Cradicle Explorer
darling-Heimdal
/ gen / gssapi-rewrite-headers / GSS / gssapi_apple.h
gssapi_apple.h
  1  /* This is a generated file */
  2  #ifndef __gssapi_apple_h__
  3  #define __gssapi_apple_h__
  4  
  5  #include <stdarg.h>
  6  
  7  #ifndef HEIMDAL_PRINTF_ATTRIBUTE
  8  #if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))
  9  #define HEIMDAL_PRINTF_ATTRIBUTE(x) __attribute__((format x))
 10  #else
 11  #define HEIMDAL_PRINTF_ATTRIBUTE(x)
 12  #endif
 13  #endif
 14  
 15  #ifdef __cplusplus
 16  extern "C" {
 17  #endif
 18  
 19  #ifndef GSS_LIB
 20  #ifndef GSS_LIB_FUNCTION
 21  #if defined(_WIN32)
 22  #define GSS_LIB_FUNCTION __declspec(dllimport)
 23  #define GSS_LIB_CALL __stdcall
 24  #define GSS_LIB_VARIABLE __declspec(dllimport)
 25  #else
 26  #define GSS_LIB_FUNCTION
 27  #define GSS_LIB_CALL
 28  #define GSS_LIB_VARIABLE
 29  #endif
 30  #endif
 31  #endif
 32  /**
 33   * Returns a GSS credential for a given UUID if the credential exists.
 34   *
 35   * @param uuid the UUID of the credential to fetch
 36   *
 37   * @returns a gss_cred_id_t, normal CoreFoundaton rules for rules
 38   * applies so the CFUUIDRef needs to be released with either CFRelease() or gss_release_name().
 39   *
 40   * @ingroup gssapi
 41   */
 42  
 43  __nullable gss_cred_id_t GSSAPI_LIB_FUNCTION
 44  GSSCreateCredentialFromUUID (__nonnull CFUUIDRef uuid)  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
 45  
 46  __nullable CFErrorRef
 47  GSSCreateError (
 48  	__nonnull gss_const_OID mech,
 49  	OM_uint32 major_status,
 50  	OM_uint32 minor_status)  __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
 51  
 52  /**
 53   * Create a GSS name from a buffer and type.
 54   *
 55   * @param name name buffer describing a credential, can be either a CFDataRef or CFStringRef of a name.
 56   * @param name_type on OID of the GSS_C_NT_* OIDs constants specifiy the name type.
 57   * @param error if an error happen, this may be set to a CFErrorRef describing the failure futher.
 58   *
 59   * @returns returns gss_name_t or NULL on failure. Must be freed using gss_release_name() or CFRelease(). Follows CoreFoundation Create/Copy rule.
 60   *
 61   * @ingroup gssapi
 62   */
 63  
 64  __nullable gss_name_t
 65  GSSCreateName (
 66  	__nonnull CFTypeRef name,
 67  	__nonnull gss_const_OID name_type,
 68  	__nullable CFErrorRef *__nullable error)  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
 69  
 70  /**
 71   * Copy the name describing the credential
 72   *
 73   * @param cred the credential to get the name from
 74   *
 75   * @returns returns gss_name_t or NULL on failure. Must be freed using gss_release_name() or CFRelease(). Follows CoreFoundation Create/Copy rule.
 76   *
 77   * @ingroup gssapi
 78   */
 79  
 80  __nullable gss_name_t
 81  GSSCredentialCopyName (__nonnull gss_cred_id_t cred)  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
 82  
 83  /**
 84   * Returns a copy of the UUID of the GSS credential
 85   *
 86   * @param credential credential
 87   *
 88   * @returns CFUUIDRef that can be used to turn into a credential,
 89   * normal CoreFoundaton rules for rules applies so the CFUUIDRef needs
 90   * to be released.
 91   *
 92   * @ingroup gssapi
 93   */
 94  
 95  __nullable CFUUIDRef
 96  GSSCredentialCopyUUID (gss_cred_id_t __nonnull credential)  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
 97  
 98  /**
 99   * Return the lifetime (in seconds) left of the credential.
100   *
101   * @param cred the credential to get the name from
102   *
103   * @returns the lifetime of the credentials. 0 on failure and
104   * GSS_C_INDEFINITE on credentials that never expire.
105   *
106   * @ingroup gssapi
107   */
108  
109  OM_uint32
110  GSSCredentialGetLifetime (__nonnull gss_cred_id_t cred)  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
111  
112  /**
113   * Returns a string that is suitable for displaying to user, must not
114   * be used for verify subjects on an ACLs.
115   *
116   * @param name to get a display strings from
117   *
118   * @returns a string that is printable. Follows CoreFoundation Create/Copy rule.
