1 /*
2  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
3  */
4 /*
5  * Copyright 1993 by OpenVision Technologies, Inc.
6  *
7  * Permission to use, copy, modify, distribute, and sell this software
8  * and its documentation for any purpose is hereby granted without fee,
9  * provided that the above copyright notice appears in all copies and
10  * that both that copyright notice and this permission notice appear in
11  * supporting documentation, and that the name of OpenVision not be used
12  * in advertising or publicity pertaining to distribution of the software
13  * without specific, written prior permission. OpenVision makes no
14  * representations about the suitability of this software for any
15  * purpose.  It is provided "as is" without express or implied warranty.
16  *
17  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
18  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
19  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
20  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
21  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
22  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
23  * PERFORMANCE OF THIS SOFTWARE.
24  */
25 
26 /*
27  * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $
28  */
29 
30 #include "gssapiP_krb5.h"
31 #include "mglueP.h"
32 #include <syslog.h>
33 
34 /** mechglue wrappers **/
35 
36 static OM_uint32 k5glue_acquire_cred
37 (void *, OM_uint32*,       /* minor_status */
38             gss_name_t,       /* desired_name */
39             OM_uint32,        /* time_req */
40             gss_OID_set,      /* desired_mechs */
41             gss_cred_usage_t, /* cred_usage */
42             gss_cred_id_t*,   /* output_cred_handle */
43             gss_OID_set*,     /* actual_mechs */
44             OM_uint32*        /* time_rec */
45            );
46 
47 static OM_uint32 k5glue_release_cred
48 (void *, OM_uint32*,       /* minor_status */
49             gss_cred_id_t*    /* cred_handle */
50            );
51 
52 static OM_uint32 k5glue_init_sec_context
53 (void *, OM_uint32*,       /* minor_status */
54             gss_cred_id_t,    /* claimant_cred_handle */
55             gss_ctx_id_t*,    /* context_handle */
56             gss_name_t,       /* target_name */
57             gss_OID,          /* mech_type */
58             OM_uint32,        /* req_flags */
59             OM_uint32,        /* time_req */
60             gss_channel_bindings_t,
61                               /* input_chan_bindings */
62             gss_buffer_t,     /* input_token */
63             gss_OID*,         /* actual_mech_type */
64             gss_buffer_t,     /* output_token */
65             OM_uint32*,       /* ret_flags */
66             OM_uint32*        /* time_rec */
67            );
68 
69 static OM_uint32 k5glue_accept_sec_context
70 (void *, OM_uint32*,       /* minor_status */
71             gss_ctx_id_t*,    /* context_handle */
72             gss_cred_id_t,    /* verifier_cred_handle */
73             gss_buffer_t,     /* input_token_buffer */
74             gss_channel_bindings_t,
75                               /* input_chan_bindings */
76             gss_name_t*,      /* src_name */
77             gss_OID*,         /* mech_type */
78             gss_buffer_t,     /* output_token */
79             OM_uint32*,       /* ret_flags */
80             OM_uint32*,       /* time_rec */
81             gss_cred_id_t*    /* delegated_cred_handle */
82            );
83 
84 static OM_uint32 k5glue_process_context_token
85 (void *, OM_uint32*,       /* minor_status */
86             gss_ctx_id_t,     /* context_handle */
87             gss_buffer_t      /* token_buffer */
88            );
89 
90 static OM_uint32 k5glue_delete_sec_context
91 (void *, OM_uint32*,       /* minor_status */
92             gss_ctx_id_t*,    /* context_handle */
93             gss_buffer_t      /* output_token */
94            );
95 
96 static OM_uint32 k5glue_context_time
97 (void *, OM_uint32*,       /* minor_status */
98             gss_ctx_id_t,     /* context_handle */
99             OM_uint32*        /* time_rec */
100            );
101 
102 static OM_uint32 k5glue_sign
103 (void *, OM_uint32*,       /* minor_status */
104             gss_ctx_id_t,     /* context_handle */
105             int,              /* qop_req */
106             gss_buffer_t,     /* message_buffer */
107             gss_buffer_t      /* message_token */
108            );
109 
110 static OM_uint32 k5glue_verify
111 (void *, OM_uint32*,       /* minor_status */
112             gss_ctx_id_t,     /* context_handle */
113             gss_buffer_t,     /* message_buffer */
114             gss_buffer_t,     /* token_buffer */
115             int*              /* qop_state */
116            );
117 
118 static OM_uint32 k5glue_seal
119 (void *, OM_uint32*,       /* minor_status */
120             gss_ctx_id_t,     /* context_handle */
121             int,              /* conf_req_flag */
122             int,              /* qop_req */
123             gss_buffer_t,     /* input_message_buffer */
124             int*,             /* conf_state */
125             gss_buffer_t      /* output_message_buffer */
126            );
127 
128 static OM_uint32 k5glue_unseal
129 (void *, OM_uint32*,       /* minor_status */
130             gss_ctx_id_t,     /* context_handle */
131             gss_buffer_t,     /* input_message_buffer */
132             gss_buffer_t,     /* output_message_buffer */
133             int*,             /* conf_state */
134             int*              /* qop_state */
135            );
136 
137 static OM_uint32 k5glue_display_status
138 (void *, OM_uint32*,       /* minor_status */
139             OM_uint32,        /* status_value */
140             int,              /* status_type */
141             gss_OID,          /* mech_type */
142             OM_uint32*,       /* message_context */
143             gss_buffer_t      /* status_string */
144            );
145 
146 static OM_uint32 k5glue_indicate_mechs
147 (void *, OM_uint32*,       /* minor_status */
148             gss_OID_set*      /* mech_set */
149            );
150 
151 static OM_uint32 k5glue_compare_name
152 (void *, OM_uint32*,       /* minor_status */
153             gss_name_t,       /* name1 */
154             gss_name_t,       /* name2 */
155             int*              /* name_equal */
156            );
157 
158 static OM_uint32 k5glue_display_name
159 (void *, OM_uint32*,      /* minor_status */
160             gss_name_t,      /* input_name */
161             gss_buffer_t,    /* output_name_buffer */
162             gss_OID*         /* output_name_type */
163            );
164 
165 static OM_uint32 k5glue_import_name
166 (void *, OM_uint32*,       /* minor_status */
167             gss_buffer_t,     /* input_name_buffer */
168             gss_OID,          /* input_name_type */
169             gss_name_t*       /* output_name */
170            );
171 
172 static OM_uint32 k5glue_release_name
