| 1 | /*
|
|---|
| 2 | * Copyright (c) 2009 Kungliga Tekniska Högskolan
|
|---|
| 3 | * (Royal Institute of Technology, Stockholm, Sweden).
|
|---|
| 4 | * All rights reserved.
|
|---|
| 5 | *
|
|---|
| 6 | * Redistribution and use in source and binary forms, with or without
|
|---|
| 7 | * modification, are permitted provided that the following conditions
|
|---|
| 8 | * are met:
|
|---|
| 9 | *
|
|---|
| 10 | * 1. Redistributions of source code must retain the above copyright
|
|---|
| 11 | * notice, this list of conditions and the following disclaimer.
|
|---|
| 12 | *
|
|---|
| 13 | * 2. Redistributions in binary form must reproduce the above copyright
|
|---|
| 14 | * notice, this list of conditions and the following disclaimer in the
|
|---|
| 15 | * documentation and/or other materials provided with the distribution.
|
|---|
| 16 | *
|
|---|
| 17 | * 3. Neither the name of the Institute nor the names of its contributors
|
|---|
| 18 | * may be used to endorse or promote products derived from this software
|
|---|
| 19 | * without specific prior written permission.
|
|---|
| 20 | *
|
|---|
| 21 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|---|
| 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|---|
| 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|---|
| 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|---|
| 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|---|
| 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|---|
| 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|---|
| 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|---|
| 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|---|
| 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|---|
| 31 | * SUCH DAMAGE.
|
|---|
| 32 | */
|
|---|
| 33 |
|
|---|
| 34 | /*! @mainpage Heimdal GSS-API Library
|
|---|
| 35 | *
|
|---|
| 36 | * Heimdal implements the following mechanisms:
|
|---|
| 37 | *
|
|---|
| 38 | * - Kerberos 5
|
|---|
| 39 | * - SPNEGO
|
|---|
| 40 | * - NTLM
|
|---|
| 41 | *
|
|---|
| 42 | * See @ref gssapi_mechs for more describtion about these mechanisms.
|
|---|
| 43 | *
|
|---|
| 44 | * The project web page: http://www.h5l.org/
|
|---|
| 45 | *
|
|---|
| 46 | * - @ref gssapi_services_intro
|
|---|
| 47 | * - @ref gssapi_mechs
|
|---|
| 48 | * - @ref gssapi_api_INvsMN
|
|---|
| 49 | */
|
|---|
| 50 |
|
|---|
| 51 | /**
|
|---|
| 52 | * @page gssapi_services_intro Introduction to GSS-API services
|
|---|
| 53 | * @section gssapi_services GSS-API services
|
|---|
| 54 | *
|
|---|
| 55 | * @subsection gssapi_services_context Context creation
|
|---|
| 56 | *
|
|---|
| 57 | * - delegation
|
|---|
| 58 | * - mutual authentication
|
|---|
| 59 | * - anonymous
|
|---|
| 60 | * - use per message before context creation has completed
|
|---|
| 61 | *
|
|---|
| 62 | * return status:
|
|---|
| 63 | * - support conf
|
|---|
| 64 | * - support int
|
|---|
| 65 | *
|
|---|
| 66 | * @subsection gssapi_context_flags Context creation flags
|
|---|
| 67 | *
|
|---|
| 68 | * - GSS_C_DELEG_FLAG
|
|---|
| 69 | * - GSS_C_MUTUAL_FLAG
|
|---|
| 70 | * - GSS_C_REPLAY_FLAG
|
|---|
| 71 | * - GSS_C_SEQUENCE_FLAG
|
|---|
| 72 | * - GSS_C_CONF_FLAG
|
|---|
| 73 | * - GSS_C_INTEG_FLAG
|
|---|
| 74 | * - GSS_C_ANON_FLAG
|
|---|
| 75 | * - GSS_C_PROT_READY_FLAG
|
|---|
| 76 | * - GSS_C_TRANS_FLAG
|
|---|
| 77 | * - GSS_C_DCE_STYLE
|
|---|
| 78 | * - GSS_C_IDENTIFY_FLAG
|
|---|
| 79 | * - GSS_C_EXTENDED_ERROR_FLAG
|
|---|
| 80 | * - GSS_C_DELEG_POLICY_FLAG
|
|---|
| 81 | *
|
|---|
| 82 | *
|
|---|
| 83 | * @subsection gssapi_services_permessage Per-message services
|
|---|
| 84 | *
|
|---|
| 85 | * - conf
|
|---|
| 86 | * - int
|
|---|
| 87 | * - message integrity
|
|---|
| 88 | * - replay detection
|
|---|
| 89 | * - out of sequence
|
|---|
| 90 | *
|
|---|
| 91 | */
|
|---|
| 92 |
|
|---|
| 93 | /**
|
|---|
| 94 | * @page gssapi_mechs_intro GSS-API mechanisms
|
|---|
| 95 | * @section gssapi_mechs GSS-API mechanisms
|
|---|
| 96 | *
|
|---|
| 97 | * - Kerberos 5 - GSS_KRB5_MECHANISM
|
|---|
| 98 | * - SPNEGO - GSS_SPNEGO_MECHANISM
|
|---|
| 99 | * - NTLM - GSS_NTLM_MECHANISM
|
|---|
| 100 |
|
|---|
| 101 | */
|
|---|
| 102 |
|
|---|
| 103 |
|
|---|
| 104 | /**
|
|---|
| 105 | * @page internalVSmechname Internal names and mechanism names
|
|---|
| 106 | * @section gssapi_api_INvsMN Name forms
|
|---|
| 107 | *
|
|---|
| 108 | * There are two forms of name in GSS-API, Internal form and
|
|---|
| 109 | * Contiguous string ("flat") form. gss_export_name() and
|
|---|
| 110 | * gss_import_name() can be used to convert between the two forms.
|
|---|
| 111 | *
|
|---|
| 112 | * - The contiguous string form is described by an oid specificing the
|
|---|
| 113 | * type and an octet string. A special form of the contiguous
|
|---|
| 114 | * string form is the exported name object. The exported name
|
|---|
| 115 | * defined for each mechanism, is something that can be stored and
|
|---|
| 116 | * complared later. The exported name is what should be used for
|
|---|
| 117 | * ACLs comparisons.
|
|---|
| 118 | *
|
|---|
| 119 | * - The Internal form
|
|---|
| 120 | *
|
|---|
| 121 | * There is also special form of the Internal Name (IN), and that is
|
|---|
| 122 | * the Mechanism Name (MN). In the mechanism name all the generic
|
|---|
| 123 | * information is stripped of and only contain the information for
|
|---|
| 124 | * one mechanism. In GSS-API some function return MN and some
|
|---|
| 125 | * require MN as input. Each of these function is marked up as such.
|
|---|
| 126 | *
|
|---|
| 127 | *
|
|---|
| 128 | * Describe relationship between import_name, canonicalize_name,
|
|---|
| 129 | * export_name and friends.
|
|---|
| 130 | */
|
|---|
| 131 |
|
|---|
| 132 | /** @defgroup gssapi Heimdal GSS-API functions */
|
|---|
