GRAYBYTE | AutoShopMaker

Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

/* * Copyright 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ #ifndef GSSAPI_EXT_H_ #define GSSAPI_EXT_H_ #include <gssapi/gssapi.h> #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ /* * Solaris extensions */ #ifndef _WIN32 OM_uint32 KRB5_CALLCONV gss_pname_to_uid (OM_uint32 *minor, const gss_name_t name, const gss_OID mech_type, uid_t *uidOut); #endif /** * Provides a platform-specific name for a GSSAPI name as interpreted by a * given mechanism. * * @param [out] minor Minor status code * @param [in] name The gss name resulting from accept_sec_context * @param [in] mech_type The mechanism that will be asked to map @a name to a * local name * @param [out] localname Caller-allocated buffer to be filled in with the * local name on success */ OM_uint32 KRB5_CALLCONV gss_localname (OM_uint32 *minor, const gss_name_t name, gss_const_OID mech_type, gss_buffer_t localname); /** * Determine whether a mechanism name is authorized to act as a username. * * @param [in] name Mechanism name * @param [in] username System username * * This is a simple wrapper around gss_authorize_localname(). It only supports * system usernames as local names, and cannot distinguish between lack of * authorization and other errors. * * @retval 1 @a name is authorized to act as @a username * @retval 0 @a name is not authorized or an error occurred */ int KRB5_CALLCONV gss_userok(const gss_name_t name, const char *username); /** * Determine whether a mechanism name is authorized to act as a local name. * * @param [out] minor Minor status code * @param [in] name Mechanism name * @param [in] user Local name * * @a name is a mechanism name, typically the result of a completed * gss_accept_sec_context(). @a user is an internal name representing a local * name, such as a name imported by gss_import_name() with an @a * input_name_type of @c GSS_C_NT_USER_NAME. * * @return Return GSS_S_COMPLETE if @a name is authorized to act as @a user, * GSS_S_UNAUTHORIZED if not, or an appropriate GSS error code if an error * occurred. * * @sa gss_userok */ OM_uint32 KRB5_CALLCONV gss_authorize_localname(OM_uint32 *minor, const gss_name_t name, const gss_name_t user); OM_uint32 KRB5_CALLCONV gss_acquire_cred_with_password( OM_uint32 *, /* minor_status */ const gss_name_t, /* desired_name */ const gss_buffer_t, /* password */ OM_uint32, /* time_req */ const gss_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *); /* time_rec */ OM_uint32 KRB5_CALLCONV gss_add_cred_with_password( OM_uint32 *, /* minor_status */ const gss_cred_id_t,/* input_cred_handle */ const gss_name_t, /* desired_name */ const gss_OID, /* desired_mech */ const gss_buffer_t, /* password */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *, /* initiator_time_rec */ OM_uint32 *); /* acceptor_time_rec */ /* * GGF extensions */ typedef struct gss_buffer_set_desc_struct { size_t count; gss_buffer_desc *elements; } gss_buffer_set_desc, *gss_buffer_set_t; #define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0) OM_uint32 KRB5_CALLCONV gss_create_empty_buffer_set (OM_uint32 * /*minor_status*/, gss_buffer_set_t * /*buffer_set*/); OM_uint32 KRB5_CALLCONV gss_add_buffer_set_member (OM_uint32 * /*minor_status*/, const gss_buffer_t /*member_buffer*/, gss_buffer_set_t * /*buffer_set*/); OM_uint32 KRB5_CALLCONV gss_release_buffer_set (OM_uint32 * /*minor_status*/, gss_buffer_set_t * /*buffer_set*/); OM_uint32 KRB5_CALLCONV gss_inquire_sec_context_by_oid (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_OID /*desired_object*/, gss_buffer_set_t * /*data_set*/); OM_uint32 KRB5_CALLCONV gss_inquire_cred_by_oid (OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, const gss_OID /*desired_object*/, gss_buffer_set_t * /*data_set*/); OM_uint32 KRB5_CALLCONV gss_set_sec_context_option (OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*cred_handle*/, const gss_OID /*desired_object*/, const gss_buffer_t /*value*/); /* * Export import cred extensions from GGF, but using Heimdal's signatures */ OM_uint32 KRB5_CALLCONV gss_export_cred (OM_uint32 * /* minor_status */, gss_cred_id_t /* cred_handle */, gss_buffer_t /* token */); OM_uint32 KRB5_CALLCONV gss_import_cred (OM_uint32 * /* minor_status */, gss_buffer_t /* token */, gss_cred_id_t * /* cred_handle */); /* * Heimdal extension */ OM_uint32 KRB5_CALLCONV gss_set_cred_option (OM_uint32 * /*minor_status*/, gss_cred_id_t * /*cred*/, const gss_OID /*desired_object*/, const gss_buffer_t /*value*/); /* * Call the given method on the given mechanism */ OM_uint32 KRB5_CALLCONV gssspi_mech_invoke (OM_uint32 * /*minor_status*/, const gss_OID /*desired_mech*/, const gss_OID /*desired_object*/, gss_buffer_t /*value*/); /* * AEAD extensions */ OM_uint32 KRB5_CALLCONV gss_wrap_aead (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, int /*conf_req_flag*/, gss_qop_t /*qop_req*/, gss_buffer_t /*input_assoc_buffer*/, gss_buffer_t /*input_payload_buffer*/, int * /*conf_state*/, gss_buffer_t /*output_message_buffer*/); OM_uint32 KRB5_CALLCONV gss_unwrap_aead (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, gss_buffer_t /*input_message_buffer*/, gss_buffer_t /*input_assoc_buffer*/, gss_buffer_t /*output_payload_buffer*/, int * /*conf_state*/, gss_qop_t * /*qop_state*/); /* * SSPI extensions */ #define GSS_C_DCE_STYLE 0x1000 #define GSS_C_IDENTIFY_FLAG 0x2000 #define GSS_C_EXTENDED_ERROR_FLAG 0x4000 /* * Returns a buffer set with the first member containing the * session key for SSPI compatibility. The optional second * member contains an OID identifying the session key type. */ GSS_DLLIMP extern gss_OID GSS_C_INQ_SSPI_SESSION_KEY; GSS_DLLIMP extern gss_OID GSS_C_INQ_NEGOEX_KEY; GSS_DLLIMP extern gss_OID GSS_C_INQ_NEGOEX_VERIFY_KEY; OM_uint32 KRB5_CALLCONV gss_complete_auth_token (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer); typedef struct gss_iov_buffer_desc_struct { OM_uint32 type; gss_buffer_desc buffer; } gss_iov_buffer_desc, *gss_iov_buffer_t; #define GSS_C_NO_IOV_BUFFER ((gss_iov_buffer_t)0) #define GSS_IOV_BUFFER_TYPE_EMPTY 0 #define GSS_IOV_BUFFER_TYPE_DATA 1 /* Packet data */ #define GSS_IOV_BUFFER_TYPE_HEADER 2 /* Mechanism header */ #define GSS_IOV_BUFFER_TYPE_MECH_PARAMS 3 /* Mechanism specific parameters */ #define GSS_IOV_BUFFER_TYPE_TRAILER 7 /* Mechanism trailer */ #define GSS_IOV_BUFFER_TYPE_PADDING 9 /* Padding */ #define GSS_IOV_BUFFER_TYPE_STREAM 10 /* Complete wrap token */ #define GSS_IOV_BUFFER_TYPE_SIGN_ONLY 11 /* Sign only packet data */ #define GSS_IOV_BUFFER_TYPE_MIC_TOKEN 12 /* MIC token destination */ #define GSS_IOV_BUFFER_FLAG_MASK 0xFFFF0000 #define GSS_IOV_BUFFER_FLAG_ALLOCATE 0x00010000 /* indicates GSS should allocate */ #define GSS_IOV_BUFFER_FLAG_ALLOCATED 0x00020000 /* indicates caller should free */ #define GSS_IOV_BUFFER_TYPE(_type) ((_type) & ~(GSS_IOV_BUFFER_FLAG_MASK)) #define GSS_IOV_BUFFER_FLAGS(_type) ((_type) & GSS_IOV_BUFFER_FLAG_MASK) /* * Sign and optionally encrypt a sequence of buffers. The buffers * shall be ordered HEADER | DATA | PADDING | TRAILER. Suitable * space for the header, padding and trailer should be provided * by calling gss_wrap_iov_length(), or the ALLOCATE flag should * be set on those buffers. * * Encryption is in-place. SIGN_ONLY buffers are untouched. Only * a single PADDING buffer should be provided. The order of the * buffers in memory does not matter. Buffers in the IOV should * be arranged in the order above, and in the case of multiple * DATA buffers the sender and receiver should agree on the * order. * * With GSS_C_DCE_STYLE it is acceptable to not provide PADDING * and TRAILER, but the caller must guarantee the plaintext data * being encrypted is correctly padded, otherwise an error will * be returned. * * While applications that have knowledge of the underlying * cryptosystem may request a specific configuration of data * buffers, the only generally supported configurations are: * * HEADER | DATA | PADDING | TRAILER * * which will emit GSS_Wrap() compatible tokens, and: * * HEADER | SIGN_ONLY | DATA | PADDING | TRAILER * * for AEAD. * * The typical (special cased) usage for DCE is as follows: * * SIGN_ONLY_1 | DATA | SIGN_ONLY_2 | HEADER */ OM_uint32 KRB5_CALLCONV gss_wrap_iov ( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ int *, /* conf_state */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Verify