173 (void *, OM_uint32*,       /* minor_status */
174             gss_name_t*       /* input_name */
175            );
176 
177 static OM_uint32 k5glue_inquire_cred
178 (void *, OM_uint32 *,      /* minor_status */
179             gss_cred_id_t,    /* cred_handle */
180             gss_name_t *,     /* name */
181             OM_uint32 *,      /* lifetime */
182             gss_cred_usage_t*,/* cred_usage */
183             gss_OID_set *     /* mechanisms */
184            );
185 
186 static OM_uint32 k5glue_inquire_context
187 (void *, OM_uint32*,       /* minor_status */
188 	    gss_ctx_id_t,     /* context_handle */
189 	    gss_name_t*,      /* initiator_name */
190 	    gss_name_t*,      /* acceptor_name */
191 	    OM_uint32*,       /* lifetime_rec */
192 	    gss_OID*,         /* mech_type */
193 	    OM_uint32*,       /* ret_flags */
194 	    int*,             /* locally_initiated */
195 	    int*              /* open */
196 	   );
197 
198 #if 0
199 /* New V2 entry points */
200 static OM_uint32 k5glue_get_mic
201 (void *, OM_uint32 *,		/* minor_status */
202 	    gss_ctx_id_t,		/* context_handle */
203 	    gss_qop_t,			/* qop_req */
204 	    gss_buffer_t,		/* message_buffer */
205 	    gss_buffer_t		/* message_token */
206 	   );
207 
208 static OM_uint32 k5glue_verify_mic
209 (void *, OM_uint32 *,		/* minor_status */
210 	    gss_ctx_id_t,		/* context_handle */
211 	    gss_buffer_t,		/* message_buffer */
212 	    gss_buffer_t,		/* message_token */
213 	    gss_qop_t *			/* qop_state */
214 	   );
215 
216 static OM_uint32 k5glue_wrap
217 (void *, OM_uint32 *,		/* minor_status */
218 	    gss_ctx_id_t,		/* context_handle */
219 	    int,			/* conf_req_flag */
220 	    gss_qop_t,			/* qop_req */
221 	    gss_buffer_t,		/* input_message_buffer */
222 	    int *,			/* conf_state */
223 	    gss_buffer_t		/* output_message_buffer */
224 	   );
225 
226 static OM_uint32 k5glue_unwrap
227 (void *, OM_uint32 *,		/* minor_status */
228 	    gss_ctx_id_t,		/* context_handle */
229 	    gss_buffer_t,		/* input_message_buffer */
230 	    gss_buffer_t,		/* output_message_buffer */
231 	    int *,			/* conf_state */
232 	    gss_qop_t *			/* qop_state */
233 	   );
234 #endif
235 
236 static OM_uint32 k5glue_wrap_size_limit
237 (void *, OM_uint32 *,		/* minor_status */
238 	    gss_ctx_id_t,		/* context_handle */
239 	    int,			/* conf_req_flag */
240 	    gss_qop_t,			/* qop_req */
241 	    OM_uint32,			/* req_output_size */
242 	    OM_uint32 *			/* max_input_size */
243 	   );
244 
245 #if 0
246 static OM_uint32 k5glue_import_name_object
247 (void *, OM_uint32 *,		/* minor_status */
248 	    void *,			/* input_name */
249 	    gss_OID,			/* input_name_type */
250 	    gss_name_t *		/* output_name */
251 	   );
252 
253 static OM_uint32 k5glue_export_name_object
254 (void *, OM_uint32 *,		/* minor_status */
255 	    gss_name_t,			/* input_name */
256 	    gss_OID,			/* desired_name_type */
257 	    void * *			/* output_name */
258 	   );
259 #endif
260 
261 static OM_uint32 k5glue_add_cred
262 (void *, OM_uint32 *,		/* minor_status */
263 	    gss_cred_id_t,		/* input_cred_handle */
264 	    gss_name_t,			/* desired_name */
265 	    gss_OID,			/* desired_mech */
266 	    gss_cred_usage_t,		/* cred_usage */
267 	    OM_uint32,			/* initiator_time_req */
268 	    OM_uint32,			/* acceptor_time_req */
269 	    gss_cred_id_t *,		/* output_cred_handle */
270 	    gss_OID_set *,		/* actual_mechs */
271 	    OM_uint32 *,		/* initiator_time_rec */
272 	    OM_uint32 *			/* acceptor_time_rec */
273 	   );
274 
275 static OM_uint32 k5glue_inquire_cred_by_mech
276 (void *, OM_uint32  *,		/* minor_status */
277 	    gss_cred_id_t,		/* cred_handle */
278 	    gss_OID,			/* mech_type */
279 	    gss_name_t *,		/* name */
280 	    OM_uint32 *,		/* initiator_lifetime */
281 	    OM_uint32 *,		/* acceptor_lifetime */
282 	    gss_cred_usage_t * 		/* cred_usage */
283 	   );
284 
285 static OM_uint32 k5glue_export_sec_context
286 (void *, OM_uint32 *,		/* minor_status */
287 	    gss_ctx_id_t *,		/* context_handle */
288 	    gss_buffer_t		/* interprocess_token */
289 	    );
290 
291 static OM_uint32 k5glue_import_sec_context
292 (void *, OM_uint32 *,		/* minor_status */
293 	    gss_buffer_t,		/* interprocess_token */
294 	    gss_ctx_id_t *		/* context_handle */
295 	    );
296 
297 krb5_error_code k5glue_ser_init(krb5_context);
298 
299 static OM_uint32 k5glue_internal_release_oid
300 (void *, OM_uint32 *,		/* minor_status */
301 	    gss_OID *			/* oid */
302 	   );
303 
304 static OM_uint32 k5glue_inquire_names_for_mech
305 (void *, OM_uint32 *,		/* minor_status */
306 	    gss_OID,			/* mechanism */
307 	    gss_OID_set *		/* name_types */
308 	   );
309 
310 #if 0
311 static OM_uint32 k5glue_canonicalize_name
312 (void *, OM_uint32  *,		/* minor_status */
313 	    const gss_name_t,		/* input_name */
314 	    const gss_OID,		/* mech_type */
315 	    gss_name_t *		/* output_name */
316 	 );
317 #endif
318 
319 static OM_uint32 k5glue_export_name
320 (void *, OM_uint32  *,		/* minor_status */
321 	    const gss_name_t,		/* input_name */
322 	    gss_buffer_t		/* exported_name */
323 	 );
324 
325 /* SUNW15resync - Solaris specific */
326 static OM_uint32 k5glue_store_cred (
327 	    void *,
328 	    OM_uint32 *,            /* minor_status */
329 	    const gss_cred_id_t,    /* input_cred */
330 	    gss_cred_usage_t,       /* cred_usage */
331 	    const gss_OID,          /* desired_mech */
332 	    OM_uint32,              /* overwrite_cred */
333 	    OM_uint32,              /* default_cred */
334 	    gss_OID_set *,          /* elements_stored */
335 	    gss_cred_usage_t *      /* cred_usage_stored */
336 	   );
337 
338 /* SUNW17PACresync - this decl not needed in MIT but is for Sol */
339 /* Note code is in gsspi_krb5.c */
340 OM_uint32 krb5_gss_inquire_sec_context_by_oid(
341 	OM_uint32 *,
342 	const gss_ctx_id_t,
343 	const gss_OID,
344 	gss_buffer_set_t *);
345 
346 static OM_uint32
347 k5glue_userok(
348 		    void *,		/* context */
349 		    OM_uint32 *,	/* minor_status */
350 		    const gss_name_t,	/* pname */
351 		    const char *,	/* local user */
352 		    int *		/* user ok? */
353 	/* */);
354 
355 static OM_uint32
356 k5glue_pname_to_uid(
357 		    void *,		/* context */
358 		    OM_uint32 *,	/* minor_status */
359 		    const gss_name_t,	/* pname */
360 		    uid_t *		/* uid */
361 	/* */);
362 
363 
364 
365 
366 #if 0
367 static OM_uint32 k5glue_duplicate_name
368 (void *, OM_uint32  *,		/* minor_status */
369 	    const gss_name_t,		/* input_name */
370 	    gss_name_t *		/* dest_name */
371 	 );
372 #endif
373 
374 #if 0
375 static OM_uint32 k5glue_validate_cred
376 (void *, OM_uint32 *,		/* minor_status */
377 	    gss_cred_id_t		/* cred */
378          );
379 #endif
380 
381 #if 0
382 /*
383  * SUNW15resync
384  * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src
385  * slicing&dicing needs of the "nightly -SD" build.  When it goes away,
386  * we should use it assuming MIT still uses it then.
