search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'origin/master'
[unleashed/lotheac.git] / usr / src / uts / common / gssapi / include / mechglueP.h
blob8fb05b86dea7e7ab78b325b0e8ff7644e8f93866
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25 /*
26 * This header contains the private mechglue definitions.
27 *
28 */
29
30 #ifndef _GSS_MECHGLUEP_H
31 #define _GSS_MECHGLUEP_H
32
33 #if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */
34 #include "autoconf.h"
35 #endif
36
37 /* SUNW15resync */
38 #ifndef GSS_DLLIMP
39 #define GSS_DLLIMP
40 #endif
41
42 #include <gssapi/gssapi_ext.h> /* SUNW15resync - mechglue.h in mit 1.5 */
43 #if 0 /* Solaris Kerberos */
44 #include "gssapiP_generic.h"
45 #endif
46
47 #ifdef _KERNEL
48 #include <rpc/rpc.h>
49 #endif
50
51 #ifndef g_OID_copy /* SUNW15resync */
52 #define g_OID_copy(o1, o2) \
53 do { \
54 memcpy((o1)->elements, (o2)->elements, (o2)->length); \
55 (o1)->length = (o2)->length; \
56 } while (0)
57 #endif
58
59 #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\
60 (buf)->value == NULL || (buf)->length == 0)
61
62 /*
63 * Array of context IDs typed by mechanism OID
64 */
65 typedef struct gss_union_ctx_id_t {
66 gss_OID mech_type;
67 gss_ctx_id_t internal_ctx_id;
68 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
69
70 /*
71 * Generic GSSAPI names. A name can either be a generic name, or a
72 * mechanism specific name....
73 */
74 typedef struct gss_name_struct {
75 struct gss_name_struct *loopback;
76 gss_OID name_type;
77 gss_buffer_t external_name;
78 /*
79 * These last two fields are only filled in for mechanism
80 * names.
81 */
82 gss_OID mech_type;
83 gss_name_t mech_name;
84 } gss_union_name_desc, *gss_union_name_t;
85
86 /*
87 * Structure for holding list of mechanism-specific name types
88 */
89 typedef struct gss_mech_spec_name_t {
90 gss_OID name_type;
91 gss_OID mech;
92 struct gss_mech_spec_name_t *next, *prev;
93 } gss_mech_spec_name_desc, *gss_mech_spec_name;
94
95 /*
96 * Credential auxiliary info, used in the credential structure
97 */
98 typedef struct gss_union_cred_auxinfo {
99 gss_buffer_desc name;
100 gss_OID name_type;
101 OM_uint32 creation_time;
102 OM_uint32 time_rec;
103 int cred_usage;
104 } gss_union_cred_auxinfo;
105
106 /*
107 * Set of Credentials typed on mechanism OID
108 */
109 typedef struct gss_union_cred_t {
110 int count;
111 gss_OID mechs_array;
112 gss_cred_id_t *cred_array;
113 gss_union_cred_auxinfo auxinfo;
114 } gss_union_cred_desc, *gss_union_cred_t;
115
116 /* Solaris Kerberos */
117 typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)(
118 void *, /* context */
119 OM_uint32 *, /* minor_status */
120 const gss_name_t, /* desired_name */
121 const gss_buffer_t, /* password */
122 OM_uint32, /* time_req */
123 const gss_OID_set, /* desired_mechs */
124 int, /* cred_usage */
125 gss_cred_id_t *, /* output_cred_handle */
126 gss_OID_set *, /* actual_mechs */
127 OM_uint32 * /* time_rec */
128 /* */);
129
130 /*
131 * Rudimentary pointer validation macro to check whether the
132 * "loopback" field of an opaque struct points back to itself. This
133 * field also catches some programming errors where an opaque pointer
134 * is passed to a function expecting the address of the opaque
135 * pointer.
136 */
137 #if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */
138 #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
139 #else
140 #define GSSINT_CHK_LOOP(p) ((p) == NULL)
141 #endif
142
143
144 /* **************************************************** */
145 /* The Mechanism Dispatch Table -- a mechanism needs to */
146 /* define one of these and provide a function to return */
147 /* it to initialize the GSSAPI library */
148
149 /*
150 * This is the definition of the mechs_array struct, which is used to
151 * define the mechs array table. This table is used to indirectly
152 * access mechanism specific versions of the gssapi routines through
153 * the routines in the glue module (gssd_mech_glue.c)
154 *
155 * This contants all of the functions defined in gssapi.h except for
156 * gss_release_buffer() and gss_release_oid_set(), which I am
157 * assuming, for now, to be equal across mechanisms.
