1ab9b2e15Sgtb /*
2*159d09a2SMark Phalan  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3ab9b2e15Sgtb  * Use is subject to license terms.
4ab9b2e15Sgtb  */
5ab9b2e15Sgtb 
6ab9b2e15Sgtb 
7ab9b2e15Sgtb /*
8ab9b2e15Sgtb  * Copyright 1993 by OpenVision Technologies, Inc.
9ab9b2e15Sgtb  *
10ab9b2e15Sgtb  * Permission to use, copy, modify, distribute, and sell this software
11ab9b2e15Sgtb  * and its documentation for any purpose is hereby granted without fee,
12ab9b2e15Sgtb  * provided that the above copyright notice appears in all copies and
13ab9b2e15Sgtb  * that both that copyright notice and this permission notice appear in
14ab9b2e15Sgtb  * supporting documentation, and that the name of OpenVision not be used
15ab9b2e15Sgtb  * in advertising or publicity pertaining to distribution of the software
16ab9b2e15Sgtb  * without specific, written prior permission. OpenVision makes no
17ab9b2e15Sgtb  * representations about the suitability of this software for any
18ab9b2e15Sgtb  * purpose.  It is provided "as is" without express or implied warranty.
19ab9b2e15Sgtb  *
20ab9b2e15Sgtb  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
21ab9b2e15Sgtb  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
22ab9b2e15Sgtb  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
23ab9b2e15Sgtb  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
24ab9b2e15Sgtb  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
25ab9b2e15Sgtb  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
26ab9b2e15Sgtb  * PERFORMANCE OF THIS SOFTWARE.
27ab9b2e15Sgtb  */
28ab9b2e15Sgtb 
29ab9b2e15Sgtb /*
30*159d09a2SMark Phalan  * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $
31ab9b2e15Sgtb  */
32ab9b2e15Sgtb 
33ab9b2e15Sgtb #include "gssapiP_krb5.h"
34ab9b2e15Sgtb #include "mglueP.h"
35ab9b2e15Sgtb #include <syslog.h>
36ab9b2e15Sgtb 
37ab9b2e15Sgtb /** mechglue wrappers **/
38ab9b2e15Sgtb 
39ab9b2e15Sgtb static OM_uint32 k5glue_acquire_cred
40ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
41ab9b2e15Sgtb             gss_name_t,       /* desired_name */
42ab9b2e15Sgtb             OM_uint32,        /* time_req */
43ab9b2e15Sgtb             gss_OID_set,      /* desired_mechs */
44*159d09a2SMark Phalan             gss_cred_usage_t, /* cred_usage */
45ab9b2e15Sgtb             gss_cred_id_t*,   /* output_cred_handle */
46ab9b2e15Sgtb             gss_OID_set*,     /* actual_mechs */
47ab9b2e15Sgtb             OM_uint32*        /* time_rec */
48ab9b2e15Sgtb            );
49ab9b2e15Sgtb 
50ab9b2e15Sgtb static OM_uint32 k5glue_release_cred
51ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
52ab9b2e15Sgtb             gss_cred_id_t*    /* cred_handle */
53ab9b2e15Sgtb            );
54ab9b2e15Sgtb 
55ab9b2e15Sgtb static OM_uint32 k5glue_init_sec_context
56ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
57ab9b2e15Sgtb             gss_cred_id_t,    /* claimant_cred_handle */
58ab9b2e15Sgtb             gss_ctx_id_t*,    /* context_handle */
59ab9b2e15Sgtb             gss_name_t,       /* target_name */
60ab9b2e15Sgtb             gss_OID,          /* mech_type */
61ab9b2e15Sgtb             OM_uint32,        /* req_flags */
62ab9b2e15Sgtb             OM_uint32,        /* time_req */
63ab9b2e15Sgtb             gss_channel_bindings_t,
64ab9b2e15Sgtb                               /* input_chan_bindings */
65ab9b2e15Sgtb             gss_buffer_t,     /* input_token */
66ab9b2e15Sgtb             gss_OID*,         /* actual_mech_type */
67ab9b2e15Sgtb             gss_buffer_t,     /* output_token */
68ab9b2e15Sgtb             OM_uint32*,       /* ret_flags */
69ab9b2e15Sgtb             OM_uint32*        /* time_rec */
70ab9b2e15Sgtb            );
71ab9b2e15Sgtb 
72ab9b2e15Sgtb static OM_uint32 k5glue_accept_sec_context
73ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
74ab9b2e15Sgtb             gss_ctx_id_t*,    /* context_handle */
75ab9b2e15Sgtb             gss_cred_id_t,    /* verifier_cred_handle */
76ab9b2e15Sgtb             gss_buffer_t,     /* input_token_buffer */
77ab9b2e15Sgtb             gss_channel_bindings_t,
78ab9b2e15Sgtb                               /* input_chan_bindings */
79ab9b2e15Sgtb             gss_name_t*,      /* src_name */
80ab9b2e15Sgtb             gss_OID*,         /* mech_type */
81ab9b2e15Sgtb             gss_buffer_t,     /* output_token */
82ab9b2e15Sgtb             OM_uint32*,       /* ret_flags */
83ab9b2e15Sgtb             OM_uint32*,       /* time_rec */
84ab9b2e15Sgtb             gss_cred_id_t*    /* delegated_cred_handle */
85ab9b2e15Sgtb            );
86ab9b2e15Sgtb 
87ab9b2e15Sgtb static OM_uint32 k5glue_process_context_token
88ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
89ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
90ab9b2e15Sgtb             gss_buffer_t      /* token_buffer */
91ab9b2e15Sgtb            );
92ab9b2e15Sgtb 
93ab9b2e15Sgtb static OM_uint32 k5glue_delete_sec_context
94ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
95ab9b2e15Sgtb             gss_ctx_id_t*,    /* context_handle */
96ab9b2e15Sgtb             gss_buffer_t      /* output_token */
97ab9b2e15Sgtb            );
98ab9b2e15Sgtb 
99ab9b2e15Sgtb static OM_uint32 k5glue_context_time
100ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
101ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
102ab9b2e15Sgtb             OM_uint32*        /* time_rec */
103ab9b2e15Sgtb            );
104ab9b2e15Sgtb 
105ab9b2e15Sgtb static OM_uint32 k5glue_sign
106ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
107ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
108ab9b2e15Sgtb             int,              /* qop_req */
109ab9b2e15Sgtb             gss_buffer_t,     /* message_buffer */
110ab9b2e15Sgtb             gss_buffer_t      /* message_token */
111ab9b2e15Sgtb            );
112ab9b2e15Sgtb 
113ab9b2e15Sgtb static OM_uint32 k5glue_verify
114ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
115ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
116ab9b2e15Sgtb             gss_buffer_t,     /* message_buffer */
117ab9b2e15Sgtb             gss_buffer_t,     /* token_buffer */
118ab9b2e15Sgtb             int*              /* qop_state */
119ab9b2e15Sgtb            );
120ab9b2e15Sgtb 
121ab9b2e15Sgtb /* EXPORT DELETE START */
122ab9b2e15Sgtb static OM_uint32 k5glue_seal
123ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
124ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
125ab9b2e15Sgtb             int,              /* conf_req_flag */
126ab9b2e15Sgtb             int,              /* qop_req */
127ab9b2e15Sgtb             gss_buffer_t,     /* input_message_buffer */
128ab9b2e15Sgtb             int*,             /* conf_state */
129ab9b2e15Sgtb             gss_buffer_t      /* output_message_buffer */
130ab9b2e15Sgtb            );
131ab9b2e15Sgtb 
132ab9b2e15Sgtb static OM_uint32 k5glue_unseal
133ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
134ab9b2e15Sgtb             gss_ctx_id_t,     /* context_handle */
135ab9b2e15Sgtb             gss_buffer_t,     /* input_message_buffer */
136ab9b2e15Sgtb             gss_buffer_t,     /* output_message_buffer */
137ab9b2e15Sgtb             int*,             /* conf_state */
138ab9b2e15Sgtb             int*              /* qop_state */
139ab9b2e15Sgtb            );
140ab9b2e15Sgtb /* EXPORT DELETE END */
141ab9b2e15Sgtb 
142ab9b2e15Sgtb static OM_uint32 k5glue_display_status
143ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
144ab9b2e15Sgtb             OM_uint32,        /* status_value */
145ab9b2e15Sgtb             int,              /* status_type */
146ab9b2e15Sgtb             gss_OID,          /* mech_type */
147ab9b2e15Sgtb             OM_uint32*,       /* message_context */
148ab9b2e15Sgtb             gss_buffer_t      /* status_string */
149ab9b2e15Sgtb            );
150ab9b2e15Sgtb 
151ab9b2e15Sgtb static OM_uint32 k5glue_indicate_mechs
152ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
153ab9b2e15Sgtb             gss_OID_set*      /* mech_set */
154ab9b2e15Sgtb            );
155ab9b2e15Sgtb 
156ab9b2e15Sgtb static OM_uint32 k5glue_compare_name
157ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
158ab9b2e15Sgtb             gss_name_t,       /* name1 */
159ab9b2e15Sgtb             gss_name_t,       /* name2 */
160ab9b2e15Sgtb             int*              /* name_equal */
161ab9b2e15Sgtb            );
162ab9b2e15Sgtb 
163ab9b2e15Sgtb static OM_uint32 k5glue_display_name
164ab9b2e15Sgtb (void *, OM_uint32*,      /* minor_status */
165ab9b2e15Sgtb             gss_name_t,      /* input_name */
166ab9b2e15Sgtb             gss_buffer_t,    /* output_name_buffer */
167ab9b2e15Sgtb             gss_OID*         /* output_name_type */
168ab9b2e15Sgtb            );
169ab9b2e15Sgtb 
170ab9b2e15Sgtb static OM_uint32 k5glue_import_name
171ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
172ab9b2e15Sgtb             gss_buffer_t,     /* input_name_buffer */
173ab9b2e15Sgtb             gss_OID,          /* input_name_type */
174ab9b2e15Sgtb             gss_name_t*       /* output_name */
175ab9b2e15Sgtb            );
176ab9b2e15Sgtb 
177ab9b2e15Sgtb static OM_uint32 k5glue_release_name
178ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
