1ab9b2e15Sgtb /* 2*159d09a2SMark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3ab9b2e15Sgtb * Use is subject to license terms. 4ab9b2e15Sgtb */ 5ab9b2e15Sgtb 6ab9b2e15Sgtb 7ab9b2e15Sgtb /* 8ab9b2e15Sgtb * Copyright 1993 by OpenVision Technologies, Inc. 9ab9b2e15Sgtb * 10ab9b2e15Sgtb * Permission to use, copy, modify, distribute, and sell this software 11ab9b2e15Sgtb * and its documentation for any purpose is hereby granted without fee, 12ab9b2e15Sgtb * provided that the above copyright notice appears in all copies and 13ab9b2e15Sgtb * that both that copyright notice and this permission notice appear in 14ab9b2e15Sgtb * supporting documentation, and that the name of OpenVision not be used 15ab9b2e15Sgtb * in advertising or publicity pertaining to distribution of the software 16ab9b2e15Sgtb * without specific, written prior permission. OpenVision makes no 17ab9b2e15Sgtb * representations about the suitability of this software for any 18ab9b2e15Sgtb * purpose. It is provided "as is" without express or implied warranty. 19ab9b2e15Sgtb * 20ab9b2e15Sgtb * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 21ab9b2e15Sgtb * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 22ab9b2e15Sgtb * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 23ab9b2e15Sgtb * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 24ab9b2e15Sgtb * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 25ab9b2e15Sgtb * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 26ab9b2e15Sgtb * PERFORMANCE OF THIS SOFTWARE. 27ab9b2e15Sgtb */ 28ab9b2e15Sgtb 29ab9b2e15Sgtb /* 30*159d09a2SMark Phalan * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $ 31ab9b2e15Sgtb */ 32ab9b2e15Sgtb 33ab9b2e15Sgtb #include "gssapiP_krb5.h" 34ab9b2e15Sgtb #include "mglueP.h" 35ab9b2e15Sgtb #include <syslog.h> 36ab9b2e15Sgtb 37ab9b2e15Sgtb /** mechglue wrappers **/ 38ab9b2e15Sgtb 39ab9b2e15Sgtb static OM_uint32 k5glue_acquire_cred 40ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 41ab9b2e15Sgtb gss_name_t, /* desired_name */ 42ab9b2e15Sgtb OM_uint32, /* time_req */ 43ab9b2e15Sgtb gss_OID_set, /* desired_mechs */ 44*159d09a2SMark Phalan gss_cred_usage_t, /* cred_usage */ 45ab9b2e15Sgtb gss_cred_id_t*, /* output_cred_handle */ 46ab9b2e15Sgtb gss_OID_set*, /* actual_mechs */ 47ab9b2e15Sgtb OM_uint32* /* time_rec */ 48ab9b2e15Sgtb ); 49ab9b2e15Sgtb 50ab9b2e15Sgtb static OM_uint32 k5glue_release_cred 51ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 52ab9b2e15Sgtb gss_cred_id_t* /* cred_handle */ 53ab9b2e15Sgtb ); 54ab9b2e15Sgtb 55ab9b2e15Sgtb static OM_uint32 k5glue_init_sec_context 56ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 57ab9b2e15Sgtb gss_cred_id_t, /* claimant_cred_handle */ 58ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */ 59ab9b2e15Sgtb gss_name_t, /* target_name */ 60ab9b2e15Sgtb gss_OID, /* mech_type */ 61ab9b2e15Sgtb OM_uint32, /* req_flags */ 62ab9b2e15Sgtb OM_uint32, /* time_req */ 63ab9b2e15Sgtb gss_channel_bindings_t, 64ab9b2e15Sgtb /* input_chan_bindings */ 65ab9b2e15Sgtb gss_buffer_t, /* input_token */ 66ab9b2e15Sgtb gss_OID*, /* actual_mech_type */ 67ab9b2e15Sgtb gss_buffer_t, /* output_token */ 68ab9b2e15Sgtb OM_uint32*, /* ret_flags */ 69ab9b2e15Sgtb OM_uint32* /* time_rec */ 70ab9b2e15Sgtb ); 71ab9b2e15Sgtb 72ab9b2e15Sgtb static OM_uint32 k5glue_accept_sec_context 73ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 74ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */ 75ab9b2e15Sgtb gss_cred_id_t, /* verifier_cred_handle */ 76ab9b2e15Sgtb gss_buffer_t, /* input_token_buffer */ 77ab9b2e15Sgtb gss_channel_bindings_t, 78ab9b2e15Sgtb /* input_chan_bindings */ 79ab9b2e15Sgtb gss_name_t*, /* src_name */ 80ab9b2e15Sgtb gss_OID*, /* mech_type */ 81ab9b2e15Sgtb gss_buffer_t, /* output_token */ 82ab9b2e15Sgtb OM_uint32*, /* ret_flags */ 83ab9b2e15Sgtb OM_uint32*, /* time_rec */ 84ab9b2e15Sgtb gss_cred_id_t* /* delegated_cred_handle */ 85ab9b2e15Sgtb ); 86ab9b2e15Sgtb 87ab9b2e15Sgtb static OM_uint32 k5glue_process_context_token 88ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 89ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 90ab9b2e15Sgtb gss_buffer_t /* token_buffer */ 91ab9b2e15Sgtb ); 92ab9b2e15Sgtb 93ab9b2e15Sgtb static OM_uint32 k5glue_delete_sec_context 94ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 95ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */ 96ab9b2e15Sgtb gss_buffer_t /* output_token */ 97ab9b2e15Sgtb ); 98ab9b2e15Sgtb 99ab9b2e15Sgtb static OM_uint32 k5glue_context_time 100ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 101ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 102ab9b2e15Sgtb OM_uint32* /* time_rec */ 103ab9b2e15Sgtb ); 104ab9b2e15Sgtb 105ab9b2e15Sgtb static OM_uint32 k5glue_sign 106ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 107ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 108ab9b2e15Sgtb int, /* qop_req */ 109ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 110ab9b2e15Sgtb gss_buffer_t /* message_token */ 111ab9b2e15Sgtb ); 112ab9b2e15Sgtb 113ab9b2e15Sgtb static OM_uint32 k5glue_verify 114ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 115ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 116ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 117ab9b2e15Sgtb gss_buffer_t, /* token_buffer */ 118ab9b2e15Sgtb int* /* qop_state */ 119ab9b2e15Sgtb ); 120ab9b2e15Sgtb 121ab9b2e15Sgtb /* EXPORT DELETE START */ 122ab9b2e15Sgtb static OM_uint32 k5glue_seal 123ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 124ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 125ab9b2e15Sgtb int, /* conf_req_flag */ 126ab9b2e15Sgtb int, /* qop_req */ 127ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 128ab9b2e15Sgtb int*, /* conf_state */ 129ab9b2e15Sgtb gss_buffer_t /* output_message_buffer */ 130ab9b2e15Sgtb ); 131ab9b2e15Sgtb 132ab9b2e15Sgtb static OM_uint32 k5glue_unseal 133ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 134ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 135ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 136ab9b2e15Sgtb gss_buffer_t, /* output_message_buffer */ 137ab9b2e15Sgtb int*, /* conf_state */ 138ab9b2e15Sgtb int* /* qop_state */ 139ab9b2e15Sgtb ); 140ab9b2e15Sgtb /* EXPORT DELETE END */ 141ab9b2e15Sgtb 142ab9b2e15Sgtb static OM_uint32 k5glue_display_status 143ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 144ab9b2e15Sgtb OM_uint32, /* status_value */ 145ab9b2e15Sgtb int, /* status_type */ 146ab9b2e15Sgtb gss_OID, /* mech_type */ 147ab9b2e15Sgtb OM_uint32*, /* message_context */ 148ab9b2e15Sgtb gss_buffer_t /* status_string */ 149ab9b2e15Sgtb ); 150ab9b2e15Sgtb 151ab9b2e15Sgtb static OM_uint32 k5glue_indicate_mechs 152ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 153ab9b2e15Sgtb gss_OID_set* /* mech_set */ 154ab9b2e15Sgtb ); 155ab9b2e15Sgtb 156ab9b2e15Sgtb static OM_uint32 