158 */
159
160 typedef struct gss_config {
161 #if 0 /* Solaris Kerberos */
162 OM_uint32 priority;
163 char *mechNameStr;
164 #endif
165 gss_OID_desc mech_type;
166 void * context;
167 #ifdef _KERNEL
168 struct gss_config *next;
169 bool_t uses_kmod;
170 #endif
171
172 #ifndef _KERNEL
173 OM_uint32 (*gss_acquire_cred)
174 (
175 void *, /* context */
176 OM_uint32 *, /* minor_status */
177 const gss_name_t, /* desired_name */
178 OM_uint32, /* time_req */
179 const gss_OID_set, /* desired_mechs */
180 int, /* cred_usage */
181 gss_cred_id_t *, /* output_cred_handle */
182 gss_OID_set *, /* actual_mechs */
183 OM_uint32 * /* time_rec */
184 /* */);
185 OM_uint32 (*gss_release_cred)
186 (
187 void *, /* context */
188 OM_uint32 *, /* minor_status */
189 gss_cred_id_t * /* cred_handle */
190 /* */);
191 OM_uint32 (*gss_init_sec_context)
192 (
193 void *, /* context */
194 OM_uint32 *, /* minor_status */
195 const gss_cred_id_t, /* claimant_cred_handle */
196 gss_ctx_id_t *, /* context_handle */
197 const gss_name_t, /* target_name */
198 const gss_OID, /* mech_type */
199 OM_uint32, /* req_flags */
200 OM_uint32, /* time_req */
201 const gss_channel_bindings_t, /* input_chan_bindings */
202 const gss_buffer_t, /* input_token */
203 gss_OID*, /* actual_mech_type */
204 gss_buffer_t, /* output_token */
205 OM_uint32 *, /* ret_flags */
206 OM_uint32 * /* time_rec */
207 /* */);
208 OM_uint32 (*gss_accept_sec_context)
209 (
210 void *, /* context */
211 OM_uint32 *, /* minor_status */
212 gss_ctx_id_t *, /* context_handle */
213 const gss_cred_id_t, /* verifier_cred_handle */
214 const gss_buffer_t, /* input_token_buffer */
215 const gss_channel_bindings_t, /* input_chan_bindings */
216 gss_name_t *, /* src_name */
217 gss_OID*, /* mech_type */
218 gss_buffer_t, /* output_token */
219 OM_uint32 *, /* ret_flags */
220 OM_uint32 *, /* time_rec */
221 gss_cred_id_t * /* delegated_cred_handle */
222 /* */);
223 #endif /* ! _KERNEL */
224
225 /*
226 * Note: there are two gss_unseal's in here. Make any changes to both.
227 */
228 OM_uint32 (*gss_unseal)
229 (
230 void *, /* context */
231 OM_uint32 *, /* minor_status */
232 const gss_ctx_id_t, /* context_handle */
233 const gss_buffer_t, /* input_message_buffer */
234 gss_buffer_t, /* output_message_buffer */
235 int *, /* conf_state */
236 int * /* qop_state */
237 #ifdef _KERNEL
238 /* */, OM_uint32
239 #endif
240 /* */);
241 #ifndef _KERNEL
242 OM_uint32 (*gss_process_context_token)
243 (
244 void *, /* context */
245 OM_uint32 *, /* minor_status */
246 const gss_ctx_id_t, /* context_handle */
247 const gss_buffer_t /* token_buffer */
248 /* */);
249 #endif /* ! _KERNEL */
250 OM_uint32 (*gss_delete_sec_context)
251 (
252 void *, /* context */
253 OM_uint32 *, /* minor_status */
254 gss_ctx_id_t *, /* context_handle */
255 gss_buffer_t /* output_token */
256 #ifdef _KERNEL
257 /* */, OM_uint32
258 #endif
259 /* */);
260 #ifndef _KERNEL
261 OM_uint32 (*gss_context_time)
262 (
263 void *, /* context */
264 OM_uint32 *, /* minor_status */
265 const gss_ctx_id_t, /* context_handle */
266 OM_uint32 * /* time_rec */
267 /* */);
268 OM_uint32 (*gss_display_status)
269 (
270 void *, /* context */
271 OM_uint32 *, /* minor_status */
272 OM_uint32, /* status_value */
273 int, /* status_type */
274 const gss_OID, /* mech_type */
275 OM_uint32 *, /* message_context */
