2
* Copyright 1999-2006 University of Chicago
4
* Licensed under the Apache License, Version 2.0 (the "License");
5
* you may not use this file except in compliance with the License.
6
* You may obtain a copy of the License at
8
* http://www.apache.org/licenses/LICENSE-2.0
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
21
* Also define _GSSAPI_H_ as that is what the Kerberos 5 code defines and
22
* what header files on some systems look for.
27
* Define windows specific needed parameters.
31
#if defined(WIN32) || defined(_WIN32)
32
#define GSS_CALLCONV __stdcall
33
#define GSS_CALLCONV_C __cdecl
36
#define GSS_CALLCONV_C
38
#endif /* GSS_CALLCONV */
40
#ifdef GSS_USE_FUNCTION_POINTERS
41
#define GSS_FUNC(f) (*f##_type)
42
#define GSS_MAKE_TYPEDEF typedef
45
#define GSS_MAKE_TYPEDEF
48
#include "globus_common.h"
52
* Include stddef.h to get size_t defined.
57
* Configure sets the following
66
/* Endian not needed by gssapi, but included here for now */
67
#ifndef WORDS_BIGENDIAN
68
#undef WORDS_BIGENDIAN
71
#ifndef EXTERN_C_BEGIN
73
#define EXTERN_C_BEGIN extern "C" {
74
#define EXTERN_C_END }
76
#define EXTERN_C_BEGIN
84
* @defgroup globus_gsi_gssapi_activation Activation
86
* Globus GSI GSSAPI uses standard Globus module activation and
87
* deactivation. Before any Globus GSI GSSAPI functions are called,
88
* the following function should be called:
91
* globus_module_activate(GLOBUS_GSI_GSSAPI_MODULE)
95
* This function returns GLOBUS_SUCCESS if Globus GSI GSSAPI was
96
* successfully initialized, and you are therefore allowed to
97
* subsequently call Globus GSI GSSAPI functions. Otherwise, an error
98
* code is returned, and Globus GSI GSSAPI functions should not
99
* subsequently be called. This function may be called multiple times.
101
* To deactivate Globus GSI GSSAPI, the following function should be called:
104
* globus_module_deactivate(GLOBUS_GSI_GSSAPI_MODULE)
107
* This function should be called once for each time Globus GSI GSSAPI
110
* Note that it is not mandatory to call the above functions.
113
/** Module descriptor
114
* @ingroup globus_gsi_gssapi_activation
117
#define GLOBUS_GSI_GSSAPI_MODULE (&globus_i_gsi_gssapi_module)
120
globus_module_descriptor_t globus_i_gsi_gssapi_module;
123
* If the platform supports the xom.h header file, it should be
126
/* #include <xom.h> */
130
* Now define the three implementation-dependent types.
133
typedef void * gss_name_t;
134
typedef void * gss_ctx_id_t;
135
typedef void * gss_cred_id_t;
139
* The following type must be defined as the smallest natural
140
* unsigned integer supported by the platform that has at least
141
* 32 bits of precision.
145
typedef unsigned long gss_uint32;
146
#elif SIZEOF_SHORT == 4
147
typedef unsigned short gss_uint32;
149
typedef unsigned int gss_uint32;
154
* We have included the xom.h header file. Verify that OM_uint32
155
* is defined correctly.
158
#if sizeof(gss_uint32) != sizeof(OM_uint32)
159
#error Incompatible definition of OM_uint32 from xom.h
162
typedef OM_object_identifier gss_OID_desc, *gss_OID;
164
#else /* !OM_STRING */
167
* We can't use X/Open definitions, so roll our own.
