1ab9b2e15Sgtb /* 2*ba7b222eSGlenn Barry * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 3ab9b2e15Sgtb * Use is subject to license terms. 4ab9b2e15Sgtb */ 5ab9b2e15Sgtb /* 6ab9b2e15Sgtb * Copyright 1993 by OpenVision Technologies, Inc. 7ab9b2e15Sgtb * 8ab9b2e15Sgtb * Permission to use, copy, modify, distribute, and sell this software 9ab9b2e15Sgtb * and its documentation for any purpose is hereby granted without fee, 10ab9b2e15Sgtb * provided that the above copyright notice appears in all copies and 11ab9b2e15Sgtb * that both that copyright notice and this permission notice appear in 12ab9b2e15Sgtb * supporting documentation, and that the name of OpenVision not be used 13ab9b2e15Sgtb * in advertising or publicity pertaining to distribution of the software 14ab9b2e15Sgtb * without specific, written prior permission. OpenVision makes no 15ab9b2e15Sgtb * representations about the suitability of this software for any 16ab9b2e15Sgtb * purpose. It is provided "as is" without express or implied warranty. 17ab9b2e15Sgtb * 18ab9b2e15Sgtb * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 19ab9b2e15Sgtb * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 20ab9b2e15Sgtb * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 21ab9b2e15Sgtb * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 22ab9b2e15Sgtb * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 23ab9b2e15Sgtb * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 24ab9b2e15Sgtb * PERFORMANCE OF THIS SOFTWARE. 25ab9b2e15Sgtb */ 26ab9b2e15Sgtb 27ab9b2e15Sgtb /* 28159d09a2SMark Phalan * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $ 29ab9b2e15Sgtb */ 30ab9b2e15Sgtb 31ab9b2e15Sgtb #include "gssapiP_krb5.h" 32ab9b2e15Sgtb #include "mglueP.h" 33ab9b2e15Sgtb #include <syslog.h> 34ab9b2e15Sgtb 35ab9b2e15Sgtb /** mechglue wrappers **/ 36ab9b2e15Sgtb 37ab9b2e15Sgtb static OM_uint32 k5glue_acquire_cred 38ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 39ab9b2e15Sgtb gss_name_t, /* desired_name */ 40ab9b2e15Sgtb OM_uint32, /* time_req */ 41ab9b2e15Sgtb gss_OID_set, /* desired_mechs */ 42159d09a2SMark Phalan gss_cred_usage_t, /* cred_usage */ 43ab9b2e15Sgtb gss_cred_id_t*, /* output_cred_handle */ 44ab9b2e15Sgtb gss_OID_set*, /* actual_mechs */ 45ab9b2e15Sgtb OM_uint32* /* time_rec */ 46ab9b2e15Sgtb ); 47ab9b2e15Sgtb 48ab9b2e15Sgtb static OM_uint32 k5glue_release_cred 49ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 50ab9b2e15Sgtb gss_cred_id_t* /* cred_handle */ 51ab9b2e15Sgtb ); 52ab9b2e15Sgtb 53ab9b2e15Sgtb static OM_uint32 k5glue_init_sec_context 54ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 55ab9b2e15Sgtb gss_cred_id_t, /* claimant_cred_handle */ 56ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */ 57ab9b2e15Sgtb gss_name_t, /* target_name */ 58ab9b2e15Sgtb gss_OID, /* mech_type */ 59ab9b2e15Sgtb OM_uint32, /* req_flags */ 60ab9b2e15Sgtb OM_uint32, /* time_req */ 61ab9b2e15Sgtb gss_channel_bindings_t, 62ab9b2e15Sgtb /* input_chan_bindings */ 63ab9b2e15Sgtb gss_buffer_t, /* input_token */ 64ab9b2e15Sgtb gss_OID*, /* actual_mech_type */ 65ab9b2e15Sgtb gss_buffer_t, /* output_token */ 66ab9b2e15Sgtb OM_uint32*, /* ret_flags */ 67ab9b2e15Sgtb OM_uint32* /* time_rec */ 68ab9b2e15Sgtb ); 69ab9b2e15Sgtb 70ab9b2e15Sgtb static OM_uint32 k5glue_accept_sec_context 71ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 72ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */ 73ab9b2e15Sgtb gss_cred_id_t, /* verifier_cred_handle */ 74ab9b2e15Sgtb gss_buffer_t, /* input_token_buffer */ 75ab9b2e15Sgtb gss_channel_bindings_t, 76ab9b2e15Sgtb /* input_chan_bindings */ 77ab9b2e15Sgtb gss_name_t*, /* src_name */ 78ab9b2e15Sgtb gss_OID*, /* mech_type */ 79ab9b2e15Sgtb gss_buffer_t, /* output_token */ 80ab9b2e15Sgtb OM_uint32*, /* ret_flags */ 81ab9b2e15Sgtb OM_uint32*, /* time_rec */ 82ab9b2e15Sgtb gss_cred_id_t* /* delegated_cred_handle */ 83ab9b2e15Sgtb ); 84ab9b2e15Sgtb 85ab9b2e15Sgtb static OM_uint32 k5glue_process_context_token 86ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 87ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 88ab9b2e15Sgtb gss_buffer_t /* token_buffer */ 89ab9b2e15Sgtb ); 90ab9b2e15Sgtb 91ab9b2e15Sgtb static OM_uint32 k5glue_delete_sec_context 92ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 93ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */ 94ab9b2e15Sgtb gss_buffer_t /* output_token */ 95ab9b2e15Sgtb ); 96ab9b2e15Sgtb 97ab9b2e15Sgtb static OM_uint32 k5glue_context_time 98ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 99ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 100ab9b2e15Sgtb OM_uint32* /* time_rec */ 101ab9b2e15Sgtb ); 102ab9b2e15Sgtb 103ab9b2e15Sgtb static OM_uint32 k5glue_sign 104ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 105ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 106ab9b2e15Sgtb int, /* qop_req */ 107ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 108ab9b2e15Sgtb gss_buffer_t /* message_token */ 109ab9b2e15Sgtb ); 110ab9b2e15Sgtb 111ab9b2e15Sgtb static OM_uint32 k5glue_verify 112ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 113ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 114ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 115ab9b2e15Sgtb gss_buffer_t, /* token_buffer */ 116ab9b2e15Sgtb int* /* qop_state */ 117ab9b2e15Sgtb ); 118ab9b2e15Sgtb 119ab9b2e15Sgtb /* EXPORT DELETE START */ 120ab9b2e15Sgtb static OM_uint32 k5glue_seal 121ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 122ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 123ab9b2e15Sgtb int, /* conf_req_flag */ 124ab9b2e15Sgtb int, /* qop_req */ 125ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 126ab9b2e15Sgtb int*, /* conf_state */ 127ab9b2e15Sgtb gss_buffer_t /* output_message_buffer */ 128ab9b2e15Sgtb ); 129ab9b2e15Sgtb 130ab9b2e15Sgtb static OM_uint32 k5glue_unseal 131ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 132ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 133ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 134ab9b2e15Sgtb gss_buffer_t, /* output_message_buffer */ 135ab9b2e15Sgtb int*, /* conf_state */ 136ab9b2e15Sgtb int* /* qop_state */ 137ab9b2e15Sgtb ); 138ab9b2e15Sgtb /* EXPORT DELETE END */ 139ab9b2e15Sgtb 140ab9b2e15Sgtb static OM_uint32 k5glue_display_status 141ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 142ab9b2e15Sgtb OM_uint32, /* status_value */ 143ab9b2e15Sgtb int, /* status_type */ 144ab9b2e15Sgtb gss_OID, /* mech_type */ 145ab9b2e15Sgtb OM_uint32*, /* message_context */ 146ab9b2e15Sgtb gss_buffer_t /* status_string */ 147ab9b2e15Sgtb ); 148ab9b2e15Sgtb 149ab9b2e15Sgtb static OM_uint32 k5glue_indicate_mechs 150ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 151ab9b2e15Sgtb gss_OID_set* /* mech_set */ 152ab9b2e15Sgtb ); 153ab9b2e15Sgtb 154ab9b2e15Sgtb static OM_uint32 k5glue_compare_name 155ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 156ab9b2e15Sgtb gss_name_t, /* name1 */ 157ab9b2e15Sgtb gss_name_t, /* name2 */ 158ab9b2e15Sgtb int* /* name_equal */ 159ab9b2e15Sgtb ); 160ab9b2e15Sgtb 161ab9b2e15Sgtb static OM_uint32 k5glue_display_name 162ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 163ab9b2e15Sgtb gss_name_t, /* input_name */ 164ab9b2e15Sgtb gss_buffer_t, /* output_name_buffer */ 165ab9b2e15Sgtb gss_OID* /* output_name_type */ 166ab9b2e15Sgtb ); 167ab9b2e15Sgtb 168ab9b2e15Sgtb