Imported Upstream version 1.15.1
[platform/upstream/krb5.git] / src / lib / gssapi / spnego / gssapiP_spnego.h
1 /*
2  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5
6 #ifndef _GSSAPIP_SPNEGO_H_
7 #define _GSSAPIP_SPNEGO_H_
8
9 /* #pragma ident        "@(#)gssapiP_spnego.h   1.3     03/09/18 SMI" */
10
11 #ifdef  __cplusplus
12 extern "C" {
13 #endif
14
15 #include <gssapi/gssapi.h>
16
17 #define SEC_CONTEXT_TOKEN 1
18 #define SPNEGO_SIZE_OF_INT 4
19
20 #define ACCEPT_COMPLETE 0
21 #define ACCEPT_INCOMPLETE 1
22 #define REJECT 2
23 #define REQUEST_MIC 3
24 #define ACCEPT_DEFECTIVE_TOKEN 0xffffffffUL
25
26 /*
27  * constants for der encoding/decoding routines.
28  */
29
30 #define MECH_OID                0x06
31 #define OCTET_STRING            0x04
32 #define CONTEXT                 0xa0
33 #define SEQUENCE                0x30
34 #define SEQUENCE_OF             0x30
35 #define BIT_STRING              0x03
36 #define BIT_STRING_LENGTH       0x02
37 #define BIT_STRING_PADDING      0x01
38 #define ENUMERATED              0x0a
39 #define ENUMERATION_LENGTH      1
40 #define HEADER_ID               0x60
41 #define GENERAL_STRING          0x1b
42
43 /*
44  * SPNEGO specific error codes (minor status codes)
45  */
46 #define ERR_SPNEGO_NO_MECHS_AVAILABLE           0x20000001
47 #define ERR_SPNEGO_NO_CREDS_ACQUIRED            0x20000002
48 #define ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR        0x20000003
49 #define ERR_SPNEGO_NEGOTIATION_FAILED           0x20000004
50 #define ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR       0x20000005
51
52 /*
53  * send_token_flag is used to indicate in later steps what type
54  * of token, if any should be sent or processed.
55  * NO_TOKEN_SEND = no token should be sent
56  * INIT_TOKEN_SEND = initial token will be sent
57  * CONT_TOKEN_SEND = continuing tokens to be sent
58  * CHECK_MIC = no token to be sent, but have a MIC to check.
59  * ERROR_TOKEN_SEND = error token from peer needs to be sent.
60  */
61
62 typedef enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND,
63                 CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag;
64
65 /*
66  * The Mech OID:
67  * { iso(1) org(3) dod(6) internet(1) security(5)
68  *  mechanism(5) spnego(2) }
69  */
70
71 #define SPNEGO_OID_LENGTH 6
72 #define SPNEGO_OID "\053\006\001\005\005\002"
73
74 typedef void *spnego_token_t;
75
76 /* spnego name structure for internal representation. */
77 typedef struct {
78         gss_OID type;
79         gss_buffer_t buffer;
80         gss_OID mech_type;
81         gss_name_t      mech_name;
82 } spnego_name_desc, *spnego_name_t;
83
84 /* Structure for credential */
85 typedef struct {
86         gss_cred_id_t mcred;    /* mechglue union of obtainable creds */
87         gss_OID_set neg_mechs;  /* app-specified list of allowable mechs */
88         int no_ask_integ;       /* do not request integ from mechs */
89 } spnego_gss_cred_id_rec, *spnego_gss_cred_id_t;
90
91 /* Structure for context handle */
92 typedef struct {
93         OM_uint32       magic_num;
94         gss_buffer_desc DER_mechTypes;
95         gss_OID_set mech_set;
96         gss_OID internal_mech;  /* alias into mech_set->elements */
97         gss_ctx_id_t ctx_handle;
98         int mic_reqd;
99         int mic_sent;
100         int mic_rcvd;
101         int firstpass;
102         int mech_complete;
103         int nego_done;
104         int initiate;
105         int opened;
106         OM_uint32 ctx_flags;
107         gss_name_t internal_name;
108         gss_OID actual_mech;
109 } spnego_gss_ctx_id_rec, *spnego_gss_ctx_id_t;
110
111 /*
112  * The magic number must be less than a standard pagesize
113  * to avoid a possible collision with a real address.