169
typedef gss_uint32 OM_uint32;
170
typedef struct gss_OID_desc_struct
174
} gss_OID_desc, *gss_OID;
176
#endif /* !OM_STRING */
178
typedef struct gss_OID_set_desc_struct
182
} gss_OID_set_desc, *gss_OID_set;
186
* For now, define a QOP-type as an OM_uint32
188
typedef OM_uint32 gss_qop_t;
190
typedef int gss_cred_usage_t;
193
typedef struct gss_buffer_desc_struct
197
} gss_buffer_desc, *gss_buffer_t;
199
typedef struct gss_channel_bindings_struct
201
OM_uint32 initiator_addrtype;
202
gss_buffer_desc initiator_address;
203
OM_uint32 acceptor_addrtype;
204
gss_buffer_desc acceptor_address;
205
gss_buffer_desc application_data;
206
} *gss_channel_bindings_t;
209
* Flag bits for context-level services.
211
#define GSS_C_DELEG_FLAG 1
212
#define GSS_C_MUTUAL_FLAG 2
213
#define GSS_C_REPLAY_FLAG 4
214
#define GSS_C_SEQUENCE_FLAG 8
215
#define GSS_C_CONF_FLAG 16
216
#define GSS_C_INTEG_FLAG 32
217
#define GSS_C_ANON_FLAG 64
218
#define GSS_C_PROT_READY_FLAG 128
219
#define GSS_C_TRANS_FLAG 256
222
* For the Globus gssapi_ssleay we add three
223
* flags. These may have to be changed in the
224
* future, if they are defined in the RFCs.
225
* GSS_C_GLOBUS_SSL_COMPATIBLE
226
* input - The other is not using GSSAPI, but
227
* real SSL, so no delegation, etc.
228
* GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG
229
* input - delegates a limited proxy
230
* output - limited proxy received via delegation
231
* GSS_C_GLOBUS_LIMITED_PROXY_FLAG
232
* input - Dont accept limited proxy for auth
233
* output- Limited proxy received.
235
* GSS_C_GLOBUS_LIMITED_PROXY_MANY_FLAG
236
* input - Accept proxies signed by limited proxies
238
* Since gss_accept_sec_context does not
239
* provide a req_flag as input, we will
240
* pass in our GSS_C_GLOBUS_LIMITED_PROXY_FLAG
241
* and GSS_C_GLOBUS_LIMITED_PROXY_MANY_FLAG
246
#define GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG 4096
247
#define GSS_C_GLOBUS_LIMITED_PROXY_FLAG 8192
248
#define GSS_C_GLOBUS_SSL_COMPATIBLE 16384
249
#define GSS_C_GLOBUS_LIMITED_PROXY_MANY_FLAG 32768
251
* Credential usage options
254
#define GSS_C_INITIATE 1
255
#define GSS_C_ACCEPT 2
258
* Status code types for gss_display_status
260
#define GSS_C_GSS_CODE 1
261
#define GSS_C_MECH_CODE 2
264
* The constant definitions for channel-bindings address families
266
#define GSS_C_AF_UNSPEC 0
267
#define GSS_C_AF_LOCAL 1
268
#define GSS_C_AF_INET 2
269
#define GSS_C_AF_IMPLINK 3
270
#define GSS_C_AF_PUP 4
271
#define GSS_C_AF_CHAOS 5
272
#define GSS_C_AF_NS 6
273
#define GSS_C_AF_NBS 7
274
#define GSS_C_AF_ECMA 8
275
#define GSS_C_AF_DATAKIT 9
276
#define GSS_C_AF_CCITT 10
277
#define GSS_C_AF_SNA 11
278
#define GSS_C_AF_DECnet 12
279
#define GSS_C_AF_DLI 13
280
#define GSS_C_AF_LAT 14
281
#define GSS_C_AF_HYLINK 15
282
#define GSS_C_AF_APPLETALK 16
283
#define GSS_C_AF_BSC 17
284
#define GSS_C_AF_DSS 18
285
#define GSS_C_AF_OSI 19
286
#define GSS_C_AF_X25 21
288
#define GSS_C_AF_NULLADDR 255
291
* Various Null values
293
#define GSS_C_NO_NAME ((gss_name_t) 0)
294
#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
295
#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0)
296
#define GSS_C_NO_OID ((gss_OID) 0)
297
#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
298
#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
299
#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
300
#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
301
#define GSS_C_EMPTY_BUFFER {0, NULL}
302
#define GSS_C_EMPTY_BUFFER_SET {0, (gss_buffer_t) 0}
305
* Some alternate names for a couple of the above
306
* values. These are defined for V1 compatibility.
