mechglueP.h revision ab9b2e153c3a9a2b1141fefa87925b1a9beb1236
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This header contains the private mechglue definitions.
*
*/
#ifndef _GSS_MECHGLUEP_H
#define _GSS_MECHGLUEP_H
#if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */
#include "autoconf.h"
#endif
/* SUNW15resync */
#ifndef GSS_DLLIMP
#define GSS_DLLIMP
#endif
/* #include "gssapiP_generic.h" */
#ifdef _KERNEL
#endif
#ifndef g_OID_copy /* SUNW15resync */
do { \
} while (0)
#endif
/*
* Array of context IDs typed by mechanism OID
*/
typedef struct gss_union_ctx_id_t {
/*
* Generic GSSAPI names. A name can either be a generic name, or a
* mechanism specific name....
*/
typedef struct gss_union_name_t {
/*
* These last two fields are only filled in for mechanism
* names.
*/
/*
* Structure for holding list of mechanism-specific name types
*/
typedef struct gss_mech_spec_name_t {
/*
* Credential auxiliary info, used in the credential structure
*/
typedef struct gss_union_cred_auxinfo {
int cred_usage;
/*
* Set of Credentials typed on mechanism OID
*/
typedef struct gss_union_cred_t {
int count;
/* Solaris Kerberos */
typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* desired_name */
const gss_buffer_t, /* password */
OM_uint32, /* time_req */
const gss_OID_set, /* desired_mechs */
int, /* cred_usage */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 * /* time_rec */
/* */);
/********************************************************/
/* The Mechanism Dispatch Table -- a mechanism needs to */
/* define one of these and provide a function to return */
/* it to initialize the GSSAPI library */
/*
* This is the definition of the mechs_array struct, which is used to
* define the mechs array table. This table is used to indirectly
* access mechanism specific versions of the gssapi routines through
* the routines in the glue module (gssd_mech_glue.c)
*
* This contants all of the functions defined in gssapi.h except for
* gss_release_buffer() and gss_release_oid_set(), which I am
* assuming, for now, to be equal across mechanisms.
*/
typedef struct gss_config {
#if 0 /* Solaris Kerberos */
char * mechNameStr;
#endif
void * context;
#ifdef _KERNEL
struct gss_config *next;
#endif
#ifndef _KERNEL
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* desired_name */
OM_uint32, /* time_req */
const gss_OID_set, /* desired_mechs */
int, /* cred_usage */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 * /* time_rec */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_cred_id_t * /* cred_handle */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* claimant_cred_handle */
gss_ctx_id_t *, /* context_handle */
const gss_name_t, /* target_name */
const gss_OID, /* mech_type */
OM_uint32, /* req_flags */
OM_uint32, /* time_req */
const gss_channel_bindings_t, /* input_chan_bindings */
const gss_buffer_t, /* input_token */
gss_OID*, /* actual_mech_type */
gss_buffer_t, /* output_token */
OM_uint32 *, /* ret_flags */
OM_uint32 * /* time_rec */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
const gss_cred_id_t, /* verifier_cred_handle */
const gss_buffer_t, /* input_token_buffer */
const gss_channel_bindings_t, /* input_chan_bindings */
gss_name_t *, /* src_name */
gss_OID*, /* mech_type */
gss_buffer_t, /* output_token */
OM_uint32 *, /* ret_flags */
OM_uint32 *, /* time_rec */
gss_cred_id_t * /* delegated_cred_handle */
/* */);
/* EXPORT DELETE START */ /* CRYPT DELETE START */
#endif /* ! _KERNEL */
/*
* Note: there are two gss_unseal's in here. Make any changes to both.
*/
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
const gss_buffer_t, /* input_message_buffer */
gss_buffer_t, /* output_message_buffer */
int *, /* conf_state */
int * /* qop_state */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
#ifndef _KERNEL
/* EXPORT DELETE END */ /* CRYPT DELETE END */
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
const gss_buffer_t /* token_buffer */
/* */);
#endif /* ! _KERNEL */
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
gss_buffer_t /* output_token */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
#ifndef _KERNEL
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
OM_uint32 * /* time_rec */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
OM_uint32, /* status_value */
int, /* status_type */
const gss_OID, /* mech_type */
OM_uint32 *, /* message_context */
gss_buffer_t /* status_string */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_OID_set * /* mech_set */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* name1 */
const gss_name_t, /* name2 */
int * /* name_equal */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* input_name */
gss_buffer_t, /* output_name_buffer */
gss_OID* /* output_name_type */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_buffer_t, /* input_name_buffer */
const gss_OID, /* input_name_type */
gss_name_t * /* output_name */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_name_t * /* input_name */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* cred_handle */
gss_name_t *, /* name */
OM_uint32 *, /* lifetime */
int *, /* cred_usage */
gss_OID_set * /* mechanisms */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* input_cred_handle */
const gss_name_t, /* desired_name */
const gss_OID, /* desired_mech */
gss_cred_usage_t, /* cred_usage */
OM_uint32, /* initiator_time_req */
OM_uint32, /* acceptor_time_req */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *, /* initiator_time_rec */
OM_uint32 * /* acceptor_time_rec */
/* */);
/* EXPORT DELETE START */ /* CRYPT DELETE START */
#endif /* ! _KERNEL */
/*
* Note: there are two gss_seal's in here. Make any changes to both.
