LTKCPP-- LLRP Toolkit C Plus Plus Library
kssl.h
00001 /* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
00002 /*
00003  * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
00004  * 2000. project 2000.
00005  */
00006 /* ====================================================================
00007  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
00008  *
00009  * Redistribution and use in source and binary forms, with or without
00010  * modification, are permitted provided that the following conditions
00011  * are met:
00012  *
00013  * 1. Redistributions of source code must retain the above copyright
00014  *    notice, this list of conditions and the following disclaimer.
00015  *
00016  * 2. Redistributions in binary form must reproduce the above copyright
00017  *    notice, this list of conditions and the following disclaimer in
00018  *    the documentation and/or other materials provided with the
00019  *    distribution.
00020  *
00021  * 3. All advertising materials mentioning features or use of this
00022  *    software must display the following acknowledgment:
00023  *    "This product includes software developed by the OpenSSL Project
00024  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
00025  *
00026  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
00027  *    endorse or promote products derived from this software without
00028  *    prior written permission. For written permission, please contact
00029  *    licensing@OpenSSL.org.
00030  *
00031  * 5. Products derived from this software may not be called "OpenSSL"
00032  *    nor may "OpenSSL" appear in their names without prior written
00033  *    permission of the OpenSSL Project.
00034  *
00035  * 6. Redistributions of any form whatsoever must retain the following
00036  *    acknowledgment:
00037  *    "This product includes software developed by the OpenSSL Project
00038  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
00039  *
00040  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
00041  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00042  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
00043  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
00044  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
00045  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
00046  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
00047  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00048  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
00049  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
00050  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
00051  * OF THE POSSIBILITY OF SUCH DAMAGE.
00052  * ====================================================================
00053  *
00054  * This product includes cryptographic software written by Eric Young
00055  * (eay@cryptsoft.com).  This product includes software written by Tim
00056  * Hudson (tjh@cryptsoft.com).
00057  *
00058  */
00059 
00060 /*
00061  **      19990701        VRS     Started.
00062  */
00063 
00064 #ifndef KSSL_H
00065 # define KSSL_H
00066 
00067 # include <openssl/opensslconf.h>
00068 
00069 # ifndef OPENSSL_NO_KRB5
00070 
00071 #  include <stdio.h>
00072 #  include <ctype.h>
00073 #  include <krb5.h>
00074 #  ifdef OPENSSL_SYS_WIN32
00075 /*
00076  * These can sometimes get redefined indirectly by krb5 header files after
00077  * they get undefed in ossl_typ.h
00078  */
00079 #   undef X509_NAME
00080 #   undef X509_EXTENSIONS
00081 #   undef OCSP_REQUEST
00082 #   undef OCSP_RESPONSE
00083 #  endif
00084 
00085 #ifdef  __cplusplus
00086 extern "C" {
00087 #endif
00088 
00089 /*
00090  *      Depending on which KRB5 implementation used, some types from
00091  *      the other may be missing.  Resolve that here and now
00092  */
00093 #  ifdef KRB5_HEIMDAL
00094 typedef unsigned char krb5_octet;
00095 #   define FAR
00096 #  else
00097 
00098 #   ifndef FAR
00099 #    define FAR
00100 #   endif
00101 
00102 #  endif
00103 
00104 /*-
00105  *      Uncomment this to debug kssl problems or
00106  *      to trace usage of the Kerberos session key
00107  *
00108  *      #define         KSSL_DEBUG
00109  */
00110 
00111 #  ifndef KRB5SVC
00112 #   define KRB5SVC "host"
00113 #  endif
00114 
00115 #  ifndef KRB5KEYTAB
00116 #   define KRB5KEYTAB      "/etc/krb5.keytab"
00117 #  endif
00118 
00119 #  ifndef KRB5SENDAUTH
00120 #   define KRB5SENDAUTH    1
00121 #  endif
00122 
00123 #  ifndef KRB5CHECKAUTH
00124 #   define KRB5CHECKAUTH   1
00125 #  endif
00126 
00127 #  ifndef KSSL_CLOCKSKEW
00128 #   define KSSL_CLOCKSKEW  300;
00129 #  endif
00130 
00131 #  define KSSL_ERR_MAX    255
00132 typedef struct kssl_err_st {
00133     int reason;
00134     char text[KSSL_ERR_MAX + 1];
00135 } KSSL_ERR;
00136 
00137 /*-     Context for passing
00138  *              (1) Kerberos session key to SSL, and
00139  *              (2)     Config data between application and SSL lib
00140  */
00141 typedef struct kssl_ctx_st {
00142     /*      used by:    disposition:            */
00143     char *service_name;         /* C,S default ok (kssl) */
00144     char *service_host;         /* C input, REQUIRED */
00145     char *client_princ;         /* S output from krb5 ticket */
00146     char *keytab_file;          /* S NULL (/etc/krb5.keytab) */
00147     char *cred_cache;           /* C NULL (default) */
00148     krb5_enctype enctype;
00149     int length;
00150     krb5_octet FAR *key;
00151 } KSSL_CTX;
00152 
00153 #  define KSSL_CLIENT     1
00154 #  define KSSL_SERVER     2
00155 #  define KSSL_SERVICE    3
00156 #  define KSSL_KEYTAB     4
00157 
00158 #  define KSSL_CTX_OK     0
00159 #  define KSSL_CTX_ERR    1
00160 #  define KSSL_NOMEM      2
00161 
00162 /* Public (for use by applications that use OpenSSL with Kerberos 5 support */
00163 krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
00164 KSSL_CTX *kssl_ctx_new(void);
00165 KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
00166 void kssl_ctx_show(KSSL_CTX *kssl_ctx);
00167 krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
00168                                   krb5_data *realm, krb5_data *entity,
00169                                   int nentities);
00170 krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
00171                               krb5_data *authenp, KSSL_ERR *kssl_err);
00172 krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
00173                               krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
00174 krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
00175 void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
00176 void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
00177 krb5_error_code kssl_build_principal_2(krb5_context context,
00178                                        krb5_principal *princ, int rlen,
00179                                        const char *realm, int slen,
00180                                        const char *svc, int hlen,
00181                                        const char *host);
00182 krb5_error_code kssl_validate_times(krb5_timestamp atime,
00183                                     krb5_ticket_times *ttimes);
00184 krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
00185                                    krb5_timestamp *atimep,
00186                                    KSSL_ERR *kssl_err);
00187 unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
00188 
00189 void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
00190 KSSL_CTX *SSL_get0_kssl_ctx(SSL *s);
00191 char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
00192 
00193 #ifdef  __cplusplus
00194 }
00195 #endif
00196 # endif                         /* OPENSSL_NO_KRB5 */
00197 #endif                          /* KSSL_H */