1ab9b2e15Sgtb /* 2*5e01956fSGlenn Barry * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 3ab9b2e15Sgtb */ 4ab9b2e15Sgtb /* 5ab9b2e15Sgtb * Copyright 1993 by OpenVision Technologies, Inc. 6ab9b2e15Sgtb * 7ab9b2e15Sgtb * Permission to use, copy, modify, distribute, and sell this software 8ab9b2e15Sgtb * and its documentation for any purpose is hereby granted without fee, 9ab9b2e15Sgtb * provided that the above copyright notice appears in all copies and 10ab9b2e15Sgtb * that both that copyright notice and this permission notice appear in 11ab9b2e15Sgtb * supporting documentation, and that the name of OpenVision not be used 12ab9b2e15Sgtb * in advertising or publicity pertaining to distribution of the software 13ab9b2e15Sgtb * without specific, written prior permission. OpenVision makes no 14ab9b2e15Sgtb * representations about the suitability of this software for any 15ab9b2e15Sgtb * purpose. It is provided "as is" without express or implied warranty. 16ab9b2e15Sgtb * 17ab9b2e15Sgtb * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 18ab9b2e15Sgtb * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 19ab9b2e15Sgtb * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 20ab9b2e15Sgtb * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 21ab9b2e15Sgtb * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 22ab9b2e15Sgtb * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 23ab9b2e15Sgtb * PERFORMANCE OF THIS SOFTWARE. 24ab9b2e15Sgtb */ 25ab9b2e15Sgtb 26ab9b2e15Sgtb /* 27159d09a2SMark Phalan * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $ 28ab9b2e15Sgtb */ 29ab9b2e15Sgtb 30ab9b2e15Sgtb #include "gssapiP_krb5.h" 31ab9b2e15Sgtb #include "mglueP.h" 32ab9b2e15Sgtb #include <syslog.h> 33ab9b2e15Sgtb 34ab9b2e15Sgtb /** mechglue wrappers **/ 35ab9b2e15Sgtb 36ab9b2e15Sgtb static OM_uint32 k5glue_acquire_cred 37ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 38ab9b2e15Sgtb gss_name_t, /* desired_name */ 39ab9b2e15Sgtb OM_uint32, /* time_req */ 40ab9b2e15Sgtb gss_OID_set, /* desired_mechs */ 41159d09a2SMark Phalan gss_cred_usage_t, /* cred_usage */ 42ab9b2e15Sgtb gss_cred_id_t*, /* output_cred_handle */ 43ab9b2e15Sgtb gss_OID_set*, /* actual_mechs */ 44ab9b2e15Sgtb OM_uint32* /* time_rec */ 45ab9b2e15Sgtb ); 46ab9b2e15Sgtb 47ab9b2e15Sgtb static OM_uint32 k5glue_release_cred 48ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 49ab9b2e15Sgtb gss_cred_id_t* /* cred_handle */ 50ab9b2e15Sgtb ); 51ab9b2e15Sgtb 52ab9b2e15Sgtb static OM_uint32 k5glue_init_sec_context 53ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 54ab9b2e15Sgtb gss_cred_id_t, /* claimant_cred_handle */ 55ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */ 56ab9b2e15Sgtb gss_name_t, /* target_name */ 57ab9b2e15Sgtb gss_OID, /* mech_type */ 58ab9b2e15Sgtb OM_uint32, /* req_flags */ 59ab9b2e15Sgtb OM_uint32, /* time_req */ 60ab9b2e15Sgtb gss_channel_bindings_t, 61ab9b2e15Sgtb /* input_chan_bindings */ 62ab9b2e15Sgtb gss_buffer_t, /* input_token */ 63ab9b2e15Sgtb gss_OID*, /* actual_mech_type */ 64ab9b2e15Sgtb gss_buffer_t, /* output_token */ 65ab9b2e15Sgtb OM_uint32*, /* ret_flags */ 66ab9b2e15Sgtb OM_uint32* /* time_rec */ 67ab9b2e15Sgtb ); 68ab9b2e15Sgtb 69ab9b2e15Sgtb static OM_uint32 k5glue_accept_sec_context 70ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 71ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */ 72ab9b2e15Sgtb gss_cred_id_t, /* verifier_cred_handle */ 73ab9b2e15Sgtb gss_buffer_t, /* input_token_buffer */ 74ab9b2e15Sgtb gss_channel_bindings_t, 75ab9b2e15Sgtb /* input_chan_bindings */ 76ab9b2e15Sgtb gss_name_t*, /* src_name */ 77ab9b2e15Sgtb gss_OID*, /* mech_type */ 78ab9b2e15Sgtb gss_buffer_t, /* output_token */ 79ab9b2e15Sgtb OM_uint32*, /* ret_flags */ 80ab9b2e15Sgtb OM_uint32*, /* time_rec */ 81ab9b2e15Sgtb gss_cred_id_t* /* delegated_cred_handle */ 82ab9b2e15Sgtb ); 83ab9b2e15Sgtb 84ab9b2e15Sgtb static OM_uint32 k5glue_process_context_token 85ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 86ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 87ab9b2e15Sgtb gss_buffer_t /* token_buffer */ 88ab9b2e15Sgtb ); 89ab9b2e15Sgtb 90ab9b2e15Sgtb static OM_uint32 k5glue_delete_sec_context 91ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 92ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */ 93ab9b2e15Sgtb gss_buffer_t /* output_token */ 94ab9b2e15Sgtb ); 95ab9b2e15Sgtb 96ab9b2e15Sgtb static OM_uint32 k5glue_context_time 97ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 98ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 99ab9b2e15Sgtb OM_uint32* /* time_rec */ 100ab9b2e15Sgtb ); 101ab9b2e15Sgtb 102ab9b2e15Sgtb static OM_uint32 k5glue_sign 103ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 104ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 105ab9b2e15Sgtb int, /* qop_req */ 106ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 107ab9b2e15Sgtb gss_buffer_t /* message_token */ 108ab9b2e15Sgtb ); 109ab9b2e15Sgtb 110ab9b2e15Sgtb static OM_uint32 k5glue_verify 111ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 112ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 113ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 114ab9b2e15Sgtb gss_buffer_t, /* token_buffer */ 115ab9b2e15Sgtb int* /* qop_state */ 116ab9b2e15Sgtb ); 117ab9b2e15Sgtb 118ab9b2e15Sgtb static OM_uint32 k5glue_seal 119ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 120ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 121ab9b2e15Sgtb int, /* conf_req_flag */ 122ab9b2e15Sgtb int, /* qop_req */ 123ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 124ab9b2e15Sgtb int*, /* conf_state */ 125ab9b2e15Sgtb gss_buffer_t /* output_message_buffer */ 126ab9b2e15Sgtb ); 127ab9b2e15Sgtb 128ab9b2e15Sgtb static OM_uint32 k5glue_unseal 129ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 130ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 131ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 132ab9b2e15Sgtb gss_buffer_t, /* output_message_buffer */ 133ab9b2e15Sgtb int*, /* conf_state */ 134ab9b2e15Sgtb int* /* qop_state */ 135ab9b2e15Sgtb ); 136ab9b2e15Sgtb 137ab9b2e15Sgtb static OM_uint32 k5glue_display_status 138ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 139ab9b2e15Sgtb OM_uint32, /* status_value */ 140ab9b2e15Sgtb int, /* status_type */ 141ab9b2e15Sgtb gss_OID, /* mech_type */ 142ab9b2e15Sgtb OM_uint32*, /* message_context */ 143ab9b2e15Sgtb gss_buffer_t /* status_string */ 144ab9b2e15Sgtb ); 145ab9b2e15Sgtb 146ab9b2e15Sgtb static OM_uint32 k5glue_indicate_mechs 147ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 148ab9b2e15Sgtb gss_OID_set* /* mech_set */ 149ab9b2e15Sgtb ); 150ab9b2e15Sgtb 151ab9b2e15Sgtb static OM_uint32 k5glue_compare_name 152ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 153ab9b2e15Sgtb gss_name_t, /* name1 */ 154ab9b2e15Sgtb gss_name_t, /* name2 */ 155ab9b2e15Sgtb int* /* name_equal */ 156ab9b2e15Sgtb ); 157ab9b2e15Sgtb 158ab9b2e15Sgtb static OM_uint32 k5glue_display_name 159ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 160ab9b2e15Sgtb gss_name_t, /* input_name */ 161ab9b2e15Sgtb gss_buffer_t, /* output_name_buffer */ 162ab9b2e15Sgtb gss_OID* /* output_name_type */ 163ab9b2e15Sgtb ); 164ab9b2e15Sgtb 165ab9b2e15Sgtb static OM_uint32 k5glue_import_name 166ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 167ab9b2e15Sgtb gss_buffer_t, /* input_name_buffer */ 168ab9b2e15Sgtb gss_OID, /* input_name_type */ 169ab9b2e15Sgtb gss_name_t* /* output_name */ 170ab9b2e15Sgtb ); 171ab9b2e15Sgtb 172ab9b2e15Sgtb static OM_uint32 k5glue_release_name 173ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 174ab9b2e15Sgtb gss_name_t* /* input_name */ 175ab9b2e15Sgtb ); 176ab9b2e15Sgtb 177ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred 178ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 179ab9b2e15Sgtb gss_cred_id_t, /* cred_handle */ 180ab9b2e15Sgtb gss_name_t *, /* name */ 181ab9b2e15Sgtb OM_uint32 *, /* lifetime */ 182ab9b2e15Sgtb gss_cred_usage_t*,/* cred_usage */ 183ab9b2e15Sgtb gss_OID_set * /* mechanisms */ 184ab9b2e15Sgtb ); 185ab9b2e15Sgtb 186ab9b2e15Sgtb static OM_uint32 k5glue_inquire_context 187ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 188ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 189ab9b2e15Sgtb gss_name_t*, /* initiator_name */ 190ab9b2e15Sgtb gss_name_t*, /* acceptor_name */ 191ab9b2e15Sgtb OM_uint32*, /* lifetime_rec */ 192ab9b2e15Sgtb gss_OID*, /* mech_type */ 193ab9b2e15Sgtb OM_uint32*, /* ret_flags */ 194ab9b2e15Sgtb int*, /* locally_initiated */ 195ab9b2e15Sgtb int* /* open */ 196ab9b2e15Sgtb ); 197ab9b2e15Sgtb 198ab9b2e15Sgtb #if 0 199ab9b2e15Sgtb /* New V2 entry points */ 200ab9b2e15Sgtb static OM_uint32 k5glue_get_mic 201ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 202ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 203ab9b2e15Sgtb gss_qop_t, /* qop_req */ 204ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 205ab9b2e15Sgtb gss_buffer_t /* message_token */ 206ab9b2e15Sgtb ); 207ab9b2e15Sgtb 208ab9b2e15Sgtb static OM_uint32 k5glue_verify_mic 209ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 210ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 211ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 212ab9b2e15Sgtb gss_buffer_t, /* message_token */ 213ab9b2e15Sgtb gss_qop_t * /* qop_state */ 214ab9b2e15Sgtb ); 215ab9b2e15Sgtb 216ab9b2e15Sgtb static OM_uint32 k5glue_wrap 217ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 218ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 219ab9b2e15Sgtb int, /* conf_req_flag */ 220ab9b2e15Sgtb gss_qop_t, /* qop_req */ 221ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 222ab9b2e15Sgtb int *, /* conf_state */ 223ab9b2e15Sgtb gss_buffer_t /* output_message_buffer */ 224ab9b2e15Sgtb ); 225ab9b2e15Sgtb 226ab9b2e15Sgtb static OM_uint32 k5glue_unwrap 227ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 228ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 229ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 230ab9b2e15Sgtb gss_buffer_t, /* output_message_buffer */ 231ab9b2e15Sgtb int *, /* conf_state */ 232ab9b2e15Sgtb gss_qop_t * /* qop_state */ 233ab9b2e15Sgtb ); 234ab9b2e15Sgtb #endif 235ab9b2e15Sgtb 236ab9b2e15Sgtb static OM_uint32 k5glue_wrap_size_limit 237ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 238ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 239ab9b2e15Sgtb int, /* conf_req_flag */ 240ab9b2e15Sgtb gss_qop_t, /* qop_req */ 241ab9b2e15Sgtb OM_uint32, /* req_output_size */ 242ab9b2e15Sgtb OM_uint32 * /* max_input_size */ 243ab9b2e15Sgtb ); 244ab9b2e15Sgtb 245ab9b2e15Sgtb #if 0 246ab9b2e15Sgtb static OM_uint32 k5glue_import_name_object 247ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 248ab9b2e15Sgtb void *, /* input_name */ 249ab9b2e15Sgtb gss_OID, /* input_name_type */ 250ab9b2e15Sgtb gss_name_t * /* output_name */ 251ab9b2e15Sgtb ); 252ab9b2e15Sgtb 253ab9b2e15Sgtb static OM_uint32 k5glue_export_name_object 254ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 255ab9b2e15Sgtb gss_name_t, /* input_name */ 256ab9b2e15Sgtb gss_OID, /* desired_name_type */ 257ab9b2e15Sgtb void * * /* output_name */ 258ab9b2e15Sgtb ); 259ab9b2e15Sgtb #endif 260ab9b2e15Sgtb 261ab9b2e15Sgtb static OM_uint32 k5glue_add_cred 262ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 263ab9b2e15Sgtb gss_cred_id_t, /* input_cred_handle */ 264ab9b2e15Sgtb gss_name_t, /* desired_name */ 265ab9b2e15Sgtb gss_OID, /* desired_mech */ 266ab9b2e15Sgtb gss_cred_usage_t, /* cred_usage */ 267ab9b2e15Sgtb OM_uint32, /* initiator_time_req */ 268ab9b2e15Sgtb OM_uint32, /* acceptor_time_req */ 269ab9b2e15Sgtb gss_cred_id_t *, /* output_cred_handle */ 270ab9b2e15Sgtb gss_OID_set *, /* actual_mechs */ 271ab9b2e15Sgtb OM_uint32 *, /* initiator_time_rec */ 272ab9b2e15Sgtb OM_uint32 * /* acceptor_time_rec */ 273ab9b2e15Sgtb ); 274ab9b2e15Sgtb 275ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred_by_mech 276ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 277ab9b2e15Sgtb gss_cred_id_t, /* cred_handle */ 278ab9b2e15Sgtb gss_OID, /* mech_type */ 279ab9b2e15Sgtb gss_name_t *, /* name */ 280ab9b2e15Sgtb OM_uint32 *, /* initiator_lifetime */ 281ab9b2e15Sgtb OM_uint32 *, /* acceptor_lifetime */ 282ab9b2e15Sgtb gss_cred_usage_t * /* cred_usage */ 283ab9b2e15Sgtb ); 284ab9b2e15Sgtb 285ab9b2e15Sgtb static OM_uint32 k5glue_export_sec_context 286ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 287ab9b2e15Sgtb gss_ctx_id_t *, /* context_handle */ 288ab9b2e15Sgtb gss_buffer_t /* interprocess_token */ 289ab9b2e15Sgtb ); 290ab9b2e15Sgtb 291ab9b2e15Sgtb static OM_uint32 k5glue_import_sec_context 292ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 293ab9b2e15Sgtb gss_buffer_t, /* interprocess_token */ 294ab9b2e15Sgtb gss_ctx_id_t * /* context_handle */ 295ab9b2e15Sgtb ); 296ab9b2e15Sgtb 297ab9b2e15Sgtb krb5_error_code k5glue_ser_init(krb5_context); 298ab9b2e15Sgtb 299ab9b2e15Sgtb static OM_uint32 k5glue_internal_release_oid 300ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 301ab9b2e15Sgtb gss_OID * /* oid */ 302ab9b2e15Sgtb ); 303ab9b2e15Sgtb 304ab9b2e15Sgtb static OM_uint32 k5glue_inquire_names_for_mech 305ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 306ab9b2e15Sgtb gss_OID, /* mechanism */ 307ab9b2e15Sgtb gss_OID_set * /* name_types */ 308ab9b2e15Sgtb ); 309ab9b2e15Sgtb 310ab9b2e15Sgtb #if 0 311ab9b2e15Sgtb static OM_uint32 k5glue_canonicalize_name 312ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 313ab9b2e15Sgtb const gss_name_t, /* input_name */ 314ab9b2e15Sgtb const gss_OID, /* mech_type */ 315ab9b2e15Sgtb gss_name_t * /* output_name */ 316ab9b2e15Sgtb ); 317ab9b2e15Sgtb #endif 318ab9b2e15Sgtb 319ab9b2e15Sgtb static OM_uint32 k5glue_export_name 320ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 321ab9b2e15Sgtb const gss_name_t, /* input_name */ 322ab9b2e15Sgtb gss_buffer_t /* exported_name */ 323ab9b2e15Sgtb ); 324ab9b2e15Sgtb 325ab9b2e15Sgtb /* SUNW15resync - Solaris specific */ 326ab9b2e15Sgtb static OM_uint32 k5glue_store_cred ( 327ab9b2e15Sgtb void *, 328ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 329ab9b2e15Sgtb const gss_cred_id_t, /* input_cred */ 330ab9b2e15Sgtb gss_cred_usage_t, /* cred_usage */ 331ab9b2e15Sgtb const gss_OID, /* desired_mech */ 332ab9b2e15Sgtb OM_uint32, /* overwrite_cred */ 333ab9b2e15Sgtb OM_uint32, /* default_cred */ 334ab9b2e15Sgtb gss_OID_set *, /* elements_stored */ 335ab9b2e15Sgtb gss_cred_usage_t * /* cred_usage_stored */ 336ab9b2e15Sgtb ); 337ab9b2e15Sgtb 338ba7b222eSGlenn Barry /* SUNW17PACresync - this decl not needed in MIT but is for Sol */ 339ba7b222eSGlenn Barry /* Note code is in gsspi_krb5.c */ 340ba7b222eSGlenn Barry OM_uint32 krb5_gss_inquire_sec_context_by_oid( 341ba7b222eSGlenn Barry OM_uint32 *, 342ba7b222eSGlenn Barry const gss_ctx_id_t, 343ba7b222eSGlenn Barry const gss_OID, 344ba7b222eSGlenn Barry gss_buffer_set_t *); 345ba7b222eSGlenn Barry 346ab9b2e15Sgtb static OM_uint32 347ab9b2e15Sgtb k5glue_userok( 348ab9b2e15Sgtb void *, /* context */ 349ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 350ab9b2e15Sgtb const gss_name_t, /* pname */ 351ab9b2e15Sgtb const char *, /* local user */ 352ab9b2e15Sgtb int * /* user ok? */ 353ab9b2e15Sgtb /* */); 354ab9b2e15Sgtb 355ab9b2e15Sgtb static OM_uint32 356ab9b2e15Sgtb k5glue_pname_to_uid( 357ab9b2e15Sgtb void *, /* context */ 358ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 359ab9b2e15Sgtb const gss_name_t, /* pname */ 360ab9b2e15Sgtb uid_t * /* uid */ 361ab9b2e15Sgtb /* */); 362ab9b2e15Sgtb 363ab9b2e15Sgtb 364ab9b2e15Sgtb 365ab9b2e15Sgtb 366ab9b2e15Sgtb #if 0 367ab9b2e15Sgtb static OM_uint32 k5glue_duplicate_name 368ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 369ab9b2e15Sgtb const gss_name_t, /* input_name */ 370ab9b2e15Sgtb gss_name_t * /* dest_name */ 371ab9b2e15Sgtb ); 372ab9b2e15Sgtb #endif 373ab9b2e15Sgtb 374ab9b2e15Sgtb #if 0 375ab9b2e15Sgtb static OM_uint32 k5glue_validate_cred 376ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 377ab9b2e15Sgtb gss_cred_id_t /* cred */ 378ab9b2e15Sgtb ); 379ab9b2e15Sgtb #endif 380ab9b2e15Sgtb 381ab9b2e15Sgtb #if 0 382ab9b2e15Sgtb /* 383ab9b2e15Sgtb * SUNW15resync 384ab9b2e15Sgtb * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src 385ab9b2e15Sgtb * slicing&dicing needs of the "nightly -SD" build. When it goes away, 386ab9b2e15Sgtb * we should use it assuming MIT still uses it then. 387ab9b2e15Sgtb */ 388ab9b2e15Sgtb 389ab9b2e15Sgtb /* 390ab9b2e15Sgtb * The krb5 mechanism provides two mech OIDs; use this initializer to 391ab9b2e15Sgtb * ensure that both dispatch tables contain identical function 392ab9b2e15Sgtb * pointers. 393ab9b2e15Sgtb */ 394ab9b2e15Sgtb #define KRB5_GSS_CONFIG_INIT \ 395ab9b2e15Sgtb NULL, \ 396ab9b2e15Sgtb ... 397ab9b2e15Sgtb #endif 398ab9b2e15Sgtb 399ab9b2e15Sgtb 400ab9b2e15Sgtb static struct gss_config krb5_mechanism = { 401ab9b2e15Sgtb #if 0 /* Solaris Kerberos */ 402ab9b2e15Sgtb 100, "kerberos_v5", 403ab9b2e15Sgtb #endif 404ab9b2e15Sgtb { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, 405ab9b2e15Sgtb NULL, 406ab9b2e15Sgtb k5glue_acquire_cred, 407ab9b2e15Sgtb k5glue_release_cred, 408ab9b2e15Sgtb k5glue_init_sec_context, 409ab9b2e15Sgtb k5glue_accept_sec_context, 410ab9b2e15Sgtb k5glue_unseal, 411ab9b2e15Sgtb k5glue_process_context_token, 412ab9b2e15Sgtb k5glue_delete_sec_context, 413ab9b2e15Sgtb k5glue_context_time, 414ab9b2e15Sgtb k5glue_display_status, 415ab9b2e15Sgtb k5glue_indicate_mechs, 416ab9b2e15Sgtb k5glue_compare_name, 417ab9b2e15Sgtb k5glue_display_name, 418ab9b2e15Sgtb k5glue_import_name, 419ab9b2e15Sgtb k5glue_release_name, 420ab9b2e15Sgtb k5glue_inquire_cred, 421ab9b2e15Sgtb k5glue_add_cred, 422ab9b2e15Sgtb k5glue_seal, 423ab9b2e15Sgtb k5glue_export_sec_context, 424ab9b2e15Sgtb k5glue_import_sec_context, 425ab9b2e15Sgtb k5glue_inquire_cred_by_mech, 426ab9b2e15Sgtb k5glue_inquire_names_for_mech, 427ab9b2e15Sgtb k5glue_inquire_context, 428ab9b2e15Sgtb k5glue_internal_release_oid, 429ab9b2e15Sgtb k5glue_wrap_size_limit, 430ab9b2e15Sgtb k5glue_pname_to_uid, 431ab9b2e15Sgtb k5glue_userok, 432ab9b2e15Sgtb k5glue_export_name, 433ab9b2e15Sgtb k5glue_sign, 434ab9b2e15Sgtb k5glue_verify, 435ba7b222eSGlenn Barry k5glue_store_cred, 436ba7b222eSGlenn Barry krb5_gss_inquire_sec_context_by_oid 437ab9b2e15Sgtb }; 438ab9b2e15Sgtb 439ab9b2e15Sgtb static struct gss_config krb5_mechanism_old = { 440ab9b2e15Sgtb #if 0 /* Solaris Kerberos */ 441ab9b2e15Sgtb 200, "kerberos_v5 (pre-RFC OID)", 442ab9b2e15Sgtb #endif 443ab9b2e15Sgtb { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID }, 444ab9b2e15Sgtb NULL, 445ab9b2e15Sgtb k5glue_acquire_cred, 446ab9b2e15Sgtb k5glue_release_cred, 447ab9b2e15Sgtb k5glue_init_sec_context, 448ab9b2e15Sgtb k5glue_accept_sec_context, 449ab9b2e15Sgtb k5glue_unseal, 450ab9b2e15Sgtb k5glue_process_context_token, 451ab9b2e15Sgtb k5glue_delete_sec_context, 452ab9b2e15Sgtb k5glue_context_time, 453ab9b2e15Sgtb k5glue_display_status, 454ab9b2e15Sgtb k5glue_indicate_mechs, 455ab9b2e15Sgtb k5glue_compare_name, 456ab9b2e15Sgtb k5glue_display_name, 457ab9b2e15Sgtb k5glue_import_name, 458ab9b2e15Sgtb k5glue_release_name, 459ab9b2e15Sgtb k5glue_inquire_cred, 460ab9b2e15Sgtb k5glue_add_cred, 461ab9b2e15Sgtb k5glue_seal, 462ab9b2e15Sgtb k5glue_export_sec_context, 463ab9b2e15Sgtb k5glue_import_sec_context, 464ab9b2e15Sgtb k5glue_inquire_cred_by_mech, 465ab9b2e15Sgtb k5glue_inquire_names_for_mech, 466ab9b2e15Sgtb k5glue_inquire_context, 467ab9b2e15Sgtb k5glue_internal_release_oid, 468ab9b2e15Sgtb k5glue_wrap_size_limit, 469ab9b2e15Sgtb k5glue_pname_to_uid, 470ab9b2e15Sgtb k5glue_userok, 471ab9b2e15Sgtb k5glue_export_name, 472ab9b2e15Sgtb k5glue_sign, 473ab9b2e15Sgtb k5glue_verify, 474ba7b222eSGlenn Barry k5glue_store_cred, 475ba7b222eSGlenn Barry krb5_gss_inquire_sec_context_by_oid 476ab9b2e15Sgtb }; 477ab9b2e15Sgtb 478ab9b2e15Sgtb static struct gss_config krb5_mechanism_wrong = { 479ab9b2e15Sgtb #if 0 /* Solaris Kerberos */ 480ab9b2e15Sgtb 300, "kerberos_v5 (wrong OID)", 481ab9b2e15Sgtb #endif 482ab9b2e15Sgtb { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID }, 483ab9b2e15Sgtb NULL, 484ab9b2e15Sgtb k5glue_acquire_cred, 485ab9b2e15Sgtb k5glue_release_cred, 486ab9b2e15Sgtb k5glue_init_sec_context, 487ab9b2e15Sgtb k5glue_accept_sec_context, 488ab9b2e15Sgtb k5glue_unseal, 489ab9b2e15Sgtb k5glue_process_context_token, 490ab9b2e15Sgtb k5glue_delete_sec_context, 491ab9b2e15Sgtb k5glue_context_time, 492ab9b2e15Sgtb k5glue_display_status, 493ab9b2e15Sgtb k5glue_indicate_mechs, 494ab9b2e15Sgtb k5glue_compare_name, 495ab9b2e15Sgtb k5glue_display_name, 496ab9b2e15Sgtb k5glue_import_name, 497ab9b2e15Sgtb k5glue_release_name, 498ab9b2e15Sgtb k5glue_inquire_cred, 499ab9b2e15Sgtb k5glue_add_cred, 500ab9b2e15Sgtb k5glue_seal, 501ab9b2e15Sgtb k5glue_export_sec_context, 502ab9b2e15Sgtb k5glue_import_sec_context, 503ab9b2e15Sgtb k5glue_inquire_cred_by_mech, 504ab9b2e15Sgtb k5glue_inquire_names_for_mech, 505ab9b2e15Sgtb k5glue_inquire_context, 506ab9b2e15Sgtb k5glue_internal_release_oid, 507ab9b2e15Sgtb k5glue_wrap_size_limit, 508ab9b2e15Sgtb k5glue_pname_to_uid, 509ab9b2e15Sgtb k5glue_userok, 510ab9b2e15Sgtb k5glue_export_name, 511ab9b2e15Sgtb k5glue_sign, 512ab9b2e15Sgtb k5glue_verify, 513ba7b222eSGlenn Barry k5glue_store_cred, 514ba7b222eSGlenn Barry krb5_gss_inquire_sec_context_by_oid 515ab9b2e15Sgtb }; 516ab9b2e15Sgtb 517ab9b2e15Sgtb static gss_mechanism