#ifndef _GSSAPIP_KRB5_H_
#define _GSSAPIP_KRB5_H_
#include <krb5.h>
#ifdef HAVE_MEMORY_H
#include <memory.h>
#endif
#ifdef major
#undef major
#endif
#ifdef minor
#undef minor
#endif
#ifdef notdef
#include "gssapiP_generic.h"
#endif
#ifdef notdef
#include "gssapi_krb5.h"
#include "gssapi_err_krb5.h"
#endif
#undef CFX_EXERCISE
#define CKSUMTYPE_KG_CB 0x8003
#define KG_TOK_CTX_AP_REQ 0x0100
#define KG_TOK_CTX_AP_REP 0x0200
#define KG_TOK_CTX_ERROR 0x0300
#define KG_TOK_SIGN_MSG 0x0101
#define KG_TOK_SEAL_MSG 0x0201
#define KG_TOK_MIC_MSG 0x0101
#define KG_TOK_WRAP_MSG 0x0201
#define KG_TOK_DEL_CTX 0x0102
#define KG2_TOK_INITIAL 0x0101
#define KG2_TOK_RESPONSE 0x0202
#define KG2_TOK_MIC 0x0303
#define KG2_TOK_WRAP_INTEG 0x0404
#define KG2_TOK_WRAP_PRIV 0x0505
#define KRB5_GSS_FOR_CREDS_OPTION 1
#define KG2_RESP_FLAG_ERROR 0x0001
#define KG2_RESP_FLAG_DELEG_OK 0x0002
enum sgn_alg {
SGN_ALG_DES_MAC_MD5 = 0x0000,
SGN_ALG_MD2_5 = 0x0001,
SGN_ALG_DES_MAC = 0x0002,
SGN_ALG_3 = 0x0003,
SGN_ALG_HMAC_MD5 = 0x0011,
SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004
};
enum seal_alg {
SEAL_ALG_NONE = 0xffff,
SEAL_ALG_DES = 0x0000,
SEAL_ALG_1 = 0x0001,
SEAL_ALG_MICROSOFT_RC4 = 0x0010,
SEAL_ALG_DES3KD = 0x0002
};
#define KG_USAGE_SEAL 22
#define KG_USAGE_SIGN 23
#define KG_USAGE_SEQ 24
#define KG_USAGE_ACCEPTOR_SEAL 22
#define KG_USAGE_ACCEPTOR_SIGN 23
#define KG_USAGE_INITIATOR_SEAL 24
#define KG_USAGE_INITIATOR_SIGN 25
enum qop {
GSS_KRB5_INTEG_C_QOP_MD5 = 0x0001,
GSS_KRB5_INTEG_C_QOP_DES_MD5 = 0x0002,
GSS_KRB5_INTEG_C_QOP_DES_MAC = 0x0003,
GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004,
GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff,
GSS_KRB5_CONF_C_QOP_DES = 0x0100,
GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200,
GSS_KRB5_CONF_C_QOP_MASK = 0xff00
};
typedef krb5_principal krb5_gss_name_t;
typedef struct _krb5_gss_cred_id_rec {
k5_mutex_t lock;
gss_cred_usage_t usage;
krb5_principal princ;
int prerfc_mech;
int rfc_mech;
krb5_keytab keytab;
krb5_rcache rcache;
krb5_ccache ccache;
krb5_timestamp tgt_expire;
krb5_enctype *req_enctypes;
} krb5_gss_cred_id_rec, *krb5_gss_cred_id_t;
typedef struct _krb5_gss_ctx_id_rec {
unsigned int initiate : 1;
unsigned int established : 1;
unsigned int big_endian : 1;
unsigned int have_acceptor_subkey : 1;
unsigned int seed_init : 1;
OM_uint32 gss_flags;
unsigned char seed[16];
krb5_principal here;
krb5_principal there;
krb5_keyblock *subkey;
int signalg;
size_t cksum_size;
int sealalg;
krb5_keyblock *enc;
krb5_keyblock *seq;
krb5_timestamp endtime;
krb5_flags krb_flags;
gssint_uint64 seq_send;
gssint_uint64 seq_recv;
void *seqstate;
krb5_context k5_context;
krb5_auth_context auth_context;
gss_OID_desc *mech_used;
int proto;
krb5_cksumtype cksumtype;
krb5_keyblock *acceptor_subkey;
krb5_cksumtype acceptor_subkey_cksumtype;
int cred_rcache;
} krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
extern g_set kg_vdb;
extern k5_mutex_t gssint_krb5_keytab_lock;
#define kg_save_name(name) g_save_name(&kg_vdb,name)
#define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred)
#define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx)
#define kg_save_lucidctx_id(lctx) g_save_lucidctx_id(&kg_vdb,lctx)
#define kg_validate_name(name) g_validate_name(&kg_vdb,name)
#define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred)
#define kg_validate_ctx_id(ctx) g_validate_ctx_id(&kg_vdb,ctx)