static OM_uint32 k5glue_import_name 169ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 170ab9b2e15Sgtb gss_buffer_t, /* input_name_buffer */ 171ab9b2e15Sgtb gss_OID, /* input_name_type */ 172ab9b2e15Sgtb gss_name_t* /* output_name */ 173ab9b2e15Sgtb ); 174ab9b2e15Sgtb 175ab9b2e15Sgtb static OM_uint32 k5glue_release_name 176ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 177ab9b2e15Sgtb gss_name_t* /* input_name */ 178ab9b2e15Sgtb ); 179ab9b2e15Sgtb 180ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred 181ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 182ab9b2e15Sgtb gss_cred_id_t, /* cred_handle */ 183ab9b2e15Sgtb gss_name_t *, /* name */ 184ab9b2e15Sgtb OM_uint32 *, /* lifetime */ 185ab9b2e15Sgtb gss_cred_usage_t*,/* cred_usage */ 186ab9b2e15Sgtb gss_OID_set * /* mechanisms */ 187ab9b2e15Sgtb ); 188ab9b2e15Sgtb 189ab9b2e15Sgtb static OM_uint32 k5glue_inquire_context 190ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */ 191ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 192ab9b2e15Sgtb gss_name_t*, /* initiator_name */ 193ab9b2e15Sgtb gss_name_t*, /* acceptor_name */ 194ab9b2e15Sgtb OM_uint32*, /* lifetime_rec */ 195ab9b2e15Sgtb gss_OID*, /* mech_type */ 196ab9b2e15Sgtb OM_uint32*, /* ret_flags */ 197ab9b2e15Sgtb int*, /* locally_initiated */ 198ab9b2e15Sgtb int* /* open */ 199ab9b2e15Sgtb ); 200ab9b2e15Sgtb 201ab9b2e15Sgtb #if 0 202ab9b2e15Sgtb /* New V2 entry points */ 203ab9b2e15Sgtb static OM_uint32 k5glue_get_mic 204ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 205ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 206ab9b2e15Sgtb gss_qop_t, /* qop_req */ 207ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 208ab9b2e15Sgtb gss_buffer_t /* message_token */ 209ab9b2e15Sgtb ); 210ab9b2e15Sgtb 211ab9b2e15Sgtb static OM_uint32 k5glue_verify_mic 212ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 213ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 214ab9b2e15Sgtb gss_buffer_t, /* message_buffer */ 215ab9b2e15Sgtb gss_buffer_t, /* message_token */ 216ab9b2e15Sgtb gss_qop_t * /* qop_state */ 217ab9b2e15Sgtb ); 218ab9b2e15Sgtb 219ab9b2e15Sgtb static OM_uint32 k5glue_wrap 220ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 221ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 222ab9b2e15Sgtb int, /* conf_req_flag */ 223ab9b2e15Sgtb gss_qop_t, /* qop_req */ 224ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 225ab9b2e15Sgtb int *, /* conf_state */ 226ab9b2e15Sgtb gss_buffer_t /* output_message_buffer */ 227ab9b2e15Sgtb ); 228ab9b2e15Sgtb 229ab9b2e15Sgtb static OM_uint32 k5glue_unwrap 230ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 231ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 232ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */ 233ab9b2e15Sgtb gss_buffer_t, /* output_message_buffer */ 234ab9b2e15Sgtb int *, /* conf_state */ 235ab9b2e15Sgtb gss_qop_t * /* qop_state */ 236ab9b2e15Sgtb ); 237ab9b2e15Sgtb #endif 238ab9b2e15Sgtb 239ab9b2e15Sgtb static OM_uint32 k5glue_wrap_size_limit 240ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 241ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */ 242ab9b2e15Sgtb int, /* conf_req_flag */ 243ab9b2e15Sgtb gss_qop_t, /* qop_req */ 244ab9b2e15Sgtb OM_uint32, /* req_output_size */ 245ab9b2e15Sgtb OM_uint32 * /* max_input_size */ 246ab9b2e15Sgtb ); 247ab9b2e15Sgtb 248ab9b2e15Sgtb #if 0 249ab9b2e15Sgtb static OM_uint32 k5glue_import_name_object 250ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 251ab9b2e15Sgtb void *, /* input_name */ 252ab9b2e15Sgtb gss_OID, /* input_name_type */ 253ab9b2e15Sgtb gss_name_t * /* output_name */ 254ab9b2e15Sgtb ); 255ab9b2e15Sgtb 256ab9b2e15Sgtb static OM_uint32 k5glue_export_name_object 257ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 258ab9b2e15Sgtb gss_name_t, /* input_name */ 259ab9b2e15Sgtb gss_OID, /* desired_name_type */ 260ab9b2e15Sgtb void * * /* output_name */ 261ab9b2e15Sgtb ); 262ab9b2e15Sgtb #endif 263ab9b2e15Sgtb 264ab9b2e15Sgtb static OM_uint32 k5glue_add_cred 265ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 266ab9b2e15Sgtb gss_cred_id_t, /* input_cred_handle */ 267ab9b2e15Sgtb gss_name_t, /* desired_name */ 268ab9b2e15Sgtb gss_OID, /* desired_mech */ 269ab9b2e15Sgtb gss_cred_usage_t, /* cred_usage */ 270ab9b2e15Sgtb OM_uint32, /* initiator_time_req */ 271ab9b2e15Sgtb OM_uint32, /* acceptor_time_req */ 272ab9b2e15Sgtb gss_cred_id_t *, /* output_cred_handle */ 273ab9b2e15Sgtb gss_OID_set *, /* actual_mechs */ 274ab9b2e15Sgtb OM_uint32 *, /* initiator_time_rec */ 275ab9b2e15Sgtb OM_uint32 * /* acceptor_time_rec */ 276ab9b2e15Sgtb ); 277ab9b2e15Sgtb 278ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred_by_mech 279ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 280ab9b2e15Sgtb gss_cred_id_t, /* cred_handle */ 281ab9b2e15Sgtb gss_OID, /* mech_type */ 282ab9b2e15Sgtb gss_name_t *, /* name */ 283ab9b2e15Sgtb OM_uint32 *, /* initiator_lifetime */ 284ab9b2e15Sgtb OM_uint32 *, /* acceptor_lifetime */ 285ab9b2e15Sgtb gss_cred_usage_t * /* cred_usage */ 286ab9b2e15Sgtb ); 287ab9b2e15Sgtb 288ab9b2e15Sgtb static OM_uint32 k5glue_export_sec_context 289ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 290ab9b2e15Sgtb gss_ctx_id_t *, /* context_handle */ 291ab9b2e15Sgtb gss_buffer_t /* interprocess_token */ 292ab9b2e15Sgtb ); 293ab9b2e15Sgtb 294ab9b2e15Sgtb static OM_uint32 k5glue_import_sec_context 295ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 296ab9b2e15Sgtb gss_buffer_t, /* interprocess_token */ 297ab9b2e15Sgtb gss_ctx_id_t * /* context_handle */ 298ab9b2e15Sgtb ); 299ab9b2e15Sgtb 300ab9b2e15Sgtb krb5_error_code k5glue_ser_init(krb5_context); 301ab9b2e15Sgtb 302ab9b2e15Sgtb static OM_uint32 k5glue_internal_release_oid 303ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 304ab9b2e15Sgtb gss_OID * /* oid */ 305ab9b2e15Sgtb ); 306ab9b2e15Sgtb 307ab9b2e15Sgtb static OM_uint32 k5glue_inquire_names_for_mech 308ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 309ab9b2e15Sgtb gss_OID, /* mechanism */ 310ab9b2e15Sgtb gss_OID_set * /* name_types */ 311ab9b2e15Sgtb ); 312ab9b2e15Sgtb 313ab9b2e15Sgtb #if 0 314ab9b2e15Sgtb static OM_uint32 k5glue_canonicalize_name 315ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 316ab9b2e15Sgtb const gss_name_t, /* input_name */ 317ab9b2e15Sgtb const gss_OID, /* mech_type */ 318ab9b2e15Sgtb gss_name_t * /* output_name */ 319ab9b2e15Sgtb ); 320ab9b2e15Sgtb #endif 321ab9b2e15Sgtb 322ab9b2e15Sgtb static OM_uint32 k5glue_export_name 323ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 324ab9b2e15Sgtb const gss_name_t, /* input_name */ 325ab9b2e15Sgtb gss_buffer_t /* exported_name */ 326ab9b2e15Sgtb ); 327ab9b2e15Sgtb 328ab9b2e15Sgtb /* SUNW15resync - Solaris specific */ 329ab9b2e15Sgtb static OM_uint32 k5glue_store_cred ( 330ab9b2e15Sgtb void *, 331ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 332ab9b2e15Sgtb const gss_cred_id_t, /* input_cred */ 333ab9b2e15Sgtb gss_cred_usage_t, /* cred_usage */ 334ab9b2e15Sgtb const gss_OID, /* desired_mech */ 335ab9b2e15Sgtb OM_uint32, /* overwrite_cred */ 336ab9b2e15Sgtb OM_uint32, /* default_cred */ 337ab9b2e15Sgtb gss_OID_set *, /* elements_stored */ 338ab9b2e15Sgtb gss_cred_usage_t * /* cred_usage_stored */ 339ab9b2e15Sgtb ); 340ab9b2e15Sgtb 341*ba7b222eSGlenn Barry /* SUNW17PACresync - this decl not needed in MIT but is for Sol */ 