krb5_mech_configs[] = { 518ab9b2e15Sgtb &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL 519ab9b2e15Sgtb }; 520ab9b2e15Sgtb 521ab9b2e15Sgtb #ifdef MS_BUG_TEST 522ab9b2e15Sgtb static gss_mechanism krb5_mech_configs_hack[] = { 523ab9b2e15Sgtb &krb5_mechanism, &krb5_mechanism_old, NULL 524ab9b2e15Sgtb }; 525ab9b2e15Sgtb #endif 526ab9b2e15Sgtb 527ab9b2e15Sgtb #if 1 528ab9b2e15Sgtb #define gssint_get_mech_configs krb5_gss_get_mech_configs 529ab9b2e15Sgtb #endif 530ab9b2e15Sgtb 531ab9b2e15Sgtb gss_mechanism * 532ab9b2e15Sgtb gssint_get_mech_configs(void) 533ab9b2e15Sgtb { 534ab9b2e15Sgtb #ifdef MS_BUG_TEST 535ab9b2e15Sgtb char *envstr = getenv("MS_FORCE_NO_MSOID"); 536ab9b2e15Sgtb 537ab9b2e15Sgtb if (envstr != NULL && strcmp(envstr, "1") == 0) { 538ab9b2e15Sgtb return krb5_mech_configs_hack; 539ab9b2e15Sgtb } 540ab9b2e15Sgtb #endif 541ab9b2e15Sgtb return krb5_mech_configs; 542ab9b2e15Sgtb } 543ab9b2e15Sgtb 544ab9b2e15Sgtb static OM_uint32 545ab9b2e15Sgtb k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle, 546ab9b2e15Sgtb input_token, input_chan_bindings, src_name, mech_type, 547ab9b2e15Sgtb output_token, ret_flags, time_rec, delegated_cred_handle) 548ab9b2e15Sgtb void *ctx; 549ab9b2e15Sgtb OM_uint32 *minor_status; 550ab9b2e15Sgtb gss_ctx_id_t *context_handle; 551ab9b2e15Sgtb gss_cred_id_t verifier_cred_handle; 552ab9b2e15Sgtb gss_buffer_t input_token; 553ab9b2e15Sgtb gss_channel_bindings_t input_chan_bindings; 554ab9b2e15Sgtb gss_name_t *src_name; 555ab9b2e15Sgtb gss_OID *mech_type; 556ab9b2e15Sgtb gss_buffer_t output_token; 557ab9b2e15Sgtb OM_uint32 *ret_flags; 558ab9b2e15Sgtb OM_uint32 *time_rec; 559ab9b2e15Sgtb gss_cred_id_t *delegated_cred_handle; 560ab9b2e15Sgtb { 561ab9b2e15Sgtb return(krb5_gss_accept_sec_context(minor_status, 562ab9b2e15Sgtb context_handle, 563ab9b2e15Sgtb verifier_cred_handle, 564ab9b2e15Sgtb input_token, 565ab9b2e15Sgtb input_chan_bindings, 566ab9b2e15Sgtb src_name, 567ab9b2e15Sgtb mech_type, 568ab9b2e15Sgtb output_token, 569ab9b2e15Sgtb ret_flags, 570ab9b2e15Sgtb time_rec, 571ab9b2e15Sgtb delegated_cred_handle)); 572ab9b2e15Sgtb } 573ab9b2e15Sgtb 574ab9b2e15Sgtb static OM_uint32 575ab9b2e15Sgtb k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs, 576ab9b2e15Sgtb cred_usage, output_cred_handle, actual_mechs, time_rec) 577ab9b2e15Sgtb void *ctx; 578ab9b2e15Sgtb OM_uint32 *minor_status; 579ab9b2e15Sgtb gss_name_t desired_name; 580ab9b2e15Sgtb OM_uint32 time_req; 581ab9b2e15Sgtb gss_OID_set desired_mechs; 582159d09a2SMark Phalan gss_cred_usage_t cred_usage; 583ab9b2e15Sgtb gss_cred_id_t *output_cred_handle; 584ab9b2e15Sgtb gss_OID_set *actual_mechs; 585ab9b2e15Sgtb OM_uint32 *time_rec; 586ab9b2e15Sgtb { 587ab9b2e15Sgtb return(krb5_gss_acquire_cred(minor_status, 588ab9b2e15Sgtb desired_name, 589ab9b2e15Sgtb time_req, 590ab9b2e15Sgtb desired_mechs, 591ab9b2e15Sgtb cred_usage, 592ab9b2e15Sgtb output_cred_handle, 593ab9b2e15Sgtb actual_mechs, 594ab9b2e15Sgtb time_rec)); 595ab9b2e15Sgtb } 596ab9b2e15Sgtb 597ab9b2e15Sgtb /* V2 */ 598ab9b2e15Sgtb static OM_uint32 599ab9b2e15Sgtb k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech, 600ab9b2e15Sgtb cred_usage, initiator_time_req, acceptor_time_req, 601ab9b2e15Sgtb output_cred_handle, actual_mechs, initiator_time_rec, 602ab9b2e15Sgtb acceptor_time_rec) 603ab9b2e15Sgtb void *ctx; 604ab9b2e15Sgtb OM_uint32 *minor_status; 605ab9b2e15Sgtb gss_cred_id_t input_cred_handle; 606ab9b2e15Sgtb gss_name_t desired_name; 607ab9b2e15Sgtb gss_OID desired_mech; 608ab9b2e15Sgtb gss_cred_usage_t cred_usage; 609ab9b2e15Sgtb OM_uint32 initiator_time_req; 610ab9b2e15Sgtb OM_uint32 acceptor_time_req; 611ab9b2e15Sgtb gss_cred_id_t *output_cred_handle; 612ab9b2e15Sgtb gss_OID_set *actual_mechs; 613ab9b2e15Sgtb OM_uint32 *initiator_time_rec; 614ab9b2e15Sgtb OM_uint32 *acceptor_time_rec; 615ab9b2e15Sgtb { 616ab9b2e15Sgtb return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name, 617ab9b2e15Sgtb desired_mech, cred_usage, initiator_time_req, 618ab9b2e15Sgtb acceptor_time_req, output_cred_handle, 619ab9b2e15Sgtb actual_mechs, initiator_time_rec, 620ab9b2e15Sgtb acceptor_time_rec)); 621ab9b2e15Sgtb } 622ab9b2e15Sgtb 623ab9b2e15Sgtb #if 0 624ab9b2e15Sgtb /* V2 */ 625ab9b2e15Sgtb static OM_uint32 626ab9b2e15Sgtb k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set) 627ab9b2e15Sgtb void *ctx; 628ab9b2e15Sgtb OM_uint32 *minor_status; 629ab9b2e15Sgtb gss_OID member_oid; 630ab9b2e15Sgtb gss_OID_set *oid_set; 631ab9b2e15Sgtb { 632ab9b2e15Sgtb return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set)); 633ab9b2e15Sgtb } 634ab9b2e15Sgtb #endif 635ab9b2e15Sgtb 636ab9b2e15Sgtb static OM_uint32 637ab9b2e15Sgtb k5glue_compare_name(ctx, minor_status, name1, name2, name_equal) 638ab9b2e15Sgtb void *ctx; 639ab9b2e15Sgtb OM_uint32 *minor_status; 640ab9b2e15Sgtb gss_name_t name1; 641ab9b2e15Sgtb gss_name_t name2; 642ab9b2e15Sgtb int *name_equal; 643ab9b2e15Sgtb { 644ab9b2e15Sgtb return(krb5_gss_compare_name(minor_status, name1, 645ab9b2e15Sgtb name2, name_equal)); 646ab9b2e15Sgtb } 647ab9b2e15Sgtb 648ab9b2e15Sgtb static OM_uint32 649ab9b2e15Sgtb k5glue_context_time(ctx, minor_status, context_handle, time_rec) 650ab9b2e15Sgtb void *ctx; 651ab9b2e15Sgtb OM_uint32 *minor_status; 652ab9b2e15Sgtb gss_ctx_id_t context_handle; 653ab9b2e15Sgtb OM_uint32 *time_rec; 654ab9b2e15Sgtb { 655ab9b2e15Sgtb return(krb5_gss_context_time(minor_status, context_handle, 656ab9b2e15Sgtb time_rec)); 657ab9b2e15Sgtb } 658ab9b2e15Sgtb 659ab9b2e15Sgtb #if 0 660ab9b2e15Sgtb /* V2 */ 661ab9b2e15Sgtb static OM_uint32 662ab9b2e15Sgtb k5glue_create_empty_oid_set(ctx, minor_status, oid_set) 663ab9b2e15Sgtb void *ctx; 664ab9b2e15Sgtb OM_uint32 *minor_status; 665ab9b2e15Sgtb gss_OID_set *oid_set; 666ab9b2e15Sgtb { 667ab9b2e15Sgtb return(generic_gss_create_empty_oid_set(minor_status, oid_set)); 668ab9b2e15Sgtb } 669ab9b2e15Sgtb #endif 670ab9b2e15Sgtb 671ab9b2e15Sgtb static OM_uint32 672ab9b2e15Sgtb k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token) 673ab9b2e15Sgtb void *ctx; 674ab9b2e15Sgtb OM_uint32 *minor_status; 675ab9b2e15Sgtb gss_ctx_id_t *context_handle; 676ab9b2e15Sgtb gss_buffer_t output_token; 677ab9b2e15Sgtb { 678ab9b2e15Sgtb return(krb5_gss_delete_sec_context(minor_status, 679ab9b2e15Sgtb context_handle, output_token)); 680ab9b2e15Sgtb } 681ab9b2e15Sgtb 682ab9b2e15Sgtb static OM_uint32 683ab9b2e15Sgtb k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type) 684ab9b2e15Sgtb void *ctx; 685ab9b2e15Sgtb OM_uint32 *minor_status; 686ab9b2e15Sgtb gss_name_t input_name; 687ab9b2e15Sgtb gss_buffer_t output_name_buffer; 688ab9b2e15Sgtb gss_OID *output_name_type; 689ab9b2e15Sgtb { 690ab9b2e15Sgtb return(krb5_gss_display_name(minor_status, input_name, 691ab9b2e15Sgtb output_name_buffer, output_name_type)); 692ab9b2e15Sgtb } 693ab9b2e15Sgtb 694ab9b2e15Sgtb static OM_uint32 695ab9b2e15Sgtb k5glue_display_status(ctx, minor_status, status_value, status_type, 696ab9b2e15Sgtb mech_type, message_context, status_string) 697ab9b2e15Sgtb void *ctx; 698ab9b2e15Sgtb OM_uint32 *minor_status; 699ab9b2e15Sgtb OM_uint32 status_value; 700ab9b2e15Sgtb int status_type; 701ab9b2e15Sgtb