CoCalc -- gssapi.h

GitHub Repository: freebsd/freebsd-src
Path: blob/main/sys/kgssapi/gssapi.h
³⁹⁴⁷⁶ views
1
/*
2
 * Copyright (C) The Internet Society (2000).  All Rights Reserved.
3
 *
4
 * This document and translations of it may be copied and furnished to
5
 * others, and derivative works that comment on or otherwise explain it
6
 * or assist in its implementation may be prepared, copied, published
7
 * and distributed, in whole or in part, without restriction of any
8
 * kind, provided that the above copyright notice and this paragraph are
9
 * included on all such copies and derivative works.  However, this
10
 * document itself may not be modified in any way, such as by removing
11
 * the copyright notice or references to the Internet Society or other
12
 * Internet organizations, except as needed for the purpose of
13
 * developing Internet standards in which case the procedures for
14
 * copyrights defined in the Internet Standards process must be
15
 * followed, or as required to translate it into languages other than
16
 * English.
17
 *
18
 * The limited permissions granted above are perpetual and will not be
19
 * revoked by the Internet Society or its successors or assigns.
20
 *
21
 * This document and the information contained herein is provided on an
22
 * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
23
 * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
24
 * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
25
 * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
26
 * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
27
 */
28

29
#ifndef _KGSSAPI_GSSAPI_H_
30
#define _KGSSAPI_GSSAPI_H_
31

32
/*
33
 * A cut-down version of the GSS-API for in-kernel use
34
 */
35

36
/*
37
 * Now define the three implementation-dependent types.
38
 */
39
typedef struct _gss_ctx_id_t *gss_ctx_id_t;
40
typedef struct _gss_cred_id_t *gss_cred_id_t;
41
typedef struct _gss_name_t *gss_name_t;
42

43
/*
44
 * We can't use X/Open definitions, so roll our own.
45
 */
46
typedef uint32_t OM_uint32;
47
typedef uint64_t OM_uint64;
48

49
typedef struct gss_OID_desc_struct {
50
  OM_uint32 length;
51
  void      *elements;
52
} gss_OID_desc, *gss_OID;
53

54
typedef struct gss_OID_set_desc_struct  {
55
  size_t     count;
56
  gss_OID    elements;
57
} gss_OID_set_desc, *gss_OID_set;
58

59
typedef struct gss_buffer_desc_struct {
60
  size_t length;
61
  void *value;
62
} gss_buffer_desc, *gss_buffer_t;
63

64
typedef struct gss_channel_bindings_struct {
65
  OM_uint32 initiator_addrtype;
66
  gss_buffer_desc initiator_address;
67
  OM_uint32 acceptor_addrtype;
68
  gss_buffer_desc acceptor_address;
69
  gss_buffer_desc application_data;
70
} *gss_channel_bindings_t;
71

72
/*
73
 * For now, define a QOP-type as an OM_uint32
74
 */
75
typedef OM_uint32 gss_qop_t;
76

77
typedef int gss_cred_usage_t;
78

79
/*
80
 * Flag bits for context-level services.
81
 */
82
#define GSS_C_DELEG_FLAG      1
83
#define GSS_C_MUTUAL_FLAG     2
84
#define GSS_C_REPLAY_FLAG     4
85
#define GSS_C_SEQUENCE_FLAG   8
86
#define GSS_C_CONF_FLAG       16
87
#define GSS_C_INTEG_FLAG      32
88
#define GSS_C_ANON_FLAG       64
89
#define GSS_C_PROT_READY_FLAG 128
90
#define GSS_C_TRANS_FLAG      256
91

92
/*
93
 * Credential usage options
94
 */
95
#define GSS_C_BOTH     0
96
#define GSS_C_INITIATE 1
97
#define GSS_C_ACCEPT   2
98

99
/*
100
 * Status code types for gss_display_status
101
 */
102
#define GSS_C_GSS_CODE  1
103
#define GSS_C_MECH_CODE 2
104

