1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* 29 * This header contains the private mechglue definitions. 30 * 31 */ 32 33 #ifndef _GSS_MECHGLUEP_H 34 #define _GSS_MECHGLUEP_H 35 36 #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */ 37 #include "autoconf.h" 38 #endif 39 40 /* SUNW15resync */ 41 #ifndef GSS_DLLIMP 42 #define GSS_DLLIMP 43 #endif 44 45 #include <gssapi/gssapi_ext.h> /* SUNW15resync - mechglue.h in mit 1.5 */ 46 /* #include "gssapiP_generic.h" */ 47 48 #ifdef _KERNEL 49 #include <rpc/rpc.h> 50 #endif 51 52 #ifndef g_OID_copy /* SUNW15resync */ 53 #define g_OID_copy(o1, o2) \ 54 do { \ 55 memcpy((o1)->elements, (o2)->elements, (o2)->length); \ 56 (o1)->length = (o2)->length; \ 57 } while (0) 58 #endif 59 60 #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ 61 (buf)->value == NULL || (buf)->length == 0) 62 63 /* 64 * Array of context IDs typed by mechanism OID 65 */ 66 typedef struct gss_union_ctx_id_t { 67 gss_OID mech_type; 68 gss_ctx_id_t internal_ctx_id; 69 } gss_union_ctx_id_desc, *gss_union_ctx_id_t; 70 71 /* 72 * Generic GSSAPI names. A name can either be a generic name, or a 73 * mechanism specific name.... 74 */ 75 typedef struct gss_union_name_t { 76 gss_OID name_type; 77 gss_buffer_t external_name; 78 /* 79 * These last two fields are only filled in for mechanism 80 * names. 81 */ 82 gss_OID mech_type; 83 gss_name_t mech_name; 84 } gss_union_name_desc, *gss_union_name_t; 85 86 /* 87 * Structure for holding list of mechanism-specific name types 88 */ 89 typedef struct gss_mech_spec_name_t { 90 gss_OID name_type; 91 gss_OID mech; 92 struct gss_mech_spec_name_t *next, *prev; 93 } gss_mech_spec_name_desc, *gss_mech_spec_name; 94 95 /* 96 * Credential auxiliary info, used in the credential structure 97 */ 98 typedef struct gss_union_cred_auxinfo { 99 gss_buffer_desc name; 100 gss_OID name_type; 101 OM_uint32 creation_time; 102 OM_uint32 time_rec; 103 int cred_usage; 104 } gss_union_cred_auxinfo; 105 106 /* 107 * Set of Credentials typed on mechanism OID 108 */ 109 typedef struct gss_union_cred_t { 110 int count; 111 gss_OID mechs_array; 112 gss_cred_id_t *cred_array; 113 gss_union_cred_auxinfo auxinfo; 114 } gss_union_cred_desc, *gss_union_cred_t; 115 116 /* Solaris Kerberos */ 117 typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)( 118 void *, /* context */ 119 OM_uint32 *, /* minor_status */ 120 const gss_name_t, /* desired_name */ 121 const gss_buffer_t, /* password */ 122 OM_uint32, /* time_req */ 123 const gss_OID_set, /* desired_mechs */ 124 int, /* cred_usage */ 125 gss_cred_id_t *, /* output_cred_handle */ 126 gss_OID_set *, /* actual_mechs */ 127 OM_uint32 * /* time_rec */ 128 /* */); 129 130 131 132 /********************************************************/ 133 /* The Mechanism Dispatch Table -- a mechanism needs to */ 134 /* define one of these and provide a function to return */ 135 /* it to initialize the GSSAPI library */ 136 137 /* 138 * This is the definition of the mechs_array struct, which is used to 139 * define the mechs array table. This table is used to indirectly 140 * access mechanism specific versions of the gssapi routines through 141 * the routines in the glue module (gssd_mech_glue.c) 142 * 143 * This contants all of the functions defined in gssapi.h except for 144 * gss_release_buffer() and gss_release_oid_set(), which I am 145 * assuming, for now, to be equal across mechanisms. 