search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix
[heimdal.git] / lib / gssapi / krb5 / gssapi.h
blob22ea0311ee19078204956ca3ad3bd80a2e3d50d8
1 /*
2 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /* $Id$ */
35
36 #ifndef GSSAPI_H_
37 #define GSSAPI_H_
38
39 /*
40 * First, include stddef.h to get size_t defined.
41 */
42 #include <stddef.h>
43
44 #ifdef HAVE_CONFIG_H
45 #include <config.h>
46 #endif
47
48 #include <sys/types.h>
49
50 #include <krb5-types.h>
51
52 /*
53 * Now define the three implementation-dependent types.
54 */
55
56 typedef u_int32_t OM_uint32;
57
58 typedef u_int32_t gss_uint32;
59
60 /*
61 * This is to avoid having to include <krb5.h>
62 */
63
64 struct krb5_auth_context_data;
65
66 struct Principal;
67
68 /* typedef void *gss_name_t; */
69
70 typedef struct Principal *gss_name_t;
71
72 typedef struct gss_ctx_id_t_desc_struct {
73 struct krb5_auth_context_data *auth_context;
74 gss_name_t source, target;
75 OM_uint32 flags;
76 enum { LOCAL = 1, OPEN = 2} more_flags;
77 struct krb5_ticket *ticket;
78 } gss_ctx_id_t_desc;
79
80 typedef gss_ctx_id_t_desc *gss_ctx_id_t;
81
82 typedef struct gss_OID_desc_struct {
83 OM_uint32 length;
84 void *elements;
85 } gss_OID_desc, *gss_OID;
86
87 typedef struct gss_OID_set_desc_struct {
88 size_t count;
89 gss_OID elements;
90 } gss_OID_set_desc, *gss_OID_set;
91
92 struct krb5_keytab_data;
93
94 struct krb5_ccache_data;
95
96 typedef int gss_cred_usage_t;
97
98 typedef struct gss_cred_id_t_desc_struct {
99 gss_name_t principal;
100 struct krb5_keytab_data *keytab;
101 OM_uint32 lifetime;
102 gss_cred_usage_t usage;
103 gss_OID_set mechanisms;
104 struct krb5_ccache_data *ccache;
105 } gss_cred_id_t_desc;
106
107 typedef gss_cred_id_t_desc *gss_cred_id_t;
108
109 typedef struct gss_buffer_desc_struct {
110 size_t length;
111 void *value;
112 } gss_buffer_desc, *gss_buffer_t;
113
114 typedef struct gss_channel_bindings_struct {
115 OM_uint32 initiator_addrtype;
116 gss_buffer_desc initiator_address;
117 OM_uint32 acceptor_addrtype;
118 gss_buffer_desc acceptor_address;
119 gss_buffer_desc application_data;
120 } *gss_channel_bindings_t;
121
122 /*
123 * For now, define a QOP-type as an OM_uint32
124 */
125 typedef OM_uint32 gss_qop_t;
126
127 /*
128 * Flag bits for context-level services.
