17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5004388ebScasper * Common Development and Distribution License (the "License").
6004388ebScasper * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate
227c478bd9Sstevel@tonic-gate /*
23004388ebScasper * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
247c478bd9Sstevel@tonic-gate * Use is subject to license terms.
25*48bbca81SDaniel Hoffman * Copyright (c) 2016 by Delphix. All rights reserved.
267c478bd9Sstevel@tonic-gate *
277c478bd9Sstevel@tonic-gate * A module that implements a dummy security mechanism.
287c478bd9Sstevel@tonic-gate * It's mainly used to test GSS-API application. Multiple tokens
297c478bd9Sstevel@tonic-gate * exchanged during security context establishment can be
307c478bd9Sstevel@tonic-gate * specified through dummy_mech.conf located in /etc.
317c478bd9Sstevel@tonic-gate *
327c478bd9Sstevel@tonic-gate */
337c478bd9Sstevel@tonic-gate #ifndef lint
347c478bd9Sstevel@tonic-gate #define dummy_gss_accept_sec_context \
357c478bd9Sstevel@tonic-gate dummy_867227349
367c478bd9Sstevel@tonic-gate #define dummy_gss_acquire_cred \
377c478bd9Sstevel@tonic-gate dummy_352458907
387c478bd9Sstevel@tonic-gate #define dummy_gss_add_cred \
397c478bd9Sstevel@tonic-gate dummy_911432290
407c478bd9Sstevel@tonic-gate #define dummy_gss_compare_name \
417c478bd9Sstevel@tonic-gate dummy_396663848
427c478bd9Sstevel@tonic-gate #define dummy_gss_context_time \
437c478bd9Sstevel@tonic-gate dummy_955669998
447c478bd9Sstevel@tonic-gate #define dummy_gss_delete_sec_context \
457c478bd9Sstevel@tonic-gate dummy_440868788
467c478bd9Sstevel@tonic-gate #define dummy_gss_display_name \
477c478bd9Sstevel@tonic-gate dummy_999874939
487c478bd9Sstevel@tonic-gate #define dummy_gss_display_status \
497c478bd9Sstevel@tonic-gate dummy_485073729
507c478bd9Sstevel@tonic-gate #define dummy_gss_export_sec_context \
517c478bd9Sstevel@tonic-gate dummy_1044079879
527c478bd9Sstevel@tonic-gate #define dummy_gss_import_name \
537c478bd9Sstevel@tonic-gate dummy_529311438
547c478bd9Sstevel@tonic-gate #define dummy_gss_import_sec_context \
557c478bd9Sstevel@tonic-gate dummy_14542996
567c478bd9Sstevel@tonic-gate #define dummy_gss_indicate_mechs \
577c478bd9Sstevel@tonic-gate dummy_573516378
587c478bd9Sstevel@tonic-gate #define dummy_gss_init_sec_context \
597c478bd9Sstevel@tonic-gate dummy_58780705
607c478bd9Sstevel@tonic-gate #define dummy_gss_inquire_context \
617c478bd9Sstevel@tonic-gate dummy_617721319
627c478bd9Sstevel@tonic-gate #define dummy_gss_inquire_cred \
637c478bd9Sstevel@tonic-gate dummy_102985645
647c478bd9Sstevel@tonic-gate #define dummy_gss_inquire_cred_by_mech \
657c478bd9Sstevel@tonic-gate dummy_661926260
667c478bd9Sstevel@tonic-gate #define dummy_gss_inquire_names_for_mech \
677c478bd9Sstevel@tonic-gate dummy_147190586
687c478bd9Sstevel@tonic-gate #define dummy_gss_internal_release_oid \
697c478bd9Sstevel@tonic-gate dummy_706163968
707c478bd9Sstevel@tonic-gate #define dummy_gss_process_context_token \
717c478bd9Sstevel@tonic-gate dummy_191395526
727c478bd9Sstevel@tonic-gate #define dummy_gss_release_cred \
737c478bd9Sstevel@tonic-gate dummy_750368909
747c478bd9Sstevel@tonic-gate #define dummy_gss_release_name \
757c478bd9Sstevel@tonic-gate dummy_235600467
767c478bd9Sstevel@tonic-gate #define dummy_gss_seal \
777c478bd9Sstevel@tonic-gate dummy_794573849
787c478bd9Sstevel@tonic-gate #define dummy_gss_sign \
797c478bd9Sstevel@tonic-gate dummy_279838176
807c478bd9Sstevel@tonic-gate #define dummy_gss_unseal \
817c478bd9Sstevel@tonic-gate dummy_838778790
827c478bd9Sstevel@tonic-gate #define dummy_gss_verify \
837c478bd9Sstevel@tonic-gate dummy_324010348
847c478bd9Sstevel@tonic-gate #define dummy_gss_wrap_size_limit \
857c478bd9Sstevel@tonic-gate dummy_882983731
867c478bd9Sstevel@tonic-gate #define dummy_pname_to_uid \
877c478bd9Sstevel@tonic-gate dummy_345475423
887c478bd9Sstevel@tonic-gate #endif
897c478bd9Sstevel@tonic-gate
907c478bd9Sstevel@tonic-gate #include <stdio.h>
917c478bd9Sstevel@tonic-gate #include <stdlib.h>
927c478bd9Sstevel@tonic-gate #include <gssapiP_dummy.h>
937c478bd9Sstevel@tonic-gate #include <mechglueP.h>
947c478bd9Sstevel@tonic-gate #include <gssapi_err_generic.h>
957c478bd9Sstevel@tonic-gate
967c478bd9Sstevel@tonic-gate #define dummy_context_name_len 19
977c478bd9Sstevel@tonic-gate /* private routines for dummy_mechanism */
987c478bd9Sstevel@tonic-gate static dummy_token_t make_dummy_token(char *name);
997c478bd9Sstevel@tonic-gate static void free_dummy_token(dummy_token_t *token);
1007c478bd9Sstevel@tonic-gate static gss_buffer_desc make_dummy_token_buffer(char *name);
1017c478bd9Sstevel@tonic-gate static gss_buffer_desc make_dummy_token_msg(void *data, int datalen);
1027c478bd9Sstevel@tonic-gate static int der_length_size(int length);
1037c478bd9Sstevel@tonic-gate static void der_write_length(unsigned char ** buf, int length);
1047c478bd9Sstevel@tonic-gate static int der_read_length(unsigned char **buf, int *bufsize);
1057c478bd9Sstevel@tonic-gate static int g_token_size(gss_OID mech, unsigned int body_size);
1067c478bd9Sstevel@tonic-gate static void g_make_token_header(gss_OID mech, int body_size,
1077c478bd9Sstevel@tonic-gate unsigned char **buf, int tok_type);
1087c478bd9Sstevel@tonic-gate static int g_verify_token_header(gss_OID mech, int *body_size,
1097c478bd9Sstevel@tonic-gate unsigned char **buf_in, int tok_type,
1107c478bd9Sstevel@tonic-gate int toksize);
1117c478bd9Sstevel@tonic-gate
1127c478bd9Sstevel@tonic-gate
1137c478bd9Sstevel@tonic-gate /* private global variables */
1147c478bd9Sstevel@tonic-gate static char dummy_srcname[] = "dummy source";
1157c478bd9Sstevel@tonic-gate static OM_uint32 dummy_flags;
1167c478bd9Sstevel@tonic-gate static int token_nums;
1177c478bd9Sstevel@tonic-gate
1187c478bd9Sstevel@tonic-gate /*
1197c478bd9Sstevel@tonic-gate * The Mech OID:
1207c478bd9Sstevel@tonic-gate * { iso(1) org(3) internet(6) dod(1) private(4) enterprises(1) sun(42)
1217c478bd9Sstevel@tonic-gate * products(2) gssapi(26) mechtypes(1) dummy(2) }
1227c478bd9Sstevel@tonic-gate */
1237c478bd9Sstevel@tonic-gate static struct gss_config dummy_mechanism =
1247c478bd9Sstevel@tonic-gate {{10, "\053\006\001\004\001\052\002\032\001\002"},
1257c478bd9Sstevel@tonic-gate NULL,
1267c478bd9Sstevel@tonic-gate dummy_gss_acquire_cred,
1277c478bd9Sstevel@tonic-gate dummy_gss_release_cred,
1287c478bd9Sstevel@tonic-gate dummy_gss_init_sec_context,
1297c478bd9Sstevel@tonic-gate dummy_gss_accept_sec_context,
1307c478bd9Sstevel@tonic-gate dummy_gss_unseal,
1317c478bd9Sstevel@tonic-gate dummy_gss_process_context_token,
1327c478bd9Sstevel@tonic-gate dummy_gss_delete_sec_context,
1337c478bd9Sstevel@tonic-gate dummy_gss_context_time,
1347c478bd9Sstevel@tonic-gate dummy_gss_display_status,
1357c478bd9Sstevel@tonic-gate dummy_gss_indicate_mechs,
1367c478bd9Sstevel@tonic-gate dummy_gss_compare_name,
1377c478bd9Sstevel@tonic-gate dummy_gss_display_name,
1387c478bd9Sstevel@tonic-gate dummy_gss_import_name,
1397c478bd9Sstevel@tonic-gate dummy_gss_release_name,
1407c478bd9Sstevel@tonic-gate dummy_gss_inquire_cred,
1417c478bd9Sstevel@tonic-gate dummy_gss_add_cred,
1427c478bd9Sstevel@tonic-gate dummy_gss_seal,
1437c478bd9Sstevel@tonic-gate dummy_gss_export_sec_context,
1447c478bd9Sstevel@tonic-gate dummy_gss_import_sec_context,
1457c478bd9Sstevel@tonic-gate dummy_gss_inquire_cred_by_mech,
1467c478bd9Sstevel@tonic-gate dummy_gss_inquire_names_for_mech,
1477c478bd9Sstevel@tonic-gate dummy_gss_inquire_context,
1487c478bd9Sstevel@tonic-gate dummy_gss_internal_release_oid,
1497c478bd9Sstevel@tonic-gate dummy_gss_wrap_size_limit,
1507c478bd9Sstevel@tonic-gate dummy_pname_to_uid,
1517c478bd9Sstevel@tonic-gate NULL, /* __gss_userok */
1527c478bd9Sstevel@tonic-gate NULL, /* _export name */
1537c478bd9Sstevel@tonic-gate dummy_gss_sign,
1547c478bd9Sstevel@tonic-gate dummy_gss_verify,
1557c478bd9Sstevel@tonic-gate NULL, /* _store_cred */
1567c478bd9Sstevel@tonic-gate };
1577c478bd9Sstevel@tonic-gate
1587c478bd9Sstevel@tonic-gate gss_mechanism
gss_mech_initialize(oid)1597c478bd9Sstevel@tonic-gate gss_mech_initialize(oid)
1607c478bd9Sstevel@tonic-gate const gss_OID oid;
1617c478bd9Sstevel@tonic-gate {
1627c478bd9Sstevel@tonic-gate FILE *fp;
1637c478bd9Sstevel@tonic-gate
1647c478bd9Sstevel@tonic-gate dprintf("Entering gss_mech_initialize\n");
1657c478bd9Sstevel@tonic-gate
1667c478bd9Sstevel@tonic-gate if (oid == NULL ||
1677c478bd9Sstevel@tonic-gate !g_OID_equal(oid, &dummy_mechanism.mech_type)) {
1687c478bd9Sstevel@tonic-gate fprintf(stderr, "invalid dummy mechanism oid.\n");
1697c478bd9Sstevel@tonic-gate return (NULL);
1707c478bd9Sstevel@tonic-gate }
1717c478bd9Sstevel@tonic-gate
172004388ebScasper fp = fopen("/etc/dummy_mech_token.conf", "rF");
1737c478bd9Sstevel@tonic-gate if (fp == NULL) {
1747c478bd9Sstevel@tonic-gate fprintf(stderr, "dummy_mech.conf is not found.\n");
1757c478bd9Sstevel@tonic-gate fprintf(stderr, "Setting number tokens exchanged to 1\n");
1767c478bd9Sstevel@tonic-gate token_nums = 1;
1777c478bd9Sstevel@tonic-gate } else {
1787c478bd9Sstevel@tonic-gate fscanf(fp, "%d", &token_nums);
