X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/de4d450674c5268176b7d25935a6cee9f9a00d19..6f9f4dab1bca468a2d6fd906245c8fd0adfa658f:/openssh/ssh-gss.h

diff --git a/openssh/ssh-gss.h b/openssh/ssh-gss.h
index 76d435f..31e025e 100644
--- a/openssh/ssh-gss.h
+++ b/openssh/ssh-gss.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -22,6 +22,9 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#ifndef _SSH_GSS_H
+#define _SSH_GSS_H
+
 #ifdef GSSAPI
 
 #include "kex.h"
@@ -29,6 +32,7 @@
 
 #include <gssapi.h>
 
+#ifndef MECHGLUE
 #ifdef KRB5
 #ifndef HEIMDAL
 #include <gssapi_generic.h>
@@ -40,19 +44,20 @@
 #endif /* GSS_C_NT_... */
 #endif /* !HEIMDAL */
 #endif /* KRB5 */
-
-/* draft-ietf-secsh-gsskeyex-01 */
-#define SSH2_MSG_KEXGSS_INIT		30
-#define SSH2_MSG_KEXGSS_CONTINUE 	31
-#define SSH2_MSG_KEXGSS_COMPLETE 	32
-#define SSH2_MSG_KEXGSS_HOSTKEY		33
-#define KEX_GSS_SHA1			"gss-group1-sha1-"
-
-/* draft-galb-secsh-gssapi-01 */
-#define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE     60
-#define SSH2_MSG_USERAUTH_GSSAPI_TOKEN        61
-#define SSH2_MSG_USERAUTH_GSSAPI_HASH         62
+#endif /* !MECHGLUE */
+
+/* draft-ietf-secsh-gsskeyex-03 */
+#define SSH2_MSG_KEXGSS_INIT				30
+#define SSH2_MSG_KEXGSS_CONTINUE 			31
+#define SSH2_MSG_KEXGSS_COMPLETE 			32
+#define SSH2_MSG_KEXGSS_HOSTKEY				33
+#define SSH2_MSG_KEXGSS_ERROR				34
+#define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE     		60
+#define SSH2_MSG_USERAUTH_GSSAPI_TOKEN        		61
 #define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE	63    
+#define SSH2_MSG_USERAUTH_GSSAPI_ERROR			64  
+
+#define KEX_GSS_SHA1					"gss-group1-sha1-"
 
 enum ssh_gss_id {
 #ifdef KRB5
@@ -74,7 +79,7 @@ typedef struct {
 	OM_uint32	status; /* both */
 	gss_ctx_id_t	context; /* both */
 	gss_name_t	name; /* both */
-	gss_OID		oid; /* client */
+	gss_OID		oid; /* both */
 	gss_cred_id_t	creds; /* server */
 	gss_name_t	client; /* server */
 	gss_cred_id_t	client_creds; /* server */
@@ -86,7 +91,7 @@ extern gss_cred_id_t   gssapi_client_creds;
 extern enum ssh_gss_id gssapi_client_type;
 
 char *ssh_gssapi_mechanisms(int server, char *host);
-int ssh_gssapi_id_kex(Gssctxt *ctx, char *name);
+gss_OID ssh_gssapi_id_kex(Gssctxt *ctx, char *name);
 void ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len);
 void ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid);
 void ssh_gssapi_supported_oids(gss_OID_set *oidset);
@@ -105,19 +110,55 @@ OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx,
 				enum ssh_gss_id *type,
 				gss_buffer_desc *name,
 				gss_cred_id_t *creds);
-void ssh_gssapi_error(OM_uint32 major_status,OM_uint32 minor_status);
-void ssh_gssapi_send_error(OM_uint32 major_status,OM_uint32 minor_status);
-void ssh_gssapi_build_ctx(Gssctxt *ctx);
-void ssh_gssapi_delete_ctx(Gssctxt *ctx);
+void ssh_gssapi_error(gss_OID mech,
+		      OM_uint32 major_status, OM_uint32 minor_status);
+void ssh_gssapi_send_error(gss_OID mech,
+			   OM_uint32 major_status,OM_uint32 minor_status);
+void ssh_gssapi_build_ctx(Gssctxt **ctx);
+void ssh_gssapi_delete_ctx(Gssctxt **ctx);
+OM_uint32 ssh_gssapi_client_ctx(Gssctxt **ctx,gss_OID oid,char *host);
+OM_uint32 ssh_gssapi_server_ctx(Gssctxt **ctx,gss_OID oid);
 
 /* In the client */
 void ssh_gssapi_client(Kex *kex, char *host, struct sockaddr *hostaddr,
                        Buffer *client_kexinit, Buffer *server_kexinit);
 
 /* In the server */
+int ssh_gssapi_userok(char *name);
+int ssh_gssapi_localname(char **lname);
 void ssh_gssapi_server(Kex *kex, Buffer *client_kexinit, 
 		       Buffer *server_kexinit);
+
+OM_uint32 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *buffer, 
+					gss_buffer_desc *hash);
+
 void ssh_gssapi_do_child(char ***envp, u_int *envsizep);                 
 void ssh_gssapi_cleanup_creds(void *ignored);
 void ssh_gssapi_storecreds();
+void ssh_gssapi_clean_env();
+
+#ifdef GSI
+int gsi_gridmap(char *subject_name, char **mapped_name);
+#ifdef _HAVE_GSI_EXTENDED_GSSAPI
+#define HAVE_GSSAPI_EXT
+#endif
+#endif
+
+#ifdef MECHGLUE
+gss_cred_id_t __gss_get_mechanism_cred
+   (gss_cred_id_t,	/* union_cred */
+    gss_OID		/* mech_type */
+   );
+#ifndef _HAVE_GSI_EXTENDED_GSSAPI
+#define HAVE_GSSAPI_EXT
+OM_uint32 gss_export_cred
+    (OM_uint32 *,        /* minor_status */
+     const gss_cred_id_t,/* cred_handle */
+     const gss_OID,      /* desired mech */
+     OM_uint32,          /* option req */
+     gss_buffer_t);      /* output buffer */
+#endif
+#endif
 #endif /* GSSAPI */
+
+#endif /* _SSH_GSS_H */