276 gss_buffer_t /* status_string */
277 /* */);
278 OM_uint32 (*gss_indicate_mechs)
279 (
280 void *, /* context */
281 OM_uint32 *, /* minor_status */
282 gss_OID_set * /* mech_set */
283 /* */);
284 OM_uint32 (*gss_compare_name)
285 (
286 void *, /* context */
287 OM_uint32 *, /* minor_status */
288 const gss_name_t, /* name1 */
289 const gss_name_t, /* name2 */
290 int * /* name_equal */
291 /* */);
292 OM_uint32 (*gss_display_name)
293 (
294 void *, /* context */
295 OM_uint32 *, /* minor_status */
296 const gss_name_t, /* input_name */
297 gss_buffer_t, /* output_name_buffer */
298 gss_OID* /* output_name_type */
299 /* */);
300 OM_uint32 (*gss_import_name)
301 (
302 void *, /* context */
303 OM_uint32 *, /* minor_status */
304 const gss_buffer_t, /* input_name_buffer */
305 const gss_OID, /* input_name_type */
306 gss_name_t * /* output_name */
307 /* */);
308 OM_uint32 (*gss_release_name)
309 (
310 void *, /* context */
311 OM_uint32 *, /* minor_status */
312 gss_name_t * /* input_name */
313 /* */);
314 OM_uint32 (*gss_inquire_cred)
315 (
316 void *, /* context */
317 OM_uint32 *, /* minor_status */
318 const gss_cred_id_t, /* cred_handle */
319 gss_name_t *, /* name */
320 OM_uint32 *, /* lifetime */
321 int *, /* cred_usage */
322 gss_OID_set * /* mechanisms */
323 /* */);
324 OM_uint32 (*gss_add_cred)
325 (
326 void *, /* context */
327 OM_uint32 *, /* minor_status */
328 const gss_cred_id_t, /* input_cred_handle */
329 const gss_name_t, /* desired_name */
330 const gss_OID, /* desired_mech */
331 gss_cred_usage_t, /* cred_usage */
332 OM_uint32, /* initiator_time_req */
333 OM_uint32, /* acceptor_time_req */
334 gss_cred_id_t *, /* output_cred_handle */
335 gss_OID_set *, /* actual_mechs */
336 OM_uint32 *, /* initiator_time_rec */
337 OM_uint32 * /* acceptor_time_rec */
338 /* */);
339 #endif /* ! _KERNEL */
340 /*
341 * Note: there are two gss_seal's in here. Make any changes to both.
342 */
343 OM_uint32 (*gss_seal)
344 (
345 void *, /* context */
346 OM_uint32 *, /* minor_status */
347 const gss_ctx_id_t, /* context_handle */
348 int, /* conf_req_flag */
349 int, /* qop_req */
350 const gss_buffer_t, /* input_message_buffer */
351 int *, /* conf_state */
352 gss_buffer_t /* output_message_buffer */
353 #ifdef _KERNEL
354 /* */, OM_uint32
355 #endif
356 /* */);
357 #ifndef _KERNEL
358 OM_uint32 (*gss_export_sec_context)
359 (
360 void *, /* context */
361 OM_uint32 *, /* minor_status */
362 gss_ctx_id_t *, /* context_handle */
363 gss_buffer_t /* interprocess_token */
364 /* */);
365 #endif /* ! _KERNEL */
366 OM_uint32 (*gss_import_sec_context)
367 (
368 void *, /* context */
369 OM_uint32 *, /* minor_status */
370 const gss_buffer_t, /* interprocess_token */
371 gss_ctx_id_t * /* context_handle */
372 /* */);
373 #ifndef _KERNEL
374 OM_uint32 (*gss_inquire_cred_by_mech)
375 (
376 void *, /* context */
377 OM_uint32 *, /* minor_status */
378 const gss_cred_id_t, /* cred_handle */
379 const gss_OID, /* mech_type */
380 gss_name_t *, /* name */
381 OM_uint32 *, /* initiator_lifetime */
382 OM_uint32 *, /* acceptor_lifetime */
383 gss_cred_usage_t * /* cred_usage */
384 /* */);
385 OM_uint32 (*gss_inquire_names_for_mech)
386 (
387 void *, /* context */
388 OM_uint32 *, /* minor_status */
389 const gss_OID, /* mechanism */
390 gss_OID_set * /* name_types */
391 /* */);
