import less(1)
[unleashed/tickless.git] / usr / src / lib / libsmbfs / netsmb / spnego.h
blob1a604367404a20f4a1597bf4fbd87c738d2d493b
1 /*
2 * Copyright (C) 2002 Microsoft Corporation
3 * All rights reserved.
5 * THIS CODE AND INFORMATION IS PROVIDED "AS IS"
6 * WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
7 * OR IMPLIED, INCLUDING BUT NOT LIMITED
8 * TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY
9 * AND/OR FITNESS FOR A PARTICULAR PURPOSE.
11 * Date - 10/08/2002
12 * Author - Sanj Surati
16 * Copyright 2012 Nexenta Systems, Inc. All rights reserved.
20 * spnego.h
22 * SPNEGO Token Handler Header File
24 * Contains the definitions required to interpret and create
25 * SPNEGO tokens so that Kerberos GSS tokens can be
26 * Unpackaged/packaged.
29 #ifndef _SPNEGO_H
30 #define _SPNEGO_H
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
37 * Type Definitions
41 * Users of SPNEGO Token Handler API will request
42 * these as well as free them,
44 typedef void* SPNEGO_TOKEN_HANDLE;
47 * Defines the element types that are found
48 * in each of the tokens.
51 typedef enum spnego_element_type
53 spnego_element_min, /* Lower bound */
55 /* Init token elements */
56 spnego_init_mechtypes,
57 spnego_init_reqFlags,
58 spnego_init_mechToken,
59 spnego_init_mechListMIC,
61 /* Targ token elements */
62 spnego_targ_negResult,
63 spnego_targ_supportedMech,
64 spnego_targ_responseToken,
65 spnego_targ_mechListMIC,
67 spnego_element_max /* Upper bound */
69 } SPNEGO_ELEMENT_TYPE;
72 * Token Element Availability. Elements in both
73 * token types are optional. Since there are only
74 * 4 elements in each Token, we will allocate space
75 * to hold the information, but we need a way to
76 * indicate whether or not an element is available
79 #define SPNEGO_TOKEN_ELEMENT_UNAVAILABLE 0
80 #define SPNEGO_TOKEN_ELEMENT_AVAILABLE 1
83 * Token type values. SPNEGO has 2 token types:
84 * NegTokenInit and NegTokenTarg
87 #define SPNEGO_TOKEN_INIT 0
88 #define SPNEGO_TOKEN_TARG 1
91 * GSS Mechanism OID enumeration. We only really handle
92 * 3 different OIDs. These are stored in an array structure
93 * defined in the parsing code.
96 typedef enum spnego_mech_oid
98 /* Init token elements */
99 spnego_mech_oid_Kerberos_V5_Legacy, /* Really V5, but OID off by 1 */
100 spnego_mech_oid_Kerberos_V5,
101 spnego_mech_oid_Spnego,
102 spnego_mech_oid_NTLMSSP,
103 spnego_mech_oid_NotUsed = -1
105 } SPNEGO_MECH_OID;
108 * Defines the negResult values.
111 typedef enum spnego_negResult
113 spnego_negresult_success,
114 spnego_negresult_incomplete,
115 spnego_negresult_rejected,
116 spnego_negresult_NotUsed = -1
117 } SPNEGO_NEGRESULT;
120 * Context Flags in NegTokenInit
124 * ContextFlags values MUST be zero or a combination
125 * of the below
128 #define SPNEGO_NEGINIT_CONTEXT_DELEG_FLAG 0x80
129 #define SPNEGO_NEGINIT_CONTEXT_MUTUAL_FLAG 0x40
130 #define SPNEGO_NEGINIT_CONTEXT_REPLAY_FLAG 0x20
131 #define SPNEGO_NEGINIT_CONTEXT_SEQUENCE_FLAG 0x10
132 #define SPNEGO_NEGINIT_CONTEXT_ANON_FLAG 0x8
133 #define SPNEGO_NEGINIT_CONTEXT_CONF_FLAG 0x4
134 #define SPNEGO_NEGINIT_CONTEXT_INTEG_FLAG 0x2
137 * Mask to retrieve valid values.
140 #define SPNEGO_NEGINIT_CONTEXT_MASK 0xFE
143 * SPNEGO API return codes.
