1 #ifndef PUTTY_PGSSAPI_H
\r
2 #define PUTTY_PGSSAPI_H
\r
9 * On Unix, if we're statically linking against GSSAPI, we leave the
\r
10 * declaration of all this lot to the official header. If we're
\r
11 * dynamically linking, we declare it ourselves, because that avoids
\r
12 * us needing the official header at compile time.
\r
14 * However, we still need the function pointer types, because even
\r
15 * with statically linked GSSAPI we use the ssh_gss_library wrapper.
\r
17 #ifdef STATIC_GSSAPI
\r
18 #include <gssapi/gssapi.h>
\r
19 typedef gss_OID const_gss_OID; /* for our prototypes below */
\r
20 #else /* STATIC_GSSAPI */
\r
22 /*******************************************************************************
\r
23 * GSSAPI Definitions, taken from RFC 2744
\r
24 ******************************************************************************/
\r
26 /* GSSAPI Type Definitions */
\r
27 typedef uint32 OM_uint32;
\r
29 typedef struct gss_OID_desc_struct {
\r
33 typedef const gss_OID_desc *const_gss_OID;
\r
34 typedef gss_OID_desc *gss_OID;
\r
36 typedef struct gss_OID_set_desc_struct {
\r
40 typedef const gss_OID_set_desc *const_gss_OID_set;
\r
41 typedef gss_OID_set_desc *gss_OID_set;
\r
43 typedef struct gss_buffer_desc_struct {
\r
46 } gss_buffer_desc, *gss_buffer_t;
\r
48 typedef struct gss_channel_bindings_struct {
\r
49 OM_uint32 initiator_addrtype;
\r
50 gss_buffer_desc initiator_address;
\r
51 OM_uint32 acceptor_addrtype;
\r
52 gss_buffer_desc acceptor_address;
\r
53 gss_buffer_desc application_data;
\r
54 } *gss_channel_bindings_t;
\r
56 typedef void * gss_ctx_id_t;
\r
57 typedef void * gss_name_t;
\r
58 typedef void * gss_cred_id_t;
\r
60 typedef OM_uint32 gss_qop_t;
\r
62 /* Flag bits for context-level services. */
\r
64 #define GSS_C_DELEG_FLAG 1
\r
65 #define GSS_C_MUTUAL_FLAG 2
\r
66 #define GSS_C_REPLAY_FLAG 4
\r
67 #define GSS_C_SEQUENCE_FLAG 8
\r
68 #define GSS_C_CONF_FLAG 16
\r
69 #define GSS_C_INTEG_FLAG 32
\r
70 #define GSS_C_ANON_FLAG 64
\r
71 #define GSS_C_PROT_READY_FLAG 128
\r
72 #define GSS_C_TRANS_FLAG 256
\r
74 /* Credential usage options */
\r
75 #define GSS_C_BOTH 0
\r
76 #define GSS_C_INITIATE 1
\r
77 #define GSS_C_ACCEPT 2
\r
79 /* Status code types for gss_display_status */
\r
80 #define GSS_C_GSS_CODE 1
\r
81 #define GSS_C_MECH_CODE 2
\r
83 /* The constant definitions for channel-bindings address families */
\r
84 #define GSS_C_AF_UNSPEC 0
\r
85 #define GSS_C_AF_LOCAL 1
\r
86 #define GSS_C_AF_INET 2
\r
87 #define GSS_C_AF_IMPLINK 3
\r
88 #define GSS_C_AF_PUP 4
\r
89 #define GSS_C_AF_CHAOS 5
\r
90 #define GSS_C_AF_NS 6
\r
91 #define GSS_C_AF_NBS 7
\r
92 #define GSS_C_AF_ECMA 8
\r
93 #define GSS_C_AF_DATAKIT 9
\r
94 #define GSS_C_AF_CCITT 10
\r
95 #define GSS_C_AF_SNA 11
\r
96 #define GSS_C_AF_DECnet 12
\r
97 #define GSS_C_AF_DLI 13
\r
98 #define GSS_C_AF_LAT 14
\r
99 #define GSS_C_AF_HYLINK 15
\r
100 #define GSS_C_AF_APPLETALK 16
\r
101 #define GSS_C_AF_BSC 17
\r
102 #define GSS_C_AF_DSS 18
\r
103 #define GSS_C_AF_OSI 19
\r
104 #define GSS_C_AF_X25 21
\r
106 #define GSS_C_AF_NULLADDR 255
\r
108 /* Various Null values */
\r
109 #define GSS_C_NO_NAME ((gss_name_t) 0)
\r
110 #define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
\r
111 #define GSS_C_NO_OID ((gss_OID) 0)
\r
112 #define GSS_C_NO_OID_SET ((gss_OID_set) 0)
\r
113 #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
\r
114 #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
\r
115 #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
\r
116 #define GSS_C_EMPTY_BUFFER {0, NULL}
\r
118 /* Major status codes */
\r
119 #define GSS_S_COMPLETE 0
\r
121 /* Some "helper" definitions to make the status code macros obvious. */
\r
122 #define GSS_C_CALLING_ERROR_OFFSET 24
\r
123 #define GSS_C_ROUTINE_ERROR_OFFSET 16
\r
125 #define GSS_C_SUPPLEMENTARY_OFFSET 0
\r
126 #define GSS_C_CALLING_ERROR_MASK 0377ul
\r
127 #define GSS_C_ROUTINE_ERROR_MASK 0377ul
\r
128 #define GSS_C_SUPPLEMENTARY_MASK 0177777ul
\r
131 * The macros that test status codes for error conditions.
