1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25/* 26 * This header contains the private mechglue definitions. 27 * 28 */ 29 30#ifndef _GSS_MECHGLUEP_H 31#define _GSS_MECHGLUEP_H 32 33#if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */ 34#include "autoconf.h" 35#endif 36 37/* SUNW15resync */ 38#ifndef GSS_DLLIMP 39#define GSS_DLLIMP 40#endif 41 42#include <gssapi/gssapi_ext.h> /* SUNW15resync - mechglue.h in mit 1.5 */ 43#if 0 /* Solaris Kerberos */ 44#include "gssapiP_generic.h" 45#endif 46 47#ifdef _KERNEL 48#include <rpc/rpc.h> 49#endif 50 51#ifndef g_OID_copy /* SUNW15resync */ 52#define g_OID_copy(o1, o2) \ 53do { \ 54 memcpy((o1)->elements, (o2)->elements, (o2)->length); \ 55 (o1)->length = (o2)->length; \ 56} while (0) 57#endif 58 59#define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ 60 (buf)->value == NULL || (buf)->length == 0) 61 62/* 63 * Array of context IDs typed by mechanism OID 64 */ 65typedef struct gss_union_ctx_id_t { 66 gss_OID mech_type; 67 gss_ctx_id_t internal_ctx_id; 68} gss_union_ctx_id_desc, *gss_union_ctx_id_t; 69 70/* 71 * Generic GSSAPI names. A name can either be a generic name, or a 72 * mechanism specific name.... 73 */ 74typedef struct gss_name_struct { 75 struct gss_name_struct *loopback; 76 gss_OID name_type; 77 gss_buffer_t external_name; 78 /* 79 * These last two fields are only filled in for mechanism 80 * names. 81 */ 82 gss_OID mech_type; 83 gss_name_t mech_name; 84} gss_union_name_desc, *gss_union_name_t; 85 86/* 87 * Structure for holding list of mechanism-specific name types 88 */ 89typedef struct gss_mech_spec_name_t { 90 gss_OID name_type; 91 gss_OID mech; 92 struct gss_mech_spec_name_t *next, *prev; 93} gss_mech_spec_name_desc, *gss_mech_spec_name; 94 95/* 96 * Credential auxiliary info, used in the credential structure 97 */ 98typedef struct gss_union_cred_auxinfo { 99 gss_buffer_desc name; 100 gss_OID name_type; 101 OM_uint32 creation_time; 102 OM_uint32 time_rec; 103 int cred_usage; 104} gss_union_cred_auxinfo; 105 106/* 107 * Set of Credentials typed on mechanism OID 108 */ 109typedef struct gss_union_cred_t { 110 int count; 111 gss_OID mechs_array; 112 gss_cred_id_t *cred_array; 113 gss_union_cred_auxinfo auxinfo; 114} gss_union_cred_desc, *gss_union_cred_t; 115 116/* Solaris Kerberos */ 117typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)( 118 void *, /* context */ 119 OM_uint32 *, /* minor_status */ 120 const gss_name_t, /* desired_name */ 121 const gss_buffer_t, /* password */ 122 OM_uint32, /* time_req */ 123 const gss_OID_set, /* desired_mechs */ 124 int, /* cred_usage */ 125 gss_cred_id_t *, /* output_cred_handle */ 126 gss_OID_set *, /* actual_mechs */ 127 OM_uint32 * /* time_rec */ 128 /* */); 129 130/* 131 * Rudimentary pointer validation macro to check whether the 132 * "loopback" field of an opaque struct points back to itself. This 133 * field also catches some programming errors where an opaque pointer 134 * is passed to a function expecting the address of the opaque 135 * pointer. 136 */ 137#if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */ 138#define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p))) 139#else 140#define GSSINT_CHK_LOOP(p) ((p) == NULL) 141#endif 142 143 144/********************************************************/ 145/* The Mechanism Dispatch Table -- a mechanism needs to */ 146/* define one of these and provide a function to return */ 147/* it to initialize the GSSAPI library */ 148 149/* 150 * This is the definition of the mechs_array struct, which is used to 151 * define the mechs array table. This table is used to indirectly 152 * access mechanism specific versions of the gssapi routines through 153 * the routines in the glue module (gssd_mech_glue.c) 154 * 155 * This contants all of the functions defined in gssapi.h except for 156 * gss_release_buffer() and gss_release_oid_set(), which I am 157 * assuming, for now, to be equal across mechanisms. 