392 OM_uint32 (*gss_inquire_context)
393 (
394 void *, /* context */
395 OM_uint32 *, /* minor_status */
396 const gss_ctx_id_t, /* context_handle */
397 gss_name_t *, /* src_name */
398 gss_name_t *, /* targ_name */
399 OM_uint32 *, /* lifetime_rec */
400 gss_OID *, /* mech_type */
401 OM_uint32 *, /* ctx_flags */
402 int *, /* locally_initiated */
403 int * /* open */
404 /* */);
405 OM_uint32 (*gss_internal_release_oid)
406 (
407 void *, /* context */
408 OM_uint32 *, /* minor_status */
409 gss_OID * /* OID */
410 /* */);
411 OM_uint32 (*gss_wrap_size_limit)
412 (
413 void *, /* context */
414 OM_uint32 *, /* minor_status */
415 const gss_ctx_id_t, /* context_handle */
416 int, /* conf_req_flag */
417 gss_qop_t, /* qop_req */
418 OM_uint32, /* req_output_size */
419 OM_uint32 * /* max_input_size */
420 /* */);
421 OM_uint32 (*pname_to_uid)
422 (
423 void *, /* context */
424 OM_uint32 *, /* minor_status */
425 const gss_name_t, /* pname */
426 uid_t * /* uid */
427 /* */);
428 OM_uint32 (*__gss_userok)
429 (
430 void *, /* context */
431 OM_uint32 *, /* minor_status */
432 const gss_name_t, /* pname */
433 const char *, /* local user */
434 int * /* user ok? */
435 /* */);
436 OM_uint32 (*gss_export_name)
437 (
438 void *, /* context */
439 OM_uint32 *, /* minor_status */
440 const gss_name_t, /* input_name */
441 gss_buffer_t /* exported_name */
442 /* */);
443 #endif /* ! _KERNEL */
444 OM_uint32 (*gss_sign)
445 (
446 void *, /* context */
447 OM_uint32 *, /* minor_status */
448 const gss_ctx_id_t, /* context_handle */
449 int, /* qop_req */
450 const gss_buffer_t, /* message_buffer */
451 gss_buffer_t /* message_token */
452 #ifdef _KERNEL
453 /* */, OM_uint32
454 #endif
455 /* */);
456 OM_uint32 (*gss_verify)
457 (
458 void *, /* context */
459 OM_uint32 *, /* minor_status */
460 const gss_ctx_id_t, /* context_handle */
461 const gss_buffer_t, /* message_buffer */
462 const gss_buffer_t, /* token_buffer */
463 int * /* qop_state */
464 #ifdef _KERNEL
465 /* */, OM_uint32
466 #endif
467 /* */);
468 #ifndef _KERNEL
469 OM_uint32 (*gss_store_cred)
470 (
471 void *, /* context */
472 OM_uint32 *, /* minor_status */
473 const gss_cred_id_t, /* input_cred */
474 gss_cred_usage_t, /* cred_usage */
475 const gss_OID, /* desired_mech */
476 OM_uint32, /* overwrite_cred */
477 OM_uint32, /* default_cred */
478 gss_OID_set *, /* elements_stored */
479 gss_cred_usage_t * /* cred_usage_stored */
480 /* */);
481
482 /* GGF extensions */
483
484 OM_uint32 (*gss_inquire_sec_context_by_oid)
485 (
486 OM_uint32 *, /* minor_status */
487 const gss_ctx_id_t, /* context_handle */
488 const gss_OID, /* OID */
489 gss_buffer_set_t * /* data_set */
490 /* */);
491
492 #endif
493 } *gss_mechanism;
494
495
496
497 #ifndef _KERNEL
498 /* This structure MUST NOT be used by any code outside libgss */
499 typedef struct gss_config_ext {
500 gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password;
501 } *gss_mechanism_ext;
502 #endif /* _KERNEL */
503
504
505 /*
506 * In the user space we use a wrapper structure to encompass the
507 * mechanism entry points. The wrapper contain the mechanism
508 * entry points and other data which is only relevant to the gss-api
509 * layer. In the kernel we use only the gss_config strucutre because
510 * the kernal does not cantain any of the extra gss-api specific data.
