xref: /illumos-gate/usr/src/uts/common/gssapi/include/mechglueP.h (revision 7d0b359ca572cd04474eb1f2ceec5a8ff39e36c9)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 /*
26  * This header contains the private mechglue definitions.
27  *
28  */
29 
30 #ifndef _GSS_MECHGLUEP_H
31 #define _GSS_MECHGLUEP_H
32 
33 #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */
34 #include "autoconf.h"
35 #endif
36 
37 /* SUNW15resync */
38 #ifndef GSS_DLLIMP
39 #define GSS_DLLIMP
40 #endif
41 
42 #include <gssapi/gssapi_ext.h>   /* SUNW15resync - mechglue.h in mit 1.5 */
43 #if 0 /* Solaris Kerberos */
44 #include "gssapiP_generic.h"
45 #endif
46 
47 #ifdef _KERNEL
48 #include <rpc/rpc.h>
49 #endif
50 
51 #ifndef g_OID_copy /* SUNW15resync */
52 #define	g_OID_copy(o1, o2)					\
53 do {								\
54 	memcpy((o1)->elements, (o2)->elements, (o2)->length);	\
55 	(o1)->length = (o2)->length;				\
56 } while (0)
57 #endif
58 
59 #define	GSS_EMPTY_BUFFER(buf)	((buf) == NULL ||\
60 	(buf)->value == NULL || (buf)->length == 0)
61 
62 /*
63  * Array of context IDs typed by mechanism OID
64  */
65 typedef struct gss_union_ctx_id_t {
66 	gss_OID			mech_type;
67 	gss_ctx_id_t		internal_ctx_id;
68 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
69 
70 /*
71  * Generic GSSAPI names.  A name can either be a generic name, or a
72  * mechanism specific name....
73  */
74 typedef struct gss_name_struct {
75 	struct gss_name_struct *loopback;
76 	gss_OID			name_type;
77 	gss_buffer_t		external_name;
78 	/*
79 	 * These last two fields are only filled in for mechanism
80 	 * names.
81 	 */
82 	gss_OID			mech_type;
83 	gss_name_t		mech_name;
84 } gss_union_name_desc, *gss_union_name_t;
85 
86 /*
87  * Structure for holding list of mechanism-specific name types
88  */
89 typedef struct gss_mech_spec_name_t {
90     gss_OID	name_type;
91     gss_OID	mech;
92     struct gss_mech_spec_name_t	*next, *prev;
93 } gss_mech_spec_name_desc, *gss_mech_spec_name;
94 
95 /*
96  * Credential auxiliary info, used in the credential structure
97  */
98 typedef struct gss_union_cred_auxinfo {
99 	gss_buffer_desc		name;
100 	gss_OID			name_type;
101 	OM_uint32		creation_time;
102 	OM_uint32		time_rec;
103 	int			cred_usage;
104 } gss_union_cred_auxinfo;
105 
106 /*
107  * Set of Credentials typed on mechanism OID
108  */
109 typedef struct gss_union_cred_t {
110 	int			count;
111 	gss_OID			mechs_array;
112 	gss_cred_id_t		*cred_array;
113 	gss_union_cred_auxinfo	auxinfo;
114 } gss_union_cred_desc, *gss_union_cred_t;
115 
116 /* Solaris Kerberos */
117 typedef	OM_uint32	    (*gss_acquire_cred_with_password_sfct)(
118 		    void *,		/* context */
119 		    OM_uint32 *,	/* minor_status */
120 		    const gss_name_t,	/* desired_name */
121 		    const gss_buffer_t, /* password */
122 		    OM_uint32,		/* time_req */
123 		    const gss_OID_set,	/* desired_mechs */
124 		    int,		/* cred_usage */
125 		    gss_cred_id_t *,	/* output_cred_handle */
126 		    gss_OID_set *,	/* actual_mechs */
127 		    OM_uint32 *		/* time_rec */
128 	/* */);
129 
130 /*
131  * Rudimentary pointer validation macro to check whether the
132  * "loopback" field of an opaque struct points back to itself.  This
133  * field also catches some programming errors where an opaque pointer
134  * is passed to a function expecting the address of the opaque
135  * pointer.
