1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  23  */
  24 
  25 /*
  26  * This header contains the private mechglue definitions.
  27  *
  28  */
  29 
  30 #ifndef _GSS_MECHGLUEP_H
  31 #define _GSS_MECHGLUEP_H
  32 
  33 #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */
  34 #include "autoconf.h"
  35 #endif
  36 
  37 /* SUNW15resync */
  38 #ifndef GSS_DLLIMP
  39 #define GSS_DLLIMP
  40 #endif
  41 
  42 #include <gssapi/gssapi_ext.h>   /* SUNW15resync - mechglue.h in mit 1.5 */
  43 #if 0 /* Solaris Kerberos */
  44 #include "gssapiP_generic.h"
  45 #endif
  46 
  47 #ifdef _KERNEL
  48 #include <rpc/rpc.h>
  49 #endif 
  50 
  51 #ifndef g_OID_copy /* SUNW15resync */
  52 #define g_OID_copy(o1, o2)                                      \
  53 do {                                                            \
  54         memcpy((o1)->elements, (o2)->elements, (o2)->length);  \
  55         (o1)->length = (o2)->length;                              \
  56 } while (0)
  57 #endif
  58 
  59 #define GSS_EMPTY_BUFFER(buf)   ((buf) == NULL ||\
  60         (buf)->value == NULL || (buf)->length == 0)
  61 
  62 /*
  63  * Array of context IDs typed by mechanism OID
  64  */
  65 typedef struct gss_union_ctx_id_t {
  66         gss_OID                 mech_type;
  67         gss_ctx_id_t            internal_ctx_id;
  68 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
  69 
  70 /*
  71  * Generic GSSAPI names.  A name can either be a generic name, or a
  72  * mechanism specific name....
  73  */
  74 typedef struct gss_name_struct {
  75         struct gss_name_struct *loopback;
  76         gss_OID                 name_type;
  77         gss_buffer_t            external_name;
  78         /*
  79          * These last two fields are only filled in for mechanism
  80          * names.
  81          */
  82         gss_OID                 mech_type;
  83         gss_name_t              mech_name;
  84 } gss_union_name_desc, *gss_union_name_t;
  85 
  86 /*
  87  * Structure for holding list of mechanism-specific name types
  88  */
  89 typedef struct gss_mech_spec_name_t {
  90     gss_OID     name_type;
  91     gss_OID     mech;
  92     struct gss_mech_spec_name_t *next, *prev;
  93 } gss_mech_spec_name_desc, *gss_mech_spec_name;
  94 
  95 /*
  96  * Credential auxiliary info, used in the credential structure
  97  */
  98 typedef struct gss_union_cred_auxinfo {
  99         gss_buffer_desc         name;
 100         gss_OID                 name_type;
 101         OM_uint32               creation_time;
 102         OM_uint32               time_rec;
 103         int                     cred_usage;
 104 } gss_union_cred_auxinfo;
 105 
 106 /*
 107  * Set of Credentials typed on mechanism OID
 108  */
 109 typedef struct gss_union_cred_t {
 110         int                     count;
 111         gss_OID                 mechs_array;
 112         gss_cred_id_t           *cred_array;
 113         gss_union_cred_auxinfo  auxinfo;
 114 } gss_union_cred_desc, *gss_union_cred_t;
 115 
 116 /* Solaris Kerberos */
 117 typedef OM_uint32           (*gss_acquire_cred_with_password_sfct)(
 118                     void *,             /* context */
 119                     OM_uint32 *,        /* minor_status */
 120                     const gss_name_t,   /* desired_name */
 121                     const gss_buffer_t, /* password */
 122                     OM_uint32,          /* time_req */
 123                     const gss_OID_set,  /* desired_mechs */
 124                     int,                /* cred_usage */
 125                     gss_cred_id_t *,    /* output_cred_handle */
 126                     gss_OID_set *,      /* actual_mechs */
 127                     OM_uint32 *         /* time_rec */
 128         /* */);
 129 
 130 /*
 131  * Rudimentary pointer validation macro to check whether the
 132  * "loopback" field of an opaque struct points back to itself.  This
 133  * field also catches some programming errors where an opaque pointer
 134  * is passed to a function expecting the address of the opaque
 135  * pointer.
