1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
|
/*
* Copyright (C) 2002 Microsoft Corporation
* All rights reserved.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS"
* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
* OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY
* AND/OR FITNESS FOR A PARTICULAR PURPOSE.
*
* Date - 10/08/2002
* Author - Sanj Surati
*/
/*
* Copyright 2012 Nexenta Systems, Inc. All rights reserved.
*/
/*
* spnego.h
*
* SPNEGO Token Handler Header File
*
* Contains the definitions required to interpret and create
* SPNEGO tokens so that Kerberos GSS tokens can be
* Unpackaged/packaged.
*/
#ifndef _SPNEGO_H
#define _SPNEGO_H
#ifdef __cplusplus
extern "C" {
#endif
/*
* Type Definitions
*/
/*
* Users of SPNEGO Token Handler API will request
* these as well as free them,
*/
typedef void* SPNEGO_TOKEN_HANDLE;
/*
* Defines the element types that are found
* in each of the tokens.
*/
typedef enum spnego_element_type
{
spnego_element_min, /* Lower bound */
/* Init token elements */
spnego_init_mechtypes,
spnego_init_reqFlags,
spnego_init_mechToken,
spnego_init_mechListMIC,
/* Targ token elements */
spnego_targ_negResult,
spnego_targ_supportedMech,
spnego_targ_responseToken,
spnego_targ_mechListMIC,
spnego_element_max /* Upper bound */
} SPNEGO_ELEMENT_TYPE;
/*
* Token Element Availability. Elements in both
* token types are optional. Since there are only
* 4 elements in each Token, we will allocate space
* to hold the information, but we need a way to
* indicate whether or not an element is available
*/
#define SPNEGO_TOKEN_ELEMENT_UNAVAILABLE 0
#define SPNEGO_TOKEN_ELEMENT_AVAILABLE 1
/*
* Token type values. SPNEGO has 2 token types:
* NegTokenInit and NegTokenTarg
*/
#define SPNEGO_TOKEN_INIT 0
#define SPNEGO_TOKEN_TARG 1
/*
* GSS Mechanism OID enumeration. We only really handle
* 3 different OIDs. These are stored in an array structure
* defined in the parsing code.
*/
typedef enum spnego_mech_oid
{
/* Init token elements */
spnego_mech_oid_Kerberos_V5_Legacy, /* Really V5, but OID off by 1 */
spnego_mech_oid_Kerberos_V5,
spnego_mech_oid_Spnego,
spnego_mech_oid_NTLMSSP,
spnego_mech_oid_NotUsed = -1
} SPNEGO_MECH_OID;
/*
* Defines the negResult values.
*/
typedef enum spnego_negResult
{
spnego_negresult_success,
spnego_negresult_incomplete,
spnego_negresult_rejected,
spnego_negresult_NotUsed = -1
} SPNEGO_NEGRESULT;
/*
* Context Flags in NegTokenInit
*/
/*
* ContextFlags values MUST be zero or a combination
* of the below
*/
#define SPNEGO_NEGINIT_CONTEXT_DELEG_FLAG 0x80
#define SPNEGO_NEGINIT_CONTEXT_MUTUAL_FLAG 0x40
#define SPNEGO_NEGINIT_CONTEXT_REPLAY_FLAG 0x20
#define SPNEGO_NEGINIT_CONTEXT_SEQUENCE_FLAG 0x10
#define SPNEGO_NEGINIT_CONTEXT_ANON_FLAG 0x8
#define SPNEGO_NEGINIT_CONTEXT_CONF_FLAG 0x4
#define SPNEGO_NEGINIT_CONTEXT_INTEG_FLAG 0x2
/*
* Mask to retrieve valid values.
*/
#define SPNEGO_NEGINIT_CONTEXT_MASK 0xFE
/*
* SPNEGO API return codes.
*/
/* API function was successful */
#define SPNEGO_E_SUCCESS 0
/* The supplied Token was invalid */
#define SPNEGO_E_INVALID_TOKEN -1
/* An invalid length was encountered */
#define SPNEGO_E_INVALID_LENGTH -2
/* The Token Parse failed */
#define SPNEGO_E_PARSE_FAILED -3
/* The requested value was not found */
#define SPNEGO_E_NOT_FOUND -4
/* The requested element is not available */
#define SPNEGO_E_ELEMENT_UNAVAILABLE -5
/* Out of Memory */
#define SPNEGO_E_OUT_OF_MEMORY -6
/* Not Implemented */
#define SPNEGO_E_NOT_IMPLEMENTED -7
/* Invalid Parameter */
#define SPNEGO_E_INVALID_PARAMETER -8
/* Token Handler encountered an unexpected OID */
#define SPNEGO_E_UNEXPECTED_OID -9
/* The requested token was not found */
#define SPNEGO_E_TOKEN_NOT_FOUND -10
/* An unexpected type was encountered in the encoding */
#define SPNEGO_E_UNEXPECTED_TYPE -11
/* The buffer was too small */
#define SPNEGO_E_BUFFER_TOO_SMALL -12
/* A Token Element was invalid (e.g. improper length or value) */
#define SPNEGO_E_INVALID_ELEMENT -13
/* Miscelaneous API Functions */
/* Frees opaque data */
void spnegoFreeData(SPNEGO_TOKEN_HANDLE hSpnegoToken);
/* Initializes SPNEGO_TOKEN structure from DER encoded binary data */
int spnegoInitFromBinary(unsigned char *pbTokenData, unsigned long ulLength,
SPNEGO_TOKEN_HANDLE* phSpnegoToken);
/* Initializes SPNEGO_TOKEN structure for a NegTokenInit type */
int spnegoCreateNegTokenHint(SPNEGO_MECH_OID *pMechTypeList, int MechTypeCnt,
unsigned char *pbPrincipal, SPNEGO_TOKEN_HANDLE* phSpnegoToken);
/* Initializes SPNEGO_TOKEN structure for a NegTokenInit type */
int spnegoCreateNegTokenInit(SPNEGO_MECH_OID MechType,
unsigned char ucContextFlags, unsigned char *pbMechToken,
unsigned long ulMechTokenLen, unsigned char *pbMechTokenMIC,
unsigned long ulMechTokenMIC, SPNEGO_TOKEN_HANDLE *phSpnegoToken);
/* Initializes SPNEGO_TOKEN structure for a NegTokenTarg type */
int spnegoCreateNegTokenTarg(SPNEGO_MECH_OID MechType,
SPNEGO_NEGRESULT spnegoNegResult, unsigned char *pbMechToken,
unsigned long ulMechTokenLen, unsigned char *pbMechListMIC,
unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE* phSpnegoToken);
/* Copies binary representation of SPNEGO Data into user supplied buffer */
int spnegoTokenGetBinary(SPNEGO_TOKEN_HANDLE hSpnegoToken,
unsigned char *pbTokenData, unsigned long *pulDataLen);
/* Returns SPNEGO Token Type */
int spnegoGetTokenType(SPNEGO_TOKEN_HANDLE hSpnegoToken, int *piTokenType);
/* Reading an Init Token */
/* Returns the Initial Mech Type in the MechList element in the NegInitToken. */
int spnegoIsMechTypeAvailable(SPNEGO_TOKEN_HANDLE hSpnegoToken,
SPNEGO_MECH_OID MechOID, int *piMechTypeIndex);
/* Returns the value from the context flags element in the NegInitToken */
int spnegoGetContextFlags(SPNEGO_TOKEN_HANDLE hSpnegoToken,
unsigned char *pucContextFlags);
/* Reading a Response Token */
/*
* Returns the value from the negResult element
* (Status code of GSS call - 0,1,2)
*/
int spnegoGetNegotiationResult(SPNEGO_TOKEN_HANDLE hSpnegoToken,
SPNEGO_NEGRESULT* pnegResult);
/* Returns the Supported Mech Type from the NegTokenTarg. */
int spnegoGetSupportedMechType(SPNEGO_TOKEN_HANDLE hSpnegoToken,
SPNEGO_MECH_OID* pMechOID);
/* Reading either Token Type */
/*
* Returns the actual Mechanism data from the token
* (this is what is passed into GSS-API functions
*/
int spnegoGetMechToken(SPNEGO_TOKEN_HANDLE hSpnegoToken,
unsigned char *pbTokenData, unsigned long *pulDataLen);
/* Returns the Message Integrity BLOB in the token */
int spnegoGetMechListMIC(SPNEGO_TOKEN_HANDLE hSpnegoToken,
unsigned char *pbMICData, unsigned long *pulDataLen);
#ifdef __cplusplus
}
#endif
#endif /* _SPNEGO_H */
|
