1 /* 2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * This header contains the private mechglue definitions. 8 */ 9 10 #ifndef _MECHGLUEP_H 11 #define _MECHGLUEP_H 12 13 | #pragma ident "@(#)mechglueP.h 1.42 04/09/08 SMI" 13 | #pragma ident "@(#)mechglueP.h 1.41 04/04/06 SMI" 14 15 #include <sys/types.h> 16 #include <gssapi/gssapi.h> 17 #include <gssapi/gssapi_ext.h> 18 19 #ifdef __cplusplus 20 extern "C" { 21 #endif 22 23 #ifdef _KERNEL 24 #define memcmp(a, b, l) bcmp((a), (b), (l)) 25 #endif 26 /* 27 * derived types for passing context and credential handles 28 * between gssd and kernel 29 */ 30 typedef unsigned int gssd_ctx_id_t; 31 typedef unsigned int gssd_cred_id_t; 32 /* 33 * Array of context IDs typed by mechanism OID 34 */ 35 typedef struct gss_union_ctx_id_t { 36 gss_OID mech_type; 37 gss_ctx_id_t internal_ctx_id; 38 } gss_union_ctx_id_desc, *gss_union_ctx_id_t; ----Unchanged portion omitted---- 84 85 /* 86 * This is the definition of the mechs_array struct, which is used to 87 * define the mechs array table. This table is used to indirectly 88 * access mechanism specific versions of the gssapi routines through 89 * the routines in the glue module (gssd_mech_glue.c) 90 * 91 * This contains all of the functions defined in gssapi.h except for 92 * gss_release_buffer() and gss_release_oid_set(), which I am 93 * assuming, for now, to be equal across mechanisms. 94 */ 95 96 typedef struct gss_config { 97 gss_OID_desc mech_type; 98 void * context; 99 #ifdef _KERNEL 100 struct gss_config *next; 101 bool_t uses_kmod; 102 #endif 103 104 #ifndef _KERNEL 105 OM_uint32 (*gss_acquire_cred) 106 ( 107 void *, /* context */ 108 OM_uint32 *, /* minor_status */ 109 const gss_name_t, /* desired_name */ 110 OM_uint32, /* time_req */ 111 const gss_OID_set, /* desired_mechs */ 112 int, /* cred_usage */ 113 gss_cred_id_t *, /* output_cred_handle */ 114 gss_OID_set *, /* actual_mechs */ 115 OM_uint32 * /* time_rec */ 116 /* */); 117 OM_uint32 (*gss_release_cred) 118 ( 119 void *, /* context */ 120 OM_uint32 *, /* minor_status */ 121 gss_cred_id_t * /* cred_handle */ 122 /* */); 123 OM_uint32 (*gss_init_sec_context) 124 ( 125 void *, /* context */ 126 OM_uint32 *, /* minor_status */ 127 const gss_cred_id_t, /* claimant_cred_handle */ 128 gss_ctx_id_t *, /* context_handle */ 129 const gss_name_t, /* target_name */ 130 const gss_OID, /* mech_type */ 131 OM_uint32, /* req_flags */ 132 OM_uint32, /* time_req */ 133 const gss_channel_bindings_t, /* input_chan_bindings */ 134 const gss_buffer_t, /* input_token */ 135 gss_OID*, /* actual_mech_type */ 136 gss_buffer_t, /* output_token */ 137 OM_uint32 *, /* ret_flags */ 138 OM_uint32 * /* time_rec */ 139 /* */); 140 OM_uint32 (*gss_accept_sec_context) 141 ( 142 void *, /* context */ 143 OM_uint32 *, /* minor_status */ 144 gss_ctx_id_t *, /* context_handle */ 145 const gss_cred_id_t, /* verifier_cred_handle */ 146 const gss_buffer_t, /* input_token_buffer */ 147 const gss_channel_bindings_t, /* input_chan_bindings */ 148 gss_name_t *, /* src_name */ 149 gss_OID*, /* mech_type */ 150 gss_buffer_t, /* output_token */ 151 OM_uint32 *, /* ret_flags */ 152 OM_uint32 *, /* time_rec */ 153 gss_cred_id_t * /* delegated_cred_handle */ 154 /* */); 155 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 156 #endif /* ! _KERNEL */ 157 158 /* 159 * Note: there are two gss_unseal's in here. Make any changes to both. 160 */ 161 OM_uint32 (*gss_unseal) 162 ( 163 void *, /* context */ 164 OM_uint32 *, /* minor_status */ 165 const gss_ctx_id_t, /* context_handle */ 166 const gss_buffer_t, /* input_message_buffer */ 167 gss_buffer_t, /* output_message_buffer */ 168 int *, /* conf_state */ 169 int * /* qop_state */ 170 #ifdef _KERNEL 171 /* */, OM_uint32 172 #endif 173 /* */); 174 #ifndef _KERNEL 175 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 176 OM_uint32 (*gss_process_context_token) 177 ( 178 void *, /* context */ 179 OM_uint32 *, /* minor_status */ 180 const gss_ctx_id_t, /* context_handle */ 181 const gss_buffer_t /* token_buffer */ 182 /* */); 183 #endif /* ! _KERNEL */ 184 OM_uint32 (*gss_delete_sec_context) 185 ( 186 void *, /* context */ 187 OM_uint32 *, /* minor_status */ 188 gss_ctx_id_t *, /* context_handle */ 189 gss_buffer_t /* output_token */ 190 #ifdef _KERNEL 191 /* */, OM_uint32 192 #endif 193 /* */); 194 #ifndef _KERNEL 195 OM_uint32 (*gss_context_time) 196 ( 197 void *, /* context */ 198 OM_uint32 *, /* minor_status */ 199 const gss_ctx_id_t, /* context_handle */ 200 OM_uint32 * /* time_rec */ 201 /* */); 202 OM_uint32 (*gss_display_status) 203 ( 204 void *, /* context */ 205 OM_uint32 *, /* minor_status */ 206 OM_uint32, /* status_value */ 207 int, /* status_type */ 208 const gss_OID, /* mech_type */ 209 OM_uint32 *, /* message_context */ 210 gss_buffer_t /* status_string */ 211 /* */); 212 OM_uint32 (*gss_indicate_mechs) 213 ( 214 void *, /* context */ 215 OM_uint32 *, /* minor_status */ 216 gss_OID_set * /* mech_set */ 217 /* */); 218 OM_uint32 (*gss_compare_name) 219 ( 220 void *, /* context */ 221 OM_uint32 *, /* minor_status */ 222 const gss_name_t, /* name1 */ 223 const gss_name_t, /* name2 */ 224 int * /* name_equal */ 225 /* */); 226 OM_uint32 (*gss_display_name) 227 ( 228 void *, /* context */ 229 OM_uint32 *, /* minor_status */ 230 const gss_name_t, /* input_name */ 231 gss_buffer_t, /* output_name_buffer */ 232 gss_OID* /* output_name_type */ 233 /* */); 234 OM_uint32 (*gss_import_name) 235 ( 236 void *, /* context */ 237 OM_uint32 *, /* minor_status */ 238 const gss_buffer_t, /* input_name_buffer */ 239 const gss_OID, /* input_name_type */ 240 gss_name_t * /* output_name */ 241 /* */); 242 OM_uint32 (*gss_release_name) 243 ( 244 void *, /* context */ 245 OM_uint32 *, /* minor_status */ 246 gss_name_t * /* input_name */ 247 /* */); 248 OM_uint32 (*gss_inquire_cred) 249 ( 250 void *, /* context */ 251 OM_uint32 *, /* minor_status */ 252 const gss_cred_id_t, /* cred_handle */ 253 gss_name_t *, /* name */ 254 OM_uint32 *, /* lifetime */ 255 int *, /* cred_usage */ 256 gss_OID_set * /* mechanisms */ 257 /* */); 258 OM_uint32 (*gss_add_cred) 259 ( 260 void *, /* context */ 261 OM_uint32 *, /* minor_status */ 262 const gss_cred_id_t, /* input_cred_handle */ 263 const gss_name_t, /* desired_name */ 264 const gss_OID, /* desired_mech */ 265 gss_cred_usage_t, /* cred_usage */ 266 OM_uint32, /* initiator_time_req */ 267 