105
/*
106
 * The constant definitions for channel-bindings address families
107
 */
108
#define GSS_C_AF_UNSPEC     0
109
#define GSS_C_AF_LOCAL      1
110
#define GSS_C_AF_INET       2
111
#define GSS_C_AF_IMPLINK    3
112
#define GSS_C_AF_PUP        4
113
#define GSS_C_AF_CHAOS      5
114
#define GSS_C_AF_NS         6
115
#define GSS_C_AF_NBS        7
116
#define GSS_C_AF_ECMA       8
117
#define GSS_C_AF_DATAKIT    9
118
#define GSS_C_AF_CCITT      10
119
#define GSS_C_AF_SNA        11
120
#define GSS_C_AF_DECnet     12
121
#define GSS_C_AF_DLI        13
122
#define GSS_C_AF_LAT        14
123
#define GSS_C_AF_HYLINK     15
124
#define GSS_C_AF_APPLETALK  16
125
#define GSS_C_AF_BSC        17
126
#define GSS_C_AF_DSS        18
127
#define GSS_C_AF_OSI        19
128
#define GSS_C_AF_X25        21
129
#define GSS_C_AF_NULLADDR   255
130

131
/*
132
 * Various Null values
133
 */
134
#define GSS_C_NO_NAME ((gss_name_t) 0)
135
#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
136
#define GSS_C_NO_OID ((gss_OID) 0)
137
#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
138
#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
139
#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
140
#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
141
#define GSS_C_EMPTY_BUFFER {0, NULL}
142

143
/*
144
 * Some alternate names for a couple of the above
145
 * values.  These are defined for V1 compatibility.
146
 */
147
#define GSS_C_NULL_OID GSS_C_NO_OID
148
#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
149

150
/*
151
 * Define the default Quality of Protection for per-message
152
 * services.  Note that an implementation that offers multiple
153
 * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
154
 * (as done here) to mean "default protection", or to a specific
155
 * explicit QOP value.  However, a value of 0 should always be
156
 * interpreted by a GSS-API implementation as a request for the
157
 * default protection level.
158
 */
159
#define GSS_C_QOP_DEFAULT 0
160

161
/*
162
 * Expiration time of 2^32-1 seconds means infinite lifetime for a
163
 * credential or security context
164
 */
165
#define GSS_C_INDEFINITE 0xfffffffful
166

167
/*
168
 * The implementation must reserve static storage for a
169
 * gss_OID_desc object containing the value
170
 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
171
 * "\x01\x02\x01\x01"},
172
 * corresponding to an object-identifier value of
173
 * {iso(1) member-body(2) United States(840) mit(113554)
174
 * infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
175
 * GSS_C_NT_USER_NAME should be initialized to point
176
 * to that gss_OID_desc.
177
 */
178
extern gss_OID GSS_C_NT_USER_NAME;
179

180
/*
181
 * The implementation must reserve static storage for a
182
 * gss_OID_desc object containing the value
183
 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
184
 *              "\x01\x02\x01\x02"},
185
 * corresponding to an object-identifier value of
186
 * {iso(1) member-body(2) United States(840) mit(113554)
187
 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
188
 * The constant GSS_C_NT_MACHINE_UID_NAME should be
189
 * initialized to point to that gss_OID_desc.
190
 */
191
extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
192

193
/*
194
 * The implementation must reserve static storage for a
195
 * gss_OID_desc object containing the value
196
 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
197
 *              "\x01\x02\x01\x03"},
198
 * corresponding to an object-identifier value of
199
 * {iso(1) member-body(2) United States(840) mit(113554)
200
 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
201
 * The constant GSS_C_NT_STRING_UID_NAME should be
202
 * initialized to point to that gss_OID_desc.
203
 */
204
extern gss_OID GSS_C_NT_STRING_UID_NAME;
205

