1 /* 2 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * Copyright 1993 by OpenVision Technologies, Inc. 10 * 11 * Permission to use, copy, modify, distribute, and sell this software 12 * and its documentation for any purpose is hereby granted without fee, 13 * provided that the above copyright notice appears in all copies and 14 * that both that copyright notice and this permission notice appear in 15 * supporting documentation, and that the name of OpenVision not be used 16 * in advertising or publicity pertaining to distribution of the software 17 * without specific, written prior permission. OpenVision makes no 18 * representations about the suitability of this software for any 19 * purpose. It is provided "as is" without express or implied warranty. 20 * 21 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 22 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 23 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 24 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 25 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 26 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 27 * PERFORMANCE OF THIS SOFTWARE. 28 */ 29 30 /* 31 * $Id: krb5_gss_glue.c 18268 2006-06-29 19:44:34Z tlyu $ 32 */ 33 34 #include "gssapiP_krb5.h" 35 #include "mglueP.h" 36 #include <syslog.h> 37 38 /** mechglue wrappers **/ 39 40 static OM_uint32 k5glue_acquire_cred 41 (void *, OM_uint32*, /* minor_status */ 42 gss_name_t, /* desired_name */ 43 OM_uint32, /* time_req */ 44 gss_OID_set, /* desired_mechs */ 45 gss_cred_usage_t, /* cred_usage */ 46 gss_cred_id_t*, /* output_cred_handle */ 47 gss_OID_set*, /* actual_mechs */ 48 OM_uint32* /* time_rec */ 49 ); 50 51 static OM_uint32 k5glue_release_cred 52 (void *, OM_uint32*, /* minor_status */ 53 gss_cred_id_t* /* cred_handle */ 54 ); 55 56 static OM_uint32 k5glue_init_sec_context 57 (void *, OM_uint32*, /* minor_status */ 58 gss_cred_id_t, /* claimant_cred_handle */ 59 gss_ctx_id_t*, /* context_handle */ 60 gss_name_t, /* target_name */ 61 gss_OID, /* mech_type */ 62 OM_uint32, /* req_flags */ 63 OM_uint32, /* time_req */ 64 gss_channel_bindings_t, 65 /* input_chan_bindings */ 66 gss_buffer_t, /* input_token */ 67 gss_OID*, /* actual_mech_type */ 68 gss_buffer_t, /* output_token */ 69 OM_uint32*, /* ret_flags */ 70 OM_uint32* /* time_rec */ 71 ); 72 73 static OM_uint32 k5glue_accept_sec_context 74 (void *, OM_uint32*, /* minor_status */ 75 gss_ctx_id_t*, /* context_handle */ 76 gss_cred_id_t, /* verifier_cred_handle */ 77 gss_buffer_t, /* input_token_buffer */ 78 gss_channel_bindings_t, 79 /* input_chan_bindings */ 80 gss_name_t*, /* src_name */ 81 gss_OID*, /* mech_type */ 82 gss_buffer_t, /* output_token */ 83 OM_uint32*, /* ret_flags */ 84 OM_uint32*, /* time_rec */ 85 gss_cred_id_t* /* delegated_cred_handle */ 86 ); 87 88 static OM_uint32 k5glue_process_context_token 89 (void *, OM_uint32*, /* minor_status */ 90 gss_ctx_id_t, /* context_handle */ 91 gss_buffer_t /* token_buffer */ 92 ); 93 94 static OM_uint32 k5glue_delete_sec_context 95 (void *, OM_uint32*, /* minor_status */ 96 gss_ctx_id_t*, /* context_handle */ 97 gss_buffer_t /* output_token */ 98 ); 99 100 static OM_uint32 k5glue_context_time 101 (void *, OM_uint32*, /* minor_status */ 102 gss_ctx_id_t, /* context_handle */ 103 OM_uint32* /* time_rec */ 104 ); 105 106 static OM_uint32 k5glue_sign 107 (void *, OM_uint32*, /* minor_status */ 108 gss_ctx_id_t, /* context_handle */ 109 int, /* qop_req */ 110 gss_buffer_t, /* message_buffer */ 111 gss_buffer_t /* message_token */ 112 ); 113 114 static OM_uint32 k5glue_verify 115 (void *, OM_uint32*, /* minor_status */ 116 gss_ctx_id_t, /* context_handle */ 117 gss_buffer_t, /* message_buffer */ 118 gss_buffer_t, /* token_buffer */ 119 int* /* qop_state */ 120 ); 121 122 /* EXPORT DELETE START */ 123 static OM_uint32 k5glue_seal 124 (void *, OM_uint32*, /* minor_status */ 125 gss_ctx_id_t, /* context_handle */ 126 int, /* conf_req_flag */ 127 int, /* qop_req */ 128 gss_buffer_t, /* input_message_buffer */ 129 int*, /* conf_state */ 130 gss_buffer_t /* output_message_buffer */ 131 ); 132 133 static OM_uint32 k5glue_unseal 134 (void *, OM_uint32*, /* minor_status */ 135 gss_ctx_id_t, /* context_handle */ 136 gss_buffer_t, /* input_message_buffer */ 137 gss_buffer_t, /* output_message_buffer */ 138 int*, /* conf_state */ 139 int* /* qop_state */ 140 ); 141 /* EXPORT DELETE END */ 142 143 static OM_uint32 k5glue_display_status 144 (void *, OM_uint32*, /* minor_status */ 145 OM_uint32, /* status_value */ 146 int, /* status_type */ 147 gss_OID, /* mech_type */ 148 OM_uint32*, /* message_context */ 149 gss_buffer_t /* status_string */ 150 ); 151 152 static OM_uint32 k5glue_indicate_mechs 153 (void *, OM_uint32*, /* minor_status */ 154 gss_OID_set* /* mech_set */ 155 ); 156 157 static OM_uint32 k5glue_compare_name 158 (void *, OM_uint32*, /* minor_status */ 159 gss_name_t, /* name1 */ 160 gss_name_t, /* name2 */ 161 int* /* name_equal */ 162 ); 163 164 static OM_uint32 k5glue_display_name 165 (void *, OM_uint32*, /* minor_status */ 166 gss_name_t, /* input_name */ 167 gss_buffer_t, /* output_name_buffer */ 168 gss_OID* /* output_name_type */ 169 ); 170 171 static OM_uint32 k5glue_import_name 172 (void *, OM_uint32*, /* minor_status */ 173 gss_buffer_t, /* input_name_buffer */ 174 gss_OID, /* input_name_type */ 175 gss_name_t* /* output_name */ 176 ); 177 178 static OM_uint32 k5glue_release_name 179 (void *, OM_uint32*, /* minor_status */ 180 gss_name_t* /* input_name */ 181 ); 182 183 static OM_uint32 k5glue_inquire_cred 184 (void *, OM_uint32 *, /* minor_status */ 185 gss_cred_id_t, /* cred_handle */ 186 gss_name_t *, /* name */ 187 OM_uint32 *, /* lifetime */ 188 gss_cred_usage_t*,/* cred_usage */ 189 gss_OID_set * /* mechanisms */ 190 ); 191 192 static OM_uint32 k5glue_inquire_context 193 (void *, OM_uint32*, /* minor_status */ 194 gss_ctx_id_t, /* context_handle */ 195 gss_name_t*, /* initiator_name */ 196 gss_name_t*, /* acceptor_name */ 197 OM_uint32*, /* lifetime_rec */ 198 gss_OID*, /* mech_type */ 199 OM_uint32*, /* ret_flags */ 200 int*, /* locally_initiated */ 201 int* /* open */ 202 ); 203 204 #if 0 205 /* New V2 entry points */ 206 static OM_uint32 k5glue_get_mic 207 (void *, OM_uint32 *, /* minor_status */ 208 gss_ctx_id_t, /* context_handle */ 209 gss_qop_t, /* qop_req */ 210 gss_buffer_t, /* message_buffer */ 211 gss_buffer_t /* message_token */ 212 ); 213 214 static OM_uint32 k5glue_verify_mic 215 (void *, OM_uint32 *, /* minor_status */ 216 gss_ctx_id_t, /* context_handle */ 217 gss_buffer_t, /* message_buffer */ 218 gss_buffer_t, /* message_token */ 219 gss_qop_t * /* qop_state */ 220 ); 221 222 static OM_uint32 k5glue_wrap 223 (void *, OM_uint32 *, /* minor_status */ 224 gss_ctx_id_t, /* context_handle */ 225 int, /* conf_req_flag */ 226 gss_qop_t, /* qop_req */ 227 gss_buffer_t, /* input_message_buffer */ 228 int *, /* conf_state */ 229 gss_buffer_t /* output_message_buffer */ 230 ); 231 232 static OM_uint32 k5glue_unwrap 233 (void *, OM_uint32 *, /* minor_status */ 234 gss_ctx_id_t, /* context_handle */ 235 gss_buffer_t, /* input_message_buffer */ 236 gss_buffer_t, /* output_message_buffer */ 237 int *, /* conf_state */ 238 gss_qop_t * /* qop_state */ 239 ); 240 #endif 241 242 static OM_uint32 k5glue_wrap_size_limit 243 (void *, OM_uint32 *, /* minor_status */ 244 gss_ctx_id_t, /* context_handle */ 245 int, /* conf_req_flag */ 246 gss_qop_t, /* qop_req */ 247 OM_uint32, /* req_output_size */ 248 OM_uint32 * /* max_input_size */ 249 ); 250 251 #if 0 252 static OM_uint32 k5glue_import_name_object 253 (void *, OM_uint32 *, /* minor_status */ 254 void *, /* input_name */ 255 gss_OID, /* input_name_type */ 256 gss_name_t * /* output_name */ 257 ); 258 259 static OM_uint32 k5glue_export_name_object 260 (void *, OM_uint32 *, /* minor_status */ 261 gss_name_t, /* input_name */ 262 gss_OID, /* desired_name_type */ 263 void * * /* output_name */ 264 ); 265 #endif 266 267 static OM_uint32 k5glue_add_cred 268 (void *, OM_uint32 *, /* minor_status */ 269 gss_cred_id_t, /* input_cred_handle */ 270 gss_name_t, /* desired_name */ 271 gss_OID, /* desired_mech */ 272 gss_cred_usage_t, /* cred_usage */ 273 OM_uint32, /* initiator_time_req */ 274 OM_uint32, /* acceptor_time_req */ 275 gss_cred_id_t *, /* output_cred_handle */ 276 gss_OID_set *, /* actual_mechs */ 277 OM_uint32 *, /* initiator_time_rec */ 278 OM_uint32 * /* acceptor_time_rec */ 279 ); 280 281 static OM_uint32 k5glue_inquire_cred_by_mech 282 (void *, OM_uint32 *, /* minor_status */ 283 gss_cred_id_t, /* cred_handle */ 284 gss_OID, /* mech_type */ 285 gss_name_t *, /* name */ 286 OM_uint32 *, /* initiator_lifetime */ 287 OM_uint32 *, /* acceptor_lifetime */ 288 gss_cred_usage_t * /* cred_usage */ 289 ); 290 291 static OM_uint32 k5glue_export_sec_context 292 (void *, OM_uint32 *, /* minor_status */ 293 gss_ctx_id_t *, /* context_handle */ 294 gss_buffer_t /* interprocess_token */ 295 ); 296 297 static OM_uint32 k5glue_import_sec_context 298 (void *, OM_uint32 *, /* minor_status */ 299 gss_buffer_t, /* interprocess_token */ 300 gss_ctx_id_t * /* context_handle */ 301 ); 302 303 krb5_error_code k5glue_ser_init(krb5_context); 304 305 static OM_uint32 k5glue_internal_release_oid 306 (void *, OM_uint32 *, /* minor_status */ 307 gss_OID * /* oid */ 308 ); 309 310 static OM_uint32 k5glue_inquire_names_for_mech 311 (void *, OM_uint32 *, /* minor_status */ 312 gss_OID, /* mechanism */ 313 gss_OID_set * /* name_types */ 314 ); 315 316 #if 0 317 static OM_uint32 k5glue_canonicalize_name 318 (void *, OM_uint32 *, /* minor_status */ 319 const gss_name_t, /* input_name */ 320 const gss_OID, /* mech_type */ 321 gss_name_t * /* output_name */ 322 ); 323 #endif 324 325 static OM_uint32 k5glue_export_name 326 (void *, OM_uint32 *, /* minor_status */ 327 const gss_name_t, /* input_name */ 328 gss_buffer_t /* exported_name */ 329 ); 330 331 /* SUNW15resync - Solaris specific */ 332 static OM_uint32 k5glue_store_cred ( 333 void *, 334 OM_uint32 *, /* minor_status */ 335 const gss_cred_id_t, /* input_cred */ 336 gss_cred_usage_t, /* cred_usage */ 337 const gss_OID, /* desired_mech */ 338 OM_uint32, /* overwrite_cred */ 339 OM_uint32, /* default_cred */ 340 gss_OID_set *, /* elements_stored */ 341 gss_cred_usage_t * /* cred_usage_stored */ 342 ); 343 344 static OM_uint32 345 k5glue_userok( 346 void *, /* context */ 347 OM_uint32 *, /* minor_status */ 348 const gss_name_t, /* pname */ 349 const char *, /* local user */ 350 int * /* user ok? */ 351 /* */); 352 353 static OM_uint32 354 k5glue_pname_to_uid( 355 void *, /* context */ 356 OM_uint32 *, /* minor_status */ 357 const gss_name_t, /* pname */ 358 uid_t * /* uid */ 359 /* */); 360 361 362 363 364 #if 0 365 static OM_uint32 k5glue_duplicate_name 366 (void *, OM_uint32 *, /* minor_status */ 367 const gss_name_t, /* input_name */ 368 gss_name_t * /* dest_name */ 369 ); 370 #endif 371 372 #if 0 373 static OM_uint32 k5glue_validate_cred 374 (void *, OM_uint32 *, /* minor_status */ 375 gss_cred_id_t /* cred */ 376 ); 377 #endif 378 379 #if 0 380 /* 381 * SUNW15resync 382 * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src 383 * slicing&dicing needs of the "nightly -SD" build. When it goes away, 384 * we should use it assuming MIT still uses it then. 385 */ 386 387 /* 388 * The krb5 mechanism provides two mech OIDs; use this initializer to 389 * ensure that both dispatch tables contain identical function 390 * pointers. 391 */ 392 #define KRB5_GSS_CONFIG_INIT \ 393 NULL, \ 394 ... 395 #endif 396 397 398 static struct gss_config krb5_mechanism = { 399 #if 0 /* Solaris Kerberos */ 400 100, "kerberos_v5", 401 #endif 402 { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, 403 NULL, 404 k5glue_acquire_cred, 405 k5glue_release_cred, 406 k5glue_init_sec_context, 407 k5glue_accept_sec_context, 408 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 409 k5glue_unseal, 410 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 411 k5glue_process_context_token, 412 k5glue_delete_sec_context, 413 k5glue_context_time, 414 k5glue_display_status, 415 k5glue_indicate_mechs, 416 k5glue_compare_name, 417 k5glue_display_name, 418 k5glue_import_name, 419 k5glue_release_name, 420 k5glue_inquire_cred, 421 k5glue_add_cred, 422 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 423 k5glue_seal, 424 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 425 k5glue_export_sec_context, 426 k5glue_import_sec_context, 427 k5glue_inquire_cred_by_mech, 428 k5glue_inquire_names_for_mech, 429 k5glue_inquire_context, 430 k5glue_internal_release_oid, 431 k5glue_wrap_size_limit, 432 k5glue_pname_to_uid, 433 k5glue_userok, 434 k5glue_export_name, 435 /* EXPORT DELETE START */ 436 /* CRYPT DELETE START */ 437 #if 0 438 /* CRYPT DELETE END */ 439 k5glue_seal, 440 k5glue_unseal, 441 /* CRYPT DELETE START */ 442 #endif 443 /* CRYPT DELETE END */ 444 /* EXPORT DELETE END */ 445 k5glue_sign, 446 k5glue_verify, 447 k5glue_store_cred 448 }; 449 450 static struct gss_config krb5_mechanism_old = { 451 #if 0 /* Solaris Kerberos */ 452 200, "kerberos_v5 (pre-RFC OID)", 453 #endif 454 { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID }, 455 NULL, 456 k5glue_acquire_cred, 457 k5glue_release_cred, 458 k5glue_init_sec_context, 459 k5glue_accept_sec_context, 460 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 461 k5glue_unseal, 462 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 463 k5glue_process_context_token, 464 k5glue_delete_sec_context, 465 k5glue_context_time, 466 k5glue_display_status, 467 k5glue_indicate_mechs, 468 k5glue_compare_name, 469 k5glue_display_name, 470 k5glue_import_name, 471 k5glue_release_name, 472 k5glue_inquire_cred, 473 k5glue_add_cred, 474 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 475 k5glue_seal, 476 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 477 k5glue_export_sec_context, 478 k5glue_import_sec_context, 479 k5glue_inquire_cred_by_mech, 480 k5glue_inquire_names_for_mech, 481 k5glue_inquire_context, 482 k5glue_internal_release_oid, 483 k5glue_wrap_size_limit, 484 k5glue_pname_to_uid, 485 k5glue_userok, 486 k5glue_export_name, 487 /* EXPORT DELETE START */ 488 /* CRYPT DELETE START */ 489 #if 0 490 /* CRYPT DELETE END */ 491 k5glue_seal, 492 k5glue_unseal, 493 /* CRYPT DELETE START */ 494 #endif 495 /* CRYPT DELETE END */ 496 /* EXPORT