17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
543d5cd3dSjohnlev  * Common Development and Distribution License (the "License").
643d5cd3dSjohnlev  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate /*
22ba7b222eSGlenn Barry  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
237c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
24b97d6ca7SMilan Jurik  * Copyright 2012 Milan Jurik. All rights reserved.
257c478bd9Sstevel@tonic-gate  */
267c478bd9Sstevel@tonic-gate 
277c478bd9Sstevel@tonic-gate /*
287c478bd9Sstevel@tonic-gate  *  GSSAPI library stub module for gssd.
297c478bd9Sstevel@tonic-gate  */
307c478bd9Sstevel@tonic-gate 
317c478bd9Sstevel@tonic-gate #include <mechglueP.h>
327c478bd9Sstevel@tonic-gate #include "gssd_prot.h"
337c478bd9Sstevel@tonic-gate #include <rpc/rpc.h>
347c478bd9Sstevel@tonic-gate 
357c478bd9Sstevel@tonic-gate #include <sys/systm.h>
367c478bd9Sstevel@tonic-gate #include <sys/types.h>
377c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h>
387c478bd9Sstevel@tonic-gate #include <sys/kmem.h>
397c478bd9Sstevel@tonic-gate #include <gssapi/kgssapi_defs.h>
407c478bd9Sstevel@tonic-gate #include <sys/debug.h>
417c478bd9Sstevel@tonic-gate 
427c478bd9Sstevel@tonic-gate #ifdef GSSDEBUG
437c478bd9Sstevel@tonic-gate /*
447c478bd9Sstevel@tonic-gate  * Kernel kgssd module debugging aid. The global variable "gss_log"
457c478bd9Sstevel@tonic-gate  * is a bit mask which allows various types of debugging messages
467c478bd9Sstevel@tonic-gate  * to be printed out.
477c478bd9Sstevel@tonic-gate  *
487c478bd9Sstevel@tonic-gate  *	 gss_log & 1  will cause actual failures to be printed.
497c478bd9Sstevel@tonic-gate  *	 gss_log & 2  will cause informational messages to be
507c478bd9Sstevel@tonic-gate  *	                 printed on the client side of kgssd.
517c478bd9Sstevel@tonic-gate  *	 gss_log & 4  will cause informational messages to be
527c478bd9Sstevel@tonic-gate  *	                 printed on the server side of kgssd.
537c478bd9Sstevel@tonic-gate  *	 gss_log & 8  will cause informational messages to be
547c478bd9Sstevel@tonic-gate  *	                 printed on both client and server side of kgssd.
557c478bd9Sstevel@tonic-gate  */
567c478bd9Sstevel@tonic-gate 
577c478bd9Sstevel@tonic-gate uint_t gss_log = 1;
587c478bd9Sstevel@tonic-gate 
597c478bd9Sstevel@tonic-gate #endif /* GSSDEBUG */
607c478bd9Sstevel@tonic-gate 
617c478bd9Sstevel@tonic-gate #ifdef  DEBUG
62b97d6ca7SMilan Jurik extern void prom_printf(const char *, ...);
637c478bd9Sstevel@tonic-gate #endif
647c478bd9Sstevel@tonic-gate 
657c478bd9Sstevel@tonic-gate char *server = "localhost";
667c478bd9Sstevel@tonic-gate 
677c478bd9Sstevel@tonic-gate static OM_uint32 kgss_sign_wrapped(void *, OM_uint32 *, gss_ctx_id_t, int,
687c478bd9Sstevel@tonic-gate 	gss_buffer_t, gss_buffer_t,  OM_uint32);
697c478bd9Sstevel@tonic-gate 
707c478bd9Sstevel@tonic-gate static OM_uint32 kgss_verify_wrapped(void *, OM_uint32 *, gss_ctx_id_t,
717c478bd9Sstevel@tonic-gate 	gss_buffer_t, gss_buffer_t, int *qop_state, OM_uint32);
727c478bd9Sstevel@tonic-gate 
737c478bd9Sstevel@tonic-gate static OM_uint32 kgss_seal_wrapped(void *, OM_uint32 *, gss_ctx_id_t,
747c478bd9Sstevel@tonic-gate 	int, int, gss_buffer_t, int *, gss_buffer_t,  OM_uint32);
757c478bd9Sstevel@tonic-gate 
767c478bd9Sstevel@tonic-gate static OM_uint32 kgss_unseal_wrapped(void *, OM_uint32 *, gss_ctx_id_t,
777c478bd9Sstevel@tonic-gate 	gss_buffer_t, gss_buffer_t, int *conf_state, int *qop_state,
787c478bd9Sstevel@tonic-gate 	OM_uint32);
797c478bd9Sstevel@tonic-gate 
807c478bd9Sstevel@tonic-gate static OM_uint32 kgss_delete_sec_context_wrapped(void *, OM_uint32 *,
817c478bd9Sstevel@tonic-gate 	gssd_ctx_id_t *, gss_buffer_t, OM_uint32);
827c478bd9Sstevel@tonic-gate 
837c478bd9Sstevel@tonic-gate static void __kgss_reset_mech(gss_mechanism *, gss_OID);
847c478bd9Sstevel@tonic-gate 
857c478bd9Sstevel@tonic-gate #define	DEFAULT_MINOR_STAT	((OM_uint32) ~0)
867c478bd9Sstevel@tonic-gate 
877c478bd9Sstevel@tonic-gate OM_uint32
kgss_acquire_cred_wrapped(minor_status,desired_name,time_req,desired_mechs,cred_usage,output_cred_handle,actual_mechs,time_rec,uid,gssd_cred_verifier)887c478bd9Sstevel@tonic-gate kgss_acquire_cred_wrapped(minor_status,
897c478bd9Sstevel@tonic-gate 			desired_name,
907c478bd9Sstevel@tonic-gate 			time_req,
917c478bd9Sstevel@tonic-gate 			desired_mechs,
927c478bd9Sstevel@tonic-gate 			cred_usage,
937c478bd9Sstevel@tonic-gate 			output_cred_handle,
947c478bd9Sstevel@tonic-gate 			actual_mechs,
957c478bd9Sstevel@tonic-gate 			time_rec,
967c478bd9Sstevel@tonic-gate 			uid,
977c478bd9Sstevel@tonic-gate 			gssd_cred_verifier)
987c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
997c478bd9Sstevel@tonic-gate 	const gss_name_t desired_name;
1007c478bd9Sstevel@tonic-gate 	OM_uint32 time_req;
1017c478bd9Sstevel@tonic-gate 	const gss_OID_set desired_mechs;
1027c478bd9Sstevel@tonic-gate 	int cred_usage;
1037c478bd9Sstevel@tonic-gate 	gssd_cred_id_t *output_cred_handle;
1047c478bd9Sstevel@tonic-gate 	gss_OID_set *actual_mechs;
1057c478bd9Sstevel@tonic-gate 	OM_uint32 *time_rec;
1067c478bd9Sstevel@tonic-gate 	uid_t uid;
1077c478bd9Sstevel@tonic-gate 	OM_uint32 *gssd_cred_verifier;
1087c478bd9Sstevel@tonic-gate {
1097c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
1107c478bd9Sstevel@tonic-gate 
111*9c805345SToomas Soome 	OM_uint32	minor_status_temp;
1127c478bd9Sstevel@tonic-gate 	gss_buffer_desc	external_name;
1137c478bd9Sstevel@tonic-gate 	gss_OID		name_type;
1147c478bd9Sstevel@tonic-gate 	enum clnt_stat	client_stat;
1157c478bd9Sstevel@tonic-gate 	int		i;
1167c478bd9Sstevel@tonic-gate 
1177c478bd9Sstevel@tonic-gate 	gss_acquire_cred_arg arg;
1187c478bd9Sstevel@tonic-gate 	gss_acquire_cred_res res;
1197c478bd9Sstevel@tonic-gate 
1207c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
1217c478bd9Sstevel@tonic-gate 
1227c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
1237c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgss_acquire_cred: can't connect to server on %s\n",
1247c478bd9Sstevel@tonic-gate 			server);
1257c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
1267c478bd9Sstevel@tonic-gate 	}
1277c478bd9Sstevel@tonic-gate 
1287c478bd9Sstevel@tonic-gate 	/* convert the desired name from internal to external format */
1297c478bd9Sstevel@tonic-gate 
1307c478bd9Sstevel@tonic-gate 	if (gss_display_name(&minor_status_temp, desired_name, &external_name,
1317c478bd9Sstevel@tonic-gate 				&name_type) != GSS_S_COMPLETE) {
1327c478bd9Sstevel@tonic-gate 
1337c478bd9Sstevel@tonic-gate 		*minor_status = (OM_uint32) minor_status_temp;
1347c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
1357c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_acquire_cred: display name failed\n");
1367c478bd9Sstevel@tonic-gate 		return ((OM_uint32) GSS_S_FAILURE);
1377c478bd9Sstevel@tonic-gate 	}
1387c478bd9Sstevel@tonic-gate 
1397c478bd9Sstevel@tonic-gate 
1407c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
1417c478bd9Sstevel@tonic-gate 
1427c478bd9Sstevel@tonic-gate 	arg.uid = (OM_uint32) uid;
1437c478bd9Sstevel@tonic-gate 
1447c478bd9Sstevel@tonic-gate 	arg.desired_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
1457c478bd9Sstevel@tonic-gate 	arg.desired_name.GSS_BUFFER_T_val = (char *)external_name.value;
1467c478bd9Sstevel@tonic-gate 
1477c478bd9Sstevel@tonic-gate 	arg.name_type.GSS_OID_len =
1487c478bd9Sstevel@tonic-gate 		name_type == GSS_C_NULL_OID ?
1497c478bd9Sstevel@tonic-gate 			0 : (uint_t)name_type->length;
1507c478bd9Sstevel@tonic-gate 
1517c478bd9Sstevel@tonic-gate 	arg.name_type.GSS_OID_val =
1527c478bd9Sstevel@tonic-gate 		name_type == GSS_C_NULL_OID ?
1537c478bd9Sstevel@tonic-gate 			(char *)NULL : (char *)name_type->elements;
1547c478bd9Sstevel@tonic-gate 
1557c478bd9Sstevel@tonic-gate 	arg.time_req = time_req;
1567c478bd9Sstevel@tonic-gate 
1577c478bd9Sstevel@tonic-gate 	if (desired_mechs != GSS_C_NULL_OID_SET) {
1587c478bd9Sstevel@tonic-gate 		arg.desired_mechs.GSS_OID_SET_len =
1597c478bd9Sstevel@tonic-gate 			(uint_t)desired_mechs->count;
1607c478bd9Sstevel@tonic-gate 		arg.desired_mechs.GSS_OID_SET_val = (GSS_OID *)
1617c478bd9Sstevel@tonic-gate 			MALLOC(sizeof (GSS_OID) * desired_mechs->count);
1627c478bd9Sstevel@tonic-gate 
1637c478bd9Sstevel@tonic-gate 		for (i = 0; i < desired_mechs->count; i++) {
1647c478bd9Sstevel@tonic-gate 		    arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_len =
1657c478bd9Sstevel@tonic-gate 			(uint_t)desired_mechs->elements[i].length;
1667c478bd9Sstevel@tonic-gate 		    arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val =
1677c478bd9Sstevel@tonic-gate 			(char *)MALLOC(desired_mechs->elements[i].length);
1687c478bd9Sstevel@tonic-gate 		    (void) memcpy(
1697c478bd9Sstevel@tonic-gate 			arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
1707c478bd9Sstevel@tonic-gate 			desired_mechs->elements[i].elements,
1717c478bd9Sstevel@tonic-gate 			desired_mechs->elements[i].length);
1727c478bd9Sstevel@tonic-gate 		}
1737c478bd9Sstevel@tonic-gate 	} else
1747c478bd9Sstevel@tonic-gate 		arg.desired_mechs.GSS_OID_SET_len = 0;
1757c478bd9Sstevel@tonic-gate 
1767c478bd9Sstevel@tonic-gate 	arg.cred_usage = cred_usage;
1777c478bd9Sstevel@tonic-gate 
1787c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
1797c478bd9Sstevel@tonic-gate 
1807c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
1817c478bd9Sstevel@tonic-gate 	client_stat = gss_acquire_cred_1(&arg, &res, clnt);
1827c478bd9Sstevel@tonic-gate 
1837c478bd9Sstevel@tonic-gate 	(void) gss_release_buffer(&minor_status_temp, &external_name);
1847c478bd9Sstevel@tonic-gate 	if (desired_mechs != GSS_C_NULL_OID_SET) {
1857c478bd9Sstevel@tonic-gate 		for (i = 0; i < desired_mechs->count; i++)
1867c478bd9Sstevel@tonic-gate 			FREE(arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
1877c478bd9Sstevel@tonic-gate 			    arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_len);
1887c478bd9Sstevel@tonic-gate 		FREE(arg.desired_mechs.GSS_OID_SET_val,
1897c478bd9Sstevel@tonic-gate 		    arg.desired_mechs.GSS_OID_SET_len * sizeof (GSS_OID));
1907c478bd9Sstevel@tonic-gate 	}
1917c478bd9Sstevel@tonic-gate 
1927c478bd9Sstevel@tonic-gate 	if (client_stat != RPC_SUCCESS) {
1937c478bd9Sstevel@tonic-gate 
1947c478bd9Sstevel@tonic-gate 		/*
1957c478bd9Sstevel@tonic-gate 		 * if the RPC call times out, null out all return arguments,
1967c478bd9Sstevel@tonic-gate 		 * set minor_status to its maximum value, and return
1977c478bd9Sstevel@tonic-gate 		 * GSS_S_FAILURE
1987c478bd9Sstevel@tonic-gate 		 */
1997c478bd9Sstevel@tonic-gate 
2007c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
2017c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
2027c478bd9Sstevel@tonic-gate 		if (output_cred_handle != NULL)
203*9c805345SToomas Soome 			*output_cred_handle = 0;
2047c478bd9Sstevel@tonic-gate 		if (actual_mechs != NULL)
2057c478bd9Sstevel@tonic-gate 			*actual_mechs = NULL;
2067c478bd9Sstevel@tonic-gate 		if (time_rec != NULL)
2077c478bd9Sstevel@tonic-gate 			*time_rec = 0;
2087c478bd9Sstevel@tonic-gate 
2097c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
2107c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_acquire_cred: RPC call times out\n");
2117c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
2127c478bd9Sstevel@tonic-gate 	}
2137c478bd9Sstevel@tonic-gate 
2147c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
2157c478bd9Sstevel@tonic-gate 
2167c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
2177c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
2187c478bd9Sstevel@tonic-gate 
2197c478bd9Sstevel@tonic-gate 	if (output_cred_handle != NULL &&
2207c478bd9Sstevel@tonic-gate 		(res.status == GSS_S_COMPLETE)) {
2217c478bd9Sstevel@tonic-gate 	    *output_cred_handle =
2227c478bd9Sstevel@tonic-gate 		*((gssd_cred_id_t *)res.output_cred_handle.GSS_CRED_ID_T_val);
2237c478bd9Sstevel@tonic-gate 	    *gssd_cred_verifier = res.gssd_cred_verifier;
2247c478bd9Sstevel@tonic-gate 	}
2257c478bd9Sstevel@tonic-gate 
2267c478bd9Sstevel@tonic-gate 	if (res.status == GSS_S_COMPLETE &&
2277c478bd9Sstevel@tonic-gate 		res.actual_mechs.GSS_OID_SET_len != 0 &&
2287c478bd9Sstevel@tonic-gate 		actual_mechs != NULL) {
2297c478bd9Sstevel@tonic-gate 		*actual_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
2307c478bd9Sstevel@tonic-gate 		(*actual_mechs)->count =
2317c478bd9Sstevel@tonic-gate 					(int)res.actual_mechs.GSS_OID_SET_len;
2327c478bd9Sstevel@tonic-gate 		(*actual_mechs)->elements = (gss_OID)
2337c478bd9Sstevel@tonic-gate 			MALLOC(sizeof (gss_OID_desc) * (*actual_mechs)->count);
2347c478bd9Sstevel@tonic-gate 
2357c478bd9Sstevel@tonic-gate 		for (i = 0; i < (*actual_mechs)->count; i++) {
2367c478bd9Sstevel@tonic-gate 		    (*actual_mechs)->elements[i].length = (OM_uint32)
2377c478bd9Sstevel@tonic-gate 			res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_len;
2387c478bd9Sstevel@tonic-gate 		    (*actual_mechs)->elements[i].elements =
2397c478bd9Sstevel@tonic-gate 			(void *) MALLOC((*actual_mechs)->elements[i].length);
2407c478bd9Sstevel@tonic-gate 		    (void) memcpy((*actual_mechs)->elements[i].elements,
2417c478bd9Sstevel@tonic-gate 			res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_val,
2427c478bd9Sstevel@tonic-gate 			(*actual_mechs)->elements[i].length);
2437c478bd9Sstevel@tonic-gate 		}
2447c478bd9Sstevel@tonic-gate 	} else {
2457c478bd9Sstevel@tonic-gate 		if (res.status == GSS_S_COMPLETE &&
2467c478bd9Sstevel@tonic-gate 			actual_mechs != NULL)
2477c478bd9Sstevel@tonic-gate 			(*actual_mechs) = NULL;
2487c478bd9Sstevel@tonic-gate 	}
2497c478bd9Sstevel@tonic-gate 
2507c478bd9Sstevel@tonic-gate 	if (time_rec != NULL)
2517c478bd9Sstevel@tonic-gate 		*time_rec = res.time_rec;
2527c478bd9Sstevel@tonic-gate 
2537c478bd9Sstevel@tonic-gate 	/*
2547c478bd9Sstevel@tonic-gate 	 * free the memory allocated for the results and return with the status
2557c478bd9Sstevel@tonic-gate 	 * received in the rpc call
2567c478bd9Sstevel@tonic-gate 	 */
2577c478bd9Sstevel@tonic-gate 
2587c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_acquire_cred_res, (caddr_t)&res);
2597c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
2607c478bd9Sstevel@tonic-gate 	return (res.status);
2617c478bd9Sstevel@tonic-gate 
2627c478bd9Sstevel@tonic-gate }
2637c478bd9Sstevel@tonic-gate 
2647c478bd9Sstevel@tonic-gate OM_uint32
kgss_acquire_cred(minor_status,desired_name,time_req,desired_mechs,cred_usage,output_cred_handle,actual_mechs,time_rec,uid)2657c478bd9Sstevel@tonic-gate kgss_acquire_cred(minor_status,
2667c478bd9Sstevel@tonic-gate 		desired_name,
2677c478bd9Sstevel@tonic-gate 		time_req,
2687c478bd9Sstevel@tonic-gate 		desired_mechs,
2697c478bd9Sstevel@tonic-gate 		cred_usage,
2707c478bd9Sstevel@tonic-gate 		output_cred_handle,
2717c478bd9Sstevel@tonic-gate 		actual_mechs,
2727c478bd9Sstevel@tonic-gate 		time_rec,
2737c478bd9Sstevel@tonic-gate 		uid)
2747c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
2757c478bd9Sstevel@tonic-gate 	const gss_name_t desired_name;
2767c478bd9Sstevel@tonic-gate 	OM_uint32 time_req;
2777c478bd9Sstevel@tonic-gate 	const gss_OID_set desired_mechs;
2787c478bd9Sstevel@tonic-gate 	int cred_usage;
2797c478bd9Sstevel@tonic-gate 	gss_cred_id_t *output_cred_handle;
2807c478bd9Sstevel@tonic-gate 	gss_OID_set *actual_mechs;
2817c478bd9Sstevel@tonic-gate 	OM_uint32 *time_rec;
2827c478bd9Sstevel@tonic-gate 	uid_t uid;
2837c478bd9Sstevel@tonic-gate {
2847c478bd9Sstevel@tonic-gate 
2857c478bd9Sstevel@tonic-gate 	OM_uint32	err;
2867c478bd9Sstevel@tonic-gate 	struct kgss_cred *kcred;
2877c478bd9Sstevel@tonic-gate 
2887c478bd9Sstevel@tonic-gate 	kcred = KGSS_CRED_ALLOC();
2897c478bd9Sstevel@tonic-gate 	*output_cred_handle = (gss_cred_id_t)kcred;
2907c478bd9Sstevel@tonic-gate 	err = kgss_acquire_cred_wrapped(minor_status, desired_name, time_req,
2917c478bd9Sstevel@tonic-gate 		desired_mechs, cred_usage, &kcred->gssd_cred, actual_mechs,
2927c478bd9Sstevel@tonic-gate 		time_rec, uid, &kcred->gssd_cred_verifier);
2937c478bd9Sstevel@tonic-gate 	if (GSS_ERROR(err)) {
2947c478bd9Sstevel@tonic-gate 		KGSS_CRED_FREE(kcred);
2957c478bd9Sstevel@tonic-gate 		*output_cred_handle = GSS_C_NO_CREDENTIAL;
2967c478bd9Sstevel@tonic-gate 	}
2977c478bd9Sstevel@tonic-gate 	return (err);
2987c478bd9Sstevel@tonic-gate }
2997c478bd9Sstevel@tonic-gate 
3007c478bd9Sstevel@tonic-gate OM_uint32
kgss_add_cred_wrapped(minor_status,input_cred_handle,gssd_cred_verifier,desired_name,desired_mech_type,cred_usage,initiator_time_req,acceptor_time_req,actual_mechs,initiator_time_rec,acceptor_time_rec,uid)3017c478bd9Sstevel@tonic-gate kgss_add_cred_wrapped(minor_status,
3027c478bd9Sstevel@tonic-gate 			input_cred_handle,
3037c478bd9Sstevel@tonic-gate 			gssd_cred_verifier,
3047c478bd9Sstevel@tonic-gate 			desired_name,
3057c478bd9Sstevel@tonic-gate 			desired_mech_type,
3067c478bd9Sstevel@tonic-gate 			cred_usage,
3077c478bd9Sstevel@tonic-gate 			initiator_time_req,
3087c478bd9Sstevel@tonic-gate 			acceptor_time_req,
3097c478bd9Sstevel@tonic-gate 			actual_mechs,
3107c478bd9Sstevel@tonic-gate 			initiator_time_rec,
3117c478bd9Sstevel@tonic-gate 			acceptor_time_rec,
3127c478bd9Sstevel@tonic-gate 			uid)
3137c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
3147c478bd9Sstevel@tonic-gate 	gssd_cred_id_t input_cred_handle;
3157c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_verifier;
3167c478bd9Sstevel@tonic-gate 	gss_name_t desired_name;
3177c478bd9Sstevel@tonic-gate 	gss_OID desired_mech_type;
3187c478bd9Sstevel@tonic-gate 	int cred_usage;
3197c478bd9Sstevel@tonic-gate 	int initiator_time_req;
3207c478bd9Sstevel@tonic-gate 	int acceptor_time_req;
3217c478bd9Sstevel@tonic-gate 	gss_OID_set *actual_mechs;
3227c478bd9Sstevel@tonic-gate 	OM_uint32 *initiator_time_rec;
3237c478bd9Sstevel@tonic-gate 	OM_uint32 *acceptor_time_rec;
3247c478bd9Sstevel@tonic-gate 	uid_t uid;
3257c478bd9Sstevel@tonic-gate {
3267c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
3277c478bd9Sstevel@tonic-gate 
328*9c805345SToomas Soome 	OM_uint32	minor_status_temp;
3297c478bd9Sstevel@tonic-gate 	gss_buffer_desc	external_name;
3307c478bd9Sstevel@tonic-gate 	gss_OID		name_type;
3317c478bd9Sstevel@tonic-gate 	int		i;
3327c478bd9Sstevel@tonic-gate 
3337c478bd9Sstevel@tonic-gate 	gss_add_cred_arg arg;
3347c478bd9Sstevel@tonic-gate 	gss_add_cred_res res;
3357c478bd9Sstevel@tonic-gate 
3367c478bd9Sstevel@tonic-gate 
3377c478bd9Sstevel@tonic-gate 	/*
3387c478bd9Sstevel@tonic-gate 	 * NULL the params here once
3397c478bd9Sstevel@tonic-gate 	 * If there are errors then we won't
3407c478bd9Sstevel@tonic-gate 	 * have to do it for every error
3417c478bd9Sstevel@tonic-gate 	 * case
3427c478bd9Sstevel@tonic-gate 	 */
3437c478bd9Sstevel@tonic-gate 
3447c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
3457c478bd9Sstevel@tonic-gate 		*minor_status = DEFAULT_MINOR_STAT;
3467c478bd9Sstevel@tonic-gate 	if (actual_mechs != NULL)
3477c478bd9Sstevel@tonic-gate 		*actual_mechs = NULL;
3487c478bd9Sstevel@tonic-gate 	if (initiator_time_rec != NULL)
3497c478bd9Sstevel@tonic-gate 		*initiator_time_rec = 0;
3507c478bd9Sstevel@tonic-gate 	if (acceptor_time_rec != NULL)
3517c478bd9Sstevel@tonic-gate 			*acceptor_time_rec = 0;
3527c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
3537c478bd9Sstevel@tonic-gate 
3547c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
3557c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgss_add_cred: can't connect to server on %s\n",
3567c478bd9Sstevel@tonic-gate 			server);
3577c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
3587c478bd9Sstevel@tonic-gate 	}
3597c478bd9Sstevel@tonic-gate 
3607c478bd9Sstevel@tonic-gate 
3617c478bd9Sstevel@tonic-gate 	/* convert the desired name from internal to external format */
3627c478bd9Sstevel@tonic-gate 
3637c478bd9Sstevel@tonic-gate 	if (gss_display_name(&minor_status_temp, desired_name, &external_name,
3647c478bd9Sstevel@tonic-gate 				&name_type) != GSS_S_COMPLETE) {
3657c478bd9Sstevel@tonic-gate 
3667c478bd9Sstevel@tonic-gate 		*minor_status = (OM_uint32) minor_status_temp;
3677c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
3687c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_acquire_cred: display name failed\n");
3697c478bd9Sstevel@tonic-gate 		return ((OM_uint32) GSS_S_FAILURE);
3707c478bd9Sstevel@tonic-gate 	}
3717c478bd9Sstevel@tonic-gate 
3727c478bd9Sstevel@tonic-gate 
3737c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
3747c478bd9Sstevel@tonic-gate 
3757c478bd9Sstevel@tonic-gate 	arg.uid = (OM_uint32)uid;
3767c478bd9Sstevel@tonic-gate 	arg.input_cred_handle.GSS_CRED_ID_T_len =
377d4f95bf4SRichard Lowe 			input_cred_handle == GSSD_NO_CREDENTIAL ?