129 */
130 #define GSS_C_DELEG_FLAG 1
131 #define GSS_C_MUTUAL_FLAG 2
132 #define GSS_C_REPLAY_FLAG 4
133 #define GSS_C_SEQUENCE_FLAG 8
134 #define GSS_C_CONF_FLAG 16
135 #define GSS_C_INTEG_FLAG 32
136 #define GSS_C_ANON_FLAG 64
137 #define GSS_C_PROT_READY_FLAG 128
138 #define GSS_C_TRANS_FLAG 256
139
140 /*
141 * Credential usage options
142 */
143 #define GSS_C_BOTH 0
144 #define GSS_C_INITIATE 1
145 #define GSS_C_ACCEPT 2
146
147 /*
148 * Status code types for gss_display_status
149 */
150 #define GSS_C_GSS_CODE 1
151 #define GSS_C_MECH_CODE 2
152
153 /*
154 * The constant definitions for channel-bindings address families
155 */
156 #define GSS_C_AF_UNSPEC 0
157 #define GSS_C_AF_LOCAL 1
158 #define GSS_C_AF_INET 2
159 #define GSS_C_AF_IMPLINK 3
160 #define GSS_C_AF_PUP 4
161 #define GSS_C_AF_CHAOS 5
162 #define GSS_C_AF_NS 6
163 #define GSS_C_AF_NBS 7
164 #define GSS_C_AF_ECMA 8
165 #define GSS_C_AF_DATAKIT 9
166 #define GSS_C_AF_CCITT 10
167 #define GSS_C_AF_SNA 11
168 #define GSS_C_AF_DECnet 12
169 #define GSS_C_AF_DLI 13
170 #define GSS_C_AF_LAT 14
171 #define GSS_C_AF_HYLINK 15
172 #define GSS_C_AF_APPLETALK 16
173 #define GSS_C_AF_BSC 17
174 #define GSS_C_AF_DSS 18
175 #define GSS_C_AF_OSI 19
176 #define GSS_C_AF_X25 21
177 #define GSS_C_AF_INET6 24
178
179 #define GSS_C_AF_NULLADDR 255
180
181 /*
182 * Various Null values
183 */
184 #define GSS_C_NO_NAME ((gss_name_t) 0)
185 #define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
186 #define GSS_C_NO_OID ((gss_OID) 0)
187 #define GSS_C_NO_OID_SET ((gss_OID_set) 0)
188 #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
189 #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
190 #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
191 #define GSS_C_EMPTY_BUFFER {0, NULL}
192
193 /*
194 * Some alternate names for a couple of the above
195 * values. These are defined for V1 compatibility.
196 */
197 #define GSS_C_NULL_OID GSS_C_NO_OID
198 #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
199
200 /*
201 * Define the default Quality of Protection for per-message
202 * services. Note that an implementation that offers multiple
203 * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
204 * (as done here) to mean "default protection", or to a specific
205 * explicit QOP value. However, a value of 0 should always be
206 * interpreted by a GSSAPI implementation as a request for the
207 * default protection level.
208 */
209 #define GSS_C_QOP_DEFAULT 0
210
211 /*
212 * Expiration time of 2^32-1 seconds means infinite lifetime for a
213 * credential or security context
214 */
215 #define GSS_C_INDEFINITE 0xfffffffful
216
217 /*
218 * The implementation must reserve static storage for a
219 * gss_OID_desc object containing the value
220 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
221 * "\x01\x02\x01\x01"},
222 * corresponding to an object-identifier value of
223 * {iso(1) member-body(2) United States(840) mit(113554)
224 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
225 * GSS_C_NT_USER_NAME should be initialized to point
226 * to that gss_OID_desc.
227 */
228 extern gss_OID GSS_C_NT_USER_NAME;
229
230 /*
231 * The implementation must reserve static storage for a
232 * gss_OID_desc object containing the value
233 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
234 * "\x01\x02\x01\x02"},
235 * corresponding to an object-identifier value of
236 * {iso(1) member-body(2) United States(840) mit(113554)
237 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
238 * The constant GSS_C_NT_MACHINE_UID_NAME should be
239 * initialized to point to that gss_OID_desc.
240 */
241 extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
242
243 /*
244 * The implementation must reserve static storage for a
245 * gss_OID_desc object containing the value
246 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
247 * "\x01\x02\x01\x03"},
248 * corresponding to an object-identifier value of
249 * {iso(1) member-body(2) United States(840) mit(113554)
250 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
251 * The constant GSS_C_NT_STRING_UID_NAME should be
252 * initialized to point to that gss_OID_desc.
253 */
254 extern gss_OID GSS_C_NT_STRING_UID_NAME;
255
256 /*
257 * The implementation must reserve static storage for a
258 * gss_OID_desc object containing the value
259 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
260 * corresponding to an object-identifier value of
261 * {iso(1) org(3) dod(6) internet(1) security(5)
262 * nametypes(6) gss-host-based-services(2)). The constant
263 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
264 * to that gss_OID_desc. This is a deprecated OID value, and
265 * implementations wishing to support hostbased-service names
266 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
267 * defined below, to identify such names;
268 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
269 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
270 * parameter, but should not be emitted by GSS-API
271 * implementations
272 */
273 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
274
275 /*
276 * The implementation must reserve static storage for a
277 * gss_OID_desc object containing the value
278 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
279 * "\x01\x02\x01\x04"}, corresponding to an
280 * object-identifier value of {iso(1) member-body(2)
281 * Unites States(840) mit(113554) infosys(1) gssapi(2)
282 * generic(1) service_name(4)}. The constant
283 * GSS_C_NT_HOSTBASED_SERVICE should be initialized
284 * to point to that gss_OID_desc.
