| 1 | #ifndef PUTTY_PGSSAPI_H |
| 2 | #define PUTTY_PGSSAPI_H |
| 3 | |
| 4 | #include "putty.h" |
| 5 | |
| 6 | #ifndef NO_GSSAPI |
| 7 | |
| 8 | /* |
| 9 | * On Unix, if we're statically linking against GSSAPI, we leave the |
| 10 | * declaration of all this lot to the official header. If we're |
| 11 | * dynamically linking, we declare it ourselves, because that avoids |
| 12 | * us needing the official header at compile time. |
| 13 | * |
| 14 | * However, we still need the function pointer types, because even |
| 15 | * with statically linked GSSAPI we use the ssh_gss_library wrapper. |
| 16 | */ |
| 17 | #ifdef STATIC_GSSAPI |
| 18 | #include <gssapi/gssapi.h> |
| 19 | typedef gss_OID const_gss_OID; /* for our prototypes below */ |
| 20 | #else /* STATIC_GSSAPI */ |
| 21 | |
| 22 | /******************************************************************************* |
| 23 | * GSSAPI Definitions, taken from RFC 2744 |
| 24 | ******************************************************************************/ |
| 25 | |
| 26 | /* GSSAPI Type Definitions */ |
| 27 | typedef uint32 OM_uint32; |
| 28 | |
| 29 | typedef struct gss_OID_desc_struct { |
| 30 | OM_uint32 length; |
| 31 | void *elements; |
| 32 | } gss_OID_desc; |
| 33 | typedef const gss_OID_desc *const_gss_OID; |
| 34 | typedef gss_OID_desc *gss_OID; |
| 35 | |
| 36 | typedef struct gss_OID_set_desc_struct { |
| 37 | size_t count; |
| 38 | gss_OID elements; |
| 39 | } gss_OID_set_desc; |
| 40 | typedef const gss_OID_set_desc *const_gss_OID_set; |
| 41 | typedef gss_OID_set_desc *gss_OID_set; |
| 42 | |
| 43 | typedef struct gss_buffer_desc_struct { |
| 44 | size_t length; |
| 45 | void *value; |
| 46 | } gss_buffer_desc, *gss_buffer_t; |
| 47 | |
| 48 | typedef struct gss_channel_bindings_struct { |
| 49 | OM_uint32 initiator_addrtype; |
| 50 | gss_buffer_desc initiator_address; |
| 51 | OM_uint32 acceptor_addrtype; |
| 52 | gss_buffer_desc acceptor_address; |
| 53 | gss_buffer_desc application_data; |
| 54 | } *gss_channel_bindings_t; |
| 55 | |
| 56 | typedef void * gss_ctx_id_t; |
| 57 | typedef void * gss_name_t; |
| 58 | typedef void * gss_cred_id_t; |
| 59 | |
| 60 | typedef OM_uint32 gss_qop_t; |
| 61 | |
| 62 | /* Flag bits for context-level services. */ |
| 63 | |
| 64 | #define GSS_C_DELEG_FLAG 1 |
| 65 | #define GSS_C_MUTUAL_FLAG 2 |
| 66 | #define GSS_C_REPLAY_FLAG 4 |
| 67 | #define GSS_C_SEQUENCE_FLAG 8 |
| 68 | #define GSS_C_CONF_FLAG 16 |
| 69 | #define GSS_C_INTEG_FLAG 32 |
| 70 | #define GSS_C_ANON_FLAG 64 |
| 71 | #define GSS_C_PROT_READY_FLAG 128 |
| 72 | #define GSS_C_TRANS_FLAG 256 |
| 73 | |
| 74 | /* Credential usage options */ |
| 75 | #define GSS_C_BOTH 0 |
| 76 | #define GSS_C_INITIATE 1 |
| 77 | #define GSS_C_ACCEPT 2 |
| 78 | |
| 79 | /* Status code types for gss_display_status */ |
| 80 | #define GSS_C_GSS_CODE 1 |
| 81 | #define GSS_C_MECH_CODE 2 |
| 82 | |
| 83 | /* The constant definitions for channel-bindings address families */ |
| 84 | #define GSS_C_AF_UNSPEC 0 |
| 85 | #define GSS_C_AF_LOCAL 1 |
| 86 | #define GSS_C_AF_INET 2 |
| 87 | #define GSS_C_AF_IMPLINK 3 |
| 88 | #define GSS_C_AF_PUP 4 |
| 89 | #define GSS_C_AF_CHAOS 5 |
| 90 | #define GSS_C_AF_NS 6 |
| 91 | #define GSS_C_AF_NBS 7 |
| 92 | #define GSS_C_AF_ECMA 8 |
| 93 | #define GSS_C_AF_DATAKIT 9 |
| 94 | #define GSS_C_AF_CCITT 10 |
| 95 | #define GSS_C_AF_SNA 11 |
| 96 | #define GSS_C_AF_DECnet 12 |
| 97 | #define GSS_C_AF_DLI 13 |
| 98 | #define GSS_C_AF_LAT 14 |
| 99 | #define GSS_C_AF_HYLINK 15 |
| 100 | #define GSS_C_AF_APPLETALK 16 |
| 101 | #define GSS_C_AF_BSC 17 |
| 102 | #define GSS_C_AF_DSS 18 |
| 103 | #define GSS_C_AF_OSI 19 |
| 104 | #define GSS_C_AF_X25 21 |
| 105 | |
| 106 | #define GSS_C_AF_NULLADDR 255 |
| 107 | |
| 108 | /* Various Null values */ |
| 109 | #define GSS_C_NO_NAME ((gss_name_t) 0) |
| 110 | #define GSS_C_NO_BUFFER ((gss_buffer_t) 0) |
| 111 | #define GSS_C_NO_OID ((gss_OID) 0) |
