1 /* EXPORT DELETE START */ 2 3 /* 4 * Copyright 2001-2003 Sun Microsystems, Inc. All rights reserved. 5 * Use is subject to license terms. 6 */ 7 8 #pragma ident "%Z%%M% %I% %E% SMI" 9 10 /* 11 * Copyright 1993 by OpenVision Technologies, Inc. 12 * 13 * Permission to use, copy, modify, distribute, and sell this software 14 * and its documentation for any purpose is hereby granted without fee, 15 * provided that the above copyright notice appears in all copies and 16 * that both that copyright notice and this permission notice appear in 17 * supporting documentation, and that the name of OpenVision not be used 18 * in advertising or publicity pertaining to distribution of the software 19 * without specific, written prior permission. OpenVision makes no 20 * representations about the suitability of this software for any 21 * purpose. It is provided "as is" without express or implied warranty. 22 * 23 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 24 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 25 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 26 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 27 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 28 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 29 * PERFORMANCE OF THIS SOFTWARE. 30 */ 31 32 #include <gssapiP_krb5.h> 33 34 /* 35 * $Id: seal.c,v 1.11 1996/07/22 20:34:29 marc Exp $ 36 */ 37 /*ARGSUSED*/ 38 OM_uint32 39 krb5_gss_seal(ctx, minor_status, context_handle, conf_req_flag, 40 qop_req, input_message_buffer, conf_state, 41 output_message_buffer 42 #ifdef _KERNEL 43 , gssd_ctx_verifier 44 #endif 45 ) 46 void *ctx; 47 OM_uint32 *minor_status; 48 gss_ctx_id_t context_handle; 49 int conf_req_flag; 50 int qop_req; 51 gss_buffer_t input_message_buffer; 52 int *conf_state; 53 gss_buffer_t output_message_buffer; 54 #ifdef _KERNEL 55 OM_uint32 gssd_ctx_verifier; 56 #endif 57 { 58 krb5_context context; 59 OM_uint32 status; 60 61 #ifdef KRB5_NO_PRIVACY 62 /* 63 * conf_req_flag must be zero; 64 * encryption is disallowed 65 * for global version 66 */ 67 if (conf_req_flag) 68 return (GSS_S_FAILURE); 69 #endif 70 71 /* Solaris Kerberos: for MT safety, we avoid the use of a default 72 * context via kg_get_context() */ 73 #if 0 74 if (GSS_ERROR(kg_get_context(minor_status, &context))) 75 return(GSS_S_FAILURE); 76 #endif 77 78 mutex_lock(&krb5_mutex); 79 context = ctx; 80 status = kg_seal(context, minor_status, context_handle, conf_req_flag, 81 qop_req, input_message_buffer, conf_state, 82 output_message_buffer, KG_TOK_SEAL_MSG); 83 mutex_unlock(&krb5_mutex); 84 #ifdef KRB5_NO_PRIVACY 85 /* 86 * Can't be paranoid enough; 87 * if someone plugs in their version of kg_seal 88 * that does encryption we want to 89 * disallow that too. 90 */ 91 if (conf_state && *conf_state) 92 return (GSS_S_FAILURE); 93 94 #endif 95 return(status); 96 } 97 98 /* V2 interface */ 99 /*ARGSUSED*/ 100 OM_uint32 101 krb5_gss_wrap(ctx, minor_status, context_handle, conf_req_flag, 102 qop_req, input_message_buffer, conf_state, 103 output_message_buffer) 104 void *ctx; 105 OM_uint32 *minor_status; 106 gss_ctx_id_t context_handle; 107 int conf_req_flag; 108 gss_qop_t qop_req; 109 gss_buffer_t input_message_buffer; 110 int *conf_state; 111 gss_buffer_t output_message_buffer; 112 { 113 #ifdef KRB5_NO_PRIVACY 114 return (GSS_S_FAILURE); 115 #else 116 krb5_context context; 117 OM_uint32 status; 118 119 /* Solaris Kerberos: for MT safety, we avoid the use of a default 120 * context via kg_get_context() */ 121 #if 0 122 if (GSS_ERROR(kg_get_context(minor_status, &context))) 123 return(GSS_S_FAILURE); 124 #endif 125 126 mutex_lock(&krb5_mutex); 127 context = ctx; 128 status = kg_seal(context, minor_status, context_handle, conf_req_flag, 129 (int) qop_req, input_message_buffer, conf_state, 130 output_message_buffer, KG_TOK_WRAP_MSG); 131 mutex_unlock(&krb5_mutex); 132 return(status); 133 #endif 134 } 135 /* EXPORT DELETE END */ 136