206
/*
207
 * The implementation must reserve static storage for a
208
 * gss_OID_desc object containing the value
209
 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
210
 * corresponding to an object-identifier value of
211
 * {iso(1) org(3) dod(6) internet(1) security(5)
212
 * nametypes(6) gss-host-based-services(2)).  The constant
213
 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
214
 * to that gss_OID_desc.  This is a deprecated OID value, and
215
 * implementations wishing to support hostbased-service names
216
 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
217
 * defined below, to identify such names;
218
 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
219
 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
220
 * parameter, but should not be emitted by GSS-API
221
 * implementations
222
 */
223
extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
224

225
/*
226
 * The implementation must reserve static storage for a
227
 * gss_OID_desc object containing the value
228
 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
229
 *              "\x01\x02\x01\x04"}, corresponding to an
230
 * object-identifier value of {iso(1) member-body(2)
231
 * Unites States(840) mit(113554) infosys(1) gssapi(2)
232
 * generic(1) service_name(4)}.  The constant
233
 * GSS_C_NT_HOSTBASED_SERVICE should be initialized
234
 * to point to that gss_OID_desc.
235
 */
236
extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
237

238
/*
239
 * The implementation must reserve static storage for a
240
 * gss_OID_desc object containing the value
241
 * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
242
 * corresponding to an object identifier value of
243
 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
244
 * 6(nametypes), 3(gss-anonymous-name)}.  The constant
245
 * and GSS_C_NT_ANONYMOUS should be initialized to point
246
 * to that gss_OID_desc.
247
 */
248
extern gss_OID GSS_C_NT_ANONYMOUS;
249

250
/*
251
 * The implementation must reserve static storage for a
252
 * gss_OID_desc object containing the value
253
 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
254
 * corresponding to an object-identifier value of
255
 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
256
 * 6(nametypes), 4(gss-api-exported-name)}.  The constant
257
 * GSS_C_NT_EXPORT_NAME should be initialized to point
258
 * to that gss_OID_desc.
259
 */
260
extern gss_OID GSS_C_NT_EXPORT_NAME;
261

262
/*
263
 *   This name form shall be represented by the Object Identifier {iso(1)
264
 *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
265
 *   krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
266
 *   is "GSS_KRB5_NT_PRINCIPAL_NAME".
267
 */
268
extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
269

270
/*
271
 * This name form shall be represented by the Object Identifier {iso(1)
272
 * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
273
 * generic(1) user_name(1)}.  The recommended symbolic name for this
274
 * type is "GSS_KRB5_NT_USER_NAME".
275
 */
276
extern gss_OID GSS_KRB5_NT_USER_NAME;
277

278
/*
279
 * This name form shall be represented by the Object Identifier {iso(1)
280
 * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
281
 * generic(1) machine_uid_name(2)}.  The recommended symbolic name for
282
 * this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
283
 */
284
extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
285

286
/*
287
 * This name form shall be represented by the Object Identifier {iso(1)
288
 * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
289
 * generic(1) string_uid_name(3)}.  The recommended symbolic name for
290
 * this type is "GSS_KRB5_NT_STRING_UID_NAME".
291
 */
292
extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
293

294
/* Major status codes */
295

296
#define GSS_S_COMPLETE 0
297

298
/*
299
 * Some "helper" definitions to make the status code macros obvious.
300
 */
301
#define GSS_C_CALLING_ERROR_OFFSET 24
302
#define GSS_C_ROUTINE_ERROR_OFFSET 16
303
#define GSS_C_SUPPLEMENTARY_OFFSET 0
304
#define GSS_C_CALLING_ERROR_MASK 0377ul
305
#define GSS_C_ROUTINE_ERROR_MASK 0377ul
306
#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
307