285 */
286 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
287
288 /*
289 * The implementation must reserve static storage for a
290 * gss_OID_desc object containing the value
291 * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
292 * corresponding to an object identifier value of
293 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
294 * 6(nametypes), 3(gss-anonymous-name)}. The constant
295 * and GSS_C_NT_ANONYMOUS should be initialized to point
296 * to that gss_OID_desc.
297 */
298 extern gss_OID GSS_C_NT_ANONYMOUS;
299
300 /*
301 * The implementation must reserve static storage for a
302 * gss_OID_desc object containing the value
303 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
304 * corresponding to an object-identifier value of
305 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
306 * 6(nametypes), 4(gss-api-exported-name)}. The constant
307 * GSS_C_NT_EXPORT_NAME should be initialized to point
308 * to that gss_OID_desc.
309 */
310 extern gss_OID GSS_C_NT_EXPORT_NAME;
311
312 /*
313 * This if for kerberos5 names.
314 */
315
316 extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
317 extern gss_OID GSS_KRB5_NT_USER_NAME;
318 extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
319 extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
320
321 extern gss_OID GSS_KRB5_MECHANISM;
322
323 /* for compatibility with MIT api */
324
325 #define gss_mech_krb5 GSS_KRB5_MECHANISM
326
327 /* Major status codes */
328
329 #define GSS_S_COMPLETE 0
330
331 /*
332 * Some "helper" definitions to make the status code macros obvious.
333 */
334 #define GSS_C_CALLING_ERROR_OFFSET 24
335 #define GSS_C_ROUTINE_ERROR_OFFSET 16
336 #define GSS_C_SUPPLEMENTARY_OFFSET 0
337 #define GSS_C_CALLING_ERROR_MASK 0377ul
338 #define GSS_C_ROUTINE_ERROR_MASK 0377ul
339 #define GSS_C_SUPPLEMENTARY_MASK 0177777ul
340
341 /*
342 * The macros that test status codes for error conditions.
343 * Note that the GSS_ERROR() macro has changed slightly from
344 * the V1 GSSAPI so that it now evaluates its argument
345 * only once.
346 */
347 #define GSS_CALLING_ERROR(x) \
348 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
349 #define GSS_ROUTINE_ERROR(x) \
350 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
351 #define GSS_SUPPLEMENTARY_INFO(x) \
352 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
353 #define GSS_ERROR(x) \
354 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
355 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
356
357 /*
358 * Now the actual status code definitions
359 */
360
361 /*
362 * Calling errors:
363 */
364 #define GSS_S_CALL_INACCESSIBLE_READ \
365 (1ul << GSS_C_CALLING_ERROR_OFFSET)
366 #define GSS_S_CALL_INACCESSIBLE_WRITE \
367 (2ul << GSS_C_CALLING_ERROR_OFFSET)
368 #define GSS_S_CALL_BAD_STRUCTURE \
369 (3ul << GSS_C_CALLING_ERROR_OFFSET)
370
371 /*
372 * Routine errors:
373 */
374 #define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
375 #define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
376 #define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
377
378 #define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
379 #define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
380 #define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
381 #define GSS_S_BAD_MIC GSS_S_BAD_SIG
382 #define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
383 #define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
384 #define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
385 #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
