LTKCPP-- LLRP Toolkit C Plus Plus Library
|
00001 /* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ 00002 /* 00003 * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 00004 * 2000. project 2000. 00005 */ 00006 /* ==================================================================== 00007 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 00008 * 00009 * Redistribution and use in source and binary forms, with or without 00010 * modification, are permitted provided that the following conditions 00011 * are met: 00012 * 00013 * 1. Redistributions of source code must retain the above copyright 00014 * notice, this list of conditions and the following disclaimer. 00015 * 00016 * 2. Redistributions in binary form must reproduce the above copyright 00017 * notice, this list of conditions and the following disclaimer in 00018 * the documentation and/or other materials provided with the 00019 * distribution. 00020 * 00021 * 3. All advertising materials mentioning features or use of this 00022 * software must display the following acknowledgment: 00023 * "This product includes software developed by the OpenSSL Project 00024 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 00025 * 00026 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 00027 * endorse or promote products derived from this software without 00028 * prior written permission. For written permission, please contact 00029 * licensing@OpenSSL.org. 00030 * 00031 * 5. Products derived from this software may not be called "OpenSSL" 00032 * nor may "OpenSSL" appear in their names without prior written 00033 * permission of the OpenSSL Project. 00034 * 00035 * 6. Redistributions of any form whatsoever must retain the following 00036 * acknowledgment: 00037 * "This product includes software developed by the OpenSSL Project 00038 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 00039 * 00040 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 00041 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 00042 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 00043 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 00044 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00045 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 00046 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 00047 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 00048 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 00049 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 00050 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 00051 * OF THE POSSIBILITY OF SUCH DAMAGE. 00052 * ==================================================================== 00053 * 00054 * This product includes cryptographic software written by Eric Young 00055 * (eay@cryptsoft.com). This product includes software written by Tim 00056 * Hudson (tjh@cryptsoft.com). 00057 * 00058 */ 00059 00060 /* 00061 ** 19990701 VRS Started. 00062 */ 00063 00064 #ifndef KSSL_H 00065 # define KSSL_H 00066 00067 # include <openssl/opensslconf.h> 00068 00069 # ifndef OPENSSL_NO_KRB5 00070 00071 # include <stdio.h> 00072 # include <ctype.h> 00073 # include <krb5.h> 00074 # ifdef OPENSSL_SYS_WIN32 00075 /* 00076 * These can sometimes get redefined indirectly by krb5 header files after 00077 * they get undefed in ossl_typ.h 00078 */ 00079 # undef X509_NAME 00080 # undef X509_EXTENSIONS 00081 # undef OCSP_REQUEST 00082 # undef OCSP_RESPONSE 00083 # endif 00084 00085 #ifdef __cplusplus 00086 extern "C" { 00087 #endif 00088 00089 /* 00090 * Depending on which KRB5 implementation used, some types from 00091 * the other may be missing. Resolve that here and now 00092 */ 00093 # ifdef KRB5_HEIMDAL 00094 typedef unsigned char krb5_octet; 00095 # define FAR 00096 # else 00097 00098 # ifndef FAR 00099 # define FAR 00100 # endif 00101 00102 # endif 00103 00104 /*- 00105 * Uncomment this to debug kssl problems or 00106 * to trace usage of the Kerberos session key 00107 * 00108 * #define KSSL_DEBUG 00109 */ 00110 00111 # ifndef KRB5SVC 00112 # define KRB5SVC "host" 00113 # endif 00114 00115 # ifndef KRB5KEYTAB 00116 # define KRB5KEYTAB "/etc/krb5.keytab" 00117 # endif 00118 00119 # ifndef KRB5SENDAUTH 00120 # define KRB5SENDAUTH 1 00121 # endif 00122 00123 # ifndef KRB5CHECKAUTH 00124 # define KRB5CHECKAUTH 1 00125 # endif 00126 00127 # ifndef KSSL_CLOCKSKEW 00128 # define KSSL_CLOCKSKEW 300; 00129 # endif 00130 00131 # define KSSL_ERR_MAX 255 00132 typedef struct kssl_err_st { 00133 int reason; 00134 char text[KSSL_ERR_MAX + 1]; 00135 } KSSL_ERR; 00136 00137 /*- Context for passing 00138 * (1) Kerberos session key to SSL, and 00139 * (2) Config data between application and SSL lib 00140 */ 00141 typedef struct kssl_ctx_st { 00142 /* used by: disposition: */ 00143 char *service_name; /* C,S default ok (kssl) */ 00144 char *service_host; /* C input, REQUIRED */ 00145 char *client_princ; /* S output from krb5 ticket */ 00146 char *keytab_file; /* S NULL (/etc/krb5.keytab) */ 00147 char *cred_cache; /* C NULL (default) */ 00148 krb5_enctype enctype; 00149 int length; 00150 krb5_octet FAR *key; 00151 } KSSL_CTX; 00152 00153 # define KSSL_CLIENT 1 00154 # define KSSL_SERVER 2 00155 # define KSSL_SERVICE 3 00156 # define KSSL_KEYTAB 4 00157 00158 # define KSSL_CTX_OK 0 00159 # define KSSL_CTX_ERR 1 00160 # define KSSL_NOMEM 2 00161 00162 /* Public (for use by applications that use OpenSSL with Kerberos 5 support */ 00163 krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); 00164 KSSL_CTX *kssl_ctx_new(void); 00165 KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); 00166 void kssl_ctx_show(KSSL_CTX *kssl_ctx); 00167 krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, 00168 krb5_data *realm, krb5_data *entity, 00169 int nentities); 00170 krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, 00171 krb5_data *authenp, KSSL_ERR *kssl_err); 00172 krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, 00173 krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); 00174 krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); 00175 void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); 00176 void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); 00177 krb5_error_code kssl_build_principal_2(krb5_context context, 00178 krb5_principal *princ, int rlen, 00179 const char *realm, int slen, 00180 const char *svc, int hlen, 00181 const char *host); 00182 krb5_error_code kssl_validate_times(krb5_timestamp atime, 00183 krb5_ticket_times *ttimes); 00184 krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, 00185 krb5_timestamp *atimep, 00186 KSSL_ERR *kssl_err); 00187 unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); 00188 00189 void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); 00190 KSSL_CTX *SSL_get0_kssl_ctx(SSL *s); 00191 char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); 00192 00193 #ifdef __cplusplus 00194 } 00195 #endif 00196 # endif /* OPENSSL_NO_KRB5 */ 00197 #endif /* KSSL_H */