1201 OM_uint32 KRB5_CALLCONV
1202 iakerb_gss_init_sec_context(OM_uint32 *minor_status,
1203 gss_cred_id_t claimant_cred_handle,
1204 gss_ctx_id_t *context_handle,
1205 gss_name_t target_name,
1207 OM_uint32 req_flags,
1209 gss_channel_bindings_t input_chan_bindings,
1210 gss_buffer_t input_token,
1211 gss_OID *actual_mech_type,
1212 gss_buffer_t output_token,
1213 OM_uint32 *ret_flags,
1214 OM_uint32 *time_rec);
1216 OM_uint32 KRB5_CALLCONV
1217 iakerb_gss_accept_sec_context(OM_uint32 *minor_status,
1218 gss_ctx_id_t *context_handler,
1219 gss_cred_id_t verifier_cred_handle,
1220 gss_buffer_t input_token,
1221 gss_channel_bindings_t input_chan_bindings,
1222 gss_name_t *src_name,
1224 gss_buffer_t output_token,
1225 OM_uint32 *ret_flags,
1226 OM_uint32 *time_rec,
1227 gss_cred_id_t *delegated_cred_handle);
1229 OM_uint32 KRB5_CALLCONV
1230 iakerb_gss_delete_sec_context(OM_uint32 *minor_status,
1231 gss_ctx_id_t *context_handle,
1232 gss_buffer_t output_token);
1235 iakerb_make_finished(krb5_context context,
1237 const krb5_data *conv,
1238 krb5_data **finished);
1241 iakerb_verify_finished(krb5_context context,
1243 const krb5_data *conv,
1244 const krb5_data *finished);
1247 * Transfer contents of a krb5_data to a gss_buffer and invalidate the source
1248 * On unix, this is a simple pointer copy
1249 * On windows, memory is reallocated and copied.
1251 static inline krb5_error_code
1252 data_to_gss(krb5_data *input_k5data, gss_buffer_t output_buffer)
1254 krb5_error_code code = 0;
1255 output_buffer->length = input_k5data->length;
1256 #if defined(_WIN32) || defined(DEBUG_GSSALLOC)
1257 if (output_buffer->length > 0) {
1258 output_buffer->value = gssalloc_malloc(output_buffer->length);
1259 if (output_buffer->value)
1260 memcpy(output_buffer->value, input_k5data->data, output_buffer->length);
1264 output_buffer->value = NULL;
1266 free(input_k5data->data);
1268 output_buffer->value = input_k5data->data;
1270 *input_k5data = empty_data();
1274 #define KRB5_GSS_EXTS_IAKERB_FINISHED 1
1277 /* Credential store extensions */
1279 #define KRB5_CS_CLI_KEYTAB_URN "client_keytab"
1280 #define KRB5_CS_KEYTAB_URN "keytab"
1281 #define KRB5_CS_CCACHE_URN "ccache"
1282 #define KRB5_CS_RCACHE_URN "rcache"
1285 kg_value_from_cred_store(gss_const_key_value_set_t cred_store,
1286 const char *type, const char **value);
1288 OM_uint32 KRB5_CALLCONV
1289 krb5_gss_acquire_cred_from(
1290 OM_uint32 *, /* minor_status */
1291 const gss_name_t, /* desired_name */
1292 OM_uint32, /* time_req */
1293 const gss_OID_set, /* desired_mechs */
1294 gss_cred_usage_t, /* cred_usage */
1295 gss_const_key_value_set_t, /* cred_store */
1296 gss_cred_id_t *, /* output_cred_handle */
1297 gss_OID_set *, /* actual_mechs */
1298 OM_uint32 *); /* time_rec */
1300 OM_uint32 KRB5_CALLCONV
1301 krb5_gss_store_cred_into(
1302 OM_uint32 *, /* minor_status */
1303 gss_cred_id_t, /* input_cred_handle */
1304 gss_cred_usage_t, /* input_usage */
1305 const gss_OID, /* desired_mech */
1306 OM_uint32, /* overwrite_cred */
1307 OM_uint32, /* default_cred */
1308 gss_const_key_value_set_t, /* cred_store */
1309 gss_OID_set *, /* elements_stored */
1310 gss_cred_usage_t *); /* cred_usage_stored */
1312 OM_uint32 KRB5_CALLCONV
1313 krb5_gss_export_cred(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
1314 gss_buffer_t token);
1316 OM_uint32 KRB5_CALLCONV
1317 krb5_gss_import_cred(OM_uint32 *minor_status, gss_buffer_t token,
1318 gss_cred_id_t *cred_handle);
1320 OM_uint32 KRB5_CALLCONV
1321 iakerb_gss_process_context_token(OM_uint32 *minor_status,
1322 const gss_ctx_id_t context_handle,
1323 const gss_buffer_t token_buffer);
1325 OM_uint32 KRB5_CALLCONV
1326 iakerb_gss_context_time(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
