/*

[0] Fix | Delete

* Copyright (C) Internet Systems Consortium, Inc. ("ISC")

[1] Fix | Delete

*

[2] Fix | Delete

* This Source Code Form is subject to the terms of the Mozilla Public

[3] Fix | Delete

* License, v. 2.0. If a copy of the MPL was not distributed with this

[4] Fix | Delete

* file, you can obtain one at https://mozilla.org/MPL/2.0/.

[5] Fix | Delete

*

[6] Fix | Delete

* See the COPYRIGHT file distributed with this work for additional

[7] Fix | Delete

* information regarding copyright ownership.

[8] Fix | Delete

*/

[9] Fix | Delete

[10] Fix | Delete

[11] Fix | Delete

#ifndef DST_GSSAPI_H

[12] Fix | Delete

#define DST_GSSAPI_H 1

[13] Fix | Delete

[14] Fix | Delete

/*! \file dst/gssapi.h */

[15] Fix | Delete

[16] Fix | Delete

#include <inttypes.h>

[17] Fix | Delete

#include <stdbool.h>

[18] Fix | Delete

[19] Fix | Delete

#include <isc/formatcheck.h>

[20] Fix | Delete

#include <isc/lang.h>

[21] Fix | Delete

#include <isc/platform.h>

[22] Fix | Delete

#include <isc/types.h>

[23] Fix | Delete

#include <dns/types.h>

[24] Fix | Delete

[25] Fix | Delete

#ifdef GSSAPI

[26] Fix | Delete

#ifdef WIN32

[27] Fix | Delete

/*

[28] Fix | Delete

* MSVC does not like macros in #include lines.

[29] Fix | Delete

*/

[30] Fix | Delete

#include <gssapi/gssapi.h>

[31] Fix | Delete

#include <gssapi/gssapi_krb5.h>

[32] Fix | Delete

#else

[33] Fix | Delete

#include ISC_PLATFORM_GSSAPIHEADER

[34] Fix | Delete

#ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER

[35] Fix | Delete

#include ISC_PLATFORM_GSSAPI_KRB5_HEADER

[36] Fix | Delete

#endif

[37] Fix | Delete

#endif

[38] Fix | Delete

#endif

[39] Fix | Delete

[40] Fix | Delete

ISC_LANG_BEGINDECLS

[41] Fix | Delete

[42] Fix | Delete

/***

[43] Fix | Delete

*** Types

[44] Fix | Delete

***/

[45] Fix | Delete

[46] Fix | Delete

/***

[47] Fix | Delete

*** Functions

[48] Fix | Delete

***/

[49] Fix | Delete

[50] Fix | Delete

isc_result_t

[51] Fix | Delete

dst_gssapi_acquirecred(dns_name_t *name, bool initiate,

[52] Fix | Delete

gss_cred_id_t *cred);

[53] Fix | Delete

/*

[54] Fix | Delete

* Acquires GSS credentials.

[55] Fix | Delete

*

[56] Fix | Delete

* Requires:

[57] Fix | Delete

* 'name' is a valid name, preferably one known by the GSS provider

[58] Fix | Delete

* 'initiate' indicates whether the credentials are for initiating or

[59] Fix | Delete

* accepting contexts

[60] Fix | Delete

* 'cred' is a pointer to NULL, which will be allocated with the

[61] Fix | Delete

* credential handle. Call dst_gssapi_releasecred to free

[62] Fix | Delete

* the memory.

