source4/auth/gensec/gensec_gssapi.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Kerberos backend for GENSEC
   5
   6    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
   7    Copyright (C) Stefan Metzmacher <metze@samba.org> 2004-2005
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 /* This structure described here, so the RPC-PAC test can get at the PAC provided */
  25
  26 enum gensec_gssapi_sasl_state
  27 {
  28         STAGE_GSS_NEG,
  29         STAGE_SASL_SSF_NEG,
  30         STAGE_SASL_SSF_ACCEPT,
  31         STAGE_DONE
  32 };
  33
  34 #define NEG_SEAL 0x4
  35 #define NEG_SIGN 0x2
  36 #define NEG_NONE 0x1
  37
  38 struct gensec_gssapi_state {
  39         gss_ctx_id_t gssapi_context;
  40         gss_name_t server_name;
  41         gss_name_t client_name;
  42         OM_uint32 gss_want_flags, gss_got_flags;
  43
  44         gss_cred_id_t delegated_cred_handle;
  45
  46         NTTIME expire_time;
  47
  48         /* gensec_gssapi only */
  49         gss_krb5_lucid_context_v1_t *lucid;
  50         gss_OID gss_oid;
  51
  52         struct gss_channel_bindings_struct *input_chan_bindings;
  53         struct smb_krb5_context *smb_krb5_context;
  54         struct gssapi_creds_container *client_cred;
  55         struct gssapi_creds_container *server_cred;
  56
  57         bool sasl; /* We have two different mechs in this file: One
  58                     * for SASL wrapped GSSAPI and another for normal
  59                     * GSSAPI */
  60         enum gensec_gssapi_sasl_state sasl_state;
  61         uint8_t sasl_protection; /* What was negotiated at the SASL
  62                                   * layer, independent of the GSSAPI
  63                                   * layer... */
  64
  65         size_t max_wrap_buf_size;
  66         int gss_exchange_count;
  67         size_t sig_size;
  68
  69         const char *target_principal;
  70 };