1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * This header contains the private mechglue definitions. 28 * 29 */ 30 31 #ifndef _GSS_MECHGLUEP_H 32 #define _GSS_MECHGLUEP_H 33 34 #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */ 35 #include "autoconf.h" 36 #endif 37 38 /* SUNW15resync */ 39 #ifndef GSS_DLLIMP 40 #define GSS_DLLIMP 41 #endif 42 43 #include <gssapi/gssapi_ext.h> /* SUNW15resync - mechglue.h in mit 1.5 */ 44 /* #include "gssapiP_generic.h" */ 45 46 #ifdef _KERNEL 47 #include <rpc/rpc.h> 48 #endif 49 50 #ifndef g_OID_copy /* SUNW15resync */ 51 #define g_OID_copy(o1, o2) \ 52 do { \ 53 memcpy((o1)->elements, (o2)->elements, (o2)->length); \ 54 (o1)->length = (o2)->length; \ 55 } while (0) 56 #endif 57 58 #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ 59 (buf)->value == NULL || (buf)->length == 0) 60 61 /* 62 * Array of context IDs typed by mechanism OID 63 */ 64 typedef struct gss_union_ctx_id_t { 65 gss_OID mech_type; 66 gss_ctx_id_t internal_ctx_id; 67 } gss_union_ctx_id_desc, *gss_union_ctx_id_t; 68 69 /* 70 * Generic GSSAPI names. A name can either be a generic name, or a 71 * mechanism specific name.... 72 */ 73 typedef struct gss_name_struct { 74 struct gss_name_struct *loopback; 75 gss_OID name_type; 76 gss_buffer_t external_name; 77 /* 78 * These last two fields are only filled in for mechanism 79 * names. 80 */ 81 gss_OID mech_type; 82 gss_name_t mech_name; 83 } gss_union_name_desc, *gss_union_name_t; 84 85 /* 86 * Structure for holding list of mechanism-specific name types 87 */ 88 typedef struct gss_mech_spec_name_t { 89 gss_OID name_type; 90 gss_OID mech; 91 struct gss_mech_spec_name_t *next, *prev; 92 } gss_mech_spec_name_desc, *gss_mech_spec_name; 93 94 /* 95 * Credential auxiliary info, used in the credential structure 96 */ 97 typedef struct gss_union_cred_auxinfo { 98 gss_buffer_desc name; 99 gss_OID name_type; 100 OM_uint32 creation_time; 101 OM_uint32 time_rec; 102 int cred_usage; 103 } gss_union_cred_auxinfo; 104 105 /* 106 * Set of Credentials typed on mechanism OID 107 */ 108 typedef struct gss_union_cred_t { 109 int count; 110 gss_OID mechs_array; 111 gss_cred_id_t *cred_array; 112 gss_union_cred_auxinfo auxinfo; 113 } gss_union_cred_desc, *gss_union_cred_t; 114 115 /* Solaris Kerberos */ 116 typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)( 117 void *, /* context */ 118 OM_uint32 *, /* minor_status */ 119 const gss_name_t, /* desired_name */ 120 const gss_buffer_t, /* password */ 121 OM_uint32, /* time_req */ 122 const gss_OID_set, /* desired_mechs */ 123 int, /* cred_usage */ 124 gss_cred_id_t *, /* output_cred_handle */ 125 gss_OID_set *, /* actual_mechs */ 126 OM_uint32 * /* time_rec */ 127 /* */); 128 129 130 131 /********************************************************/ 132 /* The Mechanism Dispatch Table -- a mechanism needs to */ 133 /* define one of these and provide a function to return */ 134 /* it to initialize the GSSAPI library */ 135 136 /* 137 * This is the definition of the mechs_array struct, which is used to 138 * define the mechs array table. This table is used to indirectly 139 * access mechanism specific versions of the gssapi routines through 140 * the routines in the glue module (gssd_mech_glue.c) 141 * 142 * This contants all of the functions defined in gssapi.h except for 143 * gss_release_buffer() and gss_release_oid_set(), which I am 144 * assuming, for now, to be equal across mechanisms. 