1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 /* 26 * This header contains the private mechglue definitions. 27 * 28 */ 29 30 #ifndef _GSS_MECHGLUEP_H 31 #define _GSS_MECHGLUEP_H 32 33 #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */ 34 #include "autoconf.h" 35 #endif 36 37 /* SUNW15resync */ 38 #ifndef GSS_DLLIMP 39 #define GSS_DLLIMP 40 #endif 41 42 #include <gssapi/gssapi_ext.h> /* SUNW15resync - mechglue.h in mit 1.5 */ 43 #if 0 /* Solaris Kerberos */ 44 #include "gssapiP_generic.h" 45 #endif 46 47 #ifdef _KERNEL 48 #include <rpc/rpc.h> 49 #endif 50 51 #ifndef g_OID_copy /* SUNW15resync */ 52 #define g_OID_copy(o1, o2) \ 53 do { \ 54 memcpy((o1)->elements, (o2)->elements, (o2)->length); \ 55 (o1)->length = (o2)->length; \ 56 } while (0) 57 #endif 58 59 #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ 60 (buf)->value == NULL || (buf)->length == 0) 61 62 /* 63 * Array of context IDs typed by mechanism OID 64 */ 65 typedef struct gss_union_ctx_id_t { 66 gss_OID mech_type; 67 gss_ctx_id_t internal_ctx_id; 68 } gss_union_ctx_id_desc, *gss_union_ctx_id_t; 69 70 /* 71 * Generic GSSAPI names. A name can either be a generic name, or a 72 * mechanism specific name.... 73 */ 74 typedef struct gss_name_struct { 75 struct gss_name_struct *loopback; 76 gss_OID name_type; 77 gss_buffer_t external_name; 78 /* 79 * These last two fields are only filled in for mechanism 80 * names. 81 */ 82 gss_OID mech_type; 83 gss_name_t mech_name; 84 } gss_union_name_desc, *gss_union_name_t; 85 86 /* 87 * Structure for holding list of mechanism-specific name types 88 */ 89 typedef struct gss_mech_spec_name_t { 90 gss_OID name_type; 91 gss_OID mech; 92 struct gss_mech_spec_name_t *next, *prev; 93 } gss_mech_spec_name_desc, *gss_mech_spec_name; 94 95 /* 96 * Credential auxiliary info, used in the credential structure 97 */ 98 typedef struct gss_union_cred_auxinfo { 99 gss_buffer_desc name; 100 gss_OID name_type; 101 OM_uint32 creation_time; 102 OM_uint32 time_rec; 103 int cred_usage; 104 } gss_union_cred_auxinfo; 105 106 /* 107 * Set of Credentials typed on mechanism OID 108 */ 109 typedef struct gss_union_cred_t { 110 int count; 111 gss_OID mechs_array; 112 gss_cred_id_t *cred_array; 113 gss_union_cred_auxinfo auxinfo; 114 } gss_union_cred_desc, *gss_union_cred_t; 115 116 /* Solaris Kerberos */ 117 typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)( 118 void *, /* context */ 119 OM_uint32 *, /* minor_status */ 120 const gss_name_t, /* desired_name */ 121 const gss_buffer_t, /* password */ 122 OM_uint32, /* time_req */ 123 const gss_OID_set, /* desired_mechs */ 124 int, /* cred_usage */ 125 gss_cred_id_t *, /* output_cred_handle */ 126 gss_OID_set *, /* actual_mechs */ 127 OM_uint32 * /* time_rec */ 128 /* */); 129 130 /* 131 * Rudimentary pointer validation macro to check whether the 132 * "loopback" field of an opaque struct points back to itself. This 133 * field also catches some programming errors where an opaque pointer 134 * is passed to a function expecting the address of the opaque 135 * pointer. 