1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /*
27 * GSSAPI library stub module for gssd.
28 */
29
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <mechglueP.h>
33 #include "gssd.h"
34 #include <rpc/rpc.h>
35
36 #ifdef _KERNEL
37 #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
38 #define FREE(x, n) kmem_free((x), (n))
39 #define memcpy(dst, src, n) bcopy((src), (dst), (n))
40 #define clnt_pcreateerror(srv) printf("Cannot connect to server on %s\n", srv)
41
42 #ifdef DEBUG
43 #ifndef _SYS_CMN_ERR_H
44 #define _SYS_CMN_ERR_H
45 #define CE_NOTE 1
46 #endif
47 #include <sys/types.h>
48 #include <sys/devops.h>
49 #include <sys/open.h>
50 #include <sys/stat.h>
51 #include <sys/conf.h>
52 #include <sys/ddi.h>
53 #include <sys/sunddi.h>
54 #include <sys/uio.h>
55 #endif /* DEBUG */
56
57 #else /* !_KERNEL */
58 #define MALLOC(n) malloc(n)
59 #define FREE(x, n) free(x)
60 #endif /* _KERNEL */
61 #define DEFAULT_MINOR_STAT ((OM_uint32) ~0)
62
63 CLIENT *clnt, *getgssd_handle();
64 char *server = "localhost";
65
66 OM_uint32
67 kgss_acquire_cred_wrapped(minor_status,
68 desired_name,
69 time_req,
70 desired_mechs,
71 cred_usage,
72 output_cred_handle,
73 actual_mechs,
74 time_rec,
75 uid,
76 gssd_cred_verifier)
77 OM_uint32 *minor_status;
78 gss_name_t desired_name;
79 OM_uint32 time_req;
80 gss_OID_set desired_mechs;
81 int cred_usage;
82 gssd_cred_id_t *output_cred_handle;
83 gss_OID_set *actual_mechs;
84 OM_uint32 *time_rec;
85 uid_t uid;
86 OM_uint32 *gssd_cred_verifier;
87 {
88 OM_uint32 minor_status_temp;
89 gss_buffer_desc external_name;
90 gss_OID name_type;
91 int i;
92
93 gss_acquire_cred_arg arg;
94 gss_acquire_cred_res res;
95
96 /* get the client handle to GSSD */
97
98 if ((clnt = getgssd_handle()) == NULL) {
99 clnt_pcreateerror(server);
100 return (GSS_S_FAILURE);
101 }
102
103 /* convert the desired name from internal to external format */
104
105 if (gss_display_name(&minor_status_temp, desired_name, &external_name,
106 &name_type) != GSS_S_COMPLETE) {
107
108 *minor_status = (OM_uint32) minor_status_temp;
109 gss_release_buffer(&minor_status_temp, &external_name);
110 return ((OM_uint32) GSS_S_FAILURE);
111 }
112
113
114 /* copy the procedure arguments into the rpc arg parameter */
115
116 arg.uid = (OM_uint32)uid;
117
118 arg.desired_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
119 arg.desired_name.GSS_BUFFER_T_val = (char *)external_name.value;
120
121 arg.name_type.GSS_OID_len =
122 name_type == GSS_C_NULL_OID ?
123 0 : (uint_t)name_type->length;
124
125 arg.name_type.GSS_OID_val =
126 name_type == GSS_C_NULL_OID ?
127 (char *)NULL : (char *)name_type->elements;
128
129 arg.time_req = time_req;
130
131 if (desired_mechs != GSS_C_NULL_OID_SET) {
132 arg.desired_mechs.GSS_OID_SET_len =
133 (uint_t)desired_mechs->count;
134 arg.desired_mechs.GSS_OID_SET_val = (GSS_OID *)
135 MALLOC(sizeof (GSS_OID) * desired_mechs->count);
136
137 for (i = 0; i < desired_mechs->count; i++) {
138 arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_len =
139 (uint_t)desired_mechs->elements[i].length;
140 arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val =
141 (char *)
142 MALLOC(desired_mechs->elements[i].length);
143 memcpy(arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
144 desired_mechs->elements[i].elements,
145 desired_mechs->elements[i].length);
146 }
147 } else
148 arg.desired_mechs.GSS_OID_SET_len = 0;
149
150 arg.cred_usage = cred_usage;
151
152 /* call the remote procedure */
153
154 memset(&res, 0, sizeof (res));
155 if (gss_acquire_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
156
157 /*
158 * if the RPC call times out, null out all return arguments,
159 * set minor_status to its maximum value, and return GSS_S_FAILURE
160 */
161
162 if (minor_status != NULL)
163 *minor_status = DEFAULT_MINOR_STAT;
164 if (output_cred_handle != NULL)
165 *output_cred_handle = NULL;
166 if (actual_mechs != NULL)
167 *actual_mechs = NULL;
168 if (time_rec != NULL)
169 *time_rec = 0;
170
171 return (GSS_S_FAILURE);
172 }
173
174 /* free the allocated memory for the flattened name and desire_mechs */
175
176 gss_release_buffer(&minor_status_temp, &external_name);
177 for (i = 0; i < desired_mechs->count; i++)
178 FREE(arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
179 arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_len);
180 FREE(arg.desired_mechs.GSS_OID_SET_val,
181 arg.desired_mechs.GSS_OID_SET_len * sizeof (GSS_OID));
182
183 /* copy the rpc results into the return arguments */
184
185 if (minor_status != NULL)
186 *minor_status = res.minor_status;
187
188 if (output_cred_handle != NULL) {
189 *output_cred_handle =
190 /*LINTED*/
191 *((gssd_cred_id_t *)res.output_cred_handle.GSS_CRED_ID_T_val);
192 *gssd_cred_verifier = res.gssd_cred_verifier;
193 }
194
195 if (res.status == GSS_S_COMPLETE &&
196 res.actual_mechs.GSS_OID_SET_len != 0 &&
197 actual_mechs != NULL) {
198 *actual_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
199 (*actual_mechs)->count =
200 (int)res.actual_mechs.GSS_OID_SET_len;
201 (*actual_mechs)->elements = (gss_OID)
202 MALLOC(sizeof (gss_OID_desc) * (*actual_mechs)->count);
203
204 for (i = 0; i < (*actual_mechs)->count; i++) {
205 (*actual_mechs)->elements[i].length = (OM_uint32)
206 res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_len;
207 (*actual_mechs)->elements[i].elements =
208 (void *) MALLOC((*actual_mechs)->elements[i].length);
209 memcpy((*actual_mechs)->elements[i].elements,
210 res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_val,
211 (*actual_mechs)->elements[i].length);
212 }
213 } else {
214 if (res.status == GSS_S_COMPLETE && actual_mechs != NULL)
215 (*actual_mechs)->count = 0;
216 }
217
218 if (time_rec != NULL)
219 *time_rec = res.time_rec;
220
221 /*
222 * free the memory allocated for the results and return with the status
223 * received in the rpc call
224 */
225
226 clnt_freeres(clnt, xdr_gss_acquire_cred_res, (caddr_t)&res);
227 return (res.status);
228 }
229
230 OM_uint32
231 kgss_acquire_cred(minor_status,
232 desired_name,
233 time_req,
234 desired_mechs,
235 cred_usage,
236 output_cred_handle,
237 actual_mechs,
238 time_rec,
239 uid)
240 OM_uint32 *minor_status;
241 gss_name_t desired_name;
242 OM_uint32 time_req;
243 gss_OID_set desired_mechs;
244 int cred_usage;
245 gss_cred_id_t *output_cred_handle;
246 gss_OID_set *actual_mechs;
247 OM_uint32 *time_rec;
248 uid_t uid;
249 {
250
251 OM_uint32 err;
252 struct kgss_cred *kcred;
253
254 kcred = KGSS_CRED_ALLOC();
255 *output_cred_handle = (gss_cred_id_t)kcred;
256 err = kgss_acquire_cred_wrapped(minor_status,
257 desired_name, time_req,
258 desired_mechs, cred_usage,
259 &kcred->gssd_cred, actual_mechs,
260 time_rec, uid,
261 &kcred->gssd_cred_verifier);
262 if (GSS_ERROR(err)) {
263 KGSS_CRED_FREE(kcred);
264 *output_cred_handle = GSS_C_NO_CREDENTIAL;
265 }
266 return (err);
267 }
268
269 OM_uint32
270 kgss_add_cred_wrapped(minor_status,
271 input_cred_handle,
272 gssd_cred_verifier,
273 desired_name,
274 desired_mech_type,
275 cred_usage,
276 initiator_time_req,
277 acceptor_time_req,
278 actual_mechs,
279 initiator_time_rec,
280 acceptor_time_rec,
281 uid)
282 OM_uint32 *minor_status;
283 gssd_cred_id_t input_cred_handle;
284 OM_uint32 gssd_cred_verifier;
285 gss_name_t desired_name;
286 gss_OID desired_mech_type;
287 int cred_usage;
288 int initiator_time_req;
289 int acceptor_time_req;
290 gss_OID_set *actual_mechs;
291 OM_uint32 *initiator_time_rec;
292 OM_uint32 *acceptor_time_rec;
293 uid_t uid;
294 {
295 CLIENT *clnt;
296
297 OM_uint32 minor_status_temp;
298 gss_buffer_desc external_name;
299 gss_OID name_type;
300 int i;
301
302 gss_add_cred_arg arg;
303 gss_add_cred_res res;
304
305 /* get the client handle to GSSD */
306
307 if ((clnt = getgssd_handle()) == NULL) {
308 clnt_pcreateerror(server);
309 return (GSS_S_FAILURE);
310 }
311
312
313 /* convert the desired name from internal to external format */
314
315 if (gss_display_name(&minor_status_temp, desired_name, &external_name,
316 &name_type) != GSS_S_COMPLETE) {
317
318 *minor_status = (OM_uint32) minor_status_temp;
319 (void) gss_release_buffer(&minor_status_temp, &external_name);
320 clnt_pcreateerror(server);
321 return ((OM_uint32) GSS_S_FAILURE);
322 }
323
324
325 /* copy the procedure arguments into the rpc arg parameter */
326
327 arg.uid = (OM_uint32) uid;
328 arg.input_cred_handle.GSS_CRED_ID_T_len =
329 input_cred_handle == GSSD_NO_CREDENTIAL ?
330 0 : (uint_t)sizeof (gssd_cred_id_t);
331 arg.input_cred_handle.GSS_CRED_ID_T_val =
332 (char *)&input_cred_handle;
333 arg.gssd_cred_verifier = gssd_cred_verifier;
334 arg.desired_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
335 arg.desired_name.GSS_BUFFER_T_val = (char *)external_name.value;
336 arg.name_type.GSS_OID_len =
337 name_type == GSS_C_NULL_OID ?
338 0 : (uint_t)name_type->length;
339 arg.name_type.GSS_OID_val =
340 name_type == GSS_C_NULL_OID ?
341 (char *)NULL : (char *)name_type->elements;
342
343 arg.desired_mech_type.GSS_OID_len =
344 (uint_t)(desired_mech_type != GSS_C_NULL_OID ?
345 desired_mech_type->length : 0);
346 arg.desired_mech_type.GSS_OID_val =
347 (char *)(desired_mech_type != GSS_C_NULL_OID ?