 136  */
 137 #if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */
 138 #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
 139 #else
 140 #define GSSINT_CHK_LOOP(p) ((p) == NULL)
 141 #endif
 142 
 143 
 144 /********************************************************/
 145 /* The Mechanism Dispatch Table -- a mechanism needs to */
 146 /* define one of these and provide a function to return */
 147 /* it to initialize the GSSAPI library                  */
 148 
 149 /*
 150  * This is the definition of the mechs_array struct, which is used to
 151  * define the mechs array table. This table is used to indirectly
 152  * access mechanism specific versions of the gssapi routines through
 153  * the routines in the glue module (gssd_mech_glue.c)
 154  *
 155  * This contants all of the functions defined in gssapi.h except for
 156  * gss_release_buffer() and gss_release_oid_set(), which I am
 157  * assuming, for now, to be equal across mechanisms.  
 158  */
 159  
 160 typedef struct gss_config {
 161 #if 0 /* Solaris Kerberos */
 162     OM_uint32       priority;
 163     char *          mechNameStr;
 164 #endif
 165     gss_OID_desc    mech_type;
 166     void *          context;
 167 #ifdef  _KERNEL
 168     struct gss_config *next;
 169     bool_t          uses_kmod;
 170 #endif
 171 
 172 #ifndef _KERNEL
 173         OM_uint32           (*gss_acquire_cred)
 174         (
 175                     void *,             /* context */
 176 
 177                     OM_uint32 *,        /* minor_status */
 178                     const gss_name_t,   /* desired_name */
 179                     OM_uint32,          /* time_req */
 180                     const gss_OID_set,  /* desired_mechs */
 181                     int,                /* cred_usage */
 182                     gss_cred_id_t *,    /* output_cred_handle */
 183                     gss_OID_set *,      /* actual_mechs */
 184                     OM_uint32 *         /* time_rec */
 185         /* */);
 186         OM_uint32           (*gss_release_cred)
 187         (
 188 
 189                     void *,             /* context */
 190                     OM_uint32 *,        /* minor_status */
 191                     gss_cred_id_t *     /* cred_handle */
 192         /* */);
 193         OM_uint32           (*gss_init_sec_context)
 194         (
 195                     void *,                     /* context */
 196                     OM_uint32 *,                /* minor_status */
 197                     const gss_cred_id_t,        /* claimant_cred_handle */
 198                     gss_ctx_id_t *,             /* context_handle */
 199                     const gss_name_t,           /* target_name */
 200                     const gss_OID,              /* mech_type */
 201                     OM_uint32,                  /* req_flags */
 202                     OM_uint32,                  /* time_req */
 203                     const gss_channel_bindings_t, /* input_chan_bindings */
 204                     const gss_buffer_t,         /* input_token */
 205                     gss_OID*,                   /* actual_mech_type */
 206                     gss_buffer_t,               /* output_token */
 207                     OM_uint32 *,                /* ret_flags */
 208                     OM_uint32 *                 /* time_rec */
 209         /* */);
 210         OM_uint32           (*gss_accept_sec_context)
 211         (
 212                     void *,                     /* context */
 213                     OM_uint32 *,                /* minor_status */
 214                     gss_ctx_id_t *,             /* context_handle */
 215                     const gss_cred_id_t,        /* verifier_cred_handle */
 216                     const gss_buffer_t,         /* input_token_buffer */
 217                     const gss_channel_bindings_t, /* input_chan_bindings */
 218                     gss_name_t *,               /* src_name */
 219                     gss_OID*,                   /* mech_type */
 220                     gss_buffer_t,               /* output_token */
 221                     OM_uint32 *,                        /* ret_flags */
 222                     OM_uint32 *,                        /* time_rec */
 223                     gss_cred_id_t *             /* delegated_cred_handle */
 224         /* */);
 225 #endif  /* ! _KERNEL */
 226 
 227 /*
 228  * Note: there are two gss_unseal's in here. Make any changes to both.