145 */ 146 147 typedef struct gss_config { 148 #if 0 /* Solaris Kerberos */ 149 OM_uint32 priority; 150 char * mechNameStr; 151 #endif 152 gss_OID_desc mech_type; 153 void * context; 154 #ifdef _KERNEL 155 struct gss_config *next; 156 bool_t uses_kmod; 157 #endif 158 159 #ifndef _KERNEL 160 OM_uint32 (*gss_acquire_cred) 161 ( 162 void *, /* context */ 163 164 OM_uint32 *, /* minor_status */ 165 const gss_name_t, /* desired_name */ 166 OM_uint32, /* time_req */ 167 const gss_OID_set, /* desired_mechs */ 168 int, /* cred_usage */ 169 gss_cred_id_t *, /* output_cred_handle */ 170 gss_OID_set *, /* actual_mechs */ 171 OM_uint32 * /* time_rec */ 172 /* */); 173 OM_uint32 (*gss_release_cred) 174 ( 175 176 void *, /* context */ 177 OM_uint32 *, /* minor_status */ 178 gss_cred_id_t * /* cred_handle */ 179 /* */); 180 OM_uint32 (*gss_init_sec_context) 181 ( 182 void *, /* context */ 183 OM_uint32 *, /* minor_status */ 184 const gss_cred_id_t, /* claimant_cred_handle */ 185 gss_ctx_id_t *, /* context_handle */ 186 const gss_name_t, /* target_name */ 187 const gss_OID, /* mech_type */ 188 OM_uint32, /* req_flags */ 189 OM_uint32, /* time_req */ 190 const gss_channel_bindings_t, /* input_chan_bindings */ 191 const gss_buffer_t, /* input_token */ 192 gss_OID*, /* actual_mech_type */ 193 gss_buffer_t, /* output_token */ 194 OM_uint32 *, /* ret_flags */ 195 OM_uint32 * /* time_rec */ 196 /* */); 197 OM_uint32 (*gss_accept_sec_context) 198 ( 199 void *, /* context */ 200 OM_uint32 *, /* minor_status */ 201 gss_ctx_id_t *, /* context_handle */ 202 const gss_cred_id_t, /* verifier_cred_handle */ 203 const gss_buffer_t, /* input_token_buffer */ 204 const gss_channel_bindings_t, /* input_chan_bindings */ 205 gss_name_t *, /* src_name */ 206 gss_OID*, /* mech_type */ 207 gss_buffer_t, /* output_token */ 208 OM_uint32 *, /* ret_flags */ 209 OM_uint32 *, /* time_rec */ 210 gss_cred_id_t * /* delegated_cred_handle */ 211 /* */); 212 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 213 #endif /* ! _KERNEL */ 214 215 /* 216 * Note: there are two gss_unseal's in here. Make any changes to both. 217 */ 218 OM_uint32 (*gss_unseal) 219 ( 220 void *, /* context */ 221 OM_uint32 *, /* minor_status */ 222 const gss_ctx_id_t, /* context_handle */ 223 const gss_buffer_t, /* input_message_buffer */ 224 gss_buffer_t, /* output_message_buffer */ 225 int *, /* conf_state */ 226 int * /* qop_state */ 227 #ifdef _KERNEL 228 /* */, OM_uint32 229 #endif 230 /* */); 231 #ifndef _KERNEL 232 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 233 OM_uint32 (*gss_process_context_token) 234 ( 235 void *, /* context */ 236 OM_uint32 *, /* minor_status */ 237 const gss_ctx_id_t, /* context_handle */ 238 const gss_buffer_t /* token_buffer */ 239 /* */); 240 #endif /* ! _KERNEL */ 241 OM_uint32 (*gss_delete_sec_context) 242 ( 243 void *, /* context */ 244 OM_uint32 *, /* minor_status */ 245 gss_ctx_id_t *, /* context_handle */ 246 gss_buffer_t /* output_token */ 247 #ifdef _KERNEL 248 /* */, OM_uint32 249 #endif 250 /* */); 251 #ifndef _KERNEL 252 OM_uint32 (*gss_context_time) 253 ( 254 void *, /* context */ 255 OM_uint32 *, /* minor_status */ 256 const gss_ctx_id_t, /* context_handle */ 257 OM_uint32 * /* time_rec */ 258 /* */); 259 OM_uint32 (*gss_display_status) 260 ( 261 void *, /* context */ 262 OM_uint32 *, /* minor_status */ 263 OM_uint32, /* status_value */ 264 int, /* status_type */ 265 const gss_OID, /* mech_type */ 266 OM_uint32 *, /* message_context */ 267 gss_buffer_t /* status_string */ 268 /* */); 269 OM_uint32 (*gss_indicate_mechs) 270 ( 271 void *, /* context */ 272 OM_uint32 *, /* minor_status */ 273 gss_OID_set * /* mech_set */ 274 /* */); 275 OM_uint32 (*gss_compare_name) 276 ( 277 void *, /* context */ 278 OM_uint32 *, /* minor_status */ 279 const gss_name_t, /* name1 */ 280 const gss_name_t, /* name2 */ 281 int * /* name_equal */ 282 /* */); 283 OM_uint32 (*gss_display_name) 284 ( 285 void *, /* context */ 286 OM_uint32 *, /* minor_status */ 287 const gss_name_t, /* input_name */ 288 gss_buffer_t, /* output_name_buffer */ 289 gss_OID* /* output_name_type */ 290 /* */); 291 OM_uint32 (*gss_import_name) 292 ( 293 void *, /* context */ 294 OM_uint32 *, /* minor_status */ 295 const gss_buffer_t, /* input_name_buffer */ 296 const gss_OID, /* input_name_type */ 297 gss_name_t * /* output_name */ 298 /* */); 299 OM_uint32 (*gss_release_name) 300 ( 301 void *, /* context */ 302 OM_uint32 *, /* minor_status */ 303 gss_name_t * /* input_name */ 304 /* */); 305 OM_uint32 (*gss_inquire_cred) 306 ( 307 void *, /* context */ 308 OM_uint32 *, /* minor_status */ 309 const gss_cred_id_t, /* cred_handle */ 310 gss_name_t *, /* name */ 311 OM_uint32 *, /* lifetime */ 312 int *, /* cred_usage */ 313 gss_OID_set * /* mechanisms */ 314 /* */); 315 OM_uint32 (*gss_add_cred) 316 ( 317 void *, /* context */ 318 OM_uint32 *, /* minor_status */ 319 const gss_cred_id_t, /* input_cred_handle */ 320 const gss_name_t, /* desired_name */ 321 const gss_OID, /* desired_mech */ 322 gss_cred_usage_t, /* cred_usage */ 323 OM_uint32, /* initiator_time_req */ 324 OM_uint32, /* acceptor_time_req */ 325 gss_cred_id_t *, /* output_cred_handle */ 326 gss_OID_set *, /* actual_mechs */ 327 OM_uint32 *, /* initiator_time_rec */ 328 OM_uint32 * /* acceptor_time_rec */ 329 /* */); 330 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 331 #endif /* ! _KERNEL */ 332 /* 333 * Note: there are two gss_seal's in here. Make any changes to both. 334 */ 335 OM_uint32 (*gss_seal) 336 ( 337 void *, /* context */ 338 OM_uint32 *, /* minor_status */ 339 const gss_ctx_id_t, /* context_handle */ 340 int, /* conf_req_flag */ 341 int, /* qop_req */ 342 const gss_buffer_t, /* input_message_buffer */ 343 int *, /* conf_state */ 344 gss_buffer_t /* output_message_buffer */ 345 #ifdef _KERNEL 346 /* */, OM_uint32 347 #endif 348 /* */); 349 #ifndef _KERNEL 350 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 351 OM_uint32 (*gss_export_sec_context) 352 ( 353 void *, /* context */ 354 OM_uint32 *, /* minor_status */ 355 gss_ctx_id_t *, /* context_handle */ 356 gss_buffer_t /* interprocess_token */ 357 /* */); 358 #endif /* ! _KERNEL */ 359 OM_uint32 (*gss_import_sec_context) 360 ( 361 void *, /* context */ 362 OM_uint32 *, /* minor_status */ 363 const gss_buffer_t, /* interprocess_token */ 364 gss_ctx_id_t * /* context_handle */ 365 /* */); 366 #ifndef _KERNEL 367 OM_uint32 (*gss_inquire_cred_by_mech) 368 ( 369 void *, /* context */ 370 OM_uint32 *, /* minor_status */ 371 const gss_cred_id_t, /* cred_handle */ 372 const gss_OID, /* mech_type */ 373 gss_name_t *, /* name */ 374 OM_uint32 *, /* initiator_lifetime */ 375 OM_uint32 *, /* acceptor_lifetime */ 376 gss_cred_usage_t * /* cred_usage */ 377 /* */); 378 OM_uint32 (*gss_inquire_names_for_mech) 379 ( 380 void *, /* context */ 381 OM_uint32 *, /* minor_status */ 382 const gss_OID, /* mechanism */ 383 gss_OID_set * /* name_types */ 384 /* */); 385 OM_uint32 (*gss_inquire_context) 