1797c478bd9Sstevel@tonic-gate fclose(fp);
1807c478bd9Sstevel@tonic-gate dprintf("dummy_mech.conf is found.\n");
1817c478bd9Sstevel@tonic-gate dprintf1("Setting number tokens exchanged to %d\n", token_nums);
1827c478bd9Sstevel@tonic-gate }
1837c478bd9Sstevel@tonic-gate
1847c478bd9Sstevel@tonic-gate if (token_nums == 1)
1857c478bd9Sstevel@tonic-gate dummy_flags = GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG;
1867c478bd9Sstevel@tonic-gate else
1877c478bd9Sstevel@tonic-gate dummy_flags = GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG
1887c478bd9Sstevel@tonic-gate | GSS_C_MUTUAL_FLAG;
1897c478bd9Sstevel@tonic-gate
1907c478bd9Sstevel@tonic-gate dprintf("Leaving gss_mech_initialize\n");
1917c478bd9Sstevel@tonic-gate return (&dummy_mechanism);
1927c478bd9Sstevel@tonic-gate }
1937c478bd9Sstevel@tonic-gate
1947c478bd9Sstevel@tonic-gate /*ARGSUSED*/
1957c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_acquire_cred(ctx,minor_status,desired_name,time_req,desired_mechs,cred_usage,output_cred_handle,actual_mechs,time_rec)1967c478bd9Sstevel@tonic-gate dummy_gss_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
1977c478bd9Sstevel@tonic-gate cred_usage, output_cred_handle,
1987c478bd9Sstevel@tonic-gate actual_mechs, time_rec)
1997c478bd9Sstevel@tonic-gate void *ctx;
2007c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
2017c478bd9Sstevel@tonic-gate gss_name_t desired_name;
2027c478bd9Sstevel@tonic-gate OM_uint32 time_req;
2037c478bd9Sstevel@tonic-gate gss_OID_set desired_mechs;
2047c478bd9Sstevel@tonic-gate gss_cred_usage_t cred_usage;
2057c478bd9Sstevel@tonic-gate gss_cred_id_t *output_cred_handle;
2067c478bd9Sstevel@tonic-gate gss_OID_set *actual_mechs;
2077c478bd9Sstevel@tonic-gate OM_uint32 *time_rec;
2087c478bd9Sstevel@tonic-gate {
2097c478bd9Sstevel@tonic-gate dprintf("Entering dummy_gss_acquire_cred\n");
2107c478bd9Sstevel@tonic-gate
2117c478bd9Sstevel@tonic-gate if (actual_mechs)
2127c478bd9Sstevel@tonic-gate *actual_mechs = NULL;
2137c478bd9Sstevel@tonic-gate if (time_rec)
2147c478bd9Sstevel@tonic-gate *time_rec = 0;
2157c478bd9Sstevel@tonic-gate
2167c478bd9Sstevel@tonic-gate *output_cred_handle = (gss_cred_id_t)
2177c478bd9Sstevel@tonic-gate make_dummy_token("dummy_gss_acquire_cred");
2187c478bd9Sstevel@tonic-gate if (time_rec) /* user may pass a null pointer */
2197c478bd9Sstevel@tonic-gate *time_rec = GSS_C_INDEFINITE;
2207c478bd9Sstevel@tonic-gate if (actual_mechs) {
2217c478bd9Sstevel@tonic-gate if (gss_copy_oid_set(minor_status, gss_mech_set_dummy,
2227c478bd9Sstevel@tonic-gate actual_mechs) == GSS_S_FAILURE) {
2237c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
2247c478bd9Sstevel@tonic-gate }
2257c478bd9Sstevel@tonic-gate }
2267c478bd9Sstevel@tonic-gate
2277c478bd9Sstevel@tonic-gate dprintf("Leaving dummy_gss_acquire_cred\n");
2287c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
2297c478bd9Sstevel@tonic-gate }
2307c478bd9Sstevel@tonic-gate
2317c478bd9Sstevel@tonic-gate /*ARGSUSED*/
2327c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_release_cred(ctx,minor_status,cred_handle)2337c478bd9Sstevel@tonic-gate dummy_gss_release_cred(ctx, minor_status, cred_handle)
2347c478bd9Sstevel@tonic-gate void *ctx;
2357c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
2367c478bd9Sstevel@tonic-gate gss_cred_id_t *cred_handle;
2377c478bd9Sstevel@tonic-gate {
2387c478bd9Sstevel@tonic-gate dprintf("Entering dummy_gss_release_cred\n");
2397c478bd9Sstevel@tonic-gate
2407c478bd9Sstevel@tonic-gate free_dummy_token((dummy_token_t *)(cred_handle));
2417c478bd9Sstevel@tonic-gate *cred_handle = NULL;
2427c478bd9Sstevel@tonic-gate
2437c478bd9Sstevel@tonic-gate dprintf("Leaving dummy_gss_release_cred\n");
2447c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
2457c478bd9Sstevel@tonic-gate }
2467c478bd9Sstevel@tonic-gate
2477c478bd9Sstevel@tonic-gate /*ARGSUSED*/
2487c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_init_sec_context(ct,minor_status,claimant_cred_handle,context_handle,target_name,mech_type,req_flags,time_req,input_chan_bindings,input_token,actual_mech_type,output_token,ret_flags,time_rec)2497c478bd9Sstevel@tonic-gate dummy_gss_init_sec_context(ct, minor_status, claimant_cred_handle,
2507c478bd9Sstevel@tonic-gate context_handle, target_name, mech_type,
2517c478bd9Sstevel@tonic-gate req_flags, time_req, input_chan_bindings,
2527c478bd9Sstevel@tonic-gate input_token, actual_mech_type, output_token,
2537c478bd9Sstevel@tonic-gate ret_flags, time_rec)
2547c478bd9Sstevel@tonic-gate void *ct;
2557c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
2567c478bd9Sstevel@tonic-gate gss_cred_id_t claimant_cred_handle;
2577c478bd9Sstevel@tonic-gate gss_ctx_id_t *context_handle;
2587c478bd9Sstevel@tonic-gate gss_name_t target_name;
2597c478bd9Sstevel@tonic-gate gss_OID mech_type;
2607c478bd9Sstevel@tonic-gate OM_uint32 req_flags;
2617c478bd9Sstevel@tonic-gate OM_uint32 time_req;
2627c478bd9Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings;
2637c478bd9Sstevel@tonic-gate gss_buffer_t input_token;
2647c478bd9Sstevel@tonic-gate gss_OID *actual_mech_type;
2657c478bd9Sstevel@tonic-gate gss_buffer_t output_token;
2667c478bd9Sstevel@tonic-gate OM_uint32 *ret_flags;
2677c478bd9Sstevel@tonic-gate OM_uint32 *time_rec;
2687c478bd9Sstevel@tonic-gate {
2697c478bd9Sstevel@tonic-gate dummy_gss_ctx_id_t ctx;
2707c478bd9Sstevel@tonic-gate char token_string[64];
2717c478bd9Sstevel@tonic-gate OM_uint32 ret;
2727c478bd9Sstevel@tonic-gate OM_uint32 aret;
2737c478bd9Sstevel@tonic-gate int send_token = 0;
2747c478bd9Sstevel@tonic-gate
2757c478bd9Sstevel@tonic-gate dprintf("Entering init_sec_context\n");
2767c478bd9Sstevel@tonic-gate
2777c478bd9Sstevel@tonic-gate output_token->length = 0;
2787c478bd9Sstevel@tonic-gate output_token->value = NULL;
2797c478bd9Sstevel@tonic-gate if (actual_mech_type)
2807c478bd9Sstevel@tonic-gate *actual_mech_type = NULL;
2817c478bd9Sstevel@tonic-gate
2827c478bd9Sstevel@tonic-gate if (*context_handle == GSS_C_NO_CONTEXT) {
2837c478bd9Sstevel@tonic-gate
2847c478bd9Sstevel@tonic-gate if (input_token != NULL && input_token->value != NULL)
2857c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
2867c478bd9Sstevel@tonic-gate
2877c478bd9Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)malloc(sizeof (dummy_gss_ctx_id_rec));
2887c478bd9Sstevel@tonic-gate ctx->established = 0;
2897c478bd9Sstevel@tonic-gate ctx->last_stat = 0xffffffff;
2907c478bd9Sstevel@tonic-gate *context_handle = (gss_ctx_id_t)ctx;
2917c478bd9Sstevel@tonic-gate /*
2927c478bd9Sstevel@tonic-gate * Initiator interpretation of config file. If 2 or more
2937c478bd9Sstevel@tonic-gate * the client returns CONTINUE_NNED on the first call.
2947c478bd9Sstevel@tonic-gate */
2957c478bd9Sstevel@tonic-gate if (token_nums >= 2) {
2967c478bd9Sstevel@tonic-gate ret = GSS_S_CONTINUE_NEEDED;
2977c478bd9Sstevel@tonic-gate } else {
2987c478bd9Sstevel@tonic-gate ret = GSS_S_COMPLETE;
2997c478bd9Sstevel@tonic-gate }
3007c478bd9Sstevel@tonic-gate send_token = 1;
3017c478bd9Sstevel@tonic-gate } else {
3027c478bd9Sstevel@tonic-gate unsigned char *ptr;
3037c478bd9Sstevel@tonic-gate int bodysize;
3047c478bd9Sstevel@tonic-gate int err;
3057c478bd9Sstevel@tonic-gate
3067c478bd9Sstevel@tonic-gate if (input_token == NULL || input_token->value == NULL) {
3077c478bd9Sstevel@tonic-gate ctx->last_stat = GSS_S_FAILURE;
3087c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
3097c478bd9Sstevel@tonic-gate }
3107c478bd9Sstevel@tonic-gate
3117c478bd9Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)(*context_handle);
3127c478bd9Sstevel@tonic-gate
3137c478bd9Sstevel@tonic-gate
3147c478bd9Sstevel@tonic-gate ptr = (unsigned char *) input_token->value;
3157c478bd9Sstevel@tonic-gate if (err = g_verify_token_header((gss_OID)gss_mech_dummy,
3167c478bd9Sstevel@tonic-gate &bodysize, &ptr, 0, input_token->length)) {
3177c478bd9Sstevel@tonic-gate
3187c478bd9Sstevel@tonic-gate *minor_status = err;
3197c478bd9Sstevel@tonic-gate ctx->last_stat = GSS_S_DEFECTIVE_TOKEN;
3207c478bd9Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
3217c478bd9Sstevel@tonic-gate }
3227c478bd9Sstevel@tonic-gate
3237c478bd9Sstevel@tonic-gate if (sscanf((char *)ptr, "%d", &aret) < 1) {
3247c478bd9Sstevel@tonic-gate *minor_status = 1;
3257c478bd9Sstevel@tonic-gate ctx->last_stat = GSS_S_DEFECTIVE_TOKEN;
3267c478bd9Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
3277c478bd9Sstevel@tonic-gate }
3287c478bd9Sstevel@tonic-gate
3297c478bd9Sstevel@tonic-gate if (aret == GSS_S_CONTINUE_NEEDED) {
3307c478bd9Sstevel@tonic-gate if (ctx->last_stat == GSS_S_COMPLETE) {
3317c478bd9Sstevel@tonic-gate /*
3327c478bd9Sstevel@tonic-gate * RFC 2078, page 36, under GSS_S_COMPLETE
3337c478bd9Sstevel@tonic-gate * says that acceptor (target) has sufficient
3347c478bd9Sstevel@tonic-gate * information to perform per-message
3357c478bd9Sstevel@tonic-gate * processing. So if initiator previously
3367c478bd9Sstevel@tonic-gate * returned GSS_S_COMPLETE, and acceptor
337*48bbca81SDaniel Hoffman * says it needs more, then we have
3387c478bd9Sstevel@tonic-gate * a problem.
