xref: /illumos-gate/usr/src/uts/common/gssapi/include/mechglueP.h (revision 7c478bd95313f5f23a4c958a745db2134aa03244) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * This header contains the private mechglue definitions.
29  */
30 
31 #ifndef	_MECHGLUEP_H
32 #define	_MECHGLUEP_H
33 
34 #pragma ident	"%Z%%M%	%I%	%E% SMI"
35 
36 #include <sys/types.h>
37 #include <gssapi/gssapi.h>
38 #include <gssapi/gssapi_ext.h>
39 
40 #ifdef	__cplusplus
41 extern "C" {
42 #endif
43 
44 /*
45  * derived types for passing context and credential handles
46  * between gssd and kernel
47  */
48 typedef unsigned int gssd_ctx_id_t;
49 typedef unsigned int gssd_cred_id_t;
50 /*
51  * Array of context IDs typed by mechanism OID
52  */
53 typedef struct gss_union_ctx_id_t {
54 	gss_OID			mech_type;
55 	gss_ctx_id_t		internal_ctx_id;
56 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
57 
58 /*
59  * Generic GSSAPI names.  A name can either be a generic name, or a
60  * mechanism specific name....
61  */
62 typedef struct gss_union_name_t {
63 	gss_OID			name_type;
64 	gss_buffer_t		external_name;
65 	/*
66 	 * These last two fields are only filled in for mechanism
67 	 * names.
68 	 */
69 	gss_OID			mech_type;
70 	gss_name_t		mech_name;
71 } gss_union_name_desc, *gss_union_name_t;
72 
73 /*
74  * Structure for holding list of mechanism-specific name types
75  */
76 typedef struct gss_mech_spec_name_t {
77 	gss_OID	name_type;
78 	gss_OID	mech;
79 	struct gss_mech_spec_name_t	*next, *prev;
80 } gss_mech_spec_name_desc, *gss_mech_spec_name;
81 
82 /*
83  * Credential auxiliary info, used in the credential structure
84  */
85 typedef struct gss_union_cred_auxinfo {
86 	gss_buffer_desc		name;
87 	gss_OID			name_type;
88 	OM_uint32		creation_time;
89 	OM_uint32		time_rec;
90 	int			cred_usage;
91 } gss_union_cred_auxinfo;
92 
93 /*
94  * Set of Credentials typed on mechanism OID
95  */
96 typedef struct gss_union_cred_t {
97 	int			count;
98 	gss_OID			mechs_array;
99 	gss_cred_id_t 		*cred_array;
100 	gss_union_cred_auxinfo	auxinfo;
101 } gss_union_cred_desc, *gss_union_cred_t;
102 
103 
104 typedef	OM_uint32	    (*gss_acquire_cred_with_password_sfct)(
105 		    void *,		/* context */
106 		    OM_uint32 *,	/* minor_status */
107 		    const gss_name_t,	/* desired_name */
108 		    const gss_buffer_t, /* password */
109 		    OM_uint32,		/* time_req */
110 		    const gss_OID_set,	/* desired_mechs */
111 		    int,		/* cred_usage */
112 		    gss_cred_id_t *,	/* output_cred_handle */
113 		    gss_OID_set *,	/* actual_mechs */
114 		    OM_uint32 *		/* time_rec */
115 	/* */);
116 
117 /*
118  * This is the definition of the mechs_array struct, which is used to
119  * define the mechs array table. This table is used to indirectly
120  * access mechanism specific versions of the gssapi routines through
121  * the routines in the glue module (gssd_mech_glue.c)
122  *
123  * This contains all of the functions defined in gssapi.h except for
124  * gss_release_buffer() and gss_release_oid_set(), which I am
125  * assuming, for now, to be equal across mechanisms.