158 */ 159 160typedef struct gss_config { 161#if 0 /* Solaris Kerberos */ 162 OM_uint32 priority; 163 char * mechNameStr; 164#endif 165 gss_OID_desc mech_type; 166 void * context; 167#ifdef _KERNEL 168 struct gss_config *next; 169 bool_t uses_kmod; 170#endif 171 172#ifndef _KERNEL 173 OM_uint32 (*gss_acquire_cred) 174 ( 175 void *, /* context */ 176 177 OM_uint32 *, /* minor_status */ 178 const gss_name_t, /* desired_name */ 179 OM_uint32, /* time_req */ 180 const gss_OID_set, /* desired_mechs */ 181 int, /* cred_usage */ 182 gss_cred_id_t *, /* output_cred_handle */ 183 gss_OID_set *, /* actual_mechs */ 184 OM_uint32 * /* time_rec */ 185 /* */); 186 OM_uint32 (*gss_release_cred) 187 ( 188 189 void *, /* context */ 190 OM_uint32 *, /* minor_status */ 191 gss_cred_id_t * /* cred_handle */ 192 /* */); 193 OM_uint32 (*gss_init_sec_context) 194 ( 195 void *, /* context */ 196 OM_uint32 *, /* minor_status */ 197 const gss_cred_id_t, /* claimant_cred_handle */ 198 gss_ctx_id_t *, /* context_handle */ 199 const gss_name_t, /* target_name */ 200 const gss_OID, /* mech_type */ 201 OM_uint32, /* req_flags */ 202 OM_uint32, /* time_req */ 203 const gss_channel_bindings_t, /* input_chan_bindings */ 204 const gss_buffer_t, /* input_token */ 205 gss_OID*, /* actual_mech_type */ 206 gss_buffer_t, /* output_token */ 207 OM_uint32 *, /* ret_flags */ 208 OM_uint32 * /* time_rec */ 209 /* */); 210 OM_uint32 (*gss_accept_sec_context) 211 ( 212 void *, /* context */ 213 OM_uint32 *, /* minor_status */ 214 gss_ctx_id_t *, /* context_handle */ 215 const gss_cred_id_t, /* verifier_cred_handle */ 216 const gss_buffer_t, /* input_token_buffer */ 217 const gss_channel_bindings_t, /* input_chan_bindings */ 218 gss_name_t *, /* src_name */ 219 gss_OID*, /* mech_type */ 220 gss_buffer_t, /* output_token */ 221 OM_uint32 *, /* ret_flags */ 222 OM_uint32 *, /* time_rec */ 223 gss_cred_id_t * /* delegated_cred_handle */ 224 /* */); 225/* EXPORT DELETE START */ /* CRYPT DELETE START */ 226#endif /* ! _KERNEL */ 227 228/* 229 * Note: there are two gss_unseal's in here. Make any changes to both. 230 */ 231 OM_uint32 (*gss_unseal) 232 ( 233 void *, /* context */ 234 OM_uint32 *, /* minor_status */ 235 const gss_ctx_id_t, /* context_handle */ 236 const gss_buffer_t, /* input_message_buffer */ 237 gss_buffer_t, /* output_message_buffer */ 238 int *, /* conf_state */ 239 int * /* qop_state */ 240#ifdef _KERNEL 241 /* */, OM_uint32 242#endif 243 /* */); 244#ifndef _KERNEL 245/* EXPORT DELETE END */ /* CRYPT DELETE END */ 246 OM_uint32 (*gss_process_context_token) 247 ( 248 void *, /* context */ 249 OM_uint32 *, /* minor_status */ 250 const gss_ctx_id_t, /* context_handle */ 251 const gss_buffer_t /* token_buffer */ 252 /* */); 253#endif /* ! _KERNEL */ 254 OM_uint32 (*gss_delete_sec_context) 255 ( 256 void *, /* context */ 257 OM_uint32 *, /* minor_status */ 258 gss_ctx_id_t *, /* context_handle */ 259 gss_buffer_t /* output_token */ 260#ifdef _KERNEL 261 /* */, OM_uint32 262#endif 263 /* */); 264#ifndef _KERNEL 265 OM_uint32 (*gss_context_time) 266 ( 267 void *, /* context */ 268 OM_uint32 *, /* minor_status */ 269 const gss_ctx_id_t, /* context_handle */ 270 OM_uint32 * /* time_rec */ 271 /* */); 272 OM_uint32 (*gss_display_status) 273 ( 274 void *, /* context */ 275 