3787c478bd9Sstevel@tonic-gate 			0 : (uint_t)sizeof (gssd_cred_id_t);
3797c478bd9Sstevel@tonic-gate 	arg.input_cred_handle.GSS_CRED_ID_T_val = (char *)&input_cred_handle;
3807c478bd9Sstevel@tonic-gate 	arg.gssd_cred_verifier = gssd_cred_verifier;
3817c478bd9Sstevel@tonic-gate 	arg.desired_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
3827c478bd9Sstevel@tonic-gate 	arg.desired_name.GSS_BUFFER_T_val = (char *)external_name.value;
3837c478bd9Sstevel@tonic-gate 	arg.name_type.GSS_OID_len =
3847c478bd9Sstevel@tonic-gate 		name_type == GSS_C_NULL_OID ?
3857c478bd9Sstevel@tonic-gate 			0 : (uint_t)name_type->length;
3867c478bd9Sstevel@tonic-gate 	arg.name_type.GSS_OID_val =
3877c478bd9Sstevel@tonic-gate 		name_type == GSS_C_NULL_OID ?
3887c478bd9Sstevel@tonic-gate 			(char *)NULL : (char *)name_type->elements;
3897c478bd9Sstevel@tonic-gate 
3907c478bd9Sstevel@tonic-gate 	arg.desired_mech_type.GSS_OID_len =
3917c478bd9Sstevel@tonic-gate 		(uint_t)(desired_mech_type != GSS_C_NULL_OID ?
3927c478bd9Sstevel@tonic-gate 		desired_mech_type->length : 0);
3937c478bd9Sstevel@tonic-gate 	arg.desired_mech_type.GSS_OID_val =
3947c478bd9Sstevel@tonic-gate 		(char *)(desired_mech_type != GSS_C_NULL_OID ?
3957c478bd9Sstevel@tonic-gate 		desired_mech_type->elements : 0);
3967c478bd9Sstevel@tonic-gate 	arg.cred_usage = cred_usage;
3977c478bd9Sstevel@tonic-gate 	arg.initiator_time_req = initiator_time_req;
3987c478bd9Sstevel@tonic-gate 	arg.acceptor_time_req = acceptor_time_req;
3997c478bd9Sstevel@tonic-gate 
4007c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
4017c478bd9Sstevel@tonic-gate 
4027c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
4037c478bd9Sstevel@tonic-gate 	if (gss_add_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
4047c478bd9Sstevel@tonic-gate 
4057c478bd9Sstevel@tonic-gate 		/*
4067c478bd9Sstevel@tonic-gate 		 * if the RPC call times out, null out all return arguments,
4077c478bd9Sstevel@tonic-gate 		 * set minor_status to its maximum value, and return
4087c478bd9Sstevel@tonic-gate 		 * GSS_S_FAILURE
4097c478bd9Sstevel@tonic-gate 		 */
4107c478bd9Sstevel@tonic-gate 
4117c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
4127c478bd9Sstevel@tonic-gate 		(void) gss_release_buffer(&minor_status_temp, &external_name);
4137c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_add_cred: RPC call times out\n");
4147c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
4157c478bd9Sstevel@tonic-gate 	}
4167c478bd9Sstevel@tonic-gate 
4177c478bd9Sstevel@tonic-gate 	/* free the allocated memory for the flattened name */
4187c478bd9Sstevel@tonic-gate 
4197c478bd9Sstevel@tonic-gate 	(void) gss_release_buffer(&minor_status_temp, &external_name);
4207c478bd9Sstevel@tonic-gate 
4217c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
4227c478bd9Sstevel@tonic-gate 
4237c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
4247c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
4257c478bd9Sstevel@tonic-gate 
4267c478bd9Sstevel@tonic-gate 	if (res.status == GSS_S_COMPLETE &&
4277c478bd9Sstevel@tonic-gate 		res.actual_mechs.GSS_OID_SET_len != 0 &&
4287c478bd9Sstevel@tonic-gate 		actual_mechs != NULL) {
4297c478bd9Sstevel@tonic-gate 		*actual_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
4307c478bd9Sstevel@tonic-gate 		(*actual_mechs)->count =
4317c478bd9Sstevel@tonic-gate 					(int)res.actual_mechs.GSS_OID_SET_len;
4327c478bd9Sstevel@tonic-gate 		(*actual_mechs)->elements = (gss_OID)
4337c478bd9Sstevel@tonic-gate 			MALLOC(sizeof (gss_OID_desc) * (*actual_mechs)->count);
4347c478bd9Sstevel@tonic-gate 
4357c478bd9Sstevel@tonic-gate 		for (i = 0; i < (*actual_mechs)->count; i++) {
4367c478bd9Sstevel@tonic-gate 		    (*actual_mechs)->elements[i].length = (OM_uint32)
4377c478bd9Sstevel@tonic-gate 			res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_len;
4387c478bd9Sstevel@tonic-gate 		    (*actual_mechs)->elements[i].elements =
4397c478bd9Sstevel@tonic-gate 			(void *) MALLOC((*actual_mechs)->elements[i].length);
4407c478bd9Sstevel@tonic-gate 		    (void) memcpy((*actual_mechs)->elements[i].elements,
4417c478bd9Sstevel@tonic-gate 			res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_val,
4427c478bd9Sstevel@tonic-gate 			(*actual_mechs)->elements[i].length);
4437c478bd9Sstevel@tonic-gate 		}
4447c478bd9Sstevel@tonic-gate 	} else {
4457c478bd9Sstevel@tonic-gate 		if (res.status == GSS_S_COMPLETE && actual_mechs != NULL)
4467c478bd9Sstevel@tonic-gate 			(*actual_mechs) = NULL;
4477c478bd9Sstevel@tonic-gate 	}
4487c478bd9Sstevel@tonic-gate 	if (initiator_time_rec != NULL)
4497c478bd9Sstevel@tonic-gate 		*initiator_time_rec = res.acceptor_time_rec;
4507c478bd9Sstevel@tonic-gate 	if (acceptor_time_rec != NULL)
4517c478bd9Sstevel@tonic-gate 		*acceptor_time_rec = res.acceptor_time_rec;
4527c478bd9Sstevel@tonic-gate 
4537c478bd9Sstevel@tonic-gate 	/*
4547c478bd9Sstevel@tonic-gate 	 * free the memory allocated for the results and return with the status
4557c478bd9Sstevel@tonic-gate 	 * received in the rpc call
4567c478bd9Sstevel@tonic-gate 	 */
4577c478bd9Sstevel@tonic-gate 
4587c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_add_cred_res, (caddr_t)&res);
4597c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
4607c478bd9Sstevel@tonic-gate 	return (res.status);
4617c478bd9Sstevel@tonic-gate 
4627c478bd9Sstevel@tonic-gate }
4637c478bd9Sstevel@tonic-gate 
4647c478bd9Sstevel@tonic-gate OM_uint32
kgss_add_cred(minor_status,input_cred_handle,desired_name,desired_mech_type,cred_usage,initiator_time_req,acceptor_time_req,actual_mechs,initiator_time_rec,acceptor_time_rec,uid)4657c478bd9Sstevel@tonic-gate kgss_add_cred(minor_status,
4667c478bd9Sstevel@tonic-gate 			input_cred_handle,
4677c478bd9Sstevel@tonic-gate 			desired_name,
4687c478bd9Sstevel@tonic-gate 			desired_mech_type,
4697c478bd9Sstevel@tonic-gate 			cred_usage,
4707c478bd9Sstevel@tonic-gate 			initiator_time_req,
4717c478bd9Sstevel@tonic-gate 			acceptor_time_req,
4727c478bd9Sstevel@tonic-gate 			actual_mechs,
4737c478bd9Sstevel@tonic-gate 			initiator_time_rec,
4747c478bd9Sstevel@tonic-gate 			acceptor_time_rec,
4757c478bd9Sstevel@tonic-gate 			uid)
4767c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
4777c478bd9Sstevel@tonic-gate 	gss_cred_id_t input_cred_handle;
4787c478bd9Sstevel@tonic-gate 	gss_name_t desired_name;
4797c478bd9Sstevel@tonic-gate 	gss_OID desired_mech_type;
4807c478bd9Sstevel@tonic-gate 	int cred_usage;
4817c478bd9Sstevel@tonic-gate 	int initiator_time_req;
4827c478bd9Sstevel@tonic-gate 	int acceptor_time_req;
4837c478bd9Sstevel@tonic-gate 	gss_OID_set *actual_mechs;
4847c478bd9Sstevel@tonic-gate 	OM_uint32 *initiator_time_rec;
4857c478bd9Sstevel@tonic-gate 	OM_uint32 *acceptor_time_rec;
4867c478bd9Sstevel@tonic-gate 	uid_t uid;
4877c478bd9Sstevel@tonic-gate {
4887c478bd9Sstevel@tonic-gate 
4897c478bd9Sstevel@tonic-gate 	OM_uint32	err;
4907c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_verifier;
4917c478bd9Sstevel@tonic-gate 	gssd_cred_id_t gssd_input_cred_handle;
4927c478bd9Sstevel@tonic-gate 
4937c478bd9Sstevel@tonic-gate 	if (input_cred_handle != GSS_C_NO_CREDENTIAL) {
4947c478bd9Sstevel@tonic-gate 		gssd_cred_verifier = KCRED_TO_CREDV(input_cred_handle);
4957c478bd9Sstevel@tonic-gate 		gssd_input_cred_handle = KCRED_TO_CRED(input_cred_handle);
496d4f95bf4SRichard Lowe 	} else {
497d4f95bf4SRichard Lowe 		gssd_input_cred_handle = GSSD_NO_CREDENTIAL;
498d4f95bf4SRichard Lowe 	}
4997c478bd9Sstevel@tonic-gate 
5007c478bd9Sstevel@tonic-gate 	err = kgss_add_cred_wrapped(minor_status, gssd_input_cred_handle,
5017c478bd9Sstevel@tonic-gate 			gssd_cred_verifier, desired_name, desired_mech_type,
5027c478bd9Sstevel@tonic-gate 			cred_usage, initiator_time_req, acceptor_time_req,
5037c478bd9Sstevel@tonic-gate 			actual_mechs, initiator_time_rec,
5047c478bd9Sstevel@tonic-gate 			acceptor_time_rec, uid);
5057c478bd9Sstevel@tonic-gate 	return (err);
5067c478bd9Sstevel@tonic-gate }
5077c478bd9Sstevel@tonic-gate 
5087c478bd9Sstevel@tonic-gate 
5097c478bd9Sstevel@tonic-gate OM_uint32
kgss_release_cred_wrapped(minor_status,cred_handle,uid,gssd_cred_verifier)5107c478bd9Sstevel@tonic-gate kgss_release_cred_wrapped(minor_status,
5117c478bd9Sstevel@tonic-gate 			cred_handle,
5127c478bd9Sstevel@tonic-gate 			uid,
5137c478bd9Sstevel@tonic-gate 			gssd_cred_verifier)
5147c478bd9Sstevel@tonic-gate     OM_uint32 *minor_status;
5157c478bd9Sstevel@tonic-gate     gssd_cred_id_t *cred_handle;
5167c478bd9Sstevel@tonic-gate     uid_t uid;
5177c478bd9Sstevel@tonic-gate     OM_uint32  gssd_cred_verifier;
5187c478bd9Sstevel@tonic-gate {
5197c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
5207c478bd9Sstevel@tonic-gate 
5217c478bd9Sstevel@tonic-gate 	gss_release_cred_arg arg;
5227c478bd9Sstevel@tonic-gate 	gss_release_cred_res res;
5237c478bd9Sstevel@tonic-gate 
5247c478bd9Sstevel@tonic-gate 
5257c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
5267c478bd9Sstevel@tonic-gate 
5277c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
5287c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgss_release_cred: can't connect to server on %s\n",
5297c478bd9Sstevel@tonic-gate 			server);
5307c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
5317c478bd9Sstevel@tonic-gate 	}
5327c478bd9Sstevel@tonic-gate 
5337c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
5347c478bd9Sstevel@tonic-gate 
5357c478bd9Sstevel@tonic-gate 	arg.uid = (OM_uint32)uid;
5367c478bd9Sstevel@tonic-gate 	arg.gssd_cred_verifier = gssd_cred_verifier;
5377c478bd9Sstevel@tonic-gate 
5387c478bd9Sstevel@tonic-gate 	if (cred_handle != NULL) {
5397c478bd9Sstevel@tonic-gate 		arg.cred_handle.GSS_CRED_ID_T_len =
5407c478bd9Sstevel@tonic-gate 					(uint_t)sizeof (gssd_cred_id_t);
5417c478bd9Sstevel@tonic-gate 		arg.cred_handle.GSS_CRED_ID_T_val = (char *)cred_handle;
5427c478bd9Sstevel@tonic-gate 	} else
5437c478bd9Sstevel@tonic-gate 		arg.cred_handle.GSS_CRED_ID_T_len = 0;
5447c478bd9Sstevel@tonic-gate 
5457c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
5467c478bd9Sstevel@tonic-gate 
5477c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
5487c478bd9Sstevel@tonic-gate 	if (gss_release_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
5497c478bd9Sstevel@tonic-gate 
5507c478bd9Sstevel@tonic-gate 	/*
5517c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments, set
5527c478bd9Sstevel@tonic-gate 	 * minor_status to its maximum value, and return GSS_S_FAILURE
5537c478bd9Sstevel@tonic-gate 	 */
5547c478bd9Sstevel@tonic-gate 
5557c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
5567c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
5577c478bd9Sstevel@tonic-gate 		if (cred_handle != NULL)
558*9c805345SToomas Soome 			*cred_handle = 0;
5597c478bd9Sstevel@tonic-gate 
5607c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
5617c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_release_cred: RPC call times out\n");
5627c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
5637c478bd9Sstevel@tonic-gate 	}
5647c478bd9Sstevel@tonic-gate 
5657c478bd9Sstevel@tonic-gate 	/* if the release succeeded, null out the cred_handle */
5667c478bd9Sstevel@tonic-gate 
5677c478bd9Sstevel@tonic-gate 	if (res.status == GSS_S_COMPLETE && cred_handle != NULL)
568*9c805345SToomas Soome 		*cred_handle = 0;
5697c478bd9Sstevel@tonic-gate 
5707c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
5717c478bd9Sstevel@tonic-gate 
5727c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
5737c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
5747c478bd9Sstevel@tonic-gate 
5757c478bd9Sstevel@tonic-gate 	/* return with status returned in rpc call */
5767c478bd9Sstevel@tonic-gate 
5777c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
5787c478bd9Sstevel@tonic-gate 
5797c478bd9Sstevel@tonic-gate 	return (res.status);
5807c478bd9Sstevel@tonic-gate 
5817c478bd9Sstevel@tonic-gate }
5827c478bd9Sstevel@tonic-gate 
5837c478bd9Sstevel@tonic-gate OM_uint32
kgss_release_cred(minor_status,cred_handle,uid)5847c478bd9Sstevel@tonic-gate kgss_release_cred(minor_status,
5857c478bd9Sstevel@tonic-gate 			cred_handle,
5867c478bd9Sstevel@tonic-gate 			uid)
5877c478bd9Sstevel@tonic-gate     OM_uint32 *minor_status;
5887c478bd9Sstevel@tonic-gate     gss_cred_id_t *cred_handle;
5897c478bd9Sstevel@tonic-gate     uid_t uid;
5907c478bd9Sstevel@tonic-gate 
5917c478bd9Sstevel@tonic-gate {
5927c478bd9Sstevel@tonic-gate 
5937c478bd9Sstevel@tonic-gate 	OM_uint32	err;
5947c478bd9Sstevel@tonic-gate 	struct kgss_cred *kcred;
5957c478bd9Sstevel@tonic-gate 
5967c478bd9Sstevel@tonic-gate 	if (*cred_handle == GSS_C_NO_CREDENTIAL)
5977c478bd9Sstevel@tonic-gate 		return (GSS_S_COMPLETE);
5987c478bd9Sstevel@tonic-gate 	else
5997c478bd9Sstevel@tonic-gate 		kcred = KCRED_TO_KGSS_CRED(*cred_handle);
6007c478bd9Sstevel@tonic-gate 
6017c478bd9Sstevel@tonic-gate 	err = kgss_release_cred_wrapped(minor_status, &kcred->gssd_cred,
6027c478bd9Sstevel@tonic-gate 		uid, kcred->gssd_cred_verifier);
6037c478bd9Sstevel@tonic-gate 	KGSS_CRED_FREE(kcred);
6047c478bd9Sstevel@tonic-gate 	*cred_handle = GSS_C_NO_CREDENTIAL;
6057c478bd9Sstevel@tonic-gate 	return (err);
6067c478bd9Sstevel@tonic-gate }
6077c478bd9Sstevel@tonic-gate 
6087c478bd9Sstevel@tonic-gate static OM_uint32
kgss_init_sec_context_wrapped(OM_uint32 * minor_status,const gssd_cred_id_t claimant_cred_handle,OM_uint32 gssd_cred_verifier,gssd_ctx_id_t * context_handle,OM_uint32 * gssd_context_verifier,const gss_name_t target_name,const gss_OID mech_type,int req_flags,OM_uint32 time_req,const gss_channel_bindings_t input_chan_bindings,const gss_buffer_t input_token,gss_OID * actual_mech_type,gss_buffer_t output_token,int * ret_flags,OM_uint32 * time_rec,uid_t uid)6097c478bd9Sstevel@tonic-gate kgss_init_sec_context_wrapped(
6107c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status,
6117c478bd9Sstevel@tonic-gate 	const gssd_cred_id_t claimant_cred_handle,
6127c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_verifier,
6137c478bd9Sstevel@tonic-gate 	gssd_ctx_id_t *context_handle,
6147c478bd9Sstevel@tonic-gate 	OM_uint32 *gssd_context_verifier,
6157c478bd9Sstevel@tonic-gate 	const gss_name_t target_name,
6167c478bd9Sstevel@tonic-gate 	const gss_OID mech_type,
6177c478bd9Sstevel@tonic-gate 	int req_flags,
6187c478bd9Sstevel@tonic-gate 	OM_uint32 time_req,
6197c478bd9Sstevel@tonic-gate 	const gss_channel_bindings_t input_chan_bindings,
6207c478bd9Sstevel@tonic-gate 	const gss_buffer_t input_token,
6217c478bd9Sstevel@tonic-gate 	gss_OID *actual_mech_type,
6227c478bd9Sstevel@tonic-gate 	gss_buffer_t output_token,
6237c478bd9Sstevel@tonic-gate 	int *ret_flags,
6247c478bd9Sstevel@tonic-gate 	OM_uint32 *time_rec,
6257c478bd9Sstevel@tonic-gate 	uid_t uid)
6267c478bd9Sstevel@tonic-gate {
6277c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
6287c478bd9Sstevel@tonic-gate 
629*9c805345SToomas Soome 	OM_uint32	minor_status_temp;
6307c478bd9Sstevel@tonic-gate 	gss_buffer_desc	external_name;
6317c478bd9Sstevel@tonic-gate 	gss_OID		name_type;
6327c478bd9Sstevel@tonic-gate 
6337c478bd9Sstevel@tonic-gate 	gss_init_sec_context_arg arg;
6347c478bd9Sstevel@tonic-gate 	gss_init_sec_context_res res;
6357c478bd9Sstevel@tonic-gate 
6367c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
6377c478bd9Sstevel@tonic-gate 
6387c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
6397c478bd9Sstevel@tonic-gate 		GSSLOG(1,
640b97d6ca7SMilan Jurik 		    "kgss_init_sec_context: can't connect to server on %s\n",
641b97d6ca7SMilan Jurik 		    server);
6427c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
6437c478bd9Sstevel@tonic-gate 	}
6447c478bd9Sstevel@tonic-gate 
6457c478bd9Sstevel@tonic-gate 	/* convert the target name from internal to external format */
6467c478bd9Sstevel@tonic-gate 
6477c478bd9Sstevel@tonic-gate 	if (gss_display_name(&minor_status_temp, target_name,
648b97d6ca7SMilan Jurik 	    &external_name, &name_type) != GSS_S_COMPLETE) {
6497c478bd9Sstevel@tonic-gate 
6507c478bd9Sstevel@tonic-gate 		*minor_status = (OM_uint32) minor_status_temp;
6517c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
6527c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_init_sec_context: can't display name\n");
6537c478bd9Sstevel@tonic-gate 		return ((OM_uint32) GSS_S_FAILURE);
6547c478bd9Sstevel@tonic-gate 	}
6557c478bd9Sstevel@tonic-gate 
6567c478bd9Sstevel@tonic-gate 
6577c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
6587c478bd9Sstevel@tonic-gate 
6597c478bd9Sstevel@tonic-gate 	arg.uid = (OM_uint32)uid;
6607c478bd9Sstevel@tonic-gate 
6617c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len =
662d4f95bf4SRichard Lowe 	    *context_handle == GSSD_NO_CONTEXT ?
663b97d6ca7SMilan Jurik 	    0 : (uint_t)sizeof (gssd_ctx_id_t);
6647c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val =  (char *)context_handle;
6657c478bd9Sstevel@tonic-gate 
6667c478bd9Sstevel@tonic-gate 	arg.gssd_context_verifier =  *gssd_context_verifier;
6677c478bd9Sstevel@tonic-gate 
6687c478bd9Sstevel@tonic-gate 	arg.claimant_cred_handle.GSS_CRED_ID_T_len =
669d4f95bf4SRichard Lowe 	    claimant_cred_handle == GSSD_NO_CREDENTIAL ?
670b97d6ca7SMilan Jurik 	    0 : (uint_t)sizeof (gssd_cred_id_t);
6717c478bd9Sstevel@tonic-gate 	arg.claimant_cred_handle.GSS_CRED_ID_T_val =
672b97d6ca7SMilan Jurik 	    (char *)&claimant_cred_handle;
6737c478bd9Sstevel@tonic-gate 	arg.gssd_cred_verifier = gssd_cred_verifier;
6747c478bd9Sstevel@tonic-gate 
6757c478bd9Sstevel@tonic-gate 	arg.target_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
6767c478bd9Sstevel@tonic-gate 	arg.target_name.GSS_BUFFER_T_val = (char *)external_name.value;
6777c478bd9Sstevel@tonic-gate 
6787c478bd9Sstevel@tonic-gate 	arg.name_type.GSS_OID_len =
679d4f95bf4SRichard Lowe 	    name_type == GSS_C_NULL_OID ? 0 : (uint_t)name_type->length;
6807c478bd9Sstevel@tonic-gate 
6817c478bd9Sstevel@tonic-gate 	arg.name_type.GSS_OID_val =
682b97d6ca7SMilan Jurik 	    name_type == GSS_C_NULL_OID ?
683b97d6ca7SMilan Jurik 	    (char *)NULL : (char *)name_type->elements;
6847c478bd9Sstevel@tonic-gate 
6857c478bd9Sstevel@tonic-gate 	arg.mech_type.GSS_OID_len = (uint_t)(mech_type != GSS_C_NULL_OID ?
686b97d6ca7SMilan Jurik 	    mech_type->length : 0);
6877c478bd9Sstevel@tonic-gate 	arg.mech_type.GSS_OID_val = (char *)(mech_type != GSS_C_NULL_OID ?