k5glue_compare_name 157ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 158ab9b2e15Sgtb gss_name_t, /* name1 */ 159ab9b2e15Sgtb gss_name_t, /* name2 */ 160ab9b2e15Sgtb int* /* name_equal */ 161ab9b2e15Sgtb ); 162ab9b2e15Sgtb 163ab9b2e15Sgtb static OM_uint32 k5glue_display_name 164ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 165ab9b2e15Sgtb gss_name_t, /* input_name */ 166ab9b2e15Sgtb gss_buffer_t, /* output_name_buffer */ 167ab9b2e15Sgtb gss_OID* /* output_name_type */ 168ab9b2e15Sgtb ); 169ab9b2e15Sgtb 170ab9b2e15Sgtb static OM_uint32 k5glue_import_name 171ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 172ab9b2e15Sgtb gss_buffer_t, /* input_name_buffer */ 173ab9b2e15Sgtb gss_OID, /* input_name_type */ 174ab9b2e15Sgtb gss_name_t* /* output_name */ 175ab9b2e15Sgtb ); 176ab9b2e15Sgtb 177ab9b2e15Sgtb static OM_uint32 k5glue_release_name 178ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 179ab9b2e15Sgtb gss_name_t* /* input_name */ 180ab9b2e15Sgtb ); 181ab9b2e15Sgtb 182ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred 183ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 184ab9b2e15Sgtb gss_cred_id_t, /* cred_handle */ 185ab9b2e15Sgtb gss_name_t *, /* name */ 186ab9b2e15Sgtb OM_uint32 *, /* lifetime */ 187ab9b2e15Sgtb gss_cred_usage_t*,/* cred_usage */ 188ab9b2e15Sgtb gss_OID_set * /* mechanisms */ 189ab9b2e15Sgtb ); 190ab9b2e15Sgtb 191ab9b2e15Sgtb static OM_uint32 k5glue_inquire_context 192ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 193ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 194ab9b2e15Sgtb gss_name_t*, /* initiator_name */ 195ab9b2e15Sgtb gss_name_t*, /* acceptor_name */ 196ab9b2e15Sgtb OM_uint32*, /* lifetime_rec */ 197ab9b2e15Sgtb gss_OID*, /* mech_type */ 198ab9b2e15Sgtb OM_uint32*, /* ret_flags */ 199ab9b2e15Sgtb int*, /* locally_initiated */ 200ab9b2e15Sgtb int* /* open */ 201ab9b2e15Sgtb ); 202ab9b2e15Sgtb 203ab9b2e15Sgtb #if 0 204ab9b2e15Sgtb /* New V2 entry points */ 205ab9b2e15Sgtb static OM_uint32 k5glue_get_mic 206ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 207ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 208ab9b2e15Sgtb gss_qop_t, /* qop_req */ 209ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 210ab9b2e15Sgtb gss_buffer_t /* message_token */ 211ab9b2e15Sgtb ); 212ab9b2e15Sgtb 213ab9b2e15Sgtb static OM_uint32 k5glue_verify_mic 214ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 215ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 216ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 217ab9b2e15Sgtb gss_buffer_t, /* message_token */ 218ab9b2e15Sgtb gss_qop_t * /* qop_state */ 219ab9b2e15Sgtb ); 220ab9b2e15Sgtb 221ab9b2e15Sgtb static OM_uint32 k5glue_wrap 222ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 223ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 224ab9b2e15Sgtb int, /* conf_req_flag */ 225ab9b2e15Sgtb gss_qop_t, /* qop_req */ 226ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 227ab9b2e15Sgtb int *, /* conf_state */ 228ab9b2e15Sgtb gss_buffer_t /* output_message_buffer */ 229ab9b2e15Sgtb ); 230ab9b2e15Sgtb 231ab9b2e15Sgtb static OM_uint32 k5glue_unwrap 232ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 233ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 234ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 235ab9b2e15Sgtb gss_buffer_t, /* output_message_buffer */ 236ab9b2e15Sgtb int *, /* conf_state */ 237ab9b2e15Sgtb gss_qop_t * /* qop_state */ 238ab9b2e15Sgtb ); 239ab9b2e15Sgtb #endif 240ab9b2e15Sgtb 241ab9b2e15Sgtb static OM_uint32 k5glue_wrap_size_limit 242ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 243ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 244ab9b2e15Sgtb int, /* conf_req_flag */ 245ab9b2e15Sgtb gss_qop_t, /* qop_req */ 246ab9b2e15Sgtb OM_uint32, /* req_output_size */ 247ab9b2e15Sgtb OM_uint32 * /* max_input_size */ 248ab9b2e15Sgtb ); 249ab9b2e15Sgtb 250ab9b2e15Sgtb #if 0 251ab9b2e15Sgtb static OM_uint32 k5glue_import_name_object 252ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 253ab9b2e15Sgtb void *, /* input_name */ 254ab9b2e15Sgtb gss_OID, /* input_name_type */ 255ab9b2e15Sgtb gss_name_t * /* output_name */ 256ab9b2e15Sgtb ); 257ab9b2e15Sgtb 258ab9b2e15Sgtb static OM_uint32 k5glue_export_name_object 259ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 260ab9b2e15Sgtb gss_name_t, /* input_name */ 261ab9b2e15Sgtb gss_OID, /* desired_name_type */ 262ab9b2e15Sgtb void * * /* output_name */ 263ab9b2e15Sgtb ); 264ab9b2e15Sgtb #endif 265ab9b2e15Sgtb 266ab9b2e15Sgtb static OM_uint32 k5glue_add_cred 267ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 268ab9b2e15Sgtb gss_cred_id_t, /* input_cred_handle */ 269ab9b2e15Sgtb gss_name_t, /* desired_name */ 270ab9b2e15Sgtb gss_OID, /* desired_mech */ 271ab9b2e15Sgtb gss_cred_usage_t, /* cred_usage */ 272ab9b2e15Sgtb OM_uint32, /* initiator_time_req */ 273ab9b2e15Sgtb OM_uint32, /* acceptor_time_req */ 274ab9b2e15Sgtb gss_cred_id_t *, /* output_cred_handle */ 275ab9b2e15Sgtb gss_OID_set *, /* actual_mechs */ 276ab9b2e15Sgtb OM_uint32 *, /* initiator_time_rec */ 277ab9b2e15Sgtb OM_uint32 * /* acceptor_time_rec */ 278ab9b2e15Sgtb ); 279ab9b2e15Sgtb 280ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred_by_mech 281ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 282ab9b2e15Sgtb gss_cred_id_t, /* cred_handle */ 283ab9b2e15Sgtb gss_OID, /* mech_type */ 284ab9b2e15Sgtb gss_name_t *, /* name */ 285ab9b2e15Sgtb OM_uint32 *, /* initiator_lifetime */ 286ab9b2e15Sgtb OM_uint32 *, /* acceptor_lifetime */ 287ab9b2e15Sgtb gss_cred_usage_t * /* cred_usage */ 288ab9b2e15Sgtb ); 289ab9b2e15Sgtb 290ab9b2e15Sgtb static OM_uint32 k5glue_export_sec_context 291ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 292ab9b2e15Sgtb gss_ctx_id_t *, /* context_handle */ 293ab9b2e15Sgtb gss_buffer_t /* interprocess_token */ 294ab9b2e15Sgtb ); 295ab9b2e15Sgtb 296ab9b2e15Sgtb static OM_uint32 k5glue_import_sec_context 297ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 298ab9b2e15Sgtb gss_buffer_t, /* interprocess_token */ 299ab9b2e15Sgtb gss_ctx_id_t * /* context_handle */ 300ab9b2e15Sgtb ); 301ab9b2e15Sgtb 302ab9b2e15Sgtb krb5_error_code k5glue_ser_init(krb5_context); 303ab9b2e15Sgtb 304ab9b2e15Sgtb static OM_uint32 k5glue_internal_release_oid 305ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 306ab9b2e15Sgtb gss_OID * /* oid */ 307ab9b2e15Sgtb ); 308ab9b2e15Sgtb 309ab9b2e15Sgtb static OM_uint32 k5glue_inquire_names_for_mech 310ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 311ab9b2e15Sgtb gss_OID, /* mechanism */ 312ab9b2e15Sgtb gss_OID_set * /* name_types */ 313ab9b2e15Sgtb ); 314ab9b2e15Sgtb 315ab9b2e15Sgtb #if 0 316ab9b2e15Sgtb static OM_uint32 k5glue_canonicalize_name 317ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 318ab9b2e15Sgtb const gss_name_t, /* input_name */ 319ab9b2e15Sgtb const gss_OID, /* mech_type */ 320ab9b2e15Sgtb gss_name_t * /* output_name */ 321ab9b2e15Sgtb ); 322ab9b2e15Sgtb #endif 323ab9b2e15Sgtb 324ab9b2e15Sgtb static OM_uint32 k5glue_export_name 325ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 326ab9b2e15Sgtb const gss_name_t, /* input_name */ 327ab9b2e15Sgtb gss_buffer_t /* exported_name */ 328ab9b2e15Sgtb ); 329ab9b2e15Sgtb 330ab9b2e15Sgtb /* SUNW15resync - Solaris specific */ 331ab9b2e15Sgtb static OM_uint32 k5glue_store_cred ( 332ab9b2e15Sgtb void *, 333ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 334ab9b2e15Sgtb const gss_cred_id_t, /* input_cred */ 335ab9b2e15Sgtb gss_cred_usage_t, /* cred_usage */ 336ab9b2e15Sgtb const gss_OID, /* desired_mech */ 337ab9b2e15Sgtb OM_uint32, /* overwrite_cred */ 338ab9b2e15Sgtb OM_uint32, /* default_cred */ 339ab9b2e15Sgtb gss_OID_set *, /* elements_stored */ 340ab9b2e15Sgtb gss_cred_usage_t * /* cred_usage_stored */ 341ab9b2e15Sgtb ); 342ab9b2e15Sgtb 343ab9b2e15Sgtb static OM_uint32 344ab9b2e15Sgtb k5glue_userok( 345ab9b2e15Sgtb void *, /* context */ 346ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 347ab9b2e15Sgtb const gss_name_t, /* pname */ 348ab9b2e15Sgtb const char *, /* local user */ 349ab9b2e15Sgtb int * /* user ok? */ 350ab9b2e15Sgtb /* */); 351ab9b2e15Sgtb 352ab9b2e15Sgtb static OM_uint32 353ab9b2e15Sgtb k5glue_pname_to_uid( 354ab9b2e15Sgtb void *, /* context */ 355ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 356ab9b2e15Sgtb const gss_name_t, /* pname */ 357ab9b2e15Sgtb uid_t * /* uid */ 358ab9b2e15Sgtb /* */); 359ab9b2e15Sgtb 360ab9b2e15Sgtb 361ab9b2e15Sgtb 362ab9b2e15Sgtb 363ab9b2e15Sgtb #if 0 364ab9b2e15Sgtb static OM_uint32 k5glue_duplicate_name 365ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 366ab9b2e15Sgtb const gss_name_t, /* input_name */ 367ab9b2e15Sgtb gss_name_t * /* dest_name */ 368ab9b2e15Sgtb ); 369ab9b2e15Sgtb #endif 370ab9b2e15Sgtb 371ab9b2e15Sgtb #if 0 372ab9b2e15Sgtb static OM_uint32 k5glue_validate_cred 373ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 374ab9b2e15Sgtb gss_cred_id_t /* cred */ 375ab9b2e15Sgtb ); 376ab9b2e15Sgtb #endif 377ab9b2e15Sgtb 378ab9b2e15Sgtb #if 0 379ab9b2e15Sgtb /* 380ab9b2e15Sgtb * SUNW15resync 381ab9b2e15Sgtb * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src 382ab9b2e15Sgtb * slicing&dicing needs of the "nightly -SD" build. When it goes away, 383ab9b2e15Sgtb * we should use it assuming MIT still uses it then. 384ab9b2e15Sgtb */ 385ab9b2e15Sgtb 386ab9b2e15Sgtb /* 387ab9b2e15Sgtb * The krb5 mechanism provides two mech OIDs; use this initializer to 388ab9b2e15Sgtb * ensure that both dispatch tables contain identical function 389ab9b2e15Sgtb * pointers. 390ab9b2e15Sgtb */ 391ab9b2e15Sgtb #define KRB5_GSS_CONFIG_INIT \ 392ab9b2e15Sgtb NULL, \ 393ab9b2e15Sgtb ... 394ab9b2e15Sgtb #endif 395ab9b2e15Sgtb 396ab9b2e15Sgtb 397ab9b2e15Sgtb static struct gss_config krb5_mechanism = { 398ab9b2e15Sgtb #if 0 /* Solaris Kerberos */ 399ab9b2e15Sgtb 100, "kerberos_v5", 400ab9b2e15Sgtb #endif 401ab9b2e15Sgtb { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, 402ab9b2e15Sgtb NULL, 403ab9b2e15Sgtb k5glue_acquire_cred, 404ab9b2e15Sgtb k5glue_release_cred, 405ab9b2e15Sgtb k5glue_init_sec_context, 406ab9b2e15Sgtb k5glue_accept_sec_context, 407ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 408ab9b2e15Sgtb k5glue_unseal, 409ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 410ab9b2e15Sgtb k5glue_process_context_token, 411ab9b2e15Sgtb k5glue_delete_sec_context, 412ab9b2e15Sgtb k5glue_context_time, 413ab9b2e15Sgtb k5glue_display_status, 414ab9b2e15Sgtb k5glue_indicate_mechs, 415ab9b2e15Sgtb k5glue_compare_name, 416ab9b2e15Sgtb k5glue_display_name, 417ab9b2e15Sgtb k5glue_import_name, 418ab9b2e15Sgtb k5glue_release_name, 419ab9b2e15Sgtb k5glue_inquire_cred, 420ab9b2e15Sgtb k5glue_add_cred, 421ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 422ab9b2e15Sgtb k5glue_seal, 423ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 424ab9b2e15Sgtb k5glue_export_sec_context, 425ab9b2e15Sgtb k5glue_import_sec_context, 426ab9b2e15Sgtb k5glue_inquire_cred_by_mech, 427ab9b2e15Sgtb k5glue_inquire_names_for_mech, 428ab9b2e15Sgtb k5glue_inquire_context, 429ab9b2e15Sgtb k5glue_internal_release_oid, 430ab9b2e15Sgtb k5glue_wrap_size_limit, 431ab9b2e15Sgtb k5glue_pname_to_uid, 432ab9b2e15Sgtb k5glue_userok, 433ab9b2e15Sgtb k5glue_export_name, 434ab9b2e15Sgtb /* EXPORT DELETE START */ 435ab9b2e15Sgtb /* CRYPT DELETE START */ 436ab9b2e15Sgtb #if 0 437ab9b2e15Sgtb /* CRYPT DELETE END */ 438ab9b2e15Sgtb k5glue_seal, 439ab9b2e15Sgtb k5glue_unseal, 440ab9b2e15Sgtb /* CRYPT DELETE START */ 441ab9b2e15Sgtb #endif 442ab9b2e15Sgtb /* CRYPT DELETE END */ 443ab9b2e15Sgtb /* EXPORT DELETE END */ 444ab9b2e15Sgtb k5glue_sign, 445ab9b2e15Sgtb k5glue_verify, 446ab9b2e15Sgtb k5glue_store_cred 447ab9b2e15Sgtb }; 448ab9b2e15Sgtb 449ab9b2e15Sgtb static struct gss_config krb5_mechanism_old = { 450ab9b2e15Sgtb #if 0 /* Solaris Kerberos */ 451ab9b2e15Sgtb 200, "kerberos_v5 (pre-RFC OID)", 452ab9b2e15Sgtb #endif 453ab9b2e15Sgtb { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID }, 454ab9b2e15Sgtb NULL, 455ab9b2e15Sgtb k5glue_acquire_cred, 456ab9b2e15Sgtb k5glue_release_cred, 457ab9b2e15Sgtb k5glue_init_sec_context, 458ab9b2e15Sgtb k5glue_accept_sec_context, 459ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 460ab9b2e15Sgtb k5glue_unseal, 461ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 462ab9b2e15Sgtb k5glue_process_context_token, 463ab9b2e15Sgtb k5glue_delete_sec_context, 464ab9b2e15Sgtb k5glue_context_time, 465ab9b2e15Sgtb k5glue_display_status, 466ab9b2e15Sgtb k5glue_indicate_mechs, 467ab9b2e15Sgtb k5glue_compare_name, 468ab9b2e15Sgtb k5glue_display_name, 469ab9b2e15Sgtb k5glue_import_name, 470ab9b2e15Sgtb k5glue_release_name, 471ab9b2e15Sgtb k5glue_inquire_cred, 472ab9b2e15Sgtb k5glue_add_cred, 473ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 474ab9b2e15Sgtb k5glue_seal, 475ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 476ab9b2e15Sgtb k5glue_export_sec_context, 477ab9b2e15Sgtb k5glue_import_sec_context, 478ab9b2e15Sgtb k5glue_inquire_cred_by_mech, 479ab9b2e15Sgtb k5glue_inquire_names_for_mech, 480ab9b2e15Sgtb k5glue_inquire_context, 481ab9b2e15Sgtb k5glue_internal_release_oid, 482ab9b2e15Sgtb k5glue_wrap_size_limit, 483ab9b2e15Sgtb k5glue_pname_to_uid, 484ab9b2e15Sgtb k5glue_userok, 485ab9b2e15Sgtb k5glue_export_name, 486ab9b2e15Sgtb /* EXPORT DELETE START */ 487ab9b2e15Sgtb /* CRYPT DELETE START */ 488ab9b2e15Sgtb #if 0 489ab9b2e15Sgtb /* CRYPT DELETE END */ 490ab9b2e15Sgtb k5glue_seal, 491ab9b2e15Sgtb k5glue_unseal, 492ab9b2e15Sgtb /* CRYPT DELETE START */ 493ab9b2e15Sgtb #endif 494ab9b2e15Sgtb /* CRYPT DELETE END */ 495ab9b2e15Sgtb /* EXPORT DELETE END */ 496ab9b2e15Sgtb k5glue_sign, 497ab9b2e15Sgtb k5glue_verify, 498ab9b2e15Sgtb k5glue_store_cred 499ab9b2e15Sgtb }; 