DELETE END */ 497 k5glue_sign, 498 k5glue_verify, 499 k5glue_store_cred 500 }; 501 502 static struct gss_config krb5_mechanism_wrong = { 503 #if 0 /* Solaris Kerberos */ 504 300, "kerberos_v5 (wrong OID)", 505 #endif 506 { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID }, 507 NULL, 508 k5glue_acquire_cred, 509 k5glue_release_cred, 510 k5glue_init_sec_context, 511 k5glue_accept_sec_context, 512 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 513 k5glue_unseal, 514 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 515 k5glue_process_context_token, 516 k5glue_delete_sec_context, 517 k5glue_context_time, 518 k5glue_display_status, 519 k5glue_indicate_mechs, 520 k5glue_compare_name, 521 k5glue_display_name, 522 k5glue_import_name, 523 k5glue_release_name, 524 k5glue_inquire_cred, 525 k5glue_add_cred, 526 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 527 k5glue_seal, 528 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 529 k5glue_export_sec_context, 530 k5glue_import_sec_context, 531 k5glue_inquire_cred_by_mech, 532 k5glue_inquire_names_for_mech, 533 k5glue_inquire_context, 534 k5glue_internal_release_oid, 535 k5glue_wrap_size_limit, 536 k5glue_pname_to_uid, 537 k5glue_userok, 538 k5glue_export_name, 539 /* EXPORT DELETE START */ 540 /* CRYPT DELETE START */ 541 #if 0 542 /* CRYPT DELETE END */ 543 k5glue_seal, 544 k5glue_unseal, 545 /* CRYPT DELETE START */ 546 #endif 547 /* CRYPT DELETE END */ 548 /* EXPORT DELETE END */ 549 k5glue_sign, 550 k5glue_verify, 551 k5glue_store_cred 552 }; 553 554 static gss_mechanism krb5_mech_configs[] = { 555 &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL 556 }; 557 558 #ifdef MS_BUG_TEST 559 static gss_mechanism krb5_mech_configs_hack[] = { 560 &krb5_mechanism, &krb5_mechanism_old, NULL 561 }; 562 #endif 563 564 #if 1 565 #define gssint_get_mech_configs krb5_gss_get_mech_configs 566 #endif 567 568 gss_mechanism * 569 gssint_get_mech_configs(void) 570 { 571 #ifdef MS_BUG_TEST 572 char *envstr = getenv("MS_FORCE_NO_MSOID"); 573 574 if (envstr != NULL && strcmp(envstr, "1") == 0) { 575 return krb5_mech_configs_hack; 576 } 577 #endif 578 return krb5_mech_configs; 579 } 580 581 static OM_uint32 582 k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle, 583 input_token, input_chan_bindings, src_name, mech_type, 584 output_token, ret_flags, time_rec, delegated_cred_handle) 585 void *ctx; 586 OM_uint32 *minor_status; 587 gss_ctx_id_t *context_handle; 588 gss_cred_id_t verifier_cred_handle; 589 gss_buffer_t input_token; 590 gss_channel_bindings_t input_chan_bindings; 591 gss_name_t *src_name; 592 gss_OID *mech_type; 593 gss_buffer_t output_token; 594 OM_uint32 *ret_flags; 595 OM_uint32 *time_rec; 596 gss_cred_id_t *delegated_cred_handle; 597 { 598 return(krb5_gss_accept_sec_context(minor_status, 599 context_handle, 600 verifier_cred_handle, 601 input_token, 602 input_chan_bindings, 603 src_name, 604 mech_type, 605 output_token, 606 ret_flags, 607 time_rec, 608 delegated_cred_handle)); 609 } 610 611 static OM_uint32 612 k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs, 613 cred_usage, output_cred_handle, actual_mechs, time_rec) 614 void *ctx; 615 OM_uint32 *minor_status; 616 gss_name_t desired_name; 617 OM_uint32 time_req; 618 gss_OID_set desired_mechs; 619 gss_cred_usage_t cred_usage; 620 gss_cred_id_t *output_cred_handle; 621 gss_OID_set *actual_mechs; 622 OM_uint32 *time_rec; 623 { 624 return(krb5_gss_acquire_cred(minor_status, 625 desired_name, 626 time_req, 627 desired_mechs, 628 cred_usage, 629 output_cred_handle, 630 actual_mechs, 631 time_rec)); 632 } 633 634 /* V2 */ 635 static OM_uint32 636 k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech, 637 cred_usage, initiator_time_req, acceptor_time_req, 638 output_cred_handle, actual_mechs, initiator_time_rec, 639 acceptor_time_rec) 640 void *ctx; 641 OM_uint32 *minor_status; 642 gss_cred_id_t input_cred_handle; 643 gss_name_t desired_name; 644 gss_OID desired_mech; 645 gss_cred_usage_t cred_usage; 646 OM_uint32 initiator_time_req; 647 OM_uint32 acceptor_time_req; 648 gss_cred_id_t *output_cred_handle; 649 gss_OID_set *actual_mechs; 650 OM_uint32 *initiator_time_rec; 651 OM_uint32 *acceptor_time_rec; 652 { 653 return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name, 654 desired_mech, cred_usage, initiator_time_req, 655 acceptor_time_req, output_cred_handle, 656 actual_mechs, initiator_time_rec, 657 acceptor_time_rec)); 658 } 659 660 #if 0 661 /* V2 */ 662 static OM_uint32 663 k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set) 664 void *ctx; 665 OM_uint32 *minor_status; 666 gss_OID member_oid; 667 gss_OID_set *oid_set; 668 { 669 return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set)); 670 } 671 #endif 672 673 static OM_uint32 674 