3397c478bd9Sstevel@tonic-gate */
3407c478bd9Sstevel@tonic-gate ctx->last_stat = GSS_S_FAILURE;
3417c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
3427c478bd9Sstevel@tonic-gate }
3437c478bd9Sstevel@tonic-gate ret = GSS_S_CONTINUE_NEEDED;
3447c478bd9Sstevel@tonic-gate send_token = 1;
3457c478bd9Sstevel@tonic-gate } else {
3467c478bd9Sstevel@tonic-gate ret = GSS_S_COMPLETE;
3477c478bd9Sstevel@tonic-gate send_token = 0;
3487c478bd9Sstevel@tonic-gate }
3497c478bd9Sstevel@tonic-gate }
3507c478bd9Sstevel@tonic-gate if (ret_flags) /* user may pass a null pointer */
3517c478bd9Sstevel@tonic-gate *ret_flags = dummy_flags;
3527c478bd9Sstevel@tonic-gate if (time_rec) /* user may pass a null pointer */
3537c478bd9Sstevel@tonic-gate *time_rec = GSS_C_INDEFINITE;
3547c478bd9Sstevel@tonic-gate if (actual_mech_type)
3557c478bd9Sstevel@tonic-gate *actual_mech_type = (gss_OID) gss_mech_dummy;
3567c478bd9Sstevel@tonic-gate
3577c478bd9Sstevel@tonic-gate if (send_token == 1) {
3587c478bd9Sstevel@tonic-gate sprintf(token_string, "%d", ret);
3597c478bd9Sstevel@tonic-gate
3607c478bd9Sstevel@tonic-gate *output_token = make_dummy_token_msg(
3617c478bd9Sstevel@tonic-gate token_string, strlen(token_string) + 1);
3627c478bd9Sstevel@tonic-gate } else {
3637c478bd9Sstevel@tonic-gate *output_token = make_dummy_token_msg(NULL, 0);
3647c478bd9Sstevel@tonic-gate }
3657c478bd9Sstevel@tonic-gate
3667c478bd9Sstevel@tonic-gate if (ret == GSS_S_COMPLETE)
3677c478bd9Sstevel@tonic-gate ctx->established = 1;
3687c478bd9Sstevel@tonic-gate
3697c478bd9Sstevel@tonic-gate ctx->last_stat = ret;
3707c478bd9Sstevel@tonic-gate return (ret);
3717c478bd9Sstevel@tonic-gate }
3727c478bd9Sstevel@tonic-gate
3737c478bd9Sstevel@tonic-gate /*ARGSUSED*/
3747c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_accept_sec_context(ct,minor_status,context_handle,verifier_cred_handle,input_token,input_chan_bindings,src_name,mech_type,output_token,ret_flags,time_rec,delegated_cred_handle)3757c478bd9Sstevel@tonic-gate dummy_gss_accept_sec_context(ct, minor_status, context_handle,
3767c478bd9Sstevel@tonic-gate verifier_cred_handle, input_token,
3777c478bd9Sstevel@tonic-gate input_chan_bindings, src_name, mech_type,
3787c478bd9Sstevel@tonic-gate output_token, ret_flags, time_rec,
3797c478bd9Sstevel@tonic-gate delegated_cred_handle)
3807c478bd9Sstevel@tonic-gate void *ct;
3817c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
3827c478bd9Sstevel@tonic-gate gss_ctx_id_t *context_handle;
3837c478bd9Sstevel@tonic-gate gss_cred_id_t verifier_cred_handle;
3847c478bd9Sstevel@tonic-gate gss_buffer_t input_token;
3857c478bd9Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings;
3867c478bd9Sstevel@tonic-gate gss_name_t *src_name;
3877c478bd9Sstevel@tonic-gate gss_OID *mech_type;
3887c478bd9Sstevel@tonic-gate gss_buffer_t output_token;
3897c478bd9Sstevel@tonic-gate OM_uint32 *ret_flags;
3907c478bd9Sstevel@tonic-gate OM_uint32 *time_rec;
3917c478bd9Sstevel@tonic-gate gss_cred_id_t *delegated_cred_handle;
3927c478bd9Sstevel@tonic-gate {
3937c478bd9Sstevel@tonic-gate dummy_gss_ctx_id_t ctx;
3947c478bd9Sstevel@tonic-gate char token_string[64];
3957c478bd9Sstevel@tonic-gate gss_buffer_desc name;
3967c478bd9Sstevel@tonic-gate OM_uint32 status;
3977c478bd9Sstevel@tonic-gate gss_name_t temp;
3987c478bd9Sstevel@tonic-gate unsigned char *ptr;
3997c478bd9Sstevel@tonic-gate int bodysize;
4007c478bd9Sstevel@tonic-gate int err;
4017c478bd9Sstevel@tonic-gate OM_uint32 iret;
4027c478bd9Sstevel@tonic-gate int return_token = 0;
4037c478bd9Sstevel@tonic-gate
4047c478bd9Sstevel@tonic-gate dprintf("Entering accept_sec_context\n");
4057c478bd9Sstevel@tonic-gate
4067c478bd9Sstevel@tonic-gate if (src_name)
4077c478bd9Sstevel@tonic-gate *src_name = (gss_name_t)NULL;
4087c478bd9Sstevel@tonic-gate output_token->length = 0;
4097c478bd9Sstevel@tonic-gate output_token->value = NULL;
4107c478bd9Sstevel@tonic-gate if (mech_type)
4117c478bd9Sstevel@tonic-gate *mech_type = GSS_C_NULL_OID;
4127c478bd9Sstevel@tonic-gate /* return a bogus cred handle */
4137c478bd9Sstevel@tonic-gate if (delegated_cred_handle)
4147c478bd9Sstevel@tonic-gate *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
4157c478bd9Sstevel@tonic-gate
4167c478bd9Sstevel@tonic-gate /* Check for defective input token. */
4177c478bd9Sstevel@tonic-gate ptr = (unsigned char *) input_token->value;
4187c478bd9Sstevel@tonic-gate if (err = g_verify_token_header((gss_OID)gss_mech_dummy, &bodysize,
4197c478bd9Sstevel@tonic-gate &ptr, 0,
4207c478bd9Sstevel@tonic-gate input_token->length)) {
4217c478bd9Sstevel@tonic-gate *minor_status = err;
4227c478bd9Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
4237c478bd9Sstevel@tonic-gate }
4247c478bd9Sstevel@tonic-gate
4257c478bd9Sstevel@tonic-gate if (sscanf((char *)ptr, "%d", &iret) < 1) {
4267c478bd9Sstevel@tonic-gate *minor_status = 1;
4277c478bd9Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
4287c478bd9Sstevel@tonic-gate }
4297c478bd9Sstevel@tonic-gate
4307c478bd9Sstevel@tonic-gate if (*context_handle == GSS_C_NO_CONTEXT) {
4317c478bd9Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)malloc(sizeof (dummy_gss_ctx_id_rec));
4327c478bd9Sstevel@tonic-gate ctx->token_number = token_nums;
4337c478bd9Sstevel@tonic-gate ctx->established = 0;
4347c478bd9Sstevel@tonic-gate *context_handle = (gss_ctx_id_t)ctx;
4357c478bd9Sstevel@tonic-gate } else {
4367c478bd9Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)(*context_handle);
4377c478bd9Sstevel@tonic-gate }
4387c478bd9Sstevel@tonic-gate
4397c478bd9Sstevel@tonic-gate if (ret_flags) /* user may pass a null pointer */
4407c478bd9Sstevel@tonic-gate *ret_flags = dummy_flags;
4417c478bd9Sstevel@tonic-gate if (time_rec) /* user may pass a null pointer */
4427c478bd9Sstevel@tonic-gate *time_rec = GSS_C_INDEFINITE;
4437c478bd9Sstevel@tonic-gate if (mech_type)
4447c478bd9Sstevel@tonic-gate *mech_type = (gss_OID)gss_mech_dummy;
4457c478bd9Sstevel@tonic-gate
4467c478bd9Sstevel@tonic-gate /*
4477c478bd9Sstevel@tonic-gate * RFC 2078, page 36, under GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED
4487c478bd9Sstevel@tonic-gate * tells us whether to return a token or not.
4497c478bd9Sstevel@tonic-gate */
4507c478bd9Sstevel@tonic-gate
4517c478bd9Sstevel@tonic-gate if (iret == GSS_S_CONTINUE_NEEDED)
4527c478bd9Sstevel@tonic-gate return_token = 1;
4537c478bd9Sstevel@tonic-gate else
4547c478bd9Sstevel@tonic-gate return_token = 0;
4557c478bd9Sstevel@tonic-gate
4567c478bd9Sstevel@tonic-gate
4577c478bd9Sstevel@tonic-gate if (ctx->token_number > 1) {
4587c478bd9Sstevel@tonic-gate /*
4597c478bd9Sstevel@tonic-gate * RFC 2078, page 36, under GSS_S_COMPLETE, says that if
4607c478bd9Sstevel@tonic-gate * initiator is done, the target (us) has what it needs, so
4617c478bd9Sstevel@tonic-gate * it must return GSS_S_COMPLETE;
4627c478bd9Sstevel@tonic-gate */
4637c478bd9Sstevel@tonic-gate if (iret == GSS_S_CONTINUE_NEEDED)
4647c478bd9Sstevel@tonic-gate status = GSS_S_CONTINUE_NEEDED;
4657c478bd9Sstevel@tonic-gate else
4667c478bd9Sstevel@tonic-gate status = GSS_S_COMPLETE;
4677c478bd9Sstevel@tonic-gate
4687c478bd9Sstevel@tonic-gate } else
4697c478bd9Sstevel@tonic-gate status = GSS_S_COMPLETE;
4707c478bd9Sstevel@tonic-gate
4717c478bd9Sstevel@tonic-gate /* source name is ready at GSS_S_COMPLELE */
4727c478bd9Sstevel@tonic-gate if ((status == GSS_S_COMPLETE) && src_name) {
4737c478bd9Sstevel@tonic-gate name.length = strlen(dummy_srcname);
4747c478bd9Sstevel@tonic-gate name.value = dummy_srcname;
4757c478bd9Sstevel@tonic-gate status = dummy_gss_import_name(ct, minor_status, &name,
4767c478bd9Sstevel@tonic-gate (gss_OID)GSS_C_NT_USER_NAME, &temp);
4777c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) {
4787c478bd9Sstevel@tonic-gate free(*context_handle);
4797c478bd9Sstevel@tonic-gate *context_handle = GSS_C_NO_CONTEXT;
4807c478bd9Sstevel@tonic-gate return (status);
4817c478bd9Sstevel@tonic-gate }
4827c478bd9Sstevel@tonic-gate *src_name = temp;
4837c478bd9Sstevel@tonic-gate }
4847c478bd9Sstevel@tonic-gate
4857c478bd9Sstevel@tonic-gate if (status == GSS_S_COMPLETE) {
4867c478bd9Sstevel@tonic-gate ctx->established = 1;
4877c478bd9Sstevel@tonic-gate }
4887c478bd9Sstevel@tonic-gate
4897c478bd9Sstevel@tonic-gate if (return_token == 1) {
4907c478bd9Sstevel@tonic-gate sprintf(token_string, "%d", status);
4917c478bd9Sstevel@tonic-gate
4927c478bd9Sstevel@tonic-gate *output_token = make_dummy_token_msg(
4937c478bd9Sstevel@tonic-gate token_string, strlen(token_string) + 1);
4947c478bd9Sstevel@tonic-gate } else {
4957c478bd9Sstevel@tonic-gate *output_token = make_dummy_token_msg(NULL, 0);
4967c478bd9Sstevel@tonic-gate }
4977c478bd9Sstevel@tonic-gate
4987c478bd9Sstevel@tonic-gate if (ctx->token_number > 0)
4997c478bd9Sstevel@tonic-gate ctx->token_number--;
5007c478bd9Sstevel@tonic-gate
5017c478bd9Sstevel@tonic-gate return (status);
5027c478bd9Sstevel@tonic-gate }
5037c478bd9Sstevel@tonic-gate
5047c478bd9Sstevel@tonic-gate
5057c478bd9Sstevel@tonic-gate /*ARGSUSED*/
5067c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_process_context_token(ct,minor_status,context_handle,token_buffer)5077c478bd9Sstevel@tonic-gate dummy_gss_process_context_token(ct, minor_status, context_handle, token_buffer)
5087c478bd9Sstevel@tonic-gate void *ct;
5097c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
5107c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle;
5117c478bd9Sstevel@tonic-gate gss_buffer_t token_buffer;
5127c478bd9Sstevel@tonic-gate {
5137c478bd9Sstevel@tonic-gate dprintf("In process_sec_context\n");
5147c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
5157c478bd9Sstevel@tonic-gate }
5167c478bd9Sstevel@tonic-gate
5177c478bd9Sstevel@tonic-gate /*ARGSUSED*/
5187c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_delete_sec_context(ct,minor_status,context_handle,output_token)5197c478bd9Sstevel@tonic-gate dummy_gss_delete_sec_context(ct, minor_status, context_handle, output_token)
5207c478bd9Sstevel@tonic-gate void *ct;
5217c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
5227c478bd9Sstevel@tonic-gate gss_ctx_id_t *context_handle;
5237c478bd9Sstevel@tonic-gate gss_buffer_t output_token;
5247c478bd9Sstevel@tonic-gate {
5257c478bd9Sstevel@tonic-gate dummy_gss_ctx_id_t ctx;
