mechglueP.h revision d4f95bf4d6ec7ef0f01e5ddf22813ac641edf019
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
/*
* This header contains the private mechglue definitions.
*
*/
#ifndef _GSS_MECHGLUEP_H
#define _GSS_MECHGLUEP_H
#if 0 /* SUNW15resync - disable for sake of non-krb5 mechs */
#include "autoconf.h"
#endif
/* SUNW15resync */
#ifndef GSS_DLLIMP
#define GSS_DLLIMP
#endif
#if 0 /* Solaris Kerberos */
#include "gssapiP_generic.h"
#endif
#ifdef _KERNEL
#endif
#ifndef g_OID_copy /* SUNW15resync */
do { \
} while (0)
#endif
/*
* Array of context IDs typed by mechanism OID
*/
typedef struct gss_union_ctx_id_t {
/*
* Generic GSSAPI names. A name can either be a generic name, or a
* mechanism specific name....
*/
typedef struct gss_name_struct {
struct gss_name_struct *loopback;
/*
* These last two fields are only filled in for mechanism
* names.
*/
/*
* Structure for holding list of mechanism-specific name types
*/
typedef struct gss_mech_spec_name_t {
/*
* Credential auxiliary info, used in the credential structure
*/
typedef struct gss_union_cred_auxinfo {
int cred_usage;
/*
* Set of Credentials typed on mechanism OID
*/
typedef struct gss_union_cred_t {
int count;
/* Solaris Kerberos */
typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* desired_name */
const gss_buffer_t, /* password */
OM_uint32, /* time_req */
const gss_OID_set, /* desired_mechs */
int, /* cred_usage */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 * /* time_rec */
/* */);
/*
* Rudimentary pointer validation macro to check whether the
* "loopback" field of an opaque struct points back to itself. This
* field also catches some programming errors where an opaque pointer
* is passed to a function expecting the address of the opaque
* pointer.
*/
#if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */
#else
#define GSSINT_CHK_LOOP(p) ((p) == NULL)
#endif
/********************************************************/
/* The Mechanism Dispatch Table -- a mechanism needs to */
/* define one of these and provide a function to return */
/* it to initialize the GSSAPI library */
/*
* This is the definition of the mechs_array struct, which is used to
* define the mechs array table. This table is used to indirectly
* access mechanism specific versions of the gssapi routines through
* the routines in the glue module (gssd_mech_glue.c)
*
* This contants all of the functions defined in gssapi.h except for
* gss_release_buffer() and gss_release_oid_set(), which I am
* assuming, for now, to be equal across mechanisms.
*/
typedef struct gss_config {
#if 0 /* Solaris Kerberos */
char * mechNameStr;
#endif
void * context;
#ifdef _KERNEL
struct gss_config *next;
#endif
#ifndef _KERNEL
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* desired_name */
OM_uint32, /* time_req */
const gss_OID_set, /* desired_mechs */
int, /* cred_usage */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 * /* time_rec */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_cred_id_t * /* cred_handle */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* claimant_cred_handle */
gss_ctx_id_t *, /* context_handle */
const gss_name_t, /* target_name */
const gss_OID, /* mech_type */
OM_uint32, /* req_flags */
OM_uint32, /* time_req */
const gss_channel_bindings_t, /* input_chan_bindings */
const gss_buffer_t, /* input_token */
gss_OID*, /* actual_mech_type */
gss_buffer_t, /* output_token */
OM_uint32 *, /* ret_flags */
OM_uint32 * /* time_rec */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
const gss_cred_id_t, /* verifier_cred_handle */
const gss_buffer_t, /* input_token_buffer */
const gss_channel_bindings_t, /* input_chan_bindings */
gss_name_t *, /* src_name */
gss_OID*, /* mech_type */
gss_buffer_t, /* output_token */
OM_uint32 *, /* ret_flags */
OM_uint32 *, /* time_rec */
gss_cred_id_t * /* delegated_cred_handle */
/* */);
/* EXPORT DELETE START */ /* CRYPT DELETE START */
#endif /* ! _KERNEL */
/*
* Note: there are two gss_unseal's in here. Make any changes to both.