146 */ 147 148 typedef struct gss_config { 149 #if 0 /* Solaris Kerberos */ 150 OM_uint32 priority; 151 char * mechNameStr; 152 #endif 153 gss_OID_desc mech_type; 154 void * context; 155 #ifdef _KERNEL 156 struct gss_config *next; 157 bool_t uses_kmod; 158 #endif 159 160 #ifndef _KERNEL 161 OM_uint32 (*gss_acquire_cred) 162 ( 163 void *, /* context */ 164 OM_uint32 *, /* minor_status */ 165 const gss_name_t, /* desired_name */ 166 OM_uint32, /* time_req */ 167 const gss_OID_set, /* desired_mechs */ 168 int, /* cred_usage */ 169 gss_cred_id_t *, /* output_cred_handle */ 170 gss_OID_set *, /* actual_mechs */ 171 OM_uint32 * /* time_rec */ 172 /* */); 173 OM_uint32 (*gss_release_cred) 174 ( 175 void *, /* context */ 176 OM_uint32 *, /* minor_status */ 177 gss_cred_id_t * /* cred_handle */ 178 /* */); 179 OM_uint32 (*gss_init_sec_context) 180 ( 181 void *, /* context */ 182 OM_uint32 *, /* minor_status */ 183 const gss_cred_id_t, /* claimant_cred_handle */ 184 gss_ctx_id_t *, /* context_handle */ 185 const gss_name_t, /* target_name */ 186 const gss_OID, /* mech_type */ 187 OM_uint32, /* req_flags */ 188 OM_uint32, /* time_req */ 189 const gss_channel_bindings_t, /* input_chan_bindings */ 190 const gss_buffer_t, /* input_token */ 191 gss_OID*, /* actual_mech_type */ 192 gss_buffer_t, /* output_token */ 193 OM_uint32 *, /* ret_flags */ 194 OM_uint32 * /* time_rec */ 195 /* */); 196 OM_uint32 (*gss_accept_sec_context) 197 ( 198 void *, /* context */ 199 OM_uint32 *, /* minor_status */ 200 gss_ctx_id_t *, /* context_handle */ 201 const gss_cred_id_t, /* verifier_cred_handle */ 202 const gss_buffer_t, /* input_token_buffer */ 203 const gss_channel_bindings_t, /* input_chan_bindings */ 204 gss_name_t *, /* src_name */ 205 gss_OID*, /* mech_type */ 206 gss_buffer_t, /* output_token */ 207 OM_uint32 *, /* ret_flags */ 208 OM_uint32 *, /* time_rec */ 209 gss_cred_id_t * /* delegated_cred_handle */ 210 /* */); 211 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 212 #endif /* ! _KERNEL */ 213 214 /* 215 * Note: there are two gss_unseal's in here. Make any changes to both. 216 */ 217 OM_uint32 (*gss_unseal) 218 ( 219 void *, /* context */ 220 OM_uint32 *, /* minor_status */ 221 const gss_ctx_id_t, /* context_handle */ 222 const gss_buffer_t, /* input_message_buffer */ 223 gss_buffer_t, /* output_message_buffer */ 224 int *, /* conf_state */ 225 int * /* qop_state */ 226 #ifdef _KERNEL 227 /* */, OM_uint32 228 #endif 229 /* */); 230 #ifndef _KERNEL 231 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 232 OM_uint32 (*gss_process_context_token) 233 ( 234 void *, /* context */ 235 OM_uint32 *, /* minor_status */ 236 const gss_ctx_id_t, /* context_handle */ 237 const gss_buffer_t /* token_buffer */ 238 /* */); 239 #endif /* ! _KERNEL */ 240 OM_uint32 (*gss_delete_sec_context) 241 ( 242 void *, /* context */ 243 OM_uint32 *, /* minor_status */ 244 gss_ctx_id_t *, /* context_handle */ 245 gss_buffer_t /* output_token */ 246 #ifdef _KERNEL 247 /* */, OM_uint32 248 #endif 249 /* */); 250 #ifndef _KERNEL 251 OM_uint32 (*gss_context_time) 252 ( 253 void *, /* context */ 254 OM_uint32 *, /* minor_status */ 255 const gss_ctx_id_t, /* context_handle */ 256 OM_uint32 * /* time_rec */ 257 /* */); 258 OM_uint32 (*gss_display_status) 259 ( 260 void *, /* context */ 261 OM_uint32 *, /* minor_status */ 262 OM_uint32, /* status_value */ 263 int, /* status_type */ 264 const gss_OID, /* mech_type */ 265 OM_uint32 *, /* message_context */ 266 gss_buffer_t /* status_string */ 267 /* */); 268 OM_uint32 (*gss_indicate_mechs) 269 ( 270 void *, /* context */ 271 OM_uint32 *, /* minor_status */ 272 gss_OID_set * /* mech_set */ 273 /* */); 274 OM_uint32 (*gss_compare_name) 275 ( 276 void *, /* context */ 277 OM_uint32 *, /* minor_status */ 278 const gss_name_t, /* name1 */ 279 const gss_name_t, /* name2 */ 280 int * /* name_equal */ 281 /* */); 282 OM_uint32 (*gss_display_name) 283 ( 284 void *, /* context */ 285 OM_uint32 *, /* minor_status */ 286 const