179ab9b2e15Sgtb             gss_name_t*       /* input_name */
180ab9b2e15Sgtb            );
181ab9b2e15Sgtb 
182ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred
183ab9b2e15Sgtb (void *, OM_uint32 *,      /* minor_status */
184ab9b2e15Sgtb             gss_cred_id_t,    /* cred_handle */
185ab9b2e15Sgtb             gss_name_t *,     /* name */
186ab9b2e15Sgtb             OM_uint32 *,      /* lifetime */
187ab9b2e15Sgtb             gss_cred_usage_t*,/* cred_usage */
188ab9b2e15Sgtb             gss_OID_set *     /* mechanisms */
189ab9b2e15Sgtb            );
190ab9b2e15Sgtb 
191ab9b2e15Sgtb static OM_uint32 k5glue_inquire_context
192ab9b2e15Sgtb (void *, OM_uint32*,       /* minor_status */
193ab9b2e15Sgtb 	    gss_ctx_id_t,     /* context_handle */
194ab9b2e15Sgtb 	    gss_name_t*,      /* initiator_name */
195ab9b2e15Sgtb 	    gss_name_t*,      /* acceptor_name */
196ab9b2e15Sgtb 	    OM_uint32*,       /* lifetime_rec */
197ab9b2e15Sgtb 	    gss_OID*,         /* mech_type */
198ab9b2e15Sgtb 	    OM_uint32*,       /* ret_flags */
199ab9b2e15Sgtb 	    int*,             /* locally_initiated */
200ab9b2e15Sgtb 	    int*              /* open */
201ab9b2e15Sgtb 	   );
202ab9b2e15Sgtb 
203ab9b2e15Sgtb #if 0
204ab9b2e15Sgtb /* New V2 entry points */
205ab9b2e15Sgtb static OM_uint32 k5glue_get_mic
206ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
207ab9b2e15Sgtb 	    gss_ctx_id_t,		/* context_handle */
208ab9b2e15Sgtb 	    gss_qop_t,			/* qop_req */
209ab9b2e15Sgtb 	    gss_buffer_t,		/* message_buffer */
210ab9b2e15Sgtb 	    gss_buffer_t		/* message_token */
211ab9b2e15Sgtb 	   );
212ab9b2e15Sgtb 
213ab9b2e15Sgtb static OM_uint32 k5glue_verify_mic
214ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
215ab9b2e15Sgtb 	    gss_ctx_id_t,		/* context_handle */
216ab9b2e15Sgtb 	    gss_buffer_t,		/* message_buffer */
217ab9b2e15Sgtb 	    gss_buffer_t,		/* message_token */
218ab9b2e15Sgtb 	    gss_qop_t *			/* qop_state */
219ab9b2e15Sgtb 	   );
220ab9b2e15Sgtb 
221ab9b2e15Sgtb static OM_uint32 k5glue_wrap
222ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
223ab9b2e15Sgtb 	    gss_ctx_id_t,		/* context_handle */
224ab9b2e15Sgtb 	    int,			/* conf_req_flag */
225ab9b2e15Sgtb 	    gss_qop_t,			/* qop_req */
226ab9b2e15Sgtb 	    gss_buffer_t,		/* input_message_buffer */
227ab9b2e15Sgtb 	    int *,			/* conf_state */
228ab9b2e15Sgtb 	    gss_buffer_t		/* output_message_buffer */
229ab9b2e15Sgtb 	   );
230ab9b2e15Sgtb 
231ab9b2e15Sgtb static OM_uint32 k5glue_unwrap
232ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
233ab9b2e15Sgtb 	    gss_ctx_id_t,		/* context_handle */
234ab9b2e15Sgtb 	    gss_buffer_t,		/* input_message_buffer */
235ab9b2e15Sgtb 	    gss_buffer_t,		/* output_message_buffer */
236ab9b2e15Sgtb 	    int *,			/* conf_state */
237ab9b2e15Sgtb 	    gss_qop_t *			/* qop_state */
238ab9b2e15Sgtb 	   );
239ab9b2e15Sgtb #endif
240ab9b2e15Sgtb 
241ab9b2e15Sgtb static OM_uint32 k5glue_wrap_size_limit
242ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
243ab9b2e15Sgtb 	    gss_ctx_id_t,		/* context_handle */
244ab9b2e15Sgtb 	    int,			/* conf_req_flag */
245ab9b2e15Sgtb 	    gss_qop_t,			/* qop_req */
246ab9b2e15Sgtb 	    OM_uint32,			/* req_output_size */
247ab9b2e15Sgtb 	    OM_uint32 *			/* max_input_size */
248ab9b2e15Sgtb 	   );
249ab9b2e15Sgtb 
250ab9b2e15Sgtb #if 0
251ab9b2e15Sgtb static OM_uint32 k5glue_import_name_object
252ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
253ab9b2e15Sgtb 	    void *,			/* input_name */
254ab9b2e15Sgtb 	    gss_OID,			/* input_name_type */
255ab9b2e15Sgtb 	    gss_name_t *		/* output_name */
256ab9b2e15Sgtb 	   );
257ab9b2e15Sgtb 
258ab9b2e15Sgtb static OM_uint32 k5glue_export_name_object
259ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
260ab9b2e15Sgtb 	    gss_name_t,			/* input_name */
261ab9b2e15Sgtb 	    gss_OID,			/* desired_name_type */
262ab9b2e15Sgtb 	    void * *			/* output_name */
263ab9b2e15Sgtb 	   );
264ab9b2e15Sgtb #endif
265ab9b2e15Sgtb 
266ab9b2e15Sgtb static OM_uint32 k5glue_add_cred
267ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
268ab9b2e15Sgtb 	    gss_cred_id_t,		/* input_cred_handle */
269ab9b2e15Sgtb 	    gss_name_t,			/* desired_name */
270ab9b2e15Sgtb 	    gss_OID,			/* desired_mech */
271ab9b2e15Sgtb 	    gss_cred_usage_t,		/* cred_usage */
272ab9b2e15Sgtb 	    OM_uint32,			/* initiator_time_req */
273ab9b2e15Sgtb 	    OM_uint32,			/* acceptor_time_req */
274ab9b2e15Sgtb 	    gss_cred_id_t *,		/* output_cred_handle */
275ab9b2e15Sgtb 	    gss_OID_set *,		/* actual_mechs */
276ab9b2e15Sgtb 	    OM_uint32 *,		/* initiator_time_rec */
277ab9b2e15Sgtb 	    OM_uint32 *			/* acceptor_time_rec */
278ab9b2e15Sgtb 	   );
279ab9b2e15Sgtb 
280ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred_by_mech
281ab9b2e15Sgtb (void *, OM_uint32  *,		/* minor_status */
282ab9b2e15Sgtb 	    gss_cred_id_t,		/* cred_handle */
283ab9b2e15Sgtb 	    gss_OID,			/* mech_type */
284ab9b2e15Sgtb 	    gss_name_t *,		/* name */
285ab9b2e15Sgtb 	    OM_uint32 *,		/* initiator_lifetime */
286ab9b2e15Sgtb 	    OM_uint32 *,		/* acceptor_lifetime */
287ab9b2e15Sgtb 	    gss_cred_usage_t * 		/* cred_usage */
288ab9b2e15Sgtb 	   );
289ab9b2e15Sgtb 
290ab9b2e15Sgtb static OM_uint32 k5glue_export_sec_context
291ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
292ab9b2e15Sgtb 	    gss_ctx_id_t *,		/* context_handle */
293ab9b2e15Sgtb 	    gss_buffer_t		/* interprocess_token */
294ab9b2e15Sgtb 	    );
295ab9b2e15Sgtb 
296ab9b2e15Sgtb static OM_uint32 k5glue_import_sec_context
297ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
298ab9b2e15Sgtb 	    gss_buffer_t,		/* interprocess_token */
299ab9b2e15Sgtb 	    gss_ctx_id_t *		/* context_handle */
300ab9b2e15Sgtb 	    );
301ab9b2e15Sgtb 
302ab9b2e15Sgtb krb5_error_code k5glue_ser_init(krb5_context);
303ab9b2e15Sgtb 
304ab9b2e15Sgtb static OM_uint32 k5glue_internal_release_oid
305ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
306ab9b2e15Sgtb 	    gss_OID *			/* oid */
307ab9b2e15Sgtb 	   );
308ab9b2e15Sgtb 
309ab9b2e15Sgtb static OM_uint32 k5glue_inquire_names_for_mech
310ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
311ab9b2e15Sgtb 	    gss_OID,			/* mechanism */
312ab9b2e15Sgtb 	    gss_OID_set *		/* name_types */
313ab9b2e15Sgtb 	   );
314ab9b2e15Sgtb 
315ab9b2e15Sgtb #if 0
316ab9b2e15Sgtb static OM_uint32 k5glue_canonicalize_name
317ab9b2e15Sgtb (void *, OM_uint32  *,		/* minor_status */
318ab9b2e15Sgtb 	    const gss_name_t,		/* input_name */
319ab9b2e15Sgtb 	    const gss_OID,		/* mech_type */
320ab9b2e15Sgtb 	    gss_name_t *		/* output_name */
321ab9b2e15Sgtb 	 );
322ab9b2e15Sgtb #endif
323ab9b2e15Sgtb 
324ab9b2e15Sgtb static OM_uint32 k5glue_export_name
325ab9b2e15Sgtb (void *, OM_uint32  *,		/* minor_status */
326ab9b2e15Sgtb 	    const gss_name_t,		/* input_name */
327ab9b2e15Sgtb 	    gss_buffer_t		/* exported_name */
328ab9b2e15Sgtb 	 );
329ab9b2e15Sgtb 
330ab9b2e15Sgtb /* SUNW15resync - Solaris specific */
331ab9b2e15Sgtb static OM_uint32 k5glue_store_cred (
332ab9b2e15Sgtb 	    void *,
333ab9b2e15Sgtb 	    OM_uint32 *,            /* minor_status */
334ab9b2e15Sgtb 	    const gss_cred_id_t,    /* input_cred */
335ab9b2e15Sgtb 	    gss_cred_usage_t,       /* cred_usage */
336ab9b2e15Sgtb 	    const gss_OID,          /* desired_mech */
337ab9b2e15Sgtb 	    OM_uint32,              /* overwrite_cred */
338ab9b2e15Sgtb 	    OM_uint32,              /* default_cred */
339ab9b2e15Sgtb 	    gss_OID_set *,          /* elements_stored */
340ab9b2e15Sgtb 	    gss_cred_usage_t *      /* cred_usage_stored */
341ab9b2e15Sgtb 	   );
342ab9b2e15Sgtb 
343ab9b2e15Sgtb static OM_uint32
344ab9b2e15Sgtb k5glue_userok(
345ab9b2e15Sgtb 		    void *,		/* context */
346ab9b2e15Sgtb 		    OM_uint32 *,	/* minor_status */
347ab9b2e15Sgtb 		    const gss_name_t,	/* pname */
348ab9b2e15Sgtb 		    const char *,	/* local user */
349ab9b2e15Sgtb 		    int *		/* user ok? */
350ab9b2e15Sgtb 	/* */);
351ab9b2e15Sgtb 
352ab9b2e15Sgtb static OM_uint32
353ab9b2e15Sgtb k5glue_pname_to_uid(
354ab9b2e15Sgtb 		    void *,		/* context */
355ab9b2e15Sgtb 		    OM_uint32 *,	/* minor_status */
356ab9b2e15Sgtb 		    const gss_name_t,	/* pname */
357ab9b2e15Sgtb 		    uid_t *		/* uid */
358ab9b2e15Sgtb 	/* */);
359ab9b2e15Sgtb 
360ab9b2e15Sgtb 
361ab9b2e15Sgtb 
362ab9b2e15Sgtb 
363ab9b2e15Sgtb #if 0
364ab9b2e15Sgtb static OM_uint32 k5glue_duplicate_name
365ab9b2e15Sgtb (void *, OM_uint32  *,		/* minor_status */
366ab9b2e15Sgtb 	    const gss_name_t,		/* input_name */
367ab9b2e15Sgtb 	    gss_name_t *		/* dest_name */
368ab9b2e15Sgtb 	 );
369ab9b2e15Sgtb #endif
370ab9b2e15Sgtb 
371ab9b2e15Sgtb #if 0
372ab9b2e15Sgtb static OM_uint32 k5glue_validate_cred
373ab9b2e15Sgtb (void *, OM_uint32 *,		/* minor_status */
374ab9b2e15Sgtb 	    gss_cred_id_t		/* cred */
375ab9b2e15Sgtb          );
376ab9b2e15Sgtb #endif
377ab9b2e15Sgtb 
378ab9b2e15Sgtb #if 0
379ab9b2e15Sgtb /*
380ab9b2e15Sgtb  * SUNW15resync
381ab9b2e15Sgtb  * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src
382ab9b2e15Sgtb  * slicing&dicing needs of the "nightly -SD" build.  When it goes away,
383ab9b2e15Sgtb  * we should use it assuming MIT still uses it then.
