[u/mdw/putty] / sshgss.h

#ifndef PUTTY_SSHGSS_H
#define PUTTY_SSHGSS_H
#include "putty.h"
#include "pgssapi.h"

#ifndef NO_GSSAPI

#define SSH2_GSS_OIDTYPE 0x06
typedef void *Ssh_gss_ctx;

typedef enum Ssh_gss_stat {
    SSH_GSS_OK = 0,
    SSH_GSS_S_CONTINUE_NEEDED,
    SSH_GSS_NO_MEM,
    SSH_GSS_BAD_HOST_NAME,
    SSH_GSS_FAILURE
} Ssh_gss_stat;

#define SSH_GSS_S_COMPLETE SSH_GSS_OK

#define SSH_GSS_CLEAR_BUF(buf) do {		\
    (*buf).length = 0;				\
    (*buf).value = NULL;				\
} while (0)

typedef gss_buffer_desc Ssh_gss_buf;
typedef gss_name_t Ssh_gss_name;

/* Functions, provided by either wingss.c or sshgssc.c */

struct ssh_gss_library;

/*
 * Prepare a collection of GSSAPI libraries for use in a single SSH
 * connection. Returns a structure containing a list of libraries,
 * with their ids (see struct ssh_gss_library below) filled in so
 * that the client can go through them in the SSH user's preferred
 * order.
 *
 * Must always return non-NULL. (Even if no libraries are available,
 * it must return an empty structure.)
 *
 * The free function cleans up the structure, and its associated
 * libraries (if any).
 */
struct ssh_gss_liblist {
    struct ssh_gss_library *libraries;
    int nlibraries;
};
struct ssh_gss_liblist *ssh_gss_setup(Conf *conf);
void ssh_gss_cleanup(struct ssh_gss_liblist *list);

/*
 * Fills in buf with a string describing the GSSAPI mechanism in
 * use. buf->data is not dynamically allocated.
 */
typedef Ssh_gss_stat (*t_ssh_gss_indicate_mech)(struct ssh_gss_library *lib,
						Ssh_gss_buf *buf);

/*
 * Converts a name such as a hostname into a GSSAPI internal form,
 * which is placed in "out". The result should be freed by
 * ssh_gss_release_name().
 */
typedef Ssh_gss_stat (*t_ssh_gss_import_name)(struct ssh_gss_library *lib,
					      char *in, Ssh_gss_name *out);

/*
 * Frees the contents of an Ssh_gss_name structure filled in by
 * ssh_gss_import_name().
 */
typedef Ssh_gss_stat (*t_ssh_gss_release_name)(struct ssh_gss_library *lib,
					       Ssh_gss_name *name);

/*
 * The main GSSAPI security context setup function. The "out"
 * parameter will need to be freed by ssh_gss_free_tok.
 */
typedef Ssh_gss_stat (*t_ssh_gss_init_sec_context)
    (struct ssh_gss_library *lib,
     Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate,
     Ssh_gss_buf *in, Ssh_gss_buf *out);

/*
 * Frees the contents of an Ssh_gss_buf filled in by
 * ssh_gss_init_sec_context(). Do not accidentally call this on
 * something filled in by ssh_gss_get_mic() (which requires a
 * different free function) or something filled in by any other
 * way.
 */
typedef Ssh_gss_stat (*t_ssh_gss_free_tok)(struct ssh_gss_library *lib,
					   Ssh_gss_buf *);

/*
 * Acquires the credentials to perform authentication in the first
 * place. Needs to be freed by ssh_gss_release_cred().
 */
typedef Ssh_gss_stat (*t_ssh_gss_acquire_cred)(struct ssh_gss_library *lib,
					       Ssh_gss_ctx *);

/*
 * Frees the contents of an Ssh_gss_ctx filled in by
 * ssh_gss_acquire_cred().
 */
typedef Ssh_gss_stat (*t_ssh_gss_release_cred)(struct ssh_gss_library *lib,
					       Ssh_gss_ctx *);

/*
 * Gets a MIC for some input data. "out" needs to be freed by
 * ssh_gss_free_mic().
 */
typedef Ssh_gss_stat (*t_ssh_gss_get_mic)(struct ssh_gss_library *lib,
					  Ssh_gss_ctx ctx, Ssh_gss_buf *in,
                 Ssh_gss_buf *out);

/*
 * Frees the contents of an Ssh_gss_buf filled in by
 * ssh_gss_get_mic(). Do not accidentally call this on something
 * filled in by ssh_gss_init_sec_context() (which requires a
 * different free function) or something filled in by any other
 * way.
 */
typedef Ssh_gss_stat (*t_ssh_gss_free_mic)(struct ssh_gss_library *lib,
					   Ssh_gss_buf *);

/*
 * Return an error message after authentication failed. The
 * message string is returned in "buf", with buf->len giving the
 * number of characters of printable message text and buf->data
 * containing one more character which is a trailing NUL.
 * buf->data should be manually freed by the caller. 
 */
typedef Ssh_gss_stat (*t_ssh_gss_display_status)(struct ssh_gss_library *lib,
						 Ssh_gss_ctx, Ssh_gss_buf *buf);

struct ssh_gss_library {
    /*
     * Identifying number in the enumeration used by the
     * configuration code to specify a preference order.
     */
    int id;