114  */
115 #define SPNEGO_MAGIC_ID  0x00000fed
116
117 /* SPNEGO oid declarations */
118 extern const gss_OID_desc * const gss_mech_spnego;
119 extern const gss_OID_set_desc * const gss_mech_set_spnego;
120
121 #if defined(DEBUG) && defined(HAVE_SYSLOG_H)
122 #include <syslog.h>
123 #define dsyslog(a) syslog(LOG_DEBUG, a)
124 #else
125 #define dsyslog(a)
126 #define SPNEGO_STATIC
127 #endif  /* DEBUG */
128
129 /*
130  * declarations of internal name mechanism functions
131  */
132
133 OM_uint32 KRB5_CALLCONV spnego_gss_acquire_cred
134 (
135         OM_uint32 *,            /* minor_status */
136         gss_name_t,             /* desired_name */
137         OM_uint32,              /* time_req */
138         gss_OID_set,            /* desired_mechs */
139         gss_cred_usage_t,       /* cred_usage */
140         gss_cred_id_t *,        /* output_cred_handle */
141         gss_OID_set *,          /* actual_mechs */
142         OM_uint32 *             /* time_rec */
143 );
144
145 OM_uint32 KRB5_CALLCONV spnego_gss_release_cred
146 (
147         OM_uint32 *,            /* minor_status */
148         /* CSTYLED */
149         gss_cred_id_t   *       /* cred_handle */
150 );
151
152 OM_uint32 KRB5_CALLCONV spnego_gss_init_sec_context
153 (
154         OM_uint32 *,            /* minor_status */
155         gss_cred_id_t,          /* claimant_cred_handle */
156         gss_ctx_id_t *,         /* context_handle */
157         gss_name_t,             /* target_name */
158         gss_OID,                /* mech_type */
159         OM_uint32,              /* req_flags */
160         OM_uint32,              /* time_req */
161         gss_channel_bindings_t, /* input_chan_bindings */
162         gss_buffer_t,           /* input_token */
163         gss_OID *,              /* actual_mech_type */
164         gss_buffer_t,           /* output_token */
165         OM_uint32 *,            /* ret_flags */
166         OM_uint32 *             /* time_rec */
167 );
168
169 #ifndef LEAN_CLIENT
170 OM_uint32 KRB5_CALLCONV spnego_gss_accept_sec_context
171 (
172         OM_uint32 *,            /* minor_status */
173         gss_ctx_id_t *,         /* context_handle */
174         gss_cred_id_t,          /* verifier_cred_handle */
175         gss_buffer_t,           /* input_token_buffer */
176         gss_channel_bindings_t, /* input_chan_bindings */
177         gss_name_t *,           /* src_name */
178         gss_OID *,              /* mech_type */
179         gss_buffer_t,           /* output_token */
180         OM_uint32 *,            /* ret_flags */
181         OM_uint32 *,            /* time_rec */
182         /* CSTYLED */
183         gss_cred_id_t *         /* delegated_cred_handle */
184 );
185 #endif /* LEAN_CLIENT */
186
187 OM_uint32 KRB5_CALLCONV spnego_gss_compare_name
188 (
189         OM_uint32 *,            /* minor_status */
190         const gss_name_t,       /* name1 */
191         const gss_name_t,       /* name2 */
192         int *                   /* name_equal */
193 );
194
195 OM_uint32 KRB5_CALLCONV spnego_gss_display_name
196 (
197         OM_uint32 *,            /* minor_status */
198         gss_name_t,             /*  input_name */
199         gss_buffer_t,           /*  output_name_buffer */
200         gss_OID *               /* output_name_type */
201 );
202
