gssapi.h
1 /* 2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #ifndef GSSAPI_GSSAPI_H_ 37 #define GSSAPI_GSSAPI_H_ 38 39 /* 40 * First, include stddef.h to get size_t defined. 41 */ 42 #include <stddef.h> 43 44 #include <krb5-types.h> 45 46 #ifndef BUILD_GSSAPI_LIB 47 #if defined(_WIN32) 48 #define GSSAPI_LIB_FUNCTION __declspec(dllimport) 49 #define GSSAPI_LIB_CALL __stdcall 50 #define GSSAPI_LIB_VARIABLE __declspec(dllimport) 51 #else 52 #define GSSAPI_LIB_FUNCTION 53 #define GSSAPI_LIB_CALL 54 #define GSSAPI_LIB_VARIABLE 55 #endif 56 #endif 57 58 #ifdef __GSS_ITER_CRED_USES_CONST_OID 59 #define gss_iter_OID gss_const_OID 60 #else 61 #define gss_iter_OID gss_OID 62 #endif 63 64 /* Compatiblity with MIT Kerberos on the Mac */ 65 #if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__)) 66 #pragma pack(push,2) 67 #endif 68 69 70 #ifdef __cplusplus 71 #define GSSAPI_CPP_START extern "C" { 72 #define GSSAPI_CPP_END } 73 #else 74 #define GSSAPI_CPP_START 75 #define GSSAPI_CPP_END 76 #endif 77 78 #ifdef _WIN32 79 #define GSSAPI_CALLCONV __stdcall 80 #else 81 #define GSSAPI_CALLCONV 82 #endif 83 84 /* 85 * Now define the three implementation-dependent types. 86 */ 87 88 typedef uint32_t OM_uint32; 89 typedef uint64_t OM_uint64; 90 91 typedef uint32_t gss_uint32; 92 93 struct gss_name_t_desc_struct; 94 typedef struct gss_name_t_desc_struct *gss_name_t; 95 typedef const struct gss_name_t_desc_struct *gss_const_name_t; 96 97 struct gss_ctx_id_t_desc_struct; 98 typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t; 99 typedef const struct gss_ctx_id_t_desc_struct gss_const_ctx_id_t; 100 101 typedef struct gss_OID_desc_struct { 102 OM_uint32 length; 103 void *elements; 104 } gss_OID_desc, *gss_OID; 105 typedef const gss_OID_desc * gss_const_OID; 106 107 typedef struct gss_OID_set_desc_struct { 108 size_t count; 109 gss_OID elements; 110 } gss_OID_set_desc, *gss_OID_set; 111 typedef const gss_OID_set_desc * gss_const_OID_set; 112 113 typedef int gss_cred_usage_t; 114 115 struct gss_cred_id_t_desc_struct; 116 typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t; 117 typedef const struct gss_cred_id_t_desc_struct *gss_const_cred_id_t; 118 119 typedef struct gss_buffer_desc_struct { 120 size_t length; 121 void *value; 122 } gss_buffer_desc, *gss_buffer_t; 123 typedef const gss_buffer_desc * gss_const_buffer_t; 124 125 typedef struct gss_channel_bindings_struct { 126 OM_uint32 initiator_addrtype; 127 gss_buffer_desc initiator_address; 128 OM_uint32 acceptor_addrtype; 129 gss_buffer_desc acceptor_address; 130 gss_buffer_desc application_data; 131 } *gss_channel_bindings_t; 132 typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t; 133 134 /* GGF extension data types */ 135 typedef struct gss_buffer_set_desc_struct { 136 size_t count; 137 gss_buffer_desc *elements; 138 } gss_buffer_set_desc, *gss_buffer_set_t; 139 140 typedef struct gss_iov_buffer_desc_struct { 141 OM_uint32 type; 142 gss_buffer_desc buffer; 143 } gss_iov_buffer_desc, *gss_iov_buffer_t; 144 145 /* 146 * For now, define a QOP-type as an OM_uint32 147 */ 148 typedef OM_uint32 gss_qop_t; 149 150 /* XXX glue for old code */ 151 typedef OM_uint32 *gss_status_id_t; 152 typedef struct gss_auth_identity *gss_auth_identity_t; 153 154 /* 155 * Flag bits for context-level services. 