|
1 /* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ |
|
2 /* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000. |
|
3 * project 2000. |
|
4 */ |
|
5 /* ==================================================================== |
|
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. |
|
7 * |
|
8 * Redistribution and use in source and binary forms, with or without |
|
9 * modification, are permitted provided that the following conditions |
|
10 * are met: |
|
11 * |
|
12 * 1. Redistributions of source code must retain the above copyright |
|
13 * notice, this list of conditions and the following disclaimer. |
|
14 * |
|
15 * 2. Redistributions in binary form must reproduce the above copyright |
|
16 * notice, this list of conditions and the following disclaimer in |
|
17 * the documentation and/or other materials provided with the |
|
18 * distribution. |
|
19 * |
|
20 * 3. All advertising materials mentioning features or use of this |
|
21 * software must display the following acknowledgment: |
|
22 * "This product includes software developed by the OpenSSL Project |
|
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
|
24 * |
|
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
26 * endorse or promote products derived from this software without |
|
27 * prior written permission. For written permission, please contact |
|
28 * licensing@OpenSSL.org. |
|
29 * |
|
30 * 5. Products derived from this software may not be called "OpenSSL" |
|
31 * nor may "OpenSSL" appear in their names without prior written |
|
32 * permission of the OpenSSL Project. |
|
33 * |
|
34 * 6. Redistributions of any form whatsoever must retain the following |
|
35 * acknowledgment: |
|
36 * "This product includes software developed by the OpenSSL Project |
|
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
|
38 * |
|
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
50 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
51 * ==================================================================== |
|
52 * |
|
53 * This product includes cryptographic software written by Eric Young |
|
54 * (eay@cryptsoft.com). This product includes software written by Tim |
|
55 * Hudson (tjh@cryptsoft.com). |
|
56 * |
|
57 */ |
|
58 |
|
59 /* |
|
60 ** 19990701 VRS Started. |
|
61 */ |
|
62 |
|
63 #ifndef KSSL_H |
|
64 #define KSSL_H |
|
65 |
|
66 #if (defined(__SYMBIAN32__) && !defined(SYMBIAN)) |
|
67 #define SYMBIAN |
|
68 #endif |
|
69 |
|
70 |
|
71 #include <openssl/opensslconf.h> |
|
72 |
|
73 #ifndef OPENSSL_NO_KRB5 |
|
74 |
|
75 #include <stdio.h> |
|
76 #include <ctype.h> |
|
77 #include <krb5.h> |
|
78 |
|
79 #ifdef __cplusplus |
|
80 extern "C" { |
|
81 #endif |
|
82 |
|
83 /* |
|
84 ** Depending on which KRB5 implementation used, some types from |
|
85 ** the other may be missing. Resolve that here and now |
|
86 */ |
|
87 #ifdef KRB5_HEIMDAL |
|
88 typedef unsigned char krb5_octet; |
|
89 #define FAR |
|
90 #else |
|
91 |
|
92 #ifndef FAR |
|
93 #define FAR |
|
94 #endif |
|
95 |
|
96 #endif |
|
97 |
|
98 /* Uncomment this to debug kssl problems or |
|
99 ** to trace usage of the Kerberos session key |
|
100 ** |
|
101 ** #define KSSL_DEBUG |
|
102 */ |
|
103 |
|
104 #ifndef KRB5SVC |
|
105 #define KRB5SVC "host" |
|
106 #endif |
|
107 |
|
108 #ifndef KRB5KEYTAB |
|
109 #define KRB5KEYTAB "/etc/krb5.keytab" |
|
110 #endif |
|
111 |
|
112 #ifndef KRB5SENDAUTH |
|
113 #define KRB5SENDAUTH 1 |
|
114 #endif |
|
115 |
|
116 #ifndef KRB5CHECKAUTH |
|
117 #define KRB5CHECKAUTH 1 |
|
118 #endif |
|
119 |
|
120 #ifndef KSSL_CLOCKSKEW |
|
121 #define KSSL_CLOCKSKEW 300; |
|
122 #endif |
|
123 |
|
124 #define KSSL_ERR_MAX 255 |
|
125 typedef struct kssl_err_st { |
|
126 int reason; |
|
127 char text[KSSL_ERR_MAX+1]; |
|
128 } KSSL_ERR; |
|
129 |
|
130 |
|
131 /* Context for passing |
|
132 ** (1) Kerberos session key to SSL, and |
|
133 ** (2) Config data between application and SSL lib |
|
134 */ |
|
135 typedef struct kssl_ctx_st |
|
136 { |
|
137 /* used by: disposition: */ |
|
138 char *service_name; /* C,S default ok (kssl) */ |
|
139 char *service_host; /* C input, REQUIRED */ |
|
140 char *client_princ; /* S output from krb5 ticket */ |
|
141 char *keytab_file; /* S NULL (/etc/krb5.keytab) */ |
|
142 char *cred_cache; /* C NULL (default) */ |
|
143 krb5_enctype enctype; |
|
144 int length; |
|
145 krb5_octet FAR *key; |
|
146 } KSSL_CTX; |
|
147 |
|
148 #define KSSL_CLIENT 1 |
|
149 #define KSSL_SERVER 2 |
|
150 #define KSSL_SERVICE 3 |
|
151 #define KSSL_KEYTAB 4 |
|
152 |
|
153 #define KSSL_CTX_OK 0 |
|
154 #define KSSL_CTX_ERR 1 |
|
155 #define KSSL_NOMEM 2 |
|
156 |
|
157 |
|
158 #ifdef __cplusplus |
|
159 } |
|
160 #endif |
|
161 #endif /* OPENSSL_NO_KRB5 */ |
|
162 #endif /* KSSL_H */ |