1ab9b2e15Sgtb /*
2*5e01956fSGlenn Barry  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
3ab9b2e15Sgtb  */
4ab9b2e15Sgtb /*
5ab9b2e15Sgtb  * Copyright 1993 by OpenVision Technologies, Inc.
6ab9b2e15Sgtb  *
7ab9b2e15Sgtb  * Permission to use, copy, modify, distribute, and sell this software
8ab9b2e15Sgtb  * and its documentation for any purpose is hereby granted without fee,
9ab9b2e15Sgtb  * provided that the above copyright notice appears in all copies and
10ab9b2e15Sgtb  * that both that copyright notice and this permission notice appear in
11ab9b2e15Sgtb  * supporting documentation, and that the name of OpenVision not be used
12ab9b2e15Sgtb  * in advertising or publicity pertaining to distribution of the software
13ab9b2e15Sgtb  * without specific, written prior permission. OpenVision makes no
14ab9b2e15Sgtb  * representations about the suitability of this software for any
15ab9b2e15Sgtb  * purpose.  It is provided "as is" without express or implied warranty.
16ab9b2e15Sgtb  *
17ab9b2e15Sgtb  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
18ab9b2e15Sgtb  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
19ab9b2e15Sgtb  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
20ab9b2e15Sgtb  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
21ab9b2e15Sgtb  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
22ab9b2e15Sgtb  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
23ab9b2e15Sgtb  * PERFORMANCE OF THIS SOFTWARE.
24ab9b2e15Sgtb  */
25ab9b2e15Sgtb 
26ab9b2e15Sgtb /*
27159d09a2SMark Phalan  * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $
28ab9b2e15Sgtb  */
29ab9b2e15Sgtb 
30ab9b2e15Sgtb #include "gssapiP_krb5.h"
31ab9b2e15Sgtb #include "mglueP.h"
32ab9b2e15Sgtb #include <syslog.h>
33ab9b2e15Sgtb 
34ab9b2e15Sgtb /** mechglue wrappers **/
35ab9b2e15Sgtb 
36ab9b2e15Sgtb static OM_uint32 k5glue_acquire_cred
37ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
38ab9b2e15Sgtb             gss_name_t,       /* desired_name */
39ab9b2e15Sgtb             OM_uint32,        /* time_req */
40ab9b2e15Sgtb             gss_OID_set,      /* desired_mechs */
41159d09a2SMark Phalan             gss_cred_usage_t, /* cred_usage */
42ab9b2e15Sgtb             gss_cred_id_t*,   /* output_cred_handle */
43ab9b2e15Sgtb             gss_OID_set*,     /* actual_mechs */
44ab9b2e15Sgtb             OM_uint32*        /* time_rec */
45ab9b2e15Sgtb            );
46ab9b2e15Sgtb 
47ab9b2e15Sgtb static OM_uint32 k5glue_release_cred
48ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
49ab9b2e15Sgtb             gss_cred_id_t*    /* cred_handle */
50ab9b2e15Sgtb            );
51ab9b2e15Sgtb 
52ab9b2e15Sgtb static OM_uint32 k5glue_init_sec_context
53ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
54ab9b2e15Sgtb             gss_cred_id_t,    /* claimant_cred_handle */
55ab9b2e15Sgtb             gss_ctx_id_t*,    /* context_handle */
56ab9b2e15Sgtb             gss_name_t,       /* target_name */
57ab9b2e15Sgtb             gss_OID,          /* mech_type */
58ab9b2e15Sgtb             OM_uint32,        /* req_flags */
59ab9b2e15Sgtb             OM_uint32,        /* time_req */
60ab9b2e15Sgtb             gss_channel_bindings_t,
61ab9b2e15Sgtb                               /* input_chan_bindings */
62ab9b2e15Sgtb             gss_buffer_t,     /* input_token */
63ab9b2e15Sgtb             gss_OID*,         /* actual_mech_type */
64ab9b2e15Sgtb             gss_buffer_t,     /* output_token */
65ab9b2e15Sgtb             OM_uint32*,       /* ret_flags */
66ab9b2e15Sgtb             OM_uint32*        /* time_rec */
67ab9b2e15Sgtb            );
68ab9b2e15Sgtb 
69ab9b2e15Sgtb static OM_uint32 k5glue_accept_sec_context
70ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
71ab9b2e15Sgtb             gss_ctx_id_t*,    /* context_handle */
72ab9b2e15Sgtb             gss_cred_id_t,    /* verifier_cred_handle */
73ab9b2e15Sgtb             gss_buffer_t,     /* input_token_buffer */
74ab9b2e15Sgtb             gss_channel_bindings_t,
75ab9b2e15Sgtb                               /* input_chan_bindings */
76ab9b2e15Sgtb             gss_name_t*,      /* src_name */
77ab9b2e15Sgtb             gss_OID*,         /* mech_type */
78ab9b2e15Sgtb             gss_buffer_t,     /* output_token */
79ab9b2e15Sgtb             OM_uint32*,       /* ret_flags */
80ab9b2e15Sgtb             OM_uint32*,       /* time_rec */
81ab9b2e15Sgtb             gss_cred_id_t*    /* delegated_cred_handle */
82ab9b2e15Sgtb            );
83ab9b2e15Sgtb 
84ab9b2e15Sgtb static OM_uint32 k5glue_process_context_token
85ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
86ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
87ab9b2e15Sgtb             gss_buffer_t      /* token_buffer */
88ab9b2e15Sgtb            );
89ab9b2e15Sgtb 
90ab9b2e15Sgtb static OM_uint32 k5glue_delete_sec_context
91ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
92ab9b2e15Sgtb             gss_ctx_id_t*,    /* context_handle */
93ab9b2e15Sgtb             gss_buffer_t      /* output_token */
94ab9b2e15Sgtb            );
95ab9b2e15Sgtb 
96ab9b2e15Sgtb static OM_uint32 k5glue_context_time
97ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
98ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
99ab9b2e15Sgtb             OM_uint32*        /* time_rec */
100ab9b2e15Sgtb            );
101ab9b2e15Sgtb 
102ab9b2e15Sgtb static OM_uint32 k5glue_sign
103ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
104ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
105ab9b2e15Sgtb             int,              /* qop_req */
106ab9b2e15Sgtb             gss_buffer_t,     /* message_buffer */
107ab9b2e15Sgtb             gss_buffer_t      /* message_token */
108ab9b2e15Sgtb            );
109ab9b2e15Sgtb 
110ab9b2e15Sgtb static OM_uint32 k5glue_verify
111ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
112ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
113ab9b2e15Sgtb             gss_buffer_t,     /* message_buffer */
114ab9b2e15Sgtb             gss_buffer_t,     /* token_buffer */
115ab9b2e15Sgtb             int*              /* qop_state */
116ab9b2e15Sgtb            );
117ab9b2e15Sgtb 
118ab9b2e15Sgtb static OM_uint32 k5glue_seal
119ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
120ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
121ab9b2e15Sgtb             int,              /* conf_req_flag */
122ab9b2e15Sgtb             int,              /* qop_req */
123ab9b2e15Sgtb             gss_buffer_t,     /* input_message_buffer */
124ab9b2e15Sgtb             int*,             /* conf_state */
125ab9b2e15Sgtb             gss_buffer_t      /* output_message_buffer */
126ab9b2e15Sgtb            );
127ab9b2e15Sgtb 
128ab9b2e15Sgtb static OM_uint32 k5glue_unseal
129ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
130ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
131ab9b2e15Sgtb             gss_buffer_t,     /* input_message_buffer */
132ab9b2e15Sgtb             gss_buffer_t,     /* output_message_buffer */
133ab9b2e15Sgtb             int*,             /* conf_state */
134ab9b2e15Sgtb             int*              /* qop_state */
135ab9b2e15Sgtb            );
136ab9b2e15Sgtb 
137ab9b2e15Sgtb static OM_uint32 k5glue_display_status
138ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
139ab9b2e15Sgtb             OM_uint32,        /* status_value */
140ab9b2e15Sgtb             int,              /* status_type */
141ab9b2e15Sgtb             gss_OID,          /* mech_type */
142ab9b2e15Sgtb             OM_uint32*,       /* message_context */
143ab9b2e15Sgtb             gss_buffer_t      /* status_string */
144ab9b2e15Sgtb            );
145ab9b2e15Sgtb 
146ab9b2e15Sgtb static OM_uint32 k5glue_indicate_mechs
147ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
148ab9b2e15Sgtb             gss_OID_set*      /* mech_set */
149ab9b2e15Sgtb            );
150ab9b2e15Sgtb 
151ab9b2e15Sgtb static OM_uint32 k5glue_compare_name
152ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
153ab9b2e15Sgtb             gss_name_t,       /* name1 */
154ab9b2e15Sgtb             gss_name_t,       /* name2 */
155ab9b2e15Sgtb             int*              /* name_equal */
156ab9b2e15Sgtb            );
157ab9b2e15Sgtb 
158ab9b2e15Sgtb static OM_uint32 k5glue_display_name
159ab9b2e15Sgtb (void *, OM_uint32*,      /* minor_status */
160ab9b2e15Sgtb             gss_name_t,      /* input_name */
161ab9b2e15Sgtb             gss_buffer_t,    /* output_name_buffer */
162ab9b2e15Sgtb             gss_OID*         /* output_name_type */
163ab9b2e15Sgtb            );
164ab9b2e15Sgtb 
165ab9b2e15Sgtb static OM_uint32 k5glue_import_name
166ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
167ab9b2e15Sgtb             gss_buffer_t,     /* input_name_buffer */
168ab9b2e15Sgtb             gss_OID,          /* input_name_type */
169ab9b2e15Sgtb             gss_name_t*       /* output_name */
170ab9b2e15Sgtb            );
171ab9b2e15Sgtb 
172ab9b2e15Sgtb static OM_uint32 k5glue_release_name
173ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
174ab9b2e15Sgtb             gss_name_t*       /* input_name */
175ab9b2e15Sgtb            );
176ab9b2e15Sgtb 
177ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred
178ab9b2e15Sgtb (void *, OM_uint32 *,      /* minor_status */
179ab9b2e15Sgtb             gss_cred_id_t,    /* cred_handle */
