1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 7 /* 8 * Copyright 1993 by OpenVision Technologies, Inc. 9 * 10 * Permission to use, copy, modify, distribute, and sell this software 11 * and its documentation for any purpose is hereby granted without fee, 12 * provided that the above copyright notice appears in all copies and 13 * that both that copyright notice and this permission notice appear in 14 * supporting documentation, and that the name of OpenVision not be used 15 * in advertising or publicity pertaining to distribution of the software 16 * without specific, written prior permission. OpenVision makes no 17 * representations about the suitability of this software for any 18 * purpose. It is provided "as is" without express or implied warranty. 19 * 20 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 21 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 22 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 23 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 24 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 25 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 26 * PERFORMANCE OF THIS SOFTWARE. 27 */ 28 29 /* 30 * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $ 31 */ 32 33 #include "gssapiP_krb5.h" 34 #include "mglueP.h" 35 #include <syslog.h> 36 37 /** mechglue wrappers **/ 38 39 static OM_uint32 k5glue_acquire_cred 40 (void *, OM_uint32*, /* minor_status */ 41 gss_name_t, /* desired_name */ 42 OM_uint32, /* time_req */ 43 gss_OID_set, /* desired_mechs */ 44 gss_cred_usage_t, /* cred_usage */ 45 gss_cred_id_t*, /* output_cred_handle */ 46 gss_OID_set*, /* actual_mechs */ 47 OM_uint32* /* time_rec */ 48 ); 49 50 static OM_uint32 k5glue_release_cred 51 (void *, OM_uint32*, /* minor_status */ 52 gss_cred_id_t* /* cred_handle */ 53 ); 54 55 static OM_uint32 k5glue_init_sec_context 56 (void *, OM_uint32*, /* minor_status */ 57 gss_cred_id_t, /* claimant_cred_handle */ 58 gss_ctx_id_t*, /* context_handle */ 59 gss_name_t, /* target_name */ 60 gss_OID, /* mech_type */ 61 OM_uint32, /* req_flags */ 62 OM_uint32, /* time_req */ 63 gss_channel_bindings_t, 64 /* input_chan_bindings */ 65 gss_buffer_t, /* input_token */ 66 gss_OID*, /* actual_mech_type */ 67 gss_buffer_t, /* output_token */ 68 OM_uint32*, /* ret_flags */ 69 OM_uint32* /* time_rec */ 70 ); 71 72 static OM_uint32 k5glue_accept_sec_context 73 (void *, OM_uint32*, /* minor_status */ 74 gss_ctx_id_t*, /* context_handle */ 75 gss_cred_id_t, /* verifier_cred_handle */ 76 gss_buffer_t, /* input_token_buffer */ 77 gss_channel_bindings_t, 78 /* input_chan_bindings */ 79 gss_name_t*, /* src_name */ 80 gss_OID*, /* mech_type */ 81 gss_buffer_t, /* output_token */ 82 OM_uint32*, /* ret_flags */ 83 OM_uint32*, /* time_rec */ 84 gss_cred_id_t* /* delegated_cred_handle */ 85 ); 86 87 static OM_uint32 k5glue_process_context_token 88 (void *, OM_uint32*, /* minor_status */ 89 gss_ctx_id_t, /* context_handle */ 90 gss_buffer_t /* token_buffer */ 91 ); 92 93 static OM_uint32 k5glue_delete_sec_context 94 (void *, OM_uint32*, /* minor_status */ 95 gss_ctx_id_t*, /* context_handle */ 96 gss_buffer_t /* output_token */ 97 ); 98 99 static OM_uint32 k5glue_context_time 100 (void *, OM_uint32*, /* minor_status */ 101 gss_ctx_id_t, /* context_handle */ 102 OM_uint32* /* time_rec */ 103 ); 104 105 static OM_uint32 k5glue_sign 106 (void *, OM_uint32*, /* minor_status */ 107 gss_ctx_id_t, /* context_handle */ 108 int, /* qop_req */ 109 gss_buffer_t, /* message_buffer */ 110 gss_buffer_t /* message_token */ 111 ); 112 113 static OM_uint32 k5glue_verify 114 (void *, OM_uint32*, /* minor_status */ 115 gss_ctx_id_t, /* context_handle */ 116 gss_buffer_t, /* message_buffer */ 117 gss_buffer_t, /* token_buffer */ 118 int* /* qop_state */ 119 ); 120 121 /* EXPORT DELETE START */ 122 static OM_uint32 k5glue_seal 123 (void *, OM_uint32*, /* minor_status */ 124 gss_ctx_id_t, /* context_handle */ 125 int, /* conf_req_flag */ 126 int, /* qop_req */ 127 gss_buffer_t, /* input_message_buffer */ 128 int*, /* conf_state */ 129 gss_buffer_t /* output_message_buffer */ 130 ); 131 132 static OM_uint32 k5glue_unseal 133 (void *, OM_uint32*, /* minor_status */ 134 gss_ctx_id_t, /* context_handle */ 135 gss_buffer_t, /* input_message_buffer */ 136 gss_buffer_t, /* output_message_buffer */ 137 int*, /* conf_state */ 138 int* /* qop_state */ 139 ); 140 /* EXPORT DELETE END */ 141 142 static OM_uint32 k5glue_display_status 143 (void *, OM_uint32*, /* minor_status */ 144 OM_uint32, /* status_value */ 145 int, /* status_type */ 146 gss_OID, /* mech_type */ 147 OM_uint32*, /* message_context */ 148 gss_buffer_t /* status_string */ 149 ); 150 151 static OM_uint32 k5glue_indicate_mechs 152 (void *, OM_uint32*, /* minor_status */ 153 gss_OID_set* /* mech_set */ 154 ); 155 156 static OM_uint32 k5glue_compare_name 157 (void *, OM_uint32*, /* minor_status */ 158 gss_name_t, /* name1 */ 159 gss_name_t, /* name2 */ 160 int* /* name_equal */ 161 ); 162 163 static OM_uint32 k5glue_display_name 164 (void *, OM_uint32*, /* minor_status */ 165 gss_name_t, /* input_name */ 166 gss_buffer_t, /* output_name_buffer */ 167 gss_OID* /* output_name_type */ 168 ); 169 170 static OM_uint32 k5glue_import_name 171 (void *, OM_uint32*, /* minor_status */ 172 gss_buffer_t, /* input_name_buffer */ 173 gss_OID, /* input_name_type */ 174 gss_name_t* /* output_name */ 175 ); 176 177 static OM_uint32 k5glue_release_name 178 (void *, OM_uint32*, /* minor_status */ 179 gss_name_t* /* input_name */ 180 ); 181 182 static OM_uint32 k5glue_inquire_cred 183 (void *, OM_uint32 *, /* minor_status */ 184 gss_cred_id_t, /* cred_handle */ 185 gss_name_t *, /* name */ 186 OM_uint32 *, /* lifetime */ 187 gss_cred_usage_t*,/* cred_usage */ 188 gss_OID_set * /* mechanisms */ 189 ); 190 191 static OM_uint32 k5glue_inquire_context 192 (void *, OM_uint32*, /* minor_status */ 193 gss_ctx_id_t, /* context_handle */ 194 gss_name_t*, /* initiator_name */ 195 gss_name_t*, /* acceptor_name */ 196 OM_uint32*, /* lifetime_rec */ 197 gss_OID*, /* mech_type */ 198 OM_uint32*, /* ret_flags */ 199 int*, /* locally_initiated */ 200 int* /* open */ 201 ); 202 203 #if 0 204 /* New V2 entry points */ 205 static OM_uint32 k5glue_get_mic 206 (void *, OM_uint32 *, /* minor_status */ 207 gss_ctx_id_t, /* context_handle */ 208 gss_qop_t, /* qop_req */ 209 gss_buffer_t, /* message_buffer */ 210 gss_buffer_t /* message_token */ 211 ); 212 213 static OM_uint32 k5glue_verify_mic 214 (void *, OM_uint32 *, /* minor_status */ 215 gss_ctx_id_t, /* context_handle */ 216 gss_buffer_t, /* message_buffer */ 217 gss_buffer_t, /* message_token */ 218 gss_qop_t * /* qop_state */ 219 ); 220 221 static OM_uint32 k5glue_wrap 222 (void *, OM_uint32 *, /* minor_status */ 223 gss_ctx_id_t, /* context_handle */ 224 int, /* conf_req_flag */ 225 gss_qop_t, /* qop_req */ 226 gss_buffer_t, /* input_message_buffer */ 227 int *, /* conf_state */ 228 gss_buffer_t /* output_message_buffer */ 229 ); 230 231 static OM_uint32 k5glue_unwrap 232 (void *, OM_uint32 *, /* minor_status */ 233 gss_ctx_id_t, /* context_handle */ 234 gss_buffer_t, /* input_message_buffer */ 235 gss_buffer_t, /* output_message_buffer */ 236 int *, /* conf_state */ 237 gss_qop_t * /* qop_state */ 238 ); 239 #endif 240 241 static OM_uint32 k5glue_wrap_size_limit 242 (void *, OM_uint32 *, /* minor_status */ 243 gss_ctx_id_t, /* context_handle */ 244 int, /* conf_req_flag */ 245 gss_qop_t, /* qop_req */ 246 OM_uint32, /* req_output_size */ 247 OM_uint32 * /* max_input_size */ 248 ); 249 250 #if 0 251 static OM_uint32 k5glue_import_name_object 252 (void *, OM_uint32 *, /* minor_status */ 253 void *, /* input_name */ 254 gss_OID, /* input_name_type */ 255 gss_name_t * /* output_name */ 256 ); 257 258 static OM_uint32 k5glue_export_name_object 259 (void *, OM_uint32 *, /* minor_status */ 260 gss_name_t, /* input_name */ 261 gss_OID, /* desired_name_type */ 262 void * * /* output_name */ 263 ); 264 #endif 265 266 static OM_uint32 k5glue_add_cred 267 (void *, OM_uint32 *, /* minor_status */ 268 gss_cred_id_t, /* input_cred_handle */ 269 gss_name_t, /* desired_name */ 270 gss_OID, /* desired_mech */ 271 gss_cred_usage_t, /* cred_usage */ 272 OM_uint32, /* initiator_time_req */ 273 OM_uint32, /* acceptor_time_req */ 274 gss_cred_id_t *, /* output_cred_handle */ 275 gss_OID_set *, /* actual_mechs */ 276 OM_uint32 *, /* initiator_time_rec */ 277 OM_uint32 * /* acceptor_time_rec */ 278 ); 279 280 static OM_uint32 k5glue_inquire_cred_by_mech 281 (void *, OM_uint32 *, /* minor_status */ 282 gss_cred_id_t, /* cred_handle */ 283 gss_OID, /* mech_type */ 284 gss_name_t *, /* name */ 285 OM_uint32 *, /* initiator_lifetime */ 286 OM_uint32 *, /* acceptor_lifetime */ 287 gss_cred_usage_t * /* cred_usage */ 288 ); 289 290 static OM_uint32 k5glue_export_sec_context 291 (void *, OM_uint32 *, /* minor_status */ 292 gss_ctx_id_t *, /* context_handle */ 293 gss_buffer_t /* interprocess_token */ 294 ); 295 296 static OM_uint32 k5glue_import_sec_context 297 (void *, OM_uint32 *, /* minor_status */ 298 gss_buffer_t, /* interprocess_token */ 299 gss_ctx_id_t * /* context_handle */ 300 ); 301 302 krb5_error_code k5glue_ser_init(krb5_context); 303 304 static OM_uint32 k5glue_internal_release_oid 305 (void *, OM_uint32 *, /* minor_status */ 306 gss_OID * /* oid */ 307 ); 308 309 static OM_uint32 k5glue_inquire_names_for_mech 310 (void *, OM_uint32 *, /* minor_status */ 311 gss_OID, /* mechanism */ 312 gss_OID_set * /* name_types */ 313 ); 314 315 #if 0 316 static OM_uint32 k5glue_canonicalize_name 317 (void *, OM_uint32 *, /* minor_status */ 318 const gss_name_t, /* input_name */ 319 const gss_OID, /* mech_type */ 320 gss_name_t * /* output_name */ 321 ); 322 #endif 323 324 static OM_uint32 k5glue_export_name 325 (void *, OM_uint32 *, /* minor_status */ 326 const gss_name_t, /* input_name */ 327 gss_buffer_t /* exported_name */ 328 ); 329 330 /* SUNW15resync - Solaris specific */ 331 static OM_uint32 k5glue_store_cred ( 332 void *, 333 OM_uint32 *, /* minor_status */ 334 const gss_cred_id_t, /* input_cred */ 335 gss_cred_usage_t, /* cred_usage */ 336 const gss_OID, /* desired_mech */ 337 OM_uint32, /* overwrite_cred */ 338 OM_uint32, /* default_cred */ 339 gss_OID_set *, /* elements_stored */ 340 gss_cred_usage_t * /* cred_usage_stored */ 341 ); 342 343 static OM_uint32 344 k5glue_userok( 345 void *, /* context */ 346 OM_uint32 *, /* minor_status */ 347 const gss_name_t, /* pname */ 348 const char *, /* local user */ 349 int * /* user ok? */ 350 /* */); 351 352 static OM_uint32 353 k5glue_pname_to_uid( 354 void *, /* context */ 355 OM_uint32 *, /* minor_status */ 356 const gss_name_t, /* pname */ 357 uid_t * /* uid */ 358 /* */); 359 360 361 362 363 #if 0 364 static OM_uint32 k5glue_duplicate_name 365 (void *, OM_uint32 *, /* minor_status */ 366 const gss_name_t, /* input_name */ 367 gss_name_t * /* dest_name */ 368 ); 369 #endif 370 371 #if 0 372 static OM_uint32 k5glue_validate_cred 373 (void *, OM_uint32 *, /* minor_status */ 374 gss_cred_id_t /* cred */ 375 ); 376 #endif 377 378 #if 0 379 /* 380 * SUNW15resync 381 * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src 382 * slicing&dicing needs of the "nightly -SD" build. When it goes away, 383 * we should use it assuming MIT still uses it then. 384 */ 385 386 /* 387 * The krb5 mechanism provides two mech OIDs; use this initializer to 388 * ensure that both dispatch tables contain identical function 389 * pointers. 390 */ 391 #define KRB5_GSS_CONFIG_INIT \ 392 NULL, \ 393 ... 394 #endif 395 396 397 static struct gss_config krb5_mechanism = { 398 #if 0 /* Solaris Kerberos */ 399 100, "kerberos_v5", 400 #endif 401 { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, 402 NULL, 403 k5glue_acquire_cred, 404 k5glue_release_cred, 405 k5glue_init_sec_context, 406 k5glue_accept_sec_context, 407 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 408 k5glue_unseal, 409 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 410 k5glue_process_context_token, 411 k5glue_delete_sec_context, 412 k5glue_context_time, 413 k5glue_display_status, 414 k5glue_indicate_mechs, 415 k5glue_compare_name, 416 k5glue_display_name, 417 k5glue_import_name, 418 k5glue_release_name, 419 k5glue_inquire_cred, 420 k5glue_add_cred, 421 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 422 k5glue_seal, 423 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 424 k5glue_export_sec_context, 425 k5glue_import_sec_context, 426 k5glue_inquire_cred_by_mech, 427 k5glue_inquire_names_for_mech, 428 k5glue_inquire_context, 429 k5glue_internal_release_oid, 430 k5glue_wrap_size_limit, 431 k5glue_pname_to_uid, 432 k5glue_userok, 433 k5glue_export_name, 434 /* EXPORT DELETE START */ 435 /* CRYPT DELETE START */ 436 #if 0 437 /* CRYPT DELETE END */ 438 k5glue_seal, 439 k5glue_unseal, 440 /* CRYPT DELETE START */ 441 #endif 442 /* CRYPT DELETE END */ 443 /* EXPORT DELETE END */ 444 k5glue_sign, 445 k5glue_verify, 446 k5glue_store_cred 447 }; 448 449 static struct gss_config krb5_mechanism_old = { 450 #if 0 /* Solaris Kerberos */ 451 200, "kerberos_v5 (pre-RFC OID)", 452 #endif 453 { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID }, 454 NULL, 455 k5glue_acquire_cred, 456 k5glue_release_cred, 457 k5glue_init_sec_context, 458 k5glue_accept_sec_context, 459 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 460 k5glue_unseal, 461 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 462 k5glue_process_context_token, 463 k5glue_delete_sec_context, 464 k5glue_context_time, 465 k5glue_display_status, 466 k5glue_indicate_mechs, 467 k5glue_compare_name, 468 k5glue_display_name, 469 k5glue_import_name, 470 k5glue_release_name, 471 k5glue_inquire_cred, 472 k5glue_add_cred, 473 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 474 k5glue_seal, 475 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 476 k5glue_export_sec_context, 477 k5glue_import_sec_context, 478 k5glue_inquire_cred_by_mech, 479 k5glue_inquire_names_for_mech, 480 k5glue_inquire_context, 481 k5glue_internal_release_oid, 482 k5glue_wrap_size_limit, 483 k5glue_pname_to_uid, 484 k5glue_userok, 485 k5glue_export_name, 486 /* EXPORT DELETE START */ 487 /* CRYPT DELETE START */ 488 #if 0 489 /* CRYPT DELETE END */ 490 k5glue_seal, 491 k5glue_unseal, 492 /* CRYPT DELETE START */ 493 #endif 494 /* CRYPT DELETE END */ 495 /* EXPORT