308
#define GSS_C_NULL_OID GSS_C_NO_OID
309
#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
312
* Define the default Quality of Protection for per-message
313
* services. Note that an implementation that offers multiple
314
* levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
315
* (as done here) to mean "default protection", or to a specific
316
* explicit QOP value. However, a value of 0 should always be
317
* interpreted by a GSSAPI implementation as a request for the
318
* default protection level.
320
#define GSS_C_QOP_DEFAULT 0
323
* Expiration time of 2^32-1 seconds means infinite lifetime for a
324
* credential or security context
326
#define GSS_C_INDEFINITE 0xfffffffful
329
* The implementation must reserve static storage for a
330
* gss_OID_desc object containing the value
331
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
332
* "\x01\x02\x01\x01"},
333
* corresponding to an object-identifier value of
334
* {iso(1) member-body(2) United States(840) mit(113554)
335
* infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
336
* GSS_C_NT_USER_NAME should be initialized to point
337
* to that gss_OID_desc.
339
extern gss_OID GSS_C_NT_USER_NAME;
342
* The implementation must reserve static storage for a
343
* gss_OID_desc object containing the value
344
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
345
* "\x01\x02\x01\x02"},
346
* corresponding to an object-identifier value of
347
* {iso(1) member-body(2) United States(840) mit(113554)
348
* infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
349
* The constant GSS_C_NT_MACHINE_UID_NAME should be
350
* initialized to point to that gss_OID_desc.
352
extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
355
* The implementation must reserve static storage for a
356
* gss_OID_desc object containing the value
357
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
358
* "\x01\x02\x01\x03"},
359
* corresponding to an object-identifier value of
360
* {iso(1) member-body(2) United States(840) mit(113554)
361
* infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
362
* The constant GSS_C_NT_STRING_UID_NAME should be
363
* initialized to point to that gss_OID_desc.
365
extern gss_OID GSS_C_NT_STRING_UID_NAME;
368
* The implementation must reserve static storage for a
369
* gss_OID_desc object containing the value
370
* {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
371
* corresponding to an object-identifier value of
372
* {iso(1) org(3) dod(6) internet(1) security(5)
373
* nametypes(6) gss-host-based-services(2)). The constant
374
* GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
375
* to that gss_OID_desc. This is a deprecated OID value, and
376
* implementations wishing to support hostbased-service names
377
* should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
378
* defined below, to identify such names;
379
* GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
380
* for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
381
* parameter, but should not be emitted by GSSAPI
384
extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
387
* The implementation must reserve static storage for a
388
* gss_OID_desc object containing the value
389
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
390
* "\x01\x02\x01\x04"}, corresponding to an
391
* object-identifier value of {iso(1) member-body(2)
392
* Unites States(840) mit(113554) infosys(1) gssapi(2)
393
* generic(1) service_name(4)}. The constant
394
* GSS_C_NT_HOSTBASED_SERVICE should be initialized
395
* to point to that gss_OID_desc.
397
extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
401
* The implementation must reserve static storage for a
402
* gss_OID_desc object containing the value
403
* {6, (void *)"\x2b\x06\01\x05\x06\x03"},
404
* corresponding to an object identifier value of
405
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
406
* 6(nametypes), 3(gss-anonymous-name)}. The constant
407
* and GSS_C_NT_ANONYMOUS should be initialized to point
408
* to that gss_OID_desc.