    /*
     * Filled in at initialisation time, if there's anything
     * interesting to say about how GSSAPI was initialised (e.g.
     * which of a number of alternative libraries was used).
     */
    const char *gsslogmsg;

    /*
     * Function pointers implementing the SSH wrapper layer on top
     * of GSSAPI. (Defined in sshgssc, typically, though Windows
     * provides an alternative layer to sit on top of the annoyingly
     * different SSPI.)
     */
    t_ssh_gss_indicate_mech indicate_mech;
    t_ssh_gss_import_name import_name;
    t_ssh_gss_release_name release_name;
    t_ssh_gss_init_sec_context init_sec_context;
    t_ssh_gss_free_tok free_tok;
    t_ssh_gss_acquire_cred acquire_cred;
    t_ssh_gss_release_cred release_cred;
    t_ssh_gss_get_mic get_mic;
    t_ssh_gss_free_mic free_mic;
    t_ssh_gss_display_status display_status;

    /*
     * Additional data for the wrapper layers.
     */
    union {
	struct gssapi_functions gssapi;
	/*
	 * The SSPI wrappers don't need to store their Windows API
	 * function pointers in this structure, because there can't
	 * be more than one set of them available.
	 */
    } u;

    /*
     * Wrapper layers will often also need to store a library handle
     * of some sort for cleanup time.
     */
    void *handle;
};

