xref: /titanic_52/usr/src/uts/common/gssapi/include/mechglueP.h (revision 2c2d21e98a95cba5687ec6574c974a5c6c4a6adb)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 /*
26  * This header contains the private mechglue definitions.
27  *
28  */
29 
30 #ifndef _GSS_MECHGLUEP_H
31 #define _GSS_MECHGLUEP_H
32 
33 #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */
34 #include "autoconf.h"
35 #endif
36 
37 /* SUNW15resync */
38 #ifndef GSS_DLLIMP
39 #define GSS_DLLIMP
40 #endif
41 
42 #include <gssapi/gssapi_ext.h>   /* SUNW15resync - mechglue.h in mit 1.5 */
43 #if 0 /* Solaris Kerberos */
44 #include "gssapiP_generic.h"
45 #endif
46 
47 #ifdef _KERNEL
48 #include <rpc/rpc.h>
49 #endif
50 
51 #ifndef g_OID_copy /* SUNW15resync */
52 #define	g_OID_copy(o1, o2)					\
53 do {								\
54 	memcpy((o1)->elements, (o2)->elements, (o2)->length);	\
55 	(o1)->length = (o2)->length;				\
56 } while (0)
57 #endif
58 
59 #define	GSS_EMPTY_BUFFER(buf)	((buf) == NULL ||\
60 	(buf)->value == NULL || (buf)->length == 0)
61 
62 /*
63  * Array of context IDs typed by mechanism OID
64  */
65 typedef struct gss_union_ctx_id_t {
66 	gss_OID			mech_type;
67 	gss_ctx_id_t		internal_ctx_id;
68 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
69 
70 /*
71  * Generic GSSAPI names.  A name can either be a generic name, or a
72  * mechanism specific name....
73  */
74 typedef struct gss_name_struct {
75 	struct gss_name_struct *loopback;
76 	gss_OID			name_type;
77 	gss_buffer_t		external_name;
78 	/*
79 	 * These last two fields are only filled in for mechanism
80 	 * names.
81 	 */
82 	gss_OID			mech_type;
83 	gss_name_t		mech_name;
84 } gss_union_name_desc, *gss_union_name_t;
85 
86 /*
87  * Structure for holding list of mechanism-specific name types
88  */
89 typedef struct gss_mech_spec_name_t {
90     gss_OID	name_type;
91     gss_OID	mech;
92     struct gss_mech_spec_name_t	*next, *prev;
93 } gss_mech_spec_name_desc, *gss_mech_spec_name;
94 
95 /*
96  * Credential auxiliary info, used in the credential structure
97  */
98 typedef struct gss_union_cred_auxinfo {
99 	gss_buffer_desc		name;
100 	gss_OID			name_type;
101 	OM_uint32		creation_time;
102 	OM_uint32		time_rec;
103 	int			cred_usage;
104 } gss_union_cred_auxinfo;
105 
106 /*
107  * Set of Credentials typed on mechanism OID
108  */
109 typedef struct gss_union_cred_t {
110 	int			count;
111 	gss_OID			mechs_array;
112 	gss_cred_id_t		*cred_array;
113 	gss_union_cred_auxinfo	auxinfo;
114 } gss_union_cred_desc, *gss_union_cred_t;
115 
116 /* Solaris Kerberos */
117 typedef	OM_uint32	    (*gss_acquire_cred_with_password_sfct)(
118 		    void *,		/* context */
119 		    OM_uint32 *,	/* minor_status */
120 		    const gss_name_t,	/* desired_name */
121 		    const gss_buffer_t, /* password */
122 		    OM_uint32,		/* time_req */
123 		    const gss_OID_set,	/* desired_mechs */
124 		    int,		/* cred_usage */
125 		    gss_cred_id_t *,	/* output_cred_handle */
126 		    gss_OID_set *,	/* actual_mechs */
127 		    OM_uint32 *		/* time_rec */
128 	/* */);
129 
130 /*
131  * Rudimentary pointer validation macro to check whether the
132  * "loopback" field of an opaque struct points back to itself.  This
133  * field also catches some programming errors where an opaque pointer
134  * is passed to a function expecting the address of the opaque
135  * pointer.
136  */
137 #if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */
138 #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
139 #else
140 #define GSSINT_CHK_LOOP(p) ((p) == NULL)
141 #endif
142 
143 
144 /********************************************************/
145 /* The Mechanism Dispatch Table -- a mechanism needs to */
146 /* define one of these and provide a function to return */
147 /* it to initialize the GSSAPI library                  */
148 
149 /*
150  * This is the definition of the mechs_array struct, which is used to
151  * define the mechs array table. This table is used to indirectly
152  * access mechanism specific versions of the gssapi routines through
153  * the routines in the glue module (gssd_mech_glue.c)
154  *
155  * This contants all of the functions defined in gssapi.h except for
156  * gss_release_buffer() and gss_release_oid_set(), which I am
157  * assuming, for now, to be equal across mechanisms.