136 */ 137 #if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */ 138 #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p))) 139 #else 140 #define GSSINT_CHK_LOOP(p) ((p) == NULL) 141 #endif 142 143 144 /********************************************************/ 145 /* The Mechanism Dispatch Table -- a mechanism needs to */ 146 /* define one of these and provide a function to return */ 147 /* it to initialize the GSSAPI library */ 148 149 /* 150 * This is the definition of the mechs_array struct, which is used to 151 * define the mechs array table. This table is used to indirectly 152 * access mechanism specific versions of the gssapi routines through 153 * the routines in the glue module (gssd_mech_glue.c) 154 * 155 * This contants all of the functions defined in gssapi.h except for 156 * gss_release_buffer() and gss_release_oid_set(), which I am 157 * assuming, for now, to be equal across mechanisms. 158 */ 159 160 typedef struct gss_config { 161 #if 0 /* Solaris Kerberos */ 162 OM_uint32 priority; 163 char * mechNameStr; 164 #endif 165 gss_OID_desc mech_type; 166 void * context; 167 #ifdef _KERNEL 168 struct gss_config *next; 169 bool_t uses_kmod; 170 #endif 171 172 #ifndef _KERNEL 173 OM_uint32 (*gss_acquire_cred) 174 ( 175 void *, /* context */ 176 177 OM_uint32 *, /* minor_status */ 178 const gss_name_t, /* desired_name */ 179 OM_uint32, /* time_req */ 180 const gss_OID_set, /* desired_mechs */ 181 int, /* cred_usage */ 182 gss_cred_id_t *, /* output_cred_handle */ 183 gss_OID_set *, /* actual_mechs */ 184 OM_uint32 * /* time_rec */ 185 /* */); 186 OM_uint32 (*gss_release_cred) 187 ( 188 189 void *, /* context */ 190 OM_uint32 *, /* minor_status */ 191 gss_cred_id_t * /* cred_handle */ 192 /* */); 193 OM_uint32 (*gss_init_sec_context) 194 ( 195 void *, /* context */ 196 OM_uint32 *, /* minor_status */ 197 const gss_cred_id_t, /* claimant_cred_handle */ 198 gss_ctx_id_t *, /* context_handle */ 199 const gss_name_t, /* target_name */ 200 const gss_OID, /* mech_type */ 201 OM_uint32, /* req_flags */ 202 OM_uint32, /* time_req */ 203 const gss_channel_bindings_t, /* input_chan_bindings */ 204 const gss_buffer_t, /* input_token */ 205 gss_OID*, /* actual_mech_type */ 206 gss_buffer_t, /* output_token */ 207 OM_uint32 *, /* ret_flags */ 208 OM_uint32 * /* time_rec */ 209 /* */); 210 OM_uint32 (*gss_accept_sec_context) 211 ( 212 void *, /* context */ 213 OM_uint32 *, /* minor_status */ 214 gss_ctx_id_t *, /* context_handle */ 215 const gss_cred_id_t, /* verifier_cred_handle */ 216 const gss_buffer_t, /* input_token_buffer */ 217 const gss_channel_bindings_t, /* input_chan_bindings */ 218 gss_name_t *, /* src_name */ 219 gss_OID*, /* mech_type */ 220 gss_buffer_t, /* output_token */ 221 OM_uint32 *, /* ret_flags */ 222 OM_uint32 *, /* time_rec */ 223 gss_cred_id_t * /* delegated_cred_handle */ 224 /* */); 225 #endif /* ! _KERNEL */ 226 227 /* 228 * Note: there are two gss_unseal's in here. Make any changes to both. 229 */ 230 OM_uint32 (*gss_unseal) 231 ( 232 void *, /* context */ 233 OM_uint32 *, /* minor_status */ 234 const gss_ctx_id_t, /* context_handle */ 235 const gss_buffer_t, /* input_message_buffer */ 236 gss_buffer_t, /* output_message_buffer */ 237 int *, /* conf_state */ 238 int * /* qop_state */ 239 #ifdef _KERNEL 240 /* */, OM_uint32 241 #endif 242 /* */); 243 #ifndef _KERNEL 244 OM_uint32 (*gss_process_context_token) 245 ( 246 void *, /* context */ 247 OM_uint32 *, /* minor_status */ 248 const gss_ctx_id_t, /* context_handle */ 249 const gss_buffer_t /* token_buffer */ 250 /* */); 251 #endif /* ! _KERNEL */ 252 OM_uint32 (*gss_delete_sec_context) 253 ( 254 void *, /* context */ 255 OM_uint32 *, /* minor_status */ 256 gss_ctx_id_t *, /* context_handle */ 257 gss_buffer_t /* output_token */ 258 #ifdef _KERNEL 259 /* */, OM_uint32 260 #endif 261 /* */); 262 #ifndef _KERNEL 263 OM_uint32 (*gss_context_time) 264 ( 265 void *, /* context */ 266 OM_uint32 *, /* minor_status */ 267 const gss_ctx_id_t, /* context_handle */ 268 OM_uint32 * /* time_rec */ 269 /* */); 270 OM_uint32 (*gss_display_status) 271 ( 272 void *, /* context */ 273 OM_uint32 *, /* minor_status */ 274 OM_uint32, /* status_value */ 275 int, /* status_type */ 276 const gss_OID, /* mech_type */ 277 OM_uint32 *, /* message_context */ 278 gss_buffer_t /* status_string */ 279 /* */); 280 OM_uint32 (*gss_indicate_mechs) 281 ( 282 void *, /* context */ 283 OM_uint32 *, /* minor_status */ 284 gss_OID_set * /* mech_set */ 285 /* */); 286 OM_uint32 (*gss_compare_name) 287 ( 288 void *, /* context */ 289 OM_uint32 *, /* minor_status */ 290 const gss_name_t, /* name1 */ 291 const gss_name_t, /* name2 */ 292 int * /* name_equal */ 293 /* */); 294 OM_uint32 (*gss_display_name) 295 ( 296 void *, /* context */ 297 OM_uint32 *, /* minor_status */ 298 const gss_name_t, /* input_name */ 299 gss_buffer_t, /* output_name_buffer */ 300 gss_OID* /* output_name_type */ 301 /* */); 302 OM_uint32 (*gss_import_name) 303 ( 304 void *, /* context */ 305 OM_uint32 *, /* minor_status */ 306 const gss_buffer_t, /* input_name_buffer */ 307 const gss_OID, /* input_name_type */ 308 gss_name_t * /* output_name */ 309 /* */); 310 OM_uint32 (*gss_release_name) 311 ( 312 void *, /* context */ 313 OM_uint32 *, /* minor_status */ 314 gss_name_t * /* input_name */ 315 /* */); 316 OM_uint32 (*gss_inquire_cred) 317 ( 318 void *, /* context */ 319 OM_uint32 *, /* minor_status */ 320 const gss_cred_id_t, /* cred_handle */ 321 gss_name_t *, /* name */ 322 OM_uint32 *, /* lifetime */ 323 int *, /* cred_usage */ 324 gss_OID_set * /* mechanisms */ 325 /* */); 326 OM_uint32 (*gss_add_cred) 327 ( 328 void *, /* context */ 329 OM_uint32 *, /* minor_status */ 330 const gss_cred_id_t, /* input_cred_handle */ 331 const gss_name_t, /* desired_name */ 332 const gss_OID, /* desired_mech */ 333 gss_cred_usage_t, /* cred_usage */ 334 OM_uint32, /* initiator_time_req */ 335 OM_uint32, /* acceptor_time_req */ 336 gss_cred_id_t *, /* output_cred_handle */ 337 gss_OID_set *, /* actual_mechs */ 338 OM_uint32 *, /* initiator_time_rec */ 339 OM_uint32 * /* acceptor_time_rec */ 340 /* */); 341 #endif /* ! _KERNEL */ 342 /* 343 * Note: there are two gss_seal's in here. Make any changes to both. 344 */ 345 OM_uint32 (*gss_seal) 346 ( 347 void *, /* context */ 348 OM_uint32 *, /* minor_status */ 349 const gss_ctx_id_t, /* context_handle */ 350 int, /* conf_req_flag */ 351 int, /* qop_req */ 352 const gss_buffer_t, /* input_message_buffer */ 353 int *, /* conf_state */ 354 gss_buffer_t /* output_message_buffer */ 355 #ifdef _KERNEL 356 /* */, OM_uint32 357 #endif 358 /* */); 359 #ifndef _KERNEL 360 OM_uint32 (*gss_export_sec_context) 361 ( 362 void *, /* context */ 363 OM_uint32 *, /* minor_status */ 364 gss_ctx_id_t *, /* context_handle */ 365 gss_buffer_t /* interprocess_token */ 366 /* */); 367 #endif /* ! _KERNEL */ 368 OM_uint32 (*gss_import_sec_context) 369 ( 370 void *, /* context */ 371 OM_uint32 *, /* minor_status */ 372 const gss_buffer_t, /* interprocess_token */ 373 gss_ctx_id_t * /* context_handle */ 374 /* */); 375 #ifndef _KERNEL 376 OM_uint32 (*gss_inquire_cred_by_mech) 377 ( 378 void *, /* context */ 379 OM_uint32 *, /* minor_status */ 380 const gss_cred_id_t, /* cred_handle */ 381 const gss_OID, /* mech_type */ 382 gss_name_t *, /* name */ 383 OM_uint32 *, /* initiator_lifetime */ 384 OM_uint32 *, /* acceptor_lifetime */ 385 gss_cred_usage_t * /* cred_usage */ 386 /* */); 387 OM_uint32 (*gss_inquire_names_for_mech) 388 ( 389 void *, /* context */ 390 OM_uint32 *, /* minor_status */ 391 const gss_OID, /* mechanism */ 392 gss_OID_set * /* name_types */ 393 /* */); 394 OM_uint32 (*gss_inquire_context) 395 ( 396 void *, /* context */ 397 OM_uint32 *, /* minor_status */ 398 const gss_ctx_id_t, /* context_handle */ 399 gss_name_t *, /* src_name */ 400 gss_name_t *, /* targ_name */ 401 OM_uint32 *, /* lifetime_rec */ 402 gss_OID *, /* mech_type */ 403 OM_uint32 *, /* ctx_flags */ 404 int *, /* locally_initiated */ 405 int * /* open */ 406 /* */); 407 OM_uint32 (*gss_internal_release_oid) 408 ( 409 void *, /* context */ 410 OM_uint32 *, /* minor_status */ 411 gss_OID * /* OID */ 412 /* */); 413 OM_uint32 (*gss_wrap_size_limit) 414 ( 415 void *, /* context */ 416 OM_uint32 *, /* minor_status */ 417 const gss_ctx_id_t, /* context_handle */ 418 int, /* conf_req_flag */ 419 gss_qop_t, /* qop_req */ 420 OM_uint32, /* req_output_size */ 421 OM_uint32 * /* max_input_size */ 422 /* */); 423 OM_uint32 (*pname_to_uid) 424 ( 425 void *, /* context */ 426 OM_uint32 *, /* minor_status */ 427 const gss_name_t, /* pname */ 428 uid_t * /* uid */ 429 /* */); 430 OM_uint32 (*__gss_userok) 431 ( 432 void *, /* context */ 433 OM_uint32 *, /* minor_status */ 434 const gss_name_t, /* pname */ 435 const char *, /* local user */ 436 int * /* user ok? */ 437 /* */); 438 OM_uint32 (*gss_export_name) 439 ( 440 void *, /* context */ 441 OM_uint32 *, /* minor_status */ 442 const gss_name_t, /* input_name */ 443 gss_buffer_t /* exported_name */ 444 /* */); 445 #endif /* ! _KERNEL */ 446 OM_uint32 (*gss_sign) 447 ( 448 void *, /* context */ 449 OM_uint32 *, /* minor_status */ 450 const gss_ctx_id_t, /* context_handle */ 451 int, /* qop_req */ 452 const gss_buffer_t, /* message_buffer */ 453 gss_buffer_t /* message_token */ 454 #ifdef _KERNEL 455 /* */, OM_uint32 456 #endif 457 /* */); 458 OM_uint32 (*gss_verify) 459 ( 460 void *, /* context */ 461 OM_uint32 *, /* minor_status */ 462 const gss_ctx_id_t, /* context_handle */ 463 const gss_buffer_t, /* message_buffer */ 464 const gss_buffer_t, /* token_buffer */ 465 int * /* qop_state */ 466 #ifdef _KERNEL 467 /* */, OM_uint32 468 #endif 469 /* */); 470 #ifndef _KERNEL 471 OM_uint32 (*gss_store_cred) 472 ( 473 void *, /* context */ 474 OM_uint32 *, /* minor_status */ 475 const gss_cred_id_t, /* input_cred */ 476 gss_cred_usage_t, /* cred_usage */ 477 const gss_OID, /* desired_mech */ 478 OM_uint32, /* overwrite_cred */ 479 OM_uint32, /* default_cred */ 480 gss_OID_set *, /* elements_stored */ 481 gss_cred_usage_t * /* cred_usage_stored */ 482 /* */); 483 484 /* GGF extensions */ 485 486 OM_uint32 (*gss_inquire_sec_context_by_oid) 487 ( 488 OM_uint32 *, /* minor_status */ 489 const gss_ctx_id_t, /* context_handle */ 490 const gss_OID, /* OID */ 491 gss_buffer_set_t * /* data_set */ 492 /* */); 493 494 #endif 495 } *gss_mechanism; 496 497 498 499 #ifndef _KERNEL 500 /* This structure MUST NOT be used by any code outside libgss */ 501 typedef struct gss_config_ext { 502 gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password; 503 } *gss_mechanism_ext; 504 #endif /* _KERNEL */ 505 506 507 /* 508 * In the user space we