search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*** empty log message ***
[heimdal.git] / lib / gssapi / krb5 / gssapi.h
blob95bcbf5a8fb9b50c89cf99be9f295e999e262a2c
1 /*
2 * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /* $Id$ */
35
36 #ifndef GSSAPI_H_
37 #define GSSAPI_H_
38
39 /*
40 * First, include stddef.h to get size_t defined.
41 */
42 #include <stddef.h>
43
44 #ifdef HAVE_CONFIG_H
45 #include <config.h>
46 #endif
47
48 #include <sys/types.h>
49
50 #include <krb5-types.h>
51
52 /*
53 * Now define the three implementation-dependent types.
54 */
55
56 typedef u_int32_t OM_uint32;
57
58 /*
59 * This is to avoid having to include <krb5.h>
60 */
61
62 struct krb5_auth_context_data;
63
64 struct Principal;
65
66 /* typedef void *gss_name_t; */
67
68 typedef struct Principal *gss_name_t;
69
70 typedef struct gss_ctx_id_t_desc_struct {
71 struct krb5_auth_context_data *auth_context;
72 gss_name_t source, target;
73 OM_uint32 flags;
74 enum { LOCAL = 1, OPEN = 2} more_flags;
75 struct krb5_ticket *ticket;
76 } gss_ctx_id_t_desc;
77
78 typedef gss_ctx_id_t_desc *gss_ctx_id_t;
79
80 typedef struct gss_OID_desc_struct {
81 OM_uint32 length;
82 void *elements;
83 } gss_OID_desc, *gss_OID;
84
85 typedef struct gss_OID_set_desc_struct {
86 size_t count;
87 gss_OID elements;
88 } gss_OID_set_desc, *gss_OID_set;
89
90 struct krb5_keytab_data;
91
92 typedef int gss_cred_usage_t;
93
94 typedef struct gss_cred_id_t_desc_struct {
95 gss_name_t principal;
96 struct krb5_keytab_data *keytab;
97 OM_uint32 lifetime;
98 gss_cred_usage_t usage;
99 gss_OID_set mechanisms;
100 } gss_cred_id_t_desc;
101
102 typedef gss_cred_id_t_desc *gss_cred_id_t;
103
104 typedef struct gss_buffer_desc_struct {
105 size_t length;
106 void *value;
107 } gss_buffer_desc, *gss_buffer_t;
108
109 typedef struct gss_channel_bindings_struct {
110 OM_uint32 initiator_addrtype;
111 gss_buffer_desc initiator_address;
112 OM_uint32 acceptor_addrtype;
113 gss_buffer_desc acceptor_address;
114 gss_buffer_desc application_data;
115 } *gss_channel_bindings_t;
116
117 /*
118 * For now, define a QOP-type as an OM_uint32
119 */
120 typedef OM_uint32 gss_qop_t;
121
122 /*
123 * Flag bits for context-level services.
