xref: /illumos-gate/usr/src/uts/common/gssapi/mechs/krb5/mech/seal.c (revision 4de2612967d06c4fdbf524a62556a1e8118a006f)
1 /* EXPORT DELETE START */
2 
3 /*
4  * Copyright 2001-2003 Sun Microsystems, Inc.  All rights reserved.
5  * Use is subject to license terms.
6  */
7 
8 #pragma ident	"%Z%%M%	%I%	%E% SMI"
9 
10 /*
11  * Copyright 1993 by OpenVision Technologies, Inc.
12  *
13  * Permission to use, copy, modify, distribute, and sell this software
14  * and its documentation for any purpose is hereby granted without fee,
15  * provided that the above copyright notice appears in all copies and
16  * that both that copyright notice and this permission notice appear in
17  * supporting documentation, and that the name of OpenVision not be used
18  * in advertising or publicity pertaining to distribution of the software
19  * without specific, written prior permission. OpenVision makes no
20  * representations about the suitability of this software for any
21  * purpose.  It is provided "as is" without express or implied warranty.
22  *
23  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
24  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
25  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
26  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
27  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
28  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
29  * PERFORMANCE OF THIS SOFTWARE.
30  */
31 
32 #include <gssapiP_krb5.h>
33 
34 /*
35  * $Id: seal.c,v 1.11 1996/07/22 20:34:29 marc Exp $
36  */
37 /*ARGSUSED*/
38 OM_uint32
39 krb5_gss_seal(ctx, minor_status, context_handle, conf_req_flag,
40 	      qop_req, input_message_buffer, conf_state,
41 	      output_message_buffer
42 #ifdef	 _KERNEL
43 		, gssd_ctx_verifier
44 #endif
45 )
46      void	*ctx;
47      OM_uint32 *minor_status;
48      gss_ctx_id_t context_handle;
49      int conf_req_flag;
50      int qop_req;
51      gss_buffer_t input_message_buffer;
52      int *conf_state;
53      gss_buffer_t output_message_buffer;
54 #ifdef	 _KERNEL
55 	OM_uint32 gssd_ctx_verifier;
56 #endif
57 {
58    krb5_context context;
59    OM_uint32    status;
60 
61 #ifdef	KRB5_NO_PRIVACY
62 	/*
63 	 * conf_req_flag must be zero;
64 	 * encryption is disallowed
65  	 * for global version
66 	*/
67    if (conf_req_flag)
68    	return (GSS_S_FAILURE);
69 #endif
70 
71    /* Solaris Kerberos:  for MT safety, we avoid the use of a default
72     * context via kg_get_context() */
73 #if 0
74    if (GSS_ERROR(kg_get_context(minor_status, &context)))
75       return(GSS_S_FAILURE);
76 #endif
77 
78    mutex_lock(&krb5_mutex);
79    context = ctx;
80    status = kg_seal(context, minor_status, context_handle, conf_req_flag,
81 		  qop_req, input_message_buffer, conf_state,
82 		  output_message_buffer, KG_TOK_SEAL_MSG);
83    mutex_unlock(&krb5_mutex);
84 #ifdef	KRB5_NO_PRIVACY
85 	/*
86 	 * Can't be paranoid enough;
87 	 * if someone plugs in their version of kg_seal
88 	 * that does encryption we want to
89 	 * disallow that too.
90 	*/
91 	if (conf_state && *conf_state)
92    		return (GSS_S_FAILURE);
93 
94 #endif
95    return(status);
96 }
97 
98 /* V2 interface */
99 /*ARGSUSED*/
100 OM_uint32
101 krb5_gss_wrap(ctx, minor_status, context_handle, conf_req_flag,
102 	      qop_req, input_message_buffer, conf_state,
103 	      output_message_buffer)
104     void		*ctx;
105     OM_uint32		*minor_status;
106     gss_ctx_id_t	context_handle;
107     int			conf_req_flag;
108     gss_qop_t		qop_req;
109     gss_buffer_t	input_message_buffer;
110     int			*conf_state;
111     gss_buffer_t	output_message_buffer;
112 {
113 #ifdef	KRB5_NO_PRIVACY
114     return (GSS_S_FAILURE);
115 #else
116     krb5_context context;
117     OM_uint32    status;
118 
119    /* Solaris Kerberos:  for MT safety, we avoid the use of a default
120     * context via kg_get_context() */
121 #if 0
122     if (GSS_ERROR(kg_get_context(minor_status, &context)))
123        return(GSS_S_FAILURE);
124 #endif
125 
126     mutex_lock(&krb5_mutex);
127     context = ctx;
128     status = kg_seal(context, minor_status, context_handle, conf_req_flag,
129 		   (int) qop_req, input_message_buffer, conf_state,
130 		   output_message_buffer, KG_TOK_WRAP_MSG);
131     mutex_unlock(&krb5_mutex);
132     return(status);
133 #endif
134 }
135 /* EXPORT DELETE END */
136