d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a2d0c52540
freebsd-dev/crypto/heimdal/appl/gssmask/protocol.h
Stanislav Sedov ae77177087 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings 
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00

318 lines
7.5 KiB
C
Raw Blame History

/*
* Copyright (c) 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of KTH nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* $Id$
*/
/* missing from tests:
* - export context
* - import context
*/
/*
* wire encodings:
* int16: number, 2 bytes, in network order
* int32: number, 4 bytes, in network order
* length-encoded: [int32 length, data of length bytes]
* string: [int32 length, string of length + 1 bytes, includes trailing '\0' ]
*/
enum gssMaggotErrorCodes {
GSMERR_OK = 0,
GSMERR_ERROR,
GSMERR_CONTINUE_NEEDED,
GSMERR_INVALID_TOKEN,
GSMERR_AP_MODIFIED,
GSMERR_TEST_ISSUE,
GSMERR_NOT_SUPPORTED
};
/*
* input:
* int32: message OP (enum gssMaggotProtocol)
* ...
*
* return: -- on error
* int32: not support (GSMERR_NOT_SUPPORTED)
*
* return: -- on existing message OP
* int32: support (GSMERR_OK) -- only sent for extensions
* ...
*/
#define GSSMAGGOTPROTOCOL 14
enum gssMaggotOp {
eGetVersionInfo = 0,
/*
* input:
* none
* return:
* int32: last version handled
*/
eGoodBye,
/*
* input:
* none
* return:
* close socket
*/
eInitContext,
/*
* input:
* int32: hContext
* int32: hCred
* int32: Flags
* the lowest 0x7f flags maps directly to GSS-API flags
* DELEGATE 0x001
* MUTUAL_AUTH 0x002
* REPLAY_DETECT 0x004
* SEQUENCE_DETECT 0x008
* CONFIDENTIALITY 0x010
* INTEGRITY 0x020
* ANONYMOUS 0x040
*
* FIRST_CALL 0x080
*
* NTLM 0x100
* SPNEGO 0x200
* length-encoded: targetname
* length-encoded: token
* return:
* int32: hNewContextId
* int32: gssapi status val
* length-encoded: output token
*/
eAcceptContext,
/*
* input:
* int32: hContext
* int32: Flags -- unused ?
* flags are same as flags for eInitContext
* length-encoded: token
* return:
* int32: hNewContextId
* int32: gssapi status val
* length-encoded: output token
* int32: delegation cred id
*/
eToastResource,
/*
* input:
* int32: hResource
* return:
* int32: gsm status val
*/
eAcquireCreds,
/*
* input:
* string: principal name
* string: password
* int32: flags
* FORWARDABLE 0x001
* DEFAULT_CREDS 0x002
*
* NTLM 0x100
* SPNEGO 0x200
* return:
* int32: gsm status val
* int32: hCred
*/
eEncrypt,
/*
* input:
* int32: hContext
* int32: flags
* int32: seqno -- unused
* length-encode: plaintext
* return:
* int32: gsm status val
* length-encode: ciphertext
*/
eDecrypt,
/*
* input:
* int32: hContext
* int32: flags
* int32: seqno -- unused
* length-encode: ciphertext
* return:
* int32: gsm status val
* length-encode: plaintext
*/
eSign,
/* message same as eEncrypt */
eVerify,
/*
* input:
* int32: hContext
* int32: flags
* int32: seqno -- unused
* length-encode: message
* length-encode: signature
* return:
* int32: gsm status val
*/
eGetVersionAndCapabilities,
/*
* return:
* int32: protocol version
* int32: capability flags */
#define ISSERVER 0x01
#define ISKDC 0x02
#define MS_KERBEROS 0x04
#define LOGSERVER 0x08
#define HAS_MONIKER 0x10
/* string: version string
*/
eGetTargetName,
/*
* return:
* string: target principal name
*/
eSetLoggingSocket,
/*
* input:
* int32: hostPort
* return to the port on the host:
* int32: opcode - for example eLogSetMoniker
*/
eChangePassword,
/* here ended version 7 of the protocol */
/*
* input:
* string: principal name
* string: old password
* string: new password
* return:
* int32: gsm status val
*/
eSetPasswordSelf,
/* same as eChangePassword */
eWrap,
/* message same as eEncrypt */
eUnwrap,
/* message same as eDecrypt */
eConnectLoggingService2,
/*
* return1:
* int16: log port number
* int32: master log prototocol version (0)
*
* wait for master to connect on the master log socket
*
* return2:
* int32: gsm connection status
* int32: maggot log prototocol version (2)
*/
eGetMoniker,
/*
* return:
* string: moniker (Nickname the master can refer to maggot)
*/
eCallExtension,
/*
* input:
* string: extension name
* int32: message id
* return:
* int32: gsm status val
*/
eAcquirePKInitCreds,
/*
* input:
* int32: flags
* length-encode: certificate (pkcs12 data)
* return:
* int32: hResource
* int32: gsm status val (GSMERR_NOT_SUPPORTED)
*/
/* here ended version 7 of the protocol */
eWrapExt,
/*
* input:
* int32: hContext
* int32: flags
* int32: bflags
* length-encode: protocol header
* length-encode: plaintext
* length-encode: protocol trailer
* return:
* int32: gsm status val
* length-encode: ciphertext
*/
eUnwrapExt,
/*
* input:
* int32: hContext
* int32: flags
* int32: bflags
* length-encode: protocol header
* length-encode: ciphertext
* length-encode: protocol trailer
* return:
* int32: gsm status val
* length-encode: plaintext
*/
/* here ended version 8 of the protocol */
eLastProtocolMessage
};
/* bflags */
#define WRAP_EXP_ONLY_HEADER 1
enum gssMaggotLogOp{
eLogInfo = 0,
/*
string: File
int32: Line
string: message
reply:
int32: ackid
*/
eLogFailure,
/*
string: File
int32: Line
string: message
reply:
int32: ackid
*/
eLogSetMoniker
/*
string: moniker
*/
};
Reference in New Issue View Git Blame Copy Permalink