#define kg_validate_lucidctx_id(lctx) g_validate_lucidctx_id(&kg_vdb,lctx)
#define kg_delete_name(name) g_delete_name(&kg_vdb,name)
#define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred)
#define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx)
#define kg_delete_lucidctx_id(lctx) g_delete_lucidctx_id(&kg_vdb,lctx)
OM_uint32 kg_get_defcred
(OM_uint32 *minor_status,
gss_cred_id_t *cred);
krb5_error_code kg_checksum_channel_bindings
(krb5_context context, gss_channel_bindings_t cb,
krb5_checksum *cksum,
int bigend);
krb5_error_code kg_make_seq_num (krb5_context context,
krb5_keyblock *key,
int direction, krb5_ui_4 seqnum, unsigned char *cksum,
unsigned char *buf);
krb5_error_code kg_get_seq_num (krb5_context context,
krb5_keyblock *key,
unsigned char *cksum, unsigned char *buf, int *direction,
krb5_ui_4 *seqnum);
krb5_error_code kg_make_seed (krb5_context context,
krb5_keyblock *key,
unsigned char *seed);
int kg_confounder_size (krb5_context context, krb5_keyblock *key);
krb5_error_code kg_make_confounder (krb5_context context,
krb5_keyblock *key, unsigned char *buf);
krb5_error_code kg_encrypt (krb5_context context,
krb5_keyblock *key, int usage,
krb5_pointer iv,
krb5_const_pointer in,
krb5_pointer out,
unsigned int length);
krb5_error_code
kg_arcfour_docrypt (const krb5_keyblock *longterm_key , int ms_usage,
const unsigned char *kd_data, size_t kd_data_len,
const unsigned char *input_buf, size_t input_len,
unsigned char *output_buf);
krb5_error_code kg_decrypt (krb5_context context,
krb5_keyblock *key, int usage,
krb5_pointer iv,
krb5_const_pointer in,
krb5_pointer out,
unsigned int length);
OM_uint32 kg_seal (OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
int conf_req_flag,
int qop_req,
gss_buffer_t input_message_buffer,
int *conf_state,
gss_buffer_t output_message_buffer,
int toktype);
OM_uint32 kg_unseal (OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t input_token_buffer,
gss_buffer_t message_buffer,
int *conf_state,
int *qop_state,
int toktype);
OM_uint32 kg_seal_size (OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 output_size,
OM_uint32 *input_size);
krb5_error_code kg_ctx_size (krb5_context kcontext,
krb5_pointer arg,
size_t *sizep);
krb5_error_code kg_ctx_externalize (krb5_context kcontext,
krb5_pointer arg,
krb5_octet **buffer,
size_t *lenremain);
krb5_error_code kg_ctx_internalize (krb5_context kcontext,
krb5_pointer *argp,
krb5_octet **buffer,
size_t *lenremain);
OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status);
OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status,
const char **out_name);
OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status,
const char *name);
OM_uint32 krb5_gss_acquire_cred
(OM_uint32*,
gss_name_t,
OM_uint32,
gss_OID_set,
gss_cred_usage_t,
gss_cred_id_t*,
gss_OID_set*,
OM_uint32*
);
OM_uint32 krb5_gss_release_cred
(OM_uint32*,
gss_cred_id_t*
);
OM_uint32 krb5_gss_init_sec_context
(OM_uint32*,
gss_cred_id_t,
gss_ctx_id_t*,
gss_name_t,
gss_OID,
OM_uint32,
OM_uint32,
gss_channel_bindings_t,
gss_buffer_t,
gss_OID*,
gss_buffer_t,
OM_uint32*,
OM_uint32*
);
OM_uint32 krb5_gss_accept_sec_context
(OM_uint32*,
gss_ctx_id_t*,
gss_cred_id_t,
gss_buffer_t,
gss_channel_bindings_t,
gss_name_t*,
gss_OID*,
gss_buffer_t,
OM_uint32*,
OM_uint32*,
gss_cred_id_t*
);
OM_uint32 krb5_gss_process_context_token
(OM_uint32*,
gss_ctx_id_t,
gss_buffer_t
);
OM_uint32 krb5_gss_delete_sec_context
