128 	struct rpc_gss_data	*gd;  in rpc_gss_seccreate()  local
170 	gd = mem_alloc(sizeof(*gd));  in rpc_gss_seccreate()
171 	if (gd == NULL) {  in rpc_gss_seccreate()
179 	auth->ah_private = (caddr_t) gd;  in rpc_gss_seccreate()
185 	    GSS_C_NT_HOSTBASED_SERVICE, &gd->gd_name);  in rpc_gss_seccreate()
193 		gd->gd_options = *options_req;  in rpc_gss_seccreate()
195 		gd->gd_options.req_flags = GSS_C_MUTUAL_FLAG;  in rpc_gss_seccreate()
196 		gd->gd_options.time_req = 0;  in rpc_gss_seccreate()
197 		gd->gd_options.my_cred = GSS_C_NO_CREDENTIAL;  in rpc_gss_seccreate()
198 		gd->gd_options.input_channel_bindings = NULL;  in rpc_gss_seccreate()
200 	gd->gd_clnt = clnt;  in rpc_gss_seccreate()
201 	gd->gd_ctx = GSS_C_NO_CONTEXT;  in rpc_gss_seccreate()
202 	gd->gd_mech = oid;  in rpc_gss_seccreate()
203 	gd->gd_qop = qop_num;  in rpc_gss_seccreate()
205 	gd->gd_cred.gc_version = RPCSEC_GSS_VERSION;  in rpc_gss_seccreate()
206 	gd->gd_cred.gc_proc = RPCSEC_GSS_INIT;  in rpc_gss_seccreate()
207 	gd->gd_cred.gc_seq = 0;  in rpc_gss_seccreate()
208 	gd->gd_cred.gc_svc = service;  in rpc_gss_seccreate()
230 	struct rpc_gss_data	*gd;  in rpc_gss_set_defaults()  local
234 	gd = AUTH_PRIVATE(auth);  in rpc_gss_set_defaults()
235 	if (!rpc_gss_oid_to_mech(gd->gd_mech, &mechanism)) {  in rpc_gss_set_defaults()
247 	gd->gd_cred.gc_svc = service;  in rpc_gss_set_defaults()
248 	gd->gd_qop = qop_num;  in rpc_gss_set_defaults()
270 	struct rpc_gss_data	*gd;  in rpc_gss_validate()  local
278 	gd = AUTH_PRIVATE(auth);  in rpc_gss_validate()
280 	if (gd->gd_state == RPCSEC_GSS_CONTEXT) {  in rpc_gss_validate()
286 		if (gd->gd_verf.value)  in rpc_gss_validate()
288 			    (char *) &gd->gd_verf);  in rpc_gss_validate()
289 		gd->gd_verf.value = mem_alloc(verf->oa_length);  in rpc_gss_validate()
290 		if (gd->gd_verf.value == NULL) {  in rpc_gss_validate()
295 		memcpy(gd->gd_verf.value, verf->oa_base, verf->oa_length);  in rpc_gss_validate()
296 		gd->gd_verf.length = verf->oa_length;  in rpc_gss_validate()
300 	num = htonl(gd->gd_cred.gc_seq);  in rpc_gss_validate()
307 	maj_stat = gss_verify_mic(&min_stat, gd->gd_ctx, &signbuf,  in rpc_gss_validate()
309 	if (maj_stat != GSS_S_COMPLETE || qop_state != gd->gd_qop) {  in rpc_gss_validate()
310 		log_status("gss_verify_mic", gd->gd_mech, maj_stat, min_stat);  in rpc_gss_validate()
323 	struct rpc_gss_data	*gd;  in rpc_gss_init()  local
331 	gd = AUTH_PRIVATE(auth);  in rpc_gss_init()
333 	if (gd->gd_state != RPCSEC_GSS_START)  in rpc_gss_init()
337 	gd->gd_state = RPCSEC_GSS_CONTEXT;  in rpc_gss_init()
338 	gd->gd_cred.gc_proc = RPCSEC_GSS_INIT;  in rpc_gss_init()
339 	gd->gd_cred.gc_seq = 0;  in rpc_gss_init()
347 		    gd->gd_options.my_cred,  in rpc_gss_init()
348 		    &gd->gd_ctx,  in rpc_gss_init()
349 		    gd->gd_name,  in rpc_gss_init()
350 		    gd->gd_mech,  in rpc_gss_init()
351 		    gd->gd_options.req_flags,  in rpc_gss_init()
352 		    gd->gd_options.time_req,  in rpc_gss_init()
353 		    gd->gd_options.input_channel_bindings,  in rpc_gss_init()
355 		    &gd->gd_mech,	/* used mech */  in rpc_gss_init()
372 			log_status("gss_init_sec_context", gd->gd_mech,  in rpc_gss_init()
381 			call_stat = clnt_call(gd->gd_clnt, NULLPROC,  in rpc_gss_init()
394 				log_status("server reply", gd->gd_mech,  in rpc_gss_init()
408 				    (char *) &gd->gd_cred.gc_handle);  in rpc_gss_init()
409 				gd->gd_cred.gc_handle = gr.gr_handle;  in rpc_gss_init()
425 			gd->gd_cred.gc_proc = RPCSEC_GSS_CONTINUE_INIT;  in rpc_gss_init()
440 			maj_stat = gss_verify_mic(&min_stat, gd->gd_ctx,  in rpc_gss_init()