136  */
137 #if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */
138 #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
139 #else
140 #define GSSINT_CHK_LOOP(p) ((p) == NULL)
141 #endif
142 
143 
144 /********************************************************/
145 /* The Mechanism Dispatch Table -- a mechanism needs to */
146 /* define one of these and provide a function to return */
147 /* it to initialize the GSSAPI library                  */
148 
149 /*
150  * This is the definition of the mechs_array struct, which is used to
151  * define the mechs array table. This table is used to indirectly
152  * access mechanism specific versions of the gssapi routines through
153  * the routines in the glue module (gssd_mech_glue.c)
154  *
155  * This contants all of the functions defined in gssapi.h except for
156  * gss_release_buffer() and gss_release_oid_set(), which I am
157  * assuming, for now, to be equal across mechanisms.
158  */
159 
160 typedef struct gss_config {
161 #if 0 /* Solaris Kerberos */
162     OM_uint32	    priority;
163     char *	    mechNameStr;
164 #endif
165     gss_OID_desc    mech_type;
166     void *	    context;
167 #ifdef	_KERNEL
168     struct gss_config *next;
169     bool_t	    uses_kmod;
170 #endif
171 
172 #ifndef	_KERNEL
173 	OM_uint32	    (*gss_acquire_cred)
174 	(
175 		    void *,		/* context */
176 
177 		    OM_uint32 *,	/* minor_status */
178 		    const gss_name_t,	/* desired_name */
179 		    OM_uint32,		/* time_req */
180 		    const gss_OID_set,	/* desired_mechs */
181 		    int,		/* cred_usage */
182 		    gss_cred_id_t *,	/* output_cred_handle */
183 		    gss_OID_set *,	/* actual_mechs */
184 		    OM_uint32 *		/* time_rec */
185 	/* */);
186 	OM_uint32	    (*gss_release_cred)
187 	(
188 
189 		    void *,		/* context */
190 		    OM_uint32 *,	/* minor_status */
191 		    gss_cred_id_t *	/* cred_handle */
192 	/* */);
193 	OM_uint32	    (*gss_init_sec_context)
194 	(
195 		    void *,			/* context */
196 		    OM_uint32 *,		/* minor_status */
197 		    const gss_cred_id_t,	/* claimant_cred_handle */
198 		    gss_ctx_id_t *,		/* context_handle */
199 		    const gss_name_t,		/* target_name */
200 		    const gss_OID,		/* mech_type */
201 		    OM_uint32,			/* req_flags */
202 		    OM_uint32,			/* time_req */
203 		    const gss_channel_bindings_t, /* input_chan_bindings */
204 		    const gss_buffer_t,		/* input_token */
205 		    gss_OID*,			/* actual_mech_type */
206 		    gss_buffer_t,		/* output_token */
207 		    OM_uint32 *,		/* ret_flags */
208 		    OM_uint32 *			/* time_rec */
209 	/* */);
210 	OM_uint32	    (*gss_accept_sec_context)
211 	(
212 		    void *,			/* context */
213 		    OM_uint32 *,		/* minor_status */
214 		    gss_ctx_id_t *,		/* context_handle */
215 		    const gss_cred_id_t,	/* verifier_cred_handle */
216 		    const gss_buffer_t,		/* input_token_buffer */
217 		    const gss_channel_bindings_t, /* input_chan_bindings */
218 		    gss_name_t *,		/* src_name */
219 		    gss_OID*,			/* mech_type */
220 		    gss_buffer_t,		/* output_token */
221 		    OM_uint32 *,			/* ret_flags */
222 		    OM_uint32 *,			/* time_rec */
223 		    gss_cred_id_t *		/* delegated_cred_handle */
224 	/* */);
225 #endif	/* ! _KERNEL */
226 
227 /*
228  * Note: there are two gss_unseal's in here. Make any changes to both.
