1
/*
2
 * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
3
 * Use is subject to license terms.
4
 */
5

6
#ifndef	_GSSAPIP_SPNEGO_H_
7
#define	_GSSAPIP_SPNEGO_H_
8

9
/* #pragma ident	"@(#)gssapiP_spnego.h	1.3	03/09/18 SMI" */
10

11
#ifdef	__cplusplus
12
extern "C" {
13
#endif
14

15
typedef struct spnego_ctx_st *spnego_gss_ctx_id_t;
16

17
#include <gssapi/gssapi.h>
18
#include <gssapi/gssapi_ext.h>
19
#include <k5-queue.h>
20
#include "gssapiP_negoex.h"
21

22
#define	SEC_CONTEXT_TOKEN 1
23
#define	SPNEGO_SIZE_OF_INT 4
24

25
#define	ACCEPT_COMPLETE 0
26
#define	ACCEPT_INCOMPLETE 1
27
#define	REJECT 2
28
#define REQUEST_MIC 3
29
#define	UNSPECIFIED 0xffffffffUL
30

31
/*
32
 * constants for der encoding/decoding routines.
33
 */
34

35
#define	MECH_OID		0x06
36
#define	OCTET_STRING		0x04
37
#define	CONTEXT			0xa0
38
#define	SEQUENCE		0x30
39
#define	SEQUENCE_OF		0x30
40
#define	BIT_STRING		0x03
41
#define	BIT_STRING_LENGTH	0x02
42
#define	BIT_STRING_PADDING	0x01
43
#define	ENUMERATED		0x0a
44
#define	ENUMERATION_LENGTH	1
45
#define	HEADER_ID		0x60
46
#define GENERAL_STRING		0x1b
47

48
/*
49
 * SPNEGO and NegoEx minor status codes
50
 */
51
#define ERR_SPNEGO_NO_MECHS_AVAILABLE			0x20000001
52
#define ERR_SPNEGO_NO_CREDS_ACQUIRED			0x20000002
53
#define ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR		0x20000003
54
#define ERR_SPNEGO_NEGOTIATION_FAILED			0x20000004
55
#define ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR		0x20000005
56
#define ERR_NEGOEX_INVALID_MESSAGE_SIGNATURE		0x20000006
57
#define ERR_NEGOEX_INVALID_MESSAGE_TYPE			0x20000007
58
#define ERR_NEGOEX_INVALID_MESSAGE_SIZE			0x20000008
59
#define ERR_NEGOEX_INVALID_CONVERSATION_ID		0x20000009
60
#define ERR_NEGOEX_AUTH_SCHEME_NOT_FOUND		0x20000010
61
#define ERR_NEGOEX_MISSING_NEGO_MESSAGE			0x20000011
62
#define ERR_NEGOEX_MISSING_AP_REQUEST_MESSAGE		0x20000012
63
#define ERR_NEGOEX_NO_AVAILABLE_MECHS			0x20000013
64
#define ERR_NEGOEX_NO_VERIFY_KEY			0x20000014
65
#define ERR_NEGOEX_UNKNOWN_CHECKSUM_SCHEME		0x20000015
66
#define ERR_NEGOEX_INVALID_CHECKSUM			0x20000016
67
#define ERR_NEGOEX_UNSUPPORTED_CRITICAL_EXTENSION	0x20000017
68
#define ERR_NEGOEX_UNSUPPORTED_VERSION			0x20000018
69
#define ERR_NEGOEX_MESSAGE_OUT_OF_SEQUENCE		0x20000019
70

71
/*
72
 * send_token_flag is used to indicate in later steps what type
73
 * of token, if any should be sent or processed.
74
 * NO_TOKEN_SEND = no token should be sent
75
 * INIT_TOKEN_SEND = initial token will be sent
76
 * CONT_TOKEN_SEND = continuing tokens to be sent
77
 * CHECK_MIC = no token to be sent, but have a MIC to check.
78
 * ERROR_TOKEN_SEND = error token from peer needs to be sent.
79
 */
80

81
typedef	enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND,
82
		CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag;
83

84
/*
85
 * The Mech OID:
86
 * { iso(1) org(3) dod(6) internet(1) security(5)
87
 *  mechanism(5) spnego(2) }
88
 */
89

90
#define	SPNEGO_OID_LENGTH 6
91
#define	SPNEGO_OID "\053\006\001\005\005\002"
92

