mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
7055827b8f
This makes it clearer that we always want to do heimdal changes via the lorikeet-heimdal repository. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Autobuild-User(master): Joseph Sutton <jsutton@samba.org> Autobuild-Date(master): Wed Jan 19 21:41:59 UTC 2022 on sn-devel-184
318 lines
7.5 KiB
C
318 lines
7.5 KiB
C
/*
|
|
* Copyright (c) 2006 Kungliga Tekniska Högskolan
|
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* 3. Neither the name of KTH nor the names of its contributors may be
|
|
* used to endorse or promote products derived from this software without
|
|
* specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
|
|
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
/*
|
|
* $Id$
|
|
*/
|
|
|
|
/* missing from tests:
|
|
* - export context
|
|
* - import context
|
|
*/
|
|
|
|
/*
|
|
* wire encodings:
|
|
* int16: number, 2 bytes, in network order
|
|
* int32: number, 4 bytes, in network order
|
|
* length-encoded: [int32 length, data of length bytes]
|
|
* string: [int32 length, string of length + 1 bytes, includes trailing '\0' ]
|
|
*/
|
|
|
|
enum gssMaggotErrorCodes {
|
|
GSMERR_OK = 0,
|
|
GSMERR_ERROR,
|
|
GSMERR_CONTINUE_NEEDED,
|
|
GSMERR_INVALID_TOKEN,
|
|
GSMERR_AP_MODIFIED,
|
|
GSMERR_TEST_ISSUE,
|
|
GSMERR_NOT_SUPPORTED
|
|
};
|
|
|
|
/*
|
|
* input:
|
|
* int32: message OP (enum gssMaggotProtocol)
|
|
* ...
|
|
*
|
|
* return: -- on error
|
|
* int32: not support (GSMERR_NOT_SUPPORTED)
|
|
*
|
|
* return: -- on existing message OP
|
|
* int32: support (GSMERR_OK) -- only sent for extensions
|
|
* ...
|
|
*/
|
|
|
|
#define GSSMAGGOTPROTOCOL 14
|
|
|
|
enum gssMaggotOp {
|
|
eGetVersionInfo = 0,
|
|
/*
|
|
* input:
|
|
* none
|
|
* return:
|
|
* int32: last version handled
|
|
*/
|
|
eGoodBye,
|
|
/*
|
|
* input:
|
|
* none
|
|
* return:
|
|
* close socket
|
|
*/
|
|
eInitContext,
|
|
/*
|
|
* input:
|
|
* int32: hContext
|
|
* int32: hCred
|
|
* int32: Flags
|
|
* the lowest 0x7f flags maps directly to GSS-API flags
|
|
* DELEGATE 0x001
|
|
* MUTUAL_AUTH 0x002
|
|
* REPLAY_DETECT 0x004
|
|
* SEQUENCE_DETECT 0x008
|
|
* CONFIDENTIALITY 0x010
|
|
* INTEGRITY 0x020
|
|
* ANONYMOUS 0x040
|
|
*
|
|
* FIRST_CALL 0x080
|
|
*
|
|
* NTLM 0x100
|
|
* SPNEGO 0x200
|
|
* length-encoded: targetname
|
|
* length-encoded: token
|
|
* return:
|
|
* int32: hNewContextId
|
|
* int32: gssapi status val
|
|
* length-encoded: output token
|
|
*/
|
|
eAcceptContext,
|
|
/*
|
|
* input:
|
|
* int32: hContext
|
|
* int32: Flags -- unused ?