410
extern gss_OID GSS_C_NT_ANONYMOUS;
413
* The implementation must reserve static storage for a
414
* gss_OID_desc object containing the value
415
* {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
416
* corresponding to an object-identifier value of
417
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
418
* 6(nametypes), 4(gss-api-exported-name)}. The constant
419
* GSS_C_NT_EXPORT_NAME should be initialized to point
420
* to that gss_OID_desc.
422
extern gss_OID GSS_C_NT_EXPORT_NAME;
424
/* Major status codes */
426
#define GSS_S_COMPLETE 0
429
* Some "helper" definitions to make the status code macros obvious.
431
#define GSS_C_CALLING_ERROR_OFFSET 24
432
#define GSS_C_ROUTINE_ERROR_OFFSET 16
433
#define GSS_C_SUPPLEMENTARY_OFFSET 0
434
#define GSS_C_CALLING_ERROR_MASK 0377ul
435
#define GSS_C_ROUTINE_ERROR_MASK 0377ul
436
#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
439
* The macros that test status codes for error conditions.
440
* Note that the GSS_ERROR() macro has changed slightly from
441
* the V1 GSSAPI so that it now evaluates its argument
444
#define GSS_CALLING_ERROR(x) \
445
(x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
446
#define GSS_ROUTINE_ERROR(x) \
447
(x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
448
#define GSS_SUPPLEMENTARY_INFO(x) \
449
(x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
450
#define GSS_ERROR(x) \
451
(x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
452
(GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
455
* Now the actual status code definitions
461
#define GSS_S_CALL_INACCESSIBLE_READ \
462
(1ul << GSS_C_CALLING_ERROR_OFFSET)
463
#define GSS_S_CALL_INACCESSIBLE_WRITE \
464
(2ul << GSS_C_CALLING_ERROR_OFFSET)
465
#define GSS_S_CALL_BAD_STRUCTURE \
466
(3ul << GSS_C_CALLING_ERROR_OFFSET)
471
#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
472
#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
473
#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
474
#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
475
#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
476
#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
477
#define GSS_S_BAD_MIC GSS_S_BAD_SIG
478
#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
479
#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
480
#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
481
#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
482
#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
483
#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
484
#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
485
#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
486
#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
487
#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
488
#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
489
#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
490
#define GSS_S_EXT_COMPAT (19ul << GSS_C_ROUTINE_ERROR_OFFSET)
494
* Supplementary info bits:
496
#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
497
#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
498
#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