342*ba7b222eSGlenn Barry /* Note code is in gsspi_krb5.c */ 343*ba7b222eSGlenn Barry OM_uint32 krb5_gss_inquire_sec_context_by_oid( 344*ba7b222eSGlenn Barry OM_uint32 *, 345*ba7b222eSGlenn Barry const gss_ctx_id_t, 346*ba7b222eSGlenn Barry const gss_OID, 347*ba7b222eSGlenn Barry gss_buffer_set_t *); 348*ba7b222eSGlenn Barry 349ab9b2e15Sgtb static OM_uint32 350ab9b2e15Sgtb k5glue_userok( 351ab9b2e15Sgtb void *, /* context */ 352ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 353ab9b2e15Sgtb const gss_name_t, /* pname */ 354ab9b2e15Sgtb const char *, /* local user */ 355ab9b2e15Sgtb int * /* user ok? */ 356ab9b2e15Sgtb /* */); 357ab9b2e15Sgtb 358ab9b2e15Sgtb static OM_uint32 359ab9b2e15Sgtb k5glue_pname_to_uid( 360ab9b2e15Sgtb void *, /* context */ 361ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 362ab9b2e15Sgtb const gss_name_t, /* pname */ 363ab9b2e15Sgtb uid_t * /* uid */ 364ab9b2e15Sgtb /* */); 365ab9b2e15Sgtb 366ab9b2e15Sgtb 367ab9b2e15Sgtb 368ab9b2e15Sgtb 369ab9b2e15Sgtb #if 0 370ab9b2e15Sgtb static OM_uint32 k5glue_duplicate_name 371ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 372ab9b2e15Sgtb const gss_name_t, /* input_name */ 373ab9b2e15Sgtb gss_name_t * /* dest_name */ 374ab9b2e15Sgtb ); 375ab9b2e15Sgtb #endif 376ab9b2e15Sgtb 377ab9b2e15Sgtb #if 0 378ab9b2e15Sgtb static OM_uint32 k5glue_validate_cred 379ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */ 380ab9b2e15Sgtb gss_cred_id_t /* cred */ 381ab9b2e15Sgtb ); 382ab9b2e15Sgtb #endif 383ab9b2e15Sgtb 384ab9b2e15Sgtb #if 0 385ab9b2e15Sgtb /* 386ab9b2e15Sgtb * SUNW15resync 387ab9b2e15Sgtb * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src 388ab9b2e15Sgtb * slicing&dicing needs of the "nightly -SD" build. When it goes away, 389ab9b2e15Sgtb * we should use it assuming MIT still uses it then. 390ab9b2e15Sgtb */ 391ab9b2e15Sgtb 392ab9b2e15Sgtb /* 393ab9b2e15Sgtb * The krb5 mechanism provides two mech OIDs; use this initializer to 394ab9b2e15Sgtb * ensure that both dispatch tables contain identical function 395ab9b2e15Sgtb * pointers. 396ab9b2e15Sgtb */ 397ab9b2e15Sgtb #define KRB5_GSS_CONFIG_INIT \ 398ab9b2e15Sgtb NULL, \ 399ab9b2e15Sgtb ... 400ab9b2e15Sgtb #endif 401ab9b2e15Sgtb 402ab9b2e15Sgtb 403ab9b2e15Sgtb static struct gss_config krb5_mechanism = { 404ab9b2e15Sgtb #if 0 /* Solaris Kerberos */ 405ab9b2e15Sgtb 100, "kerberos_v5", 406ab9b2e15Sgtb #endif 407ab9b2e15Sgtb { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, 408ab9b2e15Sgtb NULL, 409ab9b2e15Sgtb k5glue_acquire_cred, 410ab9b2e15Sgtb k5glue_release_cred, 411ab9b2e15Sgtb k5glue_init_sec_context, 412ab9b2e15Sgtb k5glue_accept_sec_context, 413ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 414ab9b2e15Sgtb k5glue_unseal, 415ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 416ab9b2e15Sgtb k5glue_process_context_token, 417ab9b2e15Sgtb k5glue_delete_sec_context, 418ab9b2e15Sgtb k5glue_context_time, 419ab9b2e15Sgtb k5glue_display_status, 420ab9b2e15Sgtb k5glue_indicate_mechs, 421ab9b2e15Sgtb k5glue_compare_name, 422ab9b2e15Sgtb k5glue_display_name, 423ab9b2e15Sgtb k5glue_import_name, 424ab9b2e15Sgtb k5glue_release_name, 425ab9b2e15Sgtb k5glue_inquire_cred, 426ab9b2e15Sgtb k5glue_add_cred, 427ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 428ab9b2e15Sgtb k5glue_seal, 429ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 430ab9b2e15Sgtb k5glue_export_sec_context, 431ab9b2e15Sgtb k5glue_import_sec_context, 432ab9b2e15Sgtb k5glue_inquire_cred_by_mech, 433ab9b2e15Sgtb k5glue_inquire_names_for_mech, 434ab9b2e15Sgtb k5glue_inquire_context, 435ab9b2e15Sgtb k5glue_internal_release_oid, 436ab9b2e15Sgtb k5glue_wrap_size_limit, 437ab9b2e15Sgtb k5glue_pname_to_uid, 438ab9b2e15Sgtb k5glue_userok, 439ab9b2e15Sgtb k5glue_export_name, 440ab9b2e15Sgtb /* EXPORT DELETE START */ 441ab9b2e15Sgtb /* CRYPT DELETE START */ 442ab9b2e15Sgtb #if 0 443ab9b2e15Sgtb /* CRYPT DELETE END */ 444ab9b2e15Sgtb k5glue_seal, 445ab9b2e15Sgtb k5glue_unseal, 446ab9b2e15Sgtb /* CRYPT DELETE START */ 447ab9b2e15Sgtb #endif 448ab9b2e15Sgtb /* CRYPT DELETE END */ 449ab9b2e15Sgtb /* EXPORT DELETE END */ 450ab9b2e15Sgtb k5glue_sign, 451ab9b2e15Sgtb k5glue_verify, 452*ba7b222eSGlenn Barry k5glue_store_cred, 453*ba7b222eSGlenn Barry krb5_gss_inquire_sec_context_by_oid 454ab9b2e15Sgtb }; 455ab9b2e15Sgtb 456ab9b2e15Sgtb static struct gss_config krb5_mechanism_old = { 457ab9b2e15Sgtb #if 0 /* Solaris Kerberos */ 458ab9b2e15Sgtb 200, "kerberos_v5 (pre-RFC OID)", 459ab9b2e15Sgtb #endif 460ab9b2e15Sgtb { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID }, 461ab9b2e15Sgtb NULL, 462ab9b2e15Sgtb k5glue_acquire_cred, 463ab9b2e15Sgtb k5glue_release_cred, 464ab9b2e15Sgtb k5glue_init_sec_context, 465ab9b2e15Sgtb k5glue_accept_sec_context, 466ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 467ab9b2e15Sgtb k5glue_unseal, 468ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 469ab9b2e15Sgtb k5glue_process_context_token, 470ab9b2e15Sgtb k5glue_delete_sec_context, 471ab9b2e15Sgtb k5glue_context_time, 472ab9b2e15Sgtb k5glue_display_status, 473ab9b2e15Sgtb k5glue_indicate_mechs, 474ab9b2e15Sgtb k5glue_compare_name, 475ab9b2e15Sgtb k5glue_display_name, 476ab9b2e15Sgtb k5glue_import_name, 477ab9b2e15Sgtb k5glue_release_name, 478ab9b2e15Sgtb k5glue_inquire_cred, 479ab9b2e15Sgtb k5glue_add_cred, 480ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 481ab9b2e15Sgtb k5glue_seal, 482ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 483ab9b2e15Sgtb k5glue_export_sec_context, 484ab9b2e15Sgtb k5glue_import_sec_context, 485ab9b2e15Sgtb k5glue_inquire_cred_by_mech, 486ab9b2e15Sgtb k5glue_inquire_names_for_mech, 487ab9b2e15Sgtb k5glue_inquire_context, 488ab9b2e15Sgtb k5glue_internal_release_oid, 489ab9b2e15Sgtb k5glue_wrap_size_limit, 490ab9b2e15Sgtb k5glue_pname_to_uid, 491ab9b2e15Sgtb k5glue_userok, 492ab9b2e15Sgtb k5glue_export_name, 493ab9b2e15Sgtb /* EXPORT DELETE START */ 494ab9b2e15Sgtb /* CRYPT DELETE START */ 495ab9b2e15Sgtb #if 0 496ab9b2e15Sgtb /* CRYPT DELETE END */ 497ab9b2e15Sgtb k5glue_seal, 498ab9b2e15Sgtb k5glue_unseal, 499ab9b2e15Sgtb /* CRYPT DELETE START */ 500ab9b2e15Sgtb #endif 501ab9b2e15Sgtb /* CRYPT DELETE END */ 502ab9b2e15Sgtb /* EXPORT DELETE END */ 503ab9b2e15Sgtb k5glue_sign, 504ab9b2e15Sgtb k5glue_verify, 505*ba7b222eSGlenn Barry k5glue_store_cred, 506*ba7b222eSGlenn Barry krb5_gss_inquire_sec_context_by_oid 507ab9b2e15Sgtb }; 508ab9b2e15Sgtb 509ab9b2e15Sgtb static struct gss_config krb5_mechanism_wrong = { 510ab9b2e15Sgtb #if 0 /* Solaris Kerberos */ 511ab9b2e15Sgtb 300, "kerberos_v5 (wrong OID)", 512ab9b2e15Sgtb #endif 513ab9b2e15Sgtb { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID }, 514ab9b2e15Sgtb NULL, 515ab9b2e15Sgtb k5glue_acquire_cred, 516ab9b2e15Sgtb k5glue_release_cred, 517ab9b2e15Sgtb k5glue_init_sec_context, 518ab9b2e15Sgtb k5glue_accept_sec_context, 519ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 520ab9b2e15Sgtb k5glue_unseal, 521ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 522ab9b2e15Sgtb k5glue_process_context_token, 523ab9b2e15Sgtb k5glue_delete_sec_context, 524ab9b2e15Sgtb k5glue_context_time, 525ab9b2e15Sgtb k5glue_display_status, 526ab9b2e15Sgtb k5glue_indicate_mechs, 527ab9b2e15Sgtb k5glue_compare_name, 528ab9b2e15Sgtb k5glue_display_name, 529ab9b2e15Sgtb k5glue_import_name, 530ab9b2e15Sgtb k5glue_release_name, 531ab9b2e15Sgtb k5glue_inquire_cred, 