1 /*
2  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
3  */
4 /*
5  * Copyright 1993 by OpenVision Technologies, Inc.
6  *
7  * Permission to use, copy, modify, distribute, and sell this software
8  * and its documentation for any purpose is hereby granted without fee,
9  * provided that the above copyright notice appears in all copies and
10  * that both that copyright notice and this permission notice appear in
11  * supporting documentation, and that the name of OpenVision not be used
12  * in advertising or publicity pertaining to distribution of the software
13  * without specific, written prior permission. OpenVision makes no
14  * representations about the suitability of this software for any
15  * purpose.  It is provided "as is" without express or implied warranty.
16  *
17  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
18  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
19  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
20  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
21  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
22  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
23  * PERFORMANCE OF THIS SOFTWARE.
24  */
25 
26 /*
27  * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $
28  */
29 
30 #include "gssapiP_krb5.h"
31 #include "mglueP.h"
32 #include <syslog.h>
33 
34 /** mechglue wrappers **/
35 
36 static OM_uint32 k5glue_acquire_cred
37 (void *, OM_uint32*,       /* minor_status */
38             gss_name_t,       /* desired_name */
39             OM_uint32,        /* time_req */
40             gss_OID_set,      /* desired_mechs */
41             gss_cred_usage_t, /* cred_usage */
42             gss_cred_id_t*,   /* output_cred_handle */
43             gss_OID_set*,     /* actual_mechs */
44             OM_uint32*        /* time_rec */
45            );
46 
47 static OM_uint32 k5glue_release_cred
48 (void *, OM_uint32*,       /* minor_status */
49             gss_cred_id_t*    /* cred_handle */
50            );
51 
52 static OM_uint32 k5glue_init_sec_context
53 (void *, OM_uint32*,       /* minor_status */
54             gss_cred_id_t,    /* claimant_cred_handle */
55             gss_ctx_id_t*,    /* context_handle */
56             gss_name_t,       /* target_name */
57             gss_OID,          /* mech_type */
58             OM_uint32,        /* req_flags */
59             OM_uint32,        /* time_req */
60             gss_channel_bindings_t,
61                               /* input_chan_bindings */
62             gss_buffer_t,     /* input_token */
63             gss_OID*,         /* actual_mech_type */
64             gss_buffer_t,     /* output_token */
65             OM_uint32*,       /* ret_flags */
66             OM_uint32*        /* time_rec */
67            );
68 
69 static OM_uint32 k5glue_accept_sec_context
70 (void *, OM_uint32*,       /* minor_status */
71             gss_ctx_id_t*,    /* context_handle */
72             gss_cred_id_t,    /* verifier_cred_handle */
73             gss_buffer_t,     /* input_token_buffer */
74             gss_channel_bindings_t,
75                               /* input_chan_bindings */
76             gss_name_t*,      /* src_name */
77             gss_OID*,         /* mech_type */
78             gss_buffer_t,     /* output_token */
79             OM_uint32*,       /* ret_flags */
80             OM_uint32*,       /* time_rec */
81             gss_cred_id_t*    /* delegated_cred_handle */
82            );
83 
84 static OM_uint32 k5glue_process_context_token
85 (void *, OM_uint32*,       /* minor_status */
86             gss_ctx_id_t,     /* context_handle */
87             gss_buffer_t      /* token_buffer */
88            );
89 
90 static OM_uint32 k5glue_delete_sec_context
91 (void *, OM_uint32*,       /* minor_status */
92             gss_ctx_id_t*,    /* context_handle */
93             gss_buffer_t      /* output_token */
94            );
95 
96 static OM_uint32 k5glue_context_time
97 (void *, OM_uint32*,       /* minor_status */
98             gss_ctx_id_t,     /* context_handle */
99             OM_uint32*        /* time_rec */
100            );
101 
102 static OM_uint32 k5glue_sign
103 (void *, OM_uint32*,       /* minor_status */
104             gss_ctx_id_t,     /* context_handle */
105             int,              /* qop_req */
106             gss_buffer_t,     /* message_buffer */
107             gss_buffer_t      /* message_token */
108            );
109 
110 static OM_uint32 k5glue_verify
111 (void *, OM_uint32*,       /* minor_status */
112             gss_ctx_id_t,     /* context_handle */
113             gss_buffer_t,     /* message_buffer */
114             gss_buffer_t,     /* token_buffer */
115             int*              /* qop_state */
116            );
117 
118 /* EXPORT DELETE START */
119 static OM_uint32 k5glue_seal
120 (void *, OM_uint32*,       /* minor_status */
121             gss_ctx_id_t,     /* context_handle */
122             int,              /* conf_req_flag */
123             int,              /* qop_req */
124             gss_buffer_t,     /* input_message_buffer */
125             int*,             /* conf_state */
126             gss_buffer_t      /* output_message_buffer */
127            );
128 
129 static OM_uint32 k5glue_unseal
130 (void *, OM_uint32*,       /* minor_status */
131             gss_ctx_id_t,     /* context_handle */
132             gss_buffer_t,     /* input_message_buffer */
133             gss_buffer_t,     /* output_message_buffer */
134             int*,             /* conf_state */
135             int*              /* qop_state */
136            );
137 /* EXPORT DELETE END */
138 
139 static OM_uint32 k5glue_display_status
140 (void *, OM_uint32*,       /* minor_status */
141             OM_uint32,        /* status_value */
142             int,              /* status_type */
143             gss_OID,          /* mech_type */