387  */
388 
389 /*
390  * The krb5 mechanism provides two mech OIDs; use this initializer to
391  * ensure that both dispatch tables contain identical function
392  * pointers.
393  */
394 #define KRB5_GSS_CONFIG_INIT				\
395     NULL,						\
396     ...
397 #endif
398 
399 
400 static struct gss_config krb5_mechanism = {
401 #if 0 /* Solaris Kerberos */
402     100, "kerberos_v5",
403 #endif
404     { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
405     NULL,
406     k5glue_acquire_cred,
407     k5glue_release_cred,
408     k5glue_init_sec_context,
409     k5glue_accept_sec_context,
410     k5glue_unseal,
411     k5glue_process_context_token,
412     k5glue_delete_sec_context,
413     k5glue_context_time,
414     k5glue_display_status,
415     k5glue_indicate_mechs,
416     k5glue_compare_name,
417     k5glue_display_name,
418     k5glue_import_name,
419     k5glue_release_name,
420     k5glue_inquire_cred,
421     k5glue_add_cred,
422     k5glue_seal,
423     k5glue_export_sec_context,
424     k5glue_import_sec_context,
425     k5glue_inquire_cred_by_mech,
426     k5glue_inquire_names_for_mech,
427     k5glue_inquire_context,
428     k5glue_internal_release_oid,
429     k5glue_wrap_size_limit,
430     k5glue_pname_to_uid,
431     k5glue_userok,
432     k5glue_export_name,
433     k5glue_sign,
434     k5glue_verify,
435     k5glue_store_cred,
436     krb5_gss_inquire_sec_context_by_oid
437 };
438 
439 static struct gss_config krb5_mechanism_old = {
440 #if 0 /* Solaris Kerberos */
441     200, "kerberos_v5 (pre-RFC OID)",
442 #endif
443     { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID },
444     NULL,
445     k5glue_acquire_cred,
446     k5glue_release_cred,
447     k5glue_init_sec_context,
448     k5glue_accept_sec_context,
449     k5glue_unseal,
450     k5glue_process_context_token,
451     k5glue_delete_sec_context,
452     k5glue_context_time,
453     k5glue_display_status,
454     k5glue_indicate_mechs,
455     k5glue_compare_name,
456     k5glue_display_name,
457     k5glue_import_name,
458     k5glue_release_name,
459     k5glue_inquire_cred,
460     k5glue_add_cred,
461     k5glue_seal,
462     k5glue_export_sec_context,
463     k5glue_import_sec_context,
464     k5glue_inquire_cred_by_mech,
465     k5glue_inquire_names_for_mech,
466     k5glue_inquire_context,
467     k5glue_internal_release_oid,
468     k5glue_wrap_size_limit,
469     k5glue_pname_to_uid,
470     k5glue_userok,
471     k5glue_export_name,
472     k5glue_sign,
473     k5glue_verify,
474     k5glue_store_cred,
475     krb5_gss_inquire_sec_context_by_oid
476 };
477 
478 static struct gss_config krb5_mechanism_wrong = {
479 #if 0 /* Solaris Kerberos */
480     300, "kerberos_v5 (wrong OID)",
481 #endif
482     { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID },
483     NULL,
484     k5glue_acquire_cred,
485     k5glue_release_cred,
486     k5glue_init_sec_context,
487     k5glue_accept_sec_context,
488     k5glue_unseal,
489     k5glue_process_context_token,
490     k5glue_delete_sec_context,
491     k5glue_context_time,
492     k5glue_display_status,
493     k5glue_indicate_mechs,
494     k5glue_compare_name,
495     k5glue_display_name,
496     k5glue_import_name,
497     k5glue_release_name,
498     k5glue_inquire_cred,
499     k5glue_add_cred,
500     k5glue_seal,
501     k5glue_export_sec_context,
502     k5glue_import_sec_context,
503     k5glue_inquire_cred_by_mech,
504     k5glue_inquire_names_for_mech,
505     k5glue_inquire_context,
506     k5glue_internal_release_oid,
507     k5glue_wrap_size_limit,
508     k5glue_pname_to_uid,
509     k5glue_userok,
510     k5glue_export_name,
511     k5glue_sign,
512     k5glue_verify,
513     k5glue_store_cred,
514     krb5_gss_inquire_sec_context_by_oid
515 };
516 
517 static gss_mechanism krb5_mech_configs[] = {
518     &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL
519 };
520 
521 #ifdef MS_BUG_TEST
522 static gss_mechanism krb5_mech_configs_hack[] = {
523     &krb5_mechanism, &krb5_mechanism_old, NULL
524 };
525 #endif
526 
527 #if 1
528 #define gssint_get_mech_configs krb5_gss_get_mech_configs
529 #endif
530 
531 gss_mechanism *
gssint_get_mech_configs(void)532 gssint_get_mech_configs(void)
533 {
534 #ifdef MS_BUG_TEST
535     char *envstr = getenv("MS_FORCE_NO_MSOID");
536 
537     if (envstr != NULL && strcmp(envstr, "1") == 0) {
538 	return krb5_mech_configs_hack;
539     }
540 #endif
541     return krb5_mech_configs;
542 }
543 
544 static OM_uint32
k5glue_accept_sec_context(ctx,minor_status,context_handle,verifier_cred_handle,input_token,input_chan_bindings,src_name,mech_type,output_token,ret_flags,time_rec,delegated_cred_handle)545 k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle,
546 		       input_token, input_chan_bindings, src_name, mech_type,
547 		       output_token, ret_flags, time_rec, delegated_cred_handle)
548     void *ctx;
549      OM_uint32 *minor_status;
550      gss_ctx_id_t *context_handle;
551      gss_cred_id_t verifier_cred_handle;
552      gss_buffer_t input_token;
553      gss_channel_bindings_t input_chan_bindings;
554      gss_name_t *src_name;
555      gss_OID *mech_type;
556      gss_buffer_t output_token;
557      OM_uint32 *ret_flags;
558      OM_uint32 *time_rec;
559      gss_cred_id_t *delegated_cred_handle;
560 {
561    return(krb5_gss_accept_sec_context(minor_status,
562 				      context_handle,
563 				      verifier_cred_handle,
564 				      input_token,
565 				      input_chan_bindings,
566 				      src_name,
567 				      mech_type,
568 				      output_token,
569 				      ret_flags,
570 				      time_rec,
571 				      delegated_cred_handle));
572 }
573 
574 static OM_uint32
