2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 #include <krb5_locl.h>
50 #include "spnego_asn1.h"
58 typedef struct gss_ctx_id_t_desc_struct
{
59 struct krb5_auth_context_data
*auth_context
;
60 gss_name_t source
, target
;
62 enum { LOCAL
= 1, OPEN
= 2,
64 COMPAT_OLD_DES3_SELECTED
= 8,
67 struct krb5_ticket
*ticket
;
69 HEIMDAL_MUTEX ctx_id_mutex
;
70 struct gss_msg_order
*order
;
73 typedef struct gss_cred_id_t_desc_struct
{
75 struct krb5_keytab_data
*keytab
;
77 gss_cred_usage_t usage
;
78 gss_OID_set mechanisms
;
79 struct krb5_ccache_data
*ccache
;
80 HEIMDAL_MUTEX cred_id_mutex
;
87 extern krb5_context gssapi_krb5_context
;
89 extern krb5_keytab gssapi_krb5_keytab
;
90 extern HEIMDAL_MUTEX gssapi_keytab_mutex
;
92 struct gssapi_thr_context
{
101 krb5_error_code
gssapi_krb5_init (void);
103 #define GSSAPI_KRB5_INIT() do { \
104 krb5_error_code kret; \
105 if((kret = gssapi_krb5_init ()) != 0) { \
106 *minor_status = kret; \
107 return GSS_S_FAILURE; \
111 struct gssapi_thr_context
*
112 gssapi_get_thread_context(int);
115 gsskrb5_is_cfx(gss_ctx_id_t
, int *);
118 gssapi_krb5_create_8003_checksum (
119 OM_uint32
*minor_status
,
120 const gss_channel_bindings_t input_chan_bindings
,
122 const krb5_data
*fwd_data
,
126 gssapi_krb5_verify_8003_checksum (
127 OM_uint32
*minor_status
,
128 const gss_channel_bindings_t input_chan_bindings
,
129 const Checksum
*cksum
,
131 krb5_data
*fwd_data
);
134 _gssapi_encap_length (size_t data_len
,
140 gssapi_krb5_encap_length (size_t data_len
,
148 _gssapi_encapsulate(OM_uint32
*minor_status
,
149 const krb5_data
*in_data
,
150 gss_buffer_t output_token
,
155 gssapi_krb5_encapsulate(OM_uint32
*minor_status
,
156 const krb5_data
*in_data
,
157 gss_buffer_t output_token
,
162 gssapi_krb5_decapsulate(OM_uint32
*minor_status
,
163 gss_buffer_t input_token_buffer
,
169 gssapi_krb5_make_header (u_char
*p
,
175 _gssapi_make_mech_header(u_char
*p
,
180 _gssapi_verify_mech_header(u_char
**str
,
185 gssapi_krb5_verify_header(u_char
**str
,
191 _gssapi_decapsulate(OM_uint32
*minor_status
,
192 gss_buffer_t input_token_buffer
,
198 gssapi_krb5_get_mech (const u_char
*, size_t, const u_char
**);
201 _gssapi_verify_pad(gss_buffer_t
, size_t, size_t *);
204 gss_verify_mic_internal(OM_uint32
* minor_status
,
205 const gss_ctx_id_t context_handle
,
206 const gss_buffer_t message_buffer
,
207 const gss_buffer_t token_buffer
,
208 gss_qop_t
* qop_state
,
212 gss_krb5_get_subkey(const gss_ctx_id_t context_handle
,
213 krb5_keyblock
**key
);
216 gss_address_to_krb5addr(OM_uint32 gss_addr_type
,
217 gss_buffer_desc
*gss_addr
,
219 krb5_address
*address
);
221 /* sec_context flags */
223 #define SC_LOCAL_ADDRESS 0x01
224 #define SC_REMOTE_ADDRESS 0x02
225 #define SC_KEYBLOCK 0x04
226 #define SC_LOCAL_SUBKEY 0x08
227 #define SC_REMOTE_SUBKEY 0x10
230 gss_oid_equal(const gss_OID a
, const gss_OID b
);
233 gssapi_krb5_set_error_string (void);
236 gssapi_krb5_get_error_string (void);
239 _gss_DES3_get_mic_compat(OM_uint32
*, gss_ctx_id_t
);
242 _gss_spnego_require_mechlist_mic(OM_uint32
*, gss_ctx_id_t
, krb5_boolean
*);
245 _gss_check_compat(OM_uint32
*, gss_name_t
, const char *,
246 krb5_boolean
*, krb5_boolean
);
249 gssapi_lifetime_left(OM_uint32
*, OM_uint32
, OM_uint32
*);
254 _gssapi_msg_order_create(OM_uint32
*, struct gss_msg_order
**,
255 OM_uint32
, OM_uint32
, OM_uint32
, int);
257 _gssapi_msg_order_destroy(struct gss_msg_order
**);
260 _gssapi_msg_order_check(struct gss_msg_order
*, OM_uint32
);
263 _gssapi_msg_order_f(OM_uint32
);
268 gssapi_encode_om_uint32(OM_uint32
, u_char
*);
271 gssapi_encode_be_om_uint32(OM_uint32
, u_char
*);
274 gssapi_decode_om_uint32(u_char
*, OM_uint32
*);
277 gssapi_decode_be_om_uint32(u_char
*, OM_uint32
*);