| 112 | #define GSS_C_NO_OID_SET ((gss_OID_set) 0) |
| 113 | #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) |
| 114 | #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) |
| 115 | #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) |
| 116 | #define GSS_C_EMPTY_BUFFER {0, NULL} |
| 117 | |
| 118 | /* Major status codes */ |
| 119 | #define GSS_S_COMPLETE 0 |
| 120 | |
| 121 | /* Some "helper" definitions to make the status code macros obvious. */ |
| 122 | #define GSS_C_CALLING_ERROR_OFFSET 24 |
| 123 | #define GSS_C_ROUTINE_ERROR_OFFSET 16 |
| 124 | |
| 125 | #define GSS_C_SUPPLEMENTARY_OFFSET 0 |
| 126 | #define GSS_C_CALLING_ERROR_MASK 0377ul |
| 127 | #define GSS_C_ROUTINE_ERROR_MASK 0377ul |
| 128 | #define GSS_C_SUPPLEMENTARY_MASK 0177777ul |
| 129 | |
| 130 | /* |
| 131 | * The macros that test status codes for error conditions. |
| 132 | * Note that the GSS_ERROR() macro has changed slightly from |
| 133 | * the V1 GSS-API so that it now evaluates its argument |
| 134 | * only once. |
| 135 | */ |
| 136 | #define GSS_CALLING_ERROR(x) \ |
| 137 | (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) |
| 138 | #define GSS_ROUTINE_ERROR(x) \ |
| 139 | (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) |
| 140 | #define GSS_SUPPLEMENTARY_INFO(x) \ |
| 141 | (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) |
| 142 | #define GSS_ERROR(x) \ |
| 143 | (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ |
| 144 | (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) |
| 145 | |
| 146 | /* Now the actual status code definitions */ |
| 147 | |
| 148 | /* Calling errors: */ |
| 149 | #define GSS_S_CALL_INACCESSIBLE_READ \ |
| 150 | (1ul << GSS_C_CALLING_ERROR_OFFSET) |
| 151 | #define GSS_S_CALL_INACCESSIBLE_WRITE \ |
| 152 | (2ul << GSS_C_CALLING_ERROR_OFFSET) |
| 153 | #define GSS_S_CALL_BAD_STRUCTURE \ |
| 154 | (3ul << GSS_C_CALLING_ERROR_OFFSET) |
| 155 | |
| 156 | /* Routine errors: */ |
| 157 | #define GSS_S_BAD_MECH (1ul << \ |
| 158 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 159 | #define GSS_S_BAD_NAME (2ul << \ |
| 160 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 161 | #define GSS_S_BAD_NAMETYPE (3ul << \ |
| 162 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 163 | #define GSS_S_BAD_BINDINGS (4ul << \ |
| 164 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 165 | #define GSS_S_BAD_STATUS (5ul << \ |
| 166 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 167 | #define GSS_S_BAD_SIG (6ul << \ |
| 168 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 169 | #define GSS_S_BAD_MIC GSS_S_BAD_SIG |
| 170 | #define GSS_S_NO_CRED (7ul << \ |
| 171 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 172 | #define GSS_S_NO_CONTEXT (8ul << \ |
| 173 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 174 | #define GSS_S_DEFECTIVE_TOKEN (9ul << \ |
| 175 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 176 | #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << \ |
| 177 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 178 | #define GSS_S_CREDENTIALS_EXPIRED (11ul << \ |
| 179 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 180 | #define GSS_S_CONTEXT_EXPIRED (12ul << \ |
| 181 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 182 | #define GSS_S_FAILURE (13ul << \ |
| 183 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 184 | #define GSS_S_BAD_QOP (14ul << \ |
| 185 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 186 | #define GSS_S_UNAUTHORIZED (15ul << \ |
| 187 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 188 | #define GSS_S_UNAVAILABLE (16ul << \ |
| 189 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 190 | #define GSS_S_DUPLICATE_ELEMENT (17ul << \ |
| 191 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 192 | #define GSS_S_NAME_NOT_MN (18ul << \ |
| 193 | GSS_C_ROUTINE_ERROR_OFFSET) |
| 194 | |
| 195 | /* Supplementary info bits: */ |
