| blob | a3b1163622f9c20db19db3b0021430e8656cfcac |
1 /* $NetBSD: gssapi.h,v 1.5 2014/12/10 04:37:58 christos Exp $ */
3 /*
4 * Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (C) 2000, 2001 Internet Software Consortium.
6 *
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
18 */
20 /* Id: gssapi.h,v 1.16 2011/01/08 23:47:01 tbox Exp */
22 #ifndef DST_GSSAPI_H
23 #define DST_GSSAPI_H 1
25 /*! \file dst/gssapi.h */
27 #include <isc/formatcheck.h>
28 #include <isc/lang.h>
29 #include <isc/platform.h>
30 #include <isc/types.h>
31 #include <dns/types.h>
33 #ifdef GSSAPI
34 #ifdef WIN32
35 /*
36 * MSVC does not like macros in #include lines.
37 */
38 #include <gssapi/gssapi.h>
39 #include <gssapi/gssapi_krb5.h>
40 #else
41 #include ISC_PLATFORM_GSSAPIHEADER
42 #ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER
43 #include ISC_PLATFORM_GSSAPI_KRB5_HEADER
44 #endif
45 #endif
46 #ifndef GSS_SPNEGO_MECHANISM
47 #define GSS_SPNEGO_MECHANISM ((void*)0)
48 #endif
49 #endif
51 ISC_LANG_BEGINDECLS
53 /***
54 *** Types
55 ***/
57 /***
58 *** Functions
59 ***/
61 isc_result_t
64 /*
65 * Acquires GSS credentials.
66 *
67 * Requires:
68 * 'name' is a valid name, preferably one known by the GSS provider
69 * 'initiate' indicates whether the credentials are for initiating or
70 * accepting contexts
71 * 'cred' is a pointer to NULL, which will be allocated with the
72 * credential handle. Call dst_gssapi_releasecred to free
73 * the memory.
74 *
75 * Returns:
76 * ISC_R_SUCCESS msg was successfully updated to include the
77 * query to be sent
78 * other an error occurred while building the message
79 */
81 isc_result_t
83 /*
84 * Releases GSS credentials. Calling this function does release the
85 * memory allocated for the credential in dst_gssapi_acquirecred()
86 *
87 * Requires:
88 * 'mctx' is a valid memory context
89 * 'cred' is a pointer to the credential to be released
90 *
91 * Returns:
92 * ISC_R_SUCCESS credential was released successfully
93 * other an error occurred while releaseing
94 * the credential
95 */
97 isc_result_t
101 /*
102 * Initiates a GSS context.
103 *
104 * Requires:
105 * 'name' is a valid name, preferably one known by the GSS
106 * provider
107 * 'intoken' is a token received from the acceptor, or NULL if
108 * there isn't one
109 * 'outtoken' is a buffer to receive the token generated by
110 * gss_init_sec_context() to be sent to the acceptor
111 * 'context' is a pointer to a valid gss_ctx_id_t
112 * (which may have the value GSS_C_NO_CONTEXT)
113 *
114 * Returns:
115 * ISC_R_SUCCESS msg was successfully updated to include the
116 * query to be sent
117 * other an error occurred while building the message
118 * *err_message optional error message
119 */
121 isc_result_t
127 /*
128 * Accepts a GSS context.
129 *
130 * Requires:
131 * 'mctx' is a valid memory context
132 * 'cred' is the acceptor's valid GSS credential handle
133 * 'intoken' is a token received from the initiator
134 * 'outtoken' is a pointer a buffer pointer used to return the token
135 * generated by gss_accept_sec_context() to be sent to the
136 * initiator
137 * 'context' is a valid pointer to receive the generated context handle.
138 * On the initial call, it should be a pointer to NULL, which
139 * will be allocated as a gss_ctx_id_t. Subsequent calls
140 * should pass in the handle generated on the first call.
141 * Call dst_gssapi_releasecred to delete the context and free
142 * the memory.
143 *
144 * Requires:
145 * 'outtoken' to != NULL && *outtoken == NULL.
146 *
147 * Returns:
148 * ISC_R_SUCCESS msg was successfully updated to include the
149 * query to be sent
150 * other an error occurred while building the message
151 */
153 isc_result_t
155 /*
156 * Destroys a GSS context. This function deletes the context from the GSS
157 * provider and then frees the memory used by the context pointer.
158 *
159 * Requires:
160 * 'mctx' is a valid memory context
161 * 'context' is a valid GSS context
162 *
163 * Returns:
164 * ISC_R_SUCCESS
165 */
168 void
171 /*
172 * Logging function for GSS.
173 *
174 * Requires
175 * 'level' is the log level to be used, as an integer
176 * 'fmt' is a printf format specifier
177 */
182 /*
183 * Render a GSS major status/minor status pair into a string
184 *
185 * Requires:
186 * 'major' is a GSS major status code
187 * 'minor' is a GSS minor status code
188 *
189 * Returns:
190 * A string containing the text representation of the error codes.
191 * Users should copy the string if they wish to keep it.
192 */
194 isc_boolean_t
197 /*
198 * Compare a "signer" (in the format of a Kerberos-format Kerberos5
199 * principal: host/example.com@EXAMPLE.COM) to the realm name stored
200 * in "name" (which represents the realm name).
201 *
202 */
204 isc_boolean_t
207 /*
208 * Compare a "signer" (in the format of a Kerberos-format Kerberos5
209 * principal: host/example.com@EXAMPLE.COM) to the realm name stored
210 * in "name" (which represents the realm name).
211 *
212 */
214 ISC_LANG_ENDDECLS