532ab9b2e15Sgtb k5glue_add_cred, 533ab9b2e15Sgtb /* EXPORT DELETE START */ /* CRYPT DELETE START */ 534ab9b2e15Sgtb k5glue_seal, 535ab9b2e15Sgtb /* EXPORT DELETE END */ /* CRYPT DELETE END */ 536ab9b2e15Sgtb k5glue_export_sec_context, 537ab9b2e15Sgtb k5glue_import_sec_context, 538ab9b2e15Sgtb k5glue_inquire_cred_by_mech, 539ab9b2e15Sgtb k5glue_inquire_names_for_mech, 540ab9b2e15Sgtb k5glue_inquire_context, 541ab9b2e15Sgtb k5glue_internal_release_oid, 542ab9b2e15Sgtb k5glue_wrap_size_limit, 543ab9b2e15Sgtb k5glue_pname_to_uid, 544ab9b2e15Sgtb k5glue_userok, 545ab9b2e15Sgtb k5glue_export_name, 546ab9b2e15Sgtb /* EXPORT DELETE START */ 547ab9b2e15Sgtb /* CRYPT DELETE START */ 548ab9b2e15Sgtb #if 0 549ab9b2e15Sgtb /* CRYPT DELETE END */ 550ab9b2e15Sgtb k5glue_seal, 551ab9b2e15Sgtb k5glue_unseal, 552ab9b2e15Sgtb /* CRYPT DELETE START */ 553ab9b2e15Sgtb #endif 554ab9b2e15Sgtb /* CRYPT DELETE END */ 555ab9b2e15Sgtb /* EXPORT DELETE END */ 556ab9b2e15Sgtb k5glue_sign, 557ab9b2e15Sgtb k5glue_verify, 558*ba7b222eSGlenn Barry k5glue_store_cred, 559*ba7b222eSGlenn Barry krb5_gss_inquire_sec_context_by_oid 560ab9b2e15Sgtb }; 561ab9b2e15Sgtb 562ab9b2e15Sgtb static gss_mechanism krb5_mech_configs[] = { 563ab9b2e15Sgtb &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL 564ab9b2e15Sgtb }; 565ab9b2e15Sgtb 566ab9b2e15Sgtb #ifdef MS_BUG_TEST 567ab9b2e15Sgtb static gss_mechanism krb5_mech_configs_hack[] = { 568ab9b2e15Sgtb &krb5_mechanism, &krb5_mechanism_old, NULL 569ab9b2e15Sgtb }; 570ab9b2e15Sgtb #endif 571ab9b2e15Sgtb 572ab9b2e15Sgtb #if 1 573ab9b2e15Sgtb #define gssint_get_mech_configs krb5_gss_get_mech_configs 574ab9b2e15Sgtb #endif 575ab9b2e15Sgtb 576ab9b2e15Sgtb gss_mechanism * 577ab9b2e15Sgtb gssint_get_mech_configs(void) 578ab9b2e15Sgtb { 579ab9b2e15Sgtb #ifdef MS_BUG_TEST 580ab9b2e15Sgtb char *envstr = getenv("MS_FORCE_NO_MSOID"); 581ab9b2e15Sgtb 582ab9b2e15Sgtb if (envstr != NULL && strcmp(envstr, "1") == 0) { 583ab9b2e15Sgtb return krb5_mech_configs_hack; 584ab9b2e15Sgtb } 585ab9b2e15Sgtb #endif 586ab9b2e15Sgtb return krb5_mech_configs; 587ab9b2e15Sgtb } 588ab9b2e15Sgtb 589ab9b2e15Sgtb static OM_uint32 590ab9b2e15Sgtb k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle, 591ab9b2e15Sgtb input_token, input_chan_bindings, src_name, mech_type, 592ab9b2e15Sgtb output_token, ret_flags, time_rec, delegated_cred_handle) 593ab9b2e15Sgtb void *ctx; 594ab9b2e15Sgtb OM_uint32 *minor_status; 595ab9b2e15Sgtb gss_ctx_id_t *context_handle; 596ab9b2e15Sgtb gss_cred_id_t verifier_cred_handle; 597ab9b2e15Sgtb gss_buffer_t input_token; 598ab9b2e15Sgtb gss_channel_bindings_t input_chan_bindings; 599ab9b2e15Sgtb gss_name_t *src_name; 600ab9b2e15Sgtb gss_OID *mech_type; 601ab9b2e15Sgtb gss_buffer_t output_token; 602ab9b2e15Sgtb OM_uint32 *ret_flags; 603ab9b2e15Sgtb OM_uint32 *time_rec; 604ab9b2e15Sgtb gss_cred_id_t *delegated_cred_handle; 605ab9b2e15Sgtb { 606ab9b2e15Sgtb return(krb5_gss_accept_sec_context(minor_status, 607ab9b2e15Sgtb context_handle, 608ab9b2e15Sgtb verifier_cred_handle, 609ab9b2e15Sgtb input_token, 610ab9b2e15Sgtb input_chan_bindings, 611ab9b2e15Sgtb src_name, 612ab9b2e15Sgtb mech_type, 613ab9b2e15Sgtb output_token, 614ab9b2e15Sgtb ret_flags, 615ab9b2e15Sgtb time_rec, 616ab9b2e15Sgtb delegated_cred_handle)); 617ab9b2e15Sgtb } 618ab9b2e15Sgtb 619ab9b2e15Sgtb static OM_uint32 620ab9b2e15Sgtb k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs, 621ab9b2e15Sgtb cred_usage, output_cred_handle, actual_mechs, time_rec) 622ab9b2e15Sgtb void *ctx; 623ab9b2e15Sgtb OM_uint32 *minor_status; 624ab9b2e15Sgtb gss_name_t desired_name; 625ab9b2e15Sgtb OM_uint32 time_req; 626ab9b2e15Sgtb gss_OID_set desired_mechs; 627159d09a2SMark Phalan gss_cred_usage_t cred_usage; 628ab9b2e15Sgtb gss_cred_id_t *output_cred_handle; 629ab9b2e15Sgtb gss_OID_set *actual_mechs; 630ab9b2e15Sgtb OM_uint32 *time_rec; 631ab9b2e15Sgtb { 632ab9b2e15Sgtb return(krb5_gss_acquire_cred(minor_status, 633ab9b2e15Sgtb desired_name, 634ab9b2e15Sgtb time_req, 635ab9b2e15Sgtb desired_mechs, 636ab9b2e15Sgtb cred_usage, 637ab9b2e15Sgtb output_cred_handle, 638ab9b2e15Sgtb actual_mechs, 639ab9b2e15Sgtb time_rec)); 640ab9b2e15Sgtb } 641ab9b2e15Sgtb 642ab9b2e15Sgtb /* V2 */ 643ab9b2e15Sgtb static OM_uint32 644ab9b2e15Sgtb k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech, 645ab9b2e15Sgtb cred_usage, initiator_time_req, acceptor_time_req, 646ab9b2e15Sgtb output_cred_handle, actual_mechs, initiator_time_rec, 647ab9b2e15Sgtb acceptor_time_rec) 648ab9b2e15Sgtb void *ctx; 649ab9b2e15Sgtb OM_uint32 *minor_status; 650ab9b2e15Sgtb gss_cred_id_t input_cred_handle; 651ab9b2e15Sgtb gss_name_t desired_name; 652ab9b2e15Sgtb gss_OID desired_mech; 653ab9b2e15Sgtb gss_cred_usage_t cred_usage; 654ab9b2e15Sgtb OM_uint32 initiator_time_req; 655ab9b2e15Sgtb OM_uint32 acceptor_time_req; 656ab9b2e15Sgtb gss_cred_id_t *output_cred_handle; 657ab9b2e15Sgtb gss_OID_set *actual_mechs; 658ab9b2e15Sgtb OM_uint32 *initiator_time_rec; 659ab9b2e15Sgtb OM_uint32 *acceptor_time_rec; 660ab9b2e15Sgtb { 661ab9b2e15Sgtb return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name, 662ab9b2e15Sgtb desired_mech, cred_usage, initiator_time_req, 663ab9b2e15Sgtb acceptor_time_req, output_cred_handle, 664ab9b2e15Sgtb actual_mechs, initiator_time_rec, 665ab9b2e15Sgtb acceptor_time_rec)); 666ab9b2e15Sgtb } 667ab9b2e15Sgtb 668ab9b2e15Sgtb #if 0 669ab9b2e15Sgtb /* V2 */ 670ab9b2e15Sgtb static OM_uint32 671ab9b2e15Sgtb k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set) 672ab9b2e15Sgtb void *ctx; 673ab9b2e15Sgtb OM_uint32 *minor_status; 674ab9b2e15Sgtb gss_OID member_oid; 675ab9b2e15Sgtb gss_OID_set *oid_set; 676ab9b2e15Sgtb { 677ab9b2e15Sgtb return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set)); 678ab9b2e15Sgtb } 679ab9b2e15Sgtb #endif 680ab9b2e15Sgtb 681ab9b2e15Sgtb static OM_uint32 682ab9b2e15Sgtb k5glue_compare_name(ctx, minor_status, name1, name2, name_equal) 683ab9b2e15Sgtb void *ctx; 684ab9b2e15Sgtb OM_uint32 *minor_status; 685ab9b2e15Sgtb gss_name_t name1; 686ab9b2e15Sgtb gss_name_t name2; 687ab9b2e15Sgtb int *name_equal; 688ab9b2e15Sgtb { 689ab9b2e15Sgtb return(krb5_gss_compare_name(minor_status, name1, 690ab9b2e15Sgtb name2, name_equal)); 691ab9b2e15Sgtb } 692ab9b2e15Sgtb 693ab9b2e15Sgtb static OM_uint32 694ab9b2e15Sgtb k5glue_context_time(ctx, minor_status, context_handle, time_rec) 695ab9b2e15Sgtb void *ctx; 696ab9b2e15Sgtb OM_uint32 *minor_status; 697ab9b2e15Sgtb gss_ctx_id_t context_handle; 698ab9b2e15Sgtb OM_uint32 *time_rec; 699ab9b2e15Sgtb { 700ab9b2e15Sgtb return(krb5_gss_context_time(minor_status, context_handle, 701ab9b2e15Sgtb time_rec)); 702ab9b2e15Sgtb } 703ab9b2e15Sgtb 704ab9b2e15Sgtb #if 0 705ab9b2e15Sgtb /* V2 */ 706ab9b2e15Sgtb static OM_uint32 707ab9b2e15Sgtb k5glue_create_empty_oid_set(ctx, minor_status, oid_set) 708ab9b2e15Sgtb void *ctx; 709ab9b2e15Sgtb OM_uint32 *minor_status; 710ab9b2e15Sgtb gss_OID_set *oid_set; 711ab9b2e15Sgtb { 712ab9b2e15Sgtb return(generic_gss_create_empty_oid_set(minor_status, oid_set)); 713ab9b2e15Sgtb } 714ab9b2e15Sgtb #endif 715ab9b2e15Sgtb 716ab9b2e15Sgtb static OM_uint32 717ab9b2e15Sgtb k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token) 718ab9b2e15Sgtb void *ctx; 719ab9b2e15Sgtb OM_uint32 *minor_status; 720ab9b2e15Sgtb gss_ctx_id_t *context_handle; 721ab9b2e15Sgtb gss_buffer_t output_token; 722ab9b2e15Sgtb { 723ab9b2e15Sgtb