180ab9b2e15Sgtb             gss_name_t *,     /* name */
181ab9b2e15Sgtb             OM_uint32 *,      /* lifetime */
182ab9b2e15Sgtb             gss_cred_usage_t*,/* cred_usage */
183ab9b2e15Sgtb             gss_OID_set *     /* mechanisms */
184ab9b2e15Sgtb            );
185ab9b2e15Sgtb 
186ab9b2e15Sgtb static OM_uint32 k5glue_inquire_context
187ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
188ab9b2e15Sgtb 	    gss_ctx_id_t,     /* context_handle */
189ab9b2e15Sgtb 	    gss_name_t*,      /* initiator_name */
190ab9b2e15Sgtb 	    gss_name_t*,      /* acceptor_name */
191ab9b2e15Sgtb 	    OM_uint32*,       /* lifetime_rec */
192ab9b2e15Sgtb 	    gss_OID*,         /* mech_type */
193ab9b2e15Sgtb 	    OM_uint32*,       /* ret_flags */
194ab9b2e15Sgtb 	    int*,             /* locally_initiated */
195ab9b2e15Sgtb 	    int*              /* open */
196ab9b2e15Sgtb 	   );
197ab9b2e15Sgtb 
198ab9b2e15Sgtb #if 0
199ab9b2e15Sgtb /* New V2 entry points */
200ab9b2e15Sgtb static OM_uint32 k5glue_get_mic
201ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
202ab9b2e15Sgtb 	    gss_ctx_id_t,		/* context_handle */
203ab9b2e15Sgtb 	    gss_qop_t,			/* qop_req */
204ab9b2e15Sgtb 	    gss_buffer_t,		/* message_buffer */
205ab9b2e15Sgtb 	    gss_buffer_t		/* message_token */
206ab9b2e15Sgtb 	   );
207ab9b2e15Sgtb 
208ab9b2e15Sgtb static OM_uint32 k5glue_verify_mic
209ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
210ab9b2e15Sgtb 	    gss_ctx_id_t,		/* context_handle */
211ab9b2e15Sgtb 	    gss_buffer_t,		/* message_buffer */
212ab9b2e15Sgtb 	    gss_buffer_t,		/* message_token */
213ab9b2e15Sgtb 	    gss_qop_t *			/* qop_state */
214ab9b2e15Sgtb 	   );
215ab9b2e15Sgtb 
216ab9b2e15Sgtb static OM_uint32 k5glue_wrap
217ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
218ab9b2e15Sgtb 	    gss_ctx_id_t,		/* context_handle */
219ab9b2e15Sgtb 	    int,			/* conf_req_flag */
220ab9b2e15Sgtb 	    gss_qop_t,			/* qop_req */
221ab9b2e15Sgtb 	    gss_buffer_t,		/* input_message_buffer */
222ab9b2e15Sgtb 	    int *,			/* conf_state */
223ab9b2e15Sgtb 	    gss_buffer_t		/* output_message_buffer */
224ab9b2e15Sgtb 	   );
225ab9b2e15Sgtb 
226ab9b2e15Sgtb static OM_uint32 k5glue_unwrap
227ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
228ab9b2e15Sgtb 	    gss_ctx_id_t,		/* context_handle */
229ab9b2e15Sgtb 	    gss_buffer_t,		/* input_message_buffer */
230ab9b2e15Sgtb 	    gss_buffer_t,		/* output_message_buffer */
231ab9b2e15Sgtb 	    int *,			/* conf_state */
232ab9b2e15Sgtb 	    gss_qop_t *			/* qop_state */
233ab9b2e15Sgtb 	   );
234ab9b2e15Sgtb #endif
235ab9b2e15Sgtb 
236ab9b2e15Sgtb static OM_uint32 k5glue_wrap_size_limit
237ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
238ab9b2e15Sgtb 	    gss_ctx_id_t,		/* context_handle */
239ab9b2e15Sgtb 	    int,			/* conf_req_flag */
240ab9b2e15Sgtb 	    gss_qop_t,			/* qop_req */
241ab9b2e15Sgtb 	    OM_uint32,			/* req_output_size */
242ab9b2e15Sgtb 	    OM_uint32 *			/* max_input_size */
243ab9b2e15Sgtb 	   );
244ab9b2e15Sgtb 
245ab9b2e15Sgtb #if 0
246ab9b2e15Sgtb static OM_uint32 k5glue_import_name_object
247ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
248ab9b2e15Sgtb 	    void *,			/* input_name */
249ab9b2e15Sgtb 	    gss_OID,			/* input_name_type */
250ab9b2e15Sgtb 	    gss_name_t *		/* output_name */
251ab9b2e15Sgtb 	   );
252ab9b2e15Sgtb 
253ab9b2e15Sgtb static OM_uint32 k5glue_export_name_object
254ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
255ab9b2e15Sgtb 	    gss_name_t,			/* input_name */
256ab9b2e15Sgtb 	    gss_OID,			/* desired_name_type */
257ab9b2e15Sgtb 	    void * *			/* output_name */
258ab9b2e15Sgtb 	   );
259ab9b2e15Sgtb #endif
260ab9b2e15Sgtb 
261ab9b2e15Sgtb static OM_uint32 k5glue_add_cred
262ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
263ab9b2e15Sgtb 	    gss_cred_id_t,		/* input_cred_handle */
264ab9b2e15Sgtb 	    gss_name_t,			/* desired_name */
265ab9b2e15Sgtb 	    gss_OID,			/* desired_mech */
266ab9b2e15Sgtb 	    gss_cred_usage_t,		/* cred_usage */
267ab9b2e15Sgtb 	    OM_uint32,			/* initiator_time_req */
268ab9b2e15Sgtb 	    OM_uint32,			/* acceptor_time_req */
269ab9b2e15Sgtb 	    gss_cred_id_t *,		/* output_cred_handle */
270ab9b2e15Sgtb 	    gss_OID_set *,		/* actual_mechs */
271ab9b2e15Sgtb 	    OM_uint32 *,		/* initiator_time_rec */
272ab9b2e15Sgtb 	    OM_uint32 *			/* acceptor_time_rec */
273ab9b2e15Sgtb 	   );
274ab9b2e15Sgtb 
275ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred_by_mech
276ab9b2e15Sgtb (void *, OM_uint32  *,		/* minor_status */
277ab9b2e15Sgtb 	    gss_cred_id_t,		/* cred_handle */
278ab9b2e15Sgtb 	    gss_OID,			/* mech_type */
279ab9b2e15Sgtb 	    gss_name_t *,		/* name */
280ab9b2e15Sgtb 	    OM_uint32 *,		/* initiator_lifetime */
281ab9b2e15Sgtb 	    OM_uint32 *,		/* acceptor_lifetime */
282ab9b2e15Sgtb 	    gss_cred_usage_t * 		/* cred_usage */
283ab9b2e15Sgtb 	   );
284ab9b2e15Sgtb 
285ab9b2e15Sgtb static OM_uint32 k5glue_export_sec_context
286ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
287ab9b2e15Sgtb 	    gss_ctx_id_t *,		/* context_handle */
288ab9b2e15Sgtb 	    gss_buffer_t		/* interprocess_token */
289ab9b2e15Sgtb 	    );
290ab9b2e15Sgtb 
291ab9b2e15Sgtb static OM_uint32 k5glue_import_sec_context
292ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
293ab9b2e15Sgtb 	    gss_buffer_t,		/* interprocess_token */
294ab9b2e15Sgtb 	    gss_ctx_id_t *		/* context_handle */
295ab9b2e15Sgtb 	    );
296ab9b2e15Sgtb 
297ab9b2e15Sgtb krb5_error_code k5glue_ser_init(krb5_context);
298ab9b2e15Sgtb 
299ab9b2e15Sgtb static OM_uint32 k5glue_internal_release_oid
300ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
301ab9b2e15Sgtb 	    gss_OID *			/* oid */
302ab9b2e15Sgtb 	   );
303ab9b2e15Sgtb 
304ab9b2e15Sgtb static OM_uint32 k5glue_inquire_names_for_mech
305ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
306ab9b2e15Sgtb 	    gss_OID,			/* mechanism */
307ab9b2e15Sgtb 	    gss_OID_set *		/* name_types */
308ab9b2e15Sgtb 	   );
309ab9b2e15Sgtb 
310ab9b2e15Sgtb #if 0
311ab9b2e15Sgtb static OM_uint32 k5glue_canonicalize_name
312ab9b2e15Sgtb (void *, OM_uint32  *,		/* minor_status */
313ab9b2e15Sgtb 	    const gss_name_t,		/* input_name */
314ab9b2e15Sgtb 	    const gss_OID,		/* mech_type */
315ab9b2e15Sgtb 	    gss_name_t *		/* output_name */
316ab9b2e15Sgtb 	 );
317ab9b2e15Sgtb #endif
318ab9b2e15Sgtb 
319ab9b2e15Sgtb static OM_uint32 k5glue_export_name
320ab9b2e15Sgtb (void *, OM_uint32  *,		/* minor_status */
321ab9b2e15Sgtb 	    const gss_name_t,		/* input_name */
322ab9b2e15Sgtb 	    gss_buffer_t		/* exported_name */
323ab9b2e15Sgtb 	 );
324ab9b2e15Sgtb 
325ab9b2e15Sgtb /* SUNW15resync - Solaris specific */
326ab9b2e15Sgtb static OM_uint32 k5glue_store_cred (
327ab9b2e15Sgtb 	    void *,
328ab9b2e15Sgtb 	    OM_uint32 *,            /* minor_status */
329ab9b2e15Sgtb 	    const gss_cred_id_t,    /* input_cred */
330ab9b2e15Sgtb 	    gss_cred_usage_t,       /* cred_usage */
331ab9b2e15Sgtb 	    const gss_OID,          /* desired_mech */
332ab9b2e15Sgtb 	    OM_uint32,              /* overwrite_cred */
333ab9b2e15Sgtb 	    OM_uint32,              /* default_cred */
334ab9b2e15Sgtb 	    gss_OID_set *,          /* elements_stored */
335ab9b2e15Sgtb 	    gss_cred_usage_t *      /* cred_usage_stored */
336ab9b2e15Sgtb 	   );
337ab9b2e15Sgtb 
338ba7b222eSGlenn Barry /* SUNW17PACresync - this decl not needed in MIT but is for Sol */
339ba7b222eSGlenn Barry /* Note code is in gsspi_krb5.c */
340ba7b222eSGlenn Barry OM_uint32 krb5_gss_inquire_sec_context_by_oid(
341ba7b222eSGlenn Barry 	OM_uint32 *,
342ba7b222eSGlenn Barry 	const gss_ctx_id_t,
343ba7b222eSGlenn Barry 	const gss_OID,
344ba7b222eSGlenn Barry 	gss_buffer_set_t *);
345ba7b222eSGlenn Barry 
346ab9b2e15Sgtb static OM_uint32
347ab9b2e15Sgtb k5glue_userok(
348ab9b2e15Sgtb 		    void *,		/* context */
349ab9b2e15Sgtb 		    OM_uint32 *,	/* minor_status */
350ab9b2e15Sgtb 		    const gss_name_t,	/* pname */
351ab9b2e15Sgtb 		    const char *,	/* local user */
352ab9b2e15Sgtb 		    int *		/* user ok? */
353ab9b2e15Sgtb 	/* */);
354ab9b2e15Sgtb 
355ab9b2e15Sgtb static OM_uint32
356ab9b2e15Sgtb k5glue_pname_to_uid(
357ab9b2e15Sgtb 		    void *,		/* context */
358ab9b2e15Sgtb 		    OM_uint32 *,	/* minor_status */
359ab9b2e15Sgtb 		    const gss_name_t,	/* pname */
360ab9b2e15Sgtb 		    uid_t *		/* uid */
361ab9b2e15Sgtb 	/* */);
362ab9b2e15Sgtb 
363ab9b2e15Sgtb 
364ab9b2e15Sgtb 
365ab9b2e15Sgtb 
366ab9b2e15Sgtb #if 0
367ab9b2e15Sgtb static OM_uint32 k5glue_duplicate_name
368ab9b2e15Sgtb (void *, OM_uint32  *,		/* minor_status */
369ab9b2e15Sgtb 	    const gss_name_t,		/* input_name */
370ab9b2e15Sgtb 	    gss_name_t *		/* dest_name */
371ab9b2e15Sgtb 	 );
372ab9b2e15Sgtb #endif
373ab9b2e15Sgtb 
374ab9b2e15Sgtb #if 0
375ab9b2e15Sgtb static OM_uint32 k5glue_validate_cred
376ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
377ab9b2e15Sgtb 	    gss_cred_id_t		/* cred */
378ab9b2e15Sgtb          );
379ab9b2e15Sgtb #endif
380ab9b2e15Sgtb 
381ab9b2e15Sgtb #if 0
382ab9b2e15Sgtb /*
383ab9b2e15Sgtb  * SUNW15resync
384ab9b2e15Sgtb  * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src
385ab9b2e15Sgtb  * slicing&dicing needs of the "nightly -SD" build.  When it goes away,
386ab9b2e15Sgtb  * we should use it assuming MIT still uses it then.