499
#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
500
#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
503
* Finally, function prototypes for the GSS-API routines.
508
GSS_CALLCONV GSS_FUNC(gss_acquire_cred)
509
(OM_uint32 *, /* minor_status */
510
const gss_name_t, /* desired_name */
511
OM_uint32, /* time_req */
512
const gss_OID_set, /* desired_mechs */
513
gss_cred_usage_t, /* cred_usage */
514
gss_cred_id_t *, /* output_cred_handle */
515
gss_OID_set *, /* actual_mechs */
516
OM_uint32 *); /* time_rec */
520
GSS_CALLCONV GSS_FUNC(gss_release_cred)
521
(OM_uint32 *, /* minor_status */
522
gss_cred_id_t *); /* cred_handle */
526
GSS_CALLCONV GSS_FUNC(gss_init_sec_context)
527
(OM_uint32 *, /* minor_status */
528
const gss_cred_id_t, /* initiator_cred_handle */
529
gss_ctx_id_t *, /* context_handle */
530
const gss_name_t, /* target_name */
531
const gss_OID, /* mech_type */
532
OM_uint32, /* req_flags */
533
OM_uint32, /* time_req */
534
const gss_channel_bindings_t, /* input_chan_bindings */
535
const gss_buffer_t, /* input_token */
536
gss_OID *, /* actual_mech_type */
537
gss_buffer_t, /* output_token */
538
OM_uint32 *, /* ret_flags */
539
OM_uint32 *); /* time_rec */
543
GSS_CALLCONV GSS_FUNC(gss_accept_sec_context)
544
(OM_uint32 *, /* minor_status */
545
gss_ctx_id_t *, /* context_handle */
546
const gss_cred_id_t, /* acceptor_cred_handle */
547
const gss_buffer_t, /* input_token_buffer */
548
const gss_channel_bindings_t, /* input_chan_bindings */
549
gss_name_t *, /* src_name */
550
gss_OID *, /* mech_type */
551
gss_buffer_t, /* output_token */
552
OM_uint32 *, /* ret_flags */
553
OM_uint32 *, /* time_rec */
554
gss_cred_id_t *); /* delegated_cred_handle */
558
GSS_CALLCONV GSS_FUNC(gss_process_context_token)
559
(OM_uint32 *, /* minor_status */
560
const gss_ctx_id_t, /* context_handle */
561
const gss_buffer_t); /* token_buffer */
565
GSS_CALLCONV GSS_FUNC(gss_delete_sec_context)
566
(OM_uint32 *, /* minor_status */
567
gss_ctx_id_t *, /* context_handle */
568
gss_buffer_t); /* output_token */
572
GSS_CALLCONV GSS_FUNC(gss_context_time)
573
(OM_uint32 *, /* minor_status */
574
const gss_ctx_id_t, /* context_handle */
575
OM_uint32 *); /* time_rec */
579
GSS_CALLCONV GSS_FUNC(gss_get_mic)
580
(OM_uint32 *, /* minor_status */
581
const gss_ctx_id_t, /* context_handle */
582
gss_qop_t, /* qop_req */
583
const gss_buffer_t, /* message_buffer */
584
gss_buffer_t); /* message_token */
589
GSS_CALLCONV GSS_FUNC(gss_verify_mic)
590
(OM_uint32 *, /* minor_status */
591
const gss_ctx_id_t, /* context_handle */
592
const gss_buffer_t, /* message_buffer */
593
const gss_buffer_t, /* token_buffer */
594
gss_qop_t *); /* qop_state */
598
GSS_CALLCONV GSS_FUNC(gss_wrap)
599
(OM_uint32 *, /* minor_status */
600
const gss_ctx_id_t, /* context_handle */
601
int, /* conf_req_flag */
602
gss_qop_t, /* qop_req */
603
const gss_buffer_t, /* input_message_buffer */
604
int *, /* conf_state */
605
gss_buffer_t); /* output_message_buffer */
610
GSS_CALLCONV GSS_FUNC(gss_unwrap)
611
(OM_uint32 *, /* minor_status */
612
const gss_ctx_id_t, /* context_handle */
613
const gss_buffer_t, /* input_message_buffer */
