Print this page
first pass
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/uts/common/gssapi/include/mechglueP.h
+++ new/usr/src/uts/common/gssapi/include/mechglueP.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 */
24 24
25 25 /*
26 26 * This header contains the private mechglue definitions.
27 27 *
28 28 */
29 29
30 30 #ifndef _GSS_MECHGLUEP_H
31 31 #define _GSS_MECHGLUEP_H
32 32
33 33 #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */
34 34 #include "autoconf.h"
35 35 #endif
36 36
37 37 /* SUNW15resync */
38 38 #ifndef GSS_DLLIMP
39 39 #define GSS_DLLIMP
40 40 #endif
41 41
42 42 #include <gssapi/gssapi_ext.h> /* SUNW15resync - mechglue.h in mit 1.5 */
43 43 #if 0 /* Solaris Kerberos */
44 44 #include "gssapiP_generic.h"
45 45 #endif
46 46
47 47 #ifdef _KERNEL
48 48 #include <rpc/rpc.h>
49 49 #endif
50 50
51 51 #ifndef g_OID_copy /* SUNW15resync */
52 52 #define g_OID_copy(o1, o2) \
53 53 do { \
54 54 memcpy((o1)->elements, (o2)->elements, (o2)->length); \
55 55 (o1)->length = (o2)->length; \
56 56 } while (0)
57 57 #endif
58 58
59 59 #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\
60 60 (buf)->value == NULL || (buf)->length == 0)
61 61
62 62 /*
63 63 * Array of context IDs typed by mechanism OID
64 64 */
65 65 typedef struct gss_union_ctx_id_t {
66 66 gss_OID mech_type;
67 67 gss_ctx_id_t internal_ctx_id;
68 68 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
69 69
70 70 /*
71 71 * Generic GSSAPI names. A name can either be a generic name, or a
72 72 * mechanism specific name....
73 73 */
74 74 typedef struct gss_name_struct {
75 75 struct gss_name_struct *loopback;
76 76 gss_OID name_type;
77 77 gss_buffer_t external_name;
78 78 /*
79 79 * These last two fields are only filled in for mechanism
80 80 * names.
81 81 */
82 82 gss_OID mech_type;
83 83 gss_name_t mech_name;
84 84 } gss_union_name_desc, *gss_union_name_t;
85 85
86 86 /*
87 87 * Structure for holding list of mechanism-specific name types
88 88 */
89 89 typedef struct gss_mech_spec_name_t {
90 90 gss_OID name_type;
91 91 gss_OID mech;
92 92 struct gss_mech_spec_name_t *next, *prev;
93 93 } gss_mech_spec_name_desc, *gss_mech_spec_name;
94 94
95 95 /*
96 96 * Credential auxiliary info, used in the credential structure
97 97 */
98 98 typedef struct gss_union_cred_auxinfo {
99 99 gss_buffer_desc name;
100 100 gss_OID name_type;
101 101 OM_uint32 creation_time;
102 102 OM_uint32 time_rec;
103 103 int cred_usage;
104 104 } gss_union_cred_auxinfo;
105 105
106 106 /*
107 107 * Set of Credentials typed on mechanism OID
108 108 */
109 109 typedef struct gss_union_cred_t {
110 110 int count;
111 111 gss_OID mechs_array;
112 112 gss_cred_id_t *cred_array;
113 113 gss_union_cred_auxinfo auxinfo;
114 114 } gss_union_cred_desc, *gss_union_cred_t;
115 115
116 116 /* Solaris Kerberos */
117 117 typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)(
118 118 void *, /* context */
119 119 OM_uint32 *, /* minor_status */
120 120 const gss_name_t, /* desired_name */
121 121 const gss_buffer_t, /* password */
122 122 OM_uint32, /* time_req */
123 123 const gss_OID_set, /* desired_mechs */
124 124 int, /* cred_usage */
125 125 gss_cred_id_t *, /* output_cred_handle */
126 126 gss_OID_set *, /* actual_mechs */
127 127 OM_uint32 * /* time_rec */
128 128 /* */);
129 129
130 130 /*
131 131 * Rudimentary pointer validation macro to check whether the
132 132 * "loopback" field of an opaque struct points back to itself. This
133 133 * field also catches some programming errors where an opaque pointer
134 134 * is passed to a function expecting the address of the opaque
135 135 * pointer.
136 136 */
137 137 #if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */
138 138 #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
139 139 #else
140 140 #define GSSINT_CHK_LOOP(p) ((p) == NULL)
141 141 #endif
142 142
143 143
144 144 /********************************************************/
145 145 /* The Mechanism Dispatch Table -- a mechanism needs to */
146 146 /* define one of these and provide a function to return */
147 147 /* it to initialize the GSSAPI library */
148 148
149 149 /*
150 150 * This is the definition of the mechs_array struct, which is used to
151 151 * define the mechs array table. This table is used to indirectly
152 152 * access mechanism specific versions of the gssapi routines through
153 153 * the routines in the glue module (gssd_mech_glue.c)
154 154 *
155 155 * This contants all of the functions defined in gssapi.h except for
156 156 * gss_release_buffer() and gss_release_oid_set(), which I am
157 157 * assuming, for now, to be equal across mechanisms.