511 */
512 typedef struct gss_mech_config {
513 char *kmodName; /* kernel module name */
514 char *uLibName; /* user library name */
515 char *mechNameStr; /* mechanism string name */
516 char *optionStr; /* optional mech parameters */
517 void *dl_handle; /* RTLD object handle for the mech */
518 gss_OID mech_type; /* mechanism oid */
519 gss_mechanism mech; /* mechanism initialization struct */
520 #ifndef _KERNEL
521 gss_mechanism_ext mech_ext; /* Solaris extensions */
522 #endif /* _KERNEL */
523 struct gss_mech_config *next; /* next element in the list */
524 } *gss_mech_info;
525
526 /* ***************************************************** */
527 /* Internal mechglue routines */
528
529 /* SUNW15resync - Solaris versions - replace w/mit ones? */
530 gss_mechanism __gss_get_mechanism(const gss_OID);
531 #ifndef _KERNEL
532 gss_mechanism_ext __gss_get_mechanism_ext(const gss_OID);
533 #endif /* _KERNEL */
534 char *__gss_get_kmodName(const gss_OID);
535 char *__gss_get_modOptions(const gss_OID);
536 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID,
537 gss_union_name_t, gss_name_t *);
538 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID,
539 const gss_name_t, gss_buffer_t);
540 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID,
541 const gss_name_t, gss_buffer_t, gss_OID *);
542 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID,
543 gss_name_t *);
544 OM_uint32 gssint_delete_internal_sec_context(OM_uint32 *, gss_OID,
545 gss_ctx_id_t *, gss_buffer_t);
546 OM_uint32 __gss_convert_name_to_union_name(
547 OM_uint32 *, /* minor_status */
548 gss_mechanism, /* mech */
549 gss_name_t, /* internal_name */
550 gss_name_t * /* external_name */
551 );
552
553 gss_cred_id_t __gss_get_mechanism_cred(
554 const gss_union_cred_t, /* union_cred */
555 const gss_OID /* mech_type */
556 );
557
558
559
560
561
562 int gssint_mechglue_init(void);
563 void gssint_mechglue_fini(void);
564
565 gss_mechanism gssint_get_mechanism(gss_OID);
566 OM_uint32 gssint_get_mech_type(gss_OID, gss_buffer_t);
567 char *gssint_get_kmodName(const gss_OID);
568 char *gssint_get_modOptions(const gss_OID);
569 OM_uint32 gssint_import_internal_name(OM_uint32 *, gss_OID, gss_union_name_t,
570 gss_name_t *);
571 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID,
572 const gss_name_t, gss_buffer_t);
573 OM_uint32 gssint_display_internal_name(OM_uint32 *, gss_OID, gss_name_t,
574 gss_buffer_t, gss_OID *);
575 OM_uint32 gssint_release_internal_name(OM_uint32 *, gss_OID, gss_name_t *);
576
577 OM_uint32 gssint_convert_name_to_union_name(
578 OM_uint32 *, /* minor_status */
579 gss_mechanism, /* mech */
580 gss_name_t, /* internal_name */
581 gss_name_t * /* external_name */
582 );
583 gss_cred_id_t gssint_get_mechanism_cred(
584 gss_union_cred_t, /* union_cred */
585 gss_OID /* mech_type */
586 );
587 OM_uint32 gssint_create_copy_buffer(
588 const gss_buffer_t, /* src buffer */
589 gss_buffer_t *, /* destination buffer */
590 int /* NULL terminate buffer ? */
591 );
592
593
594 OM_uint32 gssint_copy_oid_set(
595 OM_uint32 *, /* minor_status */
596 const gss_OID_set_desc *, /* oid set */
597 gss_OID_set * /* new oid set */
598 );
599
600 /* SUNW15resync - for old Solaris version in libgss */
601 OM_uint32 gss_copy_oid_set(
602 OM_uint32 *, /* minor_status */
603 const gss_OID_set_desc *, /* oid set */
604 gss_OID_set * /* new oid set */
605 );
606
607