384ab9b2e15Sgtb  */
385ab9b2e15Sgtb 
386ab9b2e15Sgtb /*
387ab9b2e15Sgtb  * The krb5 mechanism provides two mech OIDs; use this initializer to
388ab9b2e15Sgtb  * ensure that both dispatch tables contain identical function
389ab9b2e15Sgtb  * pointers.
390ab9b2e15Sgtb  */
391ab9b2e15Sgtb #define KRB5_GSS_CONFIG_INIT				\
392ab9b2e15Sgtb     NULL,						\
393ab9b2e15Sgtb     ...
394ab9b2e15Sgtb #endif
395ab9b2e15Sgtb 
396ab9b2e15Sgtb 
397ab9b2e15Sgtb static struct gss_config krb5_mechanism = {
398ab9b2e15Sgtb #if 0 /* Solaris Kerberos */
399ab9b2e15Sgtb     100, "kerberos_v5",
400ab9b2e15Sgtb #endif
401ab9b2e15Sgtb     { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
402ab9b2e15Sgtb     NULL,
403ab9b2e15Sgtb     k5glue_acquire_cred,
404ab9b2e15Sgtb     k5glue_release_cred,
405ab9b2e15Sgtb     k5glue_init_sec_context,
406ab9b2e15Sgtb     k5glue_accept_sec_context,
407ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */
408ab9b2e15Sgtb     k5glue_unseal,
409ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */
410ab9b2e15Sgtb     k5glue_process_context_token,
411ab9b2e15Sgtb     k5glue_delete_sec_context,
412ab9b2e15Sgtb     k5glue_context_time,
413ab9b2e15Sgtb     k5glue_display_status,
414ab9b2e15Sgtb     k5glue_indicate_mechs,
415ab9b2e15Sgtb     k5glue_compare_name,
416ab9b2e15Sgtb     k5glue_display_name,
417ab9b2e15Sgtb     k5glue_import_name,
418ab9b2e15Sgtb     k5glue_release_name,
419ab9b2e15Sgtb     k5glue_inquire_cred,
420ab9b2e15Sgtb     k5glue_add_cred,
421ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */
422ab9b2e15Sgtb     k5glue_seal,
423ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */
424ab9b2e15Sgtb     k5glue_export_sec_context,
425ab9b2e15Sgtb     k5glue_import_sec_context,
426ab9b2e15Sgtb     k5glue_inquire_cred_by_mech,
427ab9b2e15Sgtb     k5glue_inquire_names_for_mech,
428ab9b2e15Sgtb     k5glue_inquire_context,
429ab9b2e15Sgtb     k5glue_internal_release_oid,
430ab9b2e15Sgtb     k5glue_wrap_size_limit,
431ab9b2e15Sgtb     k5glue_pname_to_uid,
432ab9b2e15Sgtb     k5glue_userok,
433ab9b2e15Sgtb     k5glue_export_name,
434ab9b2e15Sgtb /* EXPORT DELETE START */
435ab9b2e15Sgtb /* CRYPT DELETE START */
436ab9b2e15Sgtb #if 0
437ab9b2e15Sgtb /* CRYPT DELETE END */
438ab9b2e15Sgtb     k5glue_seal,
439ab9b2e15Sgtb     k5glue_unseal,
440ab9b2e15Sgtb /* CRYPT DELETE START */
441ab9b2e15Sgtb #endif
442ab9b2e15Sgtb /* CRYPT DELETE END */
443ab9b2e15Sgtb /* EXPORT DELETE END */
444ab9b2e15Sgtb     k5glue_sign,
445ab9b2e15Sgtb     k5glue_verify,
446ab9b2e15Sgtb     k5glue_store_cred
447ab9b2e15Sgtb };
448ab9b2e15Sgtb 
449ab9b2e15Sgtb static struct gss_config krb5_mechanism_old = {
450ab9b2e15Sgtb #if 0 /* Solaris Kerberos */
451ab9b2e15Sgtb     200, "kerberos_v5 (pre-RFC OID)",
452ab9b2e15Sgtb #endif
453ab9b2e15Sgtb     { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID },
454ab9b2e15Sgtb     NULL,
455ab9b2e15Sgtb     k5glue_acquire_cred,
456ab9b2e15Sgtb     k5glue_release_cred,
457ab9b2e15Sgtb     k5glue_init_sec_context,
458ab9b2e15Sgtb     k5glue_accept_sec_context,
459ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */
460ab9b2e15Sgtb     k5glue_unseal,
461ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */
462ab9b2e15Sgtb     k5glue_process_context_token,
463ab9b2e15Sgtb     k5glue_delete_sec_context,
464ab9b2e15Sgtb     k5glue_context_time,
465ab9b2e15Sgtb     k5glue_display_status,
466ab9b2e15Sgtb     k5glue_indicate_mechs,
467ab9b2e15Sgtb     k5glue_compare_name,
468ab9b2e15Sgtb     k5glue_display_name,
469ab9b2e15Sgtb     k5glue_import_name,
470ab9b2e15Sgtb     k5glue_release_name,
471ab9b2e15Sgtb     k5glue_inquire_cred,
472ab9b2e15Sgtb     k5glue_add_cred,
473ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */
474ab9b2e15Sgtb     k5glue_seal,
475ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */
476ab9b2e15Sgtb     k5glue_export_sec_context,
477ab9b2e15Sgtb     k5glue_import_sec_context,
478ab9b2e15Sgtb     k5glue_inquire_cred_by_mech,
479ab9b2e15Sgtb     k5glue_inquire_names_for_mech,
480ab9b2e15Sgtb     k5glue_inquire_context,
481ab9b2e15Sgtb     k5glue_internal_release_oid,
482ab9b2e15Sgtb     k5glue_wrap_size_limit,
483ab9b2e15Sgtb     k5glue_pname_to_uid,
484ab9b2e15Sgtb     k5glue_userok,
485ab9b2e15Sgtb     k5glue_export_name,
486ab9b2e15Sgtb /* EXPORT DELETE START */
487ab9b2e15Sgtb /* CRYPT DELETE START */
488ab9b2e15Sgtb #if 0
489ab9b2e15Sgtb /* CRYPT DELETE END */
490ab9b2e15Sgtb     k5glue_seal,
491ab9b2e15Sgtb     k5glue_unseal,
492ab9b2e15Sgtb /* CRYPT DELETE START */
493ab9b2e15Sgtb #endif
494ab9b2e15Sgtb /* CRYPT DELETE END */
495ab9b2e15Sgtb /* EXPORT DELETE END */
496ab9b2e15Sgtb     k5glue_sign,
497ab9b2e15Sgtb     k5glue_verify,
498ab9b2e15Sgtb     k5glue_store_cred
499ab9b2e15Sgtb };
500ab9b2e15Sgtb 
501ab9b2e15Sgtb static struct gss_config krb5_mechanism_wrong = {
502ab9b2e15Sgtb #if 0 /* Solaris Kerberos */
503ab9b2e15Sgtb     300, "kerberos_v5 (wrong OID)",
504ab9b2e15Sgtb #endif
505ab9b2e15Sgtb     { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID },
506ab9b2e15Sgtb     NULL,
507ab9b2e15Sgtb     k5glue_acquire_cred,
508ab9b2e15Sgtb     k5glue_release_cred,
509ab9b2e15Sgtb     k5glue_init_sec_context,
510ab9b2e15Sgtb     k5glue_accept_sec_context,
511ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */
512ab9b2e15Sgtb     k5glue_unseal,
513ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */
514ab9b2e15Sgtb     k5glue_process_context_token,
515ab9b2e15Sgtb     k5glue_delete_sec_context,
516ab9b2e15Sgtb     k5glue_context_time,
517ab9b2e15Sgtb     k5glue_display_status,
518ab9b2e15Sgtb     k5glue_indicate_mechs,
519ab9b2e15Sgtb     k5glue_compare_name,
520ab9b2e15Sgtb     k5glue_display_name,
521ab9b2e15Sgtb     k5glue_import_name,
522ab9b2e15Sgtb     k5glue_release_name,
523ab9b2e15Sgtb     k5glue_inquire_cred,
524ab9b2e15Sgtb     k5glue_add_cred,
525ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */
526ab9b2e15Sgtb     k5glue_seal,
527ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */
528ab9b2e15Sgtb     k5glue_export_sec_context,
529ab9b2e15Sgtb     k5glue_import_sec_context,
530ab9b2e15Sgtb     k5glue_inquire_cred_by_mech,
531ab9b2e15Sgtb     k5glue_inquire_names_for_mech,
532ab9b2e15Sgtb     k5glue_inquire_context,
533ab9b2e15Sgtb     k5glue_internal_release_oid,
534ab9b2e15Sgtb     k5glue_wrap_size_limit,
535ab9b2e15Sgtb     k5glue_pname_to_uid,
536ab9b2e15Sgtb     k5glue_userok,
537ab9b2e15Sgtb     k5glue_export_name,
538ab9b2e15Sgtb /* EXPORT DELETE START */
539ab9b2e15Sgtb /* CRYPT DELETE START */
540ab9b2e15Sgtb #if 0
541ab9b2e15Sgtb /* CRYPT DELETE END */
542ab9b2e15Sgtb     k5glue_seal,
543ab9b2e15Sgtb     k5glue_unseal,
544ab9b2e15Sgtb /* CRYPT DELETE START */
545ab9b2e15Sgtb #endif
546ab9b2e15Sgtb /* CRYPT DELETE END */
547ab9b2e15Sgtb /* EXPORT DELETE END */
548ab9b2e15Sgtb     k5glue_sign,
549ab9b2e15Sgtb     k5glue_verify,
550ab9b2e15Sgtb     k5glue_store_cred
