1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * dh_gssapi.h 24*7c478bd9Sstevel@tonic-gate * 25*7c478bd9Sstevel@tonic-gate * Copyright (c) 1997, by Sun Microsystems, Inc. 26*7c478bd9Sstevel@tonic-gate * All rights reserved. 27*7c478bd9Sstevel@tonic-gate * 28*7c478bd9Sstevel@tonic-gate */ 29*7c478bd9Sstevel@tonic-gate 30*7c478bd9Sstevel@tonic-gate #ifndef _DH_GSSAPI_H_ 31*7c478bd9Sstevel@tonic-gate #define _DH_GSSAPI_H_ 32*7c478bd9Sstevel@tonic-gate 33*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 34*7c478bd9Sstevel@tonic-gate extern "C" { 35*7c478bd9Sstevel@tonic-gate #endif 36*7c478bd9Sstevel@tonic-gate 37*7c478bd9Sstevel@tonic-gate #include <stdio.h> 38*7c478bd9Sstevel@tonic-gate #include <stdlib.h> 39*7c478bd9Sstevel@tonic-gate #include <string.h> 40*7c478bd9Sstevel@tonic-gate #include <gssapi/gssapi.h> 41*7c478bd9Sstevel@tonic-gate #include <mechglueP.h> 42*7c478bd9Sstevel@tonic-gate #include <rpc/rpc.h> 43*7c478bd9Sstevel@tonic-gate #include <time.h> 44*7c478bd9Sstevel@tonic-gate #include <thread.h> 45*7c478bd9Sstevel@tonic-gate #include <synch.h> 46*7c478bd9Sstevel@tonic-gate #include "error.h" 47*7c478bd9Sstevel@tonic-gate #include "token.h" 48*7c478bd9Sstevel@tonic-gate #include "oid.h" 49*7c478bd9Sstevel@tonic-gate #include "crypto.h" 50*7c478bd9Sstevel@tonic-gate 51*7c478bd9Sstevel@tonic-gate #define New(T, n) ((T *)calloc(n, sizeof (T))) 52*7c478bd9Sstevel@tonic-gate #define Free(p) free(p) 53*7c478bd9Sstevel@tonic-gate 54*7c478bd9Sstevel@tonic-gate #define DH_NO_SECRETKEY 1 55*7c478bd9Sstevel@tonic-gate #define DH_NO_NETNAME 2 56*7c478bd9Sstevel@tonic-gate #define DH_VALIDATE_FAILURE 3 57*7c478bd9Sstevel@tonic-gate 58*7c478bd9Sstevel@tonic-gate #define DH_MECH_QOP 0 59*7c478bd9Sstevel@tonic-gate 60*7c478bd9Sstevel@tonic-gate /* 61*7c478bd9Sstevel@tonic-gate * This structure defines the necessary operations that a mechanism 62*7c478bd9Sstevel@tonic-gate * must provide for key management. 63*7c478bd9Sstevel@tonic-gate */ 64*7c478bd9Sstevel@tonic-gate typedef struct keyopts_desc { 65*7c478bd9Sstevel@tonic-gate /* 66*7c478bd9Sstevel@tonic-gate * This function pointer will encrypt the set of supplied session keys 67*7c478bd9Sstevel@tonic-gate * with this principal and a remote principal. For algorithm 0 68*7c478bd9Sstevel@tonic-gate * A common key is used, that is calculated using the classic 69*7c478bd9Sstevel@tonic-gate * Diffie-Hellman key exchange. An RSA style algorithm would encrypt 70*7c478bd9Sstevel@tonic-gate * the session key with the public key of the remote. 