Print this page
3882 remove xmod & friends
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/lib/gss_mechs/mech_krb5/mech/krb5_gss_glue.c
+++ new/usr/src/lib/gss_mechs/mech_krb5/mech/krb5_gss_glue.c
1 1 /*
2 2 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
3 3 */
4 4 /*
5 5 * Copyright 1993 by OpenVision Technologies, Inc.
6 6 *
7 7 * Permission to use, copy, modify, distribute, and sell this software
8 8 * and its documentation for any purpose is hereby granted without fee,
9 9 * provided that the above copyright notice appears in all copies and
10 10 * that both that copyright notice and this permission notice appear in
11 11 * supporting documentation, and that the name of OpenVision not be used
12 12 * in advertising or publicity pertaining to distribution of the software
13 13 * without specific, written prior permission. OpenVision makes no
14 14 * representations about the suitability of this software for any
15 15 * purpose. It is provided "as is" without express or implied warranty.
16 16 *
17 17 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
18 18 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
19 19 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
20 20 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
21 21 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
22 22 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
23 23 * PERFORMANCE OF THIS SOFTWARE.
24 24 */
25 25
26 26 /*
27 27 * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $
28 28 */
29 29
30 30 #include "gssapiP_krb5.h"
31 31 #include "mglueP.h"
32 32 #include <syslog.h>
33 33
34 34 /** mechglue wrappers **/
35 35
36 36 static OM_uint32 k5glue_acquire_cred
37 37 (void *, OM_uint32*, /* minor_status */
38 38 gss_name_t, /* desired_name */
39 39 OM_uint32, /* time_req */
40 40 gss_OID_set, /* desired_mechs */
41 41 gss_cred_usage_t, /* cred_usage */
42 42 gss_cred_id_t*, /* output_cred_handle */
43 43 gss_OID_set*, /* actual_mechs */
44 44 OM_uint32* /* time_rec */
45 45 );
46 46
47 47 static OM_uint32 k5glue_release_cred
48 48 (void *, OM_uint32*, /* minor_status */
49 49 gss_cred_id_t* /* cred_handle */
50 50 );
51 51
52 52 static OM_uint32 k5glue_init_sec_context
53 53 (void *, OM_uint32*, /* minor_status */
54 54 gss_cred_id_t, /* claimant_cred_handle */
55 55 gss_ctx_id_t*, /* context_handle */
56 56 gss_name_t, /* target_name */
57 57 gss_OID, /* mech_type */
58 58 OM_uint32, /* req_flags */
59 59 OM_uint32, /* time_req */
60 60 gss_channel_bindings_t,
61 61 /* input_chan_bindings */
62 62 gss_buffer_t, /* input_token */
63 63 gss_OID*, /* actual_mech_type */
64 64 gss_buffer_t, /* output_token */
65 65 OM_uint32*, /* ret_flags */
66 66 OM_uint32* /* time_rec */
67 67 );
68 68
69 69 static OM_uint32 k5glue_accept_sec_context
70 70 (void *, OM_uint32*, /* minor_status */
71 71 gss_ctx_id_t*, /* context_handle */
72 72 gss_cred_id_t, /* verifier_cred_handle */
73 73 gss_buffer_t, /* input_token_buffer */
74 74 gss_channel_bindings_t,
75 75 /* input_chan_bindings */
76 76 gss_name_t*, /* src_name */
77 77 gss_OID*, /* mech_type */
78 78 gss_buffer_t, /* output_token */
79 79 OM_uint32*, /* ret_flags */
80 80 OM_uint32*, /* time_rec */
81 81 gss_cred_id_t* /* delegated_cred_handle */
82 82 );
83 83
84 84 static OM_uint32 k5glue_process_context_token
85 85 (void *, OM_uint32*, /* minor_status */
86 86 gss_ctx_id_t, /* context_handle */
87 87 gss_buffer_t /* token_buffer */
88 88 );
89 89
90 90 static OM_uint32 k5glue_delete_sec_context
91 91 (void *, OM_uint32*, /* minor_status */
92 92 gss_ctx_id_t*, /* context_handle */
93 93 gss_buffer_t /* output_token */
94 94 );
95 95
96 96 static OM_uint32 k5glue_context_time
97 97 (void *, OM_uint32*, /* minor_status */
98 98 gss_ctx_id_t, /* context_handle */
99 99 OM_uint32* /* time_rec */
100 100 );
101 101
102 102 static OM_uint32 k5glue_sign
103 103 (void *, OM_uint32*, /* minor_status */
104 104 gss_ctx_id_t, /* context_handle */
105 105 int, /* qop_req */
106 106 gss_buffer_t, /* message_buffer */
107 107 gss_buffer_t /* message_token */
↓ open down ↓ |
107 lines elided |
↑ open up ↑ |
108 108 );
109 109
110 110 static OM_uint32 k5glue_verify
111 111 (void *, OM_uint32*, /* minor_status */
112 112 gss_ctx_id_t, /* context_handle */
113 113 gss_buffer_t, /* message_buffer */
114 114 gss_buffer_t, /* token_buffer */
115 115 int* /* qop_state */
116 116 );
117 117
118 -/* EXPORT DELETE START */
119 118 static OM_uint32 k5glue_seal
120 119 (void *, OM_uint32*, /* minor_status */
121 120 gss_ctx_id_t, /* context_handle */
122 121 int, /* conf_req_flag */
123 122 int, /* qop_req */
124 123 gss_buffer_t, /* input_message_buffer */
125 124 int*, /* conf_state */
126 125 gss_buffer_t /* output_message_buffer */
127 126 );
128 127
129 128 static OM_uint32 k5glue_unseal
130 129 (void *, OM_uint32*, /* minor_status */
131 130 gss_ctx_id_t, /* context_handle */
132 131 gss_buffer_t, /* input_message_buffer */
133 132 gss_buffer_t, /* output_message_buffer */
134 133 int*, /* conf_state */
135 134 int* /* qop_state */
136 135 );
137 -/* EXPORT DELETE END */
138 136
139 137 static OM_uint32 k5glue_display_status
140 138 (void *, OM_uint32*, /* minor_status */
141 139 OM_uint32, /* status_value */
142 140 int, /* status_type */
143 141 gss_OID, /* mech_type */
144 142 OM_uint32*, /* message_context */
145 143 gss_buffer_t /* status_string */
146 144 );
147 145
148 146 static OM_uint32 k5glue_indicate_mechs
149 147 (void *, OM_uint32*, /* minor_status */
150 148 gss_OID_set* /* mech_set */
151 149 );
152 150
153 151 static OM_uint32 k5glue_compare_name
154 152 (void *, OM_uint32*, /* minor_status */
155 153 gss_name_t, /* name1 */
156 154 gss_name_t, /* name2 */
157 155 int* /* name_equal */
158 156 );
159 157
160 158 static OM_uint32 k5glue_display_name
161 159 (void *, OM_uint32*, /* minor_status */
162 160 gss_name_t, /* input_name */
163 161 gss_buffer_t, /* output_name_buffer */
164 162 gss_OID* /* output_name_type */
165 163 );
166 164
167 165 static OM_uint32 k5glue_import_name
168 166 (void *, OM_uint32*, /* minor_status */
169 167 gss_buffer_t, /* input_name_buffer */
170 168 gss_OID, /* input_name_type */
171 169 gss_name_t* /* output_name */
172 170 );
173 171
174 172 static OM_uint32 k5glue_release_name
175 173 (void *, OM_uint32*, /* minor_status */
176 174 gss_name_t* /* input_name */
177 175 );
178 176
179 177 static OM_uint32 k5glue_inquire_cred
180 178 (void *, OM_uint32 *, /* minor_status */
181 179 gss_cred_id_t, /* cred_handle */
182 180 gss_name_t *, /* name */
183 181 OM_uint32 *, /* lifetime */
184 182 gss_cred_usage_t*,/* cred_usage */