gss_OID mech_type; 702ab9b2e15Sgtb OM_uint32 *message_context; 703ab9b2e15Sgtb gss_buffer_t status_string; 704ab9b2e15Sgtb { 705ab9b2e15Sgtb return(krb5_gss_display_status(minor_status, status_value, 706ab9b2e15Sgtb status_type, mech_type, message_context, 707ab9b2e15Sgtb status_string)); 708ab9b2e15Sgtb } 709ab9b2e15Sgtb 710ab9b2e15Sgtb /* V2 */ 711ab9b2e15Sgtb static OM_uint32 712ab9b2e15Sgtb k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token) 713ab9b2e15Sgtb void *ctx; 714ab9b2e15Sgtb OM_uint32 *minor_status; 715ab9b2e15Sgtb gss_ctx_id_t *context_handle; 716ab9b2e15Sgtb gss_buffer_t interprocess_token; 717ab9b2e15Sgtb { 718ab9b2e15Sgtb return(krb5_gss_export_sec_context(minor_status, 719ab9b2e15Sgtb context_handle, 720ab9b2e15Sgtb interprocess_token)); 721ab9b2e15Sgtb } 722ab9b2e15Sgtb 723ab9b2e15Sgtb #if 0 724ab9b2e15Sgtb /* V2 */ 725ab9b2e15Sgtb static OM_uint32 726ab9b2e15Sgtb k5glue_get_mic(ctx, minor_status, context_handle, qop_req, 727ab9b2e15Sgtb message_buffer, message_token) 728ab9b2e15Sgtb void *ctx; 729ab9b2e15Sgtb OM_uint32 *minor_status; 730ab9b2e15Sgtb gss_ctx_id_t context_handle; 731ab9b2e15Sgtb gss_qop_t qop_req; 732ab9b2e15Sgtb gss_buffer_t message_buffer; 733ab9b2e15Sgtb gss_buffer_t message_token; 734ab9b2e15Sgtb { 735ab9b2e15Sgtb return(krb5_gss_get_mic(minor_status, context_handle, 736ab9b2e15Sgtb qop_req, message_buffer, message_token)); 737ab9b2e15Sgtb } 738ab9b2e15Sgtb #endif 739ab9b2e15Sgtb 740ab9b2e15Sgtb static OM_uint32 741ab9b2e15Sgtb k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name) 742ab9b2e15Sgtb void *ctx; 743ab9b2e15Sgtb OM_uint32 *minor_status; 744ab9b2e15Sgtb gss_buffer_t input_name_buffer; 745ab9b2e15Sgtb gss_OID input_name_type; 746ab9b2e15Sgtb gss_name_t *output_name; 747ab9b2e15Sgtb { 748ab9b2e15Sgtb #if 0 749ab9b2e15Sgtb OM_uint32 err; 750ab9b2e15Sgtb err = gssint_initialize_library(); 751ab9b2e15Sgtb if (err) { 752ab9b2e15Sgtb *minor_status = err; 753ab9b2e15Sgtb return GSS_S_FAILURE; 754ab9b2e15Sgtb } 755ab9b2e15Sgtb #endif 756ab9b2e15Sgtb return(krb5_gss_import_name(minor_status, input_name_buffer, 757ab9b2e15Sgtb input_name_type, output_name)); 758ab9b2e15Sgtb } 759ab9b2e15Sgtb 760ab9b2e15Sgtb /* V2 */ 761ab9b2e15Sgtb static OM_uint32 762ab9b2e15Sgtb k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) 763ab9b2e15Sgtb void *ctx; 764ab9b2e15Sgtb OM_uint32 *minor_status; 765ab9b2e15Sgtb gss_buffer_t interprocess_token; 766ab9b2e15Sgtb gss_ctx_id_t *context_handle; 767ab9b2e15Sgtb { 768ab9b2e15Sgtb return(krb5_gss_import_sec_context(minor_status, 769ab9b2e15Sgtb interprocess_token, 770ab9b2e15Sgtb context_handle)); 771ab9b2e15Sgtb } 772ab9b2e15Sgtb 773ab9b2e15Sgtb static OM_uint32 774ab9b2e15Sgtb k5glue_indicate_mechs(ctx, minor_status, mech_set) 775ab9b2e15Sgtb void *ctx; 776ab9b2e15Sgtb OM_uint32 *minor_status; 777ab9b2e15Sgtb gss_OID_set *mech_set; 778ab9b2e15Sgtb { 779ab9b2e15Sgtb return(krb5_gss_indicate_mechs(minor_status, mech_set)); 780ab9b2e15Sgtb } 781ab9b2e15Sgtb 782ab9b2e15Sgtb static OM_uint32 783ab9b2e15Sgtb k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle, 784ab9b2e15Sgtb target_name, mech_type, req_flags, time_req, 785ab9b2e15Sgtb input_chan_bindings, input_token, actual_mech_type, 786ab9b2e15Sgtb output_token, ret_flags, time_rec) 787ab9b2e15Sgtb void *ctx; 788ab9b2e15Sgtb OM_uint32 *minor_status; 789ab9b2e15Sgtb gss_cred_id_t claimant_cred_handle; 790ab9b2e15Sgtb gss_ctx_id_t *context_handle; 791ab9b2e15Sgtb gss_name_t target_name; 792ab9b2e15Sgtb gss_OID mech_type; 793ab9b2e15Sgtb OM_uint32 req_flags; 794ab9b2e15Sgtb OM_uint32 time_req; 795ab9b2e15Sgtb gss_channel_bindings_t input_chan_bindings; 796ab9b2e15Sgtb gss_buffer_t input_token; 797ab9b2e15Sgtb gss_OID *actual_mech_type; 798ab9b2e15Sgtb gss_buffer_t output_token; 799ab9b2e15Sgtb OM_uint32 *ret_flags; 800ab9b2e15Sgtb OM_uint32 *time_rec; 801ab9b2e15Sgtb { 802ab9b2e15Sgtb return(krb5_gss_init_sec_context(minor_status, 803ab9b2e15Sgtb claimant_cred_handle, context_handle, 804ab9b2e15Sgtb target_name, mech_type, req_flags, 805ab9b2e15Sgtb time_req, input_chan_bindings, input_token, 806ab9b2e15Sgtb actual_mech_type, output_token, ret_flags, 807ab9b2e15Sgtb time_rec)); 808ab9b2e15Sgtb } 809ab9b2e15Sgtb 810ab9b2e15Sgtb static OM_uint32 811ab9b2e15Sgtb k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name, 812ab9b2e15Sgtb lifetime_rec, mech_type, ret_flags, 813ab9b2e15Sgtb locally_initiated, open) 814ab9b2e15Sgtb void *ctx; 815ab9b2e15Sgtb OM_uint32 *minor_status; 816ab9b2e15Sgtb gss_ctx_id_t context_handle; 817ab9b2e15Sgtb gss_name_t *initiator_name; 818ab9b2e15Sgtb gss_name_t *acceptor_name; 819ab9b2e15Sgtb OM_uint32 *lifetime_rec; 820ab9b2e15Sgtb gss_OID *mech_type; 821ab9b2e15Sgtb OM_uint32 *ret_flags; 822ab9b2e15Sgtb int *locally_initiated; 823ab9b2e15Sgtb int *open; 824ab9b2e15Sgtb { 825ab9b2e15Sgtb return(krb5_gss_inquire_context(minor_status, context_handle, 826ab9b2e15Sgtb initiator_name, acceptor_name, lifetime_rec, 827ab9b2e15Sgtb mech_type, ret_flags, locally_initiated, 828ab9b2e15Sgtb open)); 829ab9b2e15Sgtb } 830ab9b2e15Sgtb 831ab9b2e15Sgtb static OM_uint32 832ab9b2e15Sgtb k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret, 833ab9b2e15Sgtb cred_usage, mechanisms) 834ab9b2e15Sgtb void *ctx; 835ab9b2e15Sgtb OM_uint32 *minor_status; 836ab9b2e15Sgtb gss_cred_id_t cred_handle; 837ab9b2e15Sgtb gss_name_t *name; 838ab9b2e15Sgtb OM_uint32 *lifetime_ret; 839ab9b2e15Sgtb gss_cred_usage_t *cred_usage; 840ab9b2e15Sgtb gss_OID_set *mechanisms; 841ab9b2e15Sgtb { 842ab9b2e15Sgtb return(krb5_gss_inquire_cred(minor_status, cred_handle, 843ab9b2e15Sgtb name, lifetime_ret, cred_usage, mechanisms)); 844ab9b2e15Sgtb } 845ab9b2e15Sgtb 846ab9b2e15Sgtb /* V2 */ 847ab9b2e15Sgtb static OM_uint32 848ab9b2e15Sgtb k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name, 849ab9b2e15Sgtb initiator_lifetime, acceptor_lifetime, cred_usage) 850ab9b2e15Sgtb void *ctx; 851ab9b2e15Sgtb OM_uint32 *minor_status; 852ab9b2e15Sgtb gss_cred_id_t cred_handle; 853ab9b2e15Sgtb gss_OID mech_type; 854ab9b2e15Sgtb gss_name_t *name; 855ab9b2e15Sgtb OM_uint32 *initiator_lifetime; 856ab9b2e15Sgtb OM_uint32 *acceptor_lifetime; 857ab9b2e15Sgtb gss_cred_usage_t *cred_usage; 858ab9b2e15Sgtb { 859ab9b2e15Sgtb return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle, 860ab9b2e15Sgtb mech_type, name, initiator_lifetime, 861ab9b2e15Sgtb acceptor_lifetime, cred_usage)); 862ab9b2e15Sgtb } 863ab9b2e15Sgtb 864ab9b2e15Sgtb /* V2 */ 865ab9b2e15Sgtb static OM_uint32 866ab9b2e15Sgtb k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types) 867ab9b2e15Sgtb void *ctx; 868ab9b2e15Sgtb OM_uint32 *minor_status; 869ab9b2e15Sgtb gss_OID mechanism; 870ab9b2e15Sgtb gss_OID_set *name_types; 871ab9b2e15Sgtb { 872ab9b2e15Sgtb return(krb5_gss_inquire_names_for_mech(minor_status, 873ab9b2e15Sgtb mechanism, 874ab9b2e15Sgtb name_types)); 875ab9b2e15Sgtb } 876ab9b2e15Sgtb 877ab9b2e15Sgtb #if 0 878ab9b2e15Sgtb /* V2 */ 879ab9b2e15Sgtb static OM_uint32 880ab9b2e15Sgtb k5glue_oid_to_str(ctx, minor_status, oid, oid_str) 881ab9b2e15Sgtb void *ctx; 882ab9b2e15Sgtb OM_uint32 *minor_status; 883ab9b2e15Sgtb