1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 /* 26 * This header contains the private mechglue definitions. 27 * 28 */ 29 30 #ifndef _GSS_MECHGLUEP_H 31 #define _GSS_MECHGLUEP_H 32 33 #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */ 34 #include "autoconf.h" 35 #endif 36 37 /* SUNW15resync */ 38 #ifndef GSS_DLLIMP 39 #define GSS_DLLIMP 40 #endif 41 42 #include <gssapi/gssapi_ext.h> /* SUNW15resync - mechglue.h in mit 1.5 */ 43 #if 0 /* Solaris Kerberos */ 44 #include "gssapiP_generic.h" 45 #endif 46 47 #ifdef _KERNEL 48 #include <rpc/rpc.h> 49 #endif 50 51 #ifndef g_OID_copy /* SUNW15resync */ 52 #define g_OID_copy(o1, o2) \ 53 do { \ 54 memcpy((o1)->elements, (o2)->elements, (o2)->length); \ 55 (o1)->length = (o2)->length; \ 56 } while (0) 57 #endif 58 59 #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ 60 (buf)->value == NULL || (buf)->length == 0) 61 62 /* 63 * Array of context IDs typed by mechanism OID 64 */ 65 typedef struct gss_union_ctx_id_t { 66 gss_OID mech_type; 67 gss_ctx_id_t internal_ctx_id; 68 } gss_union_ctx_id_desc, *gss_union_ctx_id_t; 69 70 /* 71 * Generic GSSAPI names. A name can either be a generic name, or a 72 * mechanism specific name.... 73 */ 74 typedef struct gss_name_struct { 75 struct gss_name_struct *loopback; 76 gss_OID name_type; 77 gss_buffer_t external_name; 78 /* 79 * These last two fields are only filled in for mechanism 80 * names. 81 */ 82 gss_OID mech_type; 83 gss_name_t mech_name; 84 } gss_union_name_desc, *gss_union_name_t; 85 86 /* 87 * Structure for holding list of mechanism-specific name types 88 */ 89 typedef struct gss_mech_spec_name_t { 90 gss_OID name_type; 91 gss_OID mech; 92 struct gss_mech_spec_name_t *next, *prev; 93 } gss_mech_spec_name_desc, *gss_mech_spec_name; 94 95 /* 96 * Credential auxiliary info, used in the credential structure 97 */ 98 typedef struct gss_union_cred_auxinfo { 99 gss_buffer_desc name; 100 gss_OID name_type; 101 OM_uint32 creation_time; 102 OM_uint32 time_rec; 103 int cred_usage; 104 } gss_union_cred_auxinfo; 105 106 /* 107 * Set of Credentials typed on mechanism OID 108 */ 109 typedef struct gss_union_cred_t { 110 int count; 111 gss_OID mechs_array; 112 gss_cred_id_t *cred_array; 113 gss_union_cred_auxinfo auxinfo; 114 } gss_union_cred_desc, *gss_union_cred_t; 115 116 /* Solaris Kerberos */ 117 typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)( 118 void *, /* context */ 119 OM_uint32 *, /* minor_status */ 120 const gss_name_t, /* desired_name */ 121 const gss_buffer_t, /* password */ 122 OM_uint32, /* time_req */ 123 const gss_OID_set, /* desired_mechs */ 124 int, /* cred_usage */ 125 gss_cred_id_t *, /* output_cred_handle */ 126 gss_OID_set *, /* actual_mechs */ 127 OM_uint32 * /* time_rec */ 128 /* */); 129 130 /* 131 * Rudimentary pointer validation macro to check whether the 132 * "loopback" field of an opaque struct points back to itself. This 133 * field also catches some programming errors where an opaque pointer 134 * is passed to a function expecting the address of the opaque 135 * pointer. 136 */ 137 #if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */ 138 #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p))) 139 #else 140 #define GSSINT_CHK_LOOP(p) ((p) == NULL) 141 #endif 142 143 144 /********************************************************/ 145 /* The Mechanism Dispatch Table -- a mechanism needs to */ 146 /* define one of these and provide a function to return */ 147 /* it to initialize the GSSAPI library */ 148 149 /* 150 * This is the definition of the mechs_array struct, which is used to 151 * define the mechs array table. This table is used to indirectly 152 * access mechanism specific versions of the gssapi routines through 153 * the routines in the glue module (gssd_mech_glue.c) 154 * 155 * This contants all of the functions defined in gssapi.h except for 156 * gss_release_buffer() and gss_release_oid_set(), which I am 157 * assuming, for now, to be equal across mechanisms. 