src/lib/gssapi/spnego/gssapiP_spnego.h

   1 /*
   2  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5
   6 #ifndef _GSSAPIP_SPNEGO_H_
   7 #define _GSSAPIP_SPNEGO_H_
   8
   9 /* #pragma ident        "@(#)gssapiP_spnego.h   1.3     03/09/18 SMI" */
  10
  11 #ifdef  __cplusplus
  12 extern "C" {
  13 #endif
  14
  15 #include <gssapi/gssapi.h>
  16
  17 #define SEC_CONTEXT_TOKEN 1
  18 #define SPNEGO_SIZE_OF_INT 4
  19
  20 #define ACCEPT_COMPLETE 0
  21 #define ACCEPT_INCOMPLETE 1
  22 #define REJECT 2
  23 #define REQUEST_MIC 3
  24 #define ACCEPT_DEFECTIVE_TOKEN 0xffffffffUL
  25
  26 /*
  27  * constants for der encoding/decoding routines.
  28  */
  29
  30 #define MECH_OID                0x06
  31 #define OCTET_STRING            0x04
  32 #define CONTEXT                 0xa0
  33 #define SEQUENCE                0x30
  34 #define SEQUENCE_OF             0x30
  35 #define BIT_STRING              0x03
  36 #define BIT_STRING_LENGTH       0x02
  37 #define BIT_STRING_PADDING      0x01
  38 #define ENUMERATED              0x0a
  39 #define ENUMERATION_LENGTH      1
  40 #define HEADER_ID               0x60
  41 #define GENERAL_STRING          0x1b
  42
  43 /*
  44  * SPNEGO specific error codes (minor status codes)
  45  */
  46 #define ERR_SPNEGO_NO_MECHS_AVAILABLE           0x20000001
  47 #define ERR_SPNEGO_NO_CREDS_ACQUIRED            0x20000002
  48 #define ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR        0x20000003
  49 #define ERR_SPNEGO_NEGOTIATION_FAILED           0x20000004
  50 #define ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR       0x20000005
  51
  52 /*
  53  * send_token_flag is used to indicate in later steps what type
  54  * of token, if any should be sent or processed.
  55  * NO_TOKEN_SEND = no token should be sent
  56  * INIT_TOKEN_SEND = initial token will be sent
  57  * CONT_TOKEN_SEND = continuing tokens to be sent
  58  * CHECK_MIC = no token to be sent, but have a MIC to check.
  59  * ERROR_TOKEN_SEND = error token from peer needs to be sent.
  60  */
  61
  62 typedef enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND,
  63                 CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag;
  64
  65 /*
  66  * The Mech OID:
  67  * { iso(1) org(3) dod(6) internet(1) security(5)
  68  *  mechanism(5) spnego(2) }
  69  */
  70
  71 #define SPNEGO_OID_LENGTH 6
  72 #define SPNEGO_OID "\053\006\001\005\005\002"
  73
  74 typedef void *spnego_token_t;
  75
  76 /* spnego name structure for internal representation. */
  77 typedef struct {
  78         gss_OID type;
  79         gss_buffer_t buffer;
  80         gss_OID mech_type;
  81         gss_name_t      mech_name;
  82 } spnego_name_desc, *spnego_name_t;
  83
  84 /* Structure for credential */
  85 typedef struct {
  86         gss_cred_id_t mcred;    /* mechglue union of obtainable creds */
  87         gss_OID_set neg_mechs;  /* app-specified list of allowable mechs */
  88         int no_ask_integ;       /* do not request integ from mechs */
  89 } spnego_gss_cred_id_rec, *spnego_gss_cred_id_t;
  90
  91 /* Structure for context handle */
  92 typedef struct {
  93         OM_uint32       magic_num;
  94         gss_buffer_desc DER_mechTypes;
  95         gss_OID_set mech_set;
  96         gss_OID internal_mech;  /* alias into mech_set->elements */
  97         gss_ctx_id_t ctx_handle;
  98         int mic_reqd;
  99         int mic_sent;
 100         int mic_rcvd;
 101         int firstpass;
 102         int mech_complete;
 103         int nego_done;
 104         int initiate;
 105         int opened;
 106         OM_uint32 ctx_flags;
 107         gss_name_t internal_name;
 108         gss_OID actual_mech;
 109 } spnego_gss_ctx_id_rec, *spnego_gss_ctx_id_t;
 110
 111 /*
 112  * The magic number must be less than a standard pagesize
 113  * to avoid a possible collision with a real address.