185 183 gss_OID_set * /* mechanisms */
186 184 );
187 185
188 186 static OM_uint32 k5glue_inquire_context
189 187 (void *, OM_uint32*, /* minor_status */
190 188 gss_ctx_id_t, /* context_handle */
191 189 gss_name_t*, /* initiator_name */
192 190 gss_name_t*, /* acceptor_name */
193 191 OM_uint32*, /* lifetime_rec */
194 192 gss_OID*, /* mech_type */
195 193 OM_uint32*, /* ret_flags */
196 194 int*, /* locally_initiated */
197 195 int* /* open */
198 196 );
199 197
200 198 #if 0
201 199 /* New V2 entry points */
202 200 static OM_uint32 k5glue_get_mic
203 201 (void *, OM_uint32 *, /* minor_status */
204 202 gss_ctx_id_t, /* context_handle */
205 203 gss_qop_t, /* qop_req */
206 204 gss_buffer_t, /* message_buffer */
207 205 gss_buffer_t /* message_token */
208 206 );
209 207
210 208 static OM_uint32 k5glue_verify_mic
211 209 (void *, OM_uint32 *, /* minor_status */
212 210 gss_ctx_id_t, /* context_handle */
213 211 gss_buffer_t, /* message_buffer */
214 212 gss_buffer_t, /* message_token */
215 213 gss_qop_t * /* qop_state */
216 214 );
217 215
218 216 static OM_uint32 k5glue_wrap
219 217 (void *, OM_uint32 *, /* minor_status */
220 218 gss_ctx_id_t, /* context_handle */
221 219 int, /* conf_req_flag */
222 220 gss_qop_t, /* qop_req */
223 221 gss_buffer_t, /* input_message_buffer */
224 222 int *, /* conf_state */
225 223 gss_buffer_t /* output_message_buffer */
226 224 );
227 225
228 226 static OM_uint32 k5glue_unwrap
229 227 (void *, OM_uint32 *, /* minor_status */
230 228 gss_ctx_id_t, /* context_handle */
231 229 gss_buffer_t, /* input_message_buffer */
232 230 gss_buffer_t, /* output_message_buffer */
233 231 int *, /* conf_state */
234 232 gss_qop_t * /* qop_state */
235 233 );
236 234 #endif
237 235
238 236 static OM_uint32 k5glue_wrap_size_limit
239 237 (void *, OM_uint32 *, /* minor_status */
240 238 gss_ctx_id_t, /* context_handle */
241 239 int, /* conf_req_flag */
242 240 gss_qop_t, /* qop_req */
243 241 OM_uint32, /* req_output_size */
244 242 OM_uint32 * /* max_input_size */
245 243 );
246 244
247 245 #if 0
248 246 static OM_uint32 k5glue_import_name_object
249 247 (void *, OM_uint32 *, /* minor_status */
250 248 void *, /* input_name */
251 249 gss_OID, /* input_name_type */
252 250 gss_name_t * /* output_name */
253 251 );
254 252
255 253 static OM_uint32 k5glue_export_name_object
256 254 (void *, OM_uint32 *, /* minor_status */
257 255 gss_name_t, /* input_name */
258 256 gss_OID, /* desired_name_type */
259 257 void * * /* output_name */
260 258 );
261 259 #endif
262 260
263 261 static OM_uint32 k5glue_add_cred
264 262 (void *, OM_uint32 *, /* minor_status */
265 263 gss_cred_id_t, /* input_cred_handle */
266 264 gss_name_t, /* desired_name */
267 265 gss_OID, /* desired_mech */
268 266 gss_cred_usage_t, /* cred_usage */
269 267 OM_uint32, /* initiator_time_req */
270 268 OM_uint32, /* acceptor_time_req */
271 269 gss_cred_id_t *, /* output_cred_handle */
272 270 gss_OID_set *, /* actual_mechs */
273 271 OM_uint32 *, /* initiator_time_rec */
274 272 OM_uint32 * /* acceptor_time_rec */
275 273 );
276 274
277 275 static OM_uint32 k5glue_inquire_cred_by_mech
278 276 (void *, OM_uint32 *, /* minor_status */
279 277 gss_cred_id_t, /* cred_handle */
280 278 gss_OID, /* mech_type */
281 279 gss_name_t *, /* name */
282 280 OM_uint32 *, /* initiator_lifetime */
283 281 OM_uint32 *, /* acceptor_lifetime */
284 282 gss_cred_usage_t * /* cred_usage */
285 283 );
286 284
287 285 static OM_uint32 k5glue_export_sec_context
288 286 (void *, OM_uint32 *, /* minor_status */
289 287 gss_ctx_id_t *, /* context_handle */
290 288 gss_buffer_t /* interprocess_token */
291 289 );
292 290
293 291 static OM_uint32 k5glue_import_sec_context
294 292 (void *, OM_uint32 *, /* minor_status */
295 293 gss_buffer_t, /* interprocess_token */
296 294 gss_ctx_id_t * /* context_handle */
297 295 );
298 296
299 297 krb5_error_code k5glue_ser_init(krb5_context);
300 298
301 299 static OM_uint32 k5glue_internal_release_oid
302 300 (void *, OM_uint32 *, /* minor_status */
303 301 gss_OID * /* oid */
304 302 );
305 303
306 304 static OM_uint32 k5glue_inquire_names_for_mech
307 305 (void *, OM_uint32 *, /* minor_status */
308 306 gss_OID, /* mechanism */
309 307 gss_OID_set * /* name_types */
310 308 );
311 309
312 310 #if 0
313 311 static OM_uint32 k5glue_canonicalize_name
314 312 (void *, OM_uint32 *, /* minor_status */
315 313 const gss_name_t, /* input_name */
316 314 const gss_OID, /* mech_type */
317 315 gss_name_t * /* output_name */
318 316 );
319 317 #endif
320 318
321 319 static OM_uint32 k5glue_export_name
322 320 (void *, OM_uint32 *, /* minor_status */
323 321 const gss_name_t, /* input_name */
324 322 gss_buffer_t /* exported_name */
325 323 );
326 324
327 325 /* SUNW15resync - Solaris specific */
328 326 static OM_uint32 k5glue_store_cred (
329 327 void *,
330 328 OM_uint32 *, /* minor_status */
331 329 const gss_cred_id_t, /* input_cred */
332 330 gss_cred_usage_t, /* cred_usage */
333 331 const gss_OID, /* desired_mech */
334 332 OM_uint32, /* overwrite_cred */
335 333 OM_uint32, /* default_cred */
336 334 gss_OID_set *, /* elements_stored */
337 335 gss_cred_usage_t * /* cred_usage_stored */
338 336 );
339 337
340 338 /* SUNW17PACresync - this decl not needed in MIT but is for Sol */
341 339 /* Note code is in gsspi_krb5.c */
342 340 OM_uint32 krb5_gss_inquire_sec_context_by_oid(
343 341 OM_uint32 *,
344 342 const gss_ctx_id_t,
345 343 const gss_OID,
346 344 gss_buffer_set_t *);
347 345
348 346 static OM_uint32
349 347 k5glue_userok(
350 348 void *, /* context */
351 349 OM_uint32 *, /* minor_status */
352 350 const gss_name_t, /* pname */
353 351 const char *, /* local user */
354 352 int * /* user ok? */
355 353 /* */);
356 354
357 355 static OM_uint32
358 356 k5glue_pname_to_uid(
359 357 void *, /* context */
360 358 OM_uint32 *, /* minor_status */
361 359 const gss_name_t, /* pname */
362 360 uid_t * /* uid */
363 361 /* */);
364 362
365 363
366 364
367 365
368 366 #if 0
369 367 static OM_uint32 k5glue_duplicate_name
370 368 (void *, OM_uint32 *, /* minor_status */
371 369 const gss_name_t, /* input_name */
372 370 gss_name_t * /* dest_name */
373 371 );
374 372 #endif
375 373
376 374 #if 0
377 375 static OM_uint32 k5glue_validate_cred
378 376 (void *, OM_uint32 *, /* minor_status */
379 377 gss_cred_id_t /* cred */
380 378 );
381 379 #endif
382 380
383 381 #if 0
384 382 /*
385 383 * SUNW15resync
386 384 * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src
387 385 * slicing&dicing needs of the "nightly -SD" build. When it goes away,
388 386 * we should use it assuming MIT still uses it then.