144             OM_uint32*,       /* message_context */
145             gss_buffer_t      /* status_string */
146            );
147 
148 static OM_uint32 k5glue_indicate_mechs
149 (void *, OM_uint32*,       /* minor_status */
150             gss_OID_set*      /* mech_set */
151            );
152 
153 static OM_uint32 k5glue_compare_name
154 (void *, OM_uint32*,       /* minor_status */
155             gss_name_t,       /* name1 */
156             gss_name_t,       /* name2 */
157             int*              /* name_equal */
158            );
159 
160 static OM_uint32 k5glue_display_name
161 (void *, OM_uint32*,      /* minor_status */
162             gss_name_t,      /* input_name */
163             gss_buffer_t,    /* output_name_buffer */
164             gss_OID*         /* output_name_type */
165            );
166 
167 static OM_uint32 k5glue_import_name
168 (void *, OM_uint32*,       /* minor_status */
169             gss_buffer_t,     /* input_name_buffer */
170             gss_OID,          /* input_name_type */
171             gss_name_t*       /* output_name */
172            );
173 
174 static OM_uint32 k5glue_release_name
175 (void *, OM_uint32*,       /* minor_status */
176             gss_name_t*       /* input_name */
177            );
178 
179 static OM_uint32 k5glue_inquire_cred
180 (void *, OM_uint32 *,      /* minor_status */
181             gss_cred_id_t,    /* cred_handle */
182             gss_name_t *,     /* name */
183             OM_uint32 *,      /* lifetime */
184             gss_cred_usage_t*,/* cred_usage */
185             gss_OID_set *     /* mechanisms */
186            );
187 
188 static OM_uint32 k5glue_inquire_context
189 (void *, OM_uint32*,       /* minor_status */
190 	    gss_ctx_id_t,     /* context_handle */
191 	    gss_name_t*,      /* initiator_name */
192 	    gss_name_t*,      /* acceptor_name */
193 	    OM_uint32*,       /* lifetime_rec */
194 	    gss_OID*,         /* mech_type */
195 	    OM_uint32*,       /* ret_flags */
196 	    int*,             /* locally_initiated */
197 	    int*              /* open */
198 	   );
199 
200 #if 0
201 /* New V2 entry points */
202 static OM_uint32 k5glue_get_mic
203 (void *, OM_uint32 *,		/* minor_status */
204 	    gss_ctx_id_t,		/* context_handle */
205 	    gss_qop_t,			/* qop_req */
206 	    gss_buffer_t,		/* message_buffer */
207 	    gss_buffer_t		/* message_token */
208 	   );
209 
210 static OM_uint32 k5glue_verify_mic
211 (void *, OM_uint32 *,		/* minor_status */
212 	    gss_ctx_id_t,		/* context_handle */
213 	    gss_buffer_t,		/* message_buffer */
214 	    gss_buffer_t,		/* message_token */
215 	    gss_qop_t *			/* qop_state */
216 	   );
217 
218 static OM_uint32 k5glue_wrap
219 (void *, OM_uint32 *,		/* minor_status */
220 	    gss_ctx_id_t,		/* context_handle */
221 	    int,			/* conf_req_flag */
222 	    gss_qop_t,			/* qop_req */
223 	    gss_buffer_t,		/* input_message_buffer */
224 	    int *,			/* conf_state */
225 	    gss_buffer_t		/* output_message_buffer */
226 	   );
227 
228 static OM_uint32 k5glue_unwrap
229 (void *, OM_uint32 *,		/* minor_status */
230 	    gss_ctx_id_t,		/* context_handle */
231 	    gss_buffer_t,		/* input_message_buffer */
232 	    gss_buffer_t,		/* output_message_buffer */
233 	    int *,			/* conf_state */
234 	    gss_qop_t *			/* qop_state */
235 	   );
236 #endif
237 
238 static OM_uint32 k5glue_wrap_size_limit
239 (void *, OM_uint32 *,		/* minor_status */
240 	    gss_ctx_id_t,		/* context_handle */
241 	    int,			/* conf_req_flag */
242 	    gss_qop_t,			/* qop_req */
243 	    OM_uint32,			/* req_output_size */
244 	    OM_uint32 *			/* max_input_size */
245 	   );
246 
247 #if 0
248 static OM_uint32 k5glue_import_name_object
249 (void *, OM_uint32 *,		/* minor_status */
250 	    void *,			/* input_name */
251 	    gss_OID,			/* input_name_type */
252 	    gss_name_t *		/* output_name */
253 	   );
254 
255 static OM_uint32 k5glue_export_name_object
256 (void *, OM_uint32 *,		/* minor_status */
257 	    gss_name_t,			/* input_name */
258 	    gss_OID,			/* desired_name_type */
259 	    void * *			/* output_name */
260 	   );
261 #endif
262 
263 static OM_uint32 k5glue_add_cred
264 (void *, OM_uint32 *,		/* minor_status */
265 	    gss_cred_id_t,		/* input_cred_handle */
266 	    gss_name_t,			/* desired_name */
267 	    gss_OID,			/* desired_mech */
268 	    gss_cred_usage_t,		/* cred_usage */
269 	    OM_uint32,			/* initiator_time_req */
270 	    OM_uint32,			/* acceptor_time_req */
271 	    gss_cred_id_t *,		/* output_cred_handle */
272 	    gss_OID_set *,		/* actual_mechs */
273 	    OM_uint32 *,		/* initiator_time_rec */
274 	    OM_uint32 *			/* acceptor_time_rec */
275 	   );
276 
277 static OM_uint32 k5glue_inquire_cred_by_mech
278 (void *, OM_uint32  *,		/* minor_status */
279 	    gss_cred_id_t,		/* cred_handle */
280 	    gss_OID,			/* mech_type */
281 	    gss_name_t *,		/* name */
282 	    OM_uint32 *,		/* initiator_lifetime */
283 	    OM_uint32 *,		/* acceptor_lifetime */
284 	    gss_cred_usage_t * 		/* cred_usage */
285 	   );
286 
287 static OM_uint32 k5glue_export_sec_context
288 (void *, OM_uint32 *,		/* minor_status */
289 	    gss_ctx_id_t *,		/* context_handle */
290 	    gss_buffer_t		/* interprocess_token */
291 	    );
292 
293 static OM_uint32 k5glue_import_sec_context
294 (void *, OM_uint32 *,		/* minor_status */
295 	    gss_buffer_t,		/* interprocess_token */
296 	    gss_ctx_id_t *		/* context_handle */
297 	    );
298 
299 krb5_error_code k5glue_ser_init(krb5_context);
300 
301 static OM_uint32 k5glue_internal_release_oid
302 (void *, OM_uint32 *,		/* minor_status */
303 	    gss_OID *			/* oid */
304 	   );
305 
306 static OM_uint32 k5glue_inquire_names_for_mech
307 (void *, OM_uint32 *,		/* minor_status */
308 	    gss_OID,			/* mechanism */
309 	    gss_OID_set *		/* name_types */
310 	   );
311 
