diff options
Diffstat (limited to 'src/lib/gssapi/krb5/gssapiP_krb5.h')
-rw-r--r-- | src/lib/gssapi/krb5/gssapiP_krb5.h | 77 |
1 files changed, 56 insertions, 21 deletions
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 11b7c50..bcbde38 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -68,8 +68,17 @@ ((x) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \ GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG))) +#define KG2_TOK_INITIAL 0x0101 +#define KG2_TOK_RESPONSE 0x0202 +#define KG2_TOK_MIC 0x0303 +#define KG2_TOK_WRAP_INTEG 0x0404 +#define KG2_TOK_WRAP_PRIV 0x0505 + #define KRB5_GSS_FOR_CREDS_OPTION 1 +#define KG2_RESP_FLAG_ERROR 0x0001 +#define KG2_RESP_FLAG_DELEG_OK 0x0002 + /** internal types **/ typedef krb5_principal krb5_gss_name_t; @@ -78,25 +87,19 @@ typedef struct _krb5_gss_cred_id_rec { /* name/type of credential */ gss_cred_usage_t usage; krb5_principal princ; /* this is not interned as a gss_name_t */ - const gss_OID_set_desc *actual_mechs; - int prerfc_mech; /* these are a cache of the set above */ + int prerfc_mech; int rfc_mech; + int rfcv2_mech; /* keytab (accept) data */ krb5_keytab keytab; + krb5_rcache rcache; /* ccache (init) data */ krb5_ccache ccache; krb5_timestamp tgt_expire; - krb5_rcache rcache; } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; -typedef struct _krb5_gss_enc_desc { - int processed; - krb5_keyblock *key; - krb5_encrypt_block eblock; -} krb5_gss_enc_desc; - typedef struct _krb5_gss_ctx_id_rec { int initiate; /* nonzero if initiating, zero if accepting */ OM_uint32 gss_flags; @@ -108,21 +111,35 @@ typedef struct _krb5_gss_ctx_id_rec { int signalg; int cksum_size; int sealalg; - krb5_gss_enc_desc enc; - krb5_gss_enc_desc seq; + krb5_keyblock *enc; + krb5_keyblock *seq; krb5_timestamp endtime; krb5_flags krb_flags; - krb5_int32 seq_send; - krb5_int32 seq_recv; + /* XXX these used to be signed. the old spec is inspecific, and + the new spec specifies unsigned. I don't believe that the change + affects the wire encoding. */ + krb5_ui_4 seq_send; + krb5_ui_4 seq_recv; void *seqstate; int established; int big_endian; krb5_auth_context auth_context; gss_OID_desc *mech_used; + int gsskrb5_version; + int nctypes; + krb5_cksumtype *ctypes; } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t; extern void *kg_vdb; +struct kg2_option { + int option_id; /* set by caller */ + int length; /* filled in by parser */ + unsigned char *data; /* filled in by parser. points inside + passed-in token, so nothing needs to + be freed */ +}; + /* helper macros */ #define kg_save_name(name) g_save_name(&kg_vdb,name) @@ -151,12 +168,12 @@ krb5_error_code kg_checksum_channel_bindings int bigend)); krb5_error_code kg_make_seq_num PROTOTYPE((krb5_context context, - krb5_gss_enc_desc *ed, + krb5_keyblock *key, int direction, krb5_int32 seqnum, unsigned char *cksum, unsigned char *buf)); krb5_error_code kg_get_seq_num PROTOTYPE((krb5_context context, - krb5_gss_enc_desc *ed, + krb5_keyblock *key, unsigned char *cksum, unsigned char *buf, int *direction, krb5_int32 *seqnum)); @@ -164,19 +181,20 @@ krb5_error_code kg_make_seed PROTOTYPE((krb5_context context, krb5_keyblock *key, unsigned char *seed)); -int kg_confounder_size PROTOTYPE((krb5_gss_enc_desc *ed)); +int kg_confounder_size PROTOTYPE((krb5_context context, krb5_keyblock *key)); -krb5_error_code kg_make_confounder PROTOTYPE((krb5_gss_enc_desc *ed, - unsigned char *buf)); +krb5_error_code kg_make_confounder PROTOTYPE((krb5_context context, + krb5_keyblock *key, unsigned char *buf)); -int kg_encrypt_size PROTOTYPE((krb5_gss_enc_desc *ed, int n)); +int kg_encrypt_size PROTOTYPE((krb5_context context, + krb5_keyblock *key, int n)); krb5_error_code kg_encrypt PROTOTYPE((krb5_context context, - krb5_gss_enc_desc *ed, + krb5_keyblock *key, krb5_pointer iv, krb5_pointer in, krb5_pointer out, int length)); krb5_error_code kg_decrypt PROTOTYPE((krb5_context context, - krb5_gss_enc_desc *ed, + krb5_keyblock *key, krb5_pointer iv, krb5_pointer in, krb5_pointer out, int length)); OM_uint32 kg_seal PROTOTYPE((krb5_context context, @@ -223,6 +241,23 @@ krb5_error_code kg_ctx_internalize PROTOTYPE((krb5_context kcontext, OM_uint32 kg_get_context PROTOTYPE((OM_uint32 *minor_status, krb5_context *context)); +OM_uint32 +kg2_parse_token PROTOTYPE((OM_uint32 *minor_status, + unsigned char *ptr, + int length, + krb5_ui_4 *flags, + int *nctypes, /* OUT */ + krb5_cksumtype **ctypes, /* OUT */ + int noptions, + struct kg2_option *options, /* INOUT */ + krb5_data *kmsg, + krb5_data *mic)); + +void kg2_intersect_ctypes PROTOTYPE((int *nc1, + krb5_cksumtype *c1, + int nc2, + const krb5_cksumtype *c2)); + /** declarations of internal name mechanism functions **/ OM_uint32 krb5_gss_acquire_cred |