126  */
127 
128 typedef struct gss_config {
129 	gss_OID_desc    mech_type;
130 	void *	    context;
131 #ifdef	_KERNEL
132 	struct gss_config *next;
133 	bool_t	    uses_kmod;
134 #endif
135 
136 #ifndef	_KERNEL
137 	OM_uint32	    (*gss_acquire_cred)
138 	(
139 		    void *,		/* context */
140 		    OM_uint32 *,	/* minor_status */
141 		    const gss_name_t,	/* desired_name */
142 		    OM_uint32,		/* time_req */
143 		    const gss_OID_set,	/* desired_mechs */
144 		    int,		/* cred_usage */
145 		    gss_cred_id_t *,	/* output_cred_handle */
146 		    gss_OID_set *,	/* actual_mechs */
147 		    OM_uint32 *		/* time_rec */
148 	/* */);
149 	OM_uint32	    (*gss_release_cred)
150 	(
151 		    void *,		/* context */
152 		    OM_uint32 *,	/* minor_status */
153 		    gss_cred_id_t *	/* cred_handle */
154 	/* */);
155 	OM_uint32	    (*gss_init_sec_context)
156 	(
157 		    void *,			/* context */
158 		    OM_uint32 *,		/* minor_status */
159 		    const gss_cred_id_t,	/* claimant_cred_handle */
160 		    gss_ctx_id_t *,		/* context_handle */
161 		    const gss_name_t,		/* target_name */
162 		    const gss_OID,		/* mech_type */
163 		    OM_uint32,			/* req_flags */
164 		    OM_uint32,			/* time_req */
165 		    const gss_channel_bindings_t, /* input_chan_bindings */
166 		    const gss_buffer_t,		/* input_token */
167 		    gss_OID*,			/* actual_mech_type */
168 		    gss_buffer_t,		/* output_token */
169 		    OM_uint32 *,		/* ret_flags */
170 		    OM_uint32 *			/* time_rec */
171 	/* */);
172 	OM_uint32	    (*gss_accept_sec_context)
173 	(
174 		    void *,			/* context */
175 		    OM_uint32 *,		/* minor_status */
176 		    gss_ctx_id_t *,		/* context_handle */
177 		    const gss_cred_id_t,	/* verifier_cred_handle */
178 		    const gss_buffer_t,		/* input_token_buffer */
179 		    const gss_channel_bindings_t, /* input_chan_bindings */
180 		    gss_name_t *,		/* src_name */
181 		    gss_OID*,			/* mech_type */
182 		    gss_buffer_t,		/* output_token */
183 		    OM_uint32 *,			/* ret_flags */
184 		    OM_uint32 *,			/* time_rec */
185 		    gss_cred_id_t *		/* delegated_cred_handle */
186 	/* */);
187 /* EXPORT DELETE START */ /* CRYPT DELETE START */
188 #endif	/* ! _KERNEL */
189 
190 /*
191  * Note: there are two gss_unseal's in here. Make any changes to both.
192  */
193 	OM_uint32	    (*gss_unseal)
194 	(
195 		    void *,		/* context */
196 		    OM_uint32 *,	/* minor_status */
197 		    const gss_ctx_id_t,	/* context_handle */
198 		    const gss_buffer_t,	/* input_message_buffer */
199 		    gss_buffer_t,	/* output_message_buffer */
200 		    int *,		/* conf_state */
201 		    int *		/* qop_state */
202 #ifdef	 _KERNEL
203 	/* */, OM_uint32
204 #endif
205 	/* */);
206 #ifndef	_KERNEL
207 /* EXPORT DELETE END */ /* CRYPT DELETE END */
208 	OM_uint32	    (*gss_process_context_token)
209 	(
210 		    void *,		/* context */
211 		    OM_uint32 *,	/* minor_status */
212 		    const gss_ctx_id_t,	/* context_handle */
213 		    const gss_buffer_t	/* token_buffer */
214 	/* */);
215 #endif	/* ! _KERNEL */