229  */
230 	OM_uint32	    (*gss_unseal)
231 	(
232 		    void *,		/* context */
233 		    OM_uint32 *,	/* minor_status */
234 		    const gss_ctx_id_t,	/* context_handle */
235 		    const gss_buffer_t,	/* input_message_buffer */
236 		    gss_buffer_t,	/* output_message_buffer */
237 		    int *,		/* conf_state */
238 		    int *		/* qop_state */
239 #ifdef	 _KERNEL
240 	/* */, OM_uint32
241 #endif
242 	/* */);
243 #ifndef	_KERNEL
244 	OM_uint32	    (*gss_process_context_token)
245 	(
246 		    void *,		/* context */
247 		    OM_uint32 *,	/* minor_status */
248 		    const gss_ctx_id_t,	/* context_handle */
249 		    const gss_buffer_t	/* token_buffer */
250 	/* */);
251 #endif	/* ! _KERNEL */
252 	OM_uint32	    (*gss_delete_sec_context)
253 	(
254 		    void *,		/* context */
255 		    OM_uint32 *,	/* minor_status */
256 		    gss_ctx_id_t *,	/* context_handle */
257 		    gss_buffer_t	/* output_token */
258 #ifdef	 _KERNEL
259 	/* */, OM_uint32
260 #endif
261 	/* */);
262 #ifndef	_KERNEL
263 	OM_uint32	    (*gss_context_time)
264 	(
265 		    void *,		/* context */
266 		    OM_uint32 *,	/* minor_status */
267 		    const gss_ctx_id_t,	/* context_handle */
268 		    OM_uint32 *		/* time_rec */
269 	/* */);
270 	OM_uint32	    (*gss_display_status)
271 	(
272 		    void *,		/* context */
273 		    OM_uint32 *,	/* minor_status */
274 		    OM_uint32,		/* status_value */
275 		    int,		/* status_type */
276 		    const gss_OID,	/* mech_type */
277 		    OM_uint32 *,	/* message_context */
278 		    gss_buffer_t	/* status_string */
279 	/* */);
280 	OM_uint32	    (*gss_indicate_mechs)
281 	(
282 		    void *,		/* context */
283 		    OM_uint32 *,	/* minor_status */
284 		    gss_OID_set *	/* mech_set */
285 	/* */);
286 	OM_uint32	    (*gss_compare_name)
287 	(
288 		    void *,		/* context */
289 		    OM_uint32 *,	/* minor_status */
290 		    const gss_name_t,	/* name1 */
291 		    const gss_name_t,	/* name2 */
292 		    int *		/* name_equal */
293 	/* */);
294 	OM_uint32	    (*gss_display_name)
295 	(
296 		    void *,		/* context */
297 		    OM_uint32 *,	/* minor_status */
298 		    const gss_name_t,	/* input_name */
299 		    gss_buffer_t,	/* output_name_buffer */
300 		    gss_OID*		/* output_name_type */
301 	/* */);
302 	OM_uint32	    (*gss_import_name)
303 	(
304 		    void *,		/* context */
305 		    OM_uint32 *,	/* minor_status */
306 		    const gss_buffer_t,	/* input_name_buffer */
307 		    const gss_OID,	/* input_name_type */
308 		    gss_name_t *	/* output_name */
309 	/* */);
310 	OM_uint32	    (*gss_release_name)
311 	(
312 		    void *,		/* context */
313 		    OM_uint32 *,	/* minor_status */
314 		    gss_name_t *	/* input_name */
315 	/* */);
316 	OM_uint32	    (*gss_inquire_cred)
317 	(
318 		    void *,			/* context */
319 		    OM_uint32 *,		/* minor_status */
320 		    const gss_cred_id_t,	/* cred_handle */
321 		    gss_name_t *,		/* name */
322 		    OM_uint32 *,		/* lifetime */
323 		    int *,			/* cred_usage */
324 		    gss_OID_set *		/* mechanisms */
325 	/* */);
326 	OM_uint32	    (*gss_add_cred)
327 	(
328 		    void *,		/* context */
329 		    OM_uint32 *,	/* minor_status */
330 		    const gss_cred_id_t,	/* input_cred_handle */
331 		    const gss_name_t,	/* desired_name */
332 		    const gss_OID,	/* desired_mech */
333 		    gss_cred_usage_t,	/* cred_usage */
334 		    OM_uint32,		/* initiator_time_req */
335 		    OM_uint32,		/* acceptor_time_req */
336 		    gss_cred_id_t *,	/* output_cred_handle */
337 		    gss_OID_set *,	/* actual_mechs */
338 		    OM_uint32 *,	/* initiator_time_rec */
339 		    OM_uint32 *		/* acceptor_time_rec */
340 	/* */);
341 #endif	/* ! _KERNEL */
342 /*
343  * Note: there are two gss_seal's in here. Make any changes to both.