158  */
159 
160 typedef struct gss_config {
161 #if 0 /* Solaris Kerberos */
162     OM_uint32	    priority;
163     char *	    mechNameStr;
164 #endif
165     gss_OID_desc    mech_type;
166     void *	    context;
167 #ifdef	_KERNEL
168     struct gss_config *next;
169     bool_t	    uses_kmod;
170 #endif
171 
172 #ifndef	_KERNEL
173 	OM_uint32	    (*gss_acquire_cred)
174 	(
175 		    void *,		/* context */
176 
177 		    OM_uint32 *,	/* minor_status */
178 		    const gss_name_t,	/* desired_name */
179 		    OM_uint32,		/* time_req */
180 		    const gss_OID_set,	/* desired_mechs */
181 		    int,		/* cred_usage */
182 		    gss_cred_id_t *,	/* output_cred_handle */
183 		    gss_OID_set *,	/* actual_mechs */
184 		    OM_uint32 *		/* time_rec */
185 	/* */);
186 	OM_uint32	    (*gss_release_cred)
187 	(
188 
189 		    void *,		/* context */
190 		    OM_uint32 *,	/* minor_status */
191 		    gss_cred_id_t *	/* cred_handle */
192 	/* */);
193 	OM_uint32	    (*gss_init_sec_context)
194 	(
195 		    void *,			/* context */
196 		    OM_uint32 *,		/* minor_status */
197 		    const gss_cred_id_t,	/* claimant_cred_handle */
198 		    gss_ctx_id_t *,		/* context_handle */
199 		    const gss_name_t,		/* target_name */
200 		    const gss_OID,		/* mech_type */
201 		    OM_uint32,			/* req_flags */
202 		    OM_uint32,			/* time_req */
203 		    const gss_channel_bindings_t, /* input_chan_bindings */
204 		    const gss_buffer_t,		/* input_token */
205 		    gss_OID*,			/* actual_mech_type */
206 		    gss_buffer_t,		/* output_token */
207 		    OM_uint32 *,		/* ret_flags */
208 		    OM_uint32 *			/* time_rec */
209 	/* */);
210 	OM_uint32	    (*gss_accept_sec_context)
211 	(
212 		    void *,			/* context */
213 		    OM_uint32 *,		/* minor_status */
214 		    gss_ctx_id_t *,		/* context_handle */
215 		    const gss_cred_id_t,	/* verifier_cred_handle */
216 		    const gss_buffer_t,		/* input_token_buffer */
217 		    const gss_channel_bindings_t, /* input_chan_bindings */
218 		    gss_name_t *,		/* src_name */
219 		    gss_OID*,			/* mech_type */
220 		    gss_buffer_t,		/* output_token */
221 		    OM_uint32 *,			/* ret_flags */
222 		    OM_uint32 *,			/* time_rec */
223 		    gss_cred_id_t *		/* delegated_cred_handle */
224 	/* */);
225 /* EXPORT DELETE START */ /* CRYPT DELETE START */
226 #endif	/* ! _KERNEL */
227 
228 /*
229  * Note: there are two gss_unseal's in here. Make any changes to both.