158 158 */
159 159
160 160 typedef struct gss_config {
161 161 #if 0 /* Solaris Kerberos */
162 162 OM_uint32 priority;
163 163 char * mechNameStr;
164 164 #endif
165 165 gss_OID_desc mech_type;
166 166 void * context;
167 167 #ifdef _KERNEL
168 168 struct gss_config *next;
169 169 bool_t uses_kmod;
170 170 #endif
171 171
172 172 #ifndef _KERNEL
173 173 OM_uint32 (*gss_acquire_cred)
174 174 (
175 175 void *, /* context */
176 176
177 177 OM_uint32 *, /* minor_status */
178 178 const gss_name_t, /* desired_name */
179 179 OM_uint32, /* time_req */
180 180 const gss_OID_set, /* desired_mechs */
181 181 int, /* cred_usage */
182 182 gss_cred_id_t *, /* output_cred_handle */
183 183 gss_OID_set *, /* actual_mechs */
184 184 OM_uint32 * /* time_rec */
185 185 /* */);
186 186 OM_uint32 (*gss_release_cred)
187 187 (
188 188
189 189 void *, /* context */
190 190 OM_uint32 *, /* minor_status */
191 191 gss_cred_id_t * /* cred_handle */
192 192 /* */);
193 193 OM_uint32 (*gss_init_sec_context)
194 194 (
195 195 void *, /* context */
196 196 OM_uint32 *, /* minor_status */
197 197 const gss_cred_id_t, /* claimant_cred_handle */
198 198 gss_ctx_id_t *, /* context_handle */
199 199 const gss_name_t, /* target_name */
200 200 const gss_OID, /* mech_type */
201 201 OM_uint32, /* req_flags */
202 202 OM_uint32, /* time_req */
203 203 const gss_channel_bindings_t, /* input_chan_bindings */
204 204 const gss_buffer_t, /* input_token */
205 205 gss_OID*, /* actual_mech_type */
206 206 gss_buffer_t, /* output_token */
207 207 OM_uint32 *, /* ret_flags */
208 208 OM_uint32 * /* time_rec */
209 209 /* */);
210 210 OM_uint32 (*gss_accept_sec_context)
211 211 (
212 212 void *, /* context */
213 213 OM_uint32 *, /* minor_status */
214 214 gss_ctx_id_t *, /* context_handle */
↓ open down ↓ |
214 lines elided |
↑ open up ↑ |
215 215 const gss_cred_id_t, /* verifier_cred_handle */
216 216 const gss_buffer_t, /* input_token_buffer */
217 217 const gss_channel_bindings_t, /* input_chan_bindings */
218 218 gss_name_t *, /* src_name */
219 219 gss_OID*, /* mech_type */
220 220 gss_buffer_t, /* output_token */
221 221 OM_uint32 *, /* ret_flags */
222 222 OM_uint32 *, /* time_rec */
223 223 gss_cred_id_t * /* delegated_cred_handle */
224 224 /* */);
225 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
226 225 #endif /* ! _KERNEL */
227 226
228 227 /*
229 228 * Note: there are two gss_unseal's in here. Make any changes to both.