312 #if 0
313 static OM_uint32 k5glue_canonicalize_name
314 (void *, OM_uint32  *,		/* minor_status */
315 	    const gss_name_t,		/* input_name */
316 	    const gss_OID,		/* mech_type */
317 	    gss_name_t *		/* output_name */
318 	 );
319 #endif
320 
321 static OM_uint32 k5glue_export_name
322 (void *, OM_uint32  *,		/* minor_status */
323 	    const gss_name_t,		/* input_name */
324 	    gss_buffer_t		/* exported_name */
325 	 );
326 
327 /* SUNW15resync - Solaris specific */
328 static OM_uint32 k5glue_store_cred (
329 	    void *,
330 	    OM_uint32 *,            /* minor_status */
331 	    const gss_cred_id_t,    /* input_cred */
332 	    gss_cred_usage_t,       /* cred_usage */
333 	    const gss_OID,          /* desired_mech */
334 	    OM_uint32,              /* overwrite_cred */
335 	    OM_uint32,              /* default_cred */
336 	    gss_OID_set *,          /* elements_stored */
337 	    gss_cred_usage_t *      /* cred_usage_stored */
338 	   );
339 
340 /* SUNW17PACresync - this decl not needed in MIT but is for Sol */
341 /* Note code is in gsspi_krb5.c */
342 OM_uint32 krb5_gss_inquire_sec_context_by_oid(
343 	OM_uint32 *,
344 	const gss_ctx_id_t,
345 	const gss_OID,
346 	gss_buffer_set_t *);
347 
348 static OM_uint32
349 k5glue_userok(
350 		    void *,		/* context */
351 		    OM_uint32 *,	/* minor_status */
352 		    const gss_name_t,	/* pname */
353 		    const char *,	/* local user */
354 		    int *		/* user ok? */
355 	/* */);
356 
357 static OM_uint32
358 k5glue_pname_to_uid(
359 		    void *,		/* context */
360 		    OM_uint32 *,	/* minor_status */
361 		    const gss_name_t,	/* pname */
362 		    uid_t *		/* uid */
363 	/* */);
364 
365 
366 
367 
368 #if 0
369 static OM_uint32 k5glue_duplicate_name
370 (void *, OM_uint32  *,		/* minor_status */
371 	    const gss_name_t,		/* input_name */
372 	    gss_name_t *		/* dest_name */
373 	 );
374 #endif
375 
376 #if 0
377 static OM_uint32 k5glue_validate_cred
378 (void *, OM_uint32 *,		/* minor_status */
379 	    gss_cred_id_t		/* cred */
380          );
381 #endif
382 
383 #if 0
384 /*
385  * SUNW15resync
386  * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src
387  * slicing&dicing needs of the "nightly -SD" build.  When it goes away,
388  * we should use it assuming MIT still uses it then.
389  */
390 
391 /*
392  * The krb5 mechanism provides two mech OIDs; use this initializer to
393  * ensure that both dispatch tables contain identical function
394  * pointers.
395  */
396 #define KRB5_GSS_CONFIG_INIT				\
397     NULL,						\
398     ...
399 #endif
400 
401 
402 static struct gss_config krb5_mechanism = {
403 #if 0 /* Solaris Kerberos */
404     100, "kerberos_v5",
405 #endif
406     { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
407     NULL,
408     k5glue_acquire_cred,
409     k5glue_release_cred,
410     k5glue_init_sec_context,
411     k5glue_accept_sec_context,
412 /* EXPORT DELETE START */ /* CRYPT DELETE START */
413     k5glue_unseal,
414 /* EXPORT DELETE END */ /* CRYPT DELETE END */
415     k5glue_process_context_token,
416     k5glue_delete_sec_context,
417     k5glue_context_time,
418     k5glue_display_status,
419     k5glue_indicate_mechs,
420     k5glue_compare_name,
421     k5glue_display_name,
422     k5glue_import_name,
423     k5glue_release_name,
424     k5glue_inquire_cred,
425     k5glue_add_cred,
426 /* EXPORT DELETE START */ /* CRYPT DELETE START */
427     k5glue_seal,
428 /* EXPORT DELETE END */ /* CRYPT DELETE END */
429     k5glue_export_sec_context,
430     k5glue_import_sec_context,
431     k5glue_inquire_cred_by_mech,
432     k5glue_inquire_names_for_mech,
433     k5glue_inquire_context,
434     k5glue_internal_release_oid,
435     k5glue_wrap_size_limit,
436     k5glue_pname_to_uid,
437     k5glue_userok,
438     k5glue_export_name,
439 /* EXPORT DELETE START */
440 /* CRYPT DELETE START */
441 #if 0
442 /* CRYPT DELETE END */
443     k5glue_seal,
444     k5glue_unseal,
445 /* CRYPT DELETE START */
446 #endif
447 /* CRYPT DELETE END */
448 /* EXPORT DELETE END */
449     k5glue_sign,
450     k5glue_verify,
451     k5glue_store_cred,
452     krb5_gss_inquire_sec_context_by_oid
453 };
454 
455 static struct gss_config krb5_mechanism_old = {
456 #if 0 /* Solaris Kerberos */
457     200, "kerberos_v5 (pre-RFC OID)",
458 #endif
459     { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID },
460     NULL,
461     k5glue_acquire_cred,
462     k5glue_release_cred,
463     k5glue_init_sec_context,
464     k5glue_accept_sec_context,
465 /* EXPORT DELETE START */ /* CRYPT DELETE START */
466     k5glue_unseal,
467 /* EXPORT DELETE END */ /* CRYPT DELETE END */
468     k5glue_process_context_token,
469     k5glue_delete_sec_context,
470     k5glue_context_time,
471     k5glue_display_status,
472     k5glue_indicate_mechs,
473     k5glue_compare_name,
474     k5glue_display_name,
475     k5glue_import_name,
476     k5glue_release_name,
477     k5glue_inquire_cred,
478     k5glue_add_cred,
479 /* EXPORT DELETE START */ /* CRYPT DELETE START */
480     k5glue_seal,
481 /* EXPORT DELETE END */ /* CRYPT DELETE END */
482     k5glue_export_sec_context,
483     k5glue_import_sec_context,
484     k5glue_inquire_cred_by_mech,
485     k5glue_inquire_names_for_mech,
486     k5glue_inquire_context,
487     k5glue_internal_release_oid,
488     k5glue_wrap_size_limit,
489     k5glue_pname_to_uid,
490     k5glue_userok,
491     k5glue_export_name,
492 /* EXPORT DELETE START */
493 /* CRYPT DELETE START */
494 #if 0
495 /* CRYPT DELETE END */
496     k5glue_seal,
497     k5glue_unseal,
498 /* CRYPT DELETE START */
499 #endif
500 /* CRYPT DELETE END */
501 /* EXPORT DELETE END */
502     k5glue_sign,
503     k5glue_verify,
504     k5glue_store_cred,
505     krb5_gss_inquire_sec_context_by_oid
506 };
507 
508 static struct gss_config krb5_mechanism_wrong = {
509 #if 0 /* Solaris Kerberos */