386 ( 387 void *, /* context */ 388 OM_uint32 *, /* minor_status */ 389 const gss_ctx_id_t, /* context_handle */ 390 gss_name_t *, /* src_name */ 391 gss_name_t *, /* targ_name */ 392 OM_uint32 *, /* lifetime_rec */ 393 gss_OID *, /* mech_type */ 394 OM_uint32 *, /* ctx_flags */ 395 int *, /* locally_initiated */ 396 int * /* open */ 397 /* */); 398 OM_uint32 (*gss_internal_release_oid) 399 ( 400 void *, /* context */ 401 OM_uint32 *, /* minor_status */ 402 gss_OID * /* OID */ 403 /* */); 404 OM_uint32 (*gss_wrap_size_limit) 405 ( 406 void *, /* context */ 407 OM_uint32 *, /* minor_status */ 408 const gss_ctx_id_t, /* context_handle */ 409 int, /* conf_req_flag */ 410 gss_qop_t, /* qop_req */ 411 OM_uint32, /* req_output_size */ 412 OM_uint32 * /* max_input_size */ 413 /* */); 414 OM_uint32 (*pname_to_uid) 415 ( 416 void *, /* context */ 417 OM_uint32 *, /* minor_status */ 418 const gss_name_t, /* pname */ 419 uid_t * /* uid */ 420 /* */); 421 OM_uint32 (*__gss_userok) 422 ( 423 void *, /* context */ 424 OM_uint32 *, /* minor_status */ 425 const gss_name_t, /* pname */ 426 const char *, /* local user */ 427 int * /* user ok? */ 428 /* */); 429 OM_uint32 (*gss_export_name) 430 ( 431 void *, /* context */ 432 OM_uint32 *, /* minor_status */ 433 const gss_name_t, /* input_name */ 434 gss_buffer_t /* exported_name */ 435 /* */); 436 #endif /* ! _KERNEL */ 437 /* EXPORT DELETE START */ 438 /* CRYPT DELETE START */ 439 /* 440 * This block comment is Sun Proprietary: Need-To-Know. 441 * What we are doing is leaving the seal and unseal entry points 442 * in an obvious place before sign and unsign for the Domestic customer 443 * of the Solaris Source Product. The Domestic customer of the Solaris Source 444 * Product will have to deal with the problem of creating exportable libgss 445 * binaries. 446 * In the binary product that Sun builds, these entry points are elsewhere, 447 * and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC 448 * targets delete them. 449 */ 450 #if 0 451 /* CRYPT DELETE END */ 452 OM_uint32 (*gss_seal) 453 ( 454 void *, /* context */ 455 OM_uint32 *, /* minor_status */ 456 const gss_ctx_id_t, /* context_handle */ 457 int, /* conf_req_flag */ 458 int, /* qop_req */ 459 const gss_buffer_t, /* input_message_buffer */ 460 int *, /* conf_state */ 461 gss_buffer_t /* output_message_buffer */ 462 #ifdef _KERNEL 463 /* */, OM_uint32 464 #endif 465 /* */); 466 OM_uint32 (*gss_unseal) 467 ( 468 void *, /* context */ 469 OM_uint32 *, /* minor_status */ 470 const gss_ctx_id_t, /* context_handle */ 471 const gss_buffer_t, /* input_message_buffer */ 472 gss_buffer_t, /* output_message_buffer */ 473 int *, /* conf_state */ 474 int * /* qop_state */ 475 #ifdef _KERNEL 476 /* */, OM_uint32 477 #endif 478 /* */); 479 /* CRYPT DELETE START */ 480 #endif /* 0 */ 481 /* CRYPT DELETE END */ 482 /* EXPORT DELETE END */ 483 OM_uint32 (*gss_sign) 484 ( 485 void *, /* context */ 486 OM_uint32 *, /* minor_status */ 487 const gss_ctx_id_t, /* context_handle */ 488 int, /* qop_req */ 489 const gss_buffer_t, /* message_buffer */ 490 gss_buffer_t /* message_token */ 491 #ifdef _KERNEL 492 /* */, OM_uint32 493 #endif 494 /* */); 495 OM_uint32 (*gss_verify) 496 ( 497 void *, /* context */ 498 OM_uint32 *, /* minor_status */ 499 const gss_ctx_id_t, /* context_handle */ 500 const gss_buffer_t, /* message_buffer */ 501 const gss_buffer_t, /* token_buffer */ 502 int * /* qop_state */ 503 #ifdef _KERNEL 504 /* */, OM_uint32 