 229  */
 230         OM_uint32           (*gss_unseal)
 231         (
 232                     void *,             /* context */
 233                     OM_uint32 *,        /* minor_status */
 234                     const gss_ctx_id_t, /* context_handle */
 235                     const gss_buffer_t, /* input_message_buffer */
 236                     gss_buffer_t,       /* output_message_buffer */
 237                     int *,              /* conf_state */
 238                     int *               /* qop_state */
 239 #ifdef   _KERNEL
 240         /* */, OM_uint32
 241 #endif
 242         /* */);
 243 #ifndef _KERNEL
 244         OM_uint32           (*gss_process_context_token)
 245         (
 246                     void *,             /* context */
 247                     OM_uint32 *,        /* minor_status */
 248                     const gss_ctx_id_t, /* context_handle */
 249                     const gss_buffer_t  /* token_buffer */
 250         /* */);
 251 #endif  /* ! _KERNEL */
 252         OM_uint32           (*gss_delete_sec_context)
 253         (
 254                     void *,             /* context */
 255                     OM_uint32 *,        /* minor_status */
 256                     gss_ctx_id_t *,     /* context_handle */
 257                     gss_buffer_t        /* output_token */
 258 #ifdef   _KERNEL
 259         /* */, OM_uint32
 260 #endif
 261         /* */);
 262 #ifndef _KERNEL
 263         OM_uint32           (*gss_context_time)
 264         (
 265                     void *,             /* context */
 266                     OM_uint32 *,        /* minor_status */
 267                     const gss_ctx_id_t, /* context_handle */
 268                     OM_uint32 *         /* time_rec */
 269         /* */);
 270         OM_uint32           (*gss_display_status)
 271         (
 272                     void *,             /* context */
 273                     OM_uint32 *,        /* minor_status */
 274                     OM_uint32,          /* status_value */
 275                     int,                /* status_type */
 276                     const gss_OID,      /* mech_type */
 277                     OM_uint32 *,        /* message_context */
 278                     gss_buffer_t        /* status_string */
 279         /* */);
 280         OM_uint32           (*gss_indicate_mechs)
 281         (
 282                     void *,             /* context */
 283                     OM_uint32 *,        /* minor_status */
 284                     gss_OID_set *       /* mech_set */
 285         /* */);
 286         OM_uint32           (*gss_compare_name)
 287         (
 288                     void *,             /* context */
 289                     OM_uint32 *,        /* minor_status */
 290                     const gss_name_t,   /* name1 */
 291                     const gss_name_t,   /* name2 */
 292                     int *               /* name_equal */
 293         /* */);
 294         OM_uint32           (*gss_display_name)
 295         (
 296                     void *,             /* context */
 297                     OM_uint32 *,        /* minor_status */
 298                     const gss_name_t,   /* input_name */
 299                     gss_buffer_t,       /* output_name_buffer */
 300                     gss_OID*            /* output_name_type */
 301         /* */);
 302         OM_uint32           (*gss_import_name)
 303         (
 304                     void *,             /* context */
 305                     OM_uint32 *,        /* minor_status */
 306                     const gss_buffer_t, /* input_name_buffer */
 307                     const gss_OID,      /* input_name_type */
 308                     gss_name_t *        /* output_name */
 309         /* */);
 310         OM_uint32           (*gss_release_name)
 311         (
 312                     void *,             /* context */
 313                     OM_uint32 *,        /* minor_status */
 314                     gss_name_t *        /* input_name */
 315         /* */);
 316         OM_uint32           (*gss_inquire_cred)
 317         (
 318                     void *,                     /* context */
 319                     OM_uint32 *,                /* minor_status */
 320                     const gss_cred_id_t,        /* cred_handle */
 321                     gss_name_t *,               /* name */
 322                     OM_uint32 *,                /* lifetime */
 323                     int *,                      /* cred_usage */
 324                     gss_OID_set *               /* mechanisms */
 325         /* */);
 326         OM_uint32           (*gss_add_cred)
 327         (
 328                     void *,             /* context */
 329                     OM_uint32 *,        /* minor_status */
 330                     const gss_cred_id_t,        /* input_cred_handle */
 331                     const gss_name_t,   /* desired_name */
 332                     const gss_OID,      /* desired_mech */
 333                     gss_cred_usage_t,   /* cred_usage */
 334                     OM_uint32,          /* initiator_time_req */
 335                     OM_uint32,          /* acceptor_time_req */
 336                     gss_cred_id_t *,    /* output_cred_handle */
 337                     gss_OID_set *,      /* actual_mechs */
 338                     OM_uint32 *,        /* initiator_time_rec */
 339                     OM_uint32 *         /* acceptor_time_rec */
 340         /* */);
 341 #endif  /* ! _KERNEL */
 342 /*
 343  * Note: there are two gss_seal's in here. Make any changes to both.
