Project

General

Profile

Statistics
| Revision:

root / lab4 / .minix-src / include / openssl / kssl.h @ 14

History | View | Annotate | Download (6.73 KB)

1 13 up20180614
/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
2
/*
3
 * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
4
 * 2000. project 2000.
5
 */
6
/* ====================================================================
7
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
8
 *
9
 * Redistribution and use in source and binary forms, with or without
10
 * modification, are permitted provided that the following conditions
11
 * are met:
12
 *
13
 * 1. Redistributions of source code must retain the above copyright
14
 *    notice, this list of conditions and the following disclaimer.
15
 *
16
 * 2. Redistributions in binary form must reproduce the above copyright
17
 *    notice, this list of conditions and the following disclaimer in
18
 *    the documentation and/or other materials provided with the
19
 *    distribution.
20
 *
21
 * 3. All advertising materials mentioning features or use of this
22
 *    software must display the following acknowledgment:
23
 *    "This product includes software developed by the OpenSSL Project
24
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25
 *
26
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27
 *    endorse or promote products derived from this software without
28
 *    prior written permission. For written permission, please contact
29
 *    licensing@OpenSSL.org.
30
 *
31
 * 5. Products derived from this software may not be called "OpenSSL"
32
 *    nor may "OpenSSL" appear in their names without prior written
33
 *    permission of the OpenSSL Project.
34
 *
35
 * 6. Redistributions of any form whatsoever must retain the following
36
 *    acknowledgment:
37
 *    "This product includes software developed by the OpenSSL Project
38
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39
 *
40
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51
 * OF THE POSSIBILITY OF SUCH DAMAGE.
52
 * ====================================================================
53
 *
54
 * This product includes cryptographic software written by Eric Young
55
 * (eay@cryptsoft.com).  This product includes software written by Tim
56
 * Hudson (tjh@cryptsoft.com).
57
 *
58
 */
59
60
/*
61
 **      19990701        VRS     Started.
62
 */
63
64
#ifndef KSSL_H
65
# define KSSL_H
66
67
# include <openssl/opensslconf.h>
68
69
# ifndef OPENSSL_NO_KRB5
70
71
#  include <stdio.h>
72
#  include <ctype.h>
73
#  include <krb5.h>
74
#  ifdef OPENSSL_SYS_WIN32
75
/*
76
 * These can sometimes get redefined indirectly by krb5 header files after
77
 * they get undefed in ossl_typ.h
78
 */
79
#   undef X509_NAME
80
#   undef X509_EXTENSIONS
81
#   undef OCSP_REQUEST
82
#   undef OCSP_RESPONSE
83
#  endif
84
85
#ifdef  __cplusplus
86
extern "C" {
87
#endif
88
89
/*
90
 *      Depending on which KRB5 implementation used, some types from
91
 *      the other may be missing.  Resolve that here and now
92
 */
93
#  ifdef KRB5_HEIMDAL
94
typedef unsigned char krb5_octet;
95
#   define FAR
96
#  else
97
98
#   ifndef FAR
99
#    define FAR
100
#   endif
101
102
#  endif
103
104
/*-
105
 *      Uncomment this to debug kssl problems or
106
 *      to trace usage of the Kerberos session key
107
 *
108
 *      #define         KSSL_DEBUG
109
 */
110
111
#  ifndef KRB5SVC
112
#   define KRB5SVC "host"
113
#  endif
114
115
#  ifndef KRB5KEYTAB
116
#   define KRB5KEYTAB      "/etc/krb5.keytab"
117
#  endif
118
119
#  ifndef KRB5SENDAUTH
120
#   define KRB5SENDAUTH    1
121
#  endif
122
123
#  ifndef KRB5CHECKAUTH
124
#   define KRB5CHECKAUTH   1
125
#  endif
126
127
#  ifndef KSSL_CLOCKSKEW
128
#   define KSSL_CLOCKSKEW  300;
129
#  endif
130
131
#  define KSSL_ERR_MAX    255
132
typedef struct kssl_err_st {
133
    int reason;
134
    char text[KSSL_ERR_MAX + 1];
135
} KSSL_ERR;
136
137
/*-     Context for passing
138
 *              (1) Kerberos session key to SSL, and
139
 *              (2)     Config data between application and SSL lib
140
 */
141
typedef struct kssl_ctx_st {
142
    /*      used by:    disposition:            */
143
    char *service_name;         /* C,S default ok (kssl) */
144
    char *service_host;         /* C input, REQUIRED */
145
    char *client_princ;         /* S output from krb5 ticket */
146
    char *keytab_file;          /* S NULL (/etc/krb5.keytab) */
147
    char *cred_cache;           /* C NULL (default) */
148
    krb5_enctype enctype;
149
    int length;
150
    krb5_octet FAR *key;
151
} KSSL_CTX;
152
153
#  define KSSL_CLIENT     1
154
#  define KSSL_SERVER     2
155
#  define KSSL_SERVICE    3
156
#  define KSSL_KEYTAB     4
157
158
#  define KSSL_CTX_OK     0
159
#  define KSSL_CTX_ERR    1
160
#  define KSSL_NOMEM      2
161
162
/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
163
krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
164
KSSL_CTX *kssl_ctx_new(void);
165
KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
166
void kssl_ctx_show(KSSL_CTX *kssl_ctx);
167
krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
168
                                  krb5_data *realm, krb5_data *entity,
169
                                  int nentities);
170
krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
171
                              krb5_data *authenp, KSSL_ERR *kssl_err);
172
krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
173
                              krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
174
krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
175
void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
176
void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
177
krb5_error_code kssl_build_principal_2(krb5_context context,
178
                                       krb5_principal *princ, int rlen,
179
                                       const char *realm, int slen,
180
                                       const char *svc, int hlen,
181
                                       const char *host);
182
krb5_error_code kssl_validate_times(krb5_timestamp atime,
183
                                    krb5_ticket_times *ttimes);
184
krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
185
                                   krb5_timestamp *atimep,
186
                                   KSSL_ERR *kssl_err);
187
unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
188
189
void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
190
KSSL_CTX *SSL_get0_kssl_ctx(SSL *s);
191
char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
192
193
#ifdef  __cplusplus
194
}
195
#endif
196
# endif                         /* OPENSSL_NO_KRB5 */
197
#endif                          /* KSSL_H */