216 	OM_uint32	    (*gss_delete_sec_context)
217 	(
218 		    void *,		/* context */
219 		    OM_uint32 *,	/* minor_status */
220 		    gss_ctx_id_t *,	/* context_handle */
221 		    gss_buffer_t	/* output_token */
222 #ifdef	 _KERNEL
223 	/* */, OM_uint32
224 #endif
225 	/* */);
226 #ifndef	_KERNEL
227 	OM_uint32	    (*gss_context_time)
228 	(
229 		    void *,		/* context */
230 		    OM_uint32 *,	/* minor_status */
231 		    const gss_ctx_id_t,	/* context_handle */
232 		    OM_uint32 *		/* time_rec */
233 	/* */);
234 	OM_uint32	    (*gss_display_status)
235 	(
236 		    void *,		/* context */
237 		    OM_uint32 *,	/* minor_status */
238 		    OM_uint32,		/* status_value */
239 		    int,		/* status_type */
240 		    const gss_OID,	/* mech_type */
241 		    OM_uint32 *,	/* message_context */
242 		    gss_buffer_t	/* status_string */
243 	/* */);
244 	OM_uint32	    (*gss_indicate_mechs)
245 	(
246 		    void *,		/* context */
247 		    OM_uint32 *,	/* minor_status */
248 		    gss_OID_set *	/* mech_set */
249 	/* */);
250 	OM_uint32	    (*gss_compare_name)
251 	(
252 		    void *,		/* context */
253 		    OM_uint32 *,	/* minor_status */
254 		    const gss_name_t,	/* name1 */
255 		    const gss_name_t,	/* name2 */
256 		    int *		/* name_equal */
257 	/* */);
258 	OM_uint32	    (*gss_display_name)
259 	(
260 		    void *,		/* context */
261 		    OM_uint32 *,	/* minor_status */
262 		    const gss_name_t,	/* input_name */
263 		    gss_buffer_t,	/* output_name_buffer */
264 		    gss_OID*		/* output_name_type */
265 	/* */);
266 	OM_uint32	    (*gss_import_name)
267 	(
268 		    void *,		/* context */
269 		    OM_uint32 *,	/* minor_status */
270 		    const gss_buffer_t,	/* input_name_buffer */
271 		    const gss_OID,	/* input_name_type */
272 		    gss_name_t *	/* output_name */
273 	/* */);
274 	OM_uint32	    (*gss_release_name)
275 	(
276 		    void *,		/* context */
277 		    OM_uint32 *,	/* minor_status */
278 		    gss_name_t *	/* input_name */
279 	/* */);
280 	OM_uint32	    (*gss_inquire_cred)
281 	(
282 		    void *,			/* context */
283 		    OM_uint32 *,		/* minor_status */
284 		    const gss_cred_id_t,	/* cred_handle */
285 		    gss_name_t *,		/* name */
286 		    OM_uint32 *,		/* lifetime */
287 		    int *,			/* cred_usage */
288 		    gss_OID_set *		/* mechanisms */
289 	/* */);
290 	OM_uint32	    (*gss_add_cred)
291 	(
292 		    void *,		/* context */
293 		    OM_uint32 *,	/* minor_status */
294 		    const gss_cred_id_t,	/* input_cred_handle */
295 		    const gss_name_t,	/* desired_name */
296 		    const gss_OID,	/* desired_mech */
297 		    gss_cred_usage_t,	/* cred_usage */
298 		    OM_uint32,		/* initiator_time_req */
299 		    OM_uint32,		/* acceptor_time_req */
300 		    gss_cred_id_t *,	/* output_cred_handle */
301 		    gss_OID_set *,	/* actual_mechs */
302 		    OM_uint32 *,	/* initiator_time_rec */
303 		    OM_uint32 *		/* acceptor_time_rec */
304 	/* */);
305 /* EXPORT DELETE START */ /* CRYPT DELETE START */
306 #endif	/* ! _KERNEL */
307 /*
308  * Note: there are two gss_seal's in here. Make any changes to both.