OM_uint32, /* acceptor_time_req */ 268 gss_cred_id_t *, /* output_cred_handle */ 269 gss_OID_set *, /* actual_mechs */ 270 OM_uint32 *, /* initiator_time_rec */ 271 OM_uint32 * /* acceptor_time_rec */ 272 /* */); 273 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 274 #endif /* ! _KERNEL */ 275 /* 276 * Note: there are two gss_seal's in here. Make any changes to both. 277 */ 278 OM_uint32 (*gss_seal) 279 ( 280 void *, /* context */ 281 OM_uint32 *, /* minor_status */ 282 const gss_ctx_id_t, /* context_handle */ 283 int, /* conf_req_flag */ 284 int, /* qop_req */ 285 const gss_buffer_t, /* input_message_buffer */ 286 int *, /* conf_state */ 287 gss_buffer_t /* output_message_buffer */ 288 #ifdef _KERNEL 289 /* */, OM_uint32 290 #endif 291 /* */); 292 #ifndef _KERNEL 293 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 294 OM_uint32 (*gss_export_sec_context) 295 ( 296 void *, /* context */ 297 OM_uint32 *, /* minor_status */ 298 gss_ctx_id_t *, /* context_handle */ 299 gss_buffer_t /* interprocess_token */ 300 /* */); 301 #endif /* ! _KERNEL */ 302 OM_uint32 (*gss_import_sec_context) 303 ( 304 void *, /* context */ 305 OM_uint32 *, /* minor_status */ 306 const gss_buffer_t, /* interprocess_token */ 307 gss_ctx_id_t * /* context_handle */ 308 /* */); 309 #ifndef _KERNEL 310 OM_uint32 (*gss_inquire_cred_by_mech) 311 ( 312 void *, /* context */ 313 OM_uint32 *, /* minor_status */ 314 const gss_cred_id_t, /* cred_handle */ 315 const gss_OID, /* mech_type */ 316 gss_name_t *, /* name */ 317 OM_uint32 *, /* initiator_lifetime */ 318 OM_uint32 *, /* acceptor_lifetime */ 319 gss_cred_usage_t * /* cred_usage */ 320 /* */); 321 OM_uint32 (*gss_inquire_names_for_mech) 322 ( 323 void *, /* context */ 324 OM_uint32 *, /* minor_status */ 325 const gss_OID, /* mechanism */ 326 gss_OID_set * /* name_types */ 327 /* */); 328 OM_uint32 (*gss_inquire_context) 329 ( 330 void *, /* context */ 331 OM_uint32 *, /* minor_status */ 332 const gss_ctx_id_t, /* context_handle */ 333 gss_name_t *, /* src_name */ 334 gss_name_t *, /* targ_name */ 335 OM_uint32 *, /* lifetime_rec */ 336 gss_OID *, /* mech_type */ 337 OM_uint32 *, /* ctx_flags */ 338 int *, /* locally_initiated */ 339 int * /* open */ 340 /* */); 341 OM_uint32 (*gss_internal_release_oid) 342 ( 343 void *, /* context */ 344 OM_uint32 *, /* minor_status */ 345 gss_OID * /* OID */ 346 /* */); 347 OM_uint32 (*gss_wrap_size_limit) 348 ( 349 void *, /* context */ 350 OM_uint32 *, /* minor_status */ 351 const gss_ctx_id_t, /* context_handle */ 352 int, /* conf_req_flag */ 353 gss_qop_t, /* qop_req */ 354 OM_uint32, /* req_output_size */ 355 OM_uint32 * /* max_input_size */ 356 /* */); 357 OM_uint32 (*pname_to_uid) 358 ( 359 void *, /* context */ 360 OM_uint32 *, /* minor_status */ 361 const gss_name_t, /* pname */ 362 uid_t * /* uid */ 363 /* */); 364 + OM_uint32 (*__gss_userok) 365 + ( 366 + void *, /* context */ 367 + OM_uint32 *, /* minor_status */ 368 + const gss_name_t, /* pname */ 369 + const char *, /* local user */ 370 + int * /* user ok? */ 371 + /* */); 372 OM_uint32 (*gss_export_name) 373 ( 374 void *, /* context */ 375 OM_uint32 *, /* minor_status */ 376 const gss_name_t, /* input_name */ 377 