 114  */
 115 #define SPNEGO_MAGIC_ID  0x00000fed
 116
 117 /* SPNEGO oid declarations */
 118 extern const gss_OID_desc * const gss_mech_spnego;
 119 extern const gss_OID_set_desc * const gss_mech_set_spnego;
 120
 121 #if defined(DEBUG) && defined(HAVE_SYSLOG_H)
 122 #include <syslog.h>
 123 #define dsyslog(a) syslog(LOG_DEBUG, a)
 124 #else
 125 #define dsyslog(a)
 126 #define SPNEGO_STATIC
 127 #endif  /* DEBUG */
 128
 129 /*
 130  * declarations of internal name mechanism functions
 131  */
 132
 133 OM_uint32 KRB5_CALLCONV spnego_gss_acquire_cred
 134 (
 135         OM_uint32 *,            /* minor_status */
 136         gss_name_t,             /* desired_name */
 137         OM_uint32,              /* time_req */
 138         gss_OID_set,            /* desired_mechs */
 139         gss_cred_usage_t,       /* cred_usage */
 140         gss_cred_id_t *,        /* output_cred_handle */
 141         gss_OID_set *,          /* actual_mechs */
 142         OM_uint32 *             /* time_rec */
 143 );
 144
 145 OM_uint32 KRB5_CALLCONV spnego_gss_release_cred
 146 (
 147         OM_uint32 *,            /* minor_status */
 148         /* CSTYLED */
 149         gss_cred_id_t   *       /* cred_handle */
 150 );
 151
 152 OM_uint32 KRB5_CALLCONV spnego_gss_init_sec_context
 153 (
 154         OM_uint32 *,            /* minor_status */
 155         gss_cred_id_t,          /* claimant_cred_handle */
 156         gss_ctx_id_t *,         /* context_handle */
 157         gss_name_t,             /* target_name */
 158         gss_OID,                /* mech_type */
 159         OM_uint32,              /* req_flags */
 160         OM_uint32,              /* time_req */
 161         gss_channel_bindings_t, /* input_chan_bindings */
 162         gss_buffer_t,           /* input_token */
 163         gss_OID *,              /* actual_mech_type */
 164         gss_buffer_t,           /* output_token */
 165         OM_uint32 *,            /* ret_flags */
 166         OM_uint32 *             /* time_rec */
 167 );
 168
 169 #ifndef LEAN_CLIENT
 170 OM_uint32 KRB5_CALLCONV spnego_gss_accept_sec_context
 171 (
 172         OM_uint32 *,            /* minor_status */
 173         gss_ctx_id_t *,         /* context_handle */
 174         gss_cred_id_t,          /* verifier_cred_handle */
 175         gss_buffer_t,           /* input_token_buffer */
 176         gss_channel_bindings_t, /* input_chan_bindings */
 177         gss_name_t *,           /* src_name */
 178         gss_OID *,              /* mech_type */
 179         gss_buffer_t,           /* output_token */
 180         OM_uint32 *,            /* ret_flags */
 181         OM_uint32 *,            /* time_rec */
 182         /* CSTYLED */
 183         gss_cred_id_t *         /* delegated_cred_handle */
 184 );
 185 #endif /* LEAN_CLIENT */
 186
 187 OM_uint32 KRB5_CALLCONV spnego_gss_compare_name
 188 (
 189         OM_uint32 *,            /* minor_status */
 190         const gss_name_t,       /* name1 */
 191         const gss_name_t,       /* name2 */
 192         int *                   /* name_equal */
 193 );
 194
 195 OM_uint32 KRB5_CALLCONV spnego_gss_display_name
 196 (
 197         OM_uint32 *,            /* minor_status */
 198         gss_name_t,             /*  input_name */
 199         gss_buffer_t,           /*  output_name_buffer */
 200         gss_OID *               /* output_name_type */
 201 );
 202
 203 OM_uint32 KRB5_CALLCONV spnego_gss_display_status