OM_uint32 *, /* minor_status */ 276 OM_uint32, /* status_value */ 277 int, /* status_type */ 278 const gss_OID, /* mech_type */ 279 OM_uint32 *, /* message_context */ 280 gss_buffer_t /* status_string */ 281 /* */); 282 OM_uint32 (*gss_indicate_mechs) 283 ( 284 void *, /* context */ 285 OM_uint32 *, /* minor_status */ 286 gss_OID_set * /* mech_set */ 287 /* */); 288 OM_uint32 (*gss_compare_name) 289 ( 290 void *, /* context */ 291 OM_uint32 *, /* minor_status */ 292 const gss_name_t, /* name1 */ 293 const gss_name_t, /* name2 */ 294 int * /* name_equal */ 295 /* */); 296 OM_uint32 (*gss_display_name) 297 ( 298 void *, /* context */ 299 OM_uint32 *, /* minor_status */ 300 const gss_name_t, /* input_name */ 301 gss_buffer_t, /* output_name_buffer */ 302 gss_OID* /* output_name_type */ 303 /* */); 304 OM_uint32 (*gss_import_name) 305 ( 306 void *, /* context */ 307 OM_uint32 *, /* minor_status */ 308 const gss_buffer_t, /* input_name_buffer */ 309 const gss_OID, /* input_name_type */ 310 gss_name_t * /* output_name */ 311 /* */); 312 OM_uint32 (*gss_release_name) 313 ( 314 void *, /* context */ 315 OM_uint32 *, /* minor_status */ 316 gss_name_t * /* input_name */ 317 /* */); 318 OM_uint32 (*gss_inquire_cred) 319 ( 320 void *, /* context */ 321 OM_uint32 *, /* minor_status */ 322 const gss_cred_id_t, /* cred_handle */ 323 gss_name_t *, /* name */ 324 OM_uint32 *, /* lifetime */ 325 int *, /* cred_usage */ 326 gss_OID_set * /* mechanisms */ 327 /* */); 328 OM_uint32 (*gss_add_cred) 329 ( 330 void *, /* context */ 331 OM_uint32 *, /* minor_status */ 332 const gss_cred_id_t, /* input_cred_handle */ 333 const gss_name_t, /* desired_name */ 334 const gss_OID, /* desired_mech */ 335 gss_cred_usage_t, /* cred_usage */ 336 OM_uint32, /* initiator_time_req */ 337 OM_uint32, /* acceptor_time_req */ 338 gss_cred_id_t *, /* output_cred_handle */ 339 gss_OID_set *, /* actual_mechs */ 340 OM_uint32 *, /* initiator_time_rec */ 341 OM_uint32 * /* acceptor_time_rec */ 342 /* */); 343/* EXPORT DELETE START */ /* CRYPT DELETE START */ 344#endif /* ! _KERNEL */ 345/* 346 * Note: there are two gss_seal's in here. Make any changes to both. 347 */ 348 OM_uint32 (*gss_seal) 349 ( 350 void *, /* context */ 351 OM_uint32 *, /* minor_status */ 352 const gss_ctx_id_t, /* context_handle */ 353 int, /* conf_req_flag */ 354 int, /* qop_req */ 355 const gss_buffer_t, /* input_message_buffer */ 356 int *, /* conf_state */ 357 gss_buffer_t /* output_message_buffer */ 358#ifdef _KERNEL 359 /* */, OM_uint32 360#endif 361 /* */); 362#ifndef _KERNEL 363/* EXPORT DELETE END */ /* CRYPT DELETE END */ 364 OM_uint32 (*gss_export_sec_context) 365 ( 366 void *, /* context */ 367 OM_uint32 *, /* minor_status */ 368 gss_ctx_id_t *, /* context_handle */ 369 gss_buffer_t /* interprocess_token */ 370 /* */); 371#endif /* ! _KERNEL */ 372 OM_uint32 (*gss_import_sec_context) 373 ( 374 void *, /* context */ 375 OM_uint32 *, /* minor_status */ 376 const gss_buffer_t, /* interprocess_token */ 377 gss_ctx_id_t * /* context_handle */ 378 /* */); 379#ifndef _KERNEL 380 OM_uint32 (*gss_inquire_cred_by_mech) 381 ( 382 void *, /* context */ 383 OM_uint32 *, /* minor_status */ 384 const gss_cred_id_t, /* cred_handle */ 385 const gss_OID, /* mech_type */ 386 gss_name_t *, /* name */ 387 OM_uint32 *, /* initiator_lifetime */ 388 OM_uint32 *, /* acceptor_lifetime */ 389 gss_cred_usage_t * /* cred_usage */ 390 /* */); 391 OM_uint32 (*gss_inquire_names_for_mech) 392 ( 393 void *, /* context */ 394 OM_uint32 *, /* minor_status */ 395 const gss_OID, /* mechanism */ 396 gss_OID_set * /* name_types */ 397 /* */); 398 OM_uint32 (*gss_inquire_context) 399 ( 400 void *, /* context */ 401 OM_uint32 *, /* minor_status */ 402 const gss_ctx_id_t, /* context_handle */ 403 gss_name_t *, /* src_name */ 404 gss_name_t *, /* targ_name */ 405 OM_uint32 *, /* lifetime_rec */ 406 gss_OID *, /* mech_type */ 407 OM_uint32 *, /* ctx_flags */ 408 int *, /* locally_initiated */ 409 int * /* open */ 410 /* */); 411 OM_uint32 (*gss_internal_release_oid) 412 ( 413 void *, /* context */ 414 OM_uint32 *, /* minor_status */ 415 gss_OID * /* OID */ 416 /* */); 417 OM_uint32 (*gss_wrap_size_limit) 418 ( 419 void *, /* context */ 420 OM_uint32 *, /* minor_status */ 421 const gss_ctx_id_t, /* context_handle */ 422 int, /* conf_req_flag */ 423 gss_qop_t, /* qop_req */ 424 OM_uint32, /* req_output_size */ 425 OM_uint32 * /* max_input_size */ 426 /* */); 427 OM_uint32 (*pname_to_uid) 428 ( 429 void *, /* context */ 430 OM_uint32 *, /* minor_status */ 431 const gss_name_t, /* pname */ 432 uid_t * /* uid */ 433 /* */); 434 OM_uint32 (*__gss_userok) 435 ( 436 void *, /* context */ 437 OM_uint32 *, /* minor_status */ 438 const gss_name_t, /* pname */ 439 const char *, /* local user */ 440 int * /* user ok? */ 441 /* */); 442 OM_uint32 (*gss_export_name) 443 ( 444 void *, /* context */ 445 OM_uint32 *, /* minor_status */ 446 const gss_name_t, /* input_name */ 447 gss_buffer_t /* exported_name */ 448 /* */); 449#endif /* ! _KERNEL */ 450/* EXPORT DELETE START */ 451/* CRYPT DELETE START */ 452/* 453 * This block comment is Sun Proprietary: Need-To-Know. 454 * What we are doing is leaving the seal and unseal entry points 455 * in an obvious place before sign and unsign for the Domestic customer 456 * of the Solaris Source Product. The Domestic customer of the Solaris Source 457 * Product will have to deal with the problem of creating exportable libgss 458 * binaries. 459 * In the binary product that Sun builds, these entry points are elsewhere, 460 * and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC 461 * targets delete them. 462 */ 463#if 0 464/* CRYPT DELETE END */ 465 OM_uint32 (*gss_seal) 466 ( 467 void *, /* context */ 468 OM_uint32 *, /* minor_status */ 469 const gss_ctx_id_t, /* context_handle */ 470 int, /* conf_req_flag */ 471 int, /* qop_req */ 472 const gss_buffer_t, /* input_message_buffer */ 473 int *, /* conf_state */ 474 gss_buffer_t /* output_message_buffer */ 475#ifdef _KERNEL 476 /* */, OM_uint32 477#endif 478 /* */); 479 OM_uint32 (*gss_unseal) 480 ( 481 void *, /* context */ 482 OM_uint32 *, /* minor_status */ 483 const gss_ctx_id_t, /* context_handle */ 484 const gss_buffer_t, /* input_message_buffer */ 485 gss_buffer_t, /* output_message_buffer */ 486 int *, /* conf_state */ 487 int * /* qop_state */ 488#ifdef _KERNEL 489 /* */, OM_uint32 490#endif 491 /* */); 492/* CRYPT DELETE START */ 493#endif /* 0 */ 494/* CRYPT DELETE END */ 495/* EXPORT DELETE END */ 496 OM_uint32 (*gss_sign) 497 ( 498 void *, /* context */ 499 OM_uint32 *, /* minor_status */ 500 const gss_ctx_id_t, /* context_handle */ 501 int, /* qop_req */ 502 const gss_buffer_t, /* message_buffer */ 503 gss_buffer_t /* message_token */ 504#ifdef _KERNEL 505 /* */, OM_uint32 506#endif 507 /* */); 508 OM_uint32 (*gss_verify) 509 ( 510 void *, /* context */ 511 OM_uint32 *, /* minor_status */ 512 const gss_ctx_id_t, /* context_handle */ 513 const gss_buffer_t, /* message_buffer */ 514 const gss_buffer_t, /* token_buffer */ 515 int * /* qop_state */ 516#ifdef _KERNEL 517 /* */, OM_uint32 518#endif 519 /* */); 520#ifndef _KERNEL 521 OM_uint32 (*gss_store_cred) 522 ( 523 void *, /* context */ 524 OM_uint32 *, /* minor_status */ 