| 196 | #define GSS_S_CONTINUE_NEEDED \ |
| 197 | (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) |
| 198 | #define GSS_S_DUPLICATE_TOKEN \ |
| 199 | (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) |
| 200 | #define GSS_S_OLD_TOKEN \ |
| 201 | (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) |
| 202 | #define GSS_S_UNSEQ_TOKEN \ |
| 203 | (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) |
| 204 | #define GSS_S_GAP_TOKEN \ |
| 205 | (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) |
| 206 | |
| 207 | extern const_gss_OID GSS_C_NT_USER_NAME; |
| 208 | extern const_gss_OID GSS_C_NT_MACHINE_UID_NAME; |
| 209 | extern const_gss_OID GSS_C_NT_STRING_UID_NAME; |
| 210 | extern const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; |
| 211 | extern const_gss_OID GSS_C_NT_HOSTBASED_SERVICE; |
| 212 | extern const_gss_OID GSS_C_NT_ANONYMOUS; |
| 213 | extern const_gss_OID GSS_C_NT_EXPORT_NAME; |
| 214 | |
| 215 | #endif /* STATIC_GSSAPI */ |
| 216 | |
| 217 | extern const gss_OID GSS_MECH_KRB5; |
| 218 | |
| 219 | /* GSSAPI functions we use. |
| 220 | * TODO: Replace with all GSSAPI functions from RFC? |
| 221 | */ |
| 222 | |
| 223 | /* Calling convention, just in case we need one. */ |
| 224 | #ifndef GSS_CC |
| 225 | #define GSS_CC |
| 226 | #endif /*GSS_CC*/ |
| 227 | |
| 228 | typedef OM_uint32 (GSS_CC *t_gss_release_cred) |
| 229 | (OM_uint32 * /*minor_status*/, |
| 230 | gss_cred_id_t * /*cred_handle*/); |
| 231 | |
| 232 | typedef OM_uint32 (GSS_CC *t_gss_init_sec_context) |
| 233 | (OM_uint32 * /*minor_status*/, |
| 234 | const gss_cred_id_t /*initiator_cred_handle*/, |
| 235 | gss_ctx_id_t * /*context_handle*/, |
| 236 | const gss_name_t /*target_name*/, |
| 237 | const gss_OID /*mech_type*/, |
| 238 | OM_uint32 /*req_flags*/, |
| 239 | OM_uint32 /*time_req*/, |
| 240 | const gss_channel_bindings_t /*input_chan_bindings*/, |
| 241 | const gss_buffer_t /*input_token*/, |
| 242 | gss_OID * /*actual_mech_type*/, |
| 243 | gss_buffer_t /*output_token*/, |
| 244 | OM_uint32 * /*ret_flags*/, |
| 245 | OM_uint32 * /*time_rec*/); |
| 246 | |
| 247 | typedef OM_uint32 (GSS_CC *t_gss_delete_sec_context) |
| 248 | (OM_uint32 * /*minor_status*/, |
| 249 | gss_ctx_id_t * /*context_handle*/, |
| 250 | gss_buffer_t /*output_token*/); |
| 251 | |
| 252 | typedef OM_uint32 (GSS_CC *t_gss_get_mic) |
| 253 | (OM_uint32 * /*minor_status*/, |
| 254 | const gss_ctx_id_t /*context_handle*/, |
| 255 | gss_qop_t /*qop_req*/, |
| 256 | const gss_buffer_t /*message_buffer*/, |
| 257 | gss_buffer_t /*msg_token*/); |
| 258 | |
| 259 | typedef OM_uint32 (GSS_CC *t_gss_display_status) |
| 260 | (OM_uint32 * /*minor_status*/, |
| 261 | OM_uint32 /*status_value*/, |
| 262 | int /*status_type*/, |
| 263 | const gss_OID /*mech_type*/, |
| 264 | OM_uint32 * /*message_context*/, |
| 265 | gss_buffer_t /*status_string*/); |
| 266 | |
| 267 | |
| 268 | typedef OM_uint32 (GSS_CC *t_gss_import_name) |
| 269 | (OM_uint32 * /*minor_status*/, |
| 270 | const gss_buffer_t /*input_name_buffer*/, |
| 271 | const_gss_OID /*input_name_type*/, |
| 272 | gss_name_t * /*output_name*/); |
| 273 | |
| 274 | |
| 275 | typedef OM_uint32 (GSS_CC *t_gss_release_name) |
| 276 | (OM_uint32 * /*minor_status*/, |
| 277 | gss_name_t * /*name*/); |
| 278 | |
| 279 | typedef OM_uint32 (GSS_CC *t_gss_release_buffer) |
| 280 | (OM_uint32 * /*minor_status*/, |
| 281 | gss_buffer_t /*buffer*/); |
| 282 | |
| 283 | struct gssapi_functions { |
| 284 | t_gss_delete_sec_context delete_sec_context; |
| 285 | t_gss_display_status display_status; |
| 286 | t_gss_get_mic get_mic; |
| 287 | t_gss_import_name import_name; |
| 288 | t_gss_init_sec_context init_sec_context; |
| 289 | t_gss_release_buffer release_buffer; |
| 290 | t_gss_release_cred release_cred; |
| 291 | t_gss_release_name release_name; |
| 292 | }; |
| 293 | |
| 294 | #endif /* NO_GSSAPI */ |
| 295 | |
| 296 | #endif /* PUTTY_PGSSAPI_H */ |