389 387 */
390 388
391 389 /*
392 390 * The krb5 mechanism provides two mech OIDs; use this initializer to
393 391 * ensure that both dispatch tables contain identical function
394 392 * pointers.
395 393 */
396 394 #define KRB5_GSS_CONFIG_INIT \
397 395 NULL, \
398 396 ...
399 397 #endif
400 398
401 399
↓ open down ↓ |
254 lines elided |
↑ open up ↑ |
402 400 static struct gss_config krb5_mechanism = {
403 401 #if 0 /* Solaris Kerberos */
404 402 100, "kerberos_v5",
405 403 #endif
406 404 { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
407 405 NULL,
408 406 k5glue_acquire_cred,
409 407 k5glue_release_cred,
410 408 k5glue_init_sec_context,
411 409 k5glue_accept_sec_context,
412 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
413 410 k5glue_unseal,
414 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
415 411 k5glue_process_context_token,
416 412 k5glue_delete_sec_context,
417 413 k5glue_context_time,
418 414 k5glue_display_status,
419 415 k5glue_indicate_mechs,
420 416 k5glue_compare_name,
421 417 k5glue_display_name,
422 418 k5glue_import_name,
423 419 k5glue_release_name,
424 420 k5glue_inquire_cred,
425 421 k5glue_add_cred,
426 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
427 422 k5glue_seal,
428 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
429 423 k5glue_export_sec_context,
430 424 k5glue_import_sec_context,
431 425 k5glue_inquire_cred_by_mech,
432 426 k5glue_inquire_names_for_mech,
433 427 k5glue_inquire_context,
434 428 k5glue_internal_release_oid,
435 429 k5glue_wrap_size_limit,
436 430 k5glue_pname_to_uid,
437 431 k5glue_userok,
438 432 k5glue_export_name,
439 -/* EXPORT DELETE START */
440 -/* CRYPT DELETE START */
441 -#if 0
442 -/* CRYPT DELETE END */
443 - k5glue_seal,
444 - k5glue_unseal,
445 -/* CRYPT DELETE START */
446 -#endif
447 -/* CRYPT DELETE END */
448 -/* EXPORT DELETE END */
449 433 k5glue_sign,
450 434 k5glue_verify,
451 435 k5glue_store_cred,
452 436 krb5_gss_inquire_sec_context_by_oid
453 437 };
454 438
455 439 static struct gss_config krb5_mechanism_old = {
456 440 #if 0 /* Solaris Kerberos */
457 441 200, "kerberos_v5 (pre-RFC OID)",
458 442 #endif
459 443 { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID },
460 444 NULL,
461 445 k5glue_acquire_cred,
462 446 k5glue_release_cred,
463 447 k5glue_init_sec_context,
464 448 k5glue_accept_sec_context,
465 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
466 449 k5glue_unseal,
467 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
468 450 k5glue_process_context_token,
469 451 k5glue_delete_sec_context,
470 452 k5glue_context_time,
471 453 k5glue_display_status,
472 454 k5glue_indicate_mechs,
473 455 k5glue_compare_name,
474 456 k5glue_display_name,
475 457 k5glue_import_name,
476 458 k5glue_release_name,
477 459 k5glue_inquire_cred,
478 460 k5glue_add_cred,
479 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
480 461 k5glue_seal,
481 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
482 462 k5glue_export_sec_context,
483 463 k5glue_import_sec_context,
484 464 k5glue_inquire_cred_by_mech,
485 465 k5glue_inquire_names_for_mech,
486 466 k5glue_inquire_context,
487 467 k5glue_internal_release_oid,
488 468 k5glue_wrap_size_limit,
489 469 k5glue_pname_to_uid,
490 470 k5glue_userok,
491 471 k5glue_export_name,
492 -/* EXPORT DELETE START */
493 -/* CRYPT DELETE START */
494 -#if 0
495 -/* CRYPT DELETE END */
496 - k5glue_seal,
497 - k5glue_unseal,
498 -/* CRYPT DELETE START */
499 -#endif
500 -/* CRYPT DELETE END */
501 -/* EXPORT DELETE END */
502 472 k5glue_sign,
503 473 k5glue_verify,
504 474 k5glue_store_cred,
505 475 krb5_gss_inquire_sec_context_by_oid
506 476 };
507 477
508 478 static struct gss_config krb5_mechanism_wrong = {
509 479 #if 0 /* Solaris Kerberos */
510 480 300, "kerberos_v5 (wrong OID)",
511 481 #endif
512 482 { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID },
513 483 NULL,
514 484 k5glue_acquire_cred,
515 485 k5glue_release_cred,
516 486 k5glue_init_sec_context,
517 487 k5glue_accept_sec_context,
518 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
519 488 k5glue_unseal,
520 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
521 489 k5glue_process_context_token,
522 490 k5glue_delete_sec_context,
523 491 k5glue_context_time,
524 492 k5glue_display_status,
525 493 k5glue_indicate_mechs,
526 494 k5glue_compare_name,
527 495 k5glue_display_name,
528 496 k5glue_import_name,
529 497 k5glue_release_name,
530 498 k5glue_inquire_cred,
531 499 k5glue_add_cred,
532 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
533 500 k5glue_seal,
534 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
535 501 k5glue_export_sec_context,
536 502 k5glue_import_sec_context,
537 503 k5glue_inquire_cred_by_mech,
538 504 k5glue_inquire_names_for_mech,
539 505 k5glue_inquire_context,
540 506 k5glue_internal_release_oid,
541 507 k5glue_wrap_size_limit,
542 508 k5glue_pname_to_uid,
543 509 k5glue_userok,
544 510 k5glue_export_name,
545 -/* EXPORT DELETE START */
546 -/* CRYPT DELETE START */
547 -#if 0
548 -/* CRYPT DELETE END */
549 - k5glue_seal,
550 - k5glue_unseal,
551 -/* CRYPT DELETE START */
552 -#endif
553 -/* CRYPT DELETE END */
554 -/* EXPORT DELETE END */
555 511 k5glue_sign,
556 512 k5glue_verify,
557 513 k5glue_store_cred,
558 514 krb5_gss_inquire_sec_context_by_oid
559 515 };
560 516
561 517 static gss_mechanism krb5_mech_configs[] = {
562 518 &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL
563 519 };
564 520
565 521 #ifdef MS_BUG_TEST
566 522 static gss_mechanism krb5_mech_configs_hack[] = {
567 523 &krb5_mechanism, &krb5_mechanism_old, NULL
568 524 };
569 525 #endif
570 526
571 527 #if 1
572 528 #define gssint_get_mech_configs krb5_gss_get_mech_configs