230  */
231 	OM_uint32	    (*gss_unseal)
232 	(
233 		    void *,		/* context */
234 		    OM_uint32 *,	/* minor_status */
235 		    const gss_ctx_id_t,	/* context_handle */
236 		    const gss_buffer_t,	/* input_message_buffer */
237 		    gss_buffer_t,	/* output_message_buffer */
238 		    int *,		/* conf_state */
239 		    int *		/* qop_state */
240 #ifdef	 _KERNEL
241 	/* */, OM_uint32
242 #endif
243 	/* */);
244 #ifndef	_KERNEL
245 /* EXPORT DELETE END */ /* CRYPT DELETE END */
246 	OM_uint32	    (*gss_process_context_token)
247 	(
248 		    void *,		/* context */
249 		    OM_uint32 *,	/* minor_status */
250 		    const gss_ctx_id_t,	/* context_handle */
251 		    const gss_buffer_t	/* token_buffer */
252 	/* */);
253 #endif	/* ! _KERNEL */
254 	OM_uint32	    (*gss_delete_sec_context)
255 	(
256 		    void *,		/* context */
257 		    OM_uint32 *,	/* minor_status */
258 		    gss_ctx_id_t *,	/* context_handle */
259 		    gss_buffer_t	/* output_token */
260 #ifdef	 _KERNEL
261 	/* */, OM_uint32
262 #endif
263 	/* */);
264 #ifndef	_KERNEL
265 	OM_uint32	    (*gss_context_time)
266 	(
267 		    void *,		/* context */
268 		    OM_uint32 *,	/* minor_status */
269 		    const gss_ctx_id_t,	/* context_handle */
270 		    OM_uint32 *		/* time_rec */
271 	/* */);
272 	OM_uint32	    (*gss_display_status)
273 	(
274 		    void *,		/* context */
275 		    OM_uint32 *,	/* minor_status */
276 		    OM_uint32,		/* status_value */
277 		    int,		/* status_type */
278 		    const gss_OID,	/* mech_type */
279 		    OM_uint32 *,	/* message_context */
280 		    gss_buffer_t	/* status_string */
281 	/* */);
282 	OM_uint32	    (*gss_indicate_mechs)
283 	(
284 		    void *,		/* context */
285 		    OM_uint32 *,	/* minor_status */
286 		    gss_OID_set *	/* mech_set */
287 	/* */);
288 	OM_uint32	    (*gss_compare_name)
289 	(
290 		    void *,		/* context */
291 		    OM_uint32 *,	/* minor_status */
292 		    const gss_name_t,	/* name1 */
293 		    const gss_name_t,	/* name2 */
294 		    int *		/* name_equal */
295 	/* */);
296 	OM_uint32	    (*gss_display_name)
297 	(
298 		    void *,		/* context */
299 		    OM_uint32 *,	/* minor_status */
300 		    const gss_name_t,	/* input_name */
301 		    gss_buffer_t,	/* output_name_buffer */
302 		    gss_OID*		/* output_name_type */
303 	/* */);
304 	OM_uint32	    (*gss_import_name)
305 	(
306 		    void *,		/* context */
307 		    OM_uint32 *,	/* minor_status */
308 		    const gss_buffer_t,	/* input_name_buffer */
309 		    const gss_OID,	/* input_name_type */
310 		    gss_name_t *	/* output_name */
311 	/* */);
312 	OM_uint32	    (*gss_release_name)
313 	(
314 		    void *,		/* context */
315 		    OM_uint32 *,	/* minor_status */
316 		    gss_name_t *	/* input_name */
317 	/* */);
318 	OM_uint32	    (*gss_inquire_cred)
319 	(
320 		    void *,			/* context */
321 		    OM_uint32 *,		/* minor_status */
322 		    const gss_cred_id_t,	/* cred_handle */
323 		    gss_name_t *,		/* name */
324 		    OM_uint32 *,		/* lifetime */
325 		    int *,			/* cred_usage */
326 		    gss_OID_set *		/* mechanisms */
327 	/* */);
328 	OM_uint32	    (*gss_add_cred)
329 	(
330 		    void *,		/* context */
331 		    OM_uint32 *,	/* minor_status */
332 		    const gss_cred_id_t,	/* input_cred_handle */
333 		    const gss_name_t,	/* desired_name */
334 		    const gss_OID,	/* desired_mech */
335 		    gss_cred_usage_t,	/* cred_usage */
336 		    OM_uint32,		/* initiator_time_req */
337 		    OM_uint32,		/* acceptor_time_req */
338 		    gss_cred_id_t *,	/* output_cred_handle */
339 		    gss_OID_set *,	/* actual_mechs */
340 		    OM_uint32 *,	/* initiator_time_rec */
341 		    OM_uint32 *		/* acceptor_time_rec */
342 	/* */);
343 /* EXPORT DELETE START */ /* CRYPT DELETE START */
344 #endif	/* ! _KERNEL */
345 /*
346  * Note: there are two gss_seal's in here. Make any changes to both.
