1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25 /*
26 * This header contains the private mechglue definitions.
27 *
28 */
29
30 #ifndef _GSS_MECHGLUEP_H
31 #define _GSS_MECHGLUEP_H
32
33 #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */
34 #include "autoconf.h"
35 #endif
36
37 /* SUNW15resync */
38 #ifndef GSS_DLLIMP
39 #define GSS_DLLIMP
40 #endif
41
42 #include <gssapi/gssapi_ext.h> /* SUNW15resync - mechglue.h in mit 1.5 */
43 #if 0 /* Solaris Kerberos */
44 #include "gssapiP_generic.h"
45 #endif
46
47 #ifdef _KERNEL
48 #include <rpc/rpc.h>
49 #endif
50
51 #ifndef g_OID_copy /* SUNW15resync */
52 #define g_OID_copy(o1, o2) \
53 do { \
54 memcpy((o1)->elements, (o2)->elements, (o2)->length); \
55 (o1)->length = (o2)->length; \
56 } while (0)
57 #endif
58
59 #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\
60 (buf)->value == NULL || (buf)->length == 0)
61
62 /*
63 * Array of context IDs typed by mechanism OID
64 */
65 typedef struct gss_union_ctx_id_t {
66 gss_OID mech_type;
67 gss_ctx_id_t internal_ctx_id;
68 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
69
70 /*
71 * Generic GSSAPI names. A name can either be a generic name, or a
72 * mechanism specific name....
73 */
74 typedef struct gss_name_struct {
75 struct gss_name_struct *loopback;
76 gss_OID name_type;
77 gss_buffer_t external_name;
78 /*
79 * These last two fields are only filled in for mechanism
80 * names.
81 */
82 gss_OID mech_type;
83 gss_name_t mech_name;
84 } gss_union_name_desc, *gss_union_name_t;
85
86 /*
87 * Structure for holding list of mechanism-specific name types
88 */
89 typedef struct gss_mech_spec_name_t {
90 gss_OID name_type;
91 gss_OID mech;
92 struct gss_mech_spec_name_t *next, *prev;
93 } gss_mech_spec_name_desc, *gss_mech_spec_name;
94
95 /*
96 * Credential auxiliary info, used in the credential structure
97 */
98 typedef struct gss_union_cred_auxinfo {
99 gss_buffer_desc name;
100 gss_OID name_type;
101 OM_uint32 creation_time;
102 OM_uint32 time_rec;
103 int cred_usage;
104 } gss_union_cred_auxinfo;
105
106 /*
107 * Set of Credentials typed on mechanism OID
108 */
109 typedef struct gss_union_cred_t {
110 int count;
111 gss_OID mechs_array;
112 gss_cred_id_t *cred_array;
113 gss_union_cred_auxinfo auxinfo;
114 } gss_union_cred_desc, *gss_union_cred_t;
115
116 /* Solaris Kerberos */
117 typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)(
118 void *, /* context */
119 OM_uint32 *, /* minor_status */
120 const gss_name_t, /* desired_name */
121 const gss_buffer_t, /* password */
122 OM_uint32, /* time_req */
123 const gss_OID_set, /* desired_mechs */
124 int, /* cred_usage */
125 gss_cred_id_t *, /* output_cred_handle */
126 gss_OID_set *, /* actual_mechs */
127 OM_uint32 * /* time_rec */
128 /* */);
129
130 /*
131 * Rudimentary pointer validation macro to check whether the
132 * "loopback" field of an opaque struct points back to itself. This
133 * field also catches some programming errors where an opaque pointer
134 * is passed to a function expecting the address of the opaque
135 * pointer.
136 */
137 #if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */
138 #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
139 #else
140 #define GSSINT_CHK_LOOP(p) ((p) == NULL)
141 #endif
142
143
144 /********************************************************/
145 /* The Mechanism Dispatch Table -- a mechanism needs to */
146 /* define one of these and provide a function to return */
147 /* it to initialize the GSSAPI library */
148
149 /*
150 * This is the definition of the mechs_array struct, which is used to
151 * define the mechs array table. This table is used to indirectly
152 * access mechanism specific versions of the gssapi routines through
153 * the routines in the glue module (gssd_mech_glue.c)
154 *
155 * This contants all of the functions defined in gssapi.h except for
156 * gss_release_buffer() and gss_release_oid_set(), which I am
157 * assuming, for now, to be equal across mechanisms.