573 529 #endif
574 530
575 531 gss_mechanism *
576 532 gssint_get_mech_configs(void)
577 533 {
578 534 #ifdef MS_BUG_TEST
579 535 char *envstr = getenv("MS_FORCE_NO_MSOID");
580 536
581 537 if (envstr != NULL && strcmp(envstr, "1") == 0) {
582 538 return krb5_mech_configs_hack;
583 539 }
584 540 #endif
585 541 return krb5_mech_configs;
586 542 }
587 543
588 544 static OM_uint32
589 545 k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle,
590 546 input_token, input_chan_bindings, src_name, mech_type,
591 547 output_token, ret_flags, time_rec, delegated_cred_handle)
592 548 void *ctx;
593 549 OM_uint32 *minor_status;
594 550 gss_ctx_id_t *context_handle;
595 551 gss_cred_id_t verifier_cred_handle;
596 552 gss_buffer_t input_token;
597 553 gss_channel_bindings_t input_chan_bindings;
598 554 gss_name_t *src_name;
599 555 gss_OID *mech_type;
600 556 gss_buffer_t output_token;
601 557 OM_uint32 *ret_flags;
602 558 OM_uint32 *time_rec;
603 559 gss_cred_id_t *delegated_cred_handle;
604 560 {
605 561 return(krb5_gss_accept_sec_context(minor_status,
606 562 context_handle,
607 563 verifier_cred_handle,
608 564 input_token,
609 565 input_chan_bindings,
610 566 src_name,
611 567 mech_type,
612 568 output_token,
613 569 ret_flags,
614 570 time_rec,
615 571 delegated_cred_handle));
616 572 }
617 573
618 574 static OM_uint32
619 575 k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
620 576 cred_usage, output_cred_handle, actual_mechs, time_rec)
621 577 void *ctx;
622 578 OM_uint32 *minor_status;
623 579 gss_name_t desired_name;
624 580 OM_uint32 time_req;
625 581 gss_OID_set desired_mechs;
626 582 gss_cred_usage_t cred_usage;
627 583 gss_cred_id_t *output_cred_handle;
628 584 gss_OID_set *actual_mechs;
629 585 OM_uint32 *time_rec;
630 586 {
631 587 return(krb5_gss_acquire_cred(minor_status,
632 588 desired_name,
633 589 time_req,
634 590 desired_mechs,
635 591 cred_usage,
636 592 output_cred_handle,
637 593 actual_mechs,
638 594 time_rec));
639 595 }
640 596
641 597 /* V2 */
642 598 static OM_uint32
643 599 k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech,
644 600 cred_usage, initiator_time_req, acceptor_time_req,
645 601 output_cred_handle, actual_mechs, initiator_time_rec,
646 602 acceptor_time_rec)
647 603 void *ctx;
648 604 OM_uint32 *minor_status;
649 605 gss_cred_id_t input_cred_handle;
650 606 gss_name_t desired_name;
651 607 gss_OID desired_mech;
652 608 gss_cred_usage_t cred_usage;
653 609 OM_uint32 initiator_time_req;
654 610 OM_uint32 acceptor_time_req;
655 611 gss_cred_id_t *output_cred_handle;
656 612 gss_OID_set *actual_mechs;
657 613 OM_uint32 *initiator_time_rec;
658 614 OM_uint32 *acceptor_time_rec;
659 615 {
660 616 return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name,
661 617 desired_mech, cred_usage, initiator_time_req,
662 618 acceptor_time_req, output_cred_handle,
663 619 actual_mechs, initiator_time_rec,
664 620 acceptor_time_rec));
665 621 }
666 622
667 623 #if 0
668 624 /* V2 */
669 625 static OM_uint32
670 626 k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set)
671 627 void *ctx;
672 628 OM_uint32 *minor_status;
673 629 gss_OID member_oid;
674 630 gss_OID_set *oid_set;
675 631 {
676 632 return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set));
677 633 }
678 634 #endif
679 635
680 636 static OM_uint32
681 637 k5glue_compare_name(ctx, minor_status, name1, name2, name_equal)
682 638 void *ctx;
683 639 OM_uint32 *minor_status;
684 640 gss_name_t name1;
685 641 gss_name_t name2;
686 642 int *name_equal;
687 643 {
688 644 return(krb5_gss_compare_name(minor_status, name1,
689 645 name2, name_equal));
690 646 }
691 647
692 648 static OM_uint32
693 649 k5glue_context_time(ctx, minor_status, context_handle, time_rec)
694 650 void *ctx;
695 651 OM_uint32 *minor_status;
696 652 gss_ctx_id_t context_handle;
697 653 OM_uint32 *time_rec;
698 654 {
699 655 return(krb5_gss_context_time(minor_status, context_handle,
700 656 time_rec));
701 657 }
702 658
703 659 #if 0
704 660 /* V2 */
705 661 static OM_uint32
706 662 k5glue_create_empty_oid_set(ctx, minor_status, oid_set)
707 663 void *ctx;
708 664 OM_uint32 *minor_status;
709 665 gss_OID_set *oid_set;
710 666 {
711 667 return(generic_gss_create_empty_oid_set(minor_status, oid_set));
712 668 }
713 669 #endif
714 670
715 671 static OM_uint32
716 672 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token)
717 673 void *ctx;
718 674 OM_uint32 *minor_status;
719 675 gss_ctx_id_t *context_handle;
720 676 gss_buffer_t output_token;
721 677 {
722 678 return(krb5_gss_delete_sec_context(minor_status,
723 679 context_handle, output_token));
724 680 }
725 681
726 682 static OM_uint32
727 683 k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type)
728 684 void *ctx;
729 685 OM_uint32 *minor_status;
730 686 gss_name_t input_name;
731 687 gss_buffer_t output_name_buffer;
732 688 gss_OID *output_name_type;
733 689 {
734 690 return(krb5_gss_display_name(minor_status, input_name,
735 691 output_name_buffer, output_name_type));
736 692 }
737 693
738 694 static OM_uint32
739 695 k5glue_display_status(ctx, minor_status, status_value, status_type,
740 696 mech_type, message_context, status_string)
741 697 void *ctx;
742 698 OM_uint32 *minor_status;
743 699 OM_uint32 status_value;
744 700 int status_type;
745 701 gss_OID mech_type;
746 702 OM_uint32 *message_context;
747 703 gss_buffer_t status_string;
748 704 {
749 705 return(krb5_gss_display_status(minor_status, status_value,
750 706 status_type, mech_type, message_context,
751 707 status_string));
752 708 }
753 709
754 710 /* V2 */
755 711 static OM_uint32
756 712 k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token)
757 713 void *ctx;
758 714 OM_uint32 *minor_status;