DELETE END */ 496 k5glue_sign, 497 k5glue_verify, 498 k5glue_store_cred 499 }; 500 501 static struct gss_config krb5_mechanism_wrong = { 502 #if 0 /* Solaris Kerberos */ 503 300, "kerberos_v5 (wrong OID)", 504 #endif 505 { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID }, 506 NULL, 507 k5glue_acquire_cred, 508 k5glue_release_cred, 509 k5glue_init_sec_context, 510 k5glue_accept_sec_context, 511 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 512 k5glue_unseal, 513 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 514 k5glue_process_context_token, 515 k5glue_delete_sec_context, 516 k5glue_context_time, 517 k5glue_display_status, 518 k5glue_indicate_mechs, 519 k5glue_compare_name, 520 k5glue_display_name, 521 k5glue_import_name, 522 k5glue_release_name, 523 k5glue_inquire_cred, 524 k5glue_add_cred, 525 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 526 k5glue_seal, 527 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 528 k5glue_export_sec_context, 529 k5glue_import_sec_context, 530 k5glue_inquire_cred_by_mech, 531 k5glue_inquire_names_for_mech, 532 k5glue_inquire_context, 533 k5glue_internal_release_oid, 534 k5glue_wrap_size_limit, 535 k5glue_pname_to_uid, 536 k5glue_userok, 537 k5glue_export_name, 538 /* EXPORT DELETE START */ 539 /* CRYPT DELETE START */ 540 #if 0 541 /* CRYPT DELETE END */ 542 k5glue_seal, 543 k5glue_unseal, 544 /* CRYPT DELETE START */ 545 #endif 546 /* CRYPT DELETE END */ 547 /* EXPORT DELETE END */ 548 k5glue_sign, 549 k5glue_verify, 550 k5glue_store_cred 551 }; 552 553 static gss_mechanism krb5_mech_configs[] = { 554 &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL 555 }; 556 557 #ifdef MS_BUG_TEST 558 static gss_mechanism krb5_mech_configs_hack[] = { 559 &krb5_mechanism, &krb5_mechanism_old, NULL 560 }; 561 #endif 562 563 #if 1 564 #define gssint_get_mech_configs krb5_gss_get_mech_configs 565 #endif 566 567 gss_mechanism * 568 gssint_get_mech_configs(void) 569 { 570 #ifdef MS_BUG_TEST 571 char *envstr = getenv("MS_FORCE_NO_MSOID"); 572 573 if (envstr != NULL && strcmp(envstr, "1") == 0) { 574 return krb5_mech_configs_hack; 575 } 576 #endif 577 return krb5_mech_configs; 578 } 579 580 static OM_uint32 581 k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle, 582 input_token, input_chan_bindings, src_name, mech_type, 583 output_token, ret_flags, time_rec, delegated_cred_handle) 584 void *ctx; 585 OM_uint32 *minor_status; 586 gss_ctx_id_t *context_handle; 587 gss_cred_id_t verifier_cred_handle; 588 gss_buffer_t input_token; 589 gss_channel_bindings_t input_chan_bindings; 590 gss_name_t *src_name; 591 gss_OID *mech_type; 592 gss_buffer_t output_token; 593 OM_uint32 *ret_flags; 594 OM_uint32 *time_rec; 595 gss_cred_id_t *delegated_cred_handle; 596 { 597 return(krb5_gss_accept_sec_context(minor_status, 598 context_handle, 599 verifier_cred_handle, 600 input_token, 601 input_chan_bindings, 602 src_name, 603 mech_type, 604 output_token, 605 ret_flags, 606 time_rec, 607 delegated_cred_handle)); 608 } 609 610 static OM_uint32 611 k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs, 612 cred_usage, output_cred_handle, actual_mechs, time_rec) 613 void *ctx; 614 OM_uint32 *minor_status; 615 gss_name_t desired_name; 616 OM_uint32 time_req; 617 gss_OID_set desired_mechs; 618 gss_cred_usage_t cred_usage; 619 gss_cred_id_t *output_cred_handle; 620 gss_OID_set *actual_mechs; 621 OM_uint32 *time_rec; 622 { 623 return(krb5_gss_acquire_cred(minor_status, 624 desired_name, 625 time_req, 626 desired_mechs, 627 cred_usage, 628 output_cred_handle, 629 actual_mechs, 630 time_rec)); 631 } 632 633 /* V2 */ 634 static OM_uint32 635 k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech, 636 cred_usage, initiator_time_req, acceptor_time_req, 637 output_cred_handle, actual_mechs, initiator_time_rec, 638 acceptor_time_rec) 639 void *ctx; 640 OM_uint32 *minor_status; 641 gss_cred_id_t input_cred_handle; 642 gss_name_t desired_name; 643 gss_OID desired_mech; 644 gss_cred_usage_t cred_usage; 645 OM_uint32 initiator_time_req; 646 OM_uint32 acceptor_time_req; 647 gss_cred_id_t *output_cred_handle; 648 gss_OID_set *actual_mechs; 649 OM_uint32 *initiator_time_rec; 650 OM_uint32 *acceptor_time_rec; 651 { 652 return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name, 653 desired_mech, cred_usage, initiator_time_req, 654 acceptor_time_req, output_cred_handle, 655 actual_mechs, initiator_time_rec, 656 acceptor_time_rec)); 657 } 658 659 #if 0 660 /* V2 */ 661 static OM_uint32 662 k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set) 663 void *ctx; 664 OM_uint32 *minor_status; 665 gss_OID member_oid; 666 gss_OID_set *oid_set; 667 { 668 return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set)); 669 } 670 #endif 671 672 static OM_uint32 673 