|
|
* flags are same as flags for eInitContext
|
|
* length-encoded: token
|
|
* return:
|
|
* int32: hNewContextId
|
|
* int32: gssapi status val
|
|
* length-encoded: output token
|
|
* int32: delegation cred id
|
|
*/
|
|
eToastResource,
|
|
/*
|
|
* input:
|
|
* int32: hResource
|
|
* return:
|
|
* int32: gsm status val
|
|
*/
|
|
eAcquireCreds,
|
|
/*
|
|
* input:
|
|
* string: principal name
|
|
* string: password
|
|
* int32: flags
|
|
* FORWARDABLE 0x001
|
|
* DEFAULT_CREDS 0x002
|
|
*
|
|
* NTLM 0x100
|
|
* SPNEGO 0x200
|
|
* return:
|
|
* int32: gsm status val
|
|
* int32: hCred
|
|
*/
|
|
eEncrypt,
|
|
/*
|
|
* input:
|
|
* int32: hContext
|
|
* int32: flags
|
|
* int32: seqno -- unused
|
|
* length-encode: plaintext
|
|
* return:
|
|
* int32: gsm status val
|
|
* length-encode: ciphertext
|
|
*/
|
|
eDecrypt,
|
|
/*
|
|
* input:
|
|
* int32: hContext
|
|
* int32: flags
|
|
* int32: seqno -- unused
|
|
* length-encode: ciphertext
|
|
* return:
|
|
* int32: gsm status val
|
|
* length-encode: plaintext
|
|
*/
|
|
eSign,
|
|
/* message same as eEncrypt */
|
|
eVerify,
|
|
/*
|
|
* input:
|
|
* int32: hContext
|
|
* int32: flags
|
|
* int32: seqno -- unused
|
|
* length-encode: message
|
|
* length-encode: signature
|
|
* return:
|
|
* int32: gsm status val
|
|
*/
|
|
eGetVersionAndCapabilities,
|
|
/*
|
|
* return:
|
|
* int32: protocol version
|
|
* int32: capability flags */
|
|
#define ISSERVER 0x01
|
|
#define ISKDC 0x02
|
|
#define MS_KERBEROS 0x04
|
|
#define LOGSERVER 0x08
|
|
#define HAS_MONIKER 0x10
|
|
/* string: version string
|
|
*/
|
|
eGetTargetName,
|
|
/*
|
|
* return:
|
|
* string: target principal name
|
|
*/
|
|
eSetLoggingSocket,
|
|
/*
|
|
* input:
|
|
* int32: hostPort
|
|
* return to the port on the host:
|
|
* int32: opcode - for example eLogSetMoniker
|
|
*/
|
|
eChangePassword,
|
|
/* here ended version 7 of the protocol */
|
|
/*
|
|
* input:
|
|
* string: principal name
|
|
* string: old password
|
|
* string: new password
|
|
* return:
|
|
* int32: gsm status val
|
|
*/
|
|
eSetPasswordSelf,
|
|
/* same as eChangePassword */
|
|
eWrap,
|
|
/* message same as eEncrypt */
|
|
eUnwrap,
|
|
/* message same as eDecrypt */
|
|
eConnectLoggingService2,
|
|
/*
|
|
* return1:
|
|
* int16: log port number
|
|
* int32: master log prototocol version (0)
|
|
*
|
|
* wait for master to connect on the master log socket
|
|
*
|
|
* return2:
|
|
* int32: gsm connection status
|
|
* int32: maggot log prototocol version (2)
|
|
*/
|
|
eGetMoniker,
|
|
/*
|
|
* return:
|
|
* string: moniker (Nickname the master can refer to maggot)
|
|
*/
|
|
eCallExtension,
|
|
/*
|
|
* input:
|
|
* string: extension name
|
|
* int32: message id
|
|
* return:
|
|
* int32: gsm status val
|
|
*/
|
|
eAcquirePKInitCreds,
|
|
/*
|
|
* input:
|
|
* int32: flags
|
|
* length-encode: certificate (pkcs12 data)
|
|
* return:
|
|
* int32: hResource
|
|
* int32: gsm status val (GSMERR_NOT_SUPPORTED)
|
|
*/
|
|
/* here ended version 7 of the protocol */
|
|
eWrapExt,
|
|
/*
|
|
* input:
|
|
* int32: hContext
|
|
* int32: flags
|
|
* int32: bflags
|
|
* length-encode: protocol header
|
|
* length-encode: plaintext
|
|
* length-encode: protocol trailer
|
|
* return:
|
|
* int32: gsm status val
|
|
* length-encode: ciphertext
|
|
*/
|
|
eUnwrapExt,
|
|
/*
|
|
* input:
|
|
* int32: hContext
|
|
* int32: flags
|
|
* int32: bflags
|
|
* length-encode: protocol header
|
|
* length-encode: ciphertext
|
|
* length-encode: protocol trailer
|
|
* return:
|
|
* int32: gsm status val
|
|
* length-encode: plaintext
|
|
*/
|
|
/* here ended version 8 of the protocol */
|
|
|
|
eLastProtocolMessage
|
|
};
|
|
|
|
/* bflags */
|
|
#define WRAP_EXP_ONLY_HEADER 1
|
|
|
|
enum gssMaggotLogOp{
|
|
eLogInfo = 0,
|
|
/*
|
|
string: File
|
|
int32: Line
|
|
string: message
|
|
reply:
|
|
int32: ackid
|
|
*/
|
|
eLogFailure,
|
|
/*
|
|
string: File
|
|
int32: Line
|
|
string: message
|
|
reply:
|
|
int32: ackid
|
|
*/
|
|
eLogSetMoniker
|
|
/*
|
|
string: moniker
|
|
*/
|
|
};
|