525 const gss_cred_id_t, /* input_cred */ 526 gss_cred_usage_t, /* cred_usage */ 527 const gss_OID, /* desired_mech */ 528 OM_uint32, /* overwrite_cred */ 529 OM_uint32, /* default_cred */ 530 gss_OID_set *, /* elements_stored */ 531 gss_cred_usage_t * /* cred_usage_stored */ 532 /* */); 533 534 /* GGF extensions */ 535 536 OM_uint32 (*gss_inquire_sec_context_by_oid) 537 ( 538 OM_uint32 *, /* minor_status */ 539 const gss_ctx_id_t, /* context_handle */ 540 const gss_OID, /* OID */ 541 gss_buffer_set_t * /* data_set */ 542 /* */); 543 544#endif 545} *gss_mechanism; 546 547 548 549#ifndef _KERNEL 550/* This structure MUST NOT be used by any code outside libgss */ 551typedef struct gss_config_ext { 552 gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password; 553} *gss_mechanism_ext; 554#endif /* _KERNEL */ 555 556 557/* 558 * In the user space we use a wrapper structure to encompass the 559 * mechanism entry points. The wrapper contain the mechanism 560 * entry points and other data which is only relevant to the gss-api 561 * layer. In the kernel we use only the gss_config strucutre because 562 * the kernal does not cantain any of the extra gss-api specific data. 563 */ 564typedef struct gss_mech_config { 565 char *kmodName; /* kernel module name */ 566 char *uLibName; /* user library name */ 567 char *mechNameStr; /* mechanism string name */ 568 char *optionStr; /* optional mech parameters */ 569 void *dl_handle; /* RTLD object handle for the mech */ 570 gss_OID mech_type; /* mechanism oid */ 571 gss_mechanism mech; /* mechanism initialization struct */ 572#ifndef _KERNEL 573 gss_mechanism_ext mech_ext; /* Solaris extensions */ 574#endif /* _KERNEL */ 575 struct gss_mech_config *next; /* next element in the list */ 576} *gss_mech_info; 577 578/********************************************************/ 579/* Internal mechglue routines */ 580 581/* SUNW15resync - Solaris versions - replace w/mit ones? */ 582gss_mechanism __gss_get_mechanism(const gss_OID); 583#ifndef _KERNEL 584gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID); 585#endif /* _KERNEL */ 586char *__gss_get_kmodName(const gss_OID); 587char *__gss_get_modOptions(const gss_OID); 588OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID, 589 gss_union_name_t, gss_name_t *); 590OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID, 591 const gss_name_t, gss_buffer_t); 592OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID, 593 const gss_name_t, gss_buffer_t, gss_OID *); 594OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID, 595 gss_name_t *); 596OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID, 597 gss_ctx_id_t *, gss_buffer_t); 598OM_uint32 __gss_convert_name_to_union_name( 599 OM_uint32 *, /* minor_status */ 600 gss_mechanism, /* mech */ 601 gss_name_t, /* internal_name */ 602 gss_name_t * /* external_name */ 603); 604 605 gss_cred_id_t __gss_get_mechanism_cred( 606 const gss_union_cred_t, /* union_cred */ 607 const gss_OID /* mech_type */ 608); 609 610 611 612 613 614int gssint_mechglue_init(void); 615void gssint_mechglue_fini(void); 616 617gss_mechanism gssint_get_mechanism (gss_OID); 618OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t); 619char *gssint_get_kmodName(const gss_OID); 620char *gssint_get_modOptions(const gss_OID); 621OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t, 622 gss_name_t *); 623OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID, 624 const gss_name_t, gss_buffer_t); 625OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t, 626 gss_buffer_t, gss_OID *); 627OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *); 628 