230 229 */
231 230 OM_uint32 (*gss_unseal)
232 231 (
233 232 void *, /* context */
234 233 OM_uint32 *, /* minor_status */
235 234 const gss_ctx_id_t, /* context_handle */
236 235 const gss_buffer_t, /* input_message_buffer */
237 236 gss_buffer_t, /* output_message_buffer */
238 237 int *, /* conf_state */
239 238 int * /* qop_state */
240 239 #ifdef _KERNEL
241 240 /* */, OM_uint32
242 241 #endif
243 242 /* */);
244 243 #ifndef _KERNEL
245 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
246 244 OM_uint32 (*gss_process_context_token)
247 245 (
248 246 void *, /* context */
249 247 OM_uint32 *, /* minor_status */
250 248 const gss_ctx_id_t, /* context_handle */
251 249 const gss_buffer_t /* token_buffer */
252 250 /* */);
253 251 #endif /* ! _KERNEL */
254 252 OM_uint32 (*gss_delete_sec_context)
255 253 (
256 254 void *, /* context */
257 255 OM_uint32 *, /* minor_status */
258 256 gss_ctx_id_t *, /* context_handle */
259 257 gss_buffer_t /* output_token */
260 258 #ifdef _KERNEL
261 259 /* */, OM_uint32
262 260 #endif
263 261 /* */);
264 262 #ifndef _KERNEL
265 263 OM_uint32 (*gss_context_time)
266 264 (
267 265 void *, /* context */
268 266 OM_uint32 *, /* minor_status */
269 267 const gss_ctx_id_t, /* context_handle */
270 268 OM_uint32 * /* time_rec */
271 269 /* */);
272 270 OM_uint32 (*gss_display_status)
273 271 (
274 272 void *, /* context */
275 273 OM_uint32 *, /* minor_status */
276 274 OM_uint32, /* status_value */
277 275 int, /* status_type */
278 276 const gss_OID, /* mech_type */
279 277 OM_uint32 *, /* message_context */
280 278 gss_buffer_t /* status_string */
281 279 /* */);
282 280 OM_uint32 (*gss_indicate_mechs)
283 281 (
284 282 void *, /* context */
285 283 OM_uint32 *, /* minor_status */
286 284 gss_OID_set * /* mech_set */
287 285 /* */);
288 286 OM_uint32 (*gss_compare_name)
289 287 (
290 288 void *, /* context */
291 289 OM_uint32 *, /* minor_status */
292 290 const gss_name_t, /* name1 */
293 291 const gss_name_t, /* name2 */
294 292 int * /* name_equal */
295 293 /* */);
296 294 OM_uint32 (*gss_display_name)
297 295 (
298 296 void *, /* context */
299 297 OM_uint32 *, /* minor_status */
300 298 const gss_name_t, /* input_name */
301 299 gss_buffer_t, /* output_name_buffer */
302 300 gss_OID* /* output_name_type */
303 301 /* */);
304 302 OM_uint32 (*gss_import_name)
305 303 (
306 304 void *, /* context */
307 305 OM_uint32 *, /* minor_status */
308 306 const gss_buffer_t, /* input_name_buffer */
309 307 const gss_OID, /* input_name_type */
310 308 gss_name_t * /* output_name */
311 309 /* */);
312 310 OM_uint32 (*gss_release_name)
313 311 (
314 312 void *, /* context */
315 313 OM_uint32 *, /* minor_status */
316 314 gss_name_t * /* input_name */
317 315 /* */);
318 316 OM_uint32 (*gss_inquire_cred)
319 317 (
320 318 void *, /* context */
321 319 OM_uint32 *, /* minor_status */
322 320 const gss_cred_id_t, /* cred_handle */
323 321 gss_name_t *, /* name */
324 322 OM_uint32 *, /* lifetime */
325 323 int *, /* cred_usage */
326 324 gss_OID_set * /* mechanisms */
327 325 /* */);
328 326 OM_uint32 (*gss_add_cred)
329 327 (
330 328 void *, /* context */
331 329 OM_uint32 *, /* minor_status */
332 330 const gss_cred_id_t, /* input_cred_handle */
↓ open down ↓ |
77 lines elided |
↑ open up ↑ |
333 331 const gss_name_t, /* desired_name */
334 332 const gss_OID, /* desired_mech */
335 333 gss_cred_usage_t, /* cred_usage */
336 334 OM_uint32, /* initiator_time_req */
337 335 OM_uint32, /* acceptor_time_req */
338 336 gss_cred_id_t *, /* output_cred_handle */
339 337 gss_OID_set *, /* actual_mechs */
340 338 OM_uint32 *, /* initiator_time_rec */
341 339 OM_uint32 * /* acceptor_time_rec */
342 340 /* */);
343 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
344 341 #endif /* ! _KERNEL */
345 342 /*
346 343 * Note: there are two gss_seal's in here. Make any changes to both.
