Home | History | Annotate | Download | only in ssl
      1 /* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
      2 /* Written by Vern Staats <staatsvr (at) asc.hpc.mil> for the OpenSSL project 2000.
      3  * project 2000.
      4  */
      5 /* ====================================================================
      6  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
      7  *
      8  * Redistribution and use in source and binary forms, with or without
      9  * modification, are permitted provided that the following conditions
     10  * are met:
     11  *
     12  * 1. Redistributions of source code must retain the above copyright
     13  *    notice, this list of conditions and the following disclaimer.
     14  *
     15  * 2. Redistributions in binary form must reproduce the above copyright
     16  *    notice, this list of conditions and the following disclaimer in
     17  *    the documentation and/or other materials provided with the
     18  *    distribution.
     19  *
     20  * 3. All advertising materials mentioning features or use of this
     21  *    software must display the following acknowledgment:
     22  *    "This product includes software developed by the OpenSSL Project
     23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
     24  *
     25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     26  *    endorse or promote products derived from this software without
     27  *    prior written permission. For written permission, please contact
     28  *    licensing (at) OpenSSL.org.
     29  *
     30  * 5. Products derived from this software may not be called "OpenSSL"
     31  *    nor may "OpenSSL" appear in their names without prior written
     32  *    permission of the OpenSSL Project.
     33  *
     34  * 6. Redistributions of any form whatsoever must retain the following
     35  *    acknowledgment:
     36  *    "This product includes software developed by the OpenSSL Project
     37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
     38  *
     39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
     48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
     50  * OF THE POSSIBILITY OF SUCH DAMAGE.
     51  * ====================================================================
     52  *
     53  * This product includes cryptographic software written by Eric Young
     54  * (eay (at) cryptsoft.com).  This product includes software written by Tim
     55  * Hudson (tjh (at) cryptsoft.com).
     56  *
     57  */
     58 
     59 /*
     60 **	19990701	VRS 	Started.
     61 */
     62 
     63 #ifndef	KSSL_H
     64 #define	KSSL_H
     65 
     66 #include <openssl/opensslconf.h>
     67 
     68 #ifndef OPENSSL_NO_KRB5
     69 
     70 #include <stdio.h>
     71 #include <ctype.h>
     72 #include <krb5.h>
     73 
     74 #ifdef  __cplusplus
     75 extern "C" {
     76 #endif
     77 
     78 /*
     79 **	Depending on which KRB5 implementation used, some types from
     80 **	the other may be missing.  Resolve that here and now
     81 */
     82 #ifdef KRB5_HEIMDAL
     83 typedef unsigned char krb5_octet;
     84 #define FAR
     85 #else
     86 
     87 #ifndef FAR
     88 #define FAR
     89 #endif
     90 
     91 #endif
     92 
     93 /*	Uncomment this to debug kssl problems or
     94 **	to trace usage of the Kerberos session key
     95 **
     96 **	#define		KSSL_DEBUG
     97 */
     98 
     99 #ifndef	KRB5SVC
    100 #define KRB5SVC	"host"
    101 #endif
    102 
    103 #ifndef	KRB5KEYTAB
    104 #define KRB5KEYTAB	"/etc/krb5.keytab"
    105 #endif
    106 
    107 #ifndef KRB5SENDAUTH
    108 #define KRB5SENDAUTH	1
    109 #endif
    110 
    111 #ifndef KRB5CHECKAUTH
    112 #define KRB5CHECKAUTH	1
    113 #endif
    114 
    115 #ifndef KSSL_CLOCKSKEW
    116 #define	KSSL_CLOCKSKEW	300;
    117 #endif
    118 
    119 #define	KSSL_ERR_MAX	255
    120 typedef struct kssl_err_st  {
    121 	int  reason;
    122 	char text[KSSL_ERR_MAX+1];
    123 	} KSSL_ERR;
    124 
    125 
    126 /*	Context for passing
    127 **		(1) Kerberos session key to SSL, and
    128 **		(2)	Config data between application and SSL lib
    129 */
    130 typedef struct kssl_ctx_st
    131         {
    132                                 /*	used by:    disposition:            */
    133 	char *service_name;	/*	C,S	    default ok (kssl)       */
    134 	char *service_host;	/*	C	    input, REQUIRED         */
    135 	char *client_princ;	/*	S	    output from krb5 ticket */
    136 	char *keytab_file;	/*      S	    NULL (/etc/krb5.keytab) */
    137 	char *cred_cache;	/*	C	    NULL (default)          */
    138 	krb5_enctype enctype;
    139 	int length;
    140 	krb5_octet FAR *key;
    141 	} KSSL_CTX;
    142 
    143 #define	KSSL_CLIENT 	1
    144 #define KSSL_SERVER 	2
    145 #define	KSSL_SERVICE	3
    146 #define	KSSL_KEYTAB 	4
    147 
    148 #define KSSL_CTX_OK 	0
    149 #define KSSL_CTX_ERR	1
    150 #define KSSL_NOMEM	2
    151 
    152 /* Public (for use by applications that use OpenSSL with Kerberos 5 support */
    153 krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
    154 KSSL_CTX *kssl_ctx_new(void);
    155 KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
    156 void kssl_ctx_show(KSSL_CTX *kssl_ctx);
    157 krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
    158         krb5_data *realm, krb5_data *entity, int nentities);
    159 krb5_error_code	kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,
    160         krb5_data *authenp, KSSL_ERR *kssl_err);
    161 krb5_error_code	kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,
    162         krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
    163 krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
    164 void	kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
    165 void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
    166 krb5_error_code  kssl_build_principal_2(krb5_context context,
    167 			krb5_principal *princ, int rlen, const char *realm,
    168 			int slen, const char *svc, int hlen, const char *host);
    169 krb5_error_code  kssl_validate_times(krb5_timestamp atime,
    170 					krb5_ticket_times *ttimes);
    171 krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
    172 			            krb5_timestamp *atimep, KSSL_ERR *kssl_err);
    173 unsigned char	*kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
    174 
    175 void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
    176 KSSL_CTX * SSL_get0_kssl_ctx(SSL *s);
    177 char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
    178 
    179 #ifdef  __cplusplus
    180 }
    181 #endif
    182 #endif	/* OPENSSL_NO_KRB5	*/
    183 #endif	/* KSSL_H 	*/
    184