diff --git a/lib/gssapi/Makefile.am b/lib/gssapi/Makefile.am index b376924b4..280d03818 100644 --- a/lib/gssapi/Makefile.am +++ b/lib/gssapi/Makefile.am @@ -2,98 +2,178 @@ include $(top_srcdir)/Makefile.am.common +AUTOMAKE_OPTIONS = subdir-objects + AM_CPPFLAGS += -I$(srcdir)/../krb5 \ - -I${srcdir}/../asn1/include \ + -I$(srcdir)/../asn1 \ + -I$(srcdir) \ + -I$(srcdir)/krb5 \ + -I$(srcdir)/spnego \ + -I$(srcdir)/mech \ $(INCLUDE_des) \ $(INCLUDE_krb4) +lib_LTLIBRARIES = libgssapi.la + +krb5src = \ + krb5/8003.c \ + krb5/accept_sec_context.c \ + krb5/acquire_cred.c \ + krb5/add_cred.c \ + krb5/add_oid_set_member.c \ + krb5/address_to_krb5addr.c \ + krb5/arcfour.c \ + krb5/canonicalize_name.c \ + krb5/ccache_name.c \ + krb5/cfx.c \ + krb5/cfx.h \ + krb5/compare_name.c \ + krb5/compat.c \ + krb5/context_time.c \ + krb5/copy_ccache.c \ + krb5/create_emtpy_oid_set.c \ + krb5/decapsulate.c \ + krb5/delete_sec_context.c \ + krb5/display_name.c \ + krb5/display_status.c \ + krb5/duplicate_name.c \ + krb5/encapsulate.c \ + krb5/export_name.c \ + krb5/export_sec_context.c \ + krb5/external.c \ + krb5/get_mic.c \ + krb5/gssapi_locl.h \ + krb5/gsskrb5-private.h \ + krb5/import_name.c \ + krb5/import_sec_context.c \ + krb5/indicate_mechs.c \ + krb5/init.c \ + krb5/init_sec_context.c \ + krb5/inquire_context.c \ + krb5/inquire_cred.c \ + krb5/inquire_cred_by_mech.c \ + krb5/inquire_cred_by_oid.c \ + krb5/inquire_mechs_for_name.c \ + krb5/inquire_names_for_mech.c \ + krb5/inquire_sec_context_by_oid.c \ + krb5/test_oid_set_member.c \ + krb5/process_context_token.c \ + krb5/release_buffer.c \ + krb5/release_cred.c \ + krb5/release_name.c \ + krb5/release_oid_set.c \ + krb5/sequence.c \ + krb5/set_sec_context_option.c \ + krb5/ticket_flags.c \ + krb5/unwrap.c \ + krb5/v1.c \ + krb5/verify_mic.c \ + krb5/wrap.c + +libgssapi_la_SOURCES = \ + $(BUILT_SOURCES) \ + $(krb5src) \ + mech/context.h \ + mech/cred.h \ + mech/gss_accept_sec_context.c \ + mech/gss_acquire_cred.c \ + mech/gss_add_cred.c \ + mech/gss_add_oid_set_member.c \ + mech/gss_buffer_set.c \ + mech/gss_canonicalize_name.c \ + mech/gss_compare_name.c \ + mech/gss_context_time.c \ + mech/gss_create_empty_oid_set.c \ + mech/gss_decapsulate_token.c \ + mech/gss_delete_sec_context.c \ + mech/gss_display_name.c \ + mech/gss_display_status.c \ + mech/gss_duplicate_name.c \ + mech/gss_duplicate_oid.c \ + mech/gss_encapsulate_token.c \ + mech/gss_export_name.c \ + mech/gss_export_sec_context.c \ + mech/gss_get_mic.c \ + mech/gss_import_name.c \ + mech/gss_import_sec_context.c \ + mech/gss_indicate_mechs.c \ + mech/gss_init_sec_context.c \ + mech/gss_inquire_context.c \ + mech/gss_inquire_cred.c \ + mech/gss_inquire_cred_by_mech.c \ + mech/gss_inquire_mechs_for_name.c \ + mech/gss_inquire_names_for_mech.c \ + mech/gss_krb5.c \ + mech/gss_mech_switch.c \ + mech/gss_names.c \ + mech/gss_oid_equal.c \ + mech/gss_oid_to_str.c \ + mech/gss_process_context_token.c \ + mech/gss_release_buffer.c \ + mech/gss_release_cred.c \ + mech/gss_release_name.c \ + mech/gss_release_oid_set.c \ + mech/gss_seal.c \ + mech/gss_sign.c \ + mech/gss_test_oid_set_member.c \ + mech/gss_unseal.c \ + mech/gss_unwrap.c \ + mech/gss_utils.c \ + mech/gss_verify.c \ + mech/gss_verify_mic.c \ + mech/gss_wrap.c \ + mech/gss_wrap_size_limit.c \ + mech/gss_inquire_sec_context_by_oid.c \ + mech/mech_switch.h \ + mech/name.h \ + mech/utils.h \ + spnego/accept_sec_context.c \ + spnego/compat.c \ + spnego/context_stubs.c \ + spnego/cred_stubs.c \ + spnego/external.c \ + spnego/gssapi_spnego.h \ + spnego/init_sec_context.c \ + spnego/spnego_locl.h + +man_MANS = gssapi.3 gss_acquire_cred.3 + +include_HEADERS = gssapi.h + +gssapi_files = asn1_GSSAPIContextToken.x + spnego_files = \ asn1_ContextFlags.x \ asn1_MechType.x \ asn1_MechTypeList.x \ asn1_NegotiationToken.x \ + asn1_NegHints.x \ asn1_NegTokenInit.x \ - asn1_NegTokenTarg.x + asn1_NegTokenResp.x -BUILT_SOURCES = $(spnego_files:.x=.c) +BUILT_SOURCES = $(spnego_files:.x=.c) $(gssapi_files:.x=.c) -lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 4:0:0 -libgssapi_la_LIBADD = \ - ../krb5/libkrb5.la \ - $(LIB_des) \ - ../asn1/libasn1.la \ - $(LIB_roken) - -man_MANS = gssapi.3 gss_acquire_cred.3 - -include_HEADERS = gssapi.h - -libgssapi_la_SOURCES = \ - $(BUILT_SOURCES) \ - 8003.c \ - accept_sec_context.c \ - acquire_cred.c \ - add_cred.c \ - add_oid_set_member.c \ - arcfour.c \ - canonicalize_name.c \ - ccache_name.c \ - cfx.c \ - compare_name.c \ - compat.c \ - context_time.c \ - copy_ccache.c \ - create_emtpy_oid_set.c \ - decapsulate.c \ - delete_sec_context.c \ - display_name.c \ - display_status.c \ - duplicate_name.c \ - encapsulate.c \ - export_sec_context.c \ - export_name.c \ - external.c \ - get_mic.c \ - gssapi.h \ - gssapi_locl.h \ - import_name.c \ - import_sec_context.c \ - indicate_mechs.c \ - init.c \ - init_sec_context.c \ - inquire_context.c \ - inquire_cred.c \ - inquire_cred_by_mech.c \ - inquire_mechs_for_name.c \ - inquire_names_for_mech.c \ - oid_to_str.c \ - process_context_token.c \ - release_buffer.c \ - release_cred.c \ - release_name.c \ - release_oid_set.c \ - sequence.c \ - test_oid_set_member.c \ - ticket_flags.c \ - unwrap.c \ - v1.c \ - verify_mic.c \ - wrap.c \ - address_to_krb5addr.c - -CLEANFILES = $(BUILT_SOURCES) $(spnego_files) spnego_asn1.h spnego_asn1_files +CLEANFILES = $(BUILT_SOURCES) \ + $(spnego_files) spnego_asn1.h spnego_asn1_files \ + $(gssapi_files) gssapi_asn1.h gssapi_asn1_files $(spnego_files) spnego_asn1.h: spnego_asn1_files +$(gssapi_files) gssapi_asn1.h: gssapi_asn1_files -spnego_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego.asn1 - ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego.asn1 spnego_asn1 +spnego_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego/spnego.asn1 + ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego/spnego.asn1 spnego_asn1 -$(libgssapi_la_OBJECTS): spnego_asn1.h +gssapi_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 + ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 gssapi_asn1 -TESTS = test_sequence test_oid +$(srcdir)/krb5/gsskrb5-private.h: + cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5/gsskrb5-private.h $(krb5src) || rm -f krb5/gsskrb5-private.h -check_PROGRAMS = test_acquire_cred $(TESTS) -noinst_PROGRAMS = test_cred test_kcred -LDADD = libgssapi.la $(LIB_roken) +#TESTS = test_sequence test_oid +# +#check_PROGRAMS = test_acquire_cred $(TESTS) +# +#noinst_PROGRAMS = test_cred test_kcred +#LDADD = libmech_krb5.la $(LIB_roken) + diff --git a/lib/gssapi/gssapi.h b/lib/gssapi/gssapi.h index 8e940327c..8de827b5b 100644 --- a/lib/gssapi/gssapi.h +++ b/lib/gssapi/gssapi.h @@ -76,10 +76,6 @@ typedef struct gss_OID_set_desc_struct { gss_OID elements; } gss_OID_set_desc, *gss_OID_set; -struct krb5_keytab_data; - -struct krb5_ccache_data; - typedef int gss_cred_usage_t; struct gss_cred_id_t_desc_struct; @@ -98,6 +94,12 @@ typedef struct gss_channel_bindings_struct { gss_buffer_desc application_data; } *gss_channel_bindings_t; +/* GGF extension data types */ +typedef struct gss_buffer_set_desc_struct { + size_t count; + gss_buffer_desc *elements; +} gss_buffer_set_desc, *gss_buffer_set_t; + /* * For now, define a QOP-type as an OM_uint32 */ @@ -116,6 +118,8 @@ typedef OM_uint32 gss_qop_t; #define GSS_C_PROT_READY_FLAG 128 #define GSS_C_TRANS_FLAG 256 +#define GSS_C_DCE_STYLE 0x1000 + /* * Credential usage options */ @@ -162,6 +166,7 @@ typedef OM_uint32 gss_qop_t; */ #define GSS_C_NO_NAME ((gss_name_t) 0) #define GSS_C_NO_BUFFER ((gss_buffer_t) 0) +#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0) #define GSS_C_NO_OID ((gss_OID) 0) #define GSS_C_NO_OID_SET ((gss_OID_set) 0) #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) @@ -319,6 +324,13 @@ extern gss_OID GSS_KRB5_MECHANISM; #define gss_mech_krb5 GSS_KRB5_MECHANISM #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME +/* Extensions */ +extern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO; +extern gss_OID GSS_KRB5_COPY_CCACHE_X; +extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X; +extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X; +extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X; + /* Major status codes */ #define GSS_S_COMPLETE 0 @@ -442,6 +454,11 @@ extern gss_OID GSS_KRB5_MECHANISM; #define GSS_KRB5_S_KG_CTX_INCOMPLETE 17 /* "Attempt to use incomplete security context" */ +/* + * This is used to make sure mechs that don't want to have external + * references don't get any prototypes, and thus can get warnings. + */ + /* * Finally, function prototypes for the GSS-API routines. */ @@ -710,6 +727,63 @@ OM_uint32 gss_duplicate_name ( gss_name_t * /*dest_name*/ ); +OM_uint32 gss_duplicate_oid ( + OM_uint32 * /* minor_status */, + gss_OID /* src_oid */, + gss_OID * /* dest_oid */ + ); +OM_uint32 +gss_release_oid + (OM_uint32 * /*minor_status*/, + gss_OID * /* oid */ + ); + +OM_uint32 +gss_oid_to_str( + OM_uint32 * /*minor_status*/, + gss_OID /* oid */, + gss_buffer_t /* str */ + ); + +OM_uint32 +gss_inquire_sec_context_by_oid( + OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set + ); + +OM_uint32 +gss_set_sec_context_option (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value); + +int +gss_oid_equal(const gss_OID a, const gss_OID b); + +OM_uint32 +gss_create_empty_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set); + +OM_uint32 +gss_add_buffer_set_member + (OM_uint32 * minor_status, + const gss_buffer_t member_buffer, + gss_buffer_set_t *buffer_set); + +OM_uint32 +gss_release_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set); + +OM_uint32 +gss_inquire_cred_by_oid(OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set); + /* * The following routines are obsolete variants of gss_get_mic, * gss_verify_mic, gss_wrap and gss_unwrap. They should be @@ -760,6 +834,9 @@ OM_uint32 gss_unseal * kerberos mechanism specific functions */ +struct krb5_keytab_data; +struct krb5_ccache_data; + OM_uint32 gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, const char * /*name */, @@ -798,10 +875,21 @@ OM_uint32 gss_krb5_compat_des3_mic(OM_uint32 *, gss_ctx_id_t, int); OM_uint32 -gss_oid_to_str - (OM_uint32 * /*minor_status*/, - gss_OID /* oid */, - gss_buffer_t /* str */); +gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set); + +OM_uint32 +gss_encapsulate_token(gss_buffer_t /* input_token */, + gss_OID /* oid */, + gss_buffer_t /* output_token */); + +OM_uint32 +gss_decapsulate_token(gss_buffer_t /* input_token */, + gss_OID /* oid */, + gss_buffer_t /* output_token */); + #ifdef __cplusplus diff --git a/lib/gssapi/gssapi_mech.h b/lib/gssapi/gssapi_mech.h new file mode 100644 index 000000000..301191b67 --- /dev/null +++ b/lib/gssapi/gssapi_mech.h @@ -0,0 +1,332 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/mech_switch.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#ifndef GSSAPI_MECH_H +#define GSSAPI_MECH_H 1 + +#include + +typedef OM_uint32 _gss_acquire_cred_t + (OM_uint32 *, /* minor_status */ + const gss_name_t, /* desired_name */ + OM_uint32, /* time_req */ + const gss_OID_set, /* desired_mechs */ + gss_cred_usage_t, /* cred_usage */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 * /* time_rec */ + ); + +typedef OM_uint32 _gss_release_cred_t + (OM_uint32 *, /* minor_status */ + gss_cred_id_t * /* cred_handle */ + ); + +typedef OM_uint32 _gss_init_sec_context_t + (OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* initiator_cred_handle */ + gss_ctx_id_t *, /* context_handle */ + const gss_name_t, /* target_name */ + const gss_OID, /* mech_type */ + OM_uint32, /* req_flags */ + OM_uint32, /* time_req */ + const gss_channel_bindings_t, + /* input_chan_bindings */ + const gss_buffer_t, /* input_token */ + gss_OID *, /* actual_mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 *, /* ret_flags */ + OM_uint32 * /* time_rec */ + ); + +typedef OM_uint32 _gss_accept_sec_context_t + (OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + const gss_cred_id_t, /* acceptor_cred_handle */ + const gss_buffer_t, /* input_token_buffer */ + const gss_channel_bindings_t, + /* input_chan_bindings */ + gss_name_t *, /* src_name */ + gss_OID *, /* mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 *, /* ret_flags */ + OM_uint32 *, /* time_rec */ + gss_cred_id_t * /* delegated_cred_handle */ + ); + +typedef OM_uint32 _gss_process_context_token_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + const gss_buffer_t /* token_buffer */ + ); + +typedef OM_uint32 _gss_delete_sec_context_t + (OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_buffer_t /* output_token */ + ); + +typedef OM_uint32 _gss_context_time_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + OM_uint32 * /* time_rec */ + ); + +typedef OM_uint32 _gss_get_mic_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + gss_qop_t, /* qop_req */ + const gss_buffer_t, /* message_buffer */ + gss_buffer_t /* message_token */ + ); + +typedef OM_uint32 _gss_verify_mic_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + const gss_buffer_t, /* message_buffer */ + const gss_buffer_t, /* token_buffer */ + gss_qop_t * /* qop_state */ + ); + +typedef OM_uint32 _gss_wrap_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + const gss_buffer_t, /* input_message_buffer */ + int *, /* conf_state */ + gss_buffer_t /* output_message_buffer */ + ); + +typedef OM_uint32 _gss_unwrap_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + const gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int *, /* conf_state */ + gss_qop_t * /* qop_state */ + ); + +typedef OM_uint32 _gss_display_status_t + (OM_uint32 *, /* minor_status */ + OM_uint32, /* status_value */ + int, /* status_type */ + const gss_OID, /* mech_type */ + OM_uint32 *, /* message_context */ + gss_buffer_t /* status_string */ + ); + +typedef OM_uint32 _gss_indicate_mechs_t + (OM_uint32 *, /* minor_status */ + gss_OID_set * /* mech_set */ + ); + +typedef OM_uint32 _gss_compare_name_t + (OM_uint32 *, /* minor_status */ + const gss_name_t, /* name1 */ + const gss_name_t, /* name2 */ + int * /* name_equal */ + ); + +typedef OM_uint32 _gss_display_name_t + (OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_buffer_t, /* output_name_buffer */ + gss_OID * /* output_name_type */ + ); + +typedef OM_uint32 _gss_import_name_t + (OM_uint32 *, /* minor_status */ + const gss_buffer_t, /* input_name_buffer */ + const gss_OID, /* input_name_type */ + gss_name_t * /* output_name */ + ); + +typedef OM_uint32 _gss_export_name_t + (OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_buffer_t /* exported_name */ + ); + +typedef OM_uint32 _gss_release_name_t + (OM_uint32 *, /* minor_status */ + gss_name_t * /* input_name */ + ); + +typedef OM_uint32 _gss_inquire_cred_t + (OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* cred_handle */ + gss_name_t *, /* name */ + OM_uint32 *, /* lifetime */ + gss_cred_usage_t *, /* cred_usage */ + gss_OID_set * /* mechanisms */ + ); + +typedef OM_uint32 _gss_inquire_context_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + gss_name_t *, /* src_name */ + gss_name_t *, /* targ_name */ + OM_uint32 *, /* lifetime_rec */ + gss_OID *, /* mech_type */ + OM_uint32 *, /* ctx_flags */ + int *, /* locally_initiated */ + int * /* open */ + ); + +typedef OM_uint32 _gss_wrap_size_limit_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + OM_uint32, /* req_output_size */ + OM_uint32 * /* max_input_size */ + ); + +typedef OM_uint32 _gss_add_cred_t ( + OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* input_cred_handle */ + const gss_name_t, /* desired_name */ + const gss_OID, /* desired_mech */ + gss_cred_usage_t, /* cred_usage */ + OM_uint32, /* initiator_time_req */ + OM_uint32, /* acceptor_time_req */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 *, /* initiator_time_rec */ + OM_uint32 * /* acceptor_time_rec */ + ); + +typedef OM_uint32 _gss_inquire_cred_by_mech_t ( + OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* cred_handle */ + const gss_OID, /* mech_type */ + gss_name_t *, /* name */ + OM_uint32 *, /* initiator_lifetime */ + OM_uint32 *, /* acceptor_lifetime */ + gss_cred_usage_t * /* cred_usage */ + ); + +typedef OM_uint32 _gss_export_sec_context_t ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_buffer_t /* interprocess_token */ + ); + +typedef OM_uint32 _gss_import_sec_context_t ( + OM_uint32 *, /* minor_status */ + const gss_buffer_t, /* interprocess_token */ + gss_ctx_id_t * /* context_handle */ + ); + +typedef OM_uint32 _gss_inquire_names_for_mech_t ( + OM_uint32 *, /* minor_status */ + const gss_OID, /* mechanism */ + gss_OID_set * /* name_types */ + ); + +typedef OM_uint32 _gss_inquire_mechs_for_name_t ( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_OID_set * /* mech_types */ + ); + +typedef OM_uint32 _gss_canonicalize_name_t ( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + const gss_OID, /* mech_type */ + gss_name_t * /* output_name */ + ); + +typedef OM_uint32 _gss_duplicate_name_t ( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* src_name */ + gss_name_t * /* dest_name */ + ); + +typedef OM_uint32 _gss_inquire_sec_context_by_oid ( + OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set + ); + +typedef OM_uint32 _gss_inquire_cred_by_oid ( + OM_uint32 *minor_status, + const gss_cred_id_t cred, + const gss_OID desired_object, + gss_buffer_set_t *data_set + ); + + +#define GMI_VERSION 1 + +typedef struct gssapi_mech_interface_desc { + unsigned gm_version; + const char *gm_name; + gss_OID_desc gm_mech_oid; + _gss_acquire_cred_t *gm_acquire_cred; + _gss_release_cred_t *gm_release_cred; + _gss_init_sec_context_t *gm_init_sec_context; + _gss_accept_sec_context_t *gm_accept_sec_context; + _gss_process_context_token_t *gm_process_context_token; + _gss_delete_sec_context_t *gm_delete_sec_context; + _gss_context_time_t *gm_context_time; + _gss_get_mic_t *gm_get_mic; + _gss_verify_mic_t *gm_verify_mic; + _gss_wrap_t *gm_wrap; + _gss_unwrap_t *gm_unwrap; + _gss_display_status_t *gm_display_status; + _gss_indicate_mechs_t *gm_indicate_mechs; + _gss_compare_name_t *gm_compare_name; + _gss_display_name_t *gm_display_name; + _gss_import_name_t *gm_import_name; + _gss_export_name_t *gm_export_name; + _gss_release_name_t *gm_release_name; + _gss_inquire_cred_t *gm_inquire_cred; + _gss_inquire_context_t *gm_inquire_context; + _gss_wrap_size_limit_t *gm_wrap_size_limit; + _gss_add_cred_t *gm_add_cred; + _gss_inquire_cred_by_mech_t *gm_inquire_cred_by_mech; + _gss_export_sec_context_t *gm_export_sec_context; + _gss_import_sec_context_t *gm_import_sec_context; + _gss_inquire_names_for_mech_t *gm_inquire_names_for_mech; + _gss_inquire_mechs_for_name_t *gm_inquire_mechs_for_name; + _gss_canonicalize_name_t *gm_canonicalize_name; + _gss_duplicate_name_t *gm_duplicate_name; + _gss_inquire_sec_context_by_oid *gm_inquire_sec_context_by_oid; + _gss_inquire_cred_by_oid *gm_inquire_cred_by_oid; +} gssapi_mech_interface_desc, *gssapi_mech_interface; + +gssapi_mech_interface +__gss_get_mechanism(gss_OID /* oid */); + +gssapi_mech_interface __gss_spnego_initialize(void); +gssapi_mech_interface __gss_krb5_initialize(void); + +#endif /* GSSAPI_MECH_H */