387ab9b2e15Sgtb  */
388ab9b2e15Sgtb 
389ab9b2e15Sgtb /*
390ab9b2e15Sgtb  * The krb5 mechanism provides two mech OIDs; use this initializer to
391ab9b2e15Sgtb  * ensure that both dispatch tables contain identical function
392ab9b2e15Sgtb  * pointers.
393ab9b2e15Sgtb  */
394ab9b2e15Sgtb #define KRB5_GSS_CONFIG_INIT				\
395ab9b2e15Sgtb     NULL,						\
396ab9b2e15Sgtb     ...
397ab9b2e15Sgtb #endif
398ab9b2e15Sgtb 
399ab9b2e15Sgtb 
400ab9b2e15Sgtb static struct gss_config krb5_mechanism = {
401ab9b2e15Sgtb #if 0 /* Solaris Kerberos */
402ab9b2e15Sgtb     100, "kerberos_v5",
403ab9b2e15Sgtb #endif
404ab9b2e15Sgtb     { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
405ab9b2e15Sgtb     NULL,
406ab9b2e15Sgtb     k5glue_acquire_cred,
407ab9b2e15Sgtb     k5glue_release_cred,
408ab9b2e15Sgtb     k5glue_init_sec_context,
409ab9b2e15Sgtb     k5glue_accept_sec_context,
410ab9b2e15Sgtb     k5glue_unseal,
411ab9b2e15Sgtb     k5glue_process_context_token,
412ab9b2e15Sgtb     k5glue_delete_sec_context,
413ab9b2e15Sgtb     k5glue_context_time,
414ab9b2e15Sgtb     k5glue_display_status,
415ab9b2e15Sgtb     k5glue_indicate_mechs,
416ab9b2e15Sgtb     k5glue_compare_name,
417ab9b2e15Sgtb     k5glue_display_name,
418ab9b2e15Sgtb     k5glue_import_name,
419ab9b2e15Sgtb     k5glue_release_name,
420ab9b2e15Sgtb     k5glue_inquire_cred,
421ab9b2e15Sgtb     k5glue_add_cred,
422ab9b2e15Sgtb     k5glue_seal,
423ab9b2e15Sgtb     k5glue_export_sec_context,
424ab9b2e15Sgtb     k5glue_import_sec_context,
425ab9b2e15Sgtb     k5glue_inquire_cred_by_mech,
426ab9b2e15Sgtb     k5glue_inquire_names_for_mech,
427ab9b2e15Sgtb     k5glue_inquire_context,
428ab9b2e15Sgtb     k5glue_internal_release_oid,
429ab9b2e15Sgtb     k5glue_wrap_size_limit,
430ab9b2e15Sgtb     k5glue_pname_to_uid,
431ab9b2e15Sgtb     k5glue_userok,
432ab9b2e15Sgtb     k5glue_export_name,
433ab9b2e15Sgtb     k5glue_sign,
434ab9b2e15Sgtb     k5glue_verify,
435ba7b222eSGlenn Barry     k5glue_store_cred,
436ba7b222eSGlenn Barry     krb5_gss_inquire_sec_context_by_oid
437ab9b2e15Sgtb };
438ab9b2e15Sgtb 
439ab9b2e15Sgtb static struct gss_config krb5_mechanism_old = {
440ab9b2e15Sgtb #if 0 /* Solaris Kerberos */
441ab9b2e15Sgtb     200, "kerberos_v5 (pre-RFC OID)",
442ab9b2e15Sgtb #endif
443ab9b2e15Sgtb     { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID },
444ab9b2e15Sgtb     NULL,
445ab9b2e15Sgtb     k5glue_acquire_cred,
446ab9b2e15Sgtb     k5glue_release_cred,
447ab9b2e15Sgtb     k5glue_init_sec_context,
448ab9b2e15Sgtb     k5glue_accept_sec_context,
449ab9b2e15Sgtb     k5glue_unseal,
450ab9b2e15Sgtb     k5glue_process_context_token,
451ab9b2e15Sgtb     k5glue_delete_sec_context,
452ab9b2e15Sgtb     k5glue_context_time,
453ab9b2e15Sgtb     k5glue_display_status,
454ab9b2e15Sgtb     k5glue_indicate_mechs,
455ab9b2e15Sgtb     k5glue_compare_name,
456ab9b2e15Sgtb     k5glue_display_name,
457ab9b2e15Sgtb     k5glue_import_name,
458ab9b2e15Sgtb     k5glue_release_name,
459ab9b2e15Sgtb     k5glue_inquire_cred,
460ab9b2e15Sgtb     k5glue_add_cred,
461ab9b2e15Sgtb     k5glue_seal,
462ab9b2e15Sgtb     k5glue_export_sec_context,
463ab9b2e15Sgtb     k5glue_import_sec_context,
464ab9b2e15Sgtb     k5glue_inquire_cred_by_mech,
465ab9b2e15Sgtb     k5glue_inquire_names_for_mech,
466ab9b2e15Sgtb     k5glue_inquire_context,
467ab9b2e15Sgtb     k5glue_internal_release_oid,
468ab9b2e15Sgtb     k5glue_wrap_size_limit,
469ab9b2e15Sgtb     k5glue_pname_to_uid,
470ab9b2e15Sgtb     k5glue_userok,
471ab9b2e15Sgtb     k5glue_export_name,
472ab9b2e15Sgtb     k5glue_sign,
473ab9b2e15Sgtb     k5glue_verify,
474ba7b222eSGlenn Barry     k5glue_store_cred,
475ba7b222eSGlenn Barry     krb5_gss_inquire_sec_context_by_oid
476ab9b2e15Sgtb };
477ab9b2e15Sgtb 
478ab9b2e15Sgtb static struct gss_config krb5_mechanism_wrong = {
479ab9b2e15Sgtb #if 0 /* Solaris Kerberos */
480ab9b2e15Sgtb     300, "kerberos_v5 (wrong OID)",
481ab9b2e15Sgtb #endif
482ab9b2e15Sgtb     { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID },
483ab9b2e15Sgtb     NULL,
484ab9b2e15Sgtb     k5glue_acquire_cred,
485ab9b2e15Sgtb     k5glue_release_cred,
486ab9b2e15Sgtb     k5glue_init_sec_context,
487ab9b2e15Sgtb     k5glue_accept_sec_context,
488ab9b2e15Sgtb     k5glue_unseal,
489ab9b2e15Sgtb     k5glue_process_context_token,
490ab9b2e15Sgtb     k5glue_delete_sec_context,
491ab9b2e15Sgtb     k5glue_context_time,
492ab9b2e15Sgtb     k5glue_display_status,
493ab9b2e15Sgtb     k5glue_indicate_mechs,
494ab9b2e15Sgtb     k5glue_compare_name,
495ab9b2e15Sgtb     k5glue_display_name,
496ab9b2e15Sgtb     k5glue_import_name,
497ab9b2e15Sgtb     k5glue_release_name,
498ab9b2e15Sgtb     k5glue_inquire_cred,
499ab9b2e15Sgtb     k5glue_add_cred,
500ab9b2e15Sgtb     k5glue_seal,
501ab9b2e15Sgtb     k5glue_export_sec_context,
502ab9b2e15Sgtb     k5glue_import_sec_context,
503ab9b2e15Sgtb     k5glue_inquire_cred_by_mech,
504ab9b2e15Sgtb     k5glue_inquire_names_for_mech,
505ab9b2e15Sgtb     k5glue_inquire_context,
506ab9b2e15Sgtb     k5glue_internal_release_oid,
507ab9b2e15Sgtb     k5glue_wrap_size_limit,
508ab9b2e15Sgtb     k5glue_pname_to_uid,
509ab9b2e15Sgtb     k5glue_userok,
510ab9b2e15Sgtb     k5glue_export_name,
511ab9b2e15Sgtb     k5glue_sign,
512ab9b2e15Sgtb     k5glue_verify,
513ba7b222eSGlenn Barry     k5glue_store_cred,
514ba7b222eSGlenn Barry     krb5_gss_inquire_sec_context_by_oid
515ab9b2e15Sgtb };
516ab9b2e15Sgtb 
517ab9b2e15Sgtb static gss_mechanism krb5_mech_configs[] = {
518ab9b2e15Sgtb     &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL
519ab9b2e15Sgtb };
520ab9b2e15Sgtb 
521ab9b2e15Sgtb #ifdef MS_BUG_TEST
522ab9b2e15Sgtb static gss_mechanism krb5_mech_configs_hack[] = {
523ab9b2e15Sgtb     &krb5_mechanism, &krb5_mechanism_old, NULL
524ab9b2e15Sgtb };
525ab9b2e15Sgtb #endif
526ab9b2e15Sgtb 
527ab9b2e15Sgtb #if 1
528ab9b2e15Sgtb #define gssint_get_mech_configs krb5_gss_get_mech_configs
529ab9b2e15Sgtb #endif
530ab9b2e15Sgtb 
531ab9b2e15Sgtb gss_mechanism *
532ab9b2e15Sgtb gssint_get_mech_configs(void)
533ab9b2e15Sgtb {
534ab9b2e15Sgtb #ifdef MS_BUG_TEST
535ab9b2e15Sgtb     char *envstr = getenv("MS_FORCE_NO_MSOID");
536ab9b2e15Sgtb 
537ab9b2e15Sgtb     if (envstr != NULL && strcmp(envstr, "1") == 0) {
538ab9b2e15Sgtb 	return krb5_mech_configs_hack;
539ab9b2e15Sgtb     }
540ab9b2e15Sgtb #endif
541ab9b2e15Sgtb     return krb5_mech_configs;
542ab9b2e15Sgtb }
543ab9b2e15Sgtb 
544ab9b2e15Sgtb static OM_uint32
545ab9b2e15Sgtb k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle,
546ab9b2e15Sgtb 		       input_token, input_chan_bindings, src_name, mech_type,
547ab9b2e15Sgtb 		       output_token, ret_flags, time_rec, delegated_cred_handle)
548ab9b2e15Sgtb     void *ctx;
549ab9b2e15Sgtb      OM_uint32 *minor_status;
550ab9b2e15Sgtb      gss_ctx_id_t *context_handle;
551ab9b2e15Sgtb      gss_cred_id_t verifier_cred_handle;
552ab9b2e15Sgtb      gss_buffer_t input_token;
553ab9b2e15Sgtb      gss_channel_bindings_t input_chan_bindings;
554ab9b2e15Sgtb      gss_name_t *src_name;
555ab9b2e15Sgtb      gss_OID *mech_type;
556ab9b2e15Sgtb      gss_buffer_t output_token;
557ab9b2e15Sgtb      OM_uint32 *ret_flags;
558ab9b2e15Sgtb      OM_uint32 *time_rec;
559ab9b2e15Sgtb      gss_cred_id_t *delegated_cred_handle;