 344  */
 345         OM_uint32           (*gss_seal)
 346         (
 347                     void *,             /* context */
 348                     OM_uint32 *,        /* minor_status */
 349                     const gss_ctx_id_t, /* context_handle */
 350                     int,                /* conf_req_flag */
 351                     int,                /* qop_req */
 352                     const gss_buffer_t, /* input_message_buffer */
 353                     int *,              /* conf_state */
 354                     gss_buffer_t        /* output_message_buffer */
 355 #ifdef   _KERNEL
 356         /* */, OM_uint32
 357 #endif
 358         /* */);
 359 #ifndef _KERNEL
 360         OM_uint32           (*gss_export_sec_context)
 361         (
 362                     void *,             /* context */
 363                     OM_uint32 *,        /* minor_status */
 364                     gss_ctx_id_t *,     /* context_handle */
 365                     gss_buffer_t        /* interprocess_token */
 366         /* */);
 367 #endif  /* ! _KERNEL */
 368         OM_uint32           (*gss_import_sec_context)
 369         (
 370                     void *,             /* context */
 371                     OM_uint32 *,        /* minor_status */
 372                     const gss_buffer_t, /* interprocess_token */
 373                     gss_ctx_id_t *      /* context_handle */
 374         /* */);
 375 #ifndef _KERNEL
 376         OM_uint32           (*gss_inquire_cred_by_mech)
 377         (
 378                     void *,             /* context */
 379                     OM_uint32 *,        /* minor_status */
 380                     const gss_cred_id_t,        /* cred_handle */
 381                     const gss_OID,      /* mech_type */
 382                     gss_name_t *,       /* name */
 383                     OM_uint32 *,        /* initiator_lifetime */
 384                     OM_uint32 *,        /* acceptor_lifetime */
 385                     gss_cred_usage_t *  /* cred_usage */
 386         /* */);
 387         OM_uint32           (*gss_inquire_names_for_mech)
 388         (
 389                     void *,             /* context */
 390                     OM_uint32 *,        /* minor_status */
 391                     const gss_OID,      /* mechanism */
 392                     gss_OID_set *       /* name_types */
 393         /* */);
 394         OM_uint32       (*gss_inquire_context)
 395         (
 396                     void *,             /* context */
 397                     OM_uint32 *,        /* minor_status */
 398                     const gss_ctx_id_t, /* context_handle */
 399                     gss_name_t *,       /* src_name */
 400                     gss_name_t *,       /* targ_name */
 401                     OM_uint32 *,        /* lifetime_rec */
 402                     gss_OID *,          /* mech_type */
 403                     OM_uint32 *,        /* ctx_flags */
 404                     int *,              /* locally_initiated */
 405                     int *               /* open */
 406         /* */);
 407         OM_uint32           (*gss_internal_release_oid)
 408         (
 409                     void *,             /* context */
 410                     OM_uint32 *,        /* minor_status */
 411                     gss_OID *           /* OID */
 412         /* */);
 413         OM_uint32               (*gss_wrap_size_limit)
 414         (
 415                     void *,             /* context */
 416                     OM_uint32 *,        /* minor_status */
 417                     const gss_ctx_id_t, /* context_handle */
 418                     int,                /* conf_req_flag */
 419                     gss_qop_t,          /* qop_req */
 420                     OM_uint32,          /* req_output_size */
 421                     OM_uint32 *         /* max_input_size */
 422         /* */);
 423         OM_uint32               (*pname_to_uid)
 424         (
 425                     void *,             /* context */
 426                     OM_uint32 *,        /* minor_status */
 427                     const gss_name_t,   /* pname */
 428                     uid_t *             /* uid */
 429         /* */);
 430         OM_uint32               (*__gss_userok)
 431         (
 432                     void *,             /* context */
 433                     OM_uint32 *,        /* minor_status */
 434                     const gss_name_t,   /* pname */
 435                     const char *,       /* local user */
 436                     int *               /* user ok? */
 437         /* */);
 438         OM_uint32               (*gss_export_name)
 439         (
 440                 void *,                 /* context */
 441                 OM_uint32 *,            /* minor_status */