551ab9b2e15Sgtb };
552ab9b2e15Sgtb 
553ab9b2e15Sgtb static gss_mechanism krb5_mech_configs[] = {
554ab9b2e15Sgtb     &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL
555ab9b2e15Sgtb };
556ab9b2e15Sgtb 
557ab9b2e15Sgtb #ifdef MS_BUG_TEST
558ab9b2e15Sgtb static gss_mechanism krb5_mech_configs_hack[] = {
559ab9b2e15Sgtb     &krb5_mechanism, &krb5_mechanism_old, NULL
560ab9b2e15Sgtb };
561ab9b2e15Sgtb #endif
562ab9b2e15Sgtb 
563ab9b2e15Sgtb #if 1
564ab9b2e15Sgtb #define gssint_get_mech_configs krb5_gss_get_mech_configs
565ab9b2e15Sgtb #endif
566ab9b2e15Sgtb 
567ab9b2e15Sgtb gss_mechanism *
568ab9b2e15Sgtb gssint_get_mech_configs(void)
569ab9b2e15Sgtb {
570ab9b2e15Sgtb #ifdef MS_BUG_TEST
571ab9b2e15Sgtb     char *envstr = getenv("MS_FORCE_NO_MSOID");
572ab9b2e15Sgtb 
573ab9b2e15Sgtb     if (envstr != NULL && strcmp(envstr, "1") == 0) {
574ab9b2e15Sgtb 	return krb5_mech_configs_hack;
575ab9b2e15Sgtb     }
576ab9b2e15Sgtb #endif
577ab9b2e15Sgtb     return krb5_mech_configs;
578ab9b2e15Sgtb }
579ab9b2e15Sgtb 
580ab9b2e15Sgtb static OM_uint32
581ab9b2e15Sgtb k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle,
582ab9b2e15Sgtb 		       input_token, input_chan_bindings, src_name, mech_type,
583ab9b2e15Sgtb 		       output_token, ret_flags, time_rec, delegated_cred_handle)
584ab9b2e15Sgtb     void *ctx;
585ab9b2e15Sgtb      OM_uint32 *minor_status;
586ab9b2e15Sgtb      gss_ctx_id_t *context_handle;
587ab9b2e15Sgtb      gss_cred_id_t verifier_cred_handle;
588ab9b2e15Sgtb      gss_buffer_t input_token;
589ab9b2e15Sgtb      gss_channel_bindings_t input_chan_bindings;
590ab9b2e15Sgtb      gss_name_t *src_name;
591ab9b2e15Sgtb      gss_OID *mech_type;
592ab9b2e15Sgtb      gss_buffer_t output_token;
593ab9b2e15Sgtb      OM_uint32 *ret_flags;
594ab9b2e15Sgtb      OM_uint32 *time_rec;
595ab9b2e15Sgtb      gss_cred_id_t *delegated_cred_handle;
596ab9b2e15Sgtb {
597ab9b2e15Sgtb    return(krb5_gss_accept_sec_context(minor_status,
598ab9b2e15Sgtb 				      context_handle,
599ab9b2e15Sgtb 				      verifier_cred_handle,
600ab9b2e15Sgtb 				      input_token,
601ab9b2e15Sgtb 				      input_chan_bindings,
602ab9b2e15Sgtb 				      src_name,
603ab9b2e15Sgtb 				      mech_type,
604ab9b2e15Sgtb 				      output_token,
605ab9b2e15Sgtb 				      ret_flags,
606ab9b2e15Sgtb 				      time_rec,
607ab9b2e15Sgtb 				      delegated_cred_handle));
608ab9b2e15Sgtb }
609ab9b2e15Sgtb 
610ab9b2e15Sgtb static OM_uint32
611ab9b2e15Sgtb k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
612ab9b2e15Sgtb 		 cred_usage, output_cred_handle, actual_mechs, time_rec)
613ab9b2e15Sgtb     void *ctx;
614ab9b2e15Sgtb      OM_uint32 *minor_status;
615ab9b2e15Sgtb      gss_name_t desired_name;
616ab9b2e15Sgtb      OM_uint32 time_req;
617ab9b2e15Sgtb      gss_OID_set desired_mechs;
618*159d09a2SMark Phalan      gss_cred_usage_t cred_usage;
619ab9b2e15Sgtb      gss_cred_id_t *output_cred_handle;
620ab9b2e15Sgtb      gss_OID_set *actual_mechs;
621ab9b2e15Sgtb      OM_uint32 *time_rec;
622ab9b2e15Sgtb {
623ab9b2e15Sgtb    return(krb5_gss_acquire_cred(minor_status,
624ab9b2e15Sgtb 				desired_name,
625ab9b2e15Sgtb 				time_req,
626ab9b2e15Sgtb 				desired_mechs,
627ab9b2e15Sgtb 				cred_usage,
628ab9b2e15Sgtb 				output_cred_handle,
629ab9b2e15Sgtb 				actual_mechs,
630ab9b2e15Sgtb 				time_rec));
631ab9b2e15Sgtb }
632ab9b2e15Sgtb 
633ab9b2e15Sgtb /* V2 */
634ab9b2e15Sgtb static OM_uint32
635ab9b2e15Sgtb k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech,
636ab9b2e15Sgtb 	     cred_usage, initiator_time_req, acceptor_time_req,
637ab9b2e15Sgtb 	     output_cred_handle, actual_mechs, initiator_time_rec,
638ab9b2e15Sgtb 	     acceptor_time_rec)
639ab9b2e15Sgtb     void *ctx;
640ab9b2e15Sgtb     OM_uint32		 *minor_status;
641ab9b2e15Sgtb     gss_cred_id_t	input_cred_handle;
642ab9b2e15Sgtb     gss_name_t		desired_name;
643ab9b2e15Sgtb     gss_OID		desired_mech;
644ab9b2e15Sgtb     gss_cred_usage_t	cred_usage;
645ab9b2e15Sgtb     OM_uint32		initiator_time_req;
646ab9b2e15Sgtb     OM_uint32		acceptor_time_req;
647ab9b2e15Sgtb     gss_cred_id_t	 *output_cred_handle;
648ab9b2e15Sgtb     gss_OID_set		 *actual_mechs;
649ab9b2e15Sgtb     OM_uint32		 *initiator_time_rec;
650ab9b2e15Sgtb     OM_uint32		 *acceptor_time_rec;
651ab9b2e15Sgtb {
652ab9b2e15Sgtb     return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name,
653ab9b2e15Sgtb 			     desired_mech, cred_usage, initiator_time_req,
654ab9b2e15Sgtb 			     acceptor_time_req, output_cred_handle,
655ab9b2e15Sgtb 			     actual_mechs, initiator_time_rec,
656ab9b2e15Sgtb 			     acceptor_time_rec));
657ab9b2e15Sgtb }
658ab9b2e15Sgtb 
659ab9b2e15Sgtb #if 0
660ab9b2e15Sgtb /* V2 */
661ab9b2e15Sgtb static OM_uint32
662ab9b2e15Sgtb k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set)
663ab9b2e15Sgtb     void *ctx;
664ab9b2e15Sgtb     OM_uint32	 *minor_status;
665ab9b2e15Sgtb     gss_OID	member_oid;
666ab9b2e15Sgtb     gss_OID_set	 *oid_set;
667ab9b2e15Sgtb {
668ab9b2e15Sgtb     return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set));
669ab9b2e15Sgtb }
670ab9b2e15Sgtb #endif
671ab9b2e15Sgtb 
672ab9b2e15Sgtb static OM_uint32
673ab9b2e15Sgtb k5glue_compare_name(ctx, minor_status, name1, name2, name_equal)
674ab9b2e15Sgtb     void *ctx;
675ab9b2e15Sgtb      OM_uint32 *minor_status;
676ab9b2e15Sgtb      gss_name_t name1;
677ab9b2e15Sgtb      gss_name_t name2;
678ab9b2e15Sgtb      int *name_equal;
679ab9b2e15Sgtb {
680ab9b2e15Sgtb    return(krb5_gss_compare_name(minor_status, name1,
681ab9b2e15Sgtb 				name2, name_equal));
682ab9b2e15Sgtb }
683ab9b2e15Sgtb 
684ab9b2e15Sgtb static OM_uint32
685ab9b2e15Sgtb k5glue_context_time(ctx, minor_status, context_handle, time_rec)
686ab9b2e15Sgtb     void *ctx;
687ab9b2e15Sgtb      OM_uint32 *minor_status;
688ab9b2e15Sgtb      gss_ctx_id_t context_handle;
689ab9b2e15Sgtb      OM_uint32 *time_rec;
690ab9b2e15Sgtb {
691ab9b2e15Sgtb    return(krb5_gss_context_time(minor_status, context_handle,
692ab9b2e15Sgtb 				time_rec));
693ab9b2e15Sgtb }
694ab9b2e15Sgtb 
695ab9b2e15Sgtb #if 0
696ab9b2e15Sgtb /* V2 */
697ab9b2e15Sgtb static OM_uint32
698ab9b2e15Sgtb k5glue_create_empty_oid_set(ctx, minor_status, oid_set)
699ab9b2e15Sgtb     void *ctx;
700ab9b2e15Sgtb     OM_uint32	 *minor_status;
701ab9b2e15Sgtb     gss_OID_set	 *oid_set;
702ab9b2e15Sgtb {
703ab9b2e15Sgtb     return(generic_gss_create_empty_oid_set(minor_status, oid_set));
704ab9b2e15Sgtb }
705ab9b2e15Sgtb #endif
706ab9b2e15Sgtb 
707ab9b2e15Sgtb static OM_uint32
708ab9b2e15Sgtb k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token)
709ab9b2e15Sgtb     void *ctx;
710ab9b2e15Sgtb      OM_uint32 *minor_status;
711ab9b2e15Sgtb      gss_ctx_id_t *context_handle;
712ab9b2e15Sgtb      gss_buffer_t output_token;
713ab9b2e15Sgtb {
714ab9b2e15Sgtb    return(krb5_gss_delete_sec_context(minor_status,
715ab9b2e15Sgtb 				      context_handle, output_token));
716ab9b2e15Sgtb }
717ab9b2e15Sgtb 