203 OM_uint32 KRB5_CALLCONV spnego_gss_display_status
204 (
205         OM_uint32 *,            /* minor_status */
206         OM_uint32,              /* status_value */
207         int,                    /* status_type */
208         gss_OID,                /* mech_type */
209         OM_uint32 *,            /* message_context */
210         gss_buffer_t            /* status_string */
211 );
212
213 OM_uint32 KRB5_CALLCONV spnego_gss_import_name
214 (
215         OM_uint32 *,            /* minor_status */
216         gss_buffer_t,           /* input_name_buffer */
217         gss_OID,                /* input_name_type */
218         /* CSTYLED */
219         gss_name_t *            /* output_name */
220 );
221
222 OM_uint32 KRB5_CALLCONV spnego_gss_release_name
223 (
224         OM_uint32 *,            /* minor_status */
225         /* CSTYLED */
226         gss_name_t *            /* input_name */
227 );
228
229 OM_uint32 KRB5_CALLCONV spnego_gss_duplicate_name
230 (
231         OM_uint32 *,            /* minor_status */
232         /* CSTYLED */
233         const gss_name_t,       /* input_name */
234         gss_name_t *            /* output_name */
235 );
236
237 OM_uint32 KRB5_CALLCONV spnego_gss_inquire_cred
238 (
239         OM_uint32 *,            /* minor_status */
240         gss_cred_id_t,          /* cred_handle */
241         gss_name_t *,           /* name */
242         OM_uint32 *,            /* lifetime */
243         int *,                  /* cred_usage */
244         gss_OID_set *           /* mechanisms */
245 );
246
247 OM_uint32 KRB5_CALLCONV spnego_gss_inquire_names_for_mech
248 (
249         OM_uint32 *,            /* minor_status */
250         gss_OID,                /* mechanism */
251         gss_OID_set *           /* name_types */
252 );
253
254 OM_uint32 KRB5_CALLCONV spnego_gss_unwrap
255 (
256         OM_uint32 *minor_status,
257         gss_ctx_id_t context_handle,
258         gss_buffer_t input_message_buffer,
259         gss_buffer_t output_message_buffer,
260         int *conf_state,
261         gss_qop_t *qop_state
262 );
263
264 OM_uint32 KRB5_CALLCONV spnego_gss_wrap
265 (
266         OM_uint32 *minor_status,
267         gss_ctx_id_t context_handle,
268         int conf_req_flag,
269         gss_qop_t qop_req,
270         gss_buffer_t input_message_buffer,
271         int *conf_state,
272         gss_buffer_t output_message_buffer
273 );
274
275 OM_uint32 KRB5_CALLCONV spnego_gss_process_context_token
276 (
277         OM_uint32       *minor_status,
278         const gss_ctx_id_t context_handle,
279         const gss_buffer_t token_buffer
280 );
281
282 OM_uint32 KRB5_CALLCONV spnego_gss_delete_sec_context
283 (
284         OM_uint32 *minor_status,
285         gss_ctx_id_t *context_handle,
286         gss_buffer_t output_token
287 );
288
289 OM_uint32 KRB5_CALLCONV spnego_gss_context_time
290 (
291         OM_uint32       *minor_status,
292         const gss_ctx_id_t context_handle,
293         OM_uint32       *time_rec
294 );
295 #ifndef LEAN_CLIENT
296 OM_uint32 KRB5_CALLCONV spnego_gss_export_sec_context
297 (
298         OM_uint32       *minor_status,
299         gss_ctx_id_t    *context_handle,
300         gss_buffer_t    interprocess_token
301 );
302
303 OM_uint32 KRB5_CALLCONV spnego_gss_import_sec_context
304 (
305         OM_uint32               *minor_status,
