]>
Commit | Line | Data |
---|---|---|
1 | #ifndef PUTTY_PGSSAPI_H | |
2 | #define PUTTY_PGSSAPI_H | |
3 | ||
4 | #include "putty.h" | |
5 | ||
6 | #ifndef NO_GSSAPI | |
7 | ||
8 | /* | |
9 | * On Unix, if we're statically linking against GSSAPI, we leave the | |
10 | * declaration of all this lot to the official header. If we're | |
11 | * dynamically linking, we declare it ourselves, because that avoids | |
12 | * us needing the official header at compile time. | |
13 | * | |
14 | * However, we still need the function pointer types, because even | |
15 | * with statically linked GSSAPI we use the ssh_gss_library wrapper. | |
16 | */ | |
17 | #ifdef STATIC_GSSAPI | |
18 | #include <gssapi/gssapi.h> | |
19 | typedef gss_OID const_gss_OID; /* for our prototypes below */ | |
20 | #else /* STATIC_GSSAPI */ | |
21 | ||
22 | /******************************************************************************* | |
23 | * GSSAPI Definitions, taken from RFC 2744 | |
24 | ******************************************************************************/ | |
25 | ||
26 | /* GSSAPI Type Definitions */ | |
27 | typedef uint32 OM_uint32; | |
28 | ||
29 | typedef struct gss_OID_desc_struct { | |
30 | OM_uint32 length; | |
31 | void *elements; | |
32 | } gss_OID_desc; | |
33 | typedef const gss_OID_desc *const_gss_OID; | |
34 | typedef gss_OID_desc *gss_OID; | |
35 | ||
36 | typedef struct gss_OID_set_desc_struct { | |
37 | size_t count; | |
38 | gss_OID elements; | |
39 | } gss_OID_set_desc; | |
40 | typedef const gss_OID_set_desc *const_gss_OID_set; | |
41 | typedef gss_OID_set_desc *gss_OID_set; | |
42 | ||
43 | typedef struct gss_buffer_desc_struct { | |
44 | size_t length; | |
45 | void *value; | |
46 | } gss_buffer_desc, *gss_buffer_t; | |
47 | ||
48 | typedef struct gss_channel_bindings_struct { | |
49 | OM_uint32 initiator_addrtype; | |
50 | gss_buffer_desc initiator_address; | |
51 | OM_uint32 acceptor_addrtype; | |
52 | gss_buffer_desc acceptor_address; | |
53 | gss_buffer_desc application_data; | |
54 | } *gss_channel_bindings_t; | |
55 | ||
56 | typedef void * gss_ctx_id_t; | |
57 | typedef void * gss_name_t; | |
58 | typedef void * gss_cred_id_t; | |
59 | ||
60 | typedef OM_uint32 gss_qop_t; | |
61 | ||
62 | /* Flag bits for context-level services. */ | |
63 | ||
64 | #define GSS_C_DELEG_FLAG 1 | |
65 | #define GSS_C_MUTUAL_FLAG 2 | |
66 | #define GSS_C_REPLAY_FLAG 4 | |
67 | #define GSS_C_SEQUENCE_FLAG 8 | |
68 | #define GSS_C_CONF_FLAG 16 | |
69 | #define GSS_C_INTEG_FLAG 32 | |
70 | #define GSS_C_ANON_FLAG 64 | |
71 | #define GSS_C_PROT_READY_FLAG 128 | |
72 | #define GSS_C_TRANS_FLAG 256 | |
73 | ||
74 | /* Credential usage options */ | |
75 | #define GSS_C_BOTH 0 | |
76 | #define GSS_C_INITIATE 1 | |
77 | #define GSS_C_ACCEPT 2 | |
78 | ||
79 | /* Status code types for gss_display_status */ | |
80 | #define GSS_C_GSS_CODE 1 | |