 442                 const gss_name_t,       /* input_name */
 443                 gss_buffer_t            /* exported_name */
 444         /* */);
 445 #endif  /* ! _KERNEL */
 446         OM_uint32       (*gss_sign)
 447         (
 448                     void *,             /* context */
 449                     OM_uint32 *,        /* minor_status */
 450                     const gss_ctx_id_t, /* context_handle */
 451                     int,                /* qop_req */
 452                     const gss_buffer_t, /* message_buffer */
 453                     gss_buffer_t        /* message_token */
 454 #ifdef   _KERNEL
 455         /* */, OM_uint32
 456 #endif
 457         /* */);
 458         OM_uint32       (*gss_verify)
 459         (
 460                 void *,                 /* context */
 461                 OM_uint32 *,            /* minor_status */
 462                 const gss_ctx_id_t,     /* context_handle */
 463                 const gss_buffer_t,     /* message_buffer */
 464                 const gss_buffer_t,     /* token_buffer */
 465                 int *                   /* qop_state */
 466 #ifdef   _KERNEL
 467         /* */, OM_uint32
 468 #endif
 469         /* */);
 470 #ifndef  _KERNEL
 471         OM_uint32       (*gss_store_cred)
 472         (
 473                 void *,                 /* context */
 474                 OM_uint32 *,            /* minor_status */
 475                 const gss_cred_id_t,    /* input_cred */
 476                 gss_cred_usage_t,       /* cred_usage */
 477                 const gss_OID,          /* desired_mech */
 478                 OM_uint32,              /* overwrite_cred */
 479                 OM_uint32,              /* default_cred */
 480                 gss_OID_set *,          /* elements_stored */
 481                 gss_cred_usage_t *      /* cred_usage_stored */
 482         /* */);
 483 
 484         /* GGF extensions */
 485 
 486         OM_uint32       (*gss_inquire_sec_context_by_oid)
 487         (
 488                 OM_uint32 *,        /* minor_status */
 489                 const gss_ctx_id_t, /* context_handle */
 490                 const gss_OID,      /* OID */
 491                 gss_buffer_set_t *  /* data_set */
 492         /* */);
 493 
 494 #endif
 495 } *gss_mechanism;
 496 
 497 
 498         
 499 #ifndef _KERNEL
 500 /* This structure MUST NOT be used by any code outside libgss */
 501 typedef struct gss_config_ext {
 502         gss_acquire_cred_with_password_sfct     gss_acquire_cred_with_password;
 503 } *gss_mechanism_ext;
 504 #endif /* _KERNEL */
 505 
 506 
 507 /*
 508  * In the user space we use a wrapper structure to encompass the
 509  * mechanism entry points.  The wrapper contain the mechanism
 510  * entry points and other data which is only relevant to the gss-api
 511  * layer.  In the kernel we use only the gss_config strucutre because
 512  * the kernal does not cantain any of the extra gss-api specific data.
 513  */
 514 typedef struct gss_mech_config {
 515         char *kmodName;                 /* kernel module name */
 516         char *uLibName;                 /* user library name */
 517         char *mechNameStr;              /* mechanism string name */
 518         char *optionStr;                /* optional mech parameters */
 519         void *dl_handle;                /* RTLD object handle for the mech */
 520         gss_OID mech_type;              /* mechanism oid */
 521         gss_mechanism mech;             /* mechanism initialization struct */
 522 #ifndef _KERNEL
 523         gss_mechanism_ext mech_ext;     /* Solaris extensions */
 524 #endif /* _KERNEL */
 525         struct gss_mech_config *next;   /* next element in the list */
 526 } *gss_mech_info;
 527 
 528 /********************************************************/
 529 /* Internal mechglue routines */
 530 
 531 /* SUNW15resync - Solaris versions - replace w/mit ones? */
 532 gss_mechanism __gss_get_mechanism(const gss_OID);
 533 #ifndef _KERNEL
 534 gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID);
 535 #endif /* _KERNEL */
 536 char *__gss_get_kmodName(const gss_OID);
 537 char *__gss_get_modOptions(const gss_OID);
 538 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID,
 539         gss_union_name_t, gss_name_t *);
 540 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID,
 541         const gss_name_t, gss_buffer_t);
 542 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID,
 543         const gss_name_t, gss_buffer_t, gss_OID *);
 544 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID,
 545         gss_name_t *);
 546 OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID,
 547         gss_ctx_id_t *, gss_buffer_t);
 548 OM_uint32 __gss_convert_name_to_union_name(