347  */
348 	OM_uint32	    (*gss_seal)
349 	(
350 		    void *,		/* context */
351 		    OM_uint32 *,	/* minor_status */
352 		    const gss_ctx_id_t,	/* context_handle */
353 		    int,		/* conf_req_flag */
354 		    int,		/* qop_req */
355 		    const gss_buffer_t,	/* input_message_buffer */
356 		    int *,		/* conf_state */
357 		    gss_buffer_t	/* output_message_buffer */
358 #ifdef	 _KERNEL
359 	/* */, OM_uint32
360 #endif
361 	/* */);
362 #ifndef	_KERNEL
363 /* EXPORT DELETE END */ /* CRYPT DELETE END */
364 	OM_uint32	    (*gss_export_sec_context)
365 	(
366 		    void *,		/* context */
367 		    OM_uint32 *,	/* minor_status */
368 		    gss_ctx_id_t *,	/* context_handle */
369 		    gss_buffer_t	/* interprocess_token */
370 	/* */);
371 #endif	/* ! _KERNEL */
372 	OM_uint32	    (*gss_import_sec_context)
373 	(
374 		    void *,		/* context */
375 		    OM_uint32 *,	/* minor_status */
376 		    const gss_buffer_t,	/* interprocess_token */
377 		    gss_ctx_id_t *	/* context_handle */
378 	/* */);
379 #ifndef	_KERNEL
380 	OM_uint32	    (*gss_inquire_cred_by_mech)
381 	(
382 		    void *,		/* context */
383 		    OM_uint32 *,	/* minor_status */
384 		    const gss_cred_id_t,	/* cred_handle */
385 		    const gss_OID,	/* mech_type */
386 		    gss_name_t *,	/* name */
387 		    OM_uint32 *,	/* initiator_lifetime */
388 		    OM_uint32 *,	/* acceptor_lifetime */
389 		    gss_cred_usage_t *	/* cred_usage */
390 	/* */);
391 	OM_uint32	    (*gss_inquire_names_for_mech)
392 	(
393 		    void *,		/* context */
394 		    OM_uint32 *,	/* minor_status */
395 		    const gss_OID,	/* mechanism */
396 		    gss_OID_set *	/* name_types */
397 	/* */);
398 	OM_uint32	(*gss_inquire_context)
399 	(
400 		    void *,		/* context */
401 		    OM_uint32 *,	/* minor_status */
402 		    const gss_ctx_id_t,	/* context_handle */
403 		    gss_name_t *,	/* src_name */
404 		    gss_name_t *,	/* targ_name */
405 		    OM_uint32 *,	/* lifetime_rec */
406 		    gss_OID *,		/* mech_type */
407 		    OM_uint32 *,	/* ctx_flags */
408 		    int *,		/* locally_initiated */
409 		    int *		/* open */
410 	/* */);
411 	OM_uint32	    (*gss_internal_release_oid)
412 	(
413 		    void *,		/* context */
414 		    OM_uint32 *,	/* minor_status */
415 		    gss_OID *		/* OID */
416 	/* */);
417 	OM_uint32		(*gss_wrap_size_limit)
418 	(
419 		    void *,		/* context */
420 		    OM_uint32 *,	/* minor_status */
421 		    const gss_ctx_id_t,	/* context_handle */
422 		    int,		/* conf_req_flag */
423 		    gss_qop_t,		/* qop_req */
424 		    OM_uint32,		/* req_output_size */
425 		    OM_uint32 *		/* max_input_size */
426 	/* */);
427 	OM_uint32		(*pname_to_uid)
428 	(
429 		    void *,		/* context */
430 		    OM_uint32 *,	/* minor_status */
431 		    const gss_name_t,	/* pname */
432 		    uid_t *		/* uid */
433 	/* */);
434 	OM_uint32		(*__gss_userok)
435 	(
436 		    void *,		/* context */
437 		    OM_uint32 *,	/* minor_status */
438 		    const gss_name_t,	/* pname */
439 		    const char *,	/* local user */
440 		    int *		/* user ok? */
441 	/* */);
442 	OM_uint32		(*gss_export_name)
443 	(
444 		void *,			/* context */
445 		OM_uint32 *,		/* minor_status */
446 		const gss_name_t,	/* input_name */
447 		gss_buffer_t		/* exported_name */
448 	/* */);
449 #endif	/* ! _KERNEL */
450 /* EXPORT DELETE START */
451 /* CRYPT DELETE START */
452 /*
453  * This block comment is Sun Proprietary: Need-To-Know.
454  * What we are doing is leaving the seal and unseal entry points
455  * in an obvious place before sign and unsign for the Domestic customer
456  * of the Solaris Source Product. The Domestic customer of the Solaris Source
457  * Product will have to deal with the problem of creating exportable libgss
458  * binaries.
459  * In the binary product that Sun builds, these entry points are elsewhere,
460  * and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC
461  * targets delete them.
