1 /* EXPORT DELETE START */ 2 3 /* 4 * Copyright 2001-2003 Sun Microsystems, Inc. All rights reserved. 5 * Use is subject to license terms. 6 */ 7 8 #pragma ident "%Z%%M% %I% %E% SMI" 9 10 /* 11 * Copyright 1993 by OpenVision Technologies, Inc. 12 * 13 * Permission to use, copy, modify, distribute, and sell this software 14 * and its documentation for any purpose is hereby granted without fee, 15 * provided that the above copyright notice appears in all copies and 16 * that both that copyright notice and this permission notice appear in 17 * supporting documentation, and that the name of OpenVision not be used 18 * in advertising or publicity pertaining to distribution of the software 19 * without specific, written prior permission. OpenVision makes no 20 * representations about the suitability of this software for any 21 * purpose. It is provided "as is" without express or implied warranty. 22 * 23 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 24 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 25 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 26 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 27 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 28 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 29 * PERFORMANCE OF THIS SOFTWARE. 30 */ 31 32 #include <gssapiP_krb5.h> 33 34 /* 35 * $Id: unseal.c,v 1.10 1996/07/22 20:34:37 marc Exp $ 36 */ 37 /*ARGSUSED*/ 38 OM_uint32 39 krb5_gss_unseal(ctx, minor_status, context_handle, 40 input_message_buffer, output_message_buffer, 41 conf_state, qop_state 42 #ifdef _KERNEL 43 , gssd_ctx_verifier 44 #endif 45 ) 46 void *ctx; 47 OM_uint32 *minor_status; 48 gss_ctx_id_t context_handle; 49 gss_buffer_t input_message_buffer; 50 gss_buffer_t output_message_buffer; 51 int *conf_state; 52 int *qop_state; 53 #ifdef _KERNEL 54 OM_uint32 gssd_ctx_verifier; 55 #endif 56 { 57 krb5_context context; 58 OM_uint32 status; 59 60 /* Solaris Kerberos: for MT safety, we avoid the use of a default 61 * context via kg_get_context() */ 62 #if 0 63 if (GSS_ERROR(kg_get_context(minor_status, &context))) 64 return(GSS_S_FAILURE); 65 #endif 66 67 mutex_lock(&krb5_mutex); 68 context = ctx; 69 status = kg_unseal(context, minor_status, context_handle, 70 input_message_buffer, output_message_buffer, 71 conf_state, qop_state, KG_TOK_SEAL_MSG); 72 mutex_unlock(&krb5_mutex); 73 #ifdef KRB5_NO_PRIVACY 74 /* 75 * Can't be paranoid enough; 76 * if someone plugs in their version of kg_unseal 77 * that does decryption we want to 78 * disallow that too. 79 */ 80 if (conf_state && *conf_state) 81 return (GSS_S_FAILURE); 82 #endif 83 return(status); 84 } 85 86 /* V2 interface */ 87 /*ARGSUSED*/ 88 OM_uint32 89 krb5_gss_unwrap(ctx, minor_status, context_handle, 90 input_message_buffer, output_message_buffer, 91 conf_state, qop_state) 92 void *ctx; 93 OM_uint32 *minor_status; 94 gss_ctx_id_t context_handle; 95 gss_buffer_t input_message_buffer; 96 gss_buffer_t output_message_buffer; 97 int *conf_state; 98 gss_qop_t *qop_state; 99 { 100 #ifdef KRB5_NO_PRIVACY 101 return (GSS_S_FAILURE); 102 #else 103 OM_uint32 rstat; 104 int qstate; 105 krb5_context context; 106 107 /* Solaris Kerberos: for MT safety, we avoid the use of a default 108 * context via kg_get_context() */ 109 #if 0 110 if (GSS_ERROR(kg_get_context(minor_status, &context))) 111 return(GSS_S_FAILURE); 112 #endif 113 114 mutex_lock(&krb5_mutex); 115 context = ctx; 116 117 rstat = kg_unseal(context, minor_status, context_handle, 118 input_message_buffer, output_message_buffer, 119 conf_state, &qstate, KG_TOK_WRAP_MSG); 120 if (!rstat && qop_state) 121 *qop_state = (gss_qop_t) qstate; 122 mutex_unlock(&krb5_mutex); 123 return(rstat); 124 #endif 125 } 126 /* EXPORT DELETE END */ 127