386 #define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
387 #define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
388 #define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
389 #define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
390 #define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
391 #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
392 #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
393 #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
394
395 /*
396 * Supplementary info bits:
397 */
398 #define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
399 #define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
400 #define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
401 #define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
402 #define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
403
404 /*
405 * From RFC1964:
406 *
407 * 4.1.1. Non-Kerberos-specific codes
408 */
409
410 #define GSS_KRB5_S_G_BAD_SERVICE_NAME 1
411 /* "No @ in SERVICE-NAME name string" */
412 #define GSS_KRB5_S_G_BAD_STRING_UID 2
413 /* "STRING-UID-NAME contains nondigits" */
414 #define GSS_KRB5_S_G_NOUSER 3
415 /* "UID does not resolve to username" */
416 #define GSS_KRB5_S_G_VALIDATE_FAILED 4
417 /* "Validation error" */
418 #define GSS_KRB5_S_G_BUFFER_ALLOC 5
419 /* "Couldn't allocate gss_buffer_t data" */
420 #define GSS_KRB5_S_G_BAD_MSG_CTX 6
421 /* "Message context invalid" */
422 #define GSS_KRB5_S_G_WRONG_SIZE 7
423 /* "Buffer is the wrong size" */
424 #define GSS_KRB5_S_G_BAD_USAGE 8
425 /* "Credential usage type is unknown" */
426 #define GSS_KRB5_S_G_UNKNOWN_QOP 9
427 /* "Unknown quality of protection specified" */
428
429 /*
430 * 4.1.2. Kerberos-specific-codes
431 */
432
433 #define GSS_KRB5_S_KG_CCACHE_NOMATCH 10
434 /* "Principal in credential cache does not match desired name" */
435 #define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11
436 /* "No principal in keytab matches desired name" */
437 #define GSS_KRB5_S_KG_TGT_MISSING 12
438 /* "Credential cache has no TGT" */
439 #define GSS_KRB5_S_KG_NO_SUBKEY 13
440 /* "Authenticator has no subkey" */
441 #define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14
442 /* "Context is already fully established" */
443 #define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15
444 /* "Unknown signature type in token" */
445 #define GSS_KRB5_S_KG_BAD_LENGTH 16
446 /* "Invalid field length in token" */
447 #define GSS_KRB5_S_KG_CTX_INCOMPLETE 17
448 /* "Attempt to use incomplete security context" */
449
450 /*
451 * Finally, function prototypes for the GSS-API routines.
452 */
453
454 OM_uint32 gss_acquire_cred
455 (OM_uint32 * minor_status,
456 const gss_name_t desired_name,
457 OM_uint32 time_req,
458 const gss_OID_set desired_mechs,
459 gss_cred_usage_t cred_usage,
460 gss_cred_id_t * output_cred_handle,
461 gss_OID_set * actual_mechs,
462 OM_uint32 * time_rec
463 );
464
465 OM_uint32 gss_release_cred
466 (OM_uint32 * minor_status,
467 gss_cred_id_t * cred_handle
468 );
469
470 OM_uint32 gss_init_sec_context
471 (OM_uint32 * minor_status,
472 const gss_cred_id_t initiator_cred_handle,
473 gss_ctx_id_t * context_handle,
474 const gss_name_t target_name,
475 const gss_OID mech_type,
476 OM_uint32 req_flags,
477 OM_uint32 time_req,
478 const gss_channel_bindings_t input_chan_bindings,
479 const gss_buffer_t input_token,
480 gss_OID * actual_mech_type,
481 gss_buffer_t output_token,
482 OM_uint32 * ret_flags,
483 OM_uint32 * time_rec
484 );
485
486 OM_uint32 gss_accept_sec_context
487 (OM_uint32 * minor_status,
488 gss_ctx_id_t * context_handle,