*/
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
const gss_buffer_t, /* input_message_buffer */
gss_buffer_t, /* output_message_buffer */
int *, /* conf_state */
int * /* qop_state */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
#ifndef _KERNEL
/* EXPORT DELETE END */ /* CRYPT DELETE END */
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
const gss_buffer_t /* token_buffer */
/* */);
#endif /* ! _KERNEL */
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
gss_buffer_t /* output_token */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
#ifndef _KERNEL
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
OM_uint32 * /* time_rec */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
OM_uint32, /* status_value */
int, /* status_type */
const gss_OID, /* mech_type */
OM_uint32 *, /* message_context */
gss_buffer_t /* status_string */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_OID_set * /* mech_set */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* name1 */
const gss_name_t, /* name2 */
int * /* name_equal */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* input_name */
gss_buffer_t, /* output_name_buffer */
gss_OID* /* output_name_type */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_buffer_t, /* input_name_buffer */
const gss_OID, /* input_name_type */
gss_name_t * /* output_name */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_name_t * /* input_name */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* cred_handle */
gss_name_t *, /* name */
OM_uint32 *, /* lifetime */
int *, /* cred_usage */
gss_OID_set * /* mechanisms */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* input_cred_handle */
const gss_name_t, /* desired_name */
const gss_OID, /* desired_mech */
gss_cred_usage_t, /* cred_usage */
OM_uint32, /* initiator_time_req */
OM_uint32, /* acceptor_time_req */
gss_cred_id_t *, /* output_cred_handle */
gss_OID_set *, /* actual_mechs */
OM_uint32 *, /* initiator_time_rec */
OM_uint32 * /* acceptor_time_rec */
/* */);
/* EXPORT DELETE START */ /* CRYPT DELETE START */
#endif /* ! _KERNEL */
/*
* Note: there are two gss_seal's in here. Make any changes to both.
*/
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
int, /* qop_req */
const gss_buffer_t, /* input_message_buffer */
int *, /* conf_state */
gss_buffer_t /* output_message_buffer */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
#ifndef _KERNEL
/* EXPORT DELETE END */ /* CRYPT DELETE END */
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
gss_buffer_t /* interprocess_token */
/* */);
#endif /* ! _KERNEL */
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_buffer_t, /* interprocess_token */
gss_ctx_id_t * /* context_handle */
/* */);
#ifndef _KERNEL
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* cred_handle */
const gss_OID, /* mech_type */
gss_name_t *, /* name */
OM_uint32 *, /* initiator_lifetime */
OM_uint32 *, /* acceptor_lifetime */
gss_cred_usage_t * /* cred_usage */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_OID, /* mechanism */
gss_OID_set * /* name_types */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
gss_name_t *, /* src_name */
gss_name_t *, /* targ_name */
OM_uint32 *, /* lifetime_rec */
gss_OID *, /* mech_type */
OM_uint32 *, /* ctx_flags */
int *, /* locally_initiated */
int * /* open */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
gss_OID * /* OID */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
gss_qop_t, /* qop_req */
OM_uint32, /* req_output_size */
OM_uint32 * /* max_input_size */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* pname */
uid_t * /* uid */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* pname */
const char *, /* local user */
int * /* user ok? */
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* input_name */
gss_buffer_t /* exported_name */
/* */);
#endif /* ! _KERNEL */
/* EXPORT DELETE START */
/* CRYPT DELETE START */
/*
* This block comment is Sun Proprietary: Need-To-Know.
* What we are doing is leaving the seal and unseal entry points
* in an obvious place before sign and unsign for the Domestic customer
* of the Solaris Source Product. The Domestic customer of the Solaris Source
* Product will have to deal with the problem of creating exportable libgss
* binaries.