\r
132 * Note that the GSS_ERROR() macro has changed slightly from
\r
133 * the V1 GSS-API so that it now evaluates its argument
\r
136 #define GSS_CALLING_ERROR(x) \
\r
137 (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
\r
138 #define GSS_ROUTINE_ERROR(x) \
\r
139 (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
\r
140 #define GSS_SUPPLEMENTARY_INFO(x) \
\r
141 (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
\r
142 #define GSS_ERROR(x) \
\r
143 (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
\r
144 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
\r
146 /* Now the actual status code definitions */
\r
148 /* Calling errors: */
\r
149 #define GSS_S_CALL_INACCESSIBLE_READ \
\r
150 (1ul << GSS_C_CALLING_ERROR_OFFSET)
\r
151 #define GSS_S_CALL_INACCESSIBLE_WRITE \
\r
152 (2ul << GSS_C_CALLING_ERROR_OFFSET)
\r
153 #define GSS_S_CALL_BAD_STRUCTURE \
\r
154 (3ul << GSS_C_CALLING_ERROR_OFFSET)
\r
156 /* Routine errors: */
\r
157 #define GSS_S_BAD_MECH (1ul << \
\r
158 GSS_C_ROUTINE_ERROR_OFFSET)
\r
159 #define GSS_S_BAD_NAME (2ul << \
\r
160 GSS_C_ROUTINE_ERROR_OFFSET)
\r
161 #define GSS_S_BAD_NAMETYPE (3ul << \
\r
162 GSS_C_ROUTINE_ERROR_OFFSET)
\r
163 #define GSS_S_BAD_BINDINGS (4ul << \
\r
164 GSS_C_ROUTINE_ERROR_OFFSET)
\r
165 #define GSS_S_BAD_STATUS (5ul << \
\r
166 GSS_C_ROUTINE_ERROR_OFFSET)
\r
167 #define GSS_S_BAD_SIG (6ul << \
\r
168 GSS_C_ROUTINE_ERROR_OFFSET)
\r
169 #define GSS_S_BAD_MIC GSS_S_BAD_SIG
\r
170 #define GSS_S_NO_CRED (7ul << \
\r
171 GSS_C_ROUTINE_ERROR_OFFSET)
\r
172 #define GSS_S_NO_CONTEXT (8ul << \
\r
173 GSS_C_ROUTINE_ERROR_OFFSET)
\r
174 #define GSS_S_DEFECTIVE_TOKEN (9ul << \
\r
175 GSS_C_ROUTINE_ERROR_OFFSET)
\r
176 #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << \
\r
177 GSS_C_ROUTINE_ERROR_OFFSET)
\r
178 #define GSS_S_CREDENTIALS_EXPIRED (11ul << \
\r
179 GSS_C_ROUTINE_ERROR_OFFSET)
\r
180 #define GSS_S_CONTEXT_EXPIRED (12ul << \
\r
181 GSS_C_ROUTINE_ERROR_OFFSET)
\r
182 #define GSS_S_FAILURE (13ul << \
\r
183 GSS_C_ROUTINE_ERROR_OFFSET)
\r
184 #define GSS_S_BAD_QOP (14ul << \
\r
185 GSS_C_ROUTINE_ERROR_OFFSET)
\r
186 #define GSS_S_UNAUTHORIZED (15ul << \
\r
187 GSS_C_ROUTINE_ERROR_OFFSET)
\r
188 #define GSS_S_UNAVAILABLE (16ul << \
\r
189 GSS_C_ROUTINE_ERROR_OFFSET)
\r
190 #define GSS_S_DUPLICATE_ELEMENT (17ul << \
\r
191 GSS_C_ROUTINE_ERROR_OFFSET)
\r
192 #define GSS_S_NAME_NOT_MN (18ul << \
\r
193 GSS_C_ROUTINE_ERROR_OFFSET)
\r
195 /* Supplementary info bits: */
\r
196 #define GSS_S_CONTINUE_NEEDED \
\r
197 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
\r
198 #define GSS_S_DUPLICATE_TOKEN \
\r
199 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
\r
200 #define GSS_S_OLD_TOKEN \
\r
201 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
\r
202 #define GSS_S_UNSEQ_TOKEN \
\r
203 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
\r
204 #define GSS_S_GAP_TOKEN \
\r
205 (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
\r
207 extern const_gss_OID GSS_C_NT_USER_NAME;
\r
208 extern const_gss_OID GSS_C_NT_MACHINE_UID_NAME;
\r
209 extern const_gss_OID GSS_C_NT_STRING_UID_NAME;
\r
210 extern const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
\r
211 extern const_gss_OID GSS_C_NT_HOSTBASED_SERVICE;
\r
212 extern const_gss_OID GSS_C_NT_ANONYMOUS;
\r
213 extern const_gss_OID GSS_C_NT_EXPORT_NAME;
\r
215 #endif /* STATIC_GSSAPI */
\r
217 extern const gss_OID GSS_MECH_KRB5;
\r
219 /* GSSAPI functions we use.
