search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
x
[heimdal.git] / lib / gssapi / krb5 / gssapi_locl.h
blob54c6176f35b177bcfa9ab9e1af45c9c784d87505
1 /*
2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /* $Id$ */
35
36 #ifndef GSSAPI_LOCL_H
37 #define GSSAPI_LOCL_H
38
39 #ifdef HAVE_CONFIG_H
40 #include <config.h>
41 #endif
42
43 #include <krb5_locl.h>
44 #include <gssapi.h>
45 #include <assert.h>
46
47 #include "cfx.h"
48 #include "arcfour.h"
49
50 #include "spnego_asn1.h"
51
52 /*
53 *
54 */
55
56 struct gss_msg_order;
57
58 typedef struct gss_ctx_id_t_desc_struct {
59 struct krb5_auth_context_data *auth_context;
60 gss_name_t source, target;
61 OM_uint32 flags;
62 enum { LOCAL = 1, OPEN = 2,
63 COMPAT_OLD_DES3 = 4,
64 COMPAT_OLD_DES3_SELECTED = 8,
65 ACCEPTOR_SUBKEY = 16
66 } more_flags;
67 struct krb5_ticket *ticket;
68 OM_uint32 lifetime;
69 HEIMDAL_MUTEX ctx_id_mutex;
70 struct gss_msg_order *order;
71 } gss_ctx_id_t_desc;
72
73 typedef struct gss_cred_id_t_desc_struct {
74 gss_name_t principal;
75 struct krb5_keytab_data *keytab;
76 OM_uint32 lifetime;
77 gss_cred_usage_t usage;
78 gss_OID_set mechanisms;
79 struct krb5_ccache_data *ccache;
80 HEIMDAL_MUTEX cred_id_mutex;
81 } gss_cred_id_t_desc;
82
83 /*
84 *
85 */
86
87 extern krb5_context gssapi_krb5_context;
88
89 extern krb5_keytab gssapi_krb5_keytab;
90 extern HEIMDAL_MUTEX gssapi_keytab_mutex;
91
92 struct gssapi_thr_context {
93 HEIMDAL_MUTEX mutex;
94 char *error_string;
95 };
96
97 /*
98 * Prototypes
99 */
100
101 krb5_error_code gssapi_krb5_init (void);
102
103 #define GSSAPI_KRB5_INIT() do { \
104 krb5_error_code kret; \
105 if((kret = gssapi_krb5_init ()) != 0) { \
106 *minor_status = kret; \
107 return GSS_S_FAILURE; \
108 } \
109 } while (0)
110
111 struct gssapi_thr_context *
112 gssapi_get_thread_context(int);
113
114 void
115 gsskrb5_is_cfx(gss_ctx_id_t, int *);
116
117 OM_uint32
118 gssapi_krb5_create_8003_checksum (
119 OM_uint32 *minor_status,
120 const gss_channel_bindings_t input_chan_bindings,
121 OM_uint32 flags,
122 const krb5_data *fwd_data,
123 Checksum *result);
124
125 OM_uint32
126 gssapi_krb5_verify_8003_checksum (
127 OM_uint32 *minor_status,
128 const gss_channel_bindings_t input_chan_bindings,
129 const Checksum *cksum,
130 OM_uint32 *flags,
131 krb5_data *fwd_data);
132
133 void
134 _gssapi_encap_length (size_t data_len,
135 size_t *len,
136 size_t *total_len,
137 const gss_OID mech);
138
139 void
140 gssapi_krb5_encap_length (size_t data_len,
141 size_t *len,
142 size_t *total_len,
143 const gss_OID mech);
144
145
146
147 OM_uint32
148 _gssapi_encapsulate(OM_uint32 *minor_status,
149 const krb5_data *in_data,
150 gss_buffer_t output_token,
151 const gss_OID mech);
152
153
154 OM_uint32
155 gssapi_krb5_encapsulate(OM_uint32 *minor_status,
156 const krb5_data *in_data,
157 gss_buffer_t output_token,
158 const u_char *type,