309  */
310 	OM_uint32	    (*gss_seal)
311 	(
312 		    void *,		/* context */
313 		    OM_uint32 *,	/* minor_status */
314 		    const gss_ctx_id_t,	/* context_handle */
315 		    int,		/* conf_req_flag */
316 		    int,		/* qop_req */
317 		    const gss_buffer_t,	/* input_message_buffer */
318 		    int *,		/* conf_state */
319 		    gss_buffer_t	/* output_message_buffer */
320 #ifdef	 _KERNEL
321 	/* */, OM_uint32
322 #endif
323 	/* */);
324 #ifndef	_KERNEL
325 /* EXPORT DELETE END */ /* CRYPT DELETE END */
326 	OM_uint32	    (*gss_export_sec_context)
327 	(
328 		    void *,		/* context */
329 		    OM_uint32 *,	/* minor_status */
330 		    gss_ctx_id_t *,	/* context_handle */
331 		    gss_buffer_t	/* interprocess_token */
332 	/* */);
333 #endif	/* ! _KERNEL */
334 	OM_uint32	    (*gss_import_sec_context)
335 	(
336 		    void *,		/* context */
337 		    OM_uint32 *,	/* minor_status */
338 		    const gss_buffer_t,	/* interprocess_token */
339 		    gss_ctx_id_t *	/* context_handle */
340 	/* */);
341 #ifndef	_KERNEL
342 	OM_uint32	    (*gss_inquire_cred_by_mech)
343 	(
344 		    void *,		/* context */
345 		    OM_uint32 *,	/* minor_status */
346 		    const gss_cred_id_t,	/* cred_handle */
347 		    const gss_OID,	/* mech_type */
348 		    gss_name_t *,	/* name */
349 		    OM_uint32 *,	/* initiator_lifetime */
350 		    OM_uint32 *,	/* acceptor_lifetime */
351 		    gss_cred_usage_t *	/* cred_usage */
352 	/* */);
353 	OM_uint32	    (*gss_inquire_names_for_mech)
354 	(
355 		    void *,		/* context */
356 		    OM_uint32 *,	/* minor_status */
357 		    const gss_OID,	/* mechanism */
358 		    gss_OID_set *	/* name_types */
359 	/* */);
360 	OM_uint32	(*gss_inquire_context)
361 	(
362 		    void *,		/* context */
363 		    OM_uint32 *,	/* minor_status */
364 		    const gss_ctx_id_t,	/* context_handle */
365 		    gss_name_t *,	/* src_name */
366 		    gss_name_t *,	/* targ_name */
367 		    OM_uint32 *,	/* lifetime_rec */
368 		    gss_OID *,		/* mech_type */
369 		    OM_uint32 *,	/* ctx_flags */
370 		    int *,		/* locally_initiated */
371 		    int *		/* open */
372 	/* */);
373 	OM_uint32	    (*gss_internal_release_oid)
374 	(
375 		    void *,		/* context */
376 		    OM_uint32 *,	/* minor_status */
377 		    gss_OID *		/* OID */
378 	/* */);
379 	OM_uint32		(*gss_wrap_size_limit)
380 	(
381 		    void *,		/* context */
382 		    OM_uint32 *,	/* minor_status */
383 		    const gss_ctx_id_t,	/* context_handle */
384 		    int,		/* conf_req_flag */
385 		    gss_qop_t,		/* qop_req */
386 		    OM_uint32,		/* req_output_size */
387 		    OM_uint32 *		/* max_input_size */
388 	/* */);
389 	OM_uint32		(*pname_to_uid)
390 	(
391 		    void *,		/* context */
392 		    OM_uint32 *,	/* minor_status */
393 		    const gss_name_t,	/* pname */
394 		    uid_t *		/* uid */
395 	/* */);
396 	OM_uint32		(*__gss_userok)
397 	(
398 		    void *,		/* context */
399 		    OM_uint32 *,	/* minor_status */
400 		    const gss_name_t,	/* pname */
401 		    const char *,	/* local user */
402 		    int *		/* user ok? */
403 	/* */);
404 	OM_uint32		(*gss_export_name)
405 	(
406 		void *,			/* context */
407 		OM_uint32 *,		/* minor_status */
408 		const gss_name_t,	/* input_name */
409 		gss_buffer_t		/* exported_name */
410 	/* */);
411 #endif	/* ! _KERNEL */
412 /* EXPORT DELETE START */
413 /* CRYPT DELETE START */
414 /*
415  * This block comment is Sun Proprietary: Need-To-Know.
416  * What we are doing is leaving the seal and unseal entry points
417  * in an obvious place before sign and unsign for the Domestic customer
418  * of the Solaris Source Product. The Domestic customer of the Solaris Source
419  * Product will have to deal with the problem of creating exportable libgss
420  * binaries.
421  * In the binary product that Sun builds, these entry points are elsewhere,
422  * and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC
423  * targets delete them.