462  */
463 #if 0
464 /* CRYPT DELETE END */
465 	OM_uint32	    (*gss_seal)
466 	(
467 		    void *,		/* context */
468 		    OM_uint32 *,	/* minor_status */
469 		    const gss_ctx_id_t,	/* context_handle */
470 		    int,		/* conf_req_flag */
471 		    int,		/* qop_req */
472 		    const gss_buffer_t,	/* input_message_buffer */
473 		    int *,		/* conf_state */
474 		    gss_buffer_t	/* output_message_buffer */
475 #ifdef	 _KERNEL
476 	/* */, OM_uint32
477 #endif
478 	/* */);
479 	OM_uint32	    (*gss_unseal)
480 	(
481 		    void *,		/* context */
482 		    OM_uint32 *,	/* minor_status */
483 		    const gss_ctx_id_t,	/* context_handle */
484 		    const gss_buffer_t,	/* input_message_buffer */
485 		    gss_buffer_t,	/* output_message_buffer */
486 		    int *,		/* conf_state */
487 		    int *		/* qop_state */
488 #ifdef	 _KERNEL
489 	/* */, OM_uint32
490 #endif
491 	/* */);
492 /* CRYPT DELETE START */
493 #endif /* 0 */
494 /* CRYPT DELETE END */
495 /* EXPORT DELETE END */
496 	OM_uint32	(*gss_sign)
497 	(
498 		    void *,		/* context */
499 		    OM_uint32 *,	/* minor_status */
500 		    const gss_ctx_id_t,	/* context_handle */
501 		    int,		/* qop_req */
502 		    const gss_buffer_t,	/* message_buffer */
503 		    gss_buffer_t	/* message_token */
504 #ifdef	 _KERNEL
505 	/* */, OM_uint32
506 #endif
507 	/* */);
508 	OM_uint32	(*gss_verify)
509 	(
510 		void *,			/* context */
511 		OM_uint32 *,		/* minor_status */
512 		const gss_ctx_id_t,	/* context_handle */
513 		const gss_buffer_t,	/* message_buffer */
514 		const gss_buffer_t,	/* token_buffer */
515 		int *			/* qop_state */
516 #ifdef	 _KERNEL
517 	/* */, OM_uint32
518 #endif
519 	/* */);
520 #ifndef	 _KERNEL
521 	OM_uint32	(*gss_store_cred)
522 	(
523 		void *,			/* context */
524 		OM_uint32 *,		/* minor_status */
525 		const gss_cred_id_t,	/* input_cred */
526 		gss_cred_usage_t,	/* cred_usage */
527 		const gss_OID,		/* desired_mech */
528 		OM_uint32,		/* overwrite_cred */
529 		OM_uint32,		/* default_cred */
530 		gss_OID_set *,		/* elements_stored */
531 		gss_cred_usage_t *	/* cred_usage_stored */
532 	/* */);
533 
534 	/* GGF extensions */
535 
536         OM_uint32       (*gss_inquire_sec_context_by_oid)
537         (
538 		OM_uint32 *,        /* minor_status */
539 		const gss_ctx_id_t, /* context_handle */
540 		const gss_OID,      /* OID */
541 		gss_buffer_set_t *  /* data_set */
542 	/* */);
543 
544 #endif
545 } *gss_mechanism;
546 
547 
548 
549 #ifndef _KERNEL
550 /* This structure MUST NOT be used by any code outside libgss */
551 typedef struct gss_config_ext {
552 	gss_acquire_cred_with_password_sfct	gss_acquire_cred_with_password;
553 } *gss_mechanism_ext;
554 #endif /* _KERNEL */
555 
556 
557 /*
558  * In the user space we use a wrapper structure to encompass the
559  * mechanism entry points.  The wrapper contain the mechanism
560  * entry points and other data which is only relevant to the gss-api
561  * layer.  In the kernel we use only the gss_config strucutre because
562  * the kernal does not cantain any of the extra gss-api specific data.
563  */
564 typedef struct gss_mech_config {
565 	char *kmodName;			/* kernel module name */
566 	char *uLibName;			/* user library name */
567 	char *mechNameStr;		/* mechanism string name */
568 	char *optionStr;		/* optional mech parameters */
569 	void *dl_handle;		/* RTLD object handle for the mech */
570 	gss_OID mech_type;		/* mechanism oid */
571 	gss_mechanism mech;		/* mechanism initialization struct */
572 #ifndef _KERNEL
573 	gss_mechanism_ext mech_ext;	/* Solaris extensions */
574 #endif /* _KERNEL */
575 	struct gss_mech_config *next;	/* next element in the list */
576 } *gss_mech_info;
577 
578 /********************************************************/
579 /* Internal mechglue routines */
580 
581 /* SUNW15resync - Solaris versions - replace w/mit ones? */
582 gss_mechanism __gss_get_mechanism(const gss_OID);
583 #ifndef _KERNEL
584 gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID);
585 #endif /* _KERNEL */
586 char *__gss_get_kmodName(const gss_OID);
587 char *__gss_get_modOptions(const gss_OID);
588 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID,
589  	gss_union_name_t, gss_name_t *);
590 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID,
591 	const gss_name_t, gss_buffer_t);
