1*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE START */ 2*7c478bd9Sstevel@tonic-gate 3*7c478bd9Sstevel@tonic-gate /* 4*7c478bd9Sstevel@tonic-gate * Copyright 2001-2003 Sun Microsystems, Inc. All rights reserved. 5*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 6*7c478bd9Sstevel@tonic-gate */ 7*7c478bd9Sstevel@tonic-gate 8*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 9*7c478bd9Sstevel@tonic-gate 10*7c478bd9Sstevel@tonic-gate /* 11*7c478bd9Sstevel@tonic-gate * Copyright 1993 by OpenVision Technologies, Inc. 12*7c478bd9Sstevel@tonic-gate * 13*7c478bd9Sstevel@tonic-gate * Permission to use, copy, modify, distribute, and sell this software 14*7c478bd9Sstevel@tonic-gate * and its documentation for any purpose is hereby granted without fee, 15*7c478bd9Sstevel@tonic-gate * provided that the above copyright notice appears in all copies and 16*7c478bd9Sstevel@tonic-gate * that both that copyright notice and this permission notice appear in 17*7c478bd9Sstevel@tonic-gate * supporting documentation, and that the name of OpenVision not be used 18*7c478bd9Sstevel@tonic-gate * in advertising or publicity pertaining to distribution of the software 19*7c478bd9Sstevel@tonic-gate * without specific, written prior permission. OpenVision makes no 20*7c478bd9Sstevel@tonic-gate * representations about the suitability of this software for any 21*7c478bd9Sstevel@tonic-gate * purpose. It is provided "as is" without express or implied warranty. 22*7c478bd9Sstevel@tonic-gate * 23*7c478bd9Sstevel@tonic-gate * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 24*7c478bd9Sstevel@tonic-gate * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 25*7c478bd9Sstevel@tonic-gate * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 26*7c478bd9Sstevel@tonic-gate * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 27*7c478bd9Sstevel@tonic-gate * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 28*7c478bd9Sstevel@tonic-gate * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 29*7c478bd9Sstevel@tonic-gate * PERFORMANCE OF THIS SOFTWARE. 30*7c478bd9Sstevel@tonic-gate */ 31*7c478bd9Sstevel@tonic-gate 32*7c478bd9Sstevel@tonic-gate #include <gssapiP_krb5.h> 33*7c478bd9Sstevel@tonic-gate 34*7c478bd9Sstevel@tonic-gate /* 35*7c478bd9Sstevel@tonic-gate * $Id: unseal.c,v 1.10 1996/07/22 20:34:37 marc Exp $ 36*7c478bd9Sstevel@tonic-gate */ 37*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 38*7c478bd9Sstevel@tonic-gate OM_uint32 39*7c478bd9Sstevel@tonic-gate krb5_gss_unseal(ctx, minor_status, context_handle, 40*7c478bd9Sstevel@tonic-gate input_message_buffer, output_message_buffer, 41*7c478bd9Sstevel@tonic-gate conf_state, qop_state 42*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 43*7c478bd9Sstevel@tonic-gate , gssd_ctx_verifier 44*7c478bd9Sstevel@tonic-gate #endif 45*7c478bd9Sstevel@tonic-gate ) 46*7c478bd9Sstevel@tonic-gate void *ctx; 47*7c478bd9Sstevel@tonic-gate OM_uint32 *minor_status; 48*7c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle; 49*7c478bd9Sstevel@tonic-gate gss_buffer_t input_message_buffer; 50*7c478bd9Sstevel@tonic-gate gss_buffer_t output_message_buffer; 51*7c478bd9Sstevel@tonic-gate int *conf_state; 52*7c478bd9Sstevel@tonic-gate int *qop_state; 53*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 54*7c478bd9Sstevel@tonic-gate OM_uint32 gssd_ctx_verifier; 55*7c478bd9Sstevel@tonic-gate #endif 56*7c478bd9Sstevel@tonic-gate { 57*7c478bd9Sstevel@tonic-gate krb5_context context; 58*7c478bd9Sstevel@tonic-gate OM_uint32 status; 59*7c478bd9Sstevel@tonic-gate 60*7c478bd9Sstevel@tonic-gate /* Solaris Kerberos: for MT safety, we avoid the use of a default 61*7c478bd9Sstevel@tonic-gate * context via kg_get_context() */ 62*7c478bd9Sstevel@tonic-gate #if 0 63*7c478bd9Sstevel@tonic-gate if (GSS_ERROR(kg_get_context(minor_status, &context))) 64*7c478bd9Sstevel@tonic-gate return(GSS_S_FAILURE); 65*7c478bd9Sstevel@tonic-gate #endif 66*7c478bd9Sstevel@tonic-gate 67*7c478bd9Sstevel@tonic-gate mutex_lock(&krb5_mutex); 68*7c478bd9Sstevel@tonic-gate context = ctx; 69*7c478bd9Sstevel@tonic-gate status = kg_unseal(context, minor_status, context_handle, 70*7c478bd9Sstevel@tonic-gate input_message_buffer, output_message_buffer, 71*7c478bd9Sstevel@tonic-gate conf_state, qop_state, KG_TOK_SEAL_MSG); 72*7c478bd9Sstevel@tonic-gate mutex_unlock(&krb5_mutex); 73*7c478bd9Sstevel@tonic-gate #ifdef KRB5_NO_PRIVACY 74*7c478bd9Sstevel@tonic-gate /* 75*7c478bd9Sstevel@tonic-gate * Can't be paranoid enough; 76*7c478bd9Sstevel@tonic-gate * if someone plugs in their version of kg_unseal 77*7c478bd9Sstevel@tonic-gate * that does decryption we want to 78*7c478bd9Sstevel@tonic-gate * disallow that too. 79*7c478bd9Sstevel@tonic-gate */ 80*7c478bd9Sstevel@tonic-gate if (conf_state && *conf_state) 81*7c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE); 82*7c478bd9Sstevel@tonic-gate #endif 83*7c478bd9Sstevel@tonic-gate return(status); 84*7c478bd9Sstevel@tonic-gate } 85*7c478bd9Sstevel@tonic-gate 86*7c478bd9Sstevel@tonic-gate /* V2 interface */ 87*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 88*7c478bd9Sstevel@tonic-gate OM_uint32 89*7c478bd9Sstevel@tonic-gate krb5_gss_unwrap(ctx, minor_status, context_handle, 90*7c478bd9Sstevel@tonic-gate input_message_buffer, output_message_buffer, 91*7c478bd9Sstevel@tonic-gate conf_state, qop_state) 92*7c478bd9Sstevel@tonic-gate void *ctx; 93*7c478bd9Sstevel@tonic-gate OM_uint32 *minor_status; 94*7c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle; 95*7c478bd9Sstevel@tonic-gate gss_buffer_t input_message_buffer; 96*7c478bd9Sstevel@tonic-gate gss_buffer_t output_message_buffer; 97*7c478bd9Sstevel@tonic-gate int *conf_state; 98*7c478bd9Sstevel@tonic-gate gss_qop_t *qop_state; 99*7c478bd9Sstevel@tonic-gate { 100*7c478bd9Sstevel@tonic-gate #ifdef KRB5_NO_PRIVACY 101*7c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE); 102*7c478bd9Sstevel@tonic-gate #else 103*7c478bd9Sstevel@tonic-gate OM_uint32 rstat; 104*7c478bd9Sstevel@tonic-gate int qstate; 105*7c478bd9Sstevel@tonic-gate krb5_context context; 106*7c478bd9Sstevel@tonic-gate 107*7c478bd9Sstevel@tonic-gate /* Solaris Kerberos: for MT safety, we avoid the use of a default 108*7c478bd9Sstevel@tonic-gate * context via kg_get_context() */ 109*7c478bd9Sstevel@tonic-gate #if 0 110*7c478bd9Sstevel@tonic-gate if (GSS_ERROR(kg_get_context(minor_status, &context))) 111*7c478bd9Sstevel@tonic-gate return(GSS_S_FAILURE); 112*7c478bd9Sstevel@tonic-gate #endif 113*7c478bd9Sstevel@tonic-gate 114*7c478bd9Sstevel@tonic-gate mutex_lock(&krb5_mutex); 115*7c478bd9Sstevel@tonic-gate context = ctx; 116*7c478bd9Sstevel@tonic-gate 117*7c478bd9Sstevel@tonic-gate rstat = kg_unseal(context, minor_status, context_handle, 118*7c478bd9Sstevel@tonic-gate input_message_buffer, output_message_buffer, 119*7c478bd9Sstevel@tonic-gate conf_state, &qstate, KG_TOK_WRAP_MSG); 120*7c478bd9Sstevel@tonic-gate if (!rstat && qop_state) 121*7c478bd9Sstevel@tonic-gate *qop_state = (gss_qop_t) qstate; 122*7c478bd9Sstevel@tonic-gate mutex_unlock(&krb5_mutex); 123*7c478bd9Sstevel@tonic-gate return(rstat); 124*7c478bd9Sstevel@tonic-gate #endif 125*7c478bd9Sstevel@tonic-gate } 126*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE END */ 127