348 desired_mech_type->elements : 0);
349 arg.cred_usage = cred_usage;
350 arg.initiator_time_req = initiator_time_req;
351 arg.acceptor_time_req = acceptor_time_req;
352
353 /* call the remote procedure */
354
355 bzero((caddr_t)&res, sizeof (res));
356 if (gss_add_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
357
358 /*
359 * if the RPC call times out, null out all return arguments,
360 * set minor_status to its maximum value, and return
361 * GSS_S_FAILURE
362 */
363
364 if (minor_status != NULL)
365 *minor_status = DEFAULT_MINOR_STAT;
366 if (actual_mechs != NULL)
367 *actual_mechs = NULL;
368 if (initiator_time_rec != NULL)
369 *initiator_time_rec = 0;
370 if (acceptor_time_rec != NULL)
371 *acceptor_time_rec = 0;
372 return (GSS_S_FAILURE);
373 }
374
375 /* free the allocated memory for the flattened name */
376
377 (void) gss_release_buffer(&minor_status_temp, &external_name);
378
379 /* copy the rpc results into the return arguments */
380
381 if (minor_status != NULL)
382 *minor_status = res.minor_status;
383
384 if (res.status == GSS_S_COMPLETE &&
385 res.actual_mechs.GSS_OID_SET_len != 0 &&
386 actual_mechs != NULL) {
387 *actual_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
388 (*actual_mechs)->count =
389 (int)res.actual_mechs.GSS_OID_SET_len;
390 (*actual_mechs)->elements = (gss_OID)
391 MALLOC(sizeof (gss_OID_desc) * (*actual_mechs)->count);
392
393 for (i = 0; i < (*actual_mechs)->count; i++) {
394 (*actual_mechs)->elements[i].length = (OM_uint32)
395 res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_len;
396 (*actual_mechs)->elements[i].elements =
397 (void *) MALLOC((*actual_mechs)->elements[i].length);
398 memcpy((*actual_mechs)->elements[i].elements,
399 res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_val,
400 (*actual_mechs)->elements[i].length);
401 }
402 } else {
403 if (res.status == GSS_S_COMPLETE &&
404 actual_mechs != NULL)
405 (*actual_mechs)->count = 0;
406 }
407 if (initiator_time_rec != NULL)
408 *initiator_time_rec = res.initiator_time_rec;
409 if (acceptor_time_rec != NULL)
410 *acceptor_time_rec = res.acceptor_time_rec;
411
412 /*
413 * free the memory allocated for the results and return with the status
414 * received in the rpc call
415 */
416
417 clnt_freeres(clnt, xdr_gss_add_cred_res, (caddr_t)&res);
418 return (res.status);
419
420 }
421
422 OM_uint32
423 kgss_add_cred(minor_status,
424 input_cred_handle,
425 desired_name,
426 desired_mech_type,
427 cred_usage,
428 initiator_time_req,
429 acceptor_time_req,
430 actual_mechs,
431 initiator_time_rec,
432 acceptor_time_rec,
433 uid)
434 OM_uint32 *minor_status;
435 gss_cred_id_t input_cred_handle;
436 gss_name_t desired_name;
437 gss_OID desired_mech_type;
438 int cred_usage;
439 int initiator_time_req;
440 int acceptor_time_req;
441 gss_OID_set *actual_mechs;
442 OM_uint32 *initiator_time_rec;
443 OM_uint32 *acceptor_time_rec;
444 uid_t uid;
445 {
446
447 OM_uint32 err;
448 OM_uint32 gssd_cred_verifier;
449 gssd_cred_id_t gssd_input_cred_handle;
450
451
452 if (input_cred_handle != GSS_C_NO_CREDENTIAL) {
453 gssd_cred_verifier = KCRED_TO_CREDV(input_cred_handle);
454 gssd_input_cred_handle = KCRED_TO_CRED(input_cred_handle);
455 } else
456 gssd_input_cred_handle = GSSD_NO_CREDENTIAL;
457
458 err = kgss_add_cred_wrapped(minor_status, gssd_input_cred_handle,
459 gssd_cred_verifier, desired_name, desired_mech_type,
460 cred_usage, initiator_time_req, acceptor_time_req,
461 actual_mechs, initiator_time_rec,
462 acceptor_time_rec, uid);
463 return (err);
464 }
465
466 OM_uint32
467 kgss_release_cred_wrapped(minor_status,
468 cred_handle,
469 uid,
470 gssd_cred_verifier)
471 OM_uint32 *minor_status;
472 gssd_cred_id_t *cred_handle;
473 uid_t uid;
474 OM_uint32 gssd_cred_verifier;
475 {
476
477 gss_release_cred_arg arg;
478 gss_release_cred_res res;
479
480
481 /* get the client handle to GSSD */
482 if ((clnt = getgssd_handle()) == NULL) {
483 clnt_pcreateerror(server);
484 return (GSS_S_FAILURE);
485 }
486
487 /* copy the procedure arguments into the rpc arg parameter */
488
489 arg.uid = (OM_uint32) uid;
490 arg.gssd_cred_verifier = gssd_cred_verifier;
491
492 if (cred_handle != NULL) {
493 arg.cred_handle.GSS_CRED_ID_T_len =
494 (uint_t)sizeof (gssd_cred_id_t);
495 arg.cred_handle.GSS_CRED_ID_T_val = (char *)cred_handle;
496 } else
497 arg.cred_handle.GSS_CRED_ID_T_len = 0;
498
499 /* call the remote procedure */
500
501 memset(&res, 0, sizeof (res));
502 if (gss_release_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
503
504 /*
505 * if the RPC call times out, null out all return arguments,
506 * set minor_status to its max value, and return GSS_S_FAILURE
507 */
508
509 if (minor_status != NULL)
510 *minor_status = DEFAULT_MINOR_STAT;
511 if (cred_handle != NULL)
512 *cred_handle = NULL;
513
514 return (GSS_S_FAILURE);
515 }
516
517 /* if the release succeeded, null out the cred_handle */
518 if (res.status == GSS_S_COMPLETE && cred_handle != NULL)
519 *cred_handle = NULL;
520
521 /* copy the rpc results into the return arguments */
522 if (minor_status != NULL)
523 *minor_status = res.minor_status;
524
525 /* return with status returned in rpc call */
526 return (res.status);
527 }
528
529 OM_uint32
530 kgss_release_cred(minor_status,
531 cred_handle,
532 uid)
533 OM_uint32 *minor_status;
534 gss_cred_id_t *cred_handle;
535 uid_t uid;
536
537 {
538
539 OM_uint32 err;
540 struct kgss_cred *kcred;
541
542 if (*cred_handle == GSS_C_NO_CREDENTIAL)
543 return (GSS_S_COMPLETE);
544 else
545 kcred = KCRED_TO_KGSS_CRED(*cred_handle);
546
547 err = kgss_release_cred_wrapped(minor_status, &kcred->gssd_cred,
548 uid, kcred->gssd_cred_verifier);
549 KGSS_CRED_FREE(kcred);
550 *cred_handle = GSS_C_NO_CREDENTIAL;
551 return (err);
552 }
553
554 OM_uint32
555 kgss_init_sec_context_wrapped(minor_status,
556 claimant_cred_handle,
557 gssd_cred_verifier,
558 context_handle,
559 gssd_context_verifier,
560 target_name,
561 mech_type,
562 req_flags,
563 time_req,
564 input_chan_bindings,
565 input_token,
566 actual_mech_type,
567 output_token,
568 ret_flags,
569 time_rec,
570 uid)
571 OM_uint32 *minor_status;
572 gssd_cred_id_t claimant_cred_handle;
573 OM_uint32 gssd_cred_verifier;
574 OM_uint32 *context_handle;
575 OM_uint32 *gssd_context_verifier;
576 gss_name_t target_name;
577 gss_OID mech_type;
578 int req_flags;
579 OM_uint32 time_req;
580 gss_channel_bindings_t input_chan_bindings;
581 gss_buffer_t input_token;
582 gss_OID *actual_mech_type;
583 gss_buffer_t output_token;
584 int *ret_flags;
585 OM_uint32 *time_rec;
586 uid_t uid;
587 {
588 OM_uint32 minor_status_temp;
589 gss_buffer_desc external_name;
590 gss_OID name_type;
591 gss_init_sec_context_arg arg;
592 gss_init_sec_context_res res;
593
594 /* get the client handle to GSSD */
595
596 if ((clnt = getgssd_handle()) == NULL) {
597 clnt_pcreateerror(server);
598 return (GSS_S_FAILURE);
599 }
600
601 /* convert the target name from internal to external format */
602
603 if (gss_display_name(&minor_status_temp, target_name,
604 &external_name, &name_type) != GSS_S_COMPLETE) {
605
606 *minor_status = (OM_uint32) minor_status_temp;
607 return ((OM_uint32) GSS_S_FAILURE);
608 }
609
610
611 /* copy the procedure arguments into the rpc arg parameter */
612
613 arg.uid = (OM_uint32) uid;
614
615 arg.context_handle.GSS_CTX_ID_T_len =
616 *context_handle == (OM_uint32) GSS_C_NO_CONTEXT ? 0 :
617 (uint_t)sizeof (OM_uint32);
618 arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
619 arg.gssd_context_verifier = *gssd_context_verifier;
620
621 arg.claimant_cred_handle.GSS_CRED_ID_T_len =
622 claimant_cred_handle == GSSD_NO_CREDENTIAL ?
623 0 : (uint_t)sizeof (gssd_cred_id_t);
624 arg.claimant_cred_handle.GSS_CRED_ID_T_val =
625 (char *)&claimant_cred_handle;
626 arg.gssd_cred_verifier = gssd_cred_verifier;
627
628 arg.target_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
629 arg.target_name.GSS_BUFFER_T_val = (char *)external_name.value;
630
631 arg.name_type.GSS_OID_len =
632 name_type == GSS_C_NULL_OID ?
633 0 : (uint_t)name_type->length;
634
635 arg.name_type.GSS_OID_val =
636 name_type == GSS_C_NULL_OID ?
637 (char *)NULL : (char *)name_type->elements;
638
639 arg.mech_type.GSS_OID_len = (uint_t)(mech_type != GSS_C_NULL_OID ?
640 mech_type->length : 0);
641 arg.mech_type.GSS_OID_val = (char *)(mech_type != GSS_C_NULL_OID ?
642 mech_type->elements : 0);
643
644 arg.req_flags = req_flags;
645
646 arg.time_req = time_req;
647
648 if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
649 arg.input_chan_bindings.present = YES;
650 arg.input_chan_bindings.initiator_addrtype =
651 input_chan_bindings->initiator_addrtype;
652 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len =
653 (uint_t)input_chan_bindings->initiator_address.length;
654 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val =
655 (void *) input_chan_bindings->initiator_address.value;
656 arg.input_chan_bindings.acceptor_addrtype =
657 input_chan_bindings->acceptor_addrtype;
658 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len =
659 (uint_t)input_chan_bindings->acceptor_address.length;
660 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val =
661 (void *) input_chan_bindings->acceptor_address.value;
662 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len =
663 (uint_t)input_chan_bindings->application_data.length;
664 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val =
665 (void *) input_chan_bindings->application_data.value;
666 } else {
667 arg.input_chan_bindings.present = NO;
668 arg.input_chan_bindings.initiator_addrtype = 0;
669 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
670 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
671 arg.input_chan_bindings.acceptor_addrtype = 0;
672 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
673 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
674 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
675 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
676 }
677
678 arg.input_token.GSS_BUFFER_T_len = (uint_t)
679 (input_token != GSS_C_NO_BUFFER ? input_token->length : 0);
680 arg.input_token.GSS_BUFFER_T_val = (char *)
681 (input_token != GSS_C_NO_BUFFER ? input_token->value : 0);
682
683 /* initialize the output parameters to empty values */
684 if (minor_status != NULL)
685 *minor_status = DEFAULT_MINOR_STAT;
686 if (actual_mech_type != NULL)
687 *actual_mech_type = NULL;
688 if (output_token != NULL)
689 output_token->length = 0;
690 if (ret_flags != NULL)
691 *ret_flags = 0;
692 if (time_rec != NULL)
693 *time_rec = 0;
694
695 /* call the remote procedure */
696 memset(&res, 0, sizeof (res));
697 if (gss_init_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
698
699 /* free the allocated memory for the flattened name */
700 gss_release_buffer(&minor_status_temp, &external_name);
701
702 return (GSS_S_FAILURE);
703 }
704
705 /*
706 * We could return from a GSS error here and need to return both the
707 * minor_status and output_token, back to the caller if applicable.