use a wrapper structure to encompass the 509 * mechanism entry points. The wrapper contain the mechanism 510 * entry points and other data which is only relevant to the gss-api 511 * layer. In the kernel we use only the gss_config strucutre because 512 * the kernal does not cantain any of the extra gss-api specific data. 513 */ 514 typedef struct gss_mech_config { 515 char *kmodName; /* kernel module name */ 516 char *uLibName; /* user library name */ 517 char *mechNameStr; /* mechanism string name */ 518 char *optionStr; /* optional mech parameters */ 519 void *dl_handle; /* RTLD object handle for the mech */ 520 gss_OID mech_type; /* mechanism oid */ 521 gss_mechanism mech; /* mechanism initialization struct */ 522 #ifndef _KERNEL 523 gss_mechanism_ext mech_ext; /* Solaris extensions */ 524 #endif /* _KERNEL */ 525 struct gss_mech_config *next; /* next element in the list */ 526 } *gss_mech_info; 527 528 /********************************************************/ 529 /* Internal mechglue routines */ 530 531 /* SUNW15resync - Solaris versions - replace w/mit ones? */ 532 gss_mechanism __gss_get_mechanism(const gss_OID); 533 #ifndef _KERNEL 534 gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID); 535 #endif /* _KERNEL */ 536 char *__gss_get_kmodName(const gss_OID); 537 char *__gss_get_modOptions(const gss_OID); 538 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID, 539 gss_union_name_t, gss_name_t *); 540 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID, 541 const gss_name_t, gss_buffer_t); 542 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID, 543 const gss_name_t, gss_buffer_t, gss_OID *); 544 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID, 545 gss_name_t *); 546 OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID, 547 gss_ctx_id_t *, gss_buffer_t); 548 OM_uint32 __gss_convert_name_to_union_name( 549 OM_uint32 *, /* minor_status */ 550 gss_mechanism, /* mech */ 551 gss_name_t, /* internal_name */ 552 gss_name_t * /* external_name */ 553 ); 554 555 gss_cred_id_t __gss_get_mechanism_cred( 556 const gss_union_cred_t, /* union_cred */ 557 const gss_OID /* mech_type */ 558 ); 559 560 561 562 563 564 int gssint_mechglue_init(void); 565 void gssint_mechglue_fini(void); 566 567 gss_mechanism gssint_get_mechanism (gss_OID); 568 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t); 569 char *gssint_get_kmodName(const gss_OID); 570 char *gssint_get_modOptions(const gss_OID); 571 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t, 572 gss_name_t *); 573 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID, 574 const gss_name_t, gss_buffer_t); 575 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t, 576 gss_buffer_t, gss_OID *); 577 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *); 578 579 OM_uint32 gssint_convert_name_to_union_name 580 (OM_uint32 *, /* minor_status */ 581 gss_mechanism, /* mech */ 582 gss_name_t, /* internal_name */ 583 gss_name_t * /* external_name */ 584 ); 585 gss_cred_id_t gssint_get_mechanism_cred 586 (gss_union_cred_t, /* union_cred */ 587 gss_OID /* mech_type */ 588 ); 589 590 OM_uint32 gssint_create_copy_buffer( 591 const gss_buffer_t, /* src buffer */ 592 gss_buffer_t *, /* destination buffer */ 593 int /* NULL terminate buffer ? */ 594 ); 595 596 597 OM_uint32 gssint_copy_oid_set( 598 OM_uint32 *, /* minor_status */ 599 const gss_OID_set_desc *, /* oid set */ 600 gss_OID_set * /* new oid set */ 