k5glue_acquire_cred(ctx,minor_status,desired_name,time_req,desired_mechs,cred_usage,output_cred_handle,actual_mechs,time_rec)575 k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
576 		 cred_usage, output_cred_handle, actual_mechs, time_rec)
577     void *ctx;
578      OM_uint32 *minor_status;
579      gss_name_t desired_name;
580      OM_uint32 time_req;
581      gss_OID_set desired_mechs;
582      gss_cred_usage_t cred_usage;
583      gss_cred_id_t *output_cred_handle;
584      gss_OID_set *actual_mechs;
585      OM_uint32 *time_rec;
586 {
587    return(krb5_gss_acquire_cred(minor_status,
588 				desired_name,
589 				time_req,
590 				desired_mechs,
591 				cred_usage,
592 				output_cred_handle,
593 				actual_mechs,
594 				time_rec));
595 }
596 
597 /* V2 */
598 static OM_uint32
k5glue_add_cred(ctx,minor_status,input_cred_handle,desired_name,desired_mech,cred_usage,initiator_time_req,acceptor_time_req,output_cred_handle,actual_mechs,initiator_time_rec,acceptor_time_rec)599 k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech,
600 	     cred_usage, initiator_time_req, acceptor_time_req,
601 	     output_cred_handle, actual_mechs, initiator_time_rec,
602 	     acceptor_time_rec)
603     void *ctx;
604     OM_uint32		 *minor_status;
605     gss_cred_id_t	input_cred_handle;
606     gss_name_t		desired_name;
607     gss_OID		desired_mech;
608     gss_cred_usage_t	cred_usage;
609     OM_uint32		initiator_time_req;
610     OM_uint32		acceptor_time_req;
611     gss_cred_id_t	 *output_cred_handle;
612     gss_OID_set		 *actual_mechs;
613     OM_uint32		 *initiator_time_rec;
614     OM_uint32		 *acceptor_time_rec;
615 {
616     return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name,
617 			     desired_mech, cred_usage, initiator_time_req,
618 			     acceptor_time_req, output_cred_handle,
619 			     actual_mechs, initiator_time_rec,
620 			     acceptor_time_rec));
621 }
622 
623 #if 0
624 /* V2 */
625 static OM_uint32
626 k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set)
627     void *ctx;
628     OM_uint32	 *minor_status;
629     gss_OID	member_oid;
630     gss_OID_set	 *oid_set;
631 {
632     return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set));
633 }
634 #endif
635 
636 static OM_uint32
k5glue_compare_name(ctx,minor_status,name1,name2,name_equal)637 k5glue_compare_name(ctx, minor_status, name1, name2, name_equal)
638     void *ctx;
639      OM_uint32 *minor_status;
640      gss_name_t name1;
641      gss_name_t name2;
642      int *name_equal;
643 {
644    return(krb5_gss_compare_name(minor_status, name1,
645 				name2, name_equal));
646 }
647 
648 static OM_uint32
k5glue_context_time(ctx,minor_status,context_handle,time_rec)649 k5glue_context_time(ctx, minor_status, context_handle, time_rec)
650     void *ctx;
651      OM_uint32 *minor_status;
652      gss_ctx_id_t context_handle;
653      OM_uint32 *time_rec;
654 {
655    return(krb5_gss_context_time(minor_status, context_handle,
656 				time_rec));
657 }
658 
659 #if 0
660 /* V2 */
661 static OM_uint32
662 k5glue_create_empty_oid_set(ctx, minor_status, oid_set)
663     void *ctx;
664     OM_uint32	 *minor_status;
665     gss_OID_set	 *oid_set;
666 {
667     return(generic_gss_create_empty_oid_set(minor_status, oid_set));
668 }
669 #endif
670 
671 static OM_uint32
k5glue_delete_sec_context(ctx,minor_status,context_handle,output_token)672 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token)
673     void *ctx;
674      OM_uint32 *minor_status;
675      gss_ctx_id_t *context_handle;
676      gss_buffer_t output_token;
677 {
678    return(krb5_gss_delete_sec_context(minor_status,
679 				      context_handle, output_token));
680 }
681 
682 static OM_uint32
k5glue_display_name(ctx,minor_status,input_name,output_name_buffer,output_name_type)683 k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type)
684     void *ctx;
685      OM_uint32 *minor_status;
686      gss_name_t input_name;
687      gss_buffer_t output_name_buffer;
688      gss_OID *output_name_type;
689 {
690    return(krb5_gss_display_name(minor_status, input_name,
691 				output_name_buffer, output_name_type));
692 }
693 
694 static OM_uint32
k5glue_display_status(ctx,minor_status,status_value,status_type,mech_type,message_context,status_string)695 k5glue_display_status(ctx, minor_status, status_value, status_type,
696 		   mech_type, message_context, status_string)
697     void *ctx;
698      OM_uint32 *minor_status;
699      OM_uint32 status_value;
700      int status_type;
701      gss_OID mech_type;
702      OM_uint32 *message_context;
703      gss_buffer_t status_string;
704 {
705    return(krb5_gss_display_status(minor_status, status_value,
706 				  status_type, mech_type, message_context,
707 				  status_string));
708 }
709 
710 /* V2 */
711 static OM_uint32
k5glue_export_sec_context(ctx,minor_status,context_handle,interprocess_token)712 k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token)
713     void *ctx;
714      OM_uint32		 *minor_status;
715      gss_ctx_id_t	 *context_handle;
716      gss_buffer_t	interprocess_token;
717 {
718    return(krb5_gss_export_sec_context(minor_status,
719 				      context_handle,
720 				      interprocess_token));
721 }
722 
723 #if 0
724 /* V2 */
725 static OM_uint32
726 k5glue_get_mic(ctx, minor_status, context_handle, qop_req,
727 	    message_buffer, message_token)
728     void *ctx;
729      OM_uint32		 *minor_status;
730      gss_ctx_id_t	context_handle;
731      gss_qop_t		qop_req;
732      gss_buffer_t	message_buffer;
733      gss_buffer_t	message_token;
734 {
735     return(krb5_gss_get_mic(minor_status, context_handle,
736 			    qop_req, message_buffer, message_token));
737 }
738 #endif
739 
740 static OM_uint32
k5glue_import_name(ctx,minor_status,input_name_buffer,input_name_type,output_name)741 k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name)
