| OLD | NEW |
|---|
| (Empty) |
| 1 /* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ | |
| 2 /* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000. | |
| 3 * project 2000. | |
| 4 */ | |
| 5 /* ==================================================================== | |
| 6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | |
| 7 * | |
| 8 * Redistribution and use in source and binary forms, with or without | |
| 9 * modification, are permitted provided that the following conditions | |
| 10 * are met: | |
| 11 * | |
| 12 * 1. Redistributions of source code must retain the above copyright | |
| 13 * notice, this list of conditions and the following disclaimer. | |
| 14 * | |
| 15 * 2. Redistributions in binary form must reproduce the above copyright | |
| 16 * notice, this list of conditions and the following disclaimer in | |
| 17 * the documentation and/or other materials provided with the | |
| 18 * distribution. | |
| 19 * | |
| 20 * 3. All advertising materials mentioning features or use of this | |
| 21 * software must display the following acknowledgment: | |
| 22 * "This product includes software developed by the OpenSSL Project | |
| 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
| 24 * | |
| 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
| 26 * endorse or promote products derived from this software without | |
| 27 * prior written permission. For written permission, please contact | |
| 28 * licensing@OpenSSL.org. | |
| 29 * | |
| 30 * 5. Products derived from this software may not be called "OpenSSL" | |
| 31 * nor may "OpenSSL" appear in their names without prior written | |
| 32 * permission of the OpenSSL Project. | |
| 33 * | |
| 34 * 6. Redistributions of any form whatsoever must retain the following | |
| 35 * acknowledgment: | |
| 36 * "This product includes software developed by the OpenSSL Project | |
| 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
| 38 * | |
| 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
| 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
| 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
| 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
| 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
| 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
| 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| 50 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 51 * ==================================================================== | |
| 52 * | |
| 53 * This product includes cryptographic software written by Eric Young | |
| 54 * (eay@cryptsoft.com). This product includes software written by Tim | |
| 55 * Hudson (tjh@cryptsoft.com). | |
| 56 * | |
| 57 */ | |
| 58 | |
| 59 /* | |
| 60 ** 19990701 VRS Started. | |
| 61 */ | |
| 62 | |
| 63 #ifndef KSSL_H | |
| 64 #define KSSL_H | |
| 65 | |
| 66 #include <openssl/opensslconf.h> | |
| 67 | |
| 68 #ifndef OPENSSL_NO_KRB5 | |
| 69 | |
| 70 #include <stdio.h> | |
| 71 #include <ctype.h> | |
| 72 #include <krb5.h> | |
| 73 | |
| 74 #ifdef __cplusplus | |
| 75 extern "C" { | |
| 76 #endif | |
| 77 | |
| 78 /* | |
| 79 ** Depending on which KRB5 implementation used, some types from | |
| 80 ** the other may be missing. Resolve that here and now | |
| 81 */ | |
| 82 #ifdef KRB5_HEIMDAL | |
| 83 typedef unsigned char krb5_octet; | |
| 84 #define FAR | |
| 85 #else | |
| 86 | |
| 87 #ifndef FAR | |
| 88 #define FAR | |
| 89 #endif | |
| 90 | |
| 91 #endif | |
| 92 | |
| 93 /* Uncomment this to debug kssl problems or | |
| 94 ** to trace usage of the Kerberos session key | |
| 95 ** | |
| 96 ** #define KSSL_DEBUG | |
| 97 */ | |
| 98 | |
| 99 #ifndef KRB5SVC | |
| 100 #define KRB5SVC "host" | |
| 101 #endif | |
| 102 | |
| 103 #ifndef KRB5KEYTAB | |
| 104 #define KRB5KEYTAB "/etc/krb5.keytab" | |
| 105 #endif | |
| 106 | |
| 107 #ifndef KRB5SENDAUTH | |
| 108 #define KRB5SENDAUTH 1 | |
| 109 #endif | |
| 110 | |
| 111 #ifndef KRB5CHECKAUTH | |
| 112 #define KRB5CHECKAUTH 1 | |
| 113 #endif | |
| 114 | |
| 115 #ifndef KSSL_CLOCKSKEW | |
| 116 #define KSSL_CLOCKSKEW 300; | |
| 117 #endif | |
| 118 | |
| 119 #define KSSL_ERR_MAX 255 | |
| 120 typedef struct kssl_err_st { | |
| 121 int reason; | |
| 122 char text[KSSL_ERR_MAX+1]; | |
| 123 } KSSL_ERR; | |
| 124 | |
| 125 | |
| 126 /* Context for passing | |
| 127 ** (1) Kerberos session key to SSL, and | |
| 128 ** (2) Config data between application and SSL lib | |
| 129 */ | |
| 130 typedef struct kssl_ctx_st | |
| 131 { | |
| 132 /* used by: disposition: */ | |
| 133 char *service_name; /* C,S default ok (kssl) */ | |
| 134 char *service_host; /* C input, REQUIRED */ | |
| 135 char *client_princ; /* S output from krb5 ticket */ | |
| 136 char *keytab_file; /* S NULL (/etc/krb5.keytab) */ | |
| 137 char *cred_cache; /* C NULL (default) */ | |
| 138 krb5_enctype enctype; | |
| 139 int length; | |
| 140 krb5_octet FAR *key; | |
| 141 } KSSL_CTX; | |
| 142 | |
| 143 #define KSSL_CLIENT 1 | |
| 144 #define KSSL_SERVER 2 | |
| 145 #define KSSL_SERVICE 3 | |
| 146 #define KSSL_KEYTAB 4 | |
| 147 | |
| 148 #define KSSL_CTX_OK 0 | |
| 149 #define KSSL_CTX_ERR 1 | |
| 150 #define KSSL_NOMEM 2 | |
| 151 | |
| 152 /* Public (for use by applications that use OpenSSL with Kerberos 5 support */ | |
| 153 krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); | |
| 154 KSSL_CTX *kssl_ctx_new(void); | |
| 155 KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); | |
| 156 void kssl_ctx_show(KSSL_CTX *kssl_ctx); | |
| 157 krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, | |
| 158 krb5_data *realm, krb5_data *entity, int nentities); | |
| 159 krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, | |
| 160 krb5_data *authenp, KSSL_ERR *kssl_err); | |
| 161 krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, | |
| 162 krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); | |
| 163 krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); | |
| 164 void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); | |
| 165 void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); | |
| 166 krb5_error_code kssl_build_principal_2(krb5_context context, | |
| 167 krb5_principal *princ, int rlen, const char *realm, | |
| 168 int slen, const char *svc, int hlen, const char *host); | |
| 169 krb5_error_code kssl_validate_times(krb5_timestamp atime, | |
| 170 krb5_ticket_times *ttimes); | |
| 171 krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, | |
| 172 krb5_timestamp *atimep, KSSL_ERR *kssl_err); | |
| 173 unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); | |
| 174 | |
| 175 void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); | |
| 176 KSSL_CTX * SSL_get0_kssl_ctx(SSL *s); | |
| 177 char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); | |
| 178 | |
| 179 #ifdef __cplusplus | |
| 180 } | |
| 181 #endif | |
| 182 #endif /* OPENSSL_NO_KRB5 */ | |
| 183 #endif /* KSSL_H */ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master