[63] Fix | Delete

*

[64] Fix | Delete

* Returns:

[65] Fix | Delete

* ISC_R_SUCCESS msg was successfully updated to include the

[66] Fix | Delete

* query to be sent

[67] Fix | Delete

* other an error occurred while building the message

[68] Fix | Delete

*/

[69] Fix | Delete

[70] Fix | Delete

isc_result_t

[71] Fix | Delete

dst_gssapi_releasecred(gss_cred_id_t *cred);

[72] Fix | Delete

/*

[73] Fix | Delete

* Releases GSS credentials. Calling this function does release the

[74] Fix | Delete

* memory allocated for the credential in dst_gssapi_acquirecred()

[75] Fix | Delete

*

[76] Fix | Delete

* Requires:

[77] Fix | Delete

* 'mctx' is a valid memory context

[78] Fix | Delete

* 'cred' is a pointer to the credential to be released

[79] Fix | Delete

*

[80] Fix | Delete

* Returns:

[81] Fix | Delete

* ISC_R_SUCCESS credential was released successfully

[82] Fix | Delete

* other an error occurred while releaseing

[83] Fix | Delete

* the credential

[84] Fix | Delete

*/

[85] Fix | Delete

[86] Fix | Delete

isc_result_t

[87] Fix | Delete

dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,

[88] Fix | Delete

isc_buffer_t *outtoken, gss_ctx_id_t *gssctx,

[89] Fix | Delete

isc_mem_t *mctx, char **err_message);

[90] Fix | Delete

/*

[91] Fix | Delete

* Initiates a GSS context.

[92] Fix | Delete

*

[93] Fix | Delete

* Requires:

[94] Fix | Delete

* 'name' is a valid name, preferably one known by the GSS

[95] Fix | Delete

* provider

[96] Fix | Delete

* 'intoken' is a token received from the acceptor, or NULL if

[97] Fix | Delete

* there isn't one

[98] Fix | Delete

* 'outtoken' is a buffer to receive the token generated by

[99] Fix | Delete

* gss_init_sec_context() to be sent to the acceptor

[100] Fix | Delete

* 'context' is a pointer to a valid gss_ctx_id_t

[101] Fix | Delete

* (which may have the value GSS_C_NO_CONTEXT)

[102] Fix | Delete

*

[103] Fix | Delete

* Returns:

[104] Fix | Delete

* ISC_R_SUCCESS msg was successfully updated to include the

[105] Fix | Delete

* query to be sent

[106] Fix | Delete

* other an error occurred while building the message

[107] Fix | Delete

* *err_message optional error message

[108] Fix | Delete

*/

[109] Fix | Delete

[110] Fix | Delete

isc_result_t

[111] Fix | Delete

dst_gssapi_acceptctx(gss_cred_id_t cred,

[112] Fix | Delete

const char *gssapi_keytab,

[113] Fix | Delete

isc_region_t *intoken, isc_buffer_t **outtoken,

[114] Fix | Delete

gss_ctx_id_t *context, dns_name_t *principal,

[115] Fix | Delete

isc_mem_t *mctx);

[116] Fix | Delete

/*

[117] Fix | Delete

* Accepts a GSS context.

[118] Fix | Delete

*

[119] Fix | Delete

* Requires:

[120] Fix | Delete

* 'mctx' is a valid memory context

[121] Fix | Delete

* 'cred' is the acceptor's valid GSS credential handle

[122] Fix | Delete

* 'intoken' is a token received from the initiator

[123] Fix | Delete

* 'outtoken' is a pointer a buffer pointer used to return the token

[124] Fix | Delete

* generated by gss_accept_sec_context() to be sent to the

[125] Fix | Delete

* initiator

[126] Fix | Delete

* 'context' is a valid pointer to receive the generated context handle.

[127] Fix | Delete

* On the initial call, it should be a pointer to NULL, which

[128] Fix | Delete

* will be allocated as a gss_ctx_id_t. Subsequent calls

[129] Fix | Delete

* should pass in the handle generated on the first call.

[130] Fix | Delete

* Call dst_gssapi_releasecred to delete the context and free

[131] Fix | Delete

* the memory.

[132] Fix | Delete

*

[133] Fix | Delete

* Requires:

[134] Fix | Delete

* 'outtoken' to != NULL && *outtoken == NULL.