81 | #define GSS_C_MECH_CODE 2 | |
82 | ||
83 | /* The constant definitions for channel-bindings address families */ | |
84 | #define GSS_C_AF_UNSPEC 0 | |
85 | #define GSS_C_AF_LOCAL 1 | |
86 | #define GSS_C_AF_INET 2 | |
87 | #define GSS_C_AF_IMPLINK 3 | |
88 | #define GSS_C_AF_PUP 4 | |
89 | #define GSS_C_AF_CHAOS 5 | |
90 | #define GSS_C_AF_NS 6 | |
91 | #define GSS_C_AF_NBS 7 | |
92 | #define GSS_C_AF_ECMA 8 | |
93 | #define GSS_C_AF_DATAKIT 9 | |
94 | #define GSS_C_AF_CCITT 10 | |
95 | #define GSS_C_AF_SNA 11 | |
96 | #define GSS_C_AF_DECnet 12 | |
97 | #define GSS_C_AF_DLI 13 | |
98 | #define GSS_C_AF_LAT 14 | |
99 | #define GSS_C_AF_HYLINK 15 | |
100 | #define GSS_C_AF_APPLETALK 16 | |
101 | #define GSS_C_AF_BSC 17 | |
102 | #define GSS_C_AF_DSS 18 | |
103 | #define GSS_C_AF_OSI 19 | |
104 | #define GSS_C_AF_X25 21 | |
105 | ||
106 | #define GSS_C_AF_NULLADDR 255 | |
107 | ||
108 | /* Various Null values */ | |
109 | #define GSS_C_NO_NAME ((gss_name_t) 0) | |
110 | #define GSS_C_NO_BUFFER ((gss_buffer_t) 0) | |
111 | #define GSS_C_NO_OID ((gss_OID) 0) | |
112 | #define GSS_C_NO_OID_SET ((gss_OID_set) 0) | |
113 | #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) | |
114 | #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) | |
115 | #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) | |
116 | #define GSS_C_EMPTY_BUFFER {0, NULL} | |
117 | ||
118 | /* Major status codes */ | |
119 | #define GSS_S_COMPLETE 0 | |
120 | ||
121 | /* Some "helper" definitions to make the status code macros obvious. */ | |
122 | #define GSS_C_CALLING_ERROR_OFFSET 24 | |
123 | #define GSS_C_ROUTINE_ERROR_OFFSET 16 | |
124 | ||
125 | #define GSS_C_SUPPLEMENTARY_OFFSET 0 | |
126 | #define GSS_C_CALLING_ERROR_MASK 0377ul | |
127 | #define GSS_C_ROUTINE_ERROR_MASK 0377ul | |
128 | #define GSS_C_SUPPLEMENTARY_MASK 0177777ul | |
129 | ||
130 | /* | |
131 | * The macros that test status codes for error conditions. | |
132 | * Note that the GSS_ERROR() macro has changed slightly from | |
133 | * the V1 GSS-API so that it now evaluates its argument | |
134 | * only once. | |
135 | */ | |
136 | #define GSS_CALLING_ERROR(x) \ | |
137 | (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) | |
138 | #define GSS_ROUTINE_ERROR(x) \ | |
139 | (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) | |
140 | #define GSS_SUPPLEMENTARY_INFO(x) \ | |
141 | (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) | |
142 | #define GSS_ERROR(x) \ | |
143 | (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ | |
144 | (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) | |
145 | ||
146 | /* Now the actual status code definitions */ | |
147 | ||
148 | /* Calling errors: */ | |
149 | #define GSS_S_CALL_INACCESSIBLE_READ \ | |
150 | (1ul << GSS_C_CALLING_ERROR_OFFSET) | |
151 | #define GSS_S_CALL_INACCESSIBLE_WRITE \ | |