629OM_uint32 gssint_convert_name_to_union_name 630 (OM_uint32 *, /* minor_status */ 631 gss_mechanism, /* mech */ 632 gss_name_t, /* internal_name */ 633 gss_name_t * /* external_name */ 634 ); 635gss_cred_id_t gssint_get_mechanism_cred 636 (gss_union_cred_t, /* union_cred */ 637 gss_OID /* mech_type */ 638 ); 639 640OM_uint32 gssint_create_copy_buffer( 641 const gss_buffer_t, /* src buffer */ 642 gss_buffer_t *, /* destination buffer */ 643 int /* NULL terminate buffer ? */ 644); 645 646 647OM_uint32 gssint_copy_oid_set( 648 OM_uint32 *, /* minor_status */ 649 const gss_OID_set_desc *, /* oid set */ 650 gss_OID_set * /* new oid set */ 651); 652 653/* SUNW15resync - for old Solaris version in libgss */ 654OM_uint32 gss_copy_oid_set( 655 OM_uint32 *, /* minor_status */ 656 const gss_OID_set_desc *, /* oid set */ 657 gss_OID_set * /* new oid set */ 658); 659 660 661gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */ 662 663OM_uint32 gss_add_mech_name_type 664 (OM_uint32 *, /* minor_status */ 665 gss_OID, /* name_type */ 666 gss_OID /* mech */ 667 ); 668 669/* 670 * Sun extensions to GSS-API v2 671 */ 672 673OM_uint32 674gssint_mech_to_oid( 675 const char *mech, /* mechanism string name */ 676 gss_OID *oid /* mechanism oid */ 677); 678 679const char * 680gssint_oid_to_mech( 681 const gss_OID oid /* mechanism oid */ 682); 683 684OM_uint32 685gssint_get_mechanisms( 686 char *mechArray[], /* array to populate with mechs */ 687 int arrayLen /* length of passed in array */ 688); 689 690OM_uint32 691gss_store_cred( 692 OM_uint32 *, /* minor_status */ 693 const gss_cred_id_t, /* input_cred_handle */ 694 gss_cred_usage_t, /* cred_usage */ 695 const gss_OID, /* desired_mech */ 696 OM_uint32, /* overwrite_cred */ 697 OM_uint32, /* default_cred */ 698 gss_OID_set *, /* elements_stored */ 699 gss_cred_usage_t * /* cred_usage_stored */ 700); 701 702int 703gssint_get_der_length( 704 unsigned char **, /* buf */ 705 unsigned int, /* buf_len */ 706 unsigned int * /* bytes */ 707); 708 709unsigned int 710gssint_der_length_size(unsigned int /* len */); 711 712int 713gssint_put_der_length( 714 unsigned int, /* length */ 715 unsigned char **, /* buf */ 716 unsigned int /* max_len */ 717); 718 719 720 721/* Solaris kernel and gssd support */ 722 723/* 724 * derived types for passing context and credential handles 725 * between gssd and kernel 726 */ 727typedef unsigned int gssd_ctx_id_t; 728typedef unsigned int gssd_cred_id_t; 729 730#ifdef _KERNEL 731 732#ifndef _KRB5_H 733/* These macros are defined for Kerberos in krb5.h, and have priority */ 734#define MALLOC(n) kmem_alloc((n), KM_SLEEP) 735#define FREE(x, n) kmem_free((x), (n)) 736#endif /* _KRB5_H */ 737 738gss_mechanism __kgss_get_mechanism(gss_OID); 739void __kgss_add_mechanism(gss_mechanism); 740#endif /* _KERNEL */ 741 742struct kgss_cred { 743 gssd_cred_id_t gssd_cred; 744 OM_uint32 gssd_cred_verifier; 745}; 746 747#define KCRED_TO_KGSS_CRED(cred) ((struct kgss_cred *)(cred)) 748#define KCRED_TO_CRED(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred) 749#define KCRED_TO_CREDV(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier) 750 751struct kgss_ctx { 752 gssd_ctx_id_t gssd_ctx; 753#ifdef _KERNEL 754 gss_ctx_id_t gssd_i_ctx; 755 bool_t ctx_imported; 756 gss_mechanism mech; 757#endif /* _KERNEL */ 758 OM_uint32 gssd_ctx_verifier; 759}; 760 761#define KCTX_TO_KGSS_CTX(ctx) ((struct kgss_ctx *)(ctx)) 762#define KCTX_TO_CTX_IMPORTED(ctx) (KCTX_TO_KGSS_CTX(ctx)->ctx_imported) 763#define KCTX_TO_GSSD_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 764#define KCTX_TO_CTXV(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier) 