2
* Copyright 1999-2006 University of Chicago
4
* Licensed under the Apache License, Version 2.0 (the "License");
5
* you may not use this file except in compliance with the License.
6
* You may obtain a copy of the License at
8
* http://www.apache.org/licenses/LICENSE-2.0
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
17
#ifndef GLOBUS_DONT_DOCUMENT_INTERNAL
19
* @file globus_gss_assist.h
22
* $RCSfile: globus_gss_assist.h,v $
28
#ifndef _GLOBUS_GSS_ASSIST_H
29
#define _GLOBUS_GSS_ASSIST_H
31
#ifndef EXTERN_C_BEGIN
33
# define EXTERN_C_BEGIN extern "C" {
34
# define EXTERN_C_END }
36
# define EXTERN_C_BEGIN
48
* @defgroup globus_gsi_gss_assist_activation Activation
50
* Globus GSI GSS Assist uses standard Globus module activation and
51
* deactivation. Before any Globus GSS Assist functions are called,
52
* the following function must be called:
55
* globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE);
58
* This function returns GLOBUS_SUCCESS if Globus GSI GSS Assist was
59
* successfully initialized, and you are therefore allowed to
60
* call GSS Assist functions. Otherwise, an error code is returned,
61
* and GSS Assist functions should not be subsequently called.
62
* This function may be called multiple times.
64
* To deactivate Globus GSS Assist, the following function must be called:
67
* globus_module_deactivate(GLOBUS_GSI_GSS_ASSIST_MODULE)
70
* This function should be called once for each time Globus GSI GSS Assist
76
* @ingroup globus_gsi_gss_assist_activation
79
#define GLOBUS_GSI_GSS_ASSIST_MODULE (&globus_i_gsi_gss_assist_module)
82
globus_module_descriptor_t globus_i_gsi_gss_assist_module;
85
* @defgroup globus_gsi_gss_assist Utility Functions
87
* Utility functions for GSSAPI
89
#define _GASL(s) globus_common_i18n_get_string( \
90
GLOBUS_GSI_GSS_ASSIST_MODULE, \
92
#include "globus_gss_assist_constants.h"
95
#define GLOBUS_GSS_ASSIST_TOKEN_ERR_MALLOC 1
96
#define GLOBUS_GSS_ASSIST_TOKEN_ERR_BAD_SIZE 2
97
#define GLOBUS_GSS_ASSIST_TOKEN_EOF 3
98
#define GLOBUS_GSS_ASSIST_TOKEN_NOT_FOUND 4
100
/* for kerberos v5.1.0.5 compatability we need this */
101
#ifndef GSS_C_NO_NAME
102
#define GSS_C_NO_NAME ((gss_name_t *) 0)
103
#define GSS_ASSIST_KRB5_HACK
106
/* for the globus_gss_assist_ex flags: */
108
#define GLOBUS_GSS_ASSIST_EX_SEND_WITHOUT_LENGTH 1
110
typedef struct globus_gss_assist_ex_st
114
} globus_gss_assist_ex;
117
* Get and send gss tokens using verious methods
118
* These are used by the gss_assist_init_sec_context
119
* gss_assist_accept_sec_context, gss_assist_get_unwrap
120
* and gss_assist_wrap_send
121
* Arg depends on the method being used,
122
* FILE * for a fd, socket * for the nexus version
123
* You may provide your own versions as well.
124
* The _ex versions accept a globus_gss_assist_ex structure
125
* which has in addition the arg, some flags.
128
globus_gss_assist_token_get_fd(
134
globus_gss_assist_token_send_fd(
140
globus_gss_assist_token_send_fd_ex(
146
globus_gss_assist_token_send_fd_without_length(
152
globus_gss_assist_token_get_nexus(
158
globus_gss_assist_token_send_nexus(
164
globus_gss_assist_token_send_nexus_ex(
170
globus_gss_assist_token_send_nexus_without_length(
176
* globus_gss_assist_acquire_cred, assist with the gss_acquire_cred
179
globus_gss_assist_acquire_cred(
180
OM_uint32 *, /* minor_status */
181
gss_cred_usage_t, /* cred_usage */
182
gss_cred_id_t * /* output_cred_handle */);
185
* globus_gss_assist_acquire_cred_ext, assist with the gss_acquire_cred
188
globus_gss_assist_acquire_cred_ext(
189
OM_uint32 *, /* minor_status */
190
char *, /* desired_name_char */
191
OM_uint32, /* time_req */
192
const gss_OID_set, /* desired_mechs */
193
gss_cred_usage_t, /* cred_usage */
194
gss_cred_id_t *, /* output_cred_handle */
195
gss_OID_set *, /* actual_mechs */
196
OM_uint32 * /* time_rec */);
199
* gss_assist_accept_sec_context - takes care of looping
200
* over multiple tokens using the get and send tokens
204
globus_gss_assist_accept_sec_context(
205
OM_uint32 *, /* minor_status */
206
gss_ctx_id_t *, /* context_handle */
207
const gss_cred_id_t, /* acceptor_cred_handle */
208
char **, /* src_name as char ** */
209
OM_uint32 *, /* ret_flags */
210
int *, /* user_to_user_flag */
211
int *, /* token_status */
212
gss_cred_id_t *, /* delegated_cred_handle */
213
int (* get_token)(void *, void **, size_t *),
215
int (* send_token)(void *, void *, size_t),
216
void * send_context);
219
* globus_gss_assist_accept_sec_context_async - async version of
220
* globus_gss_assist_accept_sec_context().