308
/*
309
 * The macros that test status codes for error conditions.
310
 * Note that the GSS_ERROR() macro has changed slightly from
311
 * the V1 GSS-API so that it now evaluates its argument
312
 * only once.
313
 */
314
#define GSS_CALLING_ERROR(x) \
315
 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
316
#define GSS_ROUTINE_ERROR(x) \
317
 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
318
#define GSS_SUPPLEMENTARY_INFO(x) \
319
 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
320
#define GSS_ERROR(x) \
321
 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
322
       (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
323

324
/*
325
 * Now the actual status code definitions
326
 */
327

328
/*
329
 * Calling errors:
330
 */
331
#define GSS_S_CALL_INACCESSIBLE_READ \
332
(1ul << GSS_C_CALLING_ERROR_OFFSET)
333
#define GSS_S_CALL_INACCESSIBLE_WRITE \
334
(2ul << GSS_C_CALLING_ERROR_OFFSET)
335
#define GSS_S_CALL_BAD_STRUCTURE \
336
(3ul << GSS_C_CALLING_ERROR_OFFSET)
337

338
/*
339
 * Routine errors:
340
 */
341
#define GSS_S_BAD_MECH             (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
342
#define GSS_S_BAD_NAME             (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
343
#define GSS_S_BAD_NAMETYPE         (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
344
#define GSS_S_BAD_BINDINGS         (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
345
#define GSS_S_BAD_STATUS           (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
346
#define GSS_S_BAD_SIG              (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
347
#define GSS_S_BAD_MIC		   GSS_S_BAD_SIG
348
#define GSS_S_NO_CRED              (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
349
#define GSS_S_NO_CONTEXT           (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
350
#define GSS_S_DEFECTIVE_TOKEN      (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
351
#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
352
#define GSS_S_CREDENTIALS_EXPIRED  (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
353
#define GSS_S_CONTEXT_EXPIRED      (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
354
#define GSS_S_FAILURE              (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
355
#define GSS_S_BAD_QOP              (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
356
#define GSS_S_UNAUTHORIZED         (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
357
#define GSS_S_UNAVAILABLE          (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
358
#define GSS_S_DUPLICATE_ELEMENT    (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
359
#define GSS_S_NAME_NOT_MN          (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
360

361
/*
362
 * Supplementary info bits:
363
 */
364
#define GSS_S_CONTINUE_NEEDED \
365
	 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
366
#define GSS_S_DUPLICATE_TOKEN \
367
	 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
368
#define GSS_S_OLD_TOKEN \
369
	 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
370
#define GSS_S_UNSEQ_TOKEN \
371
	 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
372
#define GSS_S_GAP_TOKEN \
373
	 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
374

375
/*
376
 * NI_MAXSERV and NI_MAXHOST.  The srv_principal argument for
377
 * rpc_gss_ip_to_srv_principal should point to at least
378
 * NI_MAXSERV + NI_MAXHOST + 1 bytes of storage. The "+ 1" is for the '@'.
379
 * The NI_MAXHOST limit is checked for gss_ip_to_dns().
380
 * These should be set to the same value as they are in <netdb.h>.
381
 */
382
#ifndef NI_MAXHOST
383
#define	NI_MAXSERV	32
384
#define	NI_MAXHOST	1025
385
#endif
386

387
__BEGIN_DECLS
388

389
/*
390
 * Finally, function prototypes for the GSS-API routines.
391
 */
392
OM_uint32 gss_acquire_cred
393
	      (OM_uint32 *,            /* minor_status */
394
	       const gss_name_t,       /* desired_name */
395
	       OM_uint32,              /* time_req */
396
	       const gss_OID_set,      /* desired_mechs */
397
	       gss_cred_usage_t,       /* cred_usage */
398
	       gss_cred_id_t *,        /* output_cred_handle */
399
	       gss_OID_set *,          /* actual_mechs */
400
	       OM_uint32 *             /* time_rec */
401
	      );
402

403
OM_uint32 gss_release_cred
404
	      (OM_uint32 *,            /* minor_status */
405
	       gss_cred_id_t *         /* cred_handle */
406
	      );
407