765#define KCTX_TO_MECH(ctx) (KCTX_TO_KGSS_CTX(ctx)->mech) 766#define KCTX_TO_PRIVATE(ctx) (KCTX_TO_MECH(ctx)->context) 767#define KGSS_CTX_TO_GSSD_CTX(ctx) \ 768 (((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \ 769 KCTX_TO_GSSD_CTX(ctx)) 770#define KGSS_CTX_TO_GSSD_CTXV(ctx) \ 771 (((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx)) 772 773#ifdef _KERNEL 774#define KCTX_TO_I_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx) 775#define KCTX_TO_CTX(ctx) \ 776((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \ 777 KCTX_TO_I_CTX(ctx)) 778#define KGSS_CRED_ALLOC() kmem_zalloc(sizeof (struct kgss_cred), \ 779 KM_SLEEP) 780#define KGSS_CRED_FREE(cred) kmem_free(cred, sizeof (struct kgss_cred)) 781 782#define KGSS_ALLOC() kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP) 783#define KGSS_FREE(ctx) kmem_free(ctx, sizeof (struct kgss_ctx)) 784 785#define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 786 (*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \ 787 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 788 789#define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 790 (*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\ 791 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 792 793#define KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id, tkn) \ 794 (*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\ 795 minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx)) 796 797#define KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id) \ 798 (*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\ 799 minor_st, tkn, int_ctx_id) 800 801/* EXPORT DELETE START */ 802#define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 803 (*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \ 804 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\ 805 KCTX_TO_CTXV(ctx)) 806 807#define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 808 (*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\ 809 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 810 KCTX_TO_CTXV(ctx)) 811 812/* EXPORT DELETE END */ 813 814#define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx) 815#define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid) 816extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *); 817 818#else /* !_KERNEL */ 819 820#define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx) 821#define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid) 822 823#define KCTX_TO_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx) 824#define MALLOC(n) malloc(n) 825#define FREE(x, n) free(x) 826#define KGSS_CRED_ALLOC() (struct kgss_cred *) \ 827 MALLOC(sizeof (struct kgss_cred)) 828#define KGSS_CRED_FREE(cred) free(cred) 829#define KGSS_ALLOC() (struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx)) 830#define KGSS_FREE(ctx) free(ctx) 831 832#define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \ 833 kgss_sign_wrapped(minor_st, \ 834 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx)) 835 836#define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \ 837 kgss_verify_wrapped(minor_st,\ 838 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx)) 839 840#define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \ 841 kgss_seal_wrapped(minor_st, \ 842 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \ 843 KCTX_TO_CTXV(ctx)) 844 845#define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \ 846 kgss_unseal_wrapped(minor_st,\ 847 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \ 848 KCTX_TO_CTXV(ctx)) 849#endif /* _KERNEL */ 