156 */ 157 #define GSS_C_DELEG_FLAG 1 158 #define GSS_C_MUTUAL_FLAG 2 159 #define GSS_C_REPLAY_FLAG 4 160 #define GSS_C_SEQUENCE_FLAG 8 161 #define GSS_C_CONF_FLAG 16 162 #define GSS_C_INTEG_FLAG 32 163 #define GSS_C_ANON_FLAG 64 164 #define GSS_C_PROT_READY_FLAG 128 165 #define GSS_C_TRANS_FLAG 256 166 167 #define GSS_C_DCE_STYLE 4096 168 #define GSS_C_IDENTIFY_FLAG 8192 169 #define GSS_C_EXTENDED_ERROR_FLAG 16384 170 #define GSS_C_DELEG_POLICY_FLAG 32768 171 172 /* 173 * Credential usage options 174 */ 175 #define GSS_C_BOTH 0 176 #define GSS_C_INITIATE 1 177 #define GSS_C_ACCEPT 2 178 179 #define GSS_C_OPTION_MASK 0xffff 180 #define GSS_C_CRED_NO_UI 0x10000 181 182 /* 183 * Status code types for gss_display_status 184 */ 185 #define GSS_C_GSS_CODE 1 186 #define GSS_C_MECH_CODE 2 187 188 /* 189 * The constant definitions for channel-bindings address families 190 */ 191 #define GSS_C_AF_UNSPEC 0 192 #define GSS_C_AF_LOCAL 1 193 #define GSS_C_AF_INET 2 194 #define GSS_C_AF_IMPLINK 3 195 #define GSS_C_AF_PUP 4 196 #define GSS_C_AF_CHAOS 5 197 #define GSS_C_AF_NS 6 198 #define GSS_C_AF_NBS 7 199 #define GSS_C_AF_ECMA 8 200 #define GSS_C_AF_DATAKIT 9 201 #define GSS_C_AF_CCITT 10 202 #define GSS_C_AF_SNA 11 203 #define GSS_C_AF_DECnet 12 204 #define GSS_C_AF_DLI 13 205 #define GSS_C_AF_LAT 14 206 #define GSS_C_AF_HYLINK 15 207 #define GSS_C_AF_APPLETALK 16 208 #define GSS_C_AF_BSC 17 209 #define GSS_C_AF_DSS 18 210 #define GSS_C_AF_OSI 19 211 #define GSS_C_AF_X25 21 212 #define GSS_C_AF_INET6 24 213 214 #define GSS_C_AF_NULLADDR 255 215 216 /* 217 * Various Null values 218 */ 219 #define GSS_C_NO_NAME ((gss_name_t) 0) 220 #define GSS_C_NO_BUFFER ((gss_buffer_t) 0) 221 #define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0) 222 #define GSS_C_NO_OID ((gss_OID) 0) 223 #define GSS_C_NO_OID_SET ((gss_OID_set) 0) 224 #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) 225 #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) 226 #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) 227 #define GSS_C_EMPTY_BUFFER {0, NULL} 228 #define GSS_C_NO_IOV_BUFFER ((gss_iov_buffer_t)0) 229 230 /* 231 * Some alternate names for a couple of the above 232 * values. These are defined for V1 compatibility. 233 */ 234 #define GSS_C_NULL_OID GSS_C_NO_OID 235 #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET 236 237 /* 238 * Define the default Quality of Protection for per-message 239 * services. Note that an implementation that offers multiple 240 * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero 241 * (as done here) to mean "default protection", or to a specific 242 * explicit QOP value. However, a value of 0 should always be 243 * interpreted by a GSSAPI implementation as a request for the 244 * default protection level. 245 */ 246 #define GSS_C_QOP_DEFAULT 0 247 248 #define GSS_KRB5_CONF_C_QOP_DES 0x0100 249 #define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 250 251 /* 252 * Expiration time of 2^32-1 seconds means infinite lifetime for a 253 * credential or security context 254 */ 255 #define GSS_C_INDEFINITE 0xfffffffful 256 257 /* 258 * Type of gss_wrap_iov()/gss_unwrap_iov(). 