560ab9b2e15Sgtb {
561ab9b2e15Sgtb    return(krb5_gss_accept_sec_context(minor_status,
562ab9b2e15Sgtb 				      context_handle,
563ab9b2e15Sgtb 				      verifier_cred_handle,
564ab9b2e15Sgtb 				      input_token,
565ab9b2e15Sgtb 				      input_chan_bindings,
566ab9b2e15Sgtb 				      src_name,
567ab9b2e15Sgtb 				      mech_type,
568ab9b2e15Sgtb 				      output_token,
569ab9b2e15Sgtb 				      ret_flags,
570ab9b2e15Sgtb 				      time_rec,
571ab9b2e15Sgtb 				      delegated_cred_handle));
572ab9b2e15Sgtb }
573ab9b2e15Sgtb 
574ab9b2e15Sgtb static OM_uint32
575ab9b2e15Sgtb k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
576ab9b2e15Sgtb 		 cred_usage, output_cred_handle, actual_mechs, time_rec)
577ab9b2e15Sgtb     void *ctx;
578ab9b2e15Sgtb      OM_uint32 *minor_status;
579ab9b2e15Sgtb      gss_name_t desired_name;
580ab9b2e15Sgtb      OM_uint32 time_req;
581ab9b2e15Sgtb      gss_OID_set desired_mechs;
582159d09a2SMark Phalan      gss_cred_usage_t cred_usage;
583ab9b2e15Sgtb      gss_cred_id_t *output_cred_handle;
584ab9b2e15Sgtb      gss_OID_set *actual_mechs;
585ab9b2e15Sgtb      OM_uint32 *time_rec;
586ab9b2e15Sgtb {
587ab9b2e15Sgtb    return(krb5_gss_acquire_cred(minor_status,
588ab9b2e15Sgtb 				desired_name,
589ab9b2e15Sgtb 				time_req,
590ab9b2e15Sgtb 				desired_mechs,
591ab9b2e15Sgtb 				cred_usage,
592ab9b2e15Sgtb 				output_cred_handle,
593ab9b2e15Sgtb 				actual_mechs,
594ab9b2e15Sgtb 				time_rec));
595ab9b2e15Sgtb }
596ab9b2e15Sgtb 
597ab9b2e15Sgtb /* V2 */
598ab9b2e15Sgtb static OM_uint32
599ab9b2e15Sgtb k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech,
600ab9b2e15Sgtb 	     cred_usage, initiator_time_req, acceptor_time_req,
601ab9b2e15Sgtb 	     output_cred_handle, actual_mechs, initiator_time_rec,
602ab9b2e15Sgtb 	     acceptor_time_rec)
603ab9b2e15Sgtb     void *ctx;
604ab9b2e15Sgtb     OM_uint32		 *minor_status;
605ab9b2e15Sgtb     gss_cred_id_t	input_cred_handle;
606ab9b2e15Sgtb     gss_name_t		desired_name;
607ab9b2e15Sgtb     gss_OID		desired_mech;
608ab9b2e15Sgtb     gss_cred_usage_t	cred_usage;
609ab9b2e15Sgtb     OM_uint32		initiator_time_req;
610ab9b2e15Sgtb     OM_uint32		acceptor_time_req;
611ab9b2e15Sgtb     gss_cred_id_t	 *output_cred_handle;
612ab9b2e15Sgtb     gss_OID_set		 *actual_mechs;
613ab9b2e15Sgtb     OM_uint32		 *initiator_time_rec;
614ab9b2e15Sgtb     OM_uint32		 *acceptor_time_rec;
615ab9b2e15Sgtb {
616ab9b2e15Sgtb     return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name,
617ab9b2e15Sgtb 			     desired_mech, cred_usage, initiator_time_req,
618ab9b2e15Sgtb 			     acceptor_time_req, output_cred_handle,
619ab9b2e15Sgtb 			     actual_mechs, initiator_time_rec,
620ab9b2e15Sgtb 			     acceptor_time_rec));
621ab9b2e15Sgtb }
622ab9b2e15Sgtb 
623ab9b2e15Sgtb #if 0
624ab9b2e15Sgtb /* V2 */
625ab9b2e15Sgtb static OM_uint32
626ab9b2e15Sgtb k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set)
627ab9b2e15Sgtb     void *ctx;
628ab9b2e15Sgtb     OM_uint32	 *minor_status;
629ab9b2e15Sgtb     gss_OID	member_oid;
630ab9b2e15Sgtb     gss_OID_set	 *oid_set;
631ab9b2e15Sgtb {
632ab9b2e15Sgtb     return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set));
633ab9b2e15Sgtb }
634ab9b2e15Sgtb #endif
635ab9b2e15Sgtb 
636ab9b2e15Sgtb static OM_uint32
637ab9b2e15Sgtb k5glue_compare_name(ctx, minor_status, name1, name2, name_equal)
638ab9b2e15Sgtb     void *ctx;
639ab9b2e15Sgtb      OM_uint32 *minor_status;
640ab9b2e15Sgtb      gss_name_t name1;
641ab9b2e15Sgtb      gss_name_t name2;
642ab9b2e15Sgtb      int *name_equal;
643ab9b2e15Sgtb {
644ab9b2e15Sgtb    return(krb5_gss_compare_name(minor_status, name1,
645ab9b2e15Sgtb 				name2, name_equal));
646ab9b2e15Sgtb }
647ab9b2e15Sgtb 
648ab9b2e15Sgtb static OM_uint32
649ab9b2e15Sgtb k5glue_context_time(ctx, minor_status, context_handle, time_rec)
650ab9b2e15Sgtb     void *ctx;
651ab9b2e15Sgtb      OM_uint32 *minor_status;
652ab9b2e15Sgtb      gss_ctx_id_t context_handle;
653ab9b2e15Sgtb      OM_uint32 *time_rec;
654ab9b2e15Sgtb {
655ab9b2e15Sgtb    return(krb5_gss_context_time(minor_status, context_handle,
656ab9b2e15Sgtb 				time_rec));
657ab9b2e15Sgtb }
658ab9b2e15Sgtb 
659ab9b2e15Sgtb #if 0
660ab9b2e15Sgtb /* V2 */
661ab9b2e15Sgtb static OM_uint32
662ab9b2e15Sgtb k5glue_create_empty_oid_set(ctx, minor_status, oid_set)
663ab9b2e15Sgtb     void *ctx;
664ab9b2e15Sgtb     OM_uint32	 *minor_status;
665ab9b2e15Sgtb     gss_OID_set	 *oid_set;
666ab9b2e15Sgtb {
667ab9b2e15Sgtb     return(generic_gss_create_empty_oid_set(minor_status, oid_set));
668ab9b2e15Sgtb }
669ab9b2e15Sgtb #endif
670ab9b2e15Sgtb 
671ab9b2e15Sgtb static OM_uint32
672ab9b2e15Sgtb k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token)
673ab9b2e15Sgtb     void *ctx;
674ab9b2e15Sgtb      OM_uint32 *minor_status;
675ab9b2e15Sgtb      gss_ctx_id_t *context_handle;
676ab9b2e15Sgtb      gss_buffer_t output_token;
677ab9b2e15Sgtb {
678ab9b2e15Sgtb    return(krb5_gss_delete_sec_context(minor_status,
679ab9b2e15Sgtb 				      context_handle, output_token));
680ab9b2e15Sgtb }
681ab9b2e15Sgtb 
682ab9b2e15Sgtb static OM_uint32
683ab9b2e15Sgtb k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type)
684ab9b2e15Sgtb     void *ctx;
685ab9b2e15Sgtb      OM_uint32 *minor_status;
686ab9b2e15Sgtb      gss_name_t input_name;
687ab9b2e15Sgtb      gss_buffer_t output_name_buffer;
688ab9b2e15Sgtb      gss_OID *output_name_type;
689ab9b2e15Sgtb {
690ab9b2e15Sgtb    return(krb5_gss_display_name(minor_status, input_name,
691ab9b2e15Sgtb 				output_name_buffer, output_name_type));
692ab9b2e15Sgtb }
693ab9b2e15Sgtb 
694ab9b2e15Sgtb static OM_uint32
695ab9b2e15Sgtb k5glue_display_status(ctx, minor_status, status_value, status_type,
696ab9b2e15Sgtb 		   mech_type, message_context, status_string)
697ab9b2e15Sgtb     void *ctx;
698ab9b2e15Sgtb      OM_uint32 *minor_status;
699ab9b2e15Sgtb      OM_uint32 status_value;
700ab9b2e15Sgtb      int status_type;
701ab9b2e15Sgtb      gss_OID mech_type;
702ab9b2e15Sgtb      OM_uint32 *message_context;
703ab9b2e15Sgtb      gss_buffer_t status_string;
704ab9b2e15Sgtb {
705ab9b2e15Sgtb    return(krb5_gss_display_status(minor_status, status_value,
706ab9b2e15Sgtb 				  status_type, mech_type, message_context,
707ab9b2e15Sgtb 				  status_string));
708ab9b2e15Sgtb }
709ab9b2e15Sgtb 
710ab9b2e15Sgtb /* V2 */
711ab9b2e15Sgtb static OM_uint32
712ab9b2e15Sgtb k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token)
713ab9b2e15Sgtb     void *ctx;
714ab9b2e15Sgtb      OM_uint32		 *minor_status;
715ab9b2e15Sgtb      gss_ctx_id_t	 *context_handle;
716ab9b2e15Sgtb      gss_buffer_t	interprocess_token;
717ab9b2e15Sgtb {
718ab9b2e15Sgtb    return(krb5_gss_export_sec_context(minor_status,
719ab9b2e15Sgtb 				      context_handle,
720ab9b2e15Sgtb 				      interprocess_token));
721ab9b2e15Sgtb }
722ab9b2e15Sgtb 
723ab9b2e15Sgtb #if 0
724ab9b2e15Sgtb /* V2 */
725ab9b2e15Sgtb static OM_uint32
726ab9b2e15Sgtb k5glue_get_mic(ctx, minor_status, context_handle, qop_req,
727ab9b2e15Sgtb 	    message_buffer, message_token)
728ab9b2e15Sgtb     void *ctx;
729ab9b2e15Sgtb      OM_uint32		 *minor_status;
730ab9b2e15Sgtb      gss_ctx_id_t	context_handle;
731ab9b2e15Sgtb      gss_qop_t		qop_req;
732ab9b2e15Sgtb      gss_buffer_t	message_buffer;