[135] Fix | Delete

*

[136] Fix | Delete

* Returns:

[137] Fix | Delete

* ISC_R_SUCCESS msg was successfully updated to include the

[138] Fix | Delete

* query to be sent

[139] Fix | Delete

* DNS_R_CONTINUE transaction still in progress

[140] Fix | Delete

* other an error occurred while building the message

[141] Fix | Delete

*/

[142] Fix | Delete

[143] Fix | Delete

isc_result_t

[144] Fix | Delete

dst_gssapi_deletectx(isc_mem_t *mctx, gss_ctx_id_t *gssctx);

[145] Fix | Delete

/*

[146] Fix | Delete

* Destroys a GSS context. This function deletes the context from the GSS

[147] Fix | Delete

* provider and then frees the memory used by the context pointer.

[148] Fix | Delete

*

[149] Fix | Delete

* Requires:

[150] Fix | Delete

* 'mctx' is a valid memory context

[151] Fix | Delete

* 'context' is a valid GSS context

[152] Fix | Delete

*

[153] Fix | Delete

* Returns:

[154] Fix | Delete

* ISC_R_SUCCESS

[155] Fix | Delete

*/

[156] Fix | Delete

[157] Fix | Delete

[158] Fix | Delete

void

[159] Fix | Delete

gss_log(int level, const char *fmt, ...)

[160] Fix | Delete

ISC_FORMAT_PRINTF(2, 3);

[161] Fix | Delete

/*

[162] Fix | Delete

* Logging function for GSS.

[163] Fix | Delete

*

[164] Fix | Delete

* Requires

[165] Fix | Delete

* 'level' is the log level to be used, as an integer

[166] Fix | Delete

* 'fmt' is a printf format specifier

[167] Fix | Delete

*/

[168] Fix | Delete

[169] Fix | Delete

char *

[170] Fix | Delete

gss_error_tostring(uint32_t major, uint32_t minor,

[171] Fix | Delete

char *buf, size_t buflen);

[172] Fix | Delete

/*

[173] Fix | Delete

* Render a GSS major status/minor status pair into a string

[174] Fix | Delete

*

[175] Fix | Delete

* Requires:

[176] Fix | Delete

* 'major' is a GSS major status code

[177] Fix | Delete

* 'minor' is a GSS minor status code

[178] Fix | Delete

*

[179] Fix | Delete

* Returns:

[180] Fix | Delete

* A string containing the text representation of the error codes.

[181] Fix | Delete

* Users should copy the string if they wish to keep it.

[182] Fix | Delete

*/

[183] Fix | Delete

[184] Fix | Delete

bool

[185] Fix | Delete

dst_gssapi_identitymatchesrealmkrb5(const dns_name_t *signer,

[186] Fix | Delete

const dns_name_t *name,

[187] Fix | Delete

const dns_name_t *realm,

[188] Fix | Delete

bool subdomain);

[189] Fix | Delete

/*

[190] Fix | Delete

* Compare a "signer" (in the format of a Kerberos-format Kerberos5

[191] Fix | Delete

* principal: host/example.com@EXAMPLE.COM) to the realm name stored

[192] Fix | Delete

* in "name" (which represents the realm name).

[193] Fix | Delete

*

[194] Fix | Delete

*/

[195] Fix | Delete

[196] Fix | Delete

bool

[197] Fix | Delete

dst_gssapi_identitymatchesrealmms(const dns_name_t *signer,

[198] Fix | Delete

const dns_name_t *name,

[199] Fix | Delete

const dns_name_t *realm,

[200] Fix | Delete

bool subdomain);

[201] Fix | Delete

/*

[202] Fix | Delete

* Compare a "signer" (in the format of a Kerberos-format Kerberos5

[203] Fix | Delete

* principal: host/example.com@EXAMPLE.COM) to the realm name stored

[204] Fix | Delete

* in "name" (which represents the realm name).

[205] Fix | Delete

*

[206] Fix | Delete

*/

[207] Fix | Delete

[208] Fix | Delete

ISC_LANG_ENDDECLS

[209] Fix | Delete

[210] Fix | Delete

#endif /* DST_GSSAPI_H */

[211] Fix | Delete

[212] Fix | Delete