return(krb5_gss_delete_sec_context(minor_status, 724ab9b2e15Sgtb context_handle, output_token)); 725ab9b2e15Sgtb } 726ab9b2e15Sgtb 727ab9b2e15Sgtb static OM_uint32 728ab9b2e15Sgtb k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type) 729ab9b2e15Sgtb void *ctx; 730ab9b2e15Sgtb OM_uint32 *minor_status; 731ab9b2e15Sgtb gss_name_t input_name; 732ab9b2e15Sgtb gss_buffer_t output_name_buffer; 733ab9b2e15Sgtb gss_OID *output_name_type; 734ab9b2e15Sgtb { 735ab9b2e15Sgtb return(krb5_gss_display_name(minor_status, input_name, 736ab9b2e15Sgtb output_name_buffer, output_name_type)); 737ab9b2e15Sgtb } 738ab9b2e15Sgtb 739ab9b2e15Sgtb static OM_uint32 740ab9b2e15Sgtb k5glue_display_status(ctx, minor_status, status_value, status_type, 741ab9b2e15Sgtb mech_type, message_context, status_string) 742ab9b2e15Sgtb void *ctx; 743ab9b2e15Sgtb OM_uint32 *minor_status; 744ab9b2e15Sgtb OM_uint32 status_value; 745ab9b2e15Sgtb int status_type; 746ab9b2e15Sgtb gss_OID mech_type; 747ab9b2e15Sgtb OM_uint32 *message_context; 748ab9b2e15Sgtb gss_buffer_t status_string; 749ab9b2e15Sgtb { 750ab9b2e15Sgtb return(krb5_gss_display_status(minor_status, status_value, 751ab9b2e15Sgtb status_type, mech_type, message_context, 752ab9b2e15Sgtb status_string)); 753ab9b2e15Sgtb } 754ab9b2e15Sgtb 755ab9b2e15Sgtb /* V2 */ 756ab9b2e15Sgtb static OM_uint32 757ab9b2e15Sgtb k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token) 758ab9b2e15Sgtb void *ctx; 759ab9b2e15Sgtb OM_uint32 *minor_status; 760ab9b2e15Sgtb gss_ctx_id_t *context_handle; 761ab9b2e15Sgtb gss_buffer_t interprocess_token; 762ab9b2e15Sgtb { 763ab9b2e15Sgtb return(krb5_gss_export_sec_context(minor_status, 764ab9b2e15Sgtb context_handle, 765ab9b2e15Sgtb interprocess_token)); 766ab9b2e15Sgtb } 767ab9b2e15Sgtb 768ab9b2e15Sgtb #if 0 769ab9b2e15Sgtb /* V2 */ 770ab9b2e15Sgtb static OM_uint32 771ab9b2e15Sgtb k5glue_get_mic(ctx, minor_status, context_handle, qop_req, 772ab9b2e15Sgtb message_buffer, message_token) 773ab9b2e15Sgtb void *ctx; 774ab9b2e15Sgtb OM_uint32 *minor_status; 775ab9b2e15Sgtb gss_ctx_id_t context_handle; 776ab9b2e15Sgtb gss_qop_t qop_req; 777ab9b2e15Sgtb gss_buffer_t message_buffer; 778ab9b2e15Sgtb gss_buffer_t message_token; 779ab9b2e15Sgtb { 780ab9b2e15Sgtb return(krb5_gss_get_mic(minor_status, context_handle, 781ab9b2e15Sgtb qop_req, message_buffer, message_token)); 782ab9b2e15Sgtb } 783ab9b2e15Sgtb #endif 784ab9b2e15Sgtb 785ab9b2e15Sgtb static OM_uint32 786ab9b2e15Sgtb k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name) 787ab9b2e15Sgtb void *ctx; 788ab9b2e15Sgtb OM_uint32 *minor_status; 789ab9b2e15Sgtb gss_buffer_t input_name_buffer; 790ab9b2e15Sgtb gss_OID input_name_type; 791ab9b2e15Sgtb gss_name_t *output_name; 792ab9b2e15Sgtb { 793ab9b2e15Sgtb #if 0 794ab9b2e15Sgtb OM_uint32 err; 795ab9b2e15Sgtb err = gssint_initialize_library(); 796ab9b2e15Sgtb if (err) { 797ab9b2e15Sgtb *minor_status = err; 798ab9b2e15Sgtb return GSS_S_FAILURE; 799ab9b2e15Sgtb } 800ab9b2e15Sgtb #endif 801ab9b2e15Sgtb return(krb5_gss_import_name(minor_status, input_name_buffer, 802ab9b2e15Sgtb input_name_type, output_name)); 803ab9b2e15Sgtb } 804ab9b2e15Sgtb 805ab9b2e15Sgtb /* V2 */ 806ab9b2e15Sgtb static OM_uint32 807ab9b2e15Sgtb k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) 808ab9b2e15Sgtb void *ctx; 809ab9b2e15Sgtb OM_uint32 *minor_status; 810ab9b2e15Sgtb gss_buffer_t interprocess_token; 811ab9b2e15Sgtb gss_ctx_id_t *context_handle; 812ab9b2e15Sgtb { 813ab9b2e15Sgtb return(krb5_gss_import_sec_context(minor_status, 814ab9b2e15Sgtb interprocess_token, 815ab9b2e15Sgtb context_handle)); 816ab9b2e15Sgtb } 817ab9b2e15Sgtb 818ab9b2e15Sgtb static OM_uint32 819ab9b2e15Sgtb k5glue_indicate_mechs(ctx, minor_status, mech_set) 820ab9b2e15Sgtb void *ctx; 821ab9b2e15Sgtb OM_uint32 *minor_status; 822ab9b2e15Sgtb gss_OID_set *mech_set; 823ab9b2e15Sgtb { 824ab9b2e15Sgtb return(krb5_gss_indicate_mechs(minor_status, mech_set)); 825ab9b2e15Sgtb } 826ab9b2e15Sgtb 827ab9b2e15Sgtb static OM_uint32 828ab9b2e15Sgtb k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle, 829ab9b2e15Sgtb target_name, mech_type, req_flags, time_req, 830ab9b2e15Sgtb input_chan_bindings, input_token, actual_mech_type, 831ab9b2e15Sgtb output_token, ret_flags, time_rec) 832ab9b2e15Sgtb void *ctx; 833ab9b2e15Sgtb OM_uint32 *minor_status; 834ab9b2e15Sgtb gss_cred_id_t claimant_cred_handle; 835ab9b2e15Sgtb gss_ctx_id_t *context_handle; 836ab9b2e15Sgtb gss_name_t target_name; 837ab9b2e15Sgtb gss_OID mech_type; 838ab9b2e15Sgtb OM_uint32 req_flags; 839ab9b2e15Sgtb OM_uint32 time_req; 840ab9b2e15Sgtb gss_channel_bindings_t input_chan_bindings; 841ab9b2e15Sgtb gss_buffer_t input_token; 842ab9b2e15Sgtb gss_OID *actual_mech_type; 843ab9b2e15Sgtb gss_buffer_t output_token; 844ab9b2e15Sgtb OM_uint32 *ret_flags; 845ab9b2e15Sgtb OM_uint32 *time_rec; 846ab9b2e15Sgtb { 847ab9b2e15Sgtb return(krb5_gss_init_sec_context(minor_status, 848ab9b2e15Sgtb claimant_cred_handle, context_handle, 849ab9b2e15Sgtb target_name, mech_type, req_flags, 850ab9b2e15Sgtb time_req, input_chan_bindings, input_token, 851ab9b2e15Sgtb actual_mech_type, output_token, ret_flags, 852ab9b2e15Sgtb time_rec)); 853ab9b2e15Sgtb } 854ab9b2e15Sgtb 855ab9b2e15Sgtb static OM_uint32 856ab9b2e15Sgtb k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name, 857ab9b2e15Sgtb lifetime_rec, mech_type, ret_flags, 858ab9b2e15Sgtb locally_initiated, open) 859ab9b2e15Sgtb void *ctx; 860ab9b2e15Sgtb OM_uint32 *minor_status; 861ab9b2e15Sgtb gss_ctx_id_t context_handle; 862ab9b2e15Sgtb gss_name_t *initiator_name; 863ab9b2e15Sgtb gss_name_t *acceptor_name; 864ab9b2e15Sgtb OM_uint32 *lifetime_rec; 865ab9b2e15Sgtb gss_OID *mech_type; 866ab9b2e15Sgtb OM_uint32 *ret_flags; 867ab9b2e15Sgtb int *locally_initiated; 868ab9b2e15Sgtb int *open; 869ab9b2e15Sgtb { 870ab9b2e15Sgtb return(krb5_gss_inquire_context(minor_status, context_handle, 871ab9b2e15Sgtb initiator_name, acceptor_name, lifetime_rec, 872ab9b2e15Sgtb mech_type, ret_flags, locally_initiated, 873ab9b2e15Sgtb open)); 874ab9b2e15Sgtb } 875ab9b2e15Sgtb 876ab9b2e15Sgtb static OM_uint32 877ab9b2e15Sgtb k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret, 878ab9b2e15Sgtb cred_usage, mechanisms) 879ab9b2e15Sgtb void *ctx; 880ab9b2e15Sgtb OM_uint32 *minor_status; 881ab9b2e15Sgtb gss_cred_id_t cred_handle; 882ab9b2e15Sgtb gss_name_t *name; 883ab9b2e15Sgtb OM_uint32 *lifetime_ret; 884ab9b2e15Sgtb gss_cred_usage_t *cred_usage; 885ab9b2e15Sgtb gss_OID_set *mechanisms; 886ab9b2e15Sgtb { 887ab9b2e15Sgtb return(krb5_gss_inquire_cred(minor_status, cred_handle, 888ab9b2e15Sgtb name, lifetime_ret, cred_usage, mechanisms)); 889ab9b2e15Sgtb } 890ab9b2e15Sgtb 891ab9b2e15Sgtb /* V2 */ 892ab9b2e15Sgtb static OM_uint32 893ab9b2e15Sgtb k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name, 894ab9b2e15Sgtb initiator_lifetime, acceptor_lifetime, cred_usage) 895ab9b2e15Sgtb void *ctx; 896ab9b2e15Sgtb OM_uint32 *minor_status; 897ab9b2e15Sgtb gss_cred_id_t cred_handle; 898ab9b2e15Sgtb gss_OID mech_type; 899ab9b2e15Sgtb gss_name_t *name; 900ab9b2e15Sgtb OM_uint32 *initiator_lifetime; 901ab9b2e15Sgtb OM_uint32 *acceptor_lifetime; 902ab9b2e15Sgtb gss_cred_usage_t *cred_usage; 903ab9b2e15Sgtb { 904ab9b2e15Sgtb return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle, 905ab9b2e15Sgtb mech_type, name, initiator_lifetime, 906ab9b2e15Sgtb acceptor_lifetime, cred_usage)); 907ab9b2e15Sgtb } 908ab9b2e15Sgtb 