733ab9b2e15Sgtb      gss_buffer_t	message_token;
734ab9b2e15Sgtb {
735ab9b2e15Sgtb     return(krb5_gss_get_mic(minor_status, context_handle,
736ab9b2e15Sgtb 			    qop_req, message_buffer, message_token));
737ab9b2e15Sgtb }
738ab9b2e15Sgtb #endif
739ab9b2e15Sgtb 
740ab9b2e15Sgtb static OM_uint32
741ab9b2e15Sgtb k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name)
742ab9b2e15Sgtb     void *ctx;
743ab9b2e15Sgtb      OM_uint32 *minor_status;
744ab9b2e15Sgtb      gss_buffer_t input_name_buffer;
745ab9b2e15Sgtb      gss_OID input_name_type;
746ab9b2e15Sgtb      gss_name_t *output_name;
747ab9b2e15Sgtb {
748ab9b2e15Sgtb #if 0
749ab9b2e15Sgtb     OM_uint32 err;
750ab9b2e15Sgtb     err = gssint_initialize_library();
751ab9b2e15Sgtb     if (err) {
752ab9b2e15Sgtb 	*minor_status = err;
753ab9b2e15Sgtb 	return GSS_S_FAILURE;
754ab9b2e15Sgtb     }
755ab9b2e15Sgtb #endif
756ab9b2e15Sgtb     return(krb5_gss_import_name(minor_status, input_name_buffer,
757ab9b2e15Sgtb 				input_name_type, output_name));
758ab9b2e15Sgtb }
759ab9b2e15Sgtb 
760ab9b2e15Sgtb /* V2 */
761ab9b2e15Sgtb static OM_uint32
762ab9b2e15Sgtb k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
763ab9b2e15Sgtb     void *ctx;
764ab9b2e15Sgtb      OM_uint32		 *minor_status;
765ab9b2e15Sgtb      gss_buffer_t	interprocess_token;
766ab9b2e15Sgtb      gss_ctx_id_t	 *context_handle;
767ab9b2e15Sgtb {
768ab9b2e15Sgtb    return(krb5_gss_import_sec_context(minor_status,
769ab9b2e15Sgtb 				      interprocess_token,
770ab9b2e15Sgtb 				      context_handle));
771ab9b2e15Sgtb }
772ab9b2e15Sgtb 
773ab9b2e15Sgtb static OM_uint32
774ab9b2e15Sgtb k5glue_indicate_mechs(ctx, minor_status, mech_set)
775ab9b2e15Sgtb     void *ctx;
776ab9b2e15Sgtb      OM_uint32 *minor_status;
777ab9b2e15Sgtb      gss_OID_set *mech_set;
778ab9b2e15Sgtb {
779ab9b2e15Sgtb    return(krb5_gss_indicate_mechs(minor_status, mech_set));
780ab9b2e15Sgtb }
781ab9b2e15Sgtb 
782ab9b2e15Sgtb static OM_uint32
783ab9b2e15Sgtb k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle,
784ab9b2e15Sgtb 		     target_name, mech_type, req_flags, time_req,
785ab9b2e15Sgtb 		     input_chan_bindings, input_token, actual_mech_type,
786ab9b2e15Sgtb 		     output_token, ret_flags, time_rec)
787ab9b2e15Sgtb     void *ctx;
788ab9b2e15Sgtb      OM_uint32 *minor_status;
789ab9b2e15Sgtb      gss_cred_id_t claimant_cred_handle;
790ab9b2e15Sgtb      gss_ctx_id_t *context_handle;
791ab9b2e15Sgtb      gss_name_t target_name;
792ab9b2e15Sgtb      gss_OID mech_type;
793ab9b2e15Sgtb      OM_uint32 req_flags;
794ab9b2e15Sgtb      OM_uint32 time_req;
795ab9b2e15Sgtb      gss_channel_bindings_t input_chan_bindings;
796ab9b2e15Sgtb      gss_buffer_t input_token;
797ab9b2e15Sgtb      gss_OID *actual_mech_type;
798ab9b2e15Sgtb      gss_buffer_t output_token;
799ab9b2e15Sgtb      OM_uint32 *ret_flags;
800ab9b2e15Sgtb      OM_uint32 *time_rec;
801ab9b2e15Sgtb {
802ab9b2e15Sgtb    return(krb5_gss_init_sec_context(minor_status,
803ab9b2e15Sgtb 				    claimant_cred_handle, context_handle,
804ab9b2e15Sgtb 				    target_name, mech_type, req_flags,
805ab9b2e15Sgtb 				    time_req, input_chan_bindings, input_token,
806ab9b2e15Sgtb 				    actual_mech_type, output_token, ret_flags,
807ab9b2e15Sgtb 				    time_rec));
808ab9b2e15Sgtb }
809ab9b2e15Sgtb 
810ab9b2e15Sgtb static OM_uint32
811ab9b2e15Sgtb k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name,
812ab9b2e15Sgtb 		    lifetime_rec, mech_type, ret_flags,
813ab9b2e15Sgtb 		    locally_initiated, open)
814ab9b2e15Sgtb     void *ctx;
815ab9b2e15Sgtb      OM_uint32 *minor_status;
816ab9b2e15Sgtb      gss_ctx_id_t context_handle;
817ab9b2e15Sgtb      gss_name_t *initiator_name;
818ab9b2e15Sgtb      gss_name_t *acceptor_name;
819ab9b2e15Sgtb      OM_uint32 *lifetime_rec;
820ab9b2e15Sgtb      gss_OID *mech_type;
821ab9b2e15Sgtb      OM_uint32 *ret_flags;
822ab9b2e15Sgtb      int *locally_initiated;
823ab9b2e15Sgtb      int *open;
824ab9b2e15Sgtb {
825ab9b2e15Sgtb    return(krb5_gss_inquire_context(minor_status, context_handle,
826ab9b2e15Sgtb 				   initiator_name, acceptor_name, lifetime_rec,
827ab9b2e15Sgtb 				   mech_type, ret_flags, locally_initiated,
828ab9b2e15Sgtb 				   open));
829ab9b2e15Sgtb }
830ab9b2e15Sgtb 
831ab9b2e15Sgtb static OM_uint32
832ab9b2e15Sgtb k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret,
833ab9b2e15Sgtb 		 cred_usage, mechanisms)
834ab9b2e15Sgtb     void *ctx;
835ab9b2e15Sgtb      OM_uint32 *minor_status;
836ab9b2e15Sgtb      gss_cred_id_t cred_handle;
837ab9b2e15Sgtb      gss_name_t *name;
838ab9b2e15Sgtb      OM_uint32 *lifetime_ret;
839ab9b2e15Sgtb      gss_cred_usage_t *cred_usage;
840ab9b2e15Sgtb      gss_OID_set *mechanisms;
841ab9b2e15Sgtb {
842ab9b2e15Sgtb    return(krb5_gss_inquire_cred(minor_status, cred_handle,
843ab9b2e15Sgtb 				name, lifetime_ret, cred_usage, mechanisms));
844ab9b2e15Sgtb }
845ab9b2e15Sgtb 
846ab9b2e15Sgtb /* V2 */
847ab9b2e15Sgtb static OM_uint32
848ab9b2e15Sgtb k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name,
849ab9b2e15Sgtb 			 initiator_lifetime, acceptor_lifetime, cred_usage)
850ab9b2e15Sgtb     void *ctx;
851ab9b2e15Sgtb      OM_uint32		 *minor_status;
852ab9b2e15Sgtb      gss_cred_id_t	cred_handle;
853ab9b2e15Sgtb      gss_OID		mech_type;
854ab9b2e15Sgtb      gss_name_t		 *name;
855ab9b2e15Sgtb      OM_uint32		 *initiator_lifetime;
856ab9b2e15Sgtb      OM_uint32		 *acceptor_lifetime;
857ab9b2e15Sgtb      gss_cred_usage_t	 *cred_usage;
858ab9b2e15Sgtb {
859ab9b2e15Sgtb    return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
860ab9b2e15Sgtb 					mech_type, name, initiator_lifetime,
861ab9b2e15Sgtb 					acceptor_lifetime, cred_usage));
862ab9b2e15Sgtb }
863ab9b2e15Sgtb 
864ab9b2e15Sgtb /* V2 */
865ab9b2e15Sgtb static OM_uint32
866ab9b2e15Sgtb k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
867ab9b2e15Sgtb     void *ctx;
868ab9b2e15Sgtb     OM_uint32	 *minor_status;
869ab9b2e15Sgtb     gss_OID	mechanism;
870ab9b2e15Sgtb     gss_OID_set	 *name_types;
871ab9b2e15Sgtb {
872ab9b2e15Sgtb     return(krb5_gss_inquire_names_for_mech(minor_status,
873ab9b2e15Sgtb 					   mechanism,
874ab9b2e15Sgtb 					   name_types));
875ab9b2e15Sgtb }
876ab9b2e15Sgtb 
877ab9b2e15Sgtb #if 0
878ab9b2e15Sgtb /* V2 */
879ab9b2e15Sgtb static OM_uint32
880ab9b2e15Sgtb k5glue_oid_to_str(ctx, minor_status, oid, oid_str)
881ab9b2e15Sgtb     void *ctx;
882ab9b2e15Sgtb     OM_uint32		 *minor_status;
883ab9b2e15Sgtb     gss_OID		oid;
884ab9b2e15Sgtb     gss_buffer_t	oid_str;
885ab9b2e15Sgtb {
886ab9b2e15Sgtb     return(generic_gss_oid_to_str(minor_status, oid, oid_str));
887ab9b2e15Sgtb }
888ab9b2e15Sgtb #endif
889ab9b2e15Sgtb 
890ab9b2e15Sgtb static OM_uint32
891ab9b2e15Sgtb k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer)
892ab9b2e15Sgtb     void *ctx;
893ab9b2e15Sgtb      OM_uint32 *minor_status;
894ab9b2e15Sgtb      gss_ctx_id_t context_handle;
895ab9b2e15Sgtb      gss_buffer_t token_buffer;
896ab9b2e15Sgtb {
897ab9b2e15Sgtb    return(krb5_gss_process_context_token(minor_status,
898ab9b2e15Sgtb 					 context_handle, token_buffer));
899ab9b2e15Sgtb }
900ab9b2e15Sgtb 
901ab9b2e15Sgtb static OM_uint32
902ab9b2e15Sgtb k5glue_release_cred(ctx, minor_status, cred_handle)
903ab9b2e15Sgtb     void *ctx;