601 ); 602 603 /* SUNW15resync - for old Solaris version in libgss */ 604 OM_uint32 gss_copy_oid_set( 605 OM_uint32 *, /* minor_status */ 606 const gss_OID_set_desc *, /* oid set */ 607 gss_OID_set * /* new oid set */ 608 ); 609 610 611 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */ 612 613 OM_uint32 gss_add_mech_name_type 614 (OM_uint32 *, /* minor_status */ 615 gss_OID, /* name_type */ 616 gss_OID /* mech */ 617 ); 618 619 /* 620 * Sun extensions to GSS-API v2 621 */ 622 623 OM_uint32 624 gssint_mech_to_oid( 625 const char *mech, /* mechanism string name */ 626 gss_OID *oid /* mechanism oid */ 627 ); 628 629 const char * 630 gssint_oid_to_mech( 631 const gss_OID oid /* mechanism oid */ 632 ); 633 634 OM_uint32 635 gssint_get_mechanisms( 636 char *mechArray[], /* array to populate with mechs */ 637 int arrayLen /* length of passed in array */ 638 ); 639 640 OM_uint32 641 gss_store_cred( 642 OM_uint32 *, /* minor_status */ 643 const gss_cred_id_t, /* input_cred_handle */ 644 gss_cred_usage_t, /* cred_usage */ 645 const gss_OID, /* desired_mech */ 646 OM_uint32, /* overwrite_cred */ 647 OM_uint32, /* default_cred */ 648 gss_OID_set *, /* elements_stored */ 649 gss_cred_usage_t * /* cred_usage_stored */ 650 ); 651 652 int 653 gssint_get_der_length( 654 unsigned char **, /* buf */ 655 unsigned int, /* buf_len */ 656 unsigned int * /* bytes */ 657 ); 658 659 unsigned int 660 gssint_der_length_size(unsigned int /* len */); 661 662 int 663 gssint_put_der_length( 664 unsigned int, /* length */ 665 unsigned char **, /* buf */ 666 unsigned int /* max_len */ 667 ); 668 669 670 671 /* Solaris kernel and gssd support */ 672 673 /* 674 * derived types for passing context and credential handles 675 * between gssd and kernel 676 */ 677 typedef unsigned int gssd_ctx_id_t; 678 typedef unsigned int gssd_cred_id_t; 679 680 #define GSSD_NO_CONTEXT ((gssd_ctx_id_t)0) 681 #define GSSD_NO_CREDENTIAL ((gssd_cred_id_t)0) 682 683 #ifdef _KERNEL 684 685 #ifndef _KRB5_H 686 /* These macros are defined for Kerberos in krb5.h, and have priority */ 687 #define MALLOC(n) kmem_alloc((n), KM_SLEEP) 688 #define FREE(x, n) kmem_free((x), (n)) 689 #endif /* _KRB5_H */ 690 691 gss_mechanism __kgss_get_mechanism(gss_OID); 692 void __kgss_add_mechanism(gss_mechanism); 693 #endif /* _KERNEL */ 694 695 struct kgss_cred { 696 gssd_cred_id_t gssd_cred; 697 OM_uint32 gssd_cred_verifier; 698 }; 699 700 #define KCRED_TO_KGSS_CRED(cred) ((struct kgss_cred *)(cred)) 701 #define KCRED_TO_CRED(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred) 702 #define KCRED_TO_CREDV(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier) 703 704 struct kgss_ctx { 705 gssd_ctx_id_t gssd_ctx; 706 #ifdef _KERNEL 707 gss_ctx_id_t gssd_i_ctx; 708 bool_t ctx_imported; 709 gss_mechanism mech; 710 #endif /* _KERNEL */ 711 OM_uint32 gssd_ctx_verifier; 712 }; 713 714 #define KCTX_TO_KGSS_CTX(ctx) ((struct kgss_ctx *)(ctx)) 715 #define KCTX_TO_CTX_IMPORTED(ctx) (KCTX_TO_KGSS_CTX(ctx)->ctx_imported) 716 #define KCTX_TO_GSSD_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 717 #define KCTX_TO_CTXV(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier) 718 #define KCTX_TO_MECH(ctx) (KCTX_TO_KGSS_CTX(ctx)->mech) 719 #define KCTX_TO_PRIVATE(ctx) (KCTX_TO_MECH(ctx)->context) 720 #define KGSS_CTX_TO_GSSD_CTX(ctx) \ 721 (((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \ 722 KCTX_TO_GSSD_CTX(ctx)) 723 #define