1
/* $OpenBSD: ssh-gss.h,v 1.4 2003/11/17 11:06:07 markus Exp $ */
3
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
5
* Redistribution and use in source and binary forms, with or without
6
* modification, are permitted provided that the following conditions
8
* 1. Redistributions of source code must retain the above copyright
9
* notice, this list of conditions and the following disclaimer.
10
* 2. Redistributions in binary form must reproduce the above copyright
11
* notice, this list of conditions and the following disclaimer in the
12
* documentation and/or other materials provided with the distribution.
14
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
15
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35
#elif defined(HAVE_GSSAPI_GSSAPI_H)
36
#include <gssapi/gssapi.h>
41
# ifdef HAVE_GSSAPI_GENERIC_H
42
# include <gssapi_generic.h>
43
# elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
44
# include <gssapi/gssapi_generic.h>
47
/* MIT Kerberos doesn't seem to define GSS_NT_HOSTBASED_SERVICE */
49
#ifndef GSS_C_NT_HOSTBASED_SERVICE
50
#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
51
#endif /* GSS_C_NT_... */
55
/* draft-ietf-secsh-gsskeyex-06 */
56
#define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
57
#define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
58
#define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
59
#define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
60
#define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
61
#define SSH2_MSG_USERAUTH_GSSAPI_MIC 66
63
#define SSH_GSS_OIDTYPE 0x06
73
gss_buffer_desc displayname;
74
gss_buffer_desc exportedname;
76
struct ssh_gssapi_mech_struct *mech;
77
ssh_gssapi_ccache store;
80
typedef struct ssh_gssapi_mech_struct {
84
int (*dochild) (ssh_gssapi_client *);
85
int (*userok) (ssh_gssapi_client *, char *);
86
int (*localname) (ssh_gssapi_client *, char **);
87
void (*storecreds) (ssh_gssapi_client *);
91
OM_uint32 major; /* both */
92
OM_uint32 minor; /* both */
93
gss_ctx_id_t context; /* both */
94
gss_name_t name; /* both */
95
gss_OID oid; /* client */
96
gss_cred_id_t creds; /* server */
97
gss_name_t client; /* server */
98
gss_cred_id_t client_creds; /* server */
101
extern ssh_gssapi_mech *supported_mechs[];
103
int ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len);
104
void ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len);
105
void ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid);
106
void ssh_gssapi_supported_oids(gss_OID_set *oidset);
107
ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *ctxt);
109
OM_uint32 ssh_gssapi_import_name(Gssctxt *ctx, const char *host);
110
OM_uint32 ssh_gssapi_acquire_cred(Gssctxt *ctx);
111
OM_uint32 ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds,
112
gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags);
113
OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *ctx,
114
gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags);
115
OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *);
116
void ssh_gssapi_error(Gssctxt *ctx);
117
char *ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *maj, OM_uint32 *min);
118
void ssh_gssapi_build_ctx(Gssctxt **ctx);
119
void ssh_gssapi_delete_ctx(Gssctxt **ctx);
120
OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
121
OM_uint32 ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid);
122
void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
125
int ssh_gssapi_userok(char *name);
126
OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
127
void ssh_gssapi_do_child(char ***envp, u_int *envsizep);
128
void ssh_gssapi_cleanup_creds(void);
129
void ssh_gssapi_storecreds(void);
133
#endif /* _SSH_GSS_H */