search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
x
[heimdal.git] / lib / gssapi / krb5 / gssapi.h
blobd56ec8237f596f5f11559441b586a8b45f174758
1 /*
2 * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /* $Id$ */
35
36 #ifndef GSSAPI_H_
37 #define GSSAPI_H_
38
39 /*
40 * First, include stddef.h to get size_t defined.
41 */
42 #include <stddef.h>
43
44 #include <krb5-types.h>
45
46 /*
47 * Now define the three implementation-dependent types.
48 */
49
50 typedef u_int32_t OM_uint32;
51
52 typedef u_int32_t gss_uint32;
53
54 /*
55 * This is to avoid having to include <krb5.h>
56 */
57
58 struct krb5_auth_context_data;
59
60 struct Principal;
61
62 /* typedef void *gss_name_t; */
63
64 typedef struct Principal *gss_name_t;
65
66 typedef struct gss_ctx_id_t_desc_struct {
67 struct krb5_auth_context_data *auth_context;
68 gss_name_t source, target;
69 OM_uint32 flags;
70 enum { LOCAL = 1, OPEN = 2} more_flags;
71 struct krb5_ticket *ticket;
72 } gss_ctx_id_t_desc;
73
74 typedef gss_ctx_id_t_desc *gss_ctx_id_t;
75
76 typedef struct gss_OID_desc_struct {
77 OM_uint32 length;
78 void *elements;
79 } gss_OID_desc, *gss_OID;
80
81 typedef struct gss_OID_set_desc_struct {
82 size_t count;
83 gss_OID elements;
84 } gss_OID_set_desc, *gss_OID_set;
85
86 struct krb5_keytab_data;
87
88 struct krb5_ccache_data;
89
90 typedef int gss_cred_usage_t;
91
92 typedef struct gss_cred_id_t_desc_struct {
93 gss_name_t principal;
94 struct krb5_keytab_data *keytab;
95 OM_uint32 lifetime;
96 gss_cred_usage_t usage;
97 gss_OID_set mechanisms;
98 struct krb5_ccache_data *ccache;
99 } gss_cred_id_t_desc;
100
101 typedef gss_cred_id_t_desc *gss_cred_id_t;
102
103 typedef struct gss_buffer_desc_struct {
104 size_t length;
105 void *value;
106 } gss_buffer_desc, *gss_buffer_t;
107
108 typedef struct gss_channel_bindings_struct {
109 OM_uint32 initiator_addrtype;
110 gss_buffer_desc initiator_address;
111 OM_uint32 acceptor_addrtype;
112 gss_buffer_desc acceptor_address;
113 gss_buffer_desc application_data;
114 } *gss_channel_bindings_t;
115
116 /*
117 * For now, define a QOP-type as an OM_uint32
118 */
119 typedef OM_uint32 gss_qop_t;
120
121 /*
122 * Flag bits for context-level services.
123 */
124 #define GSS_C_DELEG_FLAG 1
125 #define GSS_C_MUTUAL_FLAG 2
126 #define GSS_C_REPLAY_FLAG 4
127 #define GSS_C_SEQUENCE_FLAG 8
128 #define GSS_C_CONF_FLAG 16
129 #define GSS_C_INTEG_FLAG 32
130 #define GSS_C_ANON_FLAG 64
131 #define GSS_C_PROT_READY_FLAG 128
132 #define GSS_C_TRANS_FLAG 256
133
134 /*
135 * Credential usage options
136 */
137 #define GSS_C_BOTH 0
138 #define GSS_C_INITIATE 1
139 #define GSS_C_ACCEPT 2
140
141 /*
142 * Status code types for gss_display_status
143 */
144 #define GSS_C_GSS_CODE 1
145 #define GSS_C_MECH_CODE 2
146
147 /*
148 * The constant definitions for channel-bindings address families
149 */
150 #define GSS_C_AF_UNSPEC 0
151 #define GSS_C_AF_LOCAL 1
152 #define GSS_C_AF_INET 2
153 #define GSS_C_AF_IMPLINK 3
154 #define GSS_C_AF_PUP 4
155 #define GSS_C_AF_CHAOS 5
156 #define GSS_C_AF_NS 6
157 #define GSS_C_AF_NBS 7
158 #define GSS_C_AF_ECMA 8
159 #define GSS_C_AF_DATAKIT 9
160 #define GSS_C_AF_CCITT 10
161 #define GSS_C_AF_SNA 11
162 #define GSS_C_AF_DECnet 12
163 #define GSS_C_AF_DLI 13
164 #define GSS_C_AF_LAT 14
165 #define GSS_C_AF_HYLINK 15
166 #define GSS_C_AF_APPLETALK 16
167 #define GSS_C_AF_BSC 17
168 #define GSS_C_AF_DSS 18
169 #define GSS_C_AF_OSI 19
170 #define GSS_C_AF_X25 21
171 #define GSS_C_AF_INET6 24
172
173 #define GSS_C_AF_NULLADDR 255
174
175 /*
176 * Various Null values
177 */
178 #define GSS_C_NO_NAME ((gss_name_t) 0)
179 #define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
180 #define GSS_C_NO_OID ((gss_OID) 0)
181 #define GSS_C_NO_OID_SET ((gss_OID_set) 0)
182 #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
183 #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
184 #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