742     void *ctx;
743      OM_uint32 *minor_status;
744      gss_buffer_t input_name_buffer;
745      gss_OID input_name_type;
746      gss_name_t *output_name;
747 {
748 #if 0
749     OM_uint32 err;
750     err = gssint_initialize_library();
751     if (err) {
752 	*minor_status = err;
753 	return GSS_S_FAILURE;
754     }
755 #endif
756     return(krb5_gss_import_name(minor_status, input_name_buffer,
757 				input_name_type, output_name));
758 }
759 
760 /* V2 */
761 static OM_uint32
k5glue_import_sec_context(ctx,minor_status,interprocess_token,context_handle)762 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
763     void *ctx;
764      OM_uint32		 *minor_status;
765      gss_buffer_t	interprocess_token;
766      gss_ctx_id_t	 *context_handle;
767 {
768    return(krb5_gss_import_sec_context(minor_status,
769 				      interprocess_token,
770 				      context_handle));
771 }
772 
773 static OM_uint32
k5glue_indicate_mechs(ctx,minor_status,mech_set)774 k5glue_indicate_mechs(ctx, minor_status, mech_set)
775     void *ctx;
776      OM_uint32 *minor_status;
777      gss_OID_set *mech_set;
778 {
779    return(krb5_gss_indicate_mechs(minor_status, mech_set));
780 }
781 
782 static OM_uint32
k5glue_init_sec_context(ctx,minor_status,claimant_cred_handle,context_handle,target_name,mech_type,req_flags,time_req,input_chan_bindings,input_token,actual_mech_type,output_token,ret_flags,time_rec)783 k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle,
784 		     target_name, mech_type, req_flags, time_req,
785 		     input_chan_bindings, input_token, actual_mech_type,
786 		     output_token, ret_flags, time_rec)
787     void *ctx;
788      OM_uint32 *minor_status;
789      gss_cred_id_t claimant_cred_handle;
790      gss_ctx_id_t *context_handle;
791      gss_name_t target_name;
792      gss_OID mech_type;
793      OM_uint32 req_flags;
794      OM_uint32 time_req;
795      gss_channel_bindings_t input_chan_bindings;
796      gss_buffer_t input_token;
797      gss_OID *actual_mech_type;
798      gss_buffer_t output_token;
799      OM_uint32 *ret_flags;
800      OM_uint32 *time_rec;
801 {
802    return(krb5_gss_init_sec_context(minor_status,
803 				    claimant_cred_handle, context_handle,
804 				    target_name, mech_type, req_flags,
805 				    time_req, input_chan_bindings, input_token,
806 				    actual_mech_type, output_token, ret_flags,
807 				    time_rec));
808 }
809 
810 static OM_uint32
k5glue_inquire_context(ctx,minor_status,context_handle,initiator_name,acceptor_name,lifetime_rec,mech_type,ret_flags,locally_initiated,open)811 k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name,
812 		    lifetime_rec, mech_type, ret_flags,
813 		    locally_initiated, open)
814     void *ctx;
815      OM_uint32 *minor_status;
816      gss_ctx_id_t context_handle;
817      gss_name_t *initiator_name;
818      gss_name_t *acceptor_name;
819      OM_uint32 *lifetime_rec;
820      gss_OID *mech_type;
821      OM_uint32 *ret_flags;
822      int *locally_initiated;
823      int *open;
824 {
825    return(krb5_gss_inquire_context(minor_status, context_handle,
826 				   initiator_name, acceptor_name, lifetime_rec,
827 				   mech_type, ret_flags, locally_initiated,
828 				   open));
829 }
830 
831 static OM_uint32
k5glue_inquire_cred(ctx,minor_status,cred_handle,name,lifetime_ret,cred_usage,mechanisms)832 k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret,
833 		 cred_usage, mechanisms)
834     void *ctx;
835      OM_uint32 *minor_status;
836      gss_cred_id_t cred_handle;
837      gss_name_t *name;
838      OM_uint32 *lifetime_ret;
839      gss_cred_usage_t *cred_usage;
840      gss_OID_set *mechanisms;
841 {
842    return(krb5_gss_inquire_cred(minor_status, cred_handle,
843 				name, lifetime_ret, cred_usage, mechanisms));
844 }
845 
846 /* V2 */
847 static OM_uint32
k5glue_inquire_cred_by_mech(ctx,minor_status,cred_handle,mech_type,name,initiator_lifetime,acceptor_lifetime,cred_usage)848 k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name,
849 			 initiator_lifetime, acceptor_lifetime, cred_usage)
850     void *ctx;
851      OM_uint32		 *minor_status;
852      gss_cred_id_t	cred_handle;
853      gss_OID		mech_type;
854      gss_name_t		 *name;
855      OM_uint32		 *initiator_lifetime;
856      OM_uint32		 *acceptor_lifetime;
857      gss_cred_usage_t	 *cred_usage;
858 {
859    return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
860 					mech_type, name, initiator_lifetime,
861 					acceptor_lifetime, cred_usage));
862 }
863 
864 /* V2 */
865 static OM_uint32
k5glue_inquire_names_for_mech(ctx,minor_status,mechanism,name_types)866 k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
867     void *ctx;
868     OM_uint32	 *minor_status;
869     gss_OID	mechanism;
870     gss_OID_set	 *name_types;
871 {
872     return(krb5_gss_inquire_names_for_mech(minor_status,
873 					   mechanism,
874 					   name_types));
875 }
876 
877 #if 0
878 /* V2 */
879 static OM_uint32
880 k5glue_oid_to_str(ctx, minor_status, oid, oid_str)
881     void *ctx;
882     OM_uint32		 *minor_status;
883     gss_OID		oid;
884     gss_buffer_t	oid_str;
885 {
886     return(generic_gss_oid_to_str(minor_status, oid, oid_str));
887 }
888 #endif
889 
890 static OM_uint32
k5glue_process_context_token(ctx,minor_status,context_handle,token_buffer)891 k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer)
892     void *ctx;
893      OM_uint32 *minor_status;
894      gss_ctx_id_t context_handle;
895      gss_buffer_t token_buffer;
896 {
897    return(krb5_gss_process_context_token(minor_status,
898 					 context_handle, token_buffer));
899 }
900 
901 static OM_uint32
k5glue_release_cred(ctx,minor_status,cred_handle)902 k5glue_release_cred(ctx, minor_status, cred_handle)