KGSS_CTX_TO_GSSD_CTXV(ctx) \ 724 (((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx)) 725 726 #ifdef _KERNEL 727 #define KCTX_TO_I_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx) 728 #define KCTX_TO_CTX(ctx) \ 729 ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \ 730 KCTX_TO_I_CTX(ctx)) 731 #define KGSS_CRED_ALLOC() kmem_zalloc(sizeof (struct kgss_cred), \ 732 KM_SLEEP) 733 #define KGSS_CRED_FREE(cred) kmem_free(cred, sizeof (struct kgss_cred)) 734 735 #define KGSS_ALLOC() kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP) 736 #define KGSS_FREE(ctx) kmem_free(ctx, sizeof (struct kgss_ctx)) 737 738 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 739 (*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \ 740 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 741 742 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 743 (*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\ 744 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 745 746 #define KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id, tkn) \ 747 (*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\ 748 minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx)) 749 750 #define KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id) \ 751 (*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\ 752 minor_st, tkn, int_ctx_id) 753 754 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 755 (*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \ 756 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\ 757 KCTX_TO_CTXV(ctx)) 758 759 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 760 (*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\ 761 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 762 KCTX_TO_CTXV(ctx)) 763 764 #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx) 765 #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid) 766 extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *); 767 768 #else /* !_KERNEL */ 769 770 #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx) 771 #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid) 772 773 #define KCTX_TO_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 774 #define MALLOC(n) malloc(n) 775 #define FREE(x, n) free(x) 776 #define KGSS_CRED_ALLOC() (struct kgss_cred *) \ 777 MALLOC(sizeof (struct kgss_cred)) 778 #define KGSS_CRED_FREE(cred) free(cred) 779 #define KGSS_ALLOC() (struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx)) 780 #define KGSS_FREE(ctx) free(ctx) 781 782 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 783 kgss_sign_wrapped(minor_st, \ 784 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 785 786 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 787 kgss_verify_wrapped(minor_st,\ 788 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 789 790 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 791 kgss_seal_wrapped(minor_st, \ 792 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \ 793 KCTX_TO_CTXV(ctx)) 794 795 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 796 kgss_unseal_wrapped(minor_st,\ 797 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 798 KCTX_TO_CTXV(ctx)) 799 #endif /* _KERNEL */ 800 801 /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */ 802 OM_uint32 generic_gss_release_buffer 803 (OM_uint32*, /* minor_status */ 804 gss_buffer_t /* buffer */ 805 ); 806 807 OM_uint32 generic_gss_release_oid_set 808 (OM_uint32*, /* minor_status */ 809 gss_OID_set* /* set */ 810 ); 811 812 OM_uint32 generic_gss_release_oid 813 (OM_uint32*, /* minor_status */ 814 gss_OID* /* set */ 815 ); 816 817 OM_uint32 generic_gss_copy_oid 818 (OM_uint32 *, /* minor_status */ 819 gss_OID_desc * const, /* oid */ /* SUNW15resync */ 820 gss_OID * /* new_oid */ 821 ); 822 823 OM_uint32 generic_gss_create_empty_oid_set 824 (OM_uint32 *, /* minor_status */ 825 gss_OID_set * /* oid_set */ 826 ); 827 828 OM_uint32 generic_gss_add_oid_set_member 829 (OM_uint32 *, /* minor_status */ 830 gss_OID_desc * const, /* member_oid */ 831 gss_OID_set * /* oid_set */ 832 ); 833 834 OM_uint32 generic_gss_test_oid_set_member 835 (OM_uint32 *, /* minor_status */ 836 gss_OID_desc * const, /* member */ 837 gss_OID_set, /* set */ 838 int * /* present */ 839 ); 840 841 OM_uint32 generic_gss_oid_to_str 842 (OM_uint32 *, /* minor_status */ 843 gss_OID_desc * const, /* oid */ 844 gss_buffer_t /* oid_str */ 845 ); 846 847 OM_uint32 generic_gss_str_to_oid 848 (OM_uint32 *, /* minor_status */ 849 gss_buffer_t, /* oid_str */ 850 gss_OID * /* oid */ 851 ); 852 853 OM_uint32 854 generic_gss_oid_compose( 855 OM_uint32 *, /* minor_status */ 856 const char *, /* prefix */ 857 size_t, /* prefix_len */ 858 int, /* suffix */ 859 gss_OID_desc *); /* oid */ 860 861 OM_uint32 862 generic_gss_oid_decompose( 863 OM_uint32 *, /* minor_status */ 864 const char *, /*prefix */ 865 size_t, /* prefix_len */ 866 gss_OID_desc *, /* oid */ 867 int *); /* suffix */ 868 869 OM_uint32 generic_gss_create_empty_buffer_set 870 (OM_uint32 * /*minor_status*/, 871 gss_buffer_set_t * /*buffer_set*/); 872 873 OM_uint32 generic_gss_add_buffer_set_member 874 (OM_uint32 * /*minor_status*/, 875 const gss_buffer_t /*member_buffer*/, 876 gss_buffer_set_t * /*buffer_set*/); 877 878 OM_uint32 generic_gss_release_buffer_set 879 (OM_uint32 * /*minor_status*/, 880 gss_buffer_set_t * /*buffer_set*/); 881 882 /* 883 * SUNW17PACresync 884 * New map error API in MIT 1.7, at build time generates code for errors. 885 * Solaris does not gen the errors at build time so we just stub these 886 * for now, need to revisit. 887 * See mglueP.h and util_errmap.c in MIT 1.7. 888 */ 889 #ifdef _KERNEL 890 891 #define map_error(MINORP, MECH) 892 #define map_errcode(MINORP) 893 894 #else /* _KERNEL */ 895 896 /* Use this to map an error code that was returned from a mech 897 operation; the mech will be asked to produce the associated error 898 messages. 899 900 Remember that if the minor status code cannot be returned to the 901 caller (e.g., if it's stuffed in an automatic variable and then 902 ignored), then we don't care about producing a mapping. */ 903 #define map_error(MINORP, MECH) \ 904 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type)) 905 #define map_error_oid(MINORP, MECHOID) \ 906 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID))) 907 908 /* Use this to map an errno value or com_err error code being 909 generated within the mechglue code (e.g., by calling generic oid 910 ops). Any errno or com_err values produced by mech operations 911 should be processed with map_error. This means they'll be stored 912 separately even if the mech uses com_err, because we can't assume 913 that it will use com_err. */ 914 #define map_errcode(MINORP) \ 915 (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP))) 916 917 #endif /* _KERNEL */ 918 919 #endif /* _GSS_MECHGLUEP_H */ 920