185 #define GSS_C_EMPTY_BUFFER {0, NULL}
186
187 /*
188 * Some alternate names for a couple of the above
189 * values. These are defined for V1 compatibility.
190 */
191 #define GSS_C_NULL_OID GSS_C_NO_OID
192 #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
193
194 /*
195 * Define the default Quality of Protection for per-message
196 * services. Note that an implementation that offers multiple
197 * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
198 * (as done here) to mean "default protection", or to a specific
199 * explicit QOP value. However, a value of 0 should always be
200 * interpreted by a GSSAPI implementation as a request for the
201 * default protection level.
202 */
203 #define GSS_C_QOP_DEFAULT 0
204
205 #define GSS_KRB5_CONF_C_QOP_DES 0x0100
206 #define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200
207
208 /*
209 * Expiration time of 2^32-1 seconds means infinite lifetime for a
210 * credential or security context
211 */
212 #define GSS_C_INDEFINITE 0xfffffffful
213
214 /*
215 * The implementation must reserve static storage for a
216 * gss_OID_desc object containing the value
217 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
218 * "\x01\x02\x01\x01"},
219 * corresponding to an object-identifier value of
220 * {iso(1) member-body(2) United States(840) mit(113554)
221 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
222 * GSS_C_NT_USER_NAME should be initialized to point
223 * to that gss_OID_desc.
224 */
225 extern gss_OID GSS_C_NT_USER_NAME;
226
227 /*
228 * The implementation must reserve static storage for a
229 * gss_OID_desc object containing the value
230 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
231 * "\x01\x02\x01\x02"},
232 * corresponding to an object-identifier value of
233 * {iso(1) member-body(2) United States(840) mit(113554)
234 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
235 * The constant GSS_C_NT_MACHINE_UID_NAME should be
236 * initialized to point to that gss_OID_desc.
237 */
238 extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
239
240 /*
241 * The implementation must reserve static storage for a
242 * gss_OID_desc object containing the value
243 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
244 * "\x01\x02\x01\x03"},
245 * corresponding to an object-identifier value of
246 * {iso(1) member-body(2) United States(840) mit(113554)
247 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
248 * The constant GSS_C_NT_STRING_UID_NAME should be
249 * initialized to point to that gss_OID_desc.
250 */
251 extern gss_OID GSS_C_NT_STRING_UID_NAME;
252
253 /*
254 * The implementation must reserve static storage for a
255 * gss_OID_desc object containing the value
256 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
257 * corresponding to an object-identifier value of
258 * {iso(1) org(3) dod(6) internet(1) security(5)
259 * nametypes(6) gss-host-based-services(2)). The constant
260 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
261 * to that gss_OID_desc. This is a deprecated OID value, and
262 * implementations wishing to support hostbased-service names
263 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
264 * defined below, to identify such names;
265 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
266 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
267 * parameter, but should not be emitted by GSS-API
268 * implementations
269 */
270 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
271
272 /*
273 * The implementation must reserve static storage for a
274 * gss_OID_desc object containing the value
275 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
276 * "\x01\x02\x01\x04"}, corresponding to an
277 * object-identifier value of {iso(1) member-body(2)
278 * Unites States(840) mit(113554) infosys(1) gssapi(2)
279 * generic(1) service_name(4)}. The constant
280 * GSS_C_NT_HOSTBASED_SERVICE should be initialized
281 * to point to that gss_OID_desc.