505 #endif 506 /* */); 507 #ifndef _KERNEL 508 OM_uint32 (*gss_store_cred) 509 ( 510 void *, /* context */ 511 OM_uint32 *, /* minor_status */ 512 const gss_cred_id_t, /* input_cred */ 513 gss_cred_usage_t, /* cred_usage */ 514 const gss_OID, /* desired_mech */ 515 OM_uint32, /* overwrite_cred */ 516 OM_uint32, /* default_cred */ 517 gss_OID_set *, /* elements_stored */ 518 gss_cred_usage_t * /* cred_usage_stored */ 519 /* */); 520 521 /* GGF extensions */ 522 523 OM_uint32 (*gss_inquire_sec_context_by_oid) 524 ( 525 OM_uint32 *, /* minor_status */ 526 const gss_ctx_id_t, /* context_handle */ 527 const gss_OID, /* OID */ 528 gss_buffer_set_t * /* data_set */ 529 /* */); 530 531 #endif 532 } *gss_mechanism; 533 534 535 536 #ifndef _KERNEL 537 /* This structure MUST NOT be used by any code outside libgss */ 538 typedef struct gss_config_ext { 539 gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password; 540 } *gss_mechanism_ext; 541 #endif /* _KERNEL */ 542 543 544 /* 545 * In the user space we use a wrapper structure to encompass the 546 * mechanism entry points. The wrapper contain the mechanism 547 * entry points and other data which is only relevant to the gss-api 548 * layer. In the kernel we use only the gss_config strucutre because 549 * the kernal does not cantain any of the extra gss-api specific data. 550 */ 551 typedef struct gss_mech_config { 552 char *kmodName; /* kernel module name */ 553 char *uLibName; /* user library name */ 554 char *mechNameStr; /* mechanism string name */ 555 char *optionStr; /* optional mech parameters */ 556 void *dl_handle; /* RTLD object handle for the mech */ 557 gss_OID mech_type; /* mechanism oid */ 558 gss_mechanism mech; /* mechanism initialization struct */ 559 #ifndef _KERNEL 560 gss_mechanism_ext mech_ext; /* Solaris extensions */ 561 #endif /* _KERNEL */ 562 struct gss_mech_config *next; /* next element in the list */ 563 } *gss_mech_info; 564 565 /********************************************************/ 566 /* Internal mechglue routines */ 567 568 /* SUNW15resync - Solaris versions - replace w/mit ones? */ 569 gss_mechanism __gss_get_mechanism(const gss_OID); 570 #ifndef _KERNEL 571 gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID); 572 #endif /* _KERNEL */ 573 char *__gss_get_kmodName(const gss_OID); 574 char *__gss_get_modOptions(const gss_OID); 575 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID, 576 gss_union_name_t, gss_name_t *); 577 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID, 578 const gss_name_t, gss_buffer_t); 579 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID, 580 const gss_name_t, gss_buffer_t, gss_OID *); 581 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID, 582 gss_name_t *); 583 OM_uint32 __gss_convert_name_to_union_name( 584 OM_uint32 *, /* minor_status */ 585 gss_mechanism, /* mech */ 586 gss_name_t, /* internal_name */ 587 gss_name_t * /* external_name */ 588 ); 589 590 gss_cred_id_t __gss_get_mechanism_cred( 591 const gss_union_cred_t, /* union_cred */ 592 const gss_OID /* mech_type */ 593 ); 594 595 596 597 598 599 int gssint_mechglue_init(void); 600 void gssint_mechglue_fini(void); 601 602 gss_mechanism gssint_get_mechanism (gss_OID); 603 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t); 604 char *gssint_get_kmodName(const gss_OID); 605 char *gssint_get_modOptions(const gss_OID); 606 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t, 607 gss_name_t *); 608 