223
globus_gss_assist_accept_sec_context_async(
224
OM_uint32 * minor_status,
225
gss_ctx_id_t * context_handle,
226
const gss_cred_id_t cred_handle,
227
char ** src_name_char,
228
OM_uint32 * ret_flags,
229
int * user_to_user_flag,
231
size_t input_buffer_len,
232
void ** output_bufferp,
233
size_t * output_buffer_lenp,
234
gss_cred_id_t * delegated_cred_handle);
237
* globus_gss_assist_init_sec_context - takes care of looping
238
* over multiple tokens using the get and send tokens
242
globus_gss_assist_init_sec_context(
243
OM_uint32 *, /* minor_status */
244
const gss_cred_id_t, /* initiator_cred_handle */
245
gss_ctx_id_t *, /* context_handle */
246
char *, /* target_name as char * */
247
OM_uint32, /* req_flags */
248
OM_uint32 *, /* ret_flags */
249
int *, /* token_status */
250
int (* get_token)(void *, void **, size_t *),
252
int (* send_token)(void *, void *, size_t),
256
* globus_gss_assist_init_sec_context_async - async version of
257
* globus_gss_assist_init_sec_context().
260
globus_gss_assist_init_sec_context_async(
261
OM_uint32 * minor_status,
262
const gss_cred_id_t cred_handle,
263
gss_ctx_id_t * context_handle,
264
char * target_name_char,
266
OM_uint32 * ret_flags,
268
size_t input_buffer_len,
269
void ** output_bufferp,
270
size_t * output_buffer_lenp);
273
* globus_gss_assist_display_status - used gss_display_status
276
globus_gss_assist_display_status(
277
FILE *, /* where to print */
278
char *, /* comment */
279
OM_uint32, /* major_status */
280
OM_uint32, /* minor_status */
281
int /* token_status */);
284
globus_gss_assist_display_status_str(
285
char **, /* string returned with newlines */
286
char *, /* comment */
287
OM_uint32, /* major_status */
288
OM_uint32, /* minor_status */
289
int /* token_status */);
292
* globus_gss_assist_wrap_send - used to wrap a
293
* simple message and send it
296
globus_gss_assist_wrap_send(
297
OM_uint32 * minor_status,
298
const gss_ctx_id_t context_handle,
302
int (*gss_assist_send_token)(void *, void *, size_t),
303
void * gss_assist_send_context,
307
* globus_gss_assist_get_unwrap - used to get and unwrap a message
310
globus_gss_assist_get_unwrap(
311
OM_uint32 * minor_status,
312
const gss_ctx_id_t context_handle,
316
int (*gss_assist_get_token)(void *, void **, size_t *),
317
void * gss_assist_get_context,
321
* globus_gss_assist_will_handle_restrictions - used to tell openssl
322
* that the application will deal with the restrictions extension
325
globus_gss_assist_will_handle_restrictions(
326
OM_uint32 * minor_status,
327
gss_ctx_id_t * context_handle);
331
* globus_gss_assist_import_sec_context - read a security context
334
globus_gss_assist_export_sec_context(
335
OM_uint32 * minor_status,
336
gss_ctx_id_t * context_handle,
342
* globus_gss_assist_import_sec_context - read a security context
345
globus_gss_assist_import_sec_context(
346
OM_uint32 * minor_status,
347
gss_ctx_id_t * context_handle,
354
globus_gss_assist_authorization_host_name(
356
gss_name_t * authorization_hostname);
359
* globus_gss_assist_gridmap - used to map a
360
* src_name to a local userid
361
* This is not really part of authentication,
362
* but rather authorization.
365
globus_gss_assist_gridmap(
370
globus_gss_assist_userok(
375
globus_gss_assist_map_local_user(
380
globus_gss_assist_lookup_all_globusid(
386
globus_gss_assist_map_and_authorize(
387
gss_ctx_id_t context,
389
char * desired_identity,
390
char * identity_buffer,
391
unsigned int identity_buffer_length);
395
#define GlobusGssAssistFreeDNArray(dn_a) \
398
while(dn_a[__ctr] != NULL) \
409
#endif /* _GLOBUS_GSS_ASSIST_H */