718ab9b2e15Sgtb static OM_uint32
719ab9b2e15Sgtb k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type)
720ab9b2e15Sgtb     void *ctx;
721ab9b2e15Sgtb      OM_uint32 *minor_status;
722ab9b2e15Sgtb      gss_name_t input_name;
723ab9b2e15Sgtb      gss_buffer_t output_name_buffer;
724ab9b2e15Sgtb      gss_OID *output_name_type;
725ab9b2e15Sgtb {
726ab9b2e15Sgtb    return(krb5_gss_display_name(minor_status, input_name,
727ab9b2e15Sgtb 				output_name_buffer, output_name_type));
728ab9b2e15Sgtb }
729ab9b2e15Sgtb 
730ab9b2e15Sgtb static OM_uint32
731ab9b2e15Sgtb k5glue_display_status(ctx, minor_status, status_value, status_type,
732ab9b2e15Sgtb 		   mech_type, message_context, status_string)
733ab9b2e15Sgtb     void *ctx;
734ab9b2e15Sgtb      OM_uint32 *minor_status;
735ab9b2e15Sgtb      OM_uint32 status_value;
736ab9b2e15Sgtb      int status_type;
737ab9b2e15Sgtb      gss_OID mech_type;
738ab9b2e15Sgtb      OM_uint32 *message_context;
739ab9b2e15Sgtb      gss_buffer_t status_string;
740ab9b2e15Sgtb {
741ab9b2e15Sgtb    return(krb5_gss_display_status(minor_status, status_value,
742ab9b2e15Sgtb 				  status_type, mech_type, message_context,
743ab9b2e15Sgtb 				  status_string));
744ab9b2e15Sgtb }
745ab9b2e15Sgtb 
746ab9b2e15Sgtb /* V2 */
747ab9b2e15Sgtb static OM_uint32
748ab9b2e15Sgtb k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token)
749ab9b2e15Sgtb     void *ctx;
750ab9b2e15Sgtb      OM_uint32		 *minor_status;
751ab9b2e15Sgtb      gss_ctx_id_t	 *context_handle;
752ab9b2e15Sgtb      gss_buffer_t	interprocess_token;
753ab9b2e15Sgtb {
754ab9b2e15Sgtb    return(krb5_gss_export_sec_context(minor_status,
755ab9b2e15Sgtb 				      context_handle,
756ab9b2e15Sgtb 				      interprocess_token));
757ab9b2e15Sgtb }
758ab9b2e15Sgtb 
759ab9b2e15Sgtb #if 0
760ab9b2e15Sgtb /* V2 */
761ab9b2e15Sgtb static OM_uint32
762ab9b2e15Sgtb k5glue_get_mic(ctx, minor_status, context_handle, qop_req,
763ab9b2e15Sgtb 	    message_buffer, message_token)
764ab9b2e15Sgtb     void *ctx;
765ab9b2e15Sgtb      OM_uint32		 *minor_status;
766ab9b2e15Sgtb      gss_ctx_id_t	context_handle;
767ab9b2e15Sgtb      gss_qop_t		qop_req;
768ab9b2e15Sgtb      gss_buffer_t	message_buffer;
769ab9b2e15Sgtb      gss_buffer_t	message_token;
770ab9b2e15Sgtb {
771ab9b2e15Sgtb     return(krb5_gss_get_mic(minor_status, context_handle,
772ab9b2e15Sgtb 			    qop_req, message_buffer, message_token));
773ab9b2e15Sgtb }
774ab9b2e15Sgtb #endif
775ab9b2e15Sgtb 
776ab9b2e15Sgtb static OM_uint32
777ab9b2e15Sgtb k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name)
778ab9b2e15Sgtb     void *ctx;
779ab9b2e15Sgtb      OM_uint32 *minor_status;
780ab9b2e15Sgtb      gss_buffer_t input_name_buffer;
781ab9b2e15Sgtb      gss_OID input_name_type;
782ab9b2e15Sgtb      gss_name_t *output_name;
783ab9b2e15Sgtb {
784ab9b2e15Sgtb #if 0
785ab9b2e15Sgtb     OM_uint32 err;
786ab9b2e15Sgtb     err = gssint_initialize_library();
787ab9b2e15Sgtb     if (err) {
788ab9b2e15Sgtb 	*minor_status = err;
789ab9b2e15Sgtb 	return GSS_S_FAILURE;
790ab9b2e15Sgtb     }
791ab9b2e15Sgtb #endif
792ab9b2e15Sgtb     return(krb5_gss_import_name(minor_status, input_name_buffer,
793ab9b2e15Sgtb 				input_name_type, output_name));
794ab9b2e15Sgtb }
795ab9b2e15Sgtb 
796ab9b2e15Sgtb /* V2 */
797ab9b2e15Sgtb static OM_uint32
798ab9b2e15Sgtb k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
799ab9b2e15Sgtb     void *ctx;
800ab9b2e15Sgtb      OM_uint32		 *minor_status;
801ab9b2e15Sgtb      gss_buffer_t	interprocess_token;
802ab9b2e15Sgtb      gss_ctx_id_t	 *context_handle;
803ab9b2e15Sgtb {
804ab9b2e15Sgtb    return(krb5_gss_import_sec_context(minor_status,
805ab9b2e15Sgtb 				      interprocess_token,
806ab9b2e15Sgtb 				      context_handle));
807ab9b2e15Sgtb }
808ab9b2e15Sgtb 
809ab9b2e15Sgtb static OM_uint32
810ab9b2e15Sgtb k5glue_indicate_mechs(ctx, minor_status, mech_set)
811ab9b2e15Sgtb     void *ctx;
812ab9b2e15Sgtb      OM_uint32 *minor_status;
813ab9b2e15Sgtb      gss_OID_set *mech_set;
814ab9b2e15Sgtb {
815ab9b2e15Sgtb    return(krb5_gss_indicate_mechs(minor_status, mech_set));
816ab9b2e15Sgtb }
817ab9b2e15Sgtb 
818ab9b2e15Sgtb static OM_uint32
819ab9b2e15Sgtb k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle,
820ab9b2e15Sgtb 		     target_name, mech_type, req_flags, time_req,
821ab9b2e15Sgtb 		     input_chan_bindings, input_token, actual_mech_type,
822ab9b2e15Sgtb 		     output_token, ret_flags, time_rec)
823ab9b2e15Sgtb     void *ctx;
824ab9b2e15Sgtb      OM_uint32 *minor_status;
825ab9b2e15Sgtb      gss_cred_id_t claimant_cred_handle;
826ab9b2e15Sgtb      gss_ctx_id_t *context_handle;
827ab9b2e15Sgtb      gss_name_t target_name;
828ab9b2e15Sgtb      gss_OID mech_type;
829ab9b2e15Sgtb      OM_uint32 req_flags;
830ab9b2e15Sgtb      OM_uint32 time_req;
831ab9b2e15Sgtb      gss_channel_bindings_t input_chan_bindings;
832ab9b2e15Sgtb      gss_buffer_t input_token;
833ab9b2e15Sgtb      gss_OID *actual_mech_type;
834ab9b2e15Sgtb      gss_buffer_t output_token;
835ab9b2e15Sgtb      OM_uint32 *ret_flags;
836ab9b2e15Sgtb      OM_uint32 *time_rec;
837ab9b2e15Sgtb {
838ab9b2e15Sgtb    return(krb5_gss_init_sec_context(minor_status,
839ab9b2e15Sgtb 				    claimant_cred_handle, context_handle,
840ab9b2e15Sgtb 				    target_name, mech_type, req_flags,
841ab9b2e15Sgtb 				    time_req, input_chan_bindings, input_token,
842ab9b2e15Sgtb 				    actual_mech_type, output_token, ret_flags,
843ab9b2e15Sgtb 				    time_rec));
844ab9b2e15Sgtb }
845ab9b2e15Sgtb 
846ab9b2e15Sgtb static OM_uint32
847ab9b2e15Sgtb k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name,
848ab9b2e15Sgtb 		    lifetime_rec, mech_type, ret_flags,
849ab9b2e15Sgtb 		    locally_initiated, open)
850ab9b2e15Sgtb     void *ctx;
851ab9b2e15Sgtb      OM_uint32 *minor_status;
852ab9b2e15Sgtb      gss_ctx_id_t context_handle;
853ab9b2e15Sgtb      gss_name_t *initiator_name;
854ab9b2e15Sgtb      gss_name_t *acceptor_name;
855ab9b2e15Sgtb      OM_uint32 *lifetime_rec;
856ab9b2e15Sgtb      gss_OID *mech_type;
857ab9b2e15Sgtb      OM_uint32 *ret_flags;
858ab9b2e15Sgtb      int *locally_initiated;
859ab9b2e15Sgtb      int *open;
860ab9b2e15Sgtb {
861ab9b2e15Sgtb    return(krb5_gss_inquire_context(minor_status, context_handle,
862ab9b2e15Sgtb 				   initiator_name, acceptor_name, lifetime_rec,
863ab9b2e15Sgtb 				   mech_type, ret_flags, locally_initiated,
864ab9b2e15Sgtb 				   open));
865ab9b2e15Sgtb }
866ab9b2e15Sgtb 
867ab9b2e15Sgtb static OM_uint32
868ab9b2e15Sgtb k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret,
869ab9b2e15Sgtb 		 cred_usage, mechanisms)
870ab9b2e15Sgtb     void *ctx;
871ab9b2e15Sgtb      OM_uint32 *minor_status;
872ab9b2e15Sgtb      gss_cred_id_t cred_handle;
873ab9b2e15Sgtb      gss_name_t *name;
874ab9b2e15Sgtb      OM_uint32 *lifetime_ret;
875ab9b2e15Sgtb      gss_cred_usage_t *cred_usage;
876ab9b2e15Sgtb      gss_OID_set *mechanisms;
877ab9b2e15Sgtb {
878ab9b2e15Sgtb    return(krb5_gss_inquire_cred(minor_status, cred_handle,
