17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5ab9b2e15Sgtb * Common Development and Distribution License (the "License"). 6ab9b2e15Sgtb * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 225e01956fSGlenn Barry * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 237c478bd9Sstevel@tonic-gate */ 247c478bd9Sstevel@tonic-gate 257c478bd9Sstevel@tonic-gate /* 267c478bd9Sstevel@tonic-gate * This header contains the private mechglue definitions. 27ab9b2e15Sgtb * 287c478bd9Sstevel@tonic-gate */ 297c478bd9Sstevel@tonic-gate 30ab9b2e15Sgtb #ifndef _GSS_MECHGLUEP_H 31ab9b2e15Sgtb #define _GSS_MECHGLUEP_H 327c478bd9Sstevel@tonic-gate 33ab9b2e15Sgtb #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */ 34ab9b2e15Sgtb #include "autoconf.h" 35ab9b2e15Sgtb #endif 367c478bd9Sstevel@tonic-gate 37ab9b2e15Sgtb /* SUNW15resync */ 38ab9b2e15Sgtb #ifndef GSS_DLLIMP 39ab9b2e15Sgtb #define GSS_DLLIMP 40ab9b2e15Sgtb #endif 41ab9b2e15Sgtb 42ab9b2e15Sgtb #include <gssapi/gssapi_ext.h> /* SUNW15resync - mechglue.h in mit 1.5 */ 435e01956fSGlenn Barry #if 0 /* Solaris Kerberos */ 445e01956fSGlenn Barry #include "gssapiP_generic.h" 455e01956fSGlenn Barry #endif 467c478bd9Sstevel@tonic-gate 47ab9b2e15Sgtb #ifdef _KERNEL 48ab9b2e15Sgtb #include <rpc/rpc.h> 49*9c805345SToomas Soome #endif 50ab9b2e15Sgtb 51ab9b2e15Sgtb #ifndef g_OID_copy /* SUNW15resync */ 52ab9b2e15Sgtb #define g_OID_copy(o1, o2) \ 53ab9b2e15Sgtb do { \ 54ab9b2e15Sgtb memcpy((o1)->elements, (o2)->elements, (o2)->length); \ 55ab9b2e15Sgtb (o1)->length = (o2)->length; \ 56ab9b2e15Sgtb } while (0) 577c478bd9Sstevel@tonic-gate #endif 587c478bd9Sstevel@tonic-gate 59ab9b2e15Sgtb #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ 60ab9b2e15Sgtb (buf)->value == NULL || (buf)->length == 0) 61ab9b2e15Sgtb 627c478bd9Sstevel@tonic-gate /* 637c478bd9Sstevel@tonic-gate * Array of context IDs typed by mechanism OID 647c478bd9Sstevel@tonic-gate */ 657c478bd9Sstevel@tonic-gate typedef struct gss_union_ctx_id_t { 667c478bd9Sstevel@tonic-gate gss_OID mech_type; 677c478bd9Sstevel@tonic-gate gss_ctx_id_t internal_ctx_id; 687c478bd9Sstevel@tonic-gate } gss_union_ctx_id_desc, *gss_union_ctx_id_t; 697c478bd9Sstevel@tonic-gate 707c478bd9Sstevel@tonic-gate /* 717c478bd9Sstevel@tonic-gate * Generic GSSAPI names. A name can either be a generic name, or a 727c478bd9Sstevel@tonic-gate * mechanism specific name.... 737c478bd9Sstevel@tonic-gate */ 74ba7b222eSGlenn Barry typedef struct gss_name_struct { 75ba7b222eSGlenn Barry struct gss_name_struct *loopback; 767c478bd9Sstevel@tonic-gate gss_OID name_type; 777c478bd9Sstevel@tonic-gate gss_buffer_t external_name; 787c478bd9Sstevel@tonic-gate /* 797c478bd9Sstevel@tonic-gate * These last two fields are only filled in for mechanism 807c478bd9Sstevel@tonic-gate * names. 817c478bd9Sstevel@tonic-gate */ 827c478bd9Sstevel@tonic-gate gss_OID mech_type; 837c478bd9Sstevel@tonic-gate gss_name_t mech_name; 847c478bd9Sstevel@tonic-gate } gss_union_name_desc, *gss_union_name_t; 857c478bd9Sstevel@tonic-gate 867c478bd9Sstevel@tonic-gate /* 877c478bd9Sstevel@tonic-gate * Structure for holding list of mechanism-specific name types 887c478bd9Sstevel@tonic-gate */ 897c478bd9Sstevel@tonic-gate typedef struct gss_mech_spec_name_t { 90ab9b2e15Sgtb gss_OID name_type; 91ab9b2e15Sgtb gss_OID mech; 92ab9b2e15Sgtb struct gss_mech_spec_name_t *next, *prev; 937c478bd9Sstevel@tonic-gate } gss_mech_spec_name_desc, *gss_mech_spec_name; 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate /* 967c478bd9Sstevel@tonic-gate * Credential auxiliary info, used in the credential structure 977c478bd9Sstevel@tonic-gate */ 987c478bd9Sstevel@tonic-gate typedef struct gss_union_cred_auxinfo { 997c478bd9Sstevel@tonic-gate gss_buffer_desc name; 1007c478bd9Sstevel@tonic-gate gss_OID name_type; 1017c478bd9Sstevel@tonic-gate OM_uint32 creation_time; 1027c478bd9Sstevel@tonic-gate OM_uint32 time_rec; 1037c478bd9Sstevel@tonic-gate int cred_usage; 1047c478bd9Sstevel@tonic-gate } gss_union_cred_auxinfo; 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate /* 1077c478bd9Sstevel@tonic-gate * Set of Credentials typed on mechanism OID 1087c478bd9Sstevel@tonic-gate */ 1097c478bd9Sstevel@tonic-gate typedef struct gss_union_cred_t { 1107c478bd9Sstevel@tonic-gate int count; 1117c478bd9Sstevel@tonic-gate gss_OID mechs_array; 112ab9b2e15Sgtb gss_cred_id_t *cred_array; 1137c478bd9Sstevel@tonic-gate gss_union_cred_auxinfo auxinfo; 1147c478bd9Sstevel@tonic-gate } gss_union_cred_desc, *gss_union_cred_t; 1157c478bd9Sstevel@tonic-gate 116ab9b2e15Sgtb /* Solaris Kerberos */ 1177c478bd9Sstevel@tonic-gate typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)( 1187c478bd9Sstevel@tonic-gate void *, /* context */ 1197c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 1207c478bd9Sstevel@tonic-gate const gss_name_t, /* desired_name */ 1217c478bd9Sstevel@tonic-gate const gss_buffer_t, /* password */ 1227c478bd9Sstevel@tonic-gate OM_uint32, /* time_req */ 1237c478bd9Sstevel@tonic-gate const gss_OID_set, /* desired_mechs */ 1247c478bd9Sstevel@tonic-gate int, /* cred_usage */ 1257c478bd9Sstevel@tonic-gate gss_cred_id_t *, /* output_cred_handle */ 1267c478bd9Sstevel@tonic-gate gss_OID_set *, /* actual_mechs */ 1277c478bd9Sstevel@tonic-gate OM_uint32 * /* time_rec */ 1287c478bd9Sstevel@tonic-gate /* */); 1297c478bd9Sstevel@tonic-gate 1305e01956fSGlenn Barry /* 1315e01956fSGlenn Barry * Rudimentary pointer validation macro to check whether the 1325e01956fSGlenn Barry * "loopback" field of an opaque struct points back to itself. This 1335e01956fSGlenn Barry * field also catches some programming errors where an opaque pointer 1345e01956fSGlenn Barry * is passed to a function expecting the address of the opaque 1355e01956fSGlenn Barry * pointer. 1365e01956fSGlenn Barry */ 1375e01956fSGlenn Barry #if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */ 1385e01956fSGlenn Barry #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p))) 1395e01956fSGlenn Barry #else 1405e01956fSGlenn Barry #define GSSINT_CHK_LOOP(p) ((p) == NULL) 1415e01956fSGlenn Barry #endif 142ab9b2e15Sgtb 143ab9b2e15Sgtb 144ab9b2e15Sgtb /********************************************************/ 145ab9b2e15Sgtb /* The Mechanism Dispatch Table -- a mechanism needs to */ 146ab9b2e15Sgtb /* define one of these and provide a function to return */ 147ab9b2e15Sgtb /* it to initialize the GSSAPI library */ 148ab9b2e15Sgtb 1497c478bd9Sstevel@tonic-gate /* 1507c478bd9Sstevel@tonic-gate * This is the definition of the mechs_array struct, which is used to 1517c478bd9Sstevel@tonic-gate * define the mechs array table. This table is used to indirectly 1527c478bd9Sstevel@tonic-gate * access mechanism specific versions of the gssapi routines through 1537c478bd9Sstevel@tonic-gate * the routines in the glue module (gssd_mech_glue.c) 1547c478bd9Sstevel@tonic-gate * 155ab9b2e15Sgtb * This contants all of the functions defined in gssapi.h except for 1567c478bd9Sstevel@tonic-gate * gss_release_buffer() and gss_release_oid_set(), which I am 157*9c805345SToomas Soome * assuming, for now, to be equal across mechanisms. 1587c478bd9Sstevel@tonic-gate */ 159*9c805345SToomas Soome 1607c478bd9Sstevel@tonic-gate typedef struct gss_config { 161ab9b2e15Sgtb #if 0 /* Solaris Kerberos */ 162ab9b2e15Sgtb OM_uint32 priority; 163ab9b2e15Sgtb char * mechNameStr; 164ab9b2e15Sgtb #endif 165ab9b2e15Sgtb gss_OID_desc mech_type; 166ab9b2e15Sgtb void * context; 1677c478bd9Sstevel@tonic-gate #ifdef _KERNEL 168ab9b2e15Sgtb struct gss_config *next; 169ab9b2e15Sgtb bool_t uses_kmod; 1707c478bd9Sstevel@tonic-gate #endif 1717c478bd9Sstevel@tonic-gate 1727c478bd9Sstevel@tonic-gate #ifndef _KERNEL 1737c478bd9Sstevel@tonic-gate OM_uint32 (*gss_acquire_cred) 1747c478bd9Sstevel@tonic-gate ( 1757c478bd9Sstevel@tonic-gate void *, /* context */ 176ba7b222eSGlenn Barry 1777c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 1787c478bd9Sstevel@tonic-gate const gss_name_t, /* desired_name */ 1797c478bd9Sstevel@tonic-gate OM_uint32, /* time_req */ 1807c478bd9Sstevel@tonic-gate const gss_OID_set, /* desired_mechs */ 1817c478bd9Sstevel@tonic-gate int, /* cred_usage */ 1827c478bd9Sstevel@tonic-gate gss_cred_id_t *, /* output_cred_handle */ 1837c478bd9Sstevel@tonic-gate gss_OID_set *, /* actual_mechs */ 1847c478bd9Sstevel@tonic-gate OM_uint32 * /* time_rec */ 1857c478bd9Sstevel@tonic-gate /* */); 1867c478bd9Sstevel@tonic-gate OM_uint32 (*gss_release_cred) 1877c478bd9Sstevel@tonic-gate ( 188ba7b222eSGlenn Barry 1897c478bd9Sstevel@tonic-gate void *, /* context */ 1907c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 1917c478bd9Sstevel@tonic-gate gss_cred_id_t * /* cred_handle */ 1927c478bd9Sstevel@tonic-gate /* */); 1937c478bd9Sstevel@tonic-gate OM_uint32 (*gss_init_sec_context) 1947c478bd9Sstevel@tonic-gate ( 1957c478bd9Sstevel@tonic-gate void *, /* context */ 1967c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 1977c478bd9Sstevel@tonic-gate const gss_cred_id_t, /* claimant_cred_handle */ 1987c478bd9Sstevel@tonic-gate gss_ctx_id_t *, /* context_handle */ 1997c478bd9Sstevel@tonic-gate const gss_name_t, /* target_name */ 2007c478bd9Sstevel@tonic-gate const gss_OID, /* mech_type */ 2017c478bd9Sstevel@tonic-gate OM_uint32, /* req_flags */ 2027c478bd9Sstevel@tonic-gate OM_uint32, /* time_req */ 2037c478bd9Sstevel@tonic-gate const gss_channel_bindings_t, /* input_chan_bindings */ 2047c478bd9Sstevel@tonic-gate const gss_buffer_t, /* input_token */ 2057c478bd9Sstevel@tonic-gate gss_OID*, /* actual_mech_type */ 2067c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_token */ 2077c478bd9Sstevel@tonic-gate OM_uint32 *, /* ret_flags */ 2087c478bd9Sstevel@tonic-gate OM_uint32 * /* time_rec */ 2097c478bd9Sstevel@tonic-gate /* */); 2107c478bd9Sstevel@tonic-gate OM_uint32 (*gss_accept_sec_context) 2117c478bd9Sstevel@tonic-gate ( 2127c478bd9Sstevel@tonic-gate void *, /* context */ 2137c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2147c478bd9Sstevel@tonic-gate gss_ctx_id_t *, /* context_handle */ 2157c478bd9Sstevel@tonic-gate const gss_cred_id_t, /* verifier_cred_handle */ 2167c478bd9Sstevel@tonic-gate const gss_buffer_t, /* input_token_buffer */ 2177c478bd9Sstevel@tonic-gate const gss_channel_bindings_t, /* input_chan_bindings */ 2187c478bd9Sstevel@tonic-gate gss_name_t *, /* src_name */ 2197c478bd9Sstevel@tonic-gate gss_OID*, /* mech_type */ 2207c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_token */ 2217c478bd9Sstevel@tonic-gate OM_uint32 *, /* ret_flags */ 2227c478bd9Sstevel@tonic-gate OM_uint32 *, /* time_rec */ 2237c478bd9Sstevel@tonic-gate gss_cred_id_t * /* delegated_cred_handle */ 2247c478bd9Sstevel@tonic-gate /* */); 2257c478bd9Sstevel@tonic-gate #endif /* ! _KERNEL */ 2267c478bd9Sstevel@tonic-gate 2277c478bd9Sstevel@tonic-gate /* 2287c478bd9Sstevel@tonic-gate * Note: there are two gss_unseal's in here. Make any changes to both. 2297c478bd9Sstevel@tonic-gate */ 2307c478bd9Sstevel@tonic-gate OM_uint32 (*gss_unseal) 2317c478bd9Sstevel@tonic-gate ( 2327c478bd9Sstevel@tonic-gate void *, /* context */ 2337c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2347c478bd9Sstevel@tonic-gate const gss_ctx_id_t, /* context_handle */ 2357c478bd9Sstevel@tonic-gate const gss_buffer_t, /* input_message_buffer */ 2367c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_message_buffer */ 2377c478bd9Sstevel@tonic-gate int *, /* conf_state */ 2387c478bd9Sstevel@tonic-gate int * /* qop_state */ 2397c478bd9Sstevel@tonic-gate #ifdef _KERNEL 2407c478bd9Sstevel@tonic-gate /* */, OM_uint32 2417c478bd9Sstevel@tonic-gate #endif 2427c478bd9Sstevel@tonic-gate /* */); 2437c478bd9Sstevel@tonic-gate #ifndef _KERNEL 2447c478bd9Sstevel@tonic-gate OM_uint32 (*gss_process_context_token) 2457c478bd9Sstevel@tonic-gate ( 2467c478bd9Sstevel@tonic-gate void *, /* context */ 2477c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2487c478bd9Sstevel@tonic-gate const gss_ctx_id_t, /* context_handle */ 2497c478bd9Sstevel@tonic-gate const gss_buffer_t /* token_buffer */ 2507c478bd9Sstevel@tonic-gate /* */); 2517c478bd9Sstevel@tonic-gate #endif /* ! _KERNEL */ 2527c478bd9Sstevel@tonic-gate OM_uint32 (*gss_delete_sec_context) 2537c478bd9Sstevel@tonic-gate ( 2547c478bd9Sstevel@tonic-gate void *, /* context */ 2557c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2567c478bd9Sstevel@tonic-gate gss_ctx_id_t *, /* context_handle */ 2577c478bd9Sstevel@tonic-gate gss_buffer_t /* output_token */ 2587c478bd9Sstevel@tonic-gate #ifdef _KERNEL 2597c478bd9Sstevel@tonic-gate /* */, OM_uint32 2607c478bd9Sstevel@tonic-gate #endif 2617c478bd9Sstevel@tonic-gate /* */); 2627c478bd9Sstevel@tonic-gate #ifndef _KERNEL 2637c478bd9Sstevel@tonic-gate OM_uint32 (*gss_context_time) 2647c478bd9Sstevel@tonic-gate ( 2657c478bd9Sstevel@tonic-gate void *, /* context */ 2667c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2677c478bd9Sstevel@tonic-gate const gss_ctx_id_t, /* context_handle */ 2687c478bd9Sstevel@tonic-gate OM_uint32 * /* time_rec */ 2697c478bd9Sstevel@tonic-gate /* */); 2707c478bd9Sstevel@tonic-gate OM_uint32 (*gss_display_status) 2717c478bd9Sstevel@tonic-gate ( 2727c478bd9Sstevel@tonic-gate void *, /* context */ 2737c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2747c478bd9Sstevel@tonic-gate OM_uint32, /* status_value */ 2757c478bd9Sstevel@tonic-gate int, /* status_type */ 2767c478bd9Sstevel@tonic-gate const gss_OID, /* mech_type */ 2777c478bd9Sstevel@tonic-gate OM_uint32 *, /* message_context */ 2787c478bd9Sstevel@tonic-gate gss_buffer_t /* status_string */ 2797c478bd9Sstevel@tonic-gate /* */); 2807c478bd9Sstevel@tonic-gate OM_uint32 (*gss_indicate_mechs) 2817c478bd9Sstevel@tonic-gate ( 2827c478bd9Sstevel@tonic-gate void *, /* context */ 2837c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2847c478bd9Sstevel@tonic-gate gss_OID_set * /* mech_set */ 2857c478bd9Sstevel@tonic-gate /* */); 2867c478bd9Sstevel@tonic-gate OM_uint32 (*gss_compare_name) 2877c478bd9Sstevel@tonic-gate ( 2887c478bd9Sstevel@tonic-gate void *, /* context */ 2897c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2907c478bd9Sstevel@tonic-gate const gss_name_t, /* name1 */ 2917c478bd9Sstevel@tonic-gate const gss_name_t, /* name2 */ 2927c478bd9Sstevel@tonic-gate int * /* name_equal */ 2937c478bd9Sstevel@tonic-gate /* */); 2947c478bd9Sstevel@tonic-gate OM_uint32 (*gss_display_name) 2957c478bd9Sstevel@tonic-gate ( 2967c478bd9Sstevel@tonic-gate void *, /* context */ 2977c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 2987c478bd9Sstevel@tonic-gate const gss_name_t, /* input_name */ 2997c478bd9Sstevel@tonic-gate gss_buffer_t, /* output_name_buffer */ 3007c478bd9Sstevel@tonic-gate gss_OID* /* output_name_type */ 3017c478bd9Sstevel@tonic-gate /* */); 3027c478bd9Sstevel@tonic-gate OM_uint32 (*gss_import_name) 3037c478bd9Sstevel@tonic-gate ( 3047c478bd9Sstevel@tonic-gate void *, /* context */ 3057c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3067c478bd9Sstevel@tonic-gate const gss_buffer_t, /* input_name_buffer */ 3077c478bd9Sstevel@tonic-gate const gss_OID, /* input_name_type */ 3087c478bd9Sstevel@tonic-gate gss_name_t * /* output_name */ 3097c478bd9Sstevel@tonic-gate /* */); 3107c478bd9Sstevel@tonic-gate OM_uint32 (*gss_release_name) 3117c478bd9Sstevel@tonic-gate ( 3127c478bd9Sstevel@tonic-gate void *, /* context */ 3137c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3147c478bd9Sstevel@tonic-gate gss_name_t * /* input_name */ 3157c478bd9Sstevel@tonic-gate /* */); 3167c478bd9Sstevel@tonic-gate OM_uint32 (*gss_inquire_cred) 3177c478bd9Sstevel@tonic-gate ( 3187c478bd9Sstevel@tonic-gate void *, /* context */ 3197c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3207c478bd9Sstevel@tonic-gate const gss_cred_id_t, /* cred_handle */ 3217c478bd9Sstevel@tonic-gate gss_name_t *, /* name */ 3227c478bd9Sstevel@tonic-gate OM_uint32 *, /* lifetime */ 3237c478bd9Sstevel@tonic-gate int *, /* cred_usage */ 3247c478bd9Sstevel@tonic-gate gss_OID_set * /* mechanisms */ 3257c478bd9Sstevel@tonic-gate /* */); 3267c478bd9Sstevel@tonic-gate OM_uint32 (*gss_add_cred) 3277c478bd9Sstevel@tonic-gate ( 3287c478bd9Sstevel@tonic-gate void *, /* context */ 3297c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3307c478bd9Sstevel@tonic-gate const gss_cred_id_t, /* input_cred_handle */ 3317c478bd9Sstevel@tonic-gate const gss_name_t, /* desired_name */ 3327c478bd9Sstevel@tonic-gate const gss_OID, /* desired_mech */ 3337c478bd9Sstevel@tonic-gate gss_cred_usage_t, /* cred_usage */ 3347c478bd9Sstevel@tonic-gate OM_uint32, /* initiator_time_req */ 3357c478bd9Sstevel@tonic-gate OM_uint32, /* acceptor_time_req */ 3367c478bd9Sstevel@tonic-gate gss_cred_id_t *, /* output_cred_handle */ 3377c478bd9Sstevel@tonic-gate gss_OID_set *, /* actual_mechs */ 3387c478bd9Sstevel@tonic-gate OM_uint32 *, /* initiator_time_rec */ 3397c478bd9Sstevel@tonic-gate OM_uint32 * /* acceptor_time_rec */ 3407c478bd9Sstevel@tonic-gate /* */); 3417c478bd9Sstevel@tonic-gate #endif /* ! _KERNEL */ 3427c478bd9Sstevel@tonic-gate /* 3437c478bd9Sstevel@tonic-gate * Note: there are two gss_seal's in here. Make any changes to both. 3447c478bd9Sstevel@tonic-gate */ 3457c478bd9Sstevel@tonic-gate OM_uint32 (*gss_seal) 3467c478bd9Sstevel@tonic-gate ( 3477c478bd9Sstevel@tonic-gate void *, /* context */ 3487c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3497c478bd9Sstevel@tonic-gate const gss_ctx_id_t, /* context_handle */ 3507c478bd9Sstevel@tonic-gate int, /* conf_req_flag */ 3517c478bd9Sstevel@tonic-gate int, /* qop_req */ 3527c478bd9Sstevel@tonic-gate const gss_buffer_t, /* input_message_buffer */ 3537c478bd9Sstevel@tonic-gate int *, /* conf_state */ 3547c478bd9Sstevel@tonic-gate gss_buffer_t /* output_message_buffer */ 3557c478bd9Sstevel@tonic-gate #ifdef _KERNEL 3567c478bd9Sstevel@tonic-gate /* */, OM_uint32 3577c478bd9Sstevel@tonic-gate #endif 3587c478bd9Sstevel@tonic-gate /* */); 3597c478bd9Sstevel@tonic-gate #ifndef _KERNEL 3607c478bd9Sstevel@tonic-gate OM_uint32 (*gss_export_sec_context) 3617c478bd9Sstevel@tonic-gate ( 3627c478bd9Sstevel@tonic-gate void *, /* context */ 3637c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3647c478bd9Sstevel@tonic-gate gss_ctx_id_t *, /* context_handle */ 3657c478bd9Sstevel@tonic-gate gss_buffer_t /* interprocess_token */ 3667c478bd9Sstevel@tonic-gate /* */); 3677c478bd9Sstevel@tonic-gate #endif /* ! _KERNEL */ 3687c478bd9Sstevel@tonic-gate OM_uint32 (*gss_import_sec_context) 3697c478bd9Sstevel@tonic-gate ( 3707c478bd9Sstevel@tonic-gate void *, /* context */ 3717c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3727c478bd9Sstevel@tonic-gate const gss_buffer_t, /* interprocess_token */ 3737c478bd9Sstevel@tonic-gate gss_ctx_id_t * /* context_handle */ 3747c478bd9Sstevel@tonic-gate /* */); 3757c478bd9Sstevel@tonic-gate #ifndef _KERNEL 3767c478bd9Sstevel@tonic-gate OM_uint32 (*gss_inquire_cred_by_mech) 3777c478bd9Sstevel@tonic-gate ( 3787c478bd9Sstevel@tonic-gate void *, /* context */ 3797c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3807c478bd9Sstevel@tonic-gate const gss_cred_id_t, /* cred_handle */ 3817c478bd9Sstevel@tonic-gate const gss_OID, /* mech_type */ 3827c478bd9Sstevel@tonic-gate gss_name_t *, /* name */ 3837c478bd9Sstevel@tonic-gate OM_uint32 *, /* initiator_lifetime */ 3847c478bd9Sstevel@tonic-gate OM_uint32 *, /* acceptor_lifetime */ 3857c478bd9Sstevel@tonic-gate gss_cred_usage_t * /* cred_usage */ 3867c478bd9Sstevel@tonic-gate /* */); 3877c478bd9Sstevel@tonic-gate OM_uint32 (*gss_inquire_names_for_mech) 3887c478bd9Sstevel@tonic-gate ( 3897c478bd9Sstevel@tonic-gate void *, /* context */ 3907c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3917c478bd9Sstevel@tonic-gate const gss_OID, /* mechanism */ 3927c478bd9Sstevel@tonic-gate gss_OID_set * /* name_types */ 3937c478bd9Sstevel@tonic-gate /* */); 3947c478bd9Sstevel@tonic-gate OM_uint32 (*gss_inquire_context) 3957c478bd9Sstevel@tonic-gate ( 3967c478bd9Sstevel@tonic-gate void *, /* context */ 3977c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 3987c478bd9Sstevel@tonic-gate const gss_ctx_id_t, /* context_handle */ 3997c478bd9Sstevel@tonic-gate gss_name_t *, /* src_name */ 4007c478bd9Sstevel@tonic-gate gss_name_t *, /* targ_name */ 4017c478bd9Sstevel@tonic-gate OM_uint32 *, /* lifetime_rec */ 4027c478bd9Sstevel@tonic-gate gss_OID *, /* mech_type */ 4037c478bd9Sstevel@tonic-gate OM_uint32 *, /* ctx_flags */ 4047c478bd9Sstevel@tonic-gate int *, /* locally_initiated */ 4057c478bd9Sstevel@tonic-gate int * /* open */ 4067c478bd9Sstevel@tonic-gate /* */); 4077c478bd9Sstevel@tonic-gate OM_uint32 (*gss_internal_release_oid) 4087c478bd9Sstevel@tonic-gate ( 4097c478bd9Sstevel@tonic-gate void *, /* context */ 4107c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 4117c478bd9Sstevel@tonic-gate gss_OID * /* OID */ 4127c478bd9Sstevel@tonic-gate /* */); 4137c478bd9Sstevel@tonic-gate OM_uint32 (*gss_wrap_size_limit) 4147c478bd9Sstevel@tonic-gate ( 4157c478bd9Sstevel@tonic-gate void *, /* context */ 4167c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 4177c478bd9Sstevel@tonic-gate const gss_ctx_id_t, /* context_handle */ 4187c478bd9Sstevel@tonic-gate int, /* conf_req_flag */ 4197c478bd9Sstevel@tonic-gate gss_qop_t, /* qop_req */ 4207c478bd9Sstevel@tonic-gate OM_uint32, /* req_output_size */ 4217c478bd9Sstevel@tonic-gate OM_uint32 * /* max_input_size */ 4227c478bd9Sstevel@tonic-gate /* */); 4237c478bd9Sstevel@tonic-gate OM_uint32 (*pname_to_uid) 4247c478bd9Sstevel@tonic-gate ( 4257c478bd9Sstevel@tonic-gate void *, /* context */ 4267c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 4277c478bd9Sstevel@tonic-gate const gss_name_t, /* pname */ 4287c478bd9Sstevel@tonic-gate uid_t * /* uid */ 4297c478bd9Sstevel@tonic-gate /* */); 4307c478bd9Sstevel@tonic-gate OM_uint32 (*__gss_userok) 4317c478bd9Sstevel@tonic-gate ( 4327c478bd9Sstevel@tonic-gate void *, /* context */ 4337c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 4347c478bd9Sstevel@tonic-gate const gss_name_t, /* pname */ 4357c478bd9Sstevel@tonic-gate const char *, /* local user */ 4367c478bd9Sstevel@tonic-gate int * /* user ok? */ 4377c478bd9Sstevel@tonic-gate /* */); 4387c478bd9Sstevel@tonic-gate OM_uint32 (*gss_export_name) 4397c478bd9Sstevel@tonic-gate ( 4407c478bd9Sstevel@tonic-gate void *, /* context */ 4417c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 4427c478bd9Sstevel@tonic-gate const gss_name_t, /* input_name */ 4437c478bd9Sstevel@tonic-gate gss_buffer_t /* exported_name */ 4447c478bd9Sstevel@tonic-gate /* */); 4457c478bd9Sstevel@tonic-gate #endif /* ! _KERNEL */ 4467c478bd9Sstevel@tonic-gate OM_uint32 (*gss_sign) 4477c478bd9Sstevel@tonic-gate ( 4487c478bd9Sstevel@tonic-gate void *, /* context */ 4497c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 4507c478bd9Sstevel@tonic-gate const gss_ctx_id_t, /* context_handle */ 4517c478bd9Sstevel@tonic-gate int, /* qop_req */ 4527c478bd9Sstevel@tonic-gate const gss_buffer_t, /* message_buffer */ 4537c478bd9Sstevel@tonic-gate gss_buffer_t /* message_token */ 4547c478bd9Sstevel@tonic-gate #ifdef _KERNEL 4557c478bd9Sstevel@tonic-gate /* */, OM_uint32 4567c478bd9Sstevel@tonic-gate #endif 4577c478bd9Sstevel@tonic-gate /* */); 4587c478bd9Sstevel@tonic-gate OM_uint32 (*gss_verify) 4597c478bd9Sstevel@tonic-gate ( 4607c478bd9Sstevel@tonic-gate void *, /* context */ 4617c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 4627c478bd9Sstevel@tonic-gate const gss_ctx_id_t, /* context_handle */ 4637c478bd9Sstevel@tonic-gate const gss_buffer_t, /* message_buffer */ 4647c478bd9Sstevel@tonic-gate const gss_buffer_t, /* token_buffer */ 4657c478bd9Sstevel@tonic-gate int * /* qop_state */ 4667c478bd9Sstevel@tonic-gate #ifdef _KERNEL 4677c478bd9Sstevel@tonic-gate /* */, OM_uint32 4687c478bd9Sstevel@tonic-gate #endif 4697c478bd9Sstevel@tonic-gate /* */); 4707c478bd9Sstevel@tonic-gate #ifndef _KERNEL 4717c478bd9Sstevel@tonic-gate OM_uint32 (*gss_store_cred) 4727c478bd9Sstevel@tonic-gate ( 4737c478bd9Sstevel@tonic-gate void *, /* context */ 4747c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 4757c478bd9Sstevel@tonic-gate const gss_cred_id_t, /* input_cred */ 4767c478bd9Sstevel@tonic-gate gss_cred_usage_t, /* cred_usage */ 4777c478bd9Sstevel@tonic-gate const gss_OID, /* desired_mech */ 4787c478bd9Sstevel@tonic-gate OM_uint32, /* overwrite_cred */ 4797c478bd9Sstevel@tonic-gate OM_uint32, /* default_cred */ 4807c478bd9Sstevel@tonic-gate gss_OID_set *, /* elements_stored */ 4817c478bd9Sstevel@tonic-gate gss_cred_usage_t * /* cred_usage_stored */ 4827c478bd9Sstevel@tonic-gate /* */); 483ba7b222eSGlenn Barry 484ba7b222eSGlenn Barry /* GGF extensions */ 485ba7b222eSGlenn Barry 486ba7b222eSGlenn Barry OM_uint32 (*gss_inquire_sec_context_by_oid) 487ba7b222eSGlenn Barry ( 488ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 489ba7b222eSGlenn Barry const gss_ctx_id_t, /* context_handle */ 490ba7b222eSGlenn Barry const gss_OID, /* OID */ 491ba7b222eSGlenn Barry gss_buffer_set_t * /* data_set */ 492ba7b222eSGlenn Barry /* */); 493ba7b222eSGlenn Barry 4947c478bd9Sstevel@tonic-gate #endif 4957c478bd9Sstevel@tonic-gate } *gss_mechanism; 4967c478bd9Sstevel@tonic-gate 497ab9b2e15Sgtb 498*9c805345SToomas Soome 4997c478bd9Sstevel@tonic-gate #ifndef _KERNEL 5007c478bd9Sstevel@tonic-gate /* This structure MUST NOT be used by any code outside libgss */ 5017c478bd9Sstevel@tonic-gate typedef struct gss_config_ext { 5027c478bd9Sstevel@tonic-gate gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password; 5037c478bd9Sstevel@tonic-gate } *gss_mechanism_ext; 5047c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 5057c478bd9Sstevel@tonic-gate 506ab9b2e15Sgtb 5077c478bd9Sstevel@tonic-gate /* 5087c478bd9Sstevel@tonic-gate * In the user space we use a wrapper structure to encompass the 5097c478bd9Sstevel@tonic-gate * mechanism entry points. The wrapper contain the mechanism 5107c478bd9Sstevel@tonic-gate * entry points and other data which is only relevant to the gss-api 5117c478bd9Sstevel@tonic-gate * layer. In the kernel we use only the gss_config strucutre because 5127c478bd9Sstevel@tonic-gate * the kernal does not cantain any of the extra gss-api specific data. 5137c478bd9Sstevel@tonic-gate */ 5147c478bd9Sstevel@tonic-gate typedef struct gss_mech_config { 5157c478bd9Sstevel@tonic-gate char *kmodName; /* kernel module name */ 5167c478bd9Sstevel@tonic-gate char *uLibName; /* user library name */ 5177c478bd9Sstevel@tonic-gate char *mechNameStr; /* mechanism string name */ 5187c478bd9Sstevel@tonic-gate char *optionStr; /* optional mech parameters */ 5197c478bd9Sstevel@tonic-gate void *dl_handle; /* RTLD object handle for the mech */ 5207c478bd9Sstevel@tonic-gate gss_OID mech_type; /* mechanism oid */ 5217c478bd9Sstevel@tonic-gate gss_mechanism mech; /* mechanism initialization struct */ 522ab9b2e15Sgtb #ifndef _KERNEL 523ab9b2e15Sgtb gss_mechanism_ext mech_ext; /* Solaris extensions */ 524ab9b2e15Sgtb #endif /* _KERNEL */ 5257c478bd9Sstevel@tonic-gate struct gss_mech_config *next; /* next element in the list */ 5267c478bd9Sstevel@tonic-gate } *gss_mech_info; 5277c478bd9Sstevel@tonic-gate 528ab9b2e15Sgtb /********************************************************/ 529ab9b2e15Sgtb /* Internal mechglue routines */ 5307c478bd9Sstevel@tonic-gate 531ab9b2e15Sgtb /* SUNW15resync - Solaris versions - replace w/mit ones? */ 5327c478bd9Sstevel@tonic-gate gss_mechanism __gss_get_mechanism(const gss_OID); 533ab9b2e15Sgtb #ifndef _KERNEL 5347c478bd9Sstevel@tonic-gate gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID); 535ab9b2e15Sgtb #endif /* _KERNEL */ 5367c478bd9Sstevel@tonic-gate char *__gss_get_kmodName(const gss_OID); 5377c478bd9Sstevel@tonic-gate char *__gss_get_modOptions(const gss_OID); 5387c478bd9Sstevel@tonic-gate OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID, 539*9c805345SToomas Soome gss_union_name_t, gss_name_t *); 5407c478bd9Sstevel@tonic-gate OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID, 5417c478bd9Sstevel@tonic-gate const gss_name_t, gss_buffer_t); 5427c478bd9Sstevel@tonic-gate OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID, 5437c478bd9Sstevel@tonic-gate const gss_name_t, gss_buffer_t, gss_OID *); 5447c478bd9Sstevel@tonic-gate OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID, 5457c478bd9Sstevel@tonic-gate gss_name_t *); 5465e01956fSGlenn Barry OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID, 5475e01956fSGlenn Barry gss_ctx_id_t *, gss_buffer_t); 5487c478bd9Sstevel@tonic-gate OM_uint32 __gss_convert_name_to_union_name( 5497c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor_status */ 5507c478bd9Sstevel@tonic-gate gss_mechanism, /* mech */ 5517c478bd9Sstevel@tonic-gate gss_name_t, /* internal_name */ 5527c478bd9Sstevel@tonic-gate gss_name_t * /* external_name */ 5537c478bd9Sstevel@tonic-gate ); 5547c478bd9Sstevel@tonic-gate 555ab9b2e15Sgtb gss_cred_id_t __gss_get_mechanism_cred( 5567c478bd9Sstevel@tonic-gate const gss_union_cred_t, /* union_cred */ 5577c478bd9Sstevel@tonic-gate const gss_OID /* mech_type */ 5587c478bd9Sstevel@tonic-gate ); 5597c478bd9Sstevel@tonic-gate 560ab9b2e15Sgtb 561ab9b2e15Sgtb 562ab9b2e15Sgtb 563ab9b2e15Sgtb 564ab9b2e15Sgtb int gssint_mechglue_init(void); 565ab9b2e15Sgtb void gssint_mechglue_fini(void); 566ab9b2e15Sgtb 567ab9b2e15Sgtb gss_mechanism gssint_get_mechanism (gss_OID); 568ab9b2e15Sgtb OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t); 569ab9b2e15Sgtb char *gssint_get_kmodName(const gss_OID); 570ab9b2e15Sgtb char *gssint_get_modOptions(const gss_OID); 571ab9b2e15Sgtb OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t, 572ab9b2e15Sgtb gss_name_t *); 573ab9b2e15Sgtb OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID, 574ab9b2e15Sgtb const gss_name_t, gss_buffer_t); 575ab9b2e15Sgtb OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t, 576ab9b2e15Sgtb gss_buffer_t, gss_OID *); 577ab9b2e15Sgtb OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *); 578ab9b2e15Sgtb 579ab9b2e15Sgtb OM_uint32 gssint_convert_name_to_union_name 580ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 581ab9b2e15Sgtb gss_mechanism, /* mech */ 582ab9b2e15Sgtb gss_name_t, /* internal_name */ 583ab9b2e15Sgtb gss_name_t * /* external_name */ 584ab9b2e15Sgtb ); 585ab9b2e15Sgtb gss_cred_id_t gssint_get_mechanism_cred 586ab9b2e15Sgtb (gss_union_cred_t, /* union_cred */ 587ab9b2e15Sgtb gss_OID /* mech_type */ 588ab9b2e15Sgtb ); 589ab9b2e15Sgtb 590ab9b2e15Sgtb OM_uint32 gssint_create_copy_buffer( 5917c478bd9Sstevel@tonic-gate const gss_buffer_t, /* src buffer */ 5927c478bd9Sstevel@tonic-gate gss_buffer_t *, /* destination buffer */ 5937c478bd9Sstevel@tonic-gate int /* NULL terminate buffer ? */ 5947c478bd9Sstevel@tonic-gate ); 5957c478bd9Sstevel@tonic-gate 596ab9b2e15Sgtb 597ab9b2e15Sgtb OM_uint32 gssint_copy_oid_set( 598ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 599ab9b2e15Sgtb const gss_OID_set_desc *, /* oid set */ 600ab9b2e15Sgtb gss_OID_set * /* new oid set */ 6017c478bd9Sstevel@tonic-gate ); 6027c478bd9Sstevel@tonic-gate 603ab9b2e15Sgtb /* SUNW15resync - for old Solaris version in libgss */ 604ab9b2e15Sgtb OM_uint32 gss_copy_oid_set( 605ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 606ab9b2e15Sgtb const gss_OID_set_desc *, /* oid set */ 607ab9b2e15Sgtb gss_OID_set * /* new oid set */ 6087c478bd9Sstevel@tonic-gate ); 6097c478bd9Sstevel@tonic-gate 610ab9b2e15Sgtb 611ab9b2e15Sgtb gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */ 612ab9b2e15Sgtb 613ab9b2e15Sgtb OM_uint32 gss_add_mech_name_type 614ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 615ab9b2e15Sgtb gss_OID, /* name_type */ 616ab9b2e15Sgtb gss_OID /* mech */ 617ab9b2e15Sgtb ); 618ab9b2e15Sgtb 619ab9b2e15Sgtb /* 620ab9b2e15Sgtb * Sun extensions to GSS-API v2 621ab9b2e15Sgtb */ 622ab9b2e15Sgtb 623ab9b2e15Sgtb OM_uint32 624ab9b2e15Sgtb gssint_mech_to_oid( 625ab9b2e15Sgtb const char *mech, /* mechanism string name */ 626ab9b2e15Sgtb gss_OID *oid /* mechanism oid */ 6277c478bd9Sstevel@tonic-gate ); 6287c478bd9Sstevel@tonic-gate 629ab9b2e15Sgtb const char * 630ab9b2e15Sgtb gssint_oid_to_mech( 631ab9b2e15Sgtb const gss_OID oid /* mechanism oid */ 6327c478bd9Sstevel@tonic-gate ); 6337c478bd9Sstevel@tonic-gate 634ab9b2e15Sgtb OM_uint32 635ab9b2e15Sgtb gssint_get_mechanisms( 636ab9b2e15Sgtb char *mechArray[], /* array to populate with mechs */ 637ab9b2e15Sgtb int arrayLen /* length of passed in array */ 6387c478bd9Sstevel@tonic-gate ); 6397c478bd9Sstevel@tonic-gate 640ab9b2e15Sgtb OM_uint32 641ab9b2e15Sgtb gss_store_cred( 642ab9b2e15Sgtb OM_uint32 *, /* minor_status */ 643ab9b2e15Sgtb const gss_cred_id_t, /* input_cred_handle */ 644ab9b2e15Sgtb gss_cred_usage_t, /* cred_usage */ 645ab9b2e15Sgtb const gss_OID, /* desired_mech */ 646ab9b2e15Sgtb OM_uint32, /* overwrite_cred */ 647ab9b2e15Sgtb OM_uint32, /* default_cred */ 648ab9b2e15Sgtb gss_OID_set *, /* elements_stored */ 649ab9b2e15Sgtb gss_cred_usage_t * /* cred_usage_stored */ 6507c478bd9Sstevel@tonic-gate ); 6517c478bd9Sstevel@tonic-gate 652ab9b2e15Sgtb int 653ab9b2e15Sgtb gssint_get_der_length( 654ab9b2e15Sgtb unsigned char **, /* buf */ 655ab9b2e15Sgtb unsigned int, /* buf_len */ 656ab9b2e15Sgtb unsigned int * /* bytes */ 6577c478bd9Sstevel@tonic-gate ); 6587c478bd9Sstevel@tonic-gate 659ab9b2e15Sgtb unsigned int 660ab9b2e15Sgtb gssint_der_length_size(unsigned int /* len */); 661ab9b2e15Sgtb 662ab9b2e15Sgtb int 663ab9b2e15Sgtb gssint_put_der_length( 664ab9b2e15Sgtb unsigned int, /* length */ 665ab9b2e15Sgtb unsigned char **, /* buf */ 666ab9b2e15Sgtb unsigned int /* max_len */ 6677c478bd9Sstevel@tonic-gate ); 6687c478bd9Sstevel@tonic-gate 669ab9b2e15Sgtb 670ab9b2e15Sgtb 671ab9b2e15Sgtb /* Solaris kernel and gssd support */ 672ab9b2e15Sgtb 673ab9b2e15Sgtb /* 674ab9b2e15Sgtb * derived types for passing context and credential handles 675ab9b2e15Sgtb * between gssd and kernel 676ab9b2e15Sgtb */ 677ab9b2e15Sgtb typedef unsigned int gssd_ctx_id_t; 678ab9b2e15Sgtb typedef unsigned int gssd_cred_id_t; 6797c478bd9Sstevel@tonic-gate 680d4f95bf4SRichard Lowe #define GSSD_NO_CONTEXT ((gssd_ctx_id_t)0) 681d4f95bf4SRichard Lowe #define GSSD_NO_CREDENTIAL ((gssd_cred_id_t)0) 682d4f95bf4SRichard Lowe 6837c478bd9Sstevel@tonic-gate #ifdef _KERNEL 6847c478bd9Sstevel@tonic-gate 6857c478bd9Sstevel@tonic-gate #ifndef _KRB5_H 6867c478bd9Sstevel@tonic-gate /* These macros are defined for Kerberos in krb5.h, and have priority */ 6877c478bd9Sstevel@tonic-gate #define MALLOC(n) kmem_alloc((n), KM_SLEEP) 6887c478bd9Sstevel@tonic-gate #define FREE(x, n) kmem_free((x), (n)) 6897c478bd9Sstevel@tonic-gate #endif /* _KRB5_H */ 6907c478bd9Sstevel@tonic-gate 6917c478bd9Sstevel@tonic-gate gss_mechanism __kgss_get_mechanism(gss_OID); 6927c478bd9Sstevel@tonic-gate void __kgss_add_mechanism(gss_mechanism); 6937c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 6947c478bd9Sstevel@tonic-gate 6957c478bd9Sstevel@tonic-gate struct kgss_cred { 6967c478bd9Sstevel@tonic-gate gssd_cred_id_t gssd_cred; 6977c478bd9Sstevel@tonic-gate OM_uint32 gssd_cred_verifier; 6987c478bd9Sstevel@tonic-gate }; 6997c478bd9Sstevel@tonic-gate 7007c478bd9Sstevel@tonic-gate #define KCRED_TO_KGSS_CRED(cred) ((struct kgss_cred *)(cred)) 7017c478bd9Sstevel@tonic-gate #define KCRED_TO_CRED(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred) 7027c478bd9Sstevel@tonic-gate #define KCRED_TO_CREDV(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier) 7037c478bd9Sstevel@tonic-gate 7047c478bd9Sstevel@tonic-gate struct kgss_ctx { 7057c478bd9Sstevel@tonic-gate gssd_ctx_id_t gssd_ctx; 7067c478bd9Sstevel@tonic-gate #ifdef _KERNEL 7077c478bd9Sstevel@tonic-gate gss_ctx_id_t gssd_i_ctx; 7087c478bd9Sstevel@tonic-gate bool_t ctx_imported; 7097c478bd9Sstevel@tonic-gate gss_mechanism mech; 7107c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 7117c478bd9Sstevel@tonic-gate OM_uint32 gssd_ctx_verifier; 7127c478bd9Sstevel@tonic-gate }; 7137c478bd9Sstevel@tonic-gate 7147c478bd9Sstevel@tonic-gate #define KCTX_TO_KGSS_CTX(ctx) ((struct kgss_ctx *)(ctx)) 7157c478bd9Sstevel@tonic-gate #define KCTX_TO_CTX_IMPORTED(ctx) (KCTX_TO_KGSS_CTX(ctx)->ctx_imported) 7167c478bd9Sstevel@tonic-gate #define KCTX_TO_GSSD_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 7177c478bd9Sstevel@tonic-gate #define KCTX_TO_CTXV(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier) 7187c478bd9Sstevel@tonic-gate #define KCTX_TO_MECH(ctx) (KCTX_TO_KGSS_CTX(ctx)->mech) 7197c478bd9Sstevel@tonic-gate #define KCTX_TO_PRIVATE(ctx) (KCTX_TO_MECH(ctx)->context) 7207c478bd9Sstevel@tonic-gate #define KGSS_CTX_TO_GSSD_CTX(ctx) \ 7217c478bd9Sstevel@tonic-gate (((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \ 7227c478bd9Sstevel@tonic-gate KCTX_TO_GSSD_CTX(ctx)) 7237c478bd9Sstevel@tonic-gate #define KGSS_CTX_TO_GSSD_CTXV(ctx) \ 724*9c805345SToomas Soome (((ctx) == GSS_C_NO_CONTEXT) ? (0) : KCTX_TO_CTXV(ctx)) 7257c478bd9Sstevel@tonic-gate 7267c478bd9Sstevel@tonic-gate #ifdef _KERNEL 7277c478bd9Sstevel@tonic-gate #define KCTX_TO_I_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx) 7287c478bd9Sstevel@tonic-gate #define KCTX_TO_CTX(ctx) \ 7297c478bd9Sstevel@tonic-gate ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \ 7307c478bd9Sstevel@tonic-gate KCTX_TO_I_CTX(ctx)) 7317c478bd9Sstevel@tonic-gate #define KGSS_CRED_ALLOC() kmem_zalloc(sizeof (struct kgss_cred), \ 7327c478bd9Sstevel@tonic-gate KM_SLEEP) 7337c478bd9Sstevel@tonic-gate #define KGSS_CRED_FREE(cred) kmem_free(cred, sizeof (struct kgss_cred)) 7347c478bd9Sstevel@tonic-gate 7357c478bd9Sstevel@tonic-gate #define KGSS_ALLOC() kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP) 7367c478bd9Sstevel@tonic-gate #define KGSS_FREE(ctx) kmem_free(ctx, sizeof (struct kgss_ctx)) 7377c478bd9Sstevel@tonic-gate 7387c478bd9Sstevel@tonic-gate #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 7397c478bd9Sstevel@tonic-gate (*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \ 7407c478bd9Sstevel@tonic-gate KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 7417c478bd9Sstevel@tonic-gate 7427c478bd9Sstevel@tonic-gate #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 7437c478bd9Sstevel@tonic-gate (*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\ 7447c478bd9Sstevel@tonic-gate KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 7457c478bd9Sstevel@tonic-gate 7467c478bd9Sstevel@tonic-gate #define KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id, tkn) \ 7477c478bd9Sstevel@tonic-gate (*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\ 7487c478bd9Sstevel@tonic-gate minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx)) 7497c478bd9Sstevel@tonic-gate 7507c478bd9Sstevel@tonic-gate #define KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id) \ 7517c478bd9Sstevel@tonic-gate (*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\ 7527c478bd9Sstevel@tonic-gate minor_st, tkn, int_ctx_id) 7537c478bd9Sstevel@tonic-gate 7547c478bd9Sstevel@tonic-gate #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 7557c478bd9Sstevel@tonic-gate (*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \ 7567c478bd9Sstevel@tonic-gate KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\ 7577c478bd9Sstevel@tonic-gate KCTX_TO_CTXV(ctx)) 7587c478bd9Sstevel@tonic-gate 7597c478bd9Sstevel@tonic-gate #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 7607c478bd9Sstevel@tonic-gate (*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\ 7617c478bd9Sstevel@tonic-gate KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 7627c478bd9Sstevel@tonic-gate KCTX_TO_CTXV(ctx)) 7637c478bd9Sstevel@tonic-gate 764ab9b2e15Sgtb #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx) 765ab9b2e15Sgtb #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid) 766ab9b2e15Sgtb extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *); 767ab9b2e15Sgtb 7687c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 769ab9b2e15Sgtb 770ab9b2e15Sgtb #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx) 771ab9b2e15Sgtb #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid) 772ab9b2e15Sgtb 7737c478bd9Sstevel@tonic-gate #define KCTX_TO_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 7747c478bd9Sstevel@tonic-gate #define MALLOC(n) malloc(n) 7757c478bd9Sstevel@tonic-gate #define FREE(x, n) free(x) 7767c478bd9Sstevel@tonic-gate #define KGSS_CRED_ALLOC() (struct kgss_cred *) \ 7777c478bd9Sstevel@tonic-gate MALLOC(sizeof (struct kgss_cred)) 7787c478bd9Sstevel@tonic-gate #define KGSS_CRED_FREE(cred) free(cred) 7797c478bd9Sstevel@tonic-gate #define KGSS_ALLOC() (struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx)) 7807c478bd9Sstevel@tonic-gate #define KGSS_FREE(ctx) free(ctx) 7817c478bd9Sstevel@tonic-gate 7827c478bd9Sstevel@tonic-gate #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 7837c478bd9Sstevel@tonic-gate kgss_sign_wrapped(minor_st, \ 7847c478bd9Sstevel@tonic-gate KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 7857c478bd9Sstevel@tonic-gate 7867c478bd9Sstevel@tonic-gate #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 7877c478bd9Sstevel@tonic-gate kgss_verify_wrapped(minor_st,\ 7887c478bd9Sstevel@tonic-gate KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 7897c478bd9Sstevel@tonic-gate 7907c478bd9Sstevel@tonic-gate #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 7917c478bd9Sstevel@tonic-gate kgss_seal_wrapped(minor_st, \ 7927c478bd9Sstevel@tonic-gate KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \ 7937c478bd9Sstevel@tonic-gate KCTX_TO_CTXV(ctx)) 7947c478bd9Sstevel@tonic-gate 7957c478bd9Sstevel@tonic-gate #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 7967c478bd9Sstevel@tonic-gate kgss_unseal_wrapped(minor_st,\ 7977c478bd9Sstevel@tonic-gate KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 7987c478bd9Sstevel@tonic-gate KCTX_TO_CTXV(ctx)) 7997c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 8007c478bd9Sstevel@tonic-gate 801ab9b2e15Sgtb /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */ 802ab9b2e15Sgtb OM_uint32 generic_gss_release_buffer 803ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 804ab9b2e15Sgtb gss_buffer_t /* buffer */ 805ab9b2e15Sgtb ); 806ab9b2e15Sgtb 807ab9b2e15Sgtb OM_uint32 generic_gss_release_oid_set 808ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 809ab9b2e15Sgtb gss_OID_set* /* set */ 810ab9b2e15Sgtb ); 811ab9b2e15Sgtb 812ab9b2e15Sgtb OM_uint32 generic_gss_release_oid 813ab9b2e15Sgtb (OM_uint32*, /* minor_status */ 814ab9b2e15Sgtb gss_OID* /* set */ 815ab9b2e15Sgtb ); 816ab9b2e15Sgtb 817ab9b2e15Sgtb OM_uint32 generic_gss_copy_oid 818ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 819ab9b2e15Sgtb gss_OID_desc * const, /* oid */ /* SUNW15resync */ 820ab9b2e15Sgtb gss_OID * /* new_oid */ 821ab9b2e15Sgtb ); 822ab9b2e15Sgtb 823ab9b2e15Sgtb OM_uint32 generic_gss_create_empty_oid_set 824ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 825ab9b2e15Sgtb gss_OID_set * /* oid_set */ 826ab9b2e15Sgtb ); 827ab9b2e15Sgtb 828ab9b2e15Sgtb OM_uint32 generic_gss_add_oid_set_member 829ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 830ab9b2e15Sgtb gss_OID_desc * const, /* member_oid */ 831ab9b2e15Sgtb gss_OID_set * /* oid_set */ 832ab9b2e15Sgtb ); 833ab9b2e15Sgtb 834ab9b2e15Sgtb OM_uint32 generic_gss_test_oid_set_member 835ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 836ab9b2e15Sgtb gss_OID_desc * const, /* member */ 837ab9b2e15Sgtb gss_OID_set, /* set */ 838ab9b2e15Sgtb int * /* present */ 839ab9b2e15Sgtb ); 840ab9b2e15Sgtb 841ab9b2e15Sgtb OM_uint32 generic_gss_oid_to_str 842ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 843ab9b2e15Sgtb gss_OID_desc * const, /* oid */ 844ab9b2e15Sgtb gss_buffer_t /* oid_str */ 845ab9b2e15Sgtb ); 846ab9b2e15Sgtb 847ab9b2e15Sgtb OM_uint32 generic_gss_str_to_oid 848ab9b2e15Sgtb (OM_uint32 *, /* minor_status */ 849ab9b2e15Sgtb gss_buffer_t, /* oid_str */ 850ab9b2e15Sgtb gss_OID * /* oid */ 851ab9b2e15Sgtb ); 852ab9b2e15Sgtb 853ba7b222eSGlenn Barry OM_uint32 854ba7b222eSGlenn Barry generic_gss_oid_compose( 855ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 856ba7b222eSGlenn Barry const char *, /* prefix */ 857ba7b222eSGlenn Barry size_t, /* prefix_len */ 858ba7b222eSGlenn Barry int, /* suffix */ 859ba7b222eSGlenn Barry gss_OID_desc *); /* oid */ 860ba7b222eSGlenn Barry 861ba7b222eSGlenn Barry OM_uint32 862ba7b222eSGlenn Barry generic_gss_oid_decompose( 863ba7b222eSGlenn Barry OM_uint32 *, /* minor_status */ 864ba7b222eSGlenn Barry const char *, /*prefix */ 865ba7b222eSGlenn Barry size_t, /* prefix_len */ 866ba7b222eSGlenn Barry gss_OID_desc *, /* oid */ 867ba7b222eSGlenn Barry int *); /* suffix */ 868ba7b222eSGlenn Barry 869ba7b222eSGlenn Barry OM_uint32 generic_gss_create_empty_buffer_set 870ba7b222eSGlenn Barry (OM_uint32 * /*minor_status*/, 871ba7b222eSGlenn Barry gss_buffer_set_t * /*buffer_set*/); 872ba7b222eSGlenn Barry 873ba7b222eSGlenn Barry OM_uint32 generic_gss_add_buffer_set_member 874ba7b222eSGlenn Barry (OM_uint32 * /*minor_status*/, 875ba7b222eSGlenn Barry const gss_buffer_t /*member_buffer*/, 876ba7b222eSGlenn Barry gss_buffer_set_t * /*buffer_set*/); 877ba7b222eSGlenn Barry 878ba7b222eSGlenn Barry OM_uint32 generic_gss_release_buffer_set 879ba7b222eSGlenn Barry (OM_uint32 * /*minor_status*/, 880ba7b222eSGlenn Barry gss_buffer_set_t * /*buffer_set*/); 881ba7b222eSGlenn Barry 882ba7b222eSGlenn Barry /* 883ba7b222eSGlenn Barry * SUNW17PACresync 884ba7b222eSGlenn Barry * New map error API in MIT 1.7, at build time generates code for errors. 885ba7b222eSGlenn Barry * Solaris does not gen the errors at build time so we just stub these 886ba7b222eSGlenn Barry * for now, need to revisit. 887ba7b222eSGlenn Barry * See mglueP.h and util_errmap.c in MIT 1.7. 888ba7b222eSGlenn Barry */ 889ba7b222eSGlenn Barry #ifdef _KERNEL 890ba7b222eSGlenn Barry 891ba7b222eSGlenn Barry #define map_error(MINORP, MECH) 892ba7b222eSGlenn Barry #define map_errcode(MINORP) 893ba7b222eSGlenn Barry 894ba7b222eSGlenn Barry #else /* _KERNEL */ 895ba7b222eSGlenn Barry 8965e01956fSGlenn Barry /* Use this to map an error code that was returned from a mech 8975e01956fSGlenn Barry operation; the mech will be asked to produce the associated error 8985e01956fSGlenn Barry messages. 8995e01956fSGlenn Barry 9005e01956fSGlenn Barry Remember that if the minor status code cannot be returned to the 9015e01956fSGlenn Barry caller (e.g., if it's stuffed in an automatic variable and then 9025e01956fSGlenn Barry ignored), then we don't care about producing a mapping. */ 9035e01956fSGlenn Barry #define map_error(MINORP, MECH) \ 9045e01956fSGlenn Barry (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type)) 9055e01956fSGlenn Barry #define map_error_oid(MINORP, MECHOID) \ 9065e01956fSGlenn Barry (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID))) 9075e01956fSGlenn Barry 9085e01956fSGlenn Barry /* Use this to map an errno value or com_err error code being 9095e01956fSGlenn Barry generated within the mechglue code (e.g., by calling generic oid 9105e01956fSGlenn Barry ops). Any errno or com_err values produced by mech operations 9115e01956fSGlenn Barry should be processed with map_error. This means they'll be stored 9125e01956fSGlenn Barry separately even if the mech uses com_err, because we can't assume 9135e01956fSGlenn Barry that it will use com_err. */ 914ba7b222eSGlenn Barry #define map_errcode(MINORP) \ 9155e01956fSGlenn Barry (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP))) 9165e01956fSGlenn Barry 917ba7b222eSGlenn Barry #endif /* _KERNEL */ 918ab9b2e15Sgtb 919ab9b2e15Sgtb #endif /* _GSS_MECHGLUEP_H */ 920