158 */ 159 160 typedef struct gss_config { 161 #if 0 /* Solaris Kerberos */ 162 OM_uint32 priority; 163 char * mechNameStr; 164 #endif 165 gss_OID_desc mech_type; 166 void * context; 167 #ifdef _KERNEL 168 struct gss_config *next; 169 bool_t uses_kmod; 170 #endif 171 172 #ifndef _KERNEL 173 OM_uint32 (*gss_acquire_cred) 174 ( 175 void *, /* context */ 176 177 OM_uint32 *, /* minor_status */ 178 const gss_name_t, /* desired_name */ 179 OM_uint32, /* time_req */ 180 const gss_OID_set, /* desired_mechs */ 181 int, /* cred_usage */ 182 gss_cred_id_t *, /* output_cred_handle */ 183 gss_OID_set *, /* actual_mechs */ 184 OM_uint32 * /* time_rec */ 185 /* */); 186 OM_uint32 (*gss_release_cred) 187 ( 188 189 void *, /* context */ 190 OM_uint32 *, /* minor_status */ 191 gss_cred_id_t * /* cred_handle */ 192 /* */); 193 OM_uint32 (*gss_init_sec_context) 194 ( 195 void *, /* context */ 196 OM_uint32 *, /* minor_status */ 197 const gss_cred_id_t, /* claimant_cred_handle */ 198 gss_ctx_id_t *, /* context_handle */ 199 const gss_name_t, /* target_name */ 200 const gss_OID, /* mech_type */ 201 OM_uint32, /* req_flags */ 202 OM_uint32, /* time_req */ 203 const gss_channel_bindings_t, /* input_chan_bindings */ 204 const gss_buffer_t, /* input_token */ 205 gss_OID*, /* actual_mech_type */ 206 gss_buffer_t, /* output_token */ 207 OM_uint32 *, /* ret_flags */ 208 OM_uint32 * /* time_rec */ 209 /* */); 210 OM_uint32 (*gss_accept_sec_context) 211 ( 212 void *, /* context */ 213 OM_uint32 *, /* minor_status */ 214 gss_ctx_id_t *, /* context_handle */ 215 const gss_cred_id_t, /* verifier_cred_handle */ 216 const gss_buffer_t, /* input_token_buffer */ 217 const gss_channel_bindings_t, /* input_chan_bindings */ 218 gss_name_t *, /* src_name */ 219 gss_OID*, /* mech_type */ 220 gss_buffer_t, /* output_token */ 221 OM_uint32 *, /* ret_flags */ 222 OM_uint32 *, /* time_rec */ 223 gss_cred_id_t * /* delegated_cred_handle */ 224 /* */); 225 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 226 #endif /* ! _KERNEL */ 227 228 /* 229 * Note: there are two gss_unseal's in here. Make any changes to both. 230 */ 231 OM_uint32 (*gss_unseal) 232 ( 233 void *, /* context */ 234 OM_uint32 *, /* minor_status */ 235 const gss_ctx_id_t, /* context_handle */ 236 const gss_buffer_t, /* input_message_buffer */ 237 gss_buffer_t, /* output_message_buffer */ 238 int *, /* conf_state */ 239 int * /* qop_state */ 240 #ifdef _KERNEL 241 /* */, OM_uint32 242 #endif 243 /* */); 244 #ifndef _KERNEL 245 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 246 OM_uint32 (*gss_process_context_token) 247 ( 248 void *, /* context */ 249 OM_uint32 *, /* minor_status */ 250 const gss_ctx_id_t, /* context_handle */ 251 const gss_buffer_t /* token_buffer */ 252 /* */); 253 #endif /* ! _KERNEL */ 254 OM_uint32 (*gss_delete_sec_context) 255 ( 256 void *, /* context */ 257 OM_uint32 *, /* minor_status */ 258 gss_ctx_id_t *, /* context_handle */ 259 gss_buffer_t /* output_token */ 260 #ifdef _KERNEL 261 /* */, OM_uint32 262 #endif 263 /* */); 264 #ifndef _KERNEL 265 OM_uint32 (*gss_context_time) 266 ( 267 void *, /* context */ 268 OM_uint32 *, /* minor_status */ 269 const gss_ctx_id_t, /* context_handle */ 270 OM_uint32 * /* time_rec */ 271 /* */); 272 OM_uint32 (*gss_display_status) 273 ( 274 void *, /* context */ 275 OM_uint32 *, /* minor_status */ 276 OM_uint32, /* status_value */ 277 int, /* status_type */ 278 const gss_OID, /* mech_type */ 279 OM_uint32 *, /* message_context */ 280 gss_buffer_t /* status_string */ 281 /* */); 282 OM_uint32 (*gss_indicate_mechs) 283 ( 284 void *, /* context */ 285 OM_uint32 *, /* minor_status */ 286 gss_OID_set * /* mech_set */ 287 /* */); 288 OM_uint32 (*gss_compare_name) 289 ( 290 void *, /* context */ 291 OM_uint32 *, /* minor_status */ 292 const gss_name_t, /* name1 */ 293 const gss_name_t, /* name2 */ 294 int * /* name_equal */ 295 /* */); 296 OM_uint32 (*gss_display_name) 297 ( 298 void *, /* context */ 299 OM_uint32 *, /* minor_status */ 300 const gss_name_t, /* input_name */ 301 gss_buffer_t, /* output_name_buffer */ 302 gss_OID* /* output_name_type */ 303 /* */); 304 OM_uint32 (*gss_import_name) 305 ( 306 void *, /* context */ 307 OM_uint32 *, /* minor_status */ 308 const gss_buffer_t, /* input_name_buffer */ 309 const gss_OID, /* input_name_type */ 310 gss_name_t * /* output_name */ 311 /* */); 312 OM_uint32 (*gss_release_name) 313 ( 314 void *, /* context */ 315 OM_uint32 *, /* minor_status */ 316 gss_name_t * /* input_name */ 317 /* */); 318 OM_uint32 (*gss_inquire_cred) 319 ( 320 void *, /* context */ 321 OM_uint32 *, /* minor_status */ 322 const gss_cred_id_t, /* cred_handle */ 323 gss_name_t *, /* name */ 324 OM_uint32 *, /* lifetime */ 325 int *, /* cred_usage */ 326 gss_OID_set * /* mechanisms */ 327 /* */); 328 OM_uint32 (*gss_add_cred) 329 ( 330 void *, /* context */ 331 OM_uint32 *, /* minor_status */ 332 const gss_cred_id_t, /* input_cred_handle */ 333 const gss_name_t, /* desired_name */ 334 const gss_OID, /* desired_mech */ 335 gss_cred_usage_t, /* cred_usage */ 336 OM_uint32, /* initiator_time_req */ 337 OM_uint32, /* acceptor_time_req */ 338 gss_cred_id_t *, /* output_cred_handle */ 339 gss_OID_set *, /* actual_mechs */ 340 OM_uint32 *, /* initiator_time_rec */ 341 OM_uint32 * /* acceptor_time_rec */ 342 /* */); 343 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 344 #endif /* ! _KERNEL */ 345 /* 346 * Note: there are two gss_seal's in here. Make any changes to both. 347 */ 348 OM_uint32 (*gss_seal) 349 ( 350 void *, /* context */ 351 OM_uint32 *, /* minor_status */ 352 const gss_ctx_id_t, /* context_handle */ 353 int, /* conf_req_flag */ 354 int, /* qop_req */ 355 const gss_buffer_t, /* input_message_buffer */ 356 int *, /* conf_state */ 357 gss_buffer_t /* output_message_buffer */ 358 #ifdef _KERNEL 359 /* */, OM_uint32 360 #endif 361 /* */); 362 #ifndef _KERNEL 363 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 364 OM_uint32 (*gss_export_sec_context) 365 ( 366 void *, /* context */ 367 OM_uint32 *, /* minor_status */ 368 gss_ctx_id_t *, /* context_handle */ 369 gss_buffer_t /* interprocess_token */ 370 /* */); 371 #endif /* ! _KERNEL */ 372 OM_uint32 (*gss_import_sec_context) 373 ( 374 void *, /* context */ 375 OM_uint32 *, /* minor_status */ 376 const gss_buffer_t, /* interprocess_token */ 377 gss_ctx_id_t * /* context_handle */ 378 /* */); 379 #ifndef _KERNEL 380 OM_uint32 (*gss_inquire_cred_by_mech) 381 ( 382 void *, /* context */ 383 OM_uint32 *, /* minor_status */ 384 const gss_cred_id_t, /* cred_handle */ 385 const gss_OID, /* mech_type */ 386 gss_name_t *, /* name */ 387 OM_uint32 *, /* initiator_lifetime */ 388 OM_uint32 *, /* acceptor_lifetime */ 389 gss_cred_usage_t * /* cred_usage */ 390 /* */); 391 OM_uint32 (*gss_inquire_names_for_mech) 392 ( 393 void *, /* context */ 394 OM_uint32 *, /* minor_status */ 395 const gss_OID, /* mechanism */ 396 gss_OID_set * /* name_types */ 397 /* */); 398 OM_uint32 (*gss_inquire_context) 