158 */
159
160 typedef struct gss_config {
161 #if 0 /* Solaris Kerberos */
162 OM_uint32 priority;
163 char * mechNameStr;
164 #endif
165 gss_OID_desc mech_type;
166 void * context;
167 #ifdef _KERNEL
168 struct gss_config *next;
169 bool_t uses_kmod;
170 #endif
171
172 #ifndef _KERNEL
173 OM_uint32 (*gss_acquire_cred)
174 (
175 void *, /* context */
176
177 OM_uint32 *, /* minor_status */
178 const gss_name_t, /* desired_name */
179 OM_uint32, /* time_req */
180 const gss_OID_set, /* desired_mechs */
181 int, /* cred_usage */
182 gss_cred_id_t *, /* output_cred_handle */
183 gss_OID_set *, /* actual_mechs */
184 OM_uint32 * /* time_rec */
185 /* */);
186 OM_uint32 (*gss_release_cred)
187 (
188
189 void *, /* context */
190 OM_uint32 *, /* minor_status */
191 gss_cred_id_t * /* cred_handle */
192 /* */);
193 OM_uint32 (*gss_init_sec_context)
194 (
195 void *, /* context */
196 OM_uint32 *, /* minor_status */
197 const gss_cred_id_t, /* claimant_cred_handle */
198 gss_ctx_id_t *, /* context_handle */
199 const gss_name_t, /* target_name */
200 const gss_OID, /* mech_type */
201 OM_uint32, /* req_flags */
202 OM_uint32, /* time_req */
203 const gss_channel_bindings_t, /* input_chan_bindings */
204 const gss_buffer_t, /* input_token */
205 gss_OID*, /* actual_mech_type */
206 gss_buffer_t, /* output_token */
207 OM_uint32 *, /* ret_flags */
208 OM_uint32 * /* time_rec */
209 /* */);
210 OM_uint32 (*gss_accept_sec_context)
211 (
212 void *, /* context */
213 OM_uint32 *, /* minor_status */
214 gss_ctx_id_t *, /* context_handle */
215 const gss_cred_id_t, /* verifier_cred_handle */
216 const gss_buffer_t, /* input_token_buffer */
217 const gss_channel_bindings_t, /* input_chan_bindings */
218 gss_name_t *, /* src_name */
219 gss_OID*, /* mech_type */
220 gss_buffer_t, /* output_token */
221 OM_uint32 *, /* ret_flags */
222 OM_uint32 *, /* time_rec */
223 gss_cred_id_t * /* delegated_cred_handle */
224 /* */);
225 /* EXPORT DELETE START */ /* CRYPT DELETE START */
226 #endif /* ! _KERNEL */
227
228 /*
229 * Note: there are two gss_unseal's in here. Make any changes to both.