489 const gss_cred_id_t acceptor_cred_handle,
490 const gss_buffer_t input_token_buffer,
491 const gss_channel_bindings_t input_chan_bindings,
492 gss_name_t * src_name,
493 gss_OID * mech_type,
494 gss_buffer_t output_token,
495 OM_uint32 * ret_flags,
496 OM_uint32 * time_rec,
497 gss_cred_id_t * delegated_cred_handle
498 );
499
500 OM_uint32 gss_process_context_token
501 (OM_uint32 * minor_status,
502 const gss_ctx_id_t context_handle,
503 const gss_buffer_t token_buffer
504 );
505
506 OM_uint32 gss_delete_sec_context
507 (OM_uint32 * minor_status,
508 gss_ctx_id_t * context_handle,
509 gss_buffer_t output_token
510 );
511
512 OM_uint32 gss_context_time
513 (OM_uint32 * minor_status,
514 const gss_ctx_id_t context_handle,
515 OM_uint32 * time_rec
516 );
517
518 OM_uint32 gss_get_mic
519 (OM_uint32 * minor_status,
520 const gss_ctx_id_t context_handle,
521 gss_qop_t qop_req,
522 const gss_buffer_t message_buffer,
523 gss_buffer_t message_token
524 );
525
526 OM_uint32 gss_verify_mic
527 (OM_uint32 * minor_status,
528 const gss_ctx_id_t context_handle,
529 const gss_buffer_t message_buffer,
530 const gss_buffer_t token_buffer,
531 gss_qop_t * qop_state
532 );
533
534 OM_uint32 gss_wrap
535 (OM_uint32 * minor_status,
536 const gss_ctx_id_t context_handle,
537 int conf_req_flag,
538 gss_qop_t qop_req,
539 const gss_buffer_t input_message_buffer,
540 int * conf_state,
541 gss_buffer_t output_message_buffer
542 );
543
544 OM_uint32 gss_unwrap
545 (OM_uint32 * minor_status,
546 const gss_ctx_id_t context_handle,
547 const gss_buffer_t input_message_buffer,
548 gss_buffer_t output_message_buffer,
549 int * conf_state,
550 gss_qop_t * qop_state
551 );
552
553 OM_uint32 gss_display_status
554 (OM_uint32 * minor_status,
555 OM_uint32 status_value,
556 int status_type,
557 const gss_OID mech_type,
558 OM_uint32 * message_context,
559 gss_buffer_t status_string
560 );
561
562 OM_uint32 gss_indicate_mechs
563 (OM_uint32 * minor_status,
564 gss_OID_set * mech_set
565 );
566
567 OM_uint32 gss_compare_name
568 (OM_uint32 * minor_status,
569 const gss_name_t name1,
570 const gss_name_t name2,
571 int * name_equal
572 );
573
574 OM_uint32 gss_display_name
575 (OM_uint32 * minor_status,
576 const gss_name_t input_name,
577 gss_buffer_t output_name_buffer,
578 gss_OID * output_name_type
579 );
580
581 OM_uint32 gss_import_name
582 (OM_uint32 * minor_status,
583 const gss_buffer_t input_name_buffer,
584 const gss_OID input_name_type,
585 gss_name_t * output_name
586 );
587
588 OM_uint32 gss_export_name
589 (OM_uint32 * minor_status,
590 const gss_name_t input_name,
591 gss_buffer_t exported_name
592 );
593
594 OM_uint32 gss_release_name
595 (OM_uint32 * minor_status,
596 gss_name_t * input_name
597 );
598
599 OM_uint32 gss_release_buffer
600 (OM_uint32 * minor_status,
601 gss_buffer_t buffer
602 );
603
604 OM_uint32 gss_release_oid_set
605 (OM_uint32 * minor_status,
606 gss_OID_set * set
607 );
608
609 OM_uint32 gss_inquire_cred
610 (OM_uint32 * minor_status,
611 const gss_cred_id_t cred_handle,
612 gss_name_t * name,
613 OM_uint32 * lifetime,
614 gss_cred_usage_t * cred_usage,
615 gss_OID_set * mechanisms
616 );
617
618 OM_uint32 gss_inquire_context (
619 OM_uint32 * minor_status,
620 const gss_ctx_id_t context_handle,
621 gss_name_t * src_name,
622 gss_name_t * targ_name,
623 OM_uint32 * lifetime_rec,
624 gss_OID * mech_type,
625 OM_uint32 * ctx_flags,
626 int * locally_initiated,
627 int * open
628 );
629
630 OM_uint32 gss_wrap_size_limit (
631 OM_uint32 * minor_status,
632 const gss_ctx_id_t context_handle,
633 int conf_req_flag,
634 gss_qop_t qop_req,