347 344 */
348 345 OM_uint32 (*gss_seal)
349 346 (
350 347 void *, /* context */
351 348 OM_uint32 *, /* minor_status */
352 349 const gss_ctx_id_t, /* context_handle */
353 350 int, /* conf_req_flag */
354 351 int, /* qop_req */
355 352 const gss_buffer_t, /* input_message_buffer */
356 353 int *, /* conf_state */
357 354 gss_buffer_t /* output_message_buffer */
358 355 #ifdef _KERNEL
359 356 /* */, OM_uint32
360 357 #endif
361 358 /* */);
362 359 #ifndef _KERNEL
363 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
364 360 OM_uint32 (*gss_export_sec_context)
365 361 (
366 362 void *, /* context */
367 363 OM_uint32 *, /* minor_status */
368 364 gss_ctx_id_t *, /* context_handle */
369 365 gss_buffer_t /* interprocess_token */
370 366 /* */);
371 367 #endif /* ! _KERNEL */
372 368 OM_uint32 (*gss_import_sec_context)
373 369 (
374 370 void *, /* context */
375 371 OM_uint32 *, /* minor_status */
376 372 const gss_buffer_t, /* interprocess_token */
377 373 gss_ctx_id_t * /* context_handle */
378 374 /* */);
379 375 #ifndef _KERNEL
380 376 OM_uint32 (*gss_inquire_cred_by_mech)
381 377 (
382 378 void *, /* context */
383 379 OM_uint32 *, /* minor_status */
384 380 const gss_cred_id_t, /* cred_handle */
385 381 const gss_OID, /* mech_type */
386 382 gss_name_t *, /* name */
387 383 OM_uint32 *, /* initiator_lifetime */
388 384 OM_uint32 *, /* acceptor_lifetime */
389 385 gss_cred_usage_t * /* cred_usage */
390 386 /* */);
391 387 OM_uint32 (*gss_inquire_names_for_mech)
392 388 (
393 389 void *, /* context */
394 390 OM_uint32 *, /* minor_status */
395 391 const gss_OID, /* mechanism */
396 392 gss_OID_set * /* name_types */
397 393 /* */);
398 394 OM_uint32 (*gss_inquire_context)
399 395 (
400 396 void *, /* context */
401 397 OM_uint32 *, /* minor_status */
402 398 const gss_ctx_id_t, /* context_handle */
403 399 gss_name_t *, /* src_name */
404 400 gss_name_t *, /* targ_name */
405 401 OM_uint32 *, /* lifetime_rec */
406 402 gss_OID *, /* mech_type */
407 403 OM_uint32 *, /* ctx_flags */
408 404 int *, /* locally_initiated */
409 405 int * /* open */
410 406 /* */);
411 407 OM_uint32 (*gss_internal_release_oid)
412 408 (
413 409 void *, /* context */
414 410 OM_uint32 *, /* minor_status */
415 411 gss_OID * /* OID */
416 412 /* */);
417 413 OM_uint32 (*gss_wrap_size_limit)
418 414 (
419 415 void *, /* context */
420 416 OM_uint32 *, /* minor_status */
421 417 const gss_ctx_id_t, /* context_handle */
422 418 int, /* conf_req_flag */
423 419 gss_qop_t, /* qop_req */
424 420 OM_uint32, /* req_output_size */
425 421 OM_uint32 * /* max_input_size */
426 422 /* */);
427 423 OM_uint32 (*pname_to_uid)
428 424 (
429 425 void *, /* context */
430 426 OM_uint32 *, /* minor_status */
431 427 const gss_name_t, /* pname */
432 428 uid_t * /* uid */
433 429 /* */);
434 430 OM_uint32 (*__gss_userok)
435 431 (
436 432 void *, /* context */
437 433 OM_uint32 *, /* minor_status */
438 434 const gss_name_t, /* pname */
439 435 const char *, /* local user */
↓ open down ↓ |
66 lines elided |
↑ open up ↑ |
440 436 int * /* user ok? */
441 437 /* */);
442 438 OM_uint32 (*gss_export_name)
443 439 (
444 440 void *, /* context */
445 441 OM_uint32 *, /* minor_status */
446 442 const gss_name_t, /* input_name */
447 443 gss_buffer_t /* exported_name */
448 444 /* */);
449 445 #endif /* ! _KERNEL */
450 -/* EXPORT DELETE START */
451 -/* CRYPT DELETE START */
452 -/*
453 - * This block comment is Sun Proprietary: Need-To-Know.
454 - * What we are doing is leaving the seal and unseal entry points
455 - * in an obvious place before sign and unsign for the Domestic customer
456 - * of the Solaris Source Product. The Domestic customer of the Solaris Source
457 - * Product will have to deal with the problem of creating exportable libgss
458 - * binaries.
459 - * In the binary product that Sun builds, these entry points are elsewhere,
460 - * and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC
461 - * targets delete them.