608 gss_OID gss_find_mechanism_from_name_type(gss_OID); /* name_type */
609
610 OM_uint32 gss_add_mech_name_type(
611 OM_uint32 *, /* minor_status */
612 gss_OID, /* name_type */
613 gss_OID /* mech */
614 );
615
616 /*
617 * Sun extensions to GSS-API v2
618 */
619
620 OM_uint32 gssint_mech_to_oid
621 (const char *mech, /* mechanism string name */
622 gss_OID *oid /* mechanism oid */
623 );
624
625 const char *
626 gssint_oid_to_mech
627 (const gss_OID oid /* mechanism oid */
628 );
629
630 OM_uint32
631 gssint_get_mechanisms
632 (char *mechArray[], /* array to populate with mechs */
633 int arrayLen /* length of passed in array */
634 );
635
636 OM_uint32
637 gss_store_cred
638 (OM_uint32 *, /* minor_status */
639 const gss_cred_id_t, /* input_cred_handle */
640 gss_cred_usage_t, /* cred_usage */
641 const gss_OID, /* desired_mech */
642 OM_uint32, /* overwrite_cred */
643 OM_uint32, /* default_cred */
644 gss_OID_set *, /* elements_stored */
645 gss_cred_usage_t * /* cred_usage_stored */
646 );
647
648 int
649 gssint_get_der_length
650 (unsigned char **, /* buf */
651 unsigned int, /* buf_len */
652 unsigned int * /* bytes */
653 );
654
655 unsigned int
656 gssint_der_length_size(unsigned int /* len */);
657
658 int
659 gssint_put_der_length
660 (unsigned int, /* length */
661 unsigned char **, /* buf */
662 unsigned int /* max_len */
663 );
664
665
666
667 /* Solaris kernel and gssd support */
668
669 /*
670 * derived types for passing context and credential handles
671 * between gssd and kernel
672 */
673 typedef unsigned int gssd_ctx_id_t;
674 typedef unsigned int gssd_cred_id_t;
675
676 #define GSSD_NO_CONTEXT ((gssd_ctx_id_t)0)
677 #define GSSD_NO_CREDENTIAL ((gssd_cred_id_t)0)
678
679 #ifdef _KERNEL
680
681 #ifndef _KRB5_H
682 /* These macros are defined for Kerberos in krb5.h, and have priority */
683 #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
684 #define FREE(x, n) kmem_free((x), (n))
685 #endif /* _KRB5_H */
686
687 gss_mechanism __kgss_get_mechanism(gss_OID);
688 void __kgss_add_mechanism(gss_mechanism);
689 #endif /* _KERNEL */
690
691 struct kgss_cred {
692 gssd_cred_id_t gssd_cred;
693 OM_uint32 gssd_cred_verifier;
694 };
695
696 #define KCRED_TO_KGSS_CRED(cred) ((struct kgss_cred *)(cred))
697 #define KCRED_TO_CRED(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred)
698 #define KCRED_TO_CREDV(cred) (KCRED_TO_KGSS_CRED(cred)->gssd_cred_verifier)
699
700 struct kgss_ctx {
701 gssd_ctx_id_t gssd_ctx;
702 #ifdef _KERNEL
703 gss_ctx_id_t gssd_i_ctx;
704 bool_t ctx_imported;
705 gss_mechanism mech;
706 #endif /* _KERNEL */
707 OM_uint32 gssd_ctx_verifier;
708 };
709
710 #define KCTX_TO_KGSS_CTX(ctx) ((struct kgss_ctx *)(ctx))
711 #define KCTX_TO_CTX_IMPORTED(ctx) (KCTX_TO_KGSS_CTX(ctx)->ctx_imported)
712 #define KCTX_TO_GSSD_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
713 #define KCTX_TO_CTXV(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx_verifier)
714 #define KCTX_TO_MECH(ctx) (KCTX_TO_KGSS_CTX(ctx)->mech)
715 #define KCTX_TO_PRIVATE(ctx) (KCTX_TO_MECH(ctx)->context)
716 #define KGSS_CTX_TO_GSSD_CTX(ctx) \
717 (((ctx) == GSS_C_NO_CONTEXT) ? (gssd_ctx_id_t)(uintptr_t)(ctx) : \
718 KCTX_TO_GSSD_CTX(ctx))
719 #define KGSS_CTX_TO_GSSD_CTXV(ctx) \
720 (((ctx) == GSS_C_NO_CONTEXT) ? 0 : KCTX_TO_CTXV(ctx))
721
722 #ifdef _KERNEL
723 #define KCTX_TO_I_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_i_ctx)
