152 ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_t recv_tok,  in ssh_gssapi_accept_ctx()  argument
161 	ctx->major = gss_accept_sec_context(&ctx->minor, &ctx->context,  in ssh_gssapi_accept_ctx()
163 	    &ctx->src_name, &ctx->actual_mech, send_tok, &ctx->flags,  in ssh_gssapi_accept_ctx()
164 	    NULL, &ctx->deleg_creds);  in ssh_gssapi_accept_ctx()
166 	if (GSS_ERROR(ctx->major))  in ssh_gssapi_accept_ctx()
167 		ssh_gssapi_error(ctx, "accepting security context");  in ssh_gssapi_accept_ctx()
169 	if (ctx->major == GSS_S_CONTINUE_NEEDED && send_tok->length == 0)  in ssh_gssapi_accept_ctx()
172 	else if (GSS_ERROR(ctx->major) && send_tok->length == 0)  in ssh_gssapi_accept_ctx()
175 	if (ctx->major == GSS_S_COMPLETE &&  in ssh_gssapi_accept_ctx()
176 	    ctx->desired_mech != GSS_C_NULL_OID &&  in ssh_gssapi_accept_ctx()
177 	    (ctx->desired_mech->length != ctx->actual_mech->length ||  in ssh_gssapi_accept_ctx()
178 	    memcmp(ctx->desired_mech->elements, ctx->actual_mech->elements,  in ssh_gssapi_accept_ctx()
179 	    ctx->desired_mech->length) != 0)) {  in ssh_gssapi_accept_ctx()
191 			(void) gss_test_oid_set_member(&min, ctx->actual_mech,  in ssh_gssapi_accept_ctx()
195 			ctx->major = GSS_S_BAD_MECH;  in ssh_gssapi_accept_ctx()
198 	if (ctx->deleg_creds)  in ssh_gssapi_accept_ctx()
201 	if (ctx->major == GSS_S_COMPLETE) {  in ssh_gssapi_accept_ctx()
202 		ctx->major = gss_inquire_context(&ctx->minor, ctx->context,  in ssh_gssapi_accept_ctx()
203 		    NULL, &ctx->dst_name, NULL, NULL, NULL, NULL,  in ssh_gssapi_accept_ctx()
204 		    &ctx->established);  in ssh_gssapi_accept_ctx()
206 		if (GSS_ERROR(ctx->major)) {  in ssh_gssapi_accept_ctx()
207 			ssh_gssapi_error(ctx,  in ssh_gssapi_accept_ctx()
209 			return (ctx->major);  in ssh_gssapi_accept_ctx()
212 		xxx_gssctxt = ctx;  in ssh_gssapi_accept_ctx()
215 	return (ctx->major);  in ssh_gssapi_accept_ctx()
221 ssh_gssapi_cleanup_creds(Gssctxt *ctx)  in ssh_gssapi_cleanup_creds()  argument
233 ssh_gssapi_storecreds(Gssctxt *ctx, Authctxt *authctxt)  in ssh_gssapi_storecreds()  argument
244 	if (ctx == NULL && xxx_gssctxt == NULL)  in ssh_gssapi_storecreds()
247 	if (ctx == NULL)  in ssh_gssapi_storecreds()
248 		ctx = xxx_gssctxt;  in ssh_gssapi_storecreds()
251 	    ctx->deleg_creds == GSS_C_NO_CREDENTIAL) {  in ssh_gssapi_storecreds()
298 		ctx->major = gss_store_cred(&ctx->minor, ctx->deleg_creds,  in ssh_gssapi_storecreds()
299 		    GSS_C_INITIATE, GSS_C_NULL_OID, 0, ctx->default_creds,  in ssh_gssapi_storecreds()
304 		ctx->major = gss_store_cred(&ctx->minor, ctx->deleg_creds,  in ssh_gssapi_storecreds()
305 		    GSS_C_INITIATE, GSS_C_NULL_OID, 0, ctx->default_creds,  in ssh_gssapi_storecreds()
312 	if (GSS_ERROR(ctx->major))  in ssh_gssapi_storecreds()