462 - */
463 -#if 0
464 -/* CRYPT DELETE END */
465 - OM_uint32 (*gss_seal)
466 - (
467 - void *, /* context */
468 - OM_uint32 *, /* minor_status */
469 - const gss_ctx_id_t, /* context_handle */
470 - int, /* conf_req_flag */
471 - int, /* qop_req */
472 - const gss_buffer_t, /* input_message_buffer */
473 - int *, /* conf_state */
474 - gss_buffer_t /* output_message_buffer */
475 -#ifdef _KERNEL
476 - /* */, OM_uint32
477 -#endif
478 - /* */);
479 - OM_uint32 (*gss_unseal)
480 - (
481 - void *, /* context */
482 - OM_uint32 *, /* minor_status */
483 - const gss_ctx_id_t, /* context_handle */
484 - const gss_buffer_t, /* input_message_buffer */
485 - gss_buffer_t, /* output_message_buffer */
486 - int *, /* conf_state */
487 - int * /* qop_state */
488 -#ifdef _KERNEL
489 - /* */, OM_uint32
490 -#endif
491 - /* */);
492 -/* CRYPT DELETE START */
493 -#endif /* 0 */
494 -/* CRYPT DELETE END */
495 -/* EXPORT DELETE END */
496 446 OM_uint32 (*gss_sign)
497 447 (
498 448 void *, /* context */
499 449 OM_uint32 *, /* minor_status */
500 450 const gss_ctx_id_t, /* context_handle */
501 451 int, /* qop_req */
502 452 const gss_buffer_t, /* message_buffer */
503 453 gss_buffer_t /* message_token */
504 454 #ifdef _KERNEL
505 455 /* */, OM_uint32
506 456 #endif
507 457 /* */);
508 458 OM_uint32 (*gss_verify)
509 459 (
510 460 void *, /* context */
511 461 OM_uint32 *, /* minor_status */
512 462 const gss_ctx_id_t, /* context_handle */
513 463 const gss_buffer_t, /* message_buffer */
514 464 const gss_buffer_t, /* token_buffer */
515 465 int * /* qop_state */
516 466 #ifdef _KERNEL
517 467 /* */, OM_uint32
518 468 #endif
519 469 /* */);
520 470 #ifndef _KERNEL
521 471 OM_uint32 (*gss_store_cred)
522 472 (
523 473 void *, /* context */
524 474 OM_uint32 *, /* minor_status */
525 475 const gss_cred_id_t, /* input_cred */
526 476 gss_cred_usage_t, /* cred_usage */
527 477 const gss_OID, /* desired_mech */
528 478 OM_uint32, /* overwrite_cred */
529 479 OM_uint32, /* default_cred */
530 480 gss_OID_set *, /* elements_stored */
531 481 gss_cred_usage_t * /* cred_usage_stored */
532 482 /* */);
533 483
534 484 /* GGF extensions */
535 485
536 486 OM_uint32 (*gss_inquire_sec_context_by_oid)
537 487 (
538 488 OM_uint32 *, /* minor_status */
539 489 const gss_ctx_id_t, /* context_handle */
540 490 const gss_OID, /* OID */
541 491 gss_buffer_set_t * /* data_set */
542 492 /* */);
543 493
544 494 #endif
545 495 } *gss_mechanism;
546 496
547 497
548 498
549 499 #ifndef _KERNEL
550 500 /* This structure MUST NOT be used by any code outside libgss */
551 501 typedef struct gss_config_ext {
552 502 gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password;
553 503 } *gss_mechanism_ext;
554 504 #endif /* _KERNEL */
555 505
556 506
557 507 /*
558 508 * In the user space we use a wrapper structure to encompass the
559 509 * mechanism entry points. The wrapper contain the mechanism
560 510 * entry points and other data which is only relevant to the gss-api
561 511 * layer. In the kernel we use only the gss_config strucutre because
562 512 * the kernal does not cantain any of the extra gss-api specific data.
563 513 */
564 514 typedef struct gss_mech_config {
565 515 char *kmodName; /* kernel module name */
566 516 char *uLibName; /* user library name */
567 517 char *mechNameStr; /* mechanism string name */
568 518 char *optionStr; /* optional mech parameters */
569 519 void *dl_handle; /* RTLD object handle for the mech */
570 520 gss_OID mech_type; /* mechanism oid */
571 521 gss_mechanism mech; /* mechanism initialization struct */
572 522 #ifndef _KERNEL
573 523 gss_mechanism_ext mech_ext; /* Solaris extensions */
574 524 #endif /* _KERNEL */
575 525 struct gss_mech_config *next; /* next element in the list */
576 526 } *gss_mech_info;
577 527
578 528 /********************************************************/
579 529 /* Internal mechglue routines */
580 530
581 531 /* SUNW15resync - Solaris versions - replace w/mit ones? */
582 532 gss_mechanism __gss_get_mechanism(const gss_OID);
583 533 #ifndef _KERNEL
584 534 gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID);
585 535 #endif /* _KERNEL */
586 536 char *__gss_get_kmodName(const gss_OID);
587 537 char *__gss_get_modOptions(const gss_OID);
588 538 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID,
589 539 gss_union_name_t, gss_name_t *);
590 540 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID,
591 541 const gss_name_t, gss_buffer_t);
592 542 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID,
593 543 const gss_name_t, gss_buffer_t, gss_OID *);