399 ( 400 void *, /* context */ 401 OM_uint32 *, /* minor_status */ 402 const gss_ctx_id_t, /* context_handle */ 403 gss_name_t *, /* src_name */ 404 gss_name_t *, /* targ_name */ 405 OM_uint32 *, /* lifetime_rec */ 406 gss_OID *, /* mech_type */ 407 OM_uint32 *, /* ctx_flags */ 408 int *, /* locally_initiated */ 409 int * /* open */ 410 /* */); 411 OM_uint32 (*gss_internal_release_oid) 412 ( 413 void *, /* context */ 414 OM_uint32 *, /* minor_status */ 415 gss_OID * /* OID */ 416 /* */); 417 OM_uint32 (*gss_wrap_size_limit) 418 ( 419 void *, /* context */ 420 OM_uint32 *, /* minor_status */ 421 const gss_ctx_id_t, /* context_handle */ 422 int, /* conf_req_flag */ 423 gss_qop_t, /* qop_req */ 424 OM_uint32, /* req_output_size */ 425 OM_uint32 * /* max_input_size */ 426 /* */); 427 OM_uint32 (*pname_to_uid) 428 ( 429 void *, /* context */ 430 OM_uint32 *, /* minor_status */ 431 const gss_name_t, /* pname */ 432 uid_t * /* uid */ 433 /* */); 434 OM_uint32 (*__gss_userok) 435 ( 436 void *, /* context */ 437 OM_uint32 *, /* minor_status */ 438 const gss_name_t, /* pname */ 439 const char *, /* local user */ 440 int * /* user ok? */ 441 /* */); 442 OM_uint32 (*gss_export_name) 443 ( 444 void *, /* context */ 445 OM_uint32 *, /* minor_status */ 446 const gss_name_t, /* input_name */ 447 gss_buffer_t /* exported_name */ 448 /* */); 449 #endif /* ! _KERNEL */ 450 /* EXPORT DELETE START */ 451 /* CRYPT DELETE START */ 452 /* 453 * This block comment is Sun Proprietary: Need-To-Know. 454 * What we are doing is leaving the seal and unseal entry points 455 * in an obvious place before sign and unsign for the Domestic customer 456 * of the Solaris Source Product. The Domestic customer of the Solaris Source 457 * Product will have to deal with the problem of creating exportable libgss 458 * binaries. 459 * In the binary product that Sun builds, these entry points are elsewhere, 460 * and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC 461 * targets delete them. 462 */ 463 #if 0 464 /* CRYPT DELETE END */ 465 OM_uint32 (*gss_seal) 466 ( 467 void *, /* context */ 468 OM_uint32 *, /* minor_status */ 469 const gss_ctx_id_t, /* context_handle */ 470 int, /* conf_req_flag */ 471 int, /* qop_req */ 472 const gss_buffer_t, /* input_message_buffer */ 473 int *, /* conf_state */ 474 gss_buffer_t /* output_message_buffer */ 475 #ifdef _KERNEL 476 /* */, OM_uint32 477 #endif 478 /* */); 479 OM_uint32 (*gss_unseal) 480 ( 481 void *, /* context */ 482 OM_uint32 *, /* minor_status */ 483 const gss_ctx_id_t, /* context_handle */ 484 const gss_buffer_t, /* input_message_buffer */ 485 gss_buffer_t, /* output_message_buffer */ 486 int *, /* conf_state */ 487 int * /* qop_state */ 488 #ifdef _KERNEL 489 /* */, OM_uint32 490 #endif 491 /* */); 492 /* CRYPT DELETE START */ 493 #endif /* 0 */ 494 /* CRYPT DELETE END */ 495 /* EXPORT DELETE END */ 496 OM_uint32 (*gss_sign) 497 ( 498 void *, /* context */ 499 OM_uint32 *, /* minor_status */ 500 const gss_ctx_id_t, /* context_handle */ 501 int, /* qop_req */ 502 const gss_buffer_t, /* message_buffer */ 503 gss_buffer_t /* message_token */ 504 #ifdef _KERNEL 505 /* */, OM_uint32 506 #endif 507 /* */); 508 OM_uint32 (*gss_verify) 509 ( 510 void *, /* context */ 511 OM_uint32 *, /* minor_status */ 512 const gss_ctx_id_t, /* context_handle */ 513 const gss_buffer_t, /* message_buffer */ 514 const gss_buffer_t, /* token_buffer */ 515 int * /* qop_state */ 516 #ifdef _KERNEL 517 /* */, OM_uint32 518 #endif 519 /* */); 520 #ifndef _KERNEL 521 OM_uint32 (*gss_store_cred) 522 ( 523 void *, /* context */ 524 OM_uint32 *, /* minor_status */ 525 const gss_cred_id_t, /* input_cred */ 526 gss_cred_usage_t, /* cred_usage */ 527 const gss_OID, /* desired_mech */ 528 OM_uint32, /* overwrite_cred */ 529 OM_uint32, /* default_cred */ 530 gss_OID_set *, /* elements_stored */ 531 gss_cred_usage_t * /* cred_usage_stored */ 532 /* */); 533 534 /* GGF extensions */ 535 536 OM_uint32 (*gss_inquire_sec_context_by_oid) 537 ( 538 OM_uint32 *, /* minor_status */ 539 const gss_ctx_id_t, /* context_handle */ 540 const gss_OID, /* OID */ 541 gss_buffer_set_t * /* data_set */ 542 /* */); 543 544 #endif 545 } *gss_mechanism; 546 547 548 549 #ifndef _KERNEL 550 /* This structure MUST NOT be used by any code outside libgss */ 551 typedef struct gss_config_ext { 552 gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password; 553 } *gss_mechanism_ext; 554 #endif /* _KERNEL */ 555 556 557 /* 558 * In the user space we use a wrapper structure to encompass the 559 * mechanism entry points. The wrapper contain the mechanism 560 * entry points and other data which is only relevant to the gss-api 561 * layer. In the kernel we use only the gss_config strucutre because 562 * the kernal does not cantain any of the extra gss-api specific data. 563 */ 564 typedef struct gss_mech_config { 565 char *kmodName; /* kernel module name */ 566 char *uLibName; /* user library name */ 567 char *mechNameStr; /* mechanism string name */ 568 char *optionStr; /* optional mech parameters */ 569 void *dl_handle; /* RTLD object handle for the mech */ 570 gss_OID mech_type; /* mechanism oid */ 571 gss_mechanism mech; /* mechanism initialization struct */ 572 #ifndef _KERNEL 573 gss_mechanism_ext mech_ext; /* Solaris extensions */ 574 #endif /* _KERNEL */ 575 struct gss_mech_config *next; /* next element in the list */ 576 } *gss_mech_info; 577 578 /********************************************************/ 579 /* Internal mechglue routines */ 580 581 /* SUNW15resync - Solaris versions - replace w/mit ones? */ 582 gss_mechanism __gss_get_mechanism(const gss_OID); 583 #ifndef _KERNEL 584 gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID); 585 #endif /* _KERNEL */ 586 char *__gss_get_kmodName(const gss_OID); 587 char *__gss_get_modOptions(const gss_OID); 588 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID, 589 gss_union_name_t, gss_name_t *); 590 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID, 591 const gss_name_t, gss_buffer_t); 592 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID, 593 const gss_name_t, gss_buffer_t, gss_OID *); 594 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID, 595 gss_name_t *); 596 OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID, 597 gss_ctx_id_t *, gss_buffer_t); 598 OM_uint32 __gss_convert_name_to_union_name( 599 OM_uint32 *, /* minor_status */ 600 gss_mechanism, /* mech */ 601 gss_name_t, /* internal_name */ 602 gss_name_t * /* external_name */ 603 ); 604 605 gss_cred_id_t __gss_get_mechanism_cred( 606 const gss_union_cred_t, /* union_cred */ 607 const gss_OID /* mech_type */ 608 ); 609 610 611 612 613 614 int gssint_mechglue_init(void); 615 void gssint_mechglue_fini(void); 616 617 gss_mechanism gssint_get_mechanism (gss_OID); 618 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t); 619 char *gssint_get_kmodName(const gss_OID); 620 char *gssint_get_modOptions(const gss_OID); 621 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t, 622 gss_name_t *); 623 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID, 624 const gss_name_t, gss_buffer_t); 625 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t, 626 gss_buffer_t, gss_OID *); 627 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *); 628 629 OM_uint32 gssint_convert_name_to_union_name 