 204 (
 205         OM_uint32 *,            /* minor_status */
 206         OM_uint32,              /* status_value */
 207         int,                    /* status_type */
 208         gss_OID,                /* mech_type */
 209         OM_uint32 *,            /* message_context */
 210         gss_buffer_t            /* status_string */
 211 );
 212
 213 OM_uint32 KRB5_CALLCONV spnego_gss_import_name
 214 (
 215         OM_uint32 *,            /* minor_status */
 216         gss_buffer_t,           /* input_name_buffer */
 217         gss_OID,                /* input_name_type */
 218         /* CSTYLED */
 219         gss_name_t *            /* output_name */
 220 );
 221
 222 OM_uint32 KRB5_CALLCONV spnego_gss_release_name
 223 (
 224         OM_uint32 *,            /* minor_status */
 225         /* CSTYLED */
 226         gss_name_t *            /* input_name */
 227 );
 228
 229 OM_uint32 KRB5_CALLCONV spnego_gss_duplicate_name
 230 (
 231         OM_uint32 *,            /* minor_status */
 232         /* CSTYLED */
 233         const gss_name_t,       /* input_name */
 234         gss_name_t *            /* output_name */
 235 );
 236
 237 OM_uint32 KRB5_CALLCONV spnego_gss_inquire_cred
 238 (
 239         OM_uint32 *,            /* minor_status */
 240         gss_cred_id_t,          /* cred_handle */
 241         gss_name_t *,           /* name */
 242         OM_uint32 *,            /* lifetime */
 243         int *,                  /* cred_usage */
 244         gss_OID_set *           /* mechanisms */
 245 );
 246
 247 OM_uint32 KRB5_CALLCONV spnego_gss_inquire_names_for_mech
 248 (
 249         OM_uint32 *,            /* minor_status */
 250         gss_OID,                /* mechanism */
 251         gss_OID_set *           /* name_types */
 252 );
 253
 254 OM_uint32 KRB5_CALLCONV spnego_gss_unwrap
 255 (
 256         OM_uint32 *minor_status,
 257         gss_ctx_id_t context_handle,
 258         gss_buffer_t input_message_buffer,
 259         gss_buffer_t output_message_buffer,
 260         int *conf_state,
 261         gss_qop_t *qop_state
 262 );
 263
 264 OM_uint32 KRB5_CALLCONV spnego_gss_wrap
 265 (
 266         OM_uint32 *minor_status,
 267         gss_ctx_id_t context_handle,
 268         int conf_req_flag,
 269         gss_qop_t qop_req,
 270         gss_buffer_t input_message_buffer,
 271         int *conf_state,
 272         gss_buffer_t output_message_buffer
 273 );
 274
 275 OM_uint32 KRB5_CALLCONV spnego_gss_process_context_token
 276 (
 277         OM_uint32       *minor_status,
 278         const gss_ctx_id_t context_handle,
 279         const gss_buffer_t token_buffer
 280 );
 281
 282 OM_uint32 KRB5_CALLCONV spnego_gss_delete_sec_context
 283 (
 284         OM_uint32 *minor_status,
 285         gss_ctx_id_t *context_handle,
 286         gss_buffer_t output_token
 287 );
 288
 289 OM_uint32 KRB5_CALLCONV spnego_gss_context_time
 290 (
 291         OM_uint32       *minor_status,
 292         const gss_ctx_id_t context_handle,
 293         OM_uint32       *time_rec
 294 );
 295 #ifndef LEAN_CLIENT
 296 OM_uint32 KRB5_CALLCONV spnego_gss_export_sec_context
 297 (
 298         OM_uint32       *minor_status,
 299         gss_ctx_id_t    *context_handle,
 300         gss_buffer_t    interprocess_token
 301 );
 302
 303 OM_uint32 KRB5_CALLCONV spnego_gss_import_sec_context
 304 (
 305         OM_uint32               *minor_status,