614
gss_buffer_t, /* output_message_buffer */
615
int *, /* conf_state */
616
gss_qop_t *); /* qop_state */
620
GSS_CALLCONV GSS_FUNC(gss_display_status)
621
(OM_uint32 *, /* minor_status */
622
OM_uint32, /* status_value */
623
int, /* status_type */
624
const gss_OID, /* mech_type */
625
OM_uint32 *, /* message_context */
626
gss_buffer_t); /* status_string */
630
GSS_CALLCONV GSS_FUNC(gss_indicate_mechs)
631
(OM_uint32 *, /* minor_status */
632
gss_OID_set *); /* mech_set */
636
GSS_CALLCONV GSS_FUNC(gss_compare_name)
637
(OM_uint32 *, /* minor_status */
638
const gss_name_t, /* name1 */
639
const gss_name_t, /* name2 */
640
int *); /* name_equal */
644
GSS_CALLCONV GSS_FUNC(gss_display_name)
645
(OM_uint32 *, /* minor_status */
646
const gss_name_t, /* input_name */
647
gss_buffer_t, /* output_name_buffer */
648
gss_OID *); /* output_name_type */
652
GSS_CALLCONV GSS_FUNC(gss_import_name)
653
(OM_uint32 *, /* minor_status */
654
const gss_buffer_t, /* input_name_buffer */
655
const gss_OID, /* input_name_type */
656
gss_name_t *); /* output_name */
660
GSS_CALLCONV GSS_FUNC(gss_export_name)
661
(OM_uint32 *, /* minor_status */
662
const gss_name_t, /* input_name */
663
gss_buffer_t); /* exported_name */
667
GSS_CALLCONV GSS_FUNC(gss_release_name)
668
(OM_uint32 *, /* minor_status */
669
gss_name_t *); /* input_name */
673
GSS_CALLCONV GSS_FUNC(gss_release_buffer)
674
(OM_uint32 *, /* minor_status */
675
gss_buffer_t); /* buffer */
679
GSS_CALLCONV GSS_FUNC(gss_release_oid_set)
680
(OM_uint32 *, /* minor_status */
681
gss_OID_set *); /* set */
685
GSS_CALLCONV GSS_FUNC(gss_inquire_cred)
686
(OM_uint32 *, /* minor_status */
687
const gss_cred_id_t, /* cred_handle */
688
gss_name_t *, /* name */
689
OM_uint32 *, /* lifetime */
690
gss_cred_usage_t *, /* cred_usage */
691
gss_OID_set *); /* mechanisms */
695
GSS_CALLCONV GSS_FUNC(gss_inquire_context)
696
(OM_uint32 *, /* minor_status */
697
const gss_ctx_id_t, /* context_handle */
698
gss_name_t *, /* src_name */
699
gss_name_t *, /* targ_name */
700
OM_uint32 *, /* lifetime_rec */
701
gss_OID *, /* mech_type */
702
OM_uint32 *, /* ctx_flags */
703
int *, /* locally_initiated */
708
GSS_CALLCONV GSS_FUNC(gss_wrap_size_limit)
709
(OM_uint32 *, /* minor_status */
710
const gss_ctx_id_t, /* context_handle */
711
int, /* conf_req_flag */
712
gss_qop_t, /* qop_req */
713
OM_uint32, /* req_output_size */
714
OM_uint32 *); /* max_input_size */
718
GSS_CALLCONV GSS_FUNC(gss_add_cred)
719
(OM_uint32 *, /* minor_status */
720
const gss_cred_id_t, /* input_cred_handle */
721
const gss_name_t, /* desired_name */
722
const gss_OID, /* desired_mech */
723
gss_cred_usage_t, /* cred_usage */
724
OM_uint32, /* initiator_time_req */
725
OM_uint32, /* acceptor_time_req */
726
gss_cred_id_t *, /* output_cred_handle */
727
gss_OID_set *, /* actual_mechs */
728
OM_uint32 *, /* initiator_time_rec */
729
OM_uint32 *); /* acceptor_time_rec */
733
GSS_CALLCONV GSS_FUNC(gss_inquire_cred_by_mech)
734
(OM_uint32 *, /* minor_status */
735
const gss_cred_id_t, /* cred_handle */
736
const gss_OID, /* mech_type */
737
gss_name_t *, /* name */
738
OM_uint32 *, /* initiator_lifetime */