230 */
231 OM_uint32 (*gss_unseal)
232 (
233 void *, /* context */
234 OM_uint32 *, /* minor_status */
235 const gss_ctx_id_t, /* context_handle */
236 const gss_buffer_t, /* input_message_buffer */
237 gss_buffer_t, /* output_message_buffer */
238 int *, /* conf_state */
239 int * /* qop_state */
240 #ifdef _KERNEL
241 /* */, OM_uint32
242 #endif
243 /* */);
244 #ifndef _KERNEL
245 /* EXPORT DELETE END */ /* CRYPT DELETE END */
246 OM_uint32 (*gss_process_context_token)
247 (
248 void *, /* context */
249 OM_uint32 *, /* minor_status */
250 const gss_ctx_id_t, /* context_handle */
251 const gss_buffer_t /* token_buffer */
252 /* */);
253 #endif /* ! _KERNEL */
254 OM_uint32 (*gss_delete_sec_context)
255 (
256 void *, /* context */
257 OM_uint32 *, /* minor_status */
258 gss_ctx_id_t *, /* context_handle */
259 gss_buffer_t /* output_token */
260 #ifdef _KERNEL
261 /* */, OM_uint32
262 #endif
263 /* */);
264 #ifndef _KERNEL
265 OM_uint32 (*gss_context_time)
266 (
267 void *, /* context */
268 OM_uint32 *, /* minor_status */
269 const gss_ctx_id_t, /* context_handle */
270 OM_uint32 * /* time_rec */
271 /* */);
272 OM_uint32 (*gss_display_status)
273 (
274 void *, /* context */
275 OM_uint32 *, /* minor_status */
276 OM_uint32, /* status_value */
277 int, /* status_type */
278 const gss_OID, /* mech_type */
279 OM_uint32 *, /* message_context */
280 gss_buffer_t /* status_string */
281 /* */);
282 OM_uint32 (*gss_indicate_mechs)
283 (
284 void *, /* context */
285 OM_uint32 *, /* minor_status */
286 gss_OID_set * /* mech_set */
287 /* */);
288 OM_uint32 (*gss_compare_name)
289 (
290 void *, /* context */
291 OM_uint32 *, /* minor_status */
292 const gss_name_t, /* name1 */
293 const gss_name_t, /* name2 */
294 int * /* name_equal */
295 /* */);
296 OM_uint32 (*gss_display_name)
297 (
298 void *, /* context */
299 OM_uint32 *, /* minor_status */
300 const gss_name_t, /* input_name */
301 gss_buffer_t, /* output_name_buffer */
302 gss_OID* /* output_name_type */
303 /* */);
304 OM_uint32 (*gss_import_name)
305 (
306 void *, /* context */
307 OM_uint32 *, /* minor_status */
308 const gss_buffer_t, /* input_name_buffer */
309 const gss_OID, /* input_name_type */
310 gss_name_t * /* output_name */
311 /* */);
312 OM_uint32 (*gss_release_name)
313 (
314 void *, /* context */
315 OM_uint32 *, /* minor_status */
316 gss_name_t * /* input_name */
317 /* */);
318 OM_uint32 (*gss_inquire_cred)
319 (
320 void *, /* context */
321 OM_uint32 *, /* minor_status */
322 const gss_cred_id_t, /* cred_handle */
323 gss_name_t *, /* name */
324 OM_uint32 *, /* lifetime */
325 int *, /* cred_usage */
326 gss_OID_set * /* mechanisms */
327 /* */);
328 OM_uint32 (*gss_add_cred)
329 (
330 void *, /* context */
331 OM_uint32 *, /* minor_status */
332 const gss_cred_id_t, /* input_cred_handle */
333 const gss_name_t, /* desired_name */
334 const gss_OID, /* desired_mech */
335 gss_cred_usage_t, /* cred_usage */
336 OM_uint32, /* initiator_time_req */
337 OM_uint32, /* acceptor_time_req */
338 gss_cred_id_t *, /* output_cred_handle */
339 gss_OID_set *, /* actual_mechs */
340 OM_uint32 *, /* initiator_time_rec */
341 OM_uint32 * /* acceptor_time_rec */
342 /* */);
343 /* EXPORT DELETE START */ /* CRYPT DELETE START */
344 #endif /* ! _KERNEL */
345 /*
346 * Note: there are two gss_seal's in here. Make any changes to both.