903     void *ctx;
904      OM_uint32 *minor_status;
905      gss_cred_id_t *cred_handle;
906 {
907    return(krb5_gss_release_cred(minor_status, cred_handle));
908 }
909 
910 static OM_uint32
k5glue_release_name(ctx,minor_status,input_name)911 k5glue_release_name(ctx, minor_status, input_name)
912     void *ctx;
913      OM_uint32 *minor_status;
914      gss_name_t *input_name;
915 {
916    return(krb5_gss_release_name(minor_status, input_name));
917 }
918 
919 #if 0
920 static OM_uint32
921 k5glue_release_buffer(ctx, minor_status, buffer)
922     void *ctx;
923      OM_uint32 *minor_status;
924      gss_buffer_t buffer;
925 {
926    return(generic_gss_release_buffer(minor_status,
927 				     buffer));
928 }
929 #endif
930 
931 /* V2 */
932 static OM_uint32
k5glue_internal_release_oid(ctx,minor_status,oid)933 k5glue_internal_release_oid(ctx, minor_status, oid)
934     void *ctx;
935      OM_uint32	 *minor_status;
936      gss_OID	 *oid;
937 {
938     return(krb5_gss_internal_release_oid(minor_status, oid));
939 }
940 
941 #if 0
942 static OM_uint32
943 k5glue_release_oid_set(ctx, minor_status, set)
944     void *ctx;
945      OM_uint32 * minor_status;
946      gss_OID_set *set;
947 {
948    return(generic_gss_release_oid_set(minor_status, set));
949 }
950 #endif
951 
952 /* V1 only */
953 static OM_uint32
k5glue_seal(ctx,minor_status,context_handle,conf_req_flag,qop_req,input_message_buffer,conf_state,output_message_buffer)954 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
955 	 input_message_buffer, conf_state, output_message_buffer)
956     void *ctx;
957      OM_uint32 *minor_status;
958      gss_ctx_id_t context_handle;
959      int conf_req_flag;
960      int qop_req;
961      gss_buffer_t input_message_buffer;
962      int *conf_state;
963      gss_buffer_t output_message_buffer;
964 {
965    return(krb5_gss_seal(minor_status, context_handle,
966 			conf_req_flag, qop_req, input_message_buffer,
967 			conf_state, output_message_buffer));
968 }
969 
970 static OM_uint32
k5glue_sign(ctx,minor_status,context_handle,qop_req,message_buffer,message_token)971 k5glue_sign(ctx, minor_status, context_handle,
972 	      qop_req, message_buffer,
973 	      message_token)
974     void *ctx;
975      OM_uint32 *minor_status;
976      gss_ctx_id_t context_handle;
977      int qop_req;
978      gss_buffer_t message_buffer;
979      gss_buffer_t message_token;
980 {
981    return(krb5_gss_sign(minor_status, context_handle,
982 			qop_req, message_buffer, message_token));
983 }
984 
985 #if 0
986 /* V2 */
987 static OM_uint32
988 k5glue_verify_mic(ctx, minor_status, context_handle,
989 	       message_buffer, token_buffer, qop_state)
990     void *ctx;
991      OM_uint32		 *minor_status;
992      gss_ctx_id_t	context_handle;
993      gss_buffer_t	message_buffer;
994      gss_buffer_t	token_buffer;
995      gss_qop_t		 *qop_state;
996 {
997     return(krb5_gss_verify_mic(minor_status, context_handle,
998 			       message_buffer, token_buffer, qop_state));
999 }
1000 
1001 /* V2 */
1002 static OM_uint32
1003 k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req,
1004 	 input_message_buffer, conf_state, output_message_buffer)
1005     void *ctx;
1006     OM_uint32		 *minor_status;
1007     gss_ctx_id_t	context_handle;
1008     int			conf_req_flag;
1009     gss_qop_t		qop_req;
1010     gss_buffer_t	input_message_buffer;
1011     int			 *conf_state;
1012     gss_buffer_t	output_message_buffer;
1013 {
1014     return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req,
1015 			 input_message_buffer, conf_state,
1016 			 output_message_buffer));
1017 }
1018 
1019 /* V2 */
1020 static OM_uint32
1021 k5glue_str_to_oid(ctx, minor_status, oid_str, oid)
1022     void *ctx;
1023     OM_uint32		 *minor_status;
1024     gss_buffer_t	oid_str;
1025     gss_OID		 *oid;
1026 {
1027     return(generic_gss_str_to_oid(minor_status, oid_str, oid));
1028 }
1029 
1030 /* V2 */
1031 static OM_uint32
1032 k5glue_test_oid_set_member(ctx, minor_status, member, set, present)
1033     void *ctx;
1034     OM_uint32	 *minor_status;
1035     gss_OID	member;
1036     gss_OID_set	set;
1037     int		 *present;
1038 {
1039     return(generic_gss_test_oid_set_member(minor_status, member, set,
1040 					   present));
1041 }
1042 #endif
1043 
1044 /* V1 only */
1045 static OM_uint32
k5glue_unseal(ctx,minor_status,context_handle,input_message_buffer,output_message_buffer,conf_state,qop_state)1046 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
1047 	   output_message_buffer, conf_state, qop_state)
1048     void *ctx;
1049      OM_uint32 *minor_status;
1050      gss_ctx_id_t context_handle;
1051      gss_buffer_t input_message_buffer;
1052      gss_buffer_t output_message_buffer;
1053      int *conf_state;
1054      int *qop_state;
1055 {
1056    return(krb5_gss_unseal(minor_status, context_handle,
1057 			  input_message_buffer, output_message_buffer,
1058 			  conf_state, qop_state));
1059 }
1060 
1061 #if 0
1062 /* V2 */
1063 static OM_uint32
1064 k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer,
1065 	   output_message_buffer, conf_state, qop_state)
1066     void *ctx;
1067     OM_uint32		 *minor_status;
1068     gss_ctx_id_t	context_handle;
1069     gss_buffer_t	input_message_buffer;
1070     gss_buffer_t	output_message_buffer;
1071     int			 *conf_state;
1072     gss_qop_t		 *qop_state;
1073 {
1074     return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer,
1075 			   output_message_buffer, conf_state, qop_state));
1076 }
1077 #endif
1078 
1079 /* V1 only */
1080 static OM_uint32
k5glue_verify(ctx,minor_status,context_handle,message_buffer,token_buffer,qop_state)1081 k5glue_verify(ctx, minor_status, context_handle, message_buffer,