500ab9b2e15Sgtb 501ab9b2e15Sgtb static struct gss_config krb5_mechanism_wrong = { 502ab9b2e15Sgtb #if 0 /* Solaris Kerberos */ 503ab9b2e15Sgtb 300, "kerberos_v5 (wrong OID)", 504ab9b2e15Sgtb #endif 505ab9b2e15Sgtb { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID }, 506ab9b2e15Sgtb NULL, 507ab9b2e15Sgtb k5glue_acquire_cred, 508ab9b2e15Sgtb k5glue_release_cred, 509ab9b2e15Sgtb k5glue_init_sec_context, 510ab9b2e15Sgtb k5glue_accept_sec_context, 511ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 512ab9b2e15Sgtb k5glue_unseal, 513ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 514ab9b2e15Sgtb k5glue_process_context_token, 515ab9b2e15Sgtb k5glue_delete_sec_context, 516ab9b2e15Sgtb k5glue_context_time, 517ab9b2e15Sgtb k5glue_display_status, 518ab9b2e15Sgtb k5glue_indicate_mechs, 519ab9b2e15Sgtb k5glue_compare_name, 520ab9b2e15Sgtb k5glue_display_name, 521ab9b2e15Sgtb k5glue_import_name, 522ab9b2e15Sgtb k5glue_release_name, 523ab9b2e15Sgtb k5glue_inquire_cred, 524ab9b2e15Sgtb k5glue_add_cred, 525ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 526ab9b2e15Sgtb k5glue_seal, 527ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 528ab9b2e15Sgtb k5glue_export_sec_context, 529ab9b2e15Sgtb k5glue_import_sec_context, 530ab9b2e15Sgtb k5glue_inquire_cred_by_mech, 531ab9b2e15Sgtb k5glue_inquire_names_for_mech, 532ab9b2e15Sgtb k5glue_inquire_context, 533ab9b2e15Sgtb k5glue_internal_release_oid, 534ab9b2e15Sgtb k5glue_wrap_size_limit, 535ab9b2e15Sgtb k5glue_pname_to_uid, 536ab9b2e15Sgtb k5glue_userok, 537ab9b2e15Sgtb k5glue_export_name, 538ab9b2e15Sgtb /* EXPORT DELETE START */ 539ab9b2e15Sgtb /* CRYPT DELETE START */ 540ab9b2e15Sgtb #if 0 541ab9b2e15Sgtb /* CRYPT DELETE END */ 542ab9b2e15Sgtb k5glue_seal, 543ab9b2e15Sgtb k5glue_unseal, 544ab9b2e15Sgtb /* CRYPT DELETE START */ 545ab9b2e15Sgtb #endif 546ab9b2e15Sgtb /* CRYPT DELETE END */ 547ab9b2e15Sgtb /* EXPORT DELETE END */ 548ab9b2e15Sgtb k5glue_sign, 549ab9b2e15Sgtb k5glue_verify, 550ab9b2e15Sgtb k5glue_store_cred 551ab9b2e15Sgtb }; 552ab9b2e15Sgtb 553ab9b2e15Sgtb static gss_mechanism krb5_mech_configs[] = { 554ab9b2e15Sgtb &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL 555ab9b2e15Sgtb }; 556ab9b2e15Sgtb 557ab9b2e15Sgtb #ifdef MS_BUG_TEST 558ab9b2e15Sgtb static gss_mechanism krb5_mech_configs_hack[] = { 559ab9b2e15Sgtb &krb5_mechanism, &krb5_mechanism_old, NULL 560ab9b2e15Sgtb }; 561ab9b2e15Sgtb #endif 562ab9b2e15Sgtb 563ab9b2e15Sgtb #if 1 564ab9b2e15Sgtb #define gssint_get_mech_configs krb5_gss_get_mech_configs 565ab9b2e15Sgtb #endif 566ab9b2e15Sgtb 567ab9b2e15Sgtb gss_mechanism * 568ab9b2e15Sgtb gssint_get_mech_configs(void) 569ab9b2e15Sgtb { 570ab9b2e15Sgtb #ifdef MS_BUG_TEST 571ab9b2e15Sgtb char *envstr = getenv("MS_FORCE_NO_MSOID"); 572ab9b2e15Sgtb 573ab9b2e15Sgtb if (envstr != NULL && strcmp(envstr, "1") == 0) { 574ab9b2e15Sgtb return krb5_mech_configs_hack; 575ab9b2e15Sgtb } 576ab9b2e15Sgtb #endif 577ab9b2e15Sgtb return krb5_mech_configs; 578ab9b2e15Sgtb } 579ab9b2e15Sgtb 580ab9b2e15Sgtb static OM_uint32 581ab9b2e15Sgtb k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle, 582ab9b2e15Sgtb input_token, input_chan_bindings, src_name, mech_type, 583ab9b2e15Sgtb output_token, ret_flags, time_rec, delegated_cred_handle) 584ab9b2e15Sgtb void *ctx; 585ab9b2e15Sgtb OM_uint32 *minor_status; 586ab9b2e15Sgtb gss_ctx_id_t *context_handle; 587ab9b2e15Sgtb gss_cred_id_t verifier_cred_handle; 588ab9b2e15Sgtb gss_buffer_t input_token; 589ab9b2e15Sgtb gss_channel_bindings_t input_chan_bindings; 590ab9b2e15Sgtb gss_name_t *src_name; 591ab9b2e15Sgtb gss_OID *mech_type; 592ab9b2e15Sgtb gss_buffer_t output_token; 593ab9b2e15Sgtb OM_uint32 *ret_flags; 594ab9b2e15Sgtb OM_uint32 *time_rec; 595ab9b2e15Sgtb gss_cred_id_t *delegated_cred_handle; 596ab9b2e15Sgtb { 597ab9b2e15Sgtb return(krb5_gss_accept_sec_context(minor_status, 598ab9b2e15Sgtb context_handle, 599ab9b2e15Sgtb verifier_cred_handle, 600ab9b2e15Sgtb input_token, 601ab9b2e15Sgtb input_chan_bindings, 602ab9b2e15Sgtb src_name, 603ab9b2e15Sgtb mech_type, 604ab9b2e15Sgtb output_token, 605ab9b2e15Sgtb ret_flags, 606ab9b2e15Sgtb time_rec, 607ab9b2e15Sgtb delegated_cred_handle)); 608ab9b2e15Sgtb } 609ab9b2e15Sgtb 610ab9b2e15Sgtb static OM_uint32 611ab9b2e15Sgtb k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs, 612ab9b2e15Sgtb cred_usage, output_cred_handle, actual_mechs, time_rec) 613ab9b2e15Sgtb void *ctx; 614ab9b2e15Sgtb OM_uint32 *minor_status; 615ab9b2e15Sgtb gss_name_t desired_name; 616ab9b2e15Sgtb OM_uint32 time_req; 617ab9b2e15Sgtb gss_OID_set desired_mechs; 618*159d09a2SMark Phalan gss_cred_usage_t cred_usage; 619ab9b2e15Sgtb gss_cred_id_t *output_cred_handle; 620ab9b2e15Sgtb gss_OID_set *actual_mechs; 621ab9b2e15Sgtb OM_uint32 *time_rec; 622ab9b2e15Sgtb { 623ab9b2e15Sgtb return(krb5_gss_acquire_cred(minor_status, 624ab9b2e15Sgtb desired_name, 625ab9b2e15Sgtb time_req, 626ab9b2e15Sgtb desired_mechs, 627ab9b2e15Sgtb cred_usage, 628ab9b2e15Sgtb output_cred_handle, 629ab9b2e15Sgtb actual_mechs, 630ab9b2e15Sgtb time_rec)); 631ab9b2e15Sgtb } 632ab9b2e15Sgtb 633ab9b2e15Sgtb /* V2 */ 634ab9b2e15Sgtb static OM_uint32 635ab9b2e15Sgtb k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech, 636ab9b2e15Sgtb cred_usage, initiator_time_req, acceptor_time_req, 637ab9b2e15Sgtb output_cred_handle, actual_mechs, initiator_time_rec, 638ab9b2e15Sgtb acceptor_time_rec) 639ab9b2e15Sgtb void *ctx; 640ab9b2e15Sgtb OM_uint32 *minor_status; 641ab9b2e15Sgtb gss_cred_id_t input_cred_handle; 642ab9b2e15Sgtb gss_name_t desired_name; 643ab9b2e15Sgtb gss_OID desired_mech; 644ab9b2e15Sgtb gss_cred_usage_t cred_usage; 645ab9b2e15Sgtb OM_uint32 initiator_time_req; 646ab9b2e15Sgtb OM_uint32 acceptor_time_req; 647ab9b2e15Sgtb gss_cred_id_t *output_cred_handle; 648ab9b2e15Sgtb gss_OID_set *actual_mechs; 649ab9b2e15Sgtb OM_uint32 *initiator_time_rec; 650ab9b2e15Sgtb OM_uint32 *acceptor_time_rec; 651ab9b2e15Sgtb { 652ab9b2e15Sgtb return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name, 653ab9b2e15Sgtb desired_mech, cred_usage, initiator_time_req, 654ab9b2e15Sgtb acceptor_time_req, output_cred_handle, 655ab9b2e15Sgtb actual_mechs, initiator_time_rec, 656ab9b2e15Sgtb acceptor_time_rec)); 657ab9b2e15Sgtb } 658ab9b2e15Sgtb 659ab9b2e15Sgtb #if 0 660ab9b2e15Sgtb /* V2 */ 661ab9b2e15Sgtb static OM_uint32 662ab9b2e15Sgtb k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set) 663ab9b2e15Sgtb void *ctx; 664ab9b2e15Sgtb OM_uint32 *minor_status; 665ab9b2e15Sgtb gss_OID member_oid; 666ab9b2e15Sgtb gss_OID_set *oid_set; 667ab9b2e15Sgtb { 668ab9b2e15Sgtb return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set)); 669ab9b2e15Sgtb } 670ab9b2e15Sgtb #endif 671ab9b2e15Sgtb 672ab9b2e15Sgtb static OM_uint32 673ab9b2e15Sgtb k5glue_compare_name(ctx, minor_status, name1, name2, name_equal) 674ab9b2e15Sgtb void *ctx; 675ab9b2e15Sgtb OM_uint32 *minor_status; 676ab9b2e15Sgtb gss_name_t name1; 677ab9b2e15Sgtb gss_name_t name2; 678ab9b2e15Sgtb int *name_equal; 679ab9b2e15Sgtb { 680ab9b2e15Sgtb return(krb5_gss_compare_name(minor_status, name1, 681ab9b2e15Sgtb name2, name_equal)); 682ab9b2e15Sgtb } 683ab9b2e15Sgtb 684ab9b2e15Sgtb static OM_uint32 685ab9b2e15Sgtb k5glue_context_time(ctx, minor_status, context_handle, time_rec) 686ab9b2e15Sgtb void *ctx; 687ab9b2e15Sgtb OM_uint32 *minor_status; 688ab9b2e15Sgtb gss_ctx_id_t context_handle; 689ab9b2e15Sgtb OM_uint32 *time_rec; 690ab9b2e15Sgtb { 691ab9b2e15Sgtb return(krb5_gss_context_time(minor_status, context_handle, 692ab9b2e15Sgtb time_rec)); 693ab9b2e15Sgtb } 694ab9b2e15Sgtb 695ab9b2e15Sgtb #if 0 696ab9b2e15Sgtb /* V2 */ 697ab9b2e15Sgtb static OM_uint32 698ab9b2e15Sgtb k5glue_create_empty_oid_set(ctx, minor_status, oid_set) 699ab9b2e15Sgtb void *ctx; 700ab9b2e15Sgtb OM_uint32 *minor_status; 701ab9b2e15Sgtb gss_OID_set *oid_set; 702ab9b2e15Sgtb { 703ab9b2e15Sgtb return(generic_gss_create_empty_oid_set(minor_status, oid_set)); 704ab9b2e15Sgtb } 705ab9b2e15Sgtb #endif 706ab9b2e15Sgtb 707ab9b2e15Sgtb static OM_uint32 708ab9b2e15Sgtb k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token) 709ab9b2e15Sgtb void *ctx; 710ab9b2e15Sgtb OM_uint32 *minor_status; 711ab9b2e15Sgtb gss_ctx_id_t *context_handle; 712ab9b2e15Sgtb gss_buffer_t output_token; 713ab9b2e15Sgtb { 714ab9b2e15Sgtb return(krb5_gss_delete_sec_context(minor_status, 715ab9b2e15Sgtb context_handle, output_token)); 716ab9b2e15Sgtb } 717ab9b2e15Sgtb 718ab9b2e15Sgtb static OM_uint32 719ab9b2e15Sgtb k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type) 720ab9b2e15Sgtb void *ctx; 721ab9b2e15Sgtb OM_uint32 *minor_status; 722ab9b2e15Sgtb gss_name_t input_name; 723ab9b2e15Sgtb gss_buffer_t output_name_buffer; 724ab9b2e15Sgtb gss_OID *output_name_type; 725ab9b2e15Sgtb { 726ab9b2e15Sgtb return(krb5_gss_display_name(minor_status, input_name, 727ab9b2e15Sgtb output_name_buffer, output_name_type)); 728ab9b2e15Sgtb } 729ab9b2e15Sgtb 730ab9b2e15Sgtb static OM_uint32 731ab9b2e15Sgtb k5glue_display_status(ctx, minor_status, status_value, status_type, 732ab9b2e15Sgtb mech_type, message_context, status_string) 733ab9b2e15Sgtb void *ctx; 734ab9b2e15Sgtb OM_uint32 *minor_status; 735ab9b2e15Sgtb OM_uint32 status_value; 736ab9b2e15Sgtb int status_type; 737ab9b2e15Sgtb gss_OID mech_type; 738ab9b2e15Sgtb OM_uint32 *message_context; 739ab9b2e15Sgtb gss_buffer_t status_string; 740ab9b2e15Sgtb { 741ab9b2e15Sgtb return(krb5_gss_display_status(minor_status, status_value, 742ab9b2e15Sgtb status_type, mech_type, message_context, 743ab9b2e15Sgtb status_string)); 744ab9b2e15Sgtb } 745ab9b2e15Sgtb 746ab9b2e15Sgtb /* V2 */ 747ab9b2e15Sgtb static OM_uint32 748ab9b2e15Sgtb k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token) 749ab9b2e15Sgtb void *ctx; 750ab9b2e15Sgtb OM_uint32 *minor_status; 751ab9b2e15Sgtb gss_ctx_id_t *context_handle; 752ab9b2e15Sgtb gss_buffer_t interprocess_token; 753ab9b2e15Sgtb { 754ab9b2e15Sgtb return(krb5_gss_export_sec_context(minor_status, 755ab9b2e15Sgtb context_handle, 756ab9b2e15Sgtb interprocess_token)); 757ab9b2e15Sgtb } 758ab9b2e15Sgtb 759ab9b2e15Sgtb #if 0 760ab9b2e15Sgtb /* V2 */ 761ab9b2e15Sgtb static OM_uint32 762ab9b2e15Sgtb k5glue_get_mic(ctx, minor_status, context_handle, qop_req, 763ab9b2e15Sgtb message_buffer, message_token) 764ab9b2e15Sgtb void *ctx; 765ab9b2e15Sgtb OM_uint32 *minor_status; 766ab9b2e15Sgtb gss_ctx_id_t context_handle; 767ab9b2e15Sgtb gss_qop_t qop_req; 768ab9b2e15Sgtb gss_buffer_t message_buffer; 769ab9b2e15Sgtb gss_buffer_t message_token; 770ab9b2e15Sgtb { 771ab9b2e15Sgtb return(krb5_gss_get_mic(minor_status, context_handle, 772ab9b2e15Sgtb qop_req, message_buffer, message_token)); 773ab9b2e15Sgtb } 774ab9b2e15Sgtb #endif 775ab9b2e15Sgtb 776ab9b2e15Sgtb static OM_uint32 777ab9b2e15Sgtb k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name) 778ab9b2e15Sgtb void *ctx; 779ab9b2e15Sgtb OM_uint32 *minor_status; 780ab9b2e15Sgtb gss_buffer_t input_name_buffer; 781ab9b2e15Sgtb gss_OID input_name_type; 782ab9b2e15Sgtb gss_name_t *output_name; 783ab9b2e15Sgtb { 784ab9b2e15Sgtb #if 0 785ab9b2e15Sgtb OM_uint32 err; 786ab9b2e15Sgtb err = gssint_initialize_library(); 787ab9b2e15Sgtb if (err) { 788ab9b2e15Sgtb *minor_status = err; 789ab9b2e15Sgtb return GSS_S_FAILURE; 790ab9b2e15Sgtb } 791ab9b2e15Sgtb #endif 792ab9b2e15Sgtb return(krb5_gss_import_name(minor_status, input_name_buffer, 793ab9b2e15Sgtb input_name_type, output_name)); 794ab9b2e15Sgtb } 795ab9b2e15Sgtb 796ab9b2e15Sgtb /* V2 */ 797ab9b2e15Sgtb static OM_uint32 798ab9b2e15Sgtb k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) 799ab9b2e15Sgtb void *ctx; 800ab9b2e15Sgtb OM_uint32 *minor_status; 801ab9b2e15Sgtb gss_buffer_t interprocess_token; 802ab9b2e15Sgtb gss_ctx_id_t *context_handle; 803ab9b2e15Sgtb { 804ab9b2e15Sgtb return(krb5_gss_import_sec_context(minor_status, 805ab9b2e15Sgtb interprocess_token, 806ab9b2e15Sgtb context_handle)); 807ab9b2e15Sgtb } 808ab9b2e15Sgtb 809ab9b2e15Sgtb static OM_uint32 810ab9b2e15Sgtb k5glue_indicate_mechs(ctx, minor_status, mech_set) 811ab9b2e15Sgtb void *ctx; 812ab9b2e15Sgtb OM_uint32 *minor_status; 813ab9b2e15Sgtb gss_OID_set *mech_set; 814ab9b2e15Sgtb { 815ab9b2e15Sgtb return(krb5_gss_indicate_mechs(minor_status, mech_set)); 816ab9b2e15Sgtb } 817ab9b2e15Sgtb 818ab9b2e15Sgtb static OM_uint32 819ab9b2e15Sgtb k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle, 820ab9b2e15Sgtb target_name, mech_type, req_flags, time_req, 821ab9b2e15Sgtb input_chan_bindings, input_token, actual_mech_type, 822ab9b2e15Sgtb output_token, ret_flags, time_rec) 823ab9b2e15Sgtb void *ctx; 824ab9b2e15Sgtb OM_uint32 *minor_status; 825ab9b2e15Sgtb gss_cred_id_t claimant_cred_handle; 826ab9b2e15Sgtb gss_ctx_id_t *context_handle; 827ab9b2e15Sgtb gss_name_t target_name; 828ab9b2e15Sgtb gss_OID mech_type; 829ab9b2e15Sgtb OM_uint32 req_flags; 830ab9b2e15Sgtb OM_uint32 time_req; 831ab9b2e15Sgtb gss_channel_bindings_t input_chan_bindings; 832ab9b2e15Sgtb gss_buffer_t input_token; 833ab9b2e15Sgtb gss_OID *actual_mech_type; 834ab9b2e15Sgtb gss_buffer_t output_token; 835ab9b2e15Sgtb OM_uint32 *ret_flags; 836ab9b2e15Sgtb OM_uint32 *time_rec; 837ab9b2e15Sgtb { 838ab9b2e15Sgtb return(krb5_gss_init_sec_context(minor_status, 839ab9b2e15Sgtb claimant_cred_handle, context_handle, 840ab9b2e15Sgtb target_name, mech_type, req_flags, 841ab9b2e15Sgtb time_req, input_chan_bindings, input_token, 842ab9b2e15Sgtb actual_mech_type, output_token, ret_flags, 843ab9b2e15Sgtb time_rec)); 844ab9b2e15Sgtb } 845ab9b2e15Sgtb 846ab9b2e15Sgtb static OM_uint32 847ab9b2e15Sgtb k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name, 848ab9b2e15Sgtb lifetime_rec, mech_type, ret_flags, 849ab9b2e15Sgtb locally_initiated, open) 850ab9b2e15Sgtb void *ctx; 851ab9b2e15Sgtb OM_uint32 *minor_status; 852ab9b2e15Sgtb