5267c478bd9Sstevel@tonic-gate
5277c478bd9Sstevel@tonic-gate dprintf("Entering delete_sec_context\n");
5287c478bd9Sstevel@tonic-gate
5297c478bd9Sstevel@tonic-gate /* Make the length to 0, so the output token is not sent to peer */
5307c478bd9Sstevel@tonic-gate if (output_token) {
5317c478bd9Sstevel@tonic-gate output_token->length = 0;
5327c478bd9Sstevel@tonic-gate output_token->value = NULL;
5337c478bd9Sstevel@tonic-gate }
5347c478bd9Sstevel@tonic-gate
5357c478bd9Sstevel@tonic-gate if (*context_handle == GSS_C_NO_CONTEXT) {
5367c478bd9Sstevel@tonic-gate *minor_status = 0;
5377c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
5387c478bd9Sstevel@tonic-gate }
5397c478bd9Sstevel@tonic-gate
5407c478bd9Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)*context_handle;
5417c478bd9Sstevel@tonic-gate free(ctx);
5427c478bd9Sstevel@tonic-gate *context_handle = GSS_C_NO_CONTEXT;
5437c478bd9Sstevel@tonic-gate
5447c478bd9Sstevel@tonic-gate dprintf("Leaving delete_sec_context\n");
5457c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
5467c478bd9Sstevel@tonic-gate }
5477c478bd9Sstevel@tonic-gate
5487c478bd9Sstevel@tonic-gate
5497c478bd9Sstevel@tonic-gate /*ARGSUSED*/
5507c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_context_time(ct,minor_status,context_handle,time_rec)5517c478bd9Sstevel@tonic-gate dummy_gss_context_time(ct, minor_status, context_handle, time_rec)
5527c478bd9Sstevel@tonic-gate void *ct;
5537c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
5547c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle;
5557c478bd9Sstevel@tonic-gate OM_uint32 *time_rec;
5567c478bd9Sstevel@tonic-gate {
5577c478bd9Sstevel@tonic-gate dprintf("In context_time\n");
5587c478bd9Sstevel@tonic-gate if (time_rec) /* user may pass a null pointer */
5597c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
5607c478bd9Sstevel@tonic-gate else
5617c478bd9Sstevel@tonic-gate *time_rec = GSS_C_INDEFINITE;
5627c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
5637c478bd9Sstevel@tonic-gate }
5647c478bd9Sstevel@tonic-gate
5657c478bd9Sstevel@tonic-gate /*ARGSUSED*/
5667c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_sign(ctx,minor_status,context_handle,qop_req,message_buffer,message_token)5677c478bd9Sstevel@tonic-gate dummy_gss_sign(ctx, minor_status, context_handle,
5687c478bd9Sstevel@tonic-gate qop_req, message_buffer, message_token)
5697c478bd9Sstevel@tonic-gate void *ctx;
5707c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
5717c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle;
5727c478bd9Sstevel@tonic-gate int qop_req;
5737c478bd9Sstevel@tonic-gate gss_buffer_t message_buffer;
5747c478bd9Sstevel@tonic-gate gss_buffer_t message_token;
5757c478bd9Sstevel@tonic-gate {
5767c478bd9Sstevel@tonic-gate char token_string[] = "dummy_gss_sign";
5777c478bd9Sstevel@tonic-gate dummy_gss_ctx_id_t context;
5787c478bd9Sstevel@tonic-gate
5797c478bd9Sstevel@tonic-gate dprintf("Entering gss_sign\n");
5807c478bd9Sstevel@tonic-gate
5817c478bd9Sstevel@tonic-gate context = (dummy_gss_ctx_id_t)(context_handle);
5827c478bd9Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
5837c478bd9Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
5847c478bd9Sstevel@tonic-gate if (!context->established)
5857c478bd9Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
5867c478bd9Sstevel@tonic-gate
5877c478bd9Sstevel@tonic-gate *message_token = make_dummy_token_msg(
5887c478bd9Sstevel@tonic-gate token_string, strlen(token_string));
5897c478bd9Sstevel@tonic-gate
5907c478bd9Sstevel@tonic-gate dprintf("Leaving gss_sign\n");
5917c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
5927c478bd9Sstevel@tonic-gate }
5937c478bd9Sstevel@tonic-gate
5947c478bd9Sstevel@tonic-gate /*ARGSUSED*/
5957c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_verify(ctx,minor_status,context_handle,message_buffer,token_buffer,qop_state)5967c478bd9Sstevel@tonic-gate dummy_gss_verify(ctx, minor_status, context_handle,
5977c478bd9Sstevel@tonic-gate message_buffer, token_buffer, qop_state)
5987c478bd9Sstevel@tonic-gate void *ctx;
5997c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
6007c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle;
6017c478bd9Sstevel@tonic-gate gss_buffer_t message_buffer;
6027c478bd9Sstevel@tonic-gate gss_buffer_t token_buffer;
6037c478bd9Sstevel@tonic-gate int *qop_state;
6047c478bd9Sstevel@tonic-gate {
6057c478bd9Sstevel@tonic-gate unsigned char *ptr;
6067c478bd9Sstevel@tonic-gate int bodysize;
6077c478bd9Sstevel@tonic-gate int err;
6087c478bd9Sstevel@tonic-gate dummy_gss_ctx_id_t context;
6097c478bd9Sstevel@tonic-gate
6107c478bd9Sstevel@tonic-gate dprintf("Entering gss_verify\n");
6117c478bd9Sstevel@tonic-gate
6127c478bd9Sstevel@tonic-gate context = (dummy_gss_ctx_id_t)(context_handle);
6137c478bd9Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
6147c478bd9Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
6157c478bd9Sstevel@tonic-gate if (!context->established)
6167c478bd9Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
6177c478bd9Sstevel@tonic-gate
6187c478bd9Sstevel@tonic-gate /* Check for defective input token. */
6197c478bd9Sstevel@tonic-gate ptr = (unsigned char *) token_buffer->value;
6207c478bd9Sstevel@tonic-gate if (err = g_verify_token_header((gss_OID)gss_mech_dummy, &bodysize,
6217c478bd9Sstevel@tonic-gate &ptr, 0,
6227c478bd9Sstevel@tonic-gate token_buffer->length)) {
6237c478bd9Sstevel@tonic-gate *minor_status = err;
6247c478bd9Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
6257c478bd9Sstevel@tonic-gate }
6267c478bd9Sstevel@tonic-gate
6277c478bd9Sstevel@tonic-gate if (qop_state)
6287c478bd9Sstevel@tonic-gate *qop_state = GSS_C_QOP_DEFAULT;
6297c478bd9Sstevel@tonic-gate
6307c478bd9Sstevel@tonic-gate dprintf("Leaving gss_verify\n");
6317c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
6327c478bd9Sstevel@tonic-gate }
6337c478bd9Sstevel@tonic-gate
6347c478bd9Sstevel@tonic-gate /*ARGSUSED*/
6357c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_seal(ctx,minor_status,context_handle,conf_req_flag,qop_req,input_message_buffer,conf_state,output_message_buffer)6367c478bd9Sstevel@tonic-gate dummy_gss_seal(ctx, minor_status, context_handle, conf_req_flag,
6377c478bd9Sstevel@tonic-gate qop_req, input_message_buffer, conf_state,
6387c478bd9Sstevel@tonic-gate output_message_buffer)
6397c478bd9Sstevel@tonic-gate void *ctx;
6407c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
6417c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle;
6427c478bd9Sstevel@tonic-gate int conf_req_flag;
6437c478bd9Sstevel@tonic-gate int qop_req;
6447c478bd9Sstevel@tonic-gate gss_buffer_t input_message_buffer;
6457c478bd9Sstevel@tonic-gate int *conf_state;
6467c478bd9Sstevel@tonic-gate gss_buffer_t output_message_buffer;
6477c478bd9Sstevel@tonic-gate {
6487c478bd9Sstevel@tonic-gate gss_buffer_desc output;
6497c478bd9Sstevel@tonic-gate dummy_gss_ctx_id_t context;
6507c478bd9Sstevel@tonic-gate
6517c478bd9Sstevel@tonic-gate dprintf("Entering gss_seal\n");
6527c478bd9Sstevel@tonic-gate
6537c478bd9Sstevel@tonic-gate context = (dummy_gss_ctx_id_t)(context_handle);
6547c478bd9Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
6557c478bd9Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
6567c478bd9Sstevel@tonic-gate if (!context->established)
6577c478bd9Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
6587c478bd9Sstevel@tonic-gate
6597c478bd9Sstevel@tonic-gate /* Copy the input message to output message */
6607c478bd9Sstevel@tonic-gate output = make_dummy_token_msg(
6617c478bd9Sstevel@tonic-gate input_message_buffer->value, input_message_buffer->length);
6627c478bd9Sstevel@tonic-gate
6637c478bd9Sstevel@tonic-gate if (conf_state)
6647c478bd9Sstevel@tonic-gate *conf_state = 1;
6657c478bd9Sstevel@tonic-gate
6667c478bd9Sstevel@tonic-gate *output_message_buffer = output;
6677c478bd9Sstevel@tonic-gate
6687c478bd9Sstevel@tonic-gate dprintf("Leaving gss_seal\n");
6697c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
6707c478bd9Sstevel@tonic-gate }
6717c478bd9Sstevel@tonic-gate
6727c478bd9Sstevel@tonic-gate
6737c478bd9Sstevel@tonic-gate
6747c478bd9Sstevel@tonic-gate
6757c478bd9Sstevel@tonic-gate /*ARGSUSED*/
6767c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_unseal(ctx,minor_status,context_handle,input_message_buffer,output_message_buffer,conf_state,qop_state)6777c478bd9Sstevel@tonic-gate dummy_gss_unseal(ctx, minor_status, context_handle,
6787c478bd9Sstevel@tonic-gate input_message_buffer, output_message_buffer,
6797c478bd9Sstevel@tonic-gate conf_state, qop_state)
6807c478bd9Sstevel@tonic-gate void *ctx;
6817c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
6827c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle;
6837c478bd9Sstevel@tonic-gate gss_buffer_t input_message_buffer;
6847c478bd9Sstevel@tonic-gate gss_buffer_t output_message_buffer;
6857c478bd9Sstevel@tonic-gate int *conf_state;
6867c478bd9Sstevel@tonic-gate int *qop_state;
6877c478bd9Sstevel@tonic-gate {
6887c478bd9Sstevel@tonic-gate gss_buffer_desc output;
6897c478bd9Sstevel@tonic-gate unsigned char *ptr;
6907c478bd9Sstevel@tonic-gate int bodysize;
6917c478bd9Sstevel@tonic-gate int err;
6927c478bd9Sstevel@tonic-gate dummy_gss_ctx_id_t context;
6937c478bd9Sstevel@tonic-gate
6947c478bd9Sstevel@tonic-gate dprintf("Entering gss_unseal\n");
6957c478bd9Sstevel@tonic-gate
6967c478bd9Sstevel@tonic-gate context = (dummy_gss_ctx_id_t)(context_handle);
6977c478bd9Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
6987c478bd9Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
6997c478bd9Sstevel@tonic-gate if (!context->established)
7007c478bd9Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
7017c478bd9Sstevel@tonic-gate
7027c478bd9Sstevel@tonic-gate ptr = (unsigned char *) input_message_buffer->value;
7037c478bd9Sstevel@tonic-gate if (err = g_verify_token_header((gss_OID)gss_mech_dummy, &bodysize,
7047c478bd9Sstevel@tonic-gate &ptr, 0,
7057c478bd9Sstevel@tonic-gate input_message_buffer->length)) {
7067c478bd9Sstevel@tonic-gate *minor_status = err;
7077c478bd9Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
7087c478bd9Sstevel@tonic-gate }
7097c478bd9Sstevel@tonic-gate output.length = bodysize;
