src/TortoisePlink/sshgss.h

   1 #ifndef PUTTY_SSHGSS_H
   2 #define PUTTY_SSHGSS_H
   3 #include "putty.h"
   4 #include "pgssapi.h"
   5
   6 #ifndef NO_GSSAPI
   7
   8 #define SSH2_GSS_OIDTYPE 0x06
   9 typedef void *Ssh_gss_ctx;
  10
  11 typedef enum Ssh_gss_stat {
  12     SSH_GSS_OK = 0,
  13     SSH_GSS_S_CONTINUE_NEEDED,
  14     SSH_GSS_NO_MEM,
  15     SSH_GSS_BAD_HOST_NAME,
  16     SSH_GSS_FAILURE
  17 } Ssh_gss_stat;
  18
  19 #define SSH_GSS_S_COMPLETE SSH_GSS_OK
  20
  21 #define SSH_GSS_CLEAR_BUF(buf) do {             \
  22     (*buf).length = 0;                          \
  23     (*buf).value = NULL;                                \
  24 } while (0)
  25
  26 typedef gss_buffer_desc Ssh_gss_buf;
  27 typedef gss_name_t Ssh_gss_name;
  28
  29 /* Functions, provided by either wingss.c or sshgssc.c */
  30
  31 struct ssh_gss_library;
  32
  33 /*
  34  * Prepare a collection of GSSAPI libraries for use in a single SSH
  35  * connection. Returns a structure containing a list of libraries,
  36  * with their ids (see struct ssh_gss_library below) filled in so
  37  * that the client can go through them in the SSH user's preferred
  38  * order.
  39  *
  40  * Must always return non-NULL. (Even if no libraries are available,
  41  * it must return an empty structure.)
  42  *
  43  * The free function cleans up the structure, and its associated
  44  * libraries (if any).
  45  */
  46 struct ssh_gss_liblist {
  47     struct ssh_gss_library *libraries;
  48     int nlibraries;
  49 };
  50 struct ssh_gss_liblist *ssh_gss_setup(Conf *conf);
  51 void ssh_gss_cleanup(struct ssh_gss_liblist *list);
  52
  53 /*
  54  * Fills in buf with a string describing the GSSAPI mechanism in
  55  * use. buf->data is not dynamically allocated.
  56  */
  57 typedef Ssh_gss_stat (*t_ssh_gss_indicate_mech)(struct ssh_gss_library *lib,
  58                                                 Ssh_gss_buf *buf);
  59
  60 /*
  61  * Converts a name such as a hostname into a GSSAPI internal form,
  62  * which is placed in "out". The result should be freed by
  63  * ssh_gss_release_name().
  64  */
  65 typedef Ssh_gss_stat (*t_ssh_gss_import_name)(struct ssh_gss_library *lib,
  66                                               char *in, Ssh_gss_name *out);
  67
  68 /*
  69  * Frees the contents of an Ssh_gss_name structure filled in by
  70  * ssh_gss_import_name().
  71  */
  72 typedef Ssh_gss_stat (*t_ssh_gss_release_name)(struct ssh_gss_library *lib,
  73                                                Ssh_gss_name *name);
  74
  75 /*
  76  * The main GSSAPI security context setup function. The "out"
  77  * parameter will need to be freed by ssh_gss_free_tok.
  78  */
  79 typedef Ssh_gss_stat (*t_ssh_gss_init_sec_context)
  80     (struct ssh_gss_library *lib,
  81      Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate,
  82      Ssh_gss_buf *in, Ssh_gss_buf *out);
  83
  84 /*
  85  * Frees the contents of an Ssh_gss_buf filled in by
  86  * ssh_gss_init_sec_context(). Do not accidentally call this on
  87  * something filled in by ssh_gss_get_mic() (which requires a
  88  * different free function) or something filled in by any other
  89  * way.