71*7c478bd9Sstevel@tonic-gate */ 72*7c478bd9Sstevel@tonic-gate int (*key_encryptsessions)(const char *remotename, 73*7c478bd9Sstevel@tonic-gate des_block deskeys[], int no_keys); 74*7c478bd9Sstevel@tonic-gate /* 75*7c478bd9Sstevel@tonic-gate * This function decrypts the set of session keys from remote. It 76*7c478bd9Sstevel@tonic-gate * is the inverse of the above entry point. The last parameter 77*7c478bd9Sstevel@tonic-gate * is an in/out parameter. If it is non-zero going in, it allows 78*7c478bd9Sstevel@tonic-gate * the underlying mechanism to get the public key for the remote 79*7c478bd9Sstevel@tonic-gate * out of a cache. If it is zero, it indicates that the mechanism 80*7c478bd9Sstevel@tonic-gate * should get a definitive copy of the public key because it may 81*7c478bd9Sstevel@tonic-gate * have changed. When returning from the entry point *key_cached 82*7c478bd9Sstevel@tonic-gate * will be set to non zero if the session keys were decrypted using 83*7c478bd9Sstevel@tonic-gate * a cached public key, otherwise zero will be return. Most mechanism 84*7c478bd9Sstevel@tonic-gate * will not need/want this and will always return *key_cached as zero. 85*7c478bd9Sstevel@tonic-gate */ 86*7c478bd9Sstevel@tonic-gate int (*key_decryptsessions)(const char *remotename, 87*7c478bd9Sstevel@tonic-gate des_block deskeys[], int no_keys, int *key_cached); 88*7c478bd9Sstevel@tonic-gate /* 89*7c478bd9Sstevel@tonic-gate * This entry point is used to generate a block of session keys 90*7c478bd9Sstevel@tonic-gate */ 91*7c478bd9Sstevel@tonic-gate int (*key_gendeskeys)(des_block *deskeys, int no_keys); 92*7c478bd9Sstevel@tonic-gate /* 93*7c478bd9Sstevel@tonic-gate * This entry point is used to see if the principal's credentials 94*7c478bd9Sstevel@tonic-gate * are available. 95*7c478bd9Sstevel@tonic-gate */ 96*7c478bd9Sstevel@tonic-gate int (*key_secretkey_is_set)(void); 97*7c478bd9Sstevel@tonic-gate /* 98*7c478bd9Sstevel@tonic-gate * This entry point will return the netname of the calling principal. 99*7c478bd9Sstevel@tonic-gate */ 100*7c478bd9Sstevel@tonic-gate char *(*get_principal)(void); 101*7c478bd9Sstevel@tonic-gate } dh_keyopts_desc, *dh_keyopts_t; 102*7c478bd9Sstevel@tonic-gate 103*7c478bd9Sstevel@tonic-gate /* 104*7c478bd9Sstevel@tonic-gate * Diffie-Hellman principal names are just null terminated charater strings 105*7c478bd9Sstevel@tonic-gate * that are ONC RPC netnames. 106*7c478bd9Sstevel@tonic-gate */ 107*7c478bd9Sstevel@tonic-gate typedef char *dh_principal; 108*7c478bd9Sstevel@tonic-gate 109*7c478bd9Sstevel@tonic-gate /* Diffie-Hellman credentials */ 110*7c478bd9Sstevel@tonic-gate typedef struct dh_cred_id_desc { 111*7c478bd9Sstevel@tonic-gate uid_t uid; /* The uid of this principal */ 112*7c478bd9Sstevel@tonic-gate gss_cred_usage_t usage; /* How this cred can be used */ 113*7c478bd9Sstevel@tonic-gate dh_principal principal; /* RPC netname */ 114*7c478bd9Sstevel@tonic-gate time_t expire; /* When this cred expires */ 115*7c478bd9Sstevel@tonic-gate } dh_cred_id_desc, *dh_cred_id_t; 116*7c478bd9Sstevel@tonic-gate 117*7c478bd9Sstevel@tonic-gate 118*7c478bd9Sstevel@tonic-gate /* 119*7c478bd9Sstevel@tonic-gate * This is the structure that defines the mechanism specific context. 