Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : /* $Id$ */
35 :
36 : #ifndef GSSKRB5_LOCL_H
37 : #define GSSKRB5_LOCL_H
38 :
39 : #include <config.h>
40 :
41 : #include <krb5_locl.h>
42 : #include <gkrb5_err.h>
43 : #include <gssapi.h>
44 : #include <gssapi_mech.h>
45 : #include <gssapi_krb5.h>
46 : #include <assert.h>
47 : #include <mech/utils.h>
48 :
49 : #include "cfx.h"
50 :
51 : /*
52 : *
53 : */
54 :
55 : struct gss_msg_order;
56 :
57 : typedef struct gsskrb5_ctx {
58 : struct krb5_auth_context_data *auth_context;
59 : struct krb5_auth_context_data *deleg_auth_context;
60 : krb5_principal source, target;
61 : OM_uint32 flags;
62 : enum { LOCAL = 1, OPEN = 2,
63 : COMPAT_OLD_DES3 = 4,
64 : COMPAT_OLD_DES3_SELECTED = 8,
65 : ACCEPTOR_SUBKEY = 16,
66 : RETRIED = 32,
67 : CLOSE_CCACHE = 64,
68 : IS_CFX = 128
69 : } more_flags;
70 : enum gss_ctx_id_t_state {
71 : /* initiator states */
72 : INITIATOR_START,
73 : INITIATOR_RESTART,
74 : INITIATOR_WAIT_FOR_MUTUAL,
75 : INITIATOR_READY,
76 : /* acceptor states */
77 : ACCEPTOR_START,
78 : ACCEPTOR_WAIT_FOR_DCESTYLE,
79 : ACCEPTOR_READY
80 : } state;
81 : krb5_creds *kcred;
82 : krb5_ccache ccache;
83 : struct krb5_ticket *ticket;
84 : time_t endtime;
85 : HEIMDAL_MUTEX ctx_id_mutex;
86 : struct gss_msg_order *order;
87 : krb5_keyblock *service_keyblock;
88 : krb5_data fwd_data;
89 : krb5_crypto crypto;
90 : } *gsskrb5_ctx;
91 :
92 : static inline krb5_boolean
93 6725800 : IS_DCE_STYLE(gsskrb5_ctx ctx)
94 : {
95 6725800 : return (ctx->flags & GSS_C_DCE_STYLE) != 0;
96 : }
97 :
98 : typedef struct {
99 : krb5_principal principal;
100 : char *destination_realm; /* Realm of acceptor service, if delegated */
101 : int cred_flags;
102 : #define GSS_CF_DESTROY_CRED_ON_RELEASE 1
103 : #define GSS_CF_NO_CI_FLAGS 2
104 : struct krb5_keytab_data *keytab;
105 : time_t endtime;
106 : gss_cred_usage_t usage;
107 : gss_OID_set mechanisms;
108 : struct krb5_ccache_data *ccache;
109 : HEIMDAL_MUTEX cred_id_mutex;
110 : krb5_enctype *enctypes;
111 : } *gsskrb5_cred;
112 :
113 : typedef struct Principal *gsskrb5_name;
114 :
115 : /*
116 : *
117 : */
118 :
119 : extern krb5_keytab _gsskrb5_keytab;
120 : extern HEIMDAL_MUTEX gssapi_keytab_mutex;
121 :
122 : /*
123 : * Prototypes
124 : */
125 :
126 : #include "krb5/gsskrb5-private.h"
127 :
128 : #define GSSAPI_KRB5_INIT(ctx) do { \
129 : krb5_error_code kret_gss_init; \
130 : if((kret_gss_init = _gsskrb5_init (ctx)) != 0) { \
131 : *minor_status = kret_gss_init; \
132 : return GSS_S_FAILURE; \
133 : } \
134 : } while (0)
135 :
136 : /* sec_context flags */
137 :
138 : #define SC_LOCAL_ADDRESS 0x0001
139 : #define SC_REMOTE_ADDRESS 0x0002
140 : #define SC_KEYBLOCK 0x0004
141 : #define SC_LOCAL_SUBKEY 0x0008
142 : #define SC_REMOTE_SUBKEY 0x0010
143 : #define SC_SOURCE_NAME 0x0020
144 : #define SC_TARGET_NAME 0x0040
145 : #define SC_ORDER 0x0080
146 : #define SC_AUTHENTICATOR 0x0100
147 :
148 : struct gsskrb5_ccache_name_args {
149 : const char *name;
150 : const char *out_name;
151 : };
152 :
153 : #endif
|