344  */
345 	OM_uint32	    (*gss_seal)
346 	(
347 		    void *,		/* context */
348 		    OM_uint32 *,	/* minor_status */
349 		    const gss_ctx_id_t,	/* context_handle */
350 		    int,		/* conf_req_flag */
351 		    int,		/* qop_req */
352 		    const gss_buffer_t,	/* input_message_buffer */
353 		    int *,		/* conf_state */
354 		    gss_buffer_t	/* output_message_buffer */
355 #ifdef	 _KERNEL
356 	/* */, OM_uint32
357 #endif
358 	/* */);
359 #ifndef	_KERNEL
360 	OM_uint32	    (*gss_export_sec_context)
361 	(
362 		    void *,		/* context */
363 		    OM_uint32 *,	/* minor_status */
364 		    gss_ctx_id_t *,	/* context_handle */
365 		    gss_buffer_t	/* interprocess_token */
366 	/* */);
367 #endif	/* ! _KERNEL */
368 	OM_uint32	    (*gss_import_sec_context)
369 	(
370 		    void *,		/* context */
371 		    OM_uint32 *,	/* minor_status */
372 		    const gss_buffer_t,	/* interprocess_token */
373 		    gss_ctx_id_t *	/* context_handle */
374 	/* */);
375 #ifndef	_KERNEL
376 	OM_uint32	    (*gss_inquire_cred_by_mech)
377 	(
378 		    void *,		/* context */
379 		    OM_uint32 *,	/* minor_status */
380 		    const gss_cred_id_t,	/* cred_handle */
381 		    const gss_OID,	/* mech_type */
382 		    gss_name_t *,	/* name */
383 		    OM_uint32 *,	/* initiator_lifetime */
384 		    OM_uint32 *,	/* acceptor_lifetime */
385 		    gss_cred_usage_t *	/* cred_usage */
386 	/* */);
387 	OM_uint32	    (*gss_inquire_names_for_mech)
388 	(
389 		    void *,		/* context */
390 		    OM_uint32 *,	/* minor_status */
391 		    const gss_OID,	/* mechanism */
392 		    gss_OID_set *	/* name_types */
393 	/* */);
394 	OM_uint32	(*gss_inquire_context)
395 	(
396 		    void *,		/* context */
397 		    OM_uint32 *,	/* minor_status */
398 		    const gss_ctx_id_t,	/* context_handle */
399 		    gss_name_t *,	/* src_name */
400 		    gss_name_t *,	/* targ_name */
401 		    OM_uint32 *,	/* lifetime_rec */
402 		    gss_OID *,		/* mech_type */
403 		    OM_uint32 *,	/* ctx_flags */
404 		    int *,		/* locally_initiated */
405 		    int *		/* open */
406 	/* */);
407 	OM_uint32	    (*gss_internal_release_oid)
408 	(
409 		    void *,		/* context */
410 		    OM_uint32 *,	/* minor_status */
411 		    gss_OID *		/* OID */
412 	/* */);
413 	OM_uint32		(*gss_wrap_size_limit)
414 	(
415 		    void *,		/* context */
416 		    OM_uint32 *,	/* minor_status */
417 		    const gss_ctx_id_t,	/* context_handle */
418 		    int,		/* conf_req_flag */
419 		    gss_qop_t,		/* qop_req */
420 		    OM_uint32,		/* req_output_size */
421 		    OM_uint32 *		/* max_input_size */
422 	/* */);
423 	OM_uint32		(*pname_to_uid)
424 	(
425 		    void *,		/* context */
426 		    OM_uint32 *,	/* minor_status */
427 		    const gss_name_t,	/* pname */
428 		    uid_t *		/* uid */
429 	/* */);
430 	OM_uint32		(*__gss_userok)
431 	(
432 		    void *,		/* context */
433 		    OM_uint32 *,	/* minor_status */
434 		    const gss_name_t,	/* pname */
435 		    const char *,	/* local user */
436 		    int *		/* user ok? */
437 	/* */);
438 	OM_uint32		(*gss_export_name)
439 	(
440 		void *,			/* context */
441 		OM_uint32 *,		/* minor_status */
442 		const gss_name_t,	/* input_name */
443 		gss_buffer_t		/* exported_name */
444 	/* */);
445 #endif	/* ! _KERNEL */
446 	OM_uint32	(*gss_sign)
447 	(
448 		    void *,		/* context */
449 		    OM_uint32 *,	/* minor_status */
450 		    const gss_ctx_id_t,	/* context_handle */
451 		    int,		/* qop_req */
452 		    const gss_buffer_t,	/* message_buffer */
453 		    gss_buffer_t	/* message_token */
454 #ifdef	 _KERNEL
455 	/* */, OM_uint32
456 #endif
457 	/* */);
458 	OM_uint32	(*gss_verify)
459 	(
460 		void *,			/* context */
461 		OM_uint32 *,		/* minor_status */
462 		const gss_ctx_id_t,	/* context_handle */
463 		const gss_buffer_t,	/* message_buffer */
464 		const gss_buffer_t,	/* token_buffer */
465 		int *			/* qop_state */
466 #ifdef	 _KERNEL