93
typedef void *spnego_token_t;
94

95
/* spnego name structure for internal representation. */
96
typedef struct {
97
	gss_OID type;
98
	gss_buffer_t buffer;
99
	gss_OID	mech_type;
100
	gss_name_t	mech_name;
101
} spnego_name_desc, *spnego_name_t;
102

103
/* Structure for credential */
104
typedef struct {
105
	gss_cred_id_t mcred;	/* mechglue union of obtainable creds */
106
	gss_OID_set neg_mechs;	/* app-specified list of allowable mechs */
107
	int no_ask_integ;	/* do not request integ from mechs */
108
} spnego_gss_cred_id_rec, *spnego_gss_cred_id_t;
109

110
/* Structure for context handle */
111
struct spnego_ctx_st {
112
	OM_uint32	magic_num;
113
	gss_buffer_desc DER_mechTypes;
114
	gss_OID_set mech_set;
115
	gss_OID internal_mech;  /* alias into mech_set->elements */
116
	gss_ctx_id_t ctx_handle;
117
	int mic_reqd;
118
	int mic_sent;
119
	int mic_rcvd;
120
	int firstpass;
121
	int mech_complete;
122
	int nego_done;
123
	int initiate;
124
	int opened;
125
	OM_uint32 ctx_flags;
126
	gss_name_t internal_name;
127
	gss_OID actual_mech;
128
	gss_cred_id_t deleg_cred;
129
	int negoex_step;
130
	struct k5buf negoex_transcript;
131
	uint32_t negoex_seqnum;
132
	conversation_id negoex_conv_id;
133
	K5_TAILQ_HEAD(negoex_mech_list, negoex_auth_mech) negoex_mechs;
134
	krb5_context kctx;
135
};
136

137
/*
138
 * The magic number must be less than a standard pagesize
139
 * to avoid a possible collision with a real address.
140
 */
141
#define	SPNEGO_MAGIC_ID  0x00000fed
142

143
/* SPNEGO oid declarations */
144
extern const gss_OID_desc * const gss_mech_spnego;
145
extern const gss_OID_set_desc * const gss_mech_set_spnego;
146

147
#if defined(DEBUG) && defined(HAVE_SYSLOG_H)
148
#include <syslog.h>
149
#define	dsyslog(a) syslog(LOG_DEBUG, a)
150
#else
151
#define	dsyslog(a)
152
#define	SPNEGO_STATIC
153
#endif	/* DEBUG */
154

155
/*
156
 * declarations of internal name mechanism functions
157
 */
158

159
OM_uint32 KRB5_CALLCONV spnego_gss_acquire_cred
160
(
161
	OM_uint32 *,		/* minor_status */
162
	gss_name_t,		/* desired_name */
163
	OM_uint32,		/* time_req */
164
	gss_OID_set,		/* desired_mechs */
165
	gss_cred_usage_t,	/* cred_usage */
166
	gss_cred_id_t *,	/* output_cred_handle */
167
	gss_OID_set *,		/* actual_mechs */
168
	OM_uint32 *		/* time_rec */
169
);
170

171
OM_uint32 KRB5_CALLCONV spnego_gss_release_cred
172
(
173
	OM_uint32 *,		/* minor_status */
174
	/* CSTYLED */
175
	gss_cred_id_t	*	/* cred_handle */
176
);
177

178
OM_uint32 KRB5_CALLCONV spnego_gss_init_sec_context
179
(
180
	OM_uint32 *,		/* minor_status */
181
	gss_cred_id_t,		/* claimant_cred_handle */
182
	gss_ctx_id_t *,		/* context_handle */
183
	gss_name_t,		/* target_name */
184
	gss_OID,		/* mech_type */
185
	OM_uint32,		/* req_flags */
186
	OM_uint32,		/* time_req */
187
	gss_channel_bindings_t, /* input_chan_bindings */
188
	gss_buffer_t,		/* input_token */
189
	gss_OID *,		/* actual_mech_type */
190
	gss_buffer_t,		/* output_token */
191
	OM_uint32 *,		/* ret_flags */
192
	OM_uint32 *		/* time_rec */
193
);
194