119   *
120   * @ingroup gssapi
121   */
122  
123  __nullable CFStringRef
124  GSSNameCreateDisplayString (__nonnull gss_name_t name)  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
125  
126  /**
127   * Change pasword for a gss name
128   *
129   * @param name name to change password for
130   * @param mech mechanism to use
131   * @param attributes old and new password (kGSSChangePasswordOldPassword and kGSSChangePasswordNewPassword) and other attributes.
132   * @param error if not NULL, error might be set case function doesn't
133   *       return GSS_S_COMPLETE, in that case is must be released with
134   *       CFRelease().
135   *
136   * @returns returns GSS_S_COMPLETE on success, error might be set if passed in.
137   *
138   * @ingroup gssapi
139   */
140  
141  OM_uint32 GSSAPI_LIB_FUNCTION
142  gss_aapl_change_password (
143  	__nonnull const gss_name_t name,
144  	__nonnull gss_const_OID mech,
145  	__nonnull CFDictionaryRef attributes,
146  	__nullable CFErrorRef *__nullable error)  __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_6_0);
147  
148  /**
149   * Acquire a new initial credentials using long term credentials (password, certificate).
150   *
151   * Credentials acquired should be free-ed with gss_release_cred() or
152   * destroyed with (removed from storage) gss_destroy_cred().
153   *
154   * Some mechanism types can not directly acquire or validate
155   * credential (for example PK-U2U, SCRAM, NTLM or IAKERB), for those
156   * mechanisms its instead the gss_init_sec_context() that will either acquire or
157   * force validation of the credential.
158   *
159   * This function is blocking and should not be used on threads used for UI updates.
160   *
161   * @param desired_name name to use to acquire credential. Import the name using gss_import_name(). The type of the name has to be supported by the desired_mech used.
162   *
163   * @param desired_mech mechanism to use to acquire credential. GSS_C_NO_OID is not valid input and a mechanism must be selected. For example GSS_KRB5_MECHANISM, GSS_NTLM_MECHNISM or any other mechanisms supported by the implementation. See gss_indicate_mechs().
164   *
165   * @param attributes CFDictionary that contains how to acquire the credential, see below for examples
166   *
167   * @param output_cred_handle the resulting credential handle, value is set to GSS_C_NO_CREDENTIAL on failure.
168   *
169   * @param error an CFErrorRef returned in case of an error, that needs to be released with CFRelease() by the caller, input can be NULL.
170   *
171   * @returns a gss_error code, see the CFErrorRef passed back in error for the failure message.
172   *
173   * attributes must contains one of the following keys
174   * * kGSSICPassword - CFStringRef password
175   * * kGSSICCertificate - SecIdentityRef, SecCertificate, or CFDataRef[data of a Keychain Persistent Reference] to the certificate to use with PKINIT/PKU2U
176   *
177   * optional keys
178   * * kGSSCredentialUsage - one of kGSS_C_INITIATE, kGSS_C_ACCEPT, kGSS_C_BOTH, default if not given is kGSS_C_INITIATE
179   * * kGSSICVerifyCredential - validate the credential with a trusted source that there was no MITM
180   * * kGSSICLKDCHostname - CFStringRef hostname of LKDC hostname
181   * * kGSSICKerberosCacheName - CFStringRef name of cache that will be created (including type)
182   * * kGSSICSiteName - CFStringRef name of site (you are authenticating too) used for load balancing in DNS in Kerberos)
183   * * kGSSICAppIdentifierACL - CFArrayRef[CFStringRef] prefix of bundle ID allowed to access this credential
184   * * kGSSICCreateNewCredential - CFBooleanRef if set caller wants to create a new credential and not overwrite a credential with the same name
185   * * kGSSICAuthenticationContext - CFBooleanRef/YES to allow authentication UI, or LAContext to pass a pre-evaluated authentication context
186   *
187   * * kGSSICAppleSourceApp - CFDictionaryRef application we are performing this on behalf of (only applies to AppVPN)
188   *
189   * Keys for kGSSICAppleSourceApp dictionary:
190   *
191   * - kGSSICAppleSourceAppAuditToken - audit token of process this is
192   *  		preformed on behalf of, the audit_token_t is wrapped
193   *  		in a CFDataRef.
194   * - kGSSICAppleSourceAppPID - PID in a CFNumberRef of process this is
195   *              preformed on behalf of
196   * - kGSSICAppleSourceAppUUID - UUID of the application
197   * - kGSSICAppleSourceAppSigningIdentity - bundle/signing identity of the application
198   *
199   *	  
200   * @ingroup gssapi
201   */
202  
203  OM_uint32 GSSAPI_LIB_FUNCTION
204  gss_aapl_initial_cred (
205  	__nonnull const gss_name_t desired_name,
206  	__nonnull gss_const_OID desired_mech,
207  	__nullable CFDictionaryRef attributes,
208  	__nonnull gss_cred_id_t * __nullable output_cred_handle,
209  	__nullable CFErrorRef *__nullable error)  __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
210  
211  #ifdef __cplusplus
212  }
213  #endif
214  
215  #endif /* __gssapi_apple_h__ */