347 */
348 OM_uint32 (*gss_seal)
349 (
350 void *, /* context */
351 OM_uint32 *, /* minor_status */
352 const gss_ctx_id_t, /* context_handle */
353 int, /* conf_req_flag */
354 int, /* qop_req */
355 const gss_buffer_t, /* input_message_buffer */
356 int *, /* conf_state */
357 gss_buffer_t /* output_message_buffer */
358 #ifdef _KERNEL
359 /* */, OM_uint32
360 #endif
361 /* */);
362 #ifndef _KERNEL
363 /* EXPORT DELETE END */ /* CRYPT DELETE END */
364 OM_uint32 (*gss_export_sec_context)
365 (
366 void *, /* context */
367 OM_uint32 *, /* minor_status */
368 gss_ctx_id_t *, /* context_handle */
369 gss_buffer_t /* interprocess_token */
370 /* */);
371 #endif /* ! _KERNEL */
372 OM_uint32 (*gss_import_sec_context)
373 (
374 void *, /* context */
375 OM_uint32 *, /* minor_status */
376 const gss_buffer_t, /* interprocess_token */
377 gss_ctx_id_t * /* context_handle */
378 /* */);
379 #ifndef _KERNEL
380 OM_uint32 (*gss_inquire_cred_by_mech)
381 (
382 void *, /* context */
383 OM_uint32 *, /* minor_status */
384 const gss_cred_id_t, /* cred_handle */
385 const gss_OID, /* mech_type */
386 gss_name_t *, /* name */
387 OM_uint32 *, /* initiator_lifetime */
388 OM_uint32 *, /* acceptor_lifetime */
389 gss_cred_usage_t * /* cred_usage */
390 /* */);
391 OM_uint32 (*gss_inquire_names_for_mech)
392 (
393 void *, /* context */
394 OM_uint32 *, /* minor_status */
395 const gss_OID, /* mechanism */
396 gss_OID_set * /* name_types */
397 /* */);
398 OM_uint32 (*gss_inquire_context)
399 (
400 void *, /* context */
401 OM_uint32 *, /* minor_status */
402 const gss_ctx_id_t, /* context_handle */
403 gss_name_t *, /* src_name */
404 gss_name_t *, /* targ_name */
405 OM_uint32 *, /* lifetime_rec */
406 gss_OID *, /* mech_type */
407 OM_uint32 *, /* ctx_flags */
408 int *, /* locally_initiated */
409 int * /* open */
410 /* */);
411 OM_uint32 (*gss_internal_release_oid)
412 (
413 void *, /* context */
414 OM_uint32 *, /* minor_status */
415 gss_OID * /* OID */
416 /* */);
417 OM_uint32 (*gss_wrap_size_limit)
418 (
419 void *, /* context */
420 OM_uint32 *, /* minor_status */
421 const gss_ctx_id_t, /* context_handle */
422 int, /* conf_req_flag */
423 gss_qop_t, /* qop_req */
424 OM_uint32, /* req_output_size */
425 OM_uint32 * /* max_input_size */
426 /* */);
427 OM_uint32 (*pname_to_uid)
428 (
429 void *, /* context */
430 OM_uint32 *, /* minor_status */
431 const gss_name_t, /* pname */
432 uid_t * /* uid */
433 /* */);
434 OM_uint32 (*__gss_userok)
435 (
436 void *, /* context */
437 OM_uint32 *, /* minor_status */
438 const gss_name_t, /* pname */
439 const char *, /* local user */
440 int * /* user ok? */
441 /* */);
442 OM_uint32 (*gss_export_name)
443 (
444 void *, /* context */
445 OM_uint32 *, /* minor_status */
446 const gss_name_t, /* input_name */
447 gss_buffer_t /* exported_name */
448 /* */);
449 #endif /* ! _KERNEL */
450 /* EXPORT DELETE START */
451 /* CRYPT DELETE START */
452 /*
453 * This block comment is Sun Proprietary: Need-To-Know.
454 * What we are doing is leaving the seal and unseal entry points
455 * in an obvious place before sign and unsign for the Domestic customer
456 * of the Solaris Source Product. The Domestic customer of the Solaris Source
457 * Product will have to deal with the problem of creating exportable libgss
458 * binaries.
459 * In the binary product that Sun builds, these entry points are elsewhere,
460 * and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC
461 * targets delete them.