467 	/* */, OM_uint32
468 #endif
469 	/* */);
470 #ifndef	 _KERNEL
471 	OM_uint32	(*gss_store_cred)
472 	(
473 		void *,			/* context */
474 		OM_uint32 *,		/* minor_status */
475 		const gss_cred_id_t,	/* input_cred */
476 		gss_cred_usage_t,	/* cred_usage */
477 		const gss_OID,		/* desired_mech */
478 		OM_uint32,		/* overwrite_cred */
479 		OM_uint32,		/* default_cred */
480 		gss_OID_set *,		/* elements_stored */
481 		gss_cred_usage_t *	/* cred_usage_stored */
482 	/* */);
483 
484 	/* GGF extensions */
485 
486         OM_uint32       (*gss_inquire_sec_context_by_oid)
487         (
488 		OM_uint32 *,        /* minor_status */
489 		const gss_ctx_id_t, /* context_handle */
490 		const gss_OID,      /* OID */
491 		gss_buffer_set_t *  /* data_set */
492 	/* */);
493 
494 #endif
495 } *gss_mechanism;
496 
497 
498 
499 #ifndef _KERNEL
500 /* This structure MUST NOT be used by any code outside libgss */
501 typedef struct gss_config_ext {
502 	gss_acquire_cred_with_password_sfct	gss_acquire_cred_with_password;
503 } *gss_mechanism_ext;
504 #endif /* _KERNEL */
505 
506 
507 /*
508  * In the user space we use a wrapper structure to encompass the
509  * mechanism entry points.  The wrapper contain the mechanism
510  * entry points and other data which is only relevant to the gss-api
511  * layer.  In the kernel we use only the gss_config strucutre because
512  * the kernal does not cantain any of the extra gss-api specific data.
513  */
514 typedef struct gss_mech_config {
515 	char *kmodName;			/* kernel module name */
516 	char *uLibName;			/* user library name */
517 	char *mechNameStr;		/* mechanism string name */
518 	char *optionStr;		/* optional mech parameters */
519 	void *dl_handle;		/* RTLD object handle for the mech */
520 	gss_OID mech_type;		/* mechanism oid */
521 	gss_mechanism mech;		/* mechanism initialization struct */
522 #ifndef _KERNEL
523 	gss_mechanism_ext mech_ext;	/* Solaris extensions */
524 #endif /* _KERNEL */
525 	struct gss_mech_config *next;	/* next element in the list */
526 } *gss_mech_info;
527 
528 /********************************************************/
529 /* Internal mechglue routines */
530 
531 /* SUNW15resync - Solaris versions - replace w/mit ones? */
532 gss_mechanism __gss_get_mechanism(const gss_OID);
533 #ifndef _KERNEL
534 gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID);
535 #endif /* _KERNEL */
536 char *__gss_get_kmodName(const gss_OID);
537 char *__gss_get_modOptions(const gss_OID);
538 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID,
539  	gss_union_name_t, gss_name_t *);
540 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID,
541 	const gss_name_t, gss_buffer_t);
542 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID,
543 	const gss_name_t, gss_buffer_t, gss_OID *);
544 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID,
545 	gss_name_t *);
546 OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID,
547 	gss_ctx_id_t *, gss_buffer_t);
548 OM_uint32 __gss_convert_name_to_union_name(
549 	OM_uint32 *,		/* minor_status */
550 	gss_mechanism,	/* mech */
551 	gss_name_t,		/* internal_name */
552 	gss_name_t *		/* external_name */
553 );
554 
555  gss_cred_id_t __gss_get_mechanism_cred(
556 	const gss_union_cred_t,	/* union_cred */
557 	const gss_OID		/* mech_type */
558 );
559 
560 
561 
562 
563 
564 int gssint_mechglue_init(void);
565 void gssint_mechglue_fini(void);
566 
567 gss_mechanism gssint_get_mechanism (gss_OID);
568 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t);
569 char *gssint_get_kmodName(const gss_OID);
570 char *gssint_get_modOptions(const gss_OID);
571 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t,
572 				      gss_name_t *);
573 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID,
574 	const gss_name_t, gss_buffer_t);
575 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t,
576 				       gss_buffer_t, gss_OID *);