510     300, "kerberos_v5 (wrong OID)",
511 #endif
512     { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID },
513     NULL,
514     k5glue_acquire_cred,
515     k5glue_release_cred,
516     k5glue_init_sec_context,
517     k5glue_accept_sec_context,
518 /* EXPORT DELETE START */ /* CRYPT DELETE START */
519     k5glue_unseal,
520 /* EXPORT DELETE END */ /* CRYPT DELETE END */
521     k5glue_process_context_token,
522     k5glue_delete_sec_context,
523     k5glue_context_time,
524     k5glue_display_status,
525     k5glue_indicate_mechs,
526     k5glue_compare_name,
527     k5glue_display_name,
528     k5glue_import_name,
529     k5glue_release_name,
530     k5glue_inquire_cred,
531     k5glue_add_cred,
532 /* EXPORT DELETE START */ /* CRYPT DELETE START */
533     k5glue_seal,
534 /* EXPORT DELETE END */ /* CRYPT DELETE END */
535     k5glue_export_sec_context,
536     k5glue_import_sec_context,
537     k5glue_inquire_cred_by_mech,
538     k5glue_inquire_names_for_mech,
539     k5glue_inquire_context,
540     k5glue_internal_release_oid,
541     k5glue_wrap_size_limit,
542     k5glue_pname_to_uid,
543     k5glue_userok,
544     k5glue_export_name,
545 /* EXPORT DELETE START */
546 /* CRYPT DELETE START */
547 #if 0
548 /* CRYPT DELETE END */
549     k5glue_seal,
550     k5glue_unseal,
551 /* CRYPT DELETE START */
552 #endif
553 /* CRYPT DELETE END */
554 /* EXPORT DELETE END */
555     k5glue_sign,
556     k5glue_verify,
557     k5glue_store_cred,
558     krb5_gss_inquire_sec_context_by_oid
559 };
560 
561 static gss_mechanism krb5_mech_configs[] = {
562     &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL
563 };
564 
565 #ifdef MS_BUG_TEST
566 static gss_mechanism krb5_mech_configs_hack[] = {
567     &krb5_mechanism, &krb5_mechanism_old, NULL
568 };
569 #endif
570 
571 #if 1
572 #define gssint_get_mech_configs krb5_gss_get_mech_configs
573 #endif
574 
575 gss_mechanism *
576 gssint_get_mech_configs(void)
577 {
578 #ifdef MS_BUG_TEST
579     char *envstr = getenv("MS_FORCE_NO_MSOID");
580 
581     if (envstr != NULL && strcmp(envstr, "1") == 0) {
582 	return krb5_mech_configs_hack;
583     }
584 #endif
585     return krb5_mech_configs;
586 }
587 
588 static OM_uint32
589 k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle,
590 		       input_token, input_chan_bindings, src_name, mech_type,
591 		       output_token, ret_flags, time_rec, delegated_cred_handle)
592     void *ctx;
593      OM_uint32 *minor_status;
594      gss_ctx_id_t *context_handle;
595      gss_cred_id_t verifier_cred_handle;
596      gss_buffer_t input_token;
597      gss_channel_bindings_t input_chan_bindings;
598      gss_name_t *src_name;
599      gss_OID *mech_type;
600      gss_buffer_t output_token;
601      OM_uint32 *ret_flags;
602      OM_uint32 *time_rec;
603      gss_cred_id_t *delegated_cred_handle;
604 {
605    return(krb5_gss_accept_sec_context(minor_status,
606 				      context_handle,
607 				      verifier_cred_handle,
608 				      input_token,
609 				      input_chan_bindings,
610 				      src_name,
611 				      mech_type,
612 				      output_token,
613 				      ret_flags,
614 				      time_rec,
615 				      delegated_cred_handle));
616 }
617 
618 static OM_uint32
619 k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
620 		 cred_usage, output_cred_handle, actual_mechs, time_rec)
621     void *ctx;
622      OM_uint32 *minor_status;
623      gss_name_t desired_name;
624      OM_uint32 time_req;
625      gss_OID_set desired_mechs;
626      gss_cred_usage_t cred_usage;
627      gss_cred_id_t *output_cred_handle;
628      gss_OID_set *actual_mechs;
629      OM_uint32 *time_rec;
630 {
631    return(krb5_gss_acquire_cred(minor_status,
632 				desired_name,
633 				time_req,
634 				desired_mechs,
635 				cred_usage,
636 				output_cred_handle,
637 				actual_mechs,
638 				time_rec));
639 }
640 
641 /* V2 */
642 static OM_uint32
643 k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech,
644 	     cred_usage, initiator_time_req, acceptor_time_req,
645 	     output_cred_handle, actual_mechs, initiator_time_rec,
646 	     acceptor_time_rec)
647     void *ctx;
648     OM_uint32		 *minor_status;
649     gss_cred_id_t	input_cred_handle;
650     gss_name_t		desired_name;
651     gss_OID		desired_mech;
652     gss_cred_usage_t	cred_usage;
653     OM_uint32		initiator_time_req;
654     OM_uint32		acceptor_time_req;
655     gss_cred_id_t	 *output_cred_handle;
656     gss_OID_set		 *actual_mechs;
657     OM_uint32		 *initiator_time_rec;
658     OM_uint32		 *acceptor_time_rec;
659 {
660     return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name,
661 			     desired_mech, cred_usage, initiator_time_req,
662 			     acceptor_time_req, output_cred_handle,
663 			     actual_mechs, initiator_time_rec,
664 			     acceptor_time_rec));
665 }
666 
667 #if 0
668 /* V2 */
669 static OM_uint32
670 k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set)
671     void *ctx;
672     OM_uint32	 *minor_status;
673     gss_OID	member_oid;
674     gss_OID_set	 *oid_set;
675 {
676     return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set));
677 }
678 #endif
679 
680 static OM_uint32
681 k5glue_compare_name(ctx, minor_status, name1, name2, name_equal)
682     void *ctx;
683      OM_uint32 *minor_status;
684      gss_name_t name1;
685      gss_name_t name2;
686      int *name_equal;
687 {
688    return(krb5_gss_compare_name(minor_status, name1,
689 				name2, name_equal));
690 }
691 
692 static OM_uint32
693 k5glue_context_time(ctx, minor_status, context_handle, time_rec)
694     void *ctx;
695      OM_uint32 *minor_status;
696      gss_ctx_id_t context_handle;
697      OM_uint32 *time_rec;
698 {
699    return(krb5_gss_context_time(minor_status, context_handle,
700 				time_rec));
701 }
702 
703 #if 0
704 /* V2 */
705 static OM_uint32
706 k5glue_create_empty_oid_set(ctx, minor_status, oid_set)