k5glue_compare_name(ctx, minor_status, name1, name2, name_equal) 674 void *ctx; 675 OM_uint32 *minor_status; 676 gss_name_t name1; 677 gss_name_t name2; 678 int *name_equal; 679 { 680 return(krb5_gss_compare_name(minor_status, name1, 681 name2, name_equal)); 682 } 683 684 static OM_uint32 685 k5glue_context_time(ctx, minor_status, context_handle, time_rec) 686 void *ctx; 687 OM_uint32 *minor_status; 688 gss_ctx_id_t context_handle; 689 OM_uint32 *time_rec; 690 { 691 return(krb5_gss_context_time(minor_status, context_handle, 692 time_rec)); 693 } 694 695 #if 0 696 /* V2 */ 697 static OM_uint32 698 k5glue_create_empty_oid_set(ctx, minor_status, oid_set) 699 void *ctx; 700 OM_uint32 *minor_status; 701 gss_OID_set *oid_set; 702 { 703 return(generic_gss_create_empty_oid_set(minor_status, oid_set)); 704 } 705 #endif 706 707 static OM_uint32 708 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token) 709 void *ctx; 710 OM_uint32 *minor_status; 711 gss_ctx_id_t *context_handle; 712 gss_buffer_t output_token; 713 { 714 return(krb5_gss_delete_sec_context(minor_status, 715 context_handle, output_token)); 716 } 717 718 static OM_uint32 719 k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type) 720 void *ctx; 721 OM_uint32 *minor_status; 722 gss_name_t input_name; 723 gss_buffer_t output_name_buffer; 724 gss_OID *output_name_type; 725 { 726 return(krb5_gss_display_name(minor_status, input_name, 727 output_name_buffer, output_name_type)); 728 } 729 730 static OM_uint32 731 k5glue_display_status(ctx, minor_status, status_value, status_type, 732 mech_type, message_context, status_string) 733 void *ctx; 734 OM_uint32 *minor_status; 735 OM_uint32 status_value; 736 int status_type; 737 gss_OID mech_type; 738 OM_uint32 *message_context; 739 gss_buffer_t status_string; 740 { 741 return(krb5_gss_display_status(minor_status, status_value, 742 status_type, mech_type, message_context, 743 status_string)); 744 } 745 746 /* V2 */ 747 static OM_uint32 748 k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token) 749 void *ctx; 750 OM_uint32 *minor_status; 751 gss_ctx_id_t *context_handle; 752 gss_buffer_t interprocess_token; 753 { 754 return(krb5_gss_export_sec_context(minor_status, 755 context_handle, 756 interprocess_token)); 757 } 758 759 #if 0 760 /* V2 */ 761 static OM_uint32 762 k5glue_get_mic(ctx, minor_status, context_handle, qop_req, 763 message_buffer, message_token) 764 void *ctx; 765 OM_uint32 *minor_status; 766 gss_ctx_id_t context_handle; 767 gss_qop_t qop_req; 768 gss_buffer_t message_buffer; 769 gss_buffer_t message_token; 770 { 771 return(krb5_gss_get_mic(minor_status, context_handle, 772 qop_req, message_buffer, message_token)); 773 } 774 #endif 775 776 static OM_uint32 777 k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name) 778 void *ctx; 779 OM_uint32 *minor_status; 780 gss_buffer_t input_name_buffer; 781 gss_OID input_name_type; 782 gss_name_t *output_name; 783 { 784 #if 0 785 OM_uint32 err; 786 err = gssint_initialize_library(); 787 if (err) { 788 *minor_status = err; 789 return GSS_S_FAILURE; 790 } 791 #endif 792 return(krb5_gss_import_name(minor_status, input_name_buffer, 793 input_name_type, output_name)); 794 } 795 796 /* V2 */ 797 static OM_uint32 798 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) 799 void *ctx; 800 OM_uint32 *minor_status; 801 gss_buffer_t interprocess_token; 802 gss_ctx_id_t *context_handle; 803 { 804 return(krb5_gss_import_sec_context(minor_status, 805 interprocess_token, 806 context_handle)); 807 } 808 809 static OM_uint32 810 k5glue_indicate_mechs(ctx, minor_status, mech_set) 811 void *ctx; 812 OM_uint32 *minor_status; 813 gss_OID_set *mech_set; 814 { 815 return(krb5_gss_indicate_mechs(minor_status, mech_set)); 816 } 817 818 static OM_uint32 819 k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle, 820 target_name, mech_type, req_flags, time_req, 821 input_chan_bindings, input_token, actual_mech_type, 822 output_token, ret_flags, time_rec) 823 void *ctx; 824 OM_uint32 *minor_status; 825 gss_cred_id_t claimant_cred_handle; 826 gss_ctx_id_t *context_handle; 827 gss_name_t target_name; 828 gss_OID mech_type; 829 OM_uint32 req_flags; 830 OM_uint32 time_req; 831 gss_channel_bindings_t input_chan_bindings; 832 gss_buffer_t input_token; 833 gss_OID *actual_mech_type; 834 gss_buffer_t output_token; 835 OM_uint32 *ret_flags; 836 OM_uint32 *time_rec; 837 { 838 return(krb5_gss_init_sec_context(minor_status, 839 claimant_cred_handle, context_handle, 840 target_name, mech_type, req_flags, 841 time_req, input_chan_bindings, input_token, 842 actual_mech_type, output_token, ret_flags, 843 time_rec)); 844 } 845 846 static OM_uint32 847 k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name, 848 lifetime_rec, mech_type, ret_flags, 849 locally_initiated, open) 850 void *ctx; 851 OM_uint32 *minor_status; 852 gss_ctx_id_t context_handle; 853 gss_name_t *initiator_name; 854 gss_name_t *acceptor_name; 855 OM_uint32 *lifetime_rec; 856 gss_OID *mech_type; 857 OM_uint32 *ret_flags; 858 int *locally_initiated; 859 int *open; 860 { 861 return(krb5_gss_inquire_context(minor_status, context_handle, 862 initiator_name, acceptor_name, lifetime_rec, 863 mech_type, ret_flags, locally_initiated, 864 open)); 865 } 866 867 static OM_uint32 868 k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret, 869 cred_usage, mechanisms) 870 void *ctx; 871 OM_uint32 *minor_status; 872 gss_cred_id_t cred_handle; 873 gss_name_t *name; 874 OM_uint32 *lifetime_ret; 875 gss_cred_usage_t *cred_usage; 876 gss_OID_set *mechanisms; 877 { 878 return(krb5_gss_inquire_cred(minor_status, cred_handle, 879 name, lifetime_ret, cred_usage, mechanisms)); 880 } 881 882 /* V2 */ 883 static OM_uint32 884 k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name, 885 initiator_lifetime, acceptor_lifetime, cred_usage) 886 void *ctx; 887 OM_uint32 *minor_status; 888 gss_cred_id_t cred_handle; 889 gss_OID mech_type; 890 gss_name_t *name; 891 OM_uint32 *initiator_lifetime; 892 OM_uint32 *acceptor_lifetime; 893 gss_cred_usage_t *cred_usage; 894 { 895 return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle, 896 mech_type, name, initiator_lifetime, 897 acceptor_lifetime, cred_usage)); 898 } 899 900 /* V2 */ 901 static OM_uint32 902 k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types) 903 void *ctx; 904 OM_uint32 *minor_status; 905 gss_OID mechanism; 906 gss_OID_set *name_types; 907 { 908 return(krb5_gss_inquire_names_for_mech(minor_status, 909 mechanism, 910 name_types)); 911 } 912 913 #if 0 914 /* V2 */ 915 static OM_uint32 916 k5glue_oid_to_str(ctx, minor_status, oid, oid_str) 917 void *ctx; 918 OM_uint32 *minor_status; 919 gss_OID oid; 920 gss_buffer_t oid_str; 921 { 922 return(generic_gss_oid_to_str(minor_status, oid, oid_str)); 923 } 924 #endif 925 926 static OM_uint32 927 k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer) 928 void *ctx; 929 OM_uint32 *minor_status; 930 gss_ctx_id_t context_handle; 931 gss_buffer_t token_buffer; 932 { 933 return(krb5_gss_process_context_token(minor_status, 934 context_handle, token_buffer)); 935 } 936 937 static OM_uint32 938 k5glue_release_cred(ctx, minor_status, cred_handle) 939 void *ctx; 940 OM_uint32 *minor_status; 941 gss_cred_id_t *cred_handle; 942 { 943 return(krb5_gss_release_cred(minor_status, cred_handle)); 944 } 945 946 static OM_uint32 947 k5glue_release_name(ctx, minor_status, input_name) 948 void *ctx; 949 OM_uint32 *minor_status; 950 gss_name_t *input_name; 951 { 952 return(krb5_gss_release_name(minor_status, input_name)); 953 } 954 955 #if 0 956 static OM_uint32 957 k5glue_release_buffer(ctx, minor_status, buffer) 958 void *ctx; 959 OM_uint32 *minor_status; 960 gss_buffer_t buffer; 961 { 962 return(generic_gss_release_buffer(minor_status, 963 buffer)); 964 } 965 #endif 966 967 /* V2 */ 968 static OM_uint32 969 k5glue_internal_release_oid(ctx, minor_status, oid) 970 void *ctx; 971 OM_uint32 *minor_status; 972 gss_OID *oid; 973 { 974 return(krb5_gss_internal_release_oid(minor_status, oid)); 975 } 976 977 #if 0 978 static OM_uint32 979 k5glue_release_oid_set(ctx, minor_status, set) 980 void *ctx; 981 OM_uint32 * minor_status; 982 gss_OID_set *set; 983 { 984 return(generic_gss_release_oid_set(minor_status, set)); 985 } 986 #endif 987 988 /* EXPORT DELETE START */ 989 /* V1 only */ 990 static OM_uint32 991 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req, 992 input_message_buffer, conf_state, output_message_buffer) 993 void *ctx; 994 OM_uint32 *minor_status; 995 gss_ctx_id_t context_handle; 996 int conf_req_flag; 997 int qop_req; 998 gss_buffer_t input_message_buffer; 999 int *conf_state; 1000 gss_buffer_t output_message_buffer; 1001 { 1002 return(krb5_gss_seal(minor_status, context_handle, 1003 conf_req_flag, qop_req, input_message_buffer, 1004 conf_state, output_message_buffer)); 1005 } 1006 /* EXPORT DELETE END */ 1007 1008 static OM_uint32 1009 k5glue_sign(ctx, minor_status, context_handle, 1010 qop_req, message_buffer, 1011 message_token) 1012 void *ctx; 1013 OM_uint32 *minor_status; 1014 gss_ctx_id_t context_handle; 1015 int qop_req; 1016 gss_buffer_t message_buffer; 1017 gss_buffer_t message_token; 1018 { 1019 return(krb5_gss_sign(minor_status, context_handle, 1020 qop_req, message_buffer, message_token)); 1021 } 1022 1023 #if 0 1024 /* V2 */ 1025 static OM_uint32 1026 k5glue_verify_mic(ctx, minor_status, context_handle, 1027 message_buffer, token_buffer, qop_state) 1028 void *ctx; 1029 OM_uint32 *minor_status; 1030 gss_ctx_id_t context_handle; 1031 gss_buffer_t message_buffer; 1032 gss_buffer_t token_buffer; 1033 gss_qop_t *qop_state; 1034 { 1035 