577 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *);
578 
579 OM_uint32 gssint_convert_name_to_union_name
580 	  (OM_uint32 *,		/* minor_status */
581 	   gss_mechanism,	/* mech */
582 	   gss_name_t,		/* internal_name */
583 	   gss_name_t *		/* external_name */
584 	   );
585 gss_cred_id_t gssint_get_mechanism_cred
586 	  (gss_union_cred_t,	/* union_cred */
587 	   gss_OID		/* mech_type */
588 	   );
589 
590 OM_uint32 gssint_create_copy_buffer(
591 	const gss_buffer_t,	/* src buffer */
592 	gss_buffer_t *,		/* destination buffer */
593 	int			/* NULL terminate buffer ? */
594 );
595 
596 
597 OM_uint32 gssint_copy_oid_set(
598 	OM_uint32 *,			/* minor_status */
599 	const gss_OID_set_desc *,	/* oid set */
600 	gss_OID_set *			/* new oid set */
601 );
602 
603 /* SUNW15resync - for old Solaris version in libgss */
604 OM_uint32 gss_copy_oid_set(
605 	OM_uint32 *,			/* minor_status */
606 	const gss_OID_set_desc *,	/* oid set */
607 	gss_OID_set *			/* new oid set */
608 );
609 
610 
611 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */
612 
613 OM_uint32 gss_add_mech_name_type
614 	   (OM_uint32 *,	/* minor_status */
615 	    gss_OID,		/* name_type */
616 	    gss_OID		/* mech */
617 	       );
618 
619 /*
620  * Sun extensions to GSS-API v2
621  */
622 
623 OM_uint32
624 gssint_mech_to_oid(
625 	const char *mech,		/* mechanism string name */
626 	gss_OID *oid			/* mechanism oid */
627 );
628 
629 const char *
630 gssint_oid_to_mech(
631 	const gss_OID oid		/* mechanism oid */
632 );
633 
634 OM_uint32
635 gssint_get_mechanisms(
636 	char *mechArray[],		/* array to populate with mechs */
637 	int arrayLen			/* length of passed in array */
638 );
639 
640 OM_uint32
641 gss_store_cred(
642 	OM_uint32 *,		/* minor_status */
643 	const gss_cred_id_t,	/* input_cred_handle */
644 	gss_cred_usage_t,	/* cred_usage */
645 	const gss_OID,		/* desired_mech */
646 	OM_uint32,		/* overwrite_cred */
647 	OM_uint32,		/* default_cred */
648 	gss_OID_set *,		/* elements_stored */
649 	gss_cred_usage_t *	/* cred_usage_stored */
650 );
651 
652 int
653 gssint_get_der_length(
654 	unsigned char **,	/* buf */
655 	unsigned int,		/* buf_len */
656 	unsigned int *		/* bytes */
657 );
658 
659 unsigned int
660 gssint_der_length_size(unsigned int /* len */);
661 
662 int
663 gssint_put_der_length(
664 	unsigned int,		/* length */
665 	unsigned char **,	/* buf */
666 	unsigned int		/* max_len */
667 );
668 
669 
670 
671 /* Solaris kernel and gssd support */
672 
673 /*
674  * derived types for passing context and credential handles
675  * between gssd and kernel
676  */
677 typedef unsigned int gssd_ctx_id_t;
678 typedef unsigned int gssd_cred_id_t;
679 
680 #define	GSSD_NO_CONTEXT		((gssd_ctx_id_t)0)
681 #define	GSSD_NO_CREDENTIAL	((gssd_cred_id_t)0)
682 
683 #ifdef	_KERNEL
684 
685 #ifndef	_KRB5_H
686 /* These macros are defined for Kerberos in krb5.h, and have priority */
687 #define	MALLOC(n) kmem_alloc((n), KM_SLEEP)
688 #define	FREE(x, n) kmem_free((x), (n))
689 #endif	/* _KRB5_H */
690 
691 gss_mechanism __kgss_get_mechanism(gss_OID);
692 void __kgss_add_mechanism(gss_mechanism);
693 #endif /* _KERNEL */
694 
695 struct	kgss_cred {
696 	gssd_cred_id_t	gssd_cred;
697 	OM_uint32	gssd_cred_verifier;
698 };
699 
700 #define	KCRED_TO_KGSS_CRED(cred)	((struct kgss_cred *)(cred))
701 #define	KCRED_TO_CRED(cred)	(KCRED_TO_KGSS_CRED(cred)->gssd_cred)
702 #define	KCRED_TO_CREDV(cred)    (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier)
703 
704 struct	kgss_ctx {
705 	gssd_ctx_id_t	gssd_ctx;
706 #ifdef _KERNEL
707 	gss_ctx_id_t	gssd_i_ctx;
708 	bool_t		ctx_imported;
709 	gss_mechanism	mech;
710 #endif /* _KERNEL */
711 	OM_uint32	gssd_ctx_verifier;
712 };
713 
714 #define	KCTX_TO_KGSS_CTX(ctx)	((struct kgss_ctx *)(ctx))
715 #define	KCTX_TO_CTX_IMPORTED(ctx)	(KCTX_TO_KGSS_CTX(ctx)->ctx_imported)
716 #define	KCTX_TO_GSSD_CTX(ctx)	(KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