707     void *ctx;
708     OM_uint32	 *minor_status;
709     gss_OID_set	 *oid_set;
710 {
711     return(generic_gss_create_empty_oid_set(minor_status, oid_set));
712 }
713 #endif
714 
715 static OM_uint32
716 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token)
717     void *ctx;
718      OM_uint32 *minor_status;
719      gss_ctx_id_t *context_handle;
720      gss_buffer_t output_token;
721 {
722    return(krb5_gss_delete_sec_context(minor_status,
723 				      context_handle, output_token));
724 }
725 
726 static OM_uint32
727 k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type)
728     void *ctx;
729      OM_uint32 *minor_status;
730      gss_name_t input_name;
731      gss_buffer_t output_name_buffer;
732      gss_OID *output_name_type;
733 {
734    return(krb5_gss_display_name(minor_status, input_name,
735 				output_name_buffer, output_name_type));
736 }
737 
738 static OM_uint32
739 k5glue_display_status(ctx, minor_status, status_value, status_type,
740 		   mech_type, message_context, status_string)
741     void *ctx;
742      OM_uint32 *minor_status;
743      OM_uint32 status_value;
744      int status_type;
745      gss_OID mech_type;
746      OM_uint32 *message_context;
747      gss_buffer_t status_string;
748 {
749    return(krb5_gss_display_status(minor_status, status_value,
750 				  status_type, mech_type, message_context,
751 				  status_string));
752 }
753 
754 /* V2 */
755 static OM_uint32
756 k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token)
757     void *ctx;
758      OM_uint32		 *minor_status;
759      gss_ctx_id_t	 *context_handle;
760      gss_buffer_t	interprocess_token;
761 {
762    return(krb5_gss_export_sec_context(minor_status,
763 				      context_handle,
764 				      interprocess_token));
765 }
766 
767 #if 0
768 /* V2 */
769 static OM_uint32
770 k5glue_get_mic(ctx, minor_status, context_handle, qop_req,
771 	    message_buffer, message_token)
772     void *ctx;
773      OM_uint32		 *minor_status;
774      gss_ctx_id_t	context_handle;
775      gss_qop_t		qop_req;
776      gss_buffer_t	message_buffer;
777      gss_buffer_t	message_token;
778 {
779     return(krb5_gss_get_mic(minor_status, context_handle,
780 			    qop_req, message_buffer, message_token));
781 }
782 #endif
783 
784 static OM_uint32
785 k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name)
786     void *ctx;
787      OM_uint32 *minor_status;
788      gss_buffer_t input_name_buffer;
789      gss_OID input_name_type;
790      gss_name_t *output_name;
791 {
792 #if 0
793     OM_uint32 err;
794     err = gssint_initialize_library();
795     if (err) {
796 	*minor_status = err;
797 	return GSS_S_FAILURE;
798     }
799 #endif
800     return(krb5_gss_import_name(minor_status, input_name_buffer,
801 				input_name_type, output_name));
802 }
803 
804 /* V2 */
805 static OM_uint32
806 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
807     void *ctx;
808      OM_uint32		 *minor_status;
809      gss_buffer_t	interprocess_token;
810      gss_ctx_id_t	 *context_handle;
811 {
812    return(krb5_gss_import_sec_context(minor_status,
813 				      interprocess_token,
814 				      context_handle));
815 }
816 
817 static OM_uint32
818 k5glue_indicate_mechs(ctx, minor_status, mech_set)
819     void *ctx;
820      OM_uint32 *minor_status;
821      gss_OID_set *mech_set;
822 {
823    return(krb5_gss_indicate_mechs(minor_status, mech_set));
824 }
825 
826 static OM_uint32
827 k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle,
828 		     target_name, mech_type, req_flags, time_req,
829 		     input_chan_bindings, input_token, actual_mech_type,
830 		     output_token, ret_flags, time_rec)
831     void *ctx;
832      OM_uint32 *minor_status;
833      gss_cred_id_t claimant_cred_handle;
834      gss_ctx_id_t *context_handle;
835      gss_name_t target_name;
836      gss_OID mech_type;
837      OM_uint32 req_flags;
838      OM_uint32 time_req;
839      gss_channel_bindings_t input_chan_bindings;
840      gss_buffer_t input_token;
841      gss_OID *actual_mech_type;
842      gss_buffer_t output_token;
843      OM_uint32 *ret_flags;
844      OM_uint32 *time_rec;
845 {
846    return(krb5_gss_init_sec_context(minor_status,
847 				    claimant_cred_handle, context_handle,
848 				    target_name, mech_type, req_flags,
849 				    time_req, input_chan_bindings, input_token,
850 				    actual_mech_type, output_token, ret_flags,
851 				    time_rec));
852 }
853 
854 static OM_uint32
855 k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name,
856 		    lifetime_rec, mech_type, ret_flags,
857 		    locally_initiated, open)
858     void *ctx;
859      OM_uint32 *minor_status;
860      gss_ctx_id_t context_handle;
861      gss_name_t *initiator_name;
862      gss_name_t *acceptor_name;
863      OM_uint32 *lifetime_rec;
864      gss_OID *mech_type;
865      OM_uint32 *ret_flags;
866      int *locally_initiated;
867      int *open;
868 {
869    return(krb5_gss_inquire_context(minor_status, context_handle,
870 				   initiator_name, acceptor_name, lifetime_rec,
871 				   mech_type, ret_flags, locally_initiated,
872 				   open));
873 }
874 
875 static OM_uint32
876 k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret,
877 		 cred_usage, mechanisms)
878     void *ctx;
879      OM_uint32 *minor_status;
880      gss_cred_id_t cred_handle;
881      gss_name_t *name;
882      OM_uint32 *lifetime_ret;
883      gss_cred_usage_t *cred_usage;
884      gss_OID_set *mechanisms;
885 {
886    return(krb5_gss_inquire_cred(minor_status, cred_handle,
887 				name, lifetime_ret, cred_usage, mechanisms));
888 }
889 
890 /* V2 */
891 static OM_uint32
892 k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name,
893 			 initiator_lifetime, acceptor_lifetime, cred_usage)
894     void *ctx;
895      OM_uint32		 *minor_status;
896      gss_cred_id_t	cred_handle;
897      gss_OID		mech_type;