gss_name_t, /* input_name */ 287 gss_buffer_t, /* output_name_buffer */ 288 gss_OID* /* output_name_type */ 289 /* */); 290 OM_uint32 (*gss_import_name) 291 ( 292 void *, /* context */ 293 OM_uint32 *, /* minor_status */ 294 const gss_buffer_t, /* input_name_buffer */ 295 const gss_OID, /* input_name_type */ 296 gss_name_t * /* output_name */ 297 /* */); 298 OM_uint32 (*gss_release_name) 299 ( 300 void *, /* context */ 301 OM_uint32 *, /* minor_status */ 302 gss_name_t * /* input_name */ 303 /* */); 304 OM_uint32 (*gss_inquire_cred) 305 ( 306 void *, /* context */ 307 OM_uint32 *, /* minor_status */ 308 const gss_cred_id_t, /* cred_handle */ 309 gss_name_t *, /* name */ 310 OM_uint32 *, /* lifetime */ 311 int *, /* cred_usage */ 312 gss_OID_set * /* mechanisms */ 313 /* */); 314 OM_uint32 (*gss_add_cred) 315 ( 316 void *, /* context */ 317 OM_uint32 *, /* minor_status */ 318 const gss_cred_id_t, /* input_cred_handle */ 319 const gss_name_t, /* desired_name */ 320 const gss_OID, /* desired_mech */ 321 gss_cred_usage_t, /* cred_usage */ 322 OM_uint32, /* initiator_time_req */ 323 OM_uint32, /* acceptor_time_req */ 324 gss_cred_id_t *, /* output_cred_handle */ 325 gss_OID_set *, /* actual_mechs */ 326 OM_uint32 *, /* initiator_time_rec */ 327 OM_uint32 * /* acceptor_time_rec */ 328 /* */); 329 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 330 #endif /* ! _KERNEL */ 331 /* 332 * Note: there are two gss_seal's in here. Make any changes to both. 333 */ 334 OM_uint32 (*gss_seal) 335 ( 336 void *, /* context */ 337 OM_uint32 *, /* minor_status */ 338 const gss_ctx_id_t, /* context_handle */ 339 int, /* conf_req_flag */ 340 int, /* qop_req */ 341 const gss_buffer_t, /* input_message_buffer */ 342 int *, /* conf_state */ 343 gss_buffer_t /* output_message_buffer */ 344 #ifdef _KERNEL 345 /* */, OM_uint32 346 #endif 347 /* */); 348 #ifndef _KERNEL 349 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 350 OM_uint32 (*gss_export_sec_context) 351 ( 352 void *, /* context */ 353 OM_uint32 *, /* minor_status */ 354 gss_ctx_id_t *, /* context_handle */ 355 gss_buffer_t /* interprocess_token */ 356 /* */); 357 #endif /* ! _KERNEL */ 358 OM_uint32 (*gss_import_sec_context) 359 ( 360 void *, /* context */ 361 OM_uint32 *, /* minor_status */ 362 const gss_buffer_t, /* interprocess_token */ 363 gss_ctx_id_t * /* context_handle */ 364 /* */); 365 #ifndef _KERNEL 366 OM_uint32 (*gss_inquire_cred_by_mech) 367 ( 368 void *, /* context */ 369 OM_uint32 *, /* minor_status */ 370 const gss_cred_id_t, /* cred_handle */ 371 const gss_OID, /* mech_type */ 372 gss_name_t *, /* name */ 373 OM_uint32 *, /* initiator_lifetime */ 374 OM_uint32 *, /* acceptor_lifetime */ 375 gss_cred_usage_t * /* cred_usage */ 376 /* */); 377 OM_uint32 (*gss_inquire_names_for_mech) 378 ( 379 void *, /* context */ 380 OM_uint32 *, /* minor_status */ 381 const gss_OID, /* mechanism */ 382 gss_OID_set * /* name_types */ 383 /* */); 384 OM_uint32 (*gss_inquire_context) 385 ( 386 void *, /* context */ 387 OM_uint32 *, /* minor_status */ 388 const gss_ctx_id_t, /* context_handle */ 389 gss_name_t *, /* src_name */ 390 gss_name_t *, /* targ_name */ 391 OM_uint32 *, /* lifetime_rec */ 392 gss_OID *, /* mech_type */ 393 OM_uint32 *, /* ctx_flags */ 394 int *, /* locally_initiated */ 395 int * /* open */ 396 /* */); 397 OM_uint32 (*gss_internal_release_oid) 398 ( 399 void *, /* context */ 400 OM_uint32 *, /* minor_status */ 401 gss_OID * /* OID */ 402 /* */); 403 OM_uint32 (*gss_wrap_size_limit) 404 ( 405 void *, /* context */ 406 OM_uint32 *, /* minor_status */ 407 const gss_ctx_id_t, /* context_handle */ 408 int, /* conf_req_flag */ 409 gss_qop_t, /* qop_req */ 410 OM_uint32, /* req_output_size */ 411 OM_uint32 * /* max_input_size */ 412 /* */); 413 OM_uint32 (*pname_to_uid) 414 ( 415 void *, /* context */ 416 OM_uint32 *, /* minor_status */ 417 const gss_name_t, /* pname */ 418 uid_t * /* uid */ 419 /* */); 420 OM_uint32 (*__gss_userok) 421 ( 422 void *, /* context */ 423 OM_uint32 *, /* minor_status */ 424 const gss_name_t, /* pname */ 425 const char *, /* local user */ 426 int * /* user ok? */ 427 /* */); 428 OM_uint32 (*gss_export_name) 429 ( 430 void *, /* context */ 431 OM_uint32 *, /* minor_status */ 432 const gss_name_t, /* input_name */ 433 gss_buffer_t /* exported_name */ 434 /* */); 435 #endif /* ! _KERNEL */ 436 /* EXPORT DELETE START */ 437 /* CRYPT DELETE START */ 438 /* 439 * This block comment is Sun Proprietary: Need-To-Know. 440 * What we are doing is leaving the seal and unseal entry points 441 * in an obvious place before sign and unsign for the Domestic customer 442 * of the Solaris Source Product. The Domestic customer of the Solaris Source 443 * Product will have to deal with the problem of creating exportable libgss 444 * binaries. 445 * In the binary product that Sun builds, these entry points are elsewhere, 446 * and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC 447 * targets delete them. 448 */ 449 #if 0 450 /* CRYPT DELETE END */ 451 OM_uint32 (*gss_seal) 452 ( 453 void *, /* context */ 454 OM_uint32 *, /* minor_status */ 455 const gss_ctx_id_t, /* context_handle */ 456 int, /* conf_req_flag */ 457 int, /* qop_req */ 458 const gss_buffer_t, /* input_message_buffer */ 459 int *, /* conf_state */ 460 gss_buffer_t /* output_message_buffer */ 461 #ifdef _KERNEL 462 /* */, OM_uint32 463 #endif 464 /* */); 465 OM_uint32 (*gss_unseal) 466 ( 467 void *, /* context */ 468 OM_uint32 *, /* minor_status */ 469 const gss_ctx_id_t, /* context_handle */ 470 const gss_buffer_t, /* input_message_buffer */ 471 gss_buffer_t, /* output_message_buffer */ 472 int *, /* conf_state */ 473 int * /* qop_state */ 474 #ifdef _KERNEL 475 /* */, OM_uint32 476 #endif 477 /* */); 478 /* CRYPT DELETE START */ 479 #endif /* 0 */ 480 /* CRYPT DELETE END */ 481 /* EXPORT DELETE END */ 482 OM_uint32 (*gss_sign) 483 ( 484 void *, /* context */ 485 OM_uint32 *, /* minor_status */ 486 const gss_ctx_id_t, /* context_handle */ 487 int, /* qop_req */ 488 const gss_buffer_t, /* message_buffer */ 489 gss_buffer_t /* message_token */ 490 #ifdef _KERNEL 491 /* */, OM_uint32 492 #endif 493 /* */); 494 OM_uint32 (*gss_verify) 495 ( 496 void *, /* context */ 497 OM_uint32 *, /* minor_status */ 498 const gss_ctx_id_t, /* context_handle */ 499 const gss_buffer_t, /* message_buffer */ 500 const gss_buffer_t, /* token_buffer */ 501 int * /* qop_state */ 502 #ifdef _KERNEL 503 /* */, OM_uint32 504 #endif 505 /* */); 506 #ifndef _KERNEL 507 OM_uint32 (*gss_store_cred) 508 ( 509 void *, /* context */ 510 OM_uint32 *, /* minor_status */ 511 const gss_cred_id_t, /* input_cred */ 512 gss_cred_usage_t, /* cred_usage */ 513 const gss_OID, /* desired_mech */ 514 OM_uint32, /* overwrite_cred */ 515 OM_uint32, /* default_cred */ 516 gss_OID_set *, /* elements_stored */ 517 gss_cred_usage_t * /* cred_usage_stored */ 518 /* */); 519 #endif 520 } *gss_mechanism; 521 522 523 524 #ifndef _KERNEL 525 /* This structure MUST NOT be used by any code outside libgss */ 526 typedef struct gss_config_ext { 527 gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password; 528 } *gss_mechanism_ext; 529 #endif /* _KERNEL */ 530 531 532 /* 533 * In the user space we use a wrapper structure to encompass the 534 * mechanism entry points. The wrapper contain the mechanism 535 * entry points and other data which is only relevant to the gss-api 536 * layer. In the