717 #define	KCTX_TO_CTXV(ctx)	(KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier)
718 #define	KCTX_TO_MECH(ctx)	(KCTX_TO_KGSS_CTX(ctx)->mech)
719 #define	KCTX_TO_PRIVATE(ctx)	(KCTX_TO_MECH(ctx)->context)
720 #define	KGSS_CTX_TO_GSSD_CTX(ctx)	\
721 	(((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \
722 	KCTX_TO_GSSD_CTX(ctx))
723 #define	KGSS_CTX_TO_GSSD_CTXV(ctx)	\
724 	(((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx))
725 
726 #ifdef _KERNEL
727 #define	KCTX_TO_I_CTX(ctx)	(KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx)
728 #define	KCTX_TO_CTX(ctx) \
729 ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \
730 	KCTX_TO_I_CTX(ctx))
731 #define	KGSS_CRED_ALLOC()	kmem_zalloc(sizeof (struct kgss_cred), \
732 	KM_SLEEP)
733 #define	KGSS_CRED_FREE(cred)	kmem_free(cred, sizeof (struct kgss_cred))
734 
735 #define	KGSS_ALLOC()	kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP)
736 #define	KGSS_FREE(ctx)	kmem_free(ctx, sizeof (struct kgss_ctx))
737 
738 #define	KGSS_SIGN(minor_st, ctx, qop, msg, tkn)	\
739 	(*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \
740 		KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
741 
742 #define	KGSS_VERIFY(minor_st, ctx, msg, tkn, qop)	\
743 	(*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\
744 		KCTX_TO_CTX(ctx), msg, tkn, qop,  KCTX_TO_CTXV(ctx))
745 
746 #define	KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id,  tkn)	\
747 	(*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\
748 		minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx))
749 
750 #define	KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id)	\
751 	(*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\
752 		minor_st, tkn, int_ctx_id)
753 
754 #define	KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
755 	(*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \
756 		KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\
757 		KCTX_TO_CTXV(ctx))
758 
759 #define	KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop)	\
760 	(*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\
761 		KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \
762 		KCTX_TO_CTXV(ctx))
763 
764 #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx)
765 #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid)
766 extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *);
767 
768 #else /* !_KERNEL */
769 
770 #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx)
771 #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid)
772 
773 #define	KCTX_TO_CTX(ctx)  (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
774 #define	MALLOC(n) malloc(n)
775 #define	FREE(x, n) free(x)
776 #define	KGSS_CRED_ALLOC()	(struct kgss_cred *) \
777 		MALLOC(sizeof (struct kgss_cred))
778 #define	KGSS_CRED_FREE(cred)	free(cred)
779 #define	KGSS_ALLOC()	(struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx))
780 #define	KGSS_FREE(ctx)	free(ctx)
781 
782 #define	KGSS_SIGN(minor_st, ctx, qop, msg, tkn)	\
783 	kgss_sign_wrapped(minor_st, \
784 		KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
785 
786 #define	KGSS_VERIFY(minor_st, ctx, msg, tkn, qop)	\
787 	kgss_verify_wrapped(minor_st,\
788 		KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx))
789 
790 #define	KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
791 	kgss_seal_wrapped(minor_st, \
792 		KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \
793 		KCTX_TO_CTXV(ctx))
794 
795 #define	KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop)	\
796 	kgss_unseal_wrapped(minor_st,\
797 		KCTX_TO_CTX(ctx), msg, tkn, conf, qop,  \
798 		KCTX_TO_CTXV(ctx))
799 #endif /* _KERNEL */
800 
801 /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */
802 OM_uint32 generic_gss_release_buffer
803 (OM_uint32*,       /* minor_status */
804             gss_buffer_t      /* buffer */