898      gss_name_t		 *name;
899      OM_uint32		 *initiator_lifetime;
900      OM_uint32		 *acceptor_lifetime;
901      gss_cred_usage_t	 *cred_usage;
902 {
903    return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
904 					mech_type, name, initiator_lifetime,
905 					acceptor_lifetime, cred_usage));
906 }
907 
908 /* V2 */
909 static OM_uint32
910 k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
911     void *ctx;
912     OM_uint32	 *minor_status;
913     gss_OID	mechanism;
914     gss_OID_set	 *name_types;
915 {
916     return(krb5_gss_inquire_names_for_mech(minor_status,
917 					   mechanism,
918 					   name_types));
919 }
920 
921 #if 0
922 /* V2 */
923 static OM_uint32
924 k5glue_oid_to_str(ctx, minor_status, oid, oid_str)
925     void *ctx;
926     OM_uint32		 *minor_status;
927     gss_OID		oid;
928     gss_buffer_t	oid_str;
929 {
930     return(generic_gss_oid_to_str(minor_status, oid, oid_str));
931 }
932 #endif
933 
934 static OM_uint32
935 k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer)
936     void *ctx;
937      OM_uint32 *minor_status;
938      gss_ctx_id_t context_handle;
939      gss_buffer_t token_buffer;
940 {
941    return(krb5_gss_process_context_token(minor_status,
942 					 context_handle, token_buffer));
943 }
944 
945 static OM_uint32
946 k5glue_release_cred(ctx, minor_status, cred_handle)
947     void *ctx;
948      OM_uint32 *minor_status;
949      gss_cred_id_t *cred_handle;
950 {
951    return(krb5_gss_release_cred(minor_status, cred_handle));
952 }
953 
954 static OM_uint32
955 k5glue_release_name(ctx, minor_status, input_name)
956     void *ctx;
957      OM_uint32 *minor_status;
958      gss_name_t *input_name;
959 {
960    return(krb5_gss_release_name(minor_status, input_name));
961 }
962 
963 #if 0
964 static OM_uint32
965 k5glue_release_buffer(ctx, minor_status, buffer)
966     void *ctx;
967      OM_uint32 *minor_status;
968      gss_buffer_t buffer;
969 {
970    return(generic_gss_release_buffer(minor_status,
971 				     buffer));
972 }
973 #endif
974 
975 /* V2 */
976 static OM_uint32
977 k5glue_internal_release_oid(ctx, minor_status, oid)
978     void *ctx;
979      OM_uint32	 *minor_status;
980      gss_OID	 *oid;
981 {
982     return(krb5_gss_internal_release_oid(minor_status, oid));
983 }
984 
985 #if 0
986 static OM_uint32
987 k5glue_release_oid_set(ctx, minor_status, set)
988     void *ctx;
989      OM_uint32 * minor_status;
990      gss_OID_set *set;
991 {
992    return(generic_gss_release_oid_set(minor_status, set));
993 }
994 #endif
995 
996 /* EXPORT DELETE START */
997 /* V1 only */
998 static OM_uint32
999 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
1000 	 input_message_buffer, conf_state, output_message_buffer)
1001     void *ctx;
1002      OM_uint32 *minor_status;
1003      gss_ctx_id_t context_handle;
1004      int conf_req_flag;
1005      int qop_req;
1006      gss_buffer_t input_message_buffer;
1007      int *conf_state;
1008      gss_buffer_t output_message_buffer;
1009 {
1010    return(krb5_gss_seal(minor_status, context_handle,
1011 			conf_req_flag, qop_req, input_message_buffer,
1012 			conf_state, output_message_buffer));
1013 }
1014 /* EXPORT DELETE END */
1015 
1016 static OM_uint32
1017 k5glue_sign(ctx, minor_status, context_handle,
1018 	      qop_req, message_buffer,
1019 	      message_token)
1020     void *ctx;
1021      OM_uint32 *minor_status;
1022      gss_ctx_id_t context_handle;
1023      int qop_req;
1024      gss_buffer_t message_buffer;
1025      gss_buffer_t message_token;
1026 {
1027    return(krb5_gss_sign(minor_status, context_handle,
1028 			qop_req, message_buffer, message_token));
1029 }
1030 
1031 #if 0
1032 /* V2 */
1033 static OM_uint32
1034 k5glue_verify_mic(ctx, minor_status, context_handle,
1035 	       message_buffer, token_buffer, qop_state)
1036     void *ctx;
1037      OM_uint32		 *minor_status;
1038      gss_ctx_id_t	context_handle;
1039      gss_buffer_t	message_buffer;
1040      gss_buffer_t	token_buffer;
1041      gss_qop_t		 *qop_state;
1042 {
1043     return(krb5_gss_verify_mic(minor_status, context_handle,
1044 			       message_buffer, token_buffer, qop_state));
1045 }
1046 
1047 /* V2 */
1048 static OM_uint32
1049 k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req,
1050 	 input_message_buffer, conf_state, output_message_buffer)
1051     void *ctx;
1052     OM_uint32		 *minor_status;
1053     gss_ctx_id_t	context_handle;
1054     int			conf_req_flag;
1055     gss_qop_t		qop_req;
1056     gss_buffer_t	input_message_buffer;
1057     int			 *conf_state;
1058     gss_buffer_t	output_message_buffer;
1059 {
1060     return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req,
1061 			 input_message_buffer, conf_state,
1062 			 output_message_buffer));
1063 }
1064 
1065 /* V2 */
1066 static OM_uint32
1067 k5glue_str_to_oid(ctx, minor_status, oid_str, oid)
1068     void *ctx;
1069     OM_uint32		 *minor_status;
1070     gss_buffer_t	oid_str;
1071     gss_OID		 *oid;
1072 {
1073     return(generic_gss_str_to_oid(minor_status, oid_str, oid));
1074 }
1075 
1076 /* V2 */
1077 static OM_uint32
1078 k5glue_test_oid_set_member(ctx, minor_status, member, set, present)
1079     void *ctx;
1080     OM_uint32	 *minor_status;
1081     gss_OID	member;
1082     gss_OID_set	set;
1083     int		 *present;
1084 {
1085     return(generic_gss_test_oid_set_member(minor_status, member, set,
1086 					   present));
1087 }
1088 #endif
1089 
1090 /* EXPORT DELETE START */
1091 /* V1 only */
1092 static OM_uint32
1093 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
1094 	   output_message_buffer, conf_state, qop_state)
1095     void *ctx;
1096      OM_uint32 *minor_status;
1097      gss_ctx_id_t context_handle;
1098      gss_buffer_t input_message_buffer;
1099      gss_buffer_t output_message_buffer;
1100      int *conf_state;
1101      int *qop_state;
1102 {