904ab9b2e15Sgtb      OM_uint32 *minor_status;
905ab9b2e15Sgtb      gss_cred_id_t *cred_handle;
906ab9b2e15Sgtb {
907ab9b2e15Sgtb    return(krb5_gss_release_cred(minor_status, cred_handle));
908ab9b2e15Sgtb }
909ab9b2e15Sgtb 
910ab9b2e15Sgtb static OM_uint32
911ab9b2e15Sgtb k5glue_release_name(ctx, minor_status, input_name)
912ab9b2e15Sgtb     void *ctx;
913ab9b2e15Sgtb      OM_uint32 *minor_status;
914ab9b2e15Sgtb      gss_name_t *input_name;
915ab9b2e15Sgtb {
916ab9b2e15Sgtb    return(krb5_gss_release_name(minor_status, input_name));
917ab9b2e15Sgtb }
918ab9b2e15Sgtb 
919ab9b2e15Sgtb #if 0
920ab9b2e15Sgtb static OM_uint32
921ab9b2e15Sgtb k5glue_release_buffer(ctx, minor_status, buffer)
922ab9b2e15Sgtb     void *ctx;
923ab9b2e15Sgtb      OM_uint32 *minor_status;
924ab9b2e15Sgtb      gss_buffer_t buffer;
925ab9b2e15Sgtb {
926ab9b2e15Sgtb    return(generic_gss_release_buffer(minor_status,
927ab9b2e15Sgtb 				     buffer));
928ab9b2e15Sgtb }
929ab9b2e15Sgtb #endif
930ab9b2e15Sgtb 
931ab9b2e15Sgtb /* V2 */
932ab9b2e15Sgtb static OM_uint32
933ab9b2e15Sgtb k5glue_internal_release_oid(ctx, minor_status, oid)
934ab9b2e15Sgtb     void *ctx;
935ab9b2e15Sgtb      OM_uint32	 *minor_status;
936ab9b2e15Sgtb      gss_OID	 *oid;
937ab9b2e15Sgtb {
938ab9b2e15Sgtb     return(krb5_gss_internal_release_oid(minor_status, oid));
939ab9b2e15Sgtb }
940ab9b2e15Sgtb 
941ab9b2e15Sgtb #if 0
942ab9b2e15Sgtb static OM_uint32
943ab9b2e15Sgtb k5glue_release_oid_set(ctx, minor_status, set)
944ab9b2e15Sgtb     void *ctx;
945ab9b2e15Sgtb      OM_uint32 * minor_status;
946ab9b2e15Sgtb      gss_OID_set *set;
947ab9b2e15Sgtb {
948ab9b2e15Sgtb    return(generic_gss_release_oid_set(minor_status, set));
949ab9b2e15Sgtb }
950ab9b2e15Sgtb #endif
951ab9b2e15Sgtb 
952ab9b2e15Sgtb /* V1 only */
953ab9b2e15Sgtb static OM_uint32
954ab9b2e15Sgtb k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
955ab9b2e15Sgtb 	 input_message_buffer, conf_state, output_message_buffer)
956ab9b2e15Sgtb     void *ctx;
957ab9b2e15Sgtb      OM_uint32 *minor_status;
958ab9b2e15Sgtb      gss_ctx_id_t context_handle;
959ab9b2e15Sgtb      int conf_req_flag;
960ab9b2e15Sgtb      int qop_req;
961ab9b2e15Sgtb      gss_buffer_t input_message_buffer;
962ab9b2e15Sgtb      int *conf_state;
963ab9b2e15Sgtb      gss_buffer_t output_message_buffer;
964ab9b2e15Sgtb {
965ab9b2e15Sgtb    return(krb5_gss_seal(minor_status, context_handle,
966ab9b2e15Sgtb 			conf_req_flag, qop_req, input_message_buffer,
967ab9b2e15Sgtb 			conf_state, output_message_buffer));
968ab9b2e15Sgtb }
969ab9b2e15Sgtb 
970ab9b2e15Sgtb static OM_uint32
971ab9b2e15Sgtb k5glue_sign(ctx, minor_status, context_handle,
972ab9b2e15Sgtb 	      qop_req, message_buffer,
973ab9b2e15Sgtb 	      message_token)
974ab9b2e15Sgtb     void *ctx;
975ab9b2e15Sgtb      OM_uint32 *minor_status;
976ab9b2e15Sgtb      gss_ctx_id_t context_handle;
977ab9b2e15Sgtb      int qop_req;
978ab9b2e15Sgtb      gss_buffer_t message_buffer;
979ab9b2e15Sgtb      gss_buffer_t message_token;
980ab9b2e15Sgtb {
981ab9b2e15Sgtb    return(krb5_gss_sign(minor_status, context_handle,
982ab9b2e15Sgtb 			qop_req, message_buffer, message_token));
983ab9b2e15Sgtb }
984ab9b2e15Sgtb 
985ab9b2e15Sgtb #if 0
986ab9b2e15Sgtb /* V2 */
987ab9b2e15Sgtb static OM_uint32
988ab9b2e15Sgtb k5glue_verify_mic(ctx, minor_status, context_handle,
989ab9b2e15Sgtb 	       message_buffer, token_buffer, qop_state)
990ab9b2e15Sgtb     void *ctx;
991ab9b2e15Sgtb      OM_uint32		 *minor_status;
992ab9b2e15Sgtb      gss_ctx_id_t	context_handle;
993ab9b2e15Sgtb      gss_buffer_t	message_buffer;
994ab9b2e15Sgtb      gss_buffer_t	token_buffer;
995ab9b2e15Sgtb      gss_qop_t		 *qop_state;
996ab9b2e15Sgtb {
997ab9b2e15Sgtb     return(krb5_gss_verify_mic(minor_status, context_handle,
998ab9b2e15Sgtb 			       message_buffer, token_buffer, qop_state));
999ab9b2e15Sgtb }
1000ab9b2e15Sgtb 
1001ab9b2e15Sgtb /* V2 */
1002ab9b2e15Sgtb static OM_uint32
1003ab9b2e15Sgtb k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req,
1004ab9b2e15Sgtb 	 input_message_buffer, conf_state, output_message_buffer)
1005ab9b2e15Sgtb     void *ctx;
1006ab9b2e15Sgtb     OM_uint32		 *minor_status;
1007ab9b2e15Sgtb     gss_ctx_id_t	context_handle;
1008ab9b2e15Sgtb     int			conf_req_flag;
1009ab9b2e15Sgtb     gss_qop_t		qop_req;
1010ab9b2e15Sgtb     gss_buffer_t	input_message_buffer;
1011ab9b2e15Sgtb     int			 *conf_state;
1012ab9b2e15Sgtb     gss_buffer_t	output_message_buffer;
1013ab9b2e15Sgtb {
1014ab9b2e15Sgtb     return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req,
1015ab9b2e15Sgtb 			 input_message_buffer, conf_state,
1016ab9b2e15Sgtb 			 output_message_buffer));
1017ab9b2e15Sgtb }
1018ab9b2e15Sgtb 
1019ab9b2e15Sgtb /* V2 */
1020ab9b2e15Sgtb static OM_uint32
1021ab9b2e15Sgtb k5glue_str_to_oid(ctx, minor_status, oid_str, oid)
1022ab9b2e15Sgtb     void *ctx;
1023ab9b2e15Sgtb     OM_uint32		 *minor_status;
1024ab9b2e15Sgtb     gss_buffer_t	oid_str;
1025ab9b2e15Sgtb     gss_OID		 *oid;
1026ab9b2e15Sgtb {
1027ab9b2e15Sgtb     return(generic_gss_str_to_oid(minor_status, oid_str, oid));
1028ab9b2e15Sgtb }
1029ab9b2e15Sgtb 
1030ab9b2e15Sgtb /* V2 */
1031ab9b2e15Sgtb static OM_uint32
1032ab9b2e15Sgtb k5glue_test_oid_set_member(ctx, minor_status, member, set, present)
1033ab9b2e15Sgtb     void *ctx;
1034ab9b2e15Sgtb     OM_uint32	 *minor_status;
1035ab9b2e15Sgtb     gss_OID	member;
1036ab9b2e15Sgtb     gss_OID_set	set;
1037ab9b2e15Sgtb     int		 *present;
1038ab9b2e15Sgtb {
1039ab9b2e15Sgtb     return(generic_gss_test_oid_set_member(minor_status, member, set,
1040ab9b2e15Sgtb 					   present));
1041ab9b2e15Sgtb }
1042ab9b2e15Sgtb #endif
1043ab9b2e15Sgtb 
1044ab9b2e15Sgtb /* V1 only */
1045ab9b2e15Sgtb static OM_uint32
1046ab9b2e15Sgtb k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
1047ab9b2e15Sgtb 	   output_message_buffer, conf_state, qop_state)
1048ab9b2e15Sgtb     void *ctx;
1049ab9b2e15Sgtb      OM_uint32 *minor_status;
1050ab9b2e15Sgtb      gss_ctx_id_t context_handle;
1051ab9b2e15Sgtb      gss_buffer_t input_message_buffer;
1052ab9b2e15Sgtb      gss_buffer_t output_message_buffer;
1053ab9b2e15Sgtb      int *conf_state;
1054ab9b2e15Sgtb      int *qop_state;
1055ab9b2e15Sgtb {
1056ab9b2e15Sgtb    return(krb5_gss_unseal(minor_status, context_handle,
1057ab9b2e15Sgtb 			  input_message_buffer, output_message_buffer,
1058ab9b2e15Sgtb 			  conf_state, qop_state));
1059ab9b2e15Sgtb }
1060ab9b2e15Sgtb 
1061ab9b2e15Sgtb #if 0
1062ab9b2e15Sgtb /* V2 */
1063ab9b2e15Sgtb static OM_uint32
1064ab9b2e15Sgtb k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer,
1065ab9b2e15Sgtb 	   output_message_buffer, conf_state, qop_state)
1066ab9b2e15Sgtb     void *ctx;
1067ab9b2e15Sgtb     OM_uint32		 *minor_status;
1068ab9b2e15Sgtb     gss_ctx_id_t	context_handle;
1069ab9b2e15Sgtb     gss_buffer_t	input_message_buffer;
1070ab9b2e15Sgtb     gss_buffer_t	output_message_buffer;
1071ab9b2e15Sgtb     int			 *conf_state;
1072ab9b2e15Sgtb     gss_qop_t		 *qop_state;
1073ab9b2e15Sgtb {
1074ab9b2e15Sgtb     return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer,
1075ab9b2e15Sgtb 			   output_message_buffer, conf_state, qop_state));
1076ab9b2e15Sgtb }
1077ab9b2e15Sgtb #endif
1078ab9b2e15Sgtb 