424  */
425 #if 0
426 /* CRYPT DELETE END */
427 	OM_uint32	    (*gss_seal)
428 	(
429 		    void *,		/* context */
430 		    OM_uint32 *,	/* minor_status */
431 		    const gss_ctx_id_t,	/* context_handle */
432 		    int,		/* conf_req_flag */
433 		    int,		/* qop_req */
434 		    const gss_buffer_t,	/* input_message_buffer */
435 		    int *,		/* conf_state */
436 		    gss_buffer_t	/* output_message_buffer */
437 #ifdef	 _KERNEL
438 	/* */, OM_uint32
439 #endif
440 	/* */);
441 	OM_uint32	    (*gss_unseal)
442 	(
443 		    void *,		/* context */
444 		    OM_uint32 *,	/* minor_status */
445 		    const gss_ctx_id_t,	/* context_handle */
446 		    const gss_buffer_t,	/* input_message_buffer */
447 		    gss_buffer_t,	/* output_message_buffer */
448 		    int *,		/* conf_state */
449 		    int *		/* qop_state */
450 #ifdef	 _KERNEL
451 	/* */, OM_uint32
452 #endif
453 	/* */);
454 /* CRYPT DELETE START */
455 #endif /* 0 */
456 /* CRYPT DELETE END */
457 /* EXPORT DELETE END */
458 	OM_uint32	(*gss_sign)
459 	(
460 		    void *,		/* context */
461 		    OM_uint32 *,	/* minor_status */
462 		    const gss_ctx_id_t,	/* context_handle */
463 		    int,		/* qop_req */
464 		    const gss_buffer_t,	/* message_buffer */
465 		    gss_buffer_t	/* message_token */
466 #ifdef	 _KERNEL
467 	/* */, OM_uint32
468 #endif
469 	/* */);
470 	OM_uint32	(*gss_verify)
471 	(
472 		void *,			/* context */
473 		OM_uint32 *,		/* minor_status */
474 		const gss_ctx_id_t,	/* context_handle */
475 		const gss_buffer_t,	/* message_buffer */
476 		const gss_buffer_t,	/* token_buffer */
477 		int *			/* qop_state */
478 #ifdef	 _KERNEL
479 	/* */, OM_uint32
480 #endif
481 	/* */);
482 #ifndef	 _KERNEL
483 	OM_uint32	(*gss_store_cred)
484 	(
485 		void *,			/* context */
486 		OM_uint32 *,		/* minor_status */
487 		const gss_cred_id_t,	/* input_cred */
488 		gss_cred_usage_t,	/* cred_usage */
489 		const gss_OID,		/* desired_mech */
490 		OM_uint32,		/* overwrite_cred */
491 		OM_uint32,		/* default_cred */
492 		gss_OID_set *,		/* elements_stored */
493 		gss_cred_usage_t *	/* cred_usage_stored */
494 	/* */);
495 #endif
496 } *gss_mechanism;
497 
498 #ifndef _KERNEL
499 /* This structure MUST NOT be used by any code outside libgss */
500 typedef struct gss_config_ext {
501 	gss_acquire_cred_with_password_sfct	gss_acquire_cred_with_password;
502 } *gss_mechanism_ext;
503 #endif /* _KERNEL */
504 
505 /*
506  * In the user space we use a wrapper structure to encompass the
507  * mechanism entry points.  The wrapper contain the mechanism
508  * entry points and other data which is only relevant to the gss-api
509  * layer.  In the kernel we use only the gss_config strucutre because
510  * the kernal does not cantain any of the extra gss-api specific data.