688b97d6ca7SMilan Jurik 	    mech_type->elements : 0);
6897c478bd9Sstevel@tonic-gate 
6907c478bd9Sstevel@tonic-gate 	arg.req_flags = req_flags;
6917c478bd9Sstevel@tonic-gate 
6927c478bd9Sstevel@tonic-gate 	arg.time_req = time_req;
6937c478bd9Sstevel@tonic-gate 
6947c478bd9Sstevel@tonic-gate 	if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
6957c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.present = YES;
6967c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_addrtype =
697b97d6ca7SMilan Jurik 		    input_chan_bindings->initiator_addrtype;
6987c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len =
699b97d6ca7SMilan Jurik 		    (uint_t)input_chan_bindings->initiator_address.length;
7007c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val =
701b97d6ca7SMilan Jurik 		    (void *)input_chan_bindings->initiator_address.value;
7027c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_addrtype =
703b97d6ca7SMilan Jurik 		    input_chan_bindings->acceptor_addrtype;
7047c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len =
705b97d6ca7SMilan Jurik 		    (uint_t)input_chan_bindings->acceptor_address.length;
7067c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val =
707b97d6ca7SMilan Jurik 		    (void *)input_chan_bindings->acceptor_address.value;
7087c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.application_data.GSS_BUFFER_T_len =
709b97d6ca7SMilan Jurik 		    (uint_t)input_chan_bindings->application_data.length;
7107c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.application_data.GSS_BUFFER_T_val =
711b97d6ca7SMilan Jurik 		    (void *)input_chan_bindings->application_data.value;
7127c478bd9Sstevel@tonic-gate 	} else {
7137c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.present = NO;
7147c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_addrtype = 0;
7157c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
7167c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
7177c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_addrtype = 0;
7187c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
7197c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
7207c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
7217c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
7227c478bd9Sstevel@tonic-gate 	}
7237c478bd9Sstevel@tonic-gate 
7247c478bd9Sstevel@tonic-gate 	arg.input_token.GSS_BUFFER_T_len =
725b97d6ca7SMilan Jurik 	    (uint_t)(input_token != GSS_C_NO_BUFFER ? input_token->length : 0);
7267c478bd9Sstevel@tonic-gate 	arg.input_token.GSS_BUFFER_T_val =
727b97d6ca7SMilan Jurik 	    (char *)(input_token != GSS_C_NO_BUFFER ? input_token->value : 0);
7287c478bd9Sstevel@tonic-gate 
7297c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
7307c478bd9Sstevel@tonic-gate 
7317c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
7327c478bd9Sstevel@tonic-gate 	if (gss_init_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
7337c478bd9Sstevel@tonic-gate 
7347c478bd9Sstevel@tonic-gate 	/*
7357c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments, set
7367c478bd9Sstevel@tonic-gate 	 * minor_status to its maximum value, and return GSS_S_FAILURE
7377c478bd9Sstevel@tonic-gate 	 */
7387c478bd9Sstevel@tonic-gate 
7397c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
7407c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
7417c478bd9Sstevel@tonic-gate 		if (actual_mech_type != NULL)
7427c478bd9Sstevel@tonic-gate 			*actual_mech_type = NULL;
7437c478bd9Sstevel@tonic-gate 		if (output_token != NULL)
7447c478bd9Sstevel@tonic-gate 			output_token->length = 0;
7457c478bd9Sstevel@tonic-gate 		if (ret_flags != NULL)
7467c478bd9Sstevel@tonic-gate 			*ret_flags = 0;
7477c478bd9Sstevel@tonic-gate 		if (time_rec != NULL)
7487c478bd9Sstevel@tonic-gate 			*time_rec = 0;
7497c478bd9Sstevel@tonic-gate 
7507c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
7517c478bd9Sstevel@tonic-gate 		(void) gss_release_buffer(&minor_status_temp, &external_name);
7527c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_init_sec_context: RPC call times out\n");
7537c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
7547c478bd9Sstevel@tonic-gate 	}
7557c478bd9Sstevel@tonic-gate 
7567c478bd9Sstevel@tonic-gate 	/* free the allocated memory for the flattened name */
7577c478bd9Sstevel@tonic-gate 
7587c478bd9Sstevel@tonic-gate 	(void) gss_release_buffer(&minor_status_temp, &external_name);
7597c478bd9Sstevel@tonic-gate 
7607c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
7617c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
7627c478bd9Sstevel@tonic-gate 
763ba7b222eSGlenn Barry 	if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
764ba7b222eSGlenn Barry 		output_token->length =
765b97d6ca7SMilan Jurik 		    (size_t)res.output_token.GSS_BUFFER_T_len;
766ba7b222eSGlenn Barry 		output_token->value =
767b97d6ca7SMilan Jurik 		    (void *)MALLOC(output_token->length);
768ba7b222eSGlenn Barry 		(void) memcpy(output_token->value,
769d4f95bf4SRichard Lowe 		    res.output_token.GSS_BUFFER_T_val, output_token->length);
770ba7b222eSGlenn Barry 	}
771ba7b222eSGlenn Barry 
7727c478bd9Sstevel@tonic-gate 	/* if the call was successful, copy out the results */
7737c478bd9Sstevel@tonic-gate 	if (res.status == (OM_uint32) GSS_S_COMPLETE ||
774b97d6ca7SMilan Jurik 	    res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
7757c478bd9Sstevel@tonic-gate 		/*
7767c478bd9Sstevel@tonic-gate 		 * if the return code is GSS_S_CONTINUE_NEEDED
7777c478bd9Sstevel@tonic-gate 		 * ignore all return parameters except for
7787c478bd9Sstevel@tonic-gate 		 * status codes, output token and context handle.
7797c478bd9Sstevel@tonic-gate 		 */
7807c478bd9Sstevel@tonic-gate 		*context_handle =
781d4f95bf4SRichard Lowe 		    *((gssd_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
7827c478bd9Sstevel@tonic-gate 		*gssd_context_verifier = res.gssd_context_verifier;
7837c478bd9Sstevel@tonic-gate 
7847c478bd9Sstevel@tonic-gate 		if (res.status == GSS_S_COMPLETE) {
7857c478bd9Sstevel@tonic-gate 			if (actual_mech_type != NULL) {
7867c478bd9Sstevel@tonic-gate 				*actual_mech_type =
787b97d6ca7SMilan Jurik 				    (gss_OID) MALLOC(sizeof (gss_OID_desc));
7887c478bd9Sstevel@tonic-gate 				(*actual_mech_type)->length =
789d4f95bf4SRichard Lowe 				    (OM_UINT32)res.actual_mech_type.GSS_OID_len;
7907c478bd9Sstevel@tonic-gate 				(*actual_mech_type)->elements =
791d4f95bf4SRichard Lowe 				    (void *)MALLOC((*actual_mech_type)->length);
7927c478bd9Sstevel@tonic-gate 				(void) memcpy((*actual_mech_type)->elements,
793d4f95bf4SRichard Lowe 				    (void *)res.actual_mech_type.GSS_OID_val,
794b97d6ca7SMilan Jurik 				    (*actual_mech_type)->length);
7957c478bd9Sstevel@tonic-gate 			}
7967c478bd9Sstevel@tonic-gate 
7977c478bd9Sstevel@tonic-gate 
7987c478bd9Sstevel@tonic-gate 			if (ret_flags != NULL)
7997c478bd9Sstevel@tonic-gate 				*ret_flags = res.ret_flags;
8007c478bd9Sstevel@tonic-gate 
8017c478bd9Sstevel@tonic-gate 			if (time_rec != NULL)
8027c478bd9Sstevel@tonic-gate 				*time_rec = res.time_rec;
8037c478bd9Sstevel@tonic-gate 		}
8047c478bd9Sstevel@tonic-gate 	}
8057c478bd9Sstevel@tonic-gate 
8067c478bd9Sstevel@tonic-gate 	/*
8077c478bd9Sstevel@tonic-gate 	 * free the memory allocated for the results and return with the status
8087c478bd9Sstevel@tonic-gate 	 * received in the rpc call
8097c478bd9Sstevel@tonic-gate 	 */
8107c478bd9Sstevel@tonic-gate 
8117c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_init_sec_context_res, (caddr_t)&res);
8127c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
8137c478bd9Sstevel@tonic-gate 	return (res.status);
8147c478bd9Sstevel@tonic-gate 
8157c478bd9Sstevel@tonic-gate }
8167c478bd9Sstevel@tonic-gate 
8177c478bd9Sstevel@tonic-gate static struct gss_config default_gc = {
8187c478bd9Sstevel@tonic-gate 	{ 0, NULL},
8197c478bd9Sstevel@tonic-gate 	NULL,
8207c478bd9Sstevel@tonic-gate 	NULL,
8217c478bd9Sstevel@tonic-gate 	0,
8227c478bd9Sstevel@tonic-gate 	kgss_unseal_wrapped,
8237c478bd9Sstevel@tonic-gate 	NULL,		/* kgss_delete_sec_context_wrapped */
8247c478bd9Sstevel@tonic-gate 	kgss_seal_wrapped,
8257c478bd9Sstevel@tonic-gate 	NULL,		/* kgss_import_sec_context */
8267c478bd9Sstevel@tonic-gate 	kgss_sign_wrapped,
8277c478bd9Sstevel@tonic-gate 	kgss_verify_wrapped
8287c478bd9Sstevel@tonic-gate };
8297c478bd9Sstevel@tonic-gate 
8307c478bd9Sstevel@tonic-gate void
kgss_free_oid(gss_OID oid)8317c478bd9Sstevel@tonic-gate kgss_free_oid(gss_OID oid)
8327c478bd9Sstevel@tonic-gate {
8337c478bd9Sstevel@tonic-gate 	FREE(oid->elements, oid->length);
8347c478bd9Sstevel@tonic-gate 	FREE(oid, sizeof (gss_OID_desc));
8357c478bd9Sstevel@tonic-gate }
8367c478bd9Sstevel@tonic-gate 
8377c478bd9Sstevel@tonic-gate OM_uint32
kgss_init_sec_context(OM_uint32 * minor_status,const gss_cred_id_t claimant_cred_handle,gss_ctx_id_t * context_handle,const gss_name_t target_name,const gss_OID mech_type,int req_flags,OM_uint32 time_req,const gss_channel_bindings_t input_chan_bindings,const gss_buffer_t input_token,gss_OID * actual_mech_type,gss_buffer_t output_token,int * ret_flags,OM_uint32 * time_rec,uid_t uid)8387c478bd9Sstevel@tonic-gate kgss_init_sec_context(
8397c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status,
8407c478bd9Sstevel@tonic-gate 	const gss_cred_id_t claimant_cred_handle,
8417c478bd9Sstevel@tonic-gate 	gss_ctx_id_t *context_handle,
8427c478bd9Sstevel@tonic-gate 	const gss_name_t target_name,
8437c478bd9Sstevel@tonic-gate 	const gss_OID mech_type,
8447c478bd9Sstevel@tonic-gate 	int req_flags,
8457c478bd9Sstevel@tonic-gate 	OM_uint32 time_req,
8467c478bd9Sstevel@tonic-gate 	const gss_channel_bindings_t input_chan_bindings,
8477c478bd9Sstevel@tonic-gate 	const gss_buffer_t input_token,
8487c478bd9Sstevel@tonic-gate 	gss_OID *actual_mech_type,
8497c478bd9Sstevel@tonic-gate 	gss_buffer_t output_token,
8507c478bd9Sstevel@tonic-gate 	int *ret_flags,
8517c478bd9Sstevel@tonic-gate 	OM_uint32 *time_rec,
8527c478bd9Sstevel@tonic-gate 	uid_t uid)
8537c478bd9Sstevel@tonic-gate {
8547c478bd9Sstevel@tonic-gate 	OM_uint32	err;
8557c478bd9Sstevel@tonic-gate 	struct kgss_ctx	*kctx;
8567c478bd9Sstevel@tonic-gate 	gss_OID	amt;
8577c478bd9Sstevel@tonic-gate 	gssd_cred_id_t gssd_cl_cred_handle;
8587c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_verifier;
8597c478bd9Sstevel@tonic-gate 
8607c478bd9Sstevel@tonic-gate 	/*
8617c478bd9Sstevel@tonic-gate 	 * If this is an initial call, we'll need to create the
8627c478bd9Sstevel@tonic-gate 	 * wrapper struct that contains kernel state information, and
8637c478bd9Sstevel@tonic-gate 	 * a reference to the handle from gssd.
8647c478bd9Sstevel@tonic-gate 	 */
8657c478bd9Sstevel@tonic-gate 	if (*context_handle == GSS_C_NO_CONTEXT) {
8667c478bd9Sstevel@tonic-gate 		kctx = KGSS_ALLOC();
8677c478bd9Sstevel@tonic-gate 		/*
8687c478bd9Sstevel@tonic-gate 		 * The default gss-mechanism struct as pointers to
8697c478bd9Sstevel@tonic-gate 		 * the sign/seal/verify/unseal routines that make
8707c478bd9Sstevel@tonic-gate 		 * upcalls to gssd.
8717c478bd9Sstevel@tonic-gate 		 */
8727c478bd9Sstevel@tonic-gate 		kctx->mech = &default_gc;
873d4f95bf4SRichard Lowe 		kctx->gssd_ctx = GSSD_NO_CONTEXT;
8747c478bd9Sstevel@tonic-gate 		*context_handle = (gss_ctx_id_t)kctx;
8757c478bd9Sstevel@tonic-gate 	} else
8767c478bd9Sstevel@tonic-gate 		kctx = (struct kgss_ctx *)*context_handle;
8777c478bd9Sstevel@tonic-gate 
8787c478bd9Sstevel@tonic-gate 	if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) {
8797c478bd9Sstevel@tonic-gate 		gssd_cred_verifier = KCRED_TO_CREDV(claimant_cred_handle);
8807c478bd9Sstevel@tonic-gate 		gssd_cl_cred_handle = KCRED_TO_CRED(claimant_cred_handle);
881d4f95bf4SRichard Lowe 	} else {
882d4f95bf4SRichard Lowe 		gssd_cl_cred_handle = GSSD_NO_CREDENTIAL;
883d4f95bf4SRichard Lowe 	}
8847c478bd9Sstevel@tonic-gate 
8857c478bd9Sstevel@tonic-gate 	/*
8867c478bd9Sstevel@tonic-gate 	 * We need to know the resulting mechanism oid, so allocate
8877c478bd9Sstevel@tonic-gate 	 * it if the caller won't.
8887c478bd9Sstevel@tonic-gate 	 */
8897c478bd9Sstevel@tonic-gate 	if (actual_mech_type == NULL)
8907c478bd9Sstevel@tonic-gate 		actual_mech_type = &amt;
8917c478bd9Sstevel@tonic-gate 
8927c478bd9Sstevel@tonic-gate 	err = kgss_init_sec_context_wrapped(minor_status, gssd_cl_cred_handle,
893b97d6ca7SMilan Jurik 	    gssd_cred_verifier, &kctx->gssd_ctx, &kctx->gssd_ctx_verifier,
894b97d6ca7SMilan Jurik 	    target_name, mech_type, req_flags, time_req,
895b97d6ca7SMilan Jurik 	    input_chan_bindings, input_token, actual_mech_type,
896b97d6ca7SMilan Jurik 	    output_token, ret_flags, time_rec, uid);
8977c478bd9Sstevel@tonic-gate 
8987c478bd9Sstevel@tonic-gate 	if (GSS_ERROR(err)) {
8997c478bd9Sstevel@tonic-gate 		KGSS_FREE(kctx);
9007c478bd9Sstevel@tonic-gate 		*context_handle = GSS_C_NO_CONTEXT;
9017c478bd9Sstevel@tonic-gate 	} else if (err == GSS_S_COMPLETE) {
9027c478bd9Sstevel@tonic-gate 		/*
9037c478bd9Sstevel@tonic-gate 		 * Now check if there is a kernel module for this
9047c478bd9Sstevel@tonic-gate 		 * mechanism OID. If so, set the gss_mechanism structure
9057c478bd9Sstevel@tonic-gate 		 * in the wrapper context to point to the kernel mech.
9067c478bd9Sstevel@tonic-gate 		 */
9077c478bd9Sstevel@tonic-gate 		__kgss_reset_mech(&kctx->mech, *actual_mech_type);
9087c478bd9Sstevel@tonic-gate 
9097c478bd9Sstevel@tonic-gate 		/*
9107c478bd9Sstevel@tonic-gate 		 * If the mech oid was allocated for us, free it.
9117c478bd9Sstevel@tonic-gate 		 */
9127c478bd9Sstevel@tonic-gate 		if (&amt == actual_mech_type) {
9137c478bd9Sstevel@tonic-gate 			kgss_free_oid(amt);
9147c478bd9Sstevel@tonic-gate 		}
9157c478bd9Sstevel@tonic-gate 	}
9167c478bd9Sstevel@tonic-gate 	return (err);
9177c478bd9Sstevel@tonic-gate }
9187c478bd9Sstevel@tonic-gate 
9197c478bd9Sstevel@tonic-gate static OM_uint32
kgss_accept_sec_context_wrapped(OM_uint32 * minor_status,gssd_ctx_id_t * context_handle,OM_uint32 * gssd_context_verifier,const gssd_cred_id_t verifier_cred_handle,OM_uint32 gssd_cred_verifier,const gss_buffer_t input_token,const gss_channel_bindings_t input_chan_bindings,gss_buffer_t src_name,gss_OID * mech_type,gss_buffer_t output_token,int * ret_flags,OM_uint32 * time_rec,gss_cred_id_t * delegated_cred_handle,uid_t uid)9207c478bd9Sstevel@tonic-gate kgss_accept_sec_context_wrapped(
9217c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status,
9227c478bd9Sstevel@tonic-gate 	gssd_ctx_id_t *context_handle,
9237c478bd9Sstevel@tonic-gate 	OM_uint32 *gssd_context_verifier,
9247c478bd9Sstevel@tonic-gate 	const gssd_cred_id_t verifier_cred_handle,
9257c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_verifier,
9267c478bd9Sstevel@tonic-gate 	const gss_buffer_t input_token,
9277c478bd9Sstevel@tonic-gate 	const gss_channel_bindings_t input_chan_bindings,
9287c478bd9Sstevel@tonic-gate 	gss_buffer_t src_name,
9297c478bd9Sstevel@tonic-gate 	gss_OID *mech_type,
9307c478bd9Sstevel@tonic-gate 	gss_buffer_t output_token,
9317c478bd9Sstevel@tonic-gate 	int *ret_flags,
9327c478bd9Sstevel@tonic-gate 	OM_uint32 *time_rec,
9337c478bd9Sstevel@tonic-gate 	gss_cred_id_t *delegated_cred_handle,
9347c478bd9Sstevel@tonic-gate 	uid_t uid)
9357c478bd9Sstevel@tonic-gate {
9367c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
9377c478bd9Sstevel@tonic-gate 
9387c478bd9Sstevel@tonic-gate 	gss_accept_sec_context_arg arg;
9397c478bd9Sstevel@tonic-gate 	gss_accept_sec_context_res res;
9407c478bd9Sstevel@tonic-gate 	struct kgss_cred *kcred;
9417c478bd9Sstevel@tonic-gate 
9427c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
9437c478bd9Sstevel@tonic-gate 
9447c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
9457c478bd9Sstevel@tonic-gate 		GSSLOG(1,
946b97d6ca7SMilan Jurik 		    "kgss_accept_sec_context: can't connect to server on %s\n",
947b97d6ca7SMilan Jurik 		    server);
9487c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
9497c478bd9Sstevel@tonic-gate 	}
9507c478bd9Sstevel@tonic-gate 
9517c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
9527c478bd9Sstevel@tonic-gate 
9537c478bd9Sstevel@tonic-gate 	arg.uid = (OM_uint32)uid;
9547c478bd9Sstevel@tonic-gate 
9557c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len =
956d4f95bf4SRichard Lowe 	    *context_handle == GSSD_NO_CONTEXT ?
957b97d6ca7SMilan Jurik 	    0 : (uint_t)sizeof (gssd_ctx_id_t);
9587c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val =  (char *)context_handle;
9597c478bd9Sstevel@tonic-gate 	arg.gssd_context_verifier = *gssd_context_verifier;
9607c478bd9Sstevel@tonic-gate 
9617c478bd9Sstevel@tonic-gate 	arg.verifier_cred_handle.GSS_CRED_ID_T_len =
962d4f95bf4SRichard Lowe 	    verifier_cred_handle == GSSD_NO_CREDENTIAL ?
963b97d6ca7SMilan Jurik 	    0 : (uint_t)sizeof (gssd_cred_id_t);
9647c478bd9Sstevel@tonic-gate 	arg.verifier_cred_handle.GSS_CRED_ID_T_val =
965b97d6ca7SMilan Jurik 	    (char *)&verifier_cred_handle;
9667c478bd9Sstevel@tonic-gate 	arg.gssd_cred_verifier = gssd_cred_verifier;
9677c478bd9Sstevel@tonic-gate 
9687c478bd9Sstevel@tonic-gate 	arg.input_token_buffer.GSS_BUFFER_T_len =
969d4f95bf4SRichard Lowe 	    (uint_t)(input_token != GSS_C_NO_BUFFER ? input_token->length : 0);
9707c478bd9Sstevel@tonic-gate 	arg.input_token_buffer.GSS_BUFFER_T_val =
971d4f95bf4SRichard Lowe 	    (char *)(input_token != GSS_C_NO_BUFFER ? input_token->value : 0);
9727c478bd9Sstevel@tonic-gate 
9737c478bd9Sstevel@tonic-gate 	if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
9747c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.present = YES;
9757c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_addrtype =
976b97d6ca7SMilan Jurik 		    input_chan_bindings->initiator_addrtype;
9777c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len =
978b97d6ca7SMilan Jurik 		    (uint_t)input_chan_bindings->initiator_address.length;
9797c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val =
980b97d6ca7SMilan Jurik 		    (void *)input_chan_bindings->initiator_address.value;
9817c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_addrtype =
982b97d6ca7SMilan Jurik 		    input_chan_bindings->acceptor_addrtype;
9837c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len =
984b97d6ca7SMilan Jurik 		    (uint_t)input_chan_bindings->acceptor_address.length;
9857c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val =
986b97d6ca7SMilan Jurik 		    (void *)input_chan_bindings->acceptor_address.value;
9877c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.application_data.GSS_BUFFER_T_len =
988b97d6ca7SMilan Jurik 		    (uint_t)input_chan_bindings->application_data.length;
9897c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.application_data.GSS_BUFFER_T_val =
990b97d6ca7SMilan Jurik 		    (void *)input_chan_bindings->application_data.value;
9917c478bd9Sstevel@tonic-gate 	} else {
9927c478bd9Sstevel@tonic-gate 
9937c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.present = NO;
9947c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_addrtype = 0;
9957c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
9967c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
9977c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_addrtype = 0;
9987c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
9997c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
10007c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
10017c478bd9Sstevel@tonic-gate 		arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
10027c478bd9Sstevel@tonic-gate 	}
10037c478bd9Sstevel@tonic-gate 
10047c478bd9Sstevel@tonic-gate 	/* set the return parameters in case of errors.... */
10057c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
10067c478bd9Sstevel@tonic-gate 		*minor_status = DEFAULT_MINOR_STAT;
10077c478bd9Sstevel@tonic-gate 	if (src_name != NULL) {
10087c478bd9Sstevel@tonic-gate 		src_name->length = 0;
10097c478bd9Sstevel@tonic-gate 		src_name->value = NULL;
10107c478bd9Sstevel@tonic-gate 	}
10117c478bd9Sstevel@tonic-gate 	if (mech_type != NULL)
10127c478bd9Sstevel@tonic-gate 		*mech_type = NULL;
10137c478bd9Sstevel@tonic-gate 	if (output_token != NULL)
10147c478bd9Sstevel@tonic-gate 		output_token->length = 0;
10157c478bd9Sstevel@tonic-gate 	if (ret_flags != NULL)
10167c478bd9Sstevel@tonic-gate 		*ret_flags = 0;
10177c478bd9Sstevel@tonic-gate 	if (time_rec != NULL)
10187c478bd9Sstevel@tonic-gate 		*time_rec = 0;
10197c478bd9Sstevel@tonic-gate 	if (delegated_cred_handle != NULL)
10207c478bd9Sstevel@tonic-gate 		*delegated_cred_handle = NULL;
10217c478bd9Sstevel@tonic-gate 
10227c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
10237c478bd9Sstevel@tonic-gate 
10247c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
10257c478bd9Sstevel@tonic-gate 	if (gss_accept_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
10267c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
10277c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_accept_sec_context: RPC call times out\n");
10287c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
10297c478bd9Sstevel@tonic-gate 	}
10307c478bd9Sstevel@tonic-gate 
1031ba7b222eSGlenn Barry 	if (minor_status != NULL)
1032ba7b222eSGlenn Barry 		*minor_status = res.minor_status;
1033ba7b222eSGlenn Barry 
1034ba7b222eSGlenn Barry 	if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
1035d4f95bf4SRichard Lowe 		output_token->length = res.output_token.GSS_BUFFER_T_len;
1036d4f95bf4SRichard Lowe 		output_token->value = (void *)MALLOC(output_token->length);
1037ba7b222eSGlenn Barry 		(void) memcpy(output_token->value,
1038d4f95bf4SRichard Lowe 		    res.output_token.GSS_BUFFER_T_val, output_token->length);
1039ba7b222eSGlenn Barry 	}
1040ba7b222eSGlenn Barry 
10417c478bd9Sstevel@tonic-gate 	/* if the call was successful, copy out the results */
10427c478bd9Sstevel@tonic-gate 
1043d4f95bf4SRichard Lowe 	if (res.status == (OM_uint32)GSS_S_COMPLETE ||
1044d4f95bf4SRichard Lowe 	    res.status == (OM_uint32)GSS_S_CONTINUE_NEEDED) {
10457c478bd9Sstevel@tonic-gate 
10467c478bd9Sstevel@tonic-gate 		/*
10477c478bd9Sstevel@tonic-gate 		 * the only parameters that are ready when we
10487c478bd9Sstevel@tonic-gate 		 * get GSS_S_CONTINUE_NEEDED are: minor, ctxt_handle,
10497c478bd9Sstevel@tonic-gate 		 * and the output token to send to the peer.