1079ab9b2e15Sgtb /* V1 only */
1080ab9b2e15Sgtb static OM_uint32
1081ab9b2e15Sgtb k5glue_verify(ctx, minor_status, context_handle, message_buffer,
1082ab9b2e15Sgtb 	   token_buffer, qop_state)
1083ab9b2e15Sgtb     void *ctx;
1084ab9b2e15Sgtb      OM_uint32 *minor_status;
1085ab9b2e15Sgtb      gss_ctx_id_t context_handle;
1086ab9b2e15Sgtb      gss_buffer_t message_buffer;
1087ab9b2e15Sgtb      gss_buffer_t token_buffer;
1088ab9b2e15Sgtb      int *qop_state;
1089ab9b2e15Sgtb {
1090ab9b2e15Sgtb    return(krb5_gss_verify(minor_status,
1091ab9b2e15Sgtb 			  context_handle,
1092ab9b2e15Sgtb 			  message_buffer,
1093ab9b2e15Sgtb 			  token_buffer,
1094ab9b2e15Sgtb 			  qop_state));
1095ab9b2e15Sgtb }
1096ab9b2e15Sgtb 
1097ab9b2e15Sgtb /* V2 interface */
1098ab9b2e15Sgtb static OM_uint32
1099ab9b2e15Sgtb k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag,
1100ab9b2e15Sgtb 		    qop_req, req_output_size, max_input_size)
1101ab9b2e15Sgtb     void *ctx;
1102ab9b2e15Sgtb     OM_uint32		 *minor_status;
1103ab9b2e15Sgtb     gss_ctx_id_t	context_handle;
1104ab9b2e15Sgtb     int			conf_req_flag;
1105ab9b2e15Sgtb     gss_qop_t		qop_req;
1106ab9b2e15Sgtb     OM_uint32		req_output_size;
1107ab9b2e15Sgtb     OM_uint32		 *max_input_size;
1108ab9b2e15Sgtb {
1109ab9b2e15Sgtb    return(krb5_gss_wrap_size_limit(minor_status, context_handle,
1110ab9b2e15Sgtb 				   conf_req_flag, qop_req,
1111ab9b2e15Sgtb 				   req_output_size, max_input_size));
1112ab9b2e15Sgtb }
1113ab9b2e15Sgtb 
1114ab9b2e15Sgtb #if 0
1115ab9b2e15Sgtb /* V2 interface */
1116ab9b2e15Sgtb static OM_uint32
1117ab9b2e15Sgtb k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name)
1118ab9b2e15Sgtb     void *ctx;
1119ab9b2e15Sgtb 	OM_uint32  *minor_status;
1120ab9b2e15Sgtb 	const gss_name_t input_name;
1121ab9b2e15Sgtb 	const gss_OID mech_type;
1122ab9b2e15Sgtb 	gss_name_t *output_name;
1123ab9b2e15Sgtb {
1124ab9b2e15Sgtb 	return krb5_gss_canonicalize_name(minor_status, input_name,
1125ab9b2e15Sgtb 					  mech_type, output_name);
1126ab9b2e15Sgtb }
1127ab9b2e15Sgtb #endif
1128ab9b2e15Sgtb 
1129ab9b2e15Sgtb /* V2 interface */
1130ab9b2e15Sgtb static OM_uint32
1131ab9b2e15Sgtb k5glue_export_name(ctx, minor_status, input_name, exported_name)
1132ab9b2e15Sgtb     void *ctx;
1133ab9b2e15Sgtb 	OM_uint32  *minor_status;
1134ab9b2e15Sgtb 	const gss_name_t input_name;
1135ab9b2e15Sgtb 	gss_buffer_t exported_name;
1136ab9b2e15Sgtb {
1137ab9b2e15Sgtb 	return krb5_gss_export_name(minor_status, input_name, exported_name);
1138ab9b2e15Sgtb }
1139ab9b2e15Sgtb 
1140ab9b2e15Sgtb /* SUNW15resync - this is not in the MIT mech (lib) yet */
1141ab9b2e15Sgtb static OM_uint32
1142ab9b2e15Sgtb k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech,
1143ab9b2e15Sgtb 			overwrite_cred, default_cred, elements_stored,
1144ab9b2e15Sgtb 			cred_usage_stored)
1145ab9b2e15Sgtb void *ctx;
1146ab9b2e15Sgtb OM_uint32 *minor_status;
1147ab9b2e15Sgtb const gss_cred_id_t input_cred;
1148ab9b2e15Sgtb gss_cred_usage_t cred_usage;
1149ab9b2e15Sgtb gss_OID desired_mech;
1150ab9b2e15Sgtb OM_uint32 overwrite_cred;
1151ab9b2e15Sgtb OM_uint32 default_cred;
1152ab9b2e15Sgtb gss_OID_set *elements_stored;
1153ab9b2e15Sgtb gss_cred_usage_t *cred_usage_stored;
1154ab9b2e15Sgtb {
1155ab9b2e15Sgtb   return(krb5_gss_store_cred(minor_status, input_cred,
1156ab9b2e15Sgtb 			    cred_usage, desired_mech,
1157ab9b2e15Sgtb 			    overwrite_cred, default_cred, elements_stored,
1158ab9b2e15Sgtb 			    cred_usage_stored));
1159ab9b2e15Sgtb }
1160ab9b2e15Sgtb 
1161ab9b2e15Sgtb static OM_uint32
1162ab9b2e15Sgtb k5glue_userok(
1163ab9b2e15Sgtb 		    void *ctxt,		/* context */
1164ab9b2e15Sgtb 		    OM_uint32 *minor,	/* minor_status */
1165ab9b2e15Sgtb 		    const gss_name_t pname,	/* pname */
1166ab9b2e15Sgtb 		    const char *user,	/* local user */
1167ab9b2e15Sgtb 		    int *user_ok		/* user ok? */
1168ab9b2e15Sgtb 	/* */)
1169ab9b2e15Sgtb {
1170ab9b2e15Sgtb   return(krb5_gss_userok(minor, pname, user, user_ok));
1171ab9b2e15Sgtb }
1172ab9b2e15Sgtb 
1173ab9b2e15Sgtb static OM_uint32
1174ab9b2e15Sgtb k5glue_pname_to_uid(
1175ab9b2e15Sgtb 		    void *ctxt,		/* context */
1176ab9b2e15Sgtb 		    OM_uint32 *minor,	/* minor_status */
1177ab9b2e15Sgtb 		    const gss_name_t pname,	/* pname */
1178ab9b2e15Sgtb 		    uid_t *uidOut		/* uid */
1179ab9b2e15Sgtb 	/* */)
1180ab9b2e15Sgtb {
1181ab9b2e15Sgtb   return (krb5_pname_to_uid(minor, pname, uidOut));
1182ab9b2e15Sgtb }
1183ab9b2e15Sgtb 
1184ab9b2e15Sgtb 
1185ab9b2e15Sgtb 
1186ab9b2e15Sgtb #if 0
1187ab9b2e15Sgtb /* V2 interface */
1188ab9b2e15Sgtb static OM_uint32
1189ab9b2e15Sgtb k5glue_duplicate_name(ctx, minor_status, input_name, dest_name)
1190ab9b2e15Sgtb     void *ctx;
1191ab9b2e15Sgtb 	OM_uint32  *minor_status;
1192ab9b2e15Sgtb 	const gss_name_t input_name;
1193ab9b2e15Sgtb 	gss_name_t *dest_name;
1194ab9b2e15Sgtb {
1195ab9b2e15Sgtb 	return krb5_gss_duplicate_name(minor_status, input_name, dest_name);
1196ab9b2e15Sgtb }
1197ab9b2e15Sgtb #endif
1198ab9b2e15Sgtb 
1199ab9b2e15Sgtb 
1200ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV
1201ab9b2e15Sgtb gss_krb5_copy_ccache(
1202ab9b2e15Sgtb     OM_uint32 *minor_status,
1203ab9b2e15Sgtb     gss_cred_id_t cred_handle,
1204ab9b2e15Sgtb     krb5_ccache out_ccache)
1205ab9b2e15Sgtb {
1206ab9b2e15Sgtb     gss_union_cred_t ucred;
1207ab9b2e15Sgtb     gss_cred_id_t mcred;
1208ab9b2e15Sgtb 
1209ab9b2e15Sgtb     ucred = (gss_union_cred_t)cred_handle;
1210ab9b2e15Sgtb 
1211ab9b2e15Sgtb     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1212ab9b2e15Sgtb     if (mcred != GSS_C_NO_CREDENTIAL)
1213ab9b2e15Sgtb 	return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1214ab9b2e15Sgtb 
1215ab9b2e15Sgtb     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1216ab9b2e15Sgtb     if (mcred != GSS_C_NO_CREDENTIAL)
1217ab9b2e15Sgtb 	return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1218ab9b2e15Sgtb 
1219ab9b2e15Sgtb     return GSS_S_DEFECTIVE_CREDENTIAL;
1220ab9b2e15Sgtb }
1221ab9b2e15Sgtb 
1222ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV
1223ab9b2e15Sgtb gss_krb5_set_allowable_enctypes(
1224ab9b2e15Sgtb     OM_uint32 *minor_status,
1225ab9b2e15Sgtb     gss_cred_id_t cred,
1226ab9b2e15Sgtb     OM_uint32 num_ktypes,
1227ab9b2e15Sgtb     krb5_enctype *ktypes)
1228ab9b2e15Sgtb {
1229ab9b2e15Sgtb     gss_union_cred_t ucred;
1230ab9b2e15Sgtb     gss_cred_id_t mcred;
1231ab9b2e15Sgtb 
1232ab9b2e15Sgtb     ucred = (gss_union_cred_t)cred;
1233ab9b2e15Sgtb     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1234ab9b2e15Sgtb     if (mcred != GSS_C_NO_CREDENTIAL)
1235ab9b2e15Sgtb 	return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1236ab9b2e15Sgtb 						  num_ktypes, ktypes);
1237ab9b2e15Sgtb 
1238ab9b2e15Sgtb     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1239ab9b2e15Sgtb     if (mcred != GSS_C_NO_CREDENTIAL)
1240ab9b2e15Sgtb 	return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1241ab9b2e15Sgtb 						  num_ktypes, ktypes);
1242ab9b2e15Sgtb 
1243ab9b2e15Sgtb     return GSS_S_DEFECTIVE_CREDENTIAL;
1244ab9b2e15Sgtb }
1245ab9b2e15Sgtb 
1246ab9b2e15Sgtb /*
1247ab9b2e15Sgtb  * Glue routine for returning the mechanism-specific credential from a
1248ab9b2e15Sgtb  * external union credential.