124 */
125 #define GSS_C_DELEG_FLAG 1
126 #define GSS_C_MUTUAL_FLAG 2
127 #define GSS_C_REPLAY_FLAG 4
128 #define GSS_C_SEQUENCE_FLAG 8
129 #define GSS_C_CONF_FLAG 16
130 #define GSS_C_INTEG_FLAG 32
131 #define GSS_C_ANON_FLAG 64
132 #define GSS_C_PROT_READY_FLAG 128
133 #define GSS_C_TRANS_FLAG 256
134
135 /*
136 * Credential usage options
137 */
138 #define GSS_C_BOTH 0
139 #define GSS_C_INITIATE 1
140 #define GSS_C_ACCEPT 2
141
142 /*
143 * Status code types for gss_display_status
144 */
145 #define GSS_C_GSS_CODE 1
146 #define GSS_C_MECH_CODE 2
147
148 /*
149 * The constant definitions for channel-bindings address families
150 */
151 #define GSS_C_AF_UNSPEC 0
152 #define GSS_C_AF_LOCAL 1
153 #define GSS_C_AF_INET 2
154 #define GSS_C_AF_IMPLINK 3
155 #define GSS_C_AF_PUP 4
156 #define GSS_C_AF_CHAOS 5
157 #define GSS_C_AF_NS 6
158 #define GSS_C_AF_NBS 7
159 #define GSS_C_AF_ECMA 8
160 #define GSS_C_AF_DATAKIT 9
161 #define GSS_C_AF_CCITT 10
162 #define GSS_C_AF_SNA 11
163 #define GSS_C_AF_DECnet 12
164 #define GSS_C_AF_DLI 13
165 #define GSS_C_AF_LAT 14
166 #define GSS_C_AF_HYLINK 15
167 #define GSS_C_AF_APPLETALK 16
168 #define GSS_C_AF_BSC 17
169 #define GSS_C_AF_DSS 18
170 #define GSS_C_AF_OSI 19
171 #define GSS_C_AF_X25 21
172 #define GSS_C_AF_INET6 24
173
174 #define GSS_C_AF_NULLADDR 255
175
176 /*
177 * Various Null values
178 */
179 #define GSS_C_NO_NAME ((gss_name_t) 0)
180 #define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
181 #define GSS_C_NO_OID ((gss_OID) 0)
182 #define GSS_C_NO_OID_SET ((gss_OID_set) 0)
183 #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
184 #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
185 #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
186 #define GSS_C_EMPTY_BUFFER {0, NULL}
187
188 /*
189 * Some alternate names for a couple of the above
190 * values. These are defined for V1 compatibility.
191 */
192 #define GSS_C_NULL_OID GSS_C_NO_OID
193 #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
194
195 /*
196 * Define the default Quality of Protection for per-message
197 * services. Note that an implementation that offers multiple
198 * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
199 * (as done here) to mean "default protection", or to a specific
200 * explicit QOP value. However, a value of 0 should always be
201 * interpreted by a GSSAPI implementation as a request for the
202 * default protection level.
203 */
204 #define GSS_C_QOP_DEFAULT 0
205
206 /*
207 * Expiration time of 2^32-1 seconds means infinite lifetime for a
208 * credential or security context
209 */
210 #define GSS_C_INDEFINITE 0xfffffffful
211
212 /*
213 * The implementation must reserve static storage for a
214 * gss_OID_desc object containing the value
215 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
216 * "\x01\x02\x01\x01"},
217 * corresponding to an object-identifier value of
218 * {iso(1) member-body(2) United States(840) mit(113554)
219 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
220 * GSS_C_NT_USER_NAME should be initialized to point
221 * to that gss_OID_desc.
222 */
223 extern gss_OID GSS_C_NT_USER_NAME;
224
225 /*
226 * The implementation must reserve static storage for a
227 * gss_OID_desc object containing the value
228 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
229 * "\x01\x02\x01\x02"},
230 * corresponding to an object-identifier value of
231 * {iso(1) member-body(2) United States(840) mit(113554)
232 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
233 * The constant GSS_C_NT_MACHINE_UID_NAME should be
234 * initialized to point to that gss_OID_desc.
235 */
236 extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
237
238 /*
239 * The implementation must reserve static storage for a
240 * gss_OID_desc object containing the value
241 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
242 * "\x01\x02\x01\x03"},
243 * corresponding to an object-identifier value of
244 * {iso(1) member-body(2) United States(840) mit(113554)
245 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
246 * The constant GSS_C_NT_STRING_UID_NAME should be
247 * initialized to point to that gss_OID_desc.
248 */
249 extern gss_OID GSS_C_NT_STRING_UID_NAME;
250
251 /*
252 * The implementation must reserve static storage for a
253 * gss_OID_desc object containing the value
254 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
255 * corresponding to an object-identifier value of
256 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
257 * 6(nametypes), 2(gss-host-based-services)}. The constant
258 * GSS_C_NT_HOSTBASED_SERVICE should be initialized to point
259 * to that gss_OID_desc.