879ab9b2e15Sgtb 				name, lifetime_ret, cred_usage, mechanisms));
880ab9b2e15Sgtb }
881ab9b2e15Sgtb 
882ab9b2e15Sgtb /* V2 */
883ab9b2e15Sgtb static OM_uint32
884ab9b2e15Sgtb k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name,
885ab9b2e15Sgtb 			 initiator_lifetime, acceptor_lifetime, cred_usage)
886ab9b2e15Sgtb     void *ctx;
887ab9b2e15Sgtb      OM_uint32		 *minor_status;
888ab9b2e15Sgtb      gss_cred_id_t	cred_handle;
889ab9b2e15Sgtb      gss_OID		mech_type;
890ab9b2e15Sgtb      gss_name_t		 *name;
891ab9b2e15Sgtb      OM_uint32		 *initiator_lifetime;
892ab9b2e15Sgtb      OM_uint32		 *acceptor_lifetime;
893ab9b2e15Sgtb      gss_cred_usage_t	 *cred_usage;
894ab9b2e15Sgtb {
895ab9b2e15Sgtb    return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
896ab9b2e15Sgtb 					mech_type, name, initiator_lifetime,
897ab9b2e15Sgtb 					acceptor_lifetime, cred_usage));
898ab9b2e15Sgtb }
899ab9b2e15Sgtb 
900ab9b2e15Sgtb /* V2 */
901ab9b2e15Sgtb static OM_uint32
902ab9b2e15Sgtb k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
903ab9b2e15Sgtb     void *ctx;
904ab9b2e15Sgtb     OM_uint32	 *minor_status;
905ab9b2e15Sgtb     gss_OID	mechanism;
906ab9b2e15Sgtb     gss_OID_set	 *name_types;
907ab9b2e15Sgtb {
908ab9b2e15Sgtb     return(krb5_gss_inquire_names_for_mech(minor_status,
909ab9b2e15Sgtb 					   mechanism,
910ab9b2e15Sgtb 					   name_types));
911ab9b2e15Sgtb }
912ab9b2e15Sgtb 
913ab9b2e15Sgtb #if 0
914ab9b2e15Sgtb /* V2 */
915ab9b2e15Sgtb static OM_uint32
916ab9b2e15Sgtb k5glue_oid_to_str(ctx, minor_status, oid, oid_str)
917ab9b2e15Sgtb     void *ctx;
918ab9b2e15Sgtb     OM_uint32		 *minor_status;
919ab9b2e15Sgtb     gss_OID		oid;
920ab9b2e15Sgtb     gss_buffer_t	oid_str;
921ab9b2e15Sgtb {
922ab9b2e15Sgtb     return(generic_gss_oid_to_str(minor_status, oid, oid_str));
923ab9b2e15Sgtb }
924ab9b2e15Sgtb #endif
925ab9b2e15Sgtb 
926ab9b2e15Sgtb static OM_uint32
927ab9b2e15Sgtb k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer)
928ab9b2e15Sgtb     void *ctx;
929ab9b2e15Sgtb      OM_uint32 *minor_status;
930ab9b2e15Sgtb      gss_ctx_id_t context_handle;
931ab9b2e15Sgtb      gss_buffer_t token_buffer;
932ab9b2e15Sgtb {
933ab9b2e15Sgtb    return(krb5_gss_process_context_token(minor_status,
934ab9b2e15Sgtb 					 context_handle, token_buffer));
935ab9b2e15Sgtb }
936ab9b2e15Sgtb 
937ab9b2e15Sgtb static OM_uint32
938ab9b2e15Sgtb k5glue_release_cred(ctx, minor_status, cred_handle)
939ab9b2e15Sgtb     void *ctx;
940ab9b2e15Sgtb      OM_uint32 *minor_status;
941ab9b2e15Sgtb      gss_cred_id_t *cred_handle;
942ab9b2e15Sgtb {
943ab9b2e15Sgtb    return(krb5_gss_release_cred(minor_status, cred_handle));
944ab9b2e15Sgtb }
945ab9b2e15Sgtb 
946ab9b2e15Sgtb static OM_uint32
947ab9b2e15Sgtb k5glue_release_name(ctx, minor_status, input_name)
948ab9b2e15Sgtb     void *ctx;
949ab9b2e15Sgtb      OM_uint32 *minor_status;
950ab9b2e15Sgtb      gss_name_t *input_name;
951ab9b2e15Sgtb {
952ab9b2e15Sgtb    return(krb5_gss_release_name(minor_status, input_name));
953ab9b2e15Sgtb }
954ab9b2e15Sgtb 
955ab9b2e15Sgtb #if 0
956ab9b2e15Sgtb static OM_uint32
957ab9b2e15Sgtb k5glue_release_buffer(ctx, minor_status, buffer)
958ab9b2e15Sgtb     void *ctx;
959ab9b2e15Sgtb      OM_uint32 *minor_status;
960ab9b2e15Sgtb      gss_buffer_t buffer;
961ab9b2e15Sgtb {
962ab9b2e15Sgtb    return(generic_gss_release_buffer(minor_status,
963ab9b2e15Sgtb 				     buffer));
964ab9b2e15Sgtb }
965ab9b2e15Sgtb #endif
966ab9b2e15Sgtb 
967ab9b2e15Sgtb /* V2 */
968ab9b2e15Sgtb static OM_uint32
969ab9b2e15Sgtb k5glue_internal_release_oid(ctx, minor_status, oid)
970ab9b2e15Sgtb     void *ctx;
971ab9b2e15Sgtb      OM_uint32	 *minor_status;
972ab9b2e15Sgtb      gss_OID	 *oid;
973ab9b2e15Sgtb {
974ab9b2e15Sgtb     return(krb5_gss_internal_release_oid(minor_status, oid));
975ab9b2e15Sgtb }
976ab9b2e15Sgtb 
977ab9b2e15Sgtb #if 0
978ab9b2e15Sgtb static OM_uint32
979ab9b2e15Sgtb k5glue_release_oid_set(ctx, minor_status, set)
980ab9b2e15Sgtb     void *ctx;
981ab9b2e15Sgtb      OM_uint32 * minor_status;
982ab9b2e15Sgtb      gss_OID_set *set;
983ab9b2e15Sgtb {
984ab9b2e15Sgtb    return(generic_gss_release_oid_set(minor_status, set));
985ab9b2e15Sgtb }
986ab9b2e15Sgtb #endif
987ab9b2e15Sgtb 
988ab9b2e15Sgtb /* EXPORT DELETE START */
989ab9b2e15Sgtb /* V1 only */
990ab9b2e15Sgtb static OM_uint32
991ab9b2e15Sgtb k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
992ab9b2e15Sgtb 	 input_message_buffer, conf_state, output_message_buffer)
993ab9b2e15Sgtb     void *ctx;
994ab9b2e15Sgtb      OM_uint32 *minor_status;
995ab9b2e15Sgtb      gss_ctx_id_t context_handle;
996ab9b2e15Sgtb      int conf_req_flag;
997ab9b2e15Sgtb      int qop_req;
998ab9b2e15Sgtb      gss_buffer_t input_message_buffer;
999ab9b2e15Sgtb      int *conf_state;
1000ab9b2e15Sgtb      gss_buffer_t output_message_buffer;
1001ab9b2e15Sgtb {
1002ab9b2e15Sgtb    return(krb5_gss_seal(minor_status, context_handle,
1003ab9b2e15Sgtb 			conf_req_flag, qop_req, input_message_buffer,
1004ab9b2e15Sgtb 			conf_state, output_message_buffer));
1005ab9b2e15Sgtb }
1006ab9b2e15Sgtb /* EXPORT DELETE END */
1007ab9b2e15Sgtb 
1008ab9b2e15Sgtb static OM_uint32
1009ab9b2e15Sgtb k5glue_sign(ctx, minor_status, context_handle,
1010ab9b2e15Sgtb 	      qop_req, message_buffer,
1011ab9b2e15Sgtb 	      message_token)
1012ab9b2e15Sgtb     void *ctx;
1013ab9b2e15Sgtb      OM_uint32 *minor_status;
1014ab9b2e15Sgtb      gss_ctx_id_t context_handle;
1015ab9b2e15Sgtb      int qop_req;
1016ab9b2e15Sgtb      gss_buffer_t message_buffer;
1017ab9b2e15Sgtb      gss_buffer_t message_token;
1018ab9b2e15Sgtb {
1019ab9b2e15Sgtb    return(krb5_gss_sign(minor_status, context_handle,
1020ab9b2e15Sgtb 			qop_req, message_buffer, message_token));
1021ab9b2e15Sgtb }
1022ab9b2e15Sgtb 
1023ab9b2e15Sgtb #if 0
1024ab9b2e15Sgtb /* V2 */
1025ab9b2e15Sgtb static OM_uint32
1026ab9b2e15Sgtb k5glue_verify_mic(ctx, minor_status, context_handle,
1027ab9b2e15Sgtb 	       message_buffer, token_buffer, qop_state)
1028ab9b2e15Sgtb     void *ctx;
1029ab9b2e15Sgtb      OM_uint32		 *minor_status;
1030ab9b2e15Sgtb      gss_ctx_id_t	context_handle;
1031ab9b2e15Sgtb      gss_buffer_t	message_buffer;
1032ab9b2e15Sgtb      gss_buffer_t	token_buffer;
1033ab9b2e15Sgtb      gss_qop_t		 *qop_state;
1034ab9b2e15Sgtb {
1035ab9b2e15Sgtb     return(krb5_gss_verify_mic(minor_status, context_handle,
1036ab9b2e15Sgtb 			       message_buffer, token_buffer, qop_state));
1037ab9b2e15Sgtb }
1038ab9b2e15Sgtb 
1039ab9b2e15Sgtb /* V2 */
1040ab9b2e15Sgtb static OM_uint32
1041ab9b2e15Sgtb k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req,
1042ab9b2e15Sgtb 	 input_message_buffer, conf_state, output_message_buffer)
1043ab9b2e15Sgtb     void *ctx;
1044ab9b2e15Sgtb     OM_uint32		 *minor_status;
1045ab9b2e15Sgtb     gss_ctx_id_t	context_handle;
1046ab9b2e15Sgtb     int			conf_req_flag;
1047ab9b2e15Sgtb     gss_qop_t		qop_req;