724 #define KCTX_TO_CTX(ctx) \
725 ((KCTX_TO_CTX_IMPORTED(ctx) == FALSE) ? (ctx) : \
726 KCTX_TO_I_CTX(ctx))
727 #define KGSS_CRED_ALLOC() kmem_zalloc(sizeof (struct kgss_cred), \
728 KM_SLEEP)
729 #define KGSS_CRED_FREE(cred) kmem_free(cred, sizeof (struct kgss_cred))
730
731 #define KGSS_ALLOC() kmem_zalloc(sizeof (struct kgss_ctx), KM_SLEEP)
732 #define KGSS_FREE(ctx) kmem_free(ctx, sizeof (struct kgss_ctx))
733
734 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \
735 (*(KCTX_TO_MECH(ctx)->gss_sign))(KCTX_TO_PRIVATE(ctx), minor_st, \
736 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
737
738 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \
739 (*(KCTX_TO_MECH(ctx)->gss_verify))(KCTX_TO_PRIVATE(ctx), minor_st,\
740 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx))
741
742 #define KGSS_DELETE_SEC_CONTEXT(minor_st, ctx, int_ctx_id, tkn) \
743 (*(KCTX_TO_MECH(ctx)->gss_delete_sec_context))(KCTX_TO_PRIVATE(ctx),\
744 minor_st, int_ctx_id, tkn, KCTX_TO_CTXV(ctx))
745
746 #define KGSS_IMPORT_SEC_CONTEXT(minor_st, tkn, ctx, int_ctx_id) \
747 (*(KCTX_TO_MECH(ctx)->gss_import_sec_context))(KCTX_TO_PRIVATE(ctx),\
748 minor_st, tkn, int_ctx_id)
749
750 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
751 (*(KCTX_TO_MECH(ctx)->gss_seal))(KCTX_TO_PRIVATE(ctx), minor_st, \
752 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn,\
753 KCTX_TO_CTXV(ctx))
754
755 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \
756 (*(KCTX_TO_MECH(ctx)->gss_unseal))(KCTX_TO_PRIVATE(ctx), minor_st,\
757 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \
758 KCTX_TO_CTXV(ctx))
759
760 #define KGSS_INIT_CONTEXT(ctx) krb5_init_context(ctx)
761 #define KGSS_RELEASE_OID(minor_st, oid) krb5_gss_release_oid(minor_st, oid)
762 extern OM_uint32 kgss_release_oid(OM_uint32 *, gss_OID *);
763
764 #else /* !_KERNEL */
765
766 #define KGSS_INIT_CONTEXT(ctx) krb5_gss_init_context(ctx)
767 #define KGSS_RELEASE_OID(minor_st, oid) gss_release_oid(minor_st, oid)
768
769 #define KCTX_TO_CTX(ctx) (KCTX_TO_KGSS_CTX(ctx)->gssd_ctx)
770 #define MALLOC(n) malloc(n)
771 #define FREE(x, n) free(x)
772 #define KGSS_CRED_ALLOC() (struct kgss_cred *) \
773 MALLOC(sizeof (struct kgss_cred))
774 #define KGSS_CRED_FREE(cred) free(cred)
775 #define KGSS_ALLOC() (struct kgss_ctx *)MALLOC(sizeof (struct kgss_ctx))
776 #define KGSS_FREE(ctx) free(ctx)
777
778 #define KGSS_SIGN(minor_st, ctx, qop, msg, tkn) \
779 kgss_sign_wrapped(minor_st, \
780 KCTX_TO_CTX(ctx), qop, msg, tkn, KCTX_TO_CTXV(ctx))
781
782 #define KGSS_VERIFY(minor_st, ctx, msg, tkn, qop) \
783 kgss_verify_wrapped(minor_st,\
784 KCTX_TO_CTX(ctx), msg, tkn, qop, KCTX_TO_CTXV(ctx))
785
786 #define KGSS_SEAL(minor_st, ctx, conf_req, qop, msg, conf_state, tkn) \
787 kgss_seal_wrapped(minor_st, \
788 KCTX_TO_CTX(ctx), conf_req, qop, msg, conf_state, tkn, \
789 KCTX_TO_CTXV(ctx))
790
791 #define KGSS_UNSEAL(minor_st, ctx, msg, tkn, conf, qop) \
792 kgss_unseal_wrapped(minor_st,\
793 KCTX_TO_CTX(ctx), msg, tkn, conf, qop, \
794 KCTX_TO_CTXV(ctx))
795 #endif /* _KERNEL */
796
797 /* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */
798 OM_uint32 generic_gss_release_buffer
799 (OM_uint32*, /* minor_status */
800 gss_buffer_t /* buffer */
801 );
802
803 OM_uint32 generic_gss_release_oid_set
804 (OM_uint32*, /* minor_status */
805 gss_OID_set* /* set */
806 );
807
808 OM_uint32 generic_gss_release_oid