gss_OID oid; 884ab9b2e15Sgtb gss_buffer_t oid_str; 885ab9b2e15Sgtb { 886ab9b2e15Sgtb return(generic_gss_oid_to_str(minor_status, oid, oid_str)); 887ab9b2e15Sgtb } 888ab9b2e15Sgtb #endif 889ab9b2e15Sgtb 890ab9b2e15Sgtb static OM_uint32 891ab9b2e15Sgtb k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer) 892ab9b2e15Sgtb void *ctx; 893ab9b2e15Sgtb OM_uint32 *minor_status; 894ab9b2e15Sgtb gss_ctx_id_t context_handle; 895ab9b2e15Sgtb gss_buffer_t token_buffer; 896ab9b2e15Sgtb { 897ab9b2e15Sgtb return(krb5_gss_process_context_token(minor_status, 898ab9b2e15Sgtb context_handle, token_buffer)); 899ab9b2e15Sgtb } 900ab9b2e15Sgtb 901ab9b2e15Sgtb static OM_uint32 902ab9b2e15Sgtb k5glue_release_cred(ctx, minor_status, cred_handle) 903ab9b2e15Sgtb void *ctx; 904ab9b2e15Sgtb OM_uint32 *minor_status; 905ab9b2e15Sgtb gss_cred_id_t *cred_handle; 906ab9b2e15Sgtb { 907ab9b2e15Sgtb return(krb5_gss_release_cred(minor_status, cred_handle)); 908ab9b2e15Sgtb } 909ab9b2e15Sgtb 910ab9b2e15Sgtb static OM_uint32 911ab9b2e15Sgtb k5glue_release_name(ctx, minor_status, input_name) 912ab9b2e15Sgtb void *ctx; 913ab9b2e15Sgtb OM_uint32 *minor_status; 914ab9b2e15Sgtb gss_name_t *input_name; 915ab9b2e15Sgtb { 916ab9b2e15Sgtb return(krb5_gss_release_name(minor_status, input_name)); 917ab9b2e15Sgtb } 918ab9b2e15Sgtb 919ab9b2e15Sgtb #if 0 920ab9b2e15Sgtb static OM_uint32 921ab9b2e15Sgtb k5glue_release_buffer(ctx, minor_status, buffer) 922ab9b2e15Sgtb void *ctx; 923ab9b2e15Sgtb OM_uint32 *minor_status; 924ab9b2e15Sgtb gss_buffer_t buffer; 925ab9b2e15Sgtb { 926ab9b2e15Sgtb return(generic_gss_release_buffer(minor_status, 927ab9b2e15Sgtb buffer)); 928ab9b2e15Sgtb } 929ab9b2e15Sgtb #endif 930ab9b2e15Sgtb 931ab9b2e15Sgtb /* V2 */ 932ab9b2e15Sgtb static OM_uint32 933ab9b2e15Sgtb k5glue_internal_release_oid(ctx, minor_status, oid) 934ab9b2e15Sgtb void *ctx; 935ab9b2e15Sgtb OM_uint32 *minor_status; 936ab9b2e15Sgtb gss_OID *oid; 937ab9b2e15Sgtb { 938ab9b2e15Sgtb return(krb5_gss_internal_release_oid(minor_status, oid)); 939ab9b2e15Sgtb } 940ab9b2e15Sgtb 941ab9b2e15Sgtb #if 0 942ab9b2e15Sgtb static OM_uint32 943ab9b2e15Sgtb k5glue_release_oid_set(ctx, minor_status, set) 944ab9b2e15Sgtb void *ctx; 945ab9b2e15Sgtb OM_uint32 * minor_status; 946ab9b2e15Sgtb gss_OID_set *set; 947ab9b2e15Sgtb { 948ab9b2e15Sgtb return(generic_gss_release_oid_set(minor_status, set)); 949ab9b2e15Sgtb } 950ab9b2e15Sgtb #endif 951ab9b2e15Sgtb 952ab9b2e15Sgtb /* V1 only */ 953ab9b2e15Sgtb static OM_uint32 954ab9b2e15Sgtb k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req, 955ab9b2e15Sgtb input_message_buffer, conf_state, output_message_buffer) 956ab9b2e15Sgtb void *ctx; 957ab9b2e15Sgtb OM_uint32 *minor_status; 958ab9b2e15Sgtb gss_ctx_id_t context_handle; 959ab9b2e15Sgtb int conf_req_flag; 960ab9b2e15Sgtb int qop_req; 961ab9b2e15Sgtb gss_buffer_t input_message_buffer; 962ab9b2e15Sgtb int *conf_state; 963ab9b2e15Sgtb gss_buffer_t output_message_buffer; 964ab9b2e15Sgtb { 965ab9b2e15Sgtb return(krb5_gss_seal(minor_status, context_handle, 966ab9b2e15Sgtb conf_req_flag, qop_req, input_message_buffer, 967ab9b2e15Sgtb conf_state, output_message_buffer)); 968ab9b2e15Sgtb } 969ab9b2e15Sgtb 970ab9b2e15Sgtb static OM_uint32 971ab9b2e15Sgtb k5glue_sign(ctx, minor_status, context_handle, 972ab9b2e15Sgtb qop_req, message_buffer, 973ab9b2e15Sgtb message_token) 974ab9b2e15Sgtb void *ctx; 975ab9b2e15Sgtb OM_uint32 *minor_status; 976ab9b2e15Sgtb gss_ctx_id_t context_handle; 977ab9b2e15Sgtb int qop_req; 978ab9b2e15Sgtb gss_buffer_t message_buffer; 979ab9b2e15Sgtb gss_buffer_t message_token; 980ab9b2e15Sgtb { 981ab9b2e15Sgtb return(krb5_gss_sign(minor_status, context_handle, 982ab9b2e15Sgtb qop_req, message_buffer, message_token)); 983ab9b2e15Sgtb } 984ab9b2e15Sgtb 985ab9b2e15Sgtb #if 0 986ab9b2e15Sgtb /* V2 */ 987ab9b2e15Sgtb static OM_uint32 988ab9b2e15Sgtb k5glue_verify_mic(ctx, minor_status, context_handle, 989ab9b2e15Sgtb message_buffer, token_buffer, qop_state) 990ab9b2e15Sgtb void *ctx; 991ab9b2e15Sgtb OM_uint32 *minor_status; 992ab9b2e15Sgtb gss_ctx_id_t context_handle; 993ab9b2e15Sgtb gss_buffer_t message_buffer; 994ab9b2e15Sgtb gss_buffer_t token_buffer; 995ab9b2e15Sgtb gss_qop_t *qop_state; 996ab9b2e15Sgtb { 997ab9b2e15Sgtb return(krb5_gss_verify_mic(minor_status, context_handle, 998ab9b2e15Sgtb message_buffer, token_buffer, qop_state)); 999ab9b2e15Sgtb } 1000ab9b2e15Sgtb 1001ab9b2e15Sgtb /* V2 */ 1002ab9b2e15Sgtb static OM_uint32 1003ab9b2e15Sgtb k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req, 1004ab9b2e15Sgtb input_message_buffer, conf_state, output_message_buffer) 1005ab9b2e15Sgtb void *ctx; 1006ab9b2e15Sgtb OM_uint32 *minor_status; 1007ab9b2e15Sgtb gss_ctx_id_t context_handle; 1008ab9b2e15Sgtb int conf_req_flag; 1009ab9b2e15Sgtb gss_qop_t qop_req; 1010ab9b2e15Sgtb gss_buffer_t input_message_buffer; 1011ab9b2e15Sgtb int *conf_state; 1012ab9b2e15Sgtb gss_buffer_t output_message_buffer; 1013ab9b2e15Sgtb { 1014ab9b2e15Sgtb return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req, 1015ab9b2e15Sgtb input_message_buffer, conf_state, 1016ab9b2e15Sgtb output_message_buffer)); 1017ab9b2e15Sgtb } 1018ab9b2e15Sgtb 1019ab9b2e15Sgtb /* V2 */ 1020ab9b2e15Sgtb static OM_uint32 1021ab9b2e15Sgtb k5glue_str_to_oid(ctx, minor_status, oid_str, oid) 1022ab9b2e15Sgtb void *ctx; 1023ab9b2e15Sgtb OM_uint32 *minor_status; 1024ab9b2e15Sgtb gss_buffer_t oid_str; 1025ab9b2e15Sgtb gss_OID *oid; 1026ab9b2e15Sgtb { 1027ab9b2e15Sgtb return(generic_gss_str_to_oid(minor_status, oid_str, oid)); 1028ab9b2e15Sgtb } 1029ab9b2e15Sgtb 1030ab9b2e15Sgtb /* V2 */ 1031ab9b2e15Sgtb static OM_uint32 1032ab9b2e15Sgtb k5glue_test_oid_set_member(ctx, minor_status, member, set, present) 1033ab9b2e15Sgtb void *ctx; 1034ab9b2e15Sgtb OM_uint32 *minor_status; 1035ab9b2e15Sgtb gss_OID member; 1036ab9b2e15Sgtb gss_OID_set set; 1037ab9b2e15Sgtb int *present; 1038ab9b2e15Sgtb { 1039ab9b2e15Sgtb return(generic_gss_test_oid_set_member(minor_status, member, set, 1040ab9b2e15Sgtb present)); 1041ab9b2e15Sgtb } 1042ab9b2e15Sgtb #endif 1043ab9b2e15Sgtb 1044ab9b2e15Sgtb /* V1 only */ 1045ab9b2e15Sgtb static OM_uint32 1046ab9b2e15Sgtb k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer, 1047ab9b2e15Sgtb output_message_buffer, conf_state, qop_state) 1048ab9b2e15Sgtb void *ctx; 1049ab9b2e15Sgtb OM_uint32 *minor_status; 1050ab9b2e15Sgtb gss_ctx_id_t context_handle; 1051ab9b2e15Sgtb gss_buffer_t input_message_buffer; 1052ab9b2e15Sgtb gss_buffer_t output_message_buffer; 1053ab9b2e15Sgtb int *conf_state; 1054ab9b2e15Sgtb int *qop_state; 1055ab9b2e15Sgtb { 1056ab9b2e15Sgtb return(krb5_gss_unseal(minor_status, context_handle, 1057ab9b2e15Sgtb input_message_buffer, output_message_buffer, 1058ab9b2e15Sgtb conf_state, qop_state)); 1059ab9b2e15Sgtb } 1060ab9b2e15Sgtb 1061ab9b2e15Sgtb #if 0 1062ab9b2e15Sgtb /* V2 */ 1063ab9b2e15Sgtb static OM_uint32 1064ab9b2e15Sgtb k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer, 1065ab9b2e15Sgtb output_message_buffer, conf_state, qop_state) 1066ab9b2e15Sgtb void *ctx; 1067ab9b2e15Sgtb OM_uint32 *minor_status; 1068ab9b2e15Sgtb gss_ctx_id_t context_handle; 1069ab9b2e15Sgtb gss_buffer_t