408
OM_uint32 gss_init_sec_context
409
	      (OM_uint32 *,            /* minor_status */
410
	       const gss_cred_id_t,    /* initiator_cred_handle */
411
	       gss_ctx_id_t *,         /* context_handle */
412
	       const gss_name_t,       /* target_name */
413
	       const gss_OID,          /* mech_type */
414
	       OM_uint32,              /* req_flags */
415
	       OM_uint32,              /* time_req */
416
	       const gss_channel_bindings_t,
417
				       /* input_chan_bindings */
418
	       const gss_buffer_t,     /* input_token */
419
	       gss_OID *,              /* actual_mech_type */
420
	       gss_buffer_t,           /* output_token */
421
	       OM_uint32 *,            /* ret_flags */
422
	       OM_uint32 *             /* time_rec */
423
	      );
424

425
OM_uint32 gss_init_sec_context_lucid_v1
426
	      (OM_uint32 *,            /* minor_status */
427
	       const gss_cred_id_t,    /* initiator_cred_handle */
428
	       gss_ctx_id_t *,         /* context_handle */
429
	       const gss_name_t,       /* target_name */
430
	       const gss_OID,          /* mech_type */
431
	       OM_uint32,              /* req_flags */
432
	       OM_uint32,              /* time_req */
433
	       const gss_channel_bindings_t,
434
				       /* input_chan_bindings */
435
	       const gss_buffer_t,     /* input_token */
436
	       gss_OID *,              /* actual_mech_type */
437
	       gss_buffer_t,           /* output_token */
438
	       OM_uint32 *,            /* ret_flags */
439
	       OM_uint32 *             /* time_rec */
440
	      );
441

442
OM_uint32 gss_supports_lucid
443
	      (OM_uint32 *,            /* minor_status */
444
	       OM_uint32 *             /* vers */
445
	      );
446

447
OM_uint32 gss_accept_sec_context
448
	      (OM_uint32 *,            /* minor_status */
449
	       gss_ctx_id_t *,         /* context_handle */
450
	       const gss_cred_id_t,    /* acceptor_cred_handle */
451
	       const gss_buffer_t,     /* input_token_buffer */
452
	       const gss_channel_bindings_t,
453
				       /* input_chan_bindings */
454
	       gss_name_t *,           /* src_name */
455
	       gss_OID *,              /* mech_type */
456
	       gss_buffer_t,           /* output_token */
457
	       OM_uint32 *,            /* ret_flags */
458
	       OM_uint32 *,            /* time_rec */
459
	       gss_cred_id_t *         /* delegated_cred_handle */
460
	      );
461

462
OM_uint32 gss_accept_sec_context_lucid_v1
463
	      (OM_uint32 *,            /* minor_status */
464
	       gss_ctx_id_t *,         /* context_handle */
465
	       const gss_cred_id_t,    /* acceptor_cred_handle */
466
	       const gss_buffer_t,     /* input_token_buffer */
467
	       const gss_channel_bindings_t,
468
				       /* input_chan_bindings */
469
	       gss_name_t *,           /* src_name */
470
	       gss_OID *,              /* mech_type */
471
	       gss_buffer_t,           /* output_token */
472
	       OM_uint32 *,            /* ret_flags */
473
	       OM_uint32 *,            /* time_rec */
474
	       gss_cred_id_t *,        /* delegated_cred_handle */
475
	       gss_buffer_t,           /* exported_name */
476
	       uid_t *,                /* Unix cred */
477
	       gid_t *,
478
	       int *,                  /* Number of groups */
479
	       gid_t *                 /* groups list */
480
	      );
481

482
OM_uint32 gss_delete_sec_context
483
	      (OM_uint32 *,            /* minor_status */
484
	       gss_ctx_id_t *,         /* context_handle */
485
	       gss_buffer_t            /* output_token */
486
	      );
487