146 /* API function was successful */
147 #define SPNEGO_E_SUCCESS 0
149 /* The supplied Token was invalid */
150 #define SPNEGO_E_INVALID_TOKEN -1
152 /* An invalid length was encountered */
153 #define SPNEGO_E_INVALID_LENGTH -2
155 /* The Token Parse failed */
156 #define SPNEGO_E_PARSE_FAILED -3
158 /* The requested value was not found */
159 #define SPNEGO_E_NOT_FOUND -4
161 /* The requested element is not available */
162 #define SPNEGO_E_ELEMENT_UNAVAILABLE -5
164 /* Out of Memory */
165 #define SPNEGO_E_OUT_OF_MEMORY -6
167 /* Not Implemented */
168 #define SPNEGO_E_NOT_IMPLEMENTED -7
170 /* Invalid Parameter */
171 #define SPNEGO_E_INVALID_PARAMETER -8
173 /* Token Handler encountered an unexpected OID */
174 #define SPNEGO_E_UNEXPECTED_OID -9
176 /* The requested token was not found */
177 #define SPNEGO_E_TOKEN_NOT_FOUND -10
179 /* An unexpected type was encountered in the encoding */
180 #define SPNEGO_E_UNEXPECTED_TYPE -11
182 /* The buffer was too small */
183 #define SPNEGO_E_BUFFER_TOO_SMALL -12
185 /* A Token Element was invalid (e.g. improper length or value) */
186 #define SPNEGO_E_INVALID_ELEMENT -13
188 /* Miscelaneous API Functions */
190 /* Frees opaque data */
191 void spnegoFreeData(SPNEGO_TOKEN_HANDLE hSpnegoToken);
193 /* Initializes SPNEGO_TOKEN structure from DER encoded binary data */
194 int spnegoInitFromBinary(unsigned char *pbTokenData, unsigned long ulLength,
195 SPNEGO_TOKEN_HANDLE* phSpnegoToken);
197 /* Initializes SPNEGO_TOKEN structure for a NegTokenInit type */
198 int spnegoCreateNegTokenHint(SPNEGO_MECH_OID *pMechTypeList, int MechTypeCnt,
199 unsigned char *pbPrincipal, SPNEGO_TOKEN_HANDLE* phSpnegoToken);
201 /* Initializes SPNEGO_TOKEN structure for a NegTokenInit type */
202 int spnegoCreateNegTokenInit(SPNEGO_MECH_OID MechType,
203 unsigned char ucContextFlags, unsigned char *pbMechToken,
204 unsigned long ulMechTokenLen, unsigned char *pbMechTokenMIC,
205 unsigned long ulMechTokenMIC, SPNEGO_TOKEN_HANDLE *phSpnegoToken);
207 /* Initializes SPNEGO_TOKEN structure for a NegTokenTarg type */
208 int spnegoCreateNegTokenTarg(SPNEGO_MECH_OID MechType,
209 SPNEGO_NEGRESULT spnegoNegResult, unsigned char *pbMechToken,
210 unsigned long ulMechTokenLen, unsigned char *pbMechListMIC,
211 unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE* phSpnegoToken);
213 /* Copies binary representation of SPNEGO Data into user supplied buffer */
214 int spnegoTokenGetBinary(SPNEGO_TOKEN_HANDLE hSpnegoToken,
215 unsigned char *pbTokenData, unsigned long *pulDataLen);
217 /* Returns SPNEGO Token Type */
218 int spnegoGetTokenType(SPNEGO_TOKEN_HANDLE hSpnegoToken, int *piTokenType);
220 /* Reading an Init Token */
222 /* Returns the Initial Mech Type in the MechList element in the NegInitToken. */
223 int spnegoIsMechTypeAvailable(SPNEGO_TOKEN_HANDLE hSpnegoToken,
224 SPNEGO_MECH_OID MechOID, int *piMechTypeIndex);
226 /* Returns the value from the context flags element in the NegInitToken */
227 int spnegoGetContextFlags(SPNEGO_TOKEN_HANDLE hSpnegoToken,
228 unsigned char *pucContextFlags);
230 /* Reading a Response Token */
233 * Returns the value from the negResult element
234 * (Status code of GSS call - 0,1,2)
236 int spnegoGetNegotiationResult(SPNEGO_TOKEN_HANDLE hSpnegoToken,
237 SPNEGO_NEGRESULT* pnegResult);
239 /* Returns the Supported Mech Type from the NegTokenTarg. */
240 int spnegoGetSupportedMechType(SPNEGO_TOKEN_HANDLE hSpnegoToken,
241 SPNEGO_MECH_OID* pMechOID);
243 /* Reading either Token Type */
246 * Returns the actual Mechanism data from the token
247 * (this is what is passed into GSS-API functions
249 int spnegoGetMechToken(SPNEGO_TOKEN_HANDLE hSpnegoToken,
250 unsigned char *pbTokenData, unsigned long *pulDataLen);
252 /* Returns the Message Integrity BLOB in the token */
253 int spnegoGetMechListMIC(SPNEGO_TOKEN_HANDLE hSpnegoToken,
254 unsigned char *pbMICData, unsigned long *pulDataLen);
256 #ifdef __cplusplus
258 #endif
260 #endif /* _SPNEGO_H */