*/
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
int, /* qop_req */
const gss_buffer_t, /* input_message_buffer */
int *, /* conf_state */
gss_buffer_t /* output_message_buffer */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
#ifndef _KERNEL
/* EXPORT DELETE END */ /* CRYPT DELETE END */
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
gss_buffer_t /* interprocess_token */
/* */);
#endif /* ! _KERNEL */
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_buffer_t, /* interprocess_token */
gss_ctx_id_t * /* context_handle */
/* */);
#ifndef _KERNEL
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* cred_handle */
const gss_OID, /* mech_type */
gss_name_t *, /* name */
OM_uint32 *, /* initiator_lifetime */
OM_uint32 *, /* acceptor_lifetime */
gss_cred_usage_t * /* cred_usage */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_OID, /* mechanism */
gss_OID_set * /* name_types */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
gss_name_t *, /* src_name */
gss_name_t *, /* targ_name */
OM_uint32 *, /* lifetime_rec */
gss_OID *, /* mech_type */
OM_uint32 *, /* ctx_flags */
int *, /* locally_initiated */
int * /* open */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_OID * /* OID */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
gss_qop_t, /* qop_req */
OM_uint32, /* req_output_size */
OM_uint32 * /* max_input_size */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* pname */
uid_t * /* uid */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* pname */
const char *, /* local user */
int * /* user ok? */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* input_name */
gss_buffer_t /* exported_name */
/* */);
#endif /* ! _KERNEL */
/* EXPORT DELETE START */
/* CRYPT DELETE START */
/*
* This block comment is Sun Proprietary: Need-To-Know.
* What we are doing is leaving the seal and unseal entry points
* in an obvious place before sign and unsign for the Domestic customer
* of the Solaris Source Product. The Domestic customer of the Solaris Source
* Product will have to deal with the problem of creating exportable libgss
* binaries.
* In the binary product that Sun builds, these entry points are elsewhere,
* and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC
* targets delete them.
*/
#if 0
/* CRYPT DELETE END */
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
int, /* qop_req */
const gss_buffer_t, /* input_message_buffer */
int *, /* conf_state */
gss_buffer_t /* output_message_buffer */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
const gss_buffer_t, /* input_message_buffer */
gss_buffer_t, /* output_message_buffer */
int *, /* conf_state */
int * /* qop_state */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
/* CRYPT DELETE START */
#endif /* 0 */
/* CRYPT DELETE END */
/* EXPORT DELETE END */
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
int, /* qop_req */
const gss_buffer_t, /* message_buffer */
gss_buffer_t /* message_token */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
const gss_buffer_t, /* message_buffer */
const gss_buffer_t, /* token_buffer */
int * /* qop_state */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
#ifndef _KERNEL
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* input_cred */
gss_cred_usage_t, /* cred_usage */
const gss_OID, /* desired_mech */
OM_uint32, /* overwrite_cred */
OM_uint32, /* default_cred */
gss_OID_set *, /* elements_stored */
gss_cred_usage_t * /* cred_usage_stored */
/* */);
#endif
} *gss_mechanism;
#ifndef _KERNEL
/* This structure MUST NOT be used by any code outside libgss */
typedef struct gss_config_ext {
#endif /* _KERNEL */
/*
* In the user space we use a wrapper structure to encompass the
* mechanism entry points. The wrapper contain the mechanism
* entry points and other data which is only relevant to the gss-api
* layer. In the kernel we use only the gss_config strucutre because
* the kernal does not cantain any of the extra gss-api specific data.