488
OM_uint32 gss_get_mic
489
	      (OM_uint32 *,            /* minor_status */
490
	       const gss_ctx_id_t,     /* context_handle */
491
	       gss_qop_t,              /* qop_req */
492
	       const gss_buffer_t,     /* message_buffer */
493
	       gss_buffer_t            /* message_token */
494
	      );
495

496
OM_uint32 gss_verify_mic
497
	      (OM_uint32 *,            /* minor_status */
498
	       const gss_ctx_id_t,     /* context_handle */
499
	       const gss_buffer_t,     /* message_buffer */
500
	       const gss_buffer_t,     /* token_buffer */
501
	       gss_qop_t *             /* qop_state */
502
	      );
503

504
OM_uint32 gss_wrap
505
	      (OM_uint32 *,            /* minor_status */
506
	       const gss_ctx_id_t,     /* context_handle */
507
	       int,                    /* conf_req_flag */
508
	       gss_qop_t,              /* qop_req */
509
	       const gss_buffer_t,     /* input_message_buffer */
510
	       int *,                  /* conf_state */
511
	       gss_buffer_t            /* output_message_buffer */
512
	      );
513

514
OM_uint32 gss_unwrap
515
	      (OM_uint32 *,            /* minor_status */
516
	       const gss_ctx_id_t,     /* context_handle */
517
	       const gss_buffer_t,     /* input_message_buffer */
518
	       gss_buffer_t,           /* output_message_buffer */
519
	       int *,                  /* conf_state */
520
	       gss_qop_t *             /* qop_state */
521
	      );
522

523
OM_uint32 gss_display_status
524
	      (OM_uint32 *,            /* minor_status */
525
	       OM_uint32,              /* status_value */
526
	       int,                    /* status_type */
527
	       const gss_OID,          /* mech_type */
528
	       OM_uint32 *,            /* message_context */
529
	       gss_buffer_t            /* status_string */
530
	      );
531

532
OM_uint32 gss_import_name
533
	      (OM_uint32 *,            /* minor_status */
534
	       const gss_buffer_t,     /* input_name_buffer */
535
	       const gss_OID,          /* input_name_type */
536
	       gss_name_t *            /* output_name */
537
	      );
538

539
OM_uint32 gss_export_name
540
	      (OM_uint32 *,            /* minor_status */
541
	       const gss_name_t,       /* input_name */
542
	       gss_buffer_t            /* exported_name */
543
	      );
544

545
OM_uint32 gss_release_name
546
	      (OM_uint32 *,            /* minor_status */
547
	       gss_name_t *            /* input_name */
548
	      );
549

550
OM_uint32 gss_release_buffer
551
	      (OM_uint32 *,            /* minor_status */
552
	       gss_buffer_t            /* buffer */
553
	      );
554

555
OM_uint32 gss_release_oid_set
556
	      (OM_uint32 *,            /* minor_status */
557
	       gss_OID_set *           /* set */
558
	      );
559

560
OM_uint32 gss_wrap_size_limit (
561
	       OM_uint32 *,            /* minor_status */
562
	       const gss_ctx_id_t,     /* context_handle */
563
	       int,                    /* conf_req_flag */
564
	       gss_qop_t,              /* qop_req */
565
	       OM_uint32,              /* req_output_size */
566
	       OM_uint32 *             /* max_input_size */
567
	      );
568

569
OM_uint32 gss_create_empty_oid_set (
570
	       OM_uint32 *,            /* minor_status */
571
	       gss_OID_set *           /* oid_set */
572
	      );
573

574
OM_uint32 gss_add_oid_set_member (
575
	       OM_uint32 *,            /* minor_status */
576
	       const gss_OID,          /* member_oid */
577
	       gss_OID_set *           /* oid_set */
578
	      );
579

580
OM_uint32 gss_test_oid_set_member (
581
	       OM_uint32 *,            /* minor_status */
582
	       const gss_OID,          /* member */
583
	       const gss_OID_set,      /* set */
584
	       int *                   /* present */
585
	      );
586