gss_ctx_id_t context_handle; 853ab9b2e15Sgtb gss_name_t *initiator_name; 854ab9b2e15Sgtb gss_name_t *acceptor_name; 855ab9b2e15Sgtb OM_uint32 *lifetime_rec; 856ab9b2e15Sgtb gss_OID *mech_type; 857ab9b2e15Sgtb OM_uint32 *ret_flags; 858ab9b2e15Sgtb int *locally_initiated; 859ab9b2e15Sgtb int *open; 860ab9b2e15Sgtb { 861ab9b2e15Sgtb return(krb5_gss_inquire_context(minor_status, context_handle, 862ab9b2e15Sgtb initiator_name, acceptor_name, lifetime_rec, 863ab9b2e15Sgtb mech_type, ret_flags, locally_initiated, 864ab9b2e15Sgtb open)); 865ab9b2e15Sgtb } 866ab9b2e15Sgtb 867ab9b2e15Sgtb static OM_uint32 868ab9b2e15Sgtb k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret, 869ab9b2e15Sgtb cred_usage, mechanisms) 870ab9b2e15Sgtb void *ctx; 871ab9b2e15Sgtb OM_uint32 *minor_status; 872ab9b2e15Sgtb gss_cred_id_t cred_handle; 873ab9b2e15Sgtb gss_name_t *name; 874ab9b2e15Sgtb OM_uint32 *lifetime_ret; 875ab9b2e15Sgtb gss_cred_usage_t *cred_usage; 876ab9b2e15Sgtb gss_OID_set *mechanisms; 877ab9b2e15Sgtb { 878ab9b2e15Sgtb return(krb5_gss_inquire_cred(minor_status, cred_handle, 879ab9b2e15Sgtb name, lifetime_ret, cred_usage, mechanisms)); 880ab9b2e15Sgtb } 881ab9b2e15Sgtb 882ab9b2e15Sgtb /* V2 */ 883ab9b2e15Sgtb static OM_uint32 884ab9b2e15Sgtb k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name, 885ab9b2e15Sgtb initiator_lifetime, acceptor_lifetime, cred_usage) 886ab9b2e15Sgtb void *ctx; 887ab9b2e15Sgtb OM_uint32 *minor_status; 888ab9b2e15Sgtb gss_cred_id_t cred_handle; 889ab9b2e15Sgtb gss_OID mech_type; 890ab9b2e15Sgtb gss_name_t *name; 891ab9b2e15Sgtb OM_uint32 *initiator_lifetime; 892ab9b2e15Sgtb OM_uint32 *acceptor_lifetime; 893ab9b2e15Sgtb gss_cred_usage_t *cred_usage; 894ab9b2e15Sgtb { 895ab9b2e15Sgtb return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle, 896ab9b2e15Sgtb mech_type, name, initiator_lifetime, 897ab9b2e15Sgtb acceptor_lifetime, cred_usage)); 898ab9b2e15Sgtb } 899ab9b2e15Sgtb 900ab9b2e15Sgtb /* V2 */ 901ab9b2e15Sgtb static OM_uint32 902ab9b2e15Sgtb k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types) 903ab9b2e15Sgtb void *ctx; 904ab9b2e15Sgtb OM_uint32 *minor_status; 905ab9b2e15Sgtb gss_OID mechanism; 906ab9b2e15Sgtb gss_OID_set *name_types; 907ab9b2e15Sgtb { 908ab9b2e15Sgtb return(krb5_gss_inquire_names_for_mech(minor_status, 909ab9b2e15Sgtb mechanism, 910ab9b2e15Sgtb name_types)); 911ab9b2e15Sgtb } 912ab9b2e15Sgtb 913ab9b2e15Sgtb #if 0 914ab9b2e15Sgtb /* V2 */ 915ab9b2e15Sgtb static OM_uint32 916ab9b2e15Sgtb k5glue_oid_to_str(ctx, minor_status, oid, oid_str) 917ab9b2e15Sgtb void *ctx; 918ab9b2e15Sgtb OM_uint32 *minor_status; 919ab9b2e15Sgtb gss_OID oid; 920ab9b2e15Sgtb gss_buffer_t oid_str; 921ab9b2e15Sgtb { 922ab9b2e15Sgtb return(generic_gss_oid_to_str(minor_status, oid, oid_str)); 923ab9b2e15Sgtb } 924ab9b2e15Sgtb #endif 925ab9b2e15Sgtb 926ab9b2e15Sgtb static OM_uint32 927ab9b2e15Sgtb k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer) 928ab9b2e15Sgtb void *ctx; 929ab9b2e15Sgtb OM_uint32 *minor_status; 930ab9b2e15Sgtb gss_ctx_id_t context_handle; 931ab9b2e15Sgtb gss_buffer_t token_buffer; 932ab9b2e15Sgtb { 933ab9b2e15Sgtb return(krb5_gss_process_context_token(minor_status, 934ab9b2e15Sgtb context_handle, token_buffer)); 935ab9b2e15Sgtb } 936ab9b2e15Sgtb 937ab9b2e15Sgtb static OM_uint32 938ab9b2e15Sgtb k5glue_release_cred(ctx, minor_status, cred_handle) 939ab9b2e15Sgtb void *ctx; 940ab9b2e15Sgtb OM_uint32 *minor_status; 941ab9b2e15Sgtb gss_cred_id_t *cred_handle; 942ab9b2e15Sgtb { 943ab9b2e15Sgtb return(krb5_gss_release_cred(minor_status, cred_handle)); 944ab9b2e15Sgtb } 945ab9b2e15Sgtb 946ab9b2e15Sgtb static OM_uint32 947ab9b2e15Sgtb k5glue_release_name(ctx, minor_status, input_name) 948ab9b2e15Sgtb void *ctx; 949ab9b2e15Sgtb OM_uint32 *minor_status; 950ab9b2e15Sgtb gss_name_t *input_name; 951ab9b2e15Sgtb { 952ab9b2e15Sgtb return(krb5_gss_release_name(minor_status, input_name)); 953ab9b2e15Sgtb } 954ab9b2e15Sgtb 955ab9b2e15Sgtb #if 0 956ab9b2e15Sgtb static OM_uint32 957ab9b2e15Sgtb k5glue_release_buffer(ctx, minor_status, buffer) 958ab9b2e15Sgtb void *ctx; 959ab9b2e15Sgtb OM_uint32 *minor_status; 960ab9b2e15Sgtb gss_buffer_t buffer; 961ab9b2e15Sgtb { 962ab9b2e15Sgtb return(generic_gss_release_buffer(minor_status, 963ab9b2e15Sgtb buffer)); 964ab9b2e15Sgtb } 965ab9b2e15Sgtb #endif 966ab9b2e15Sgtb 967ab9b2e15Sgtb /* V2 */ 968ab9b2e15Sgtb static OM_uint32 969ab9b2e15Sgtb k5glue_internal_release_oid(ctx, minor_status, oid) 970ab9b2e15Sgtb void *ctx; 971ab9b2e15Sgtb OM_uint32 *minor_status; 972ab9b2e15Sgtb gss_OID *oid; 973ab9b2e15Sgtb { 974ab9b2e15Sgtb return(krb5_gss_internal_release_oid(minor_status, oid)); 975ab9b2e15Sgtb } 976ab9b2e15Sgtb 977ab9b2e15Sgtb #if 0 978ab9b2e15Sgtb static OM_uint32 979ab9b2e15Sgtb k5glue_release_oid_set(ctx, minor_status, set) 980ab9b2e15Sgtb void *ctx; 981ab9b2e15Sgtb OM_uint32 * minor_status; 982ab9b2e15Sgtb gss_OID_set *set; 983ab9b2e15Sgtb { 984ab9b2e15Sgtb return(generic_gss_release_oid_set(minor_status, set)); 985ab9b2e15Sgtb } 986ab9b2e15Sgtb #endif 987ab9b2e15Sgtb 988ab9b2e15Sgtb /* EXPORT DELETE START */ 989ab9b2e15Sgtb /* V1 only */ 990ab9b2e15Sgtb static OM_uint32 991ab9b2e15Sgtb k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req, 992ab9b2e15Sgtb input_message_buffer, conf_state, output_message_buffer) 993ab9b2e15Sgtb void *ctx; 994ab9b2e15Sgtb OM_uint32 *minor_status; 995ab9b2e15Sgtb gss_ctx_id_t context_handle; 996ab9b2e15Sgtb int conf_req_flag; 997ab9b2e15Sgtb int qop_req; 998ab9b2e15Sgtb gss_buffer_t input_message_buffer; 999ab9b2e15Sgtb int *conf_state; 1000ab9b2e15Sgtb gss_buffer_t output_message_buffer; 1001ab9b2e15Sgtb { 1002ab9b2e15Sgtb return(krb5_gss_seal(minor_status, context_handle, 1003ab9b2e15Sgtb conf_req_flag, qop_req, input_message_buffer, 1004ab9b2e15Sgtb conf_state, output_message_buffer)); 1005ab9b2e15Sgtb } 1006ab9b2e15Sgtb /* EXPORT DELETE END */ 1007ab9b2e15Sgtb 1008ab9b2e15Sgtb static OM_uint32 1009ab9b2e15Sgtb k5glue_sign(ctx, minor_status, context_handle, 1010ab9b2e15Sgtb qop_req, message_buffer, 1011ab9b2e15Sgtb message_token) 1012ab9b2e15Sgtb void *ctx; 1013ab9b2e15Sgtb OM_uint32 *minor_status; 1014ab9b2e15Sgtb gss_ctx_id_t context_handle; 1015ab9b2e15Sgtb int qop_req; 1016ab9b2e15Sgtb gss_buffer_t message_buffer; 1017ab9b2e15Sgtb gss_buffer_t message_token; 1018ab9b2e15Sgtb { 1019ab9b2e15Sgtb return(krb5_gss_sign(minor_status, context_handle, 1020ab9b2e15Sgtb qop_req, message_buffer, message_token)); 1021ab9b2e15Sgtb } 1022ab9b2e15Sgtb 1023ab9b2e15Sgtb #if 0 1024ab9b2e15Sgtb /* V2 */ 1025ab9b2e15Sgtb static OM_uint32 1026ab9b2e15Sgtb k5glue_verify_mic(ctx, minor_status, context_handle, 1027ab9b2e15Sgtb message_buffer, token_buffer, qop_state) 1028ab9b2e15Sgtb void *ctx; 1029ab9b2e15Sgtb OM_uint32 *minor_status; 1030ab9b2e15Sgtb gss_ctx_id_t context_handle; 1031ab9b2e15Sgtb gss_buffer_t message_buffer; 1032ab9b2e15Sgtb