708 */
709 if (minor_status != NULL)
710 *minor_status = res.minor_status;
711
712 if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
713 output_token->length =
714 (size_t)res.output_token.GSS_BUFFER_T_len;
715 output_token->value =
716 (void *)res.output_token.GSS_BUFFER_T_val;
717 res.output_token.GSS_BUFFER_T_val = NULL;
718 res.output_token.GSS_BUFFER_T_len = 0;
719 }
720
721 /* free the allocated memory for the flattened name */
722 gss_release_buffer(&minor_status_temp, &external_name);
723
724 /* if the call was successful, copy out the results */
725 if (res.status == (OM_uint32) GSS_S_COMPLETE ||
726 res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
727 /*
728 * copy the rpc results into the return argument
729 * on CONTINUE_NEEDED only ctx handle is ready.
730 */
731 /*LINTED*/
732 *context_handle = *((OM_uint32 *)
733 res.context_handle.GSS_CTX_ID_T_val);
734
735 *gssd_context_verifier = res.gssd_context_verifier;
736
737 /* the rest of the parameters is only ready on COMPLETE */
738 if (res.status == GSS_S_COMPLETE) {
739 if (actual_mech_type != NULL) {
740 *actual_mech_type = (gss_OID)
741 MALLOC(sizeof (gss_OID_desc));
742 (*actual_mech_type)->length = (OM_UINT32)
743 res.actual_mech_type.GSS_OID_len;
744 (*actual_mech_type)->elements = (void *)
745 MALLOC((*actual_mech_type)->length);
746 memcpy((*actual_mech_type)->elements, (void *)
747 res.actual_mech_type.GSS_OID_val,
748 (*actual_mech_type)->length);
749 }
750
751
752 if (ret_flags != NULL)
753 *ret_flags = res.ret_flags;
754
755 if (time_rec != NULL)
756 *time_rec = res.time_rec;
757 }
758 }
759
760
761 /*
762 * free the memory allocated for the results and return with the
763 * status received in the rpc call.
764 */
765
766 clnt_freeres(clnt, xdr_gss_init_sec_context_res, (caddr_t)&res);
767 return (res.status);
768 }
769 OM_uint32
770 kgss_init_sec_context(
771 OM_uint32 *minor_status,
772 gss_cred_id_t claimant_cred_handle,
773 gss_ctx_id_t *context_handle,
774 gss_name_t target_name,
775 gss_OID mech_type,
776 int req_flags,
777 OM_uint32 time_req,
778 gss_channel_bindings_t input_chan_bindings,
779 gss_buffer_t input_token,
780 gss_OID *actual_mech_type,
781 gss_buffer_t output_token,
782 int *ret_flags,
783 OM_uint32 *time_rec,
784 uid_t uid)
785 {
786 OM_uint32 err;
787 struct kgss_ctx *kctx;
788 OM_uint32 gssd_cred_verifier;
789 gssd_cred_id_t gssd_cl_cred_handle;
790
791 /*
792 * If this is an initial call, we'll need to create the
793 * wrapper struct that contains kernel state information, and
794 * a reference to the handle from gssd.
795 */
796 if (*context_handle == GSS_C_NO_CONTEXT) {
797 kctx = KGSS_ALLOC();
798 *context_handle = (gss_ctx_id_t)kctx;
799 kctx->gssd_ctx = (OM_uint32) GSS_C_NO_CONTEXT;
800 } else
801 kctx = (struct kgss_ctx *)*context_handle;
802
803 if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) {
804 gssd_cred_verifier =
805 KCRED_TO_CREDV(claimant_cred_handle);
806 gssd_cl_cred_handle =
807 KCRED_TO_CRED(claimant_cred_handle);
808 } else {
809 gssd_cl_cred_handle = GSSD_NO_CREDENTIAL;
810 }
811
812 err = kgss_init_sec_context_wrapped(minor_status,
813 gssd_cl_cred_handle,
814 gssd_cred_verifier, &kctx->gssd_ctx,
815 &kctx->gssd_ctx_verifier,
816 target_name, mech_type, req_flags, time_req,
817 input_chan_bindings, input_token, actual_mech_type,
818 output_token, ret_flags, time_rec, uid);
819
820 if (GSS_ERROR(err)) {
821 KGSS_FREE(kctx);
822 *context_handle = GSS_C_NO_CONTEXT;
823 }
824 return (err);
825 }
826 OM_uint32
827 kgss_accept_sec_context_wrapped(minor_status,
828 context_handle,
829 gssd_context_verifier,
830 verifier_cred_handle,
831 gssd_cred_verifier,
832 input_token,
833 input_chan_bindings,
834 src_name,
835 mech_type,
836 output_token,
837 ret_flags,
838 time_rec,
839 delegated_cred_handle,
840 uid)
841 OM_uint32 *minor_status;
842 gssd_ctx_id_t *context_handle;
843 OM_uint32 *gssd_context_verifier;
844 gssd_cred_id_t verifier_cred_handle;
845 OM_uint32 gssd_cred_verifier;
846 gss_buffer_t input_token;
847 gss_channel_bindings_t input_chan_bindings;
848 gss_buffer_t src_name;
849 gss_OID *mech_type;
850 gss_buffer_t output_token;
851 int *ret_flags;
852 OM_uint32 *time_rec;
853 gss_cred_id_t *delegated_cred_handle;
854 uid_t uid;
855 {
856 gss_accept_sec_context_arg arg;
857 gss_accept_sec_context_res res;
858 struct kgss_cred *kcred;
859
860 /* get the client handle to GSSD */
861 if ((clnt = getgssd_handle()) == NULL) {
862 clnt_pcreateerror(server);
863 return (GSS_S_FAILURE);
864 }
865
866 /* copy the procedure arguments into the rpc arg parameter */
867 arg.uid = (OM_uint32) uid;
868
869 arg.context_handle.GSS_CTX_ID_T_len =
870 *context_handle == GSSD_NO_CONTEXT ?
871 0 : (uint_t)sizeof (gssd_ctx_id_t);
872 arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
873 arg.gssd_context_verifier =
874 *context_handle == (OM_uint32) GSS_C_NO_CONTEXT ?
875 0 : *gssd_context_verifier;
876
877 arg.verifier_cred_handle.GSS_CRED_ID_T_len =
878 verifier_cred_handle == GSSD_NO_CREDENTIAL ?
879 0 : (uint_t)sizeof (gssd_cred_id_t);
880 arg.verifier_cred_handle.GSS_CRED_ID_T_val =
881 (char *)&verifier_cred_handle;
882 arg.gssd_cred_verifier = gssd_cred_verifier;
883
884 arg.input_token_buffer.GSS_BUFFER_T_len =
885 (uint_t)(input_token != GSS_C_NO_BUFFER ?
886 input_token->length : 0);
887 arg.input_token_buffer.GSS_BUFFER_T_val =
888 (char *)(input_token != GSS_C_NO_BUFFER ?
889 input_token->value : 0);
890
891 if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
892 arg.input_chan_bindings.present = YES;
893 arg.input_chan_bindings.initiator_addrtype =
894 input_chan_bindings->initiator_addrtype;
895 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len =
896 (uint_t)input_chan_bindings->initiator_address.length;
897 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val =
898 (void *) input_chan_bindings->initiator_address.value;
899 arg.input_chan_bindings.acceptor_addrtype =
900 input_chan_bindings->acceptor_addrtype;
901 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len =
902 (uint_t)input_chan_bindings->acceptor_address.length;
903 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val =
904 (void *) input_chan_bindings->acceptor_address.value;
905 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len =
906 (uint_t)input_chan_bindings->application_data.length;
907 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val =
908 (void *) input_chan_bindings->application_data.value;
909 } else {
910 arg.input_chan_bindings.present = NO;
911 arg.input_chan_bindings.initiator_addrtype = 0;
912 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
913 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
914 arg.input_chan_bindings.acceptor_addrtype = 0;
915 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
916 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
917 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
918 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
919 }
920
921 /* set the output parameters to empty values.... */
922 if (minor_status != NULL)
923 *minor_status = DEFAULT_MINOR_STAT;
924 if (src_name != NULL) {
925 src_name->length = 0;
926 src_name->value = NULL;
927 }
928 if (mech_type != NULL)
929 *mech_type = NULL;
930 if (output_token != NULL)
931 output_token->length = 0;
932 if (ret_flags != NULL)
933 *ret_flags = 0;
934 if (time_rec != NULL)
935 *time_rec = 0;
936 if (delegated_cred_handle != NULL)
937 *delegated_cred_handle = NULL;
938
939 /* call the remote procedure */
940 memset(&res, 0, sizeof (res));
941 if (gss_accept_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
942 return (GSS_S_FAILURE);
943 }
944
945 /*
946 * We could return from a GSS error here and need to return both the
947 * minor_status and output_token, back to the caller if applicable.
948 */
949 if (minor_status != NULL)
950 *minor_status = res.minor_status;
951
952 if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
953 output_token->length =
954 res.output_token.GSS_BUFFER_T_len;
955 output_token->value =
956 (void *) res.output_token.GSS_BUFFER_T_val;
957 res.output_token.GSS_BUFFER_T_val = 0;
958 res.output_token.GSS_BUFFER_T_len = 0;
959 }
960
961 if (res.status == (OM_uint32) GSS_S_COMPLETE ||
962 res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
963 /*
964 * when gss returns CONTINUE_NEEDED we can only
965 * use the context parameter.
966 */
967 /*LINTED*/
968 *context_handle = *((gssd_ctx_id_t *)
969 res.context_handle.GSS_CTX_ID_T_val);
970 *gssd_context_verifier = res.gssd_context_verifier;
971
972 /* the other parameters are ready on for COMPLETE */
973 if (res.status == GSS_S_COMPLETE)
974 {
975
976 /*
977 * The src_name is in external format.