259 */ 260 261 #define GSS_IOV_BUFFER_TYPE_EMPTY 0 262 #define GSS_IOV_BUFFER_TYPE_DATA 1 263 #define GSS_IOV_BUFFER_TYPE_HEADER 2 264 #define GSS_IOV_BUFFER_TYPE_MECH_PARAMS 3 265 266 #define GSS_IOV_BUFFER_TYPE_TRAILER 7 267 #define GSS_IOV_BUFFER_TYPE_PADDING 9 268 #define GSS_IOV_BUFFER_TYPE_STREAM 10 269 #define GSS_IOV_BUFFER_TYPE_SIGN_ONLY 11 270 271 #define GSS_IOV_BUFFER_TYPE_FLAG_MASK 0xffff0000 272 #define GSS_IOV_BUFFER_FLAG_ALLOCATE 0x00010000 273 #define GSS_IOV_BUFFER_FLAG_ALLOCATED 0x00020000 274 275 #define GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE 0x00010000 /* old name */ 276 #define GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED 0x00020000 /* old name */ 277 278 #define GSS_IOV_BUFFER_TYPE(_t) ((_t) & ~GSS_IOV_BUFFER_TYPE_FLAG_MASK) 279 #define GSS_IOV_BUFFER_FLAGS(_t) ((_t) & GSS_IOV_BUFFER_TYPE_FLAG_MASK) 280 281 GSSAPI_CPP_START 282 283 #ifndef __KRB5_H__ /* provide forward declaration if its not already defined */ 284 struct krb5_ccache_data; /* for gss_krb5_copy_ccache, deprecated */ 285 #endif 286 287 #include <gssapi_oid.h> 288 #include <gssapi_protos.h> 289 290 /* Major status codes */ 291 292 #define GSS_S_COMPLETE 0 293 294 /* 295 * Some "helper" definitions to make the status code macros obvious. 296 */ 297 #define GSS_C_CALLING_ERROR_OFFSET 24 298 #define GSS_C_ROUTINE_ERROR_OFFSET 16 299 #define GSS_C_SUPPLEMENTARY_OFFSET 0 300 #define GSS_C_CALLING_ERROR_MASK 0377ul 301 #define GSS_C_ROUTINE_ERROR_MASK 0377ul 302 #define GSS_C_SUPPLEMENTARY_MASK 0177777ul 303 304 /* 305 * The macros that test status codes for error conditions. 306 * Note that the GSS_ERROR() macro has changed slightly from 307 * the V1 GSSAPI so that it now evaluates its argument 308 * only once. 309 */ 310 #define GSS_CALLING_ERROR(x) \ 311 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) 312 #define GSS_ROUTINE_ERROR(x) \ 313 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) 314 #define GSS_SUPPLEMENTARY_INFO(x) \ 315 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) 316 #define GSS_ERROR(x) \ 317 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ 318 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) 319 320 /* 321 * Now the actual status code definitions 322 */ 323 324 /* 325 * Calling errors: 326 */ 327 #define GSS_S_CALL_INACCESSIBLE_READ \ 328 (1ul << GSS_C_CALLING_ERROR_OFFSET) 329 #define GSS_S_CALL_INACCESSIBLE_WRITE \ 330 (2ul << GSS_C_CALLING_ERROR_OFFSET) 331 #define GSS_S_CALL_BAD_STRUCTURE \ 332 (3ul << GSS_C_CALLING_ERROR_OFFSET) 333 334 /* 335 * Routine errors: 336 */ 337 #define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET) 338 #define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET) 339 #define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET) 340 341 #define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET) 342 #define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET) 343 #define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET) 344 #define GSS_S_BAD_MIC GSS_S_BAD_SIG 345 #define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET) 346 #define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET) 347 #define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET) 348 #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) 349 #define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) 350 #define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) 351 #define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) 352 #define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) 353 #define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) 354 #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) 355 #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) 356 #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) 357 #define GSS_S_BAD_MECH_ATTR (19ul << GSS_C_ROUTINE_ERROR_OFFSET) 358 359 /* 360 * Apparently awating spec fix. 361 */ 362 #define GSS_S_CRED_UNAVAIL GSS_S_FAILURE 363 364 /* 365 * Supplementary info bits: 366 */ 367 #define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) 368 #define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) 369 #define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) 370 #define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) 371 #define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) 372 373 /* gss_acquire_cred options mask hack */ 374 #define GSS_C_OPTION_MASK 0xffff 375 #define GSS_C_CRED_NO_UI 0x10000 376 377 /* 378 * RFC 4401 - gss_pseudo_random 379 */ 380 381 #define GSS_C_PRF_KEY_FULL 0 382 #define GSS_C_PRF_KEY_PARTIAL 1 383 384 extern GSSAPI_LIB_VARIABLE gss_buffer_desc __gss_c_attr_local_login_user; 385 #define GSS_C_ATTR_LOCAL_LOGIN_USER (&__gss_c_attr_local_login_user) 386 387 /* 388 * 389 */ 390 391 #ifdef __APPLE__ 392 393 #include <CoreFoundation/CoreFoundation.h> 394 395 #define kGSSICPassword CFSTR("kGSSICPassword") 396 #define kGSSICCertificate CFSTR("kGSSICCertificate") 397 #define kGSSICVerifyCredential CFSTR("kGSSICVerifyCredential") 398 399 #define kGSSCredentialUsage CFSTR("kGSSCredentialUsage") 400 #define kGSS_C_INITIATE CFSTR("kGSS_C_INITIATE") 401 #define kGSS_C_ACCEPT CFSTR("kGSS_C_ACCEPT") 402 #define kGSS_C_BOTH CFSTR("kGSS_C_BOTH") 403 404 #define kGSSICLKDCHostname CFSTR("kGSSICLKDCHostname") 405 406 #define kGSSICKerberosCacheName CFSTR("kGSSICKerberosCacheName") 407 #define kGSSICSiteName CFSTR("kGSSICSiteName") 408 #define kGSSICAppIdentifierACL CFSTR("kGSSICAppIdentifierACL") 409 #define kGSSICVerifyCredentialAcceptorName CFSTR("kGSSICVerifyCredentialAcceptorName") 410 #define kGSSICCreateNewCredential CFSTR("kGSSICCreateNewCredential") 411 #define kGSSICAppleSourceApp CFSTR("kGSSICAppleSourceApp") 412 #define kGSSICAppleSourceAppAuditToken CFSTR("kGSSICAppleSourceAppAuditToken") 413 #define kGSSICAppleSourceAppPID CFSTR("kGSSICAppleSourceAppPID") 414 #define kGSSICAppleSourceAppSigningIdentity CFSTR("kGSSICAppleSourceAppSigningIdentity") 415 416 #define kGSSICAuthenticationContext CFSTR("kGSSICAuthenticationContext") 417 418 #include <gssapi_apple.h> 419 420 421 #define kGSSChangePasswordOldPassword CFSTR("kGSSChangePasswordOldPassword") 422 #define kGSSChangePasswordNewPassword CFSTR("kGSSChangePasswordNewPassword") 423 424 #endif 425 426 /* Include Apple private SPI */ 427 #ifdef __GSSAPI_APPLE_API_PRIVATE 428 #include <gssapi_spi.h> 429 #endif 430 431 GSSAPI_CPP_END 432 433 #if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__)) 434 #pragma pack(pop) 435 #endif 436 437 #endif /* GSSAPI_GSSAPI_H_ */