gss_buffer_t token_buffer; 1033ab9b2e15Sgtb gss_qop_t *qop_state; 1034ab9b2e15Sgtb { 1035ab9b2e15Sgtb return(krb5_gss_verify_mic(minor_status, context_handle, 1036ab9b2e15Sgtb message_buffer, token_buffer, qop_state)); 1037ab9b2e15Sgtb } 1038ab9b2e15Sgtb 1039ab9b2e15Sgtb /* V2 */ 1040ab9b2e15Sgtb static OM_uint32 1041ab9b2e15Sgtb k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req, 1042ab9b2e15Sgtb input_message_buffer, conf_state, output_message_buffer) 1043ab9b2e15Sgtb void *ctx; 1044ab9b2e15Sgtb OM_uint32 *minor_status; 1045ab9b2e15Sgtb gss_ctx_id_t context_handle; 1046ab9b2e15Sgtb int conf_req_flag; 1047ab9b2e15Sgtb gss_qop_t qop_req; 1048ab9b2e15Sgtb gss_buffer_t input_message_buffer; 1049ab9b2e15Sgtb int *conf_state; 1050ab9b2e15Sgtb gss_buffer_t output_message_buffer; 1051ab9b2e15Sgtb { 1052ab9b2e15Sgtb return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req, 1053ab9b2e15Sgtb input_message_buffer, conf_state, 1054ab9b2e15Sgtb output_message_buffer)); 1055ab9b2e15Sgtb } 1056ab9b2e15Sgtb 1057ab9b2e15Sgtb /* V2 */ 1058ab9b2e15Sgtb static OM_uint32 1059ab9b2e15Sgtb k5glue_str_to_oid(ctx, minor_status, oid_str, oid) 1060ab9b2e15Sgtb void *ctx; 1061ab9b2e15Sgtb OM_uint32 *minor_status; 1062ab9b2e15Sgtb gss_buffer_t oid_str; 1063ab9b2e15Sgtb gss_OID *oid; 1064ab9b2e15Sgtb { 1065ab9b2e15Sgtb return(generic_gss_str_to_oid(minor_status, oid_str, oid)); 1066ab9b2e15Sgtb } 1067ab9b2e15Sgtb 1068ab9b2e15Sgtb /* V2 */ 1069ab9b2e15Sgtb static OM_uint32 1070ab9b2e15Sgtb k5glue_test_oid_set_member(ctx, minor_status, member, set, present) 1071ab9b2e15Sgtb void *ctx; 1072ab9b2e15Sgtb OM_uint32 *minor_status; 1073ab9b2e15Sgtb gss_OID member; 1074ab9b2e15Sgtb gss_OID_set set; 1075ab9b2e15Sgtb int *present; 1076ab9b2e15Sgtb { 1077ab9b2e15Sgtb return(generic_gss_test_oid_set_member(minor_status, member, set, 1078ab9b2e15Sgtb present)); 1079ab9b2e15Sgtb } 1080ab9b2e15Sgtb #endif 1081ab9b2e15Sgtb 1082ab9b2e15Sgtb /* EXPORT DELETE START */ 1083ab9b2e15Sgtb /* V1 only */ 1084ab9b2e15Sgtb static OM_uint32 1085ab9b2e15Sgtb k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer, 1086ab9b2e15Sgtb output_message_buffer, conf_state, qop_state) 1087ab9b2e15Sgtb void *ctx; 1088ab9b2e15Sgtb OM_uint32 *minor_status; 1089ab9b2e15Sgtb gss_ctx_id_t context_handle; 1090ab9b2e15Sgtb gss_buffer_t input_message_buffer; 1091ab9b2e15Sgtb gss_buffer_t output_message_buffer; 1092ab9b2e15Sgtb int *conf_state; 1093ab9b2e15Sgtb int *qop_state; 1094ab9b2e15Sgtb { 1095ab9b2e15Sgtb return(krb5_gss_unseal(minor_status, context_handle, 1096ab9b2e15Sgtb input_message_buffer, output_message_buffer, 1097ab9b2e15Sgtb conf_state, qop_state)); 1098ab9b2e15Sgtb } 1099ab9b2e15Sgtb /* EXPORT DELETE END */ 1100ab9b2e15Sgtb 1101ab9b2e15Sgtb #if 0 1102ab9b2e15Sgtb /* V2 */ 1103ab9b2e15Sgtb static OM_uint32 1104ab9b2e15Sgtb k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer, 1105ab9b2e15Sgtb output_message_buffer, conf_state, qop_state) 1106ab9b2e15Sgtb void *ctx; 1107ab9b2e15Sgtb OM_uint32 *minor_status; 1108ab9b2e15Sgtb gss_ctx_id_t context_handle; 1109ab9b2e15Sgtb gss_buffer_t input_message_buffer; 1110ab9b2e15Sgtb gss_buffer_t output_message_buffer; 1111ab9b2e15Sgtb int *conf_state; 1112ab9b2e15Sgtb gss_qop_t *qop_state; 1113ab9b2e15Sgtb { 1114ab9b2e15Sgtb return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer, 1115ab9b2e15Sgtb output_message_buffer, conf_state, qop_state)); 1116ab9b2e15Sgtb } 1117ab9b2e15Sgtb #endif 1118ab9b2e15Sgtb 1119ab9b2e15Sgtb /* V1 only */ 1120ab9b2e15Sgtb static OM_uint32 1121ab9b2e15Sgtb k5glue_verify(ctx, minor_status, context_handle, message_buffer, 1122ab9b2e15Sgtb token_buffer, qop_state) 1123ab9b2e15Sgtb void *ctx; 1124ab9b2e15Sgtb OM_uint32 *minor_status; 1125ab9b2e15Sgtb gss_ctx_id_t context_handle; 1126ab9b2e15Sgtb gss_buffer_t message_buffer; 1127ab9b2e15Sgtb gss_buffer_t token_buffer; 1128ab9b2e15Sgtb int *qop_state; 1129ab9b2e15Sgtb { 1130ab9b2e15Sgtb return(krb5_gss_verify(minor_status, 1131ab9b2e15Sgtb context_handle, 1132ab9b2e15Sgtb message_buffer, 1133ab9b2e15Sgtb token_buffer, 1134ab9b2e15Sgtb qop_state)); 1135ab9b2e15Sgtb } 1136ab9b2e15Sgtb 1137ab9b2e15Sgtb /* V2 interface */ 1138ab9b2e15Sgtb static OM_uint32 1139ab9b2e15Sgtb k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag, 1140ab9b2e15Sgtb qop_req, req_output_size, max_input_size) 1141ab9b2e15Sgtb void *ctx; 1142ab9b2e15Sgtb OM_uint32 *minor_status; 1143ab9b2e15Sgtb gss_ctx_id_t context_handle; 1144ab9b2e15Sgtb int conf_req_flag; 1145ab9b2e15Sgtb gss_qop_t qop_req; 1146ab9b2e15Sgtb OM_uint32 req_output_size; 1147ab9b2e15Sgtb OM_uint32 *max_input_size; 1148ab9b2e15Sgtb { 1149ab9b2e15Sgtb return(krb5_gss_wrap_size_limit(minor_status, context_handle, 1150ab9b2e15Sgtb conf_req_flag, qop_req, 1151ab9b2e15Sgtb req_output_size, max_input_size)); 1152ab9b2e15Sgtb } 1153ab9b2e15Sgtb 1154ab9b2e15Sgtb #if 0 1155ab9b2e15Sgtb /* V2 interface */ 1156ab9b2e15Sgtb static OM_uint32 1157ab9b2e15Sgtb k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name) 1158ab9b2e15Sgtb void *ctx; 1159ab9b2e15Sgtb OM_uint32 *minor_status; 1160ab9b2e15Sgtb const gss_name_t input_name; 1161ab9b2e15Sgtb const gss_OID mech_type; 1162ab9b2e15Sgtb gss_name_t *output_name; 1163ab9b2e15Sgtb { 1164ab9b2e15Sgtb return krb5_gss_canonicalize_name(minor_status, input_name, 1165ab9b2e15Sgtb mech_type, output_name); 1166ab9b2e15Sgtb } 1167ab9b2e15Sgtb #endif 1168ab9b2e15Sgtb 1169ab9b2e15Sgtb /* V2 interface */ 1170ab9b2e15Sgtb static OM_uint32 1171ab9b2e15Sgtb k5glue_export_name(ctx, minor_status, input_name, exported_name) 1172ab9b2e15Sgtb void *ctx; 1173ab9b2e15Sgtb OM_uint32 *minor_status; 1174ab9b2e15Sgtb const gss_name_t input_name; 1175ab9b2e15Sgtb gss_buffer_t exported_name; 1176ab9b2e15Sgtb { 1177ab9b2e15Sgtb return krb5_gss_export_name(minor_status, input_name, exported_name); 1178ab9b2e15Sgtb } 1179ab9b2e15Sgtb 1180ab9b2e15Sgtb /* SUNW15resync - this is not in the MIT mech (lib) yet */ 1181ab9b2e15Sgtb static OM_uint32 1182ab9b2e15Sgtb k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech, 1183ab9b2e15Sgtb overwrite_cred, default_cred, elements_stored, 1184ab9b2e15Sgtb cred_usage_stored) 1185ab9b2e15Sgtb void *ctx; 1186ab9b2e15Sgtb OM_uint32 *minor_status; 1187ab9b2e15Sgtb const gss_cred_id_t input_cred; 1188ab9b2e15Sgtb gss_cred_usage_t cred_usage; 1189ab9b2e15Sgtb gss_OID desired_mech; 1190ab9b2e15Sgtb OM_uint32 overwrite_cred; 1191ab9b2e15Sgtb OM_uint32 default_cred; 1192ab9b2e15Sgtb gss_OID_set *elements_stored; 1193ab9b2e15Sgtb gss_cred_usage_t *cred_usage_stored; 1194ab9b2e15Sgtb { 1195ab9b2e15Sgtb return(krb5_gss_store_cred(minor_status, input_cred, 1196ab9b2e15Sgtb cred_usage, desired_mech, 1197ab9b2e15Sgtb overwrite_cred, default_cred, elements_stored, 1198ab9b2e15Sgtb cred_usage_stored)); 1199ab9b2e15Sgtb } 1200ab9b2e15Sgtb 1201ab9b2e15Sgtb static OM_uint32 1202ab9b2e15Sgtb k5glue_userok( 1203ab9b2e15Sgtb void *ctxt, /* context */ 1204ab9b2e15Sgtb OM_uint32 *minor, /* minor_status */ 1205ab9b2e15Sgtb const gss_name_t pname, /* pname */ 1206ab9b2e15Sgtb const char *user, /* local user */ 1207ab9b2e15Sgtb int *user_ok /* user ok? */ 1208ab9b2e15Sgtb /* */) 1209ab9b2e15Sgtb { 1210ab9b2e15Sgtb return(krb5_gss_userok(minor, pname, user, user_ok)); 1211ab9b2e15Sgtb } 1212ab9b2e15Sgtb 1213ab9b2e15Sgtb static OM_uint32 1214ab9b2e15Sgtb k5glue_pname_to_uid( 1215ab9b2e15Sgtb void *ctxt, /* context */ 1216ab9b2e15Sgtb OM_uint32 *minor, /* minor_status */ 1217ab9b2e15Sgtb const gss_name_t pname, /* pname */ 1218ab9b2e15Sgtb uid_t *uidOut /* uid */ 1219ab9b2e15Sgtb /* */) 1220ab9b2e15Sgtb { 1221ab9b2e15Sgtb return (krb5_pname_to_uid(minor, pname, uidOut)); 1222ab9b2e15Sgtb } 1223ab9b2e15Sgtb 1224ab9b2e15Sgtb 1225ab9b2e15Sgtb 1226ab9b2e15Sgtb #if 0 1227ab9b2e15Sgtb /* V2 interface */ 1228ab9b2e15Sgtb static OM_uint32 1229ab9b2e15Sgtb k5glue_duplicate_name(ctx, minor_status, input_name, dest_name) 1230ab9b2e15Sgtb void *ctx; 1231ab9b2e15Sgtb OM_uint32 *minor_status; 1232ab9b2e15Sgtb const gss_name_t input_name; 1233ab9b2e15Sgtb gss_name_t *dest_name; 1234ab9b2e15Sgtb { 1235ab9b2e15Sgtb return krb5_gss_duplicate_name(minor_status, input_name, dest_name); 1236ab9b2e15Sgtb } 1237ab9b2e15Sgtb #endif 1238ab9b2e15Sgtb 1239ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV 1240ab9b2e15Sgtb gss_krb5_get_tkt_flags( 1241ab9b2e15Sgtb OM_uint32 *minor_status, 1242ab9b2e15Sgtb gss_ctx_id_t context_handle, 1243ab9b2e15Sgtb krb5_flags *ticket_flags) 1244ab9b2e15Sgtb { 1245ab9b2e15Sgtb gss_union_ctx_id_t uctx; 1246ab9b2e15Sgtb 1247ab9b2e15Sgtb uctx = (gss_union_ctx_id_t)context_handle; 1248ab9b2e15Sgtb if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) && 1249ab9b2e15Sgtb !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type)) 1250ab9b2e15Sgtb return GSS_S_BAD_MECH; 1251ab9b2e15Sgtb return gss_krb5int_get_tkt_flags(minor_status, uctx->internal_ctx_id, 1252ab9b2e15Sgtb ticket_flags); 1253ab9b2e15Sgtb } 1254ab9b2e15Sgtb 1255ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV 1256ab9b2e15Sgtb gss_krb5_copy_ccache( 1257ab9b2e15Sgtb OM_uint32 *minor_status, 1258ab9b2e15Sgtb gss_cred_id_t cred_handle, 1259ab9b2e15Sgtb krb5_ccache out_ccache) 1260ab9b2e15Sgtb { 1261ab9b2e15Sgtb gss_union_cred_t ucred; 1262ab9b2e15Sgtb gss_cred_id_t mcred; 1263ab9b2e15Sgtb 1264ab9b2e15Sgtb ucred = (gss_union_cred_t)cred_handle; 1265ab9b2e15Sgtb 1266ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); 1267ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1268ab9b2e15Sgtb return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); 1269ab9b2e15Sgtb 1270ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); 1271ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1272ab9b2e15Sgtb return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); 1273ab9b2e15Sgtb 1274ab9b2e15Sgtb return GSS_S_DEFECTIVE_CREDENTIAL; 1275ab9b2e15Sgtb } 1276ab9b2e15Sgtb 1277ab9b2e15Sgtb /* XXX need to delete mechglue ctx too */ 1278ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV 1279ab9b2e15Sgtb gss_krb5_export_lucid_sec_context( 1280ab9b2e15Sgtb OM_uint32 *minor_status, 1281ab9b2e15Sgtb gss_ctx_id_t *context_handle, 1282ab9b2e15Sgtb OM_uint32 version, 1283ab9b2e15Sgtb void **kctx) 1284ab9b2e15Sgtb { 1285ab9b2e15Sgtb gss_union_ctx_id_t uctx; 1286ab9b2e15Sgtb 1287ab9b2e15Sgtb uctx = (gss_union_ctx_id_t)*context_handle; 1288ab9b2e15Sgtb if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) && 1289ab9b2e15Sgtb !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type)) 1290ab9b2e15Sgtb return GSS_S_BAD_MECH; 1291ab9b2e15Sgtb return gss_krb5int_export_lucid_sec_context(minor_status, 1292ab9b2e15Sgtb &uctx->internal_ctx_id, 1293ab9b2e15Sgtb version, kctx); 1294ab9b2e15Sgtb } 1295ab9b2e15Sgtb 1296ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV 1297ab9b2e15Sgtb gss_krb5_set_allowable_enctypes( 1298ab9b2e15Sgtb OM_uint32 *minor_status, 1299ab9b2e15Sgtb gss_cred_id_t cred, 1300ab9b2e15Sgtb OM_uint32 num_ktypes, 1301ab9b2e15Sgtb krb5_enctype *ktypes) 1302ab9b2e15Sgtb { 1303ab9b2e15Sgtb gss_union_cred_t ucred; 1304ab9b2e15Sgtb gss_cred_id_t mcred; 1305ab9b2e15Sgtb 1306ab9b2e15Sgtb ucred = (gss_union_cred_t)cred; 1307ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); 1308ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1309ab9b2e15Sgtb return gss_krb5int_set_allowable_enctypes(minor_status, mcred, 1310ab9b2e15Sgtb num_ktypes, ktypes); 1311ab9b2e15Sgtb 1312ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); 1313ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1314ab9b2e15Sgtb return gss_krb5int_set_allowable_enctypes(minor_status, mcred, 1315ab9b2e15Sgtb num_ktypes, ktypes); 1316ab9b2e15Sgtb 1317ab9b2e15Sgtb return GSS_S_DEFECTIVE_CREDENTIAL; 1318ab9b2e15Sgtb } 1319ab9b2e15Sgtb 1320ab9b2e15Sgtb /* 1321ab9b2e15Sgtb * Glue routine for returning the mechanism-specific credential from a 1322ab9b2e15Sgtb * external union credential. 1323ab9b2e15Sgtb */ 1324ab9b2e15Sgtb /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't 1325ab9b2e15Sgtb want to link against libgss so we put it here since we need it in the mech */ 1326ab9b2e15Sgtb gss_cred_id_t 1327ab9b2e15Sgtb gssint_get_mechanism_cred(union_cred, mech_type) 1328ab9b2e15Sgtb gss_union_cred_t union_cred; 1329ab9b2e15Sgtb gss_OID mech_type; 1330ab9b2e15Sgtb { 1331ab9b2e15Sgtb int i; 1332ab9b2e15Sgtb 1333ab9b2e15Sgtb if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL) 1334ab9b2e15Sgtb return GSS_C_NO_CREDENTIAL; 1335ab9b2e15Sgtb 1336ab9b2e15Sgtb for (i=0; i < union_cred->count; i++) { 1337ab9b2e15Sgtb if (g_OID_equal(mech_type, &union_cred->mechs_array[i])) 1338ab9b2e15Sgtb return union_cred->cred_array[i]; 1339ab9b2e15Sgtb } 1340ab9b2e15Sgtb return GSS_C_NO_CREDENTIAL; 1341ab9b2e15Sgtb } 1342ab9b2e15Sgtb 1343ab9b2e15Sgtb 1344ab9b2e15Sgtb 1345ab9b2e15Sgtb /* 1346ab9b2e15Sgtb * entry point for the gss layer, 1347ab9b2e15Sgtb * called "krb5_gss_initialize()" in MIT 1.2.1 1348ab9b2e15Sgtb */ 1349ab9b2e15Sgtb /* SUNW15resync - this used to be in k5mech.c */ 1350ab9b2e15Sgtb gss_mechanism 1351ab9b2e15Sgtb gss_mech_initialize(oid) 1352ab9b2e15Sgtb const gss_OID oid; 1353ab9b2e15Sgtb { 1354ab9b2e15Sgtb /* ensure that the requested oid matches our oid */ 1355ab9b2e15Sgtb if (oid == NULL || !g_OID_equal(oid, &krb5_mechanism.mech_type)) { 1356ab9b2e15Sgtb (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid"); 1357ab9b2e15Sgtb return (NULL); 1358ab9b2e15Sgtb } 1359ab9b2e15Sgtb 1360ab9b2e15Sgtb #if 0 /* SUNW15resync - no longer needed(?) */ 1361ab9b2e15Sgtb if (krb5_gss_get_context(&(krb5_mechanism.context)) != 1362ab9b2e15Sgtb GSS_S_COMPLETE) 1363ab9b2e15Sgtb return (NULL); 1364ab9b2e15Sgtb #endif 1365ab9b2e15Sgtb 1366ab9b2e15Sgtb return (&krb5_mechanism); 1367ab9b2e15Sgtb } 1368ab9b2e15Sgtb 1369