120*7c478bd9Sstevel@tonic-gate * This allows a common backend to support a faimily of mechanism that 121*7c478bd9Sstevel@tonic-gate * use different key lengths and algorithms. We know the particular mechanism 122*7c478bd9Sstevel@tonic-gate * by that mechanism on initialization filling in the OID for that mechanaism 123*7c478bd9Sstevel@tonic-gate * and suppling a set of keyopts that correspond to the key length and 124*7c478bd9Sstevel@tonic-gate * algorithm used. 125*7c478bd9Sstevel@tonic-gate */ 126*7c478bd9Sstevel@tonic-gate typedef struct dh_context_desc { 127*7c478bd9Sstevel@tonic-gate gss_OID mech; 128*7c478bd9Sstevel@tonic-gate dh_keyopts_t keyopts; 129*7c478bd9Sstevel@tonic-gate } dh_context_desc, *dh_context_t; 130*7c478bd9Sstevel@tonic-gate 131*7c478bd9Sstevel@tonic-gate 132*7c478bd9Sstevel@tonic-gate /* This defines the size of the history for replay and out-of-seq detection */ 133*7c478bd9Sstevel@tonic-gate #define SSIZE 4 134*7c478bd9Sstevel@tonic-gate typedef unsigned long long seq_word_t; 135*7c478bd9Sstevel@tonic-gate 136*7c478bd9Sstevel@tonic-gate /* 137*7c478bd9Sstevel@tonic-gate * This structure holds the state for replay and detection. It contains the 138*7c478bd9Sstevel@tonic-gate * bit array of the last seqence numbers that have been seen and the last 139*7c478bd9Sstevel@tonic-gate * sequence number. The 0th bit represents the last sequence number receive. 140*7c478bd9Sstevel@tonic-gate * The state contained in this structure in protected by a mutext so that 141*7c478bd9Sstevel@tonic-gate * multiple threads can manipulate the history. 142*7c478bd9Sstevel@tonic-gate */ 143*7c478bd9Sstevel@tonic-gate typedef struct { 144*7c478bd9Sstevel@tonic-gate mutex_t seq_arr_lock; /* lock on this structure */ 145*7c478bd9Sstevel@tonic-gate seq_word_t arr[SSIZE]; /* Bit array of sequence history */ 146*7c478bd9Sstevel@tonic-gate OM_uint32 seqno; /* Last seqno seen */ 147*7c478bd9Sstevel@tonic-gate } seq_array, *seq_array_t; 148*7c478bd9Sstevel@tonic-gate 149*7c478bd9Sstevel@tonic-gate 150*7c478bd9Sstevel@tonic-gate typedef enum { INCOMPLETE, ESTABLISHED, BAD } DHState; 151*7c478bd9Sstevel@tonic-gate 152*7c478bd9Sstevel@tonic-gate /* 153*7c478bd9Sstevel@tonic-gate * The Diffie-Hellman context that corresponds to the gss_ctx_id_t. 154*7c478bd9Sstevel@tonic-gate */ 155*7c478bd9Sstevel@tonic-gate typedef struct dh_gss_context_desc { 156*7c478bd9Sstevel@tonic-gate DHState state; /* Context state */ 157*7c478bd9Sstevel@tonic-gate int initiate; /* 1 intiates, 0 accepts */ 158*7c478bd9Sstevel@tonic-gate int proto_version; /* DH protocol version */ 159*7c478bd9Sstevel@tonic-gate dh_principal remote; /* Netname of remote */ 160*7c478bd9Sstevel@tonic-gate dh_principal local; /* Netname of local */ 161*7c478bd9Sstevel@tonic-gate int no_keys; /* Number of session keys (currently 3) */ 162*7c478bd9Sstevel@tonic-gate des_block *keys; /* The session keys */ 163*7c478bd9Sstevel@tonic-gate OM_uint32 flags; /* GSS context flags */ 164*7c478bd9Sstevel@tonic-gate seq_array hist; /* Out-of-sequence, replay history */ 165*7c478bd9Sstevel@tonic-gate mutex_t seqno_lock; /* Lock to protect next_seqno */ 166*7c478bd9Sstevel@tonic-gate OM_uint32 next_seqno; /* Next seqno to send */ 167*7c478bd9Sstevel@tonic-gate time_t expire; /* When this context expires */ 168*7c478bd9Sstevel@tonic-gate int debug; /* Turn on debuging if non zero */ 169*7c478bd9Sstevel@tonic-gate } dh_gss_context_desc, *dh_gss_context_t; 170*7c478bd9Sstevel@tonic-gate 171*7c478bd9Sstevel@tonic-gate 172*7c478bd9Sstevel@tonic-gate /* declarations of internal name mechanism functions */ 173*7c478bd9Sstevel@tonic-gate 174*7c478bd9Sstevel@tonic-gate gss_mechanism 175*7c478bd9Sstevel@tonic-gate __dh_generic_initialize(gss_mechanism, gss_OID_desc, dh_keyopts_t); 176*7c478bd9Sstevel@tonic-gate 177*7c478bd9Sstevel@tonic-gate /* 178*7c478bd9Sstevel@tonic-gate * The following routines are the entry points that libgss uses. 179*7c478bd9Sstevel@tonic-gate * The have the same signature as the corresponding libgss functions 180*7c478bd9Sstevel@tonic-gate * except they are passed an additinal first parameter that is a pointer 181*7c478bd9Sstevel@tonic-gate * to the mechanaism specific context. In our case that void pointer is 182*7c478bd9Sstevel@tonic-gate * actually pointing to a dh_context. See <gssapi/gssapi.h> or the 183*7c478bd9Sstevel@tonic-gate * draft-ietf_cat_gssv2-cbind document for an explanation of the parameters. 184*7c478bd9Sstevel@tonic-gate */ 185*7c478bd9Sstevel@tonic-gate OM_uint32 186*7c478bd9Sstevel@tonic-gate __dh_gss_acquire_cred(void *, OM_uint32*, gss_name_t, OM_uint32, gss_OID_set, 187*7c478bd9Sstevel@tonic-gate gss_cred_usage_t, gss_cred_id_t *, gss_OID_set *, OM_uint32 *); 188*7c478bd9Sstevel@tonic-gate 189*7c478bd9Sstevel@tonic-gate OM_uint32 190*7c478bd9Sstevel@tonic-gate __dh_gss_release_cred(void *, OM_uint32 *, gss_cred_id_t *); 191*7c478bd9Sstevel@tonic-gate 192*7c478bd9Sstevel@tonic-gate OM_uint32 193*7c478bd9Sstevel@tonic-gate __dh_gss_init_sec_context(void *, OM_uint32 *, gss_cred_id_t, gss_ctx_id_t *, 194*7c478bd9Sstevel@tonic-gate gss_name_t, gss_OID, OM_uint32, OM_uint32, gss_channel_bindings_t, 195*7c478bd9Sstevel@tonic-gate gss_buffer_t, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *); 196*7c478bd9Sstevel@tonic-gate 197*7c478bd9Sstevel@tonic-gate OM_uint32 198*7c478bd9Sstevel@tonic-gate __dh_gss_accept_sec_context(void *, OM_uint32 *, gss_ctx_id_t *, gss_cred_id_t, 199*7c478bd9Sstevel@tonic-gate gss_buffer_t, gss_channel_bindings_t, gss_name_t *, gss_OID *, 200*7c478bd9Sstevel@tonic-gate gss_buffer_t, OM_uint32 *, OM_uint32 *, gss_cred_id_t *); 201*7c478bd9Sstevel@tonic-gate 