978 */
979 if (src_name != NULL) {
980 src_name->length = res.src_name.GSS_BUFFER_T_len;
981 src_name->value = res.src_name.GSS_BUFFER_T_val;
982 res.src_name.GSS_BUFFER_T_val = NULL;
983 res.src_name.GSS_BUFFER_T_len = 0;
984 }
985 /*
986 * move mech type returned to mech_type
987 * for gss_import_name_for_mech()
988 */
989 if (mech_type != NULL) {
990 *mech_type =
991 (gss_OID) MALLOC(sizeof (gss_OID_desc));
992 (*mech_type)->length =
993 (OM_UINT32) res.mech_type.GSS_OID_len;
994 (*mech_type)->elements =
995 (void *) MALLOC((*mech_type)->length);
996 memcpy((*mech_type)->elements,
997 res.mech_type.GSS_OID_val,
998 (*mech_type)->length);
999 }
1000
1001 if (ret_flags != NULL)
1002 *ret_flags = res.ret_flags;
1003
1004 if (time_rec != NULL)
1005 *time_rec = res.time_rec;
1006
1007 if ((delegated_cred_handle != NULL) &&
1008 (res.delegated_cred_handle.GSS_CRED_ID_T_len
1009 != 0)) {
1010 kcred = KGSS_CRED_ALLOC();
1011 /*LINTED*/
1012 kcred->gssd_cred = *((gssd_cred_id_t *)
1013 res.delegated_cred_handle.GSS_CRED_ID_T_val);
1014 kcred->gssd_cred_verifier =
1015 res.gssd_context_verifier;
1016 *delegated_cred_handle = (gss_cred_id_t)kcred;
1017 }
1018 } /* res.status == GSS_S_COMPLETE */
1019 } /* res.status == GSS_S_COMPLETE or GSS_CONTINUE_NEEDED */
1020
1021
1022 /*
1023 * free the memory allocated for the results and return with the status
1024 * received in the rpc call
1025 */
1026
1027 clnt_freeres(clnt, xdr_gss_accept_sec_context_res, (caddr_t)&res);
1028 return (res.status);
1029 }
1030
1031 OM_uint32
1032 kgss_accept_sec_context(
1033 OM_uint32 *minor_status,
1034 gss_ctx_id_t *context_handle,
1035 gss_cred_id_t verifier_cred_handle,
1036 gss_buffer_t input_token,
1037 gss_channel_bindings_t input_chan_bindings,
1038 gss_buffer_t src_name,
1039 gss_OID *mech_type,
1040 gss_buffer_t output_token,
1041 int *ret_flags,
1042 OM_uint32 *time_rec,
1043 gss_cred_id_t *delegated_cred_handle,
1044 uid_t uid)
1045 {
1046 OM_uint32 err;
1047 struct kgss_ctx *kctx;
1048 OM_uint32 gssd_cred_verifier;
1049 gssd_cred_id_t gssd_ver_cred_handle;
1050
1051
1052 if (*context_handle == GSS_C_NO_CONTEXT) {
1053 kctx = KGSS_ALLOC();
1054 *context_handle = (gss_ctx_id_t)kctx;
1055 kctx->gssd_ctx = GSSD_NO_CONTEXT;
1056 } else
1057 kctx = (struct kgss_ctx *)*context_handle;
1058
1059 if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) {
1060 gssd_cred_verifier =
1061 KCRED_TO_CREDV(verifier_cred_handle);
1062 gssd_ver_cred_handle =
1063 KCRED_TO_CRED(verifier_cred_handle);
1064 } else
1065 gssd_ver_cred_handle = GSSD_NO_CREDENTIAL;
1066
1067 err = kgss_accept_sec_context_wrapped(minor_status,
1068 &kctx->gssd_ctx,
1069 &kctx->gssd_ctx_verifier, gssd_ver_cred_handle,
1070 gssd_cred_verifier, input_token, input_chan_bindings,
1071 src_name, mech_type, output_token, ret_flags,
1072 time_rec, delegated_cred_handle, uid);
1073
1074 if (GSS_ERROR(err)) {
1075 KGSS_FREE(kctx);
1076 *context_handle = GSS_C_NO_CONTEXT;
1077
1078 }
1079
1080 return (err);
1081 }
1082
1083 OM_uint32
1084 kgss_process_context_token(minor_status,
1085 context_handle,
1086 token_buffer,
1087 uid)
1088 OM_uint32 *minor_status;
1089 gss_ctx_id_t context_handle;
1090 gss_buffer_t token_buffer;
1091 uid_t uid;
1092 {
1093 OM_uint32 gssd_context_verifier;
1094
1095 gss_process_context_token_arg arg;
1096 gss_process_context_token_res res;
1097
1098 gssd_context_verifier = KGSS_CTX_TO_GSSD_CTXV(context_handle);
1099
1100 /* get the client handle to GSSD */
1101
1102 if ((clnt = getgssd_handle()) == NULL) {
1103 clnt_pcreateerror(server);
1104 return (GSS_S_FAILURE);
1105 }
1106
1107 /* copy the procedure arguments into the rpc arg parameter */
1108 arg.uid = (OM_uint32) uid;
1109
1110 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gss_ctx_id_t);
1111 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1112 arg.gssd_context_verifier = gssd_context_verifier;
1113 arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer;
1114 arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
1115
1116 /* call the remote procedure */
1117
1118 memset(&res, 0, sizeof (res));
1119 if (gss_process_context_token_1(&arg, &res, clnt) != RPC_SUCCESS) {
1120
1121 /*
1122 * if the RPC call times out, null out all return arguments,
1123 * set minor_status to its maximum value, and return GSS_S_FAILURE
1124 */
1125
1126 if (minor_status != NULL)
1127 *minor_status = DEFAULT_MINOR_STAT;
1128
1129 return (GSS_S_FAILURE);
1130 }
1131
1132 /* copy the rpc results into the return arguments */
1133
1134 if (minor_status != NULL)
1135 *minor_status = res.minor_status;
1136
1137 /* return with status returned in rpc call */
1138
1139 return (res.status);
1140 }
1141
1142 OM_uint32
1143 kgss_delete_sec_context_wrapped(minor_status,
1144 context_handle,
1145 gssd_context_verifier,
1146 output_token)
1147 OM_uint32 *minor_status;
1148 gssd_ctx_id_t *context_handle;
1149 OM_uint32 gssd_context_verifier;
1150 gss_buffer_t output_token;
1151 {
1152 gss_delete_sec_context_arg arg;
1153 gss_delete_sec_context_res res;
1154
1155
1156 /* get the client handle to GSSD */
1157 if ((clnt = getgssd_handle()) == NULL) {
1158 clnt_pcreateerror(server);
1159 return (GSS_S_FAILURE);
1160 }
1161
1162 /* copy the procedure arguments into the rpc arg parameter */
1163
1164 arg.context_handle.GSS_CTX_ID_T_len =
1165 *context_handle == (OM_uint32) GSS_C_NO_CONTEXT ? 0 :
1166 (uint_t)sizeof (OM_uint32);
1167 arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
1168
1169 arg.gssd_context_verifier = gssd_context_verifier;
1170
1171 /* call the remote procedure */
1172
1173 memset(&res, 0, sizeof (res));
1174 if (gss_delete_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
1175
1176 /*
1177 * if the RPC call times out, null out all return arguments,
1178 * set minor_status to its max value, and return GSS_S_FAILURE
1179 */
1180
1181 if (minor_status != NULL)
1182 *minor_status = DEFAULT_MINOR_STAT;
1183 if (context_handle != NULL)
1184 *context_handle = NULL;
1185 if (output_token != NULL)
1186 output_token->length = 0;
1187
1188 return (GSS_S_FAILURE);
1189 }
1190
1191 /* copy the rpc results into the return arguments */
1192
1193 if (minor_status != NULL)
1194 *minor_status = res.minor_status;
1195
1196 if (res.context_handle.GSS_CTX_ID_T_len == 0)
1197 *context_handle = NULL;
1198 else
1199 /*LINTED*/
1200 *context_handle = *((gssd_ctx_id_t *)
1201 res.context_handle.GSS_CTX_ID_T_val);
1202
1203 if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
1204 output_token->length = res.output_token.GSS_BUFFER_T_len;
1205 output_token->value = res.output_token.GSS_BUFFER_T_val;
1206 res.output_token.GSS_BUFFER_T_len = 0;
1207 res.output_token.GSS_BUFFER_T_val = NULL;
1208 }
1209
1210 /*
1211 * free the memory allocated for the results and return with the status
1212 * received in the rpc call
1213 */
1214
1215 clnt_freeres(clnt, xdr_gss_delete_sec_context_res, (caddr_t)&res);
1216 return (res.status);
1217 }
1218
1219 /*ARGSUSED*/
1220 OM_uint32
1221 kgss_delete_sec_context(
1222 OM_uint32 *minor_status,
1223 gss_ctx_id_t *context_handle,
1224 gss_buffer_t output_token)
1225 {
1226 OM_uint32 err;
1227 struct kgss_ctx *kctx;
1228
1229 if (*context_handle == GSS_C_NO_CONTEXT) {
1230 return (GSS_S_NO_CONTEXT);
1231 } else
1232 kctx = KCTX_TO_KGSS_CTX(*context_handle);
1233
1234 err = kgss_delete_sec_context_wrapped(minor_status,
1235 &kctx->gssd_ctx, kctx->gssd_ctx_verifier,
1236 output_token);
1237
1238 if (kctx->gssd_ctx != GSSD_NO_CONTEXT)
1239 err = GSS_S_FAILURE;
1240 else
1241 err = GSS_S_COMPLETE;
1242
1243 KGSS_FREE(kctx);
1244 *context_handle = GSS_C_NO_CONTEXT;
1245 return (err);
1246 }
1247
1248 /*ARGSUSED*/
1249 OM_uint32
1250 kgss_context_time(minor_status,
1251 context_handle,
1252 time_rec,
1253 uid)
1254 OM_uint32 *minor_status;
1255 gss_ctx_id_t context_handle;
1256 OM_uint32 *time_rec;
1257 uid_t uid;
1258 {
1259 return (GSS_S_FAILURE);
1260 }
1261
1262 OM_uint32
1263 kgss_sign_wrapped(minor_status,
1264 context_handle,
1265 qop_req,
1266 message_buffer,
1267 msg_token,
1268 gssd_context_verifier)
1269 OM_uint32 *minor_status;
1270 gssd_ctx_id_t context_handle;
1271 OM_uint32 gssd_context_verifier;
1272 int qop_req;
1273 gss_buffer_t message_buffer;
1274 gss_buffer_t msg_token;
1275 {
1276
1277 gss_sign_arg arg;
1278 gss_sign_res res;
1279
1280 /* get the client handle to GSSD */
1281
1282 if ((clnt = getgssd_handle()) == NULL) {
1283 clnt_pcreateerror(server);
1284 return (GSS_S_FAILURE);
1285 }
1286
1287 /* copy the procedure arguments into the rpc arg parameter */
1288
1289
1290 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
1291 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1292 arg.gssd_context_verifier = gssd_context_verifier;
1293
1294 arg.qop_req = qop_req;
1295 arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
1296 arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
1297
1298 /* call the remote procedure */
1299
1300 memset(&res, 0, sizeof (res));
1301 if (gss_sign_1(&arg, &res, clnt) != RPC_SUCCESS) {
1302
1303 /*
1304 * if the RPC call times out, null out all return arguments,
1305 * set minor_status to its maximum value, and return GSS_S_FAILURE
1306 */
1307
1308 if (minor_status != NULL)
1309 *minor_status = DEFAULT_MINOR_STAT;
1310 if (msg_token != NULL)
1311 msg_token->length = 0;
1312
1313 return (GSS_S_FAILURE);
1314 }
1315
1316 /* copy the rpc results into the return arguments */
1317
1318 if (minor_status != NULL)
1319 *minor_status = res.minor_status;
1320
1321 if (msg_token != NULL) {
1322 msg_token->length = res.msg_token.GSS_BUFFER_T_len;
1323 msg_token->value = (void *) MALLOC(msg_token->length);
1324 memcpy(msg_token->value, res.msg_token.GSS_BUFFER_T_val,
1325 msg_token->length);
1326 }
1327
1328 /*
1329 * free the memory allocated for the results and return with the status
1330 * received in the rpc call
1331 */
1332
1333 clnt_freeres(clnt, xdr_gss_sign_res, (caddr_t)&res);
1334 return (res.status);
1335 }
1336
1337 OM_uint32
1338 kgss_sign(
1339 OM_uint32 *minor_status,
1340 gss_ctx_id_t context_handle,
1341 int qop_req,
1342 gss_buffer_t message_buffer,
1343 gss_buffer_t msg_token)
1344 {
1345 if (context_handle == GSS_C_NO_CONTEXT)
1346 return (GSS_S_FAILURE);
1347
1348 return (KGSS_SIGN(minor_status,
1349 context_handle, qop_req, message_buffer,
1350 msg_token));
1351 }
1352
1353 OM_uint32
1354 kgss_verify_wrapped(
1355 minor_status,
1356 context_handle,
1357 message_buffer,
1358 token_buffer,
1359 qop_state,
1360 gssd_context_verifier)
1361 OM_uint32 *minor_status;
1362 gssd_ctx_id_t context_handle;
1363 OM_uint32 gssd_context_verifier;
1364 gss_buffer_t message_buffer;
1365 gss_buffer_t token_buffer;
1366 int *qop_state;
1367 {
1368 gss_verify_arg arg;
1369 gss_verify_res res;
1370
1371 /* get the client handle to GSSD */
1372
1373 if ((clnt = getgssd_handle()) == NULL) {
1374 clnt_pcreateerror(server);
1375 return (GSS_S_FAILURE);
1376 }
1377
1378 /* copy the procedure arguments into the rpc arg parameter */
1379
1380 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
1381 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1382
1383 arg.gssd_context_verifier = gssd_context_verifier;
1384
1385 arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
1386 arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
1387
1388 arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer->length;
1389 arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
1390
1391 /* call the remote procedure */
1392
1393 memset(&res, 0, sizeof (res));
1394 if (gss_verify_1(&arg, &res, clnt) != RPC_SUCCESS) {
1395
1396 /*
1397 * if the RPC call times out, null out all return arguments,
1398 * set minor_status to its maximum value, and return GSS_S_FAILURE
1399 */
1400
1401 if (minor_status != NULL)
1402 *minor_status = DEFAULT_MINOR_STAT;
1403 if (qop_state != NULL)
1404 *qop_state = 0;
1405
1406 return (GSS_S_FAILURE);
1407 }
1408
1409 /* copy the rpc results into the return arguments */
1410
1411 if (minor_status != NULL)
1412 *minor_status = res.minor_status;
1413
1414 if (qop_state != NULL)
1415 *qop_state = res.qop_state;
1416
1417 /* return with status returned in rpc call */
1418
1419 return (res.status);
1420 }
1421
1422 OM_uint32
1423 kgss_verify(OM_uint32 *minor_status,
1424 gss_ctx_id_t context_handle,
1425 gss_buffer_t message_buffer,
1426 gss_buffer_t token_buffer,
1427 int *qop_state)
1428 {
1429 if (context_handle == GSS_C_NO_CONTEXT)
1430 return (GSS_S_FAILURE);
1431
1432 return (KGSS_VERIFY(minor_status, context_handle,
1433 message_buffer, token_buffer, qop_state));
1434 }
1435
1436
1437 /* EXPORT DELETE START */
1438
1439 OM_uint32
1440 kgss_seal_wrapped(
1441 minor_status,
1442 context_handle,
1443 conf_req_flag,
1444 qop_req,
1445 input_message_buffer,
1446 conf_state,
1447 output_message_buffer,
1448 gssd_context_verifier)
1449
1450 OM_uint32 *minor_status;
1451 gssd_ctx_id_t context_handle;
1452 OM_uint32 gssd_context_verifier;
1453 int conf_req_flag;
1454 int qop_req;
1455 gss_buffer_t input_message_buffer;
1456 int *conf_state;
1457 gss_buffer_t output_message_buffer;
1458 {
1459 gss_seal_arg arg;
1460 gss_seal_res res;
1461
1462 /* get the client handle to GSSD */
1463
1464 if ((clnt = getgssd_handle()) == NULL) {
1465 clnt_pcreateerror(server);
1466 return (GSS_S_FAILURE);
1467 }
1468
1469 /* copy the procedure arguments into the rpc arg parameter */
1470
1471
1472 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
1473 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1474 arg.gssd_context_verifier = gssd_context_verifier;
1475
1476 arg.conf_req_flag = conf_req_flag;
1477
1478 arg.qop_req = qop_req;
1479
1480 arg.input_message_buffer.GSS_BUFFER_T_len =
1481 (uint_t)input_message_buffer->length;
1482
1483 arg.input_message_buffer.GSS_BUFFER_T_val =
1484 (char *)input_message_buffer->value;
1485
1486 /* call the remote procedure */
1487
1488 memset(&res, 0, sizeof (res));
1489 if (gss_seal_1(&arg, &res, clnt) != RPC_SUCCESS) {
1490
1491 /*
1492 * if the RPC call times out, null out all return arguments,
1493 * set minor_status to its maximum value, and return GSS_S_FAILURE
1494 */
1495
1496 if (minor_status != NULL)
1497 *minor_status = DEFAULT_MINOR_STAT;
1498 if (conf_state != NULL)
1499 *conf_state = 0;
1500 if (output_message_buffer != NULL)
1501 output_message_buffer->length = 0;
1502
1503 return (GSS_S_FAILURE);
1504 }
1505
1506 /* copy the rpc results into the return arguments */
1507
1508 if (minor_status != NULL)
1509 *minor_status = res.minor_status;
1510
1511 if (conf_state != NULL)
1512 *conf_state = res.conf_state;
1513
1514 if (output_message_buffer != NULL) {
1515 output_message_buffer->length =
1516 res.output_message_buffer.GSS_BUFFER_T_len;
1517
1518 output_message_buffer->value =
1519 (void *) MALLOC(output_message_buffer->length);
1520 memcpy(output_message_buffer->value,
1521 res.output_message_buffer.GSS_BUFFER_T_val,
1522 output_message_buffer->length);
1523 }
1524
1525 /*
1526 * free the memory allocated for the results and return with the status
1527 * received in the rpc call
1528 */
1529
1530 clnt_freeres(clnt, xdr_gss_seal_res, (caddr_t)&res);
1531 return (res.status);
1532 }
1533
1534 OM_uint32
1535 kgss_seal(OM_uint32 *minor_status,
1536 gss_ctx_id_t context_handle,
1537 int conf_req_flag,
1538 int qop_req,
1539 gss_buffer_t input_message_buffer,
1540 int *conf_state,
1541 gss_buffer_t output_message_buffer)
1542
1543 {
1544 if (context_handle == GSS_C_NO_CONTEXT)
1545 return (GSS_S_FAILURE);
1546
1547 return (KGSS_SEAL(minor_status, context_handle,
1548 conf_req_flag, qop_req,
1549 input_message_buffer,
1550 conf_state, output_message_buffer));
1551 }
1552
1553 OM_uint32
1554 kgss_unseal_wrapped(minor_status,
1555 context_handle,
1556 input_message_buffer,
1557 output_message_buffer,
1558 conf_state,
1559 qop_state,
1560 gssd_context_verifier)
1561 OM_uint32 *minor_status;
1562 gssd_ctx_id_t context_handle;
1563 OM_uint32 gssd_context_verifier;
1564 gss_buffer_t input_message_buffer;
1565 gss_buffer_t output_message_buffer;
1566 int *conf_state;
1567 int *qop_state;
1568 {
1569 gss_unseal_arg arg;
1570 gss_unseal_res res;
1571
1572 /* get the client handle to GSSD */
1573
1574 if ((clnt = getgssd_handle()) == NULL) {
1575 clnt_pcreateerror(server);
1576 return (GSS_S_FAILURE);
1577 }
1578
1579 /* copy the procedure arguments into the rpc arg parameter */
1580
1581
1582 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
1583 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1584 arg.gssd_context_verifier = gssd_context_verifier;
1585
1586 arg.input_message_buffer.GSS_BUFFER_T_len =
1587 (uint_t)input_message_buffer->length;
1588
1589 arg.input_message_buffer.GSS_BUFFER_T_val =
1590 (char *)input_message_buffer->value;
1591
1592 /* call the remote procedure */
1593
1594 memset(&res, 0, sizeof (res));
1595 if (gss_unseal_1(&arg, &res, clnt) != RPC_SUCCESS) {
1596
1597 /*
1598 * if the RPC call times out, null out all return arguments,
1599 * set minor_status to its maximum value, and return GSS_S_FAILURE
1600 */
1601
1602 if (minor_status != NULL)
1603 *minor_status = DEFAULT_MINOR_STAT;
1604 if (output_message_buffer != NULL)
1605 output_message_buffer->length = 0;
1606 if (conf_state != NULL)
1607 *conf_state = 0;
1608 if (qop_state != NULL)
1609 *qop_state = 0;
1610
1611 return (GSS_S_FAILURE);
1612 }
1613
1614 /* copy the rpc results into the return arguments */
1615
1616 if (minor_status != NULL)
1617 *minor_status = res.minor_status;
1618
1619 if (output_message_buffer != NULL) {
1620 output_message_buffer->length =
1621 res.output_message_buffer.GSS_BUFFER_T_len;
1622
1623 output_message_buffer->value =
1624 (void *) MALLOC(output_message_buffer->length);
1625 memcpy(output_message_buffer->value,
1626 res.output_message_buffer.GSS_BUFFER_T_val,
1627 output_message_buffer->length);
1628 }
1629
1630 if (conf_state != NULL)
1631 *conf_state = res.conf_state;
1632
1633 if (qop_state != NULL)
1634 *qop_state = res.qop_state;
1635
1636 /*
1637 * free the memory allocated for the results and return with the status
1638 * received in the rpc call
1639 */
1640
1641 clnt_freeres(clnt, xdr_gss_unseal_res, (caddr_t)&res);
1642 return (res.status);
1643 }
1644
1645 OM_uint32
1646 kgss_unseal(OM_uint32 *minor_status,
1647 gss_ctx_id_t context_handle,
1648 gss_buffer_t input_message_buffer,
1649 gss_buffer_t output_message_buffer,
1650 int *conf_state,
1651 int *qop_state)
1652 {
1653 if (context_handle == GSS_C_NO_CONTEXT)
1654 return (GSS_S_FAILURE);
1655
1656 return (KGSS_UNSEAL(minor_status, context_handle,
1657 input_message_buffer, output_message_buffer,
1658 conf_state, qop_state));
1659 }
1660
1661 /* EXPORT DELETE END */
1662
1663 OM_uint32
1664 kgss_display_status(minor_status,
1665 status_value,
1666 status_type,
1667 mech_type,
1668 message_context,
1669 status_string,
1670 uid)
1671 OM_uint32 *minor_status;
1672 OM_uint32 status_value;
1673 int status_type;
1674 gss_OID mech_type;
1675 int *message_context;
1676 gss_buffer_t status_string;
1677 uid_t uid;
1678 {
1679 gss_display_status_arg arg;
1680 gss_display_status_res res;
1681
1682 /* get the client handle to GSSD */
1683
1684 if ((clnt = getgssd_handle()) == NULL) {
1685 clnt_pcreateerror(server);
1686 return (GSS_S_FAILURE);
1687 }
1688
1689 /* copy the procedure arguments into the rpc arg parameter */
1690
1691 arg.uid = (OM_uint32) uid;
1692
1693 arg.status_value = status_value;
1694 arg.status_type = status_type;
1695
1696 arg.mech_type.GSS_OID_len = (uint_t)(mech_type != GSS_C_NULL_OID ?
1697 mech_type->length : 0);
1698 arg.mech_type.GSS_OID_val = (char *)(mech_type != GSS_C_NULL_OID ?
1699 mech_type->elements : 0);
1700
1701 arg.message_context = *message_context;
1702
1703 /* call the remote procedure */
1704
1705 if (message_context != NULL)
1706 *message_context = 0;
1707 if (status_string != NULL) {
1708 status_string->length = 0;
1709 status_string->value = NULL;
1710 }
1711
1712 memset(&res, 0, sizeof (res));
1713 if (gss_display_status_1(&arg, &res, clnt) != RPC_SUCCESS) {
1714
1715 /*
1716 * if the RPC call times out, null out all return arguments,
1717 * set minor_status to its maximum value, and return GSS_S_FAILURE
1718 */
1719
1720 if (minor_status != NULL)
1721 *minor_status = DEFAULT_MINOR_STAT;
1722
1723 return (GSS_S_FAILURE);
1724 }
1725
1726 if (minor_status != NULL)
1727 *minor_status = res.minor_status;
1728
1729 /* now process the results and pass them back to the caller */
1730
1731 if (res.status == GSS_S_COMPLETE) {
1732 if (message_context != NULL)
1733 *message_context = res.message_context;
1734 if (status_string != NULL) {
1735 status_string->length =
1736 (size_t)res.status_string.GSS_BUFFER_T_len;
1737 status_string->value =
1738 (void *)MALLOC(status_string->length);
1739 memcpy(status_string->value,
1740 res.status_string.GSS_BUFFER_T_val,
1741 status_string->length);
1742 }
1743 }
1744
1745 clnt_freeres(clnt, xdr_gss_display_status_res, (caddr_t)&res);
1746 return (res.status);
1747 }
1748
1749 /*ARGSUSED*/
1750 OM_uint32
1751 kgss_indicate_mechs(minor_status,
1752 mech_set,
1753 uid)
1754 OM_uint32 *minor_status;
1755 gss_OID_set *mech_set;
1756 uid_t uid;
1757 {
1758 void *arg;
1759 gss_indicate_mechs_res res;
1760 int i;
1761
1762 /* get the client handle to GSSD */
1763
1764 if ((clnt = getgssd_handle()) == NULL) {
1765 clnt_pcreateerror(server);
1766 return (GSS_S_FAILURE);
1767 }
1768
1769 memset(&res, 0, sizeof (res));
1770 if (gss_indicate_mechs_1(&arg, &res, clnt) != RPC_SUCCESS) {
1771
1772 /*
1773 * if the RPC call times out, null out all return arguments,
1774 * set minor_status to its maximum value, and return GSS_S_FAILURE
1775 */
1776
1777 if (minor_status != NULL)
1778 *minor_status = DEFAULT_MINOR_STAT;
1779 if (mech_set != NULL)
1780 *mech_set = NULL;
1781
1782 return (GSS_S_FAILURE);
1783 }
1784
1785 /* copy the rpc results into the return arguments */
1786
1787 if (minor_status != NULL)
1788 *minor_status = res.minor_status;
1789
1790 if (mech_set != NULL) {
1791 *mech_set = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
1792 (*mech_set)->count = res.mech_set.GSS_OID_SET_len;
1793 (*mech_set)->elements = (void *)
1794 MALLOC ((*mech_set)->count * sizeof (gss_OID_desc));
1795 for (i = 0; i < (*mech_set)->count; i++) {
1796 (*mech_set)->elements[i].length =
1797 res.mech_set.GSS_OID_SET_val[i].GSS_OID_len;
1798 (*mech_set)->elements[i].elements = (void *)
1799 MALLOC ((*mech_set)->elements[i].length);
1800 memcpy ((*mech_set)->elements[i].elements,
1801 res.mech_set.GSS_OID_SET_val[i].GSS_OID_val,
1802 (*mech_set)->elements[i].length);
1803 }
1804 }
1805
1806 /*
1807 * free the memory allocated for the results and return with the status
1808 * received in the rpc call
1809 */
1810
1811 clnt_freeres(clnt, xdr_gss_indicate_mechs_res, (caddr_t)&res);
1812 return (res.status);
1813 }
1814
1815
1816 OM_uint32
1817 kgss_inquire_cred_wrapped(minor_status,
1818 cred_handle,
1819 gssd_cred_verifier,
1820 name,
1821 lifetime,
1822 cred_usage,
1823 mechanisms,
1824 uid)
1825 OM_uint32 *minor_status;
1826 gssd_cred_id_t cred_handle;
1827 OM_uint32 gssd_cred_verifier;
1828 gss_name_t *name;
1829 OM_uint32 *lifetime;
1830 int *cred_usage;
1831 gss_OID_set *mechanisms;
1832 uid_t uid;
1833 {
1834 OM_uint32 minor_status_temp;
1835 gss_buffer_desc external_name;
1836 gss_OID name_type;
1837 int i;
1838
1839 gss_inquire_cred_arg arg;
1840 gss_inquire_cred_res res;
1841
1842 /* get the client handle to GSSD */
1843
1844 if ((clnt = getgssd_handle()) == NULL) {
1845 clnt_pcreateerror(server);
1846 return (GSS_S_FAILURE);
1847 }
1848
1849
1850 /* copy the procedure arguments into the rpc arg parameter */
1851
1852 arg.uid = (OM_uint32) uid;
1853
1854 arg.cred_handle.GSS_CRED_ID_T_len =
1855 cred_handle == GSSD_NO_CREDENTIAL ?
1856 0 : (uint_t)sizeof (gssd_cred_id_t);
1857 arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
1858 arg.gssd_cred_verifier = gssd_cred_verifier;
1859
1860 /* call the remote procedure */
1861
1862 memset(&res, 0, sizeof (res));
1863 if (gss_inquire_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
1864
1865 /*
1866 * if the RPC call times out, null out all return arguments,
1867 * set minor_status to its maximum value, and return GSS_S_FAILURE
1868 */
1869
1870 if (minor_status != NULL)
1871 *minor_status = DEFAULT_MINOR_STAT;
1872 if (name != NULL)
1873 *name = NULL;
1874 if (lifetime != NULL)
1875 *lifetime = 0;
1876 if (cred_usage != NULL)
1877 *cred_usage = 0;
1878 if (mechanisms != NULL)
1879 *mechanisms = NULL;
1880
1881 return (GSS_S_FAILURE);
1882 }
1883
1884 /* copy the rpc results into the return arguments */
1885
1886 if (minor_status != NULL)
1887 *minor_status = res.minor_status;
1888
1889 /* convert name from external to internal format */
1890
1891 if (name != NULL) {
1892 external_name.length = res.name.GSS_BUFFER_T_len;
1893 external_name.value = res.name.GSS_BUFFER_T_val;
1894
1895 /*
1896 * we have to allocate a name_type descriptor and
1897 * elements storage, since gss_import_name() only
1898 * stores a pointer to the name_type info in the
1899 * union_name struct
1900 */
1901
1902 name_type = (gss_OID) MALLOC(sizeof (gss_OID_desc));
1903
1904 name_type->length = res.name_type.GSS_OID_len;
1905 name_type->elements = (void *) MALLOC(name_type->length);
1906 memcpy(name_type->elements, res.name_type.GSS_OID_val,
1907 name_type->length);
1908
1909 if (gss_import_name(&minor_status_temp, &external_name,
1910 name_type, name) != GSS_S_COMPLETE) {
1911
1912 *minor_status = (OM_uint32) minor_status_temp;
1913 gss_release_buffer(&minor_status_temp, &external_name);
1914
1915 clnt_freeres(clnt, xdr_gss_inquire_cred_res,
1916 (caddr_t)&res);
1917 return ((OM_uint32) GSS_S_FAILURE);
1918 }
1919 }
1920
1921 if (lifetime != NULL)
1922 *lifetime = res.lifetime;
1923
1924 if (cred_usage != NULL)
1925 *cred_usage = res.cred_usage;
1926
1927 if (mechanisms != NULL) {
1928 *mechanisms =
1929 (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
1930 if (res.mechanisms.GSS_OID_SET_len != 0) {
1931 (*mechanisms)->count =
1932 (int)res.mechanisms.GSS_OID_SET_len;
1933 (*mechanisms)->elements = (gss_OID)
1934 MALLOC(sizeof (gss_OID) * (*mechanisms)->count);
1935
1936 for (i = 0; i < (*mechanisms)->count; i++) {
1937 (*mechanisms)->elements[i].length = (OM_uint32)
1938 res.mechanisms.GSS_OID_SET_val[i].GSS_OID_len;
1939 (*mechanisms)->elements[i].elements = (void *)
1940 MALLOC((*mechanisms)->elements[i].length);
1941 memcpy((*mechanisms)->elements[i].elements,
1942 res.mechanisms.GSS_OID_SET_val[i].GSS_OID_val,
1943 (*mechanisms)->elements[i].length);
1944 }
1945 } else
1946 (*mechanisms)->count = 0;
1947 }
1948
1949 /*
1950 * free the memory allocated for the results and return with the status
1951 * received in the rpc call
1952 */
1953
1954 clnt_freeres(clnt, xdr_gss_inquire_cred_res, (caddr_t)&res);
1955 return (res.status);
1956 }
1957
1958
1959 OM_uint32
1960 kgss_inquire_cred(minor_status,
1961 cred_handle,
1962 name,
1963 lifetime,
1964 cred_usage,
1965 mechanisms,
1966 uid)
1967 OM_uint32 *minor_status;
1968 gss_cred_id_t cred_handle;
1969 gss_name_t *name;
1970 OM_uint32 *lifetime;
1971 int *cred_usage;
1972 gss_OID_set * mechanisms;
1973 uid_t uid;
1974 {
1975
1976 OM_uint32 gssd_cred_verifier;
1977 gssd_cred_id_t gssd_cred_handle;
1978
1979 gssd_cred_verifier = KCRED_TO_CREDV(cred_handle);
1980 gssd_cred_handle = KCRED_TO_CRED(cred_handle);
1981
1982 return (kgss_inquire_cred_wrapped(minor_status,
1983 gssd_cred_handle, gssd_cred_verifier,
1984 name, lifetime, cred_usage, mechanisms, uid));
1985 }
1986
1987
1988 OM_uint32
1989 kgss_inquire_cred_by_mech_wrapped(minor_status,
1990 cred_handle,
1991 gssd_cred_verifier,
1992 mech_type,
1993 uid)
1994 OM_uint32 *minor_status;
1995 gssd_cred_id_t cred_handle;
1996 OM_uint32 gssd_cred_verifier;
1997 gss_OID mech_type;
1998 uid_t uid;
1999 {
2000 OM_uint32 minor_status_temp;
2001
2002 gss_inquire_cred_by_mech_arg arg;
2003 gss_inquire_cred_by_mech_res res;
2004
2005 /* get the client handle to GSSD */
2006
2007 if ((clnt = getgssd_handle()) == NULL) {
2008 clnt_pcreateerror(server);
2009 return (GSS_S_FAILURE);
2010 }
2011
2012
2013 /* copy the procedure arguments into the rpc arg parameter */
2014
2015 arg.uid = (OM_uint32) uid;
2016
2017 arg.cred_handle.GSS_CRED_ID_T_len =
2018 cred_handle == GSSD_NO_CREDENTIAL ?
2019 0 : (uint_t)sizeof (gssd_cred_id_t);
2020 arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
2021 arg.gssd_cred_verifier = gssd_cred_verifier;
2022
2023 arg.mech_type.GSS_OID_len =
2024 (uint_t)(mech_type != GSS_C_NULL_OID ?
2025 mech_type->length : 0);
2026 arg.mech_type.GSS_OID_val =
2027 (char *)(mech_type != GSS_C_NULL_OID ?
2028 mech_type->elements : 0);
2029 /* call the remote procedure */
2030
2031 memset(&res, 0, sizeof (res));
2032 if (gss_inquire_cred_by_mech_1(&arg, &res, clnt) != RPC_SUCCESS) {
2033
2034 /*
2035 * if the RPC call times out, null out all return arguments,
2036 * set minor_status to its maximum value, and return GSS_S_FAILURE
2037 */
2038
2039 if (minor_status != NULL)
2040 *minor_status = DEFAULT_MINOR_STAT;
2041 return (GSS_S_FAILURE);
2042 }
2043
2044 /* copy the rpc results into the return arguments */
2045
2046 if (minor_status != NULL)
2047 *minor_status = res.minor_status;
2048
2049 /* convert name from external to internal format */
2050
2051 /*
2052 * free the memory allocated for the results and return with the status
2053 * received in the rpc call
2054 */
2055
2056 clnt_freeres(clnt, xdr_gss_inquire_cred_by_mech_res, (caddr_t)&res);
2057 return (res.status);
2058 }
2059
2060
2061 OM_uint32
2062 kgss_inquire_cred_by_mech(minor_status,
2063 cred_handle,
2064 mech_type,
2065 uid)
2066 OM_uint32 *minor_status;
2067 gss_cred_id_t cred_handle;
2068 gss_OID mech_type;
2069 uid_t uid;
2070 {
2071
2072 OM_uint32 gssd_cred_verifier;
2073 gssd_cred_id_t gssd_cred_handle;
2074
2075 gssd_cred_verifier = KCRED_TO_CREDV(cred_handle);
2076 gssd_cred_handle = KCRED_TO_CRED(cred_handle);
2077
2078 return (kgss_inquire_cred_by_mech_wrapped(minor_status,
2079 gssd_cred_handle, gssd_cred_verifier,
2080 mech_type, uid));
2081 }
2082
2083 OM_uint32
2084 kgsscred_expname_to_unix_cred(expName, uidOut, gidOut, gids, gidsLen, uid)
2085 const gss_buffer_t expName;
2086 uid_t *uidOut;
2087 gid_t *gidOut;
2088 gid_t *gids[];
2089 int *gidsLen;
2090 uid_t uid;
2091 {
2092 gsscred_expname_to_unix_cred_arg args;
2093 gsscred_expname_to_unix_cred_res res;
2094
2095 /* check input/output parameters */
2096 if (expName == NULL || expName->value == NULL)
2097 return (GSS_S_CALL_INACCESSIBLE_READ);
2098
2099 if (uidOut == NULL)
2100 return (GSS_S_CALL_INACCESSIBLE_WRITE);
2101
2102 /* NULL out output parameters */
2103 *uidOut = 0;
2104 if (gidsLen)
2105 *gidsLen = 0;
2106
2107 if (gids)
2108 *gids = NULL;
2109
2110 /* get the client handle to gssd */
2111 if ((clnt = getgssd_handle()) == NULL)
2112 {
2113 clnt_pcreateerror(server);
2114 return (GSS_S_FAILURE);
2115 }
2116
2117 /* copy the procedure arguments */
2118 args.uid = uid;
2119 args.expname.GSS_BUFFER_T_val = expName->value;
2120 args.expname.GSS_BUFFER_T_len = expName->length;
2121
2122 /* null out the return buffer and call the remote proc */
2123 memset(&res, 0, sizeof (res));
2124
2125 if (gsscred_expname_to_unix_cred_1(&args, &res, clnt) != RPC_SUCCESS)
2126 {
2127 return (GSS_S_FAILURE);
2128 }
2129
2130 /* copy the results into the result parameters */
2131 if (res.major == GSS_S_COMPLETE)
2132 {
2133 *uidOut = res.uid;
2134 if (gidOut)
2135 *gidOut = res.gid;
2136 if (gids && gidsLen)
2137 {
2138 *gids = res.gids.GSSCRED_GIDS_val;
2139 *gidsLen = res.gids.GSSCRED_GIDS_len;
2140 res.gids.GSSCRED_GIDS_val = NULL;
2141 res.gids.GSSCRED_GIDS_len = 0;
2142 }
2143 }
2144
2145 /* free RPC results */
2146 clnt_freeres(clnt, xdr_gsscred_expname_to_unix_cred_res, (caddr_t)&res);
2147
2148 return (res.major);
2149 } /* kgsscred_expname_to_unix_cred */
2150
2151 OM_uint32
2152 kgsscred_name_to_unix_cred(intName, mechType, uidOut, gidOut, gids,
2153 gidsLen, uid)
2154 const gss_name_t intName;
2155 const gss_OID mechType;
2156 uid_t *uidOut;
2157 gid_t *gidOut;
2158 gid_t *gids[];
2159 int *gidsLen;
2160 uid_t uid;
2161 {
2162 gsscred_name_to_unix_cred_arg args;
2163 gsscred_name_to_unix_cred_res res;
2164 OM_uint32 major, minor;
2165 gss_OID nameOid;
2166 gss_buffer_desc flatName = GSS_C_EMPTY_BUFFER;
2167
2168
2169 /* check the input/output parameters */
2170 if (intName == NULL || mechType == NULL)
2171 return (GSS_S_CALL_INACCESSIBLE_READ);
2172
2173 if (uidOut == NULL)
2174 return (GSS_S_CALL_INACCESSIBLE_WRITE);
2175
2176 /* NULL out the output parameters */
2177 *uidOut = 0;
2178 if (gids)
2179 *gids = NULL;
2180
2181 if (gidsLen)
2182 *gidsLen = 0;
2183
2184 /* get the client handle to gssd */
2185 if ((clnt = getgssd_handle()) == NULL)
2186 {
2187 clnt_pcreateerror(server);
2188 return (GSS_S_FAILURE);
2189 }
2190
2191 /* convert the name to flat representation */
2192 if ((major = gss_display_name(&minor, intName, &flatName, &nameOid))
2193 != GSS_S_COMPLETE)
2194 {
2195 return (major);
2196 }
2197
2198 /* set the rpc parameters */
2199 args.uid = uid;
2200 args.pname.GSS_BUFFER_T_len = flatName.length;
2201 args.pname.GSS_BUFFER_T_val = flatName.value;
2202 args.name_type.GSS_OID_len = nameOid->length;
2203 args.name_type.GSS_OID_val = nameOid->elements;
2204 args.mech_type.GSS_OID_len = mechType->length;
2205 args.mech_type.GSS_OID_val = mechType->elements;
2206
2207 /* call the remote procedure */
2208 memset(&res, 0, sizeof (res));
2209 if (gsscred_name_to_unix_cred_1(&args, &res, clnt) != RPC_SUCCESS)
2210 {
2211 gss_release_buffer(&minor, &flatName);
2212 return (GSS_S_FAILURE);
2213 }
2214
2215 gss_release_buffer(&minor, &flatName);
2216 /* copy the output parameters on output */
2217 if (res.major == GSS_S_COMPLETE)
2218 {
2219 *uidOut = res.uid;
2220 if (gidOut)
2221 *gidOut = res.gid;
2222 if (gids && gidsLen)
2223 {
2224 *gids = res.gids.GSSCRED_GIDS_val;
2225 *gidsLen = res.gids.GSSCRED_GIDS_len;
2226 res.gids.GSSCRED_GIDS_val = NULL;
2227 res.gids.GSSCRED_GIDS_len = 0;
2228 }
2229 }
2230
2231 /* delete RPC allocated memory */
2232 clnt_freeres(clnt, xdr_gsscred_name_to_unix_cred_res, (caddr_t)&res);
2233
2234 return (res.major);
2235 } /* kgsscred_name_to_unix_cred */
2236
2237 OM_uint32
2238 kgss_get_group_info(puid, gidOut, gids, gidsLen, uid)
2239 const uid_t puid;
2240 gid_t *gidOut;
2241 gid_t *gids[];
2242 int *gidsLen;
2243 uid_t uid;
2244 {
2245 gss_get_group_info_arg args;
2246 gss_get_group_info_res res;
2247
2248
2249 /* check the output parameters */
2250 if (gidOut == NULL || gids == NULL || gidsLen == NULL)
2251 return (GSS_S_CALL_INACCESSIBLE_WRITE);
2252
2253 /* get the client GSSD handle */
2254 if ((clnt = getgssd_handle()) == NULL)
2255 {
2256 clnt_pcreateerror(server);
2257 return (GSS_S_FAILURE);
2258 }
2259
2260 /* set the input parameters */
2261 args.uid = uid;
2262 args.puid = puid;
2263
2264
2265 /* call the remote procedure */
2266 memset(&res, 0, sizeof (res));
2267 if (gss_get_group_info_1(&args, &res, clnt) != RPC_SUCCESS)
2268 {
2269 return (GSS_S_FAILURE);
2270 }
2271
2272 /* copy the results */
2273 if (res.major == GSS_S_COMPLETE)
2274 {
2275 *gidOut = res.gid;
2276 *gids = res.gids.GSSCRED_GIDS_val;
2277 *gidsLen = res.gids.GSSCRED_GIDS_len;
2278 res.gids.GSSCRED_GIDS_val = NULL;
2279 res.gids.GSSCRED_GIDS_len = 0;
2280 }
2281
2282 /* nothing to free */
2283
2284 return (res.major);
2285 } /* kgss_get_group_info */
2286
2287 OM_uint32
2288 kgss_export_sec_context_wrapped(minor_status,
2289 context_handle,
2290 output_token,
2291 gssd_context_verifier)
2292 OM_uint32 *minor_status;
2293 gssd_ctx_id_t *context_handle;
2294 gss_buffer_t output_token;
2295 OM_uint32 gssd_context_verifier;
2296 {
2297 CLIENT *clnt;
2298 gss_export_sec_context_arg arg;
2299 gss_export_sec_context_res res;
2300
2301
2302 /* get the client handle to GSSD */
2303
2304 if ((clnt = getgssd_handle()) == NULL) {
2305 clnt_pcreateerror(server);
2306 return (GSS_S_FAILURE);
2307 }
2308
2309 /* copy the procedure arguments into the rpc arg parameter */
2310
2311 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
2312 arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
2313 arg.gssd_context_verifier = gssd_context_verifier;
2314
2315 /* call the remote procedure */
2316
2317 memset(&res, 0, sizeof (res));
2318 if (gss_export_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
2319
2320 /*
2321 * if the RPC call times out, null out all return arguments, set minor_status
2322 * to its maximum value, and return GSS_S_FAILURE
2323 */
2324
2325 if (minor_status != NULL)
2326 *minor_status = DEFAULT_MINOR_STAT;
2327 if (context_handle != NULL)
2328 *context_handle = NULL;
2329 if (output_token != NULL)
2330 output_token->length = 0;
2331
2332 return (GSS_S_FAILURE);
2333 }
2334
2335 /* copy the rpc results into the return arguments */
2336
2337 if (minor_status != NULL)
2338 *minor_status = res.minor_status;
2339
2340 if (res.context_handle.GSS_CTX_ID_T_len == 0)
2341 *context_handle = NULL;
2342 else
2343 *context_handle =
2344 *((gssd_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
2345
2346 if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
2347 output_token->length = res.output_token.GSS_BUFFER_T_len;
2348 output_token->value =
2349 (void *) MALLOC(output_token->length);
2350 memcpy(output_token->value,
2351 res.output_token.GSS_BUFFER_T_val,
2352 output_token->length);
2353 }
2354
2355 /*
2356 * free the memory allocated for the results and return with the status
2357 * received in the rpc call
2358 */
2359
2360 clnt_freeres(clnt, xdr_gss_export_sec_context_res, (caddr_t)&res);
2361 return (res.status);
2362
2363 }
2364
2365 OM_uint32
2366 kgss_export_sec_context(minor_status,
2367 context_handle,
2368 output_token)
2369 OM_uint32 *minor_status;
2370 gss_ctx_id_t *context_handle;
2371 gss_buffer_t output_token;
2372 {
2373 OM_uint32 err;
2374 struct kgss_ctx *kctx;
2375
2376 if (*context_handle == GSS_C_NO_CONTEXT) {
2377 return (GSS_S_NO_CONTEXT);
2378 } else
2379 kctx = KCTX_TO_KGSS_CTX(*context_handle);
2380
2381 err = kgss_export_sec_context_wrapped(minor_status,
2382 &kctx->gssd_ctx, output_token,
2383 kctx->gssd_ctx_verifier);
2384
2385 if (GSS_ERROR(err))
2386 return (err);
2387 else {
2388 KGSS_FREE(kctx);
2389 *context_handle = GSS_C_NO_CONTEXT;
2390 return (err);
2391 }
2392
2393 }
2394
2395 OM_uint32
2396 kgss_import_sec_context_wrapped(minor_status,
2397 input_token,
2398 context_handle,
2399 gssd_context_verifier)
2400 OM_uint32 *minor_status;
2401 gss_buffer_t input_token;
2402 gss_ctx_id_t *context_handle;
2403 OM_uint32 gssd_context_verifier;
2404 {
2405 CLIENT *clnt;
2406 gss_import_sec_context_arg arg;
2407 gss_import_sec_context_res res;
2408
2409
2410 /* get the client handle to GSSD */
2411
2412 if ((clnt = getgssd_handle()) == NULL) {
2413 clnt_pcreateerror(server);
2414 return (GSS_S_FAILURE);
2415 }
2416
2417 /* copy the procedure arguments into the rpc arg parameter */
2418 arg.input_token.GSS_BUFFER_T_len = (uint_t)
2419 (input_token != GSS_C_NO_BUFFER ? input_token->length : 0);
2420 arg.input_token.GSS_BUFFER_T_val = (char *)
2421 (input_token != GSS_C_NO_BUFFER ? input_token->value : 0);
2422 arg.gssd_context_verifier = gssd_context_verifier;
2423
2424
2425 /* call the remote procedure */
2426
2427 memset(&res, 0, sizeof (res));
2428 if (gss_import_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
2429
2430 /*
2431 * if the RPC call times out, null out all return arguments, set minor_status
2432 * to its maximum value, and return GSS_S_FAILURE
2433 */
2434
2435 if (minor_status != NULL)
2436 *minor_status = DEFAULT_MINOR_STAT;
2437 if (context_handle != NULL)
2438 *context_handle = NULL;
2439
2440 return (GSS_S_FAILURE);
2441 }
2442
2443 /* copy the rpc results into the return arguments */
2444
2445 if (minor_status != NULL)
2446 *minor_status = res.minor_status;
2447
2448 if (res.context_handle.GSS_CTX_ID_T_len == 0)
2449 *context_handle = NULL;
2450 else
2451 *context_handle =
2452 *((gss_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
2453
2454
2455 /*
2456 * free the memory allocated for the results and return with the status
2457 * received in the rpc call
2458 */
2459
2460 clnt_freeres(clnt, xdr_gss_import_sec_context_res, (caddr_t)&res);
2461 return (res.status);
2462 }
2463
2464 OM_uint32
2465 kgss_import_sec_context(minor_status,
2466 input_token,
2467 context_handle)
2468 OM_uint32 *minor_status;
2469 gss_buffer_t input_token;
2470 gss_ctx_id_t *context_handle;
2471 {
2472 struct kgss_ctx *kctx;
2473
2474 if (*context_handle == GSS_C_NO_CONTEXT) {
2475 kctx = KGSS_ALLOC();
2476 *context_handle = (gss_ctx_id_t)kctx;
2477 kctx->gssd_ctx = (OM_uint32) GSS_C_NO_CONTEXT;
2478 } else
2479 kctx = (struct kgss_ctx *)*context_handle;
2480 return (kgss_import_sec_context_wrapped(minor_status,
2481 input_token, &kctx->gssd_ctx,
2482 KCTX_TO_CTXV(context_handle)));
2483 }
2484
2485 #ifdef _KERNEL
2486 #include <sys/modctl.h>
2487
2488 static void *gss_clnt = NULL;
2489
2490 #ifdef DEBUG
2491 typedef struct {
2492 char *name; /* just put something here */
2493 } gssd_devstate_t;
2494
2495
2496 static void *gssd_state;
2497
2498 static int gssd_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
2499 {
2500 /* cmn_err(CE_NOTE, "In gssd_attach"); */
2501 switch (cmd) {
2502 case DDI_ATTACH:
2503 if (ddi_create_minor_node(dip, "gssd", S_IFCHR, 0, "gssd", 0)
2504 == DDI_FAILURE) {
2505 ddi_remove_minor_node(dip, NULL);
2506 return (DDI_FAILURE);
2507 }
2508 return (DDI_SUCCESS);
2509
2510 default:
2511 return (DDI_FAILURE);
2512 }
2513 }
2514
2515 static int gssd_getinfo(dev_info_t *dip, ddi_info_cmd_t infocmd,
2516 void *arg, void **result)
2517 {
2518 dev_t dev;
2519 int error;
2520
2521 /* cmn_err(CE_NOTE, "In gssd_getinfo"); */
2522
2523 switch (infocmd) {
2524 case DDI_INFO_DEVT2INSTANCE:
2525 dev = (dev_t)arg;
2526 *result = (void *) getminor(dev);
2527 error = DDI_SUCCESS;
2528 break;
2529
2530 case DDI_INFO_DEVT2DEVINFO:
2531 /* cmn_err(CE_NOTE, "getinfo wants devinfo"); */
2532 default:
2533 error = DDI_FAILURE;
2534 break;
2535 }
2536 return (error);
2537 }
2538
2539 static int gssd_identify(dev_info_t *dip)
2540 {
2541 /* cmn_err(CE_NOTE, "in gssd_identify"); */
2542 if (strcmp(ddi_get_name(dip), "gssd") == 0)
2543 return (DDI_IDENTIFIED);
2544 else
2545 return (DDI_NOT_IDENTIFIED);
2546 }
2547
2548 static int gssd_probe(dev_info_t *dip)
2549 {
2550 /* cmn_err(CE_NOTE, "In gssd_probe"); */
2551
2552 return (DDI_PROBE_SUCCESS);
2553 }
2554
2555 static int gssd_open(dev_t *devp, int flag, int otyp, cred_t *credp)
2556 {
2557 /* cmn_err (CE_NOTE, "In gssd_open"); */
2558 if (otyp != OTYP_CHR)
2559 return (EINVAL);
2560
2561 gss_clnt = getgssd_handle();
2562 return (0);
2563 }
2564
2565 static int gssd_close(dev_t dev, int flag, int otyp, cred_t *credp)
2566 {
2567 /* cmn_err(CE_NOTE, "In gssd_close"); */
2568 killgssd_handle(gss_clnt);
2569 return (0);
2570 }
2571
2572 static int gssd_write(dev_t dev, struct uio *uiop, cred_t *credp)
2573 {
2574 char buffer[1024];
2575 int len;
2576
2577 /* cmn_err(CE_NOTE, "In gssd_write"); */
2578 bzero(buffer, 1024);
2579
2580 uiomove(buffer, 1024, UIO_WRITE, uiop);
2581 len = strlen(buffer);
2582
2583 if (buffer[len-1] == '\n')
2584 buffer[--len] = '\0';
2585
2586 cmn_err(CE_NOTE, "Got command: (%d) \"%s\"", len, buffer);
2587 do_gssdtest(buffer);
2588 return (0);
2589 }
2590
2591 static struct cb_ops gssd_cb_ops = {
2592 gssd_open, /* cb_open */
2593 gssd_close, /* cb_close */
2594 nodev, /* cb_strategy */
2595 nodev, /* cb_print */
2596 nodev, /* cb_dump */
2597 nulldev, /* cb_read */
2598 gssd_write, /* cb_write */
2599 nodev, /* cb_ioctl */
2600 nodev, /* cb_devmap */
2601 nodev, /* cb_mmap */
2602 nodev, /* cb_segmap */
2603 nochpoll, /* cb_chpoll */
2604 ddi_prop_op, /* cb_prop_op */
2605 NULL, /* cb_stream */
2606 (int)(D_NEW|D_MP) /* cb_flag */
2607 };
2608
2609 static struct dev_ops gssd_ops = {
2610 DEVO_REV, /* devo_rev */
2611 0, /* devo_refcnt */
2612 gssd_getinfo, /* devo_getinfo */
2613 gssd_identify, /* devo_identify */
2614 nulldev, /* devo_probe */
2615 gssd_attach, /* devo_attach */
2616 nulldev, /* devo_detach */
2617 nodev, /* devo_reset */
2618 &gssd_cb_ops, /* devo_cb_ops */
2619 (struct bus_ops *)NULL /* devo_bus_ops */
2620 };
2621
2622 extern struct mod_ops mod_driverops;
2623
2624 static struct modldrv modlmisc = {
2625 &mod_driverops,
2626 "GSSD DRV Client Module",
2627 &gssd_ops
2628
2629 #else /* !DEBUG */
2630
2631 static struct modlmisc modlmisc = {
2632 &mod_miscops,
2633 "GSSD Client Module"
2634 #endif /* DEBUG */
2635 };
2636
2637 static struct modlinkage modlinkage = {
2638 MODREV_1,
2639 (void *)&modlmisc,
2640 NULL
2641 };
2642
2643 char _depends_on[] = "strmod/rpcmod misc/tlimod";
2644
2645 _init(void)
2646 {
2647 int status;
2648
2649 if ((status = ddi_soft_state_init(&gssd_state,
2650 sizeof (gssd_devstate_t), 1)) != 0)
2651 return (status);
2652
2653 if ((status = mod_install((struct modlinkage *)&modlinkage)) != 0)
2654 ddi_soft_state_fini(&gssd_state);
2655
2656 cmn_err(CE_NOTE, "gssd: I'm in the kernel: %d.", status);
2657 return (status);
2658 }
2659
2660 _fini()
2661 {
2662 int status;
2663
2664 killgssd_handle(gss_clnt);
2665 cmn_err(CE_NOTE, "gssd: Handle destroyed.. leaving module.");
2666
2667 if ((status = mod_remove(&modlinkage)) != 0)
2668 return (status);
2669
2670 ddi_soft_state_fini(&gssd_state);
2671 return (status);
2672 }
2673
2674 _info(modinfop)
2675 struct modinfo *modinfop;
2676 {
2677 return (mod_info(&modlinkage, modinfop));
2678 }
2679
2680 #endif