 306         const gss_buffer_t      interprocess_token,
 307         gss_ctx_id_t            *context_handle
 308 );
 309 #endif /* LEAN_CLIENT */
 310
 311 OM_uint32 KRB5_CALLCONV spnego_gss_inquire_context
 312 (
 313         OM_uint32       *minor_status,
 314         const gss_ctx_id_t context_handle,
 315         gss_name_t      *src_name,
 316         gss_name_t      *targ_name,
 317         OM_uint32       *lifetime_rec,
 318         gss_OID         *mech_type,
 319         OM_uint32       *ctx_flags,
 320         int             *locally_initiated,
 321         int             *opened
 322 );
 323
 324 OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit
 325 (
 326         OM_uint32       *minor_status,
 327         const gss_ctx_id_t context_handle,
 328         int             conf_req_flag,
 329         gss_qop_t       qop_req,
 330         OM_uint32       req_output_size,
 331         OM_uint32       *max_input_size
 332 );
 333
 334 OM_uint32 KRB5_CALLCONV spnego_gss_get_mic
 335 (
 336         OM_uint32 *minor_status,
 337         const gss_ctx_id_t context_handle,
 338         gss_qop_t qop_req,
 339         const gss_buffer_t message_buffer,
 340         gss_buffer_t message_token
 341 );
 342
 343 OM_uint32 KRB5_CALLCONV spnego_gss_verify_mic
 344 (
 345         OM_uint32 *minor_status,
 346         const gss_ctx_id_t context_handle,
 347         const gss_buffer_t msg_buffer,
 348         const gss_buffer_t token_buffer,
 349         gss_qop_t *qop_state
 350 );
 351
 352 OM_uint32 KRB5_CALLCONV
 353 spnego_gss_inquire_sec_context_by_oid
 354 (
 355         OM_uint32 *minor_status,
 356         const gss_ctx_id_t context_handle,
 357         const gss_OID desired_object,
 358         gss_buffer_set_t *data_set
 359 );
 360
 361 OM_uint32 KRB5_CALLCONV
 362 spnego_gss_inquire_cred_by_oid
 363 (
 364         OM_uint32 *minor_status,
 365         const gss_cred_id_t cred_handle,
 366         const gss_OID desired_object,
 367         gss_buffer_set_t *data_set
 368 );
 369
 370 OM_uint32 KRB5_CALLCONV
 371 spnego_gss_set_cred_option
 372 (
 373         OM_uint32 *minor_status,
 374         gss_cred_id_t *cred_handle,
 375         const gss_OID desired_object,
 376         const gss_buffer_t value
 377 );
 378
 379 OM_uint32 KRB5_CALLCONV
 380 spnego_gss_set_sec_context_option
 381 (
 382         OM_uint32 *minor_status,
 383         gss_ctx_id_t *context_handle,
 384         const gss_OID desired_object,
 385         const gss_buffer_t value
 386 );
 387
 388 #ifdef _GSS_STATIC_LINK
 389 int gss_spnegoint_lib_init(void);
 390 void gss_spnegoint_lib_fini(void);
 391 #else
 392 gss_mechanism KRB5_CALLCONV gss_mech_initialize(void);
 393 #endif /* _GSS_STATIC_LINK */
 394
 395 OM_uint32 KRB5_CALLCONV spnego_gss_wrap_aead
 396 (
 397         OM_uint32 *minor_status,
 398         gss_ctx_id_t context_handle,
 399         int conf_req_flag,
 400         gss_qop_t qop_req,
 401         gss_buffer_t input_assoc_buffer,
 402         gss_buffer_t input_payload_buffer,
 403         int *conf_state,
 404         gss_buffer_t output_message_buffer
 405 );
 406
 407 OM_uint32 KRB5_CALLCONV spnego_gss_unwrap_aead
 408 (
 409         OM_uint32 *minor_status,
 410         gss_ctx_id_t context_handle,
 411         gss_buffer_t input_message_buffer,
 412         gss_buffer_t input_assoc_buffer,
 413         gss_buffer_t output_payload_buffer,
 414         int *conf_state,
 415         gss_qop_t *qop_state