511  */
512 #ifndef _KERNEL
513 typedef struct gss_mech_config {
514 	char *kmodName;			/* kernel module name */
515 	char *uLibName;			/* user library name */
516 	char *mechNameStr;		/* mechanism string name */
517 	char *optionStr;		/* optional mech parameters */
518 	void *dl_handle;		/* RTLD object handle for the mech */
519 	gss_OID mech_type;		/* mechanism oid */
520 	gss_mechanism mech;		/* mechanism initialization struct */
521 	gss_mechanism_ext mech_ext;	/* extensions */
522 	struct gss_mech_config *next;	/* next element in the list */
523 } *gss_mech_info;
524 #endif
525 
526 #ifndef	_KERNEL
527 /*
528  * Internal mechglue routines
529  */
530 
531 gss_mechanism __gss_get_mechanism(const gss_OID);
532 gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID);
533 char *__gss_get_kmodName(const gss_OID);
534 char *__gss_get_modOptions(const gss_OID);
535 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID,
536 	gss_union_name_t, gss_name_t *);
537 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID,
538 	const gss_name_t, gss_buffer_t);
539 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID,
540 	const gss_name_t, gss_buffer_t, gss_OID *);
541 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID,
542 	gss_name_t *);
543 
544 OM_uint32 __gss_convert_name_to_union_name(
545 	OM_uint32 *,		/* minor_status */
546 	gss_mechanism,	/* mech */
547 	gss_name_t,		/* internal_name */
548 	gss_name_t *		/* external_name */
549 );
550 
551 gss_cred_id_t __gss_get_mechanism_cred(
552 	const gss_union_cred_t,	/* union_cred */
553 	const gss_OID		/* mech_type */
554 );
555 
556 OM_uint32 __gss_create_copy_buffer(
557 	const gss_buffer_t,	/* src buffer */
558 	gss_buffer_t *,		/* destination buffer */
559 	int			/* NULL terminate buffer ? */
560 );
561 
562 OM_uint32 generic_gss_release_oid(
563 	OM_uint32 *,	/* minor_status */
564 	gss_OID *		/* oid */
565 );
566 
567 OM_uint32 generic_gss_copy_oid(
568 	OM_uint32 *,	/* minor_status */
569 	const gss_OID,		/* oid */
570 	gss_OID *		/* new_oid */
571 );
572 
573 OM_uint32 generic_gss_create_empty_oid_set(
574 	OM_uint32 *,	/* minor_status */
575 	gss_OID_set *	/* oid_set */
576 );
577 
578 OM_uint32 generic_gss_add_oid_set_member(
579 	OM_uint32 *,	/* minor_status */
580 	const gss_OID,		/* member_oid */
581 	gss_OID_set *	/* oid_set */
582 );
583 
584 OM_uint32 generic_gss_test_oid_set_member(
585 	OM_uint32 *,	/* minor_status */
586 	const gss_OID,		/* member */
587 	const gss_OID_set,	/* set */
588 	int *		/* present */
589 );
590 
591 OM_uint32 generic_gss_oid_to_str(
592 	OM_uint32 *,	/* minor_status */
593 	const gss_OID,		/* oid */
594 	gss_buffer_t	/* oid_str */
595 );
596 
597 OM_uint32 generic_gss_str_to_oid(
598 	OM_uint32 *,	/* minor_status */
599 	const gss_buffer_t,	/* oid_str */
600 	gss_OID *		/* oid */
601 );
602 
603 OM_uint32 gss_copy_oid_set(
604 	OM_uint32 *,			/* minor_status */
605 	const gss_OID_set_desc *,	/* oid set */
606 	gss_OID_set *			/* new oid set */
607 );
608 
609 #endif
610 
611 #ifdef	_KERNEL
612 #include <rpc/rpc.h>
613 
614 #ifndef	_KRB5_H
615 /* These macros are defined for Kerberos in krb5.h, and have priority */
616 #define	MALLOC(n) kmem_alloc((n), KM_SLEEP)
617 #define	FREE(x, n) kmem_free((x), (n))
618 #endif	/* _KRB5_H */
619 
620 gss_mechanism __kgss_get_mechanism(gss_OID);
621 void __kgss_add_mechanism(gss_mechanism);
622 #endif /* _KERNEL */
623 
624 struct	kgss_cred {
625 	gssd_cred_id_t	gssd_cred;
626 	OM_uint32	gssd_cred_verifier;
627 };
628 
629 #define	KCRED_TO_KGSS_CRED(cred)	((struct kgss_cred *)(cred))
630 #define	KCRED_TO_CRED(cred)	(KCRED_TO_KGSS_CRED(cred)->gssd_cred)
631 #define	KCRED_TO_CREDV(cred)    (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier)
632 
633 struct	kgss_ctx {
634 	gssd_ctx_id_t	gssd_ctx;
635 #ifdef _KERNEL
636 	gss_ctx_id_t	gssd_i_ctx;
