--- /dev/null
+/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */\r
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.\r
+ * project 2000.\r
+ */\r
+/* ====================================================================\r
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.\r
+ *\r
+ * Redistribution and use in source and binary forms, with or without\r
+ * modification, are permitted provided that the following conditions\r
+ * are met:\r
+ *\r
+ * 1. Redistributions of source code must retain the above copyright\r
+ * notice, this list of conditions and the following disclaimer. \r
+ *\r
+ * 2. Redistributions in binary form must reproduce the above copyright\r
+ * notice, this list of conditions and the following disclaimer in\r
+ * the documentation and/or other materials provided with the\r
+ * distribution.\r
+ *\r
+ * 3. All advertising materials mentioning features or use of this\r
+ * software must display the following acknowledgment:\r
+ * "This product includes software developed by the OpenSSL Project\r
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"\r
+ *\r
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to\r
+ * endorse or promote products derived from this software without\r
+ * prior written permission. For written permission, please contact\r
+ * licensing@OpenSSL.org.\r
+ *\r
+ * 5. Products derived from this software may not be called "OpenSSL"\r
+ * nor may "OpenSSL" appear in their names without prior written\r
+ * permission of the OpenSSL Project.\r
+ *\r
+ * 6. Redistributions of any form whatsoever must retain the following\r
+ * acknowledgment:\r
+ * "This product includes software developed by the OpenSSL Project\r
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"\r
+ *\r
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY\r
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\r
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\r
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR\r
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\r
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\r
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\r
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\r
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\r
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\r
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\r
+ * OF THE POSSIBILITY OF SUCH DAMAGE.\r
+ * ====================================================================\r
+ *\r
+ * This product includes cryptographic software written by Eric Young\r
+ * (eay@cryptsoft.com). This product includes software written by Tim\r
+ * Hudson (tjh@cryptsoft.com).\r
+ *\r
+ */\r
+\r
+/*\r
+** 19990701 VRS Started.\r
+*/\r
+\r
+#ifndef KSSL_H\r
+#define KSSL_H\r
+\r
+#include <openssl/opensslconf.h>\r
+\r
+#ifndef OPENSSL_NO_KRB5\r
+\r
+#include <stdio.h>\r
+#include <ctype.h>\r
+#include <krb5.h>\r
+\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
+/*\r
+** Depending on which KRB5 implementation used, some types from\r
+** the other may be missing. Resolve that here and now\r
+*/\r
+#ifdef KRB5_HEIMDAL\r
+typedef unsigned char krb5_octet;\r
+#define FAR\r
+#else\r
+\r
+#ifndef FAR\r
+#define FAR\r
+#endif\r
+\r
+#endif\r
+\r
+/* Uncomment this to debug kssl problems or\r
+** to trace usage of the Kerberos session key\r
+**\r
+** #define KSSL_DEBUG\r
+*/\r
+\r
+#ifndef KRB5SVC\r
+#define KRB5SVC "host"\r
+#endif\r
+\r
+#ifndef KRB5KEYTAB\r
+#define KRB5KEYTAB "/etc/krb5.keytab"\r
+#endif\r
+\r
+#ifndef KRB5SENDAUTH\r
+#define KRB5SENDAUTH 1\r
+#endif\r
+\r
+#ifndef KRB5CHECKAUTH\r
+#define KRB5CHECKAUTH 1\r
+#endif\r
+\r
+#ifndef KSSL_CLOCKSKEW\r
+#define KSSL_CLOCKSKEW 300;\r
+#endif\r
+\r
+#define KSSL_ERR_MAX 255\r
+typedef struct kssl_err_st {\r
+ int reason;\r
+ char text[KSSL_ERR_MAX+1];\r
+ } KSSL_ERR;\r
+\r
+\r
+/* Context for passing\r
+** (1) Kerberos session key to SSL, and\r
+** (2) Config data between application and SSL lib\r
+*/\r
+typedef struct kssl_ctx_st\r
+ {\r
+ /* used by: disposition: */\r
+ char *service_name; /* C,S default ok (kssl) */\r
+ char *service_host; /* C input, REQUIRED */\r
+ char *client_princ; /* S output from krb5 ticket */\r
+ char *keytab_file; /* S NULL (/etc/krb5.keytab) */\r
+ char *cred_cache; /* C NULL (default) */\r
+ krb5_enctype enctype;\r
+ int length;\r
+ krb5_octet FAR *key;\r
+ } KSSL_CTX;\r
+\r
+#define KSSL_CLIENT 1\r
+#define KSSL_SERVER 2\r
+#define KSSL_SERVICE 3\r
+#define KSSL_KEYTAB 4\r
+\r
+#define KSSL_CTX_OK 0\r
+#define KSSL_CTX_ERR 1\r
+#define KSSL_NOMEM 2\r
+\r
+/* Public (for use by applications that use OpenSSL with Kerberos 5 support */\r
+krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);\r
+KSSL_CTX *kssl_ctx_new(void);\r
+KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);\r
+void kssl_ctx_show(KSSL_CTX *kssl_ctx);\r
+krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,\r
+ krb5_data *realm, krb5_data *entity, int nentities);\r
+krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,\r
+ krb5_data *authenp, KSSL_ERR *kssl_err);\r
+krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,\r
+ krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);\r
+krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);\r
+void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);\r
+void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);\r
+krb5_error_code kssl_build_principal_2(krb5_context context,\r
+ krb5_principal *princ, int rlen, const char *realm,\r
+ int slen, const char *svc, int hlen, const char *host);\r
+krb5_error_code kssl_validate_times(krb5_timestamp atime,\r
+ krb5_ticket_times *ttimes);\r
+krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,\r
+ krb5_timestamp *atimep, KSSL_ERR *kssl_err);\r
+unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);\r
+\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
+#endif /* OPENSSL_NO_KRB5 */\r
+#endif /* KSSL_H */\r
projects / lab.git / blobdiff