 416 );
 417
 418 OM_uint32 KRB5_CALLCONV spnego_gss_wrap_iov
 419 (
 420         OM_uint32 *minor_status,
 421         gss_ctx_id_t context_handle,
 422         int conf_req_flag,
 423         gss_qop_t qop_req,
 424         int *conf_state,
 425         gss_iov_buffer_desc *iov,
 426         int iov_count
 427 );
 428
 429 OM_uint32 KRB5_CALLCONV spnego_gss_unwrap_iov
 430 (
 431         OM_uint32 *minor_status,
 432         gss_ctx_id_t context_handle,
 433         int *conf_state,
 434         gss_qop_t *qop_state,
 435         gss_iov_buffer_desc *iov,
 436         int iov_count
 437 );
 438
 439 OM_uint32 KRB5_CALLCONV spnego_gss_wrap_iov_length
 440 (
 441         OM_uint32 *minor_status,
 442         gss_ctx_id_t context_handle,
 443         int conf_req_flag,
 444         gss_qop_t qop_req,
 445         int *conf_state,
 446         gss_iov_buffer_desc *iov,
 447         int iov_count
 448 );
 449
 450 OM_uint32 KRB5_CALLCONV
 451 spnego_gss_complete_auth_token
 452 (
 453         OM_uint32 *minor_status,
 454         const gss_ctx_id_t context_handle,
 455         gss_buffer_t input_message_buffer
 456 );
 457
 458 OM_uint32 KRB5_CALLCONV
 459 spnego_gss_acquire_cred_impersonate_name(
 460     OM_uint32 *,            /* minor_status */
 461     const gss_cred_id_t,    /* impersonator_cred_handle */
 462     const gss_name_t,       /* desired_name */
 463     OM_uint32,              /* time_req */
 464     const gss_OID_set,      /* desired_mechs */
 465     gss_cred_usage_t,       /* cred_usage */
 466     gss_cred_id_t *,        /* output_cred_handle */
 467     gss_OID_set *,          /* actual_mechs */
 468     OM_uint32 *);           /* time_rec */
 469
 470 OM_uint32 KRB5_CALLCONV
 471 spnego_gss_acquire_cred_with_password(
 472     OM_uint32 *minor_status,
 473     const gss_name_t desired_name,
 474     const gss_buffer_t password,
 475     OM_uint32 time_req,
 476     const gss_OID_set desired_mechs,
 477     gss_cred_usage_t cred_usage,
 478     gss_cred_id_t *output_cred_handle,
 479     gss_OID_set *actual_mechs,
 480     OM_uint32 *time_rec);
 481
 482 OM_uint32 KRB5_CALLCONV
 483 spnego_gss_display_name_ext
 484 (
 485         OM_uint32 *minor_status,
 486         gss_name_t name,
 487         gss_OID display_as_name_type,
 488         gss_buffer_t display_name
 489 );
 490
 491 OM_uint32 KRB5_CALLCONV
 492 spnego_gss_inquire_name
 493 (
 494         OM_uint32 *minor_status,
 495         gss_name_t name,
 496         int *name_is_MN,
 497         gss_OID *MN_mech,
 498         gss_buffer_set_t *attrs
 499 );
 500
 501 OM_uint32 KRB5_CALLCONV
 502 spnego_gss_get_name_attribute
 503 (
 504         OM_uint32 *minor_status,
 505         gss_name_t name,
 506         gss_buffer_t attr,
 507         int *authenticated,
 508         int *complete,
 509         gss_buffer_t value,
 510         gss_buffer_t display_value,
 511         int *more
 512 );
 513
 514 OM_uint32 KRB5_CALLCONV
 515 spnego_gss_set_name_attribute
 516 (
 517         OM_uint32 *minor_status,
 518         gss_name_t name,
 519         int complete,
 520         gss_buffer_t attr,
 521         gss_buffer_t value
 522 );
 523
 524 OM_uint32 KRB5_CALLCONV
 525 spnego_gss_delete_name_attribute
 526 (
 527         OM_uint32 *minor_status,
 528         gss_name_t name,
 529         gss_buffer_t attr
 530 );
 531
 532 OM_uint32 KRB5_CALLCONV
 533 spnego_gss_export_name_composite
 534 (
 535         OM_uint32 *minor_status,