input_message_buffer; 1070ab9b2e15Sgtb gss_buffer_t output_message_buffer; 1071ab9b2e15Sgtb int *conf_state; 1072ab9b2e15Sgtb gss_qop_t *qop_state; 1073ab9b2e15Sgtb { 1074ab9b2e15Sgtb return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer, 1075ab9b2e15Sgtb output_message_buffer, conf_state, qop_state)); 1076ab9b2e15Sgtb } 1077ab9b2e15Sgtb #endif 1078ab9b2e15Sgtb 1079ab9b2e15Sgtb /* V1 only */ 1080ab9b2e15Sgtb static OM_uint32 1081ab9b2e15Sgtb k5glue_verify(ctx, minor_status, context_handle, message_buffer, 1082ab9b2e15Sgtb token_buffer, qop_state) 1083ab9b2e15Sgtb void *ctx; 1084ab9b2e15Sgtb OM_uint32 *minor_status; 1085ab9b2e15Sgtb gss_ctx_id_t context_handle; 1086ab9b2e15Sgtb gss_buffer_t message_buffer; 1087ab9b2e15Sgtb gss_buffer_t token_buffer; 1088ab9b2e15Sgtb int *qop_state; 1089ab9b2e15Sgtb { 1090ab9b2e15Sgtb return(krb5_gss_verify(minor_status, 1091ab9b2e15Sgtb context_handle, 1092ab9b2e15Sgtb message_buffer, 1093ab9b2e15Sgtb token_buffer, 1094ab9b2e15Sgtb qop_state)); 1095ab9b2e15Sgtb } 1096ab9b2e15Sgtb 1097ab9b2e15Sgtb /* V2 interface */ 1098ab9b2e15Sgtb static OM_uint32 1099ab9b2e15Sgtb k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag, 1100ab9b2e15Sgtb qop_req, req_output_size, max_input_size) 1101ab9b2e15Sgtb void *ctx; 1102ab9b2e15Sgtb OM_uint32 *minor_status; 1103ab9b2e15Sgtb gss_ctx_id_t context_handle; 1104ab9b2e15Sgtb int conf_req_flag; 1105ab9b2e15Sgtb gss_qop_t qop_req; 1106ab9b2e15Sgtb OM_uint32 req_output_size; 1107ab9b2e15Sgtb OM_uint32 *max_input_size; 1108ab9b2e15Sgtb { 1109ab9b2e15Sgtb return(krb5_gss_wrap_size_limit(minor_status, context_handle, 1110ab9b2e15Sgtb conf_req_flag, qop_req, 1111ab9b2e15Sgtb req_output_size, max_input_size)); 1112ab9b2e15Sgtb } 1113ab9b2e15Sgtb 1114ab9b2e15Sgtb #if 0 1115ab9b2e15Sgtb /* V2 interface */ 1116ab9b2e15Sgtb static OM_uint32 1117ab9b2e15Sgtb k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name) 1118ab9b2e15Sgtb void *ctx; 1119ab9b2e15Sgtb OM_uint32 *minor_status; 1120ab9b2e15Sgtb const gss_name_t input_name; 1121ab9b2e15Sgtb const gss_OID mech_type; 1122ab9b2e15Sgtb gss_name_t *output_name; 1123ab9b2e15Sgtb { 1124ab9b2e15Sgtb return krb5_gss_canonicalize_name(minor_status, input_name, 1125ab9b2e15Sgtb mech_type, output_name); 1126ab9b2e15Sgtb } 1127ab9b2e15Sgtb #endif 1128ab9b2e15Sgtb 1129ab9b2e15Sgtb /* V2 interface */ 1130ab9b2e15Sgtb static OM_uint32 1131ab9b2e15Sgtb k5glue_export_name(ctx, minor_status, input_name, exported_name) 1132ab9b2e15Sgtb void *ctx; 1133ab9b2e15Sgtb OM_uint32 *minor_status; 1134ab9b2e15Sgtb const gss_name_t input_name; 1135ab9b2e15Sgtb gss_buffer_t exported_name; 1136ab9b2e15Sgtb { 1137ab9b2e15Sgtb return krb5_gss_export_name(minor_status, input_name, exported_name); 1138ab9b2e15Sgtb } 1139ab9b2e15Sgtb 1140ab9b2e15Sgtb /* SUNW15resync - this is not in the MIT mech (lib) yet */ 1141ab9b2e15Sgtb static OM_uint32 1142ab9b2e15Sgtb k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech, 1143ab9b2e15Sgtb overwrite_cred, default_cred, elements_stored, 1144ab9b2e15Sgtb cred_usage_stored) 1145ab9b2e15Sgtb void *ctx; 1146ab9b2e15Sgtb OM_uint32 *minor_status; 1147ab9b2e15Sgtb const gss_cred_id_t input_cred; 1148ab9b2e15Sgtb gss_cred_usage_t cred_usage; 1149ab9b2e15Sgtb gss_OID desired_mech; 1150ab9b2e15Sgtb OM_uint32 overwrite_cred; 1151ab9b2e15Sgtb OM_uint32 default_cred; 1152ab9b2e15Sgtb gss_OID_set *elements_stored; 1153ab9b2e15Sgtb gss_cred_usage_t *cred_usage_stored; 1154ab9b2e15Sgtb { 1155ab9b2e15Sgtb return(krb5_gss_store_cred(minor_status, input_cred, 1156ab9b2e15Sgtb cred_usage, desired_mech, 1157ab9b2e15Sgtb overwrite_cred, default_cred, elements_stored, 1158ab9b2e15Sgtb cred_usage_stored)); 1159ab9b2e15Sgtb } 1160ab9b2e15Sgtb 1161ab9b2e15Sgtb static OM_uint32 1162ab9b2e15Sgtb k5glue_userok( 1163ab9b2e15Sgtb void *ctxt, /* context */ 1164ab9b2e15Sgtb OM_uint32 *minor, /* minor_status */ 1165ab9b2e15Sgtb const gss_name_t pname, /* pname */ 1166ab9b2e15Sgtb const char *user, /* local user */ 1167ab9b2e15Sgtb int *user_ok /* user ok? */ 1168ab9b2e15Sgtb /* */) 1169ab9b2e15Sgtb { 1170ab9b2e15Sgtb return(krb5_gss_userok(minor, pname, user, user_ok)); 1171ab9b2e15Sgtb } 1172ab9b2e15Sgtb 1173ab9b2e15Sgtb static OM_uint32 1174ab9b2e15Sgtb k5glue_pname_to_uid( 1175ab9b2e15Sgtb void *ctxt, /* context */ 1176ab9b2e15Sgtb OM_uint32 *minor, /* minor_status */ 1177ab9b2e15Sgtb const gss_name_t pname, /* pname */ 1178ab9b2e15Sgtb uid_t *uidOut /* uid */ 1179ab9b2e15Sgtb /* */) 1180ab9b2e15Sgtb { 1181ab9b2e15Sgtb return (krb5_pname_to_uid(minor, pname, uidOut)); 1182ab9b2e15Sgtb } 1183ab9b2e15Sgtb 1184ab9b2e15Sgtb 1185ab9b2e15Sgtb 1186ab9b2e15Sgtb #if 0 1187ab9b2e15Sgtb /* V2 interface */ 1188ab9b2e15Sgtb static OM_uint32 1189ab9b2e15Sgtb k5glue_duplicate_name(ctx, minor_status, input_name, dest_name) 1190ab9b2e15Sgtb void *ctx; 1191ab9b2e15Sgtb OM_uint32 *minor_status; 1192ab9b2e15Sgtb const gss_name_t input_name; 1193ab9b2e15Sgtb gss_name_t *dest_name; 1194ab9b2e15Sgtb { 1195ab9b2e15Sgtb return krb5_gss_duplicate_name(minor_status, input_name, dest_name); 1196ab9b2e15Sgtb } 1197ab9b2e15Sgtb #endif 1198ab9b2e15Sgtb 1199ab9b2e15Sgtb 1200ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV 1201ab9b2e15Sgtb gss_krb5_copy_ccache( 1202ab9b2e15Sgtb OM_uint32 *minor_status, 1203ab9b2e15Sgtb gss_cred_id_t cred_handle, 1204ab9b2e15Sgtb krb5_ccache out_ccache) 1205ab9b2e15Sgtb { 1206ab9b2e15Sgtb gss_union_cred_t ucred; 1207ab9b2e15Sgtb gss_cred_id_t mcred; 1208ab9b2e15Sgtb 1209ab9b2e15Sgtb ucred = (gss_union_cred_t)cred_handle; 1210ab9b2e15Sgtb 1211ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); 1212ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1213ab9b2e15Sgtb return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); 1214ab9b2e15Sgtb 1215ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); 1216ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1217ab9b2e15Sgtb return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); 1218ab9b2e15Sgtb 1219ab9b2e15Sgtb return GSS_S_DEFECTIVE_CREDENTIAL; 1220ab9b2e15Sgtb } 1221ab9b2e15Sgtb 1222ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV 1223ab9b2e15Sgtb gss_krb5_set_allowable_enctypes( 1224ab9b2e15Sgtb OM_uint32 *minor_status, 1225ab9b2e15Sgtb gss_cred_id_t cred, 1226ab9b2e15Sgtb OM_uint32 num_ktypes, 1227ab9b2e15Sgtb krb5_enctype *ktypes) 1228ab9b2e15Sgtb { 1229ab9b2e15Sgtb gss_union_cred_t ucred; 1230ab9b2e15Sgtb gss_cred_id_t mcred; 1231ab9b2e15Sgtb 1232ab9b2e15Sgtb ucred = (gss_union_cred_t)cred; 1233ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); 1234ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1235ab9b2e15Sgtb return gss_krb5int_set_allowable_enctypes(minor_status, mcred, 1236ab9b2e15Sgtb num_ktypes, ktypes); 1237ab9b2e15Sgtb 1238ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); 1239ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1240ab9b2e15Sgtb return gss_krb5int_set_allowable_enctypes(minor_status, mcred, 1241ab9b2e15Sgtb num_ktypes, ktypes); 1242ab9b2e15Sgtb 1243ab9b2e15Sgtb return GSS_S_DEFECTIVE_CREDENTIAL; 1244ab9b2e15Sgtb } 1245ab9b2e15Sgtb 1246ab9b2e15Sgtb /* 1247ab9b2e15Sgtb * Glue routine for returning the mechanism-specific credential from a 1248ab9b2e15Sgtb * external union credential. 