7107c478bd9Sstevel@tonic-gate output.value = (void *)malloc(output.length);
7117c478bd9Sstevel@tonic-gate memcpy(output.value, ptr, output.length);
7127c478bd9Sstevel@tonic-gate
7137c478bd9Sstevel@tonic-gate *output_message_buffer = output;
7147c478bd9Sstevel@tonic-gate if (qop_state)
7157c478bd9Sstevel@tonic-gate *qop_state = GSS_C_QOP_DEFAULT;
7167c478bd9Sstevel@tonic-gate if (conf_state)
7177c478bd9Sstevel@tonic-gate *conf_state = 1;
7187c478bd9Sstevel@tonic-gate
7197c478bd9Sstevel@tonic-gate dprintf("Leaving gss_unseal\n");
7207c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
7217c478bd9Sstevel@tonic-gate }
7227c478bd9Sstevel@tonic-gate
7237c478bd9Sstevel@tonic-gate /*ARGSUSED*/
7247c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_display_status(ctx,minor_status,status_value,status_type,mech_type,message_context,status_string)7257c478bd9Sstevel@tonic-gate dummy_gss_display_status(ctx, minor_status, status_value, status_type,
7267c478bd9Sstevel@tonic-gate mech_type, message_context, status_string)
7277c478bd9Sstevel@tonic-gate void *ctx;
7287c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
7297c478bd9Sstevel@tonic-gate OM_uint32 status_value;
7307c478bd9Sstevel@tonic-gate int status_type;
7317c478bd9Sstevel@tonic-gate gss_OID mech_type;
7327c478bd9Sstevel@tonic-gate OM_uint32 *message_context;
7337c478bd9Sstevel@tonic-gate gss_buffer_t status_string;
7347c478bd9Sstevel@tonic-gate {
7357c478bd9Sstevel@tonic-gate dprintf("Entering display_status\n");
7367c478bd9Sstevel@tonic-gate
7377c478bd9Sstevel@tonic-gate *message_context = 0;
7387c478bd9Sstevel@tonic-gate *status_string = make_dummy_token_buffer("dummy_gss_display_status");
7397c478bd9Sstevel@tonic-gate
7407c478bd9Sstevel@tonic-gate dprintf("Leaving display_status\n");
7417c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
7427c478bd9Sstevel@tonic-gate }
7437c478bd9Sstevel@tonic-gate
7447c478bd9Sstevel@tonic-gate /*ARGSUSED*/
7457c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_indicate_mechs(ctx,minor_status,mech_set)7467c478bd9Sstevel@tonic-gate dummy_gss_indicate_mechs(ctx, minor_status, mech_set)
7477c478bd9Sstevel@tonic-gate void *ctx;
7487c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
7497c478bd9Sstevel@tonic-gate gss_OID_set *mech_set;
7507c478bd9Sstevel@tonic-gate {
7517c478bd9Sstevel@tonic-gate dprintf("Entering indicate_mechs\n");
7527c478bd9Sstevel@tonic-gate
7537c478bd9Sstevel@tonic-gate *minor_status = 0;
7547c478bd9Sstevel@tonic-gate if (mech_set) {
7557c478bd9Sstevel@tonic-gate if (gss_copy_oid_set(minor_status, gss_mech_set_dummy,
7567c478bd9Sstevel@tonic-gate mech_set) == GSS_S_FAILURE) {
7577c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
7587c478bd9Sstevel@tonic-gate }
7597c478bd9Sstevel@tonic-gate }
7607c478bd9Sstevel@tonic-gate
7617c478bd9Sstevel@tonic-gate dprintf("Leaving indicate_mechs\n");
7627c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
7637c478bd9Sstevel@tonic-gate }
7647c478bd9Sstevel@tonic-gate
7657c478bd9Sstevel@tonic-gate /*ARGSUSED*/
7667c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_compare_name(ctx,minor_status,name1,name2,name_equal)7677c478bd9Sstevel@tonic-gate dummy_gss_compare_name(ctx, minor_status, name1, name2, name_equal)
7687c478bd9Sstevel@tonic-gate void *ctx;
7697c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
7707c478bd9Sstevel@tonic-gate gss_name_t name1;
7717c478bd9Sstevel@tonic-gate gss_name_t name2;
7727c478bd9Sstevel@tonic-gate int *name_equal;
7737c478bd9Sstevel@tonic-gate {
7747c478bd9Sstevel@tonic-gate dummy_name_t name_1 = (dummy_name_t)name1;
7757c478bd9Sstevel@tonic-gate dummy_name_t name_2 = (dummy_name_t)name2;
7767c478bd9Sstevel@tonic-gate
7777c478bd9Sstevel@tonic-gate dprintf("Entering compare_name\n");
7787c478bd9Sstevel@tonic-gate
7797c478bd9Sstevel@tonic-gate if (g_OID_equal(name_1->type, name_2->type) &&
7807c478bd9Sstevel@tonic-gate (name_1->buffer->length == name_2->buffer->length) &&
7817c478bd9Sstevel@tonic-gate !memcmp(name_1->buffer->value, name_2->buffer->value,
7827c478bd9Sstevel@tonic-gate name_1->buffer->length))
7837c478bd9Sstevel@tonic-gate *name_equal = 1;
7847c478bd9Sstevel@tonic-gate else
7857c478bd9Sstevel@tonic-gate *name_equal = 0;
7867c478bd9Sstevel@tonic-gate
7877c478bd9Sstevel@tonic-gate dprintf("Leaving compare_name\n");
7887c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
7897c478bd9Sstevel@tonic-gate }
7907c478bd9Sstevel@tonic-gate
7917c478bd9Sstevel@tonic-gate /*ARGSUSED*/
7927c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_display_name(ctx,minor_status,input_name,output_name_buffer,output_name_type)7937c478bd9Sstevel@tonic-gate dummy_gss_display_name(ctx, minor_status, input_name, output_name_buffer,
7947c478bd9Sstevel@tonic-gate output_name_type)
7957c478bd9Sstevel@tonic-gate void *ctx;
7967c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
7977c478bd9Sstevel@tonic-gate gss_name_t input_name;
7987c478bd9Sstevel@tonic-gate gss_buffer_t output_name_buffer;
7997c478bd9Sstevel@tonic-gate gss_OID *output_name_type;
8007c478bd9Sstevel@tonic-gate {
8017c478bd9Sstevel@tonic-gate OM_uint32 status = GSS_S_COMPLETE;
8027c478bd9Sstevel@tonic-gate dummy_name_t name = (dummy_name_t)input_name;
8037c478bd9Sstevel@tonic-gate
8047c478bd9Sstevel@tonic-gate dprintf("Entering display_name\n");
8057c478bd9Sstevel@tonic-gate
8067c478bd9Sstevel@tonic-gate if (g_OID_equal(name->type, GSS_C_NT_USER_NAME) ||
8077c478bd9Sstevel@tonic-gate g_OID_equal(name->type, GSS_C_NT_MACHINE_UID_NAME) ||
8087c478bd9Sstevel@tonic-gate g_OID_equal(name->type, GSS_C_NT_STRING_UID_NAME) ||
8097c478bd9Sstevel@tonic-gate g_OID_equal(name->type, GSS_C_NT_HOSTBASED_SERVICE)) {
8107c478bd9Sstevel@tonic-gate /*
8117c478bd9Sstevel@tonic-gate * output_name_buffer = (gss_buffer_t)
8127c478bd9Sstevel@tonic-gate * malloc(sizeof (gss_buffer_desc));
8137c478bd9Sstevel@tonic-gate */
8147c478bd9Sstevel@tonic-gate if (output_name_buffer == NULL)
8157c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
8167c478bd9Sstevel@tonic-gate
8177c478bd9Sstevel@tonic-gate output_name_buffer->length = name->buffer->length;
8187c478bd9Sstevel@tonic-gate output_name_buffer->value = (void *)
8197c478bd9Sstevel@tonic-gate malloc(name->buffer->length);
8207c478bd9Sstevel@tonic-gate if (output_name_buffer->value == NULL)
8217c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
8227c478bd9Sstevel@tonic-gate
8237c478bd9Sstevel@tonic-gate memcpy(output_name_buffer->value, name->buffer->value,
8247c478bd9Sstevel@tonic-gate name->buffer->length);
8257c478bd9Sstevel@tonic-gate if (output_name_type)
8267c478bd9Sstevel@tonic-gate *output_name_type = name->type;
8277c478bd9Sstevel@tonic-gate
8287c478bd9Sstevel@tonic-gate dprintf("Leaving display_name\n");
8297c478bd9Sstevel@tonic-gate return (status);
8307c478bd9Sstevel@tonic-gate }
8317c478bd9Sstevel@tonic-gate
8327c478bd9Sstevel@tonic-gate dprintf("Leaving display_name\n");
8337c478bd9Sstevel@tonic-gate return (GSS_S_BAD_NAMETYPE);
8347c478bd9Sstevel@tonic-gate }
8357c478bd9Sstevel@tonic-gate
8367c478bd9Sstevel@tonic-gate /*ARGSUSED*/
8377c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_import_name(ctx,minor_status,input_name_buffer,input_name_type,output_name)8387c478bd9Sstevel@tonic-gate dummy_gss_import_name(ctx, minor_status, input_name_buffer,
8397c478bd9Sstevel@tonic-gate input_name_type, output_name)
8407c478bd9Sstevel@tonic-gate void *ctx;
8417c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
8427c478bd9Sstevel@tonic-gate gss_buffer_t input_name_buffer;
8437c478bd9Sstevel@tonic-gate gss_OID input_name_type;
8447c478bd9Sstevel@tonic-gate gss_name_t *output_name;
8457c478bd9Sstevel@tonic-gate {
8467c478bd9Sstevel@tonic-gate OM_uint32 status;
8477c478bd9Sstevel@tonic-gate
8487c478bd9Sstevel@tonic-gate dprintf("Entering import_name\n");
8497c478bd9Sstevel@tonic-gate
8507c478bd9Sstevel@tonic-gate *output_name = NULL;
8517c478bd9Sstevel@tonic-gate *minor_status = 0;
8527c478bd9Sstevel@tonic-gate
8537c478bd9Sstevel@tonic-gate if (input_name_type == GSS_C_NULL_OID)
8547c478bd9Sstevel@tonic-gate return (GSS_S_BAD_NAMETYPE);
8557c478bd9Sstevel@tonic-gate
8567c478bd9Sstevel@tonic-gate if (g_OID_equal(input_name_type, GSS_C_NT_USER_NAME) ||
8577c478bd9Sstevel@tonic-gate g_OID_equal(input_name_type, GSS_C_NT_MACHINE_UID_NAME) ||
8587c478bd9Sstevel@tonic-gate g_OID_equal(input_name_type, GSS_C_NT_STRING_UID_NAME) ||
8597c478bd9Sstevel@tonic-gate g_OID_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) {
8607c478bd9Sstevel@tonic-gate dummy_name_t name = (dummy_name_t)
8617c478bd9Sstevel@tonic-gate malloc(sizeof (dummy_name_desc));
8627c478bd9Sstevel@tonic-gate name->buffer = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
8637c478bd9Sstevel@tonic-gate name->buffer->length = input_name_buffer->length;
8647c478bd9Sstevel@tonic-gate name->buffer->value = (void *)malloc(input_name_buffer->length);
8657c478bd9Sstevel@tonic-gate if (name->buffer->value == NULL)
8667c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
8677c478bd9Sstevel@tonic-gate
8687c478bd9Sstevel@tonic-gate memcpy(name->buffer->value, input_name_buffer->value,
8697c478bd9Sstevel@tonic-gate input_name_buffer->length);
8707c478bd9Sstevel@tonic-gate
8717c478bd9Sstevel@tonic-gate status = generic_gss_copy_oid(minor_status,
8727c478bd9Sstevel@tonic-gate input_name_type, &(name->type));
8737c478bd9Sstevel@tonic-gate *output_name = (gss_name_t)name;
8747c478bd9Sstevel@tonic-gate dprintf("Leaving import_name\n");
8757c478bd9Sstevel@tonic-gate return (status);
8767c478bd9Sstevel@tonic-gate }
8777c478bd9Sstevel@tonic-gate dprintf("Leaving import_name\n");
8787c478bd9Sstevel@tonic-gate return (GSS_S_BAD_NAMETYPE);
8797c478bd9Sstevel@tonic-gate }
8807c478bd9Sstevel@tonic-gate
8817c478bd9Sstevel@tonic-gate /*ARGSUSED*/
8827c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_release_name(ctx,minor_status,input_name)8837c478bd9Sstevel@tonic-gate dummy_gss_release_name(ctx, minor_status, input_name)
8847c478bd9Sstevel@tonic-gate void *ctx;
8857c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
8867c478bd9Sstevel@tonic-gate gss_name_t *input_name;
8877c478bd9Sstevel@tonic-gate {
8887c478bd9Sstevel@tonic-gate dummy_name_t name = (dummy_name_t)*input_name;