759 715 gss_ctx_id_t *context_handle;
760 716 gss_buffer_t interprocess_token;
761 717 {
762 718 return(krb5_gss_export_sec_context(minor_status,
763 719 context_handle,
764 720 interprocess_token));
765 721 }
766 722
767 723 #if 0
768 724 /* V2 */
769 725 static OM_uint32
770 726 k5glue_get_mic(ctx, minor_status, context_handle, qop_req,
771 727 message_buffer, message_token)
772 728 void *ctx;
773 729 OM_uint32 *minor_status;
774 730 gss_ctx_id_t context_handle;
775 731 gss_qop_t qop_req;
776 732 gss_buffer_t message_buffer;
777 733 gss_buffer_t message_token;
778 734 {
779 735 return(krb5_gss_get_mic(minor_status, context_handle,
780 736 qop_req, message_buffer, message_token));
781 737 }
782 738 #endif
783 739
784 740 static OM_uint32
785 741 k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name)
786 742 void *ctx;
787 743 OM_uint32 *minor_status;
788 744 gss_buffer_t input_name_buffer;
789 745 gss_OID input_name_type;
790 746 gss_name_t *output_name;
791 747 {
792 748 #if 0
793 749 OM_uint32 err;
794 750 err = gssint_initialize_library();
795 751 if (err) {
796 752 *minor_status = err;
797 753 return GSS_S_FAILURE;
798 754 }
799 755 #endif
800 756 return(krb5_gss_import_name(minor_status, input_name_buffer,
801 757 input_name_type, output_name));
802 758 }
803 759
804 760 /* V2 */
805 761 static OM_uint32
806 762 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
807 763 void *ctx;
808 764 OM_uint32 *minor_status;
809 765 gss_buffer_t interprocess_token;
810 766 gss_ctx_id_t *context_handle;
811 767 {
812 768 return(krb5_gss_import_sec_context(minor_status,
813 769 interprocess_token,
814 770 context_handle));
815 771 }
816 772
817 773 static OM_uint32
818 774 k5glue_indicate_mechs(ctx, minor_status, mech_set)
819 775 void *ctx;
820 776 OM_uint32 *minor_status;
821 777 gss_OID_set *mech_set;
822 778 {
823 779 return(krb5_gss_indicate_mechs(minor_status, mech_set));
824 780 }
825 781
826 782 static OM_uint32
827 783 k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle,
828 784 target_name, mech_type, req_flags, time_req,
829 785 input_chan_bindings, input_token, actual_mech_type,
830 786 output_token, ret_flags, time_rec)
831 787 void *ctx;
832 788 OM_uint32 *minor_status;
833 789 gss_cred_id_t claimant_cred_handle;
834 790 gss_ctx_id_t *context_handle;
835 791 gss_name_t target_name;
836 792 gss_OID mech_type;
837 793 OM_uint32 req_flags;
838 794 OM_uint32 time_req;
839 795 gss_channel_bindings_t input_chan_bindings;
840 796 gss_buffer_t input_token;
841 797 gss_OID *actual_mech_type;
842 798 gss_buffer_t output_token;
843 799 OM_uint32 *ret_flags;
844 800 OM_uint32 *time_rec;
845 801 {
846 802 return(krb5_gss_init_sec_context(minor_status,
847 803 claimant_cred_handle, context_handle,
848 804 target_name, mech_type, req_flags,
849 805 time_req, input_chan_bindings, input_token,
850 806 actual_mech_type, output_token, ret_flags,
851 807 time_rec));
852 808 }
853 809
854 810 static OM_uint32
855 811 k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name,
856 812 lifetime_rec, mech_type, ret_flags,
857 813 locally_initiated, open)
858 814 void *ctx;
859 815 OM_uint32 *minor_status;
860 816 gss_ctx_id_t context_handle;
861 817 gss_name_t *initiator_name;
862 818 gss_name_t *acceptor_name;
863 819 OM_uint32 *lifetime_rec;
864 820 gss_OID *mech_type;
865 821 OM_uint32 *ret_flags;
866 822 int *locally_initiated;
867 823 int *open;
868 824 {
869 825 return(krb5_gss_inquire_context(minor_status, context_handle,
870 826 initiator_name, acceptor_name, lifetime_rec,
871 827 mech_type, ret_flags, locally_initiated,
872 828 open));
873 829 }
874 830
875 831 static OM_uint32
876 832 k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret,
877 833 cred_usage, mechanisms)
878 834 void *ctx;
879 835 OM_uint32 *minor_status;
880 836 gss_cred_id_t cred_handle;
881 837 gss_name_t *name;
882 838 OM_uint32 *lifetime_ret;
883 839 gss_cred_usage_t *cred_usage;
884 840 gss_OID_set *mechanisms;
885 841 {
886 842 return(krb5_gss_inquire_cred(minor_status, cred_handle,
887 843 name, lifetime_ret, cred_usage, mechanisms));
888 844 }
889 845
890 846 /* V2 */
891 847 static OM_uint32
892 848 k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name,
893 849 initiator_lifetime, acceptor_lifetime, cred_usage)
894 850 void *ctx;
895 851 OM_uint32 *minor_status;
896 852 gss_cred_id_t cred_handle;
897 853 gss_OID mech_type;
898 854 gss_name_t *name;
899 855 OM_uint32 *initiator_lifetime;
900 856 OM_uint32 *acceptor_lifetime;
901 857 gss_cred_usage_t *cred_usage;
902 858 {
903 859 return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
904 860 mech_type, name, initiator_lifetime,
905 861 acceptor_lifetime, cred_usage));
906 862 }
907 863
908 864 /* V2 */
909 865 static OM_uint32
910 866 k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
911 867 void *ctx;
912 868 OM_uint32 *minor_status;
913 869 gss_OID mechanism;
914 870 gss_OID_set *name_types;
915 871 {
916 872 return(krb5_gss_inquire_names_for_mech(minor_status,
917 873 mechanism,
918 874 name_types));
919 875 }
920 876
921 877 #if 0
922 878 /* V2 */
923 879 static OM_uint32
924 880 k5glue_oid_to_str(ctx, minor_status, oid, oid_str)
925 881 void *ctx;
926 882 OM_uint32 *minor_status;
927 883 gss_OID oid;
928 884 gss_buffer_t oid_str;
929 885 {
930 886 return(generic_gss_oid_to_str(minor_status, oid, oid_str));
931 887 }
932 888 #endif
933 889
934 890 static OM_uint32
935 891 k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer)
936 892 void *ctx;
937 893 OM_uint32 *minor_status;
938 894 gss_ctx_id_t context_handle;
939 895 gss_buffer_t token_buffer;
940 896 {
941 897 return(krb5_gss_process_context_token(minor_status,
942 898 context_handle, token_buffer));