739
OM_uint32 *, /* acceptor_lifetime */
740
gss_cred_usage_t *); /* cred_usage */
744
GSS_CALLCONV GSS_FUNC(gss_export_sec_context)
745
(OM_uint32 *, /* minor_status */
746
gss_ctx_id_t *, /* context_handle */
747
gss_buffer_t); /* interprocess_token */
751
GSS_CALLCONV GSS_FUNC(gss_import_sec_context)
752
(OM_uint32 *, /* minor_status */
753
const gss_buffer_t, /* interprocess_token */
754
gss_ctx_id_t *); /* context_handle */
758
GSS_CALLCONV GSS_FUNC(gss_create_empty_oid_set)
759
(OM_uint32 *, /* minor_status */
760
gss_OID_set *); /* oid_set */
764
GSS_CALLCONV GSS_FUNC(gss_add_oid_set_member)
765
(OM_uint32 *, /* minor_status */
766
const gss_OID, /* member_oid */
767
gss_OID_set *); /* oid_set */
771
GSS_CALLCONV GSS_FUNC(gss_test_oid_set_member)
772
(OM_uint32 *, /* minor_status */
773
const gss_OID, /* member */
774
const gss_OID_set, /* set */
775
int *); /* present */
779
GSS_CALLCONV GSS_FUNC(gss_inquire_names_for_mech)
780
(OM_uint32 *, /* minor_status */
781
const gss_OID, /* mechanism */
782
gss_OID_set * /* name_types */
787
GSS_CALLCONV GSS_FUNC(gss_inquire_mechs_for_name)
788
(OM_uint32 *, /* minor_status */
789
const gss_name_t, /* input_name */
790
gss_OID_set *); /* mech_types */
794
GSS_CALLCONV GSS_FUNC(gss_canonicalize_name)
795
(OM_uint32 *, /* minor_status */
796
const gss_name_t, /* input_name */
797
const gss_OID, /* mech_type */
798
gss_name_t *); /* output_name */
802
GSS_CALLCONV GSS_FUNC(gss_duplicate_name)
803
(OM_uint32 *, /* minor_status */
804
const gss_name_t, /* src_name */
805
gss_name_t *); /* dest_name */
808
* The following routines are obsolete variants of gss_get_mic,
809
* gss_verify_mic, gss_wrap and gss_unwrap. They should be
810
* provided by GSSAPI V2 implementations for backwards
811
* compatibility with V1 applications. Distinct entrypoints
812
* (as opposed to #defines) should be provided, both to allow
813
* GSSAPI V1 applications to link against GSSAPI V2 implementations,
814
* and to retain the slight parameter type differences between the
815
* obsolete versions of these routines and their current forms.
820
GSS_CALLCONV GSS_FUNC(gss_sign)
821
(OM_uint32 *, /* minor_status */
822
gss_ctx_id_t, /* context_handle */
824
gss_buffer_t, /* message_buffer */
825
gss_buffer_t); /* message_token */
829
GSS_CALLCONV GSS_FUNC(gss_verify)
830
(OM_uint32 *, /* minor_status */
831
gss_ctx_id_t, /* context_handle */
832
gss_buffer_t, /* message_buffer */
833
gss_buffer_t, /* token_buffer */
834
int *); /* qop_state */
838
GSS_CALLCONV GSS_FUNC(gss_seal)
839
(OM_uint32 *, /* minor_status */
840
gss_ctx_id_t, /* context_handle */
841
int, /* conf_req_flag */
843
gss_buffer_t, /* input_message_buffer */
844
int *, /* conf_state */
845
gss_buffer_t); /* output_message_buffer */
849
GSS_CALLCONV GSS_FUNC(gss_unseal)
850
(OM_uint32 *, /* minor_status */
851
gss_ctx_id_t, /* context_handle */
852
gss_buffer_t, /* input_message_buffer */
853
gss_buffer_t, /* output_message_buffer */
854
int *, /* conf_state */
855
int *); /* qop_state */
857
#ifndef USE_ONLY_STANDARD_GSSAPI
858
#define _HAVE_GSI_EXTENDED_GSSAPI
860
* Additional experimental GSSAPI routines are defined here.