#endif /* NO_GSSAPI */

#endif /*PUTTY_SSHGSS_H*/
Commit	Line	Data
b3d375b2	1	#ifndef PUTTY_SSHGSS_H
	2	#define PUTTY_SSHGSS_H
	3	#include "putty.h"
	4	#include "pgssapi.h"
	5
	6	#ifndef NO_GSSAPI
74e04880	7
42af6a67	8	#define SSH2_GSS_OIDTYPE 0x06
42af6a67	9	typedef void *Ssh_gss_ctx;
42af6a67	10
	11	typedef enum Ssh_gss_stat {
	12	SSH_GSS_OK = 0,
	13	SSH_GSS_S_CONTINUE_NEEDED,
	14	SSH_GSS_NO_MEM,
	15	SSH_GSS_BAD_HOST_NAME,
	16	SSH_GSS_FAILURE
	17	} Ssh_gss_stat;
	18
	19	#define SSH_GSS_S_COMPLETE SSH_GSS_OK
	20
42af6a67	21	#define SSH_GSS_CLEAR_BUF(buf) do { \
86557057	22	(*buf).length = 0; \
86557057	23	(*buf).value = NULL; \
42af6a67	24	} while (0)
42af6a67	25
b3d375b2	26	typedef gss_buffer_desc Ssh_gss_buf;
	27	typedef gss_name_t Ssh_gss_name;
	28
	29	/* Functions, provided by either wingss.c or sshgssc.c */
	30
	31	struct ssh_gss_library;
42af6a67	32
42af6a67	33	/*
1e00c92b	34	* Prepare a collection of GSSAPI libraries for use in a single SSH
	35	* connection. Returns a structure containing a list of libraries,
	36	* with their ids (see struct ssh_gss_library below) filled in so
	37	* that the client can go through them in the SSH user's preferred
	38	* order.
42af6a67	39	*
1e00c92b	40	* Must always return non-NULL. (Even if no libraries are available,
	41	* it must return an empty structure.)
	42	*
	43	* The free function cleans up the structure, and its associated
	44	* libraries (if any).
42af6a67	45	*/
1e00c92b	46	struct ssh_gss_liblist {
	47	struct ssh_gss_library *libraries;
	48	int nlibraries;
	49	};
4a693cfc	50	struct ssh_gss_liblist ssh_gss_setup(Conf conf);
1e00c92b	51	void ssh_gss_cleanup(struct ssh_gss_liblist *list);
42af6a67	52
	53	/*
	54	* Fills in buf with a string describing the GSSAPI mechanism in
	55	* use. buf->data is not dynamically allocated.
	56	*/
b3d375b2	57	typedef Ssh_gss_stat (t_ssh_gss_indicate_mech)(struct ssh_gss_library lib,
b3d375b2	58	Ssh_gss_buf *buf);
42af6a67	59
	60	/*
	61	* Converts a name such as a hostname into a GSSAPI internal form,
	62	* which is placed in "out". The result should be freed by
	63	* ssh_gss_release_name().
	64	*/
b3d375b2	65	typedef Ssh_gss_stat (t_ssh_gss_import_name)(struct ssh_gss_library lib,
b3d375b2	66	char in, Ssh_gss_name out);
42af6a67	67
	68	/*
	69	* Frees the contents of an Ssh_gss_name structure filled in by
	70	* ssh_gss_import_name().
	71	*/
b3d375b2	72	typedef Ssh_gss_stat (t_ssh_gss_release_name)(struct ssh_gss_library lib,
b3d375b2	73	Ssh_gss_name *name);
42af6a67	74
	75	/*
	76	* The main GSSAPI security context setup function. The "out"
	77	* parameter will need to be freed by ssh_gss_free_tok.
	78	*/
b3d375b2	79	typedef Ssh_gss_stat (*t_ssh_gss_init_sec_context)
	80	(struct ssh_gss_library *lib,
	81	Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate,
	82	Ssh_gss_buf in, Ssh_gss_buf out);
42af6a67	83
	84	/*
	85	* Frees the contents of an Ssh_gss_buf filled in by
	86	* ssh_gss_init_sec_context(). Do not accidentally call this on
	87	* something filled in by ssh_gss_get_mic() (which requires a
	88	* different free function) or something filled in by any other
	89	* way.
	90	*/
b3d375b2	91	typedef Ssh_gss_stat (t_ssh_gss_free_tok)(struct ssh_gss_library lib,
b3d375b2	92	Ssh_gss_buf *);
42af6a67	93
	94	/*
	95	* Acquires the credentials to perform authentication in the first
	96	* place. Needs to be freed by ssh_gss_release_cred().
	97	*/
b3d375b2	98	typedef Ssh_gss_stat (t_ssh_gss_acquire_cred)(struct ssh_gss_library lib,
b3d375b2	99	Ssh_gss_ctx *);
42af6a67	100
	101	/*
	102	* Frees the contents of an Ssh_gss_ctx filled in by
	103	* ssh_gss_acquire_cred().
	104	*/
b3d375b2	105	typedef Ssh_gss_stat (t_ssh_gss_release_cred)(struct ssh_gss_library lib,
b3d375b2	106	Ssh_gss_ctx *);
42af6a67	107
	108	/*
	109	* Gets a MIC for some input data. "out" needs to be freed by
	110	* ssh_gss_free_mic().
	111	*/
b3d375b2	112	typedef Ssh_gss_stat (t_ssh_gss_get_mic)(struct ssh_gss_library lib,
	113	Ssh_gss_ctx ctx, Ssh_gss_buf *in,
	114	Ssh_gss_buf *out);
42af6a67	115
	116	/*
	117	* Frees the contents of an Ssh_gss_buf filled in by
	118	* ssh_gss_get_mic(). Do not accidentally call this on something
	119	* filled in by ssh_gss_init_sec_context() (which requires a
	120	* different free function) or something filled in by any other
	121	* way.
	122	*/
b3d375b2	123	typedef Ssh_gss_stat (t_ssh_gss_free_mic)(struct ssh_gss_library lib,
b3d375b2	124	Ssh_gss_buf *);
42af6a67	125
	126	/*
	127	* Return an error message after authentication failed. The
	128	* message string is returned in "buf", with buf->len giving the
	129	* number of characters of printable message text and buf->data
	130	* containing one more character which is a trailing NUL.
	131	* buf->data should be manually freed by the caller.
	132	*/
b3d375b2	133	typedef Ssh_gss_stat (t_ssh_gss_display_status)(struct ssh_gss_library lib,
	134	Ssh_gss_ctx, Ssh_gss_buf *buf);
	135
	136	struct ssh_gss_library {
	137	/*
	138	* Identifying number in the enumeration used by the
	139	* configuration code to specify a preference order.
	140	*/
	141	int id;
	142
	143	/*
	144	* Filled in at initialisation time, if there's anything
	145	* interesting to say about how GSSAPI was initialised (e.g.
	146	* which of a number of alternative libraries was used).
	147	*/
	148	const char *gsslogmsg;
	149
	150	/*
	151	* Function pointers implementing the SSH wrapper layer on top
	152	* of GSSAPI. (Defined in sshgssc, typically, though Windows
	153	* provides an alternative layer to sit on top of the annoyingly
	154	* different SSPI.)
	155	*/
	156	t_ssh_gss_indicate_mech indicate_mech;
	157	t_ssh_gss_import_name import_name;
	158	t_ssh_gss_release_name release_name;
	159	t_ssh_gss_init_sec_context init_sec_context;
	160	t_ssh_gss_free_tok free_tok;
	161	t_ssh_gss_acquire_cred acquire_cred;
	162	t_ssh_gss_release_cred release_cred;
	163	t_ssh_gss_get_mic get_mic;
	164	t_ssh_gss_free_mic free_mic;
	165	t_ssh_gss_display_status display_status;
	166
	167	/*
	168	* Additional data for the wrapper layers.
	169	*/
	170	union {
	171	struct gssapi_functions gssapi;
	172	/*
	173	* The SSPI wrappers don't need to store their Windows API
	174	* function pointers in this structure, because there can't
	175	* be more than one set of them available.
	176	*/
	177	} u;
b3d375b2	178
1e00c92b	179	/*
	180	* Wrapper layers will often also need to store a library handle
	181	* of some sort for cleanup time.
	182	*/
	183	void *handle;
	184	};
b3d375b2	185
	186	#endif /* NO_GSSAPI */
	187
	188	#endif /PUTTY_SSHGSS_H/