909ab9b2e15Sgtb /* V2 */ 910ab9b2e15Sgtb static OM_uint32 911ab9b2e15Sgtb k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types) 912ab9b2e15Sgtb void *ctx; 913ab9b2e15Sgtb OM_uint32 *minor_status; 914ab9b2e15Sgtb gss_OID mechanism; 915ab9b2e15Sgtb gss_OID_set *name_types; 916ab9b2e15Sgtb { 917ab9b2e15Sgtb return(krb5_gss_inquire_names_for_mech(minor_status, 918ab9b2e15Sgtb mechanism, 919ab9b2e15Sgtb name_types)); 920ab9b2e15Sgtb } 921ab9b2e15Sgtb 922ab9b2e15Sgtb #if 0 923ab9b2e15Sgtb /* V2 */ 924ab9b2e15Sgtb static OM_uint32 925ab9b2e15Sgtb k5glue_oid_to_str(ctx, minor_status, oid, oid_str) 926ab9b2e15Sgtb void *ctx; 927ab9b2e15Sgtb OM_uint32 *minor_status; 928ab9b2e15Sgtb gss_OID oid; 929ab9b2e15Sgtb gss_buffer_t oid_str; 930ab9b2e15Sgtb { 931ab9b2e15Sgtb return(generic_gss_oid_to_str(minor_status, oid, oid_str)); 932ab9b2e15Sgtb } 933ab9b2e15Sgtb #endif 934ab9b2e15Sgtb 935ab9b2e15Sgtb static OM_uint32 936ab9b2e15Sgtb k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer) 937ab9b2e15Sgtb void *ctx; 938ab9b2e15Sgtb OM_uint32 *minor_status; 939ab9b2e15Sgtb gss_ctx_id_t context_handle; 940ab9b2e15Sgtb gss_buffer_t token_buffer; 941ab9b2e15Sgtb { 942ab9b2e15Sgtb return(krb5_gss_process_context_token(minor_status, 943ab9b2e15Sgtb context_handle, token_buffer)); 944ab9b2e15Sgtb } 945ab9b2e15Sgtb 946ab9b2e15Sgtb static OM_uint32 947ab9b2e15Sgtb k5glue_release_cred(ctx, minor_status, cred_handle) 948ab9b2e15Sgtb void *ctx; 949ab9b2e15Sgtb OM_uint32 *minor_status; 950ab9b2e15Sgtb gss_cred_id_t *cred_handle; 951ab9b2e15Sgtb { 952ab9b2e15Sgtb return(krb5_gss_release_cred(minor_status, cred_handle)); 953ab9b2e15Sgtb } 954ab9b2e15Sgtb 955ab9b2e15Sgtb static OM_uint32 956ab9b2e15Sgtb k5glue_release_name(ctx, minor_status, input_name) 957ab9b2e15Sgtb void *ctx; 958ab9b2e15Sgtb OM_uint32 *minor_status; 959ab9b2e15Sgtb gss_name_t *input_name; 960ab9b2e15Sgtb { 961ab9b2e15Sgtb return(krb5_gss_release_name(minor_status, input_name)); 962ab9b2e15Sgtb } 963ab9b2e15Sgtb 964ab9b2e15Sgtb #if 0 965ab9b2e15Sgtb static OM_uint32 966ab9b2e15Sgtb k5glue_release_buffer(ctx, minor_status, buffer) 967ab9b2e15Sgtb void *ctx; 968ab9b2e15Sgtb OM_uint32 *minor_status; 969ab9b2e15Sgtb gss_buffer_t buffer; 970ab9b2e15Sgtb { 971ab9b2e15Sgtb return(generic_gss_release_buffer(minor_status, 972ab9b2e15Sgtb buffer)); 973ab9b2e15Sgtb } 974ab9b2e15Sgtb #endif 975ab9b2e15Sgtb 976ab9b2e15Sgtb /* V2 */ 977ab9b2e15Sgtb static OM_uint32 978ab9b2e15Sgtb k5glue_internal_release_oid(ctx, minor_status, oid) 979ab9b2e15Sgtb void *ctx; 980ab9b2e15Sgtb OM_uint32 *minor_status; 981ab9b2e15Sgtb gss_OID *oid; 982ab9b2e15Sgtb { 983ab9b2e15Sgtb return(krb5_gss_internal_release_oid(minor_status, oid)); 984ab9b2e15Sgtb } 985ab9b2e15Sgtb 986ab9b2e15Sgtb #if 0 987ab9b2e15Sgtb static OM_uint32 988ab9b2e15Sgtb k5glue_release_oid_set(ctx, minor_status, set) 989ab9b2e15Sgtb void *ctx; 990ab9b2e15Sgtb OM_uint32 * minor_status; 991ab9b2e15Sgtb gss_OID_set *set; 992ab9b2e15Sgtb { 993ab9b2e15Sgtb return(generic_gss_release_oid_set(minor_status, set)); 994ab9b2e15Sgtb } 995ab9b2e15Sgtb #endif 996ab9b2e15Sgtb 997ab9b2e15Sgtb /* EXPORT DELETE START */ 998ab9b2e15Sgtb /* V1 only */ 999ab9b2e15Sgtb static OM_uint32 1000ab9b2e15Sgtb k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req, 1001ab9b2e15Sgtb input_message_buffer, conf_state, output_message_buffer) 1002ab9b2e15Sgtb void *ctx; 1003ab9b2e15Sgtb OM_uint32 *minor_status; 1004ab9b2e15Sgtb gss_ctx_id_t context_handle; 1005ab9b2e15Sgtb int conf_req_flag; 1006ab9b2e15Sgtb int qop_req; 1007ab9b2e15Sgtb gss_buffer_t input_message_buffer; 1008ab9b2e15Sgtb int *conf_state; 1009ab9b2e15Sgtb gss_buffer_t output_message_buffer; 1010ab9b2e15Sgtb { 1011ab9b2e15Sgtb return(krb5_gss_seal(minor_status, context_handle, 1012ab9b2e15Sgtb conf_req_flag, qop_req, input_message_buffer, 1013ab9b2e15Sgtb conf_state, output_message_buffer)); 1014ab9b2e15Sgtb } 1015ab9b2e15Sgtb /* EXPORT DELETE END */ 1016ab9b2e15Sgtb 1017ab9b2e15Sgtb static OM_uint32 1018ab9b2e15Sgtb k5glue_sign(ctx, minor_status, context_handle, 1019ab9b2e15Sgtb qop_req, message_buffer, 1020ab9b2e15Sgtb message_token) 1021ab9b2e15Sgtb void *ctx; 1022ab9b2e15Sgtb OM_uint32 *minor_status; 1023ab9b2e15Sgtb gss_ctx_id_t context_handle; 1024ab9b2e15Sgtb int qop_req; 1025ab9b2e15Sgtb gss_buffer_t message_buffer; 1026ab9b2e15Sgtb gss_buffer_t message_token; 1027ab9b2e15Sgtb { 1028ab9b2e15Sgtb return(krb5_gss_sign(minor_status, context_handle, 1029ab9b2e15Sgtb qop_req, message_buffer, message_token)); 1030ab9b2e15Sgtb } 1031ab9b2e15Sgtb 1032ab9b2e15Sgtb #if 0 1033ab9b2e15Sgtb /* V2 */ 1034ab9b2e15Sgtb static OM_uint32 1035ab9b2e15Sgtb k5glue_verify_mic(ctx, minor_status, context_handle, 1036ab9b2e15Sgtb message_buffer, token_buffer, qop_state) 1037ab9b2e15Sgtb void *ctx; 1038ab9b2e15Sgtb OM_uint32 *minor_status; 1039ab9b2e15Sgtb gss_ctx_id_t context_handle; 1040ab9b2e15Sgtb gss_buffer_t message_buffer; 1041ab9b2e15Sgtb gss_buffer_t token_buffer; 1042ab9b2e15Sgtb gss_qop_t *qop_state; 1043ab9b2e15Sgtb { 1044ab9b2e15Sgtb return(krb5_gss_verify_mic(minor_status, context_handle, 1045ab9b2e15Sgtb message_buffer, token_buffer, qop_state)); 1046ab9b2e15Sgtb } 1047ab9b2e15Sgtb 1048ab9b2e15Sgtb /* V2 */ 1049ab9b2e15Sgtb static OM_uint32 1050ab9b2e15Sgtb k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req, 1051ab9b2e15Sgtb input_message_buffer, conf_state, output_message_buffer) 1052ab9b2e15Sgtb void *ctx; 1053ab9b2e15Sgtb OM_uint32 *minor_status; 1054ab9b2e15Sgtb gss_ctx_id_t context_handle; 1055ab9b2e15Sgtb int conf_req_flag; 1056ab9b2e15Sgtb gss_qop_t qop_req; 1057ab9b2e15Sgtb gss_buffer_t input_message_buffer; 1058ab9b2e15Sgtb int *conf_state; 1059ab9b2e15Sgtb gss_buffer_t output_message_buffer; 1060ab9b2e15Sgtb { 1061ab9b2e15Sgtb return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req, 1062ab9b2e15Sgtb input_message_buffer, conf_state, 1063ab9b2e15Sgtb output_message_buffer)); 1064ab9b2e15Sgtb } 1065ab9b2e15Sgtb 1066ab9b2e15Sgtb /* V2 */ 1067ab9b2e15Sgtb static OM_uint32 1068ab9b2e15Sgtb k5glue_str_to_oid(ctx, minor_status, oid_str, oid) 1069ab9b2e15Sgtb void *ctx; 1070ab9b2e15Sgtb OM_uint32 *minor_status; 1071ab9b2e15Sgtb gss_buffer_t oid_str; 1072ab9b2e15Sgtb gss_OID *oid; 1073ab9b2e15Sgtb { 1074ab9b2e15Sgtb return(generic_gss_str_to_oid(minor_status, oid_str, oid)); 1075ab9b2e15Sgtb } 1076ab9b2e15Sgtb 1077ab9b2e15Sgtb /* V2 */ 1078ab9b2e15Sgtb static OM_uint32 1079ab9b2e15Sgtb k5glue_test_oid_set_member(ctx, minor_status, member, set, present) 1080ab9b2e15Sgtb void *ctx; 1081ab9b2e15Sgtb OM_uint32 *minor_status; 1082ab9b2e15Sgtb gss_OID member; 1083ab9b2e15Sgtb gss_OID_set set; 1084ab9b2e15Sgtb int *present; 1085ab9b2e15Sgtb { 1086ab9b2e15Sgtb return(generic_gss_test_oid_set_member(minor_status, member, set, 1087ab9b2e15Sgtb present)); 1088ab9b2e15Sgtb } 1089ab9b2e15Sgtb #endif 1090ab9b2e15Sgtb 1091ab9b2e15Sgtb /* EXPORT DELETE START */ 1092ab9b2e15Sgtb /* V1 only */ 1093ab9b2e15Sgtb static OM_uint32 1094ab9b2e15Sgtb k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer, 1095ab9b2e15Sgtb output_message_buffer, conf_state, qop_state) 1096ab9b2e15Sgtb void *ctx; 1097ab9b2e15Sgtb OM_uint32 *minor_status; 1098ab9b2e15Sgtb gss_ctx_id_t context_handle; 1099ab9b2e15Sgtb gss_buffer_t input_message_buffer; 1100ab9b2e15Sgtb gss_buffer_t output_message_buffer; 1101ab9b2e15Sgtb int *conf_state; 