kernel we use only the gss_config strucutre because 537 * the kernal does not cantain any of the extra gss-api specific data. 538 */ 539 typedef struct gss_mech_config { 540 char *kmodName; /* kernel module name */ 541 char *uLibName; /* user library name */ 542 char *mechNameStr; /* mechanism string name */ 543 char *optionStr; /* optional mech parameters */ 544 void *dl_handle; /* RTLD object handle for the mech */ 545 gss_OID mech_type; /* mechanism oid */ 546 gss_mechanism mech; /* mechanism initialization struct */ 547 #ifndef _KERNEL 548 gss_mechanism_ext mech_ext; /* Solaris extensions */ 549 #endif /* _KERNEL */ 550 struct gss_mech_config *next; /* next element in the list */ 551 } *gss_mech_info; 552 553 /********************************************************/ 554 /* Internal mechglue routines */ 555 556 /* SUNW15resync - Solaris versions - replace w/mit ones? */ 557 gss_mechanism __gss_get_mechanism(const gss_OID); 558 #ifndef _KERNEL 559 gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID); 560 #endif /* _KERNEL */ 561 char *__gss_get_kmodName(const gss_OID); 562 char *__gss_get_modOptions(const gss_OID); 563 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID, 564 gss_union_name_t, gss_name_t *); 565 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID, 566 const gss_name_t, gss_buffer_t); 567 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID, 568 const gss_name_t, gss_buffer_t, gss_OID *); 569 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID, 570 gss_name_t *); 571 OM_uint32 __gss_convert_name_to_union_name( 572 OM_uint32 *, /* minor_status */ 573 gss_mechanism, /* mech */ 574 gss_name_t, /* internal_name */ 575 gss_name_t * /* external_name */ 576 ); 577 578 gss_cred_id_t __gss_get_mechanism_cred( 579 const gss_union_cred_t, /* union_cred */ 580 const gss_OID /* mech_type */ 581 ); 582 583 584 585 586 587 int gssint_mechglue_init(void); 588 void gssint_mechglue_fini(void); 589 590 gss_mechanism gssint_get_mechanism (gss_OID); 591 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t); 592 char *gssint_get_kmodName(const gss_OID); 593 char *gssint_get_modOptions(const gss_OID); 594 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t, 595 gss_name_t *); 596 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID, 597 const gss_name_t, gss_buffer_t); 598 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t, 599 gss_buffer_t, gss_OID *); 600 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *); 601 602 OM_uint32 gssint_convert_name_to_union_name 603 (OM_uint32 *, /* minor_status */ 604 gss_mechanism, /* mech */ 605 gss_name_t, /* internal_name */ 606 gss_name_t * /* external_name */ 607 ); 608 gss_cred_id_t gssint_get_mechanism_cred 609 (gss_union_cred_t, /* union_cred */ 610 gss_OID /* mech_type */ 611 ); 612 613 OM_uint32 gssint_create_copy_buffer( 614 const gss_buffer_t, /* src buffer */ 615 gss_buffer_t *, /* destination buffer */ 616 int /* NULL terminate buffer ? */ 617 ); 618 619 620 OM_uint32 gssint_copy_oid_set( 621 OM_uint32 *, /* minor_status */ 622 const gss_OID_set_desc *, /* oid set */ 623 gss_OID_set * /* new oid set */ 624 ); 625 626 /* SUNW15resync - for old Solaris version in libgss */ 627 OM_uint32 gss_copy_oid_set( 628 OM_uint32 *, /* minor_status */ 629 const gss_OID_set_desc *, /* oid set */ 630 gss_OID_set * /* new oid set */ 631 ); 632 633 634 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */ 635 636 OM_uint32 gss_add_mech_name_type 637 (OM_uint32 *, /* minor_status */ 638 gss_OID, /* name_type */ 639 gss_OID /* mech */ 640 ); 641 642 /* 643 * Sun extensions to GSS-API v2 644 */ 645 646 OM_uint32 647 gssint_mech_to_oid( 648 const char *mech, /* mechanism string