k5glue_compare_name(ctx, minor_status, name1, name2, name_equal) 675 void *ctx; 676 OM_uint32 *minor_status; 677 gss_name_t name1; 678 gss_name_t name2; 679 int *name_equal; 680 { 681 return(krb5_gss_compare_name(minor_status, name1, 682 name2, name_equal)); 683 } 684 685 static OM_uint32 686 k5glue_context_time(ctx, minor_status, context_handle, time_rec) 687 void *ctx; 688 OM_uint32 *minor_status; 689 gss_ctx_id_t context_handle; 690 OM_uint32 *time_rec; 691 { 692 return(krb5_gss_context_time(minor_status, context_handle, 693 time_rec)); 694 } 695 696 #if 0 697 /* V2 */ 698 static OM_uint32 699 k5glue_create_empty_oid_set(ctx, minor_status, oid_set) 700 void *ctx; 701 OM_uint32 *minor_status; 702 gss_OID_set *oid_set; 703 { 704 return(generic_gss_create_empty_oid_set(minor_status, oid_set)); 705 } 706 #endif 707 708 static OM_uint32 709 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token) 710 void *ctx; 711 OM_uint32 *minor_status; 712 gss_ctx_id_t *context_handle; 713 gss_buffer_t output_token; 714 { 715 return(krb5_gss_delete_sec_context(minor_status, 716 context_handle, output_token)); 717 } 718 719 static OM_uint32 720 k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type) 721 void *ctx; 722 OM_uint32 *minor_status; 723 gss_name_t input_name; 724 gss_buffer_t output_name_buffer; 725 gss_OID *output_name_type; 726 { 727 return(krb5_gss_display_name(minor_status, input_name, 728 output_name_buffer, output_name_type)); 729 } 730 731 static OM_uint32 732 k5glue_display_status(ctx, minor_status, status_value, status_type, 733 mech_type, message_context, status_string) 734 void *ctx; 735 OM_uint32 *minor_status; 736 OM_uint32 status_value; 737 int status_type; 738 gss_OID mech_type; 739 OM_uint32 *message_context; 740 gss_buffer_t status_string; 741 { 742 return(krb5_gss_display_status(minor_status, status_value, 743 status_type, mech_type, message_context, 744 status_string)); 745 } 746 747 /* V2 */ 748 static OM_uint32 749 k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token) 750 void *ctx; 751 OM_uint32 *minor_status; 752 gss_ctx_id_t *context_handle; 753 gss_buffer_t interprocess_token; 754 { 755 return(krb5_gss_export_sec_context(minor_status, 756 context_handle, 757 interprocess_token)); 758 } 759 760 #if 0 761 /* V2 */ 762 static OM_uint32 763 k5glue_get_mic(ctx, minor_status, context_handle, qop_req, 764 message_buffer, message_token) 765 void *ctx; 766 OM_uint32 *minor_status; 767 gss_ctx_id_t context_handle; 768 gss_qop_t qop_req; 769 gss_buffer_t message_buffer; 770 gss_buffer_t message_token; 771 { 772 return(krb5_gss_get_mic(minor_status, context_handle, 773 qop_req, message_buffer, message_token)); 774 } 775 #endif 776 777 static OM_uint32 778 k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name) 779 void *ctx; 780 OM_uint32 *minor_status; 781 gss_buffer_t input_name_buffer; 782 gss_OID input_name_type; 783 gss_name_t *output_name; 784 { 785 #if 0 786 OM_uint32 err; 787 err = gssint_initialize_library(); 788 if (err) { 789 *minor_status = err; 790 return GSS_S_FAILURE; 791 } 792 #endif 793 return(krb5_gss_import_name(minor_status, input_name_buffer, 794 input_name_type, output_name)); 795 } 796 797 /* V2 */ 798 static OM_uint32 799 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) 800 void *ctx; 801 OM_uint32 *minor_status; 802 gss_buffer_t interprocess_token; 803 gss_ctx_id_t *context_handle; 804 { 805 return(krb5_gss_import_sec_context(minor_status, 806 interprocess_token, 807 context_handle)); 808 } 809 810 static OM_uint32 811 k5glue_indicate_mechs(ctx, minor_status, mech_set) 812 void *ctx; 813 OM_uint32 *minor_status; 814 gss_OID_set *mech_set; 815 { 816 return(krb5_gss_indicate_mechs(minor_status, mech_set)); 817 } 818 819 static OM_uint32 820 k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle, 821 target_name, mech_type, req_flags, time_req, 822 input_chan_bindings, input_token, actual_mech_type, 823 output_token, ret_flags, time_rec) 824 void *ctx; 825 OM_uint32 *minor_status; 826 gss_cred_id_t claimant_cred_handle; 827 gss_ctx_id_t *context_handle; 828 gss_name_t target_name; 829 gss_OID mech_type; 830 OM_uint32 req_flags; 831 OM_uint32 time_req; 832 gss_channel_bindings_t input_chan_bindings; 833 gss_buffer_t input_token; 834 gss_OID *actual_mech_type; 835 gss_buffer_t output_token; 836 OM_uint32 *ret_flags; 837 OM_uint32 *time_rec; 838 { 839 return(krb5_gss_init_sec_context(minor_status, 840 claimant_cred_handle, context_handle, 841 target_name, mech_type, req_flags, 842 time_req, input_chan_bindings, input_token, 843 actual_mech_type, output_token, ret_flags, 844 time_rec)); 845 } 846 847 static OM_uint32 848 k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name, 849 lifetime_rec, mech_type, ret_flags, 850 locally_initiated, open) 851 void *ctx; 852 OM_uint32 *minor_status; 853 gss_ctx_id_t context_handle; 854 gss_name_t *initiator_name; 855 gss_name_t *acceptor_name; 856 OM_uint32 *lifetime_rec; 857 gss_OID *mech_type; 858 OM_uint32 *ret_flags; 859 int *locally_initiated; 860 int *open; 861 { 862 return(krb5_gss_inquire_context(minor_status, context_handle, 863 initiator_name, acceptor_name, lifetime_rec, 864 mech_type, ret_flags, locally_initiated, 865 open)); 866 } 867 868 static OM_uint32 869 k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret, 870 cred_usage, mechanisms) 871 void *ctx; 872 OM_uint32 *minor_status; 873 gss_cred_id_t cred_handle; 874 gss_name_t *name; 875 OM_uint32 *lifetime_ret; 876 gss_cred_usage_t *cred_usage; 877 gss_OID_set *mechanisms; 878 { 879 return(krb5_gss_inquire_cred(minor_status, cred_handle, 880 name, lifetime_ret, cred_usage, mechanisms)); 881 } 882 883 /* V2 */ 884 static OM_uint32 885 k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name, 886 initiator_lifetime, acceptor_lifetime, cred_usage) 887 void *ctx; 888 OM_uint32 *minor_status; 889 gss_cred_id_t cred_handle; 890 gss_OID mech_type; 891 gss_name_t *name; 892 OM_uint32 *initiator_lifetime; 893 OM_uint32 *acceptor_lifetime; 894 gss_cred_usage_t *cred_usage; 895 { 896 return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle, 897 mech_type, name, initiator_lifetime, 898 acceptor_lifetime, cred_usage)); 899 } 900 901 /* V2 */ 902 static OM_uint32 903 k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types) 904 void *ctx; 905 OM_uint32 *minor_status; 906 gss_OID mechanism; 907 gss_OID_set *name_types; 908 { 909 return(krb5_gss_inquire_names_for_mech(minor_status, 910 mechanism, 911 name_types)); 912 } 913 914 #if 0 915 /* V2 */ 916 static OM_uint32 917 k5glue_oid_to_str(ctx, minor_status, oid, oid_str) 918 void *ctx; 919 OM_uint32 *minor_status; 920 gss_OID oid; 921 gss_buffer_t oid_str; 922 { 923 return(generic_gss_oid_to_str(minor_status, oid, oid_str)); 924 } 925 #endif 926 927 static OM_uint32 928 k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer) 929 void *ctx; 930 OM_uint32 *minor_status; 931 gss_ctx_id_t context_handle; 932 gss_buffer_t token_buffer; 933 { 934 return(krb5_gss_process_context_token(minor_status, 935 context_handle, token_buffer)); 936 } 937 938 static OM_uint32 939 k5glue_release_cred(ctx, minor_status, cred_handle) 940 void *ctx; 941 OM_uint32 *minor_status; 942 gss_cred_id_t *cred_handle; 943 { 944 return(krb5_gss_release_cred(minor_status, cred_handle)); 945 } 946 947 static OM_uint32 948 k5glue_release_name(ctx, minor_status, input_name) 949 void *ctx; 950 OM_uint32 *minor_status; 951 gss_name_t *input_name; 952 { 953 return(krb5_gss_release_name(minor_status, input_name)); 954 } 955 956 #if 0 957 static OM_uint32 958 k5glue_release_buffer(ctx, minor_status, buffer) 959 void *ctx; 960 OM_uint32 *minor_status; 961 gss_buffer_t buffer; 962 { 963 return(generic_gss_release_buffer(minor_status, 964 buffer)); 965 } 966 #endif 967 968 /* V2 */ 969 static OM_uint32 970 k5glue_internal_release_oid(ctx, minor_status, oid) 971 void *ctx; 972 OM_uint32 *minor_status; 973 gss_OID *oid; 974 { 975 return(krb5_gss_internal_release_oid(minor_status, oid)); 976 } 977 978 #if 0 979 static OM_uint32 980 k5glue_release_oid_set(ctx, minor_status, set) 981 void *ctx; 982 OM_uint32 * minor_status; 983 gss_OID_set *set; 984 { 985 return(generic_gss_release_oid_set(minor_status, set)); 986 } 987 #endif 988 989 /* EXPORT DELETE START */ 990 /* V1 only */ 991 static OM_uint32 992 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req, 993 input_message_buffer, conf_state, output_message_buffer) 994 void *ctx; 995 OM_uint32 *minor_status; 996 gss_ctx_id_t context_handle; 997 int conf_req_flag; 998 int qop_req; 999 gss_buffer_t input_message_buffer; 1000 int *conf_state; 1001 gss_buffer_t output_message_buffer; 1002 { 1003 return(krb5_gss_seal(minor_status, context_handle, 1004 conf_req_flag, qop_req, input_message_buffer, 1005 conf_state, output_message_buffer)); 1006 } 1007 /* EXPORT DELETE END */ 1008 1009 static OM_uint32 1010 k5glue_sign(ctx, minor_status, context_handle, 1011 qop_req, message_buffer, 1012 message_token) 1013 void *ctx; 1014 OM_uint32 *minor_status; 1015 gss_ctx_id_t context_handle; 1016 int qop_req; 1017 gss_buffer_t message_buffer; 1018 gss_buffer_t message_token; 1019 { 1020 return(krb5_gss_sign(minor_status, context_handle, 1021 qop_req, message_buffer, message_token)); 1022 } 1023 1024 #if 0 1025 /* V2 */ 1026 static OM_uint32 1027 k5glue_verify_mic(ctx, minor_status, context_handle, 1028 message_buffer, token_buffer, qop_state) 1029 void *ctx; 1030 OM_uint32 *minor_status; 1031 gss_ctx_id_t context_handle; 1032 gss_buffer_t message_buffer; 1033 gss_buffer_t token_buffer; 1034 gss_qop_t *qop_state; 1035 { 1036 