306         const gss_buffer_t      interprocess_token,
307         gss_ctx_id_t            *context_handle
308 );
309 #endif /* LEAN_CLIENT */
310
311 OM_uint32 KRB5_CALLCONV spnego_gss_inquire_context
312 (
313         OM_uint32       *minor_status,
314         const gss_ctx_id_t context_handle,
315         gss_name_t      *src_name,
316         gss_name_t      *targ_name,
317         OM_uint32       *lifetime_rec,
318         gss_OID         *mech_type,
319         OM_uint32       *ctx_flags,
320         int             *locally_initiated,
321         int             *opened
322 );
323
324 OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit
325 (
326         OM_uint32       *minor_status,
327         const gss_ctx_id_t context_handle,
328         int             conf_req_flag,
329         gss_qop_t       qop_req,
330         OM_uint32       req_output_size,
331         OM_uint32       *max_input_size
332 );
333
334 OM_uint32 KRB5_CALLCONV spnego_gss_get_mic
335 (
336         OM_uint32 *minor_status,
337         const gss_ctx_id_t context_handle,
338         gss_qop_t qop_req,
339         const gss_buffer_t message_buffer,
340         gss_buffer_t message_token
341 );
342
343 OM_uint32 KRB5_CALLCONV spnego_gss_verify_mic
344 (
345         OM_uint32 *minor_status,
346         const gss_ctx_id_t context_handle,
347         const gss_buffer_t msg_buffer,
348         const gss_buffer_t token_buffer,
349         gss_qop_t *qop_state
350 );
351
352 OM_uint32 KRB5_CALLCONV
353 spnego_gss_inquire_sec_context_by_oid
354 (
355         OM_uint32 *minor_status,
356         const gss_ctx_id_t context_handle,
357         const gss_OID desired_object,
358         gss_buffer_set_t *data_set
359 );
360
361 OM_uint32 KRB5_CALLCONV
362 spnego_gss_inquire_cred_by_oid
363 (
364         OM_uint32 *minor_status,
365         const gss_cred_id_t cred_handle,
366         const gss_OID desired_object,
367         gss_buffer_set_t *data_set
368 );
369
370 OM_uint32 KRB5_CALLCONV
371 spnego_gss_set_cred_option
372 (
373         OM_uint32 *minor_status,
374         gss_cred_id_t *cred_handle,
375         const gss_OID desired_object,
376         const gss_buffer_t value
377 );
378
379 OM_uint32 KRB5_CALLCONV
380 spnego_gss_set_sec_context_option
381 (
382         OM_uint32 *minor_status,
383         gss_ctx_id_t *context_handle,
384         const gss_OID desired_object,
385         const gss_buffer_t value
386 );
387
388 #ifdef _GSS_STATIC_LINK
389 int gss_spnegoint_lib_init(void);
390 void gss_spnegoint_lib_fini(void);
391 #else
392 gss_mechanism KRB5_CALLCONV gss_mech_initialize(void);
393 #endif /* _GSS_STATIC_LINK */
394
395 OM_uint32 KRB5_CALLCONV spnego_gss_wrap_aead
396 (
397         OM_uint32 *minor_status,
398         gss_ctx_id_t context_handle,
399         int conf_req_flag,
400         gss_qop_t qop_req,
401         gss_buffer_t input_assoc_buffer,
402         gss_buffer_t input_payload_buffer,
403         int *conf_state,
404         gss_buffer_t output_message_buffer
405 );
406
407 OM_uint32 KRB5_CALLCONV spnego_gss_unwrap_aead
408 (
409         OM_uint32 *minor_status,
410         gss_ctx_id_t context_handle,
411         gss_buffer_t input_message_buffer,
412         gss_buffer_t input_assoc_buffer,
413         gss_buffer_t output_payload_buffer,
414         int *conf_state,