152 | (2ul << GSS_C_CALLING_ERROR_OFFSET) | |
153 | #define GSS_S_CALL_BAD_STRUCTURE \ | |
154 | (3ul << GSS_C_CALLING_ERROR_OFFSET) | |
155 | ||
156 | /* Routine errors: */ | |
157 | #define GSS_S_BAD_MECH (1ul << \ | |
158 | GSS_C_ROUTINE_ERROR_OFFSET) | |
159 | #define GSS_S_BAD_NAME (2ul << \ | |
160 | GSS_C_ROUTINE_ERROR_OFFSET) | |
161 | #define GSS_S_BAD_NAMETYPE (3ul << \ | |
162 | GSS_C_ROUTINE_ERROR_OFFSET) | |
163 | #define GSS_S_BAD_BINDINGS (4ul << \ | |
164 | GSS_C_ROUTINE_ERROR_OFFSET) | |
165 | #define GSS_S_BAD_STATUS (5ul << \ | |
166 | GSS_C_ROUTINE_ERROR_OFFSET) | |
167 | #define GSS_S_BAD_SIG (6ul << \ | |
168 | GSS_C_ROUTINE_ERROR_OFFSET) | |
169 | #define GSS_S_BAD_MIC GSS_S_BAD_SIG | |
170 | #define GSS_S_NO_CRED (7ul << \ | |
171 | GSS_C_ROUTINE_ERROR_OFFSET) | |
172 | #define GSS_S_NO_CONTEXT (8ul << \ | |
173 | GSS_C_ROUTINE_ERROR_OFFSET) | |
174 | #define GSS_S_DEFECTIVE_TOKEN (9ul << \ | |
175 | GSS_C_ROUTINE_ERROR_OFFSET) | |
176 | #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << \ | |
177 | GSS_C_ROUTINE_ERROR_OFFSET) | |
178 | #define GSS_S_CREDENTIALS_EXPIRED (11ul << \ | |
179 | GSS_C_ROUTINE_ERROR_OFFSET) | |
180 | #define GSS_S_CONTEXT_EXPIRED (12ul << \ | |
181 | GSS_C_ROUTINE_ERROR_OFFSET) | |
182 | #define GSS_S_FAILURE (13ul << \ | |
183 | GSS_C_ROUTINE_ERROR_OFFSET) | |
184 | #define GSS_S_BAD_QOP (14ul << \ | |
185 | GSS_C_ROUTINE_ERROR_OFFSET) | |
186 | #define GSS_S_UNAUTHORIZED (15ul << \ | |
187 | GSS_C_ROUTINE_ERROR_OFFSET) | |
188 | #define GSS_S_UNAVAILABLE (16ul << \ | |
189 | GSS_C_ROUTINE_ERROR_OFFSET) | |
190 | #define GSS_S_DUPLICATE_ELEMENT (17ul << \ | |
191 | GSS_C_ROUTINE_ERROR_OFFSET) | |
192 | #define GSS_S_NAME_NOT_MN (18ul << \ | |
193 | GSS_C_ROUTINE_ERROR_OFFSET) | |
194 | ||
195 | /* Supplementary info bits: */ | |
196 | #define GSS_S_CONTINUE_NEEDED \ | |
197 | (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) | |
198 | #define GSS_S_DUPLICATE_TOKEN \ | |
199 | (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) | |
200 | #define GSS_S_OLD_TOKEN \ | |
201 | (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) | |
202 | #define GSS_S_UNSEQ_TOKEN \ | |
203 | (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) | |
204 | #define GSS_S_GAP_TOKEN \ | |
205 | (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) | |
206 | ||
207 | extern const_gss_OID GSS_C_NT_USER_NAME; | |
208 | extern const_gss_OID GSS_C_NT_MACHINE_UID_NAME; | |
209 | extern const_gss_OID GSS_C_NT_STRING_UID_NAME; | |
210 | extern const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; | |
211 | extern const_gss_OID GSS_C_NT_HOSTBASED_SERVICE; | |
212 | extern const_gss_OID GSS_C_NT_ANONYMOUS; | |
213 | extern const_gss_OID GSS_C_NT_EXPORT_NAME; | |
214 | ||
215 | #endif /* STATIC_GSSAPI */ | |
216 | ||
217 | extern const gss_OID GSS_MECH_KRB5; | |
218 | ||