630 (OM_uint32 *, /* minor_status */ 631 gss_mechanism, /* mech */ 632 gss_name_t, /* internal_name */ 633 gss_name_t * /* external_name */ 634 ); 635 gss_cred_id_t gssint_get_mechanism_cred 636 (gss_union_cred_t, /* union_cred */ 637 gss_OID /* mech_type */ 638 ); 639 640 OM_uint32 gssint_create_copy_buffer( 641 const gss_buffer_t, /* src buffer */ 642 gss_buffer_t *, /* destination buffer */ 643 int /* NULL terminate buffer ? */ 644 ); 645 646 647 OM_uint32 gssint_copy_oid_set( 648 OM_uint32 *, /* minor_status */ 649 const gss_OID_set_desc *, /* oid set */ 650 gss_OID_set * /* new oid set */ 651 ); 652 653 /* SUNW15resync - for old Solaris version in libgss */ 654 OM_uint32 gss_copy_oid_set( 655 OM_uint32 *, /* minor_status */ 656 const gss_OID_set_desc *, /* oid set */ 657 gss_OID_set * /* new oid set */ 658 ); 659 660 661 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */ 662 663 OM_uint32 gss_add_mech_name_type 664 (OM_uint32 *, /* minor_status */ 665 gss_OID, /* name_type */ 666 gss_OID /* mech */ 667 ); 668 669 /* 670 * Sun extensions to GSS-API v2 671 */ 672 673 OM_uint32 674 gssint_mech_to_oid( 675 const char *mech, /* mechanism string name */ 676 gss_OID *oid /* mechanism oid */ 677 ); 678 679 const char * 680 gssint_oid_to_mech( 681 const gss_OID oid /* mechanism oid */ 682 ); 683 684 OM_uint32 685 gssint_get_mechanisms( 686 char *mechArray[], /* array to populate with mechs */ 687 int arrayLen /* length of passed in array */ 688 ); 689 690 OM_uint32 691 gss_store_cred( 692 OM_uint32 *, /* minor_status */ 693 const gss_cred_id_t, /* input_cred_handle */ 694 gss_cred_usage_t, /* cred_usage */ 695 const gss_OID, /* desired_mech */ 696 OM_uint32, /* overwrite_cred */ 697 OM_uint32, /* default_cred */ 698 gss_OID_set *, /* elements_stored */ 699 gss_cred_usage_t * /* cred_usage_stored */ 700 ); 701 702 int 703 gssint_get_der_length( 704 unsigned char **, /* buf */ 705 unsigned int, /* buf_len */ 706 unsigned int * /* bytes */ 707 ); 708 709 unsigned int 710 gssint_der_length_size(unsigned int /* len */); 711 712 int 713 gssint_put_der_length( 714 unsigned int, /* length */ 715 unsigned char **, /* buf */ 716 unsigned int /* max_len */ 717 ); 718 719 720 721 /* Solaris kernel and gssd support */ 722 723 /* 724 * derived types for passing context and credential handles 725 * between gssd and kernel 726 */ 727 typedef unsigned int gssd_ctx_id_t; 728 typedef unsigned int gssd_cred_id_t; 729 730 #define GSSD_NO_CONTEXT ((gssd_ctx_id_t)0) 731 #define GSSD_NO_CREDENTIAL ((gssd_cred_id_t)0) 732 733 #ifdef _KERNEL 734 735 #ifndef _KRB5_H 736 /* These macros are defined for Kerberos in krb5.h, and have priority */ 737 #define MALLOC(n) kmem_alloc((n), KM_SLEEP) 738 #define FREE(x, n) kmem_free((x), (n)) 739 #endif /* _KRB5_H */ 740 741 gss_mechanism __kgss_get_mechanism(gss_OID); 742 void __kgss_add_mechanism(gss_mechanism); 743 #endif /* _KERNEL */ 744 745 struct kgss_cred { 746 gssd_cred_id_t gssd_cred; 747 OM_uint32 gssd_cred_verifier; 748 }; 749 750 #define KCRED_TO_KGSS_CRED(cred) ((struct kgss_cred *)(cred)) 751 #define KCRED_TO_CRED(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred) 752 #define KCRED_TO_CREDV(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier) 753 754 struct kgss_ctx { 755 gssd_ctx_id_t gssd_ctx; 756 #ifdef _KERNEL 757 gss_ctx_id_t gssd_i_ctx; 758 bool_t ctx_imported; 759 gss_mechanism mech; 760 #endif /* _KERNEL */ 761 OM_uint32 gssd_ctx_verifier; 762 }; 763 764 #define KCTX_TO_KGSS_CTX(ctx) ((struct kgss_ctx *)(ctx)) 765 #define KCTX_TO_CTX_IMPORTED(ctx) (KCTX_TO_KGSS_CTX(ctx)->ctx_imported) 766 #define KCTX_TO_GSSD_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 