name */ 649 gss_OID *oid /* mechanism oid */ 650 ); 651 652 const char * 653 gssint_oid_to_mech( 654 const gss_OID oid /* mechanism oid */ 655 ); 656 657 OM_uint32 658 gssint_get_mechanisms( 659 char *mechArray[], /* array to populate with mechs */ 660 int arrayLen /* length of passed in array */ 661 ); 662 663 OM_uint32 664 gss_store_cred( 665 OM_uint32 *, /* minor_status */ 666 const gss_cred_id_t, /* input_cred_handle */ 667 gss_cred_usage_t, /* cred_usage */ 668 const gss_OID, /* desired_mech */ 669 OM_uint32, /* overwrite_cred */ 670 OM_uint32, /* default_cred */ 671 gss_OID_set *, /* elements_stored */ 672 gss_cred_usage_t * /* cred_usage_stored */ 673 ); 674 675 int 676 gssint_get_der_length( 677 unsigned char **, /* buf */ 678 unsigned int, /* buf_len */ 679 unsigned int * /* bytes */ 680 ); 681 682 unsigned int 683 gssint_der_length_size(unsigned int /* len */); 684 685 int 686 gssint_put_der_length( 687 unsigned int, /* length */ 688 unsigned char **, /* buf */ 689 unsigned int /* max_len */ 690 ); 691 692 693 694 /* Solaris kernel and gssd support */ 695 696 /* 697 * derived types for passing context and credential handles 698 * between gssd and kernel 699 */ 700 typedef unsigned int gssd_ctx_id_t; 701 typedef unsigned int gssd_cred_id_t; 702 703 #ifdef _KERNEL 704 705 #ifndef _KRB5_H 706 /* These macros are defined for Kerberos in krb5.h, and have priority */ 707 #define MALLOC(n) kmem_alloc((n), KM_SLEEP) 708 #define FREE(x, n) kmem_free((x), (n)) 709 #endif /* _KRB5_H */ 710 711 gss_mechanism __kgss_get_mechanism(gss_OID); 712 void __kgss_add_mechanism(gss_mechanism); 713 #endif /* _KERNEL */ 714 715 struct kgss_cred { 716 gssd_cred_id_t gssd_cred; 717 OM_uint32 gssd_cred_verifier; 718 }; 719 720 #define KCRED_TO_KGSS_CRED(cred) ((struct kgss_cred *)(cred)) 721 #define KCRED_TO_CRED(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred) 722 #define KCRED_TO_CREDV(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier) 723 724 struct kgss_ctx { 725 gssd_ctx_id_t gssd_ctx; 726 #ifdef _KERNEL 727 gss_ctx_id_t gssd_i_ctx; 728 bool_t ctx_imported; 729 gss_mechanism mech; 730 #endif /* _KERNEL */ 731 OM_uint32 gssd_ctx_verifier; 732 }; 733 734 #define KCTX_TO_KGSS_CTX(ctx) ((struct kgss_ctx *)(ctx)) 735 #define KCTX_TO_CTX_IMPORTED(ctx) (KCTX_TO_KGSS_CTX(ctx)->ctx_imported) 736 #define KCTX_TO_GSSD_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 737 #define KCTX_TO_CTXV(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier) 738 #define KCTX_TO_MECH(ctx) (KCTX_TO_KGSS_CTX(ctx)->mech) 739 #define KCTX_TO_PRIVATE(ctx) (KCTX_TO_MECH(ctx)->context) 740 #define KGSS_CTX_TO_GSSD_CTX(ctx) \ 741 (((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \ 742 KCTX_TO_GSSD_CTX(ctx)) 743 #define KGSS_CTX_TO_GSSD_CTXV(ctx) \ 744 (((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx)) 745 746 #ifdef _KERNEL 747 #define KCTX_TO_I_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx) 748 #define KCTX_TO_CTX(ctx) \ 749 ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \ 750 KCTX_TO_I_CTX(ctx)) 751 #define KGSS_CRED_ALLOC() kmem_zalloc(sizeof (struct kgss_cred), \ 752 KM_SLEEP) 753 #define KGSS_CRED_FREE(cred) kmem_free(cred, sizeof (struct kgss_cred)) 754 755 #define KGSS_ALLOC() kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP) 756 #define KGSS_FREE(ctx) kmem_free(ctx, sizeof (struct kgss_ctx)) 757 758 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 759 (*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \ 760 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 761 762 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 763 (*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\ 764 