219 | /* GSSAPI functions we use. | |
220 | * TODO: Replace with all GSSAPI functions from RFC? | |
221 | */ | |
222 | ||
223 | /* Calling convention, just in case we need one. */ | |
224 | #ifndef GSS_CC | |
225 | #define GSS_CC | |
226 | #endif /*GSS_CC*/ | |
227 | ||
228 | typedef OM_uint32 (GSS_CC *t_gss_release_cred) | |
229 | (OM_uint32 * /*minor_status*/, | |
230 | gss_cred_id_t * /*cred_handle*/); | |
231 | ||
232 | typedef OM_uint32 (GSS_CC *t_gss_init_sec_context) | |
233 | (OM_uint32 * /*minor_status*/, | |
234 | const gss_cred_id_t /*initiator_cred_handle*/, | |
235 | gss_ctx_id_t * /*context_handle*/, | |
236 | const gss_name_t /*target_name*/, | |
237 | const gss_OID /*mech_type*/, | |
238 | OM_uint32 /*req_flags*/, | |
239 | OM_uint32 /*time_req*/, | |
240 | const gss_channel_bindings_t /*input_chan_bindings*/, | |
241 | const gss_buffer_t /*input_token*/, | |
242 | gss_OID * /*actual_mech_type*/, | |
243 | gss_buffer_t /*output_token*/, | |
244 | OM_uint32 * /*ret_flags*/, | |
245 | OM_uint32 * /*time_rec*/); | |
246 | ||
247 | typedef OM_uint32 (GSS_CC *t_gss_delete_sec_context) | |
248 | (OM_uint32 * /*minor_status*/, | |
249 | gss_ctx_id_t * /*context_handle*/, | |
250 | gss_buffer_t /*output_token*/); | |
251 | ||
252 | typedef OM_uint32 (GSS_CC *t_gss_get_mic) | |
253 | (OM_uint32 * /*minor_status*/, | |
254 | const gss_ctx_id_t /*context_handle*/, | |
255 | gss_qop_t /*qop_req*/, | |
256 | const gss_buffer_t /*message_buffer*/, | |
257 | gss_buffer_t /*msg_token*/); | |
258 | ||
259 | typedef OM_uint32 (GSS_CC *t_gss_display_status) | |
260 | (OM_uint32 * /*minor_status*/, | |
261 | OM_uint32 /*status_value*/, | |
262 | int /*status_type*/, | |
263 | const gss_OID /*mech_type*/, | |
264 | OM_uint32 * /*message_context*/, | |
265 | gss_buffer_t /*status_string*/); | |
266 | ||
267 | ||
268 | typedef OM_uint32 (GSS_CC *t_gss_import_name) | |
269 | (OM_uint32 * /*minor_status*/, | |
270 | const gss_buffer_t /*input_name_buffer*/, | |
271 | const_gss_OID /*input_name_type*/, | |
272 | gss_name_t * /*output_name*/); | |
273 | ||
274 | ||
275 | typedef OM_uint32 (GSS_CC *t_gss_release_name) | |
276 | (OM_uint32 * /*minor_status*/, | |
277 | gss_name_t * /*name*/); | |
278 | ||
279 | typedef OM_uint32 (GSS_CC *t_gss_release_buffer) | |
280 | (OM_uint32 * /*minor_status*/, | |
281 | gss_buffer_t /*buffer*/); | |
282 | ||
283 | struct gssapi_functions { | |
284 | t_gss_delete_sec_context delete_sec_context; | |
285 | t_gss_display_status display_status; | |
286 | t_gss_get_mic get_mic; | |
287 | t_gss_import_name import_name; | |
288 | t_gss_init_sec_context init_sec_context; | |
289 | t_gss_release_buffer release_buffer; | |
290 | t_gss_release_cred release_cred; | |
291 | t_gss_release_name release_name; | |
292 | }; | |
293 | ||
294 | #endif /* NO_GSSAPI */ | |
295 | ||
296 | #endif /* PUTTY_PGSSAPI_H */ |