313 		ssh_gssapi_error(ctx, "storing delegated credentials");  in ssh_gssapi_storecreds()
318 	if (ssh_gssapi_is_krb5(ctx->mech))  in ssh_gssapi_storecreds()
319 		ssh_gssapi_krb5_storecreds(ctx);  in ssh_gssapi_storecreds()
323 	if (ssh_gssapi_is_gsi(ctx->mech))  in ssh_gssapi_storecreds()
324 		ssh_gssapi_krb5_storecreds(ctx);  in ssh_gssapi_storecreds()
332 ssh_gssapi_do_child(Gssctxt *ctx, char ***envp, uint_t *envsizep)  in ssh_gssapi_do_child()  argument
351 ssh_gssapi_userok(Gssctxt *ctx, char *user)  in ssh_gssapi_userok()  argument
353 	if (ctx == NULL) {  in ssh_gssapi_userok()
365 		ctx->major = __gss_userok(&ctx->minor, ctx->src_name, user,  in ssh_gssapi_userok()
367 		if (GSS_ERROR(ctx->major)) {  in ssh_gssapi_userok()
388 		ctx->major = gss_import_name(&ctx->minor, &buf,  in ssh_gssapi_userok()
390 		if (GSS_ERROR(ctx->major)) {  in ssh_gssapi_userok()
391 			ssh_gssapi_error(ctx,  in ssh_gssapi_userok()
396 		ctx->major = gss_canonicalize_name(&ctx->minor, iname,  in ssh_gssapi_userok()
397 		    ctx->actual_mech, &cname);  in ssh_gssapi_userok()
399 		if (GSS_ERROR(ctx->major)) {  in ssh_gssapi_userok()
400 			ssh_gssapi_error(ctx, "canonicalizing name");  in ssh_gssapi_userok()
404 		ctx->major = gss_export_name(&ctx->minor, cname, &ename1);  in ssh_gssapi_userok()
406 		if (GSS_ERROR(ctx->major)) {  in ssh_gssapi_userok()
407 			ssh_gssapi_error(ctx, "exporting name");  in ssh_gssapi_userok()
411 		ctx->major = gss_export_name(&ctx->minor, ctx->src_name,  in ssh_gssapi_userok()
413 		if (GSS_ERROR(ctx->major)) {  in ssh_gssapi_userok()
414 			ssh_gssapi_error(ctx,  in ssh_gssapi_userok()
439 		maj = gsscred_name_to_unix_cred(ctx->src_name,  in ssh_gssapi_userok()
440 		    ctx->actual_mech, &uid, NULL, NULL, NULL);  in ssh_gssapi_userok()
456 	if (ssh_gssapi_is_krb5(ctx->mech))  in ssh_gssapi_userok()
457 		if (ssh_gssapi_krb5_userok(ctx->src_name, user))  in ssh_gssapi_userok()
461 	if (ssh_gssapi_is_gsi(ctx->mech))  in ssh_gssapi_userok()
462 		if (ssh_gssapi_gsi_userok(ctx->src_name, user))  in ssh_gssapi_userok()
472 ssh_gssapi_localname(Gssctxt *ctx)  in ssh_gssapi_localname()  argument
474 	if (ctx == NULL) {  in ssh_gssapi_localname()
487 		if (ctx->src_name == GSS_C_NO_NAME)  in ssh_gssapi_localname()
490 		maj = gsscred_name_to_unix_cred(ctx->src_name,  in ssh_gssapi_localname()
491 		    ctx->actual_mech, &uid, NULL, NULL, NULL);  in ssh_gssapi_localname()
506 	if (ssh_gssapi_is_krb5(ctx->mech))  in ssh_gssapi_localname()
507 		return (ssh_gssapi_krb5_localname(ctx->src_name));  in ssh_gssapi_localname()
511 	if (ssh_gssapi_is_gsi(ctx->mech))  in ssh_gssapi_localname()
512 		return (ssh_gssapi_gsi_localname(ctx->src_name));  in ssh_gssapi_localname()