 549         OM_uint32 *,            /* minor_status */
 550         gss_mechanism,  /* mech */
 551         gss_name_t,             /* internal_name */
 552         gss_name_t *            /* external_name */
 553 );
 554 
 555  gss_cred_id_t __gss_get_mechanism_cred(
 556         const gss_union_cred_t, /* union_cred */
 557         const gss_OID           /* mech_type */
 558 );
 559 
 560 
 561 
 562 
 563 
 564 int gssint_mechglue_init(void);
 565 void gssint_mechglue_fini(void);
 566 
 567 gss_mechanism gssint_get_mechanism (gss_OID);
 568 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t);
 569 char *gssint_get_kmodName(const gss_OID);
 570 char *gssint_get_modOptions(const gss_OID);
 571 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t,
 572                                       gss_name_t *);
 573 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID,
 574         const gss_name_t, gss_buffer_t);
 575 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t,
 576                                        gss_buffer_t, gss_OID *);
 577 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *);
 578 
 579 OM_uint32 gssint_convert_name_to_union_name
 580           (OM_uint32 *,         /* minor_status */
 581            gss_mechanism,       /* mech */
 582            gss_name_t,          /* internal_name */
 583            gss_name_t *         /* external_name */
 584            );
 585 gss_cred_id_t gssint_get_mechanism_cred
 586           (gss_union_cred_t,    /* union_cred */
 587            gss_OID              /* mech_type */
 588            );
 589 
 590 OM_uint32 gssint_create_copy_buffer(
 591         const gss_buffer_t,     /* src buffer */
 592         gss_buffer_t *,         /* destination buffer */
 593         int                     /* NULL terminate buffer ? */
 594 );
 595 
 596 
 597 OM_uint32 gssint_copy_oid_set(
 598         OM_uint32 *,                    /* minor_status */
 599         const gss_OID_set_desc *,       /* oid set */
 600         gss_OID_set *                   /* new oid set */
 601 );
 602 
 603 /* SUNW15resync - for old Solaris version in libgss */
 604 OM_uint32 gss_copy_oid_set(
 605         OM_uint32 *,                    /* minor_status */
 606         const gss_OID_set_desc *,       /* oid set */
 607         gss_OID_set *                   /* new oid set */
 608 );
 609 
 610 
 611 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */
 612 
 613 OM_uint32 gss_add_mech_name_type
 614            (OM_uint32 *,        /* minor_status */
 615             gss_OID,            /* name_type */
 616             gss_OID             /* mech */
 617                );
 618 
 619 /*
 620  * Sun extensions to GSS-API v2
 621  */
 622 
 623 OM_uint32
 624 gssint_mech_to_oid(
 625         const char *mech,               /* mechanism string name */
 626         gss_OID *oid                    /* mechanism oid */
 627 );
 628 
 629 const char *
 630 gssint_oid_to_mech(
 631         const gss_OID oid               /* mechanism oid */
 632 );
 633 
 634 OM_uint32
 635 gssint_get_mechanisms(
 636         char *mechArray[],              /* array to populate with mechs */
 637         int arrayLen                    /* length of passed in array */
 638 );
 639 
 640 OM_uint32
 641 gss_store_cred(
 642         OM_uint32 *,            /* minor_status */
 643         const gss_cred_id_t,    /* input_cred_handle */
 644         gss_cred_usage_t,       /* cred_usage */
 645         const gss_OID,          /* desired_mech */
 646         OM_uint32,              /* overwrite_cred */
 647         OM_uint32,              /* default_cred */
 648         gss_OID_set *,          /* elements_stored */
 649         gss_cred_usage_t *      /* cred_usage_stored */
 650 );
 651 
 652 int
 653 gssint_get_der_length(
 654         unsigned char **,       /* buf */
 655         unsigned int,           /* buf_len */
 656         unsigned int *          /* bytes */
 657 );
 658 
 659 unsigned int
 660 gssint_der_length_size(unsigned int /* len */);
 661 
 662 int
 663 gssint_put_der_length(
 664         unsigned int,           /* length */
 665         unsigned char **,       /* buf */
 666         unsigned int            /* max_len */
 667 );
 668 
 669 
 670 
 671 /* Solaris kernel and gssd support */
 672 
 673 /*
 674  * derived types for passing context and credential handles
 675  * between gssd and kernel
 676  */
 677 typedef unsigned int gssd_ctx_id_t;
 678 typedef unsigned int gssd_cred_id_t;
 679 
 680 #define GSSD_NO_CONTEXT         ((gssd_ctx_id_t)0)
 681 #define GSSD_NO_CREDENTIAL      ((gssd_cred_id_t)0)
 682 
 683 #ifdef  _KERNEL
 684 
 685 #ifndef _KRB5_H
 686 /* These macros are defined for Kerberos in krb5.h, and have priority */
 687 #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
 688 #define FREE(x, n) kmem_free((x), (n))