1103    return(krb5_gss_unseal(minor_status, context_handle,
1104 			  input_message_buffer, output_message_buffer,
1105 			  conf_state, qop_state));
1106 }
1107 /* EXPORT DELETE END */
1108 
1109 #if 0
1110 /* V2 */
1111 static OM_uint32
1112 k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer,
1113 	   output_message_buffer, conf_state, qop_state)
1114     void *ctx;
1115     OM_uint32		 *minor_status;
1116     gss_ctx_id_t	context_handle;
1117     gss_buffer_t	input_message_buffer;
1118     gss_buffer_t	output_message_buffer;
1119     int			 *conf_state;
1120     gss_qop_t		 *qop_state;
1121 {
1122     return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer,
1123 			   output_message_buffer, conf_state, qop_state));
1124 }
1125 #endif
1126 
1127 /* V1 only */
1128 static OM_uint32
1129 k5glue_verify(ctx, minor_status, context_handle, message_buffer,
1130 	   token_buffer, qop_state)
1131     void *ctx;
1132      OM_uint32 *minor_status;
1133      gss_ctx_id_t context_handle;
1134      gss_buffer_t message_buffer;
1135      gss_buffer_t token_buffer;
1136      int *qop_state;
1137 {
1138    return(krb5_gss_verify(minor_status,
1139 			  context_handle,
1140 			  message_buffer,
1141 			  token_buffer,
1142 			  qop_state));
1143 }
1144 
1145 /* V2 interface */
1146 static OM_uint32
1147 k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag,
1148 		    qop_req, req_output_size, max_input_size)
1149     void *ctx;
1150     OM_uint32		 *minor_status;
1151     gss_ctx_id_t	context_handle;
1152     int			conf_req_flag;
1153     gss_qop_t		qop_req;
1154     OM_uint32		req_output_size;
1155     OM_uint32		 *max_input_size;
1156 {
1157    return(krb5_gss_wrap_size_limit(minor_status, context_handle,
1158 				   conf_req_flag, qop_req,
1159 				   req_output_size, max_input_size));
1160 }
1161 
1162 #if 0
1163 /* V2 interface */
1164 static OM_uint32
1165 k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name)
1166     void *ctx;
1167 	OM_uint32  *minor_status;
1168 	const gss_name_t input_name;
1169 	const gss_OID mech_type;
1170 	gss_name_t *output_name;
1171 {
1172 	return krb5_gss_canonicalize_name(minor_status, input_name,
1173 					  mech_type, output_name);
1174 }
1175 #endif
1176 
1177 /* V2 interface */
1178 static OM_uint32
1179 k5glue_export_name(ctx, minor_status, input_name, exported_name)
1180     void *ctx;
1181 	OM_uint32  *minor_status;
1182 	const gss_name_t input_name;
1183 	gss_buffer_t exported_name;
1184 {
1185 	return krb5_gss_export_name(minor_status, input_name, exported_name);
1186 }
1187 
1188 /* SUNW15resync - this is not in the MIT mech (lib) yet */
1189 static OM_uint32
1190 k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech,
1191 			overwrite_cred, default_cred, elements_stored,
1192 			cred_usage_stored)
1193 void *ctx;
1194 OM_uint32 *minor_status;
1195 const gss_cred_id_t input_cred;
1196 gss_cred_usage_t cred_usage;
1197 gss_OID desired_mech;
1198 OM_uint32 overwrite_cred;
1199 OM_uint32 default_cred;
1200 gss_OID_set *elements_stored;
1201 gss_cred_usage_t *cred_usage_stored;
1202 {
1203   return(krb5_gss_store_cred(minor_status, input_cred,
1204 			    cred_usage, desired_mech,
1205 			    overwrite_cred, default_cred, elements_stored,
1206 			    cred_usage_stored));
1207 }
1208 
1209 static OM_uint32
1210 k5glue_userok(
1211 		    void *ctxt,		/* context */
1212 		    OM_uint32 *minor,	/* minor_status */
1213 		    const gss_name_t pname,	/* pname */
1214 		    const char *user,	/* local user */
1215 		    int *user_ok		/* user ok? */
1216 	/* */)
1217 {
1218   return(krb5_gss_userok(minor, pname, user, user_ok));
1219 }
1220 
1221 static OM_uint32
1222 k5glue_pname_to_uid(
1223 		    void *ctxt,		/* context */
1224 		    OM_uint32 *minor,	/* minor_status */
1225 		    const gss_name_t pname,	/* pname */
1226 		    uid_t *uidOut		/* uid */
1227 	/* */)
1228 {
1229   return (krb5_pname_to_uid(minor, pname, uidOut));
1230 }
1231 
1232 
1233 
1234 #if 0
1235 /* V2 interface */
1236 static OM_uint32
1237 k5glue_duplicate_name(ctx, minor_status, input_name, dest_name)
1238     void *ctx;
1239 	OM_uint32  *minor_status;
1240 	const gss_name_t input_name;
1241 	gss_name_t *dest_name;
1242 {
1243 	return krb5_gss_duplicate_name(minor_status, input_name, dest_name);
1244 }
1245 #endif
1246 
1247 
1248 OM_uint32 KRB5_CALLCONV
1249 gss_krb5_copy_ccache(
1250     OM_uint32 *minor_status,
1251     gss_cred_id_t cred_handle,
1252     krb5_ccache out_ccache)
1253 {
1254     gss_union_cred_t ucred;
1255     gss_cred_id_t mcred;
1256 
1257     ucred = (gss_union_cred_t)cred_handle;
1258 
1259     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1260     if (mcred != GSS_C_NO_CREDENTIAL)
1261 	return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1262 
1263     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1264     if (mcred != GSS_C_NO_CREDENTIAL)
1265 	return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1266 
1267     return GSS_S_DEFECTIVE_CREDENTIAL;
1268 }
1269 
1270 OM_uint32 KRB5_CALLCONV
1271 gss_krb5_set_allowable_enctypes(
1272     OM_uint32 *minor_status,
1273     gss_cred_id_t cred,
1274     OM_uint32 num_ktypes,
1275     krb5_enctype *ktypes)
1276 {
1277     gss_union_cred_t ucred;
1278     gss_cred_id_t mcred;
1279 
1280     ucred = (gss_union_cred_t)cred;
1281     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1282     if (mcred != GSS_C_NO_CREDENTIAL)
1283 	return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1284 						  num_ktypes, ktypes);
1285 
1286     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1287     if (mcred != GSS_C_NO_CREDENTIAL)
1288 	return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1289 						  num_ktypes, ktypes);
1290 
1291     return GSS_S_DEFECTIVE_CREDENTIAL;
1292 }
1293 
1294 /*
1295  * Glue routine for returning the mechanism-specific credential from a
1296  * external union credential.
