projects / u / mdw / putty / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Patch from Alejandro Sedeno, somewhat modified by me, which
[u/mdw/putty] / sshgss.h
1 #ifndef PUTTY_SSHGSS_H
2 #define PUTTY_SSHGSS_H
3 #include "putty.h"
4 #include "pgssapi.h"
5
6 #ifndef NO_GSSAPI
7
8 #define SSH2_GSS_OIDTYPE 0x06
9 typedef void *Ssh_gss_ctx;
10
11 typedef enum Ssh_gss_stat {
12 SSH_GSS_OK = 0,
13 SSH_GSS_S_CONTINUE_NEEDED,
14 SSH_GSS_NO_MEM,
15 SSH_GSS_BAD_HOST_NAME,
16 SSH_GSS_FAILURE
17 } Ssh_gss_stat;
18
19 #define SSH_GSS_S_COMPLETE SSH_GSS_OK
20
21 #define SSH_GSS_CLEAR_BUF(buf) do { \
22 (*buf).length = 0; \
23 (*buf).value = NULL; \
24 } while (0)
25
26 typedef gss_buffer_desc Ssh_gss_buf;
27 typedef gss_name_t Ssh_gss_name;
28
29 /* Functions, provided by either wingss.c or sshgssc.c */
30
31 struct ssh_gss_library;
32
33 /*
34 * Do startup-time initialisation for using GSSAPI. This should
35 * correctly initialise the array of struct ssh_gss_library declared
36 * below.
37 *
38 * Must be callable multiple times (since the most convenient place
39 * to call it _from_ is the ssh.c setup code), and should harmlessly
40 * return success if already initialised.
41 */
42 void ssh_gss_init(void);
43
44 /*
45 * Fills in buf with a string describing the GSSAPI mechanism in
46 * use. buf->data is not dynamically allocated.
47 */
48 typedef Ssh_gss_stat (*t_ssh_gss_indicate_mech)(struct ssh_gss_library *lib,
49 Ssh_gss_buf *buf);
50
51 /*
52 * Converts a name such as a hostname into a GSSAPI internal form,
53 * which is placed in "out". The result should be freed by
54 * ssh_gss_release_name().
55 */
56 typedef Ssh_gss_stat (*t_ssh_gss_import_name)(struct ssh_gss_library *lib,
57 char *in, Ssh_gss_name *out);
58
59 /*
60 * Frees the contents of an Ssh_gss_name structure filled in by
61 * ssh_gss_import_name().
62 */
63 typedef Ssh_gss_stat (*t_ssh_gss_release_name)(struct ssh_gss_library *lib,
64 Ssh_gss_name *name);
65
66 /*
67 * The main GSSAPI security context setup function. The "out"
68 * parameter will need to be freed by ssh_gss_free_tok.
69 */
70 typedef Ssh_gss_stat (*t_ssh_gss_init_sec_context)
71 (struct ssh_gss_library *lib,
72 Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate,
73 Ssh_gss_buf *in, Ssh_gss_buf *out);
74
75 /*
76 * Frees the contents of an Ssh_gss_buf filled in by
77 * ssh_gss_init_sec_context(). Do not accidentally call this on
78 * something filled in by ssh_gss_get_mic() (which requires a
79 * different free function) or something filled in by any other
80 * way.
81 */
82 typedef Ssh_gss_stat (*t_ssh_gss_free_tok)(struct ssh_gss_library *lib,
83 Ssh_gss_buf *);
84
85 /*
86 * Acquires the credentials to perform authentication in the first
87 * place. Needs to be freed by ssh_gss_release_cred().
88 */
89 typedef Ssh_gss_stat (*t_ssh_gss_acquire_cred)(struct ssh_gss_library *lib,
90 Ssh_gss_ctx *);
91
92 /*
93 * Frees the contents of an Ssh_gss_ctx filled in by
94 * ssh_gss_acquire_cred().
95 */
96 typedef Ssh_gss_stat (*t_ssh_gss_release_cred)(struct ssh_gss_library *lib,
97 Ssh_gss_ctx *);
98
99 /*
100 * Gets a MIC for some input data. "out" needs to be freed by
101 * ssh_gss_free_mic().
102 */
103 typedef Ssh_gss_stat (*t_ssh_gss_get_mic)(struct ssh_gss_library *lib,
104 Ssh_gss_ctx ctx, Ssh_gss_buf *in,
105 Ssh_gss_buf *out);
106
107 /*
108 * Frees the contents of an Ssh_gss_buf filled in by
109 * ssh_gss_get_mic(). Do not accidentally call this on something
110 * filled in by ssh_gss_init_sec_context() (which requires a
111 * different free function) or something filled in by any other
112 * way.
113 */
114 typedef Ssh_gss_stat (*t_ssh_gss_free_mic)(struct ssh_gss_library *lib,
115 Ssh_gss_buf *);
116
117 /*
118 * Return an error message after authentication failed. The
119 * message string is returned in "buf", with buf->len giving the
120 * number of characters of printable message text and buf->data
121 * containing one more character which is a trailing NUL.
122 * buf->data should be manually freed by the caller.
123 */
124 typedef Ssh_gss_stat (*t_ssh_gss_display_status)(struct ssh_gss_library *lib,
125 Ssh_gss_ctx, Ssh_gss_buf *buf);
126
127 struct ssh_gss_library {
128 /*
129 * Identifying number in the enumeration used by the
130 * configuration code to specify a preference order.
131 */
132 int id;
133
134 /*
135 * Filled in at initialisation time, if there's anything
136 * interesting to say about how GSSAPI was initialised (e.g.
137 * which of a number of alternative libraries was used).
138 */
139 const char *gsslogmsg;
140
141 /*
142 * Function pointers implementing the SSH wrapper layer on top
143 * of GSSAPI. (Defined in sshgssc, typically, though Windows
144 * provides an alternative layer to sit on top of the annoyingly
145 * different SSPI.)
146 */
147 t_ssh_gss_indicate_mech indicate_mech;
148 t_ssh_gss_import_name import_name;
149 t_ssh_gss_release_name release_name;
150 t_ssh_gss_init_sec_context init_sec_context;
151 t_ssh_gss_free_tok free_tok;
152 t_ssh_gss_acquire_cred acquire_cred;
153 t_ssh_gss_release_cred release_cred;
154 t_ssh_gss_get_mic get_mic;
155 t_ssh_gss_free_mic free_mic;
156 t_ssh_gss_display_status display_status;
157
158 /*
159 * Additional data for the wrapper layers.
160 */
161 union {
162 struct gssapi_functions gssapi;
163 /*
164 * The SSPI wrappers don't need to store their Windows API
165 * function pointers in this structure, because there can't
166 * be more than one set of them available.
167 */
168 } u;
169 };
170
171 extern struct ssh_gss_library ssh_gss_libraries[];
172 extern int n_ssh_gss_libraries;
173
174 #endif /* NO_GSSAPI */
175
176 #endif /*PUTTY_SSHGSS_H*/
Local modifications for Simon Tatham's `PuTTY' SSH client and terminal emulator