8897c478bd9Sstevel@tonic-gate
8907c478bd9Sstevel@tonic-gate dprintf("Entering release_name\n");
8917c478bd9Sstevel@tonic-gate free(name->buffer->value);
8927c478bd9Sstevel@tonic-gate generic_gss_release_oid(minor_status, &(name->type));
8937c478bd9Sstevel@tonic-gate free(name->buffer);
8947c478bd9Sstevel@tonic-gate free(name);
8957c478bd9Sstevel@tonic-gate dprintf("Leaving release_name\n");
8967c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
8977c478bd9Sstevel@tonic-gate }
8987c478bd9Sstevel@tonic-gate
8997c478bd9Sstevel@tonic-gate /*ARGSUSED*/
9007c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_inquire_cred(ctx,minor_status,cred_handle,name,lifetime_ret,cred_usage,mechanisms)9017c478bd9Sstevel@tonic-gate dummy_gss_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret,
9027c478bd9Sstevel@tonic-gate cred_usage, mechanisms)
9037c478bd9Sstevel@tonic-gate void *ctx;
9047c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
9057c478bd9Sstevel@tonic-gate gss_cred_id_t cred_handle;
9067c478bd9Sstevel@tonic-gate gss_name_t *name;
9077c478bd9Sstevel@tonic-gate OM_uint32 *lifetime_ret;
9087c478bd9Sstevel@tonic-gate gss_cred_usage_t *cred_usage;
9097c478bd9Sstevel@tonic-gate gss_OID_set *mechanisms;
9107c478bd9Sstevel@tonic-gate {
9117c478bd9Sstevel@tonic-gate dprintf("Entering inquire_cred\n");
9127c478bd9Sstevel@tonic-gate if (name)
9137c478bd9Sstevel@tonic-gate *name = (gss_name_t)make_dummy_token
9147c478bd9Sstevel@tonic-gate ("dummy gss credential");
9157c478bd9Sstevel@tonic-gate if (lifetime_ret)
9167c478bd9Sstevel@tonic-gate *lifetime_ret = GSS_C_INDEFINITE;
9177c478bd9Sstevel@tonic-gate if (cred_usage)
9187c478bd9Sstevel@tonic-gate *cred_usage = GSS_C_BOTH;
9197c478bd9Sstevel@tonic-gate if (mechanisms) {
9207c478bd9Sstevel@tonic-gate if (gss_copy_oid_set(minor_status, gss_mech_set_dummy,
9217c478bd9Sstevel@tonic-gate mechanisms) == GSS_S_FAILURE)
9227c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
9237c478bd9Sstevel@tonic-gate }
9247c478bd9Sstevel@tonic-gate
9257c478bd9Sstevel@tonic-gate dprintf("Leaving inquire_cred\n");
9267c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
9277c478bd9Sstevel@tonic-gate }
9287c478bd9Sstevel@tonic-gate
9297c478bd9Sstevel@tonic-gate /*ARGSUSED*/
9307c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_add_cred(ctx,minor_status,input_cred_handle,desired_name,desired_mech,cred_usage,initiator_time_req,acceptor_time_req,output_cred_handle,actual_mechs,initiator_time_rec,acceptor_time_rec)9317c478bd9Sstevel@tonic-gate dummy_gss_add_cred(ctx, minor_status, input_cred_handle,
9327c478bd9Sstevel@tonic-gate desired_name, desired_mech, cred_usage,
9337c478bd9Sstevel@tonic-gate initiator_time_req, acceptor_time_req,
9347c478bd9Sstevel@tonic-gate output_cred_handle, actual_mechs,
9357c478bd9Sstevel@tonic-gate initiator_time_rec, acceptor_time_rec)
9367c478bd9Sstevel@tonic-gate void *ctx;
9377c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
9387c478bd9Sstevel@tonic-gate gss_cred_id_t input_cred_handle;
9397c478bd9Sstevel@tonic-gate gss_name_t desired_name;
9407c478bd9Sstevel@tonic-gate gss_OID desired_mech;
9417c478bd9Sstevel@tonic-gate gss_cred_usage_t cred_usage;
9427c478bd9Sstevel@tonic-gate OM_uint32 initiator_time_req;
9437c478bd9Sstevel@tonic-gate OM_uint32 acceptor_time_req;
9447c478bd9Sstevel@tonic-gate gss_cred_id_t *output_cred_handle;
9457c478bd9Sstevel@tonic-gate gss_OID_set *actual_mechs;
9467c478bd9Sstevel@tonic-gate OM_uint32 *initiator_time_rec;
9477c478bd9Sstevel@tonic-gate OM_uint32 *acceptor_time_rec;
9487c478bd9Sstevel@tonic-gate {
9497c478bd9Sstevel@tonic-gate dprintf("Entering add_cred\n");
9507c478bd9Sstevel@tonic-gate
9517c478bd9Sstevel@tonic-gate if ((desired_mech != GSS_C_NULL_OID) &&
9527c478bd9Sstevel@tonic-gate (g_OID_equal(desired_mech, gss_mech_dummy)))
9537c478bd9Sstevel@tonic-gate return (GSS_S_BAD_MECH);
9547c478bd9Sstevel@tonic-gate *minor_status = 0;
9557c478bd9Sstevel@tonic-gate
9567c478bd9Sstevel@tonic-gate dprintf("Leaving add_cred\n");
9577c478bd9Sstevel@tonic-gate
9587c478bd9Sstevel@tonic-gate /* This routine likes in kerberos V5 is never be used / called by */
9597c478bd9Sstevel@tonic-gate /* the GSS_API. It simply returns GSS_S_DUPLICATE_ELEMENT to indicate */
9607c478bd9Sstevel@tonic-gate /* this error */
9617c478bd9Sstevel@tonic-gate
9627c478bd9Sstevel@tonic-gate return (GSS_S_DUPLICATE_ELEMENT);
9637c478bd9Sstevel@tonic-gate }
9647c478bd9Sstevel@tonic-gate
9657c478bd9Sstevel@tonic-gate /* Should I add the token structure to deal with import/export */
9667c478bd9Sstevel@tonic-gate /* of sec_context. For now, I just create dummy interprocess token, and when */
9677c478bd9Sstevel@tonic-gate /* the peer accept it, it calls the import_sec_context.The import_sec_context */
9687c478bd9Sstevel@tonic-gate /* creates new sec_context with status established. (rather than get it */
9697c478bd9Sstevel@tonic-gate /* from interprocess token. it can be done because the sec context in dummy */
9707c478bd9Sstevel@tonic-gate /* mechanism is very simple (contains only status if it's established). */
9717c478bd9Sstevel@tonic-gate /*ARGSUSED*/
9727c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_export_sec_context(ct,minor_status,context_handle,interprocess_token)9737c478bd9Sstevel@tonic-gate dummy_gss_export_sec_context(ct, minor_status, context_handle,
9747c478bd9Sstevel@tonic-gate interprocess_token)
9757c478bd9Sstevel@tonic-gate void *ct;
9767c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
9777c478bd9Sstevel@tonic-gate gss_ctx_id_t *context_handle;
9787c478bd9Sstevel@tonic-gate gss_buffer_t interprocess_token;
9797c478bd9Sstevel@tonic-gate {
9807c478bd9Sstevel@tonic-gate char str[] = "dummy_gss_export_sec_context";
9817c478bd9Sstevel@tonic-gate
9827c478bd9Sstevel@tonic-gate dprintf("Entering export_sec_context\n");
9837c478bd9Sstevel@tonic-gate
9847c478bd9Sstevel@tonic-gate *interprocess_token = make_dummy_token_msg(str, strlen(str));
9857c478bd9Sstevel@tonic-gate free(*context_handle);
9867c478bd9Sstevel@tonic-gate *context_handle = GSS_C_NO_CONTEXT;
9877c478bd9Sstevel@tonic-gate
9887c478bd9Sstevel@tonic-gate dprintf("Leaving export_sec_context\n");
9897c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
9907c478bd9Sstevel@tonic-gate }
9917c478bd9Sstevel@tonic-gate
9927c478bd9Sstevel@tonic-gate /*ARGSUSED*/
9937c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_import_sec_context(ct,minor_status,interprocess_token,context_handle)9947c478bd9Sstevel@tonic-gate dummy_gss_import_sec_context(ct, minor_status, interprocess_token,
9957c478bd9Sstevel@tonic-gate context_handle)
9967c478bd9Sstevel@tonic-gate void *ct;
9977c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
9987c478bd9Sstevel@tonic-gate gss_buffer_t interprocess_token;
9997c478bd9Sstevel@tonic-gate gss_ctx_id_t *context_handle;
10007c478bd9Sstevel@tonic-gate {
10017c478bd9Sstevel@tonic-gate /* Assume that we got ctx from the interprocess token. */
10027c478bd9Sstevel@tonic-gate dummy_gss_ctx_id_t ctx;
10037c478bd9Sstevel@tonic-gate
10047c478bd9Sstevel@tonic-gate dprintf("Entering import_sec_context\n");
10057c478bd9Sstevel@tonic-gate
10067c478bd9Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)malloc(sizeof (dummy_gss_ctx_id_rec));
10077c478bd9Sstevel@tonic-gate ctx->token_number = 0;
10087c478bd9Sstevel@tonic-gate ctx->established = 1;
10097c478bd9Sstevel@tonic-gate
10107c478bd9Sstevel@tonic-gate *context_handle = (gss_ctx_id_t)ctx;
10117c478bd9Sstevel@tonic-gate
10127c478bd9Sstevel@tonic-gate dprintf("Leaving import_sec_context\n");
10137c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
10147c478bd9Sstevel@tonic-gate }
10157c478bd9Sstevel@tonic-gate
10167c478bd9Sstevel@tonic-gate /*ARGSUSED*/
10177c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_inquire_cred_by_mech(ctx,minor_status,cred_handle,mech_type,name,initiator_lifetime,acceptor_lifetime,cred_usage)10187c478bd9Sstevel@tonic-gate dummy_gss_inquire_cred_by_mech(ctx, minor_status, cred_handle,
10197c478bd9Sstevel@tonic-gate mech_type, name, initiator_lifetime,
10207c478bd9Sstevel@tonic-gate acceptor_lifetime, cred_usage)
10217c478bd9Sstevel@tonic-gate void *ctx;
10227c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
10237c478bd9Sstevel@tonic-gate gss_cred_id_t cred_handle;
10247c478bd9Sstevel@tonic-gate gss_OID mech_type;
10257c478bd9Sstevel@tonic-gate gss_name_t *name;
10267c478bd9Sstevel@tonic-gate OM_uint32 *initiator_lifetime;
10277c478bd9Sstevel@tonic-gate OM_uint32 *acceptor_lifetime;
10287c478bd9Sstevel@tonic-gate gss_cred_usage_t *cred_usage;
10297c478bd9Sstevel@tonic-gate {
10307c478bd9Sstevel@tonic-gate dprintf("Entering inquire_cred_by_mech\n");
10317c478bd9Sstevel@tonic-gate if (name)
10327c478bd9Sstevel@tonic-gate *name = (gss_name_t)make_dummy_token("dummy credential name");
10337c478bd9Sstevel@tonic-gate if (initiator_lifetime)
10347c478bd9Sstevel@tonic-gate *initiator_lifetime = GSS_C_INDEFINITE;
10357c478bd9Sstevel@tonic-gate if (acceptor_lifetime)
10367c478bd9Sstevel@tonic-gate *acceptor_lifetime = GSS_C_INDEFINITE;
10377c478bd9Sstevel@tonic-gate if (cred_usage)
10387c478bd9Sstevel@tonic-gate *cred_usage = GSS_C_BOTH;
10397c478bd9Sstevel@tonic-gate
10407c478bd9Sstevel@tonic-gate dprintf("Leaving inquire_cred_by_mech\n");
10417c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
10427c478bd9Sstevel@tonic-gate }
10437c478bd9Sstevel@tonic-gate
10447c478bd9Sstevel@tonic-gate /*ARGSUSED*/
10457c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_inquire_names_for_mech(ctx,minor_status,mechanism,name_types)10467c478bd9Sstevel@tonic-gate dummy_gss_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
10477c478bd9Sstevel@tonic-gate void *ctx;
10487c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
10497c478bd9Sstevel@tonic-gate gss_OID mechanism;
10507c478bd9Sstevel@tonic-gate gss_OID_set *name_types;
10517c478bd9Sstevel@tonic-gate {
10527c478bd9Sstevel@tonic-gate OM_uint32 major, minor;
10537c478bd9Sstevel@tonic-gate
10547c478bd9Sstevel@tonic-gate dprintf("Entering inquire_names_for_mech\n");
10557c478bd9Sstevel@tonic-gate /*
10567c478bd9Sstevel@tonic-gate * We only know how to handle our own mechanism.