gss_buffer_t /* exported_name */ 378 /* */); 379 #endif /* ! _KERNEL */ 380 /* EXPORT DELETE START */ 381 /* CRYPT DELETE START */ 382 /* 383 * This block comment is Sun Proprietary: Need-To-Know. 384 * What we are doing is leaving the seal and unseal entry points 385 * in an obvious place before sign and unsign for the Domestic customer 386 * of the Solaris Source Product. The Domestic customer of the Solaris Source 387 * Product will have to deal with the problem of creating exportable libgss 388 * binaries. 389 * In the binary product that Sun builds, these entry points are elsewhere, 390 * and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC 391 * targets delete them. 392 */ 393 #if 0 394 /* CRYPT DELETE END */ 395 OM_uint32 (*gss_seal) 396 ( 397 void *, /* context */ 398 OM_uint32 *, /* minor_status */ 399 const gss_ctx_id_t, /* context_handle */ 400 int, /* conf_req_flag */ 401 int, /* qop_req */ 402 const gss_buffer_t, /* input_message_buffer */ 403 int *, /* conf_state */ 404 gss_buffer_t /* output_message_buffer */ 405 #ifdef _KERNEL 406 /* */, OM_uint32 407 #endif 408 /* */); 409 OM_uint32 (*gss_unseal) 410 ( 411 void *, /* context */ 412 OM_uint32 *, /* minor_status */ 413 const gss_ctx_id_t, /* context_handle */ 414 const gss_buffer_t, /* input_message_buffer */ 415 gss_buffer_t, /* output_message_buffer */ 416 int *, /* conf_state */ 417 int * /* qop_state */ 418 #ifdef _KERNEL 419 /* */, OM_uint32 420 #endif 421 /* */); 422 /* CRYPT DELETE START */ 423 #endif /* 0 */ 424 /* CRYPT DELETE END */ 425 /* EXPORT DELETE END */ 426 OM_uint32 (*gss_sign) 427 ( 428 void *, /* context */ 429 OM_uint32 *, /* minor_status */ 430 const gss_ctx_id_t, /* context_handle */ 431 int, /* qop_req */ 432 const gss_buffer_t, /* message_buffer */ 433 gss_buffer_t /* message_token */ 434 #ifdef _KERNEL 435 /* */, OM_uint32 436 #endif 437 /* */); 438 OM_uint32 (*gss_verify) 439 ( 440 void *, /* context */ 441 OM_uint32 *, /* minor_status */ 442 const gss_ctx_id_t, /* context_handle */ 443 const gss_buffer_t, /* message_buffer */ 444 const gss_buffer_t, /* token_buffer */ 445 int * /* qop_state */ 446 #ifdef _KERNEL 447 /* */, OM_uint32 448 #endif 449 /* */); 450 + #ifndef _KERNEL 451 + OM_uint32 (*gss_store_cred) 452 + ( 453 + void *, /* context */ 454 + OM_uint32 *, /* minor_status */ 455 + const gss_cred_id_t, /* input_cred */ 456 + gss_cred_usage_t, /* cred_usage */ 457 + const gss_OID, /* desired_mech */ 458 + OM_uint32, /* overwrite_cred */ 459 + OM_uint32, /* default_cred */ 460 + gss_OID_set *, /* elements_stored */ 461 + gss_cred_usage_t * /* cred_usage_stored */ 462 + /* */); 463 + #endif 464 } *gss_mechanism; 465 466 /* 467 * In the user space we use a wrapper structure to encompass the 468 * mechanism entry points. The wrapper contain the mechanism 469 * entry points and other data which is only relevant to the gss-api 470 * layer. In the kernel we use only the gss_config strucutre because 471 * the kernal does not cantain any of the extra gss-api specific data. 472 */ 473 #ifndef _KERNEL 474 typedef struct gss_mech_config { 475 char *kmodName; /* kernel module name */ 476 char *uLibName; /* user library name */ 477 char *mechNameStr; /* mechanism