1048ab9b2e15Sgtb     gss_buffer_t	input_message_buffer;
1049ab9b2e15Sgtb     int			 *conf_state;
1050ab9b2e15Sgtb     gss_buffer_t	output_message_buffer;
1051ab9b2e15Sgtb {
1052ab9b2e15Sgtb     return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req,
1053ab9b2e15Sgtb 			 input_message_buffer, conf_state,
1054ab9b2e15Sgtb 			 output_message_buffer));
1055ab9b2e15Sgtb }
1056ab9b2e15Sgtb 
1057ab9b2e15Sgtb /* V2 */
1058ab9b2e15Sgtb static OM_uint32
1059ab9b2e15Sgtb k5glue_str_to_oid(ctx, minor_status, oid_str, oid)
1060ab9b2e15Sgtb     void *ctx;
1061ab9b2e15Sgtb     OM_uint32		 *minor_status;
1062ab9b2e15Sgtb     gss_buffer_t	oid_str;
1063ab9b2e15Sgtb     gss_OID		 *oid;
1064ab9b2e15Sgtb {
1065ab9b2e15Sgtb     return(generic_gss_str_to_oid(minor_status, oid_str, oid));
1066ab9b2e15Sgtb }
1067ab9b2e15Sgtb 
1068ab9b2e15Sgtb /* V2 */
1069ab9b2e15Sgtb static OM_uint32
1070ab9b2e15Sgtb k5glue_test_oid_set_member(ctx, minor_status, member, set, present)
1071ab9b2e15Sgtb     void *ctx;
1072ab9b2e15Sgtb     OM_uint32	 *minor_status;
1073ab9b2e15Sgtb     gss_OID	member;
1074ab9b2e15Sgtb     gss_OID_set	set;
1075ab9b2e15Sgtb     int		 *present;
1076ab9b2e15Sgtb {
1077ab9b2e15Sgtb     return(generic_gss_test_oid_set_member(minor_status, member, set,
1078ab9b2e15Sgtb 					   present));
1079ab9b2e15Sgtb }
1080ab9b2e15Sgtb #endif
1081ab9b2e15Sgtb 
1082ab9b2e15Sgtb /* EXPORT DELETE START */
1083ab9b2e15Sgtb /* V1 only */
1084ab9b2e15Sgtb static OM_uint32
1085ab9b2e15Sgtb k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
1086ab9b2e15Sgtb 	   output_message_buffer, conf_state, qop_state)
1087ab9b2e15Sgtb     void *ctx;
1088ab9b2e15Sgtb      OM_uint32 *minor_status;
1089ab9b2e15Sgtb      gss_ctx_id_t context_handle;
1090ab9b2e15Sgtb      gss_buffer_t input_message_buffer;
1091ab9b2e15Sgtb      gss_buffer_t output_message_buffer;
1092ab9b2e15Sgtb      int *conf_state;
1093ab9b2e15Sgtb      int *qop_state;
1094ab9b2e15Sgtb {
1095ab9b2e15Sgtb    return(krb5_gss_unseal(minor_status, context_handle,
1096ab9b2e15Sgtb 			  input_message_buffer, output_message_buffer,
1097ab9b2e15Sgtb 			  conf_state, qop_state));
1098ab9b2e15Sgtb }
1099ab9b2e15Sgtb /* EXPORT DELETE END */
1100ab9b2e15Sgtb 
1101ab9b2e15Sgtb #if 0
1102ab9b2e15Sgtb /* V2 */
1103ab9b2e15Sgtb static OM_uint32
1104ab9b2e15Sgtb k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer,
1105ab9b2e15Sgtb 	   output_message_buffer, conf_state, qop_state)
1106ab9b2e15Sgtb     void *ctx;
1107ab9b2e15Sgtb     OM_uint32		 *minor_status;
1108ab9b2e15Sgtb     gss_ctx_id_t	context_handle;
1109ab9b2e15Sgtb     gss_buffer_t	input_message_buffer;
1110ab9b2e15Sgtb     gss_buffer_t	output_message_buffer;
1111ab9b2e15Sgtb     int			 *conf_state;
1112ab9b2e15Sgtb     gss_qop_t		 *qop_state;
1113ab9b2e15Sgtb {
1114ab9b2e15Sgtb     return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer,
1115ab9b2e15Sgtb 			   output_message_buffer, conf_state, qop_state));
1116ab9b2e15Sgtb }
1117ab9b2e15Sgtb #endif
1118ab9b2e15Sgtb 
1119ab9b2e15Sgtb /* V1 only */
1120ab9b2e15Sgtb static OM_uint32
1121ab9b2e15Sgtb k5glue_verify(ctx, minor_status, context_handle, message_buffer,
1122ab9b2e15Sgtb 	   token_buffer, qop_state)
1123ab9b2e15Sgtb     void *ctx;
1124ab9b2e15Sgtb      OM_uint32 *minor_status;
1125ab9b2e15Sgtb      gss_ctx_id_t context_handle;
1126ab9b2e15Sgtb      gss_buffer_t message_buffer;
1127ab9b2e15Sgtb      gss_buffer_t token_buffer;
1128ab9b2e15Sgtb      int *qop_state;
1129ab9b2e15Sgtb {
1130ab9b2e15Sgtb    return(krb5_gss_verify(minor_status,
1131ab9b2e15Sgtb 			  context_handle,
1132ab9b2e15Sgtb 			  message_buffer,
1133ab9b2e15Sgtb 			  token_buffer,
1134ab9b2e15Sgtb 			  qop_state));
1135ab9b2e15Sgtb }
1136ab9b2e15Sgtb 
1137ab9b2e15Sgtb /* V2 interface */
1138ab9b2e15Sgtb static OM_uint32
1139ab9b2e15Sgtb k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag,
1140ab9b2e15Sgtb 		    qop_req, req_output_size, max_input_size)
1141ab9b2e15Sgtb     void *ctx;
1142ab9b2e15Sgtb     OM_uint32		 *minor_status;
1143ab9b2e15Sgtb     gss_ctx_id_t	context_handle;
1144ab9b2e15Sgtb     int			conf_req_flag;
1145ab9b2e15Sgtb     gss_qop_t		qop_req;
1146ab9b2e15Sgtb     OM_uint32		req_output_size;
1147ab9b2e15Sgtb     OM_uint32		 *max_input_size;
1148ab9b2e15Sgtb {
1149ab9b2e15Sgtb    return(krb5_gss_wrap_size_limit(minor_status, context_handle,
1150ab9b2e15Sgtb 				   conf_req_flag, qop_req,
1151ab9b2e15Sgtb 				   req_output_size, max_input_size));
1152ab9b2e15Sgtb }
1153ab9b2e15Sgtb 
1154ab9b2e15Sgtb #if 0
1155ab9b2e15Sgtb /* V2 interface */
1156ab9b2e15Sgtb static OM_uint32
1157ab9b2e15Sgtb k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name)
1158ab9b2e15Sgtb     void *ctx;
1159ab9b2e15Sgtb 	OM_uint32  *minor_status;
1160ab9b2e15Sgtb 	const gss_name_t input_name;
1161ab9b2e15Sgtb 	const gss_OID mech_type;
1162ab9b2e15Sgtb 	gss_name_t *output_name;
1163ab9b2e15Sgtb {
1164ab9b2e15Sgtb 	return krb5_gss_canonicalize_name(minor_status, input_name,
1165ab9b2e15Sgtb 					  mech_type, output_name);
1166ab9b2e15Sgtb }
1167ab9b2e15Sgtb #endif
1168ab9b2e15Sgtb 
1169ab9b2e15Sgtb /* V2 interface */
1170ab9b2e15Sgtb static OM_uint32
1171ab9b2e15Sgtb k5glue_export_name(ctx, minor_status, input_name, exported_name)
1172ab9b2e15Sgtb     void *ctx;
1173ab9b2e15Sgtb 	OM_uint32  *minor_status;
1174ab9b2e15Sgtb 	const gss_name_t input_name;
1175ab9b2e15Sgtb 	gss_buffer_t exported_name;
1176ab9b2e15Sgtb {
1177ab9b2e15Sgtb 	return krb5_gss_export_name(minor_status, input_name, exported_name);
1178ab9b2e15Sgtb }
1179ab9b2e15Sgtb 
1180ab9b2e15Sgtb /* SUNW15resync - this is not in the MIT mech (lib) yet */
1181ab9b2e15Sgtb static OM_uint32
1182ab9b2e15Sgtb k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech,
1183ab9b2e15Sgtb 			overwrite_cred, default_cred, elements_stored,
1184ab9b2e15Sgtb 			cred_usage_stored)
1185ab9b2e15Sgtb void *ctx;
1186ab9b2e15Sgtb OM_uint32 *minor_status;
1187ab9b2e15Sgtb const gss_cred_id_t input_cred;
1188ab9b2e15Sgtb gss_cred_usage_t cred_usage;
1189ab9b2e15Sgtb gss_OID desired_mech;
1190ab9b2e15Sgtb OM_uint32 overwrite_cred;
1191ab9b2e15Sgtb OM_uint32 default_cred;
1192ab9b2e15Sgtb gss_OID_set *elements_stored;
1193ab9b2e15Sgtb gss_cred_usage_t *cred_usage_stored;
1194ab9b2e15Sgtb {
1195ab9b2e15Sgtb   return(krb5_gss_store_cred(minor_status, input_cred,
1196ab9b2e15Sgtb 			    cred_usage, desired_mech,
1197ab9b2e15Sgtb 			    overwrite_cred, default_cred, elements_stored,
1198ab9b2e15Sgtb 			    cred_usage_stored));
1199ab9b2e15Sgtb }
1200ab9b2e15Sgtb 
1201ab9b2e15Sgtb static OM_uint32
1202ab9b2e15Sgtb k5glue_userok(
1203ab9b2e15Sgtb 		    void *ctxt,		/* context */
1204ab9b2e15Sgtb 		    OM_uint32 *minor,	/* minor_status */
1205ab9b2e15Sgtb 		    const gss_name_t pname,	/* pname */
1206ab9b2e15Sgtb 		    const char *user,	/* local user */
1207ab9b2e15Sgtb 		    int *user_ok		/* user ok? */
1208ab9b2e15Sgtb 	/* */)
1209ab9b2e15Sgtb {