282 */
283 extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
284
285 /*
286 * The implementation must reserve static storage for a
287 * gss_OID_desc object containing the value
288 * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
289 * corresponding to an object identifier value of
290 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
291 * 6(nametypes), 3(gss-anonymous-name)}. The constant
292 * and GSS_C_NT_ANONYMOUS should be initialized to point
293 * to that gss_OID_desc.
294 */
295 extern gss_OID GSS_C_NT_ANONYMOUS;
296
297 /*
298 * The implementation must reserve static storage for a
299 * gss_OID_desc object containing the value
300 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
301 * corresponding to an object-identifier value of
302 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
303 * 6(nametypes), 4(gss-api-exported-name)}. The constant
304 * GSS_C_NT_EXPORT_NAME should be initialized to point
305 * to that gss_OID_desc.
306 */
307 extern gss_OID GSS_C_NT_EXPORT_NAME;
308
309 /*
310 * This if for kerberos5 names.
311 */
312
313 extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
314 extern gss_OID GSS_KRB5_NT_USER_NAME;
315 extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
316 extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
317
318 extern gss_OID GSS_KRB5_MECHANISM;
319
320 /* for compatibility with MIT api */
321
322 #define gss_mech_krb5 GSS_KRB5_MECHANISM
323
324 /* Major status codes */
325
326 #define GSS_S_COMPLETE 0
327
328 /*
329 * Some "helper" definitions to make the status code macros obvious.
330 */
331 #define GSS_C_CALLING_ERROR_OFFSET 24
332 #define GSS_C_ROUTINE_ERROR_OFFSET 16
333 #define GSS_C_SUPPLEMENTARY_OFFSET 0
334 #define GSS_C_CALLING_ERROR_MASK 0377ul
335 #define GSS_C_ROUTINE_ERROR_MASK 0377ul
336 #define GSS_C_SUPPLEMENTARY_MASK 0177777ul
337
338 /*
339 * The macros that test status codes for error conditions.
340 * Note that the GSS_ERROR() macro has changed slightly from
341 * the V1 GSSAPI so that it now evaluates its argument
342 * only once.
343 */
344 #define GSS_CALLING_ERROR(x) \
345 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
346 #define GSS_ROUTINE_ERROR(x) \
347 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
348 #define GSS_SUPPLEMENTARY_INFO(x) \
349 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
350 #define GSS_ERROR(x) \
351 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
352 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
353
354 /*
355 * Now the actual status code definitions
356 */
357
358 /*
359 * Calling errors:
360 */
361 #define GSS_S_CALL_INACCESSIBLE_READ \
362 (1ul << GSS_C_CALLING_ERROR_OFFSET)
363 #define GSS_S_CALL_INACCESSIBLE_WRITE \
364 (2ul << GSS_C_CALLING_ERROR_OFFSET)
365 #define GSS_S_CALL_BAD_STRUCTURE \
366 (3ul << GSS_C_CALLING_ERROR_OFFSET)
367
368 /*
369 * Routine errors:
370 */
371 #define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
372 #define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
373 #define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
374
375 #define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
376 #define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
377 #define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
378 #define GSS_S_BAD_MIC GSS_S_BAD_SIG
379 #define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
380 #define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
381 #define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
382 #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
383 #define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