return(krb5_gss_verify_mic(minor_status, context_handle, 1036 message_buffer, token_buffer, qop_state)); 1037 } 1038 1039 /* V2 */ 1040 static OM_uint32 1041 k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req, 1042 input_message_buffer, conf_state, output_message_buffer) 1043 void *ctx; 1044 OM_uint32 *minor_status; 1045 gss_ctx_id_t context_handle; 1046 int conf_req_flag; 1047 gss_qop_t qop_req; 1048 gss_buffer_t input_message_buffer; 1049 int *conf_state; 1050 gss_buffer_t output_message_buffer; 1051 { 1052 return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req, 1053 input_message_buffer, conf_state, 1054 output_message_buffer)); 1055 } 1056 1057 /* V2 */ 1058 static OM_uint32 1059 k5glue_str_to_oid(ctx, minor_status, oid_str, oid) 1060 void *ctx; 1061 OM_uint32 *minor_status; 1062 gss_buffer_t oid_str; 1063 gss_OID *oid; 1064 { 1065 return(generic_gss_str_to_oid(minor_status, oid_str, oid)); 1066 } 1067 1068 /* V2 */ 1069 static OM_uint32 1070 k5glue_test_oid_set_member(ctx, minor_status, member, set, present) 1071 void *ctx; 1072 OM_uint32 *minor_status; 1073 gss_OID member; 1074 gss_OID_set set; 1075 int *present; 1076 { 1077 return(generic_gss_test_oid_set_member(minor_status, member, set, 1078 present)); 1079 } 1080 #endif 1081 1082 /* EXPORT DELETE START */ 1083 /* V1 only */ 1084 static OM_uint32 1085 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer, 1086 output_message_buffer, conf_state, qop_state) 1087 void *ctx; 1088 OM_uint32 *minor_status; 1089 gss_ctx_id_t context_handle; 1090 gss_buffer_t input_message_buffer; 1091 gss_buffer_t output_message_buffer; 1092 int *conf_state; 1093 int *qop_state; 1094 { 1095 return(krb5_gss_unseal(minor_status, context_handle, 1096 input_message_buffer, output_message_buffer, 1097 conf_state, qop_state)); 1098 } 1099 /* EXPORT DELETE END */ 1100 1101 #if 0 1102 /* V2 */ 1103 static OM_uint32 1104 k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer, 1105 output_message_buffer, conf_state, qop_state) 1106 void *ctx; 1107 OM_uint32 *minor_status; 1108 gss_ctx_id_t context_handle; 1109 gss_buffer_t input_message_buffer; 1110 gss_buffer_t output_message_buffer; 1111 int *conf_state; 1112 gss_qop_t *qop_state; 1113 { 1114 return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer, 1115 output_message_buffer, conf_state, qop_state)); 1116 } 1117 #endif 1118 1119 /* V1 only */ 1120 static OM_uint32 1121 k5glue_verify(ctx, minor_status, context_handle, message_buffer, 1122 token_buffer, qop_state) 1123 void *ctx; 1124 OM_uint32 *minor_status; 1125 gss_ctx_id_t context_handle; 1126 gss_buffer_t message_buffer; 1127 gss_buffer_t token_buffer; 1128 int *qop_state; 1129 { 1130 return(krb5_gss_verify(minor_status, 1131 context_handle, 1132 message_buffer, 1133 token_buffer, 1134 qop_state)); 1135 } 1136 1137 /* V2 interface */ 1138 static OM_uint32 1139 k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag, 1140 qop_req, req_output_size, max_input_size) 1141 void *ctx; 1142 OM_uint32 *minor_status; 1143 gss_ctx_id_t context_handle; 1144 int conf_req_flag; 1145 gss_qop_t qop_req; 1146 OM_uint32 req_output_size; 1147 OM_uint32 *max_input_size; 1148 { 1149 return(krb5_gss_wrap_size_limit(minor_status, context_handle, 1150 conf_req_flag, qop_req, 1151 req_output_size, max_input_size)); 1152 } 1153 1154 #if 0 1155 /* V2 interface */ 1156 static OM_uint32 1157 k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name) 1158 void *ctx; 1159 OM_uint32 *minor_status; 1160 const gss_name_t input_name; 1161 const gss_OID mech_type; 1162 gss_name_t *output_name; 1163 { 1164 return krb5_gss_canonicalize_name(minor_status, input_name, 1165 mech_type, output_name); 1166 } 1167 #endif 1168 1169 /* V2 interface */ 1170 static OM_uint32 1171 k5glue_export_name(ctx, minor_status, input_name, exported_name) 1172 void *ctx; 1173 OM_uint32 *minor_status; 1174 const gss_name_t input_name; 1175 gss_buffer_t exported_name; 1176 { 1177 return krb5_gss_export_name(minor_status, input_name, exported_name); 1178 } 1179 1180 /* SUNW15resync - this is not in the MIT mech (lib) yet */ 1181 static OM_uint32 1182 k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech, 1183 overwrite_cred, default_cred, elements_stored, 1184 cred_usage_stored) 1185 void *ctx; 1186 OM_uint32 *minor_status; 1187 const gss_cred_id_t input_cred; 1188 gss_cred_usage_t cred_usage; 1189 gss_OID desired_mech; 1190 OM_uint32 overwrite_cred; 1191 OM_uint32 default_cred; 1192 gss_OID_set *elements_stored; 1193 gss_cred_usage_t *cred_usage_stored; 1194 { 1195 return(krb5_gss_store_cred(minor_status, input_cred, 1196 cred_usage, desired_mech, 1197 overwrite_cred, default_cred, elements_stored, 1198 cred_usage_stored)); 1199 } 1200 1201 static OM_uint32 1202 k5glue_userok( 1203 void *ctxt, /* context */ 1204 OM_uint32 *minor, /* minor_status */ 1205 const gss_name_t pname, /* pname */ 1206 const char *user, /* local user */ 1207 int *user_ok /* user ok? */ 1208 /* */) 1209 { 1210 return(krb5_gss_userok(minor, pname, user, user_ok)); 1211 } 1212 1213 static OM_uint32 1214 k5glue_pname_to_uid( 1215 void *ctxt, /* context */ 1216 OM_uint32 *minor, /* minor_status */ 1217 const gss_name_t pname, /* pname */ 1218 uid_t *uidOut /* uid */ 1219 /* */) 1220 { 1221 return (krb5_pname_to_uid(minor, pname, uidOut)); 1222 } 1223 1224 1225 1226 #if 0 1227 /* V2 interface */ 1228 static OM_uint32 1229 k5glue_duplicate_name(ctx, minor_status, input_name, dest_name) 1230 void *ctx; 1231 OM_uint32 *minor_status; 1232 const gss_name_t input_name; 1233 gss_name_t *dest_name; 1234 { 1235 return krb5_gss_duplicate_name(minor_status, input_name, dest_name); 1236 } 1237 #endif 1238 1239 OM_uint32 KRB5_CALLCONV 1240 gss_krb5_get_tkt_flags( 1241 OM_uint32 *minor_status, 1242 gss_ctx_id_t context_handle, 1243 krb5_flags *ticket_flags) 1244 { 1245 gss_union_ctx_id_t uctx; 1246 1247 uctx = (gss_union_ctx_id_t)context_handle; 1248 if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) && 1249 !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type)) 1250 return GSS_S_BAD_MECH; 1251 return gss_krb5int_get_tkt_flags(minor_status, uctx->internal_ctx_id, 1252 ticket_flags); 1253 } 1254 1255 OM_uint32 KRB5_CALLCONV 1256 gss_krb5_copy_ccache( 1257 OM_uint32 *minor_status, 1258 gss_cred_id_t cred_handle, 1259 krb5_ccache out_ccache) 1260 { 1261 gss_union_cred_t ucred; 1262 gss_cred_id_t mcred; 1263 1264 ucred = (gss_union_cred_t)cred_handle; 1265 1266 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); 1267 if (mcred != GSS_C_NO_CREDENTIAL) 1268 return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); 1269 1270 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); 1271 if (mcred != GSS_C_NO_CREDENTIAL) 1272 return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); 1273 1274 return GSS_S_DEFECTIVE_CREDENTIAL; 1275 } 1276 1277 /* XXX need to delete mechglue ctx too */ 1278 OM_uint32 KRB5_CALLCONV 1279 gss_krb5_export_lucid_sec_context( 1280 OM_uint32 *minor_status, 1281 gss_ctx_id_t *context_handle, 1282 OM_uint32 version, 1283 void **kctx) 1284 { 1285 gss_union_ctx_id_t uctx; 1286 1287 uctx = (gss_union_ctx_id_t)*context_handle; 1288 if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) && 1289 !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type)) 1290 return GSS_S_BAD_MECH; 1291 return gss_krb5int_export_lucid_sec_context(minor_status, 1292 &uctx->internal_ctx_id, 1293 version, kctx); 1294 } 1295 1296 OM_uint32 KRB5_CALLCONV 1297 gss_krb5_set_allowable_enctypes( 1298 OM_uint32 *minor_status, 1299 gss_cred_id_t cred, 1300 OM_uint32 num_ktypes, 1301 krb5_enctype *ktypes) 1302 { 1303 gss_union_cred_t ucred; 1304 gss_cred_id_t mcred; 1305 1306 ucred = (gss_union_cred_t)cred; 1307 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); 1308 if (mcred != GSS_C_NO_CREDENTIAL) 1309 return gss_krb5int_set_allowable_enctypes(minor_status, mcred, 1310 num_ktypes, ktypes); 1311 1312 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); 1313 if (mcred != GSS_C_NO_CREDENTIAL) 1314 return gss_krb5int_set_allowable_enctypes(minor_status, mcred, 1315 num_ktypes, ktypes); 1316 1317 return GSS_S_DEFECTIVE_CREDENTIAL; 1318 } 1319 1320 /* 1321 * Glue routine for returning the mechanism-specific credential from a 1322 * external union credential. 1323 */ 1324 /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't 1325 want to link against libgss so we put it here since we need it in the mech */ 1326 gss_cred_id_t 1327 gssint_get_mechanism_cred(union_cred, mech_type) 1328 gss_union_cred_t union_cred; 1329 gss_OID mech_type; 1330 { 1331 int i; 1332 1333 if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL) 1334 return GSS_C_NO_CREDENTIAL; 1335 1336 for (i=0; i < union_cred->count; i++) { 1337 if (g_OID_equal(mech_type, &union_cred->mechs_array[i])) 1338 return union_cred->cred_array[i]; 1339 } 1340 return GSS_C_NO_CREDENTIAL; 1341 } 1342 1343 1344 1345 /* 1346 * entry point for the gss layer, 1347 * called "krb5_gss_initialize()" in MIT 1.2.1 1348 */ 1349 /* SUNW15resync - this used to be in k5mech.c */ 1350 gss_mechanism 1351 gss_mech_initialize(oid) 1352 const gss_OID oid; 1353 { 1354 /* ensure that the requested oid matches our oid */ 1355 if (oid == NULL || !g_OID_equal(oid, &krb5_mechanism.mech_type)) { 1356 (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid"); 1357 return (NULL); 1358 } 1359 1360 #if 0 /* SUNW15resync - no longer needed(?) */ 1361 if (krb5_gss_get_context(&(krb5_mechanism.context)) != 1362 GSS_S_COMPLETE) 1363 return (NULL); 1364 #endif 1365 1366 return (&krb5_mechanism); 1367 } 1368 1369