809 (OM_uint32*, /* minor_status */
810 gss_OID* /* set */
811 );
812
813 OM_uint32 generic_gss_copy_oid
814 (OM_uint32 *, /* minor_status */
815 gss_OID_desc * const, /* oid */ /* SUNW15resync */
816 gss_OID * /* new_oid */
817 );
818
819 OM_uint32 generic_gss_create_empty_oid_set
820 (OM_uint32 *, /* minor_status */
821 gss_OID_set * /* oid_set */
822 );
823
824 OM_uint32 generic_gss_add_oid_set_member
825 (OM_uint32 *, /* minor_status */
826 gss_OID_desc * const, /* member_oid */
827 gss_OID_set * /* oid_set */
828 );
829
830 OM_uint32 generic_gss_test_oid_set_member
831 (OM_uint32 *, /* minor_status */
832 gss_OID_desc * const, /* member */
833 gss_OID_set, /* set */
834 int * /* present */
835 );
836
837 OM_uint32 generic_gss_oid_to_str
838 (OM_uint32 *, /* minor_status */
839 gss_OID_desc * const, /* oid */
840 gss_buffer_t /* oid_str */
841 );
842
843 OM_uint32 generic_gss_str_to_oid
844 (OM_uint32 *, /* minor_status */
845 gss_buffer_t, /* oid_str */
846 gss_OID * /* oid */
847 );
848
849 OM_uint32
850 generic_gss_oid_compose
851 (OM_uint32 *, /* minor_status */
852 const char *, /* prefix */
853 size_t, /* prefix_len */
854 int, /* suffix */
855 gss_OID_desc * /* oid */
856 );
857
858 OM_uint32
859 generic_gss_oid_decompose
860 (OM_uint32 *, /* minor_status */
861 const char *, /* prefix */
862 size_t, /* prefix_len */
863 gss_OID_desc *, /* oid */
864 int *); /* suffix */
865
866 OM_uint32 generic_gss_create_empty_buffer_set
867 (OM_uint32 * /* minor_status */,
868 gss_buffer_set_t * /* buffer_set */
869 );
870
871 OM_uint32 generic_gss_add_buffer_set_member
872 (OM_uint32 * /* minor_status */,
873 const gss_buffer_t /* member_buffer */,
874 gss_buffer_set_t * /* buffer_set */);
875
876 OM_uint32 generic_gss_release_buffer_set
877 (OM_uint32 * /* minor_status */,
878 gss_buffer_set_t * /* buffer_set */);
879
880 /*
881 * SUNW17PACresync
882 * New map error API in MIT 1.7, at build time generates code for errors.
883 * Solaris does not gen the errors at build time so we just stub these
884 * for now, need to revisit.
885 * See mglueP.h and util_errmap.c in MIT 1.7.
886 */
887 #ifdef _KERNEL
888
889 #define map_error(MINORP, MECH)
890 #define map_errcode(MINORP)
891
892 #else /* _KERNEL */
893
894 /*
895 * Use this to map an error code that was returned from a mech
896 * operation; the mech will be asked to produce the associated error
897 * messages.
898 *
899 * Remember that if the minor status code cannot be returned to the
900 * caller (e.g., if it's stuffed in an automatic variable and then
901 * ignored), then we don't care about producing a mapping.
902 */
903 #define map_error(MINORP, MECH) \
904 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type))
905 #define map_error_oid(MINORP, MECHOID) \
906 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID)))
907
908 /*
909 * Use this to map an errno value or com_err error code being
910 * generated within the mechglue code (e.g., by calling generic oid
911 * ops). Any errno or com_err values produced by mech operations
912 * should be processed with map_error. This means they'll be stored
913 * separately even if the mech uses com_err, because we can't assume
914 * that it will use com_err.
915 */
916 #define map_errcode(MINORP) \
917 (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP)))
918
919 #endif /* _KERNEL */
920
921 #endif /* _GSS_MECHGLUEP_H */