string name */ 478 + char *optionStr; /* optional mech parameters */ 479 gss_OID mech_type; /* mechanism oid */ 480 gss_mechanism mech; /* mechanism initialization struct */ 481 struct gss_mech_config *next; /* next element in the list */ 482 } *gss_mech_info; 483 #endif 484 485 #ifndef _KERNEL 486 /* 487 * Internal mechglue routines 488 */ 489 490 gss_mechanism __gss_get_mechanism(const gss_OID); 491 char *__gss_get_kmodName(const gss_OID); 492 + char *__gss_get_modOptions(const gss_OID); 493 OM_uint32 __gss_import_internal_name(OM_uint32 *, const gss_OID, 494 gss_union_name_t, gss_name_t *); 495 OM_uint32 __gss_export_internal_name(OM_uint32 *, const gss_OID, 496 const gss_name_t, gss_buffer_t); 497 OM_uint32 __gss_display_internal_name(OM_uint32 *, const gss_OID, 498 const gss_name_t, gss_buffer_t, gss_OID *); 499 OM_uint32 __gss_release_internal_name(OM_uint32 *, const gss_OID, 500 gss_name_t *); 501 502 OM_uint32 __gss_convert_name_to_union_name( 503 OM_uint32 *, /* minor_status */ 504 gss_mechanism, /* mech */ 505 gss_name_t, /* internal_name */ 506 gss_name_t * /* external_name */ 507 ); 508 509 gss_cred_id_t __gss_get_mechanism_cred( 510 const gss_union_cred_t, /* union_cred */ 511 const gss_OID /* mech_type */ 512 ); 513 514 OM_uint32 __gss_create_copy_buffer( 515 const gss_buffer_t, /* src buffer */ 516 gss_buffer_t *, /* destination buffer */ 517 int /* NULL terminate buffer ? */ 518 ); 519 520 OM_uint32 generic_gss_release_oid( 521 OM_uint32 *, /* minor_status */ 522 gss_OID * /* oid */ 523 ); 524 525 OM_uint32 generic_gss_copy_oid( 526 OM_uint32 *, /* minor_status */ 527 const gss_OID, /* oid */ 528 gss_OID * /* new_oid */ 529 ); 530 531 OM_uint32 generic_gss_create_empty_oid_set( 532 OM_uint32 *, /* minor_status */ 533 gss_OID_set * /* oid_set */ 534 ); 535 536 OM_uint32 generic_gss_add_oid_set_member( 537 OM_uint32 *, /* minor_status */ 538 const gss_OID, /* member_oid */ 539 gss_OID_set * /* oid_set */ 540 ); 541 542 OM_uint32 generic_gss_test_oid_set_member( 543 OM_uint32 *, /* minor_status */ 544 const gss_OID, /* member */ 545 const gss_OID_set, /* set */ 546 int * /* present */ 547 ); 548 549 OM_uint32 generic_gss_oid_to_str( 550 OM_uint32 *, /* minor_status */ 551 const gss_OID, /* oid */ 552 gss_buffer_t /* oid_str */ 553 ); 554 555 OM_uint32 generic_gss_str_to_oid( 556 OM_uint32 *, /* minor_status */ 557 const gss_buffer_t, /* oid_str */ 558 gss_OID * /* oid */ 559 ); 560 561 OM_uint32 gss_copy_oid_set( 562 OM_uint32 *, /* minor_status */ 563 const gss_OID_set_desc *, /* oid set */ 564 gss_OID_set * /* new oid set */ 565 ); 566 567 #endif 568 569 #ifdef _KERNEL 570 #include <rpc/rpc.h> 571 572 #ifndef _KRB5_H 573 /* These macros are defined for Kerberos in krb5.h, and have priority */ 574 #define MALLOC(n) kmem_alloc((n), KM_SLEEP) 575 #define FREE(x, n) kmem_free((x), (n)) 576 #define memcpy(dst, src, n) bcopy((src), (dst), (n)) 577 #endif /* _KRB5_H */ 578 579 gss_mechanism __kgss_get_mechanism(gss_OID); 580 void __kgss_add_mechanism(gss_mechanism); 581 #endif /* _KERNEL */ 582 583 struct kgss_cred { 584 gssd_cred_id_t gssd_cred; 585 OM_uint32 gssd_cred_verifier; 586 }; ----Unchanged portion omitted----