/* * krb5_gss-set_allowable_enctypes can be called after * gss_acquire_cred(), but before gss_init_sec_context(), * to restrict the set of enctypes which will be negotiated * to those in the provided array. */ OM_uint32 krb5_gss_set_allowable_enctypes(OM_uint32 *minor_status, gss_cred_id_t cred, int num_ktypes, krb5_enctype *ktypes); /* * Structure version numbers. Bit-field representing versions of * struct gss_krb5_lucid_context. See notes in the * krb5_gss_export_lucid_sec_context() description for version * number handling. */ #define GSS_C_LUCID_CONTEXT_VERSION_1 0x00000001 #define GSS_C_LUCID_CONTEXT_CURRENT_VERSION GSS_C_LUCID_CONTEXT_VERSION_1 typedef struct gss_krb5_lucid_context { OM_int32 version; /* Structure version number */ OM_int32 initiate; /* Are we the initiator? */ int sign_alg; /* signing algorthm */ int seal_alg; /* seal/encrypt algorthm */ OM_int32 endtime; /* expiration time of context */ OM_uint64 (?) sequence; /* local (sender) sequence number */ gss_OID mech_used; /* Mechanism */ gss_krb5_lucid_key_t enc_key; /* Encrypting key info */ gss_krb5_lucid_key_t seq_key; /* Subkey info */ /* * The following are added in the MIT 1.3.2 code for CFX, * I assume we'll want/need them eventually */ OM_int32 protocol; /* 0 = rfc1964, 1 = draft-ietf-krb-wg-gssapi-cfx-01 */ OM_int32 cksumtype; /* "main" subkey checksum type */ gss_krb5_lucid_key_t acceptor_subkey; OM_int32 acceptor_subkey_cksumtype; } gss_krb5_lucid_context_t; typedef struct gss_krb5_lucid_key { OM_int32 type; /* key encryption type */ OM_int32 length; /* length of key data */ void * data; /* actual key data */ } gss_krb5_lucid_key_t; /* * Returns a non-opaque (lucid) version of the internal context * information. * * Note that context_handle must not be used again by the caller * after this call. The GSS implementation is free to release any * resources associated with the original context. It is up to the * GSS implementation whether it returns pointers to existing data, * or copies of the data. The caller should treat the returned * context as read-only. * * The caller must call krb5_gss_free_lucid_context() to free * the context and allocated resources when it is finished with it. * * 'versions' is a bitfield describing which version(s) of lucid * context are understood by the caller. The highest version * understood by both the caller and the GSS implementation must * be returned. The caller can determine which version of the * structure was actually returned by the version field of the * returned structure. * * If there are no common versions, an error should be returned. * (XXX Need error definition(s)) */ OM_uint32 krb5_gss_export_lucid_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, OM_int32 versions, gss_krb5_lucid_context_t **kctx); /* * Frees the allocated storage associated with an * exported struct gss_krb5_lucid_context. */ OM_uint32 krb5_gss_free_lucid_context(OM_uint32 *minor_status, gss_krb5_lucid_context_t *kctx);