Grid Community Toolkit  6.2.1550507116
ssh-gss.h
1 /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */
2 /*
3  * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #ifndef _SSH_GSS_H
27 #define _SSH_GSS_H
28 
29 #ifdef GSSAPI
30 
31 #ifdef HAVE_GSSAPI_H
32 #include <gssapi.h>
33 #elif defined(HAVE_GSSAPI_GSSAPI_H)
34 #include <gssapi/gssapi.h>
35 #endif
36 #ifdef HAVE_GSSAPI_GSSAPI_EXT_H
37 #include <gssapi/gssapi_ext.h>
38 #endif
39 
40 #ifndef MECHGLUE
41 #ifdef KRB5
42 # ifndef HEIMDAL
43 # ifdef HAVE_GSSAPI_GENERIC_H
44 # include <gssapi_generic.h>
45 # elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
46 # include <gssapi/gssapi_generic.h>
47 # endif
48 
49 /* Old MIT Kerberos doesn't seem to define GSS_NT_HOSTBASED_SERVICE */
50 
51 # if !HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE
52 # define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
53 # endif /* !HAVE_DECL_GSS_C_NT_... */
54 
55 # endif /* !HEIMDAL */
56 #endif /* KRB5 */
57 #endif /* !MECHGLUE */
58 
59 /* draft-ietf-secsh-gsskeyex-06 */
60 #define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
61 #define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
62 #define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
63 #define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
64 #define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
65 #define SSH2_MSG_USERAUTH_GSSAPI_MIC 66
66 
67 #define SSH_GSS_OIDTYPE 0x06
68 
69 #define SSH2_MSG_KEXGSS_INIT 30
70 #define SSH2_MSG_KEXGSS_CONTINUE 31
71 #define SSH2_MSG_KEXGSS_COMPLETE 32
72 #define SSH2_MSG_KEXGSS_HOSTKEY 33
73 #define SSH2_MSG_KEXGSS_ERROR 34
74 #define SSH2_MSG_KEXGSS_GROUPREQ 40
75 #define SSH2_MSG_KEXGSS_GROUP 41
76 #define KEX_GSS_GRP1_SHA1_ID "gss-group1-sha1-"
77 #define KEX_GSS_GRP14_SHA1_ID "gss-group14-sha1-"
78 #define KEX_GSS_GRP14_SHA256_ID "gss-group14-sha256-"
79 #define KEX_GSS_GRP16_SHA512_ID "gss-group16-sha512-"
80 #define KEX_GSS_GRP18_SHA512_ID "gss-group18-sha512-"
81 #define KEX_GSS_GEX_SHA1_ID "gss-gex-sha1-"
82 
83 typedef struct {
84  char *filename;
85  char *envvar;
86  char *envval;
87  struct passwd *owner;
88  void *data;
89 } ssh_gssapi_ccache;
90 
91 typedef struct {
92  gss_OID_desc oid;
93  gss_buffer_desc displayname;
94  gss_buffer_desc exportedname;
95  gss_cred_id_t creds;
96  gss_name_t cred_name, ctx_name;
97  struct ssh_gssapi_mech_struct *mech;
98  ssh_gssapi_ccache store;
99  gss_ctx_id_t context; /* needed for globus_gss_assist_map_and_authorize() */
100  int used;
101  int updated;
102 } ssh_gssapi_client;
103 
104 typedef struct ssh_gssapi_mech_struct {
105  char *enc_name;
106  char *name;
107  gss_OID_desc oid;
108  int (*dochild) (ssh_gssapi_client *);
109  int (*userok) (ssh_gssapi_client *, char *);
110  int (*localname) (ssh_gssapi_client *, char **);
111  void (*storecreds) (ssh_gssapi_client *);
112  int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *);
113 } ssh_gssapi_mech;
114 
115 typedef struct {
116  OM_uint32 major; /* both */
117  OM_uint32 minor; /* both */
118  gss_ctx_id_t context; /* both */
119  gss_name_t name; /* both */
120  gss_OID oid; /* both */
121  gss_cred_id_t creds; /* server */
122  gss_name_t client; /* server */
123  gss_cred_id_t client_creds; /* both */
124 } Gssctxt;
125 
126 extern ssh_gssapi_mech *supported_mechs[];
127 extern Gssctxt *gss_kex_context;
128 
129 int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
130 void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
131 void ssh_gssapi_set_oid(Gssctxt *, gss_OID);
132 void ssh_gssapi_supported_oids(gss_OID_set *);
133 ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *);
134 void ssh_gssapi_prepare_supported_oids(void);
135 OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *);
136 
137 OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *);
138 OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int,
139  gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
140 OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *,
141  gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
142 OM_uint32 ssh_gssapi_getclient(Gssctxt *, ssh_gssapi_client *);
143 void ssh_gssapi_error(Gssctxt *);
144 char *ssh_gssapi_last_error(Gssctxt *, OM_uint32 *, OM_uint32 *);
145 void ssh_gssapi_build_ctx(Gssctxt **);
146 void ssh_gssapi_delete_ctx(Gssctxt **);
147 OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
148 void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
149 int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *, const char *);
150 OM_uint32 ssh_gssapi_client_identity(Gssctxt *, const char *);
151 int ssh_gssapi_credentials_updated(Gssctxt *);
152 
153 int ssh_gssapi_localname(char **name);
154 void ssh_gssapi_rekey_creds();
155 
156 /* In the server */
157 typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *,
158  const char *);
159 char *ssh_gssapi_client_mechanisms(const char *, const char *);
160 char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *,
161  const char *);
162 gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int);
163 int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *,
164  const char *);
165 OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
166 int ssh_gssapi_userok(char *name, struct passwd *, int gssapi_keyex);
167 OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
168 void ssh_gssapi_do_child(char ***, u_int *);
169 void ssh_gssapi_cleanup_creds(void);
170 void ssh_gssapi_storecreds(void);
171 
172 #ifdef MECHGLUE
173 gss_cred_id_t __gss_get_mechanism_cred
174  (gss_cred_id_t, /* union_cred */
175  gss_OID /* mech_type */
176  );
177 #endif
178 
179 char *ssh_gssapi_server_mechanisms(void);
180 int ssh_gssapi_oid_table_ok();
181 
182 int ssh_gssapi_update_creds(ssh_gssapi_ccache *store);
183 #endif /* GSSAPI */
184 
185 #endif /* _SSH_GSS_H */
Generated by   doxygen 1.8.14