384 #define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
385 #define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
386 #define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
387 #define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
388 #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
389 #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
390 #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
391
392 /*
393 * Supplementary info bits:
394 */
395 #define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
396 #define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
397 #define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
398 #define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
399 #define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
400
401 /*
402 * From RFC1964:
403 *
404 * 4.1.1. Non-Kerberos-specific codes
405 */
406
407 #define GSS_KRB5_S_G_BAD_SERVICE_NAME 1
408 /* "No @ in SERVICE-NAME name string" */
409 #define GSS_KRB5_S_G_BAD_STRING_UID 2
410 /* "STRING-UID-NAME contains nondigits" */
411 #define GSS_KRB5_S_G_NOUSER 3
412 /* "UID does not resolve to username" */
413 #define GSS_KRB5_S_G_VALIDATE_FAILED 4
414 /* "Validation error" */
415 #define GSS_KRB5_S_G_BUFFER_ALLOC 5
416 /* "Couldn't allocate gss_buffer_t data" */
417 #define GSS_KRB5_S_G_BAD_MSG_CTX 6
418 /* "Message context invalid" */
419 #define GSS_KRB5_S_G_WRONG_SIZE 7
420 /* "Buffer is the wrong size" */
421 #define GSS_KRB5_S_G_BAD_USAGE 8
422 /* "Credential usage type is unknown" */
423 #define GSS_KRB5_S_G_UNKNOWN_QOP 9
424 /* "Unknown quality of protection specified" */
425
426 /*
427 * 4.1.2. Kerberos-specific-codes
428 */
429
430 #define GSS_KRB5_S_KG_CCACHE_NOMATCH 10
431 /* "Principal in credential cache does not match desired name" */
432 #define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11
433 /* "No principal in keytab matches desired name" */
434 #define GSS_KRB5_S_KG_TGT_MISSING 12
435 /* "Credential cache has no TGT" */
436 #define GSS_KRB5_S_KG_NO_SUBKEY 13
437 /* "Authenticator has no subkey" */
438 #define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14
439 /* "Context is already fully established" */
440 #define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15
441 /* "Unknown signature type in token" */
442 #define GSS_KRB5_S_KG_BAD_LENGTH 16
443 /* "Invalid field length in token" */
444 #define GSS_KRB5_S_KG_CTX_INCOMPLETE 17
445 /* "Attempt to use incomplete security context" */
446
447 /*
448 * Finally, function prototypes for the GSS-API routines.
449 */
450
451 OM_uint32 gss_acquire_cred
452 (OM_uint32 * minor_status,
453 const gss_name_t desired_name,
454 OM_uint32 time_req,
455 const gss_OID_set desired_mechs,
456 gss_cred_usage_t cred_usage,
457 gss_cred_id_t * output_cred_handle,
458 gss_OID_set * actual_mechs,
459 OM_uint32 * time_rec
460 );
461
462 OM_uint32 gss_release_cred
463 (OM_uint32 * minor_status,
464 gss_cred_id_t * cred_handle
465 );
466
467 OM_uint32 gss_init_sec_context
468 (OM_uint32 * minor_status,
469 const gss_cred_id_t initiator_cred_handle,
470 gss_ctx_id_t * context_handle,
471 const gss_name_t target_name,
472 const gss_OID mech_type,
473 OM_uint32 req_flags,
474 OM_uint32 time_req,
475 const gss_channel_bindings_t input_chan_bindings,
476 const gss_buffer_t input_token,
477 gss_OID * actual_mech_type,
478 gss_buffer_t output_token,
479 OM_uint32 * ret_flags,
480 OM_uint32 * time_rec
481 );
482
483 OM_uint32 gss_accept_sec_context
484 (OM_uint32 * minor_status,
485 gss_ctx_id_t * context_handle,
486 const gss_cred_id_t acceptor_cred_handle,