1082 	   token_buffer, qop_state)
1083     void *ctx;
1084      OM_uint32 *minor_status;
1085      gss_ctx_id_t context_handle;
1086      gss_buffer_t message_buffer;
1087      gss_buffer_t token_buffer;
1088      int *qop_state;
1089 {
1090    return(krb5_gss_verify(minor_status,
1091 			  context_handle,
1092 			  message_buffer,
1093 			  token_buffer,
1094 			  qop_state));
1095 }
1096 
1097 /* V2 interface */
1098 static OM_uint32
k5glue_wrap_size_limit(ctx,minor_status,context_handle,conf_req_flag,qop_req,req_output_size,max_input_size)1099 k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag,
1100 		    qop_req, req_output_size, max_input_size)
1101     void *ctx;
1102     OM_uint32		 *minor_status;
1103     gss_ctx_id_t	context_handle;
1104     int			conf_req_flag;
1105     gss_qop_t		qop_req;
1106     OM_uint32		req_output_size;
1107     OM_uint32		 *max_input_size;
1108 {
1109    return(krb5_gss_wrap_size_limit(minor_status, context_handle,
1110 				   conf_req_flag, qop_req,
1111 				   req_output_size, max_input_size));
1112 }
1113 
1114 #if 0
1115 /* V2 interface */
1116 static OM_uint32
1117 k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name)
1118     void *ctx;
1119 	OM_uint32  *minor_status;
1120 	const gss_name_t input_name;
1121 	const gss_OID mech_type;
1122 	gss_name_t *output_name;
1123 {
1124 	return krb5_gss_canonicalize_name(minor_status, input_name,
1125 					  mech_type, output_name);
1126 }
1127 #endif
1128 
1129 /* V2 interface */
1130 static OM_uint32
k5glue_export_name(ctx,minor_status,input_name,exported_name)1131 k5glue_export_name(ctx, minor_status, input_name, exported_name)
1132     void *ctx;
1133 	OM_uint32  *minor_status;
1134 	const gss_name_t input_name;
1135 	gss_buffer_t exported_name;
1136 {
1137 	return krb5_gss_export_name(minor_status, input_name, exported_name);
1138 }
1139 
1140 /* SUNW15resync - this is not in the MIT mech (lib) yet */
1141 static OM_uint32
k5glue_store_cred(ctx,minor_status,input_cred,cred_usage,desired_mech,overwrite_cred,default_cred,elements_stored,cred_usage_stored)1142 k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech,
1143 			overwrite_cred, default_cred, elements_stored,
1144 			cred_usage_stored)
1145 void *ctx;
1146 OM_uint32 *minor_status;
1147 const gss_cred_id_t input_cred;
1148 gss_cred_usage_t cred_usage;
1149 gss_OID desired_mech;
1150 OM_uint32 overwrite_cred;
1151 OM_uint32 default_cred;
1152 gss_OID_set *elements_stored;
1153 gss_cred_usage_t *cred_usage_stored;
1154 {
1155   return(krb5_gss_store_cred(minor_status, input_cred,
1156 			    cred_usage, desired_mech,
1157 			    overwrite_cred, default_cred, elements_stored,
1158 			    cred_usage_stored));
1159 }
1160 
1161 static OM_uint32
k5glue_userok(void * ctxt,OM_uint32 * minor,const gss_name_t pname,const char * user,int * user_ok)1162 k5glue_userok(
1163 		    void *ctxt,		/* context */
1164 		    OM_uint32 *minor,	/* minor_status */
1165 		    const gss_name_t pname,	/* pname */
1166 		    const char *user,	/* local user */
1167 		    int *user_ok		/* user ok? */
1168 	/* */)
1169 {
1170   return(krb5_gss_userok(minor, pname, user, user_ok));
1171 }
1172 
1173 static OM_uint32
k5glue_pname_to_uid(void * ctxt,OM_uint32 * minor,const gss_name_t pname,uid_t * uidOut)1174 k5glue_pname_to_uid(
1175 		    void *ctxt,		/* context */
1176 		    OM_uint32 *minor,	/* minor_status */
1177 		    const gss_name_t pname,	/* pname */
1178 		    uid_t *uidOut		/* uid */
1179 	/* */)
1180 {
1181   return (krb5_pname_to_uid(minor, pname, uidOut));
1182 }
1183 
1184 
1185 
1186 #if 0
1187 /* V2 interface */
1188 static OM_uint32
1189 k5glue_duplicate_name(ctx, minor_status, input_name, dest_name)
1190     void *ctx;
1191 	OM_uint32  *minor_status;
1192 	const gss_name_t input_name;
1193 	gss_name_t *dest_name;
1194 {
1195 	return krb5_gss_duplicate_name(minor_status, input_name, dest_name);
1196 }
1197 #endif
1198 
1199 
1200 OM_uint32 KRB5_CALLCONV
gss_krb5_copy_ccache(OM_uint32 * minor_status,gss_cred_id_t cred_handle,krb5_ccache out_ccache)1201 gss_krb5_copy_ccache(
1202     OM_uint32 *minor_status,
1203     gss_cred_id_t cred_handle,
1204     krb5_ccache out_ccache)
1205 {
1206     gss_union_cred_t ucred;
1207     gss_cred_id_t mcred;
1208 
1209     ucred = (gss_union_cred_t)cred_handle;
1210 
1211     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1212     if (mcred != GSS_C_NO_CREDENTIAL)
1213 	return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1214 
1215     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1216     if (mcred != GSS_C_NO_CREDENTIAL)
1217 	return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1218 
1219     return GSS_S_DEFECTIVE_CREDENTIAL;
1220 }
1221 
1222 OM_uint32 KRB5_CALLCONV
gss_krb5_set_allowable_enctypes(OM_uint32 * minor_status,gss_cred_id_t cred,OM_uint32 num_ktypes,krb5_enctype * ktypes)1223 gss_krb5_set_allowable_enctypes(
1224     OM_uint32 *minor_status,
1225     gss_cred_id_t cred,
1226     OM_uint32 num_ktypes,
1227     krb5_enctype *ktypes)
1228 {
1229     gss_union_cred_t ucred;
1230     gss_cred_id_t mcred;
1231 
1232     ucred = (gss_union_cred_t)cred;
1233     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1234     if (mcred != GSS_C_NO_CREDENTIAL)
1235 	return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1236 						  num_ktypes, ktypes);
1237 
1238     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1239     if (mcred != GSS_C_NO_CREDENTIAL)
1240 	return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1241 						  num_ktypes, ktypes);
1242 
1243     return GSS_S_DEFECTIVE_CREDENTIAL;
1244 }
1245 
1246 /*
1247  * Glue routine for returning the mechanism-specific credential from a
1248  * external union credential.