441 			    &bufin, &gd->gd_verf, &qop_state);  in rpc_gss_init()
444 			    qop_state != gd->gd_qop) {  in rpc_gss_init()
445 				log_status("gss_verify_mic", gd->gd_mech,  in rpc_gss_init()
459 			options_ret->rpcsec_version = gd->gd_cred.gc_version;  in rpc_gss_init()
460 			options_ret->gss_context = gd->gd_ctx;  in rpc_gss_init()
461 			if (rpc_gss_oid_to_mech(gd->gd_mech, &mech)) {  in rpc_gss_init()
467 			gd->gd_state = RPCSEC_GSS_ESTABLISHED;  in rpc_gss_init()
468 			gd->gd_cred.gc_proc = RPCSEC_GSS_DATA;  in rpc_gss_init()
469 			gd->gd_cred.gc_seq = 0;  in rpc_gss_init()
470 			gd->gd_win = gr.gr_win;  in rpc_gss_init()
475 	    (char *) &gd->gd_verf);  in rpc_gss_init()
478 	if (gd->gd_cred.gc_proc != RPCSEC_GSS_DATA) {  in rpc_gss_init()
513 	struct rpc_gss_data	*gd;  in rpc_gss_destroy_context()  local
518 	gd = AUTH_PRIVATE(auth);  in rpc_gss_destroy_context()
520 	if (gd->gd_state == RPCSEC_GSS_ESTABLISHED && send_destroy) {  in rpc_gss_destroy_context()
521 		gd->gd_cred.gc_proc = RPCSEC_GSS_DESTROY;  in rpc_gss_destroy_context()
522 		clnt_call(gd->gd_clnt, NULLPROC,  in rpc_gss_destroy_context()
532 	    (char *) &gd->gd_cred.gc_handle);  in rpc_gss_destroy_context()
533 	gd->gd_cred.gc_handle.length = 0;  in rpc_gss_destroy_context()
535 	if (gd->gd_ctx != GSS_C_NO_CONTEXT)  in rpc_gss_destroy_context()
536 		gss_delete_sec_context(&min_stat, &gd->gd_ctx, NULL);  in rpc_gss_destroy_context()
538 	gd->gd_state = RPCSEC_GSS_START;  in rpc_gss_destroy_context()
544 	struct rpc_gss_data	*gd;  in rpc_gss_destroy()  local
549 	gd = AUTH_PRIVATE(auth);  in rpc_gss_destroy()
553 	if (gd->gd_name != GSS_C_NO_NAME)  in rpc_gss_destroy()
554 		gss_release_name(&min_stat, &gd->gd_name);  in rpc_gss_destroy()
555 	if (gd->gd_verf.value)  in rpc_gss_destroy()
557 		    (char *) &gd->gd_verf);  in rpc_gss_destroy()
559 	mem_free(gd, sizeof(*gd));  in rpc_gss_destroy()
571 	struct rpc_gss_data	*gd;  in __rpc_gss_wrap()  local
578 	gd = AUTH_PRIVATE(auth);  in __rpc_gss_wrap()
580 	if (gd->gd_state == RPCSEC_GSS_ESTABLISHED)  in __rpc_gss_wrap()
581 		gd->gd_cred.gc_seq++;  in __rpc_gss_wrap()
589 	if (!xdr_rpc_gss_cred(&tmpxdrs, &gd->gd_cred)) {  in __rpc_gss_wrap()
614 	if (gd->gd_cred.gc_proc == RPCSEC_GSS_INIT ||  in __rpc_gss_wrap()
615 	    gd->gd_cred.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {  in __rpc_gss_wrap()
628 		maj_stat = gss_get_mic(&min_stat, gd->gd_ctx, gd->gd_qop,  in __rpc_gss_wrap()
632 			log_status("gss_get_mic", gd->gd_mech,  in __rpc_gss_wrap()
653 	if (gd->gd_state != RPCSEC_GSS_ESTABLISHED ||  in __rpc_gss_wrap()
654 	    gd->gd_cred.gc_svc == rpc_gss_svc_none) {  in __rpc_gss_wrap()
658 		gd->gd_ctx, gd->gd_qop, gd->gd_cred.gc_svc,  in __rpc_gss_wrap()
659 		gd->gd_cred.gc_seq));  in __rpc_gss_wrap()
665 	struct rpc_gss_data	*gd;  in __rpc_gss_unwrap()  local
669 	gd = AUTH_PRIVATE(auth);  in __rpc_gss_unwrap()
671 	if (gd->gd_state != RPCSEC_GSS_ESTABLISHED ||  in __rpc_gss_unwrap()
672 	    gd->gd_cred.gc_svc == rpc_gss_svc_none) {  in __rpc_gss_unwrap()
676 		gd->gd_ctx, gd->gd_qop, gd->gd_cred.gc_svc,  in __rpc_gss_unwrap()
677 		gd->gd_cred.gc_seq));  in __rpc_gss_unwrap()
683 	struct rpc_gss_data	*gd;  in rpc_gss_max_data_length()  local
689 	gd = AUTH_PRIVATE(auth);  in rpc_gss_max_data_length()
691 	switch (gd->gd_cred.gc_svc) {  in rpc_gss_max_data_length()
709 	maj_stat = gss_wrap_size_limit(&min_stat, gd->gd_ctx, want_conf,  in rpc_gss_max_data_length()
710 	    gd->gd_qop, max_tp_unit_len, &max);  in rpc_gss_max_data_length()
718 		log_status("gss_wrap_size_limit", gd->gd_mech,  in rpc_gss_max_data_length()