1249ab9b2e15Sgtb */ 1250ab9b2e15Sgtb /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't 1251ab9b2e15Sgtb want to link against libgss so we put it here since we need it in the mech */ 1252ab9b2e15Sgtb gss_cred_id_t 1253ab9b2e15Sgtb gssint_get_mechanism_cred(union_cred, mech_type) 1254ab9b2e15Sgtb gss_union_cred_t union_cred; 1255ab9b2e15Sgtb gss_OID mech_type; 1256ab9b2e15Sgtb { 1257ab9b2e15Sgtb int i; 1258ab9b2e15Sgtb 1259ab9b2e15Sgtb if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL) 1260ab9b2e15Sgtb return GSS_C_NO_CREDENTIAL; 1261ab9b2e15Sgtb 1262ab9b2e15Sgtb for (i=0; i < union_cred->count; i++) { 1263ab9b2e15Sgtb if (g_OID_equal(mech_type, &union_cred->mechs_array[i])) 1264ab9b2e15Sgtb return union_cred->cred_array[i]; 1265ab9b2e15Sgtb } 1266ab9b2e15Sgtb return GSS_C_NO_CREDENTIAL; 1267ab9b2e15Sgtb } 1268ab9b2e15Sgtb 1269ab9b2e15Sgtb 1270ab9b2e15Sgtb 1271ab9b2e15Sgtb /* 1272ab9b2e15Sgtb * entry point for the gss layer, 1273ab9b2e15Sgtb * called "krb5_gss_initialize()" in MIT 1.2.1 1274ab9b2e15Sgtb */ 1275ab9b2e15Sgtb /* SUNW15resync - this used to be in k5mech.c */ 1276ab9b2e15Sgtb gss_mechanism 1277ab9b2e15Sgtb gss_mech_initialize(oid) 1278ab9b2e15Sgtb const gss_OID oid; 1279ab9b2e15Sgtb { 128072f0806aSShawn Emery /* 128172f0806aSShawn Emery * Solaris Kerberos: We also want to use the same functions for KRB5 as 128272f0806aSShawn Emery * we do for the MS KRB5 (krb5_mechanism_wrong). So both are valid. 128372f0806aSShawn Emery */ 1284ab9b2e15Sgtb /* ensure that the requested oid matches our oid */ 128572f0806aSShawn Emery if (oid == NULL || (!g_OID_equal(oid, &krb5_mechanism.mech_type) && 128672f0806aSShawn Emery !g_OID_equal(oid, &krb5_mechanism_wrong.mech_type))) { 1287ab9b2e15Sgtb (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid"); 1288ab9b2e15Sgtb return (NULL); 1289ab9b2e15Sgtb } 1290ab9b2e15Sgtb 1291ab9b2e15Sgtb #if 0 /* SUNW15resync - no longer needed(?) */ 1292ab9b2e15Sgtb if (krb5_gss_get_context(&(krb5_mechanism.context)) != 1293ab9b2e15Sgtb GSS_S_COMPLETE) 1294ab9b2e15Sgtb return (NULL); 1295ab9b2e15Sgtb #endif 1296ab9b2e15Sgtb 1297ab9b2e15Sgtb return (&krb5_mechanism); 1298ab9b2e15Sgtb } 1299ab9b2e15Sgtb 1300ba7b222eSGlenn Barry /* 1301ba7b222eSGlenn Barry * This API should go away and be replaced with an accessor 1302ba7b222eSGlenn Barry * into a gss_name_t. 1303ba7b222eSGlenn Barry */ 1304ba7b222eSGlenn Barry OM_uint32 KRB5_CALLCONV 1305ba7b222eSGlenn Barry gsskrb5_extract_authz_data_from_sec_context( 1306ba7b222eSGlenn Barry OM_uint32 *minor_status, 1307ba7b222eSGlenn Barry gss_ctx_id_t context_handle, 1308ba7b222eSGlenn Barry int ad_type, 1309ba7b222eSGlenn Barry gss_buffer_t ad_data) 1310ba7b222eSGlenn Barry { 1311ba7b222eSGlenn Barry gss_OID_desc req_oid; 1312ba7b222eSGlenn Barry unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6]; 1313ba7b222eSGlenn Barry OM_uint32 major_status; 1314ba7b222eSGlenn Barry gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; 1315ba7b222eSGlenn Barry 1316ba7b222eSGlenn Barry if (ad_data == NULL) 1317ba7b222eSGlenn Barry return GSS_S_CALL_INACCESSIBLE_WRITE; 1318ba7b222eSGlenn Barry 1319ba7b222eSGlenn Barry req_oid.elements = oid_buf; 1320ba7b222eSGlenn Barry req_oid.length = sizeof(oid_buf); 1321ba7b222eSGlenn Barry 1322ba7b222eSGlenn Barry major_status = generic_gss_oid_compose(minor_status, 1323ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID, 1324ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH, 1325ba7b222eSGlenn Barry ad_type, 1326ba7b222eSGlenn Barry &req_oid); 1327ba7b222eSGlenn Barry if (GSS_ERROR(major_status)) 1328ba7b222eSGlenn Barry return major_status; 1329ba7b222eSGlenn Barry 1330ba7b222eSGlenn Barry major_status = gss_inquire_sec_context_by_oid(minor_status, 1331ba7b222eSGlenn Barry context_handle, 1332ba7b222eSGlenn Barry (gss_OID)&req_oid, 1333ba7b222eSGlenn Barry &data_set); 1334ba7b222eSGlenn Barry if (major_status != GSS_S_COMPLETE) { 1335ba7b222eSGlenn Barry return major_status; 1336ba7b222eSGlenn Barry } 1337ba7b222eSGlenn Barry 1338ba7b222eSGlenn Barry /* 1339ba7b222eSGlenn Barry * SUNW17PACresync / Solaris Kerberos 134072f0806aSShawn Emery * MIT17 allows only count==1 which is correct for pre-Win2008 but 134172f0806aSShawn Emery * our testing with Win2008 shows count==2 and Win7 count==3. 1342ba7b222eSGlenn Barry */ 134372f0806aSShawn Emery if ((data_set == GSS_C_NO_BUFFER_SET) || (data_set->count == 0)) { 1344ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set); 1345*5e01956fSGlenn Barry *minor_status = EINVAL; 1346ba7b222eSGlenn Barry return GSS_S_FAILURE; 1347ba7b222eSGlenn Barry } 1348ba7b222eSGlenn Barry 1349ba7b222eSGlenn Barry ad_data->length = data_set->elements[0].length; 1350ba7b222eSGlenn Barry ad_data->value = malloc(ad_data->length); 1351ba7b222eSGlenn Barry if (!ad_data->value) { 1352ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set); 1353ba7b222eSGlenn Barry return ENOMEM; 1354ba7b222eSGlenn Barry } 1355ba7b222eSGlenn Barry bcopy(data_set->elements[0].value, ad_data->value, ad_data->length); 1356ba7b222eSGlenn Barry 1357ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set); 1358ba7b222eSGlenn Barry 1359ba7b222eSGlenn Barry return GSS_S_COMPLETE; 1360ba7b222eSGlenn Barry } 1361ba7b222eSGlenn Barry 1362ba7b222eSGlenn Barry 1363ba7b222eSGlenn Barry OM_uint32 KRB5_CALLCONV 1364ba7b222eSGlenn Barry gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, 1365ba7b222eSGlenn Barry gss_ctx_id_t context_handle, 1366ba7b222eSGlenn Barry krb5_timestamp *authtime) 1367ba7b222eSGlenn Barry { 1368ba7b222eSGlenn Barry static const gss_OID_desc req_oid = { 1369ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, 1370ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID }; 1371ba7b222eSGlenn Barry OM_uint32 major_status; 1372ba7b222eSGlenn Barry gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; 1373ba7b222eSGlenn Barry 1374ba7b222eSGlenn Barry if (authtime == NULL) 1375ba7b222eSGlenn Barry return GSS_S_CALL_INACCESSIBLE_WRITE; 1376ba7b222eSGlenn Barry 1377ba7b222eSGlenn Barry major_status = gss_inquire_sec_context_by_oid(minor_status, 1378ba7b222eSGlenn Barry context_handle, 1379ba7b222eSGlenn Barry (gss_OID)&req_oid, 1380ba7b222eSGlenn Barry &data_set); 1381ba7b222eSGlenn Barry if (major_status != GSS_S_COMPLETE) 1382ba7b222eSGlenn Barry return major_status; 1383ba7b222eSGlenn Barry 1384ba7b222eSGlenn Barry if (data_set == GSS_C_NO_BUFFER_SET || 1385ba7b222eSGlenn Barry data_set->count != 1 || 1386ba7b222eSGlenn Barry data_set->elements[0].length != sizeof(*authtime)) { 1387ba7b222eSGlenn Barry *minor_status = EINVAL; 1388ba7b222eSGlenn Barry return GSS_S_FAILURE; 1389ba7b222eSGlenn Barry } 1390ba7b222eSGlenn Barry 1391ba7b222eSGlenn Barry *authtime = *((krb5_timestamp *)data_set->elements[0].value); 1392ba7b222eSGlenn Barry 1393ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set); 1394ba7b222eSGlenn Barry 1395ba7b222eSGlenn Barry *minor_status = 0; 1396ba7b222eSGlenn Barry 1397ba7b222eSGlenn Barry return GSS_S_COMPLETE; 1398ba7b222eSGlenn Barry } 1399