943 899 }
944 900
945 901 static OM_uint32
946 902 k5glue_release_cred(ctx, minor_status, cred_handle)
947 903 void *ctx;
948 904 OM_uint32 *minor_status;
949 905 gss_cred_id_t *cred_handle;
950 906 {
951 907 return(krb5_gss_release_cred(minor_status, cred_handle));
952 908 }
953 909
954 910 static OM_uint32
955 911 k5glue_release_name(ctx, minor_status, input_name)
956 912 void *ctx;
957 913 OM_uint32 *minor_status;
958 914 gss_name_t *input_name;
959 915 {
960 916 return(krb5_gss_release_name(minor_status, input_name));
961 917 }
962 918
963 919 #if 0
964 920 static OM_uint32
965 921 k5glue_release_buffer(ctx, minor_status, buffer)
966 922 void *ctx;
967 923 OM_uint32 *minor_status;
968 924 gss_buffer_t buffer;
969 925 {
970 926 return(generic_gss_release_buffer(minor_status,
971 927 buffer));
972 928 }
973 929 #endif
974 930
975 931 /* V2 */
976 932 static OM_uint32
977 933 k5glue_internal_release_oid(ctx, minor_status, oid)
978 934 void *ctx;
979 935 OM_uint32 *minor_status;
980 936 gss_OID *oid;
981 937 {
982 938 return(krb5_gss_internal_release_oid(minor_status, oid));
983 939 }
984 940
985 941 #if 0
↓ open down ↓ |
421 lines elided |
↑ open up ↑ |
986 942 static OM_uint32
987 943 k5glue_release_oid_set(ctx, minor_status, set)
988 944 void *ctx;
989 945 OM_uint32 * minor_status;
990 946 gss_OID_set *set;
991 947 {
992 948 return(generic_gss_release_oid_set(minor_status, set));
993 949 }
994 950 #endif
995 951
996 -/* EXPORT DELETE START */
997 952 /* V1 only */
998 953 static OM_uint32
999 954 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
1000 955 input_message_buffer, conf_state, output_message_buffer)
1001 956 void *ctx;
1002 957 OM_uint32 *minor_status;
1003 958 gss_ctx_id_t context_handle;
1004 959 int conf_req_flag;
1005 960 int qop_req;
1006 961 gss_buffer_t input_message_buffer;
1007 962 int *conf_state;
1008 963 gss_buffer_t output_message_buffer;
1009 964 {
1010 965 return(krb5_gss_seal(minor_status, context_handle,
1011 966 conf_req_flag, qop_req, input_message_buffer,
1012 967 conf_state, output_message_buffer));
1013 968 }
1014 -/* EXPORT DELETE END */
1015 969
1016 970 static OM_uint32
1017 971 k5glue_sign(ctx, minor_status, context_handle,
1018 972 qop_req, message_buffer,
1019 973 message_token)
1020 974 void *ctx;
1021 975 OM_uint32 *minor_status;
1022 976 gss_ctx_id_t context_handle;
1023 977 int qop_req;
1024 978 gss_buffer_t message_buffer;
1025 979 gss_buffer_t message_token;
1026 980 {
1027 981 return(krb5_gss_sign(minor_status, context_handle,
1028 982 qop_req, message_buffer, message_token));
1029 983 }
1030 984
1031 985 #if 0
1032 986 /* V2 */
1033 987 static OM_uint32
1034 988 k5glue_verify_mic(ctx, minor_status, context_handle,
1035 989 message_buffer, token_buffer, qop_state)
1036 990 void *ctx;
1037 991 OM_uint32 *minor_status;
1038 992 gss_ctx_id_t context_handle;
1039 993 gss_buffer_t message_buffer;
1040 994 gss_buffer_t token_buffer;
1041 995 gss_qop_t *qop_state;
1042 996 {
1043 997 return(krb5_gss_verify_mic(minor_status, context_handle,
1044 998 message_buffer, token_buffer, qop_state));
1045 999 }
1046 1000
1047 1001 /* V2 */
1048 1002 static OM_uint32
1049 1003 k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req,
1050 1004 input_message_buffer, conf_state, output_message_buffer)
1051 1005 void *ctx;
1052 1006 OM_uint32 *minor_status;
1053 1007 gss_ctx_id_t context_handle;
1054 1008 int conf_req_flag;
1055 1009 gss_qop_t qop_req;
1056 1010 gss_buffer_t input_message_buffer;
1057 1011 int *conf_state;
1058 1012 gss_buffer_t output_message_buffer;
1059 1013 {
1060 1014 return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req,
1061 1015 input_message_buffer, conf_state,
1062 1016 output_message_buffer));
1063 1017 }
1064 1018
1065 1019 /* V2 */
1066 1020 static OM_uint32
1067 1021 k5glue_str_to_oid(ctx, minor_status, oid_str, oid)
1068 1022 void *ctx;
1069 1023 OM_uint32 *minor_status;
1070 1024 gss_buffer_t oid_str;
1071 1025 gss_OID *oid;
1072 1026 {
1073 1027 return(generic_gss_str_to_oid(minor_status, oid_str, oid));
1074 1028 }
1075 1029
1076 1030 /* V2 */
1077 1031 static OM_uint32
1078 1032 k5glue_test_oid_set_member(ctx, minor_status, member, set, present)
1079 1033 void *ctx;
↓ open down ↓ |
55 lines elided |
↑ open up ↑ |
1080 1034 OM_uint32 *minor_status;
1081 1035 gss_OID member;
1082 1036 gss_OID_set set;
1083 1037 int *present;
1084 1038 {
1085 1039 return(generic_gss_test_oid_set_member(minor_status, member, set,
1086 1040 present));
1087 1041 }
1088 1042 #endif
1089 1043
1090 -/* EXPORT DELETE START */
1091 1044 /* V1 only */
1092 1045 static OM_uint32
1093 1046 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
1094 1047 output_message_buffer, conf_state, qop_state)
1095 1048 void *ctx;
1096 1049 OM_uint32 *minor_status;
1097 1050 gss_ctx_id_t context_handle;
1098 1051 gss_buffer_t input_message_buffer;
1099 1052 gss_buffer_t output_message_buffer;
1100 1053 int *conf_state;
1101 1054 int *qop_state;
1102 1055 {
1103 1056 return(krb5_gss_unseal(minor_status, context_handle,
1104 1057 input_message_buffer, output_message_buffer,
1105 1058 conf_state, qop_state));
1106 1059 }
1107 -/* EXPORT DELETE END */
1108 1060
1109 1061 #if 0
1110 1062 /* V2 */
1111 1063 static OM_uint32
1112 1064 k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer,
1113 1065 output_message_buffer, conf_state, qop_state)
1114 1066 void *ctx;
1115 1067 OM_uint32 *minor_status;
1116 1068 gss_ctx_id_t context_handle;
1117 1069 gss_buffer_t input_message_buffer;
1118 1070 gss_buffer_t output_message_buffer;
1119 1071 int *conf_state;
1120 1072 gss_qop_t *qop_state;
1121 1073 {
1122 1074 return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer,
