X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fkssl.h;h=8242fd5eeb650c0ac775e14a1cf7fe7a0ac32836;hp=d10ad77cf7ded735484af058c84c588eb15d619f;hb=a51f767645c117667d337f77fe1dd9c0a66d8410;hpb=43fcc1b096c47f5d5c10e09cf8a0f75ca4707e35 diff --git a/ssl/kssl.h b/ssl/kssl.h index d10ad77cf7..8242fd5eeb 100644 --- a/ssl/kssl.h +++ b/ssl/kssl.h @@ -63,7 +63,9 @@ #ifndef KSSL_H #define KSSL_H -#ifndef NO_KRB5 +#include + +#ifndef OPENSSL_NO_KRB5 #include #include @@ -73,6 +75,21 @@ extern "C" { #endif +/* +** Depending on which KRB5 implementation used, some types from +** the other may be missing. Resolve that here and now +*/ +#ifdef KRB5_HEIMDAL +typedef unsigned char krb5_octet; +#define FAR +#else + +#ifndef FAR +#define FAR +#endif + +#endif + /* Uncomment this to debug kssl problems or ** to trace usage of the Kerberos session key ** @@ -87,6 +104,17 @@ extern "C" { #define KRB5KEYTAB "/etc/krb5.keytab" #endif +#ifndef KRB5SENDAUTH +#define KRB5SENDAUTH 1 +#endif + +#ifndef KRB5CHECKAUTH +#define KRB5CHECKAUTH 1 +#endif + +#ifndef KSSL_CLOCKSKEW +#define KSSL_CLOCKSKEW 300; +#endif #define KSSL_ERR_MAX 255 typedef struct kssl_err_st { @@ -106,6 +134,7 @@ typedef struct kssl_ctx_st char *service_host; /* C input, REQUIRED */ char *client_princ; /* S output from krb5 ticket */ char *keytab_file; /* S NULL (/etc/krb5.keytab) */ + char *cred_cache; /* C NULL (default) */ krb5_enctype enctype; int length; krb5_octet FAR *key; @@ -120,32 +149,35 @@ typedef struct kssl_ctx_st #define KSSL_CTX_ERR 1 #define KSSL_NOMEM 2 - -void print_krb5_data(char *label, krb5_data *kdata); -void print_krb5_authdata(char *label, krb5_authdata **adata); -void print_krb5_keyblock(char *label, krb5_keyblock *keyblk); - -char *kstring(char *string); -char *knumber(int len, krb5_octet *contents); - - -void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); - +/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ +krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); KSSL_CTX *kssl_ctx_new(void); KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); void kssl_ctx_show(KSSL_CTX *kssl_ctx); -krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); -krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity); - -krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data *ap_req, - KSSL_ERR *kssl_err); -krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, char *msg, int msglen, - KSSL_ERR *kssl_err); + krb5_data *realm, krb5_data *entity, int nentities); +krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, + krb5_data *authenp, KSSL_ERR *kssl_err); +krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, + krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); +krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); +void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); +void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); +krb5_error_code kssl_build_principal_2(krb5_context context, + krb5_principal *princ, int rlen, const char *realm, + int slen, const char *svc, int hlen, const char *host); +krb5_error_code kssl_validate_times(krb5_timestamp atime, + krb5_ticket_times *ttimes); +krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, + krb5_timestamp *atimep, KSSL_ERR *kssl_err); +unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); + +void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); +KSSL_CTX * SSL_get0_kssl_ctx(SSL *s); +char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); #ifdef __cplusplus } #endif -#endif /* NO_KRB5 */ +#endif /* OPENSSL_NO_KRB5 */ #endif /* KSSL_H */