195 lines
6.3 KiB
C
195 lines
6.3 KiB
C
/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
|
|
/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
|
|
* project 2000.
|
|
*/
|
|
/* ====================================================================
|
|
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
*
|
|
* 3. All advertising materials mentioning features or use of this
|
|
* software must display the following acknowledgment:
|
|
* "This product includes software developed by the OpenSSL Project
|
|
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|
*
|
|
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
* endorse or promote products derived from this software without
|
|
* prior written permission. For written permission, please contact
|
|
* licensing@OpenSSL.org.
|
|
*
|
|
* 5. Products derived from this software may not be called "OpenSSL"
|
|
* nor may "OpenSSL" appear in their names without prior written
|
|
* permission of the OpenSSL Project.
|
|
*
|
|
* 6. Redistributions of any form whatsoever must retain the following
|
|
* acknowledgment:
|
|
* "This product includes software developed by the OpenSSL Project
|
|
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
* ====================================================================
|
|
*
|
|
* This product includes cryptographic software written by Eric Young
|
|
* (eay@cryptsoft.com). This product includes software written by Tim
|
|
* Hudson (tjh@cryptsoft.com).
|
|
*
|
|
*/
|
|
|
|
/*
|
|
** 19990701 VRS Started.
|
|
*/
|
|
|
|
module deimos.openssl.kssl;
|
|
|
|
public import deimos.openssl.opensslconf;
|
|
|
|
// FIXME: krb5.h port available, thus not yet usable.
|
|
version (OPENSSL_NO_KRB5) {} else {
|
|
|
|
import core.stdc.stdio;
|
|
// #include <ctype.h>
|
|
// #include <krb5.h>
|
|
// #ifdef OPENSSL_SYS_WIN32
|
|
// /* These can sometimes get redefined indirectly by krb5 header files
|
|
// * after they get undefed in ossl_typ.h
|
|
// */
|
|
// #undef X509_NAME
|
|
// #undef X509_EXTENSIONS
|
|
// #undef OCSP_REQUEST
|
|
// #undef OCSP_RESPONSE
|
|
// #endif
|
|
|
|
extern (C):
|
|
nothrow:
|
|
|
|
/*
|
|
** Depending on which KRB5 implementation used, some types from
|
|
** the other may be missing. Resolve that here and now
|
|
*/
|
|
// #ifdef KRB5_HEIMDAL
|
|
alias ubyte krb5_octet;
|
|
// #define FAR
|
|
// #else
|
|
|
|
//#ifndef FAR
|
|
//#define FAR
|
|
//#endif
|
|
|
|
|
|
/* Uncomment this to debug kssl problems or
|
|
** to trace usage of the Kerberos session key
|
|
**
|
|
** #define KSSL_DEBUG
|
|
*/
|
|
|
|
// #ifndef KRB5SVC
|
|
enum KRB5SVC = "host";
|
|
// #endif
|
|
|
|
// #ifndef KRB5KEYTAB
|
|
enum KRB5KEYTAB = "/etc/krb5.keytab";
|
|
// #endif
|
|
|
|
// #ifndef KRB5SENDAUTH
|
|
enum KRB5SENDAUTH = 1;
|
|
// #endif
|
|
|
|
// #ifndef KRB5CHECKAUTH
|
|
enum KRB5CHECKAUTH = 1;
|
|
// #endif
|
|
|
|
// #ifndef KSSL_CLOCKSKEW
|
|
enum KSSL_CLOCKSKEW = 300;;
|
|
// #endif
|
|
|
|
enum KSSL_ERR_MAX = 255;
|
|
struct kssl_err_st {
|
|
int reason;
|
|
char[KSSL_ERR_MAX+1] text;
|
|
}
|
|
alias kssl_err_st KSSL_ERR;
|
|
|
|
|
|
|
|
// FIXME: krb5.h not available, thus just declare an opaque type.
|
|
struct KSSL_CTX;
|
|
/+
|
|
/* Context for passing
|
|
** (1) Kerberos session key to SSL, and
|
|
** (2) Config data between application and SSL lib
|
|
*/
|
|
struct kssl_ctx_st {
|
|
/* used by: disposition: */
|
|
char* service_name; /* C,S default ok (kssl) */
|
|
char* service_host; /* C input, REQUIRED */
|
|
char* client_princ; /* S output from krb5 ticket */
|
|
char* keytab_file; /* S NULL (/etc/krb5.keytab) */
|
|
char* cred_cache; /* C NULL (default) */
|
|
krb5_enctype enctype;
|
|
int length;
|
|
krb5_octet* key;
|
|
}
|
|
alias kssl_ctx_st KSSL_CTX;
|
|
+/
|
|
|
|
enum KSSL_CLIENT = 1;
|
|
enum KSSL_SERVER = 2;
|
|
enum KSSL_SERVICE = 3;
|
|
enum KSSL_KEYTAB = 4;
|
|
|
|
enum KSSL_CTX_OK = 0;
|
|
enum KSSL_CTX_ERR = 1;
|
|
enum KSSL_NOMEM = 2;
|
|
|
|
/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
|
|
// FIXME: krb5.h not available.
|
|
/+krb5_error_code kssl_ctx_setstring(KSSL_CTX* kssl_ctx, int which, char* text);
|
|
KSSL_CTX* kssl_ctx_new();
|
|
KSSL_CTX* kssl_ctx_free(KSSL_CTX* kssl_ctx);
|
|
void kssl_ctx_show(KSSL_CTX* kssl_ctx);
|
|
krb5_error_code kssl_ctx_setprinc(KSSL_CTX* kssl_ctx, int which,
|
|
krb5_data* realm, krb5_data* entity, int nentities);
|
|
krb5_error_code kssl_cget_tkt(KSSL_CTX* kssl_ctx, krb5_data** enc_tktp,
|
|
krb5_data* authenp, KSSL_ERR* kssl_err);
|
|
krb5_error_code kssl_sget_tkt(KSSL_CTX* kssl_ctx, krb5_data* indata,
|
|
krb5_ticket_times* ttimes, KSSL_ERR* kssl_err);
|
|
krb5_error_code kssl_ctx_setkey(KSSL_CTX* kssl_ctx, krb5_keyblock* session);
|
|
void kssl_err_set(KSSL_ERR* kssl_err, int reason, char* text);
|
|
void kssl_krb5_free_data_contents(krb5_context context, krb5_data* data);
|
|
krb5_error_code kssl_build_principal_2(krb5_context context,
|
|
krb5_principal* princ, int rlen, const(char)* realm,
|
|
int slen, const(char)* svc, int hlen, const(char)* host);
|
|
krb5_error_code kssl_validate_times(krb5_timestamp atime,
|
|
krb5_ticket_times* ttimes);
|
|
krb5_error_code kssl_check_authent(KSSL_CTX* kssl_ctx, krb5_data* authentp,
|
|
krb5_timestamp* atimep, KSSL_ERR* kssl_err);
|
|
ubyte* kssl_skip_confound(krb5_enctype enctype, ubyte* authn);+/
|
|
|
|
import deimos.openssl.ssl : SSL;
|
|
void SSL_set0_kssl_ctx(SSL* s, KSSL_CTX* kctx);
|
|
KSSL_CTX* SSL_get0_kssl_ctx(SSL* s);
|
|
char* kssl_ctx_get0_client_princ(KSSL_CTX* kctx);
|
|
|
|
}
|