1297  */
1298 /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't
1299   want to link against libgss so we put it here since we need it in the mech */
1300 gss_cred_id_t
1301 gssint_get_mechanism_cred(union_cred, mech_type)
1302     gss_union_cred_t    union_cred;
1303     gss_OID             mech_type;
1304 {
1305     int         i;
1306 
1307     if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL)
1308         return GSS_C_NO_CREDENTIAL;
1309 
1310     for (i=0; i < union_cred->count; i++) {
1311         if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
1312             return union_cred->cred_array[i];
1313     }
1314     return GSS_C_NO_CREDENTIAL;
1315 }
1316 
1317 
1318 
1319 /*
1320  * entry point for the gss layer,
1321  * called "krb5_gss_initialize()" in MIT 1.2.1
1322  */
1323 /* SUNW15resync - this used to be in k5mech.c */
1324 gss_mechanism
1325 gss_mech_initialize(oid)
1326      const gss_OID oid;
1327 {
1328     /*
1329      * Solaris Kerberos: We also want to use the same functions for KRB5 as
1330      * we do for the MS KRB5 (krb5_mechanism_wrong).  So both are valid.
1331      */
1332     /* ensure that the requested oid matches our oid */
1333     if (oid == NULL || (!g_OID_equal(oid, &krb5_mechanism.mech_type) &&
1334 	!g_OID_equal(oid, &krb5_mechanism_wrong.mech_type))) {
1335       (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid");
1336       return (NULL);
1337     }
1338 
1339 #if 0 /* SUNW15resync - no longer needed(?) */
1340     if (krb5_gss_get_context(&(krb5_mechanism.context)) !=
1341 	GSS_S_COMPLETE)
1342       return (NULL);
1343 #endif
1344 
1345     return (&krb5_mechanism);
1346 }
1347 
1348 /*
1349  * This API should go away and be replaced with an accessor
1350  * into a gss_name_t.
1351  */
1352 OM_uint32 KRB5_CALLCONV
1353 gsskrb5_extract_authz_data_from_sec_context(
1354     OM_uint32 *minor_status,
1355     gss_ctx_id_t context_handle,
1356     int ad_type,
1357     gss_buffer_t ad_data)
1358 {
1359     gss_OID_desc req_oid;
1360     unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6];
1361     OM_uint32 major_status;
1362     gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1363 
1364     if (ad_data == NULL)
1365         return GSS_S_CALL_INACCESSIBLE_WRITE;
1366 
1367     req_oid.elements = oid_buf;
1368     req_oid.length = sizeof(oid_buf);
1369 
1370     major_status = generic_gss_oid_compose(minor_status,
1371                                            GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
1372                                            GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
1373                                            ad_type,
1374                                            &req_oid);
1375     if (GSS_ERROR(major_status))
1376         return major_status;
1377 
1378     major_status = gss_inquire_sec_context_by_oid(minor_status,
1379                                                   context_handle,
1380                                                   (gss_OID)&req_oid,
1381                                                   &data_set);
1382     if (major_status != GSS_S_COMPLETE) {
1383         return major_status;
1384     }
1385 
1386     /*
1387      * SUNW17PACresync / Solaris Kerberos
1388      * MIT17 allows only count==1 which is correct for pre-Win2008 but
1389      * our testing with Win2008 shows count==2 and Win7 count==3.
1390      */
1391     if ((data_set == GSS_C_NO_BUFFER_SET) || (data_set->count == 0)) {
1392 	    gss_release_buffer_set(minor_status, &data_set);
1393 	    *minor_status = EINVAL;
1394 	    return GSS_S_FAILURE;
1395     }
1396 
1397     ad_data->length = data_set->elements[0].length;
1398     ad_data->value = malloc(ad_data->length);
1399     if (!ad_data->value) {
1400 	    gss_release_buffer_set(minor_status, &data_set);
1401 	    return ENOMEM;
1402     }
1403     bcopy(data_set->elements[0].value, ad_data->value, ad_data->length);
1404 
1405     gss_release_buffer_set(minor_status, &data_set);
1406 
1407     return GSS_S_COMPLETE;
1408 }
1409 
1410 
1411 OM_uint32 KRB5_CALLCONV
1412 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
1413                                           gss_ctx_id_t context_handle,
1414                                           krb5_timestamp *authtime)
1415 {
1416     static const gss_OID_desc req_oid = {
1417         GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH,
1418         GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID };
1419     OM_uint32 major_status;
1420     gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1421 
1422     if (authtime == NULL)
1423         return GSS_S_CALL_INACCESSIBLE_WRITE;
1424 
1425     major_status = gss_inquire_sec_context_by_oid(minor_status,
1426                                                   context_handle,
1427                                                   (gss_OID)&req_oid,
1428                                                   &data_set);
1429     if (major_status != GSS_S_COMPLETE)
1430         return major_status;
1431 
1432     if (data_set == GSS_C_NO_BUFFER_SET ||
1433         data_set->count != 1 ||
1434         data_set->elements[0].length != sizeof(*authtime)) {
1435         *minor_status = EINVAL;
1436         return GSS_S_FAILURE;
1437     }
1438 
1439     *authtime = *((krb5_timestamp *)data_set->elements[0].value);
1440 
1441     gss_release_buffer_set(minor_status, &data_set);
1442 
1443     *minor_status = 0;
1444 
1445     return GSS_S_COMPLETE;
1446 }
1447