1327 OM_uint32 *time_rec);
1329 OM_uint32 KRB5_CALLCONV
1330 iakerb_gss_inquire_context(OM_uint32 *minor_status,
1331 gss_ctx_id_t context_handle, gss_name_t *src_name,
1332 gss_name_t *targ_name, OM_uint32 *lifetime_rec,
1333 gss_OID *mech_type, OM_uint32 *ctx_flags,
1334 int *locally_initiated, int *opened);
1336 OM_uint32 KRB5_CALLCONV
1337 iakerb_gss_get_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
1338 gss_qop_t qop_req, gss_buffer_t message_buffer,
1339 gss_buffer_t message_token);
1341 OM_uint32 KRB5_CALLCONV
1342 iakerb_gss_get_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
1343 gss_qop_t qop_req, gss_iov_buffer_desc *iov,
1346 OM_uint32 KRB5_CALLCONV
1347 iakerb_gss_get_mic_iov_length(OM_uint32 *minor_status,
1348 gss_ctx_id_t context_handle, gss_qop_t qop_req,
1349 gss_iov_buffer_desc *iov, int iov_count);
1351 OM_uint32 KRB5_CALLCONV
1352 iakerb_gss_verify_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
1353 gss_buffer_t msg_buffer, gss_buffer_t token_buffer,
1354 gss_qop_t *qop_state);
1356 OM_uint32 KRB5_CALLCONV
1357 iakerb_gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
1358 gss_qop_t *qop_state, gss_iov_buffer_desc *iov,
1361 OM_uint32 KRB5_CALLCONV
1362 iakerb_gss_wrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
1363 int conf_req_flag, gss_qop_t qop_req,
1364 gss_buffer_t input_message_buffer, int *conf_state,
1365 gss_buffer_t output_message_buffer);
1367 OM_uint32 KRB5_CALLCONV
1368 iakerb_gss_wrap_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
1369 int conf_req_flag, gss_qop_t qop_req, int *conf_state,
1370 gss_iov_buffer_desc *iov, int iov_count);
1372 OM_uint32 KRB5_CALLCONV
1373 iakerb_gss_wrap_iov_length(OM_uint32 *minor_status,
1374 gss_ctx_id_t context_handle, int conf_req_flag,
1375 gss_qop_t qop_req, int *conf_state,
1376 gss_iov_buffer_desc *iov, int iov_count);
1378 OM_uint32 KRB5_CALLCONV
1379 iakerb_gss_unwrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
1380 gss_buffer_t input_message_buffer,
1381 gss_buffer_t output_message_buffer, int *conf_state,
1382 gss_qop_t *qop_state);
1384 OM_uint32 KRB5_CALLCONV
1385 iakerb_gss_unwrap_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
1386 int *conf_state, gss_qop_t *qop_state,
1387 gss_iov_buffer_desc *iov, int iov_count);
1389 OM_uint32 KRB5_CALLCONV
1390 iakerb_gss_wrap_size_limit(OM_uint32 *minor_status,
1391 gss_ctx_id_t context_handle, int conf_req_flag,
1392 gss_qop_t qop_req, OM_uint32 req_output_size,
1393 OM_uint32 *max_input_size);
1396 OM_uint32 KRB5_CALLCONV
1397 iakerb_gss_export_sec_context(OM_uint32 *minor_status,
1398 gss_ctx_id_t *context_handle,
1399 gss_buffer_t interprocess_token);
1401 OM_uint32 KRB5_CALLCONV
1402 iakerb_gss_import_sec_context(OM_uint32 *minor_status,
1403 const gss_buffer_t interprocess_token,
1404 gss_ctx_id_t *context_handle);
1405 #endif /* LEAN_CLIENT */
1407 OM_uint32 KRB5_CALLCONV
1408 iakerb_gss_inquire_sec_context_by_oid(OM_uint32 *minor_status,
1409 const gss_ctx_id_t context_handle,
1410 const gss_OID desired_object,
1411 gss_buffer_set_t *data_set);
1413 OM_uint32 KRB5_CALLCONV
1414 iakerb_gss_set_sec_context_option(OM_uint32 *minor_status,
1415 gss_ctx_id_t *context_handle,
1416 const gss_OID desired_object,
1417 const gss_buffer_t value);
1419 OM_uint32 KRB5_CALLCONV
1420 iakerb_gss_pseudo_random(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
1421 int prf_key, const gss_buffer_t prf_in,
1422 ssize_t desired_output_len, gss_buffer_t prf_out);
1424 /* Magic string to identify exported krb5 GSS credentials. Increment this if
1425 * the format changes. */
1426 #define CRED_EXPORT_MAGIC "K5C1"
1428 #endif /* _GSSAPIP_KRB5_H_ */