1102ab9b2e15Sgtb int *qop_state; 1103ab9b2e15Sgtb { 1104ab9b2e15Sgtb return(krb5_gss_unseal(minor_status, context_handle, 1105ab9b2e15Sgtb input_message_buffer, output_message_buffer, 1106ab9b2e15Sgtb conf_state, qop_state)); 1107ab9b2e15Sgtb } 1108ab9b2e15Sgtb /* EXPORT DELETE END */ 1109ab9b2e15Sgtb 1110ab9b2e15Sgtb #if 0 1111ab9b2e15Sgtb /* V2 */ 1112ab9b2e15Sgtb static OM_uint32 1113ab9b2e15Sgtb k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer, 1114ab9b2e15Sgtb output_message_buffer, conf_state, qop_state) 1115ab9b2e15Sgtb void *ctx; 1116ab9b2e15Sgtb OM_uint32 *minor_status; 1117ab9b2e15Sgtb gss_ctx_id_t context_handle; 1118ab9b2e15Sgtb gss_buffer_t input_message_buffer; 1119ab9b2e15Sgtb gss_buffer_t output_message_buffer; 1120ab9b2e15Sgtb int *conf_state; 1121ab9b2e15Sgtb gss_qop_t *qop_state; 1122ab9b2e15Sgtb { 1123ab9b2e15Sgtb return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer, 1124ab9b2e15Sgtb output_message_buffer, conf_state, qop_state)); 1125ab9b2e15Sgtb } 1126ab9b2e15Sgtb #endif 1127ab9b2e15Sgtb 1128ab9b2e15Sgtb /* V1 only */ 1129ab9b2e15Sgtb static OM_uint32 1130ab9b2e15Sgtb k5glue_verify(ctx, minor_status, context_handle, message_buffer, 1131ab9b2e15Sgtb token_buffer, qop_state) 1132ab9b2e15Sgtb void *ctx; 1133ab9b2e15Sgtb OM_uint32 *minor_status; 1134ab9b2e15Sgtb gss_ctx_id_t context_handle; 1135ab9b2e15Sgtb gss_buffer_t message_buffer; 1136ab9b2e15Sgtb gss_buffer_t token_buffer; 1137ab9b2e15Sgtb int *qop_state; 1138ab9b2e15Sgtb { 1139ab9b2e15Sgtb return(krb5_gss_verify(minor_status, 1140ab9b2e15Sgtb context_handle, 1141ab9b2e15Sgtb message_buffer, 1142ab9b2e15Sgtb token_buffer, 1143ab9b2e15Sgtb qop_state)); 1144ab9b2e15Sgtb } 1145ab9b2e15Sgtb 1146ab9b2e15Sgtb /* V2 interface */ 1147ab9b2e15Sgtb static OM_uint32 1148ab9b2e15Sgtb k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag, 1149ab9b2e15Sgtb qop_req, req_output_size, max_input_size) 1150ab9b2e15Sgtb void *ctx; 1151ab9b2e15Sgtb OM_uint32 *minor_status; 1152ab9b2e15Sgtb gss_ctx_id_t context_handle; 1153ab9b2e15Sgtb int conf_req_flag; 1154ab9b2e15Sgtb gss_qop_t qop_req; 1155ab9b2e15Sgtb OM_uint32 req_output_size; 1156ab9b2e15Sgtb OM_uint32 *max_input_size; 1157ab9b2e15Sgtb { 1158ab9b2e15Sgtb return(krb5_gss_wrap_size_limit(minor_status, context_handle, 1159ab9b2e15Sgtb conf_req_flag, qop_req, 1160ab9b2e15Sgtb req_output_size, max_input_size)); 1161ab9b2e15Sgtb } 1162ab9b2e15Sgtb 1163ab9b2e15Sgtb #if 0 1164ab9b2e15Sgtb /* V2 interface */ 1165ab9b2e15Sgtb static OM_uint32 1166ab9b2e15Sgtb k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name) 1167ab9b2e15Sgtb void *ctx; 1168ab9b2e15Sgtb OM_uint32 *minor_status; 1169ab9b2e15Sgtb const gss_name_t input_name; 1170ab9b2e15Sgtb const gss_OID mech_type; 1171ab9b2e15Sgtb gss_name_t *output_name; 1172ab9b2e15Sgtb { 1173ab9b2e15Sgtb return krb5_gss_canonicalize_name(minor_status, input_name, 1174ab9b2e15Sgtb mech_type, output_name); 1175ab9b2e15Sgtb } 1176ab9b2e15Sgtb #endif 1177ab9b2e15Sgtb 1178ab9b2e15Sgtb /* V2 interface */ 1179ab9b2e15Sgtb static OM_uint32 1180ab9b2e15Sgtb k5glue_export_name(ctx, minor_status, input_name, exported_name) 1181ab9b2e15Sgtb void *ctx; 1182ab9b2e15Sgtb OM_uint32 *minor_status; 1183ab9b2e15Sgtb const gss_name_t input_name; 1184ab9b2e15Sgtb gss_buffer_t exported_name; 1185ab9b2e15Sgtb { 1186ab9b2e15Sgtb return krb5_gss_export_name(minor_status, input_name, exported_name); 1187ab9b2e15Sgtb } 1188ab9b2e15Sgtb 1189ab9b2e15Sgtb /* SUNW15resync - this is not in the MIT mech (lib) yet */ 1190ab9b2e15Sgtb static OM_uint32 1191ab9b2e15Sgtb k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech, 1192ab9b2e15Sgtb overwrite_cred, default_cred, elements_stored, 1193ab9b2e15Sgtb cred_usage_stored) 1194ab9b2e15Sgtb void *ctx; 1195ab9b2e15Sgtb OM_uint32 *minor_status; 1196ab9b2e15Sgtb const gss_cred_id_t input_cred; 1197ab9b2e15Sgtb gss_cred_usage_t cred_usage; 1198ab9b2e15Sgtb gss_OID desired_mech; 1199ab9b2e15Sgtb OM_uint32 overwrite_cred; 1200ab9b2e15Sgtb OM_uint32 default_cred; 1201ab9b2e15Sgtb gss_OID_set *elements_stored; 1202ab9b2e15Sgtb gss_cred_usage_t *cred_usage_stored; 1203ab9b2e15Sgtb { 1204ab9b2e15Sgtb return(krb5_gss_store_cred(minor_status, input_cred, 1205ab9b2e15Sgtb cred_usage, desired_mech, 1206ab9b2e15Sgtb overwrite_cred, default_cred, elements_stored, 1207ab9b2e15Sgtb cred_usage_stored)); 1208ab9b2e15Sgtb } 1209ab9b2e15Sgtb 1210ab9b2e15Sgtb static OM_uint32 1211ab9b2e15Sgtb k5glue_userok( 1212ab9b2e15Sgtb void *ctxt, /* context */ 1213ab9b2e15Sgtb OM_uint32 *minor, /* minor_status */ 1214ab9b2e15Sgtb const gss_name_t pname, /* pname */ 1215ab9b2e15Sgtb const char *user, /* local user */ 1216ab9b2e15Sgtb int *user_ok /* user ok? */ 1217ab9b2e15Sgtb /* */) 1218ab9b2e15Sgtb { 1219ab9b2e15Sgtb return(krb5_gss_userok(minor, pname, user, user_ok)); 1220ab9b2e15Sgtb } 1221ab9b2e15Sgtb 1222ab9b2e15Sgtb static OM_uint32 1223ab9b2e15Sgtb k5glue_pname_to_uid( 1224ab9b2e15Sgtb void *ctxt, /* context */ 1225ab9b2e15Sgtb OM_uint32 *minor, /* minor_status */ 1226ab9b2e15Sgtb const gss_name_t pname, /* pname */ 1227ab9b2e15Sgtb uid_t *uidOut /* uid */ 1228ab9b2e15Sgtb /* */) 1229ab9b2e15Sgtb { 1230ab9b2e15Sgtb return (krb5_pname_to_uid(minor, pname, uidOut)); 1231ab9b2e15Sgtb } 1232ab9b2e15Sgtb 1233ab9b2e15Sgtb 1234ab9b2e15Sgtb 1235ab9b2e15Sgtb #if 0 1236ab9b2e15Sgtb /* V2 interface */ 1237ab9b2e15Sgtb static OM_uint32 1238ab9b2e15Sgtb k5glue_duplicate_name(ctx, minor_status, input_name, dest_name) 1239ab9b2e15Sgtb void *ctx; 1240ab9b2e15Sgtb OM_uint32 *minor_status; 1241ab9b2e15Sgtb const gss_name_t input_name; 1242ab9b2e15Sgtb gss_name_t *dest_name; 1243ab9b2e15Sgtb { 1244ab9b2e15Sgtb return krb5_gss_duplicate_name(minor_status, input_name, dest_name); 1245ab9b2e15Sgtb } 1246ab9b2e15Sgtb #endif 1247ab9b2e15Sgtb 1248ab9b2e15Sgtb 1249ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV 1250ab9b2e15Sgtb gss_krb5_copy_ccache( 1251ab9b2e15Sgtb OM_uint32 *minor_status, 1252ab9b2e15Sgtb gss_cred_id_t cred_handle, 1253ab9b2e15Sgtb krb5_ccache out_ccache) 1254ab9b2e15Sgtb { 1255ab9b2e15Sgtb gss_union_cred_t ucred; 1256ab9b2e15Sgtb gss_cred_id_t mcred; 1257ab9b2e15Sgtb 1258ab9b2e15Sgtb ucred = (gss_union_cred_t)cred_handle; 1259ab9b2e15Sgtb 1260ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); 1261ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1262ab9b2e15Sgtb return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); 1263ab9b2e15Sgtb 1264ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); 1265ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1266ab9b2e15Sgtb return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); 1267ab9b2e15Sgtb 1268ab9b2e15Sgtb return GSS_S_DEFECTIVE_CREDENTIAL; 1269ab9b2e15Sgtb } 1270ab9b2e15Sgtb 1271ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV 1272ab9b2e15Sgtb gss_krb5_set_allowable_enctypes( 1273ab9b2e15Sgtb OM_uint32 *minor_status, 1274ab9b2e15Sgtb gss_cred_id_t cred, 1275ab9b2e15Sgtb OM_uint32 num_ktypes, 1276ab9b2e15Sgtb krb5_enctype *ktypes) 1277ab9b2e15Sgtb { 1278ab9b2e15Sgtb gss_union_cred_t ucred; 1279ab9b2e15Sgtb gss_cred_id_t mcred; 1280ab9b2e15Sgtb 1281ab9b2e15Sgtb ucred = (gss_union_cred_t)cred; 1282ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); 1283ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1284ab9b2e15Sgtb return gss_krb5int_set_allowable_enctypes(minor_status, mcred, 1285ab9b2e15Sgtb num_ktypes, ktypes); 1286ab9b2e15Sgtb 1287ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); 1288ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL) 1289ab9b2e15Sgtb return gss_krb5int_set_allowable_enctypes(minor_status, mcred, 1290ab9b2e15Sgtb num_ktypes, ktypes); 1291ab9b2e15Sgtb 1292ab9b2e15Sgtb return GSS_S_DEFECTIVE_CREDENTIAL; 1293ab9b2e15Sgtb } 1294ab9b2e15Sgtb 1295ab9b2e15Sgtb /* 1296ab9b2e15Sgtb * Glue routine for returning the mechanism-specific credential from a 1297ab9b2e15Sgtb * external union credential. 