805            );
806 
807 OM_uint32 generic_gss_release_oid_set
808 (OM_uint32*,       /* minor_status */
809             gss_OID_set*      /* set */
810            );
811 
812 OM_uint32 generic_gss_release_oid
813 (OM_uint32*,       /* minor_status */
814             gss_OID*         /* set */
815            );
816 
817 OM_uint32 generic_gss_copy_oid
818 (OM_uint32 *,	/* minor_status */
819             gss_OID_desc * const,   /* oid */ /* SUNW15resync */
820 	    gss_OID *		/* new_oid */
821 	    );
822 
823 OM_uint32 generic_gss_create_empty_oid_set
824 (OM_uint32 *,	/* minor_status */
825 	    gss_OID_set *	/* oid_set */
826 	   );
827 
828 OM_uint32 generic_gss_add_oid_set_member
829 (OM_uint32 *,	/* minor_status */
830 	    gss_OID_desc * const,		/* member_oid */
831 	    gss_OID_set *	/* oid_set */
832 	   );
833 
834 OM_uint32 generic_gss_test_oid_set_member
835 (OM_uint32 *,	/* minor_status */
836 	    gss_OID_desc * const,		/* member */
837 	    gss_OID_set,	/* set */
838 	    int *		/* present */
839 	   );
840 
841 OM_uint32 generic_gss_oid_to_str
842 (OM_uint32 *,	/* minor_status */
843 	    gss_OID_desc * const,		/* oid */
844 	    gss_buffer_t	/* oid_str */
845 	   );
846 
847 OM_uint32 generic_gss_str_to_oid
848 (OM_uint32 *,	/* minor_status */
849 	    gss_buffer_t,	/* oid_str */
850 	    gss_OID *		/* oid */
851 	   );
852 
853 OM_uint32
854 generic_gss_oid_compose(
855     OM_uint32 *,        /* minor_status */
856     const char *,       /* prefix */
857     size_t,             /* prefix_len */
858     int,                /* suffix */
859     gss_OID_desc *);    /* oid */
860 
861 OM_uint32
862 generic_gss_oid_decompose(
863     OM_uint32 *,        /* minor_status */
864     const char *,       /*prefix */
865     size_t,             /* prefix_len */
866     gss_OID_desc *,     /* oid */
867     int *);             /* suffix */
868 
869 OM_uint32 generic_gss_create_empty_buffer_set
870 (OM_uint32 * /*minor_status*/,
871             gss_buffer_set_t * /*buffer_set*/);
872 
873 OM_uint32 generic_gss_add_buffer_set_member
874 (OM_uint32 * /*minor_status*/,
875             const gss_buffer_t /*member_buffer*/,
876             gss_buffer_set_t * /*buffer_set*/);
877 
878 OM_uint32 generic_gss_release_buffer_set
879 (OM_uint32 * /*minor_status*/,
880             gss_buffer_set_t * /*buffer_set*/);
881 
882 /*
883  * SUNW17PACresync
884  * New map error API in MIT 1.7, at build time generates code for errors.
885  * Solaris does not gen the errors at build time so we just stub these
886  * for now, need to revisit.
887  * See mglueP.h and util_errmap.c in MIT 1.7.
888 */
889 #ifdef _KERNEL
890 
891 #define map_error(MINORP, MECH)
892 #define map_errcode(MINORP)
893 
894 #else  /* _KERNEL */
895 
896 /* Use this to map an error code that was returned from a mech
897    operation; the mech will be asked to produce the associated error
898    messages.
899 
900    Remember that if the minor status code cannot be returned to the
901    caller (e.g., if it's stuffed in an automatic variable and then
902    ignored), then we don't care about producing a mapping.  */
903 #define map_error(MINORP, MECH) \
904     (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type))
905 #define map_error_oid(MINORP, MECHOID) \
906     (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID)))
907 
908 /* Use this to map an errno value or com_err error code being
909    generated within the mechglue code (e.g., by calling generic oid
910    ops).  Any errno or com_err values produced by mech operations
911    should be processed with map_error.  This means they'll be stored
912    separately even if the mech uses com_err, because we can't assume
913    that it will use com_err.  */
914 #define map_errcode(MINORP) \
915     (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP)))
916 
917 #endif /* _KERNEL */
918 
919 #endif /* _GSS_MECHGLUEP_H */
920