260 */
261 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
262
263 /*
264 * The implementation must reserve static storage for a
265 * gss_OID_desc object containing the value
266 * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
267 * corresponding to an object identifier value of
268 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
269 * 6(nametypes), 3(gss-anonymous-name)}. The constant
270 * and GSS_C_NT_ANONYMOUS should be initialized to point
271 * to that gss_OID_desc.
272 */
273 extern gss_OID GSS_C_NT_ANONYMOUS;
274
275 /*
276 * The implementation must reserve static storage for a
277 * gss_OID_desc object containing the value
278 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
279 * corresponding to an object-identifier value of
280 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
281 * 6(nametypes), 4(gss-api-exported-name)}. The constant
282 * GSS_C_NT_EXPORT_NAME should be initialized to point
283 * to that gss_OID_desc.
284 */
285 extern gss_OID GSS_C_NT_EXPORT_NAME;
286
287 /*
288 * This if for kerberos5 names.
289 */
290
291 extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
292 extern gss_OID GSS_KRB5_NT_USER_NAME;
293 extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
294 extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
295
296 extern gss_OID GSS_KRB5_MECHANISM;
297
298 /* Major status codes */
299
300 #define GSS_S_COMPLETE 0
301
302 /*
303 * Some "helper" definitions to make the status code macros obvious.
304 */
305 #define GSS_C_CALLING_ERROR_OFFSET 24
306 #define GSS_C_ROUTINE_ERROR_OFFSET 16
307 #define GSS_C_SUPPLEMENTARY_OFFSET 0
308 #define GSS_C_CALLING_ERROR_MASK 0377ul
309 #define GSS_C_ROUTINE_ERROR_MASK 0377ul
310 #define GSS_C_SUPPLEMENTARY_MASK 0177777ul
311
312 /*
313 * The macros that test status codes for error conditions.
314 * Note that the GSS_ERROR() macro has changed slightly from
315 * the V1 GSSAPI so that it now evaluates its argument
316 * only once.
317 */
318 #define GSS_CALLING_ERROR(x) \
319 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
320 #define GSS_ROUTINE_ERROR(x) \
321 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
322 #define GSS_SUPPLEMENTARY_INFO(x) \
323 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
324 #define GSS_ERROR(x) \
325 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
326 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
327
328 /*
329 * Now the actual status code definitions
330 */
331
332 /*
333 * Calling errors:
334 */
335 #define GSS_S_CALL_INACCESSIBLE_READ \
336 (1ul << GSS_C_CALLING_ERROR_OFFSET)
337 #define GSS_S_CALL_INACCESSIBLE_WRITE \
338 (2ul << GSS_C_CALLING_ERROR_OFFSET)
339 #define GSS_S_CALL_BAD_STRUCTURE \
340 (3ul << GSS_C_CALLING_ERROR_OFFSET)
341
342 /*
343 * Routine errors:
344 */
345 #define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
346 #define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
347 #define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
348
349 #define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
350 #define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
351 #define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
352 #define GSS_S_BAD_MIC GSS_S_BAD_SIG
353 #define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
354 #define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
355 #define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
356 #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
357 #define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