10577c478bd9Sstevel@tonic-gate */
10587c478bd9Sstevel@tonic-gate if ((mechanism != GSS_C_NULL_OID) &&
10597c478bd9Sstevel@tonic-gate !g_OID_equal(gss_mech_dummy, mechanism)) {
10607c478bd9Sstevel@tonic-gate *minor_status = 0;
10617c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
10627c478bd9Sstevel@tonic-gate }
10637c478bd9Sstevel@tonic-gate
10647c478bd9Sstevel@tonic-gate major = gss_create_empty_oid_set(minor_status, name_types);
10657c478bd9Sstevel@tonic-gate if (major == GSS_S_COMPLETE) {
10667c478bd9Sstevel@tonic-gate /* Now add our members. */
10677c478bd9Sstevel@tonic-gate if (((major = gss_add_oid_set_member(minor_status,
10687c478bd9Sstevel@tonic-gate (gss_OID) GSS_C_NT_USER_NAME, name_types))
10697c478bd9Sstevel@tonic-gate == GSS_S_COMPLETE) &&
10707c478bd9Sstevel@tonic-gate ((major = gss_add_oid_set_member(minor_status,
10717c478bd9Sstevel@tonic-gate (gss_OID) GSS_C_NT_MACHINE_UID_NAME, name_types))
10727c478bd9Sstevel@tonic-gate == GSS_S_COMPLETE) &&
10737c478bd9Sstevel@tonic-gate ((major = gss_add_oid_set_member(minor_status,
10747c478bd9Sstevel@tonic-gate (gss_OID) GSS_C_NT_STRING_UID_NAME, name_types))
10757c478bd9Sstevel@tonic-gate == GSS_S_COMPLETE)) {
10767c478bd9Sstevel@tonic-gate major = gss_add_oid_set_member(minor_status,
10777c478bd9Sstevel@tonic-gate (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, name_types);
10787c478bd9Sstevel@tonic-gate }
10797c478bd9Sstevel@tonic-gate
10807c478bd9Sstevel@tonic-gate if (major != GSS_S_COMPLETE)
10817c478bd9Sstevel@tonic-gate (void) gss_release_oid_set(&minor, name_types);
10827c478bd9Sstevel@tonic-gate }
10837c478bd9Sstevel@tonic-gate
10847c478bd9Sstevel@tonic-gate dprintf("Leaving inquire_names_for_mech\n");
10857c478bd9Sstevel@tonic-gate return (major);
10867c478bd9Sstevel@tonic-gate }
10877c478bd9Sstevel@tonic-gate
10887c478bd9Sstevel@tonic-gate /*ARGSUSED*/
10897c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_inquire_context(ct,minor_status,context_handle,initiator_name,acceptor_name,lifetime_rec,mech_type,ret_flags,locally_initiated,open)10907c478bd9Sstevel@tonic-gate dummy_gss_inquire_context(ct, minor_status, context_handle, initiator_name,
10917c478bd9Sstevel@tonic-gate acceptor_name, lifetime_rec, mech_type, ret_flags,
10927c478bd9Sstevel@tonic-gate locally_initiated, open)
10937c478bd9Sstevel@tonic-gate void *ct;
10947c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
10957c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle;
10967c478bd9Sstevel@tonic-gate gss_name_t *initiator_name;
10977c478bd9Sstevel@tonic-gate gss_name_t *acceptor_name;
10987c478bd9Sstevel@tonic-gate OM_uint32 *lifetime_rec;
10997c478bd9Sstevel@tonic-gate gss_OID *mech_type;
11007c478bd9Sstevel@tonic-gate OM_uint32 *ret_flags;
11017c478bd9Sstevel@tonic-gate int *locally_initiated;
11027c478bd9Sstevel@tonic-gate int *open;
11037c478bd9Sstevel@tonic-gate {
11047c478bd9Sstevel@tonic-gate dummy_gss_ctx_id_t ctx;
11057c478bd9Sstevel@tonic-gate dummy_name_t name1, name2;
11067c478bd9Sstevel@tonic-gate OM_uint32 status;
11077c478bd9Sstevel@tonic-gate
11087c478bd9Sstevel@tonic-gate dprintf("Entering inquire_context\n");
11097c478bd9Sstevel@tonic-gate
11107c478bd9Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)(context_handle);
11117c478bd9Sstevel@tonic-gate name1 = (dummy_name_t)
11127c478bd9Sstevel@tonic-gate malloc(sizeof (dummy_name_desc));
11137c478bd9Sstevel@tonic-gate name1->buffer = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
11147c478bd9Sstevel@tonic-gate name1->buffer->length = dummy_context_name_len;
11157c478bd9Sstevel@tonic-gate name1->buffer->value = make_dummy_token("dummy context name");
11167c478bd9Sstevel@tonic-gate status = generic_gss_copy_oid(minor_status,
11177c478bd9Sstevel@tonic-gate (gss_OID) GSS_C_NT_USER_NAME, &(name1->type));
11187c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE)
11197c478bd9Sstevel@tonic-gate return (status);
11207c478bd9Sstevel@tonic-gate if (initiator_name)
11217c478bd9Sstevel@tonic-gate *initiator_name = (gss_name_t)name1;
11227c478bd9Sstevel@tonic-gate
11237c478bd9Sstevel@tonic-gate name2 = (dummy_name_t)
11247c478bd9Sstevel@tonic-gate malloc(sizeof (dummy_name_desc));
11257c478bd9Sstevel@tonic-gate name2->buffer = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
11267c478bd9Sstevel@tonic-gate name2->buffer->length = dummy_context_name_len;
11277c478bd9Sstevel@tonic-gate name2->buffer->value = make_dummy_token("dummy context name");
11287c478bd9Sstevel@tonic-gate status = generic_gss_copy_oid(minor_status,
11297c478bd9Sstevel@tonic-gate (gss_OID) GSS_C_NT_USER_NAME, &(name2->type));
11307c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE)
11317c478bd9Sstevel@tonic-gate return (status);
11327c478bd9Sstevel@tonic-gate if (acceptor_name)
11337c478bd9Sstevel@tonic-gate *acceptor_name = (gss_name_t)name2;
11347c478bd9Sstevel@tonic-gate
11357c478bd9Sstevel@tonic-gate if (lifetime_rec) /* user may pass a null pointer */
11367c478bd9Sstevel@tonic-gate *lifetime_rec = GSS_C_INDEFINITE;
11377c478bd9Sstevel@tonic-gate if (mech_type)
11387c478bd9Sstevel@tonic-gate *mech_type = (gss_OID)gss_mech_dummy;
11397c478bd9Sstevel@tonic-gate if (ret_flags)
11407c478bd9Sstevel@tonic-gate *ret_flags = dummy_flags;
11417c478bd9Sstevel@tonic-gate if (open)
11427c478bd9Sstevel@tonic-gate *open = ctx->established;
11437c478bd9Sstevel@tonic-gate
11447c478bd9Sstevel@tonic-gate dprintf("Leaving inquire_context\n");
11457c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
11467c478bd9Sstevel@tonic-gate }
11477c478bd9Sstevel@tonic-gate
11487c478bd9Sstevel@tonic-gate /*ARGSUSED*/
11497c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_internal_release_oid(ct,minor_status,oid)11507c478bd9Sstevel@tonic-gate dummy_gss_internal_release_oid(ct, minor_status, oid)
11517c478bd9Sstevel@tonic-gate void *ct;
11527c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
11537c478bd9Sstevel@tonic-gate gss_OID *oid;
11547c478bd9Sstevel@tonic-gate {
11557c478bd9Sstevel@tonic-gate dprintf("Entering internal_release_oid\n");
11567c478bd9Sstevel@tonic-gate
11577c478bd9Sstevel@tonic-gate /* Similar to krb5_gss_internal_release_oid */
11587c478bd9Sstevel@tonic-gate
11597c478bd9Sstevel@tonic-gate if (*oid != gss_mech_dummy)
11607c478bd9Sstevel@tonic-gate return (GSS_S_CONTINUE_NEEDED); /* We don't know this oid */
11617c478bd9Sstevel@tonic-gate
11627c478bd9Sstevel@tonic-gate *minor_status = 0;
11637c478bd9Sstevel@tonic-gate *oid = GSS_C_NO_OID;
11647c478bd9Sstevel@tonic-gate
11657c478bd9Sstevel@tonic-gate dprintf("Leaving internal_release_oid\n");
11667c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
11677c478bd9Sstevel@tonic-gate }
11687c478bd9Sstevel@tonic-gate
11697c478bd9Sstevel@tonic-gate /*ARGSUSED*/
11707c478bd9Sstevel@tonic-gate OM_uint32
dummy_gss_wrap_size_limit(ct,minor_status,context_handle,conf_req_flag,qop_req,req_output_size,max_input_size)11717c478bd9Sstevel@tonic-gate dummy_gss_wrap_size_limit(ct, minor_status, context_handle, conf_req_flag,
11727c478bd9Sstevel@tonic-gate qop_req, req_output_size, max_input_size)
11737c478bd9Sstevel@tonic-gate void *ct;
11747c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
11757c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle;
11767c478bd9Sstevel@tonic-gate int conf_req_flag;
11777c478bd9Sstevel@tonic-gate gss_qop_t qop_req;
11787c478bd9Sstevel@tonic-gate OM_uint32 req_output_size;
11797c478bd9Sstevel@tonic-gate OM_uint32 *max_input_size;
11807c478bd9Sstevel@tonic-gate {
11817c478bd9Sstevel@tonic-gate dprintf("Entering wrap_size_limit\n");
11827c478bd9Sstevel@tonic-gate *max_input_size = req_output_size;
11837c478bd9Sstevel@tonic-gate dprintf("Leaving wrap_size_limit\n");
11847c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
11857c478bd9Sstevel@tonic-gate }
11867c478bd9Sstevel@tonic-gate
11877c478bd9Sstevel@tonic-gate /* ARGSUSED */
11887c478bd9Sstevel@tonic-gate OM_uint32
dummy_pname_to_uid(ct,minor_status,name,uidOut)11897c478bd9Sstevel@tonic-gate dummy_pname_to_uid(ct, minor_status, name, uidOut)
11907c478bd9Sstevel@tonic-gate void *ct;
11917c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
11927c478bd9Sstevel@tonic-gate const gss_name_t name;
11937c478bd9Sstevel@tonic-gate uid_t *uidOut;
11947c478bd9Sstevel@tonic-gate {
11957c478bd9Sstevel@tonic-gate dprintf("Entering pname_to_uid\n");
11967c478bd9Sstevel@tonic-gate *minor_status = 0;
11977c478bd9Sstevel@tonic-gate *uidOut = 60001;
11987c478bd9Sstevel@tonic-gate dprintf("Leaving pname_to_uid\n");
11997c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
12007c478bd9Sstevel@tonic-gate }
12017c478bd9Sstevel@tonic-gate
12027c478bd9Sstevel@tonic-gate static dummy_token_t
make_dummy_token(char * name)12037c478bd9Sstevel@tonic-gate make_dummy_token(char *name)
12047c478bd9Sstevel@tonic-gate {
12057c478bd9Sstevel@tonic-gate dummy_token_t token;
12067c478bd9Sstevel@tonic-gate
12077c478bd9Sstevel@tonic-gate token = (dummy_token_t)malloc(strlen(name)+1);
12087c478bd9Sstevel@tonic-gate strcpy(token, name);
12097c478bd9Sstevel@tonic-gate return (token);
12107c478bd9Sstevel@tonic-gate }
12117c478bd9Sstevel@tonic-gate
12127c478bd9Sstevel@tonic-gate static void
free_dummy_token(dummy_token_t * token)12137c478bd9Sstevel@tonic-gate free_dummy_token(dummy_token_t *token)
12147c478bd9Sstevel@tonic-gate {
12157c478bd9Sstevel@tonic-gate free(*token);
12167c478bd9Sstevel@tonic-gate *token = NULL;
12177c478bd9Sstevel@tonic-gate }
12187c478bd9Sstevel@tonic-gate
12197c478bd9Sstevel@tonic-gate static gss_buffer_desc
make_dummy_token_buffer(char * name)12207c478bd9Sstevel@tonic-gate make_dummy_token_buffer(char *name)
12217c478bd9Sstevel@tonic-gate {
12227c478bd9Sstevel@tonic-gate gss_buffer_desc buffer;
