"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.11.23/lib/dns/include/dst/gssapi.h" (7 Sep 2020, 5941 Bytes) of package /linux/misc/dns/bind9/9.11.23/bind-9.11.23.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "gssapi.h" see the Fossies "Dox" file reference documentation.

    1 /*
    2  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
    3  *
    4  * This Source Code Form is subject to the terms of the Mozilla Public
    5  * License, v. 2.0. If a copy of the MPL was not distributed with this
    6  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    7  *
    8  * See the COPYRIGHT file distributed with this work for additional
    9  * information regarding copyright ownership.
   10  */
   11 
   12 
   13 #ifndef DST_GSSAPI_H
   14 #define DST_GSSAPI_H 1
   15 
   16 /*! \file dst/gssapi.h */
   17 
   18 #include <inttypes.h>
   19 #include <stdbool.h>
   20 
   21 #include <isc/formatcheck.h>
   22 #include <isc/lang.h>
   23 #include <isc/platform.h>
   24 #include <isc/types.h>
   25 #include <dns/types.h>
   26 
   27 #ifdef GSSAPI
   28 #ifdef WIN32
   29 /*
   30  * MSVC does not like macros in #include lines.
   31  */
   32 #include <gssapi/gssapi.h>
   33 #include <gssapi/gssapi_krb5.h>
   34 #else
   35 #include ISC_PLATFORM_GSSAPIHEADER
   36 #ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER
   37 #include ISC_PLATFORM_GSSAPI_KRB5_HEADER
   38 #endif
   39 #endif
   40 #ifndef GSS_SPNEGO_MECHANISM
   41 #define GSS_SPNEGO_MECHANISM ((void*)0)
   42 #endif
   43 #endif
   44 
   45 ISC_LANG_BEGINDECLS
   46 
   47 /***
   48  *** Types
   49  ***/
   50 
   51 /***
   52  *** Functions
   53  ***/
   54 
   55 isc_result_t
   56 dst_gssapi_acquirecred(dns_name_t *name, bool initiate,
   57                gss_cred_id_t *cred);
   58 /*
   59  *  Acquires GSS credentials.
   60  *
   61  *  Requires:
   62  *  'name'      is a valid name, preferably one known by the GSS provider
   63  *  'initiate'  indicates whether the credentials are for initiating or
   64  *          accepting contexts
   65  *      'cred'      is a pointer to NULL, which will be allocated with the
   66  *          credential handle.  Call dst_gssapi_releasecred to free
   67  *          the memory.
   68  *
   69  *  Returns:
   70  *      ISC_R_SUCCESS msg was successfully updated to include the
   71  *                    query to be sent
   72  *      other         an error occurred while building the message
   73  */
   74 
   75 isc_result_t
   76 dst_gssapi_releasecred(gss_cred_id_t *cred);
   77 /*
   78  *  Releases GSS credentials.  Calling this function does release the
   79  *  memory allocated for the credential in dst_gssapi_acquirecred()
   80  *
   81  *  Requires:
   82  *      'mctx'  is a valid memory context
   83  *      'cred'  is a pointer to the credential to be released
   84  *
   85  *  Returns:
   86  *      ISC_R_SUCCESS   credential was released successfully
   87  *      other       an error occurred while releaseing
   88  *              the credential
   89  */
   90 
   91 isc_result_t
   92 dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
   93            isc_buffer_t *outtoken, gss_ctx_id_t *gssctx,
   94            isc_mem_t *mctx, char **err_message);
   95 /*
   96  *  Initiates a GSS context.
   97  *
   98  *  Requires:
   99  *  'name'     is a valid name, preferably one known by the GSS
  100  *  provider
  101  *  'intoken'  is a token received from the acceptor, or NULL if
  102  *         there isn't one
  103  *  'outtoken' is a buffer to receive the token generated by
  104  *         gss_init_sec_context() to be sent to the acceptor
  105  *      'context'  is a pointer to a valid gss_ctx_id_t
  106  *                 (which may have the value GSS_C_NO_CONTEXT)
  107  *
  108  *  Returns:
  109  *      ISC_R_SUCCESS   msg was successfully updated to include the
  110  *              query to be sent
  111  *      other       an error occurred while building the message
  112  *      *err_message    optional error message
  113  */
  114 
  115 isc_result_t
  116 dst_gssapi_acceptctx(gss_cred_id_t cred,
  117              const char *gssapi_keytab,
  118              isc_region_t *intoken, isc_buffer_t **outtoken,
  119              gss_ctx_id_t *context, dns_name_t *principal,
  120              isc_mem_t *mctx);
  121 /*
  122  *  Accepts a GSS context.