(OM_uint32*,
gss_ctx_id_t*,
gss_buffer_t
);
OM_uint32 krb5_gss_context_time
(OM_uint32*,
gss_ctx_id_t,
OM_uint32*
);
OM_uint32 krb5_gss_sign
(OM_uint32*,
gss_ctx_id_t,
int,
gss_buffer_t,
gss_buffer_t
);
OM_uint32 krb5_gss_verify
(OM_uint32*,
gss_ctx_id_t,
gss_buffer_t,
gss_buffer_t,
int*
);
OM_uint32 krb5_gss_seal
(OM_uint32*,
gss_ctx_id_t,
int,
int,
gss_buffer_t,
int*,
gss_buffer_t
);
OM_uint32 krb5_gss_unseal
(OM_uint32*,
gss_ctx_id_t,
gss_buffer_t,
gss_buffer_t,
int*,
int*
);
OM_uint32 krb5_gss_display_status
(OM_uint32*,
OM_uint32,
int,
gss_OID,
OM_uint32*,
gss_buffer_t
);
OM_uint32 krb5_gss_indicate_mechs
(OM_uint32*,
gss_OID_set*
);
OM_uint32 krb5_gss_compare_name
(OM_uint32*,
gss_name_t,
gss_name_t,
int*
);
OM_uint32 krb5_gss_display_name
(OM_uint32*,
gss_name_t,
gss_buffer_t,
gss_OID*
);
OM_uint32 krb5_gss_import_name
(OM_uint32*,
gss_buffer_t,
gss_OID,
gss_name_t*
);
OM_uint32 krb5_gss_release_name
(OM_uint32*,
gss_name_t*
);
OM_uint32 krb5_gss_inquire_cred
(OM_uint32 *,
gss_cred_id_t,
gss_name_t *,
OM_uint32 *,
gss_cred_usage_t*,
gss_OID_set *
);
OM_uint32 krb5_gss_inquire_context
(OM_uint32*,
gss_ctx_id_t,
gss_name_t*,
gss_name_t*,
OM_uint32*,
gss_OID*,
OM_uint32*,
int*,
int*
);
OM_uint32 krb5_gss_get_mic
(OM_uint32 *,
gss_ctx_id_t,
gss_qop_t,
gss_buffer_t,
gss_buffer_t
);
OM_uint32 krb5_gss_verify_mic
(OM_uint32 *,
gss_ctx_id_t,
gss_buffer_t,
gss_buffer_t,
gss_qop_t *
);
OM_uint32 krb5_gss_wrap
(OM_uint32 *,
gss_ctx_id_t,
int,
gss_qop_t,
gss_buffer_t,
int *,
gss_buffer_t
);
OM_uint32 krb5_gss_unwrap
(OM_uint32 *,
gss_ctx_id_t,
gss_buffer_t,
gss_buffer_t,
int *,
gss_qop_t *
);
OM_uint32 krb5_gss_wrap_size_limit
(OM_uint32 *,
gss_ctx_id_t,
int,
gss_qop_t,
OM_uint32,
OM_uint32 *
);
OM_uint32 krb5_gss_import_name_object
(OM_uint32 *,
void *,
gss_OID,
gss_name_t *
);
OM_uint32 krb5_gss_export_name_object
(OM_uint32 *,
gss_name_t,
gss_OID,
void * *
);
OM_uint32 krb5_gss_add_cred
(OM_uint32 *,
gss_cred_id_t,
gss_name_t,
gss_OID,
gss_cred_usage_t,
OM_uint32,
OM_uint32,
gss_cred_id_t *,
gss_OID_set *,
OM_uint32 *,
OM_uint32 *
);
OM_uint32 krb5_gss_inquire_cred_by_mech
(OM_uint32 *,
gss_cred_id_t,
gss_OID,
gss_name_t *,
OM_uint32 *,
OM_uint32 *,
gss_cred_usage_t *
);
OM_uint32 krb5_gss_export_sec_context
(OM_uint32 *,
gss_ctx_id_t *,
gss_buffer_t
);
OM_uint32 krb5_gss_import_sec_context
(OM_uint32 *,
gss_buffer_t,
gss_ctx_id_t *
);
krb5_error_code krb5_gss_ser_init(krb5_context);
OM_uint32 krb5_gss_release_oid
(OM_uint32 *,
gss_OID *
);
OM_uint32 krb5_gss_inquire_names_for_mech
(OM_uint32 *,
gss_OID,
gss_OID_set *
);
OM_uint32 krb5_gss_canonicalize_name
(OM_uint32 *,
const gss_name_t,
const gss_OID,
gss_name_t *
);
OM_uint32 krb5_gss_export_name
(OM_uint32 *,
const gss_name_t,
gss_buffer_t
);
OM_uint32 krb5_gss_duplicate_name
(OM_uint32 *,
const gss_name_t,
gss_name_t *
);
OM_uint32 krb5_gss_validate_cred
(OM_uint32 *,
gss_cred_id_t
);
OM_uint32
krb5_gss_validate_cred_1(OM_uint32 * ,
gss_cred_id_t ,
krb5_context );
gss_OID krb5_gss_convert_static_mech_oid(gss_OID oid);
krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context,
krb5_gss_ctx_id_rec *,
const gss_buffer_desc *,
gss_buffer_t,
int, int);
OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr,
OM_uint32 *minor_status,
krb5_gss_ctx_id_rec *ctx,
unsigned char *ptr, int bodysize,
gss_buffer_t message_buffer,
int *conf_state, int *qop_state,
int toktype);
#endif