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 765 766 #define KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id, tkn) \ 767 (*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\ 768 minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx)) 769 770 #define KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id) \ 771 (*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\ 772 minor_st, tkn, int_ctx_id) 773 774 /* EXPORT DELETE START */ 775 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 776 (*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \ 777 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\ 778 KCTX_TO_CTXV(ctx)) 779 780 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 781 (*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\ 782 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 783 KCTX_TO_CTXV(ctx)) 784 785 /* EXPORT DELETE END */ 786 787 #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx) 788 #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid) 789 extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *); 790 791 #else /* !_KERNEL */ 792 793 #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx) 794 #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid) 795 796 #define KCTX_TO_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 797 #define MALLOC(n) malloc(n) 798 #define FREE(x, n) free(x) 799 #define KGSS_CRED_ALLOC() (struct kgss_cred *) \ 800 MALLOC(sizeof (struct kgss_cred)) 801 #define KGSS_CRED_FREE(cred) free(cred) 802 #define KGSS_ALLOC() (struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx)) 803 #define KGSS_FREE(ctx) free(ctx) 804 805 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 806 kgss_sign_wrapped(minor_st, \ 807 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 808 809 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 810 kgss_verify_wrapped(minor_st,\ 811 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 812 813 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 814 kgss_seal_wrapped(minor_st, \ 815 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \ 816 KCTX_TO_CTXV(ctx)) 817 818 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 819 kgss_unseal_wrapped(minor_st,\ 820 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 821 KCTX_TO_CTXV(ctx)) 822 #endif /* _KERNEL */ 823 824 /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */ 825 OM_uint32 generic_gss_release_buffer 826 (OM_uint32*, /* minor_status */ 827 gss_buffer_t /* buffer */ 828 ); 829 830 OM_uint32 generic_gss_release_oid_set 831 (OM_uint32*, /* minor_status */ 832 gss_OID_set* /* set */ 833 ); 834 835 OM_uint32 generic_gss_release_oid 836 (OM_uint32*, /* minor_status */ 837 gss_OID* /* set */ 838 ); 839 840 OM_uint32 generic_gss_copy_oid 841 (OM_uint32 *, /* minor_status */ 842 gss_OID_desc * const, /* oid */ /* SUNW15resync */ 843 gss_OID * /* new_oid */ 844 ); 845 846 OM_uint32 generic_gss_create_empty_oid_set 847 (OM_uint32 *, /* minor_status */ 848 gss_OID_set * /* oid_set */ 849 ); 850 851 OM_uint32 generic_gss_add_oid_set_member 852 (OM_uint32 *, /* minor_status */ 853 gss_OID_desc * const, /* member_oid */ 854 gss_OID_set * /* oid_set */ 855 ); 856 857 OM_uint32 generic_gss_test_oid_set_member 858 (OM_uint32 *, /* minor_status */ 859 gss_OID_desc * const, /* member */ 860 gss_OID_set, /* set */ 861 int * /* present */ 862 ); 863 864 OM_uint32 generic_gss_oid_to_str 865 (OM_uint32 *, /* minor_status */ 866 gss_OID_desc * const, /* oid */ 867 gss_buffer_t /* oid_str */ 868 ); 869 870 OM_uint32 generic_gss_str_to_oid 871 (OM_uint32 *, /* minor_status */ 872 gss_buffer_t, /* oid_str */ 873 gss_OID * /* oid */ 874 ); 875 876 877 #endif /* _GSS_MECHGLUEP_H */ 878