195
#ifndef LEAN_CLIENT
196
OM_uint32 KRB5_CALLCONV spnego_gss_accept_sec_context
197
(
198
	OM_uint32 *,		/* minor_status */
199
	gss_ctx_id_t *,		/* context_handle */
200
	gss_cred_id_t,		/* verifier_cred_handle */
201
	gss_buffer_t,		/* input_token_buffer */
202
	gss_channel_bindings_t, /* input_chan_bindings */
203
	gss_name_t *,		/* src_name */
204
	gss_OID *,		/* mech_type */
205
	gss_buffer_t,		/* output_token */
206
	OM_uint32 *,		/* ret_flags */
207
	OM_uint32 *,		/* time_rec */
208
	/* CSTYLED */
209
	gss_cred_id_t *		/* delegated_cred_handle */
210
);
211
#endif /* LEAN_CLIENT */
212

213
OM_uint32 KRB5_CALLCONV spnego_gss_compare_name
214
(
215
	OM_uint32 *,		/* minor_status */
216
	const gss_name_t,	/* name1 */
217
	const gss_name_t,	/* name2 */
218
	int *			/* name_equal */
219
);
220

221
OM_uint32 KRB5_CALLCONV spnego_gss_display_name
222
(
223
	OM_uint32 *,		/* minor_status */
224
	gss_name_t,		/*  input_name */
225
	gss_buffer_t,		/*  output_name_buffer */
226
	gss_OID *		/* output_name_type */
227
);
228

229
OM_uint32 KRB5_CALLCONV spnego_gss_display_status
230
(
231
	OM_uint32 *,		/* minor_status */
232
	OM_uint32,		/* status_value */
233
	int,			/* status_type */
234
	gss_OID,		/* mech_type */
235
	OM_uint32 *,		/* message_context */
236
	gss_buffer_t		/* status_string */
237
);
238

239
OM_uint32 KRB5_CALLCONV spnego_gss_import_name
240
(
241
	OM_uint32 *,		/* minor_status */
242
	gss_buffer_t,		/* input_name_buffer */
243
	gss_OID,		/* input_name_type */
244
	/* CSTYLED */
245
	gss_name_t *		/* output_name */
246
);
247

248
OM_uint32 KRB5_CALLCONV spnego_gss_release_name
249
(
250
	OM_uint32 *,		/* minor_status */
251
	/* CSTYLED */
252
	gss_name_t *		/* input_name */
253
);
254

255
OM_uint32 KRB5_CALLCONV spnego_gss_duplicate_name
256
(
257
	OM_uint32 *,		/* minor_status */
258
	/* CSTYLED */
259
	const gss_name_t, 	/* input_name */
260
	gss_name_t *		/* output_name */
261
);
262

263
OM_uint32 KRB5_CALLCONV spnego_gss_inquire_cred
264
(
265
	OM_uint32 *,		/* minor_status */
266
	gss_cred_id_t,		/* cred_handle */
267
	gss_name_t *,		/* name */
268
	OM_uint32 *,		/* lifetime */
269
	int *,			/* cred_usage */
270
	gss_OID_set *		/* mechanisms */
271
);
272

273
OM_uint32 KRB5_CALLCONV spnego_gss_inquire_names_for_mech
274
(
275
	OM_uint32 *,		/* minor_status */
276
	gss_OID,		/* mechanism */
277
	gss_OID_set *		/* name_types */
278
);
279

280
OM_uint32 KRB5_CALLCONV spnego_gss_unwrap
281
(
282
	OM_uint32 *minor_status,
283
	gss_ctx_id_t context_handle,
284
	gss_buffer_t input_message_buffer,
285
	gss_buffer_t output_message_buffer,
286
	int *conf_state,
287
	gss_qop_t *qop_state
288
);
289

290
OM_uint32 KRB5_CALLCONV spnego_gss_wrap
291
(
292
	OM_uint32 *minor_status,
293
	gss_ctx_id_t context_handle,
294
	int conf_req_flag,
295
	gss_qop_t qop_req,
296
	gss_buffer_t input_message_buffer,
297
	int *conf_state,
298
	gss_buffer_t output_message_buffer
299
);
300

301
OM_uint32 KRB5_CALLCONV spnego_gss_process_context_token
302
(
303
	OM_uint32	*minor_status,
304
	const gss_ctx_id_t context_handle,
305
	const gss_buffer_t token_buffer
306
);
307

308
OM_uint32 KRB5_CALLCONV spnego_gss_delete_sec_context
309
(
310
	OM_uint32 *minor_status,
311
	gss_ctx_id_t *context_handle,
312
	gss_buffer_t output_token
313
);
314