850 851/* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */ 852OM_uint32 generic_gss_release_buffer 853(OM_uint32*, /* minor_status */ 854 gss_buffer_t /* buffer */ 855 ); 856 857OM_uint32 generic_gss_release_oid_set 858(OM_uint32*, /* minor_status */ 859 gss_OID_set* /* set */ 860 ); 861 862OM_uint32 generic_gss_release_oid 863(OM_uint32*, /* minor_status */ 864 gss_OID* /* set */ 865 ); 866 867OM_uint32 generic_gss_copy_oid 868(OM_uint32 *, /* minor_status */ 869 gss_OID_desc * const, /* oid */ /* SUNW15resync */ 870 gss_OID * /* new_oid */ 871 ); 872 873OM_uint32 generic_gss_create_empty_oid_set 874(OM_uint32 *, /* minor_status */ 875 gss_OID_set * /* oid_set */ 876 ); 877 878OM_uint32 generic_gss_add_oid_set_member 879(OM_uint32 *, /* minor_status */ 880 gss_OID_desc * const, /* member_oid */ 881 gss_OID_set * /* oid_set */ 882 ); 883 884OM_uint32 generic_gss_test_oid_set_member 885(OM_uint32 *, /* minor_status */ 886 gss_OID_desc * const, /* member */ 887 gss_OID_set, /* set */ 888 int * /* present */ 889 ); 890 891OM_uint32 generic_gss_oid_to_str 892(OM_uint32 *, /* minor_status */ 893 gss_OID_desc * const, /* oid */ 894 gss_buffer_t /* oid_str */ 895 ); 896 897OM_uint32 generic_gss_str_to_oid 898(OM_uint32 *, /* minor_status */ 899 gss_buffer_t, /* oid_str */ 900 gss_OID * /* oid */ 901 ); 902 903OM_uint32 904generic_gss_oid_compose( 905 OM_uint32 *, /* minor_status */ 906 const char *, /* prefix */ 907 size_t, /* prefix_len */ 908 int, /* suffix */ 909 gss_OID_desc *); /* oid */ 910 911OM_uint32 912generic_gss_oid_decompose( 913 OM_uint32 *, /* minor_status */ 914 const char *, /*prefix */ 915 size_t, /* prefix_len */ 916 gss_OID_desc *, /* oid */ 917 int *); /* suffix */ 918 919OM_uint32 generic_gss_create_empty_buffer_set 920(OM_uint32 * /*minor_status*/, 921 gss_buffer_set_t * /*buffer_set*/); 922 923OM_uint32 generic_gss_add_buffer_set_member 924(OM_uint32 * /*minor_status*/, 925 const gss_buffer_t /*member_buffer*/, 926 gss_buffer_set_t * /*buffer_set*/); 927 928OM_uint32 generic_gss_release_buffer_set 929(OM_uint32 * /*minor_status*/, 930 gss_buffer_set_t * /*buffer_set*/); 931 932/* 933 * SUNW17PACresync 934 * New map error API in MIT 1.7, at build time generates code for errors. 935 * Solaris does not gen the errors at build time so we just stub these 936 * for now, need to revisit. 937 * See mglueP.h and util_errmap.c in MIT 1.7. 938*/ 939#ifdef _KERNEL 940 941#define map_error(MINORP, MECH) 942#define map_errcode(MINORP) 943 944#else /* _KERNEL */ 945 946/* Use this to map an error code that was returned from a mech 947 operation; the mech will be asked to produce the associated error 948 messages. 949 950 Remember that if the minor status code cannot be returned to the 951 caller (e.g., if it's stuffed in an automatic variable and then 952 ignored), then we don't care about producing a mapping. */ 953#define map_error(MINORP, MECH) \ 954 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type)) 955#define map_error_oid(MINORP, MECHOID) \ 956 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID))) 957 958/* Use this to map an errno value or com_err error code being 959 generated within the mechglue code (e.g., by calling generic oid 960 ops). Any errno or com_err values produced by mech operations 961 should be processed with map_error. This means they'll be stored 962 separately even if the mech uses com_err, because we can't assume 963 that it will use com_err. */ 964#define map_errcode(MINORP) \ 965 (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP))) 966 967#endif /* _KERNEL */ 968 969#endif /* _GSS_MECHGLUEP_H */ 970