202*7c478bd9Sstevel@tonic-gate OM_uint32 203*7c478bd9Sstevel@tonic-gate __dh_gss_process_context_token(void *, OM_uint32 *, 204*7c478bd9Sstevel@tonic-gate gss_ctx_id_t, gss_buffer_t); 205*7c478bd9Sstevel@tonic-gate 206*7c478bd9Sstevel@tonic-gate OM_uint32 207*7c478bd9Sstevel@tonic-gate __dh_gss_delete_sec_context(void *, OM_uint32 *, gss_ctx_id_t *, gss_buffer_t); 208*7c478bd9Sstevel@tonic-gate 209*7c478bd9Sstevel@tonic-gate OM_uint32 210*7c478bd9Sstevel@tonic-gate __dh_gss_context_time(void *, OM_uint32 *, gss_ctx_id_t, OM_uint32 *); 211*7c478bd9Sstevel@tonic-gate 212*7c478bd9Sstevel@tonic-gate OM_uint32 213*7c478bd9Sstevel@tonic-gate __dh_gss_sign(void *, OM_uint32 *, gss_ctx_id_t, 214*7c478bd9Sstevel@tonic-gate int, gss_buffer_t, gss_buffer_t); 215*7c478bd9Sstevel@tonic-gate 216*7c478bd9Sstevel@tonic-gate OM_uint32 217*7c478bd9Sstevel@tonic-gate __dh_gss_verify(void *, OM_uint32 *, gss_ctx_id_t, 218*7c478bd9Sstevel@tonic-gate gss_buffer_t, gss_buffer_t, int *); 219*7c478bd9Sstevel@tonic-gate 220*7c478bd9Sstevel@tonic-gate OM_uint32 221*7c478bd9Sstevel@tonic-gate __dh_gss_seal(void *, OM_uint32 *, gss_ctx_id_t, 222*7c478bd9Sstevel@tonic-gate int, int, gss_buffer_t, int *, gss_buffer_t); 223*7c478bd9Sstevel@tonic-gate 224*7c478bd9Sstevel@tonic-gate OM_uint32 225*7c478bd9Sstevel@tonic-gate __dh_gss_unseal(void *, OM_uint32 *, gss_ctx_id_t, 226*7c478bd9Sstevel@tonic-gate gss_buffer_t, gss_buffer_t, int *, int *); 227*7c478bd9Sstevel@tonic-gate 228*7c478bd9Sstevel@tonic-gate OM_uint32 229*7c478bd9Sstevel@tonic-gate __dh_gss_display_status(void *, OM_uint32 *, OM_uint32, 230*7c478bd9Sstevel@tonic-gate int, gss_OID, OM_uint32 *, gss_buffer_t); 231*7c478bd9Sstevel@tonic-gate 232*7c478bd9Sstevel@tonic-gate OM_uint32 233*7c478bd9Sstevel@tonic-gate __dh_gss_indicate_mechs(void *, OM_uint32 *, gss_OID_set *); 234*7c478bd9Sstevel@tonic-gate 235*7c478bd9Sstevel@tonic-gate OM_uint32 236*7c478bd9Sstevel@tonic-gate __dh_gss_compare_name(void *, OM_uint32 *, gss_name_t, gss_name_t, int *); 237*7c478bd9Sstevel@tonic-gate 238*7c478bd9Sstevel@tonic-gate OM_uint32 239*7c478bd9Sstevel@tonic-gate __dh_gss_display_name(void *, OM_uint32 *, 240*7c478bd9Sstevel@tonic-gate gss_name_t, gss_buffer_t, gss_OID *); 241*7c478bd9Sstevel@tonic-gate 242*7c478bd9Sstevel@tonic-gate OM_uint32 243*7c478bd9Sstevel@tonic-gate __dh_gss_import_name(void *, OM_uint32 *, gss_buffer_t, gss_OID, gss_name_t *); 244*7c478bd9Sstevel@tonic-gate 245*7c478bd9Sstevel@tonic-gate OM_uint32 246*7c478bd9Sstevel@tonic-gate __dh_gss_release_name(void *, OM_uint32 *, gss_name_t *); 247*7c478bd9Sstevel@tonic-gate 248*7c478bd9Sstevel@tonic-gate OM_uint32 249*7c478bd9Sstevel@tonic-gate __dh_gss_inquire_cred(void *, OM_uint32 *, gss_cred_id_t, gss_name_t *, 250*7c478bd9Sstevel@tonic-gate OM_uint32 *, gss_cred_usage_t *, gss_OID_set *); 251*7c478bd9Sstevel@tonic-gate 