592 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID,
593 	const gss_name_t, gss_buffer_t, gss_OID *);
594 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID,
595 	gss_name_t *);
596 OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID,
597 	gss_ctx_id_t *, gss_buffer_t);
598 OM_uint32 __gss_convert_name_to_union_name(
599 	OM_uint32 *,		/* minor_status */
600 	gss_mechanism,	/* mech */
601 	gss_name_t,		/* internal_name */
602 	gss_name_t *		/* external_name */
603 );
604 
605  gss_cred_id_t __gss_get_mechanism_cred(
606 	const gss_union_cred_t,	/* union_cred */
607 	const gss_OID		/* mech_type */
608 );
609 
610 
611 
612 
613 
614 int gssint_mechglue_init(void);
615 void gssint_mechglue_fini(void);
616 
617 gss_mechanism gssint_get_mechanism (gss_OID);
618 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t);
619 char *gssint_get_kmodName(const gss_OID);
620 char *gssint_get_modOptions(const gss_OID);
621 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t,
622 				      gss_name_t *);
623 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID,
624 	const gss_name_t, gss_buffer_t);
625 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t,
626 				       gss_buffer_t, gss_OID *);
627 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *);
628 
629 OM_uint32 gssint_convert_name_to_union_name
630 	  (OM_uint32 *,		/* minor_status */
631 	   gss_mechanism,	/* mech */
632 	   gss_name_t,		/* internal_name */
633 	   gss_name_t *		/* external_name */
634 	   );
635 gss_cred_id_t gssint_get_mechanism_cred
636 	  (gss_union_cred_t,	/* union_cred */
637 	   gss_OID		/* mech_type */
638 	   );
639 
640 OM_uint32 gssint_create_copy_buffer(
641 	const gss_buffer_t,	/* src buffer */
642 	gss_buffer_t *,		/* destination buffer */
643 	int			/* NULL terminate buffer ? */
644 );
645 
646 
647 OM_uint32 gssint_copy_oid_set(
648 	OM_uint32 *,			/* minor_status */
649 	const gss_OID_set_desc *,	/* oid set */
650 	gss_OID_set *			/* new oid set */
651 );
652 
653 /* SUNW15resync - for old Solaris version in libgss */
654 OM_uint32 gss_copy_oid_set(
655 	OM_uint32 *,			/* minor_status */
656 	const gss_OID_set_desc *,	/* oid set */
657 	gss_OID_set *			/* new oid set */
658 );
659 
660 
661 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */
662 
663 OM_uint32 gss_add_mech_name_type
664 	   (OM_uint32 *,	/* minor_status */
665 	    gss_OID,		/* name_type */
666 	    gss_OID		/* mech */
667 	       );
668 
669 /*
670  * Sun extensions to GSS-API v2
671  */
672 
673 OM_uint32
674 gssint_mech_to_oid(
675 	const char *mech,		/* mechanism string name */
676 	gss_OID *oid			/* mechanism oid */
677 );
678 
679 const char *
680 gssint_oid_to_mech(
681 	const gss_OID oid		/* mechanism oid */
682 );
683 
684 OM_uint32
685 gssint_get_mechanisms(
686 	char *mechArray[],		/* array to populate with mechs */
687 	int arrayLen			/* length of passed in array */
688 );
689 
690 OM_uint32
691 gss_store_cred(
692 	OM_uint32 *,		/* minor_status */
693 	const gss_cred_id_t,	/* input_cred_handle */
694 	gss_cred_usage_t,	/* cred_usage */
695 	const gss_OID,		/* desired_mech */
696 	OM_uint32,		/* overwrite_cred */
697 	OM_uint32,		/* default_cred */
698 	gss_OID_set *,		/* elements_stored */
699 	gss_cred_usage_t *	/* cred_usage_stored */
700 );
701 
702 int
703 gssint_get_der_length(
704 	unsigned char **,	/* buf */
705 	unsigned int,		/* buf_len */
706 	unsigned int *		/* bytes */
707 );
708 
709 unsigned int
710 gssint_der_length_size(unsigned int /* len */);
711 
712 int
713 gssint_put_der_length(
714 	unsigned int,		/* length */
715 	unsigned char **,	/* buf */
716 	unsigned int		/* max_len */
717 );
718 
719 
720 
721 /* Solaris kernel and gssd support */
722 
723 /*
724  * derived types for passing context and credential handles
725  * between gssd and kernel
726  */
727 typedef unsigned int gssd_ctx_id_t;
728 typedef unsigned int gssd_cred_id_t;
729 
730 #define	GSSD_NO_CONTEXT		((gssd_ctx_id_t)0)
731 #define	GSSD_NO_CREDENTIAL	((gssd_cred_id_t)0)
732 
733 #ifdef	_KERNEL
734 
735 #ifndef	_KRB5_H
736 /* These macros are defined for Kerberos in krb5.h, and have priority */
737 #define	MALLOC(n) kmem_alloc((n), KM_SLEEP)
738 #define	FREE(x, n) kmem_free((x), (n))
739 #endif	/* _KRB5_H */
740 
741 gss_mechanism __kgss_get_mechanism(gss_OID);
742 void __kgss_add_mechanism(gss_mechanism);