12237c478bd9Sstevel@tonic-gate
12247c478bd9Sstevel@tonic-gate if (name == NULL) {
12257c478bd9Sstevel@tonic-gate buffer.length = 0;
12267c478bd9Sstevel@tonic-gate buffer.value = NULL;
12277c478bd9Sstevel@tonic-gate } else {
12287c478bd9Sstevel@tonic-gate buffer.length = strlen(name)+1;
12297c478bd9Sstevel@tonic-gate buffer.value = make_dummy_token(name);
12307c478bd9Sstevel@tonic-gate }
12317c478bd9Sstevel@tonic-gate return (buffer);
12327c478bd9Sstevel@tonic-gate }
12337c478bd9Sstevel@tonic-gate
12347c478bd9Sstevel@tonic-gate static gss_buffer_desc
make_dummy_token_msg(void * data,int dataLen)12357c478bd9Sstevel@tonic-gate make_dummy_token_msg(void *data, int dataLen)
12367c478bd9Sstevel@tonic-gate {
12377c478bd9Sstevel@tonic-gate gss_buffer_desc buffer;
12387c478bd9Sstevel@tonic-gate int tlen;
12397c478bd9Sstevel@tonic-gate unsigned char *t;
12407c478bd9Sstevel@tonic-gate unsigned char *ptr;
12417c478bd9Sstevel@tonic-gate
12427c478bd9Sstevel@tonic-gate if (data == NULL) {
12437c478bd9Sstevel@tonic-gate buffer.length = 0;
12447c478bd9Sstevel@tonic-gate buffer.value = NULL;
12457c478bd9Sstevel@tonic-gate return (buffer);
12467c478bd9Sstevel@tonic-gate }
12477c478bd9Sstevel@tonic-gate
12487c478bd9Sstevel@tonic-gate tlen = g_token_size((gss_OID)gss_mech_dummy, dataLen);
12497c478bd9Sstevel@tonic-gate t = (unsigned char *) malloc(tlen);
12507c478bd9Sstevel@tonic-gate ptr = t;
12517c478bd9Sstevel@tonic-gate
12527c478bd9Sstevel@tonic-gate g_make_token_header((gss_OID)gss_mech_dummy, dataLen, &ptr, 0);
12537c478bd9Sstevel@tonic-gate memcpy(ptr, data, dataLen);
12547c478bd9Sstevel@tonic-gate
12557c478bd9Sstevel@tonic-gate buffer.length = tlen;
12567c478bd9Sstevel@tonic-gate buffer.value = (void *) t;
12577c478bd9Sstevel@tonic-gate return (buffer);
12587c478bd9Sstevel@tonic-gate }
12597c478bd9Sstevel@tonic-gate
12607c478bd9Sstevel@tonic-gate static int
der_length_size(length)12617c478bd9Sstevel@tonic-gate der_length_size(length)
12627c478bd9Sstevel@tonic-gate int length;
12637c478bd9Sstevel@tonic-gate {
12647c478bd9Sstevel@tonic-gate if (length < (1<<7))
12657c478bd9Sstevel@tonic-gate return (1);
12667c478bd9Sstevel@tonic-gate else if (length < (1<<8))
12677c478bd9Sstevel@tonic-gate return (2);
12687c478bd9Sstevel@tonic-gate else if (length < (1<<16))
12697c478bd9Sstevel@tonic-gate return (3);
12707c478bd9Sstevel@tonic-gate else if (length < (1<<24))
12717c478bd9Sstevel@tonic-gate return (4);
12727c478bd9Sstevel@tonic-gate else
12737c478bd9Sstevel@tonic-gate return (5);
12747c478bd9Sstevel@tonic-gate }
12757c478bd9Sstevel@tonic-gate
12767c478bd9Sstevel@tonic-gate static void
der_write_length(buf,length)12777c478bd9Sstevel@tonic-gate der_write_length(buf, length)
12787c478bd9Sstevel@tonic-gate unsigned char **buf;
12797c478bd9Sstevel@tonic-gate int length;
12807c478bd9Sstevel@tonic-gate {
12817c478bd9Sstevel@tonic-gate if (length < (1<<7)) {
12827c478bd9Sstevel@tonic-gate *(*buf)++ = (unsigned char) length;
12837c478bd9Sstevel@tonic-gate } else {
12847c478bd9Sstevel@tonic-gate *(*buf)++ = (unsigned char) (der_length_size(length)+127);
12857c478bd9Sstevel@tonic-gate if (length >= (1<<24))
12867c478bd9Sstevel@tonic-gate *(*buf)++ = (unsigned char) (length>>24);
12877c478bd9Sstevel@tonic-gate if (length >= (1<<16))
12887c478bd9Sstevel@tonic-gate *(*buf)++ = (unsigned char) ((length>>16)&0xff);
12897c478bd9Sstevel@tonic-gate if (length >= (1<<8))
12907c478bd9Sstevel@tonic-gate *(*buf)++ = (unsigned char) ((length>>8)&0xff);
12917c478bd9Sstevel@tonic-gate *(*buf)++ = (unsigned char) (length&0xff);
12927c478bd9Sstevel@tonic-gate }
12937c478bd9Sstevel@tonic-gate }
12947c478bd9Sstevel@tonic-gate
12957c478bd9Sstevel@tonic-gate static int
der_read_length(buf,bufsize)12967c478bd9Sstevel@tonic-gate der_read_length(buf, bufsize)
12977c478bd9Sstevel@tonic-gate unsigned char **buf;
12987c478bd9Sstevel@tonic-gate int *bufsize;
12997c478bd9Sstevel@tonic-gate {
13007c478bd9Sstevel@tonic-gate unsigned char sf;
13017c478bd9Sstevel@tonic-gate int ret;
13027c478bd9Sstevel@tonic-gate
13037c478bd9Sstevel@tonic-gate if (*bufsize < 1)
13047c478bd9Sstevel@tonic-gate return (-1);
13057c478bd9Sstevel@tonic-gate
13067c478bd9Sstevel@tonic-gate sf = *(*buf)++;
13077c478bd9Sstevel@tonic-gate (*bufsize)--;
13087c478bd9Sstevel@tonic-gate if (sf & 0x80) {
13097c478bd9Sstevel@tonic-gate if ((sf &= 0x7f) > ((*bufsize)-1))
13107c478bd9Sstevel@tonic-gate return (-1);
13117c478bd9Sstevel@tonic-gate
13127c478bd9Sstevel@tonic-gate if (sf > DUMMY_SIZE_OF_INT)
13137c478bd9Sstevel@tonic-gate return (-1);
13147c478bd9Sstevel@tonic-gate ret = 0;
13157c478bd9Sstevel@tonic-gate for (; sf; sf--) {
13167c478bd9Sstevel@tonic-gate ret = (ret<<8) + (*(*buf)++);
13177c478bd9Sstevel@tonic-gate (*bufsize)--;
13187c478bd9Sstevel@tonic-gate }
13197c478bd9Sstevel@tonic-gate } else {
13207c478bd9Sstevel@tonic-gate ret = sf;
13217c478bd9Sstevel@tonic-gate }
13227c478bd9Sstevel@tonic-gate
13237c478bd9Sstevel@tonic-gate return (ret);
13247c478bd9Sstevel@tonic-gate }
13257c478bd9Sstevel@tonic-gate
13267c478bd9Sstevel@tonic-gate static int
g_token_size(mech,body_size)13277c478bd9Sstevel@tonic-gate g_token_size(mech, body_size)
13287c478bd9Sstevel@tonic-gate gss_OID mech;
13297c478bd9Sstevel@tonic-gate unsigned int body_size;
13307c478bd9Sstevel@tonic-gate {
13317c478bd9Sstevel@tonic-gate /* set body_size to sequence contents size */
13327c478bd9Sstevel@tonic-gate body_size += 4 + (int)mech->length; /* NEED overflow check */
13337c478bd9Sstevel@tonic-gate return (1 + der_length_size(body_size) + body_size);
13347c478bd9Sstevel@tonic-gate }
13357c478bd9Sstevel@tonic-gate
13367c478bd9Sstevel@tonic-gate static void
g_make_token_header(mech,body_size,buf,tok_type)13377c478bd9Sstevel@tonic-gate g_make_token_header(mech, body_size, buf, tok_type)
13387c478bd9Sstevel@tonic-gate gss_OID mech;
13397c478bd9Sstevel@tonic-gate int body_size;
13407c478bd9Sstevel@tonic-gate unsigned char **buf;
13417c478bd9Sstevel@tonic-gate int tok_type;
13427c478bd9Sstevel@tonic-gate {
13437c478bd9Sstevel@tonic-gate *(*buf)++ = 0x60;
13447c478bd9Sstevel@tonic-gate der_write_length(buf, 4 + mech->length + body_size);
13457c478bd9Sstevel@tonic-gate *(*buf)++ = 0x06;
13467c478bd9Sstevel@tonic-gate *(*buf)++ = (unsigned char) mech->length;
13477c478bd9Sstevel@tonic-gate TWRITE_STR(*buf, mech->elements, ((int)mech->length));
13487c478bd9Sstevel@tonic-gate *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff);
13497c478bd9Sstevel@tonic-gate *(*buf)++ = (unsigned char) (tok_type&0xff);
13507c478bd9Sstevel@tonic-gate }
13517c478bd9Sstevel@tonic-gate
13527c478bd9Sstevel@tonic-gate static int
g_verify_token_header(mech,body_size,buf_in,tok_type,toksize)13537c478bd9Sstevel@tonic-gate g_verify_token_header(mech, body_size, buf_in, tok_type, toksize)
13547c478bd9Sstevel@tonic-gate gss_OID mech;
13557c478bd9Sstevel@tonic-gate int *body_size;
13567c478bd9Sstevel@tonic-gate unsigned char **buf_in;
13577c478bd9Sstevel@tonic-gate int tok_type;
13587c478bd9Sstevel@tonic-gate int toksize;
13597c478bd9Sstevel@tonic-gate {
13607c478bd9Sstevel@tonic-gate unsigned char *buf = *buf_in;
13617c478bd9Sstevel@tonic-gate int seqsize;
13627c478bd9Sstevel@tonic-gate gss_OID_desc toid;
13637c478bd9Sstevel@tonic-gate int ret = 0;
13647c478bd9Sstevel@tonic-gate
13657c478bd9Sstevel@tonic-gate if ((toksize -= 1) < 0)
13667c478bd9Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13677c478bd9Sstevel@tonic-gate if (*buf++ != 0x60)
13687c478bd9Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13697c478bd9Sstevel@tonic-gate
13707c478bd9Sstevel@tonic-gate if ((seqsize = der_read_length(&buf, &toksize)) < 0)
13717c478bd9Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13727c478bd9Sstevel@tonic-gate
13737c478bd9Sstevel@tonic-gate if (seqsize != toksize)
13747c478bd9Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13757c478bd9Sstevel@tonic-gate
13767c478bd9Sstevel@tonic-gate if ((toksize -= 1) < 0)
13777c478bd9Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13787c478bd9Sstevel@tonic-gate if (*buf++ != 0x06)
13797c478bd9Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13807c478bd9Sstevel@tonic-gate
13817c478bd9Sstevel@tonic-gate if ((toksize -= 1) < 0)
13827c478bd9Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13837c478bd9Sstevel@tonic-gate toid.length = *buf++;
13847c478bd9Sstevel@tonic-gate
13857c478bd9Sstevel@tonic-gate if ((toksize -= toid.length) < 0)
13867c478bd9Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13877c478bd9Sstevel@tonic-gate toid.elements = buf;
13887c478bd9Sstevel@tonic-gate buf += toid.length;
13897c478bd9Sstevel@tonic-gate
13907c478bd9Sstevel@tonic-gate if (!g_OID_equal(&toid, mech))
13917c478bd9Sstevel@tonic-gate ret = G_WRONG_MECH;
13927c478bd9Sstevel@tonic-gate
13937c478bd9Sstevel@tonic-gate /*
13947c478bd9Sstevel@tonic-gate * G_WRONG_MECH is not returned immediately because it's more important
13957c478bd9Sstevel@tonic-gate * to return G_BAD_TOK_HEADER if the token header is in fact bad
13967c478bd9Sstevel@tonic-gate */
13977c478bd9Sstevel@tonic-gate
13987c478bd9Sstevel@tonic-gate if ((toksize -= 2) < 0)
13997c478bd9Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
14007c478bd9Sstevel@tonic-gate
14017c478bd9Sstevel@tonic-gate if ((*buf++ != ((tok_type>>8)&0xff)) ||
14027c478bd9Sstevel@tonic-gate (*buf++ != (tok_type&0xff)))
14037c478bd9Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
14047c478bd9Sstevel@tonic-gate
14057c478bd9Sstevel@tonic-gate if (!ret) {
14067c478bd9Sstevel@tonic-gate *buf_in = buf;
14077c478bd9Sstevel@tonic-gate *body_size = toksize;
14087c478bd9Sstevel@tonic-gate }
14097c478bd9Sstevel@tonic-gate
14107c478bd9Sstevel@tonic-gate return (ret);
14117c478bd9Sstevel@tonic-gate }
1412