252*7c478bd9Sstevel@tonic-gate OM_uint32 253*7c478bd9Sstevel@tonic-gate __dh_gss_inquire_context(void *, OM_uint32 *, gss_ctx_id_t, gss_name_t *, 254*7c478bd9Sstevel@tonic-gate gss_name_t *, OM_uint32 *, gss_OID *, OM_uint32 *, int *, int *); 255*7c478bd9Sstevel@tonic-gate 256*7c478bd9Sstevel@tonic-gate /* New V2 entry points */ 257*7c478bd9Sstevel@tonic-gate OM_uint32 258*7c478bd9Sstevel@tonic-gate __dh_gss_get_mic(void *, OM_uint32 *, gss_ctx_id_t, 259*7c478bd9Sstevel@tonic-gate gss_qop_t, gss_buffer_t, gss_buffer_t); 260*7c478bd9Sstevel@tonic-gate 261*7c478bd9Sstevel@tonic-gate OM_uint32 262*7c478bd9Sstevel@tonic-gate __dh_gss_verify_mic(void *, OM_uint32 *, gss_ctx_id_t, gss_buffer_t, 263*7c478bd9Sstevel@tonic-gate gss_buffer_t, gss_qop_t *); 264*7c478bd9Sstevel@tonic-gate 265*7c478bd9Sstevel@tonic-gate OM_uint32 266*7c478bd9Sstevel@tonic-gate __dh_gss_wrap(void *, OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, 267*7c478bd9Sstevel@tonic-gate gss_buffer_t, int *, gss_buffer_t); 268*7c478bd9Sstevel@tonic-gate 269*7c478bd9Sstevel@tonic-gate OM_uint32 270*7c478bd9Sstevel@tonic-gate __dh_gss_unwrap(void *, OM_uint32 *, gss_ctx_id_t, gss_buffer_t, 271*7c478bd9Sstevel@tonic-gate gss_buffer_t, int *, gss_qop_t *); 272*7c478bd9Sstevel@tonic-gate 273*7c478bd9Sstevel@tonic-gate OM_uint32 274*7c478bd9Sstevel@tonic-gate __dh_gss_wrap_size_limit(void *, OM_uint32 *, gss_ctx_id_t, int, 275*7c478bd9Sstevel@tonic-gate gss_qop_t, OM_uint32, OM_uint32 *); 276*7c478bd9Sstevel@tonic-gate 277*7c478bd9Sstevel@tonic-gate OM_uint32 278*7c478bd9Sstevel@tonic-gate __dh_gss_import_name_object(void *, OM_uint32 *, 279*7c478bd9Sstevel@tonic-gate void *, gss_OID, gss_name_t *); 280*7c478bd9Sstevel@tonic-gate 281*7c478bd9Sstevel@tonic-gate OM_uint32 282*7c478bd9Sstevel@tonic-gate __dh_gss_export_name_object(void *, OM_uint32 *, gss_name_t, gss_OID, void **); 283*7c478bd9Sstevel@tonic-gate 284*7c478bd9Sstevel@tonic-gate OM_uint32 285*7c478bd9Sstevel@tonic-gate __dh_gss_add_cred(void *, OM_uint32 *, gss_cred_id_t, gss_name_t, gss_OID, 286*7c478bd9Sstevel@tonic-gate gss_cred_usage_t, OM_uint32, OM_uint32, gss_cred_id_t *, gss_OID_set *, 287*7c478bd9Sstevel@tonic-gate OM_uint32 *, OM_uint32 *); 288*7c478bd9Sstevel@tonic-gate 289*7c478bd9Sstevel@tonic-gate OM_uint32 290*7c478bd9Sstevel@tonic-gate __dh_gss_inquire_cred_by_mech(void *, OM_uint32 *, gss_cred_id_t, gss_OID, 291*7c478bd9Sstevel@tonic-gate gss_name_t *, OM_uint32 *, OM_uint32 *, gss_cred_usage_t *); 292*7c478bd9Sstevel@tonic-gate 293*7c478bd9Sstevel@tonic-gate OM_uint32 294*7c478bd9Sstevel@tonic-gate __dh_gss_export_sec_context(void *, OM_uint32 *, gss_ctx_id_t *, gss_buffer_t); 295*7c478bd9Sstevel@tonic-gate 296*7c478bd9Sstevel@tonic-gate OM_uint32 297*7c478bd9Sstevel@tonic-gate __dh_gss_import_sec_context(void *, OM_uint32 *, gss_buffer_t, gss_ctx_id_t *); 298*7c478bd9Sstevel@tonic-gate 