10507c478bd9Sstevel@tonic-gate 		 */
10517c478bd9Sstevel@tonic-gate 
10527c478bd9Sstevel@tonic-gate 		*context_handle = *((gssd_ctx_id_t *)
1053b97d6ca7SMilan Jurik 		    res.context_handle.GSS_CTX_ID_T_val);
1054b97d6ca7SMilan Jurik 		*gssd_context_verifier = res.gssd_context_verifier;
10557c478bd9Sstevel@tonic-gate 
10567c478bd9Sstevel@tonic-gate 		/* these other parameters are only ready upon GSS_S_COMPLETE */
1057d4f95bf4SRichard Lowe 		if (res.status == (OM_uint32)GSS_S_COMPLETE) {
10587c478bd9Sstevel@tonic-gate 
10597c478bd9Sstevel@tonic-gate 			if (src_name != NULL) {
1060b97d6ca7SMilan Jurik 				src_name->length =
1061b97d6ca7SMilan Jurik 				    res.src_name.GSS_BUFFER_T_len;
1062b97d6ca7SMilan Jurik 				src_name->value = res.src_name.GSS_BUFFER_T_val;
1063b97d6ca7SMilan Jurik 				res.src_name.GSS_BUFFER_T_val = NULL;
1064b97d6ca7SMilan Jurik 				res.src_name.GSS_BUFFER_T_len = 0;
10657c478bd9Sstevel@tonic-gate 			}
10667c478bd9Sstevel@tonic-gate 
10677c478bd9Sstevel@tonic-gate 			/*
10687c478bd9Sstevel@tonic-gate 			 * move mech type returned to mech_type
10697c478bd9Sstevel@tonic-gate 			 * for gss_import_name_for_mech()
10707c478bd9Sstevel@tonic-gate 			 */
10717c478bd9Sstevel@tonic-gate 			if (mech_type != NULL) {
1072d4f95bf4SRichard Lowe 				*mech_type =
1073d4f95bf4SRichard Lowe 				    (gss_OID)MALLOC(sizeof (gss_OID_desc));
10747c478bd9Sstevel@tonic-gate 				(*mech_type)->length =
1075d4f95bf4SRichard Lowe 				    (OM_UINT32)res.mech_type.GSS_OID_len;
10767c478bd9Sstevel@tonic-gate 				(*mech_type)->elements =
1077d4f95bf4SRichard Lowe 				    (void *)MALLOC((*mech_type)->length);
10787c478bd9Sstevel@tonic-gate 				(void) memcpy((*mech_type)->elements,
1079b97d6ca7SMilan Jurik 				    res.mech_type.GSS_OID_val,
1080b97d6ca7SMilan Jurik 				    (*mech_type)->length);
10817c478bd9Sstevel@tonic-gate 			}
10827c478bd9Sstevel@tonic-gate 
10837c478bd9Sstevel@tonic-gate 			if (ret_flags != NULL)
10847c478bd9Sstevel@tonic-gate 				*ret_flags = res.ret_flags;
10857c478bd9Sstevel@tonic-gate 
10867c478bd9Sstevel@tonic-gate 			if (time_rec != NULL)
10877c478bd9Sstevel@tonic-gate 				*time_rec = res.time_rec;
10887c478bd9Sstevel@tonic-gate 
10897c478bd9Sstevel@tonic-gate 			if ((delegated_cred_handle != NULL) &&
1090b97d6ca7SMilan Jurik 			    (res.delegated_cred_handle.GSS_CRED_ID_T_len
1091b97d6ca7SMilan Jurik 			    != 0)) {
10927c478bd9Sstevel@tonic-gate 				kcred = KGSS_CRED_ALLOC();
1093d4f95bf4SRichard Lowe 				kcred->gssd_cred =
1094d4f95bf4SRichard Lowe 				    *((gssd_cred_id_t *)
1095d4f95bf4SRichard Lowe 				    res.delegated_cred_handle.GSS_CRED_ID_T_val);
10967c478bd9Sstevel@tonic-gate 				kcred->gssd_cred_verifier =
1097b97d6ca7SMilan Jurik 				    res.gssd_context_verifier;
10987c478bd9Sstevel@tonic-gate 				*delegated_cred_handle = (gss_cred_id_t)kcred;
10997c478bd9Sstevel@tonic-gate 			}
11007c478bd9Sstevel@tonic-gate 
11017c478bd9Sstevel@tonic-gate 		}
11027c478bd9Sstevel@tonic-gate 	}
11037c478bd9Sstevel@tonic-gate 
11047c478bd9Sstevel@tonic-gate 
11057c478bd9Sstevel@tonic-gate 	/*
11067c478bd9Sstevel@tonic-gate 	 * free the memory allocated for the results and return with the status
11077c478bd9Sstevel@tonic-gate 	 * received in the rpc call
11087c478bd9Sstevel@tonic-gate 	 */
11097c478bd9Sstevel@tonic-gate 
11107c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_accept_sec_context_res, (caddr_t)&res);
11117c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
11127c478bd9Sstevel@tonic-gate 	return (res.status);
11137c478bd9Sstevel@tonic-gate 
11147c478bd9Sstevel@tonic-gate }
11157c478bd9Sstevel@tonic-gate 
11167c478bd9Sstevel@tonic-gate OM_uint32
kgss_accept_sec_context(OM_uint32 * minor_status,gss_ctx_id_t * context_handle,const gss_cred_id_t verifier_cred_handle,const gss_buffer_t input_token,const gss_channel_bindings_t input_chan_bindings,gss_buffer_t src_name,gss_OID * mech_type,gss_buffer_t output_token,int * ret_flags,OM_uint32 * time_rec,gss_cred_id_t * delegated_cred_handle,uid_t uid)11177c478bd9Sstevel@tonic-gate kgss_accept_sec_context(
11187c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status,
11197c478bd9Sstevel@tonic-gate 	gss_ctx_id_t *context_handle,
11207c478bd9Sstevel@tonic-gate 	const gss_cred_id_t verifier_cred_handle,
11217c478bd9Sstevel@tonic-gate 	const gss_buffer_t input_token,
11227c478bd9Sstevel@tonic-gate 	const gss_channel_bindings_t input_chan_bindings,
11237c478bd9Sstevel@tonic-gate 	gss_buffer_t src_name,
11247c478bd9Sstevel@tonic-gate 	gss_OID *mech_type,
11257c478bd9Sstevel@tonic-gate 	gss_buffer_t output_token,
11267c478bd9Sstevel@tonic-gate 	int *ret_flags,
11277c478bd9Sstevel@tonic-gate 	OM_uint32 *time_rec,
11287c478bd9Sstevel@tonic-gate 	gss_cred_id_t *delegated_cred_handle,
11297c478bd9Sstevel@tonic-gate 	uid_t uid)
11307c478bd9Sstevel@tonic-gate {
11317c478bd9Sstevel@tonic-gate 	OM_uint32 err;
11327c478bd9Sstevel@tonic-gate 	struct kgss_ctx	*kctx;
11337c478bd9Sstevel@tonic-gate 	gss_OID mt;
11347c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_verifier;
11357c478bd9Sstevel@tonic-gate 	gssd_cred_id_t gssd_ver_cred_handle;
11367c478bd9Sstevel@tonic-gate 
11377c478bd9Sstevel@tonic-gate 
11387c478bd9Sstevel@tonic-gate 	/*
11397c478bd9Sstevel@tonic-gate 	 * See kgss_init_sec_context() to get an idea of what is going
11407c478bd9Sstevel@tonic-gate 	 * on here.
11417c478bd9Sstevel@tonic-gate 	 */
11427c478bd9Sstevel@tonic-gate 	if (mech_type == NULL)
11437c478bd9Sstevel@tonic-gate 		mech_type = &mt;
11447c478bd9Sstevel@tonic-gate 
11457c478bd9Sstevel@tonic-gate 	if (*context_handle == GSS_C_NO_CONTEXT) {
11467c478bd9Sstevel@tonic-gate 		kctx = KGSS_ALLOC();
11477c478bd9Sstevel@tonic-gate 		kctx->mech = &default_gc;
1148d4f95bf4SRichard Lowe 		kctx->gssd_ctx = GSSD_NO_CONTEXT;
11497c478bd9Sstevel@tonic-gate 		*context_handle = (gss_ctx_id_t)kctx;
11507c478bd9Sstevel@tonic-gate 	} else
11517c478bd9Sstevel@tonic-gate 		kctx = (struct kgss_ctx *)*context_handle;
11527c478bd9Sstevel@tonic-gate 
11537c478bd9Sstevel@tonic-gate 	if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) {
11547c478bd9Sstevel@tonic-gate 		gssd_cred_verifier = KCRED_TO_CREDV(verifier_cred_handle);
11557c478bd9Sstevel@tonic-gate 		gssd_ver_cred_handle = KCRED_TO_CRED(verifier_cred_handle);
1156d4f95bf4SRichard Lowe 	} else {
1157d4f95bf4SRichard Lowe 		gssd_ver_cred_handle = GSSD_NO_CREDENTIAL;
1158d4f95bf4SRichard Lowe 	}
11597c478bd9Sstevel@tonic-gate 
11607c478bd9Sstevel@tonic-gate 	err = kgss_accept_sec_context_wrapped(minor_status,
1161b97d6ca7SMilan Jurik 	    &kctx->gssd_ctx, &kctx->gssd_ctx_verifier,
1162b97d6ca7SMilan Jurik 	    gssd_ver_cred_handle, gssd_cred_verifier,
1163b97d6ca7SMilan Jurik 	    input_token, input_chan_bindings, src_name,
1164b97d6ca7SMilan Jurik 	    mech_type, output_token, ret_flags,
1165b97d6ca7SMilan Jurik 	    time_rec, delegated_cred_handle, uid);
11667c478bd9Sstevel@tonic-gate 
11677c478bd9Sstevel@tonic-gate 	if (GSS_ERROR(err)) {
11687c478bd9Sstevel@tonic-gate 		KGSS_FREE(kctx);
11697c478bd9Sstevel@tonic-gate 		*context_handle = GSS_C_NO_CONTEXT;
11707c478bd9Sstevel@tonic-gate 
11717c478bd9Sstevel@tonic-gate 	} else if (err == GSS_S_COMPLETE) {
11727c478bd9Sstevel@tonic-gate 		__kgss_reset_mech(&kctx->mech, *mech_type);
11737c478bd9Sstevel@tonic-gate 
11747c478bd9Sstevel@tonic-gate 		/*
11757c478bd9Sstevel@tonic-gate 		 * If the mech oid was allocated for us, free it.
11767c478bd9Sstevel@tonic-gate 		 */
11777c478bd9Sstevel@tonic-gate 		if (&mt == mech_type) {
11787c478bd9Sstevel@tonic-gate 			kgss_free_oid(mt);
11797c478bd9Sstevel@tonic-gate 		}
11807c478bd9Sstevel@tonic-gate 	}
11817c478bd9Sstevel@tonic-gate 
11827c478bd9Sstevel@tonic-gate 	return (err);
11837c478bd9Sstevel@tonic-gate }
11847c478bd9Sstevel@tonic-gate 
11857c478bd9Sstevel@tonic-gate OM_uint32
kgss_process_context_token(minor_status,context_handle,token_buffer,uid)11867c478bd9Sstevel@tonic-gate kgss_process_context_token(minor_status,
11877c478bd9Sstevel@tonic-gate 				context_handle,
11887c478bd9Sstevel@tonic-gate 				token_buffer,
11897c478bd9Sstevel@tonic-gate 				uid)
11907c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
11917c478bd9Sstevel@tonic-gate 	const gss_ctx_id_t context_handle;
11927c478bd9Sstevel@tonic-gate 	gss_buffer_t token_buffer;
11937c478bd9Sstevel@tonic-gate 	uid_t uid;
11947c478bd9Sstevel@tonic-gate {
11957c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
11967c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_context_verifier;
11977c478bd9Sstevel@tonic-gate 	gssd_ctx_id_t gssd_ctx_handle;
11987c478bd9Sstevel@tonic-gate 	gss_process_context_token_arg arg;
11997c478bd9Sstevel@tonic-gate 	gss_process_context_token_res res;
12007c478bd9Sstevel@tonic-gate 
12017c478bd9Sstevel@tonic-gate 	gssd_context_verifier = KGSS_CTX_TO_GSSD_CTXV(context_handle);
12027c478bd9Sstevel@tonic-gate 	gssd_ctx_handle = (gssd_ctx_id_t)KGSS_CTX_TO_GSSD_CTX(context_handle);
12037c478bd9Sstevel@tonic-gate 
12047c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
12057c478bd9Sstevel@tonic-gate 
12067c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
12077c478bd9Sstevel@tonic-gate 		GSSLOG(1,
12087c478bd9Sstevel@tonic-gate 		"kgss_process_context_token: can't connect to server on %s\n",
12097c478bd9Sstevel@tonic-gate 		server);
12107c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
12117c478bd9Sstevel@tonic-gate 	}
12127c478bd9Sstevel@tonic-gate 
12137c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
12147c478bd9Sstevel@tonic-gate 
12157c478bd9Sstevel@tonic-gate 	arg.uid = (OM_uint32) uid;
12167c478bd9Sstevel@tonic-gate 
12177c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
12187c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val = (char *)&gssd_ctx_handle;
12197c478bd9Sstevel@tonic-gate 	arg.gssd_context_verifier = gssd_context_verifier;
12207c478bd9Sstevel@tonic-gate 	arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer->length;
12217c478bd9Sstevel@tonic-gate 	arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
12227c478bd9Sstevel@tonic-gate 
12237c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
12247c478bd9Sstevel@tonic-gate 
12257c478bd9Sstevel@tonic-gate 	bzero(&res, sizeof (res));
12267c478bd9Sstevel@tonic-gate 
12277c478bd9Sstevel@tonic-gate 	if (gss_process_context_token_1(&arg, &res, clnt) != RPC_SUCCESS) {
12287c478bd9Sstevel@tonic-gate 
12297c478bd9Sstevel@tonic-gate 	/*
12307c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments, set
12317c478bd9Sstevel@tonic-gate 	 * minor_status to its maximum value, and return GSS_S_FAILURE
12327c478bd9Sstevel@tonic-gate 	 */
12337c478bd9Sstevel@tonic-gate 
12347c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
12357c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
12367c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_process_context_token: RPC call times out\n");
12377c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
12387c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
12397c478bd9Sstevel@tonic-gate 	}
12407c478bd9Sstevel@tonic-gate 
12417c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
12427c478bd9Sstevel@tonic-gate 
12437c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
12447c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
12457c478bd9Sstevel@tonic-gate 
12467c478bd9Sstevel@tonic-gate 	/* return with status returned in rpc call */
12477c478bd9Sstevel@tonic-gate 
12487c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
12497c478bd9Sstevel@tonic-gate 	return (res.status);
12507c478bd9Sstevel@tonic-gate 
12517c478bd9Sstevel@tonic-gate }
12527c478bd9Sstevel@tonic-gate 
12537c478bd9Sstevel@tonic-gate /*ARGSUSED*/
12547c478bd9Sstevel@tonic-gate static OM_uint32
kgss_delete_sec_context_wrapped(void * private,OM_uint32 * minor_status,gssd_ctx_id_t * context_handle,gss_buffer_t output_token,OM_uint32 gssd_context_verifier)12557c478bd9Sstevel@tonic-gate kgss_delete_sec_context_wrapped(void *private,
12567c478bd9Sstevel@tonic-gate 			OM_uint32 *minor_status,
12577c478bd9Sstevel@tonic-gate 			gssd_ctx_id_t *context_handle,
12587c478bd9Sstevel@tonic-gate 			gss_buffer_t output_token,
12597c478bd9Sstevel@tonic-gate 			OM_uint32 gssd_context_verifier)
12607c478bd9Sstevel@tonic-gate 
12617c478bd9Sstevel@tonic-gate 
12627c478bd9Sstevel@tonic-gate {
12637c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
12647c478bd9Sstevel@tonic-gate 
12657c478bd9Sstevel@tonic-gate 	gss_delete_sec_context_arg arg;
12667c478bd9Sstevel@tonic-gate 	gss_delete_sec_context_res res;
12677c478bd9Sstevel@tonic-gate 
12687c478bd9Sstevel@tonic-gate 
12697c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
12707c478bd9Sstevel@tonic-gate 
12717c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
12727c478bd9Sstevel@tonic-gate 		GSSLOG(1,
12737c478bd9Sstevel@tonic-gate 		"kgss_delete_sec_context: can't connect to server on %s\n",
12747c478bd9Sstevel@tonic-gate 		server);
12757c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
12767c478bd9Sstevel@tonic-gate 	}
12777c478bd9Sstevel@tonic-gate 
12787c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
12797c478bd9Sstevel@tonic-gate 
12807c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len =
1281d4f95bf4SRichard Lowe 		*context_handle == GSSD_NO_CONTEXT ?
12827c478bd9Sstevel@tonic-gate 			0 : (uint_t)sizeof (gssd_ctx_id_t);
12837c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val =  (char *)context_handle;
12847c478bd9Sstevel@tonic-gate 
12857c478bd9Sstevel@tonic-gate 	arg.gssd_context_verifier = gssd_context_verifier;
12867c478bd9Sstevel@tonic-gate 
12877c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
12887c478bd9Sstevel@tonic-gate 
12897c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
12907c478bd9Sstevel@tonic-gate 	if (gss_delete_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
12917c478bd9Sstevel@tonic-gate 
12927c478bd9Sstevel@tonic-gate 	/*
12937c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments, set
12947c478bd9Sstevel@tonic-gate 	 * minor_status to its maximum value, and return GSS_S_FAILURE
12957c478bd9Sstevel@tonic-gate 	 */
12967c478bd9Sstevel@tonic-gate 
12977c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
12987c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
12997c478bd9Sstevel@tonic-gate 		if (context_handle != NULL)
1300*9c805345SToomas Soome 			*context_handle = 0;
13017c478bd9Sstevel@tonic-gate 		if (output_token != NULL)
13027c478bd9Sstevel@tonic-gate 			output_token->length = 0;
13037c478bd9Sstevel@tonic-gate 
13047c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
13057c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgssd_delete_sec_context: RPC call times out\n");
13067c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
13077c478bd9Sstevel@tonic-gate 	}
13087c478bd9Sstevel@tonic-gate 
13097c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
13107c478bd9Sstevel@tonic-gate 
13117c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
13127c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
13137c478bd9Sstevel@tonic-gate 
13147c478bd9Sstevel@tonic-gate 	if (res.context_handle.GSS_CTX_ID_T_len == 0)
1315*9c805345SToomas Soome 		*context_handle = 0;
13167c478bd9Sstevel@tonic-gate 	else
13177c478bd9Sstevel@tonic-gate 		*context_handle =
13187c478bd9Sstevel@tonic-gate 		    *((gssd_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
13197c478bd9Sstevel@tonic-gate 
13207c478bd9Sstevel@tonic-gate 	if (output_token != NULL) {
13217c478bd9Sstevel@tonic-gate 		output_token->length = res.output_token.GSS_BUFFER_T_len;
13227c478bd9Sstevel@tonic-gate 		output_token->value = res.output_token.GSS_BUFFER_T_val;
13237c478bd9Sstevel@tonic-gate 		res.output_token.GSS_BUFFER_T_len = 0;
13247c478bd9Sstevel@tonic-gate 		res.output_token.GSS_BUFFER_T_val = NULL;
13257c478bd9Sstevel@tonic-gate 	}
13267c478bd9Sstevel@tonic-gate 
13277c478bd9Sstevel@tonic-gate 	/*
13287c478bd9Sstevel@tonic-gate 	 * free the memory allocated for the results and return with the status
13297c478bd9Sstevel@tonic-gate 	 * received in the rpc call
13307c478bd9Sstevel@tonic-gate 	 */
13317c478bd9Sstevel@tonic-gate 
13327c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_delete_sec_context_res, (caddr_t)&res);
13337c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
13347c478bd9Sstevel@tonic-gate 	return (res.status);
13357c478bd9Sstevel@tonic-gate 
13367c478bd9Sstevel@tonic-gate }
13377c478bd9Sstevel@tonic-gate 
13387c478bd9Sstevel@tonic-gate OM_uint32
kgss_delete_sec_context(OM_uint32 * minor_status,gss_ctx_id_t * context_handle,gss_buffer_t output_token)13397c478bd9Sstevel@tonic-gate kgss_delete_sec_context(
13407c478bd9Sstevel@tonic-gate 		OM_uint32 *minor_status,
13417c478bd9Sstevel@tonic-gate 		gss_ctx_id_t *context_handle,
13427c478bd9Sstevel@tonic-gate 		gss_buffer_t output_token)
13437c478bd9Sstevel@tonic-gate {
13447c478bd9Sstevel@tonic-gate 	OM_uint32 err;
13457c478bd9Sstevel@tonic-gate 	struct kgss_ctx	*kctx;
13467c478bd9Sstevel@tonic-gate 
13477c478bd9Sstevel@tonic-gate 	if (*context_handle == GSS_C_NO_CONTEXT) {
13487c478bd9Sstevel@tonic-gate 		GSSLOG0(8, "kgss_delete_sec_context: Null context handle \n");
13497c478bd9Sstevel@tonic-gate 		return (GSS_S_COMPLETE);
13507c478bd9Sstevel@tonic-gate 	} else
13517c478bd9Sstevel@tonic-gate 		kctx = (struct kgss_ctx *)*context_handle;
13527c478bd9Sstevel@tonic-gate 
13537c478bd9Sstevel@tonic-gate 	if (kctx->ctx_imported == FALSE) {
1354d4f95bf4SRichard Lowe 		if (kctx->gssd_ctx == GSSD_NO_CONTEXT) {
13557c478bd9Sstevel@tonic-gate 			KGSS_FREE(kctx);
13567c478bd9Sstevel@tonic-gate 			*context_handle = GSS_C_NO_CONTEXT;
13577c478bd9Sstevel@tonic-gate 			return (GSS_S_COMPLETE);
13587c478bd9Sstevel@tonic-gate 		}
13597c478bd9Sstevel@tonic-gate 		err = kgss_delete_sec_context_wrapped(
1360b97d6ca7SMilan Jurik 		    KCTX_TO_PRIVATE(*context_handle),
1361b97d6ca7SMilan Jurik 		    minor_status,
1362b97d6ca7SMilan Jurik 		    &kctx->gssd_ctx,
1363b97d6ca7SMilan Jurik 		    output_token,
1364b97d6ca7SMilan Jurik 		    kctx->gssd_ctx_verifier);
13657c478bd9Sstevel@tonic-gate 	} else {
13667c478bd9Sstevel@tonic-gate 		if (kctx->gssd_i_ctx == (gss_ctx_id_t)GSS_C_NO_CONTEXT) {
13677c478bd9Sstevel@tonic-gate 			KGSS_FREE(kctx);
13687c478bd9Sstevel@tonic-gate 			*context_handle = GSS_C_NO_CONTEXT;
13697c478bd9Sstevel@tonic-gate 			return (GSS_S_COMPLETE);
13707c478bd9Sstevel@tonic-gate 		}
13717c478bd9Sstevel@tonic-gate 		err = KGSS_DELETE_SEC_CONTEXT(minor_status, kctx,
1372b97d6ca7SMilan Jurik 		    &kctx->gssd_i_ctx,  output_token);
13737c478bd9Sstevel@tonic-gate 	}
13747c478bd9Sstevel@tonic-gate 	KGSS_FREE(kctx);
13757c478bd9Sstevel@tonic-gate 	*context_handle = GSS_C_NO_CONTEXT;
13767c478bd9Sstevel@tonic-gate 	return (err);
13777c478bd9Sstevel@tonic-gate 
13787c478bd9Sstevel@tonic-gate }
13797c478bd9Sstevel@tonic-gate 
13807c478bd9Sstevel@tonic-gate 
13817c478bd9Sstevel@tonic-gate OM_uint32
kgss_export_sec_context_wrapped(minor_status,context_handle,output_token,gssd_context_verifier)13827c478bd9Sstevel@tonic-gate kgss_export_sec_context_wrapped(minor_status,
13837c478bd9Sstevel@tonic-gate 				context_handle,
13847c478bd9Sstevel@tonic-gate 				output_token,
13857c478bd9Sstevel@tonic-gate 				gssd_context_verifier)
13867c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
13877c478bd9Sstevel@tonic-gate 	gssd_ctx_id_t *context_handle;
13887c478bd9Sstevel@tonic-gate 	gss_buffer_t output_token;
13897c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_context_verifier;
13907c478bd9Sstevel@tonic-gate {
13917c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
13927c478bd9Sstevel@tonic-gate 	gss_export_sec_context_arg arg;
13937c478bd9Sstevel@tonic-gate 	gss_export_sec_context_res res;
13947c478bd9Sstevel@tonic-gate 
13957c478bd9Sstevel@tonic-gate 
13967c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
13977c478bd9Sstevel@tonic-gate 
13987c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
13997c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgss_export_sec_context_wrapped :"
14007c478bd9Sstevel@tonic-gate 			" can't connect to server on %s\n", server);
14017c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
14027c478bd9Sstevel@tonic-gate 	}
14037c478bd9Sstevel@tonic-gate 
14047c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
14057c478bd9Sstevel@tonic-gate 
14067c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
14077c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
14087c478bd9Sstevel@tonic-gate 	arg.gssd_context_verifier = gssd_context_verifier;
14097c478bd9Sstevel@tonic-gate 
14107c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
14117c478bd9Sstevel@tonic-gate 
14127c478bd9Sstevel@tonic-gate 	(void) memset(&res, 0, sizeof (res));
14137c478bd9Sstevel@tonic-gate 	if (gss_export_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
14147c478bd9Sstevel@tonic-gate 
14157c478bd9Sstevel@tonic-gate 	/*
14167c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments,
14177c478bd9Sstevel@tonic-gate 	 * set minor_status to its maximum value, and return
14187c478bd9Sstevel@tonic-gate 	 * GSS_S_FAILURE
14197c478bd9Sstevel@tonic-gate 	 */
14207c478bd9Sstevel@tonic-gate 
14217c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
14227c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
14237c478bd9Sstevel@tonic-gate 		if (context_handle != NULL)
1424*9c805345SToomas Soome 			*context_handle = 0;
14257c478bd9Sstevel@tonic-gate 		if (output_token != NULL)
14267c478bd9Sstevel@tonic-gate 			output_token->length = 0;
14277c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
14287c478bd9Sstevel@tonic-gate 		GSSLOG0(1,
14297c478bd9Sstevel@tonic-gate 		"kgss_export_sec_context_wrapped: RPC call times out\n");
14307c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
14317c478bd9Sstevel@tonic-gate 	}
14327c478bd9Sstevel@tonic-gate 
14337c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
14347c478bd9Sstevel@tonic-gate 
14357c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
14367c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
14377c478bd9Sstevel@tonic-gate 
14387c478bd9Sstevel@tonic-gate 	if (res.context_handle.GSS_CTX_ID_T_len == 0)
1439*9c805345SToomas Soome 		*context_handle = 0;
14407c478bd9Sstevel@tonic-gate 	else
14417c478bd9Sstevel@tonic-gate 		*context_handle =
14427c478bd9Sstevel@tonic-gate 		    *((gssd_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
14437c478bd9Sstevel@tonic-gate 
14447c478bd9Sstevel@tonic-gate 	if (output_token != NULL) {
14457c478bd9Sstevel@tonic-gate 		output_token->length = res.output_token.GSS_BUFFER_T_len;
14467c478bd9Sstevel@tonic-gate 		output_token->value =
14477c478bd9Sstevel@tonic-gate 			(void *)  MALLOC(output_token->length);
14487c478bd9Sstevel@tonic-gate 		(void) memcpy(output_token->value,
14497c478bd9Sstevel@tonic-gate 			res.output_token.GSS_BUFFER_T_val,
14507c478bd9Sstevel@tonic-gate 			output_token->length);
14517c478bd9Sstevel@tonic-gate 	}
14527c478bd9Sstevel@tonic-gate 
14537c478bd9Sstevel@tonic-gate 	/*
14547c478bd9Sstevel@tonic-gate 	 * free the memory allocated for the results and return with the status
14557c478bd9Sstevel@tonic-gate 	 * received in the rpc call
14567c478bd9Sstevel@tonic-gate 	 */
14577c478bd9Sstevel@tonic-gate 
14587c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_export_sec_context_res, (caddr_t)&res);
14597c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
14607c478bd9Sstevel@tonic-gate 	return (res.status);
14617c478bd9Sstevel@tonic-gate 
14627c478bd9Sstevel@tonic-gate }
14637c478bd9Sstevel@tonic-gate 
14647c478bd9Sstevel@tonic-gate OM_uint32
kgss_export_sec_context(minor_status,context_handle,output_token)14657c478bd9Sstevel@tonic-gate kgss_export_sec_context(minor_status,
14667c478bd9Sstevel@tonic-gate 			context_handle,
14677c478bd9Sstevel@tonic-gate 			output_token)
14687c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
14697c478bd9Sstevel@tonic-gate 	gss_ctx_id_t context_handle;
14707c478bd9Sstevel@tonic-gate 	gss_buffer_t output_token;
14717c478bd9Sstevel@tonic-gate {
14727c478bd9Sstevel@tonic-gate 	struct kgss_ctx	*kctx;
14737c478bd9Sstevel@tonic-gate 
14747c478bd9Sstevel@tonic-gate 	if (context_handle == GSS_C_NO_CONTEXT)
14757c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
14767c478bd9Sstevel@tonic-gate 	else
14777c478bd9Sstevel@tonic-gate 		kctx = (struct kgss_ctx *)context_handle;
14787c478bd9Sstevel@tonic-gate 
14797c478bd9Sstevel@tonic-gate 
14807c478bd9Sstevel@tonic-gate 
14817c478bd9Sstevel@tonic-gate 	/*
14827c478bd9Sstevel@tonic-gate 	 *  If there is a kernel module then import_sec context must be
14837c478bd9Sstevel@tonic-gate 	 *  supported and we make an upcall to export_sec_context.
14847c478bd9Sstevel@tonic-gate 	 *  If there is no kernel module then we return an error
14857c478bd9Sstevel@tonic-gate 	 */
14867c478bd9Sstevel@tonic-gate 
14877c478bd9Sstevel@tonic-gate 	*minor_status = 0;
14887c478bd9Sstevel@tonic-gate 
14897c478bd9Sstevel@tonic-gate 	if (kctx->mech->gss_import_sec_context) {
14907c478bd9Sstevel@tonic-gate 		GSSLOG0(8, "kgss_export_sec_context: Kernel mod available \n");
14917c478bd9Sstevel@tonic-gate 		return (kgss_export_sec_context_wrapped(minor_status,
14927c478bd9Sstevel@tonic-gate 						&kctx->gssd_ctx,
14937c478bd9Sstevel@tonic-gate 						output_token,
14947c478bd9Sstevel@tonic-gate 						kctx->gssd_ctx_verifier));
14957c478bd9Sstevel@tonic-gate 
14967c478bd9Sstevel@tonic-gate 	} else {
14977c478bd9Sstevel@tonic-gate 
14987c478bd9Sstevel@tonic-gate 		/*
14997c478bd9Sstevel@tonic-gate 		 * This is not the right error value; instead of
15007c478bd9Sstevel@tonic-gate 		 * inventing  new error we return GSS_S_NAME_NOT_MN
15017c478bd9Sstevel@tonic-gate 		 * This error is not returned by the export routine
15027c478bd9Sstevel@tonic-gate 		 */
15037c478bd9Sstevel@tonic-gate 
15047c478bd9Sstevel@tonic-gate 		GSSLOG0(8, "kgss_export_sec_context: Kernel mod "
15057c478bd9Sstevel@tonic-gate 			"unavailable \n");
15067c478bd9Sstevel@tonic-gate 		return (GSS_S_NAME_NOT_MN);
15077c478bd9Sstevel@tonic-gate 	}
15087c478bd9Sstevel@tonic-gate 
15097c478bd9Sstevel@tonic-gate }
15107c478bd9Sstevel@tonic-gate 
15117c478bd9Sstevel@tonic-gate OM_uint32
kgss_import_sec_context(minor_status,interprocess_token,context_handle)15127c478bd9Sstevel@tonic-gate kgss_import_sec_context(minor_status,
15137c478bd9Sstevel@tonic-gate 			interprocess_token,
15147c478bd9Sstevel@tonic-gate 			context_handle)
15157c478bd9Sstevel@tonic-gate 
15167c478bd9Sstevel@tonic-gate OM_uint32 *		minor_status;
15177c478bd9Sstevel@tonic-gate const gss_buffer_t	interprocess_token;
1518*9c805345SToomas Soome gss_ctx_id_t		context_handle;
15197c478bd9Sstevel@tonic-gate 
15207c478bd9Sstevel@tonic-gate {
15217c478bd9Sstevel@tonic-gate OM_uint32 status;
15227c478bd9Sstevel@tonic-gate struct kgss_ctx	*kctx;
15237c478bd9Sstevel@tonic-gate 
15247c478bd9Sstevel@tonic-gate size_t		length;
15257c478bd9Sstevel@tonic-gate char		*p;
15267c478bd9Sstevel@tonic-gate gss_buffer_desc token;
15277c478bd9Sstevel@tonic-gate gss_ctx_id_t	internal_ctx_id;
15287c478bd9Sstevel@tonic-gate 	kctx = (struct kgss_ctx *)context_handle;
15297c478bd9Sstevel@tonic-gate 
1530d4f95bf4SRichard Lowe 	if (kctx->gssd_ctx != GSSD_NO_CONTEXT) {
15317c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
15327c478bd9Sstevel@tonic-gate 	}
15337c478bd9Sstevel@tonic-gate 
15347c478bd9Sstevel@tonic-gate 	if (!(KCTX_TO_MECH(context_handle)->gss_import_sec_context)) {
15357c478bd9Sstevel@tonic-gate 
15367c478bd9Sstevel@tonic-gate 	/*
15377c478bd9Sstevel@tonic-gate 	 *  This should never happen
15387c478bd9Sstevel@tonic-gate 	 *  If Kernel import sec context does not exist the export
15397c478bd9Sstevel@tonic-gate 	 *  sec context should have caught this and returned an error
15407c478bd9Sstevel@tonic-gate 	 *  and the caller should not have called this routine
15417c478bd9Sstevel@tonic-gate 	 */
15427c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "import_sec_context  called improperly\n");
15437c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
15447c478bd9Sstevel@tonic-gate 	}
15457c478bd9Sstevel@tonic-gate 	*minor_status = 0;
15467c478bd9Sstevel@tonic-gate 
15477c478bd9Sstevel@tonic-gate 	if (interprocess_token->length == 0 || interprocess_token->value == 0)
15487c478bd9Sstevel@tonic-gate 		return (GSS_S_DEFECTIVE_TOKEN);
15497c478bd9Sstevel@tonic-gate 
15507c478bd9Sstevel@tonic-gate 	status = GSS_S_FAILURE;
15517c478bd9Sstevel@tonic-gate 
15527c478bd9Sstevel@tonic-gate 	p = interprocess_token->value;
15537c478bd9Sstevel@tonic-gate 	length = *p++;
15547c478bd9Sstevel@tonic-gate 	length = (length << 8) + *p++;
15557c478bd9Sstevel@tonic-gate 	length = (length << 8) + *p++;
15567c478bd9Sstevel@tonic-gate 	length = (length << 8) + *p++;
15577c478bd9Sstevel@tonic-gate 
15587c478bd9Sstevel@tonic-gate 	p += length;
15597c478bd9Sstevel@tonic-gate 
15607c478bd9Sstevel@tonic-gate 	token.length = interprocess_token->length - 4 - length;
15617c478bd9Sstevel@tonic-gate 	token.value = p;
15627c478bd9Sstevel@tonic-gate 
15637c478bd9Sstevel@tonic-gate 	/*
15647c478bd9Sstevel@tonic-gate 	 * select the approprate underlying mechanism routine and
15657c478bd9Sstevel@tonic-gate 	 * call it.
15667c478bd9Sstevel@tonic-gate 	 */
15677c478bd9Sstevel@tonic-gate 
15687c478bd9Sstevel@tonic-gate 	status = KGSS_IMPORT_SEC_CONTEXT(minor_status, &token, kctx,
15697c478bd9Sstevel@tonic-gate 				&internal_ctx_id);
15707c478bd9Sstevel@tonic-gate 
15717c478bd9Sstevel@tonic-gate 	if (status == GSS_S_COMPLETE) {
15727c478bd9Sstevel@tonic-gate 		KCTX_TO_I_CTX(kctx) = internal_ctx_id;
15737c478bd9Sstevel@tonic-gate 		kctx->ctx_imported = TRUE;
15747c478bd9Sstevel@tonic-gate 		return (GSS_S_COMPLETE);
15757c478bd9Sstevel@tonic-gate 	} else
15767c478bd9Sstevel@tonic-gate 		return (status);
15777c478bd9Sstevel@tonic-gate }
15787c478bd9Sstevel@tonic-gate 
15797c478bd9Sstevel@tonic-gate /*ARGSUSED*/
15807c478bd9Sstevel@tonic-gate OM_uint32
kgss_context_time(minor_status,context_handle,time_rec,uid)15817c478bd9Sstevel@tonic-gate kgss_context_time(minor_status,
15827c478bd9Sstevel@tonic-gate 		context_handle,
15837c478bd9Sstevel@tonic-gate 		time_rec,
15847c478bd9Sstevel@tonic-gate 		uid)
15857c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
15867c478bd9Sstevel@tonic-gate 	const gss_ctx_id_t context_handle;
15877c478bd9Sstevel@tonic-gate 	OM_uint32 *time_rec;
15887c478bd9Sstevel@tonic-gate 	uid_t uid;
15897c478bd9Sstevel@tonic-gate {
15907c478bd9Sstevel@tonic-gate 	return (GSS_S_FAILURE);
15917c478bd9Sstevel@tonic-gate }
15927c478bd9Sstevel@tonic-gate 
15937c478bd9Sstevel@tonic-gate /*ARGSUSED*/
15947c478bd9Sstevel@tonic-gate static OM_uint32
kgss_sign_wrapped(void * private,OM_uint32 * minor_status,const gss_ctx_id_t ctx_handle,int qop_req,const gss_buffer_t message_buffer,gss_buffer_t msg_token,OM_uint32 gssd_context_verifier)15957c478bd9Sstevel@tonic-gate kgss_sign_wrapped(void *private,
15967c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status,
15977c478bd9Sstevel@tonic-gate 	const gss_ctx_id_t ctx_handle,
15987c478bd9Sstevel@tonic-gate 	int qop_req,
15997c478bd9Sstevel@tonic-gate 	const gss_buffer_t message_buffer,
16007c478bd9Sstevel@tonic-gate 	gss_buffer_t msg_token,
16017c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_context_verifier)
16027c478bd9Sstevel@tonic-gate {
16037c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
16047c478bd9Sstevel@tonic-gate 	gssd_ctx_id_t context_handle;
16057c478bd9Sstevel@tonic-gate 
16067c478bd9Sstevel@tonic-gate 	gss_sign_arg arg;
16077c478bd9Sstevel@tonic-gate 	gss_sign_res res;
16087c478bd9Sstevel@tonic-gate 	context_handle = (gssd_ctx_id_t)KCTX_TO_GSSD_CTX(ctx_handle);
16097c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
16107c478bd9Sstevel@tonic-gate 
16117c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
16127c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgss_sign: can't connect to server on %s\n", server);
16137c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
16147c478bd9Sstevel@tonic-gate 	}
16157c478bd9Sstevel@tonic-gate 
16167c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
16177c478bd9Sstevel@tonic-gate 
16187c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
16197c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
16207c478bd9Sstevel@tonic-gate 
16217c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
16227c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
16237c478bd9Sstevel@tonic-gate 	arg.gssd_context_verifier = gssd_context_verifier;
16247c478bd9Sstevel@tonic-gate 
16257c478bd9Sstevel@tonic-gate 	arg.qop_req = qop_req;
16267c478bd9Sstevel@tonic-gate 
16277c478bd9Sstevel@tonic-gate 	arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
16287c478bd9Sstevel@tonic-gate 	arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
16297c478bd9Sstevel@tonic-gate 
16307c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
16317c478bd9Sstevel@tonic-gate 
16327c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
16337c478bd9Sstevel@tonic-gate 	if (gss_sign_1(&arg, &res, clnt) != RPC_SUCCESS) {
16347c478bd9Sstevel@tonic-gate 
16357c478bd9Sstevel@tonic-gate 	/*
16367c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments, set
16377c478bd9Sstevel@tonic-gate 	 * minor_status to its maximum value, and return GSS_S_FAILURE
16387c478bd9Sstevel@tonic-gate 	 */
16397c478bd9Sstevel@tonic-gate 
16407c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
16417c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
16427c478bd9Sstevel@tonic-gate 		if (msg_token != NULL)
16437c478bd9Sstevel@tonic-gate 			msg_token->length = 0;
16447c478bd9Sstevel@tonic-gate 
16457c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
16467c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_sign: RPC call times out\n");
16477c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
16487c478bd9Sstevel@tonic-gate 	}
16497c478bd9Sstevel@tonic-gate 
16507c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
16517c478bd9Sstevel@tonic-gate 
16527c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
16537c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
16547c478bd9Sstevel@tonic-gate 
16557c478bd9Sstevel@tonic-gate 	if (msg_token != NULL) {
16567c478bd9Sstevel@tonic-gate 		msg_token->length = res.msg_token.GSS_BUFFER_T_len;
16577c478bd9Sstevel@tonic-gate 		msg_token->value = (void *) MALLOC(msg_token->length);
16587c478bd9Sstevel@tonic-gate 		(void) memcpy(msg_token->value, res.msg_token.GSS_BUFFER_T_val,
1659b97d6ca7SMilan Jurik 		    msg_token->length);
16607c478bd9Sstevel@tonic-gate 	}
16617c478bd9Sstevel@tonic-gate 
16627c478bd9Sstevel@tonic-gate 	/*
16637c478bd9Sstevel@tonic-gate 	 * free the memory allocated for the results and return with the status
16647c478bd9Sstevel@tonic-gate 	 * received in the rpc call
16657c478bd9Sstevel@tonic-gate 	 */
16667c478bd9Sstevel@tonic-gate 
16677c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_sign_res, (caddr_t)&res);
16687c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
16697c478bd9Sstevel@tonic-gate 	return (res.status);
16707c478bd9Sstevel@tonic-gate 
16717c478bd9Sstevel@tonic-gate }
16727c478bd9Sstevel@tonic-gate 
16737c478bd9Sstevel@tonic-gate OM_uint32
kgss_sign(OM_uint32 * minor_status,const gss_ctx_id_t context_handle,int qop_req,const gss_buffer_t message_buffer,gss_buffer_t msg_token)16747c478bd9Sstevel@tonic-gate kgss_sign(
16757c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status,
16767c478bd9Sstevel@tonic-gate 	const gss_ctx_id_t context_handle,
16777c478bd9Sstevel@tonic-gate 	int qop_req,
16787c478bd9Sstevel@tonic-gate 	const gss_buffer_t message_buffer,
16797c478bd9Sstevel@tonic-gate 	gss_buffer_t msg_token)
16807c478bd9Sstevel@tonic-gate {
16817c478bd9Sstevel@tonic-gate 	if (context_handle == GSS_C_NO_CONTEXT)
16827c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
16837c478bd9Sstevel@tonic-gate 	return (KGSS_SIGN(minor_status, context_handle, qop_req,
1684b97d6ca7SMilan Jurik 	    message_buffer, msg_token));
16857c478bd9Sstevel@tonic-gate }
16867c478bd9Sstevel@tonic-gate 
16877c478bd9Sstevel@tonic-gate /*ARGSUSED*/
16887c478bd9Sstevel@tonic-gate static OM_uint32
kgss_verify_wrapped(void * private,OM_uint32 * minor_status,const gss_ctx_id_t ctx_handle,const gss_buffer_t message_buffer,const gss_buffer_t token_buffer,int * qop_state,OM_uint32 gssd_context_verifier)16897c478bd9Sstevel@tonic-gate kgss_verify_wrapped(void *private,
16907c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status,
16917c478bd9Sstevel@tonic-gate 	const gss_ctx_id_t ctx_handle,
16927c478bd9Sstevel@tonic-gate 	const gss_buffer_t message_buffer,
16937c478bd9Sstevel@tonic-gate 	const gss_buffer_t token_buffer,
16947c478bd9Sstevel@tonic-gate 	int *qop_state,
16957c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_context_verifier)
16967c478bd9Sstevel@tonic-gate {
16977c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
16987c478bd9Sstevel@tonic-gate 
16997c478bd9Sstevel@tonic-gate 	gssd_ctx_id_t context_handle;
17007c478bd9Sstevel@tonic-gate 	gss_verify_arg arg;
17017c478bd9Sstevel@tonic-gate 	gss_verify_res res;
17027c478bd9Sstevel@tonic-gate 
17037c478bd9Sstevel@tonic-gate 	context_handle = (gssd_ctx_id_t)KCTX_TO_GSSD_CTX(ctx_handle);
17047c478bd9Sstevel@tonic-gate 
17057c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
17067c478bd9Sstevel@tonic-gate 
17077c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
17087c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgss_verify: can't connect to server on %s\n",
1709b97d6ca7SMilan Jurik 		    server);
17107c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
17117c478bd9Sstevel@tonic-gate 	}
17127c478bd9Sstevel@tonic-gate 
17137c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
17147c478bd9Sstevel@tonic-gate 
17157c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gss_ctx_id_t);
17167c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
17177c478bd9Sstevel@tonic-gate 
17187c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
17197c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
17207c478bd9Sstevel@tonic-gate 	arg.gssd_context_verifier = gssd_context_verifier;
17217c478bd9Sstevel@tonic-gate 
17227c478bd9Sstevel@tonic-gate 	arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
17237c478bd9Sstevel@tonic-gate 	arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
17247c478bd9Sstevel@tonic-gate 
17257c478bd9Sstevel@tonic-gate 	arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer->length;
17267c478bd9Sstevel@tonic-gate 	arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
17277c478bd9Sstevel@tonic-gate 
17287c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
17297c478bd9Sstevel@tonic-gate 
17307c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
17317c478bd9Sstevel@tonic-gate 	if (gss_verify_1(&arg, &res, clnt) != RPC_SUCCESS) {
17327c478bd9Sstevel@tonic-gate 
17337c478bd9Sstevel@tonic-gate 	/*
17347c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments, set
17357c478bd9Sstevel@tonic-gate 	 * minor_status to its maximum value, and return GSS_S_FAILURE
17367c478bd9Sstevel@tonic-gate 	 */
17377c478bd9Sstevel@tonic-gate 
17387c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
17397c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
17407c478bd9Sstevel@tonic-gate 		if (qop_state != NULL)
17417c478bd9Sstevel@tonic-gate 			*qop_state = 0;
17427c478bd9Sstevel@tonic-gate 
17437c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
17447c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_verify: RPC call times out\n");
17457c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
17467c478bd9Sstevel@tonic-gate 	}
17477c478bd9Sstevel@tonic-gate 
17487c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
17497c478bd9Sstevel@tonic-gate 
17507c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
17517c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
17527c478bd9Sstevel@tonic-gate 
17537c478bd9Sstevel@tonic-gate 	if (qop_state != NULL)
17547c478bd9Sstevel@tonic-gate 		*qop_state = res.qop_state;
17557c478bd9Sstevel@tonic-gate 
17567c478bd9Sstevel@tonic-gate 	/* return with status returned in rpc call */
17577c478bd9Sstevel@tonic-gate 
17587c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
17597c478bd9Sstevel@tonic-gate 	return (res.status);
17607c478bd9Sstevel@tonic-gate 
17617c478bd9Sstevel@tonic-gate }
17627c478bd9Sstevel@tonic-gate 
17637c478bd9Sstevel@tonic-gate OM_uint32
kgss_verify(OM_uint32 * minor_status,const gss_ctx_id_t context_handle,const gss_buffer_t message_buffer,const gss_buffer_t token_buffer,int * qop_state)17647c478bd9Sstevel@tonic-gate kgss_verify(OM_uint32 *minor_status,
17657c478bd9Sstevel@tonic-gate 		const gss_ctx_id_t context_handle,
17667c478bd9Sstevel@tonic-gate 		const gss_buffer_t message_buffer,
17677c478bd9Sstevel@tonic-gate 		const gss_buffer_t token_buffer,
17687c478bd9Sstevel@tonic-gate 		int *qop_state)
17697c478bd9Sstevel@tonic-gate {
17707c478bd9Sstevel@tonic-gate 	if (context_handle == GSS_C_NO_CONTEXT)
17717c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
17727c478bd9Sstevel@tonic-gate 	return (KGSS_VERIFY(minor_status, context_handle,
1773d4f95bf4SRichard Lowe 	    message_buffer, token_buffer, qop_state));
17747c478bd9Sstevel@tonic-gate }
17757c478bd9Sstevel@tonic-gate 
17767c478bd9Sstevel@tonic-gate /*ARGSUSED*/
17777c478bd9Sstevel@tonic-gate static OM_uint32
kgss_seal_wrapped(void * private,OM_uint32 * minor_status,const gss_ctx_id_t ctx_handle,int conf_req_flag,int qop_req,const gss_buffer_t input_message_buffer,int * conf_state,gss_buffer_t output_message_buffer,OM_uint32 gssd_context_verifier)17787c478bd9Sstevel@tonic-gate kgss_seal_wrapped(void *private,
17797c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status,
17807c478bd9Sstevel@tonic-gate 	const gss_ctx_id_t ctx_handle,
17817c478bd9Sstevel@tonic-gate 	int conf_req_flag,
17827c478bd9Sstevel@tonic-gate 	int qop_req,
17837c478bd9Sstevel@tonic-gate 	const gss_buffer_t input_message_buffer,
17847c478bd9Sstevel@tonic-gate 	int *conf_state,
17857c478bd9Sstevel@tonic-gate 	gss_buffer_t output_message_buffer,
17867c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_context_verifier)
17877c478bd9Sstevel@tonic-gate {
17887c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
17897c478bd9Sstevel@tonic-gate 	gssd_ctx_id_t	context_handle;
17907c478bd9Sstevel@tonic-gate 
17917c478bd9Sstevel@tonic-gate 	gss_seal_arg arg;
17927c478bd9Sstevel@tonic-gate 	gss_seal_res res;
17937c478bd9Sstevel@tonic-gate 
17947c478bd9Sstevel@tonic-gate 	context_handle = (gssd_ctx_id_t)KCTX_TO_GSSD_CTX(ctx_handle);
17957c478bd9Sstevel@tonic-gate 
17967c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
17977c478bd9Sstevel@tonic-gate 
17987c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
17997c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgss_seal: can't connect to server on %s\n", server);
18007c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
18017c478bd9Sstevel@tonic-gate 	}
18027c478bd9Sstevel@tonic-gate 
18037c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
18047c478bd9Sstevel@tonic-gate 
18057c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gss_ctx_id_t);
18067c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
18077c478bd9Sstevel@tonic-gate 
18087c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (OM_uint32);
18097c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
18107c478bd9Sstevel@tonic-gate 	arg.gssd_context_verifier = gssd_context_verifier;
18117c478bd9Sstevel@tonic-gate 
18127c478bd9Sstevel@tonic-gate 	arg.conf_req_flag = conf_req_flag;
18137c478bd9Sstevel@tonic-gate 
18147c478bd9Sstevel@tonic-gate 	arg.qop_req = qop_req;
18157c478bd9Sstevel@tonic-gate 
18167c478bd9Sstevel@tonic-gate 	arg.input_message_buffer.GSS_BUFFER_T_len =
1817b97d6ca7SMilan Jurik 	    (uint_t)input_message_buffer->length;
18187c478bd9Sstevel@tonic-gate 
18197c478bd9Sstevel@tonic-gate 	arg.input_message_buffer.GSS_BUFFER_T_val =
1820b97d6ca7SMilan Jurik 	    (char *)input_message_buffer->value;
18217c478bd9Sstevel@tonic-gate 
18227c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
18237c478bd9Sstevel@tonic-gate 
18247c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
18257c478bd9Sstevel@tonic-gate 	if (gss_seal_1(&arg, &res, clnt) != RPC_SUCCESS) {
18267c478bd9Sstevel@tonic-gate 
18277c478bd9Sstevel@tonic-gate 	/*
18287c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments, set
18297c478bd9Sstevel@tonic-gate 	 * minor_status to its maximum value, and return GSS_S_FAILURE
18307c478bd9Sstevel@tonic-gate 	 */
18317c478bd9Sstevel@tonic-gate 
18327c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
18337c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
18347c478bd9Sstevel@tonic-gate 		if (conf_state != NULL)
18357c478bd9Sstevel@tonic-gate 			*conf_state = 0;
18367c478bd9Sstevel@tonic-gate 		if (output_message_buffer != NULL)
18377c478bd9Sstevel@tonic-gate 			output_message_buffer->length = 0;
18387c478bd9Sstevel@tonic-gate 
18397c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
18407c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_seal: RPC call times out\n");
18417c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
18427c478bd9Sstevel@tonic-gate 	}
18437c478bd9Sstevel@tonic-gate 
18447c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
18457c478bd9Sstevel@tonic-gate 
18467c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
18477c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
18487c478bd9Sstevel@tonic-gate 
18497c478bd9Sstevel@tonic-gate 	if (conf_state != NULL)
18507c478bd9Sstevel@tonic-gate 		*conf_state = res.conf_state;
18517c478bd9Sstevel@tonic-gate 
18527c478bd9Sstevel@tonic-gate 	if (output_message_buffer != NULL) {
18537c478bd9Sstevel@tonic-gate 		output_message_buffer->length =
1854b97d6ca7SMilan Jurik 		    res.output_message_buffer.GSS_BUFFER_T_len;
18557c478bd9Sstevel@tonic-gate 
18567c478bd9Sstevel@tonic-gate 		output_message_buffer->value =
1857b97d6ca7SMilan Jurik 		    (void *) MALLOC(output_message_buffer->length);
18587c478bd9Sstevel@tonic-gate 		(void) memcpy(output_message_buffer->value,
1859b97d6ca7SMilan Jurik 		    res.output_message_buffer.GSS_BUFFER_T_val,
1860b97d6ca7SMilan Jurik 		    output_message_buffer->length);
18617c478bd9Sstevel@tonic-gate 	}
18627c478bd9Sstevel@tonic-gate 
18637c478bd9Sstevel@tonic-gate 	/*
18647c478bd9Sstevel@tonic-gate 	 * free the memory allocated for the results and return with the status
18657c478bd9Sstevel@tonic-gate 	 * received in the rpc call
18667c478bd9Sstevel@tonic-gate 	 */
18677c478bd9Sstevel@tonic-gate 
18687c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_seal_res, (caddr_t)&res);
18697c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
18707c478bd9Sstevel@tonic-gate 	return (res.status);
18717c478bd9Sstevel@tonic-gate }
18727c478bd9Sstevel@tonic-gate 
18737c478bd9Sstevel@tonic-gate /*ARGSUSED*/
18747c478bd9Sstevel@tonic-gate OM_uint32
kgss_seal(OM_uint32 * minor_status,const gss_ctx_id_t context_handle,int conf_req_flag,int qop_req,const gss_buffer_t input_message_buffer,int * conf_state,gss_buffer_t output_message_buffer)18757c478bd9Sstevel@tonic-gate kgss_seal(OM_uint32 *minor_status,
18767c478bd9Sstevel@tonic-gate 	const gss_ctx_id_t context_handle,
18777c478bd9Sstevel@tonic-gate 	int conf_req_flag,
18787c478bd9Sstevel@tonic-gate 	int qop_req,
18797c478bd9Sstevel@tonic-gate 	const gss_buffer_t input_message_buffer,
18807c478bd9Sstevel@tonic-gate 	int *conf_state,
18817c478bd9Sstevel@tonic-gate 	gss_buffer_t output_message_buffer)
18827c478bd9Sstevel@tonic-gate 
18837c478bd9Sstevel@tonic-gate {
18847c478bd9Sstevel@tonic-gate 	if (context_handle == GSS_C_NO_CONTEXT)
18857c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
18867c478bd9Sstevel@tonic-gate 	return (KGSS_SEAL(minor_status, context_handle,
18877c478bd9Sstevel@tonic-gate 		conf_req_flag, qop_req,
18887c478bd9Sstevel@tonic-gate 		input_message_buffer, conf_state,
18897c478bd9Sstevel@tonic-gate 		output_message_buffer));
18907c478bd9Sstevel@tonic-gate }
18917c478bd9Sstevel@tonic-gate 
18927c478bd9Sstevel@tonic-gate /*ARGSUSED*/
18937c478bd9Sstevel@tonic-gate static OM_uint32
kgss_unseal_wrapped(void * private,OM_uint32 * minor_status,const gss_ctx_id_t ctx_handle,const gss_buffer_t input_message_buffer,gss_buffer_t output_message_buffer,int * conf_state,int * qop_state,OM_uint32 gssd_context_verifier)18947c478bd9Sstevel@tonic-gate kgss_unseal_wrapped(void *private,
18957c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status,
18967c478bd9Sstevel@tonic-gate 	const gss_ctx_id_t ctx_handle,
18977c478bd9Sstevel@tonic-gate 	const gss_buffer_t input_message_buffer,
18987c478bd9Sstevel@tonic-gate 	gss_buffer_t output_message_buffer,
18997c478bd9Sstevel@tonic-gate 	int *conf_state,
19007c478bd9Sstevel@tonic-gate 	int *qop_state,
19017c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_context_verifier)
19027c478bd9Sstevel@tonic-gate {
19037c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
19047c478bd9Sstevel@tonic-gate 
19057c478bd9Sstevel@tonic-gate 	gss_unseal_arg arg;
19067c478bd9Sstevel@tonic-gate 	gss_unseal_res res;
19077c478bd9Sstevel@tonic-gate 	gssd_ctx_id_t context_handle;
19087c478bd9Sstevel@tonic-gate 
19097c478bd9Sstevel@tonic-gate 	context_handle = (gssd_ctx_id_t)KCTX_TO_GSSD_CTX(ctx_handle);
19107c478bd9Sstevel@tonic-gate 
19117c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
19127c478bd9Sstevel@tonic-gate 
19137c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
19147c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgss_unseal: can't connect to server on %s\n",
1915b97d6ca7SMilan Jurik 		    server);
19167c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
19177c478bd9Sstevel@tonic-gate 	}
19187c478bd9Sstevel@tonic-gate 
19197c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
19207c478bd9Sstevel@tonic-gate 
19217c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gss_ctx_id_t);
19227c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
19237c478bd9Sstevel@tonic-gate 
19247c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
19257c478bd9Sstevel@tonic-gate 	arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
19267c478bd9Sstevel@tonic-gate 	arg.gssd_context_verifier = gssd_context_verifier;
19277c478bd9Sstevel@tonic-gate 
19287c478bd9Sstevel@tonic-gate 	arg.input_message_buffer.GSS_BUFFER_T_len =
1929b97d6ca7SMilan Jurik 	    (uint_t)input_message_buffer->length;
19307c478bd9Sstevel@tonic-gate 
19317c478bd9Sstevel@tonic-gate 	arg.input_message_buffer.GSS_BUFFER_T_val =
1932b97d6ca7SMilan Jurik 	    (char *)input_message_buffer->value;
19337c478bd9Sstevel@tonic-gate 
19347c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
19357c478bd9Sstevel@tonic-gate 
19367c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
19377c478bd9Sstevel@tonic-gate 	if (gss_unseal_1(&arg, &res, clnt) != RPC_SUCCESS) {
19387c478bd9Sstevel@tonic-gate 
19397c478bd9Sstevel@tonic-gate 	/*
19407c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments, set
19417c478bd9Sstevel@tonic-gate 	 * minor_status to its maximum value, and return GSS_S_FAILURE
19427c478bd9Sstevel@tonic-gate 	 */
19437c478bd9Sstevel@tonic-gate 
19447c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
19457c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
19467c478bd9Sstevel@tonic-gate 		if (output_message_buffer != NULL)
19477c478bd9Sstevel@tonic-gate 			output_message_buffer->length = 0;
19487c478bd9Sstevel@tonic-gate 		if (conf_state != NULL)
19497c478bd9Sstevel@tonic-gate 			*conf_state = 0;
19507c478bd9Sstevel@tonic-gate 		if (qop_state != NULL)
19517c478bd9Sstevel@tonic-gate 			*qop_state = 0;
19527c478bd9Sstevel@tonic-gate 
19537c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
19547c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_unseal: RPC call times out\n");
19557c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
19567c478bd9Sstevel@tonic-gate 	}
19577c478bd9Sstevel@tonic-gate 
19587c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
19597c478bd9Sstevel@tonic-gate 
19607c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
19617c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
19627c478bd9Sstevel@tonic-gate 
19637c478bd9Sstevel@tonic-gate 	if (output_message_buffer != NULL) {
19647c478bd9Sstevel@tonic-gate 		output_message_buffer->length =
1965b97d6ca7SMilan Jurik 		    res.output_message_buffer.GSS_BUFFER_T_len;
19667c478bd9Sstevel@tonic-gate 
19677c478bd9Sstevel@tonic-gate 		output_message_buffer->value =
1968b97d6ca7SMilan Jurik 		    (void *) MALLOC(output_message_buffer->length);
19697c478bd9Sstevel@tonic-gate 		(void) memcpy(output_message_buffer->value,
1970b97d6ca7SMilan Jurik 		    res.output_message_buffer.GSS_BUFFER_T_val,
1971b97d6ca7SMilan Jurik 		    output_message_buffer->length);
19727c478bd9Sstevel@tonic-gate 	}
19737c478bd9Sstevel@tonic-gate 
19747c478bd9Sstevel@tonic-gate 	if (conf_state != NULL)
19757c478bd9Sstevel@tonic-gate 		*conf_state = res.conf_state;
19767c478bd9Sstevel@tonic-gate 
19777c478bd9Sstevel@tonic-gate 	if (qop_state != NULL)
19787c478bd9Sstevel@tonic-gate 		*qop_state = res.qop_state;
19797c478bd9Sstevel@tonic-gate 
19807c478bd9Sstevel@tonic-gate 	/*
19817c478bd9Sstevel@tonic-gate 	 * free the memory allocated for the results and return with the
19827c478bd9Sstevel@tonic-gate 	 * status received in the rpc call
19837c478bd9Sstevel@tonic-gate 	 */
19847c478bd9Sstevel@tonic-gate 
19857c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_unseal_res, (caddr_t)&res);
19867c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
19877c478bd9Sstevel@tonic-gate 	return (res.status);
19887c478bd9Sstevel@tonic-gate }
19897c478bd9Sstevel@tonic-gate 
19907c478bd9Sstevel@tonic-gate OM_uint32
kgss_unseal(OM_uint32 * minor_status,const gss_ctx_id_t context_handle,const gss_buffer_t input_message_buffer,const gss_buffer_t output_message_buffer,int * conf_state,int * qop_state)19917c478bd9Sstevel@tonic-gate kgss_unseal(OM_uint32 *minor_status,
19927c478bd9Sstevel@tonic-gate 	const gss_ctx_id_t context_handle,
19937c478bd9Sstevel@tonic-gate 	const gss_buffer_t input_message_buffer,
19947c478bd9Sstevel@tonic-gate 	const gss_buffer_t output_message_buffer,
19957c478bd9Sstevel@tonic-gate 	int *conf_state,
19967c478bd9Sstevel@tonic-gate 	int *qop_state)
19977c478bd9Sstevel@tonic-gate {
19987c478bd9Sstevel@tonic-gate 
19997c478bd9Sstevel@tonic-gate 	if (context_handle == GSS_C_NO_CONTEXT)
20007c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
20017c478bd9Sstevel@tonic-gate 
20027c478bd9Sstevel@tonic-gate 	return (KGSS_UNSEAL(minor_status, context_handle, input_message_buffer,
2003b97d6ca7SMilan Jurik 	    output_message_buffer, conf_state, qop_state));
20047c478bd9Sstevel@tonic-gate }
20057c478bd9Sstevel@tonic-gate 
20067c478bd9Sstevel@tonic-gate OM_uint32
kgss_display_status(minor_status,status_value,status_type,mech_type,message_context,status_string,uid)20077c478bd9Sstevel@tonic-gate kgss_display_status(minor_status,
20087c478bd9Sstevel@tonic-gate 		status_value,
20097c478bd9Sstevel@tonic-gate 		status_type,
20107c478bd9Sstevel@tonic-gate 		mech_type,
20117c478bd9Sstevel@tonic-gate 		message_context,
20127c478bd9Sstevel@tonic-gate 		status_string,
20137c478bd9Sstevel@tonic-gate 		uid)
20147c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
20157c478bd9Sstevel@tonic-gate 	OM_uint32 status_value;
20167c478bd9Sstevel@tonic-gate 	int status_type;
20177c478bd9Sstevel@tonic-gate 	const gss_OID mech_type;
20187c478bd9Sstevel@tonic-gate 	int *message_context;
20197c478bd9Sstevel@tonic-gate 	gss_buffer_t status_string;
20207c478bd9Sstevel@tonic-gate 	uid_t uid;
20217c478bd9Sstevel@tonic-gate {
20227c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
20237c478bd9Sstevel@tonic-gate 
20247c478bd9Sstevel@tonic-gate 	gss_display_status_arg arg;
20257c478bd9Sstevel@tonic-gate 	gss_display_status_res res;
20267c478bd9Sstevel@tonic-gate 
20277c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
20287c478bd9Sstevel@tonic-gate 
20297c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
20307c478bd9Sstevel@tonic-gate 	GSSLOG(1, "kgss_display_status: can't connect to server on %s\n",
20317c478bd9Sstevel@tonic-gate 			server);
20327c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
20337c478bd9Sstevel@tonic-gate 	}
20347c478bd9Sstevel@tonic-gate 
20357c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
20367c478bd9Sstevel@tonic-gate 
20377c478bd9Sstevel@tonic-gate 	arg.uid = (OM_uint32) uid;
20387c478bd9Sstevel@tonic-gate 
20397c478bd9Sstevel@tonic-gate 	arg.status_value = status_value;
20407c478bd9Sstevel@tonic-gate 	arg.status_type = status_type;
20417c478bd9Sstevel@tonic-gate 
20427c478bd9Sstevel@tonic-gate 	arg.mech_type.GSS_OID_len = (uint_t)(mech_type != GSS_C_NULL_OID ?
20437c478bd9Sstevel@tonic-gate 						mech_type->length : 0);
20447c478bd9Sstevel@tonic-gate 	arg.mech_type.GSS_OID_val = (char *)(mech_type != GSS_C_NULL_OID ?
20457c478bd9Sstevel@tonic-gate 						mech_type->elements : 0);
20467c478bd9Sstevel@tonic-gate 
20477c478bd9Sstevel@tonic-gate 	arg.message_context = *message_context;
20487c478bd9Sstevel@tonic-gate 
20497c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
20507c478bd9Sstevel@tonic-gate 
20517c478bd9Sstevel@tonic-gate 	if (message_context != NULL)
20527c478bd9Sstevel@tonic-gate 		*message_context = 0;
20537c478bd9Sstevel@tonic-gate 	if (status_string != NULL) {
20547c478bd9Sstevel@tonic-gate 		status_string->length = 0;
20557c478bd9Sstevel@tonic-gate 		status_string->value = NULL;
20567c478bd9Sstevel@tonic-gate 	}
20577c478bd9Sstevel@tonic-gate 
20587c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
20597c478bd9Sstevel@tonic-gate 	if (gss_display_status_1(&arg, &res, clnt) != RPC_SUCCESS) {
20607c478bd9Sstevel@tonic-gate 
20617c478bd9Sstevel@tonic-gate 	/*
20627c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments, set
20637c478bd9Sstevel@tonic-gate 	 * minor_status to its maximum value, and return GSS_S_FAILURE
20647c478bd9Sstevel@tonic-gate 	 */
20657c478bd9Sstevel@tonic-gate 
20667c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
20677c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
20687c478bd9Sstevel@tonic-gate 
20697c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
20707c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_display_status: RPC call time out\n");
20717c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
20727c478bd9Sstevel@tonic-gate 	}
20737c478bd9Sstevel@tonic-gate 
20747c478bd9Sstevel@tonic-gate 
20757c478bd9Sstevel@tonic-gate 	/* now process the results and pass them back to the caller */
20767c478bd9Sstevel@tonic-gate 
20777c478bd9Sstevel@tonic-gate 	if (res.status == GSS_S_COMPLETE) {
20787c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
20797c478bd9Sstevel@tonic-gate 			*minor_status = res.minor_status;
20807c478bd9Sstevel@tonic-gate 		if (message_context != NULL)
20817c478bd9Sstevel@tonic-gate 			*message_context = res.message_context;
20827c478bd9Sstevel@tonic-gate 		if (status_string != NULL) {
20837c478bd9Sstevel@tonic-gate 			status_string->length =
20847c478bd9Sstevel@tonic-gate 				(size_t)res.status_string.GSS_BUFFER_T_len;
20857c478bd9Sstevel@tonic-gate 			status_string->value =
20867c478bd9Sstevel@tonic-gate 				(void *) MALLOC(status_string->length);
20877c478bd9Sstevel@tonic-gate 			(void) memcpy(status_string->value,
20887c478bd9Sstevel@tonic-gate 				res.status_string.GSS_BUFFER_T_val,
20897c478bd9Sstevel@tonic-gate 				status_string->length);
20907c478bd9Sstevel@tonic-gate 		}
20917c478bd9Sstevel@tonic-gate 	}
20927c478bd9Sstevel@tonic-gate 
20937c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_display_status_res, (caddr_t)&res);
20947c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
20957c478bd9Sstevel@tonic-gate 	return (res.status);
20967c478bd9Sstevel@tonic-gate }
20977c478bd9Sstevel@tonic-gate 
20987c478bd9Sstevel@tonic-gate /*ARGSUSED*/
20997c478bd9Sstevel@tonic-gate OM_uint32
kgss_indicate_mechs(minor_status,mech_set,uid)21007c478bd9Sstevel@tonic-gate kgss_indicate_mechs(minor_status,
21017c478bd9Sstevel@tonic-gate 			mech_set,
21027c478bd9Sstevel@tonic-gate 			uid)
21037c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
21047c478bd9Sstevel@tonic-gate 	gss_OID_set *mech_set;
21057c478bd9Sstevel@tonic-gate 	uid_t uid;
21067c478bd9Sstevel@tonic-gate {
21077c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
21087c478bd9Sstevel@tonic-gate 	void *arg;
21097c478bd9Sstevel@tonic-gate 	gss_indicate_mechs_res res;
21107c478bd9Sstevel@tonic-gate 	int i;
21117c478bd9Sstevel@tonic-gate 
21127c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
21137c478bd9Sstevel@tonic-gate 
21147c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
21157c478bd9Sstevel@tonic-gate 	GSSLOG(1, "kgss_indicate_mechs: can't connect to server on %s\n",
21167c478bd9Sstevel@tonic-gate 			server);
21177c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
21187c478bd9Sstevel@tonic-gate 	}
21197c478bd9Sstevel@tonic-gate 
21207c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
21217c478bd9Sstevel@tonic-gate 	if (gss_indicate_mechs_1(&arg, &res, clnt) != RPC_SUCCESS) {
21227c478bd9Sstevel@tonic-gate 
21237c478bd9Sstevel@tonic-gate 	/*
21247c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments, set
21257c478bd9Sstevel@tonic-gate 	 * minor_status to its maximum value, and return GSS_S_FAILURE
21267c478bd9Sstevel@tonic-gate 	 */
21277c478bd9Sstevel@tonic-gate 
21287c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
21297c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
21307c478bd9Sstevel@tonic-gate 		if (mech_set != NULL)
21317c478bd9Sstevel@tonic-gate 			*mech_set = NULL;
21327c478bd9Sstevel@tonic-gate 
21337c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
21347c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_indicate_mechs: RPC call times out\n");
21357c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
21367c478bd9Sstevel@tonic-gate 	}
21377c478bd9Sstevel@tonic-gate 
21387c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
21397c478bd9Sstevel@tonic-gate 
21407c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
21417c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
21427c478bd9Sstevel@tonic-gate 
21437c478bd9Sstevel@tonic-gate 	if (mech_set != NULL) {
21447c478bd9Sstevel@tonic-gate 		*mech_set = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
21457c478bd9Sstevel@tonic-gate 		(*mech_set)->count = res.mech_set.GSS_OID_SET_len;
21467c478bd9Sstevel@tonic-gate 		(*mech_set)->elements = (void *)
21477c478bd9Sstevel@tonic-gate 			MALLOC ((*mech_set)->count * sizeof (gss_OID_desc));
21487c478bd9Sstevel@tonic-gate 		for (i = 0; i < (*mech_set)->count; i++) {
21497c478bd9Sstevel@tonic-gate 			(*mech_set)->elements[i].length =
21507c478bd9Sstevel@tonic-gate 				res.mech_set.GSS_OID_SET_val[i].GSS_OID_len;
21517c478bd9Sstevel@tonic-gate 			(*mech_set)->elements[i].elements = (void *)
21527c478bd9Sstevel@tonic-gate 				MALLOC ((*mech_set)->elements[i].length);
21537c478bd9Sstevel@tonic-gate 			(void) memcpy((*mech_set)->elements[i].elements,
21547c478bd9Sstevel@tonic-gate 				res.mech_set.GSS_OID_SET_val[i].GSS_OID_val,
21557c478bd9Sstevel@tonic-gate 				(*mech_set)->elements[i].length);
21567c478bd9Sstevel@tonic-gate 		}
21577c478bd9Sstevel@tonic-gate 	}
21587c478bd9Sstevel@tonic-gate 
21597c478bd9Sstevel@tonic-gate 	/*
21607c478bd9Sstevel@tonic-gate 	 * free the memory allocated for the results and return with the status
21617c478bd9Sstevel@tonic-gate 	 * received in the rpc call
21627c478bd9Sstevel@tonic-gate 	 */
21637c478bd9Sstevel@tonic-gate 
21647c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_indicate_mechs_res, (caddr_t)&res);
21657c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
21667c478bd9Sstevel@tonic-gate 	return (res.status);
21677c478bd9Sstevel@tonic-gate }
21687c478bd9Sstevel@tonic-gate 
21697c478bd9Sstevel@tonic-gate 
21707c478bd9Sstevel@tonic-gate OM_uint32
kgss_inquire_cred_wrapped(minor_status,cred_handle,gssd_cred_verifier,name,lifetime,cred_usage,mechanisms,uid)21717c478bd9Sstevel@tonic-gate kgss_inquire_cred_wrapped(minor_status,
21727c478bd9Sstevel@tonic-gate 		cred_handle,
21737c478bd9Sstevel@tonic-gate 		gssd_cred_verifier,
21747c478bd9Sstevel@tonic-gate 		name,
21757c478bd9Sstevel@tonic-gate 		lifetime,
21767c478bd9Sstevel@tonic-gate 		cred_usage,
21777c478bd9Sstevel@tonic-gate 		mechanisms,
21787c478bd9Sstevel@tonic-gate 		uid)
21797c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
21807c478bd9Sstevel@tonic-gate 	const gssd_cred_id_t cred_handle;
21817c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_verifier;
21827c478bd9Sstevel@tonic-gate 	gss_name_t *name;
21837c478bd9Sstevel@tonic-gate 	OM_uint32 *lifetime;
21847c478bd9Sstevel@tonic-gate 	int *cred_usage;
21857c478bd9Sstevel@tonic-gate 	gss_OID_set *mechanisms;
21867c478bd9Sstevel@tonic-gate 	uid_t uid;
21877c478bd9Sstevel@tonic-gate {
21887c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
21897c478bd9Sstevel@tonic-gate 
2190*9c805345SToomas Soome 	OM_uint32	minor_status_temp;
21917c478bd9Sstevel@tonic-gate 	gss_buffer_desc	external_name;
21927c478bd9Sstevel@tonic-gate 	gss_OID_desc	name_type;
21937c478bd9Sstevel@tonic-gate 	int		i;
21947c478bd9Sstevel@tonic-gate 
21957c478bd9Sstevel@tonic-gate 	gss_inquire_cred_arg arg;
21967c478bd9Sstevel@tonic-gate 	gss_inquire_cred_res res;
21977c478bd9Sstevel@tonic-gate 
21987c478bd9Sstevel@tonic-gate 	/*
21997c478bd9Sstevel@tonic-gate 	 * NULL the params here once
22007c478bd9Sstevel@tonic-gate 	 * If there are errors then we won't
22017c478bd9Sstevel@tonic-gate 	 * have to do it for every error
22027c478bd9Sstevel@tonic-gate 	 * case
22037c478bd9Sstevel@tonic-gate 	 */
22047c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
22057c478bd9Sstevel@tonic-gate 		*minor_status = DEFAULT_MINOR_STAT;
22067c478bd9Sstevel@tonic-gate 	if (name != NULL)
22077c478bd9Sstevel@tonic-gate 		*name = NULL;
22087c478bd9Sstevel@tonic-gate 	if (lifetime != NULL)
22097c478bd9Sstevel@tonic-gate 		*lifetime = 0;
22107c478bd9Sstevel@tonic-gate 	if (cred_usage != NULL)
22117c478bd9Sstevel@tonic-gate 		*cred_usage = 0;
22127c478bd9Sstevel@tonic-gate 	if (mechanisms != NULL)
22137c478bd9Sstevel@tonic-gate 		*mechanisms = NULL;
22147c478bd9Sstevel@tonic-gate 
22157c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
22167c478bd9Sstevel@tonic-gate 
22177c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
22187c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgss_inquire_cred: can't connect to server on %s\n",
22197c478bd9Sstevel@tonic-gate 			server);
22207c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
22217c478bd9Sstevel@tonic-gate 	}
22227c478bd9Sstevel@tonic-gate 
22237c478bd9Sstevel@tonic-gate 
22247c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
22257c478bd9Sstevel@tonic-gate 
22267c478bd9Sstevel@tonic-gate 	arg.uid = (OM_uint32) uid;
22277c478bd9Sstevel@tonic-gate 
22287c478bd9Sstevel@tonic-gate 	arg.cred_handle.GSS_CRED_ID_T_len =
2229d4f95bf4SRichard Lowe 	    cred_handle == GSSD_NO_CREDENTIAL ?
2230d4f95bf4SRichard Lowe 	    0 : (uint_t)sizeof (gssd_cred_id_t);
22317c478bd9Sstevel@tonic-gate 	arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
22327c478bd9Sstevel@tonic-gate 	arg.gssd_cred_verifier = gssd_cred_verifier;
22337c478bd9Sstevel@tonic-gate 
22347c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
22357c478bd9Sstevel@tonic-gate 
22367c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
22377c478bd9Sstevel@tonic-gate 	if (gss_inquire_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
22387c478bd9Sstevel@tonic-gate 
22397c478bd9Sstevel@tonic-gate 		/*
22407c478bd9Sstevel@tonic-gate 		 * if the RPC call times out
22417c478bd9Sstevel@tonic-gate 		 * kill the handle and return GSS_S_FAILURE
22427c478bd9Sstevel@tonic-gate 		 * the parameters have been set to NULL already
22437c478bd9Sstevel@tonic-gate 		 */
22447c478bd9Sstevel@tonic-gate 
22457c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
22467c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_inquire_cred: RPC call times out\n");
22477c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
22487c478bd9Sstevel@tonic-gate 	}
22497c478bd9Sstevel@tonic-gate 
22507c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
22517c478bd9Sstevel@tonic-gate 
22527c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
22537c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
22547c478bd9Sstevel@tonic-gate 
22557c478bd9Sstevel@tonic-gate 	/* convert name from external to internal format */
22567c478bd9Sstevel@tonic-gate 
22577c478bd9Sstevel@tonic-gate 	if (name != NULL) {
22587c478bd9Sstevel@tonic-gate 		external_name.length = res.name.GSS_BUFFER_T_len;
22597c478bd9Sstevel@tonic-gate 		external_name.value = res.name.GSS_BUFFER_T_val;
22607c478bd9Sstevel@tonic-gate 
22617c478bd9Sstevel@tonic-gate 		/*
22627c478bd9Sstevel@tonic-gate 		 * we can pass a pointer to res structure
22637c478bd9Sstevel@tonic-gate 		 * since gss_import_name treats the name_type
22647c478bd9Sstevel@tonic-gate 		 * parameter as read only and performs a copy
22657c478bd9Sstevel@tonic-gate 		 */
22667c478bd9Sstevel@tonic-gate 
22677c478bd9Sstevel@tonic-gate 		name_type.length = res.name_type.GSS_OID_len;
22687c478bd9Sstevel@tonic-gate 		name_type.elements = (void *)res.name_type.GSS_OID_val;
22697c478bd9Sstevel@tonic-gate 
22707c478bd9Sstevel@tonic-gate 		if (gss_import_name(&minor_status_temp, &external_name,
22717c478bd9Sstevel@tonic-gate 			&name_type, name) != GSS_S_COMPLETE) {
22727c478bd9Sstevel@tonic-gate 
22737c478bd9Sstevel@tonic-gate 			*minor_status = (OM_uint32) minor_status_temp;
22747c478bd9Sstevel@tonic-gate 			clnt_freeres(clnt, xdr_gss_inquire_cred_res,
22757c478bd9Sstevel@tonic-gate 							(caddr_t)&res);
22767c478bd9Sstevel@tonic-gate 			killgssd_handle(clnt);
22777c478bd9Sstevel@tonic-gate 			GSSLOG0(1, "kgss_inquire_cred: import name fails\n");
22787c478bd9Sstevel@tonic-gate 			return ((OM_uint32) GSS_S_FAILURE);
22797c478bd9Sstevel@tonic-gate 		}
22807c478bd9Sstevel@tonic-gate 	}
22817c478bd9Sstevel@tonic-gate 
22827c478bd9Sstevel@tonic-gate 	if (lifetime != NULL)
22837c478bd9Sstevel@tonic-gate 		*lifetime = res.lifetime;
22847c478bd9Sstevel@tonic-gate 
22857c478bd9Sstevel@tonic-gate 	if (cred_usage != NULL)
22867c478bd9Sstevel@tonic-gate 		*cred_usage = res.cred_usage;
22877c478bd9Sstevel@tonic-gate 
22887c478bd9Sstevel@tonic-gate 	if (res.status == GSS_S_COMPLETE &&
22897c478bd9Sstevel@tonic-gate 		res.mechanisms.GSS_OID_SET_len != 0 &&
22907c478bd9Sstevel@tonic-gate 		mechanisms != NULL) {
22917c478bd9Sstevel@tonic-gate 		*mechanisms = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
22927c478bd9Sstevel@tonic-gate 		(*mechanisms)->count =
22937c478bd9Sstevel@tonic-gate 			(int)res.mechanisms.GSS_OID_SET_len;
22947c478bd9Sstevel@tonic-gate 		(*mechanisms)->elements = (gss_OID)
22957c478bd9Sstevel@tonic-gate 			MALLOC(sizeof (gss_OID_desc) * (*mechanisms)->count);
22967c478bd9Sstevel@tonic-gate 
22977c478bd9Sstevel@tonic-gate 		for (i = 0; i < (*mechanisms)->count; i++) {
22987c478bd9Sstevel@tonic-gate 		    (*mechanisms)->elements[i].length = (OM_uint32)
22997c478bd9Sstevel@tonic-gate 			res.mechanisms.GSS_OID_SET_val[i].GSS_OID_len;
23007c478bd9Sstevel@tonic-gate 		    (*mechanisms)->elements[i].elements =
23017c478bd9Sstevel@tonic-gate 			(void *) MALLOC((*mechanisms)->elements[i].length);
23027c478bd9Sstevel@tonic-gate 		    (void) memcpy((*mechanisms)->elements[i].elements,
23037c478bd9Sstevel@tonic-gate 			res.mechanisms.GSS_OID_SET_val[i].GSS_OID_val,
23047c478bd9Sstevel@tonic-gate 			(*mechanisms)->elements[i].length);
23057c478bd9Sstevel@tonic-gate 		}
23067c478bd9Sstevel@tonic-gate 	} else {
23077c478bd9Sstevel@tonic-gate 		if (res.status == GSS_S_COMPLETE &&
23087c478bd9Sstevel@tonic-gate 			mechanisms != NULL)
23097c478bd9Sstevel@tonic-gate 			(*mechanisms) = NULL;
23107c478bd9Sstevel@tonic-gate 	}
23117c478bd9Sstevel@tonic-gate 	/*
23127c478bd9Sstevel@tonic-gate 	 * free the memory allocated for the results and return with the status
23137c478bd9Sstevel@tonic-gate 	 * received in the rpc call
23147c478bd9Sstevel@tonic-gate 	 */
23157c478bd9Sstevel@tonic-gate 
23167c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_inquire_cred_res, (caddr_t)&res);
23177c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
23187c478bd9Sstevel@tonic-gate 	return (res.status);
23197c478bd9Sstevel@tonic-gate 
23207c478bd9Sstevel@tonic-gate }
23217c478bd9Sstevel@tonic-gate 
23227c478bd9Sstevel@tonic-gate OM_uint32
kgss_inquire_cred(minor_status,cred_handle,name,lifetime,cred_usage,mechanisms,uid)23237c478bd9Sstevel@tonic-gate kgss_inquire_cred(minor_status,
23247c478bd9Sstevel@tonic-gate 			cred_handle,
23257c478bd9Sstevel@tonic-gate 			name,
23267c478bd9Sstevel@tonic-gate 			lifetime,
23277c478bd9Sstevel@tonic-gate 			cred_usage,
23287c478bd9Sstevel@tonic-gate 			mechanisms,
23297c478bd9Sstevel@tonic-gate 			uid)
23307c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
23317c478bd9Sstevel@tonic-gate 	const gss_cred_id_t cred_handle;
23327c478bd9Sstevel@tonic-gate 	gss_name_t *name;
23337c478bd9Sstevel@tonic-gate 	OM_uint32 *lifetime;
23347c478bd9Sstevel@tonic-gate 	int *cred_usage;
23357c478bd9Sstevel@tonic-gate 	gss_OID_set * mechanisms;
23367c478bd9Sstevel@tonic-gate 	uid_t uid;
23377c478bd9Sstevel@tonic-gate {
23387c478bd9Sstevel@tonic-gate 
23397c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_verifier;
23407c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_handle;
23417c478bd9Sstevel@tonic-gate 
23427c478bd9Sstevel@tonic-gate 	gssd_cred_verifier = KCRED_TO_CREDV(cred_handle);
23437c478bd9Sstevel@tonic-gate 	gssd_cred_handle = KCRED_TO_CRED(cred_handle);
23447c478bd9Sstevel@tonic-gate 
23457c478bd9Sstevel@tonic-gate 	return (kgss_inquire_cred_wrapped(minor_status,
23467c478bd9Sstevel@tonic-gate 			gssd_cred_handle, gssd_cred_verifier,
23477c478bd9Sstevel@tonic-gate 			name, lifetime, cred_usage, mechanisms, uid));
23487c478bd9Sstevel@tonic-gate }
23497c478bd9Sstevel@tonic-gate 
23507c478bd9Sstevel@tonic-gate OM_uint32
kgss_inquire_cred_by_mech_wrapped(minor_status,cred_handle,gssd_cred_verifier,mech_type,uid)23517c478bd9Sstevel@tonic-gate kgss_inquire_cred_by_mech_wrapped(minor_status,
23527c478bd9Sstevel@tonic-gate 		cred_handle,
23537c478bd9Sstevel@tonic-gate 		gssd_cred_verifier,
23547c478bd9Sstevel@tonic-gate 		mech_type,
23557c478bd9Sstevel@tonic-gate 		uid)
23567c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
23577c478bd9Sstevel@tonic-gate 	gssd_cred_id_t cred_handle;
23587c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_verifier;
23597c478bd9Sstevel@tonic-gate 	gss_OID mech_type;
23607c478bd9Sstevel@tonic-gate 	uid_t uid;
23617c478bd9Sstevel@tonic-gate {
23627c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
23637c478bd9Sstevel@tonic-gate 
23647c478bd9Sstevel@tonic-gate 	gss_inquire_cred_by_mech_arg arg;
23657c478bd9Sstevel@tonic-gate 	gss_inquire_cred_by_mech_res res;
23667c478bd9Sstevel@tonic-gate 
23677c478bd9Sstevel@tonic-gate 	/* get the client handle to GSSD */
23687c478bd9Sstevel@tonic-gate 
23697c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
23707c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgss_inquire_cred: can't connect to server on %s\n",
23717c478bd9Sstevel@tonic-gate 			server);
23727c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
23737c478bd9Sstevel@tonic-gate 	}
23747c478bd9Sstevel@tonic-gate 
23757c478bd9Sstevel@tonic-gate 
23767c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments into the rpc arg parameter */
23777c478bd9Sstevel@tonic-gate 
23787c478bd9Sstevel@tonic-gate 	arg.uid = (OM_uint32) uid;
23797c478bd9Sstevel@tonic-gate 
23807c478bd9Sstevel@tonic-gate 	arg.cred_handle.GSS_CRED_ID_T_len =
2381d4f95bf4SRichard Lowe 	    cred_handle == GSSD_NO_CREDENTIAL ?
2382d4f95bf4SRichard Lowe 	    0 : (uint_t)sizeof (gssd_cred_id_t);
23837c478bd9Sstevel@tonic-gate 	arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
23847c478bd9Sstevel@tonic-gate 	arg.gssd_cred_verifier = gssd_cred_verifier;
23857c478bd9Sstevel@tonic-gate 
23867c478bd9Sstevel@tonic-gate 	arg.mech_type.GSS_OID_len =
23877c478bd9Sstevel@tonic-gate 		(uint_t)(mech_type != GSS_C_NULL_OID ?
23887c478bd9Sstevel@tonic-gate 		mech_type->length : 0);
23897c478bd9Sstevel@tonic-gate 	arg.mech_type.GSS_OID_val =
23907c478bd9Sstevel@tonic-gate 		(char *)(mech_type != GSS_C_NULL_OID ?
23917c478bd9Sstevel@tonic-gate 		mech_type->elements : 0);
23927c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
23937c478bd9Sstevel@tonic-gate 
23947c478bd9Sstevel@tonic-gate 	bzero((caddr_t)&res, sizeof (res));
23957c478bd9Sstevel@tonic-gate 	if (gss_inquire_cred_by_mech_1(&arg, &res, clnt) != RPC_SUCCESS) {
23967c478bd9Sstevel@tonic-gate 
23977c478bd9Sstevel@tonic-gate 	/*
23987c478bd9Sstevel@tonic-gate 	 * if the RPC call times out, null out all return arguments, set
23997c478bd9Sstevel@tonic-gate 	 * minor_status to its maximum value, and return GSS_S_FAILURE
24007c478bd9Sstevel@tonic-gate 	 */
24017c478bd9Sstevel@tonic-gate 
24027c478bd9Sstevel@tonic-gate 		if (minor_status != NULL)
24037c478bd9Sstevel@tonic-gate 			*minor_status = DEFAULT_MINOR_STAT;
24047c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
24057c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_inquire_cred: RPC call times out\n");
24067c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
24077c478bd9Sstevel@tonic-gate 	}
24087c478bd9Sstevel@tonic-gate 
24097c478bd9Sstevel@tonic-gate 	/* copy the rpc results into the return arguments */
24107c478bd9Sstevel@tonic-gate 
24117c478bd9Sstevel@tonic-gate 	if (minor_status != NULL)
24127c478bd9Sstevel@tonic-gate 		*minor_status = res.minor_status;
24137c478bd9Sstevel@tonic-gate 
24147c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gss_inquire_cred_by_mech_res, (caddr_t)&res);
24157c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
24167c478bd9Sstevel@tonic-gate 	return (res.status);
24177c478bd9Sstevel@tonic-gate 
24187c478bd9Sstevel@tonic-gate }
24197c478bd9Sstevel@tonic-gate 
24207c478bd9Sstevel@tonic-gate OM_uint32
kgss_inquire_cred_by_mech(minor_status,cred_handle,mech_type,uid)24217c478bd9Sstevel@tonic-gate kgss_inquire_cred_by_mech(minor_status,
24227c478bd9Sstevel@tonic-gate 			cred_handle,
24237c478bd9Sstevel@tonic-gate 			mech_type,
24247c478bd9Sstevel@tonic-gate 			uid)
24257c478bd9Sstevel@tonic-gate 	OM_uint32 *minor_status;
24267c478bd9Sstevel@tonic-gate 	gss_cred_id_t cred_handle;
24277c478bd9Sstevel@tonic-gate 	gss_OID mech_type;
24287c478bd9Sstevel@tonic-gate 	uid_t uid;
24297c478bd9Sstevel@tonic-gate {
24307c478bd9Sstevel@tonic-gate 
24317c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_verifier;
24327c478bd9Sstevel@tonic-gate 	OM_uint32 gssd_cred_handle;
24337c478bd9Sstevel@tonic-gate 
24347c478bd9Sstevel@tonic-gate 	gssd_cred_verifier = KCRED_TO_CREDV(cred_handle);
24357c478bd9Sstevel@tonic-gate 	gssd_cred_handle = KCRED_TO_CRED(cred_handle);
24367c478bd9Sstevel@tonic-gate 
24377c478bd9Sstevel@tonic-gate 	return (kgss_inquire_cred_by_mech_wrapped(minor_status,
24387c478bd9Sstevel@tonic-gate 			gssd_cred_handle, gssd_cred_verifier,
24397c478bd9Sstevel@tonic-gate 			mech_type, uid));
24407c478bd9Sstevel@tonic-gate }
24417c478bd9Sstevel@tonic-gate 
24427c478bd9Sstevel@tonic-gate OM_uint32
kgsscred_expname_to_unix_cred(expName,uidOut,gidOut,gids,gidsLen,uid)24437c478bd9Sstevel@tonic-gate kgsscred_expname_to_unix_cred(expName, uidOut, gidOut, gids, gidsLen, uid)
24447c478bd9Sstevel@tonic-gate 	const gss_buffer_t expName;
24457c478bd9Sstevel@tonic-gate 	uid_t *uidOut;
24467c478bd9Sstevel@tonic-gate 	gid_t *gidOut;
24477c478bd9Sstevel@tonic-gate 	gid_t *gids[];
24487c478bd9Sstevel@tonic-gate 	int *gidsLen;
24497c478bd9Sstevel@tonic-gate 	uid_t uid;
24507c478bd9Sstevel@tonic-gate {
24517c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
24527c478bd9Sstevel@tonic-gate 	gsscred_expname_to_unix_cred_arg args;
24537c478bd9Sstevel@tonic-gate 	gsscred_expname_to_unix_cred_res res;
24547c478bd9Sstevel@tonic-gate 
24557c478bd9Sstevel@tonic-gate 	/* check input/output parameters */
24567c478bd9Sstevel@tonic-gate 	if (expName == NULL || expName->value == NULL)
24577c478bd9Sstevel@tonic-gate 		return (GSS_S_CALL_INACCESSIBLE_READ);
24587c478bd9Sstevel@tonic-gate 
24597c478bd9Sstevel@tonic-gate 	if (uidOut == NULL)
24607c478bd9Sstevel@tonic-gate 		return (GSS_S_CALL_INACCESSIBLE_WRITE);
24617c478bd9Sstevel@tonic-gate 
24627c478bd9Sstevel@tonic-gate 	/* NULL out output parameters */
24637c478bd9Sstevel@tonic-gate 	*uidOut = UID_NOBODY;
24647c478bd9Sstevel@tonic-gate 	if (gidsLen)
24657c478bd9Sstevel@tonic-gate 		*gidsLen = 0;
24667c478bd9Sstevel@tonic-gate 
24677c478bd9Sstevel@tonic-gate 	if (gids)
24687c478bd9Sstevel@tonic-gate 		*gids = NULL;
24697c478bd9Sstevel@tonic-gate 
24707c478bd9Sstevel@tonic-gate 	/* get the client handle to gssd */
24717c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL)
24727c478bd9Sstevel@tonic-gate 	{
24737c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgsscred_expname_to_unix_cred:"
24747c478bd9Sstevel@tonic-gate 			" can't connect to server on %s\n", server);
24757c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
24767c478bd9Sstevel@tonic-gate 	}
24777c478bd9Sstevel@tonic-gate 
24787c478bd9Sstevel@tonic-gate 	/* copy the procedure arguments */
24797c478bd9Sstevel@tonic-gate 	args.uid = uid;
24807c478bd9Sstevel@tonic-gate 	args.expname.GSS_BUFFER_T_val = expName->value;
24817c478bd9Sstevel@tonic-gate 	args.expname.GSS_BUFFER_T_len = expName->length;
24827c478bd9Sstevel@tonic-gate 
24837c478bd9Sstevel@tonic-gate 	/* null out the return buffer and call the remote proc */
24847c478bd9Sstevel@tonic-gate 	bzero(&res, sizeof (res));
24857c478bd9Sstevel@tonic-gate 
24867c478bd9Sstevel@tonic-gate 	if (gsscred_expname_to_unix_cred_1(&args, &res, clnt) != RPC_SUCCESS)
24877c478bd9Sstevel@tonic-gate 	{
24887c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
24897c478bd9Sstevel@tonic-gate 		GSSLOG0(1,
24907c478bd9Sstevel@tonic-gate 			"kgsscred_expname_to_unix_cred: RPC call times out\n");
24917c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
24927c478bd9Sstevel@tonic-gate 	}
24937c478bd9Sstevel@tonic-gate 
24947c478bd9Sstevel@tonic-gate 	/* copy the results into the result parameters */
24957c478bd9Sstevel@tonic-gate 	if (res.major == GSS_S_COMPLETE)
24967c478bd9Sstevel@tonic-gate 	{
24977c478bd9Sstevel@tonic-gate 		*uidOut = res.uid;
24987c478bd9Sstevel@tonic-gate 		if (gidOut)
24997c478bd9Sstevel@tonic-gate 			*gidOut = res.gid;
25007c478bd9Sstevel@tonic-gate 		if (gids && gidsLen)
25017c478bd9Sstevel@tonic-gate 		{
25027c478bd9Sstevel@tonic-gate 			*gids = res.gids.GSSCRED_GIDS_val;
25037c478bd9Sstevel@tonic-gate 			*gidsLen = res.gids.GSSCRED_GIDS_len;
25047c478bd9Sstevel@tonic-gate 			res.gids.GSSCRED_GIDS_val = NULL;
25057c478bd9Sstevel@tonic-gate 			res.gids.GSSCRED_GIDS_len = 0;
25067c478bd9Sstevel@tonic-gate 		}
25077c478bd9Sstevel@tonic-gate 	}
25087c478bd9Sstevel@tonic-gate 
25097c478bd9Sstevel@tonic-gate 	/* free RPC results */
25107c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gsscred_expname_to_unix_cred_res, (caddr_t)&res);
25117c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
25127c478bd9Sstevel@tonic-gate 
25137c478bd9Sstevel@tonic-gate 	return (res.major);
25147c478bd9Sstevel@tonic-gate } /* kgsscred_expname_to_unix_cred */
25157c478bd9Sstevel@tonic-gate 
25167c478bd9Sstevel@tonic-gate OM_uint32
kgsscred_name_to_unix_cred(intName,mechType,uidOut,gidOut,gids,gidsLen,uid)25177c478bd9Sstevel@tonic-gate kgsscred_name_to_unix_cred(intName, mechType, uidOut, gidOut, gids,
25187c478bd9Sstevel@tonic-gate 				gidsLen, uid)
25197c478bd9Sstevel@tonic-gate 	const gss_name_t intName;
25207c478bd9Sstevel@tonic-gate 	const gss_OID mechType;
25217c478bd9Sstevel@tonic-gate 	uid_t *uidOut;
25227c478bd9Sstevel@tonic-gate 	gid_t *gidOut;
25237c478bd9Sstevel@tonic-gate 	gid_t *gids[];
25247c478bd9Sstevel@tonic-gate 	int *gidsLen;
25257c478bd9Sstevel@tonic-gate 	uid_t uid;
25267c478bd9Sstevel@tonic-gate {
25277c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
25287c478bd9Sstevel@tonic-gate 	gsscred_name_to_unix_cred_arg args;
25297c478bd9Sstevel@tonic-gate 	gsscred_name_to_unix_cred_res res;
25307c478bd9Sstevel@tonic-gate 	OM_uint32 major, minor;
25317c478bd9Sstevel@tonic-gate 	gss_OID nameOid;
25327c478bd9Sstevel@tonic-gate 	gss_buffer_desc flatName = GSS_C_EMPTY_BUFFER;
25337c478bd9Sstevel@tonic-gate 
25347c478bd9Sstevel@tonic-gate 	/* check the input/output parameters */
25357c478bd9Sstevel@tonic-gate 	if (intName == NULL || mechType == NULL)
25367c478bd9Sstevel@tonic-gate 		return (GSS_S_CALL_INACCESSIBLE_READ);
25377c478bd9Sstevel@tonic-gate 
25387c478bd9Sstevel@tonic-gate 	if (uidOut == NULL)
25397c478bd9Sstevel@tonic-gate 		return (GSS_S_CALL_INACCESSIBLE_WRITE);
25407c478bd9Sstevel@tonic-gate 
25417c478bd9Sstevel@tonic-gate 	/* NULL out the output parameters */
25427c478bd9Sstevel@tonic-gate 	*uidOut = UID_NOBODY;
25437c478bd9Sstevel@tonic-gate 	if (gids)
25447c478bd9Sstevel@tonic-gate 		*gids = NULL;
25457c478bd9Sstevel@tonic-gate 
25467c478bd9Sstevel@tonic-gate 	if (gidsLen)
25477c478bd9Sstevel@tonic-gate 		*gidsLen = 0;
25487c478bd9Sstevel@tonic-gate 
25497c478bd9Sstevel@tonic-gate 	/* get the client handle to gssd */
25507c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL)
25517c478bd9Sstevel@tonic-gate 	{
25527c478bd9Sstevel@tonic-gate 		GSSLOG(1,
25537c478bd9Sstevel@tonic-gate 		"kgsscred_name_to_unix_cred: can't connect to server %s\n",
25547c478bd9Sstevel@tonic-gate 				server);
25557c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
25567c478bd9Sstevel@tonic-gate 	}
25577c478bd9Sstevel@tonic-gate 
25587c478bd9Sstevel@tonic-gate 	/* convert the name to flat representation */
25597c478bd9Sstevel@tonic-gate 	if ((major = gss_display_name(&minor, intName, &flatName, &nameOid))
25607c478bd9Sstevel@tonic-gate 			!= GSS_S_COMPLETE)
25617c478bd9Sstevel@tonic-gate 	{
25627c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
25637c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgsscred_name_to_unix_cred: display name failed\n");
25647c478bd9Sstevel@tonic-gate 		return (major);
25657c478bd9Sstevel@tonic-gate 	}
25667c478bd9Sstevel@tonic-gate 
25677c478bd9Sstevel@tonic-gate 	/* set the rpc parameters */
25687c478bd9Sstevel@tonic-gate 	args.uid = uid;
25697c478bd9Sstevel@tonic-gate 	args.pname.GSS_BUFFER_T_len = flatName.length;
25707c478bd9Sstevel@tonic-gate 	args.pname.GSS_BUFFER_T_val = flatName.value;
25717c478bd9Sstevel@tonic-gate 	args.name_type.GSS_OID_len = nameOid->length;
25727c478bd9Sstevel@tonic-gate 	args.name_type.GSS_OID_val = nameOid->elements;
25737c478bd9Sstevel@tonic-gate 	args.mech_type.GSS_OID_len = mechType->length;
25747c478bd9Sstevel@tonic-gate 	args.mech_type.GSS_OID_val = mechType->elements;
25757c478bd9Sstevel@tonic-gate 
25767c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
25777c478bd9Sstevel@tonic-gate 	bzero(&res, sizeof (res));
25787c478bd9Sstevel@tonic-gate 	if (gsscred_name_to_unix_cred_1(&args, &res, clnt) != RPC_SUCCESS) {
25797c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
25807c478bd9Sstevel@tonic-gate 		(void) gss_release_buffer(&minor, &flatName);
25817c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgsscred_name_to_unix_cred: RPC call times out\n");
25827c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
25837c478bd9Sstevel@tonic-gate 	}
25847c478bd9Sstevel@tonic-gate 
25857c478bd9Sstevel@tonic-gate 	/* delete the flat name buffer */
25867c478bd9Sstevel@tonic-gate 	(void) gss_release_buffer(&minor, &flatName);
25877c478bd9Sstevel@tonic-gate 
25887c478bd9Sstevel@tonic-gate 	/* copy the output parameters on output */
25897c478bd9Sstevel@tonic-gate 	if (res.major == GSS_S_COMPLETE) {
25907c478bd9Sstevel@tonic-gate 		*uidOut = res.uid;
25917c478bd9Sstevel@tonic-gate 
25927c478bd9Sstevel@tonic-gate 		if (gidOut)
25937c478bd9Sstevel@tonic-gate 			*gidOut = res.gid;
25947c478bd9Sstevel@tonic-gate 		if (gids && gidsLen) {
25957c478bd9Sstevel@tonic-gate 			*gids = res.gids.GSSCRED_GIDS_val;
25967c478bd9Sstevel@tonic-gate 			*gidsLen = res.gids.GSSCRED_GIDS_len;
25977c478bd9Sstevel@tonic-gate 			res.gids.GSSCRED_GIDS_val = NULL;
25987c478bd9Sstevel@tonic-gate 			res.gids.GSSCRED_GIDS_len = 0;
25997c478bd9Sstevel@tonic-gate 		}
26007c478bd9Sstevel@tonic-gate 	}
26017c478bd9Sstevel@tonic-gate 
26027c478bd9Sstevel@tonic-gate 	/* delete RPC allocated memory */
26037c478bd9Sstevel@tonic-gate 	clnt_freeres(clnt, xdr_gsscred_name_to_unix_cred_res, (caddr_t)&res);
26047c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
26057c478bd9Sstevel@tonic-gate 
26067c478bd9Sstevel@tonic-gate 	return (res.major);
26077c478bd9Sstevel@tonic-gate } /* kgsscred_name_to_unix_cred */
26087c478bd9Sstevel@tonic-gate 
26097c478bd9Sstevel@tonic-gate OM_uint32
kgss_get_group_info(puid,gidOut,gids,gidsLen,uid)26107c478bd9Sstevel@tonic-gate kgss_get_group_info(puid, gidOut, gids, gidsLen, uid)
26117c478bd9Sstevel@tonic-gate 	const uid_t puid;
26127c478bd9Sstevel@tonic-gate 	gid_t *gidOut;
26137c478bd9Sstevel@tonic-gate 	gid_t *gids[];
26147c478bd9Sstevel@tonic-gate 	int *gidsLen;
26157c478bd9Sstevel@tonic-gate 	uid_t uid;
26167c478bd9Sstevel@tonic-gate {
26177c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
26187c478bd9Sstevel@tonic-gate 	gss_get_group_info_arg args;
26197c478bd9Sstevel@tonic-gate 	gss_get_group_info_res res;
26207c478bd9Sstevel@tonic-gate 
26217c478bd9Sstevel@tonic-gate 
26227c478bd9Sstevel@tonic-gate 	/* check the output parameters */
26237c478bd9Sstevel@tonic-gate 	if (gidOut == NULL || gids == NULL || gidsLen == NULL)
26247c478bd9Sstevel@tonic-gate 		return (GSS_S_CALL_INACCESSIBLE_WRITE);
26257c478bd9Sstevel@tonic-gate 
26267c478bd9Sstevel@tonic-gate 	/* get the client GSSD handle */
26277c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
26287c478bd9Sstevel@tonic-gate 		GSSLOG(1,
26297c478bd9Sstevel@tonic-gate 			"kgss_get_group_info: can't connect to server on %s\n",
26307c478bd9Sstevel@tonic-gate 			server);
26317c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
26327c478bd9Sstevel@tonic-gate 	}
26337c478bd9Sstevel@tonic-gate 
26347c478bd9Sstevel@tonic-gate 	/* set the input parameters */
26357c478bd9Sstevel@tonic-gate 	args.uid = uid;
26367c478bd9Sstevel@tonic-gate 	args.puid = puid;
26377c478bd9Sstevel@tonic-gate 
26387c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
26397c478bd9Sstevel@tonic-gate 	bzero(&res, sizeof (res));
26407c478bd9Sstevel@tonic-gate 	if (gss_get_group_info_1(&args, &res, clnt) != RPC_SUCCESS) {
26417c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
26427c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "kgss_get_group_info: RPC call times out\n");
26437c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
26447c478bd9Sstevel@tonic-gate 	}
26457c478bd9Sstevel@tonic-gate 
26467c478bd9Sstevel@tonic-gate 	/* copy the results */
26477c478bd9Sstevel@tonic-gate 	if (res.major == GSS_S_COMPLETE) {
26487c478bd9Sstevel@tonic-gate 		*gidOut = res.gid;
26497c478bd9Sstevel@tonic-gate 		*gids = res.gids.GSSCRED_GIDS_val;
26507c478bd9Sstevel@tonic-gate 		*gidsLen = res.gids.GSSCRED_GIDS_len;
26517c478bd9Sstevel@tonic-gate 		res.gids.GSSCRED_GIDS_val = NULL;
26527c478bd9Sstevel@tonic-gate 		res.gids.GSSCRED_GIDS_len = 0;
26537c478bd9Sstevel@tonic-gate 	}
26547c478bd9Sstevel@tonic-gate 
26557c478bd9Sstevel@tonic-gate 	/* no results to free */
26567c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
26577c478bd9Sstevel@tonic-gate 
26587c478bd9Sstevel@tonic-gate 	return (res.major);
26597c478bd9Sstevel@tonic-gate } /* kgss_get_group_info */
26607c478bd9Sstevel@tonic-gate 
26617c478bd9Sstevel@tonic-gate static char *
kgss_get_kmod(gss_OID mech_oid)26627c478bd9Sstevel@tonic-gate kgss_get_kmod(gss_OID mech_oid)
26637c478bd9Sstevel@tonic-gate {
26647c478bd9Sstevel@tonic-gate 	CLIENT *clnt;
26657c478bd9Sstevel@tonic-gate 	gss_get_kmod_arg args;
26667c478bd9Sstevel@tonic-gate 	gss_get_kmod_res res;
26677c478bd9Sstevel@tonic-gate 
26687c478bd9Sstevel@tonic-gate 
26697c478bd9Sstevel@tonic-gate 	/* get the client GSSD handle */
26707c478bd9Sstevel@tonic-gate 	if ((clnt = getgssd_handle()) == NULL) {
26717c478bd9Sstevel@tonic-gate 		GSSLOG(1, "kgss_get_kmod: can't connect to server on %s\n",
2672b97d6ca7SMilan Jurik 		    server);
26737c478bd9Sstevel@tonic-gate 		return (NULL);
26747c478bd9Sstevel@tonic-gate 	}
26757c478bd9Sstevel@tonic-gate 
26767c478bd9Sstevel@tonic-gate 	/* set the input parameters */
26777c478bd9Sstevel@tonic-gate 	args.mech_oid.GSS_OID_len = mech_oid->length;
26787c478bd9Sstevel@tonic-gate 	args.mech_oid.GSS_OID_val = mech_oid->elements;
26797c478bd9Sstevel@tonic-gate 
26807c478bd9Sstevel@tonic-gate 	/* call the remote procedure */
26817c478bd9Sstevel@tonic-gate 	bzero(&res, sizeof (res));
26827c478bd9Sstevel@tonic-gate 	if (gss_get_kmod_1(&args, &res, clnt) != RPC_SUCCESS) {
26837c478bd9Sstevel@tonic-gate 		killgssd_handle(clnt);
26847c478bd9Sstevel@tonic-gate 		GSSLOG0(1, "gss_get_kmod_1: RPC call times out\n");
26857c478bd9Sstevel@tonic-gate 		return (NULL);
26867c478bd9Sstevel@tonic-gate 	}
26877c478bd9Sstevel@tonic-gate 	/* no results to free */
26887c478bd9Sstevel@tonic-gate 	killgssd_handle(clnt);
26897c478bd9Sstevel@tonic-gate 
26907c478bd9Sstevel@tonic-gate 	if (res.module_follow == TRUE) {
26917c478bd9Sstevel@tonic-gate 		return (res.gss_get_kmod_res_u.modname);
26927c478bd9Sstevel@tonic-gate 	} else
26937c478bd9Sstevel@tonic-gate 		return (NULL);
26947c478bd9Sstevel@tonic-gate } /* kgss_get_kmod */
26957c478bd9Sstevel@tonic-gate 
26967c478bd9Sstevel@tonic-gate static gss_mechanism	kgss_mech_head;
26977c478bd9Sstevel@tonic-gate static gss_mechanism	kgss_mech_tail;
26987c478bd9Sstevel@tonic-gate kmutex_t	__kgss_mech_lock;
26997c478bd9Sstevel@tonic-gate 
27007c478bd9Sstevel@tonic-gate /*
27017c478bd9Sstevel@tonic-gate  * See if there is kernel mechanism module, and if so, attempt to
27027c478bd9Sstevel@tonic-gate  * load it and reset the pointer (gss_mechanism) to the sign/seal/etc.
27037c478bd9Sstevel@tonic-gate  * entry points to that of the kernel module.
27047c478bd9Sstevel@tonic-gate  */
27057c478bd9Sstevel@tonic-gate static void
__kgss_reset_mech(gss_mechanism * mechp,gss_OID mech_oid)27067c478bd9Sstevel@tonic-gate __kgss_reset_mech(gss_mechanism *mechp, gss_OID mech_oid)
27077c478bd9Sstevel@tonic-gate {
27087c478bd9Sstevel@tonic-gate 	gss_mechanism mech;
27097c478bd9Sstevel@tonic-gate 	char *kmod;
27107c478bd9Sstevel@tonic-gate 
27117c478bd9Sstevel@tonic-gate 	/*
27127c478bd9Sstevel@tonic-gate 	 * We can search the list without a mutex, becuase the list never
27137c478bd9Sstevel@tonic-gate 	 * shrinks and we always add to the end.
27147c478bd9Sstevel@tonic-gate 	 */
27157c478bd9Sstevel@tonic-gate 	mech = __kgss_get_mechanism(mech_oid);
27167c478bd9Sstevel@tonic-gate 	if (mech) {
27177c478bd9Sstevel@tonic-gate 		*mechp = mech;
27187c478bd9Sstevel@tonic-gate 		return;
27197c478bd9Sstevel@tonic-gate 	}
27207c478bd9Sstevel@tonic-gate 
27217c478bd9Sstevel@tonic-gate 	/*
27227c478bd9Sstevel@tonic-gate 	 * Get the module name from the kernel.
27237c478bd9Sstevel@tonic-gate 	 */
27247c478bd9Sstevel@tonic-gate 	kmod = kgss_get_kmod(mech_oid);
27257c478bd9Sstevel@tonic-gate 
27267c478bd9Sstevel@tonic-gate 	if (kmod) {
272743d5cd3dSjohnlev 		extern int modload(const char *, const char *);
27287c478bd9Sstevel@tonic-gate 		if (modload("misc/kgss", kmod) < 0) {
27297c478bd9Sstevel@tonic-gate 			/*
27307c478bd9Sstevel@tonic-gate 			 * Modload of 'kmod' failed, so log an
27317c478bd9Sstevel@tonic-gate 			 * appropriate comment
27327c478bd9Sstevel@tonic-gate 			 */
27337c478bd9Sstevel@tonic-gate 			cmn_err(CE_NOTE, "kgss_reset_mech: Algorithm modload "
2734b97d6ca7SMilan Jurik 			    "(%s) failed. Userland gssd will now handle "
2735b97d6ca7SMilan Jurik 			    "all GSSAPI calls, which may result in "
2736b97d6ca7SMilan Jurik 			    "reduced performance.\n", kmod);
27377c478bd9Sstevel@tonic-gate 		};
27387c478bd9Sstevel@tonic-gate 
27397c478bd9Sstevel@tonic-gate 		/*
27407c478bd9Sstevel@tonic-gate 		 * Allocated in the XDR routine called by gss_get_kmod_1().
27417c478bd9Sstevel@tonic-gate 		 */
27427c478bd9Sstevel@tonic-gate 		FREE(kmod, strlen(kmod)+1);
27437c478bd9Sstevel@tonic-gate 
27447c478bd9Sstevel@tonic-gate 		mech = __kgss_get_mechanism(mech_oid);
27457c478bd9Sstevel@tonic-gate 		if (mech) {
27467c478bd9Sstevel@tonic-gate 			*mechp = mech;
27477c478bd9Sstevel@tonic-gate 		}
27487c478bd9Sstevel@tonic-gate 
27497c478bd9Sstevel@tonic-gate 		/*
27507c478bd9Sstevel@tonic-gate 		 * If for some reason the module load didn't take,
27517c478bd9Sstevel@tonic-gate 		 * we return anyway and hope that the next context
27527c478bd9Sstevel@tonic-gate 		 * creation succeeds.
27537c478bd9Sstevel@tonic-gate 		 */
27547c478bd9Sstevel@tonic-gate 		return;
27557c478bd9Sstevel@tonic-gate 	}
27567c478bd9Sstevel@tonic-gate 
27577c478bd9Sstevel@tonic-gate 
27587c478bd9Sstevel@tonic-gate 	/*
27597c478bd9Sstevel@tonic-gate 	 * No kernel module, so enter this mech oid into the list
27607c478bd9Sstevel@tonic-gate 	 * using the default sign/seal/etc. operations that upcall to
27617c478bd9Sstevel@tonic-gate 	 * gssd.
27627c478bd9Sstevel@tonic-gate 	 */
27637c478bd9Sstevel@tonic-gate 	mutex_enter(&__kgss_mech_lock);
27647c478bd9Sstevel@tonic-gate 	mech = __kgss_get_mechanism(mech_oid);
27657c478bd9Sstevel@tonic-gate 	if (mech) {
27667c478bd9Sstevel@tonic-gate 		mutex_exit(&__kgss_mech_lock);
27677c478bd9Sstevel@tonic-gate 		*mechp = mech;
27687c478bd9Sstevel@tonic-gate 		return;
27697c478bd9Sstevel@tonic-gate 	}
27707c478bd9Sstevel@tonic-gate 
27717c478bd9Sstevel@tonic-gate 	/*
27727c478bd9Sstevel@tonic-gate 	 * Allocate space for the mechanism entry.
27737c478bd9Sstevel@tonic-gate 	 */
27747c478bd9Sstevel@tonic-gate 	mech = kmem_zalloc(sizeof (struct gss_config), KM_SLEEP);
27757c478bd9Sstevel@tonic-gate 
27767c478bd9Sstevel@tonic-gate 	/*
27777c478bd9Sstevel@tonic-gate 	 * Copy basic information from default mechanism struct.
27787c478bd9Sstevel@tonic-gate 	 */
27797c478bd9Sstevel@tonic-gate 	*mech = default_gc;
27807c478bd9Sstevel@tonic-gate 
27817c478bd9Sstevel@tonic-gate 	/*
27827c478bd9Sstevel@tonic-gate 	 * Record the real mech OID.
27837c478bd9Sstevel@tonic-gate 	 */
27847c478bd9Sstevel@tonic-gate 	mech->mech_type.length = mech_oid->length;
27857c478bd9Sstevel@tonic-gate 	mech->mech_type.elements = MALLOC(mech_oid->length);
27867c478bd9Sstevel@tonic-gate 	bcopy(mech_oid->elements,  mech->mech_type.elements, mech_oid->length);
27877c478bd9Sstevel@tonic-gate 
27887c478bd9Sstevel@tonic-gate 	/*
27897c478bd9Sstevel@tonic-gate 	 * Add it to the table.
27907c478bd9Sstevel@tonic-gate 	 */
27917c478bd9Sstevel@tonic-gate 	__kgss_add_mechanism(mech);
27927c478bd9Sstevel@tonic-gate 	mutex_exit(&__kgss_mech_lock);
27937c478bd9Sstevel@tonic-gate 	*mechp = mech;
27947c478bd9Sstevel@tonic-gate }
27957c478bd9Sstevel@tonic-gate 
27967c478bd9Sstevel@tonic-gate /*
27977c478bd9Sstevel@tonic-gate  * Called with __kgss_mech_lock held.
27987c478bd9Sstevel@tonic-gate  */
27997c478bd9Sstevel@tonic-gate void
__kgss_add_mechanism(gss_mechanism mech)28007c478bd9Sstevel@tonic-gate __kgss_add_mechanism(gss_mechanism mech)
28017c478bd9Sstevel@tonic-gate {
28027c478bd9Sstevel@tonic-gate 	gss_mechanism tmp;
28037c478bd9Sstevel@tonic-gate 
28047c478bd9Sstevel@tonic-gate 	tmp = kgss_mech_tail;
28057c478bd9Sstevel@tonic-gate 	kgss_mech_tail = mech;
28067c478bd9Sstevel@tonic-gate 
28077c478bd9Sstevel@tonic-gate 	if (tmp != NULL)
28087c478bd9Sstevel@tonic-gate 		tmp->next = mech;
28097c478bd9Sstevel@tonic-gate 
28107c478bd9Sstevel@tonic-gate 	if (kgss_mech_head == NULL)
28117c478bd9Sstevel@tonic-gate 		kgss_mech_head = mech;
28127c478bd9Sstevel@tonic-gate }
28137c478bd9Sstevel@tonic-gate 
28147c478bd9Sstevel@tonic-gate /*
28157c478bd9Sstevel@tonic-gate  *  given the mechs_array and a mechanism OID, return the
28167c478bd9Sstevel@tonic-gate  *  pointer to the mechanism, or NULL if that mechanism is
28177c478bd9Sstevel@tonic-gate  *  not supported.
28187c478bd9Sstevel@tonic-gate  */
28197c478bd9Sstevel@tonic-gate gss_mechanism
__kgss_get_mechanism(gss_OID type)28207c478bd9Sstevel@tonic-gate __kgss_get_mechanism(gss_OID type)
28217c478bd9Sstevel@tonic-gate {
28227c478bd9Sstevel@tonic-gate 	gss_mechanism mech;
28237c478bd9Sstevel@tonic-gate 
28247c478bd9Sstevel@tonic-gate 	mech = kgss_mech_head;
28257c478bd9Sstevel@tonic-gate 
28267c478bd9Sstevel@tonic-gate 	/*
28277c478bd9Sstevel@tonic-gate 	 * Note that a reader can scan this list without the mutex held.
28287c478bd9Sstevel@tonic-gate 	 * This is safe because we always append, and never shrink the list.
28297c478bd9Sstevel@tonic-gate 	 * Moreover, the entry is fully initialized before it is ever
28307c478bd9Sstevel@tonic-gate 	 * added to the list.
28317c478bd9Sstevel@tonic-gate 	 */
28327c478bd9Sstevel@tonic-gate 	while (mech != NULL) {
28337c478bd9Sstevel@tonic-gate 		if ((mech->mech_type.length == type->length) &&
28347c478bd9Sstevel@tonic-gate 		    (bcmp(mech->mech_type.elements, type->elements,
28357c478bd9Sstevel@tonic-gate 		    type->length) == 0))
28367c478bd9Sstevel@tonic-gate 			return (mech);
28377c478bd9Sstevel@tonic-gate 
28387c478bd9Sstevel@tonic-gate 		mech = mech->next;
28397c478bd9Sstevel@tonic-gate 	}
28407c478bd9Sstevel@tonic-gate 	return (NULL);
28417c478bd9Sstevel@tonic-gate }
2842