/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* * This header contains the private mechglue definitions. * */ #ifndef _GSS_MECHGLUEP_H #define _GSS_MECHGLUEP_H #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */ #include "autoconf.h" #endif /* SUNW15resync */ #ifndef GSS_DLLIMP #define GSS_DLLIMP #endif #include /* SUNW15resync - mechglue.h in mit 1.5 */ /* #include "gssapiP_generic.h" */ #ifdef _KERNEL #include #endif #ifndef g_OID_copy /* SUNW15resync */ #define g_OID_copy(o1, o2) \ do { \ memcpy((o1)->elements, (o2)->elements, (o2)->length); \ (o1)->length = (o2)->length; \ } while (0) #endif #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ (buf)->value == NULL || (buf)->length == 0) /* * Array of context IDs typed by mechanism OID */ typedef struct gss_union_ctx_id_t { gss_OID mech_type; gss_ctx_id_t internal_ctx_id; } gss_union_ctx_id_desc, *gss_union_ctx_id_t; /* * Generic GSSAPI names. A name can either be a generic name, or a * mechanism specific name.... */ typedef struct gss_name_struct { struct gss_name_struct *loopback; gss_OID name_type; gss_buffer_t external_name; /* * These last two fields are only filled in for mechanism * names. */ gss_OID mech_type; gss_name_t mech_name; } gss_union_name_desc, *gss_union_name_t; /* * Structure for holding list of mechanism-specific name types */ typedef struct gss_mech_spec_name_t { gss_OID name_type; gss_OID mech; struct gss_mech_spec_name_t *next, *prev; } gss_mech_spec_name_desc, *gss_mech_spec_name; /* * Credential auxiliary info, used in the credential structure */ typedef struct gss_union_cred_auxinfo { gss_buffer_desc name; gss_OID name_type; OM_uint32 creation_time; OM_uint32 time_rec; int cred_usage; } gss_union_cred_auxinfo; /* * Set of Credentials typed on mechanism OID */ typedef struct gss_union_cred_t { int count; gss_OID mechs_array; gss_cred_id_t *cred_array; gss_union_cred_auxinfo auxinfo; } gss_union_cred_desc, *gss_union_cred_t; /* Solaris Kerberos */ typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_name_t, /* desired_name */ const gss_buffer_t, /* password */ OM_uint32, /* time_req */ const gss_OID_set, /* desired_mechs */ int, /* cred_usage */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 * /* time_rec */ /* */); /********************************************************/ /* The Mechanism Dispatch Table -- a mechanism needs to */ /* define one of these and provide a function to return */ /* it to initialize the GSSAPI library */ /* * This is the definition of the mechs_array struct, which is used to * define the mechs array table. This table is used to indirectly * access mechanism specific versions of the gssapi routines through * the routines in the glue module (gssd_mech_glue.c) * * This contants all of the functions defined in gssapi.h except for * gss_release_buffer() and gss_release_oid_set(), which I am * assuming, for now, to be equal across mechanisms. */ typedef struct gss_config { #if 0 /* Solaris Kerberos */ OM_uint32 priority; char * mechNameStr; #endif gss_OID_desc mech_type; void * context; #ifdef _KERNEL struct gss_config *next; bool_t uses_kmod; #endif #ifndef _KERNEL OM_uint32 (*gss_acquire_cred) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_name_t, /* desired_name */ OM_uint32, /* time_req */ const gss_OID_set, /* desired_mechs */ int, /* cred_usage */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 * /* time_rec */ /* */); OM_uint32 (*gss_release_cred) ( void *, /* context */ OM_uint32 *, /* minor_status */ gss_cred_id_t * /* cred_handle */ /* */); OM_uint32 (*gss_init_sec_context) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t *, /* context_handle */ const gss_name_t, /* target_name */ const gss_OID, /* mech_type */ OM_uint32, /* req_flags */ OM_uint32, /* time_req */ const gss_channel_bindings_t, /* input_chan_bindings */ const gss_buffer_t, /* input_token */ gss_OID*, /* actual_mech_type */ gss_buffer_t, /* output_token */ OM_uint32 *, /* ret_flags */ OM_uint32 * /* time_rec */ /* */); OM_uint32 (*gss_accept_sec_context) ( void *, /* context */ OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ const gss_cred_id_t, /* verifier_cred_handle */ const gss_buffer_t, /* input_token_buffer */ const gss_channel_bindings_t, /* input_chan_bindings */ gss_name_t *, /* src_name */ gss_OID*, /* mech_type */ gss_buffer_t, /* output_token */ OM_uint32 *, /* ret_flags */ OM_uint32 *, /* time_rec */ gss_cred_id_t * /* delegated_cred_handle */ /* */); /* EXPORT DELETE START */ /* CRYPT DELETE START */ #endif /* ! _KERNEL */ /* * Note: there are two gss_unseal's in here. Make any changes to both. */ OM_uint32 (*gss_unseal) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ const gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int *, /* conf_state */ int * /* qop_state */ #ifdef _KERNEL /* */, OM_uint32 #endif /* */); #ifndef _KERNEL /* EXPORT DELETE END */ /* CRYPT DELETE END */ OM_uint32 (*gss_process_context_token) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ const gss_buffer_t /* token_buffer */ /* */); #endif /* ! _KERNEL */ OM_uint32 (*gss_delete_sec_context) ( void *, /* context */ OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t /* output_token */ #ifdef _KERNEL /* */, OM_uint32 #endif /* */); #ifndef _KERNEL OM_uint32 (*gss_context_time) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ OM_uint32 * /* time_rec */ /* */); OM_uint32 (*gss_display_status) ( void *, /* context */ OM_uint32 *, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ const gss_OID, /* mech_type */ OM_uint32 *, /* message_context */ gss_buffer_t /* status_string */ /* */); OM_uint32 (*gss_indicate_mechs) ( void *, /* context */ OM_uint32 *, /* minor_status */ gss_OID_set * /* mech_set */ /* */); OM_uint32 (*gss_compare_name) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_name_t, /* name1 */ const gss_name_t, /* name2 */ int * /* name_equal */ /* */); OM_uint32 (*gss_display_name) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID* /* output_name_type */ /* */); OM_uint32 (*gss_import_name) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_buffer_t, /* input_name_buffer */ const gss_OID, /* input_name_type */ gss_name_t * /* output_name */ /* */); OM_uint32 (*gss_release_name) ( void *, /* context */ OM_uint32 *, /* minor_status */ gss_name_t * /* input_name */ /* */); OM_uint32 (*gss_inquire_cred) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* cred_handle */ gss_name_t *, /* name */ OM_uint32 *, /* lifetime */ int *, /* cred_usage */ gss_OID_set * /* mechanisms */ /* */); OM_uint32 (*gss_add_cred) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* input_cred_handle */ const gss_name_t, /* desired_name */ const gss_OID, /* desired_mech */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 *, /* initiator_time_rec */ OM_uint32 * /* acceptor_time_rec */ /* */); /* EXPORT DELETE START */ /* CRYPT DELETE START */ #endif /* ! _KERNEL */ /* * Note: there are two gss_seal's in here. Make any changes to both. */ OM_uint32 (*gss_seal) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ int, /* qop_req */ const gss_buffer_t, /* input_message_buffer */ int *, /* conf_state */ gss_buffer_t /* output_message_buffer */ #ifdef _KERNEL /* */, OM_uint32 #endif /* */); #ifndef _KERNEL /* EXPORT DELETE END */ /* CRYPT DELETE END */ OM_uint32 (*gss_export_sec_context) ( void *, /* context */ OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t /* interprocess_token */ /* */); #endif /* ! _KERNEL */ OM_uint32 (*gss_import_sec_context) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ /* */); #ifndef _KERNEL OM_uint32 (*gss_inquire_cred_by_mech) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* cred_handle */ const gss_OID, /* mech_type */ gss_name_t *, /* name */ OM_uint32 *, /* initiator_lifetime */ OM_uint32 *, /* acceptor_lifetime */ gss_cred_usage_t * /* cred_usage */ /* */); OM_uint32 (*gss_inquire_names_for_mech) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_OID, /* mechanism */ gss_OID_set * /* name_types */ /* */); OM_uint32 (*gss_inquire_context) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ gss_name_t *, /* src_name */ gss_name_t *, /* targ_name */ OM_uint32 *, /* lifetime_rec */ gss_OID *, /* mech_type */ OM_uint32 *, /* ctx_flags */ int *, /* locally_initiated */ int * /* open */ /* */); OM_uint32 (*gss_internal_release_oid) ( void *, /* context */ OM_uint32 *, /* minor_status */ gss_OID * /* OID */ /* */); OM_uint32 (*gss_wrap_size_limit) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ OM_uint32, /* req_output_size */ OM_uint32 * /* max_input_size */ /* */); OM_uint32 (*pname_to_uid) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_name_t, /* pname */ uid_t * /* uid */ /* */); OM_uint32 (*__gss_userok) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_name_t, /* pname */ const char *, /* local user */ int * /* user ok? */ /* */); OM_uint32 (*gss_export_name) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_buffer_t /* exported_name */ /* */); #endif /* ! _KERNEL */ /* EXPORT DELETE START */ /* CRYPT DELETE START */ /* * This block comment is Sun Proprietary: Need-To-Know. * What we are doing is leaving the seal and unseal entry points * in an obvious place before sign and unsign for the Domestic customer * of the Solaris Source Product. The Domestic customer of the Solaris Source * Product will have to deal with the problem of creating exportable libgss * binaries. * In the binary product that Sun builds, these entry points are elsewhere, * and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC * targets delete them. */ #if 0 /* CRYPT DELETE END */ OM_uint32 (*gss_seal) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ int, /* qop_req */ const gss_buffer_t, /* input_message_buffer */ int *, /* conf_state */ gss_buffer_t /* output_message_buffer */ #ifdef _KERNEL /* */, OM_uint32 #endif /* */); OM_uint32 (*gss_unseal) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ const gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int *, /* conf_state */ int * /* qop_state */ #ifdef _KERNEL /* */, OM_uint32 #endif /* */); /* CRYPT DELETE START */ #endif /* 0 */ /* CRYPT DELETE END */ /* EXPORT DELETE END */ OM_uint32 (*gss_sign) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ int, /* qop_req */ const gss_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ #ifdef _KERNEL /* */, OM_uint32 #endif /* */); OM_uint32 (*gss_verify) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ const gss_buffer_t, /* message_buffer */ const gss_buffer_t, /* token_buffer */ int * /* qop_state */ #ifdef _KERNEL /* */, OM_uint32 #endif /* */); #ifndef _KERNEL OM_uint32 (*gss_store_cred) ( void *, /* context */ OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* input_cred */ gss_cred_usage_t, /* cred_usage */ const gss_OID, /* desired_mech */ OM_uint32, /* overwrite_cred */ OM_uint32, /* default_cred */ gss_OID_set *, /* elements_stored */ gss_cred_usage_t * /* cred_usage_stored */ /* */); /* GGF extensions */ OM_uint32 (*gss_inquire_sec_context_by_oid) ( OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ const gss_OID, /* OID */ gss_buffer_set_t * /* data_set */ /* */); #endif } *gss_mechanism; #ifndef _KERNEL /* This structure MUST NOT be used by any code outside libgss */ typedef struct gss_config_ext { gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password; } *gss_mechanism_ext; #endif /* _KERNEL */ /* * In the user space we use a wrapper structure to encompass the * mechanism entry points. The wrapper contain the mechanism * entry points and other data which is only relevant to the gss-api * layer. In the kernel we use only the gss_config strucutre because * the kernal does not cantain any of the extra gss-api specific data. */ typedef struct gss_mech_config { char *kmodName; /* kernel module name */ char *uLibName; /* user library name */ char *mechNameStr; /* mechanism string name */ char *optionStr; /* optional mech parameters */ void *dl_handle; /* RTLD object handle for the mech */ gss_OID mech_type; /* mechanism oid */ gss_mechanism mech; /* mechanism initialization struct */ #ifndef _KERNEL gss_mechanism_ext mech_ext; /* Solaris extensions */ #endif /* _KERNEL */ struct gss_mech_config *next; /* next element in the list */ } *gss_mech_info; /********************************************************/ /* Internal mechglue routines */ /* SUNW15resync - Solaris versions - replace w/mit ones? */ gss_mechanism __gss_get_mechanism(const gss_OID); #ifndef _KERNEL gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID); #endif /* _KERNEL */ char *__gss_get_kmodName(const gss_OID); char *__gss_get_modOptions(const gss_OID); OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID, gss_union_name_t, gss_name_t *); OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID, const gss_name_t, gss_buffer_t); OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID, const gss_name_t, gss_buffer_t, gss_OID *); OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID, gss_name_t *); OM_uint32 __gss_convert_name_to_union_name( OM_uint32 *, /* minor_status */ gss_mechanism, /* mech */ gss_name_t, /* internal_name */ gss_name_t * /* external_name */ ); gss_cred_id_t __gss_get_mechanism_cred( const gss_union_cred_t, /* union_cred */ const gss_OID /* mech_type */ ); int gssint_mechglue_init(void); void gssint_mechglue_fini(void); gss_mechanism gssint_get_mechanism (gss_OID); OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t); char *gssint_get_kmodName(const gss_OID); char *gssint_get_modOptions(const