1123 1075 output_message_buffer, conf_state, qop_state));
1124 1076 }
1125 1077 #endif
1126 1078
1127 1079 /* V1 only */
1128 1080 static OM_uint32
1129 1081 k5glue_verify(ctx, minor_status, context_handle, message_buffer,
1130 1082 token_buffer, qop_state)
1131 1083 void *ctx;
1132 1084 OM_uint32 *minor_status;
1133 1085 gss_ctx_id_t context_handle;
1134 1086 gss_buffer_t message_buffer;
1135 1087 gss_buffer_t token_buffer;
1136 1088 int *qop_state;
1137 1089 {
1138 1090 return(krb5_gss_verify(minor_status,
1139 1091 context_handle,
1140 1092 message_buffer,
1141 1093 token_buffer,
1142 1094 qop_state));
1143 1095 }
1144 1096
1145 1097 /* V2 interface */
1146 1098 static OM_uint32
1147 1099 k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag,
1148 1100 qop_req, req_output_size, max_input_size)
1149 1101 void *ctx;
1150 1102 OM_uint32 *minor_status;
1151 1103 gss_ctx_id_t context_handle;
1152 1104 int conf_req_flag;
1153 1105 gss_qop_t qop_req;
1154 1106 OM_uint32 req_output_size;
1155 1107 OM_uint32 *max_input_size;
1156 1108 {
1157 1109 return(krb5_gss_wrap_size_limit(minor_status, context_handle,
1158 1110 conf_req_flag, qop_req,
1159 1111 req_output_size, max_input_size));
1160 1112 }
1161 1113
1162 1114 #if 0
1163 1115 /* V2 interface */
1164 1116 static OM_uint32
1165 1117 k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name)
1166 1118 void *ctx;
1167 1119 OM_uint32 *minor_status;
1168 1120 const gss_name_t input_name;
1169 1121 const gss_OID mech_type;
1170 1122 gss_name_t *output_name;
1171 1123 {
1172 1124 return krb5_gss_canonicalize_name(minor_status, input_name,
1173 1125 mech_type, output_name);
1174 1126 }
1175 1127 #endif
1176 1128
1177 1129 /* V2 interface */
1178 1130 static OM_uint32
1179 1131 k5glue_export_name(ctx, minor_status, input_name, exported_name)
1180 1132 void *ctx;
1181 1133 OM_uint32 *minor_status;
1182 1134 const gss_name_t input_name;
1183 1135 gss_buffer_t exported_name;
1184 1136 {
1185 1137 return krb5_gss_export_name(minor_status, input_name, exported_name);
1186 1138 }
1187 1139
1188 1140 /* SUNW15resync - this is not in the MIT mech (lib) yet */
1189 1141 static OM_uint32
1190 1142 k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech,
1191 1143 overwrite_cred, default_cred, elements_stored,
1192 1144 cred_usage_stored)
1193 1145 void *ctx;
1194 1146 OM_uint32 *minor_status;
1195 1147 const gss_cred_id_t input_cred;
1196 1148 gss_cred_usage_t cred_usage;
1197 1149 gss_OID desired_mech;
1198 1150 OM_uint32 overwrite_cred;
1199 1151 OM_uint32 default_cred;
1200 1152 gss_OID_set *elements_stored;
1201 1153 gss_cred_usage_t *cred_usage_stored;
1202 1154 {
1203 1155 return(krb5_gss_store_cred(minor_status, input_cred,
1204 1156 cred_usage, desired_mech,
1205 1157 overwrite_cred, default_cred, elements_stored,
1206 1158 cred_usage_stored));
1207 1159 }
1208 1160
1209 1161 static OM_uint32
1210 1162 k5glue_userok(
1211 1163 void *ctxt, /* context */
1212 1164 OM_uint32 *minor, /* minor_status */
1213 1165 const gss_name_t pname, /* pname */
1214 1166 const char *user, /* local user */
1215 1167 int *user_ok /* user ok? */
1216 1168 /* */)
1217 1169 {
1218 1170 return(krb5_gss_userok(minor, pname, user, user_ok));
1219 1171 }
1220 1172
1221 1173 static OM_uint32
1222 1174 k5glue_pname_to_uid(
1223 1175 void *ctxt, /* context */
1224 1176 OM_uint32 *minor, /* minor_status */
1225 1177 const gss_name_t pname, /* pname */
1226 1178 uid_t *uidOut /* uid */
1227 1179 /* */)
1228 1180 {
1229 1181 return (krb5_pname_to_uid(minor, pname, uidOut));
1230 1182 }
1231 1183
1232 1184
1233 1185
1234 1186 #if 0
1235 1187 /* V2 interface */
1236 1188 static OM_uint32
1237 1189 k5glue_duplicate_name(ctx, minor_status, input_name, dest_name)
1238 1190 void *ctx;
1239 1191 OM_uint32 *minor_status;
1240 1192 const gss_name_t input_name;
1241 1193 gss_name_t *dest_name;
1242 1194 {
1243 1195 return krb5_gss_duplicate_name(minor_status, input_name, dest_name);
1244 1196 }
1245 1197 #endif
1246 1198
1247 1199
1248 1200 OM_uint32 KRB5_CALLCONV
1249 1201 gss_krb5_copy_ccache(
1250 1202 OM_uint32 *minor_status,
1251 1203 gss_cred_id_t cred_handle,
1252 1204 krb5_ccache out_ccache)
1253 1205 {
1254 1206 gss_union_cred_t ucred;
1255 1207 gss_cred_id_t mcred;
1256 1208
1257 1209 ucred = (gss_union_cred_t)cred_handle;
1258 1210
1259 1211 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1260 1212 if (mcred != GSS_C_NO_CREDENTIAL)
1261 1213 return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1262 1214
1263 1215 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1264 1216 if (mcred != GSS_C_NO_CREDENTIAL)
1265 1217 return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1266 1218
1267 1219 return GSS_S_DEFECTIVE_CREDENTIAL;
1268 1220 }
1269 1221
1270 1222 OM_uint32 KRB5_CALLCONV
1271 1223 gss_krb5_set_allowable_enctypes(
1272 1224 OM_uint32 *minor_status,
1273 1225 gss_cred_id_t cred,
1274 1226 OM_uint32 num_ktypes,
1275 1227 krb5_enctype *ktypes)
1276 1228 {
1277 1229 gss_union_cred_t ucred;
1278 1230 gss_cred_id_t mcred;
1279 1231
1280 1232 ucred = (gss_union_cred_t)cred;
1281 1233 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1282 1234 if (mcred != GSS_C_NO_CREDENTIAL)
1283 1235 return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1284 1236 num_ktypes, ktypes);
1285 1237
1286 1238 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1287 1239 if (mcred != GSS_C_NO_CREDENTIAL)
1288 1240 return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1289 1241 num_ktypes, ktypes);
1290 1242
1291 1243 return GSS_S_DEFECTIVE_CREDENTIAL;
1292 1244 }
1293 1245
1294 1246 /*
1295 1247 * Glue routine for returning the mechanism-specific credential from a
1296 1248 * external union credential.