487 const gss_buffer_t input_token_buffer,
488 const gss_channel_bindings_t input_chan_bindings,
489 gss_name_t * src_name,
490 gss_OID * mech_type,
491 gss_buffer_t output_token,
492 OM_uint32 * ret_flags,
493 OM_uint32 * time_rec,
494 gss_cred_id_t * delegated_cred_handle
495 );
496
497 OM_uint32 gss_process_context_token
498 (OM_uint32 * minor_status,
499 const gss_ctx_id_t context_handle,
500 const gss_buffer_t token_buffer
501 );
502
503 OM_uint32 gss_delete_sec_context
504 (OM_uint32 * minor_status,
505 gss_ctx_id_t * context_handle,
506 gss_buffer_t output_token
507 );
508
509 OM_uint32 gss_context_time
510 (OM_uint32 * minor_status,
511 const gss_ctx_id_t context_handle,
512 OM_uint32 * time_rec
513 );
514
515 OM_uint32 gss_get_mic
516 (OM_uint32 * minor_status,
517 const gss_ctx_id_t context_handle,
518 gss_qop_t qop_req,
519 const gss_buffer_t message_buffer,
520 gss_buffer_t message_token
521 );
522
523 OM_uint32 gss_verify_mic
524 (OM_uint32 * minor_status,
525 const gss_ctx_id_t context_handle,
526 const gss_buffer_t message_buffer,
527 const gss_buffer_t token_buffer,
528 gss_qop_t * qop_state
529 );
530
531 OM_uint32 gss_wrap
532 (OM_uint32 * minor_status,
533 const gss_ctx_id_t context_handle,
534 int conf_req_flag,
535 gss_qop_t qop_req,
536 const gss_buffer_t input_message_buffer,
537 int * conf_state,
538 gss_buffer_t output_message_buffer
539 );
540
541 OM_uint32 gss_unwrap
542 (OM_uint32 * minor_status,
543 const gss_ctx_id_t context_handle,
544 const gss_buffer_t input_message_buffer,
545 gss_buffer_t output_message_buffer,
546 int * conf_state,
547 gss_qop_t * qop_state
548 );
549
550 OM_uint32 gss_display_status
551 (OM_uint32 * minor_status,
552 OM_uint32 status_value,
553 int status_type,
554 const gss_OID mech_type,
555 OM_uint32 * message_context,
556 gss_buffer_t status_string
557 );
558
559 OM_uint32 gss_indicate_mechs
560 (OM_uint32 * minor_status,
561 gss_OID_set * mech_set
562 );
563
564 OM_uint32 gss_compare_name
565 (OM_uint32 * minor_status,
566 const gss_name_t name1,
567 const gss_name_t name2,
568 int * name_equal
569 );
570
571 OM_uint32 gss_display_name
572 (OM_uint32 * minor_status,
573 const gss_name_t input_name,
574 gss_buffer_t output_name_buffer,
575 gss_OID * output_name_type
576 );
577
578 OM_uint32 gss_import_name
579 (OM_uint32 * minor_status,
580 const gss_buffer_t input_name_buffer,
581 const gss_OID input_name_type,
582 gss_name_t * output_name
583 );
584
585 OM_uint32 gss_export_name
586 (OM_uint32 * minor_status,
587 const gss_name_t input_name,
588 gss_buffer_t exported_name
589 );
590
591 OM_uint32 gss_release_name
592 (OM_uint32 * minor_status,
593 gss_name_t * input_name
594 );
595
596 OM_uint32 gss_release_buffer
597 (OM_uint32 * minor_status,
598 gss_buffer_t buffer
599 );
600
601 OM_uint32 gss_release_oid_set
602 (OM_uint32 * minor_status,
603 gss_OID_set * set
604 );
605
606 OM_uint32 gss_inquire_cred
607 (OM_uint32 * minor_status,
608 const gss_cred_id_t cred_handle,
609 gss_name_t * name,
610 OM_uint32 * lifetime,
611 gss_cred_usage_t * cred_usage,
612 gss_OID_set * mechanisms
613 );
614
615 OM_uint32 gss_inquire_context (
616 OM_uint32 * minor_status,
617 const gss_ctx_id_t context_handle,
618 gss_name_t * src_name,
619 gss_name_t * targ_name,
620 OM_uint32 * lifetime_rec,
621 gss_OID * mech_type,
622 OM_uint32 * ctx_flags,
623 int * locally_initiated,
624 int * open
625 );
626
627 OM_uint32 gss_wrap_size_limit (
628 OM_uint32 * minor_status,
629 const gss_ctx_id_t context_handle,
630 int conf_req_flag,
631 gss_qop_t qop_req,
632 OM_uint32 req_output_size,
633 OM_uint32 * max_input_size
634 );
635