861
* These may change, and we will be looking at adding
862
* these to Kerberos as mods, and submitting them to the IETF
866
typedef struct gss_buffer_set_desc_struct
869
gss_buffer_t elements;
870
} gss_buffer_set_desc, *gss_buffer_set_t;
874
GSS_CALLCONV GSS_FUNC(gss_create_empty_buffer_set)
875
(OM_uint32 *, /* minor_status */
876
gss_buffer_set_t *); /* buffer set to be created */
880
GSS_CALLCONV GSS_FUNC(gss_add_buffer_set_member)
881
(OM_uint32 *, /* minor_status */
882
const gss_buffer_t, /* member_buffer */
883
gss_buffer_set_t *); /* buffer set to be freed */
887
GSS_CALLCONV GSS_FUNC(gss_release_buffer_set)
888
(OM_uint32 *, /* minor_status */
889
gss_buffer_set_t *); /* buffer set to be freed */
893
GSS_CALLCONV GSS_FUNC(gss_import_cred)
894
(OM_uint32 *, /* minor_status */
895
gss_cred_id_t *, /* cred to be exported */
896
const gss_OID, /* desired mech*/
897
OM_uint32, /* option req */
898
const gss_buffer_t, /* import buffer */
899
OM_uint32, /* time req */
900
OM_uint32 *); /* time rec */
904
GSS_CALLCONV GSS_FUNC(gss_export_cred)
905
(OM_uint32 *, /* minor_status */
906
const gss_cred_id_t,/* cred_handle */
907
const gss_OID, /* desired mech */
908
OM_uint32, /* option req */
909
gss_buffer_t); /* output buffer */
913
GSS_CALLCONV GSS_FUNC(gss_init_delegation)
914
(OM_uint32 *, /* minor_status */
915
const gss_ctx_id_t, /* context_handle */
916
const gss_cred_id_t, /* cred_handle */
917
const gss_OID, /* desired_mech */
918
const gss_OID_set, /* extension_oids */
919
const gss_buffer_set_t, /* extension_buffers */
920
const gss_buffer_t, /* input_token */
921
OM_uint32, /* req_flags */
922
OM_uint32, /* time_req */
923
gss_buffer_t); /* output_token */
927
GSS_CALLCONV GSS_FUNC(gss_accept_delegation)
928
(OM_uint32 *, /* minor_status */
929
const gss_ctx_id_t, /* context_handle */
930
const gss_OID_set, /* extension_oids */
931
const gss_buffer_set_t, /* extension_buffers */
932
const gss_buffer_t, /* input_token */
933
OM_uint32, /* req_flags */
934
OM_uint32, /* time_req */
935
OM_uint32 *, /* time_rec */
936
gss_cred_id_t *, /* delegated_cred_handle */
937
gss_OID *, /* mech_type */
938
gss_buffer_t); /* output_token */
942
GSS_CALLCONV GSS_FUNC(gss_inquire_sec_context_by_oid)
943
(OM_uint32 *, /* minor_status */
944
const gss_ctx_id_t, /* context_handle */
945
const gss_OID, /* desired_object */
946
gss_buffer_set_t *); /* data_set */
950
GSS_CALLCONV GSS_FUNC(gss_inquire_cred_by_oid)
951
(OM_uint32 *, /* minor_status */
952
const gss_cred_id_t, /* context_handle */
953
const gss_OID, /* desired_object */
954
gss_buffer_set_t *); /* data_set */
958
GSS_CALLCONV GSS_FUNC(gss_set_sec_context_option)
959
(OM_uint32 *, /* minor_status */
960
gss_ctx_id_t *, /* context_handle */
961
const gss_OID, /* option */
962
const gss_buffer_t); /* value */
966
GSS_CALLCONV GSS_FUNC(gss_set_group)
967
(OM_uint32 *, /* minor_status */
968
gss_name_t, /* name */
969
const gss_buffer_set_t, /* group */
970
const gss_OID_set); /* group_types */
974
GSS_CALLCONV GSS_FUNC(gss_get_group)
975
(OM_uint32 *, /* minor_status */
976
const gss_name_t, /* name */
977
gss_buffer_set_t *, /* group */
978
gss_OID_set *); /* group_types */
980
extern const gss_OID_desc * const GSS_DISALLOW_ENCRYPTION;
981
extern const gss_OID_desc * const GSS_PROTECTION_FAIL_ON_CONTEXT_EXPIRATION;
982
extern const gss_OID_desc * const GSS_APPLICATION_WILL_HANDLE_EXTENSIONS;
984
#endif /* GSI_EXTENDED_GSSAPI */
988
#endif /* GSSAPI_H_ */