  90  */
  91 typedef Ssh_gss_stat (*t_ssh_gss_free_tok)(struct ssh_gss_library *lib,
  92                                            Ssh_gss_buf *);
  93
  94 /*
  95  * Acquires the credentials to perform authentication in the first
  96  * place. Needs to be freed by ssh_gss_release_cred().
  97  */
  98 typedef Ssh_gss_stat (*t_ssh_gss_acquire_cred)(struct ssh_gss_library *lib,
  99                                                Ssh_gss_ctx *);
 100
 101 /*
 102  * Frees the contents of an Ssh_gss_ctx filled in by
 103  * ssh_gss_acquire_cred().
 104  */
 105 typedef Ssh_gss_stat (*t_ssh_gss_release_cred)(struct ssh_gss_library *lib,
 106                                                Ssh_gss_ctx *);
 107
 108 /*
 109  * Gets a MIC for some input data. "out" needs to be freed by
 110  * ssh_gss_free_mic().
 111  */
 112 typedef Ssh_gss_stat (*t_ssh_gss_get_mic)(struct ssh_gss_library *lib,
 113                                           Ssh_gss_ctx ctx, Ssh_gss_buf *in,
 114                  Ssh_gss_buf *out);
 115
 116 /*
 117  * Frees the contents of an Ssh_gss_buf filled in by
 118  * ssh_gss_get_mic(). Do not accidentally call this on something
 119  * filled in by ssh_gss_init_sec_context() (which requires a
 120  * different free function) or something filled in by any other
 121  * way.
 122  */
 123 typedef Ssh_gss_stat (*t_ssh_gss_free_mic)(struct ssh_gss_library *lib,
 124                                            Ssh_gss_buf *);
 125
 126 /*
 127  * Return an error message after authentication failed. The
 128  * message string is returned in "buf", with buf->len giving the
 129  * number of characters of printable message text and buf->data
 130  * containing one more character which is a trailing NUL.
 131  * buf->data should be manually freed by the caller.
 132  */
 133 typedef Ssh_gss_stat (*t_ssh_gss_display_status)(struct ssh_gss_library *lib,
 134                                                  Ssh_gss_ctx, Ssh_gss_buf *buf);
 135
 136 struct ssh_gss_library {
 137     /*
 138      * Identifying number in the enumeration used by the
 139      * configuration code to specify a preference order.
 140      */
 141     int id;
 142
 143     /*
 144      * Filled in at initialisation time, if there's anything
 145      * interesting to say about how GSSAPI was initialised (e.g.
 146      * which of a number of alternative libraries was used).
 147      */
 148     const char *gsslogmsg;
 149
 150     /*
 151      * Function pointers implementing the SSH wrapper layer on top
 152      * of GSSAPI. (Defined in sshgssc, typically, though Windows
 153      * provides an alternative layer to sit on top of the annoyingly
 154      * different SSPI.)
 155      */
 156     t_ssh_gss_indicate_mech indicate_mech;
 157     t_ssh_gss_import_name import_name;
 158     t_ssh_gss_release_name release_name;
 159     t_ssh_gss_init_sec_context init_sec_context;
 160     t_ssh_gss_free_tok free_tok;
 161     t_ssh_gss_acquire_cred acquire_cred;
 162     t_ssh_gss_release_cred release_cred;
 163     t_ssh_gss_get_mic get_mic;
 164     t_ssh_gss_free_mic free_mic;
 165     t_ssh_gss_display_status display_status;
 166
 167     /*
 168      * Additional data for the wrapper layers.
 169      */
 170     union {
 171         struct gssapi_functions gssapi;
 172         /*
 173          * The SSPI wrappers don't need to store their Windows API
 174          * function pointers in this structure, because there can't
 175          * be more than one set of them available.
 176          */
 177     } u;
 178
 179     /*
 180      * Wrapper layers will often also need to store a library handle
 181      * of some sort for cleanup time.
 182      */
 183     void *handle;
 184 };
 185
 186 #endif /* NO_GSSAPI */
 187
 188 #endif /*PUTTY_SSHGSS_H*/