 536         gss_name_t name,
 537         gss_buffer_t exp_composite_name
 538 );
 539
 540 OM_uint32 KRB5_CALLCONV
 541 spnego_gss_map_name_to_any
 542 (
 543         OM_uint32 *minor_status,
 544         gss_name_t name,
 545         int authenticated,
 546         gss_buffer_t type_id,
 547         gss_any_t *output
 548 );
 549
 550 OM_uint32 KRB5_CALLCONV
 551 spnego_gss_release_any_name_mapping
 552 (
 553         OM_uint32 *minor_status,
 554         gss_name_t name,
 555         gss_buffer_t type_id,
 556         gss_any_t *input
 557 );
 558
 559 OM_uint32 KRB5_CALLCONV
 560 spnego_gss_pseudo_random
 561 (
 562         OM_uint32 *minor_status,
 563         gss_ctx_id_t context,
 564         int prf_key,
 565         const gss_buffer_t prf_in,
 566         ssize_t desired_output_len,
 567         gss_buffer_t prf_out
 568 );
 569
 570 OM_uint32 KRB5_CALLCONV
 571 spnego_gss_set_neg_mechs
 572 (
 573         OM_uint32 *minor_status,
 574         gss_cred_id_t cred_handle,
 575         const gss_OID_set mech_list
 576 );
 577
 578 OM_uint32 KRB5_CALLCONV
 579 spnego_gss_inquire_mech_for_saslname
 580 (
 581         OM_uint32 *minor_status,
 582         const gss_buffer_t sasl_mech_name,
 583         gss_OID *mech_type
 584 );
 585
 586 OM_uint32 KRB5_CALLCONV
 587 spnego_gss_inquire_saslname_for_mech
 588 (
 589         OM_uint32 *minor_status,
 590         const gss_OID desired_mech,
 591         gss_buffer_t sasl_mech_name,
 592         gss_buffer_t mech_name,
 593         gss_buffer_t mech_description
 594 );
 595
 596 OM_uint32 KRB5_CALLCONV
 597 spnego_gss_inquire_attrs_for_mech
 598 (
 599         OM_uint32 *minor_status,
 600         gss_const_OID mech,
 601         gss_OID_set *mech_attrs,
 602         gss_OID_set *known_mech_attrs
 603 );
 604
 605 OM_uint32 KRB5_CALLCONV
 606 spnego_gss_acquire_cred_from
 607 (
 608         OM_uint32 *minor_status,
 609         const gss_name_t desired_name,
 610         OM_uint32 time_req,
 611         const gss_OID_set desired_mechs,
 612         gss_cred_usage_t cred_usage,
 613         gss_const_key_value_set_t cred_store,
 614         gss_cred_id_t *output_cred_handle,
 615         gss_OID_set *actual_mechs,
 616         OM_uint32 *time_rec
 617 );
 618
 619 OM_uint32 KRB5_CALLCONV
 620 spnego_gss_export_cred(
 621         OM_uint32 *minor_status,
 622         gss_cred_id_t cred_handle,
 623         gss_buffer_t token
 624 );
 625
 626 OM_uint32 KRB5_CALLCONV
 627 spnego_gss_import_cred(
 628         OM_uint32 *minor_status,
 629         gss_buffer_t token,
 630         gss_cred_id_t *cred_handle
 631 );
 632
 633 OM_uint32 KRB5_CALLCONV
 634 spnego_gss_get_mic_iov(
 635         OM_uint32 *minor_status,
 636         gss_ctx_id_t context_handle,
 637         gss_qop_t qop_req,
 638         gss_iov_buffer_desc *iov,
 639         int iov_count
 640 );
 641
 642 OM_uint32 KRB5_CALLCONV
 643 spnego_gss_verify_mic_iov(
 644         OM_uint32 *minor_status,
 645         gss_ctx_id_t context_handle,
 646         gss_qop_t *qop_state,
 647         gss_iov_buffer_desc *iov,
 648         int iov_count
 649 );
 650
 651 OM_uint32 KRB5_CALLCONV
 652 spnego_gss_get_mic_iov_length(
 653         OM_uint32 *minor_status,
 654         gss_ctx_id_t context_handle,
 655         gss_qop_t qop_req,
 656         gss_iov_buffer_desc *iov,
 657         int iov_count
 658 );
 659
 660 #ifdef  __cplusplus
 661 }
 662 #endif
 663
 664 #endif /* _GSSAPIP_SPNEGO_H_ */