 689 #endif  /* _KRB5_H */
 690 
 691 gss_mechanism __kgss_get_mechanism(gss_OID);
 692 void __kgss_add_mechanism(gss_mechanism);
 693 #endif /* _KERNEL */
 694 
 695 struct  kgss_cred {
 696         gssd_cred_id_t  gssd_cred;
 697         OM_uint32       gssd_cred_verifier;
 698 };
 699 
 700 #define KCRED_TO_KGSS_CRED(cred)        ((struct kgss_cred *)(cred))
 701 #define KCRED_TO_CRED(cred)     (KCRED_TO_KGSS_CRED(cred)->gssd_cred)
 702 #define KCRED_TO_CREDV(cred)    (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier)
 703 
 704 struct  kgss_ctx {
 705         gssd_ctx_id_t   gssd_ctx;
 706 #ifdef _KERNEL
 707         gss_ctx_id_t    gssd_i_ctx;
 708         bool_t          ctx_imported;
 709         gss_mechanism   mech;
 710 #endif /* _KERNEL */
 711         OM_uint32       gssd_ctx_verifier;
 712 };
 713 
 714 #define KCTX_TO_KGSS_CTX(ctx)   ((struct kgss_ctx *)(ctx))
 715 #define KCTX_TO_CTX_IMPORTED(ctx)       (KCTX_TO_KGSS_CTX(ctx)->ctx_imported)
 716 #define KCTX_TO_GSSD_CTX(ctx)   (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
 717 #define KCTX_TO_CTXV(ctx)       (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier)
 718 #define KCTX_TO_MECH(ctx)       (KCTX_TO_KGSS_CTX(ctx)->mech)
 719 #define KCTX_TO_PRIVATE(ctx)    (KCTX_TO_MECH(ctx)->context)
 720 #define KGSS_CTX_TO_GSSD_CTX(ctx)       \
 721         (((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \
 722         KCTX_TO_GSSD_CTX(ctx))
 723 #define KGSS_CTX_TO_GSSD_CTXV(ctx)      \
 724         (((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx))
 725 
 726 #ifdef _KERNEL
 727 #define KCTX_TO_I_CTX(ctx)      (KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx)
 728 #define KCTX_TO_CTX(ctx) \
 729 ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \
 730         KCTX_TO_I_CTX(ctx))
 731 #define KGSS_CRED_ALLOC()       kmem_zalloc(sizeof (struct kgss_cred), \
 732         KM_SLEEP)
 733 #define KGSS_CRED_FREE(cred)    kmem_free(cred, sizeof (struct kgss_cred))
 734 
 735 #define KGSS_ALLOC()    kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP)
 736 #define KGSS_FREE(ctx)  kmem_free(ctx, sizeof (struct kgss_ctx))
 737 
 738 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \
 739         (*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \
 740                 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
 741 
 742 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop)       \
 743         (*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\
 744                 KCTX_TO_CTX(ctx), msg, tkn, qop,  KCTX_TO_CTXV(ctx))
 745 
 746 #define KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id,  tkn)        \
 747         (*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\
 748                 minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx))
 749 
 750 #define KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id) \
 751         (*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\
 752                 minor_st, tkn, int_ctx_id)
 753 
 754 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
 755         (*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \
 756                 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\
 757                 KCTX_TO_CTXV(ctx))
 758 
 759 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \
 760         (*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\
 761                 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \
 762                 KCTX_TO_CTXV(ctx))
 763 
 764 #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx)
 765 #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid)
 766 extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *);
 767 
 768 #else /* !_KERNEL */
 769 
 770 #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx)
 771 #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid)
 772 
 773 #define KCTX_TO_CTX(ctx)  (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
 774 #define MALLOC(n) malloc(n)
 775 #define FREE(x, n) free(x)
 776 #define KGSS_CRED_ALLOC()       (struct kgss_cred *) \
 777                 MALLOC(sizeof (struct kgss_cred))
 778 #define KGSS_CRED_FREE(cred)    free(cred)
 779 #define KGSS_ALLOC()    (struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx))
 780 #define KGSS_FREE(ctx)  free(ctx)
 781 
 782 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \
 783         kgss_sign_wrapped(minor_st, \
 784                 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
 785 
 786 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop)       \
 787         kgss_verify_wrapped(minor_st,\
 788                 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx))
 789 
 790 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
 791         kgss_seal_wrapped(minor_st, \