gss_OID); OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t, gss_name_t *); OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID, const gss_name_t, gss_buffer_t); OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t, gss_buffer_t, gss_OID *); OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *); OM_uint32 gssint_convert_name_to_union_name (OM_uint32 *, /* minor_status */ gss_mechanism, /* mech */ gss_name_t, /* internal_name */ gss_name_t * /* external_name */ ); gss_cred_id_t gssint_get_mechanism_cred (gss_union_cred_t, /* union_cred */ gss_OID /* mech_type */ ); OM_uint32 gssint_create_copy_buffer( const gss_buffer_t, /* src buffer */ gss_buffer_t *, /* destination buffer */ int /* NULL terminate buffer ? */ ); OM_uint32 gssint_copy_oid_set( OM_uint32 *, /* minor_status */ const gss_OID_set_desc *, /* oid set */ gss_OID_set * /* new oid set */ ); /* SUNW15resync - for old Solaris version in libgss */ OM_uint32 gss_copy_oid_set( OM_uint32 *, /* minor_status */ const gss_OID_set_desc *, /* oid set */ gss_OID_set * /* new oid set */ ); gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */ OM_uint32 gss_add_mech_name_type (OM_uint32 *, /* minor_status */ gss_OID, /* name_type */ gss_OID /* mech */ ); /* * Sun extensions to GSS-API v2 */ OM_uint32 gssint_mech_to_oid( const char *mech, /* mechanism string name */ gss_OID *oid /* mechanism oid */ ); const char * gssint_oid_to_mech( const gss_OID oid /* mechanism oid */ ); OM_uint32 gssint_get_mechanisms( char *mechArray[], /* array to populate with mechs */ int arrayLen /* length of passed in array */ ); OM_uint32 gss_store_cred( OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* input_cred_handle */ gss_cred_usage_t, /* cred_usage */ const gss_OID, /* desired_mech */ OM_uint32, /* overwrite_cred */ OM_uint32, /* default_cred */ gss_OID_set *, /* elements_stored */ gss_cred_usage_t * /* cred_usage_stored */ ); int gssint_get_der_length( unsigned char **, /* buf */ unsigned int, /* buf_len */ unsigned int * /* bytes */ ); unsigned int gssint_der_length_size(unsigned int /* len */); int gssint_put_der_length( unsigned int, /* length */ unsigned char **, /* buf */ unsigned int /* max_len */ ); /* Solaris kernel and gssd support */ /* * derived types for passing context and credential handles * between gssd and kernel */ typedef unsigned int gssd_ctx_id_t; typedef unsigned int gssd_cred_id_t; #ifdef _KERNEL #ifndef _KRB5_H /* These macros are defined for Kerberos in krb5.h, and have priority */ #define MALLOC(n) kmem_alloc((n), KM_SLEEP) #define FREE(x, n) kmem_free((x), (n)) #endif /* _KRB5_H */ gss_mechanism __kgss_get_mechanism(gss_OID); void __kgss_add_mechanism(gss_mechanism); #endif /* _KERNEL */ struct kgss_cred { gssd_cred_id_t gssd_cred; OM_uint32 gssd_cred_verifier; }; #define KCRED_TO_KGSS_CRED(cred) ((struct kgss_cred *)(cred)) #define KCRED_TO_CRED(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred) #define KCRED_TO_CREDV(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier) struct kgss_ctx { gssd_ctx_id_t gssd_ctx; #ifdef _KERNEL gss_ctx_id_t gssd_i_ctx; bool_t ctx_imported; gss_mechanism mech; #endif /* _KERNEL */ OM_uint32 gssd_ctx_verifier; }; #define KCTX_TO_KGSS_CTX(ctx) ((struct kgss_ctx *)(ctx)) #define KCTX_TO_CTX_IMPORTED(ctx) (KCTX_TO_KGSS_CTX(ctx)->ctx_imported) #define KCTX_TO_GSSD_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) #define KCTX_TO_CTXV(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier) #define KCTX_TO_MECH(ctx) (KCTX_TO_KGSS_CTX(ctx)->mech) #define KCTX_TO_PRIVATE(ctx) (KCTX_TO_MECH(ctx)->context) #define KGSS_CTX_TO_GSSD_CTX(ctx) \ (((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \ KCTX_TO_GSSD_CTX(ctx)) #define KGSS_CTX_TO_GSSD_CTXV(ctx) \ (((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx)) #ifdef _KERNEL #define KCTX_TO_I_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx) #define KCTX_TO_CTX(ctx) \ ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \ KCTX_TO_I_CTX(ctx)) #define KGSS_CRED_ALLOC() kmem_zalloc(sizeof (struct kgss_cred), \ KM_SLEEP) #define KGSS_CRED_FREE(cred) kmem_free(cred, sizeof (struct kgss_cred)) #define KGSS_ALLOC() kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP) #define KGSS_FREE(ctx) kmem_free(ctx, sizeof (struct kgss_ctx)) #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ (*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \ KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ (*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\ KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) #define KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id, tkn) \ (*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\ minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx)) #define KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id) \ (*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\ minor_st, tkn, int_ctx_id) /* EXPORT DELETE START */ #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ (*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \ KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\ KCTX_TO_CTXV(ctx)) #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ (*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\ KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ KCTX_TO_CTXV(ctx)) /* EXPORT DELETE END */ #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx) #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid) extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *); #else /* !_KERNEL */ #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx) #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid) #define KCTX_TO_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) #define MALLOC(n) malloc(n) #define FREE(x, n) free(x) #define KGSS_CRED_ALLOC() (struct kgss_cred *) \ MALLOC(sizeof (struct kgss_cred)) #define KGSS_CRED_FREE(cred) free(cred) #define KGSS_ALLOC() (struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx)) #define KGSS_FREE(ctx) free(ctx) #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ kgss_sign_wrapped(minor_st, \ KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ kgss_verify_wrapped(minor_st,\ KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ kgss_seal_wrapped(minor_st, \ KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \ KCTX_TO_CTXV(ctx)) #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ kgss_unseal_wrapped(minor_st,\ KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ KCTX_TO_CTXV(ctx)) #endif /* _KERNEL */ /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */ OM_uint32 generic_gss_release_buffer (OM_uint32*, /* minor_status */ gss_buffer_t /* buffer */ ); OM_uint32 generic_gss_release_oid_set (OM_uint32*, /* minor_status */ gss_OID_set* /* set */ ); OM_uint32 generic_gss_release_oid (OM_uint32*, /* minor_status */ gss_OID* /* set */ ); OM_uint32 generic_gss_copy_oid (OM_uint32 *, /* minor_status */ gss_OID_desc * const, /* oid */ /* SUNW15resync */ gss_OID * /* new_oid */ ); OM_uint32 generic_gss_create_empty_oid_set (OM_uint32 *, /* minor_status */ gss_OID_set * /* oid_set */ ); OM_uint32 generic_gss_add_oid_set_member (OM_uint32 *, /* minor_status */ gss_OID_desc * const, /* member_oid */ gss_OID_set * /* oid_set */ ); OM_uint32 generic_gss_test_oid_set_member (OM_uint32 *, /* minor_status */ gss_OID_desc * const, /* member */ gss_OID_set, /* set */ int * /* present */ ); OM_uint32 generic_gss_oid_to_str (OM_uint32 *, /* minor_status */ gss_OID_desc * const, /* oid */ gss_buffer_t /* oid_str */ ); OM_uint32 generic_gss_str_to_oid (OM_uint32 *, /* minor_status */ gss_buffer_t, /* oid_str */ gss_OID * /* oid */ ); OM_uint32 generic_gss_oid_compose( OM_uint32 *, /* minor_status */ const char *, /* prefix */ size_t, /* prefix_len */ int, /* suffix */ gss_OID_desc *); /* oid */ OM_uint32 generic_gss_oid_decompose( OM_uint32 *, /* minor_status */ const char *, /*prefix */ size_t, /* prefix_len */ gss_OID_desc *, /* oid */ int *); /* suffix */ OM_uint32 generic_gss_create_empty_buffer_set (OM_uint32 * /*minor_status*/, gss_buffer_set_t * /*buffer_set*/); OM_uint32 generic_gss_add_buffer_set_member (OM_uint32 * /*minor_status*/, const gss_buffer_t /*member_buffer*/, gss_buffer_set_t * /*buffer_set*/); OM_uint32 generic_gss_release_buffer_set (OM_uint32 * /*minor_status*/, gss_buffer_set_t * /*buffer_set*/); /* * SUNW17PACresync * New map error API in MIT 1.7, at build time generates code for errors. * Solaris does not gen the errors at build time so we just stub these * for now, need to revisit. * See mglueP.h and util_errmap.c in MIT 1.7. */ #ifdef _KERNEL #define map_error(MINORP, MECH) #define map_errcode(MINORP) #else /* _KERNEL */ #include #define map_error(MINORP, MECH) \ (void) syslog(LOG_AUTH|LOG_DEBUG, \ "map_error: minor status=%x", \ (MINORP) ? *(MINORP) : 0xffffffff) #define map_errcode(MINORP) \ (void) syslog(LOG_AUTH|LOG_DEBUG, \ "map_errcode: minor status=%x", \ (MINORP) ? *(MINORP) : 0xffffffff) #endif /* _KERNEL */ #endif /* _GSS_MECHGLUEP_H */