315
OM_uint32 KRB5_CALLCONV spnego_gss_context_time
316
(
317
	OM_uint32	*minor_status,
318
	const gss_ctx_id_t context_handle,
319
	OM_uint32	*time_rec
320
);
321
#ifndef LEAN_CLIENT
322
OM_uint32 KRB5_CALLCONV spnego_gss_export_sec_context
323
(
324
	OM_uint32	*minor_status,
325
	gss_ctx_id_t	*context_handle,
326
	gss_buffer_t	interprocess_token
327
);
328

329
OM_uint32 KRB5_CALLCONV spnego_gss_import_sec_context
330
(
331
	OM_uint32		*minor_status,
332
	const gss_buffer_t	interprocess_token,
333
	gss_ctx_id_t		*context_handle
334
);
335
#endif /* LEAN_CLIENT */
336

337
OM_uint32 KRB5_CALLCONV spnego_gss_inquire_context
338
(
339
	OM_uint32	*minor_status,
340
	const gss_ctx_id_t context_handle,
341
	gss_name_t	*src_name,
342
	gss_name_t	*targ_name,
343
	OM_uint32	*lifetime_rec,
344
	gss_OID		*mech_type,
345
	OM_uint32	*ctx_flags,
346
	int		*locally_initiated,
347
	int		*opened
348
);
349

350
OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit
351
(
352
	OM_uint32	*minor_status,
353
	const gss_ctx_id_t context_handle,
354
	int		conf_req_flag,
355
	gss_qop_t	qop_req,
356
	OM_uint32	req_output_size,
357
	OM_uint32	*max_input_size
358
);
359

360
OM_uint32 KRB5_CALLCONV spnego_gss_localname
361
(
362
	OM_uint32 *minor_status,
363
	const gss_name_t pname,
364
	const gss_const_OID mech_type,
365
	gss_buffer_t localname
366
);
367

368
OM_uint32 KRB5_CALLCONV spnego_gss_get_mic
369
(
370
	OM_uint32 *minor_status,
371
	const gss_ctx_id_t context_handle,
372
	gss_qop_t qop_req,
373
	const gss_buffer_t message_buffer,
374
	gss_buffer_t message_token
375
);
376

377
OM_uint32 KRB5_CALLCONV spnego_gss_verify_mic
378
(
379
	OM_uint32 *minor_status,
380
	const gss_ctx_id_t context_handle,
381
	const gss_buffer_t msg_buffer,
382
	const gss_buffer_t token_buffer,
383
	gss_qop_t *qop_state
384
);
385

386
OM_uint32 KRB5_CALLCONV
387
spnego_gss_inquire_sec_context_by_oid
388
(
389
	OM_uint32 *minor_status,
390
	const gss_ctx_id_t context_handle,
391
	const gss_OID desired_object,
392
	gss_buffer_set_t *data_set
393
);
394

395
OM_uint32 KRB5_CALLCONV
396
spnego_gss_inquire_cred_by_oid
397
(
398
	OM_uint32 *minor_status,
399
	const gss_cred_id_t cred_handle,
400
	const gss_OID desired_object,
401
	gss_buffer_set_t *data_set
402
);
403

404
OM_uint32 KRB5_CALLCONV
405
spnego_gss_set_cred_option
406
(
407
	OM_uint32 *minor_status,
408
	gss_cred_id_t *cred_handle,
409
	const gss_OID desired_object,
410
	const gss_buffer_t value
411
);
412

413
OM_uint32 KRB5_CALLCONV
414
spnego_gss_set_sec_context_option
415
(
416
	OM_uint32 *minor_status,
417
	gss_ctx_id_t *context_handle,
418
	const gss_OID desired_object,
419
	const gss_buffer_t value
420
);
421

422
#ifdef _GSS_STATIC_LINK
423
int gss_spnegoint_lib_init(void);
424
void gss_spnegoint_lib_fini(void);
425
#else
426
gss_mechanism KRB5_CALLCONV gss_mech_initialize(void);
427
#endif /* _GSS_STATIC_LINK */
428

429
OM_uint32 KRB5_CALLCONV spnego_gss_wrap_aead
430
(
431
	OM_uint32 *minor_status,
432
	gss_ctx_id_t context_handle,
433
	int conf_req_flag,
434
	gss_qop_t qop_req,
435
	gss_buffer_t input_assoc_buffer,
436
	gss_buffer_t input_payload_buffer,
437
	int *conf_state,
438
	gss_buffer_t output_message_buffer
439
);
440