299*7c478bd9Sstevel@tonic-gate OM_uint32 300*7c478bd9Sstevel@tonic-gate __dh_gss_internal_release_oid(void *, OM_uint32 *, gss_OID *); 301*7c478bd9Sstevel@tonic-gate 302*7c478bd9Sstevel@tonic-gate OM_uint32 303*7c478bd9Sstevel@tonic-gate __dh_gss_inquire_names_for_mech(void *, OM_uint32 *, gss_OID, gss_OID_set *); 304*7c478bd9Sstevel@tonic-gate 305*7c478bd9Sstevel@tonic-gate /* Principal to uid mapping */ 306*7c478bd9Sstevel@tonic-gate OM_uint32 307*7c478bd9Sstevel@tonic-gate __dh_pname_to_uid(void *ctx, OM_uint32 *minor, 308*7c478bd9Sstevel@tonic-gate const gss_name_t pname, uid_t *uid); 309*7c478bd9Sstevel@tonic-gate 310*7c478bd9Sstevel@tonic-gate OM_uint32 311*7c478bd9Sstevel@tonic-gate __dh_gss_export_name(void *ctx, OM_uint32 *minor, 312*7c478bd9Sstevel@tonic-gate const gss_name_t input_name, gss_buffer_t exported_name); 313*7c478bd9Sstevel@tonic-gate 314*7c478bd9Sstevel@tonic-gate /* ====================== End of libgss entry points ======================= */ 315*7c478bd9Sstevel@tonic-gate 316*7c478bd9Sstevel@tonic-gate /* Routines to validate, install and remove contexts and credentials */ 317*7c478bd9Sstevel@tonic-gate OM_uint32 318*7c478bd9Sstevel@tonic-gate __dh_validate_context(dh_gss_context_t); 319*7c478bd9Sstevel@tonic-gate 320*7c478bd9Sstevel@tonic-gate OM_uint32 321*7c478bd9Sstevel@tonic-gate __dh_install_context(dh_gss_context_t); 322*7c478bd9Sstevel@tonic-gate 323*7c478bd9Sstevel@tonic-gate OM_uint32 324*7c478bd9Sstevel@tonic-gate __dh_remove_context(dh_gss_context_t); 325*7c478bd9Sstevel@tonic-gate 326*7c478bd9Sstevel@tonic-gate OM_uint32 327*7c478bd9Sstevel@tonic-gate __dh_validate_cred(dh_cred_id_t); 328*7c478bd9Sstevel@tonic-gate 329*7c478bd9Sstevel@tonic-gate OM_uint32 330*7c478bd9Sstevel@tonic-gate __dh_install_cred(dh_cred_id_t); 331*7c478bd9Sstevel@tonic-gate 332*7c478bd9Sstevel@tonic-gate OM_uint32 333*7c478bd9Sstevel@tonic-gate __dh_remove_cred(dh_cred_id_t); 334*7c478bd9Sstevel@tonic-gate 335*7c478bd9Sstevel@tonic-gate OM_uint32 336*7c478bd9Sstevel@tonic-gate __dh_validate_principal(dh_principal); 337*7c478bd9Sstevel@tonic-gate 338*7c478bd9Sstevel@tonic-gate /* Routines for out-of-sequence and replay detection */ 339*7c478bd9Sstevel@tonic-gate OM_uint32 __dh_seq_detection(dh_gss_context_t, OM_uint32); 340*7c478bd9Sstevel@tonic-gate 341*7c478bd9Sstevel@tonic-gate OM_uint32 __dh_next_seqno(dh_gss_context_t ctx); 342*7c478bd9Sstevel@tonic-gate 343*7c478bd9Sstevel@tonic-gate void __dh_init_seq_hist(dh_gss_context_t); 344*7c478bd9Sstevel@tonic-gate 345*7c478bd9Sstevel@tonic-gate void __dh_destroy_seq_hist(dh_gss_context_t ctx); 346*7c478bd9Sstevel@tonic-gate 347*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 348*7c478bd9Sstevel@tonic-gate } 349*7c478bd9Sstevel@tonic-gate #endif 350*7c478bd9Sstevel@tonic-gate 351*7c478bd9Sstevel@tonic-gate #endif /* _DH_GSSAPI_H_ */ 352