 792                 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \
 793                 KCTX_TO_CTXV(ctx))
 794 
 795 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \
 796         kgss_unseal_wrapped(minor_st,\
 797                 KCTX_TO_CTX(ctx), msg, tkn, conf, qop,  \
 798                 KCTX_TO_CTXV(ctx))
 799 #endif /* _KERNEL */
 800 
 801 /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */
 802 OM_uint32 generic_gss_release_buffer
 803 (OM_uint32*,       /* minor_status */
 804             gss_buffer_t      /* buffer */
 805            );
 806 
 807 OM_uint32 generic_gss_release_oid_set
 808 (OM_uint32*,       /* minor_status */
 809             gss_OID_set*      /* set */
 810            );
 811 
 812 OM_uint32 generic_gss_release_oid
 813 (OM_uint32*,       /* minor_status */
 814             gss_OID*         /* set */
 815            );
 816 
 817 OM_uint32 generic_gss_copy_oid
 818 (OM_uint32 *,   /* minor_status */
 819             gss_OID_desc * const,   /* oid */ /* SUNW15resync */
 820             gss_OID *           /* new_oid */
 821             );
 822 
 823 OM_uint32 generic_gss_create_empty_oid_set
 824 (OM_uint32 *,   /* minor_status */
 825             gss_OID_set *       /* oid_set */
 826            );
 827 
 828 OM_uint32 generic_gss_add_oid_set_member
 829 (OM_uint32 *,   /* minor_status */
 830             gss_OID_desc * const,               /* member_oid */
 831             gss_OID_set *       /* oid_set */
 832            );
 833 
 834 OM_uint32 generic_gss_test_oid_set_member
 835 (OM_uint32 *,   /* minor_status */
 836             gss_OID_desc * const,               /* member */
 837             gss_OID_set,        /* set */
 838             int *               /* present */
 839            );
 840 
 841 OM_uint32 generic_gss_oid_to_str
 842 (OM_uint32 *,   /* minor_status */
 843             gss_OID_desc * const,               /* oid */
 844             gss_buffer_t        /* oid_str */
 845            );
 846 
 847 OM_uint32 generic_gss_str_to_oid
 848 (OM_uint32 *,   /* minor_status */
 849             gss_buffer_t,       /* oid_str */
 850             gss_OID *           /* oid */
 851            );
 852 
 853 OM_uint32
 854 generic_gss_oid_compose(
 855     OM_uint32 *,        /* minor_status */
 856     const char *,       /* prefix */
 857     size_t,             /* prefix_len */
 858     int,                /* suffix */
 859     gss_OID_desc *);    /* oid */
 860 
 861 OM_uint32
 862 generic_gss_oid_decompose(
 863     OM_uint32 *,        /* minor_status */
 864     const char *,       /*prefix */
 865     size_t,             /* prefix_len */
 866     gss_OID_desc *,     /* oid */
 867     int *);             /* suffix */
 868 
 869 OM_uint32 generic_gss_create_empty_buffer_set
 870 (OM_uint32 * /*minor_status*/,
 871             gss_buffer_set_t * /*buffer_set*/);
 872 
 873 OM_uint32 generic_gss_add_buffer_set_member
 874 (OM_uint32 * /*minor_status*/,
 875             const gss_buffer_t /*member_buffer*/,
 876             gss_buffer_set_t * /*buffer_set*/);
 877 
 878 OM_uint32 generic_gss_release_buffer_set
 879 (OM_uint32 * /*minor_status*/,
 880             gss_buffer_set_t * /*buffer_set*/);
 881 
 882 /*
 883  * SUNW17PACresync
 884  * New map error API in MIT 1.7, at build time generates code for errors.
 885  * Solaris does not gen the errors at build time so we just stub these
 886  * for now, need to revisit.
 887  * See mglueP.h and util_errmap.c in MIT 1.7.
 888 */
 889 #ifdef _KERNEL
 890 
 891 #define map_error(MINORP, MECH)
 892 #define map_errcode(MINORP)
 893 
 894 #else  /* _KERNEL */
 895 
 896 /* Use this to map an error code that was returned from a mech
 897    operation; the mech will be asked to produce the associated error
 898    messages.
 899 
 900    Remember that if the minor status code cannot be returned to the
 901    caller (e.g., if it's stuffed in an automatic variable and then
 902    ignored), then we don't care about producing a mapping.  */
 903 #define map_error(MINORP, MECH) \
 904     (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type))
 905 #define map_error_oid(MINORP, MECHOID) \
 906     (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID)))
 907 
 908 /* Use this to map an errno value or com_err error code being
 909    generated within the mechglue code (e.g., by calling generic oid
 910    ops).  Any errno or com_err values produced by mech operations
 911    should be processed with map_error.  This means they'll be stored
 912    separately even if the mech uses com_err, because we can't assume
 913    that it will use com_err.  */
 914 #define map_errcode(MINORP) \
 915     (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP)))
 916 
 917 #endif /* _KERNEL */
 918 
 919 #endif /* _GSS_MECHGLUEP_H */