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID, 609 const gss_name_t, gss_buffer_t); 610 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t, 611 gss_buffer_t, gss_OID *); 612 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *); 613 614 OM_uint32 gssint_convert_name_to_union_name 615 (OM_uint32 *, /* minor_status */ 616 gss_mechanism, /* mech */ 617 gss_name_t, /* internal_name */ 618 gss_name_t * /* external_name */ 619 ); 620 gss_cred_id_t gssint_get_mechanism_cred 621 (gss_union_cred_t, /* union_cred */ 622 gss_OID /* mech_type */ 623 ); 624 625 OM_uint32 gssint_create_copy_buffer( 626 const gss_buffer_t, /* src buffer */ 627 gss_buffer_t *, /* destination buffer */ 628 int /* NULL terminate buffer ? */ 629 ); 630 631 632 OM_uint32 gssint_copy_oid_set( 633 OM_uint32 *, /* minor_status */ 634 const gss_OID_set_desc *, /* oid set */ 635 gss_OID_set * /* new oid set */ 636 ); 637 638 /* SUNW15resync - for old Solaris version in libgss */ 639 OM_uint32 gss_copy_oid_set( 640 OM_uint32 *, /* minor_status */ 641 const gss_OID_set_desc *, /* oid set */ 642 gss_OID_set * /* new oid set */ 643 ); 644 645 646 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */ 647 648 OM_uint32 gss_add_mech_name_type 649 (OM_uint32 *, /* minor_status */ 650 gss_OID, /* name_type */ 651 gss_OID /* mech */ 652 ); 653 654 /* 655 * Sun extensions to GSS-API v2 656 */ 657 658 OM_uint32 659 gssint_mech_to_oid( 660 const char *mech, /* mechanism string name */ 661 gss_OID *oid /* mechanism oid */ 662 ); 663 664 const char * 665 gssint_oid_to_mech( 666 const gss_OID oid /* mechanism oid */ 667 ); 668 669 OM_uint32 670 gssint_get_mechanisms( 671 char *mechArray[], /* array to populate with mechs */ 672 int arrayLen /* length of passed in array */ 673 ); 674 675 OM_uint32 676 gss_store_cred( 677 OM_uint32 *, /* minor_status */ 678 const gss_cred_id_t, /* input_cred_handle */ 679 gss_cred_usage_t, /* cred_usage */ 680 const gss_OID, /* desired_mech */ 681 OM_uint32, /* overwrite_cred */ 682 OM_uint32, /* default_cred */ 683 gss_OID_set *, /* elements_stored */ 684 gss_cred_usage_t * /* cred_usage_stored */ 685 ); 686 687 int 688 gssint_get_der_length( 689 unsigned char **, /* buf */ 690 unsigned int, /* buf_len */ 691 unsigned int * /* bytes */ 692 ); 693 694 unsigned int 695 gssint_der_length_size(unsigned int /* len */); 696 697 int 698 gssint_put_der_length( 699 unsigned int, /* length */ 700 unsigned char **, /* buf */ 701 unsigned int /* max_len */ 702 ); 703 704 705 706 /* Solaris kernel and gssd support */ 707 708 /* 709 * derived types for passing context and credential handles 710 * between gssd and kernel 711 */ 712 typedef unsigned int gssd_ctx_id_t; 713 typedef unsigned int gssd_cred_id_t; 714 715 #ifdef _KERNEL 716 717 #ifndef _KRB5_H 718 /* These macros are defined for Kerberos in krb5.h, and have priority */ 719 #define MALLOC(n) kmem_alloc((n), KM_SLEEP) 720 #define FREE(x, n) kmem_free((x), (n)) 721 #endif /* _KRB5_H */ 722 723 gss_mechanism __kgss_get_mechanism(gss_OID); 724 void __kgss_add_mechanism(gss_mechanism); 725 #endif /* _KERNEL */ 726 727 struct kgss_cred { 728 gssd_cred_id_t gssd_cred; 729 OM_uint32 gssd_cred_verifier; 730 }; 731 732 #define KCRED_TO_KGSS_CRED(cred) ((struct kgss_cred *)(cred)) 733 #define KCRED_TO_CRED(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred) 734 #define KCRED_TO_CREDV(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier) 735 736 struct kgss_ctx { 737 gssd_ctx_id_t gssd_ctx; 