441
OM_uint32 KRB5_CALLCONV spnego_gss_unwrap_aead
442
(
443
	OM_uint32 *minor_status,
444
	gss_ctx_id_t context_handle,
445
	gss_buffer_t input_message_buffer,
446
	gss_buffer_t input_assoc_buffer,
447
	gss_buffer_t output_payload_buffer,
448
	int *conf_state,
449
	gss_qop_t *qop_state
450
);
451

452
OM_uint32 KRB5_CALLCONV spnego_gss_wrap_iov
453
(
454
	OM_uint32 *minor_status,
455
	gss_ctx_id_t context_handle,
456
	int conf_req_flag,
457
	gss_qop_t qop_req,
458
	int *conf_state,
459
	gss_iov_buffer_desc *iov,
460
	int iov_count
461
);
462

463
OM_uint32 KRB5_CALLCONV spnego_gss_unwrap_iov
464
(
465
	OM_uint32 *minor_status,
466
	gss_ctx_id_t context_handle,
467
	int *conf_state,
468
	gss_qop_t *qop_state,
469
	gss_iov_buffer_desc *iov,
470
	int iov_count
471
);
472

473
OM_uint32 KRB5_CALLCONV spnego_gss_wrap_iov_length
474
(
475
	OM_uint32 *minor_status,
476
	gss_ctx_id_t context_handle,
477
	int conf_req_flag,
478
	gss_qop_t qop_req,
479
	int *conf_state,
480
	gss_iov_buffer_desc *iov,
481
	int iov_count
482
);
483

484
OM_uint32 KRB5_CALLCONV
485
spnego_gss_complete_auth_token
486
(
487
	OM_uint32 *minor_status,
488
	const gss_ctx_id_t context_handle,
489
	gss_buffer_t input_message_buffer
490
);
491

492
OM_uint32 KRB5_CALLCONV
493
spnego_gss_acquire_cred_impersonate_name(
494
    OM_uint32 *,	    /* minor_status */
495
    const gss_cred_id_t,    /* impersonator_cred_handle */
496
    const gss_name_t,	    /* desired_name */
497
    OM_uint32,		    /* time_req */
498
    const gss_OID_set,	    /* desired_mechs */
499
    gss_cred_usage_t,	    /* cred_usage */
500
    gss_cred_id_t *,	    /* output_cred_handle */
501
    gss_OID_set *,	    /* actual_mechs */
502
    OM_uint32 *);	    /* time_rec */
503

504
OM_uint32 KRB5_CALLCONV
505
spnego_gss_acquire_cred_with_password(
506
    OM_uint32 *minor_status,
507
    const gss_name_t desired_name,
508
    const gss_buffer_t password,
509
    OM_uint32 time_req,
510
    const gss_OID_set desired_mechs,
511
    gss_cred_usage_t cred_usage,
512
    gss_cred_id_t *output_cred_handle,
513
    gss_OID_set *actual_mechs,
514
    OM_uint32 *time_rec);
515

516
OM_uint32 KRB5_CALLCONV
517
spnego_gss_display_name_ext
518
(
519
	OM_uint32 *minor_status,
520
	gss_name_t name,
521
	gss_OID display_as_name_type,
522
	gss_buffer_t display_name
523
);
524

525
OM_uint32 KRB5_CALLCONV
526
spnego_gss_inquire_name
527
(
528
	OM_uint32 *minor_status,
529
	gss_name_t name,
530
	int *name_is_MN,
531
	gss_OID *MN_mech,
532
	gss_buffer_set_t *attrs
533
);
534

535
OM_uint32 KRB5_CALLCONV
536
spnego_gss_get_name_attribute
537
(
538
	OM_uint32 *minor_status,
539
	gss_name_t name,
540
	gss_buffer_t attr,
541
	int *authenticated,
542
	int *complete,
543
	gss_buffer_t value,
544
	gss_buffer_t display_value,
545
	int *more
546
);
547

548
OM_uint32 KRB5_CALLCONV
549
spnego_gss_set_name_attribute
550
(
551
	OM_uint32 *minor_status,
552
	gss_name_t name,
553
	int complete,
554
	gss_buffer_t attr,
555
	gss_buffer_t value
556
);
557

558
OM_uint32 KRB5_CALLCONV
559
spnego_gss_delete_name_attribute
560
(
561
	OM_uint32 *minor_status,
562
	gss_name_t name,
563
	gss_buffer_t attr
564
);
565