637 	bool_t		ctx_imported;
638 	gss_mechanism	mech;
639 #endif /* _KERNEL */
640 	OM_uint32	gssd_ctx_verifier;
641 };
642 
643 #define	KCTX_TO_KGSS_CTX(ctx)	((struct kgss_ctx *)(ctx))
644 #define	KCTX_TO_CTX_IMPORTED(ctx)	(KCTX_TO_KGSS_CTX(ctx)->ctx_imported)
645 #define	KCTX_TO_GSSD_CTX(ctx)	(KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
646 #define	KCTX_TO_CTXV(ctx)	(KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier)
647 #define	KCTX_TO_MECH(ctx)	(KCTX_TO_KGSS_CTX(ctx)->mech)
648 #define	KCTX_TO_PRIVATE(ctx)	(KCTX_TO_MECH(ctx)->context)
649 #define	KGSS_CTX_TO_GSSD_CTX(ctx)	\
650 	(((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \
651 	KCTX_TO_GSSD_CTX(ctx))
652 #define	KGSS_CTX_TO_GSSD_CTXV(ctx)	\
653 	(((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx))
654 
655 #ifdef _KERNEL
656 #define	KCTX_TO_I_CTX(ctx)	(KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx)
657 #define	KCTX_TO_CTX(ctx) \
658 ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \
659 	KCTX_TO_I_CTX(ctx))
660 #define	KGSS_CRED_ALLOC()	kmem_zalloc(sizeof (struct kgss_cred), \
661 	KM_SLEEP)
662 #define	KGSS_CRED_FREE(cred)	kmem_free(cred, sizeof (struct kgss_cred))
663 
664 #define	KGSS_ALLOC()	kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP)
665 #define	KGSS_FREE(ctx)	kmem_free(ctx, sizeof (struct kgss_ctx))
666 
667 #define	KGSS_SIGN(minor_st, ctx, qop, msg, tkn)	\
668 	(*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \
669 		KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
670 
671 #define	KGSS_VERIFY(minor_st, ctx, msg, tkn, qop)	\
672 	(*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\
673 		KCTX_TO_CTX(ctx), msg, tkn, qop,  KCTX_TO_CTXV(ctx))
674 
675 #define	KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id,  tkn)	\
676 	(*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\
677 		minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx))
678 
679 #define	KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id)	\
680 	(*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\
681 		minor_st, tkn, int_ctx_id)
682 
683 /* EXPORT DELETE START */
684 #define	KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
685 	(*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \
686 		KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\
687 		KCTX_TO_CTXV(ctx))
688 
689 #define	KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop)	\
690 	(*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\
691 		KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \
692 		KCTX_TO_CTXV(ctx))
693 
694 /* EXPORT DELETE END */
695 
696 #else /* !_KERNEL */
697 #define	KCTX_TO_CTX(ctx)  (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
698 #define	MALLOC(n) malloc(n)
699 #define	FREE(x, n) free(x)
700 #define	KGSS_CRED_ALLOC()	(struct kgss_cred *) \
701 		MALLOC(sizeof (struct kgss_cred))
702 #define	KGSS_CRED_FREE(cred)	free(cred)
703 #define	KGSS_ALLOC()	(struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx))
704 #define	KGSS_FREE(ctx)	free(ctx)
705 
706 #define	KGSS_SIGN(minor_st, ctx, qop, msg, tkn)	\
707 	kgss_sign_wrapped(minor_st, \
708 		KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
709 
710 #define	KGSS_VERIFY(minor_st, ctx, msg, tkn, qop)	\
711 	kgss_verify_wrapped(minor_st,\
712 		KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx))
713 
714 #define	KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
715 	kgss_seal_wrapped(minor_st, \
716 		KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \
717 		KCTX_TO_CTXV(ctx))
718 
719 #define	KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop)	\
720 	kgss_unseal_wrapped(minor_st,\
721 		KCTX_TO_CTX(ctx), msg, tkn, conf, qop,  \
722 		KCTX_TO_CTXV(ctx))
723 #endif /* _KERNEL */
724 
725 #ifdef __cplusplus
726 }
727 #endif
728 
729 #endif	/* _MECHGLUEP_H */
730