  123  *
  124  *  Requires:
  125  *  'mctx'     is a valid memory context
  126  *      'cred'     is the acceptor's valid GSS credential handle
  127  *  'intoken'  is a token received from the initiator
  128  *  'outtoken' is a pointer a buffer pointer used to return the token
  129  *         generated by gss_accept_sec_context() to be sent to the
  130  *         initiator
  131  *      'context'  is a valid pointer to receive the generated context handle.
  132  *                 On the initial call, it should be a pointer to NULL, which
  133  *         will be allocated as a gss_ctx_id_t.  Subsequent calls
  134  *         should pass in the handle generated on the first call.
  135  *         Call dst_gssapi_releasecred to delete the context and free
  136  *         the memory.
  137  *
  138  *  Requires:
  139  *      'outtoken' to != NULL && *outtoken == NULL.
  140  *
  141  *  Returns:
  142  *      ISC_R_SUCCESS   msg was successfully updated to include the
  143  *              query to be sent
  144  *      DNS_R_CONTINUE  transaction still in progress
  145  *      other       an error occurred while building the message
  146  */
  147 
  148 isc_result_t
  149 dst_gssapi_deletectx(isc_mem_t *mctx, gss_ctx_id_t *gssctx);
  150 /*
  151  *  Destroys a GSS context.  This function deletes the context from the GSS
  152  *      provider and then frees the memory used by the context pointer.
  153  *
  154  *  Requires:
  155  *      'mctx'    is a valid memory context
  156  *  'context' is a valid GSS context
  157  *
  158  *  Returns:
  159  *      ISC_R_SUCCESS
  160  */
  161 
  162 
  163 void
  164 gss_log(int level, const char *fmt, ...)
  165 ISC_FORMAT_PRINTF(2, 3);
  166 /*
  167  * Logging function for GSS.
  168  *
  169  *  Requires
  170  *      'level' is the log level to be used, as an integer
  171  *      'fmt'   is a printf format specifier
  172  */
  173 
  174 char *
  175 gss_error_tostring(uint32_t major, uint32_t minor,
  176            char *buf, size_t buflen);
  177 /*
  178  *  Render a GSS major status/minor status pair into a string
  179  *
  180  *  Requires:
  181  *      'major' is a GSS major status code
  182  *  'minor' is a GSS minor status code
  183  *
  184  *  Returns:
  185  *      A string containing the text representation of the error codes.
  186  *          Users should copy the string if they wish to keep it.
  187  */
  188 
  189 bool
  190 dst_gssapi_identitymatchesrealmkrb5(const dns_name_t *signer,
  191                     const dns_name_t *name,
  192                     const dns_name_t *realm,
  193                     bool subdomain);
  194 /*
  195  *  Compare a "signer" (in the format of a Kerberos-format Kerberos5
  196  *  principal: host/example.com@EXAMPLE.COM) to the realm name stored
  197  *  in "name" (which represents the realm name).
  198  *
  199  */
  200 
  201 bool
  202 dst_gssapi_identitymatchesrealmms(const dns_name_t *signer,
  203                   const dns_name_t *name,
  204                   const dns_name_t *realm,
  205                   bool subdomain);
  206 /*
  207  *  Compare a "signer" (in the format of a Kerberos-format Kerberos5
  208  *  principal: host/example.com@EXAMPLE.COM) to the realm name stored
  209  *  in "name" (which represents the realm name).
  210  *
  211  */
  212 
  213 ISC_LANG_ENDDECLS
  214 
  215 #endif /* DST_GSSAPI_H */