594 544 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID,
595 545 gss_name_t *);
596 546 OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID,
597 547 gss_ctx_id_t *, gss_buffer_t);
598 548 OM_uint32 __gss_convert_name_to_union_name(
599 549 OM_uint32 *, /* minor_status */
600 550 gss_mechanism, /* mech */
601 551 gss_name_t, /* internal_name */
602 552 gss_name_t * /* external_name */
603 553 );
604 554
605 555 gss_cred_id_t __gss_get_mechanism_cred(
606 556 const gss_union_cred_t, /* union_cred */
607 557 const gss_OID /* mech_type */
608 558 );
609 559
610 560
611 561
612 562
613 563
614 564 int gssint_mechglue_init(void);
615 565 void gssint_mechglue_fini(void);
616 566
617 567 gss_mechanism gssint_get_mechanism (gss_OID);
618 568 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t);
619 569 char *gssint_get_kmodName(const gss_OID);
620 570 char *gssint_get_modOptions(const gss_OID);
621 571 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t,
622 572 gss_name_t *);
623 573 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID,
624 574 const gss_name_t, gss_buffer_t);
625 575 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t,
626 576 gss_buffer_t, gss_OID *);
627 577 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *);
628 578
629 579 OM_uint32 gssint_convert_name_to_union_name
630 580 (OM_uint32 *, /* minor_status */
631 581 gss_mechanism, /* mech */
632 582 gss_name_t, /* internal_name */
633 583 gss_name_t * /* external_name */
634 584 );
635 585 gss_cred_id_t gssint_get_mechanism_cred
636 586 (gss_union_cred_t, /* union_cred */
637 587 gss_OID /* mech_type */
638 588 );
639 589
640 590 OM_uint32 gssint_create_copy_buffer(
641 591 const gss_buffer_t, /* src buffer */
642 592 gss_buffer_t *, /* destination buffer */
643 593 int /* NULL terminate buffer ? */
644 594 );
645 595
646 596
647 597 OM_uint32 gssint_copy_oid_set(
648 598 OM_uint32 *, /* minor_status */
649 599 const gss_OID_set_desc *, /* oid set */
650 600 gss_OID_set * /* new oid set */
651 601 );
652 602
653 603 /* SUNW15resync - for old Solaris version in libgss */
654 604 OM_uint32 gss_copy_oid_set(
655 605 OM_uint32 *, /* minor_status */
656 606 const gss_OID_set_desc *, /* oid set */
657 607 gss_OID_set * /* new oid set */
658 608 );
659 609
660 610
661 611 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */
662 612
663 613 OM_uint32 gss_add_mech_name_type
664 614 (OM_uint32 *, /* minor_status */
665 615 gss_OID, /* name_type */
666 616 gss_OID /* mech */
667 617 );
668 618
669 619 /*
670 620 * Sun extensions to GSS-API v2
671 621 */
672 622
673 623 OM_uint32
674 624 gssint_mech_to_oid(
675 625 const char *mech, /* mechanism string name */
676 626 gss_OID *oid /* mechanism oid */
677 627 );
678 628
679 629 const char *
680 630 gssint_oid_to_mech(
681 631 const gss_OID oid /* mechanism oid */
682 632 );
683 633
684 634 OM_uint32
685 635 gssint_get_mechanisms(
686 636 char *mechArray[], /* array to populate with mechs */
687 637 int arrayLen /* length of passed in array */
688 638 );
689 639
690 640 OM_uint32
691 641 gss_store_cred(
692 642 OM_uint32 *, /* minor_status */
693 643 const gss_cred_id_t, /* input_cred_handle */
694 644 gss_cred_usage_t, /* cred_usage */
695 645 const gss_OID, /* desired_mech */
696 646 OM_uint32, /* overwrite_cred */
697 647 OM_uint32, /* default_cred */
698 648 gss_OID_set *, /* elements_stored */
699 649 gss_cred_usage_t * /* cred_usage_stored */
700 650 );
701 651
702 652 int
703 653 gssint_get_der_length(
704 654 unsigned char **, /* buf */
705 655 unsigned int, /* buf_len */
706 656 unsigned int * /* bytes */
707 657 );
708 658
709 659 unsigned int
710 660 gssint_der_length_size(unsigned int /* len */);
711 661
712 662 int
713 663 gssint_put_der_length(
714 664 unsigned int, /* length */
715 665 unsigned char **, /* buf */
716 666 unsigned int /* max_len */
717 667 );
718 668
719 669
720 670
721 671 /* Solaris kernel and gssd support */
722 672
723 673 /*
724 674 * derived types for passing context and credential handles
725 675 * between gssd and kernel
726 676 */
727 677 typedef unsigned int gssd_ctx_id_t;
728 678 typedef unsigned int gssd_cred_id_t;
729 679
730 680 #define GSSD_NO_CONTEXT ((gssd_ctx_id_t)0)
731 681 #define GSSD_NO_CREDENTIAL ((gssd_cred_id_t)0)
732 682
733 683 #ifdef _KERNEL
734 684
735 685 #ifndef _KRB5_H
736 686 /* These macros are defined for Kerberos in krb5.h, and have priority */
737 687 #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
738 688 #define FREE(x, n) kmem_free((x), (n))
739 689 #endif /* _KRB5_H */
740 690
741 691 gss_mechanism __kgss_get_mechanism(gss_OID);
