2010-05-19 18:22:17 +00:00
|
|
|
#ifndef PUTTY_SSHGSS_H
|
|
|
|
#define PUTTY_SSHGSS_H
|
|
|
|
#include "putty.h"
|
|
|
|
#include "pgssapi.h"
|
|
|
|
|
|
|
|
#ifndef NO_GSSAPI
|
2008-11-24 23:56:55 +00:00
|
|
|
|
2008-08-10 13:10:31 +00:00
|
|
|
#define SSH2_GSS_OIDTYPE 0x06
|
|
|
|
typedef void *Ssh_gss_ctx;
|
|
|
|
|
|
|
|
typedef enum Ssh_gss_stat {
|
|
|
|
SSH_GSS_OK = 0,
|
|
|
|
SSH_GSS_S_CONTINUE_NEEDED,
|
|
|
|
SSH_GSS_NO_MEM,
|
|
|
|
SSH_GSS_BAD_HOST_NAME,
|
|
|
|
SSH_GSS_FAILURE
|
|
|
|
} Ssh_gss_stat;
|
|
|
|
|
|
|
|
#define SSH_GSS_S_COMPLETE SSH_GSS_OK
|
|
|
|
|
|
|
|
#define SSH_GSS_CLEAR_BUF(buf) do { \
|
2008-11-24 23:44:55 +00:00
|
|
|
(*buf).length = 0; \
|
|
|
|
(*buf).value = NULL; \
|
2008-08-10 13:10:31 +00:00
|
|
|
} while (0)
|
|
|
|
|
2010-05-19 18:22:17 +00:00
|
|
|
typedef gss_buffer_desc Ssh_gss_buf;
|
|
|
|
typedef gss_name_t Ssh_gss_name;
|
|
|
|
|
|
|
|
/* Functions, provided by either wingss.c or sshgssc.c */
|
|
|
|
|
|
|
|
struct ssh_gss_library;
|
2008-08-10 13:10:31 +00:00
|
|
|
|
|
|
|
/*
|
2010-05-19 18:22:17 +00:00
|
|
|
* Do startup-time initialisation for using GSSAPI. This should
|
|
|
|
* correctly initialise the array of struct ssh_gss_library declared
|
|
|
|
* below.
|
2008-08-10 13:10:31 +00:00
|
|
|
*
|
2010-05-19 18:22:17 +00:00
|
|
|
* Must be callable multiple times (since the most convenient place
|
|
|
|
* to call it _from_ is the ssh.c setup code), and should harmlessly
|
2008-08-10 13:10:31 +00:00
|
|
|
* return success if already initialised.
|
|
|
|
*/
|
2010-05-19 18:22:17 +00:00
|
|
|
void ssh_gss_init(void);
|
2008-08-10 13:10:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Fills in buf with a string describing the GSSAPI mechanism in
|
|
|
|
* use. buf->data is not dynamically allocated.
|
|
|
|
*/
|
2010-05-19 18:22:17 +00:00
|
|
|
typedef Ssh_gss_stat (*t_ssh_gss_indicate_mech)(struct ssh_gss_library *lib,
|
|
|
|
Ssh_gss_buf *buf);
|
2008-08-10 13:10:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Converts a name such as a hostname into a GSSAPI internal form,
|
|
|
|
* which is placed in "out". The result should be freed by
|
|
|
|
* ssh_gss_release_name().
|
|
|
|
*/
|
2010-05-19 18:22:17 +00:00
|
|
|
typedef Ssh_gss_stat (*t_ssh_gss_import_name)(struct ssh_gss_library *lib,
|
|
|
|
char *in, Ssh_gss_name *out);
|
2008-08-10 13:10:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Frees the contents of an Ssh_gss_name structure filled in by
|
|
|
|
* ssh_gss_import_name().
|
|
|
|
*/
|
2010-05-19 18:22:17 +00:00
|
|
|
typedef Ssh_gss_stat (*t_ssh_gss_release_name)(struct ssh_gss_library *lib,
|
|
|
|
Ssh_gss_name *name);
|
2008-08-10 13:10:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The main GSSAPI security context setup function. The "out"
|
|
|
|
* parameter will need to be freed by ssh_gss_free_tok.
|
|
|
|
*/
|
2010-05-19 18:22:17 +00:00
|
|
|
typedef Ssh_gss_stat (*t_ssh_gss_init_sec_context)
|
|
|
|
(struct ssh_gss_library *lib,
|
|
|
|
Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate,
|
|
|
|
Ssh_gss_buf *in, Ssh_gss_buf *out);
|
2008-08-10 13:10:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Frees the contents of an Ssh_gss_buf filled in by
|
|
|
|
* ssh_gss_init_sec_context(). Do not accidentally call this on
|
|
|
|
* something filled in by ssh_gss_get_mic() (which requires a
|
|
|
|
* different free function) or something filled in by any other
|
|
|
|
* way.
|
|
|
|
*/
|
2010-05-19 18:22:17 +00:00
|
|
|
typedef Ssh_gss_stat (*t_ssh_gss_free_tok)(struct ssh_gss_library *lib,
|
|
|
|
Ssh_gss_buf *);
|
2008-08-10 13:10:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Acquires the credentials to perform authentication in the first
|
|
|
|
* place. Needs to be freed by ssh_gss_release_cred().
|
|
|
|
*/
|
2010-05-19 18:22:17 +00:00
|
|
|
typedef Ssh_gss_stat (*t_ssh_gss_acquire_cred)(struct ssh_gss_library *lib,
|
|
|
|
Ssh_gss_ctx *);
|
2008-08-10 13:10:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Frees the contents of an Ssh_gss_ctx filled in by
|
|
|
|
* ssh_gss_acquire_cred().
|
|
|
|
*/
|
2010-05-19 18:22:17 +00:00
|
|
|
typedef Ssh_gss_stat (*t_ssh_gss_release_cred)(struct ssh_gss_library *lib,
|
|
|
|
Ssh_gss_ctx *);
|
2008-08-10 13:10:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Gets a MIC for some input data. "out" needs to be freed by
|
|
|
|
* ssh_gss_free_mic().
|
|
|
|
*/
|
2010-05-19 18:22:17 +00:00
|
|
|
typedef Ssh_gss_stat (*t_ssh_gss_get_mic)(struct ssh_gss_library *lib,
|
|
|
|
Ssh_gss_ctx ctx, Ssh_gss_buf *in,
|
|
|
|
Ssh_gss_buf *out);
|
2008-08-10 13:10:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Frees the contents of an Ssh_gss_buf filled in by
|
|
|
|
* ssh_gss_get_mic(). Do not accidentally call this on something
|
|
|
|
* filled in by ssh_gss_init_sec_context() (which requires a
|
|
|
|
* different free function) or something filled in by any other
|
|
|
|
* way.
|
|
|
|
*/
|
2010-05-19 18:22:17 +00:00
|
|
|
typedef Ssh_gss_stat (*t_ssh_gss_free_mic)(struct ssh_gss_library *lib,
|
|
|
|
Ssh_gss_buf *);
|
2008-08-10 13:10:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Return an error message after authentication failed. The
|
|
|
|
* message string is returned in "buf", with buf->len giving the
|
|
|
|
* number of characters of printable message text and buf->data
|
|
|
|
* containing one more character which is a trailing NUL.
|
|
|
|
* buf->data should be manually freed by the caller.
|
|
|
|
*/
|
2010-05-19 18:22:17 +00:00
|
|
|
typedef Ssh_gss_stat (*t_ssh_gss_display_status)(struct ssh_gss_library *lib,
|
|
|
|
Ssh_gss_ctx, Ssh_gss_buf *buf);
|
|
|
|
|
|
|
|
struct ssh_gss_library {
|
|
|
|
/*
|
|
|
|
* Identifying number in the enumeration used by the
|
|
|
|
* configuration code to specify a preference order.
|
|
|
|
*/
|
|
|
|
int id;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Filled in at initialisation time, if there's anything
|
|
|
|
* interesting to say about how GSSAPI was initialised (e.g.
|
|
|
|
* which of a number of alternative libraries was used).
|
|
|
|
*/
|
|
|
|
const char *gsslogmsg;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Function pointers implementing the SSH wrapper layer on top
|
|
|
|
* of GSSAPI. (Defined in sshgssc, typically, though Windows
|
|
|
|
* provides an alternative layer to sit on top of the annoyingly
|
|
|
|
* different SSPI.)
|
|
|
|
*/
|
|
|
|
t_ssh_gss_indicate_mech indicate_mech;
|
|
|
|
t_ssh_gss_import_name import_name;
|
|
|
|
t_ssh_gss_release_name release_name;
|
|
|
|
t_ssh_gss_init_sec_context init_sec_context;
|
|
|
|
t_ssh_gss_free_tok free_tok;
|
|
|
|
t_ssh_gss_acquire_cred acquire_cred;
|
|
|
|
t_ssh_gss_release_cred release_cred;
|
|
|
|
t_ssh_gss_get_mic get_mic;
|
|
|
|
t_ssh_gss_free_mic free_mic;
|
|
|
|
t_ssh_gss_display_status display_status;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Additional data for the wrapper layers.
|
|
|
|
*/
|
|
|
|
union {
|
|
|
|
struct gssapi_functions gssapi;
|
|
|
|
/*
|
|
|
|
* The SSPI wrappers don't need to store their Windows API
|
|
|
|
* function pointers in this structure, because there can't
|
|
|
|
* be more than one set of them available.
|
|
|
|
*/
|
|
|
|
} u;
|
|
|
|
};
|
|
|
|
|
|
|
|
extern struct ssh_gss_library ssh_gss_libraries[];
|
|
|
|
extern int n_ssh_gss_libraries;
|
|
|
|
|
|
|
|
#endif /* NO_GSSAPI */
|
|
|
|
|
|
|
|
#endif /*PUTTY_SSHGSS_H*/
|