1297 1249 */
1298 1250 /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't
1299 1251 want to link against libgss so we put it here since we need it in the mech */
1300 1252 gss_cred_id_t
1301 1253 gssint_get_mechanism_cred(union_cred, mech_type)
1302 1254 gss_union_cred_t union_cred;
1303 1255 gss_OID mech_type;
1304 1256 {
1305 1257 int i;
1306 1258
1307 1259 if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL)
1308 1260 return GSS_C_NO_CREDENTIAL;
1309 1261
1310 1262 for (i=0; i < union_cred->count; i++) {
1311 1263 if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
1312 1264 return union_cred->cred_array[i];
1313 1265 }
1314 1266 return GSS_C_NO_CREDENTIAL;
1315 1267 }
1316 1268
1317 1269
1318 1270
1319 1271 /*
1320 1272 * entry point for the gss layer,
1321 1273 * called "krb5_gss_initialize()" in MIT 1.2.1
1322 1274 */
1323 1275 /* SUNW15resync - this used to be in k5mech.c */
1324 1276 gss_mechanism
1325 1277 gss_mech_initialize(oid)
1326 1278 const gss_OID oid;
1327 1279 {
1328 1280 /*
1329 1281 * Solaris Kerberos: We also want to use the same functions for KRB5 as
1330 1282 * we do for the MS KRB5 (krb5_mechanism_wrong). So both are valid.
1331 1283 */
1332 1284 /* ensure that the requested oid matches our oid */
1333 1285 if (oid == NULL || (!g_OID_equal(oid, &krb5_mechanism.mech_type) &&
1334 1286 !g_OID_equal(oid, &krb5_mechanism_wrong.mech_type))) {
1335 1287 (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid");
1336 1288 return (NULL);
1337 1289 }
1338 1290
1339 1291 #if 0 /* SUNW15resync - no longer needed(?) */
1340 1292 if (krb5_gss_get_context(&(krb5_mechanism.context)) !=
1341 1293 GSS_S_COMPLETE)
1342 1294 return (NULL);
1343 1295 #endif
1344 1296
1345 1297 return (&krb5_mechanism);
1346 1298 }
1347 1299
1348 1300 /*
1349 1301 * This API should go away and be replaced with an accessor
1350 1302 * into a gss_name_t.
1351 1303 */
1352 1304 OM_uint32 KRB5_CALLCONV
1353 1305 gsskrb5_extract_authz_data_from_sec_context(
1354 1306 OM_uint32 *minor_status,
1355 1307 gss_ctx_id_t context_handle,
1356 1308 int ad_type,
1357 1309 gss_buffer_t ad_data)
1358 1310 {
1359 1311 gss_OID_desc req_oid;
1360 1312 unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6];
1361 1313 OM_uint32 major_status;
1362 1314 gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1363 1315
1364 1316 if (ad_data == NULL)
1365 1317 return GSS_S_CALL_INACCESSIBLE_WRITE;
1366 1318
1367 1319 req_oid.elements = oid_buf;
1368 1320 req_oid.length = sizeof(oid_buf);
1369 1321
1370 1322 major_status = generic_gss_oid_compose(minor_status,
1371 1323 GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
1372 1324 GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
1373 1325 ad_type,
1374 1326 &req_oid);
1375 1327 if (GSS_ERROR(major_status))
1376 1328 return major_status;
1377 1329
1378 1330 major_status = gss_inquire_sec_context_by_oid(minor_status,
1379 1331 context_handle,
1380 1332 (gss_OID)&req_oid,
1381 1333 &data_set);
1382 1334 if (major_status != GSS_S_COMPLETE) {
1383 1335 return major_status;
1384 1336 }
1385 1337
1386 1338 /*
1387 1339 * SUNW17PACresync / Solaris Kerberos
1388 1340 * MIT17 allows only count==1 which is correct for pre-Win2008 but
1389 1341 * our testing with Win2008 shows count==2 and Win7 count==3.
1390 1342 */
1391 1343 if ((data_set == GSS_C_NO_BUFFER_SET) || (data_set->count == 0)) {
1392 1344 gss_release_buffer_set(minor_status, &data_set);
1393 1345 *minor_status = EINVAL;
1394 1346 return GSS_S_FAILURE;
1395 1347 }
1396 1348
1397 1349 ad_data->length = data_set->elements[0].length;
1398 1350 ad_data->value = malloc(ad_data->length);
1399 1351 if (!ad_data->value) {
1400 1352 gss_release_buffer_set(minor_status, &data_set);
1401 1353 return ENOMEM;
1402 1354 }
1403 1355 bcopy(data_set->elements[0].value, ad_data->value, ad_data->length);
1404 1356
1405 1357 gss_release_buffer_set(minor_status, &data_set);
1406 1358
1407 1359 return GSS_S_COMPLETE;
1408 1360 }
1409 1361
1410 1362
1411 1363 OM_uint32 KRB5_CALLCONV
1412 1364 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
1413 1365 gss_ctx_id_t context_handle,
1414 1366 krb5_timestamp *authtime)
1415 1367 {
1416 1368 static const gss_OID_desc req_oid = {
1417 1369 GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH,
1418 1370 GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID };
1419 1371 OM_uint32 major_status;
1420 1372 gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1421 1373
1422 1374 if (authtime == NULL)
1423 1375 return GSS_S_CALL_INACCESSIBLE_WRITE;
1424 1376
1425 1377 major_status = gss_inquire_sec_context_by_oid(minor_status,
1426 1378 context_handle,
1427 1379 (gss_OID)&req_oid,
1428 1380 &data_set);
1429 1381 if (major_status != GSS_S_COMPLETE)
1430 1382 return major_status;
1431 1383
1432 1384 if (data_set == GSS_C_NO_BUFFER_SET ||
1433 1385 data_set->count != 1 ||
1434 1386 data_set->elements[0].length != sizeof(*authtime)) {
1435 1387 *minor_status = EINVAL;
1436 1388 return GSS_S_FAILURE;
1437 1389 }
1438 1390
1439 1391 *authtime = *((krb5_timestamp *)data_set->elements[0].value);
1440 1392
1441 1393 gss_release_buffer_set(minor_status, &data_set);
1442 1394
1443 1395 *minor_status = 0;
1444 1396
1445 1397 return GSS_S_COMPLETE;
1446 1398 }
↓ open down ↓ |
329 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX