1ab9b2e15Sgtb /*
2*5e01956fSGlenn Barry * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
3ab9b2e15Sgtb */
4ab9b2e15Sgtb /*
5ab9b2e15Sgtb * Copyright 1993 by OpenVision Technologies, Inc.
6ab9b2e15Sgtb *
7ab9b2e15Sgtb * Permission to use, copy, modify, distribute, and sell this software
8ab9b2e15Sgtb * and its documentation for any purpose is hereby granted without fee,
9ab9b2e15Sgtb * provided that the above copyright notice appears in all copies and
10ab9b2e15Sgtb * that both that copyright notice and this permission notice appear in
11ab9b2e15Sgtb * supporting documentation, and that the name of OpenVision not be used
12ab9b2e15Sgtb * in advertising or publicity pertaining to distribution of the software
13ab9b2e15Sgtb * without specific, written prior permission. OpenVision makes no
14ab9b2e15Sgtb * representations about the suitability of this software for any
15ab9b2e15Sgtb * purpose. It is provided "as is" without express or implied warranty.
16ab9b2e15Sgtb *
17ab9b2e15Sgtb * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
18ab9b2e15Sgtb * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
19ab9b2e15Sgtb * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
20ab9b2e15Sgtb * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
21ab9b2e15Sgtb * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
22ab9b2e15Sgtb * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
23ab9b2e15Sgtb * PERFORMANCE OF THIS SOFTWARE.
24ab9b2e15Sgtb */
25ab9b2e15Sgtb
26ab9b2e15Sgtb /*
27159d09a2SMark Phalan * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $
28ab9b2e15Sgtb */
29ab9b2e15Sgtb
30ab9b2e15Sgtb #include "gssapiP_krb5.h"
31ab9b2e15Sgtb #include "mglueP.h"
32ab9b2e15Sgtb #include <syslog.h>
33ab9b2e15Sgtb
34ab9b2e15Sgtb /** mechglue wrappers **/
35ab9b2e15Sgtb
36ab9b2e15Sgtb static OM_uint32 k5glue_acquire_cred
37ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
38ab9b2e15Sgtb gss_name_t, /* desired_name */
39ab9b2e15Sgtb OM_uint32, /* time_req */
40ab9b2e15Sgtb gss_OID_set, /* desired_mechs */
41ab9b2e15Sgtb gss_cred_usage_t, /* cred_usage */
42ab9b2e15Sgtb gss_cred_id_t*, /* output_cred_handle */
43ab9b2e15Sgtb gss_OID_set*, /* actual_mechs */
44ab9b2e15Sgtb OM_uint32* /* time_rec */
45ab9b2e15Sgtb );
46ab9b2e15Sgtb
47ab9b2e15Sgtb static OM_uint32 k5glue_release_cred
48ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
49ab9b2e15Sgtb gss_cred_id_t* /* cred_handle */
50ab9b2e15Sgtb );
51ab9b2e15Sgtb
52ab9b2e15Sgtb static OM_uint32 k5glue_init_sec_context
53ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
54ab9b2e15Sgtb gss_cred_id_t, /* claimant_cred_handle */
55ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */
56ab9b2e15Sgtb gss_name_t, /* target_name */
57ab9b2e15Sgtb gss_OID, /* mech_type */
58ab9b2e15Sgtb OM_uint32, /* req_flags */
59ab9b2e15Sgtb OM_uint32, /* time_req */
60ab9b2e15Sgtb gss_channel_bindings_t,
61ab9b2e15Sgtb /* input_chan_bindings */
62ab9b2e15Sgtb gss_buffer_t, /* input_token */
63ab9b2e15Sgtb gss_OID*, /* actual_mech_type */
64ab9b2e15Sgtb gss_buffer_t, /* output_token */
65ab9b2e15Sgtb OM_uint32*, /* ret_flags */
66ab9b2e15Sgtb OM_uint32* /* time_rec */
67ab9b2e15Sgtb );
68ab9b2e15Sgtb
69ab9b2e15Sgtb static OM_uint32 k5glue_accept_sec_context
70ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
71ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */
72ab9b2e15Sgtb gss_cred_id_t, /* verifier_cred_handle */
73ab9b2e15Sgtb gss_buffer_t, /* input_token_buffer */
74ab9b2e15Sgtb gss_channel_bindings_t,
75ab9b2e15Sgtb /* input_chan_bindings */
76ab9b2e15Sgtb gss_name_t*, /* src_name */
77ab9b2e15Sgtb gss_OID*, /* mech_type */
78ab9b2e15Sgtb gss_buffer_t, /* output_token */
79ab9b2e15Sgtb OM_uint32*, /* ret_flags */
80ab9b2e15Sgtb OM_uint32*, /* time_rec */
81ab9b2e15Sgtb gss_cred_id_t* /* delegated_cred_handle */
82ab9b2e15Sgtb );
83ab9b2e15Sgtb
84ab9b2e15Sgtb static OM_uint32 k5glue_process_context_token
85ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
86ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
87ab9b2e15Sgtb gss_buffer_t /* token_buffer */
88ab9b2e15Sgtb );
89ab9b2e15Sgtb
90ab9b2e15Sgtb static OM_uint32 k5glue_delete_sec_context
91ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
92ab9b2e15Sgtb gss_ctx_id_t*, /* context_handle */
93ab9b2e15Sgtb gss_buffer_t /* output_token */
94ab9b2e15Sgtb );
95ab9b2e15Sgtb
96ab9b2e15Sgtb static OM_uint32 k5glue_context_time
97ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
98ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
99ab9b2e15Sgtb OM_uint32* /* time_rec */
100ab9b2e15Sgtb );
101ab9b2e15Sgtb
102ab9b2e15Sgtb static OM_uint32 k5glue_sign
103ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
104ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
105ab9b2e15Sgtb int, /* qop_req */
106ab9b2e15Sgtb gss_buffer_t, /* message_buffer */
107ab9b2e15Sgtb gss_buffer_t /* message_token */
108ab9b2e15Sgtb );
109ab9b2e15Sgtb
110ab9b2e15Sgtb static OM_uint32 k5glue_verify
111ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
112ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
113ab9b2e15Sgtb gss_buffer_t, /* message_buffer */
114ab9b2e15Sgtb gss_buffer_t, /* token_buffer */
115ab9b2e15Sgtb int* /* qop_state */
116ab9b2e15Sgtb );
117ab9b2e15Sgtb
118ab9b2e15Sgtb static OM_uint32 k5glue_seal
119ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
120ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
121ab9b2e15Sgtb int, /* conf_req_flag */
122ab9b2e15Sgtb int, /* qop_req */
123ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */
124ab9b2e15Sgtb int*, /* conf_state */
125ab9b2e15Sgtb gss_buffer_t /* output_message_buffer */
126ab9b2e15Sgtb );
127ab9b2e15Sgtb
128ab9b2e15Sgtb static OM_uint32 k5glue_unseal
129ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
130ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
131ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */
132ab9b2e15Sgtb gss_buffer_t, /* output_message_buffer */
133ab9b2e15Sgtb int*, /* conf_state */
134ab9b2e15Sgtb int* /* qop_state */
135ab9b2e15Sgtb );
136ab9b2e15Sgtb
137ab9b2e15Sgtb static OM_uint32 k5glue_display_status
138ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
139ab9b2e15Sgtb OM_uint32, /* status_value */
140ab9b2e15Sgtb int, /* status_type */
141ab9b2e15Sgtb gss_OID, /* mech_type */
142ab9b2e15Sgtb OM_uint32*, /* message_context */
143ab9b2e15Sgtb gss_buffer_t /* status_string */
144ab9b2e15Sgtb );
145ab9b2e15Sgtb
146ab9b2e15Sgtb static OM_uint32 k5glue_indicate_mechs
147ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
148ab9b2e15Sgtb gss_OID_set* /* mech_set */
149ab9b2e15Sgtb );
150ab9b2e15Sgtb
151ab9b2e15Sgtb static OM_uint32 k5glue_compare_name
152ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
153ab9b2e15Sgtb gss_name_t, /* name1 */
154ab9b2e15Sgtb gss_name_t, /* name2 */
155ab9b2e15Sgtb int* /* name_equal */
156ab9b2e15Sgtb );
157ab9b2e15Sgtb
158ab9b2e15Sgtb static OM_uint32 k5glue_display_name
159ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
160ab9b2e15Sgtb gss_name_t, /* input_name */
161ab9b2e15Sgtb gss_buffer_t, /* output_name_buffer */
162ab9b2e15Sgtb gss_OID* /* output_name_type */
163ab9b2e15Sgtb );
164ab9b2e15Sgtb
165ab9b2e15Sgtb static OM_uint32 k5glue_import_name
166ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
167ab9b2e15Sgtb gss_buffer_t, /* input_name_buffer */
168ab9b2e15Sgtb gss_OID, /* input_name_type */
169ab9b2e15Sgtb gss_name_t* /* output_name */
170ab9b2e15Sgtb );
171ab9b2e15Sgtb
172ab9b2e15Sgtb static OM_uint32 k5glue_release_name
173ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
174ab9b2e15Sgtb gss_name_t* /* input_name */
175ab9b2e15Sgtb );
176ab9b2e15Sgtb
177ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred
178ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
179ab9b2e15Sgtb gss_cred_id_t, /* cred_handle */
180ab9b2e15Sgtb gss_name_t *, /* name */
181ab9b2e15Sgtb OM_uint32 *, /* lifetime */
182ab9b2e15Sgtb gss_cred_usage_t*,/* cred_usage */
183ab9b2e15Sgtb gss_OID_set * /* mechanisms */
184ab9b2e15Sgtb );
185ab9b2e15Sgtb
186ab9b2e15Sgtb static OM_uint32 k5glue_inquire_context
187ab9b2e15Sgtb (void *, OM_uint32*, /* minor_status */
188ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
189ab9b2e15Sgtb gss_name_t*, /* initiator_name */
190ab9b2e15Sgtb gss_name_t*, /* acceptor_name */
191ab9b2e15Sgtb OM_uint32*, /* lifetime_rec */
192ab9b2e15Sgtb gss_OID*, /* mech_type */
193ab9b2e15Sgtb OM_uint32*, /* ret_flags */
194ab9b2e15Sgtb int*, /* locally_initiated */
195ab9b2e15Sgtb int* /* open */
196ab9b2e15Sgtb );
197ab9b2e15Sgtb
198ab9b2e15Sgtb #if 0
199ab9b2e15Sgtb /* New V2 entry points */
200ab9b2e15Sgtb static OM_uint32 k5glue_get_mic
201ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
202ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
203ab9b2e15Sgtb gss_qop_t, /* qop_req */
204ab9b2e15Sgtb gss_buffer_t, /* message_buffer */
205ab9b2e15Sgtb gss_buffer_t /* message_token */
206ab9b2e15Sgtb );
207ab9b2e15Sgtb
208ab9b2e15Sgtb static OM_uint32 k5glue_verify_mic
209ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
210ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
211ab9b2e15Sgtb gss_buffer_t, /* message_buffer */
212ab9b2e15Sgtb gss_buffer_t, /* message_token */
213ab9b2e15Sgtb gss_qop_t * /* qop_state */
214ab9b2e15Sgtb );
215ab9b2e15Sgtb
216ab9b2e15Sgtb static OM_uint32 k5glue_wrap
217ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
218ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
219ab9b2e15Sgtb int, /* conf_req_flag */
220ab9b2e15Sgtb gss_qop_t, /* qop_req */
221ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */
222ab9b2e15Sgtb int *, /* conf_state */
223ab9b2e15Sgtb gss_buffer_t /* output_message_buffer */
224ab9b2e15Sgtb );
225ab9b2e15Sgtb
226ab9b2e15Sgtb static OM_uint32 k5glue_unwrap
227ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
228ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
229ab9b2e15Sgtb gss_buffer_t, /* input_message_buffer */
230ab9b2e15Sgtb gss_buffer_t, /* output_message_buffer */
231ab9b2e15Sgtb int *, /* conf_state */
232ab9b2e15Sgtb gss_qop_t * /* qop_state */
233ab9b2e15Sgtb );
234ab9b2e15Sgtb #endif
235ab9b2e15Sgtb
236ab9b2e15Sgtb static OM_uint32 k5glue_wrap_size_limit
237ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
238ab9b2e15Sgtb gss_ctx_id_t, /* context_handle */
239ab9b2e15Sgtb int, /* conf_req_flag */
240ab9b2e15Sgtb gss_qop_t, /* qop_req */
241ab9b2e15Sgtb OM_uint32, /* req_output_size */
242ab9b2e15Sgtb OM_uint32 * /* max_input_size */
243ab9b2e15Sgtb );
244ab9b2e15Sgtb
245ab9b2e15Sgtb #if 0
246ab9b2e15Sgtb static OM_uint32 k5glue_import_name_object
247ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
248ab9b2e15Sgtb void *, /* input_name */
249ab9b2e15Sgtb gss_OID, /* input_name_type */
250ab9b2e15Sgtb gss_name_t * /* output_name */
251ab9b2e15Sgtb );
252ab9b2e15Sgtb
253ab9b2e15Sgtb static OM_uint32 k5glue_export_name_object
254ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
255ab9b2e15Sgtb gss_name_t, /* input_name */
256ab9b2e15Sgtb gss_OID, /* desired_name_type */
257ab9b2e15Sgtb void * * /* output_name */
258ab9b2e15Sgtb );
259ab9b2e15Sgtb #endif
260ab9b2e15Sgtb
261ab9b2e15Sgtb static OM_uint32 k5glue_add_cred
262ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
263ab9b2e15Sgtb gss_cred_id_t, /* input_cred_handle */
264ab9b2e15Sgtb gss_name_t, /* desired_name */
265ab9b2e15Sgtb gss_OID, /* desired_mech */
266ab9b2e15Sgtb gss_cred_usage_t, /* cred_usage */
267ab9b2e15Sgtb OM_uint32, /* initiator_time_req */
268ab9b2e15Sgtb OM_uint32, /* acceptor_time_req */
269ab9b2e15Sgtb gss_cred_id_t *, /* output_cred_handle */
270ab9b2e15Sgtb gss_OID_set *, /* actual_mechs */
271ab9b2e15Sgtb OM_uint32 *, /* initiator_time_rec */
272ab9b2e15Sgtb OM_uint32 * /* acceptor_time_rec */
273ab9b2e15Sgtb );
274ab9b2e15Sgtb
275ab9b2e15Sgtb static OM_uint32 k5glue_inquire_cred_by_mech
276ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
277ab9b2e15Sgtb gss_cred_id_t, /* cred_handle */
278ab9b2e15Sgtb gss_OID, /* mech_type */
279ab9b2e15Sgtb gss_name_t *, /* name */
280ab9b2e15Sgtb OM_uint32 *, /* initiator_lifetime */
281ab9b2e15Sgtb OM_uint32 *, /* acceptor_lifetime */
282ab9b2e15Sgtb gss_cred_usage_t * /* cred_usage */
283ab9b2e15Sgtb );
284ab9b2e15Sgtb
285ab9b2e15Sgtb static OM_uint32 k5glue_export_sec_context
286ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
287ab9b2e15Sgtb gss_ctx_id_t *, /* context_handle */
288ab9b2e15Sgtb gss_buffer_t /* interprocess_token */
289ab9b2e15Sgtb );
290ab9b2e15Sgtb
291ab9b2e15Sgtb static OM_uint32 k5glue_import_sec_context
292ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
293ab9b2e15Sgtb gss_buffer_t, /* interprocess_token */
294ab9b2e15Sgtb gss_ctx_id_t * /* context_handle */
295ab9b2e15Sgtb );
296ab9b2e15Sgtb
297ab9b2e15Sgtb krb5_error_code k5glue_ser_init(krb5_context);
298ab9b2e15Sgtb
299ab9b2e15Sgtb static OM_uint32 k5glue_internal_release_oid
300ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
301ab9b2e15Sgtb gss_OID * /* oid */
302ab9b2e15Sgtb );
303ab9b2e15Sgtb
304ab9b2e15Sgtb static OM_uint32 k5glue_inquire_names_for_mech
305ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
306ab9b2e15Sgtb gss_OID, /* mechanism */
307ab9b2e15Sgtb gss_OID_set * /* name_types */
308ab9b2e15Sgtb );
309ab9b2e15Sgtb
310ab9b2e15Sgtb #if 0
311ab9b2e15Sgtb static OM_uint32 k5glue_canonicalize_name
312ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
313ab9b2e15Sgtb const gss_name_t, /* input_name */
314ab9b2e15Sgtb const gss_OID, /* mech_type */
315ab9b2e15Sgtb gss_name_t * /* output_name */
316ab9b2e15Sgtb );
317ab9b2e15Sgtb #endif
318ab9b2e15Sgtb
319ab9b2e15Sgtb static OM_uint32 k5glue_export_name
320ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
321ab9b2e15Sgtb const gss_name_t, /* input_name */
322ab9b2e15Sgtb gss_buffer_t /* exported_name */
323ab9b2e15Sgtb );
324ab9b2e15Sgtb
325ab9b2e15Sgtb /* SUNW15resync - Solaris specific */
326ab9b2e15Sgtb static OM_uint32 k5glue_store_cred (
327ab9b2e15Sgtb void *,
328ab9b2e15Sgtb OM_uint32 *, /* minor_status */
329ab9b2e15Sgtb const gss_cred_id_t, /* input_cred */
330ab9b2e15Sgtb gss_cred_usage_t, /* cred_usage */
331ab9b2e15Sgtb const gss_OID, /* desired_mech */
332ab9b2e15Sgtb OM_uint32, /* overwrite_cred */
333ab9b2e15Sgtb OM_uint32, /* default_cred */
334ab9b2e15Sgtb gss_OID_set *, /* elements_stored */
335ab9b2e15Sgtb gss_cred_usage_t * /* cred_usage_stored */
336ab9b2e15Sgtb );
337ab9b2e15Sgtb
338ba7b222eSGlenn Barry /* SUNW17PACresync - this decl not needed in MIT but is for Sol */
339ba7b222eSGlenn Barry /* Note code is in gsspi_krb5.c */
340ba7b222eSGlenn Barry OM_uint32 krb5_gss_inquire_sec_context_by_oid(
341ba7b222eSGlenn Barry OM_uint32 *,
342ba7b222eSGlenn Barry const gss_ctx_id_t,
343ba7b222eSGlenn Barry const gss_OID,
344ba7b222eSGlenn Barry gss_buffer_set_t *);
345ba7b222eSGlenn Barry
346ab9b2e15Sgtb static OM_uint32
347ab9b2e15Sgtb k5glue_userok(
348ab9b2e15Sgtb void *, /* context */
349ab9b2e15Sgtb OM_uint32 *, /* minor_status */
350ab9b2e15Sgtb const gss_name_t, /* pname */
351ab9b2e15Sgtb const char *, /* local user */
352ab9b2e15Sgtb int * /* user ok? */
353ab9b2e15Sgtb /* */);
354ab9b2e15Sgtb
355ab9b2e15Sgtb static OM_uint32
356ab9b2e15Sgtb k5glue_pname_to_uid(
357ab9b2e15Sgtb void *, /* context */
358ab9b2e15Sgtb OM_uint32 *, /* minor_status */
359ab9b2e15Sgtb const gss_name_t, /* pname */
360ab9b2e15Sgtb uid_t * /* uid */
361ab9b2e15Sgtb /* */);
362ab9b2e15Sgtb
363ab9b2e15Sgtb
364ab9b2e15Sgtb
365ab9b2e15Sgtb
366ab9b2e15Sgtb #if 0
367ab9b2e15Sgtb static OM_uint32 k5glue_duplicate_name
368ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
369ab9b2e15Sgtb const gss_name_t, /* input_name */
370ab9b2e15Sgtb gss_name_t * /* dest_name */
371ab9b2e15Sgtb );
372ab9b2e15Sgtb #endif
373ab9b2e15Sgtb
374ab9b2e15Sgtb #if 0
375ab9b2e15Sgtb static OM_uint32 k5glue_validate_cred
376ab9b2e15Sgtb (void *, OM_uint32 *, /* minor_status */
377ab9b2e15Sgtb gss_cred_id_t /* cred */
378ab9b2e15Sgtb );
379ab9b2e15Sgtb #endif
380ab9b2e15Sgtb
381ab9b2e15Sgtb #if 0
382ab9b2e15Sgtb /*
383ab9b2e15Sgtb * SUNW15resync
384ab9b2e15Sgtb * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src
385ab9b2e15Sgtb * slicing&dicing needs of the "nightly -SD" build. When it goes away,
386ab9b2e15Sgtb * we should use it assuming MIT still uses it then.
387ab9b2e15Sgtb */
388ab9b2e15Sgtb
389ab9b2e15Sgtb /*
390ab9b2e15Sgtb * The krb5 mechanism provides two mech OIDs; use this initializer to
391ab9b2e15Sgtb * ensure that both dispatch tables contain identical function
392ab9b2e15Sgtb * pointers.
393ab9b2e15Sgtb */
394ab9b2e15Sgtb #define KRB5_GSS_CONFIG_INIT \
395ab9b2e15Sgtb NULL, \
396ab9b2e15Sgtb ...
397ab9b2e15Sgtb #endif
398ab9b2e15Sgtb
399ab9b2e15Sgtb
400ab9b2e15Sgtb static struct gss_config krb5_mechanism = {
401ab9b2e15Sgtb #if 0 /* Solaris Kerberos */
402ab9b2e15Sgtb 100, "kerberos_v5",
403ab9b2e15Sgtb #endif
404ab9b2e15Sgtb { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
405ab9b2e15Sgtb NULL,
406ab9b2e15Sgtb k5glue_acquire_cred,
407ab9b2e15Sgtb k5glue_release_cred,
408ab9b2e15Sgtb k5glue_init_sec_context,
409ab9b2e15Sgtb k5glue_accept_sec_context,
410ab9b2e15Sgtb k5glue_unseal,
411ab9b2e15Sgtb k5glue_process_context_token,
412ab9b2e15Sgtb k5glue_delete_sec_context,
413ab9b2e15Sgtb k5glue_context_time,
414ab9b2e15Sgtb k5glue_display_status,
415ab9b2e15Sgtb k5glue_indicate_mechs,
416ab9b2e15Sgtb k5glue_compare_name,
417ab9b2e15Sgtb k5glue_display_name,
418ab9b2e15Sgtb k5glue_import_name,
419ab9b2e15Sgtb k5glue_release_name,
420ab9b2e15Sgtb k5glue_inquire_cred,
421ab9b2e15Sgtb k5glue_add_cred,
422ab9b2e15Sgtb k5glue_seal,
423ab9b2e15Sgtb k5glue_export_sec_context,
424ab9b2e15Sgtb k5glue_import_sec_context,
425ab9b2e15Sgtb k5glue_inquire_cred_by_mech,
426ab9b2e15Sgtb k5glue_inquire_names_for_mech,
427ab9b2e15Sgtb k5glue_inquire_context,
428ab9b2e15Sgtb k5glue_internal_release_oid,
429ab9b2e15Sgtb k5glue_wrap_size_limit,
430ab9b2e15Sgtb k5glue_pname_to_uid,
431ab9b2e15Sgtb k5glue_userok,
432ab9b2e15Sgtb k5glue_export_name,
433ab9b2e15Sgtb k5glue_sign,
434ab9b2e15Sgtb k5glue_verify,
435ba7b222eSGlenn Barry k5glue_store_cred,
436ba7b222eSGlenn Barry krb5_gss_inquire_sec_context_by_oid
437ab9b2e15Sgtb };
438ab9b2e15Sgtb
439ab9b2e15Sgtb static struct gss_config krb5_mechanism_old = {
440ab9b2e15Sgtb #if 0 /* Solaris Kerberos */
441ab9b2e15Sgtb 200, "kerberos_v5 (pre-RFC OID)",
442ab9b2e15Sgtb #endif
443ab9b2e15Sgtb { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID },
444ab9b2e15Sgtb NULL,
445ab9b2e15Sgtb k5glue_acquire_cred,
446ab9b2e15Sgtb k5glue_release_cred,
447ab9b2e15Sgtb k5glue_init_sec_context,
448ab9b2e15Sgtb k5glue_accept_sec_context,
449ab9b2e15Sgtb k5glue_unseal,
450ab9b2e15Sgtb k5glue_process_context_token,
451ab9b2e15Sgtb k5glue_delete_sec_context,
452ab9b2e15Sgtb k5glue_context_time,
453ab9b2e15Sgtb k5glue_display_status,
454ab9b2e15Sgtb k5glue_indicate_mechs,
455ab9b2e15Sgtb k5glue_compare_name,
456ab9b2e15Sgtb k5glue_display_name,
457ab9b2e15Sgtb k5glue_import_name,
458ab9b2e15Sgtb k5glue_release_name,
459ab9b2e15Sgtb k5glue_inquire_cred,
460ab9b2e15Sgtb k5glue_add_cred,
461ab9b2e15Sgtb k5glue_seal,
462ab9b2e15Sgtb k5glue_export_sec_context,
463ab9b2e15Sgtb k5glue_import_sec_context,
464ab9b2e15Sgtb k5glue_inquire_cred_by_mech,
465ab9b2e15Sgtb k5glue_inquire_names_for_mech,
466ab9b2e15Sgtb k5glue_inquire_context,
467ab9b2e15Sgtb k5glue_internal_release_oid,
468ab9b2e15Sgtb k5glue_wrap_size_limit,
469ab9b2e15Sgtb k5glue_pname_to_uid,
470ab9b2e15Sgtb k5glue_userok,
471ab9b2e15Sgtb k5glue_export_name,
472ab9b2e15Sgtb k5glue_sign,
473ab9b2e15Sgtb k5glue_verify,
474ba7b222eSGlenn Barry k5glue_store_cred,
475ba7b222eSGlenn Barry krb5_gss_inquire_sec_context_by_oid
476ab9b2e15Sgtb };
477ab9b2e15Sgtb
478ab9b2e15Sgtb static struct gss_config krb5_mechanism_wrong = {
479ab9b2e15Sgtb #if 0 /* Solaris Kerberos */
480ab9b2e15Sgtb 300, "kerberos_v5 (wrong OID)",
481ab9b2e15Sgtb #endif
482ab9b2e15Sgtb { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID },
483ab9b2e15Sgtb NULL,
484ab9b2e15Sgtb k5glue_acquire_cred,
485ab9b2e15Sgtb k5glue_release_cred,
486ab9b2e15Sgtb k5glue_init_sec_context,
487ab9b2e15Sgtb k5glue_accept_sec_context,
488ab9b2e15Sgtb k5glue_unseal,
489ab9b2e15Sgtb k5glue_process_context_token,
490ab9b2e15Sgtb k5glue_delete_sec_context,
491ab9b2e15Sgtb k5glue_context_time,
492ab9b2e15Sgtb k5glue_display_status,
493ab9b2e15Sgtb k5glue_indicate_mechs,
494ab9b2e15Sgtb k5glue_compare_name,
495ab9b2e15Sgtb k5glue_display_name,
496ab9b2e15Sgtb k5glue_import_name,
497ab9b2e15Sgtb k5glue_release_name,
498ab9b2e15Sgtb k5glue_inquire_cred,
499ab9b2e15Sgtb k5glue_add_cred,
500ab9b2e15Sgtb k5glue_seal,
501ab9b2e15Sgtb k5glue_export_sec_context,
502ab9b2e15Sgtb k5glue_import_sec_context,
503ab9b2e15Sgtb k5glue_inquire_cred_by_mech,
504ab9b2e15Sgtb k5glue_inquire_names_for_mech,
505ab9b2e15Sgtb k5glue_inquire_context,
506ab9b2e15Sgtb k5glue_internal_release_oid,
507ab9b2e15Sgtb k5glue_wrap_size_limit,
508ab9b2e15Sgtb k5glue_pname_to_uid,
509ab9b2e15Sgtb k5glue_userok,
510ab9b2e15Sgtb k5glue_export_name,
511ab9b2e15Sgtb k5glue_sign,
512ab9b2e15Sgtb k5glue_verify,
513ba7b222eSGlenn Barry k5glue_store_cred,
514ba7b222eSGlenn Barry krb5_gss_inquire_sec_context_by_oid
515ab9b2e15Sgtb };
516ab9b2e15Sgtb
517ab9b2e15Sgtb static gss_mechanism krb5_mech_configs[] = {
518ab9b2e15Sgtb &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL
519ab9b2e15Sgtb };
520ab9b2e15Sgtb
521ab9b2e15Sgtb #ifdef MS_BUG_TEST
522ab9b2e15Sgtb static gss_mechanism krb5_mech_configs_hack[] = {
523ab9b2e15Sgtb &krb5_mechanism, &krb5_mechanism_old, NULL
524ab9b2e15Sgtb };
525ab9b2e15Sgtb #endif
526ab9b2e15Sgtb
527ab9b2e15Sgtb #if 1
528ab9b2e15Sgtb #define gssint_get_mech_configs krb5_gss_get_mech_configs
529ab9b2e15Sgtb #endif
530ab9b2e15Sgtb
531ab9b2e15Sgtb gss_mechanism *
gssint_get_mech_configs(void)532ab9b2e15Sgtb gssint_get_mech_configs(void)
533ab9b2e15Sgtb {
534ab9b2e15Sgtb #ifdef MS_BUG_TEST
535ab9b2e15Sgtb char *envstr = getenv("MS_FORCE_NO_MSOID");
536ab9b2e15Sgtb
537ab9b2e15Sgtb if (envstr != NULL && strcmp(envstr, "1") == 0) {
538ab9b2e15Sgtb return krb5_mech_configs_hack;
539ab9b2e15Sgtb }
540ab9b2e15Sgtb #endif
541ab9b2e15Sgtb return krb5_mech_configs;
542ab9b2e15Sgtb }
543ab9b2e15Sgtb
544ab9b2e15Sgtb static OM_uint32
k5glue_accept_sec_context(ctx,minor_status,context_handle,verifier_cred_handle,input_token,input_chan_bindings,src_name,mech_type,output_token,ret_flags,time_rec,delegated_cred_handle)545ab9b2e15Sgtb k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle,
546ab9b2e15Sgtb input_token, input_chan_bindings, src_name, mech_type,
547ab9b2e15Sgtb output_token, ret_flags, time_rec, delegated_cred_handle)
548ab9b2e15Sgtb void *ctx;
549ab9b2e15Sgtb OM_uint32 *minor_status;
550ab9b2e15Sgtb gss_ctx_id_t *context_handle;
551ab9b2e15Sgtb gss_cred_id_t verifier_cred_handle;
552ab9b2e15Sgtb gss_buffer_t input_token;
553ab9b2e15Sgtb gss_channel_bindings_t input_chan_bindings;
554ab9b2e15Sgtb gss_name_t *src_name;
555ab9b2e15Sgtb gss_OID *mech_type;
556ab9b2e15Sgtb gss_buffer_t output_token;
557ab9b2e15Sgtb OM_uint32 *ret_flags;
558ab9b2e15Sgtb OM_uint32 *time_rec;
559ab9b2e15Sgtb gss_cred_id_t *delegated_cred_handle;
560ab9b2e15Sgtb {
561ab9b2e15Sgtb return(krb5_gss_accept_sec_context(minor_status,
562ab9b2e15Sgtb context_handle,
563ab9b2e15Sgtb verifier_cred_handle,
564ab9b2e15Sgtb input_token,
565ab9b2e15Sgtb input_chan_bindings,
566ab9b2e15Sgtb src_name,
567ab9b2e15Sgtb mech_type,
568ab9b2e15Sgtb output_token,
569ab9b2e15Sgtb ret_flags,
570ab9b2e15Sgtb time_rec,
571ab9b2e15Sgtb delegated_cred_handle));
572ab9b2e15Sgtb }
573ab9b2e15Sgtb
574ab9b2e15Sgtb static OM_uint32
k5glue_acquire_cred(ctx,minor_status,desired_name,time_req,desired_mechs,cred_usage,output_cred_handle,actual_mechs,time_rec)575ab9b2e15Sgtb k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
576ab9b2e15Sgtb cred_usage, output_cred_handle, actual_mechs, time_rec)
577ab9b2e15Sgtb void *ctx;
578ab9b2e15Sgtb OM_uint32 *minor_status;
579ab9b2e15Sgtb gss_name_t desired_name;
580ab9b2e15Sgtb OM_uint32 time_req;
581ab9b2e15Sgtb gss_OID_set desired_mechs;
582ab9b2e15Sgtb gss_cred_usage_t cred_usage;
583ab9b2e15Sgtb gss_cred_id_t *output_cred_handle;
584ab9b2e15Sgtb gss_OID_set *actual_mechs;
585ab9b2e15Sgtb OM_uint32 *time_rec;
586ab9b2e15Sgtb {
587ab9b2e15Sgtb return(krb5_gss_acquire_cred(minor_status,
588ab9b2e15Sgtb desired_name,
589ab9b2e15Sgtb time_req,
590ab9b2e15Sgtb desired_mechs,
591ab9b2e15Sgtb cred_usage,
592ab9b2e15Sgtb output_cred_handle,
593ab9b2e15Sgtb actual_mechs,
594ab9b2e15Sgtb time_rec));
595ab9b2e15Sgtb }
596ab9b2e15Sgtb
597ab9b2e15Sgtb /* V2 */
598ab9b2e15Sgtb static OM_uint32
k5glue_add_cred(ctx,minor_status,input_cred_handle,desired_name,desired_mech,cred_usage,initiator_time_req,acceptor_time_req,output_cred_handle,actual_mechs,initiator_time_rec,acceptor_time_rec)599ab9b2e15Sgtb k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech,
600ab9b2e15Sgtb cred_usage, initiator_time_req, acceptor_time_req,
601ab9b2e15Sgtb output_cred_handle, actual_mechs, initiator_time_rec,
602ab9b2e15Sgtb acceptor_time_rec)
603ab9b2e15Sgtb void *ctx;
604ab9b2e15Sgtb OM_uint32 *minor_status;
605ab9b2e15Sgtb gss_cred_id_t input_cred_handle;
606ab9b2e15Sgtb gss_name_t desired_name;
607ab9b2e15Sgtb gss_OID desired_mech;
608ab9b2e15Sgtb gss_cred_usage_t cred_usage;
609ab9b2e15Sgtb OM_uint32 initiator_time_req;
610ab9b2e15Sgtb OM_uint32 acceptor_time_req;
611ab9b2e15Sgtb gss_cred_id_t *output_cred_handle;
612ab9b2e15Sgtb gss_OID_set *actual_mechs;
613ab9b2e15Sgtb OM_uint32 *initiator_time_rec;
614ab9b2e15Sgtb OM_uint32 *acceptor_time_rec;
615ab9b2e15Sgtb {
616ab9b2e15Sgtb return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name,
617ab9b2e15Sgtb desired_mech, cred_usage, initiator_time_req,
618ab9b2e15Sgtb acceptor_time_req, output_cred_handle,
619ab9b2e15Sgtb actual_mechs, initiator_time_rec,
620ab9b2e15Sgtb acceptor_time_rec));
621ab9b2e15Sgtb }
622ab9b2e15Sgtb
623ab9b2e15Sgtb #if 0
624ab9b2e15Sgtb /* V2 */
625ab9b2e15Sgtb static OM_uint32
626ab9b2e15Sgtb k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set)
627ab9b2e15Sgtb void *ctx;
628ab9b2e15Sgtb OM_uint32 *minor_status;
629ab9b2e15Sgtb gss_OID member_oid;
630ab9b2e15Sgtb gss_OID_set *oid_set;
631ab9b2e15Sgtb {
632ab9b2e15Sgtb return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set));
633ab9b2e15Sgtb }
634ab9b2e15Sgtb #endif
635ab9b2e15Sgtb
636ab9b2e15Sgtb static OM_uint32
k5glue_compare_name(ctx,minor_status,name1,name2,name_equal)637ab9b2e15Sgtb k5glue_compare_name(ctx, minor_status, name1, name2, name_equal)
638ab9b2e15Sgtb void *ctx;
639ab9b2e15Sgtb OM_uint32 *minor_status;
640ab9b2e15Sgtb gss_name_t name1;
641ab9b2e15Sgtb gss_name_t name2;
642ab9b2e15Sgtb int *name_equal;
643ab9b2e15Sgtb {
644ab9b2e15Sgtb return(krb5_gss_compare_name(minor_status, name1,
645ab9b2e15Sgtb name2, name_equal));
646ab9b2e15Sgtb }
647ab9b2e15Sgtb
648ab9b2e15Sgtb static OM_uint32
k5glue_context_time(ctx,minor_status,context_handle,time_rec)649ab9b2e15Sgtb k5glue_context_time(ctx, minor_status, context_handle, time_rec)
650ab9b2e15Sgtb void *ctx;
651ab9b2e15Sgtb OM_uint32 *minor_status;
652ab9b2e15Sgtb gss_ctx_id_t context_handle;
653ab9b2e15Sgtb OM_uint32 *time_rec;
654ab9b2e15Sgtb {
655ab9b2e15Sgtb return(krb5_gss_context_time(minor_status, context_handle,
656ab9b2e15Sgtb time_rec));
657ab9b2e15Sgtb }
658ab9b2e15Sgtb
659ab9b2e15Sgtb #if 0
660ab9b2e15Sgtb /* V2 */
661ab9b2e15Sgtb static OM_uint32
662ab9b2e15Sgtb k5glue_create_empty_oid_set(ctx, minor_status, oid_set)
663ab9b2e15Sgtb void *ctx;
664ab9b2e15Sgtb OM_uint32 *minor_status;
665ab9b2e15Sgtb gss_OID_set *oid_set;
666ab9b2e15Sgtb {
667ab9b2e15Sgtb return(generic_gss_create_empty_oid_set(minor_status, oid_set));
668ab9b2e15Sgtb }
669ab9b2e15Sgtb #endif
670ab9b2e15Sgtb
671ab9b2e15Sgtb static OM_uint32
k5glue_delete_sec_context(ctx,minor_status,context_handle,output_token)672ab9b2e15Sgtb k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token)
673ab9b2e15Sgtb void *ctx;
674ab9b2e15Sgtb OM_uint32 *minor_status;
675ab9b2e15Sgtb gss_ctx_id_t *context_handle;
676ab9b2e15Sgtb gss_buffer_t output_token;
677ab9b2e15Sgtb {
678ab9b2e15Sgtb return(krb5_gss_delete_sec_context(minor_status,
679ab9b2e15Sgtb context_handle, output_token));
680ab9b2e15Sgtb }
681ab9b2e15Sgtb
682ab9b2e15Sgtb static OM_uint32
k5glue_display_name(ctx,minor_status,input_name,output_name_buffer,output_name_type)683ab9b2e15Sgtb k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type)
684ab9b2e15Sgtb void *ctx;
685ab9b2e15Sgtb OM_uint32 *minor_status;
686ab9b2e15Sgtb gss_name_t input_name;
687ab9b2e15Sgtb gss_buffer_t output_name_buffer;
688ab9b2e15Sgtb gss_OID *output_name_type;
689ab9b2e15Sgtb {
690ab9b2e15Sgtb return(krb5_gss_display_name(minor_status, input_name,
691ab9b2e15Sgtb output_name_buffer, output_name_type));
692ab9b2e15Sgtb }
693ab9b2e15Sgtb
694ab9b2e15Sgtb static OM_uint32
k5glue_display_status(ctx,minor_status,status_value,status_type,mech_type,message_context,status_string)695ab9b2e15Sgtb k5glue_display_status(ctx, minor_status, status_value, status_type,
696ab9b2e15Sgtb mech_type, message_context, status_string)
697ab9b2e15Sgtb void *ctx;
698ab9b2e15Sgtb OM_uint32 *minor_status;
699ab9b2e15Sgtb OM_uint32 status_value;
700ab9b2e15Sgtb int status_type;
701ab9b2e15Sgtb gss_OID mech_type;
702ab9b2e15Sgtb OM_uint32 *message_context;
703ab9b2e15Sgtb gss_buffer_t status_string;
704ab9b2e15Sgtb {
705ab9b2e15Sgtb return(krb5_gss_display_status(minor_status, status_value,
706ab9b2e15Sgtb status_type, mech_type, message_context,
707ab9b2e15Sgtb status_string));
708ab9b2e15Sgtb }
709ab9b2e15Sgtb
710ab9b2e15Sgtb /* V2 */
711ab9b2e15Sgtb static OM_uint32
k5glue_export_sec_context(ctx,minor_status,context_handle,interprocess_token)712ab9b2e15Sgtb k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token)
713ab9b2e15Sgtb void *ctx;
714ab9b2e15Sgtb OM_uint32 *minor_status;
715ab9b2e15Sgtb gss_ctx_id_t *context_handle;
716ab9b2e15Sgtb gss_buffer_t interprocess_token;
717ab9b2e15Sgtb {
718ab9b2e15Sgtb return(krb5_gss_export_sec_context(minor_status,
719ab9b2e15Sgtb context_handle,
720ab9b2e15Sgtb interprocess_token));
721ab9b2e15Sgtb }
722ab9b2e15Sgtb
723ab9b2e15Sgtb #if 0
724ab9b2e15Sgtb /* V2 */
725ab9b2e15Sgtb static OM_uint32
726ab9b2e15Sgtb k5glue_get_mic(ctx, minor_status, context_handle, qop_req,
727ab9b2e15Sgtb message_buffer, message_token)
728ab9b2e15Sgtb void *ctx;
729ab9b2e15Sgtb OM_uint32 *minor_status;
730ab9b2e15Sgtb gss_ctx_id_t context_handle;
731ab9b2e15Sgtb gss_qop_t qop_req;
732ab9b2e15Sgtb gss_buffer_t message_buffer;
733ab9b2e15Sgtb gss_buffer_t message_token;
734ab9b2e15Sgtb {
735ab9b2e15Sgtb return(krb5_gss_get_mic(minor_status, context_handle,
736ab9b2e15Sgtb qop_req, message_buffer, message_token));
737ab9b2e15Sgtb }
738ab9b2e15Sgtb #endif
739ab9b2e15Sgtb
740ab9b2e15Sgtb static OM_uint32
k5glue_import_name(ctx,minor_status,input_name_buffer,input_name_type,output_name)741ab9b2e15Sgtb k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name)
742ab9b2e15Sgtb void *ctx;
743ab9b2e15Sgtb OM_uint32 *minor_status;
744ab9b2e15Sgtb gss_buffer_t input_name_buffer;
745ab9b2e15Sgtb gss_OID input_name_type;
746ab9b2e15Sgtb gss_name_t *output_name;
747ab9b2e15Sgtb {
748ab9b2e15Sgtb #if 0
749ab9b2e15Sgtb OM_uint32 err;
750ab9b2e15Sgtb err = gssint_initialize_library();
751ab9b2e15Sgtb if (err) {
752ab9b2e15Sgtb *minor_status = err;
753ab9b2e15Sgtb return GSS_S_FAILURE;
754ab9b2e15Sgtb }
755ab9b2e15Sgtb #endif
756ab9b2e15Sgtb return(krb5_gss_import_name(minor_status, input_name_buffer,
757ab9b2e15Sgtb input_name_type, output_name));
758ab9b2e15Sgtb }
759ab9b2e15Sgtb
760ab9b2e15Sgtb /* V2 */
761ab9b2e15Sgtb static OM_uint32
k5glue_import_sec_context(ctx,minor_status,interprocess_token,context_handle)762ab9b2e15Sgtb k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
763ab9b2e15Sgtb void *ctx;
764ab9b2e15Sgtb OM_uint32 *minor_status;
765ab9b2e15Sgtb gss_buffer_t interprocess_token;
766ab9b2e15Sgtb gss_ctx_id_t *context_handle;
767ab9b2e15Sgtb {
768ab9b2e15Sgtb return(krb5_gss_import_sec_context(minor_status,
769ab9b2e15Sgtb interprocess_token,
770ab9b2e15Sgtb context_handle));
771ab9b2e15Sgtb }
772ab9b2e15Sgtb
773ab9b2e15Sgtb static OM_uint32
k5glue_indicate_mechs(ctx,minor_status,mech_set)774ab9b2e15Sgtb k5glue_indicate_mechs(ctx, minor_status, mech_set)
775ab9b2e15Sgtb void *ctx;
776ab9b2e15Sgtb OM_uint32 *minor_status;
777ab9b2e15Sgtb gss_OID_set *mech_set;
778ab9b2e15Sgtb {
779ab9b2e15Sgtb return(krb5_gss_indicate_mechs(minor_status, mech_set));
780ab9b2e15Sgtb }
781ab9b2e15Sgtb
782ab9b2e15Sgtb static OM_uint32
k5glue_init_sec_context(ctx,minor_status,claimant_cred_handle,context_handle,target_name,mech_type,req_flags,time_req,input_chan_bindings,input_token,actual_mech_type,output_token,ret_flags,time_rec)783ab9b2e15Sgtb k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle,
784ab9b2e15Sgtb target_name, mech_type, req_flags, time_req,
785ab9b2e15Sgtb input_chan_bindings, input_token, actual_mech_type,
786ab9b2e15Sgtb output_token, ret_flags, time_rec)
787ab9b2e15Sgtb void *ctx;
788ab9b2e15Sgtb OM_uint32 *minor_status;
789ab9b2e15Sgtb gss_cred_id_t claimant_cred_handle;
790ab9b2e15Sgtb gss_ctx_id_t *context_handle;
791ab9b2e15Sgtb gss_name_t target_name;
792ab9b2e15Sgtb gss_OID mech_type;
793ab9b2e15Sgtb OM_uint32 req_flags;
794ab9b2e15Sgtb OM_uint32 time_req;
795ab9b2e15Sgtb gss_channel_bindings_t input_chan_bindings;
796ab9b2e15Sgtb gss_buffer_t input_token;
797ab9b2e15Sgtb gss_OID *actual_mech_type;
798ab9b2e15Sgtb gss_buffer_t output_token;
799ab9b2e15Sgtb OM_uint32 *ret_flags;
800ab9b2e15Sgtb OM_uint32 *time_rec;
801ab9b2e15Sgtb {
802ab9b2e15Sgtb return(krb5_gss_init_sec_context(minor_status,
803ab9b2e15Sgtb claimant_cred_handle, context_handle,
804ab9b2e15Sgtb target_name, mech_type, req_flags,
805ab9b2e15Sgtb time_req, input_chan_bindings, input_token,
806ab9b2e15Sgtb actual_mech_type, output_token, ret_flags,
807ab9b2e15Sgtb time_rec));
808ab9b2e15Sgtb }
809ab9b2e15Sgtb
810ab9b2e15Sgtb static OM_uint32
k5glue_inquire_context(ctx,minor_status,context_handle,initiator_name,acceptor_name,lifetime_rec,mech_type,ret_flags,locally_initiated,open)811ab9b2e15Sgtb k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name,
812ab9b2e15Sgtb lifetime_rec, mech_type, ret_flags,
813ab9b2e15Sgtb locally_initiated, open)
814ab9b2e15Sgtb void *ctx;
815ab9b2e15Sgtb OM_uint32 *minor_status;
816ab9b2e15Sgtb gss_ctx_id_t context_handle;
817ab9b2e15Sgtb gss_name_t *initiator_name;
818ab9b2e15Sgtb gss_name_t *acceptor_name;
819ab9b2e15Sgtb OM_uint32 *lifetime_rec;
820ab9b2e15Sgtb gss_OID *mech_type;
821ab9b2e15Sgtb OM_uint32 *ret_flags;
822ab9b2e15Sgtb int *locally_initiated;
823ab9b2e15Sgtb int *open;
824ab9b2e15Sgtb {
825ab9b2e15Sgtb return(krb5_gss_inquire_context(minor_status, context_handle,
826ab9b2e15Sgtb initiator_name, acceptor_name, lifetime_rec,
827ab9b2e15Sgtb mech_type, ret_flags, locally_initiated,
828ab9b2e15Sgtb open));
829ab9b2e15Sgtb }
830ab9b2e15Sgtb
831ab9b2e15Sgtb static OM_uint32
k5glue_inquire_cred(ctx,minor_status,cred_handle,name,lifetime_ret,cred_usage,mechanisms)832ab9b2e15Sgtb k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret,
833ab9b2e15Sgtb cred_usage, mechanisms)
834ab9b2e15Sgtb void *ctx;
835ab9b2e15Sgtb OM_uint32 *minor_status;
836ab9b2e15Sgtb gss_cred_id_t cred_handle;
837ab9b2e15Sgtb gss_name_t *name;
838ab9b2e15Sgtb OM_uint32 *lifetime_ret;
839ab9b2e15Sgtb gss_cred_usage_t *cred_usage;
840ab9b2e15Sgtb gss_OID_set *mechanisms;
841ab9b2e15Sgtb {
842ab9b2e15Sgtb return(krb5_gss_inquire_cred(minor_status, cred_handle,
843ab9b2e15Sgtb name, lifetime_ret, cred_usage, mechanisms));
844ab9b2e15Sgtb }
845ab9b2e15Sgtb
846ab9b2e15Sgtb /* V2 */
847ab9b2e15Sgtb static OM_uint32
k5glue_inquire_cred_by_mech(ctx,minor_status,cred_handle,mech_type,name,initiator_lifetime,acceptor_lifetime,cred_usage)848ab9b2e15Sgtb k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name,
849ab9b2e15Sgtb initiator_lifetime, acceptor_lifetime, cred_usage)
850ab9b2e15Sgtb void *ctx;
851ab9b2e15Sgtb OM_uint32 *minor_status;
852ab9b2e15Sgtb gss_cred_id_t cred_handle;
853ab9b2e15Sgtb gss_OID mech_type;
854ab9b2e15Sgtb gss_name_t *name;
855ab9b2e15Sgtb OM_uint32 *initiator_lifetime;
856ab9b2e15Sgtb OM_uint32 *acceptor_lifetime;
857ab9b2e15Sgtb gss_cred_usage_t *cred_usage;
858ab9b2e15Sgtb {
859ab9b2e15Sgtb return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
860ab9b2e15Sgtb mech_type, name, initiator_lifetime,
861ab9b2e15Sgtb acceptor_lifetime, cred_usage));
862ab9b2e15Sgtb }
863ab9b2e15Sgtb
864ab9b2e15Sgtb /* V2 */
865ab9b2e15Sgtb static OM_uint32
k5glue_inquire_names_for_mech(ctx,minor_status,mechanism,name_types)866ab9b2e15Sgtb k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
867ab9b2e15Sgtb void *ctx;
868ab9b2e15Sgtb OM_uint32 *minor_status;
869ab9b2e15Sgtb gss_OID mechanism;
870ab9b2e15Sgtb gss_OID_set *name_types;
871ab9b2e15Sgtb {
872ab9b2e15Sgtb return(krb5_gss_inquire_names_for_mech(minor_status,
873ab9b2e15Sgtb mechanism,
874ab9b2e15Sgtb name_types));
875ab9b2e15Sgtb }
876ab9b2e15Sgtb
877ab9b2e15Sgtb #if 0
878ab9b2e15Sgtb /* V2 */
879ab9b2e15Sgtb static OM_uint32
880ab9b2e15Sgtb k5glue_oid_to_str(ctx, minor_status, oid, oid_str)
881ab9b2e15Sgtb void *ctx;
882ab9b2e15Sgtb OM_uint32 *minor_status;
883ab9b2e15Sgtb gss_OID oid;
884ab9b2e15Sgtb gss_buffer_t oid_str;
885ab9b2e15Sgtb {
886ab9b2e15Sgtb return(generic_gss_oid_to_str(minor_status, oid, oid_str));
887ab9b2e15Sgtb }
888ab9b2e15Sgtb #endif
889ab9b2e15Sgtb
890ab9b2e15Sgtb static OM_uint32
k5glue_process_context_token(ctx,minor_status,context_handle,token_buffer)891ab9b2e15Sgtb k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer)
892ab9b2e15Sgtb void *ctx;
893ab9b2e15Sgtb OM_uint32 *minor_status;
894ab9b2e15Sgtb gss_ctx_id_t context_handle;
895ab9b2e15Sgtb gss_buffer_t token_buffer;
896ab9b2e15Sgtb {
897ab9b2e15Sgtb return(krb5_gss_process_context_token(minor_status,
898ab9b2e15Sgtb context_handle, token_buffer));
899ab9b2e15Sgtb }
900ab9b2e15Sgtb
901ab9b2e15Sgtb static OM_uint32
k5glue_release_cred(ctx,minor_status,cred_handle)902ab9b2e15Sgtb k5glue_release_cred(ctx, minor_status, cred_handle)
903ab9b2e15Sgtb void *ctx;
904ab9b2e15Sgtb OM_uint32 *minor_status;
905ab9b2e15Sgtb gss_cred_id_t *cred_handle;
906ab9b2e15Sgtb {
907ab9b2e15Sgtb return(krb5_gss_release_cred(minor_status, cred_handle));
908ab9b2e15Sgtb }
909ab9b2e15Sgtb
910ab9b2e15Sgtb static OM_uint32
k5glue_release_name(ctx,minor_status,input_name)911ab9b2e15Sgtb k5glue_release_name(ctx, minor_status, input_name)
912ab9b2e15Sgtb void *ctx;
913ab9b2e15Sgtb OM_uint32 *minor_status;
914ab9b2e15Sgtb gss_name_t *input_name;
915ab9b2e15Sgtb {
916ab9b2e15Sgtb return(krb5_gss_release_name(minor_status, input_name));
917ab9b2e15Sgtb }
918ab9b2e15Sgtb
919ab9b2e15Sgtb #if 0
920ab9b2e15Sgtb static OM_uint32
921ab9b2e15Sgtb k5glue_release_buffer(ctx, minor_status, buffer)
922ab9b2e15Sgtb void *ctx;
923ab9b2e15Sgtb OM_uint32 *minor_status;
924ab9b2e15Sgtb gss_buffer_t buffer;
925ab9b2e15Sgtb {
926ab9b2e15Sgtb return(generic_gss_release_buffer(minor_status,
927ab9b2e15Sgtb buffer));
928ab9b2e15Sgtb }
929ab9b2e15Sgtb #endif
930ab9b2e15Sgtb
931ab9b2e15Sgtb /* V2 */
932ab9b2e15Sgtb static OM_uint32
k5glue_internal_release_oid(ctx,minor_status,oid)933ab9b2e15Sgtb k5glue_internal_release_oid(ctx, minor_status, oid)
934ab9b2e15Sgtb void *ctx;
935ab9b2e15Sgtb OM_uint32 *minor_status;
936ab9b2e15Sgtb gss_OID *oid;
937ab9b2e15Sgtb {
938ab9b2e15Sgtb return(krb5_gss_internal_release_oid(minor_status, oid));
939ab9b2e15Sgtb }
940ab9b2e15Sgtb
941ab9b2e15Sgtb #if 0
942ab9b2e15Sgtb static OM_uint32
943ab9b2e15Sgtb k5glue_release_oid_set(ctx, minor_status, set)
944ab9b2e15Sgtb void *ctx;
945ab9b2e15Sgtb OM_uint32 * minor_status;
946ab9b2e15Sgtb gss_OID_set *set;
947ab9b2e15Sgtb {
948ab9b2e15Sgtb return(generic_gss_release_oid_set(minor_status, set));
949ab9b2e15Sgtb }
950ab9b2e15Sgtb #endif
951ab9b2e15Sgtb
952ab9b2e15Sgtb /* V1 only */
953ab9b2e15Sgtb static OM_uint32
k5glue_seal(ctx,minor_status,context_handle,conf_req_flag,qop_req,input_message_buffer,conf_state,output_message_buffer)954ab9b2e15Sgtb k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
955ab9b2e15Sgtb input_message_buffer, conf_state, output_message_buffer)
956ab9b2e15Sgtb void *ctx;
957ab9b2e15Sgtb OM_uint32 *minor_status;
958ab9b2e15Sgtb gss_ctx_id_t context_handle;
959ab9b2e15Sgtb int conf_req_flag;
960ab9b2e15Sgtb int qop_req;
961ab9b2e15Sgtb gss_buffer_t input_message_buffer;
962ab9b2e15Sgtb int *conf_state;
963ab9b2e15Sgtb gss_buffer_t output_message_buffer;
964ab9b2e15Sgtb {
965ab9b2e15Sgtb return(krb5_gss_seal(minor_status, context_handle,
966ab9b2e15Sgtb conf_req_flag, qop_req, input_message_buffer,
967ab9b2e15Sgtb conf_state, output_message_buffer));
968ab9b2e15Sgtb }
969ab9b2e15Sgtb
970ab9b2e15Sgtb static OM_uint32
k5glue_sign(ctx,minor_status,context_handle,qop_req,message_buffer,message_token)971ab9b2e15Sgtb k5glue_sign(ctx, minor_status, context_handle,
972ab9b2e15Sgtb qop_req, message_buffer,
973ab9b2e15Sgtb message_token)
974ab9b2e15Sgtb void *ctx;
975ab9b2e15Sgtb OM_uint32 *minor_status;
976ab9b2e15Sgtb gss_ctx_id_t context_handle;
977ab9b2e15Sgtb int qop_req;
978ab9b2e15Sgtb gss_buffer_t message_buffer;
979ab9b2e15Sgtb gss_buffer_t message_token;
980ab9b2e15Sgtb {
981ab9b2e15Sgtb return(krb5_gss_sign(minor_status, context_handle,
982ab9b2e15Sgtb qop_req, message_buffer, message_token));
983ab9b2e15Sgtb }
984ab9b2e15Sgtb
985ab9b2e15Sgtb #if 0
986ab9b2e15Sgtb /* V2 */
987ab9b2e15Sgtb static OM_uint32
988ab9b2e15Sgtb k5glue_verify_mic(ctx, minor_status, context_handle,
989ab9b2e15Sgtb message_buffer, token_buffer, qop_state)
990ab9b2e15Sgtb void *ctx;
991ab9b2e15Sgtb OM_uint32 *minor_status;
992ab9b2e15Sgtb gss_ctx_id_t context_handle;
993ab9b2e15Sgtb gss_buffer_t message_buffer;
994ab9b2e15Sgtb gss_buffer_t token_buffer;
995ab9b2e15Sgtb gss_qop_t *qop_state;
996ab9b2e15Sgtb {
997ab9b2e15Sgtb return(krb5_gss_verify_mic(minor_status, context_handle,
998ab9b2e15Sgtb message_buffer, token_buffer, qop_state));
999ab9b2e15Sgtb }
1000ab9b2e15Sgtb
1001ab9b2e15Sgtb /* V2 */
1002ab9b2e15Sgtb static OM_uint32
1003ab9b2e15Sgtb k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req,
1004ab9b2e15Sgtb input_message_buffer, conf_state, output_message_buffer)
1005ab9b2e15Sgtb void *ctx;
1006ab9b2e15Sgtb OM_uint32 *minor_status;
1007ab9b2e15Sgtb gss_ctx_id_t context_handle;
1008ab9b2e15Sgtb int conf_req_flag;
1009ab9b2e15Sgtb gss_qop_t qop_req;
1010ab9b2e15Sgtb gss_buffer_t input_message_buffer;
1011ab9b2e15Sgtb int *conf_state;
1012ab9b2e15Sgtb gss_buffer_t output_message_buffer;
1013ab9b2e15Sgtb {
1014ab9b2e15Sgtb return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req,
1015ab9b2e15Sgtb input_message_buffer, conf_state,
1016ab9b2e15Sgtb output_message_buffer));
1017ab9b2e15Sgtb }
1018ab9b2e15Sgtb
1019ab9b2e15Sgtb /* V2 */
1020ab9b2e15Sgtb static OM_uint32
1021ab9b2e15Sgtb k5glue_str_to_oid(ctx, minor_status, oid_str, oid)
1022ab9b2e15Sgtb void *ctx;
1023ab9b2e15Sgtb OM_uint32 *minor_status;
1024ab9b2e15Sgtb gss_buffer_t oid_str;
1025ab9b2e15Sgtb gss_OID *oid;
1026ab9b2e15Sgtb {
1027ab9b2e15Sgtb return(generic_gss_str_to_oid(minor_status, oid_str, oid));
1028ab9b2e15Sgtb }
1029ab9b2e15Sgtb
1030ab9b2e15Sgtb /* V2 */
1031ab9b2e15Sgtb static OM_uint32
1032ab9b2e15Sgtb k5glue_test_oid_set_member(ctx, minor_status, member, set, present)
1033ab9b2e15Sgtb void *ctx;
1034ab9b2e15Sgtb OM_uint32 *minor_status;
1035ab9b2e15Sgtb gss_OID member;
1036ab9b2e15Sgtb gss_OID_set set;
1037ab9b2e15Sgtb int *present;
1038ab9b2e15Sgtb {
1039ab9b2e15Sgtb return(generic_gss_test_oid_set_member(minor_status, member, set,
1040ab9b2e15Sgtb present));
1041ab9b2e15Sgtb }
1042ab9b2e15Sgtb #endif
1043ab9b2e15Sgtb
1044ab9b2e15Sgtb /* V1 only */
1045ab9b2e15Sgtb static OM_uint32
k5glue_unseal(ctx,minor_status,context_handle,input_message_buffer,output_message_buffer,conf_state,qop_state)1046ab9b2e15Sgtb k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
1047ab9b2e15Sgtb output_message_buffer, conf_state, qop_state)
1048ab9b2e15Sgtb void *ctx;
1049ab9b2e15Sgtb OM_uint32 *minor_status;
1050ab9b2e15Sgtb gss_ctx_id_t context_handle;
1051ab9b2e15Sgtb gss_buffer_t input_message_buffer;
1052ab9b2e15Sgtb gss_buffer_t output_message_buffer;
1053ab9b2e15Sgtb int *conf_state;
1054ab9b2e15Sgtb int *qop_state;
1055ab9b2e15Sgtb {
1056ab9b2e15Sgtb return(krb5_gss_unseal(minor_status, context_handle,
1057ab9b2e15Sgtb input_message_buffer, output_message_buffer,
1058ab9b2e15Sgtb conf_state, qop_state));
1059ab9b2e15Sgtb }
1060ab9b2e15Sgtb
1061ab9b2e15Sgtb #if 0
1062ab9b2e15Sgtb /* V2 */
1063ab9b2e15Sgtb static OM_uint32
1064ab9b2e15Sgtb k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer,
1065ab9b2e15Sgtb output_message_buffer, conf_state, qop_state)
1066ab9b2e15Sgtb void *ctx;
1067ab9b2e15Sgtb OM_uint32 *minor_status;
1068ab9b2e15Sgtb gss_ctx_id_t context_handle;
1069ab9b2e15Sgtb gss_buffer_t input_message_buffer;
1070ab9b2e15Sgtb gss_buffer_t output_message_buffer;
1071ab9b2e15Sgtb int *conf_state;
1072ab9b2e15Sgtb gss_qop_t *qop_state;
1073ab9b2e15Sgtb {
1074ab9b2e15Sgtb return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer,
1075ab9b2e15Sgtb output_message_buffer, conf_state, qop_state));
1076ab9b2e15Sgtb }
1077ab9b2e15Sgtb #endif
1078ab9b2e15Sgtb
1079ab9b2e15Sgtb /* V1 only */
1080ab9b2e15Sgtb static OM_uint32
k5glue_verify(ctx,minor_status,context_handle,message_buffer,token_buffer,qop_state)1081ab9b2e15Sgtb k5glue_verify(ctx, minor_status, context_handle, message_buffer,
1082ab9b2e15Sgtb token_buffer, qop_state)
1083ab9b2e15Sgtb void *ctx;
1084ab9b2e15Sgtb OM_uint32 *minor_status;
1085ab9b2e15Sgtb gss_ctx_id_t context_handle;
1086ab9b2e15Sgtb gss_buffer_t message_buffer;
1087ab9b2e15Sgtb gss_buffer_t token_buffer;
1088ab9b2e15Sgtb int *qop_state;
1089ab9b2e15Sgtb {
1090ab9b2e15Sgtb return(krb5_gss_verify(minor_status,
1091ab9b2e15Sgtb context_handle,
1092ab9b2e15Sgtb message_buffer,
1093ab9b2e15Sgtb token_buffer,
1094ab9b2e15Sgtb qop_state));
1095ab9b2e15Sgtb }
1096ab9b2e15Sgtb
1097ab9b2e15Sgtb /* V2 interface */
1098ab9b2e15Sgtb static OM_uint32
k5glue_wrap_size_limit(ctx,minor_status,context_handle,conf_req_flag,qop_req,req_output_size,max_input_size)1099ab9b2e15Sgtb k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag,
1100ab9b2e15Sgtb qop_req, req_output_size, max_input_size)
1101ab9b2e15Sgtb void *ctx;
1102ab9b2e15Sgtb OM_uint32 *minor_status;
1103ab9b2e15Sgtb gss_ctx_id_t context_handle;
1104ab9b2e15Sgtb int conf_req_flag;
1105ab9b2e15Sgtb gss_qop_t qop_req;
1106ab9b2e15Sgtb OM_uint32 req_output_size;
1107ab9b2e15Sgtb OM_uint32 *max_input_size;
1108ab9b2e15Sgtb {
1109ab9b2e15Sgtb return(krb5_gss_wrap_size_limit(minor_status, context_handle,
1110ab9b2e15Sgtb conf_req_flag, qop_req,
1111ab9b2e15Sgtb req_output_size, max_input_size));
1112ab9b2e15Sgtb }
1113ab9b2e15Sgtb
1114ab9b2e15Sgtb #if 0
1115ab9b2e15Sgtb /* V2 interface */
1116ab9b2e15Sgtb static OM_uint32
1117ab9b2e15Sgtb k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name)
1118ab9b2e15Sgtb void *ctx;
1119ab9b2e15Sgtb OM_uint32 *minor_status;
1120ab9b2e15Sgtb const gss_name_t input_name;
1121ab9b2e15Sgtb const gss_OID mech_type;
1122ab9b2e15Sgtb gss_name_t *output_name;
1123ab9b2e15Sgtb {
1124ab9b2e15Sgtb return krb5_gss_canonicalize_name(minor_status, input_name,
1125ab9b2e15Sgtb mech_type, output_name);
1126ab9b2e15Sgtb }
1127ab9b2e15Sgtb #endif
1128ab9b2e15Sgtb
1129ab9b2e15Sgtb /* V2 interface */
1130ab9b2e15Sgtb static OM_uint32
k5glue_export_name(ctx,minor_status,input_name,exported_name)1131ab9b2e15Sgtb k5glue_export_name(ctx, minor_status, input_name, exported_name)
1132ab9b2e15Sgtb void *ctx;
1133ab9b2e15Sgtb OM_uint32 *minor_status;
1134ab9b2e15Sgtb const gss_name_t input_name;
1135ab9b2e15Sgtb gss_buffer_t exported_name;
1136ab9b2e15Sgtb {
1137ab9b2e15Sgtb return krb5_gss_export_name(minor_status, input_name, exported_name);
1138ab9b2e15Sgtb }
1139ab9b2e15Sgtb
1140ab9b2e15Sgtb /* SUNW15resync - this is not in the MIT mech (lib) yet */
1141ab9b2e15Sgtb static OM_uint32
k5glue_store_cred(ctx,minor_status,input_cred,cred_usage,desired_mech,overwrite_cred,default_cred,elements_stored,cred_usage_stored)1142ab9b2e15Sgtb k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech,
1143ab9b2e15Sgtb overwrite_cred, default_cred, elements_stored,
1144ab9b2e15Sgtb cred_usage_stored)
1145ab9b2e15Sgtb void *ctx;
1146ab9b2e15Sgtb OM_uint32 *minor_status;
1147ab9b2e15Sgtb const gss_cred_id_t input_cred;
1148ab9b2e15Sgtb gss_cred_usage_t cred_usage;
1149ab9b2e15Sgtb gss_OID desired_mech;
1150ab9b2e15Sgtb OM_uint32 overwrite_cred;
1151ab9b2e15Sgtb OM_uint32 default_cred;
1152ab9b2e15Sgtb gss_OID_set *elements_stored;
1153ab9b2e15Sgtb gss_cred_usage_t *cred_usage_stored;
1154ab9b2e15Sgtb {
1155ab9b2e15Sgtb return(krb5_gss_store_cred(minor_status, input_cred,
1156ab9b2e15Sgtb cred_usage, desired_mech,
1157ab9b2e15Sgtb overwrite_cred, default_cred, elements_stored,
1158ab9b2e15Sgtb cred_usage_stored));
1159ab9b2e15Sgtb }
1160ab9b2e15Sgtb
1161ab9b2e15Sgtb static OM_uint32
k5glue_userok(void * ctxt,OM_uint32 * minor,const gss_name_t pname,const char * user,int * user_ok)1162ab9b2e15Sgtb k5glue_userok(
1163ab9b2e15Sgtb void *ctxt, /* context */
1164ab9b2e15Sgtb OM_uint32 *minor, /* minor_status */
1165ab9b2e15Sgtb const gss_name_t pname, /* pname */
1166ab9b2e15Sgtb const char *user, /* local user */
1167ab9b2e15Sgtb int *user_ok /* user ok? */
1168ab9b2e15Sgtb /* */)
1169ab9b2e15Sgtb {
1170ab9b2e15Sgtb return(krb5_gss_userok(minor, pname, user, user_ok));
1171ab9b2e15Sgtb }
1172ab9b2e15Sgtb
1173ab9b2e15Sgtb static OM_uint32
k5glue_pname_to_uid(void * ctxt,OM_uint32 * minor,const gss_name_t pname,uid_t * uidOut)1174ab9b2e15Sgtb k5glue_pname_to_uid(
1175ab9b2e15Sgtb void *ctxt, /* context */
1176ab9b2e15Sgtb OM_uint32 *minor, /* minor_status */
1177ab9b2e15Sgtb const gss_name_t pname, /* pname */
1178ab9b2e15Sgtb uid_t *uidOut /* uid */
1179ab9b2e15Sgtb /* */)
1180ab9b2e15Sgtb {
1181ab9b2e15Sgtb return (krb5_pname_to_uid(minor, pname, uidOut));
1182ab9b2e15Sgtb }
1183ab9b2e15Sgtb
1184ab9b2e15Sgtb
1185ab9b2e15Sgtb
1186ab9b2e15Sgtb #if 0
1187ab9b2e15Sgtb /* V2 interface */
1188ab9b2e15Sgtb static OM_uint32
1189ab9b2e15Sgtb k5glue_duplicate_name(ctx, minor_status, input_name, dest_name)
1190ab9b2e15Sgtb void *ctx;
1191ab9b2e15Sgtb OM_uint32 *minor_status;
1192ab9b2e15Sgtb const gss_name_t input_name;
1193ab9b2e15Sgtb gss_name_t *dest_name;
1194ab9b2e15Sgtb {
1195ab9b2e15Sgtb return krb5_gss_duplicate_name(minor_status, input_name, dest_name);
1196ab9b2e15Sgtb }
1197ab9b2e15Sgtb #endif
1198ab9b2e15Sgtb
1199ab9b2e15Sgtb
1200ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV
gss_krb5_copy_ccache(OM_uint32 * minor_status,gss_cred_id_t cred_handle,krb5_ccache out_ccache)1201ab9b2e15Sgtb gss_krb5_copy_ccache(
1202ab9b2e15Sgtb OM_uint32 *minor_status,
1203ab9b2e15Sgtb gss_cred_id_t cred_handle,
1204ab9b2e15Sgtb krb5_ccache out_ccache)
1205ab9b2e15Sgtb {
1206ab9b2e15Sgtb gss_union_cred_t ucred;
1207ab9b2e15Sgtb gss_cred_id_t mcred;
1208ab9b2e15Sgtb
1209ab9b2e15Sgtb ucred = (gss_union_cred_t)cred_handle;
1210ab9b2e15Sgtb
1211ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1212ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL)
1213ab9b2e15Sgtb return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1214ab9b2e15Sgtb
1215ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1216ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL)
1217ab9b2e15Sgtb return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1218ab9b2e15Sgtb
1219ab9b2e15Sgtb return GSS_S_DEFECTIVE_CREDENTIAL;
1220ab9b2e15Sgtb }
1221ab9b2e15Sgtb
1222ab9b2e15Sgtb OM_uint32 KRB5_CALLCONV
gss_krb5_set_allowable_enctypes(OM_uint32 * minor_status,gss_cred_id_t cred,OM_uint32 num_ktypes,krb5_enctype * ktypes)1223ab9b2e15Sgtb gss_krb5_set_allowable_enctypes(
1224ab9b2e15Sgtb OM_uint32 *minor_status,
1225ab9b2e15Sgtb gss_cred_id_t cred,
1226ab9b2e15Sgtb OM_uint32 num_ktypes,
1227ab9b2e15Sgtb krb5_enctype *ktypes)
1228ab9b2e15Sgtb {
1229ab9b2e15Sgtb gss_union_cred_t ucred;
1230ab9b2e15Sgtb gss_cred_id_t mcred;
1231ab9b2e15Sgtb
1232ab9b2e15Sgtb ucred = (gss_union_cred_t)cred;
1233ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1234ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL)
1235ab9b2e15Sgtb return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1236ab9b2e15Sgtb num_ktypes, ktypes);
1237ab9b2e15Sgtb
1238ab9b2e15Sgtb mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1239ab9b2e15Sgtb if (mcred != GSS_C_NO_CREDENTIAL)
1240ab9b2e15Sgtb return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1241ab9b2e15Sgtb num_ktypes, ktypes);
1242ab9b2e15Sgtb
1243ab9b2e15Sgtb return GSS_S_DEFECTIVE_CREDENTIAL;
1244ab9b2e15Sgtb }
1245ab9b2e15Sgtb
1246ab9b2e15Sgtb /*
1247ab9b2e15Sgtb * Glue routine for returning the mechanism-specific credential from a
1248ab9b2e15Sgtb * external union credential.
1249ab9b2e15Sgtb */
1250ab9b2e15Sgtb /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't
1251ab9b2e15Sgtb want to link against libgss so we put it here since we need it in the mech */
1252ab9b2e15Sgtb gss_cred_id_t
gssint_get_mechanism_cred(union_cred,mech_type)1253ab9b2e15Sgtb gssint_get_mechanism_cred(union_cred, mech_type)
1254ab9b2e15Sgtb gss_union_cred_t union_cred;
1255ab9b2e15Sgtb gss_OID mech_type;
1256ab9b2e15Sgtb {
1257ab9b2e15Sgtb int i;
1258ab9b2e15Sgtb
1259ab9b2e15Sgtb if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL)
1260ab9b2e15Sgtb return GSS_C_NO_CREDENTIAL;
1261ab9b2e15Sgtb
1262ab9b2e15Sgtb for (i=0; i < union_cred->count; i++) {
1263ab9b2e15Sgtb if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
1264ab9b2e15Sgtb return union_cred->cred_array[i];
1265ab9b2e15Sgtb }
1266ab9b2e15Sgtb return GSS_C_NO_CREDENTIAL;
1267ab9b2e15Sgtb }
1268ab9b2e15Sgtb
1269ab9b2e15Sgtb
1270ab9b2e15Sgtb
1271ab9b2e15Sgtb /*
1272ab9b2e15Sgtb * entry point for the gss layer,
1273ab9b2e15Sgtb * called "krb5_gss_initialize()" in MIT 1.2.1
1274ab9b2e15Sgtb */
1275ab9b2e15Sgtb /* SUNW15resync - this used to be in k5mech.c */
1276ab9b2e15Sgtb gss_mechanism
gss_mech_initialize(oid)1277ab9b2e15Sgtb gss_mech_initialize(oid)
1278ab9b2e15Sgtb const gss_OID oid;
1279ab9b2e15Sgtb {
128072f0806aSShawn Emery /*
128172f0806aSShawn Emery * Solaris Kerberos: We also want to use the same functions for KRB5 as
128272f0806aSShawn Emery * we do for the MS KRB5 (krb5_mechanism_wrong). So both are valid.
128372f0806aSShawn Emery */
1284ab9b2e15Sgtb /* ensure that the requested oid matches our oid */
128572f0806aSShawn Emery if (oid == NULL || (!g_OID_equal(oid, &krb5_mechanism.mech_type) &&
128672f0806aSShawn Emery !g_OID_equal(oid, &krb5_mechanism_wrong.mech_type))) {
1287ab9b2e15Sgtb (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid");
1288ab9b2e15Sgtb return (NULL);
1289ab9b2e15Sgtb }
1290ab9b2e15Sgtb
1291ab9b2e15Sgtb #if 0 /* SUNW15resync - no longer needed(?) */
1292ab9b2e15Sgtb if (krb5_gss_get_context(&(krb5_mechanism.context)) !=
1293ab9b2e15Sgtb GSS_S_COMPLETE)
1294ab9b2e15Sgtb return (NULL);
1295ab9b2e15Sgtb #endif
1296ab9b2e15Sgtb
1297ab9b2e15Sgtb return (&krb5_mechanism);
1298ab9b2e15Sgtb }
1299ab9b2e15Sgtb
1300ba7b222eSGlenn Barry /*
1301ba7b222eSGlenn Barry * This API should go away and be replaced with an accessor
1302ba7b222eSGlenn Barry * into a gss_name_t.
1303ba7b222eSGlenn Barry */
1304ba7b222eSGlenn Barry OM_uint32 KRB5_CALLCONV
gsskrb5_extract_authz_data_from_sec_context(OM_uint32 * minor_status,gss_ctx_id_t context_handle,int ad_type,gss_buffer_t ad_data)1305ba7b222eSGlenn Barry gsskrb5_extract_authz_data_from_sec_context(
1306ba7b222eSGlenn Barry OM_uint32 *minor_status,
1307ba7b222eSGlenn Barry gss_ctx_id_t context_handle,
1308ba7b222eSGlenn Barry int ad_type,
1309ba7b222eSGlenn Barry gss_buffer_t ad_data)
1310ba7b222eSGlenn Barry {
1311ba7b222eSGlenn Barry gss_OID_desc req_oid;
1312ba7b222eSGlenn Barry unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6];
1313ba7b222eSGlenn Barry OM_uint32 major_status;
1314ba7b222eSGlenn Barry gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1315ba7b222eSGlenn Barry
1316ba7b222eSGlenn Barry if (ad_data == NULL)
1317ba7b222eSGlenn Barry return GSS_S_CALL_INACCESSIBLE_WRITE;
1318ba7b222eSGlenn Barry
1319ba7b222eSGlenn Barry req_oid.elements = oid_buf;
1320ba7b222eSGlenn Barry req_oid.length = sizeof(oid_buf);
1321ba7b222eSGlenn Barry
1322ba7b222eSGlenn Barry major_status = generic_gss_oid_compose(minor_status,
1323ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
1324ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
1325ba7b222eSGlenn Barry ad_type,
1326ba7b222eSGlenn Barry &req_oid);
1327ba7b222eSGlenn Barry if (GSS_ERROR(major_status))
1328ba7b222eSGlenn Barry return major_status;
1329ba7b222eSGlenn Barry
1330ba7b222eSGlenn Barry major_status = gss_inquire_sec_context_by_oid(minor_status,
1331ba7b222eSGlenn Barry context_handle,
1332ba7b222eSGlenn Barry (gss_OID)&req_oid,
1333ba7b222eSGlenn Barry &data_set);
1334ba7b222eSGlenn Barry if (major_status != GSS_S_COMPLETE) {
1335ba7b222eSGlenn Barry return major_status;
1336ba7b222eSGlenn Barry }
1337ba7b222eSGlenn Barry
1338ba7b222eSGlenn Barry /*
1339ba7b222eSGlenn Barry * SUNW17PACresync / Solaris Kerberos
134072f0806aSShawn Emery * MIT17 allows only count==1 which is correct for pre-Win2008 but
134172f0806aSShawn Emery * our testing with Win2008 shows count==2 and Win7 count==3.
1342ba7b222eSGlenn Barry */
134372f0806aSShawn Emery if ((data_set == GSS_C_NO_BUFFER_SET) || (data_set->count == 0)) {
1344ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set);
1345*5e01956fSGlenn Barry *minor_status = EINVAL;
1346ba7b222eSGlenn Barry return GSS_S_FAILURE;
1347ba7b222eSGlenn Barry }
1348ba7b222eSGlenn Barry
1349ba7b222eSGlenn Barry ad_data->length = data_set->elements[0].length;
1350ba7b222eSGlenn Barry ad_data->value = malloc(ad_data->length);
1351ba7b222eSGlenn Barry if (!ad_data->value) {
1352ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set);
1353ba7b222eSGlenn Barry return ENOMEM;
1354ba7b222eSGlenn Barry }
1355ba7b222eSGlenn Barry bcopy(data_set->elements[0].value, ad_data->value, ad_data->length);
1356ba7b222eSGlenn Barry
1357ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set);
1358ba7b222eSGlenn Barry
1359ba7b222eSGlenn Barry return GSS_S_COMPLETE;
1360ba7b222eSGlenn Barry }
1361ba7b222eSGlenn Barry
1362ba7b222eSGlenn Barry
1363ba7b222eSGlenn Barry OM_uint32 KRB5_CALLCONV
gsskrb5_extract_authtime_from_sec_context(OM_uint32 * minor_status,gss_ctx_id_t context_handle,krb5_timestamp * authtime)1364ba7b222eSGlenn Barry gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
1365ba7b222eSGlenn Barry gss_ctx_id_t context_handle,
1366ba7b222eSGlenn Barry krb5_timestamp *authtime)
1367ba7b222eSGlenn Barry {
1368ba7b222eSGlenn Barry static const gss_OID_desc req_oid = {
1369ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH,
1370ba7b222eSGlenn Barry GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID };
1371ba7b222eSGlenn Barry OM_uint32 major_status;
1372ba7b222eSGlenn Barry gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1373ba7b222eSGlenn Barry
1374ba7b222eSGlenn Barry if (authtime == NULL)
1375ba7b222eSGlenn Barry return GSS_S_CALL_INACCESSIBLE_WRITE;
1376ba7b222eSGlenn Barry
1377ba7b222eSGlenn Barry major_status = gss_inquire_sec_context_by_oid(minor_status,
1378ba7b222eSGlenn Barry context_handle,
1379ba7b222eSGlenn Barry (gss_OID)&req_oid,
1380ba7b222eSGlenn Barry &data_set);
1381ba7b222eSGlenn Barry if (major_status != GSS_S_COMPLETE)
1382ba7b222eSGlenn Barry return major_status;
1383ba7b222eSGlenn Barry
1384ba7b222eSGlenn Barry if (data_set == GSS_C_NO_BUFFER_SET ||
1385ba7b222eSGlenn Barry data_set->count != 1 ||
1386ba7b222eSGlenn Barry data_set->elements[0].length != sizeof(*authtime)) {
1387ba7b222eSGlenn Barry *minor_status = EINVAL;
1388ba7b222eSGlenn Barry return GSS_S_FAILURE;
1389ba7b222eSGlenn Barry }
1390ba7b222eSGlenn Barry
1391ba7b222eSGlenn Barry *authtime = *((krb5_timestamp *)data_set->elements[0].value);
1392ba7b222eSGlenn Barry
1393ba7b222eSGlenn Barry gss_release_buffer_set(minor_status, &data_set);
1394ba7b222eSGlenn Barry
1395ba7b222eSGlenn Barry *minor_status = 0;
1396ba7b222eSGlenn Barry
1397ba7b222eSGlenn Barry return GSS_S_COMPLETE;
1398ba7b222eSGlenn Barry }
1399