767 #define KCTX_TO_CTXV(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier) 768 #define KCTX_TO_MECH(ctx) (KCTX_TO_KGSS_CTX(ctx)->mech) 769 #define KCTX_TO_PRIVATE(ctx) (KCTX_TO_MECH(ctx)->context) 770 #define KGSS_CTX_TO_GSSD_CTX(ctx) \ 771 (((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \ 772 KCTX_TO_GSSD_CTX(ctx)) 773 #define KGSS_CTX_TO_GSSD_CTXV(ctx) \ 774 (((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx)) 775 776 #ifdef _KERNEL 777 #define KCTX_TO_I_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx) 778 #define KCTX_TO_CTX(ctx) \ 779 ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \ 780 KCTX_TO_I_CTX(ctx)) 781 #define KGSS_CRED_ALLOC() kmem_zalloc(sizeof (struct kgss_cred), \ 782 KM_SLEEP) 783 #define KGSS_CRED_FREE(cred) kmem_free(cred, sizeof (struct kgss_cred)) 784 785 #define KGSS_ALLOC() kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP) 786 #define KGSS_FREE(ctx) kmem_free(ctx, sizeof (struct kgss_ctx)) 787 788 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 789 (*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \ 790 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 791 792 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 793 (*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\ 794 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 795 796 #define KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id, tkn) \ 797 (*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\ 798 minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx)) 799 800 #define KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id) \ 801 (*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\ 802 minor_st, tkn, int_ctx_id) 803 804 /* EXPORT DELETE START */ 805 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 806 (*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \ 807 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\ 808 KCTX_TO_CTXV(ctx)) 809 810 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 811 (*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\ 812 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 813 KCTX_TO_CTXV(ctx)) 814 815 /* EXPORT DELETE END */ 816 817 #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx) 818 #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid) 819 extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *); 820 821 #else /* !_KERNEL */ 822 823 #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx) 824 #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid) 825 826 #define KCTX_TO_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 827 #define MALLOC(n) malloc(n) 828 #define FREE(x, n) free(x) 829 #define KGSS_CRED_ALLOC() (struct kgss_cred *) \ 830 MALLOC(sizeof (struct kgss_cred)) 831 #define KGSS_CRED_FREE(cred) free(cred) 832 #define KGSS_ALLOC() (struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx)) 833 #define KGSS_FREE(ctx) free(ctx) 834 835 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 836 kgss_sign_wrapped(minor_st, \ 837 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 838 839 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 840 kgss_verify_wrapped(minor_st,\ 841 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 842 843 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 844 kgss_seal_wrapped(minor_st, \ 845 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \ 846 KCTX_TO_CTXV(ctx)) 847 848 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 849 kgss_unseal_wrapped(minor_st,\ 850 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 851 KCTX_TO_CTXV(ctx)) 852 #endif /* _KERNEL */ 853 854 /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */ 855 OM_uint32 generic_gss_release_buffer 856 (OM_uint32*, /* minor_status */ 857 gss_buffer_t /* buffer */ 858 ); 859 860 OM_uint32 generic_gss_release_oid_set 861 (OM_uint32*, /* minor_status */ 862 gss_OID_set* /* set */ 863 ); 864 865 OM_uint32 generic_gss_release_oid 866 (OM_uint32*, /* minor_status */ 867 gss_OID* /* set */ 868 ); 869 870 OM_uint32 generic_gss_copy_oid 871 (OM_uint32 *, /* minor_status */ 872 gss_OID_desc * const, /* oid */ /* SUNW15resync */ 873 gss_OID * /* new_oid */ 874 ); 875 876 OM_uint32 generic_gss_create_empty_oid_set 877 (OM_uint32 *, /* minor_status */ 878 gss_OID_set * /* oid_set */ 879 ); 880 881 OM_uint32 generic_gss_add_oid_set_member 882 (OM_uint32 *, /* minor_status */ 883 gss_OID_desc * const, /* member_oid */ 884 gss_OID_set * /* oid_set */ 885 ); 886 887 OM_uint32 generic_gss_test_oid_set_member 888 (OM_uint32 *, /* minor_status */ 889 gss_OID_desc * const, /* member */ 890 gss_OID_set, /* set */ 891 int * /* present */ 892 ); 893 894 OM_uint32 generic_gss_oid_to_str 895 (OM_uint32 *, /* minor_status */ 896 gss_OID_desc * const, /* oid */ 897 gss_buffer_t /* oid_str */ 898 ); 899 900 OM_uint32 generic_gss_str_to_oid 901 (OM_uint32 *, /* minor_status */ 902 gss_buffer_t, /* oid_str */ 903 gss_OID * /* oid */ 904 ); 905 906 OM_uint32 907 generic_gss_oid_compose( 908 OM_uint32 *, /* minor_status */ 909 const char *, /* prefix */ 910 size_t, /* prefix_len */ 911 int, /* suffix */ 912 gss_OID_desc *); /* oid */ 913 914 OM_uint32 915 generic_gss_oid_decompose( 916 OM_uint32 *, /* minor_status */ 917 const char *, /*prefix */ 918 size_t, /* prefix_len */ 919 gss_OID_desc *, /* oid */ 920 int *); /* suffix */ 921 922 OM_uint32 generic_gss_create_empty_buffer_set 923 (OM_uint32 * /*minor_status*/, 924 gss_buffer_set_t * /*buffer_set*/); 925 926 OM_uint32 generic_gss_add_buffer_set_member 927 (OM_uint32 * /*minor_status*/, 928 const gss_buffer_t /*member_buffer*/, 929 gss_buffer_set_t * /*buffer_set*/); 930 931 OM_uint32 generic_gss_release_buffer_set 932 (OM_uint32 * /*minor_status*/, 933 gss_buffer_set_t * /*buffer_set*/); 934 935 /* 936 * SUNW17PACresync 937 * New map error API in MIT 1.7, at build time generates code for errors. 938 * Solaris does not gen the errors at build time so we just stub these 939 * for now, need to revisit. 940 * See mglueP.h and util_errmap.c in MIT 1.7. 941 */ 942 #ifdef _KERNEL 943 944 #define map_error(MINORP, MECH) 945 #define map_errcode(MINORP) 946 947 #else /* _KERNEL */ 948 949 /* Use this to map an error code that was returned from a mech 950 operation; the mech will be asked to produce the associated error 951 messages. 952 953 Remember that if the minor status code cannot be returned to the 954 caller (e.g., if it's stuffed in an automatic variable and then 955 ignored), then we don't care about producing a mapping. */ 956 #define map_error(MINORP, MECH) \ 957 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type)) 958 #define map_error_oid(MINORP, MECHOID) \ 959 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID))) 960 961 /* Use this to map an errno value or com_err error code being 962 generated within the mechglue code (e.g., by calling generic oid 963 ops). Any errno or com_err values produced by mech operations 964 should be processed with map_error. This means they'll be stored 965 separately even if the mech uses com_err, because we can't assume 966 that it will use com_err. */ 967 #define map_errcode(MINORP) \ 968 (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP))) 969 970 #endif /* _KERNEL */ 971 972 #endif /* _GSS_MECHGLUEP_H */ 973