743 #endif /* _KERNEL */
744 
745 struct	kgss_cred {
746 	gssd_cred_id_t	gssd_cred;
747 	OM_uint32	gssd_cred_verifier;
748 };
749 
750 #define	KCRED_TO_KGSS_CRED(cred)	((struct kgss_cred *)(cred))
751 #define	KCRED_TO_CRED(cred)	(KCRED_TO_KGSS_CRED(cred)->gssd_cred)
752 #define	KCRED_TO_CREDV(cred)    (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier)
753 
754 struct	kgss_ctx {
755 	gssd_ctx_id_t	gssd_ctx;
756 #ifdef _KERNEL
757 	gss_ctx_id_t	gssd_i_ctx;
758 	bool_t		ctx_imported;
759 	gss_mechanism	mech;
760 #endif /* _KERNEL */
761 	OM_uint32	gssd_ctx_verifier;
762 };
763 
764 #define	KCTX_TO_KGSS_CTX(ctx)	((struct kgss_ctx *)(ctx))
765 #define	KCTX_TO_CTX_IMPORTED(ctx)	(KCTX_TO_KGSS_CTX(ctx)->ctx_imported)
766 #define	KCTX_TO_GSSD_CTX(ctx)	(KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
767 #define	KCTX_TO_CTXV(ctx)	(KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier)
768 #define	KCTX_TO_MECH(ctx)	(KCTX_TO_KGSS_CTX(ctx)->mech)
769 #define	KCTX_TO_PRIVATE(ctx)	(KCTX_TO_MECH(ctx)->context)
770 #define	KGSS_CTX_TO_GSSD_CTX(ctx)	\
771 	(((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \
772 	KCTX_TO_GSSD_CTX(ctx))
773 #define	KGSS_CTX_TO_GSSD_CTXV(ctx)	\
774 	(((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx))
775 
776 #ifdef _KERNEL
777 #define	KCTX_TO_I_CTX(ctx)	(KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx)
778 #define	KCTX_TO_CTX(ctx) \
779 ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \
780 	KCTX_TO_I_CTX(ctx))
781 #define	KGSS_CRED_ALLOC()	kmem_zalloc(sizeof (struct kgss_cred), \
782 	KM_SLEEP)
783 #define	KGSS_CRED_FREE(cred)	kmem_free(cred, sizeof (struct kgss_cred))
784 
785 #define	KGSS_ALLOC()	kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP)
786 #define	KGSS_FREE(ctx)	kmem_free(ctx, sizeof (struct kgss_ctx))
787 
788 #define	KGSS_SIGN(minor_st, ctx, qop, msg, tkn)	\
789 	(*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \
790 		KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
791 
792 #define	KGSS_VERIFY(minor_st, ctx, msg, tkn, qop)	\
793 	(*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\
794 		KCTX_TO_CTX(ctx), msg, tkn, qop,  KCTX_TO_CTXV(ctx))
795 
796 #define	KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id,  tkn)	\
797 	(*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\
798 		minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx))
799 
800 #define	KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id)	\
801 	(*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\
802 		minor_st, tkn, int_ctx_id)
803 
804 /* EXPORT DELETE START */
805 #define	KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
806 	(*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \
807 		KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\
808 		KCTX_TO_CTXV(ctx))
809 
810 #define	KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop)	\
811 	(*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\
812 		KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \
813 		KCTX_TO_CTXV(ctx))
814 
815 /* EXPORT DELETE END */
816 
817 #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx)
818 #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid)
819 extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *);
820 
821 #else /* !_KERNEL */
822 
823 #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx)
824 #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid)
825 
826 #define	KCTX_TO_CTX(ctx)  (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
827 #define	MALLOC(n) malloc(n)
828 #define	FREE(x, n) free(x)
829 #define	KGSS_CRED_ALLOC()	(struct kgss_cred *) \
830 		MALLOC(sizeof (struct kgss_cred))
831 #define	KGSS_CRED_FREE(cred)	free(cred)
832 #define	KGSS_ALLOC()	(struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx))
833 #define	KGSS_FREE(ctx)	free(ctx)
834 
835 #define	KGSS_SIGN(minor_st, ctx, qop, msg, tkn)	\
836 	kgss_sign_wrapped(minor_st, \
837 		KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
838 
839 #define	KGSS_VERIFY(minor_st, ctx, msg, tkn, qop)	\
840 	kgss_verify_wrapped(minor_st,\
841 		KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx))
842 
843 #define	KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
844 	kgss_seal_wrapped(minor_st, \
845 		KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \
846 		KCTX_TO_CTXV(ctx))
847 
848 #define	KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop)	\
849 	kgss_unseal_wrapped(minor_st,\
850 		KCTX_TO_CTX(ctx), msg, tkn, conf, qop,  \
851 		KCTX_TO_CTXV(ctx))
852 #endif /* _KERNEL */
853 
854 /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */
855 OM_uint32 generic_gss_release_buffer
856 (OM_uint32*,       /* minor_status */
857             gss_buffer_t      /* buffer */
858            );
859 
860 OM_uint32 generic_gss_release_oid_set
861 (OM_uint32*,       /* minor_status */
862             gss_OID_set*      /* set */
863            );
864 
865 OM_uint32 generic_gss_release_oid
866 (OM_uint32*,       /* minor_status */
867             gss_OID*         /* set */
868            );
869 
870 OM_uint32 generic_gss_copy_oid
871 (OM_uint32 *,	/* minor_status */
872             gss_OID_desc * const,   /* oid */ /* SUNW15resync */
873 	    gss_OID *		/* new_oid */
874 	    );
875 
876 OM_uint32 generic_gss_create_empty_oid_set
877 (OM_uint32 *,	/* minor_status */
878 	    gss_OID_set *	/* oid_set */
879 	   );
880 
881 OM_uint32 generic_gss_add_oid_set_member
882 (OM_uint32 *,	/* minor_status */
883 	    gss_OID_desc * const,		/* member_oid */
884 	    gss_OID_set *	/* oid_set */
885 	   );
886 
887 OM_uint32 generic_gss_test_oid_set_member
888 (OM_uint32 *,	/* minor_status */
889 	    gss_OID_desc * const,		/* member */
890 	    gss_OID_set,	/* set */
891 	    int *		/* present */
892 	   );
893 
894 OM_uint32 generic_gss_oid_to_str
895 (OM_uint32 *,	/* minor_status */
896 	    gss_OID_desc * const,		/* oid */
897 	    gss_buffer_t	/* oid_str */
898 	   );
899 
900 OM_uint32 generic_gss_str_to_oid
901 (OM_uint32 *,	/* minor_status */
902 	    gss_buffer_t,	/* oid_str */
903 	    gss_OID *		/* oid */
904 	   );
905 
906 OM_uint32
907 generic_gss_oid_compose(
908     OM_uint32 *,        /* minor_status */
909     const char *,       /* prefix */
910     size_t,             /* prefix_len */
911     int,                /* suffix */
912     gss_OID_desc *);    /* oid */
913 
914 OM_uint32
915 generic_gss_oid_decompose(
916     OM_uint32 *,        /* minor_status */
917     const char *,       /*prefix */
918     size_t,             /* prefix_len */
919     gss_OID_desc *,     /* oid */
920     int *);             /* suffix */
921 
922 OM_uint32 generic_gss_create_empty_buffer_set
923 (OM_uint32 * /*minor_status*/,
924             gss_buffer_set_t * /*buffer_set*/);
925 
926 OM_uint32 generic_gss_add_buffer_set_member
927 (OM_uint32 * /*minor_status*/,
928             const gss_buffer_t /*member_buffer*/,
929             gss_buffer_set_t * /*buffer_set*/);
930 
931 OM_uint32 generic_gss_release_buffer_set
932 (OM_uint32 * /*minor_status*/,
933             gss_buffer_set_t * /*buffer_set*/);
934 
935 /*
936  * SUNW17PACresync
937  * New map error API in MIT 1.7, at build time generates code for errors.
938  * Solaris does not gen the errors at build time so we just stub these
939  * for now, need to revisit.
940  * See mglueP.h and util_errmap.c in MIT 1.7.
941 */
942 #ifdef _KERNEL
943 
944 #define map_error(MINORP, MECH)
945 #define map_errcode(MINORP)
946 
947 #else  /* _KERNEL */
948 
949 /* Use this to map an error code that was returned from a mech
950    operation; the mech will be asked to produce the associated error
951    messages.
952 
953    Remember that if the minor status code cannot be returned to the
954    caller (e.g., if it's stuffed in an automatic variable and then
955    ignored), then we don't care about producing a mapping.  */
956 #define map_error(MINORP, MECH) \
957     (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type))
958 #define map_error_oid(MINORP, MECHOID) \
959     (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID)))
960 
961 /* Use this to map an errno value or com_err error code being
962    generated within the mechglue code (e.g., by calling generic oid
963    ops).  Any errno or com_err values produced by mech operations
964    should be processed with map_error.  This means they'll be stored
965    separately even if the mech uses com_err, because we can't assume
966    that it will use com_err.  */
967 #define map_errcode(MINORP) \
968     (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP)))
969 
970 #endif /* _KERNEL */
971 
972 #endif /* _GSS_MECHGLUEP_H */
973