1210ab9b2e15Sgtb   return(krb5_gss_userok(minor, pname, user, user_ok));
1211ab9b2e15Sgtb }
1212ab9b2e15Sgtb 
1213ab9b2e15Sgtb static OM_uint32
1214ab9b2e15Sgtb k5glue_pname_to_uid(
1215ab9b2e15Sgtb 		    void *ctxt,		/* context */
1216ab9b2e15Sgtb 		    OM_uint32 *minor,	/* minor_status */
1217ab9b2e15Sgtb 		    const gss_name_t pname,	/* pname */
1218ab9b2e15Sgtb 		    uid_t *uidOut		/* uid */
1219ab9b2e15Sgtb 	/* */)
1220ab9b2e15Sgtb {
1221ab9b2e15Sgtb   return (krb5_pname_to_uid(minor, pname, uidOut));
1222ab9b2e15Sgtb }
1223ab9b2e15Sgtb 
1224ab9b2e15Sgtb 
1225ab9b2e15Sgtb 
1226ab9b2e15Sgtb #if 0
1227ab9b2e15Sgtb /* V2 interface */
1228ab9b2e15Sgtb static OM_uint32
1229ab9b2e15Sgtb k5glue_duplicate_name(ctx, minor_status, input_name, dest_name)
1230ab9b2e15Sgtb     void *ctx;
1231ab9b2e15Sgtb 	OM_uint32  *minor_status;
1232ab9b2e15Sgtb 	const gss_name_t input_name;
1233ab9b2e15Sgtb 	gss_name_t *dest_name;
1234ab9b2e15Sgtb {
1235ab9b2e15Sgtb 	return krb5_gss_duplicate_name(minor_status, input_name, dest_name);
1236ab9b2e15Sgtb }
1237ab9b2e15Sgtb #endif
1238ab9b2e15Sgtb 
1239ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV
1240ab9b2e15Sgtb gss_krb5_get_tkt_flags(
1241ab9b2e15Sgtb     OM_uint32 *minor_status,
1242ab9b2e15Sgtb     gss_ctx_id_t context_handle,
1243ab9b2e15Sgtb     krb5_flags *ticket_flags)
1244ab9b2e15Sgtb {
1245ab9b2e15Sgtb     gss_union_ctx_id_t uctx;
1246ab9b2e15Sgtb 
1247ab9b2e15Sgtb     uctx = (gss_union_ctx_id_t)context_handle;
1248ab9b2e15Sgtb     if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) &&
1249ab9b2e15Sgtb 	!g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type))
1250ab9b2e15Sgtb 	return GSS_S_BAD_MECH;
1251ab9b2e15Sgtb     return gss_krb5int_get_tkt_flags(minor_status, uctx->internal_ctx_id,
1252ab9b2e15Sgtb 				     ticket_flags);
1253ab9b2e15Sgtb }
1254ab9b2e15Sgtb 
1255ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV
1256ab9b2e15Sgtb gss_krb5_copy_ccache(
1257ab9b2e15Sgtb     OM_uint32 *minor_status,
1258ab9b2e15Sgtb     gss_cred_id_t cred_handle,
1259ab9b2e15Sgtb     krb5_ccache out_ccache)
1260ab9b2e15Sgtb {
1261ab9b2e15Sgtb     gss_union_cred_t ucred;
1262ab9b2e15Sgtb     gss_cred_id_t mcred;
1263ab9b2e15Sgtb 
1264ab9b2e15Sgtb     ucred = (gss_union_cred_t)cred_handle;
1265ab9b2e15Sgtb 
1266ab9b2e15Sgtb     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1267ab9b2e15Sgtb     if (mcred != GSS_C_NO_CREDENTIAL)
1268ab9b2e15Sgtb 	return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1269ab9b2e15Sgtb 
1270ab9b2e15Sgtb     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1271ab9b2e15Sgtb     if (mcred != GSS_C_NO_CREDENTIAL)
1272ab9b2e15Sgtb 	return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1273ab9b2e15Sgtb 
1274ab9b2e15Sgtb     return GSS_S_DEFECTIVE_CREDENTIAL;
1275ab9b2e15Sgtb }
1276ab9b2e15Sgtb 
1277ab9b2e15Sgtb /* XXX need to delete mechglue ctx too */
1278ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV
1279ab9b2e15Sgtb gss_krb5_export_lucid_sec_context(
1280ab9b2e15Sgtb     OM_uint32 *minor_status,
1281ab9b2e15Sgtb     gss_ctx_id_t *context_handle,
1282ab9b2e15Sgtb     OM_uint32 version,
1283ab9b2e15Sgtb     void **kctx)
1284ab9b2e15Sgtb {
1285ab9b2e15Sgtb     gss_union_ctx_id_t uctx;
1286ab9b2e15Sgtb 
1287ab9b2e15Sgtb     uctx = (gss_union_ctx_id_t)*context_handle;
1288ab9b2e15Sgtb     if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) &&
1289ab9b2e15Sgtb 	!g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type))
1290ab9b2e15Sgtb 	return GSS_S_BAD_MECH;
1291ab9b2e15Sgtb     return gss_krb5int_export_lucid_sec_context(minor_status,
1292ab9b2e15Sgtb 						&uctx->internal_ctx_id,
1293ab9b2e15Sgtb 						version, kctx);
1294ab9b2e15Sgtb }
1295ab9b2e15Sgtb 
1296ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV
1297ab9b2e15Sgtb gss_krb5_set_allowable_enctypes(
1298ab9b2e15Sgtb     OM_uint32 *minor_status,
1299ab9b2e15Sgtb     gss_cred_id_t cred,
1300ab9b2e15Sgtb     OM_uint32 num_ktypes,
1301ab9b2e15Sgtb     krb5_enctype *ktypes)
1302ab9b2e15Sgtb {
1303ab9b2e15Sgtb     gss_union_cred_t ucred;
1304ab9b2e15Sgtb     gss_cred_id_t mcred;
1305ab9b2e15Sgtb 
1306ab9b2e15Sgtb     ucred = (gss_union_cred_t)cred;
1307ab9b2e15Sgtb     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1308ab9b2e15Sgtb     if (mcred != GSS_C_NO_CREDENTIAL)
1309ab9b2e15Sgtb 	return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1310ab9b2e15Sgtb 						  num_ktypes, ktypes);
1311ab9b2e15Sgtb 
1312ab9b2e15Sgtb     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1313ab9b2e15Sgtb     if (mcred != GSS_C_NO_CREDENTIAL)
1314ab9b2e15Sgtb 	return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1315ab9b2e15Sgtb 						  num_ktypes, ktypes);
1316ab9b2e15Sgtb 
1317ab9b2e15Sgtb     return GSS_S_DEFECTIVE_CREDENTIAL;
1318ab9b2e15Sgtb }
1319ab9b2e15Sgtb 
1320ab9b2e15Sgtb /*
1321ab9b2e15Sgtb  * Glue routine for returning the mechanism-specific credential from a
1322ab9b2e15Sgtb  * external union credential.
1323ab9b2e15Sgtb  */
1324ab9b2e15Sgtb /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't
1325ab9b2e15Sgtb   want to link against libgss so we put it here since we need it in the mech */
1326ab9b2e15Sgtb gss_cred_id_t
1327ab9b2e15Sgtb gssint_get_mechanism_cred(union_cred, mech_type)
1328ab9b2e15Sgtb     gss_union_cred_t    union_cred;
1329ab9b2e15Sgtb     gss_OID             mech_type;
1330ab9b2e15Sgtb {
1331ab9b2e15Sgtb     int         i;
1332ab9b2e15Sgtb 
1333ab9b2e15Sgtb     if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL)
1334ab9b2e15Sgtb         return GSS_C_NO_CREDENTIAL;
1335ab9b2e15Sgtb 
1336ab9b2e15Sgtb     for (i=0; i < union_cred->count; i++) {
1337ab9b2e15Sgtb         if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
1338ab9b2e15Sgtb             return union_cred->cred_array[i];
1339ab9b2e15Sgtb     }
1340ab9b2e15Sgtb     return GSS_C_NO_CREDENTIAL;
1341ab9b2e15Sgtb }
1342ab9b2e15Sgtb 
1343ab9b2e15Sgtb 
1344ab9b2e15Sgtb 
1345ab9b2e15Sgtb /*
1346ab9b2e15Sgtb  * entry point for the gss layer,
1347ab9b2e15Sgtb  * called "krb5_gss_initialize()" in MIT 1.2.1
1348ab9b2e15Sgtb  */
1349ab9b2e15Sgtb /* SUNW15resync - this used to be in k5mech.c */
1350ab9b2e15Sgtb gss_mechanism
1351ab9b2e15Sgtb gss_mech_initialize(oid)
1352ab9b2e15Sgtb      const gss_OID oid;
1353ab9b2e15Sgtb {
1354ab9b2e15Sgtb     /* ensure that the requested oid matches our oid */
1355ab9b2e15Sgtb     if (oid == NULL || !g_OID_equal(oid, &krb5_mechanism.mech_type)) {
1356ab9b2e15Sgtb       (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid");
1357ab9b2e15Sgtb       return (NULL);
1358ab9b2e15Sgtb     }
1359ab9b2e15Sgtb 
1360ab9b2e15Sgtb #if 0 /* SUNW15resync - no longer needed(?) */
1361ab9b2e15Sgtb     if (krb5_gss_get_context(&(krb5_mechanism.context)) !=
1362ab9b2e15Sgtb 	GSS_S_COMPLETE)
1363ab9b2e15Sgtb       return (NULL);
1364ab9b2e15Sgtb #endif
1365ab9b2e15Sgtb 
1366ab9b2e15Sgtb     return (&krb5_mechanism);
1367ab9b2e15Sgtb }
1368ab9b2e15Sgtb 
1369