spnego.h revision 12b65585e720714b31036daaa2b30eb76014048e
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Copyright (C) 2002 Microsoft Corporation
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * All rights reserved.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * THIS CODE AND INFORMATION IS PROVIDED "AS IS"
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * OR IMPLIED, INCLUDING BUT NOT LIMITED
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * AND/OR FITNESS FOR A PARTICULAR PURPOSE.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Date - 10/08/2002
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Author - Sanj Surati
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Copyright 2012 Nexenta Systems, Inc. All rights reserved.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * SPNEGO Token Handler Header File
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Contains the definitions required to interpret and create
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * SPNEGO tokens so that Kerberos GSS tokens can be
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Type Definitions
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Users of SPNEGO Token Handler API will request
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * these as well as free them,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Defines the element types that are found
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * in each of the tokens.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross /* Init token elements */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross /* Targ token elements */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Token Element Availability. Elements in both
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * token types are optional. Since there are only
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * 4 elements in each Token, we will allocate space
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * to hold the information, but we need a way to
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * indicate whether or not an element is available
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Token type values. SPNEGO has 2 token types:
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * NegTokenInit and NegTokenTarg
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * GSS Mechanism OID enumeration. We only really handle
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * 3 different OIDs. These are stored in an array structure
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * defined in the parsing code.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross /* Init token elements */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross spnego_mech_oid_Kerberos_V5_Legacy, /* Really V5, but OID off by 1 */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Defines the negResult values.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Context Flags in NegTokenInit
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * ContextFlags values MUST be zero or a combination
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * of the below
12b65585e720714b31036daaa2b30eb76014048eGordon Ross#define SPNEGO_NEGINIT_CONTEXT_SEQUENCE_FLAG 0x10
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Mask to retrieve valid values.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * SPNEGO API return codes.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* API function was successful */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* The supplied Token was invalid */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* An invalid length was encountered */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* The Token Parse failed */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* The requested value was not found */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* The requested element is not available */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Out of Memory */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Not Implemented */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Invalid Parameter */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Token Handler encountered an unexpected OID */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* The requested token was not found */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* An unexpected type was encountered in the encoding */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* The buffer was too small */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* A Token Element was invalid (e.g. improper length or value) */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Miscelaneous API Functions */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Frees opaque data */
12b65585e720714b31036daaa2b30eb76014048eGordon Rossvoid spnegoFreeData(SPNEGO_TOKEN_HANDLE hSpnegoToken);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Initializes SPNEGO_TOKEN structure from DER encoded binary data */
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoInitFromBinary(unsigned char *pbTokenData, unsigned long ulLength,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Initializes SPNEGO_TOKEN structure for a NegTokenInit type */
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoCreateNegTokenHint(SPNEGO_MECH_OID *pMechTypeList, int MechTypeCnt,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross unsigned char *pbPrincipal, SPNEGO_TOKEN_HANDLE* phSpnegoToken);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Initializes SPNEGO_TOKEN structure for a NegTokenInit type */
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoCreateNegTokenInit(SPNEGO_MECH_OID MechType,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross unsigned char ucContextFlags, unsigned char *pbMechToken,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross unsigned long ulMechTokenLen, unsigned char *pbMechTokenMIC,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross unsigned long ulMechTokenMIC, SPNEGO_TOKEN_HANDLE *phSpnegoToken);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Initializes SPNEGO_TOKEN structure for a NegTokenTarg type */
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoCreateNegTokenTarg(SPNEGO_MECH_OID MechType,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross SPNEGO_NEGRESULT spnegoNegResult, unsigned char *pbMechToken,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross unsigned long ulMechTokenLen, unsigned char *pbMechListMIC,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE* phSpnegoToken);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Copies binary representation of SPNEGO Data into user supplied buffer */
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoTokenGetBinary(SPNEGO_TOKEN_HANDLE hSpnegoToken,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross unsigned char *pbTokenData, unsigned long *pulDataLen);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Returns SPNEGO Token Type */
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoGetTokenType(SPNEGO_TOKEN_HANDLE hSpnegoToken, int *piTokenType);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Reading an Init Token */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Returns the Initial Mech Type in the MechList element in the NegInitToken. */
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoIsMechTypeAvailable(SPNEGO_TOKEN_HANDLE hSpnegoToken,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Returns the value from the context flags element in the NegInitToken */
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoGetContextFlags(SPNEGO_TOKEN_HANDLE hSpnegoToken,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross unsigned char *pucContextFlags);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Reading a Response Token */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Returns the value from the negResult element
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * (Status code of GSS call - 0,1,2)
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoGetNegotiationResult(SPNEGO_TOKEN_HANDLE hSpnegoToken,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Returns the Supported Mech Type from the NegTokenTarg. */
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoGetSupportedMechType(SPNEGO_TOKEN_HANDLE hSpnegoToken,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Reading either Token Type */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Returns the actual Mechanism data from the token
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * (this is what is passed into GSS-API functions
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoGetMechToken(SPNEGO_TOKEN_HANDLE hSpnegoToken,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross unsigned char *pbTokenData, unsigned long *pulDataLen);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross/* Returns the Message Integrity BLOB in the token */
12b65585e720714b31036daaa2b30eb76014048eGordon Rossint spnegoGetMechListMIC(SPNEGO_TOKEN_HANDLE hSpnegoToken,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross unsigned char *pbMICData, unsigned long *pulDataLen);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross#endif /* _SPNEGO_H */