738 #ifdef _KERNEL 739 gss_ctx_id_t gssd_i_ctx; 740 bool_t ctx_imported; 741 gss_mechanism mech; 742 #endif /* _KERNEL */ 743 OM_uint32 gssd_ctx_verifier; 744 }; 745 746 #define KCTX_TO_KGSS_CTX(ctx) ((struct kgss_ctx *)(ctx)) 747 #define KCTX_TO_CTX_IMPORTED(ctx) (KCTX_TO_KGSS_CTX(ctx)->ctx_imported) 748 #define KCTX_TO_GSSD_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 749 #define KCTX_TO_CTXV(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier) 750 #define KCTX_TO_MECH(ctx) (KCTX_TO_KGSS_CTX(ctx)->mech) 751 #define KCTX_TO_PRIVATE(ctx) (KCTX_TO_MECH(ctx)->context) 752 #define KGSS_CTX_TO_GSSD_CTX(ctx) \ 753 (((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \ 754 KCTX_TO_GSSD_CTX(ctx)) 755 #define KGSS_CTX_TO_GSSD_CTXV(ctx) \ 756 (((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx)) 757 758 #ifdef _KERNEL 759 #define KCTX_TO_I_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx) 760 #define KCTX_TO_CTX(ctx) \ 761 ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \ 762 KCTX_TO_I_CTX(ctx)) 763 #define KGSS_CRED_ALLOC() kmem_zalloc(sizeof (struct kgss_cred), \ 764 KM_SLEEP) 765 #define KGSS_CRED_FREE(cred) kmem_free(cred, sizeof (struct kgss_cred)) 766 767 #define KGSS_ALLOC() kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP) 768 #define KGSS_FREE(ctx) kmem_free(ctx, sizeof (struct kgss_ctx)) 769 770 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 771 (*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \ 772 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 773 774 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 775 (*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\ 776 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 777 778 #define KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id, tkn) \ 779 (*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\ 780 minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx)) 781 782 #define KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id) \ 783 (*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\ 784 minor_st, tkn, int_ctx_id) 785 786 /* EXPORT DELETE START */ 787 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 788 (*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \ 789 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\ 790 KCTX_TO_CTXV(ctx)) 791 792 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 793 (*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\ 794 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 795 KCTX_TO_CTXV(ctx)) 796 797 /* EXPORT DELETE END */ 798 799 #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx) 800 #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid) 801 extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *); 802 803 #else /* !_KERNEL */ 804 805 #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx) 806 #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid) 807 808 #define KCTX_TO_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 809 #define MALLOC(n) malloc(n) 810 #define FREE(x, n) free(x) 811 #define KGSS_CRED_ALLOC() (struct kgss_cred *) \ 812 MALLOC(sizeof (struct kgss_cred)) 813 #define KGSS_CRED_FREE(cred) free(cred) 814 #define KGSS_ALLOC() (struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx)) 815 #define KGSS_FREE(ctx) free(ctx) 816 817 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 818 kgss_sign_wrapped(minor_st, \ 819 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 820 821 