358 #define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
359 #define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
360 #define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
361 #define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
362 #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
363 #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
364 #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
365
366 /*
367 * Supplementary info bits:
368 */
369 #define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
370 #define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
371 #define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
372 #define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
373 #define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
374
375 /*
376 * From RFC1964:
377 *
378 * 4.1.1. Non-Kerberos-specific codes
379 */
380
381 #define GSS_KRB5_S_G_BAD_SERVICE_NAME 1
382 /* "No @ in SERVICE-NAME name string" */
383 #define GSS_KRB5_S_G_BAD_STRING_UID 2
384 /* "STRING-UID-NAME contains nondigits" */
385 #define GSS_KRB5_S_G_NOUSER 3
386 /* "UID does not resolve to username" */
387 #define GSS_KRB5_S_G_VALIDATE_FAILED 4
388 /* "Validation error" */
389 #define GSS_KRB5_S_G_BUFFER_ALLOC 5
390 /* "Couldn't allocate gss_buffer_t data" */
391 #define GSS_KRB5_S_G_BAD_MSG_CTX 6
392 /* "Message context invalid" */
393 #define GSS_KRB5_S_G_WRONG_SIZE 7
394 /* "Buffer is the wrong size" */
395 #define GSS_KRB5_S_G_BAD_USAGE 8
396 /* "Credential usage type is unknown" */
397 #define GSS_KRB5_S_G_UNKNOWN_QOP 9
398 /* "Unknown quality of protection specified" */
399
400 /*
401 * 4.1.2. Kerberos-specific-codes
402 */
403
404 #define GSS_KRB5_S_KG_CCACHE_NOMATCH 10
405 /* "Principal in credential cache does not match desired name" */
406 #define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11
407 /* "No principal in keytab matches desired name" */
408 #define GSS_KRB5_S_KG_TGT_MISSING 12
409 /* "Credential cache has no TGT" */
410 #define GSS_KRB5_S_KG_NO_SUBKEY 13
411 /* "Authenticator has no subkey" */
412 #define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14
413 /* "Context is already fully established" */
414 #define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15
415 /* "Unknown signature type in token" */
416 #define GSS_KRB5_S_KG_BAD_LENGTH 16
417 /* "Invalid field length in token" */
418 #define GSS_KRB5_S_KG_CTX_INCOMPLETE 17
419 /* "Attempt to use incomplete security context" */
420
421 /*
422 * Finally, function prototypes for the GSS-API routines.
423 */
424
425 OM_uint32 gss_acquire_cred
426 (OM_uint32 * minor_status,
427 const gss_name_t desired_name,
428 OM_uint32 time_req,
429 const gss_OID_set desired_mechs,
430 gss_cred_usage_t cred_usage,
431 gss_cred_id_t * output_cred_handle,
432 gss_OID_set * actual_mechs,
433 OM_uint32 * time_rec
434 );
435
436 OM_uint32 gss_release_cred
437 (OM_uint32 * minor_status,
438 gss_cred_id_t * cred_handle
439 );
440
441 OM_uint32 gss_init_sec_context
442 (OM_uint32 * minor_status,
443 const gss_cred_id_t initiator_cred_handle,
444 gss_ctx_id_t * context_handle,
445 const gss_name_t target_name,
446 const gss_OID mech_type,
447 OM_uint32 req_flags,
448 OM_uint32 time_req,
449 const gss_channel_bindings_t input_chan_bindings,
450 const gss_buffer_t input_token,
451 gss_OID * actual_mech_type,
452 gss_buffer_t output_token,
453 OM_uint32 * ret_flags,
454 OM_uint32 * time_rec
455 );
456
457 OM_uint32 gss_accept_sec_context
458 (OM_uint32 * minor_status,
459 gss_ctx_id_t * context_handle,
460 const gss_cred_id_t acceptor_cred_handle,