\r
220 * TODO: Replace with all GSSAPI functions from RFC?
\r
223 /* Calling convention, just in case we need one. */
\r
228 typedef OM_uint32 (GSS_CC *t_gss_release_cred)
\r
229 (OM_uint32 * /*minor_status*/,
\r
230 gss_cred_id_t * /*cred_handle*/);
\r
232 typedef OM_uint32 (GSS_CC *t_gss_init_sec_context)
\r
233 (OM_uint32 * /*minor_status*/,
\r
234 const gss_cred_id_t /*initiator_cred_handle*/,
\r
235 gss_ctx_id_t * /*context_handle*/,
\r
236 const gss_name_t /*target_name*/,
\r
237 const gss_OID /*mech_type*/,
\r
238 OM_uint32 /*req_flags*/,
\r
239 OM_uint32 /*time_req*/,
\r
240 const gss_channel_bindings_t /*input_chan_bindings*/,
\r
241 const gss_buffer_t /*input_token*/,
\r
242 gss_OID * /*actual_mech_type*/,
\r
243 gss_buffer_t /*output_token*/,
\r
244 OM_uint32 * /*ret_flags*/,
\r
245 OM_uint32 * /*time_rec*/);
\r
247 typedef OM_uint32 (GSS_CC *t_gss_delete_sec_context)
\r
248 (OM_uint32 * /*minor_status*/,
\r
249 gss_ctx_id_t * /*context_handle*/,
\r
250 gss_buffer_t /*output_token*/);
\r
252 typedef OM_uint32 (GSS_CC *t_gss_get_mic)
\r
253 (OM_uint32 * /*minor_status*/,
\r
254 const gss_ctx_id_t /*context_handle*/,
\r
255 gss_qop_t /*qop_req*/,
\r
256 const gss_buffer_t /*message_buffer*/,
\r
257 gss_buffer_t /*msg_token*/);
\r
259 typedef OM_uint32 (GSS_CC *t_gss_display_status)
\r
260 (OM_uint32 * /*minor_status*/,
\r
261 OM_uint32 /*status_value*/,
\r
262 int /*status_type*/,
\r
263 const gss_OID /*mech_type*/,
\r
264 OM_uint32 * /*message_context*/,
\r
265 gss_buffer_t /*status_string*/);
\r
268 typedef OM_uint32 (GSS_CC *t_gss_import_name)
\r
269 (OM_uint32 * /*minor_status*/,
\r
270 const gss_buffer_t /*input_name_buffer*/,
\r
271 const_gss_OID /*input_name_type*/,
\r
272 gss_name_t * /*output_name*/);
\r
275 typedef OM_uint32 (GSS_CC *t_gss_release_name)
\r
276 (OM_uint32 * /*minor_status*/,
\r
277 gss_name_t * /*name*/);
\r
279 typedef OM_uint32 (GSS_CC *t_gss_release_buffer)
\r
280 (OM_uint32 * /*minor_status*/,
\r
281 gss_buffer_t /*buffer*/);
\r
283 struct gssapi_functions {
\r
284 t_gss_delete_sec_context delete_sec_context;
\r
285 t_gss_display_status display_status;
\r
286 t_gss_get_mic get_mic;
\r
287 t_gss_import_name import_name;
\r
288 t_gss_init_sec_context init_sec_context;
\r
289 t_gss_release_buffer release_buffer;
\r
290 t_gss_release_cred release_cred;
\r
291 t_gss_release_name release_name;
\r
294 #endif /* NO_GSSAPI */
\r
296 #endif /* PUTTY_PGSSAPI_H */
\r