159 const gss_OID mech);
160
161 OM_uint32
162 gssapi_krb5_decapsulate(OM_uint32 *minor_status,
163 gss_buffer_t input_token_buffer,
164 krb5_data *out_data,
165 char *type,
166 gss_OID oid);
167
168 u_char *
169 gssapi_krb5_make_header (u_char *p,
170 size_t len,
171 const u_char *type,
172 const gss_OID mech);
173
174 u_char *
175 _gssapi_make_mech_header(u_char *p,
176 size_t len,
177 const gss_OID mech);
178
179 OM_uint32
180 _gssapi_verify_mech_header(u_char **str,
181 size_t total_len,
182 gss_OID oid);
183
184 OM_uint32
185 gssapi_krb5_verify_header(u_char **str,
186 size_t total_len,
187 u_char *type,
188 gss_OID oid);
189
190 OM_uint32
191 _gssapi_decapsulate(OM_uint32 *minor_status,
192 gss_buffer_t input_token_buffer,
193 krb5_data *out_data,
194 const gss_OID mech);
195
196
197 ssize_t
198 gssapi_krb5_get_mech (const u_char *, size_t, const u_char **);
199
200 OM_uint32
201 _gssapi_verify_pad(gss_buffer_t, size_t, size_t *);
202
203 OM_uint32
204 gss_verify_mic_internal(OM_uint32 * minor_status,
205 const gss_ctx_id_t context_handle,
206 const gss_buffer_t message_buffer,
207 const gss_buffer_t token_buffer,
208 gss_qop_t * qop_state,
209 char * type);
210
211 OM_uint32
212 gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
213 krb5_keyblock **key);
214
215 krb5_error_code
216 gss_address_to_krb5addr(OM_uint32 gss_addr_type,
217 gss_buffer_desc *gss_addr,
218 int16_t port,
219 krb5_address *address);
220
221 /* sec_context flags */
222
223 #define SC_LOCAL_ADDRESS 0x01
224 #define SC_REMOTE_ADDRESS 0x02
225 #define SC_KEYBLOCK 0x04
226 #define SC_LOCAL_SUBKEY 0x08
227 #define SC_REMOTE_SUBKEY 0x10
228
229 int
230 gss_oid_equal(const gss_OID a, const gss_OID b);
231
232 void
233 gssapi_krb5_set_error_string (void);
234
235 char *
236 gssapi_krb5_get_error_string (void);
237
238 OM_uint32
239 _gss_DES3_get_mic_compat(OM_uint32 *, gss_ctx_id_t);
240
241 OM_uint32
242 _gss_spnego_require_mechlist_mic(OM_uint32 *, gss_ctx_id_t, krb5_boolean *);
243
244 krb5_error_code
245 _gss_check_compat(OM_uint32 *, gss_name_t, const char *,
246 krb5_boolean *, krb5_boolean);
247
248 OM_uint32
249 gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *);
250
251 /* sequence */
252
253 OM_uint32
254 _gssapi_msg_order_create(OM_uint32 *, struct gss_msg_order **,
255 OM_uint32, OM_uint32, OM_uint32, int);
256 OM_uint32
257 _gssapi_msg_order_destroy(struct gss_msg_order **);
258
259 OM_uint32
260 _gssapi_msg_order_check(struct gss_msg_order *, OM_uint32);
261
262 OM_uint32
263 _gssapi_msg_order_f(OM_uint32);
264
265 /* 8003 */
266
267 krb5_error_code
268 gssapi_encode_om_uint32(OM_uint32, u_char *);
269
270 krb5_error_code
271 gssapi_encode_be_om_uint32(OM_uint32, u_char *);
272
273 krb5_error_code
274 gssapi_decode_om_uint32(u_char *, OM_uint32 *);
275
276 krb5_error_code
277 gssapi_decode_be_om_uint32(u_char *, OM_uint32 *);
278
279 #endif
Heimdal