/* Copyright (C) 2011 the GSS-PROXY contributors, see COPYING for license */

#ifndef _GP_RPC_CREDS_H_
#define _GP_RPC_CREDS_H_

#include "config.h"
#include <stdint.h>
#include <gssapi/gssapi.h>

struct gp_call_ctx;

bool gp_creds_allowed_mech(struct gp_call_ctx *gpcall, gss_OID desired_mech);
uint32_t gp_get_supported_mechs(uint32_t *min, gss_OID_set *set);

struct gssx_arg_acquire_cred;
enum gp_aqcuire_cred_type {
    ACQ_NORMAL = 0,
    ACQ_IMPNAME = 1,
};
int gp_get_acquire_type(struct gssx_arg_acquire_cred *arg);

uint32_t gp_add_krb5_creds(uint32_t *min,
                           struct gp_call_ctx *gpcall,
                           enum gp_aqcuire_cred_type acquire_type,
                           gss_cred_id_t in_cred,
                           gssx_name *desired_name,
                           gss_cred_usage_t cred_usage,
                           uint32_t initiator_time_req,
                           uint32_t acceptor_time_req,
                           gss_cred_id_t *output_cred_handle,
                           gss_OID_set *actual_mechs,
                           uint32_t *initiator_time_rec,
                           uint32_t *acceptor_time_rec);

uint32_t gp_cred_allowed(uint32_t *min,
                         struct gp_call_ctx *gpcall,
                         gss_cred_id_t cred,
                         gss_name_t target_name);

void gp_filter_flags(struct gp_call_ctx *gpcall, uint32_t *flags);

struct gp_cred_check_handle {
    struct gp_call_ctx *ctx;
    struct {
        u_int options_len;
        gssx_option *options_val;
    } options;
};
uint32_t gp_check_sync_creds(struct gp_cred_check_handle *h,
                             gss_cred_id_t cred);
uint32_t gp_export_sync_creds(uint32_t *min, struct gp_call_ctx *gpcall,
                              gss_cred_id_t *cred,
                              gssx_option **options_val, u_int *options_len);

#endif /* _GP_RPC_CREDS_H_ */