1249ab9b2e15Sgtb  */
1250ab9b2e15Sgtb /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't
1251ab9b2e15Sgtb   want to link against libgss so we put it here since we need it in the mech */
1252ab9b2e15Sgtb gss_cred_id_t
1253ab9b2e15Sgtb gssint_get_mechanism_cred(union_cred, mech_type)
1254ab9b2e15Sgtb     gss_union_cred_t    union_cred;
1255ab9b2e15Sgtb     gss_OID             mech_type;
1256ab9b2e15Sgtb {
1257ab9b2e15Sgtb     int         i;
1258ab9b2e15Sgtb 
1259ab9b2e15Sgtb     if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL)
1260ab9b2e15Sgtb         return GSS_C_NO_CREDENTIAL;
1261ab9b2e15Sgtb 
1262ab9b2e15Sgtb     for (i=0; i < union_cred->count; i++) {
1263ab9b2e15Sgtb         if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
1264ab9b2e15Sgtb             return union_cred->cred_array[i];
1265ab9b2e15Sgtb     }
1266ab9b2e15Sgtb     return GSS_C_NO_CREDENTIAL;
1267ab9b2e15Sgtb }
1268ab9b2e15Sgtb 
1269ab9b2e15Sgtb 
1270ab9b2e15Sgtb 
1271ab9b2e15Sgtb /*
1272ab9b2e15Sgtb  * entry point for the gss layer,
1273ab9b2e15Sgtb  * called "krb5_gss_initialize()" in MIT 1.2.1
1274ab9b2e15Sgtb  */
1275ab9b2e15Sgtb /* SUNW15resync - this used to be in k5mech.c */
1276ab9b2e15Sgtb gss_mechanism
1277ab9b2e15Sgtb gss_mech_initialize(oid)
1278ab9b2e15Sgtb      const gss_OID oid;
1279ab9b2e15Sgtb {
128072f0806aSShawn Emery     /*
128172f0806aSShawn Emery      * Solaris Kerberos: We also want to use the same functions for KRB5 as
128272f0806aSShawn Emery      * we do for the MS KRB5 (krb5_mechanism_wrong).  So both are valid.
128372f0806aSShawn Emery      */
1284ab9b2e15Sgtb     /* ensure that the requested oid matches our oid */
128572f0806aSShawn Emery     if (oid == NULL || (!g_OID_equal(oid, &krb5_mechanism.mech_type) &&
128672f0806aSShawn Emery 	!g_OID_equal(oid, &krb5_mechanism_wrong.mech_type))) {
1287ab9b2e15Sgtb       (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid");
1288ab9b2e15Sgtb       return (NULL);
1289ab9b2e15Sgtb     }
1290ab9b2e15Sgtb 
1291ab9b2e15Sgtb #if 0 /* SUNW15resync - no longer needed(?) */
1292ab9b2e15Sgtb     if (krb5_gss_get_context(&(krb5_mechanism.context)) !=
1293ab9b2e15Sgtb 	GSS_S_COMPLETE)
1294ab9b2e15Sgtb       return (NULL);
1295ab9b2e15Sgtb #endif
1296ab9b2e15Sgtb 
1297ab9b2e15Sgtb     return (&krb5_mechanism);
1298ab9b2e15Sgtb }
1299ab9b2e15Sgtb 
1300ba7b222eSGlenn Barry /*
1301ba7b222eSGlenn Barry  * This API should go away and be replaced with an accessor
1302ba7b222eSGlenn Barry  * into a gss_name_t.
1303ba7b222eSGlenn Barry  */
1304ba7b222eSGlenn Barry OM_uint32 KRB5_CALLCONV
1305ba7b222eSGlenn Barry gsskrb5_extract_authz_data_from_sec_context(
1306ba7b222eSGlenn Barry     OM_uint32 *minor_status,
1307ba7b222eSGlenn Barry     gss_ctx_id_t context_handle,
1308ba7b222eSGlenn Barry     int ad_type,
1309ba7b222eSGlenn Barry     gss_buffer_t ad_data)
1310ba7b222eSGlenn Barry {
1311ba7b222eSGlenn Barry     gss_OID_desc req_oid;
1312ba7b222eSGlenn Barry     unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6];
1313ba7b222eSGlenn Barry     OM_uint32 major_status;
1314ba7b222eSGlenn Barry     gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1315ba7b222eSGlenn Barry 
1316ba7b222eSGlenn Barry     if (ad_data == NULL)
1317ba7b222eSGlenn Barry         return GSS_S_CALL_INACCESSIBLE_WRITE;
1318ba7b222eSGlenn Barry 
1319ba7b222eSGlenn Barry     req_oid.elements = oid_buf;
1320ba7b222eSGlenn Barry     req_oid.length = sizeof(oid_buf);
1321ba7b222eSGlenn Barry 
1322ba7b222eSGlenn Barry     major_status = generic_gss_oid_compose(minor_status,
1323ba7b222eSGlenn Barry                                            GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
1324ba7b222eSGlenn Barry                                            GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
1325ba7b222eSGlenn Barry                                            ad_type,
1326ba7b222eSGlenn Barry                                            &req_oid);
1327ba7b222eSGlenn Barry     if (GSS_ERROR(major_status))
1328ba7b222eSGlenn Barry         return major_status;
1329ba7b222eSGlenn Barry 
1330ba7b222eSGlenn Barry     major_status = gss_inquire_sec_context_by_oid(minor_status,
1331ba7b222eSGlenn Barry                                                   context_handle,
1332ba7b222eSGlenn Barry                                                   (gss_OID)&req_oid,
1333ba7b222eSGlenn Barry                                                   &data_set);
1334ba7b222eSGlenn Barry     if (major_status != GSS_S_COMPLETE) {
1335ba7b222eSGlenn Barry         return major_status;
1336ba7b222eSGlenn Barry     }
1337ba7b222eSGlenn Barry 
1338ba7b222eSGlenn Barry     /*
1339ba7b222eSGlenn Barry      * SUNW17PACresync / Solaris Kerberos
134072f0806aSShawn Emery      * MIT17 allows only count==1 which is correct for pre-Win2008 but
134172f0806aSShawn Emery      * our testing with Win2008 shows count==2 and Win7 count==3.
1342ba7b222eSGlenn Barry      */
134372f0806aSShawn Emery     if ((data_set == GSS_C_NO_BUFFER_SET) || (data_set->count == 0)) {
1344ba7b222eSGlenn Barry 	    gss_release_buffer_set(minor_status, &data_set);
1345*5e01956fSGlenn Barry 	    *minor_status = EINVAL;
1346ba7b222eSGlenn Barry 	    return GSS_S_FAILURE;
1347ba7b222eSGlenn Barry     }
1348ba7b222eSGlenn Barry 
1349ba7b222eSGlenn Barry     ad_data->length = data_set->elements[0].length;
1350ba7b222eSGlenn Barry     ad_data->value = malloc(ad_data->length);
1351ba7b222eSGlenn Barry     if (!ad_data->value) {
1352ba7b222eSGlenn Barry 	    gss_release_buffer_set(minor_status, &data_set);
1353ba7b222eSGlenn Barry 	    return ENOMEM;
1354ba7b222eSGlenn Barry     }
1355ba7b222eSGlenn Barry     bcopy(data_set->elements[0].value, ad_data->value, ad_data->length);
1356ba7b222eSGlenn Barry 
1357ba7b222eSGlenn Barry     gss_release_buffer_set(minor_status, &data_set);
1358ba7b222eSGlenn Barry 
1359ba7b222eSGlenn Barry     return GSS_S_COMPLETE;
1360ba7b222eSGlenn Barry }
1361ba7b222eSGlenn Barry 
1362ba7b222eSGlenn Barry 
1363ba7b222eSGlenn Barry OM_uint32 KRB5_CALLCONV
1364ba7b222eSGlenn Barry gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
1365ba7b222eSGlenn Barry                                           gss_ctx_id_t context_handle,
1366ba7b222eSGlenn Barry                                           krb5_timestamp *authtime)
1367ba7b222eSGlenn Barry {
1368ba7b222eSGlenn Barry     static const gss_OID_desc req_oid = {
1369ba7b222eSGlenn Barry         GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH,
1370ba7b222eSGlenn Barry         GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID };
1371ba7b222eSGlenn Barry     OM_uint32 major_status;
1372ba7b222eSGlenn Barry     gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1373ba7b222eSGlenn Barry 
1374ba7b222eSGlenn Barry     if (authtime == NULL)
1375ba7b222eSGlenn Barry         return GSS_S_CALL_INACCESSIBLE_WRITE;
1376ba7b222eSGlenn Barry 
1377ba7b222eSGlenn Barry     major_status = gss_inquire_sec_context_by_oid(minor_status,
1378ba7b222eSGlenn Barry                                                   context_handle,
1379ba7b222eSGlenn Barry                                                   (gss_OID)&req_oid,
1380ba7b222eSGlenn Barry                                                   &data_set);
1381ba7b222eSGlenn Barry     if (major_status != GSS_S_COMPLETE)
1382ba7b222eSGlenn Barry         return major_status;
1383ba7b222eSGlenn Barry 
1384ba7b222eSGlenn Barry     if (data_set == GSS_C_NO_BUFFER_SET ||
1385ba7b222eSGlenn Barry         data_set->count != 1 ||
1386ba7b222eSGlenn Barry         data_set->elements[0].length != sizeof(*authtime)) {
1387ba7b222eSGlenn Barry         *minor_status = EINVAL;
1388ba7b222eSGlenn Barry         return GSS_S_FAILURE;
1389ba7b222eSGlenn Barry     }
1390ba7b222eSGlenn Barry 
1391ba7b222eSGlenn Barry     *authtime = *((krb5_timestamp *)data_set->elements[0].value);
1392ba7b222eSGlenn Barry 
1393ba7b222eSGlenn Barry     gss_release_buffer_set(minor_status, &data_set);
1394ba7b222eSGlenn Barry 
1395ba7b222eSGlenn Barry     *minor_status = 0;
1396ba7b222eSGlenn Barry 
1397ba7b222eSGlenn Barry     return GSS_S_COMPLETE;
1398ba7b222eSGlenn Barry }
1399