636 OM_uint32 gss_add_cred (
637 OM_uint32 * minor_status,
638 const gss_cred_id_t input_cred_handle,
639 const gss_name_t desired_name,
640 const gss_OID desired_mech,
641 gss_cred_usage_t cred_usage,
642 OM_uint32 initiator_time_req,
643 OM_uint32 acceptor_time_req,
644 gss_cred_id_t * output_cred_handle,
645 gss_OID_set * actual_mechs,
646 OM_uint32 * initiator_time_rec,
647 OM_uint32 * acceptor_time_rec
648 );
649
650 OM_uint32 gss_inquire_cred_by_mech (
651 OM_uint32 * minor_status,
652 const gss_cred_id_t cred_handle,
653 const gss_OID mech_type,
654 gss_name_t * name,
655 OM_uint32 * initiator_lifetime,
656 OM_uint32 * acceptor_lifetime,
657 gss_cred_usage_t * cred_usage
658 );
659
660 OM_uint32 gss_export_sec_context (
661 OM_uint32 * minor_status,
662 gss_ctx_id_t * context_handle,
663 gss_buffer_t interprocess_token
664 );
665
666 OM_uint32 gss_import_sec_context (
667 OM_uint32 * minor_status,
668 const gss_buffer_t interprocess_token,
669 gss_ctx_id_t * context_handle
670 );
671
672 OM_uint32 gss_create_empty_oid_set (
673 OM_uint32 * minor_status,
674 gss_OID_set * oid_set
675 );
676
677 OM_uint32 gss_add_oid_set_member (
678 OM_uint32 * minor_status,
679 const gss_OID member_oid,
680 gss_OID_set * oid_set
681 );
682
683 OM_uint32 gss_test_oid_set_member (
684 OM_uint32 * minor_status,
685 const gss_OID member,
686 const gss_OID_set set,
687 int * present
688 );
689
690 OM_uint32 gss_inquire_names_for_mech (
691 OM_uint32 * minor_status,
692 const gss_OID mechanism,
693 gss_OID_set * name_types
694 );
695
696 OM_uint32 gss_inquire_mechs_for_name (
697 OM_uint32 * minor_status,
698 const gss_name_t input_name,
699 gss_OID_set * mech_types
700 );
701
702 OM_uint32 gss_canonicalize_name (
703 OM_uint32 * minor_status,
704 const gss_name_t input_name,
705 const gss_OID mech_type,
706 gss_name_t * output_name
707 );
708
709 OM_uint32 gss_duplicate_name (
710 OM_uint32 * minor_status,
711 const gss_name_t src_name,
712 gss_name_t * dest_name
713 );
714
715 /*
716 * The following routines are obsolete variants of gss_get_mic,
717 * gss_verify_mic, gss_wrap and gss_unwrap. They should be
718 * provided by GSSAPI V2 implementations for backwards
719 * compatibility with V1 applications. Distinct entrypoints
720 * (as opposed to #defines) should be provided, both to allow
721 * GSSAPI V1 applications to link against GSSAPI V2 implementations,
722 * and to retain the slight parameter type differences between the
723 * obsolete versions of these routines and their current forms.
724 */
725
726 OM_uint32 gss_sign
727 (OM_uint32 * minor_status,
728 gss_ctx_id_t context_handle,
729 int qop_req,
730 gss_buffer_t message_buffer,
731 gss_buffer_t message_token
732 );
733
734 OM_uint32 gss_verify
735 (OM_uint32 * minor_status,
736 gss_ctx_id_t context_handle,
737 gss_buffer_t message_buffer,
738 gss_buffer_t token_buffer,
739 int * qop_state
740 );
741
742 OM_uint32 gss_seal
743 (OM_uint32 * minor_status,
744 gss_ctx_id_t context_handle,
745 int conf_req_flag,
746 int qop_req,
747 gss_buffer_t input_message_buffer,
748 int * conf_state,
749 gss_buffer_t output_message_buffer
750 );
751
752 OM_uint32 gss_unseal
753 (OM_uint32 * minor_status,
754 gss_ctx_id_t context_handle,
755 gss_buffer_t input_message_buffer,
756 gss_buffer_t output_message_buffer,
757 int * conf_state,
758 int * qop_state
759 );
760
761 /*
762 * kerberos mechanism specific functions
763 */
764
765 OM_uint32 gsskrb5_register_acceptor_identity
766 (char *identity);
767
768 OM_uint32 gss_krb5_copy_ccache
769 (OM_uint32 *minor,
770 gss_cred_id_t cred,
771 struct krb5_ccache_data *out);
772
773 #endif /* GSSAPI_H_ */
Heimdal