1 #ifndef PUTTY_SSHGSS_H
\r
2 #define PUTTY_SSHGSS_H
\r
8 #define SSH2_GSS_OIDTYPE 0x06
\r
9 typedef void *Ssh_gss_ctx;
\r
11 typedef enum Ssh_gss_stat {
\r
13 SSH_GSS_S_CONTINUE_NEEDED,
\r
15 SSH_GSS_BAD_HOST_NAME,
\r
19 #define SSH_GSS_S_COMPLETE SSH_GSS_OK
\r
21 #define SSH_GSS_CLEAR_BUF(buf) do { \
\r
22 (*buf).length = 0; \
\r
23 (*buf).value = NULL; \
\r
26 typedef gss_buffer_desc Ssh_gss_buf;
\r
27 typedef gss_name_t Ssh_gss_name;
\r
29 /* Functions, provided by either wingss.c or sshgssc.c */
\r
31 struct ssh_gss_library;
\r
34 * Prepare a collection of GSSAPI libraries for use in a single SSH
\r
35 * connection. Returns a structure containing a list of libraries,
\r
36 * with their ids (see struct ssh_gss_library below) filled in so
\r
37 * that the client can go through them in the SSH user's preferred
\r
40 * Must always return non-NULL. (Even if no libraries are available,
\r
41 * it must return an empty structure.)
\r
43 * The free function cleans up the structure, and its associated
\r
44 * libraries (if any).
\r
46 struct ssh_gss_liblist {
\r
47 struct ssh_gss_library *libraries;
\r
50 struct ssh_gss_liblist *ssh_gss_setup(const Config *cfg);
\r
51 void ssh_gss_cleanup(struct ssh_gss_liblist *list);
\r
54 * Fills in buf with a string describing the GSSAPI mechanism in
\r
55 * use. buf->data is not dynamically allocated.
\r
57 typedef Ssh_gss_stat (*t_ssh_gss_indicate_mech)(struct ssh_gss_library *lib,
\r
61 * Converts a name such as a hostname into a GSSAPI internal form,
\r
62 * which is placed in "out". The result should be freed by
\r
63 * ssh_gss_release_name().
\r
65 typedef Ssh_gss_stat (*t_ssh_gss_import_name)(struct ssh_gss_library *lib,
\r
66 char *in, Ssh_gss_name *out);
\r
69 * Frees the contents of an Ssh_gss_name structure filled in by
\r
70 * ssh_gss_import_name().
\r
72 typedef Ssh_gss_stat (*t_ssh_gss_release_name)(struct ssh_gss_library *lib,
\r
73 Ssh_gss_name *name);
\r
76 * The main GSSAPI security context setup function. The "out"
\r
77 * parameter will need to be freed by ssh_gss_free_tok.
\r
79 typedef Ssh_gss_stat (*t_ssh_gss_init_sec_context)
\r
80 (struct ssh_gss_library *lib,
\r
81 Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate,
\r
82 Ssh_gss_buf *in, Ssh_gss_buf *out);
\r
85 * Frees the contents of an Ssh_gss_buf filled in by
\r
86 * ssh_gss_init_sec_context(). Do not accidentally call this on
\r
87 * something filled in by ssh_gss_get_mic() (which requires a
\r
88 * different free function) or something filled in by any other
\r
91 typedef Ssh_gss_stat (*t_ssh_gss_free_tok)(struct ssh_gss_library *lib,
\r
95 * Acquires the credentials to perform authentication in the first
\r
96 * place. Needs to be freed by ssh_gss_release_cred().
\r
98 typedef Ssh_gss_stat (*t_ssh_gss_acquire_cred)(struct ssh_gss_library *lib,
\r
102 * Frees the contents of an Ssh_gss_ctx filled in by
\r
103 * ssh_gss_acquire_cred().
\r
105 typedef Ssh_gss_stat (*t_ssh_gss_release_cred)(struct ssh_gss_library *lib,
\r
109 * Gets a MIC for some input data. "out" needs to be freed by
\r
110 * ssh_gss_free_mic().
\r
112 typedef Ssh_gss_stat (*t_ssh_gss_get_mic)(struct ssh_gss_library *lib,
\r
113 Ssh_gss_ctx ctx, Ssh_gss_buf *in,
\r
117 * Frees the contents of an Ssh_gss_buf filled in by
\r
118 * ssh_gss_get_mic(). Do not accidentally call this on something
\r
119 * filled in by ssh_gss_init_sec_context() (which requires a
\r
120 * different free function) or something filled in by any other
\r
123 typedef Ssh_gss_stat (*t_ssh_gss_free_mic)(struct ssh_gss_library *lib,
\r
127 * Return an error message after authentication failed. The
\r
128 * message string is returned in "buf", with buf->len giving the
\r
129 * number of characters of printable message text and buf->data
\r
130 * containing one more character which is a trailing NUL.
\r
131 * buf->data should be manually freed by the caller.
\r
133 typedef Ssh_gss_stat (*t_ssh_gss_display_status)(struct ssh_gss_library *lib,
\r
134 Ssh_gss_ctx, Ssh_gss_buf *buf);
\r
136 struct ssh_gss_library {
\r
138 * Identifying number in the enumeration used by the
\r
139 * configuration code to specify a preference order.
\r
144 * Filled in at initialisation time, if there's anything
\r
145 * interesting to say about how GSSAPI was initialised (e.g.
\r
146 * which of a number of alternative libraries was used).
\r
148 const char *gsslogmsg;
\r
151 * Function pointers implementing the SSH wrapper layer on top
\r
152 * of GSSAPI. (Defined in sshgssc, typically, though Windows
\r
153 * provides an alternative layer to sit on top of the annoyingly
\r
156 t_ssh_gss_indicate_mech indicate_mech;
\r
157 t_ssh_gss_import_name import_name;
\r
158 t_ssh_gss_release_name release_name;
\r
159 t_ssh_gss_init_sec_context init_sec_context;
\r
160 t_ssh_gss_free_tok free_tok;
\r
161 t_ssh_gss_acquire_cred acquire_cred;
\r
162 t_ssh_gss_release_cred release_cred;
\r
163 t_ssh_gss_get_mic get_mic;
\r
164 t_ssh_gss_free_mic free_mic;
\r
165 t_ssh_gss_display_status display_status;
\r
168 * Additional data for the wrapper layers.
\r
171 struct gssapi_functions gssapi;
\r
173 * The SSPI wrappers don't need to store their Windows API
\r
174 * function pointers in this structure, because there can't
\r
175 * be more than one set of them available.
\r
180 * Wrapper layers will often also need to store a library handle
\r
181 * of some sort for cleanup time.
\r
186 #endif /* NO_GSSAPI */
\r
188 #endif /*PUTTY_SSHGSS_H*/
\r