415         gss_qop_t *qop_state
416 );
417
418 OM_uint32 KRB5_CALLCONV spnego_gss_wrap_iov
419 (
420         OM_uint32 *minor_status,
421         gss_ctx_id_t context_handle,
422         int conf_req_flag,
423         gss_qop_t qop_req,
424         int *conf_state,
425         gss_iov_buffer_desc *iov,
426         int iov_count
427 );
428
429 OM_uint32 KRB5_CALLCONV spnego_gss_unwrap_iov
430 (
431         OM_uint32 *minor_status,
432         gss_ctx_id_t context_handle,
433         int *conf_state,
434         gss_qop_t *qop_state,
435         gss_iov_buffer_desc *iov,
436         int iov_count
437 );
438
439 OM_uint32 KRB5_CALLCONV spnego_gss_wrap_iov_length
440 (
441         OM_uint32 *minor_status,
442         gss_ctx_id_t context_handle,
443         int conf_req_flag,
444         gss_qop_t qop_req,
445         int *conf_state,
446         gss_iov_buffer_desc *iov,
447         int iov_count
448 );
449
450 OM_uint32 KRB5_CALLCONV
451 spnego_gss_complete_auth_token
452 (
453         OM_uint32 *minor_status,
454         const gss_ctx_id_t context_handle,
455         gss_buffer_t input_message_buffer
456 );
457
458 OM_uint32 KRB5_CALLCONV
459 spnego_gss_acquire_cred_impersonate_name(
460     OM_uint32 *,            /* minor_status */
461     const gss_cred_id_t,    /* impersonator_cred_handle */
462     const gss_name_t,       /* desired_name */
463     OM_uint32,              /* time_req */
464     const gss_OID_set,      /* desired_mechs */
465     gss_cred_usage_t,       /* cred_usage */
466     gss_cred_id_t *,        /* output_cred_handle */
467     gss_OID_set *,          /* actual_mechs */
468     OM_uint32 *);           /* time_rec */
469
470 OM_uint32 KRB5_CALLCONV
471 spnego_gss_acquire_cred_with_password(
472     OM_uint32 *minor_status,
473     const gss_name_t desired_name,
474     const gss_buffer_t password,
475     OM_uint32 time_req,
476     const gss_OID_set desired_mechs,
477     gss_cred_usage_t cred_usage,
478     gss_cred_id_t *output_cred_handle,
479     gss_OID_set *actual_mechs,
480     OM_uint32 *time_rec);
481
482 OM_uint32 KRB5_CALLCONV
483 spnego_gss_display_name_ext
484 (
485         OM_uint32 *minor_status,
486         gss_name_t name,
487         gss_OID display_as_name_type,
488         gss_buffer_t display_name
489 );
490
491 OM_uint32 KRB5_CALLCONV
492 spnego_gss_inquire_name
493 (
494         OM_uint32 *minor_status,
495         gss_name_t name,
496         int *name_is_MN,
497         gss_OID *MN_mech,
498         gss_buffer_set_t *attrs
499 );
500
501 OM_uint32 KRB5_CALLCONV
502 spnego_gss_get_name_attribute
503 (
504         OM_uint32 *minor_status,
505         gss_name_t name,
506         gss_buffer_t attr,
507         int *authenticated,
508         int *complete,
509         gss_buffer_t value,
510         gss_buffer_t display_value,
511         int *more
512 );
513
514 OM_uint32 KRB5_CALLCONV
515 spnego_gss_set_name_attribute
516 (
517         OM_uint32 *minor_status,
518         gss_name_t name,
519         int complete,
520         gss_buffer_t attr,
521         gss_buffer_t value
522 );
523
524 OM_uint32 KRB5_CALLCONV
525 spnego_gss_delete_name_attribute
526 (
527         OM_uint32 *minor_status,
528         gss_name_t name,
529         gss_buffer_t attr
530 );
531
532 OM_uint32 KRB5_CALLCONV
533 spnego_gss_export_name_composite
534 (