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 822 kgss_verify_wrapped(minor_st,\ 823 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 824 825 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 826 kgss_seal_wrapped(minor_st, \ 827 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \ 828 KCTX_TO_CTXV(ctx)) 829 830 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 831 kgss_unseal_wrapped(minor_st,\ 832 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 833 KCTX_TO_CTXV(ctx)) 834 #endif /* _KERNEL */ 835 836 /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */ 837 OM_uint32 generic_gss_release_buffer 838 (OM_uint32*, /* minor_status */ 839 gss_buffer_t /* buffer */ 840 ); 841 842 OM_uint32 generic_gss_release_oid_set 843 (OM_uint32*, /* minor_status */ 844 gss_OID_set* /* set */ 845 ); 846 847 OM_uint32 generic_gss_release_oid 848 (OM_uint32*, /* minor_status */ 849 gss_OID* /* set */ 850 ); 851 852 OM_uint32 generic_gss_copy_oid 853 (OM_uint32 *, /* minor_status */ 854 gss_OID_desc * const, /* oid */ /* SUNW15resync */ 855 gss_OID * /* new_oid */ 856 ); 857 858 OM_uint32 generic_gss_create_empty_oid_set 859 (OM_uint32 *, /* minor_status */ 860 gss_OID_set * /* oid_set */ 861 ); 862 863 OM_uint32 generic_gss_add_oid_set_member 864 (OM_uint32 *, /* minor_status */ 865 gss_OID_desc * const, /* member_oid */ 866 gss_OID_set * /* oid_set */ 867 ); 868 869 OM_uint32 generic_gss_test_oid_set_member 870 (OM_uint32 *, /* minor_status */ 871 gss_OID_desc * const, /* member */ 872 gss_OID_set, /* set */ 873 int * /* present */ 874 ); 875 876 OM_uint32 generic_gss_oid_to_str 877 (OM_uint32 *, /* minor_status */ 878 gss_OID_desc * const, /* oid */ 879 gss_buffer_t /* oid_str */ 880 ); 881 882 OM_uint32 generic_gss_str_to_oid 883 (OM_uint32 *, /* minor_status */ 884 gss_buffer_t, /* oid_str */ 885 gss_OID * /* oid */ 886 ); 887 888 OM_uint32 889 generic_gss_oid_compose( 890 OM_uint32 *, /* minor_status */ 891 const char *, /* prefix */ 892 size_t, /* prefix_len */ 893 int, /* suffix */ 894 gss_OID_desc *); /* oid */ 895 896 OM_uint32 897 generic_gss_oid_decompose( 898 OM_uint32 *, /* minor_status */ 899 const char *, /*prefix */ 900 size_t, /* prefix_len */ 901 gss_OID_desc *, /* oid */ 902 int *); /* suffix */ 903 904 OM_uint32 generic_gss_create_empty_buffer_set 905 (OM_uint32 * /*minor_status*/, 906 gss_buffer_set_t * /*buffer_set*/); 907 908 OM_uint32 generic_gss_add_buffer_set_member 909 (OM_uint32 * /*minor_status*/, 910 const gss_buffer_t /*member_buffer*/, 911 gss_buffer_set_t * /*buffer_set*/); 912 913 OM_uint32 generic_gss_release_buffer_set 914 (OM_uint32 * /*minor_status*/, 915 gss_buffer_set_t * /*buffer_set*/); 916 917 /* 918 * SUNW17PACresync 919 * New map error API in MIT 1.7, at build time generates code for errors. 920 * Solaris does not gen the errors at build time so we just stub these 921 * for now, need to revisit. 922 * See mglueP.h and util_errmap.c in MIT 1.7. 923 */ 924 #ifdef _KERNEL 925 926 #define map_error(MINORP, MECH) 927 #define map_errcode(MINORP) 928 929 #else /* _KERNEL */ 930 931 #include <syslog.h> 932 933 #define map_error(MINORP, MECH) \ 934 (void) syslog(LOG_AUTH|LOG_DEBUG, \ 935 "map_error: minor status=%x", \ 936 (MINORP) ? *(MINORP) : 0xffffffff) 937 #define map_errcode(MINORP) \ 938 (void) syslog(LOG_AUTH|LOG_DEBUG, \ 939 "map_errcode: minor status=%x", \ 940 (MINORP) ? *(MINORP) : 0xffffffff) 941 #endif /* _KERNEL */ 942 943 #endif /* _GSS_MECHGLUEP_H */ 944