461 const gss_buffer_t input_token_buffer,
462 const gss_channel_bindings_t input_chan_bindings,
463 gss_name_t * src_name,
464 gss_OID * mech_type,
465 gss_buffer_t output_token,
466 OM_uint32 * ret_flags,
467 OM_uint32 * time_rec,
468 gss_cred_id_t * delegated_cred_handle
469 );
470
471 OM_uint32 gss_process_context_token
472 (OM_uint32 * minor_status,
473 const gss_ctx_id_t context_handle,
474 const gss_buffer_t token_buffer
475 );
476
477 OM_uint32 gss_delete_sec_context
478 (OM_uint32 * minor_status,
479 gss_ctx_id_t * context_handle,
480 gss_buffer_t output_token
481 );
482
483 OM_uint32 gss_context_time
484 (OM_uint32 * minor_status,
485 const gss_ctx_id_t context_handle,
486 OM_uint32 * time_rec
487 );
488
489 OM_uint32 gss_get_mic
490 (OM_uint32 * minor_status,
491 const gss_ctx_id_t context_handle,
492 gss_qop_t qop_req,
493 const gss_buffer_t message_buffer,
494 gss_buffer_t message_token
495 );
496
497 OM_uint32 gss_verify_mic
498 (OM_uint32 * minor_status,
499 const gss_ctx_id_t context_handle,
500 const gss_buffer_t message_buffer,
501 const gss_buffer_t token_buffer,
502 gss_qop_t * qop_state
503 );
504
505 OM_uint32 gss_wrap
506 (OM_uint32 * minor_status,
507 const gss_ctx_id_t context_handle,
508 int conf_req_flag,
509 gss_qop_t qop_req,
510 const gss_buffer_t input_message_buffer,
511 int * conf_state,
512 gss_buffer_t output_message_buffer
513 );
514
515 OM_uint32 gss_unwrap
516 (OM_uint32 * minor_status,
517 const gss_ctx_id_t context_handle,
518 const gss_buffer_t input_message_buffer,
519 gss_buffer_t output_message_buffer,
520 int * conf_state,
521 gss_qop_t * qop_state
522 );
523
524 OM_uint32 gss_display_status
525 (OM_uint32 * minor_status,
526 OM_uint32 status_value,
527 int status_type,
528 const gss_OID mech_type,
529 OM_uint32 * message_context,
530 gss_buffer_t status_string
531 );
532
533 OM_uint32 gss_indicate_mechs
534 (OM_uint32 * minor_status,
535 gss_OID_set * mech_set
536 );
537
538 OM_uint32 gss_compare_name
539 (OM_uint32 * minor_status,
540 const gss_name_t name1,
541 const gss_name_t name2,
542 int * name_equal
543 );
544
545 OM_uint32 gss_display_name
546 (OM_uint32 * minor_status,
547 const gss_name_t input_name,
548 gss_buffer_t output_name_buffer,
549 gss_OID * output_name_type
550 );
551
552 OM_uint32 gss_import_name
553 (OM_uint32 * minor_status,
554 const gss_buffer_t input_name_buffer,
555 const gss_OID input_name_type,
556 gss_name_t * output_name
557 );
558
559 OM_uint32 gss_export_name
560 (OM_uint32 * minor_status,
561 const gss_name_t input_name,
562 gss_buffer_t exported_name
563 );
564
565 OM_uint32 gss_release_name
566 (OM_uint32 * minor_status,
567 gss_name_t * input_name
568 );
569
570 OM_uint32 gss_release_buffer
571 (OM_uint32 * minor_status,
572 gss_buffer_t buffer
573 );
574
575 OM_uint32 gss_release_oid_set
576 (OM_uint32 * minor_status,
577 gss_OID_set * set
578 );
579
580 OM_uint32 gss_inquire_cred
581 (OM_uint32 * minor_status,
582 const gss_cred_id_t cred_handle,
583 gss_name_t * name,
584 OM_uint32 * lifetime,
585 gss_cred_usage_t * cred_usage,
586 gss_OID_set * mechanisms
587 );
588
589 OM_uint32 gss_inquire_context (
590 OM_uint32 * minor_status,
591 const gss_ctx_id_t context_handle,
592 gss_name_t * src_name,
593 gss_name_t * targ_name,
594 OM_uint32 * lifetime_rec,
595 gss_OID * mech_type,
596 OM_uint32 * ctx_flags,
597 int * locally_initiated,
598 int * open
599 );
600
601 OM_uint32 gss_wrap_size_limit (
602 OM_uint32 * minor_status,
603 const gss_ctx_id_t context_handle,
604 int conf_req_flag,
605 gss_qop_t qop_req,
606 OM_uint32 req_output_size,