587
OM_uint32 gss_canonicalize_name (
588
	       OM_uint32 *,            /* minor_status */
589
	       const gss_name_t,       /* input_name */
590
	       const gss_OID,          /* mech_type */
591
	       gss_name_t *            /* output_name */
592
	      );
593

594
/*
595
 * Other extensions and helper functions.
596
 */
597

598
OM_uint32 gss_set_cred_option
599
	      (OM_uint32 *,		/* minor status */
600
	       gss_cred_id_t *,		/* cred */
601
	       const gss_OID,		/* option to set */
602
	       const gss_buffer_t	/* option value */
603
	      );
604

605
OM_uint32 gss_pname_to_uid
606
	      (OM_uint32 *,		/* minor status */
607
	       const gss_name_t pname,	/* principal name */
608
	       const gss_OID mech,	/* mechanism to query */
609
	       uid_t *uidp		/* pointer to UID for result */
610
	      );
611

612
/*
613
 * On entry, *numgroups is set to the maximum number of groups to return. On exit, *numgroups is set to the actual number of groups returned.
614
 */
615
OM_uint32 gss_pname_to_unix_cred
616
	      (OM_uint32 *,		/* minor status */
617
	       const gss_name_t pname,	/* principal name */
618
	       const gss_OID mech,	/* mechanism to query */
619
	       uid_t *uidp,		/* pointer to UID for result */
620
	       gid_t *gidp,		/* pointer to GID for result */
621
	       int *numgroups,		/* number of groups */
622
	       gid_t *groups		/* pointer to group list */
623
	      );
624

625
OM_uint32 gss_ip_to_dns
626
	      (OM_uint32 *,		/* minor status */
627
	       char *ip_addr,	/* IP host address string */
628
	       char *dns_name		/* pointer to dns_name for result */
629
	      );
630

631
/*
632
 * Mbuf oriented message signing and encryption.
633
 *
634
 * Get_mic allocates an mbuf to hold the message checksum. Verify_mic
635
 * may modify the passed-in mic but will not free it.
636
 *
637
 * Wrap and unwrap
638
 * consume the message and generate a new mbuf chain with the
639
 * result. The original message is freed on error.
640
 */
641
struct mbuf;
642
OM_uint32 gss_get_mic_mbuf
643
	      (OM_uint32 *,            /* minor_status */
644
	       const gss_ctx_id_t,     /* context_handle */
645
	       gss_qop_t,              /* qop_req */
646
	       struct mbuf *,          /* message_buffer */
647
	       struct mbuf **          /* message_token */
648
	      );
649

650
OM_uint32 gss_verify_mic_mbuf
651
	      (OM_uint32 *,            /* minor_status */
652
	       const gss_ctx_id_t,     /* context_handle */
653
	       struct mbuf *,          /* message_buffer */
654
	       struct mbuf *,          /* token_buffer */
655
	       gss_qop_t *             /* qop_state */
656
	      );
657

658
OM_uint32 gss_wrap_mbuf
659
	      (OM_uint32 *,            /* minor_status */
660
	       const gss_ctx_id_t,     /* context_handle */
661
	       int,                    /* conf_req_flag */
662
	       gss_qop_t,              /* qop_req */
663
	       struct mbuf **,         /* message_buffer */
664
	       int *                   /* conf_state */
665
	      );
666

667
OM_uint32 gss_unwrap_mbuf
668
	      (OM_uint32 *,            /* minor_status */
669
	       const gss_ctx_id_t,     /* context_handle */
670
	       struct mbuf **,         /* message_buffer */
671
	       int *,                  /* conf_state */
672
	       gss_qop_t *             /* qop_state */
673
	      );
674

675
__END_DECLS
676

677
#endif /* _KGSSAPI_GSSAPI_H_ */
678

679
Product

Resources

Company