*/
typedef struct gss_mech_config {
char *kmodName; /* kernel module name */
char *uLibName; /* user library name */
char *mechNameStr; /* mechanism string name */
char *optionStr; /* optional mech parameters */
void *dl_handle; /* RTLD object handle for the mech */
#ifndef _KERNEL
#endif /* _KERNEL */
} *gss_mech_info;
/********************************************************/
/* Internal mechglue routines */
#ifndef _KERNEL
#endif /* _KERNEL */
char *__gss_get_kmodName(const gss_OID);
char *__gss_get_modOptions(const gss_OID);
const gss_name_t, gss_buffer_t);
gss_name_t *);
OM_uint32 *, /* minor_status */
gss_mechanism, /* mech */
gss_name_t, /* internal_name */
gss_name_t * /* external_name */
);
const gss_union_cred_t, /* union_cred */
const gss_OID /* mech_type */
);
int gssint_mechglue_init(void);
void gssint_mechglue_fini(void);
char *gssint_get_kmodName(const gss_OID);
char *gssint_get_modOptions(const gss_OID);
gss_name_t *);
const gss_name_t, gss_buffer_t);
gss_buffer_t, gss_OID *);
(OM_uint32 *, /* minor_status */
gss_mechanism, /* mech */
gss_name_t, /* internal_name */
gss_name_t * /* external_name */
);
(gss_union_cred_t, /* union_cred */
gss_OID /* mech_type */
);
const gss_buffer_t, /* src buffer */
gss_buffer_t *, /* destination buffer */
int /* NULL terminate buffer ? */
);
OM_uint32 *, /* minor_status */
const gss_OID_set_desc *, /* oid set */
gss_OID_set * /* new oid set */
);
/* SUNW15resync - for old Solaris version in libgss */
OM_uint32 *, /* minor_status */
const gss_OID_set_desc *, /* oid set */
gss_OID_set * /* new oid set */
);
(OM_uint32 *, /* minor_status */
gss_OID, /* name_type */
gss_OID /* mech */
);
/*
* Sun extensions to GSS-API v2
*/
const char *mech, /* mechanism string name */
);
const char *
);
char *mechArray[], /* array to populate with mechs */
int arrayLen /* length of passed in array */
);
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* input_cred_handle */
gss_cred_usage_t, /* cred_usage */
const gss_OID, /* desired_mech */
OM_uint32, /* overwrite_cred */
OM_uint32, /* default_cred */
gss_OID_set *, /* elements_stored */
gss_cred_usage_t * /* cred_usage_stored */
);
int
unsigned char **, /* buf */
unsigned int, /* buf_len */
unsigned int * /* bytes */
);
unsigned int
gssint_der_length_size(unsigned int /* len */);
int
unsigned int, /* length */
unsigned char **, /* buf */
unsigned int /* max_len */
);
/* Solaris kernel and gssd support */
/*
* derived types for passing context and credential handles
* between gssd and kernel
*/
typedef unsigned int gssd_ctx_id_t;
typedef unsigned int gssd_cred_id_t;
#ifdef _KERNEL
#ifndef _KRB5_H
/* These macros are defined for Kerberos in krb5.h, and have priority */
#endif /* _KRB5_H */
#endif /* _KERNEL */
struct kgss_cred {
};
struct kgss_ctx {
#ifdef _KERNEL
#endif /* _KERNEL */
};
#define KGSS_CTX_TO_GSSD_CTX(ctx) \
#define KGSS_CTX_TO_GSSD_CTXV(ctx) \
#ifdef _KERNEL
#define KCTX_TO_CTX(ctx) \
/* EXPORT DELETE START */
/* EXPORT DELETE END */
#else /* !_KERNEL */
#define KGSS_CRED_ALLOC() (struct kgss_cred *) \
#endif /* _KERNEL */
/* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */
(OM_uint32*, /* minor_status */
gss_buffer_t /* buffer */
);
(OM_uint32*, /* minor_status */
gss_OID_set* /* set */
);
(OM_uint32*, /* minor_status */
gss_OID* /* set */
);
(OM_uint32 *, /* minor_status */
gss_OID * /* new_oid */
);
(OM_uint32 *, /* minor_status */
gss_OID_set * /* oid_set */
);
(OM_uint32 *, /* minor_status */
gss_OID_desc * const, /* member_oid */
gss_OID_set * /* oid_set */
);
(OM_uint32 *, /* minor_status */
gss_OID_desc * const, /* member */
gss_OID_set, /* set */
int * /* present */
);
(OM_uint32 *, /* minor_status */
gss_OID_desc * const, /* oid */
gss_buffer_t /* oid_str */
);
(OM_uint32 *, /* minor_status */
gss_buffer_t, /* oid_str */
gss_OID * /* oid */
);
#endif /* _GSS_MECHGLUEP_H */