1298ab9b2e15Sgtb */ 1299ab9b2e15Sgtb /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't 1300ab9b2e15Sgtb want to link against libgss so we put it here since we need it in the mech */ 1301ab9b2e15Sgtb gss_cred_id_t 1302ab9b2e15Sgtb gssint_get_mechanism_cred(union_cred, mech_type) 1303ab9b2e15Sgtb gss_union_cred_t union_cred; 1304ab9b2e15Sgtb gss_OID mech_type; 1305ab9b2e15Sgtb { 1306ab9b2e15Sgtb int i; 1307ab9b2e15Sgtb 1308ab9b2e15Sgtb if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL) 1309ab9b2e15Sgtb return GSS_C_NO_CREDENTIAL; 1310ab9b2e15Sgtb 1311ab9b2e15Sgtb for (i=0; i < union_cred->count; i++) { 1312ab9b2e15Sgtb if (g_OID_equal(mech_type, &union_cred->mechs_array[i])) 1313ab9b2e15Sgtb return union_cred->cred_array[i]; 1314ab9b2e15Sgtb } 1315ab9b2e15Sgtb return GSS_C_NO_CREDENTIAL; 1316ab9b2e15Sgtb } 1317ab9b2e15Sgtb 1318ab9b2e15Sgtb 1319ab9b2e15Sgtb 1320ab9b2e15Sgtb /* 1321ab9b2e15Sgtb * entry point for the gss layer, 1322ab9b2e15Sgtb * called "krb5_gss_initialize()" in MIT 1.2.1 1323ab9b2e15Sgtb */ 1324ab9b2e15Sgtb /* SUNW15resync - this used to be in k5mech.c */ 1325ab9b2e15Sgtb gss_mechanism 1326ab9b2e15Sgtb gss_mech_initialize(oid) 1327ab9b2e15Sgtb const gss_OID oid; 1328ab9b2e15Sgtb { 1329ab9b2e15Sgtb /* ensure that the requested oid matches our oid */ 1330ab9b2e15Sgtb if (oid == NULL || !g_OID_equal(oid, &krb5_mechanism.mech_type)) { 1331ab9b2e15Sgtb (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid"); 1332ab9b2e15Sgtb return (NULL); 1333ab9b2e15Sgtb } 1334ab9b2e15Sgtb 1335ab9b2e15Sgtb #if 0 /* SUNW15resync - no longer needed(?) */ 1336ab9b2e15Sgtb if (krb5_gss_get_context(&(krb5_mechanism.context)) != 1337ab9b2e15Sgtb GSS_S_COMPLETE) 1338ab9b2e15Sgtb return (NULL); 1339ab9b2e15Sgtb #endif 1340ab9b2e15Sgtb 1341ab9b2e15Sgtb return (&krb5_mechanism); 1342ab9b2e15Sgtb } 1343ab9b2e15Sgtb 1344*ba7b222eSGlenn Barry /* 1345*ba7b222eSGlenn Barry * This API should go away and be replaced with an accessor 1346*ba7b222eSGlenn Barry * into a gss_name_t. 1347*ba7b222eSGlenn Barry */ 1348*ba7b222eSGlenn Barry OM_uint32 KRB5_CALLCONV 1349*ba7b222eSGlenn Barry gsskrb5_extract_authz_data_from_sec_context( 1350*ba7b222eSGlenn Barry OM_uint32 *minor_status, 1351*ba7b222eSGlenn Barry gss_ctx_id_t context_handle, 1352*ba7b222eSGlenn Barry int ad_type, 1353*ba7b222eSGlenn Barry gss_buffer_t ad_data) 1354*ba7b222eSGlenn Barry { 1355*ba7b222eSGlenn Barry gss_OID_desc req_oid; 1356*ba7b222eSGlenn Barry unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6]; 1357*ba7b222eSGlenn Barry OM_uint32 major_status; 1358*ba7b222eSGlenn Barry gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; 1359*ba7b222eSGlenn Barry 1360*ba7b222eSGlenn Barry if (ad_data == NULL) 1361*ba7b222eSGlenn Barry return GSS_S_CALL_INACCESSIBLE_WRITE; 1362*ba7b222eSGlenn Barry 1363*ba7b222eSGlenn Barry req_oid.elements = oid_buf; 1364*ba7b222eSGlenn Barry req_oid.length = sizeof(oid_buf); 1365*ba7b222eSGlenn Barry 1366*ba7b222eSGlenn Barry major_status = generic_gss_oid_compose(minor_status, 1367*ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID, 1368*ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH, 1369*ba7b222eSGlenn Barry ad_type, 1370*ba7b222eSGlenn Barry &req_oid); 1371*ba7b222eSGlenn Barry if (GSS_ERROR(major_status)) 1372*ba7b222eSGlenn Barry return major_status; 1373*ba7b222eSGlenn Barry 1374*ba7b222eSGlenn Barry major_status = gss_inquire_sec_context_by_oid(minor_status, 1375*ba7b222eSGlenn Barry context_handle, 1376*ba7b222eSGlenn Barry (gss_OID)&req_oid, 1377*ba7b222eSGlenn Barry &data_set); 1378*ba7b222eSGlenn Barry if (major_status != GSS_S_COMPLETE) { 1379*ba7b222eSGlenn Barry return major_status; 1380*ba7b222eSGlenn Barry } 1381*ba7b222eSGlenn Barry 1382*ba7b222eSGlenn Barry 1383*ba7b222eSGlenn Barry /* 1384*ba7b222eSGlenn Barry * SUNW17PACresync / Solaris Kerberos 1385*ba7b222eSGlenn Barry * MIT17 expects just 1 but our testing with Win2008 shows 1386*ba7b222eSGlenn Barry * it returns 2. So we now handle that and rewhack mem mgmt as appro. 1387*ba7b222eSGlenn Barry */ 1388*ba7b222eSGlenn Barry if (data_set == GSS_C_NO_BUFFER_SET || 1389*ba7b222eSGlenn Barry (data_set->count != 1 && data_set->count != 2)) { 1390*ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set); 1391*ba7b222eSGlenn Barry 1392*ba7b222eSGlenn Barry return GSS_S_FAILURE; 1393*ba7b222eSGlenn Barry } 1394*ba7b222eSGlenn Barry 1395*ba7b222eSGlenn Barry ad_data->length = data_set->elements[0].length; 1396*ba7b222eSGlenn Barry ad_data->value = malloc(ad_data->length); 1397*ba7b222eSGlenn Barry if (!ad_data->value) { 1398*ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set); 1399*ba7b222eSGlenn Barry return ENOMEM; 1400*ba7b222eSGlenn Barry } 1401*ba7b222eSGlenn Barry bcopy(data_set->elements[0].value, ad_data->value, ad_data->length); 1402*ba7b222eSGlenn Barry 1403*ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set); 1404*ba7b222eSGlenn Barry 1405*ba7b222eSGlenn Barry return GSS_S_COMPLETE; 1406*ba7b222eSGlenn Barry } 1407*ba7b222eSGlenn Barry 1408*ba7b222eSGlenn Barry 1409*ba7b222eSGlenn Barry OM_uint32 KRB5_CALLCONV 1410*ba7b222eSGlenn Barry gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, 1411*ba7b222eSGlenn Barry gss_ctx_id_t context_handle, 1412*ba7b222eSGlenn Barry krb5_timestamp *authtime) 1413*ba7b222eSGlenn Barry { 1414*ba7b222eSGlenn Barry static const gss_OID_desc req_oid = { 1415*ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, 1416*ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID }; 1417*ba7b222eSGlenn Barry OM_uint32 major_status; 1418*ba7b222eSGlenn Barry gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; 1419*ba7b222eSGlenn Barry 1420*ba7b222eSGlenn Barry if (authtime == NULL) 1421*ba7b222eSGlenn Barry return GSS_S_CALL_INACCESSIBLE_WRITE; 1422*ba7b222eSGlenn Barry 1423*ba7b222eSGlenn Barry major_status = gss_inquire_sec_context_by_oid(minor_status, 1424*ba7b222eSGlenn Barry context_handle, 1425*ba7b222eSGlenn Barry (gss_OID)&req_oid, 1426*ba7b222eSGlenn Barry &data_set); 1427*ba7b222eSGlenn Barry if (major_status != GSS_S_COMPLETE) 1428*ba7b222eSGlenn Barry return major_status; 1429*ba7b222eSGlenn Barry 1430*ba7b222eSGlenn Barry if (data_set == GSS_C_NO_BUFFER_SET || 1431*ba7b222eSGlenn Barry data_set->count != 1 || 1432*ba7b222eSGlenn Barry data_set->elements[0].length != sizeof(*authtime)) { 1433*ba7b222eSGlenn Barry *minor_status = EINVAL; 1434*ba7b222eSGlenn Barry return GSS_S_FAILURE; 1435*ba7b222eSGlenn Barry } 1436*ba7b222eSGlenn Barry 1437*ba7b222eSGlenn Barry *authtime = *((krb5_timestamp *)data_set->elements[0].value); 1438*ba7b222eSGlenn Barry 1439*ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set); 1440*ba7b222eSGlenn Barry 1441*ba7b222eSGlenn Barry *minor_status = 0; 1442*ba7b222eSGlenn Barry 1443*ba7b222eSGlenn Barry return GSS_S_COMPLETE; 1444*ba7b222eSGlenn Barry } 1445