return(krb5_gss_verify_mic(minor_status, context_handle, 1037 message_buffer, token_buffer, qop_state)); 1038 } 1039 1040 /* V2 */ 1041 static OM_uint32 1042 k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req, 1043 input_message_buffer, conf_state, output_message_buffer) 1044 void *ctx; 1045 OM_uint32 *minor_status; 1046 gss_ctx_id_t context_handle; 1047 int conf_req_flag; 1048 gss_qop_t qop_req; 1049 gss_buffer_t input_message_buffer; 1050 int *conf_state; 1051 gss_buffer_t output_message_buffer; 1052 { 1053 return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req, 1054 input_message_buffer, conf_state, 1055 output_message_buffer)); 1056 } 1057 1058 /* V2 */ 1059 static OM_uint32 1060 k5glue_str_to_oid(ctx, minor_status, oid_str, oid) 1061 void *ctx; 1062 OM_uint32 *minor_status; 1063 gss_buffer_t oid_str; 1064 gss_OID *oid; 1065 { 1066 return(generic_gss_str_to_oid(minor_status, oid_str, oid)); 1067 } 1068 1069 /* V2 */ 1070 static OM_uint32 1071 k5glue_test_oid_set_member(ctx, minor_status, member, set, present) 1072 void *ctx; 1073 OM_uint32 *minor_status; 1074 gss_OID member; 1075 gss_OID_set set; 1076 int *present; 1077 { 1078 return(generic_gss_test_oid_set_member(minor_status, member, set, 1079 present)); 1080 } 1081 #endif 1082 1083 /* EXPORT DELETE START */ 1084 /* V1 only */ 1085 static OM_uint32 1086 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer, 1087 output_message_buffer, conf_state, qop_state) 1088 void *ctx; 1089 OM_uint32 *minor_status; 1090 gss_ctx_id_t context_handle; 1091 gss_buffer_t input_message_buffer; 1092 gss_buffer_t output_message_buffer; 1093 int *conf_state; 1094 int *qop_state; 1095 { 1096 return(krb5_gss_unseal(minor_status, context_handle, 1097 input_message_buffer, output_message_buffer, 1098 conf_state, qop_state)); 1099 } 1100 /* EXPORT DELETE END */ 1101 1102 #if 0 1103 /* V2 */ 1104 static OM_uint32 1105 k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer, 1106 output_message_buffer, conf_state, qop_state) 1107 void *ctx; 1108 OM_uint32 *minor_status; 1109 gss_ctx_id_t context_handle; 1110 gss_buffer_t input_message_buffer; 1111 gss_buffer_t output_message_buffer; 1112 int *conf_state; 1113 gss_qop_t *qop_state; 1114 { 1115 return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer, 1116 output_message_buffer, conf_state, qop_state)); 1117 } 1118 #endif 1119 1120 /* V1 only */ 1121 static OM_uint32 1122 k5glue_verify(ctx, minor_status, context_handle, message_buffer, 1123 token_buffer, qop_state) 1124 void *ctx; 1125 OM_uint32 *minor_status; 1126 gss_ctx_id_t context_handle; 1127 gss_buffer_t message_buffer; 1128 gss_buffer_t token_buffer; 1129 int *qop_state; 1130 { 1131 return(krb5_gss_verify(minor_status, 1132 context_handle, 1133 message_buffer, 1134 token_buffer, 1135 qop_state)); 1136 } 1137 1138 /* V2 interface */ 1139 static OM_uint32 1140 k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag, 1141 qop_req, req_output_size, max_input_size) 1142 void *ctx; 1143 OM_uint32 *minor_status; 1144 gss_ctx_id_t context_handle; 1145 int conf_req_flag; 1146 gss_qop_t qop_req; 1147 OM_uint32 req_output_size; 1148 OM_uint32 *max_input_size; 1149 { 1150 return(krb5_gss_wrap_size_limit(minor_status, context_handle, 1151 conf_req_flag, qop_req, 1152 req_output_size, max_input_size)); 1153 } 1154 1155 #if 0 1156 /* V2 interface */ 1157 static OM_uint32 1158 k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name) 1159 void *ctx; 1160 OM_uint32 *minor_status; 1161 const gss_name_t input_name; 1162 const gss_OID mech_type; 1163 gss_name_t *output_name; 1164 { 1165 return krb5_gss_canonicalize_name(minor_status, input_name, 1166 mech_type, output_name); 1167 } 1168 #endif 1169 1170 /* V2 interface */ 1171 static OM_uint32 1172 k5glue_export_name(ctx, minor_status, input_name, exported_name) 1173 void *ctx; 1174 OM_uint32 *minor_status; 1175 const gss_name_t input_name; 1176 gss_buffer_t exported_name; 1177 { 1178 return krb5_gss_export_name(minor_status, input_name, exported_name); 1179 } 1180 1181 /* SUNW15resync - this is not in the MIT mech (lib) yet */ 1182 static OM_uint32 1183 k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech, 1184 overwrite_cred, default_cred, elements_stored, 1185 cred_usage_stored) 1186 void *ctx; 1187 OM_uint32 *minor_status; 1188 const gss_cred_id_t input_cred; 1189 gss_cred_usage_t cred_usage; 1190 gss_OID desired_mech; 1191 OM_uint32 overwrite_cred; 1192 OM_uint32 default_cred; 1193 gss_OID_set *elements_stored; 1194 gss_cred_usage_t *cred_usage_stored; 1195 { 1196 return(krb5_gss_store_cred(minor_status, input_cred, 1197 cred_usage, desired_mech, 1198 overwrite_cred, default_cred, elements_stored, 1199 cred_usage_stored)); 1200 } 1201 1202 static OM_uint32 1203 k5glue_userok( 1204 void *ctxt, /* context */ 1205 OM_uint32 *minor, /* minor_status */ 1206 const gss_name_t pname, /* pname */ 1207 const char *user, /* local user */ 1208 int *user_ok /* user ok? */ 1209 /* */) 1210 { 1211 return(krb5_gss_userok(minor, pname, user, user_ok)); 1212 } 1213 1214 static OM_uint32 1215 k5glue_pname_to_uid( 1216 void *ctxt, /* context */ 1217 OM_uint32 *minor, /* minor_status */ 1218 const gss_name_t pname, /* pname */ 1219 uid_t *uidOut /* uid */ 1220 /* */) 1221 { 1222 return (krb5_pname_to_uid(minor, pname, uidOut)); 1223 } 1224 1225 1226 1227 #if 0 1228 /* V2 interface */ 1229 static OM_uint32 1230 k5glue_duplicate_name(ctx, minor_status, input_name, dest_name) 1231 void *ctx; 1232 OM_uint32 *minor_status; 1233 const gss_name_t input_name; 1234 gss_name_t *dest_name; 1235 { 1236 return krb5_gss_duplicate_name(minor_status, input_name, dest_name); 1237 } 1238 #endif 1239 1240 OM_uint32 KRB5_CALLCONV 1241 gss_krb5_get_tkt_flags( 1242 OM_uint32 *minor_status, 1243 gss_ctx_id_t context_handle, 1244 krb5_flags *ticket_flags) 1245 { 1246 gss_union_ctx_id_t uctx; 1247 1248 uctx = (gss_union_ctx_id_t)context_handle; 1249 if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) && 1250 !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type)) 1251 return GSS_S_BAD_MECH; 1252 return gss_krb5int_get_tkt_flags(minor_status, uctx->internal_ctx_id, 1253 ticket_flags); 1254 } 1255 1256 OM_uint32 KRB5_CALLCONV 1257 gss_krb5_copy_ccache( 1258 OM_uint32 *minor_status, 1259 gss_cred_id_t cred_handle, 1260 krb5_ccache out_ccache) 1261 { 1262 gss_union_cred_t ucred; 1263 gss_cred_id_t mcred; 1264 1265 ucred = (gss_union_cred_t)cred_handle; 1266 1267 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); 1268 if (mcred != GSS_C_NO_CREDENTIAL) 1269 return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); 1270 1271 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); 1272 if (mcred != GSS_C_NO_CREDENTIAL) 1273 return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); 1274 1275 return GSS_S_DEFECTIVE_CREDENTIAL; 1276 } 1277 1278 /* XXX need to delete mechglue ctx too */ 1279 OM_uint32 KRB5_CALLCONV 1280 gss_krb5_export_lucid_sec_context( 1281 OM_uint32 *minor_status, 1282 gss_ctx_id_t *context_handle, 1283 OM_uint32 version, 1284 void **kctx) 1285 { 1286 gss_union_ctx_id_t uctx; 1287 1288 uctx = (gss_union_ctx_id_t)*context_handle; 1289 if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) && 1290 !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type)) 1291 return GSS_S_BAD_MECH; 1292 return gss_krb5int_export_lucid_sec_context(minor_status, 1293 &uctx->internal_ctx_id, 1294 version, kctx); 1295 } 1296 1297 OM_uint32 KRB5_CALLCONV 1298 gss_krb5_set_allowable_enctypes( 1299 OM_uint32 *minor_status, 1300 gss_cred_id_t cred, 1301 OM_uint32 num_ktypes, 1302 krb5_enctype *ktypes) 1303 { 1304 gss_union_cred_t ucred; 1305 gss_cred_id_t mcred; 1306 1307 ucred = (gss_union_cred_t)cred; 1308 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); 1309 if (mcred != GSS_C_NO_CREDENTIAL) 1310 return gss_krb5int_set_allowable_enctypes(minor_status, mcred, 1311 num_ktypes, ktypes); 1312 1313 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); 1314 if (mcred != GSS_C_NO_CREDENTIAL) 1315 return gss_krb5int_set_allowable_enctypes(minor_status, mcred, 1316 num_ktypes, ktypes); 1317 1318 return GSS_S_DEFECTIVE_CREDENTIAL; 1319 } 1320 1321 /* 1322 * Glue routine for returning the mechanism-specific credential from a 1323 * external union credential. 1324 */ 1325 /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't 1326 want to link against libgss so we put it here since we need it in the mech */ 1327 gss_cred_id_t 1328 gssint_get_mechanism_cred(union_cred, mech_type) 1329 gss_union_cred_t union_cred; 1330 gss_OID mech_type; 1331 { 1332 int i; 1333 1334 if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL) 1335 return GSS_C_NO_CREDENTIAL; 1336 1337 for (i=0; i < union_cred->count; i++) { 1338 if (g_OID_equal(mech_type, &union_cred->mechs_array[i])) 1339 return union_cred->cred_array[i]; 1340 } 1341 return GSS_C_NO_CREDENTIAL; 1342 } 1343 1344 1345 1346 /* 1347 * entry point for the gss layer, 1348 * called "krb5_gss_initialize()" in MIT 1.2.1 1349 */ 1350 /* SUNW15resync - this used to be in k5mech.c */ 1351 gss_mechanism 1352 gss_mech_initialize(oid) 1353 const gss_OID oid; 1354 { 1355 /* ensure that the requested oid matches our oid */ 1356 if (oid == NULL || !g_OID_equal(oid, &krb5_mechanism.mech_type)) { 1357 (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid"); 1358 return (NULL); 1359 } 1360 1361 #if 0 /* SUNW15resync - no longer needed(?) */ 1362 if (krb5_gss_get_context(&(krb5_mechanism.context)) != 1363 GSS_S_COMPLETE) 1364 return (NULL); 1365 #endif 1366 1367 return (&krb5_mechanism); 1368 } 1369 1370