566
OM_uint32 KRB5_CALLCONV
567
spnego_gss_export_name_composite
568
(
569
	OM_uint32 *minor_status,
570
	gss_name_t name,
571
	gss_buffer_t exp_composite_name
572
);
573

574
OM_uint32 KRB5_CALLCONV
575
spnego_gss_map_name_to_any
576
(
577
	OM_uint32 *minor_status,
578
	gss_name_t name,
579
	int authenticated,
580
	gss_buffer_t type_id,
581
	gss_any_t *output
582
);
583

584
OM_uint32 KRB5_CALLCONV
585
spnego_gss_release_any_name_mapping
586
(
587
	OM_uint32 *minor_status,
588
	gss_name_t name,
589
	gss_buffer_t type_id,
590
	gss_any_t *input
591
);
592

593
OM_uint32 KRB5_CALLCONV
594
spnego_gss_pseudo_random
595
(
596
	OM_uint32 *minor_status,
597
	gss_ctx_id_t context,
598
	int prf_key,
599
	const gss_buffer_t prf_in,
600
	ssize_t desired_output_len,
601
	gss_buffer_t prf_out
602
);
603

604
OM_uint32 KRB5_CALLCONV
605
spnego_gss_set_neg_mechs
606
(
607
	OM_uint32 *minor_status,
608
	gss_cred_id_t cred_handle,
609
	const gss_OID_set mech_list
610
);
611

612
OM_uint32 KRB5_CALLCONV
613
spnego_gss_inquire_mech_for_saslname
614
(
615
	OM_uint32 *minor_status,
616
	const gss_buffer_t sasl_mech_name,
617
	gss_OID *mech_type
618
);
619

620
OM_uint32 KRB5_CALLCONV
621
spnego_gss_inquire_saslname_for_mech
622
(
623
	OM_uint32 *minor_status,
624
	const gss_OID desired_mech,
625
	gss_buffer_t sasl_mech_name,
626
	gss_buffer_t mech_name,
627
	gss_buffer_t mech_description
628
);
629

630
OM_uint32 KRB5_CALLCONV
631
spnego_gss_inquire_attrs_for_mech
632
(
633
	OM_uint32 *minor_status,
634
	gss_const_OID mech,
635
	gss_OID_set *mech_attrs,
636
	gss_OID_set *known_mech_attrs
637
);
638

639
OM_uint32 KRB5_CALLCONV
640
spnego_gss_acquire_cred_from
641
(
642
	OM_uint32 *minor_status,
643
	const gss_name_t desired_name,
644
	OM_uint32 time_req,
645
	const gss_OID_set desired_mechs,
646
	gss_cred_usage_t cred_usage,
647
	gss_const_key_value_set_t cred_store,
648
	gss_cred_id_t *output_cred_handle,
649
	gss_OID_set *actual_mechs,
650
	OM_uint32 *time_rec
651
);
652

653
OM_uint32 KRB5_CALLCONV
654
spnego_gss_export_cred(
655
	OM_uint32 *minor_status,
656
	gss_cred_id_t cred_handle,
657
	gss_buffer_t token
658
);
659

660
OM_uint32 KRB5_CALLCONV
661
spnego_gss_import_cred(
662
	OM_uint32 *minor_status,
663
	gss_buffer_t token,
664
	gss_cred_id_t *cred_handle
665
);
666

667
OM_uint32 KRB5_CALLCONV
668
spnego_gss_get_mic_iov(
669
	OM_uint32 *minor_status,
670
	gss_ctx_id_t context_handle,
671
	gss_qop_t qop_req,
672
	gss_iov_buffer_desc *iov,
673
	int iov_count
674
);
675

676
OM_uint32 KRB5_CALLCONV
677
spnego_gss_verify_mic_iov(
678
	OM_uint32 *minor_status,
679
	gss_ctx_id_t context_handle,
680
	gss_qop_t *qop_state,
681
	gss_iov_buffer_desc *iov,
682
	int iov_count
683
);
684

685
OM_uint32 KRB5_CALLCONV
686
spnego_gss_get_mic_iov_length(
687
	OM_uint32 *minor_status,
688
	gss_ctx_id_t context_handle,
689
	gss_qop_t qop_req,
690
	gss_iov_buffer_desc *iov,
691
	int iov_count
692
);
693

694
#ifdef	__cplusplus
695
}
696
#endif
697

698
#endif /* _GSSAPIP_SPNEGO_H_ */
699

700