1249  */
1250 /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't
1251   want to link against libgss so we put it here since we need it in the mech */
1252 gss_cred_id_t
gssint_get_mechanism_cred(union_cred,mech_type)1253 gssint_get_mechanism_cred(union_cred, mech_type)
1254     gss_union_cred_t    union_cred;
1255     gss_OID             mech_type;
1256 {
1257     int         i;
1258 
1259     if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL)
1260         return GSS_C_NO_CREDENTIAL;
1261 
1262     for (i=0; i < union_cred->count; i++) {
1263         if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
1264             return union_cred->cred_array[i];
1265     }
1266     return GSS_C_NO_CREDENTIAL;
1267 }
1268 
1269 
1270 
1271 /*
1272  * entry point for the gss layer,
1273  * called "krb5_gss_initialize()" in MIT 1.2.1
1274  */
1275 /* SUNW15resync - this used to be in k5mech.c */
1276 gss_mechanism
gss_mech_initialize(oid)1277 gss_mech_initialize(oid)
1278      const gss_OID oid;
1279 {
1280     /*
1281      * Solaris Kerberos: We also want to use the same functions for KRB5 as
1282      * we do for the MS KRB5 (krb5_mechanism_wrong).  So both are valid.
1283      */
1284     /* ensure that the requested oid matches our oid */
1285     if (oid == NULL || (!g_OID_equal(oid, &krb5_mechanism.mech_type) &&
1286 	!g_OID_equal(oid, &krb5_mechanism_wrong.mech_type))) {
1287       (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid");
1288       return (NULL);
1289     }
1290 
1291 #if 0 /* SUNW15resync - no longer needed(?) */
1292     if (krb5_gss_get_context(&(krb5_mechanism.context)) !=
1293 	GSS_S_COMPLETE)
1294       return (NULL);
1295 #endif
1296 
1297     return (&krb5_mechanism);
1298 }
1299 
1300 /*
1301  * This API should go away and be replaced with an accessor
1302  * into a gss_name_t.
1303  */
1304 OM_uint32 KRB5_CALLCONV
gsskrb5_extract_authz_data_from_sec_context(OM_uint32 * minor_status,gss_ctx_id_t context_handle,int ad_type,gss_buffer_t ad_data)1305 gsskrb5_extract_authz_data_from_sec_context(
1306     OM_uint32 *minor_status,
1307     gss_ctx_id_t context_handle,
1308     int ad_type,
1309     gss_buffer_t ad_data)
1310 {
1311     gss_OID_desc req_oid;
1312     unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6];
1313     OM_uint32 major_status;
1314     gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1315 
1316     if (ad_data == NULL)
1317         return GSS_S_CALL_INACCESSIBLE_WRITE;
1318 
1319     req_oid.elements = oid_buf;
1320     req_oid.length = sizeof(oid_buf);
1321 
1322     major_status = generic_gss_oid_compose(minor_status,
1323                                            GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
1324                                            GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
1325                                            ad_type,
1326                                            &req_oid);
1327     if (GSS_ERROR(major_status))
1328         return major_status;
1329 
1330     major_status = gss_inquire_sec_context_by_oid(minor_status,
1331                                                   context_handle,
1332                                                   (gss_OID)&req_oid,
1333                                                   &data_set);
1334     if (major_status != GSS_S_COMPLETE) {
1335         return major_status;
1336     }
1337 
1338     /*
1339      * SUNW17PACresync / Solaris Kerberos
1340      * MIT17 allows only count==1 which is correct for pre-Win2008 but
1341      * our testing with Win2008 shows count==2 and Win7 count==3.
1342      */
1343     if ((data_set == GSS_C_NO_BUFFER_SET) || (data_set->count == 0)) {
1344 	    gss_release_buffer_set(minor_status, &data_set);
1345 	    *minor_status = EINVAL;
1346 	    return GSS_S_FAILURE;
1347     }
1348 
1349     ad_data->length = data_set->elements[0].length;
1350     ad_data->value = malloc(ad_data->length);
1351     if (!ad_data->value) {
1352 	    gss_release_buffer_set(minor_status, &data_set);
1353 	    return ENOMEM;
1354     }
1355     bcopy(data_set->elements[0].value, ad_data->value, ad_data->length);
1356 
1357     gss_release_buffer_set(minor_status, &data_set);
1358 
1359     return GSS_S_COMPLETE;
1360 }
1361 
1362 
1363 OM_uint32 KRB5_CALLCONV
gsskrb5_extract_authtime_from_sec_context(OM_uint32 * minor_status,gss_ctx_id_t context_handle,krb5_timestamp * authtime)1364 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
1365                                           gss_ctx_id_t context_handle,
1366                                           krb5_timestamp *authtime)
1367 {
1368     static const gss_OID_desc req_oid = {
1369         GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH,
1370         GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID };
1371     OM_uint32 major_status;
1372     gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1373 
1374     if (authtime == NULL)
1375         return GSS_S_CALL_INACCESSIBLE_WRITE;
1376 
1377     major_status = gss_inquire_sec_context_by_oid(minor_status,
1378                                                   context_handle,
1379                                                   (gss_OID)&req_oid,
1380                                                   &data_set);
1381     if (major_status != GSS_S_COMPLETE)
1382         return major_status;
1383 
1384     if (data_set == GSS_C_NO_BUFFER_SET ||
1385         data_set->count != 1 ||
1386         data_set->elements[0].length != sizeof(*authtime)) {
1387         *minor_status = EINVAL;
1388         return GSS_S_FAILURE;
1389     }
1390 
1391     *authtime = *((krb5_timestamp *)data_set->elements[0].value);
1392 
1393     gss_release_buffer_set(minor_status, &data_set);
1394 
1395     *minor_status = 0;
1396 
1397     return GSS_S_COMPLETE;
1398 }
1399