742 692 void __kgss_add_mechanism(gss_mechanism);
743 693 #endif /* _KERNEL */
744 694
745 695 struct kgss_cred {
746 696 gssd_cred_id_t gssd_cred;
747 697 OM_uint32 gssd_cred_verifier;
748 698 };
749 699
750 700 #define KCRED_TO_KGSS_CRED(cred) ((struct kgss_cred *)(cred))
751 701 #define KCRED_TO_CRED(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred)
752 702 #define KCRED_TO_CREDV(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier)
753 703
754 704 struct kgss_ctx {
755 705 gssd_ctx_id_t gssd_ctx;
756 706 #ifdef _KERNEL
757 707 gss_ctx_id_t gssd_i_ctx;
758 708 bool_t ctx_imported;
759 709 gss_mechanism mech;
760 710 #endif /* _KERNEL */
761 711 OM_uint32 gssd_ctx_verifier;
762 712 };
763 713
764 714 #define KCTX_TO_KGSS_CTX(ctx) ((struct kgss_ctx *)(ctx))
765 715 #define KCTX_TO_CTX_IMPORTED(ctx) (KCTX_TO_KGSS_CTX(ctx)->ctx_imported)
766 716 #define KCTX_TO_GSSD_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
767 717 #define KCTX_TO_CTXV(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier)
768 718 #define KCTX_TO_MECH(ctx) (KCTX_TO_KGSS_CTX(ctx)->mech)
769 719 #define KCTX_TO_PRIVATE(ctx) (KCTX_TO_MECH(ctx)->context)
770 720 #define KGSS_CTX_TO_GSSD_CTX(ctx) \
771 721 (((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \
772 722 KCTX_TO_GSSD_CTX(ctx))
773 723 #define KGSS_CTX_TO_GSSD_CTXV(ctx) \
774 724 (((ctx) == GSS_C_NO_CONTEXT) ? (NULL) : KCTX_TO_CTXV(ctx))
775 725
776 726 #ifdef _KERNEL
777 727 #define KCTX_TO_I_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx)
778 728 #define KCTX_TO_CTX(ctx) \
779 729 ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \
780 730 KCTX_TO_I_CTX(ctx))
781 731 #define KGSS_CRED_ALLOC() kmem_zalloc(sizeof (struct kgss_cred), \
782 732 KM_SLEEP)
783 733 #define KGSS_CRED_FREE(cred) kmem_free(cred, sizeof (struct kgss_cred))
784 734
785 735 #define KGSS_ALLOC() kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP)
786 736 #define KGSS_FREE(ctx) kmem_free(ctx, sizeof (struct kgss_ctx))
787 737
788 738 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \
789 739 (*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \
790 740 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
791 741
792 742 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \
793 743 (*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\
↓ open down ↓ |
288 lines elided |
↑ open up ↑ |
794 744 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx))
795 745
796 746 #define KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id, tkn) \
797 747 (*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\
798 748 minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx))
799 749
800 750 #define KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id) \
801 751 (*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\
802 752 minor_st, tkn, int_ctx_id)
803 753
804 -/* EXPORT DELETE START */
805 754 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
806 755 (*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \
807 756 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\
808 757 KCTX_TO_CTXV(ctx))
809 758
810 759 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \
811 760 (*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\
812 761 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \
813 762 KCTX_TO_CTXV(ctx))
814 763
815 -/* EXPORT DELETE END */
816 -
817 764 #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx)
818 765 #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid)
819 766 extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *);
820 767
821 768 #else /* !_KERNEL */
822 769
823 770 #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx)
824 771 #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid)
825 772
826 773 #define KCTX_TO_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
827 774 #define MALLOC(n) malloc(n)
828 775 #define FREE(x, n) free(x)
829 776 #define KGSS_CRED_ALLOC() (struct kgss_cred *) \
830 777 MALLOC(sizeof (struct kgss_cred))
831 778 #define KGSS_CRED_FREE(cred) free(cred)
832 779 #define KGSS_ALLOC() (struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx))
833 780 #define KGSS_FREE(ctx) free(ctx)
834 781
835 782 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \
836 783 kgss_sign_wrapped(minor_st, \
837 784 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
838 785
839 786 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \
840 787 kgss_verify_wrapped(minor_st,\
841 788 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx))
842 789
843 790 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
844 791 kgss_seal_wrapped(minor_st, \
845 792 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \
846 793 KCTX_TO_CTXV(ctx))
847 794
848 795 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \
849 796 kgss_unseal_wrapped(minor_st,\
850 797 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \
851 798 KCTX_TO_CTXV(ctx))
852 799 #endif /* _KERNEL */
853 800
854 801 /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */
855 802 OM_uint32 generic_gss_release_buffer
856 803 (OM_uint32*, /* minor_status */
857 804 gss_buffer_t /* buffer */
858 805 );
859 806
860 807 OM_uint32 generic_gss_release_oid_set
861 808 (OM_uint32*, /* minor_status */
862 809 gss_OID_set* /* set */
863 810 );
864 811
865 812 OM_uint32 generic_gss_release_oid
866 813 (OM_uint32*, /* minor_status */
867 814 gss_OID* /* set */
868 815 );
869 816
870 817 OM_uint32 generic_gss_copy_oid
871 818 (OM_uint32 *, /* minor_status */
872 819 gss_OID_desc * const, /* oid */ /* SUNW15resync */
873 820 gss_OID * /* new_oid */
874 821 );
875 822
876 823 OM_uint32 generic_gss_create_empty_oid_set
877 824 (OM_uint32 *, /* minor_status */
878 825 gss_OID_set * /* oid_set */
879 826 );
880 827
881 828 OM_uint32 generic_gss_add_oid_set_member
882 829 (OM_uint32 *, /* minor_status */
883 830 gss_OID_desc * const, /* member_oid */
884 831 gss_OID_set * /* oid_set */
885 832 );
886 833
887 834 OM_uint32 generic_gss_test_oid_set_member
888 835 (OM_uint32 *, /* minor_status */
889 836 gss_OID_desc * const, /* member */
890 837 gss_OID_set, /* set */
891 838 int * /* present */
892 839 );
893 840
894 841 OM_uint32 generic_gss_oid_to_str
895 842 (OM_uint32 *, /* minor_status */
896 843 gss_OID_desc * const, /* oid */
897 844 gss_buffer_t /* oid_str */
898 845 );
899 846
900 847 OM_uint32 generic_gss_str_to_oid
901 848 (OM_uint32 *, /* minor_status */
902 849 gss_buffer_t, /* oid_str */
903 850 gss_OID * /* oid */
904 851 );
905 852
906 853 OM_uint32
907 854 generic_gss_oid_compose(
908 855 OM_uint32 *, /* minor_status */
909 856 const char *, /* prefix */
910 857 size_t, /* prefix_len */
911 858 int, /* suffix */
912 859 gss_OID_desc *); /* oid */
913 860
914 861 OM_uint32
915 862 generic_gss_oid_decompose(
916 863 OM_uint32 *, /* minor_status */
917 864 const char *, /*prefix */
918 865 size_t, /* prefix_len */
919 866 gss_OID_desc *, /* oid */
920 867 int *); /* suffix */
921 868
922 869 OM_uint32 generic_gss_create_empty_buffer_set
923 870 (OM_uint32 * /*minor_status*/,
924 871 gss_buffer_set_t * /*buffer_set*/);
925 872
926 873 OM_uint32 generic_gss_add_buffer_set_member
927 874 (OM_uint32 * /*minor_status*/,
928 875 const gss_buffer_t /*member_buffer*/,
929 876 gss_buffer_set_t * /*buffer_set*/);
930 877
931 878 OM_uint32 generic_gss_release_buffer_set
932 879 (OM_uint32 * /*minor_status*/,
933 880 gss_buffer_set_t * /*buffer_set*/);
934 881
935 882 /*
936 883 * SUNW17PACresync
937 884 * New map error API in MIT 1.7, at build time generates code for errors.
938 885 * Solaris does not gen the errors at build time so we just stub these
939 886 * for now, need to revisit.
940 887 * See mglueP.h and util_errmap.c in MIT 1.7.
941 888 */
942 889 #ifdef _KERNEL
943 890
944 891 #define map_error(MINORP, MECH)
945 892 #define map_errcode(MINORP)
946 893
947 894 #else /* _KERNEL */
948 895
949 896 /* Use this to map an error code that was returned from a mech
950 897 operation; the mech will be asked to produce the associated error
951 898 messages.
952 899
953 900 Remember that if the minor status code cannot be returned to the
954 901 caller (e.g., if it's stuffed in an automatic variable and then
955 902 ignored), then we don't care about producing a mapping. */
956 903 #define map_error(MINORP, MECH) \
957 904 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type))
958 905 #define map_error_oid(MINORP, MECHOID) \
959 906 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID)))
960 907
961 908 /* Use this to map an errno value or com_err error code being
962 909 generated within the mechglue code (e.g., by calling generic oid
963 910 ops). Any errno or com_err values produced by mech operations
964 911 should be processed with map_error. This means they'll be stored
965 912 separately even if the mech uses com_err, because we can't assume
966 913 that it will use com_err. */
967 914 #define map_errcode(MINORP) \
968 915 (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP)))
969 916
970 917 #endif /* _KERNEL */
971 918
972 919 #endif /* _GSS_MECHGLUEP_H */
↓ open down ↓ |
146 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX