pass in mechanism OID to gss_display_status() so mechglue can route the

[gssapi-openssh.git] / openssh / ssh-gss.h

diff --git a/openssh/ssh-gss.h b/openssh/ssh-gss.h
index 76d435fffec8c6e720e2320ce012cf5f2c09313d..31e025ecb8a56861755b37b42e10b211cf258b7f 100644 (file)
--- a/openssh/ssh-gss.h
+++ b/openssh/ssh-gss.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -22,6 +22,9 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#ifndef _SSH_GSS_H
+#define _SSH_GSS_H
+
 #ifdef GSSAPI
 
 #include "kex.h"
@@ -29,6 +32,7 @@
 
 #include <gssapi.h>
 
+#ifndef MECHGLUE
 #ifdef KRB5
 #ifndef HEIMDAL
 #include <gssapi_generic.h>
@@ -40,19 +44,20 @@
 #endif /* GSS_C_NT_... */
 #endif /* !HEIMDAL */
 #endif /* KRB5 */
-
-/* draft-ietf-secsh-gsskeyex-01 */
-#define SSH2_MSG_KEXGSS_INIT           30
-#define SSH2_MSG_KEXGSS_CONTINUE       31
-#define SSH2_MSG_KEXGSS_COMPLETE       32
-#define SSH2_MSG_KEXGSS_HOSTKEY                33
-#define KEX_GSS_SHA1                   "gss-group1-sha1-"
-
-/* draft-galb-secsh-gssapi-01 */
-#define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE     60
-#define SSH2_MSG_USERAUTH_GSSAPI_TOKEN        61
-#define SSH2_MSG_USERAUTH_GSSAPI_HASH         62
+#endif /* !MECHGLUE */
+
+/* draft-ietf-secsh-gsskeyex-03 */
+#define SSH2_MSG_KEXGSS_INIT                           30
+#define SSH2_MSG_KEXGSS_CONTINUE                       31
+#define SSH2_MSG_KEXGSS_COMPLETE                       32
+#define SSH2_MSG_KEXGSS_HOSTKEY                                33
+#define SSH2_MSG_KEXGSS_ERROR                          34
+#define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE              60
+#define SSH2_MSG_USERAUTH_GSSAPI_TOKEN                 61
 #define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE     63    
+#define SSH2_MSG_USERAUTH_GSSAPI_ERROR                 64  
+
+#define KEX_GSS_SHA1                                   "gss-group1-sha1-"
 
 enum ssh_gss_id {
 #ifdef KRB5
@@ -74,7 +79,7 @@ typedef struct {
        OM_uint32       status; /* both */
        gss_ctx_id_t    context; /* both */
        gss_name_t      name; /* both */
-       gss_OID         oid; /* client */
+       gss_OID         oid; /* both */
        gss_cred_id_t   creds; /* server */
        gss_name_t      client; /* server */
        gss_cred_id_t   client_creds; /* server */
@@ -86,7 +91,7 @@ extern gss_cred_id_t   gssapi_client_creds;
 extern enum ssh_gss_id gssapi_client_type;
 
 char *ssh_gssapi_mechanisms(int server, char *host);
-int ssh_gssapi_id_kex(Gssctxt *ctx, char *name);
+gss_OID ssh_gssapi_id_kex(Gssctxt *ctx, char *name);
 void ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len);
 void ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid);
 void ssh_gssapi_supported_oids(gss_OID_set *oidset);
@@ -105,19 +110,55 @@ OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx,
                                enum ssh_gss_id *type,
                                gss_buffer_desc *name,
                                gss_cred_id_t *creds);
-void ssh_gssapi_error(OM_uint32 major_status,OM_uint32 minor_status);
-void ssh_gssapi_send_error(OM_uint32 major_status,OM_uint32 minor_status);
-void ssh_gssapi_build_ctx(Gssctxt *ctx);
-void ssh_gssapi_delete_ctx(Gssctxt *ctx);
+void ssh_gssapi_error(gss_OID mech,
+                     OM_uint32 major_status, OM_uint32 minor_status);
+void ssh_gssapi_send_error(gss_OID mech,
+                          OM_uint32 major_status,OM_uint32 minor_status);
+void ssh_gssapi_build_ctx(Gssctxt **ctx);
+void ssh_gssapi_delete_ctx(Gssctxt **ctx);
+OM_uint32 ssh_gssapi_client_ctx(Gssctxt **ctx,gss_OID oid,char *host);
+OM_uint32 ssh_gssapi_server_ctx(Gssctxt **ctx,gss_OID oid);
 
 /* In the client */
 void ssh_gssapi_client(Kex *kex, char *host, struct sockaddr *hostaddr,
                        Buffer *client_kexinit, Buffer *server_kexinit);
 
 /* In the server */
+int ssh_gssapi_userok(char *name);
+int ssh_gssapi_localname(char **lname);
 void ssh_gssapi_server(Kex *kex, Buffer *client_kexinit, 
                       Buffer *server_kexinit);
+
+OM_uint32 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *buffer, 
+                                       gss_buffer_desc *hash);
+
 void ssh_gssapi_do_child(char ***envp, u_int *envsizep);                 
 void ssh_gssapi_cleanup_creds(void *ignored);
 void ssh_gssapi_storecreds();
+void ssh_gssapi_clean_env();
+
+#ifdef GSI
+int gsi_gridmap(char *subject_name, char **mapped_name);
+#ifdef _HAVE_GSI_EXTENDED_GSSAPI
+#define HAVE_GSSAPI_EXT
+#endif
+#endif
+
+#ifdef MECHGLUE
+gss_cred_id_t __gss_get_mechanism_cred
+   (gss_cred_id_t,     /* union_cred */
+    gss_OID            /* mech_type */
+   );
+#ifndef _HAVE_GSI_EXTENDED_GSSAPI
+#define HAVE_GSSAPI_EXT
+OM_uint32 gss_export_cred
+    (OM_uint32 *,        /* minor_status */
+     const gss_cred_id_t,/* cred_handle */
+     const gss_OID,      /* desired mech */
+     OM_uint32,          /* option req */
+     gss_buffer_t);      /* output buffer */
+#endif
+#endif
 #endif /* GSSAPI */
+
+#endif /* _SSH_GSS_H */