462 */
463 #if 0
464 /* CRYPT DELETE END */
465 OM_uint32 (*gss_seal)
466 (
467 void *, /* context */
468 OM_uint32 *, /* minor_status */
469 const gss_ctx_id_t, /* context_handle */
470 int, /* conf_req_flag */
471 int, /* qop_req */
472 const gss_buffer_t, /* input_message_buffer */
473 int *, /* conf_state */
474 gss_buffer_t /* output_message_buffer */
475 #ifdef _KERNEL
476 /* */, OM_uint32
477 #endif
478 /* */);
479 OM_uint32 (*gss_unseal)
480 (
481 void *, /* context */
482 OM_uint32 *, /* minor_status */
483 const gss_ctx_id_t, /* context_handle */
484 const gss_buffer_t, /* input_message_buffer */
485 gss_buffer_t, /* output_message_buffer */
486 int *, /* conf_state */
487 int * /* qop_state */
488 #ifdef _KERNEL
489 /* */, OM_uint32
490 #endif
491 /* */);
492 /* CRYPT DELETE START */
493 #endif /* 0 */
494 /* CRYPT DELETE END */
495 /* EXPORT DELETE END */
496 OM_uint32 (*gss_sign)
497 (
498 void *, /* context */
499 OM_uint32 *, /* minor_status */
500 const gss_ctx_id_t, /* context_handle */
501 int, /* qop_req */
502 const gss_buffer_t, /* message_buffer */
503 gss_buffer_t /* message_token */
504 #ifdef _KERNEL
505 /* */, OM_uint32
506 #endif
507 /* */);
508 OM_uint32 (*gss_verify)
509 (
510 void *, /* context */
511 OM_uint32 *, /* minor_status */
512 const gss_ctx_id_t, /* context_handle */
513 const gss_buffer_t, /* message_buffer */
514 const gss_buffer_t, /* token_buffer */
515 int * /* qop_state */
516 #ifdef _KERNEL
517 /* */, OM_uint32
518 #endif
519 /* */);
520 #ifndef _KERNEL
521 OM_uint32 (*gss_store_cred)
522 (
523 void *, /* context */
524 OM_uint32 *, /* minor_status */
525 const gss_cred_id_t, /* input_cred */
526 gss_cred_usage_t, /* cred_usage */
527 const gss_OID, /* desired_mech */
528 OM_uint32, /* overwrite_cred */
529 OM_uint32, /* default_cred */
530 gss_OID_set *, /* elements_stored */
531 gss_cred_usage_t * /* cred_usage_stored */
532 /* */);
533
534 /* GGF extensions */
535
536 OM_uint32 (*gss_inquire_sec_context_by_oid)
537 (
538 OM_uint32 *, /* minor_status */
539 const gss_ctx_id_t, /* context_handle */
540 const gss_OID, /* OID */
541 gss_buffer_set_t * /* data_set */
542 /* */);
543
544 #endif
545 } *gss_mechanism;
546
547
548
549 #ifndef _KERNEL
550 /* This structure MUST NOT be used by any code outside libgss */
551 typedef struct gss_config_ext {
552 gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password;
553 } *gss_mechanism_ext;
554 #endif /* _KERNEL */
555
556
557 /*
558 * In the user space we use a wrapper structure to encompass the
559 * mechanism entry points. The wrapper contain the mechanism
560 * entry points and other data which is only relevant to the gss-api
561 * layer. In the kernel we use only the gss_config strucutre because
562 * the kernal does not cantain any of the extra gss-api specific data.
563 */
564 typedef struct gss_mech_config {
565 char *kmodName; /* kernel module name */
566 char *uLibName; /* user library name */
567 char *mechNameStr; /* mechanism string name */
568 char *optionStr; /* optional mech parameters */
569 void *dl_handle; /* RTLD object handle for the mech */
570 gss_OID mech_type; /* mechanism oid */
571 gss_mechanism mech; /* mechanism initialization struct */
572 #ifndef _KERNEL
573 gss_mechanism_ext mech_ext; /* Solaris extensions */
574 #endif /* _KERNEL */
575 struct gss_mech_config *next; /* next element in the list */
576 } *gss_mech_info;
577
578 /********************************************************/
579 /* Internal mechglue routines */
580
581 /* SUNW15resync - Solaris versions - replace w/mit ones? */
582 gss_mechanism __gss_get_mechanism(const gss_OID);
583 #ifndef _KERNEL
584 gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID);
585 #endif /* _KERNEL */
586 char *__gss_get_kmodName(const gss_OID);
587 char *__gss_get_modOptions(const gss_OID);
588 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID,
589 gss_union_name_t, gss_name_t *);
590 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID,
591 const gss_name_t, gss_buffer_t);
592 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID,
593 const gss_name_t, gss_buffer_t, gss_OID *);
594 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID,
595 gss_name_t *);
596 OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID,
597 gss_ctx_id_t *, gss_buffer_t);
598 OM_uint32 __gss_convert_name_to_union_name(
599 OM_uint32 *, /* minor_status */
600 gss_mechanism, /* mech */
601 gss_name_t, /* internal_name */
602 gss_name_t * /* external_name */
603 );
604
605 gss_cred_id_t __gss_get_mechanism_cred(
606 const gss_union_cred_t, /* union_cred */
607 const gss_OID /* mech_type */
608 );
609
610
611
612
613
614 int gssint_mechglue_init(void);
615 void gssint_mechglue_fini(void);
616
617 gss_mechanism gssint_get_mechanism (gss_OID);
618 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t);
619 char *gssint_get_kmodName(const gss_OID);
620 char *gssint_get_modOptions(const gss_OID);
621 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t,
622 gss_name_t *);
623 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID,
624 const gss_name_t, gss_buffer_t);
625 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t,
626 gss_buffer_t, gss_OID *);
627 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *);
628
629 OM_uint32 gssint_convert_name_to_union_name
630 (OM_uint32 *, /* minor_status */
631 gss_mechanism, /* mech */
632 gss_name_t, /* internal_name */
633 gss_name_t * /* external_name */
634 );
635 gss_cred_id_t gssint_get_mechanism_cred
636 (gss_union_cred_t, /* union_cred */
637 gss_OID /* mech_type */
638 );
639
640 OM_uint32 gssint_create_copy_buffer(
641 const gss_buffer_t, /* src buffer */
642 gss_buffer_t *, /* destination buffer */
643 int /* NULL terminate buffer ? */
644 );
645
646
647 OM_uint32 gssint_copy_oid_set(
648 OM_uint32 *, /* minor_status */
649 const gss_OID_set_desc *, /* oid set */
650 gss_OID_set * /* new oid set */
651 );
652
653 /* SUNW15resync - for old Solaris version in libgss */
654 OM_uint32 gss_copy_oid_set(
655 OM_uint32 *, /* minor_status */
656 const gss_OID_set_desc *, /* oid set */
657 gss_OID_set * /* new oid set */
658 );
659
660
661 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */
662
663 OM_uint32 gss_add_mech_name_type
664 (OM_uint32 *, /* minor_status */
665 gss_OID, /* name_type */
666 gss_OID /* mech */
667 );
668
669 /*
670 * Sun extensions to GSS-API v2
671 */
672
673 OM_uint32
674 gssint_mech_to_oid(
675 const char *mech, /* mechanism string name */
676 gss_OID *oid /* mechanism oid */
677 );
678
679 const char *
680 gssint_oid_to_mech(
681 const gss_OID oid /* mechanism oid */
682 );
683
684 OM_uint32
685 gssint_get_mechanisms(
686 char *mechArray[], /* array to populate with mechs */
687 int arrayLen /* length of passed in array */
688 );
689
690 OM_uint32
691 gss_store_cred(
692 OM_uint32 *, /* minor_status */
693 const gss_cred_id_t, /* input_cred_handle */
694 gss_cred_usage_t, /* cred_usage */
695 const gss_OID, /* desired_mech */
696 OM_uint32, /* overwrite_cred */
697 OM_uint32, /* default_cred */
698 gss_OID_set *, /* elements_stored */
699 gss_cred_usage_t * /* cred_usage_stored */
700 );
701
702 int
703 gssint_get_der_length(
704 unsigned char **, /* buf */
705 unsigned int, /* buf_len */
706 unsigned int * /* bytes */
707 );
708
709 unsigned int
710 gssint_der_length_size(unsigned int /* len */);
711
712 int
713 gssint_put_der_length(
714 unsigned int, /* length */
715 unsigned char **, /* buf */
716 unsigned int /* max_len */
717 );
718
719
720
721 /* Solaris kernel and gssd support */
722
723 /*
724 * derived types for passing context and credential handles
725 * between gssd and kernel
726 */
727 typedef unsigned int gssd_ctx_id_t;
728 typedef unsigned int gssd_cred_id_t;
729
730 #define GSSD_NO_CONTEXT ((gssd_ctx_id_t)0)
731 #define GSSD_NO_CREDENTIAL ((gssd_cred_id_t)0)
732
733 #ifdef _KERNEL
734
735 #ifndef _KRB5_H
736 /* These macros are defined for Kerberos in krb5.h, and have priority */
737 #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
738 #define FREE(x, n) kmem_free((x), (n))
739 #endif /* _KRB5_H */
740
741 gss_mechanism __kgss_get_mechanism(gss_OID);
742 void __kgss_add_mechanism(gss_mechanism);
743 #endif /* _KERNEL */
744
745 struct kgss_cred {
746 gssd_cred_id_t gssd_cred;
747 OM_uint32 gssd_cred_verifier;
748 };
749
750 #define KCRED_TO_KGSS_CRED(cred) ((struct kgss_cred *)(cred))
751 #define KCRED_TO_CRED(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred)
752 #define KCRED_TO_CREDV(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier)
753
754 struct kgss_ctx {
755 gssd_ctx_id_t gssd_ctx;
756 #ifdef _KERNEL
757 gss_ctx_id_t gssd_i_ctx;
758 bool_t ctx_imported;
759 gss_mechanism mech;
760 #endif /* _KERNEL */
761 OM_uint32 gssd_ctx_verifier;
762 };
763
764 #define KCTX_TO_KGSS_CTX(ctx) ((struct kgss_ctx *)(ctx))
765 #define KCTX_TO_CTX_IMPORTED(ctx) (KCTX_TO_KGSS_CTX(ctx)->ctx_imported)
766 #define KCTX_TO_GSSD_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
767 #define KCTX_TO_CTXV(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier)
768 #define KCTX_TO_MECH(ctx) (KCTX_TO_KGSS_CTX(ctx)->mech)
769 #define KCTX_TO_PRIVATE(ctx) (KCTX_TO_MECH(ctx)->context)
770 #define KGSS_CTX_TO_GSSD_CTX(ctx) \
771 (((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \
772 KCTX_TO_GSSD_CTX(ctx))
773 #define KGSS_CTX_TO_GSSD_CTXV(ctx) \
774 (((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx))
775
776 #ifdef _KERNEL
777 #define KCTX_TO_I_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx)
778 #define KCTX_TO_CTX(ctx) \
779 ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \
780 KCTX_TO_I_CTX(ctx))
781 #define KGSS_CRED_ALLOC() kmem_zalloc(sizeof (struct kgss_cred), \
782 KM_SLEEP)
783 #define KGSS_CRED_FREE(cred) kmem_free(cred, sizeof (struct kgss_cred))
784
785 #define KGSS_ALLOC() kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP)
786 #define KGSS_FREE(ctx) kmem_free(ctx, sizeof (struct kgss_ctx))
787
788 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \
789 (*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \
790 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
791
792 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \
793 (*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\
794 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx))
795
796 #define KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id, tkn) \
797 (*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\
798 minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx))
799
800 #define KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id) \
801 (*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\
802 minor_st, tkn, int_ctx_id)
803
804 /* EXPORT DELETE START */
805 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
806 (*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \
807 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\
808 KCTX_TO_CTXV(ctx))
809
810 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \
811 (*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\
812 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \
813 KCTX_TO_CTXV(ctx))
814
815 /* EXPORT DELETE END */
816
817 #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx)
818 #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid)
819 extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *);
820
821 #else /* !_KERNEL */
822
823 #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx)
824 #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid)
825
826 #define KCTX_TO_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
827 #define MALLOC(n) malloc(n)
828 #define FREE(x, n) free(x)
829 #define KGSS_CRED_ALLOC() (struct kgss_cred *) \
830 MALLOC(sizeof (struct kgss_cred))
831 #define KGSS_CRED_FREE(cred) free(cred)
832 #define KGSS_ALLOC() (struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx))
833 #define KGSS_FREE(ctx) free(ctx)
834
835 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \
836 kgss_sign_wrapped(minor_st, \
837 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
838
839 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \
840 kgss_verify_wrapped(minor_st,\
841 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx))
842
843 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
844 kgss_seal_wrapped(minor_st, \
845 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \
846 KCTX_TO_CTXV(ctx))
847
848 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \
849 kgss_unseal_wrapped(minor_st,\
850 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \
851 KCTX_TO_CTXV(ctx))
852 #endif /* _KERNEL */
853
854 /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */
855 OM_uint32 generic_gss_release_buffer
856 (OM_uint32*, /* minor_status */
857 gss_buffer_t /* buffer */
858 );
859
860 OM_uint32 generic_gss_release_oid_set
861 (OM_uint32*, /* minor_status */
862 gss_OID_set* /* set */
863 );
864
865 OM_uint32 generic_gss_release_oid
866 (OM_uint32*, /* minor_status */
867 gss_OID* /* set */
868 );
869
870 OM_uint32 generic_gss_copy_oid
871 (OM_uint32 *, /* minor_status */
872 gss_OID_desc * const, /* oid */ /* SUNW15resync */
873 gss_OID * /* new_oid */
874 );
875
876 OM_uint32 generic_gss_create_empty_oid_set
877 (OM_uint32 *, /* minor_status */
878 gss_OID_set * /* oid_set */
879 );
880
881 OM_uint32 generic_gss_add_oid_set_member
882 (OM_uint32 *, /* minor_status */
883 gss_OID_desc * const, /* member_oid */
884 gss_OID_set * /* oid_set */
885 );
886
887 OM_uint32 generic_gss_test_oid_set_member
888 (OM_uint32 *, /* minor_status */
889 gss_OID_desc * const, /* member */
890 gss_OID_set, /* set */
891 int * /* present */
892 );
893
894 OM_uint32 generic_gss_oid_to_str
895 (OM_uint32 *, /* minor_status */
896 gss_OID_desc * const, /* oid */
897 gss_buffer_t /* oid_str */
898 );
899
900 OM_uint32 generic_gss_str_to_oid
901 (OM_uint32 *, /* minor_status */
902 gss_buffer_t, /* oid_str */
903 gss_OID * /* oid */
904 );
905
906 OM_uint32
907 generic_gss_oid_compose(
908 OM_uint32 *, /* minor_status */
909 const char *, /* prefix */
910 size_t, /* prefix_len */
911 int, /* suffix */
912 gss_OID_desc *); /* oid */
913
914 OM_uint32
915 generic_gss_oid_decompose(
916 OM_uint32 *, /* minor_status */
917 const char *, /*prefix */
918 size_t, /* prefix_len */
919 gss_OID_desc *, /* oid */
920 int *); /* suffix */
921
922 OM_uint32 generic_gss_create_empty_buffer_set
923 (OM_uint32 * /*minor_status*/,
924 gss_buffer_set_t * /*buffer_set*/);
925
926 OM_uint32 generic_gss_add_buffer_set_member
927 (OM_uint32 * /*minor_status*/,
928 const gss_buffer_t /*member_buffer*/,
929 gss_buffer_set_t * /*buffer_set*/);
930
931 OM_uint32 generic_gss_release_buffer_set
932 (OM_uint32 * /*minor_status*/,
933 gss_buffer_set_t * /*buffer_set*/);
934
935 /*
936 * SUNW17PACresync
937 * New map error API in MIT 1.7, at build time generates code for errors.
938 * Solaris does not gen the errors at build time so we just stub these
939 * for now, need to revisit.
940 * See mglueP.h and util_errmap.c in MIT 1.7.
941 */
942 #ifdef _KERNEL
943
944 #define map_error(MINORP, MECH)
945 #define map_errcode(MINORP)
946
947 #else /* _KERNEL */
948
949 /* Use this to map an error code that was returned from a mech
950 operation; the mech will be asked to produce the associated error
951 messages.
952
953 Remember that if the minor status code cannot be returned to the
954 caller (e.g., if it's stuffed in an automatic variable and then
955 ignored), then we don't care about producing a mapping. */
956 #define map_error(MINORP, MECH) \
957 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type))
958 #define map_error_oid(MINORP, MECHOID) \
959 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID)))
960
961 /* Use this to map an errno value or com_err error code being
962 generated within the mechglue code (e.g., by calling generic oid
963 ops). Any errno or com_err values produced by mech operations
964 should be processed with map_error. This means they'll be stored
965 separately even if the mech uses com_err, because we can't assume
966 that it will use com_err. */
967 #define map_errcode(MINORP) \
968 (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP)))
969
970 #endif /* _KERNEL */
971
972 #endif /* _GSS_MECHGLUEP_H */