and optionally decrypt a sequence of buffers. To process * a GSS-API message without separate buffer, pass STREAM | DATA. * Upon return DATA will contain the decrypted or integrity * protected message. Only a single DATA buffer may be provided * with this usage. DATA by default will point into STREAM, but if * the ALLOCATE flag is set a copy will be returned. * * Otherwise, decryption is in-place. SIGN_ONLY buffers are * untouched. */ OM_uint32 KRB5_CALLCONV gss_unwrap_iov ( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int *, /* conf_state */ gss_qop_t *, /* qop_state */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Query HEADER, PADDING and TRAILER buffer lengths. DATA buffers * should be provided so the correct padding length can be determined. */ OM_uint32 KRB5_CALLCONV gss_wrap_iov_length ( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ int *, /* conf_state */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Produce a GSSAPI MIC token for a sequence of buffers. All SIGN_ONLY and * DATA buffers will be signed, in the order they appear. One MIC_TOKEN buffer * must be included for the result. Suitable space should be provided for the * MIC_TOKEN buffer by calling gss_get_mic_iov_length, or the ALLOCATE flag * should be set on that buffer. If the ALLOCATE flag is used, use * gss_release_iov_buffer to free the allocated buffer within the iov list when * it is no longer needed. */ OM_uint32 KRB5_CALLCONV gss_get_mic_iov ( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Query the MIC_TOKEN buffer length within the iov list. */ OM_uint32 KRB5_CALLCONV gss_get_mic_iov_length( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Verify the MIC_TOKEN buffer within the iov list against the SIGN_ONLY and * DATA buffers in the order they appear. Return values are the same as for * gss_verify_mic. */ OM_uint32 KRB5_CALLCONV gss_verify_mic_iov ( OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_qop_t *, /* qop_state */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Release buffers that have the ALLOCATED flag set. */ OM_uint32 KRB5_CALLCONV gss_release_iov_buffer ( OM_uint32 *, /* minor_status */ gss_iov_buffer_desc *, /* iov */ int); /* iov_count */ /* * Protocol transition */ OM_uint32 KRB5_CALLCONV gss_acquire_cred_impersonate_name( OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* impersonator_cred_handle */ const gss_name_t, /* desired_name */ OM_uint32, /* time_req */ const gss_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *); /* time_rec */ OM_uint32 KRB5_CALLCONV gss_add_cred_impersonate_name( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ const gss_cred_id_t, /* impersonator_cred_handle */ const gss_name_t, /* desired_name */ const gss_OID, /* desired_mech */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *, /* initiator_time_rec */ OM_uint32 *); /* acceptor_time_rec */ /* * Naming extensions */ GSS_DLLIMP extern gss_buffer_t GSS_C_ATTR_LOCAL_LOGIN_USER; GSS_DLLIMP extern gss_OID GSS_C_NT_COMPOSITE_EXPORT; OM_uint32 KRB5_CALLCONV gss_display_name_ext ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ gss_OID, /* display_as_name_type */ gss_buffer_t /* display_name */ ); OM_uint32 KRB5_CALLCONV gss_inquire_name ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ int *, /* name_is_MN */ gss_OID *, /* MN_mech */ gss_buffer_set_t * /* attrs */ ); OM_uint32 KRB5_CALLCONV gss_get_name_attribute ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ gss_buffer_t, /* attr */ int *, /* authenticated */ int *, /* complete */ gss_buffer_t, /* value */ gss_buffer_t, /* display_value */ int * /* more */ ); OM_uint32 KRB5_CALLCONV gss_set_name_attribute ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ int, /* complete */ gss_buffer_t, /* attr */ gss_buffer_t /* value */ ); OM_uint32 KRB5_CALLCONV gss_delete_name_attribute ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ gss_buffer_t /* attr */ ); OM_uint32 KRB5_CALLCONV gss_export_name_composite ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ gss_buffer_t /* exp_composite_name */ ); typedef struct gss_any *gss_any_t; OM_uint32 KRB5_CALLCONV gss_map_name_to_any ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ int, /* authenticated */ gss_buffer_t, /* type_id */ gss_any_t * /* output */ ); OM_uint32 KRB5_CALLCONV gss_release_any_name_mapping ( OM_uint32 *, /* minor_status */ gss_name_t, /* name */ gss_buffer_t, /* type_id */ gss_any_t * /* input */ ); /* draft-josefsson-gss-capsulate */ OM_uint32 KRB5_CALLCONV gss_encapsulate_token ( gss_const_buffer_t, /* input_token */ gss_const_OID, /* token_oid */ gss_buffer_t /* output_token */ ); OM_uint32 KRB5_CALLCONV gss_decapsulate_token ( gss_const_buffer_t, /* input_token */ gss_const_OID, /* token_oid */ gss_buffer_t /* output_token */ ); int KRB5_CALLCONV gss_oid_equal ( gss_const_OID, /* first_oid */ gss_const_OID /* second_oid */ ); /* Credential store extensions */ struct gss_key_value_element_struct { const char *key; const char *value; }; typedef struct gss_key_value_element_struct gss_key_value_element_desc; struct gss_key_value_set_struct { OM_uint32 count; gss_key_value_element_desc *elements; }; typedef struct gss_key_value_set_struct gss_key_value_set_desc; typedef const gss_key_value_set_desc *gss_const_key_value_set_t; #define GSS_C_NO_CRED_STORE ((gss_const_key_value_set_t) 0) OM_uint32 KRB5_CALLCONV gss_acquire_cred_from( OM_uint32 *, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ gss_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_const_key_value_set_t, /* cred_store */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *); /* time_rec */ OM_uint32 KRB5_CALLCONV gss_add_cred_from( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ gss_name_t, /* desired_name */ gss_OID, /* desired_mech */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ gss_const_key_value_set_t, /* cred_store */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *, /* initiator_time_rec */ OM_uint32 *); /* acceptor_time_rec */ OM_uint32 KRB5_CALLCONV gss_store_cred_into( OM_uint32 *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ gss_cred_usage_t, /* input_usage */ gss_OID, /* desired_mech */ OM_uint32, /* overwrite_cred */ OM_uint32, /* default_cred */ gss_const_key_value_set_t, /* cred_store */ gss_OID_set *, /* elements_stored */ gss_cred_usage_t *); /* cred_usage_stored */ /* * A mech can make itself negotiable via NegoEx (draft-zhu-negoex) by * implementing the following three SPIs, and also implementing * gss_inquire_sec_context_by_oid() and answering the GSS_C_INQ_NEGOEX_KEY and * GSS_C_INQ_NEGOEX_VERIFY_KEY OIDs. The answer must be in two buffers: the * first contains the key contents, and the second contains the key enctype as * a four-byte little-endian integer. * * By default, NegoEx mechanisms will not be directly negotiated via SPNEGO. * If direct SPNEGO negotiation is required for interoperability, implement * gss_inquire_attrs_for_mech() and assert the GSS_C_MA_NEGOEX_AND_SPNEGO * attribute (along with any applicable RFC 5587 attributes). */ #define GSS_C_CHANNEL_BOUND_FLAG 2048 /* 0x00000800 */ OM_uint32 KRB5_CALLCONV gssspi_query_meta_data( OM_uint32 *minor_status, gss_const_OID mech_oid, gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle, const gss_name_t targ_name, OM_uint32 req_flags, gss_buffer_t meta_data); OM_uint32 KRB5_CALLCONV gssspi_exchange_meta_data( OM_uint32 *minor_status, gss_const_OID mech_oid, gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle, const gss_name_t targ_name, OM_uint32 req_flags, gss_const_buffer_t meta_data); OM_uint32 KRB5_CALLCONV gssspi_query_mechanism_info( OM_uint32 *minor_status, gss_const_OID mech_oid, unsigned char auth_scheme[16]); GSS_DLLIMP extern gss_const_OID GSS_C_MA_NEGOEX_AND_SPNEGO; #ifdef __cplusplus } #endif /* * When used with gss_inquire_sec_context_by_oid(), return a buffer set with * the first member containing an unsigned 32-bit integer in network byte * order. This is the Security Strength Factor (SSF) associated with the * secure channel established by the security context. NOTE: This value is * made available solely as an indication for use by APIs like Cyrus SASL that * classify the strength of a secure channel via this number. The strength of * a channel cannot necessarily be represented by a simple number. */ GSS_DLLIMP extern gss_OID GSS_C_SEC_CONTEXT_SASL_SSF; #endif /* GSSAPI_EXT_H_ */