635 OM_uint32 req_output_size,
636 OM_uint32 * max_input_size
637 );
638
639 OM_uint32 gss_add_cred (
640 OM_uint32 * minor_status,
641 const gss_cred_id_t input_cred_handle,
642 const gss_name_t desired_name,
643 const gss_OID desired_mech,
644 gss_cred_usage_t cred_usage,
645 OM_uint32 initiator_time_req,
646 OM_uint32 acceptor_time_req,
647 gss_cred_id_t * output_cred_handle,
648 gss_OID_set * actual_mechs,
649 OM_uint32 * initiator_time_rec,
650 OM_uint32 * acceptor_time_rec
651 );
652
653 OM_uint32 gss_inquire_cred_by_mech (
654 OM_uint32 * minor_status,
655 const gss_cred_id_t cred_handle,
656 const gss_OID mech_type,
657 gss_name_t * name,
658 OM_uint32 * initiator_lifetime,
659 OM_uint32 * acceptor_lifetime,
660 gss_cred_usage_t * cred_usage
661 );
662
663 OM_uint32 gss_export_sec_context (
664 OM_uint32 * minor_status,
665 gss_ctx_id_t * context_handle,
666 gss_buffer_t interprocess_token
667 );
668
669 OM_uint32 gss_import_sec_context (
670 OM_uint32 * minor_status,
671 const gss_buffer_t interprocess_token,
672 gss_ctx_id_t * context_handle
673 );
674
675 OM_uint32 gss_create_empty_oid_set (
676 OM_uint32 * minor_status,
677 gss_OID_set * oid_set
678 );
679
680 OM_uint32 gss_add_oid_set_member (
681 OM_uint32 * minor_status,
682 const gss_OID member_oid,
683 gss_OID_set * oid_set
684 );
685
686 OM_uint32 gss_test_oid_set_member (
687 OM_uint32 * minor_status,
688 const gss_OID member,
689 const gss_OID_set set,
690 int * present
691 );
692
693 OM_uint32 gss_inquire_names_for_mech (
694 OM_uint32 * minor_status,
695 const gss_OID mechanism,
696 gss_OID_set * name_types
697 );
698
699 OM_uint32 gss_inquire_mechs_for_name (
700 OM_uint32 * minor_status,
701 const gss_name_t input_name,
702 gss_OID_set * mech_types
703 );
704
705 OM_uint32 gss_canonicalize_name (
706 OM_uint32 * minor_status,
707 const gss_name_t input_name,
708 const gss_OID mech_type,
709 gss_name_t * output_name
710 );
711
712 OM_uint32 gss_duplicate_name (
713 OM_uint32 * minor_status,
714 const gss_name_t src_name,
715 gss_name_t * dest_name
716 );
717
718 /*
719 * The following routines are obsolete variants of gss_get_mic,
720 * gss_verify_mic, gss_wrap and gss_unwrap. They should be
721 * provided by GSSAPI V2 implementations for backwards
722 * compatibility with V1 applications. Distinct entrypoints
723 * (as opposed to #defines) should be provided, both to allow
724 * GSSAPI V1 applications to link against GSSAPI V2 implementations,
725 * and to retain the slight parameter type differences between the
726 * obsolete versions of these routines and their current forms.
727 */
728
729 OM_uint32 gss_sign
730 (OM_uint32 * minor_status,
731 gss_ctx_id_t context_handle,
732 int qop_req,
733 gss_buffer_t message_buffer,
734 gss_buffer_t message_token
735 );
736
737 OM_uint32 gss_verify
738 (OM_uint32 * minor_status,
739 gss_ctx_id_t context_handle,
740 gss_buffer_t message_buffer,
741 gss_buffer_t token_buffer,
742 int * qop_state
743 );
744
745 OM_uint32 gss_seal
746 (OM_uint32 * minor_status,
747 gss_ctx_id_t context_handle,
748 int conf_req_flag,
749 int qop_req,
750 gss_buffer_t input_message_buffer,
751 int * conf_state,
752 gss_buffer_t output_message_buffer
753 );
754
755 OM_uint32 gss_unseal
756 (OM_uint32 * minor_status,
757 gss_ctx_id_t context_handle,
758 gss_buffer_t input_message_buffer,
759 gss_buffer_t output_message_buffer,
760 int * conf_state,
761 int * qop_state
762 );
763
764 /*
765 * kerberos mechanism specific functions
766 */
767
768 OM_uint32 gsskrb5_register_acceptor_identity
769 (char *identity);
770
771 #endif /* GSSAPI_H_ */
Heimdal