607 OM_uint32 * max_input_size
608 );
609
610 OM_uint32 gss_add_cred (
611 OM_uint32 * minor_status,
612 const gss_cred_id_t input_cred_handle,
613 const gss_name_t desired_name,
614 const gss_OID desired_mech,
615 gss_cred_usage_t cred_usage,
616 OM_uint32 initiator_time_req,
617 OM_uint32 acceptor_time_req,
618 gss_cred_id_t * output_cred_handle,
619 gss_OID_set * actual_mechs,
620 OM_uint32 * initiator_time_rec,
621 OM_uint32 * acceptor_time_rec
622 );
623
624 OM_uint32 gss_inquire_cred_by_mech (
625 OM_uint32 * minor_status,
626 const gss_cred_id_t cred_handle,
627 const gss_OID mech_type,
628 gss_name_t * name,
629 OM_uint32 * initiator_lifetime,
630 OM_uint32 * acceptor_lifetime,
631 gss_cred_usage_t * cred_usage
632 );
633
634 OM_uint32 gss_export_sec_context (
635 OM_uint32 * minor_status,
636 gss_ctx_id_t * context_handle,
637 gss_buffer_t interprocess_token
638 );
639
640 OM_uint32 gss_import_sec_context (
641 OM_uint32 * minor_status,
642 const gss_buffer_t interprocess_token,
643 gss_ctx_id_t * context_handle
644 );
645
646 OM_uint32 gss_create_empty_oid_set (
647 OM_uint32 * minor_status,
648 gss_OID_set * oid_set
649 );
650
651 OM_uint32 gss_add_oid_set_member (
652 OM_uint32 * minor_status,
653 const gss_OID member_oid,
654 gss_OID_set * oid_set
655 );
656
657 OM_uint32 gss_test_oid_set_member (
658 OM_uint32 * minor_status,
659 const gss_OID member,
660 const gss_OID_set set,
661 int * present
662 );
663
664 OM_uint32 gss_inquire_names_for_mech (
665 OM_uint32 * minor_status,
666 const gss_OID mechanism,
667 gss_OID_set * name_types
668 );
669
670 OM_uint32 gss_inquire_mechs_for_name (
671 OM_uint32 * minor_status,
672 const gss_name_t input_name,
673 gss_OID_set * mech_types
674 );
675
676 OM_uint32 gss_canonicalize_name (
677 OM_uint32 * minor_status,
678 const gss_name_t input_name,
679 const gss_OID mech_type,
680 gss_name_t * output_name
681 );
682
683 OM_uint32 gss_duplicate_name (
684 OM_uint32 * minor_status,
685 const gss_name_t src_name,
686 gss_name_t * dest_name
687 );
688
689 /*
690 * The following routines are obsolete variants of gss_get_mic,
691 * gss_verify_mic, gss_wrap and gss_unwrap. They should be
692 * provided by GSSAPI V2 implementations for backwards
693 * compatibility with V1 applications. Distinct entrypoints
694 * (as opposed to #defines) should be provided, both to allow
695 * GSSAPI V1 applications to link against GSSAPI V2 implementations,
696 * and to retain the slight parameter type differences between the
697 * obsolete versions of these routines and their current forms.
698 */
699
700 OM_uint32 gss_sign
701 (OM_uint32 * minor_status,
702 gss_ctx_id_t context_handle,
703 int qop_req,
704 gss_buffer_t message_buffer,
705 gss_buffer_t message_token
706 );
707
708 OM_uint32 gss_verify
709 (OM_uint32 * minor_status,
710 gss_ctx_id_t context_handle,
711 gss_buffer_t message_buffer,
712 gss_buffer_t token_buffer,
713 int * qop_state
714 );
715
716 OM_uint32 gss_seal
717 (OM_uint32 * minor_status,
718 gss_ctx_id_t context_handle,
719 int conf_req_flag,
720 int qop_req,
721 gss_buffer_t input_message_buffer,
722 int * conf_state,
723 gss_buffer_t output_message_buffer
724 );
725
726 OM_uint32 gss_unseal
727 (OM_uint32 * minor_status,
728 gss_ctx_id_t context_handle,
729 gss_buffer_t input_message_buffer,
730 gss_buffer_t output_message_buffer,
731 int * conf_state,
732 int * qop_state
733 );
734
735 /*
736 * kerberos mechanism specific functions
737 */
738
739 OM_uint32 gsskrb5_register_acceptor_identity
740 (char *identity);
741
742 #endif /* GSSAPI_H_ */
Heimdal