535         OM_uint32 *minor_status,
536         gss_name_t name,
537         gss_buffer_t exp_composite_name
538 );
539
540 OM_uint32 KRB5_CALLCONV
541 spnego_gss_map_name_to_any
542 (
543         OM_uint32 *minor_status,
544         gss_name_t name,
545         int authenticated,
546         gss_buffer_t type_id,
547         gss_any_t *output
548 );
549
550 OM_uint32 KRB5_CALLCONV
551 spnego_gss_release_any_name_mapping
552 (
553         OM_uint32 *minor_status,
554         gss_name_t name,
555         gss_buffer_t type_id,
556         gss_any_t *input
557 );
558
559 OM_uint32 KRB5_CALLCONV
560 spnego_gss_pseudo_random
561 (
562         OM_uint32 *minor_status,
563         gss_ctx_id_t context,
564         int prf_key,
565         const gss_buffer_t prf_in,
566         ssize_t desired_output_len,
567         gss_buffer_t prf_out
568 );
569
570 OM_uint32 KRB5_CALLCONV
571 spnego_gss_set_neg_mechs
572 (
573         OM_uint32 *minor_status,
574         gss_cred_id_t cred_handle,
575         const gss_OID_set mech_list
576 );
577
578 OM_uint32 KRB5_CALLCONV
579 spnego_gss_inquire_mech_for_saslname
580 (
581         OM_uint32 *minor_status,
582         const gss_buffer_t sasl_mech_name,
583         gss_OID *mech_type
584 );
585
586 OM_uint32 KRB5_CALLCONV
587 spnego_gss_inquire_saslname_for_mech
588 (
589         OM_uint32 *minor_status,
590         const gss_OID desired_mech,
591         gss_buffer_t sasl_mech_name,
592         gss_buffer_t mech_name,
593         gss_buffer_t mech_description
594 );
595
596 OM_uint32 KRB5_CALLCONV
597 spnego_gss_inquire_attrs_for_mech
598 (
599         OM_uint32 *minor_status,
600         gss_const_OID mech,
601         gss_OID_set *mech_attrs,
602         gss_OID_set *known_mech_attrs
603 );
604
605 OM_uint32 KRB5_CALLCONV
606 spnego_gss_acquire_cred_from
607 (
608         OM_uint32 *minor_status,
609         const gss_name_t desired_name,
610         OM_uint32 time_req,
611         const gss_OID_set desired_mechs,
612         gss_cred_usage_t cred_usage,
613         gss_const_key_value_set_t cred_store,
614         gss_cred_id_t *output_cred_handle,
615         gss_OID_set *actual_mechs,
616         OM_uint32 *time_rec
617 );
618
619 OM_uint32 KRB5_CALLCONV
620 spnego_gss_export_cred(
621         OM_uint32 *minor_status,
622         gss_cred_id_t cred_handle,
623         gss_buffer_t token
624 );
625
626 OM_uint32 KRB5_CALLCONV
627 spnego_gss_import_cred(
628         OM_uint32 *minor_status,
629         gss_buffer_t token,
630         gss_cred_id_t *cred_handle
631 );
632
633 OM_uint32 KRB5_CALLCONV
634 spnego_gss_get_mic_iov(
635         OM_uint32 *minor_status,
636         gss_ctx_id_t context_handle,
637         gss_qop_t qop_req,
638         gss_iov_buffer_desc *iov,
639         int iov_count
640 );
641
642 OM_uint32 KRB5_CALLCONV
643 spnego_gss_verify_mic_iov(
644         OM_uint32 *minor_status,
645         gss_ctx_id_t context_handle,
646         gss_qop_t *qop_state,
647         gss_iov_buffer_desc *iov,
648         int iov_count
649 );
650
651 OM_uint32 KRB5_CALLCONV
652 spnego_gss_get_mic_iov_length(
653         OM_uint32 *minor_status,
654         gss_ctx_id_t context_handle,
655         gss_qop_t qop_req,
656         gss_iov_buffer_desc *iov,
657         int iov_count
658 );
659
660 #ifdef  __cplusplus
661 }
662 #endif
663
664 #endif /* _GSSAPIP_SPNEGO_H_ */