* In the binary product that Sun builds, these entry points are elsewhere,
* and bracketed with special comments so that the CRYPT_SRC and EXPORT_SRC
* targets delete them.
*/
#if 0
/* CRYPT DELETE END */
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
int, /* qop_req */
const gss_buffer_t, /* input_message_buffer */
int *, /* conf_state */
gss_buffer_t /* output_message_buffer */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
const gss_buffer_t, /* input_message_buffer */
gss_buffer_t, /* output_message_buffer */
int *, /* conf_state */
int * /* qop_state */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
/* CRYPT DELETE START */
#endif /* 0 */
/* CRYPT DELETE END */
/* EXPORT DELETE END */
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
int, /* qop_req */
const gss_buffer_t, /* message_buffer */
gss_buffer_t /* message_token */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
const gss_buffer_t, /* message_buffer */
const gss_buffer_t, /* token_buffer */
int * /* qop_state */
#ifdef _KERNEL
/* */, OM_uint32
#endif
/* */);
#ifndef _KERNEL
(
void *, /* context */
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* input_cred */
gss_cred_usage_t, /* cred_usage */
const gss_OID, /* desired_mech */
OM_uint32, /* overwrite_cred */
OM_uint32, /* default_cred */
gss_OID_set *, /* elements_stored */
gss_cred_usage_t * /* cred_usage_stored */
/* */);
/* GGF extensions */
(
OM_uint32 *, /* minor_status */
const gss_ctx_id_t, /* context_handle */
const gss_OID, /* OID */
gss_buffer_set_t * /* data_set */
/* */);
#endif
} *gss_mechanism;
#ifndef _KERNEL
/* This structure MUST NOT be used by any code outside libgss */
typedef struct gss_config_ext {
#endif /* _KERNEL */
/*
* In the user space we use a wrapper structure to encompass the
* mechanism entry points. The wrapper contain the mechanism
* entry points and other data which is only relevant to the gss-api
* layer. In the kernel we use only the gss_config strucutre because
* the kernal does not cantain any of the extra gss-api specific data.
*/
typedef struct gss_mech_config {
char *kmodName; /* kernel module name */
char *uLibName; /* user library name */
char *mechNameStr; /* mechanism string name */
char *optionStr; /* optional mech parameters */
void *dl_handle; /* RTLD object handle for the mech */
#ifndef _KERNEL
#endif /* _KERNEL */
} *gss_mech_info;
/********************************************************/
/* Internal mechglue routines */
#ifndef _KERNEL
#endif /* _KERNEL */
char *__gss_get_kmodName(const gss_OID);
char *__gss_get_modOptions(const gss_OID);
const gss_name_t, gss_buffer_t);
gss_name_t *);
gss_ctx_id_t *, gss_buffer_t);
OM_uint32 *, /* minor_status */
gss_mechanism, /* mech */
gss_name_t, /* internal_name */
gss_name_t * /* external_name */
);
const gss_union_cred_t, /* union_cred */
const gss_OID /* mech_type */
);
int gssint_mechglue_init(void);
void gssint_mechglue_fini(void);
char *gssint_get_kmodName(const gss_OID);
char *gssint_get_modOptions(const gss_OID);
gss_name_t *);
const gss_name_t, gss_buffer_t);
gss_buffer_t, gss_OID *);
(OM_uint32 *, /* minor_status */
gss_mechanism, /* mech */
gss_name_t, /* internal_name */
gss_name_t * /* external_name */
);
(gss_union_cred_t, /* union_cred */
gss_OID /* mech_type */
);
const gss_buffer_t, /* src buffer */
gss_buffer_t *, /* destination buffer */
int /* NULL terminate buffer ? */
);
OM_uint32 *, /* minor_status */
const gss_OID_set_desc *, /* oid set */
gss_OID_set * /* new oid set */
);
/* SUNW15resync - for old Solaris version in libgss */
OM_uint32 *, /* minor_status */
const gss_OID_set_desc *, /* oid set */
gss_OID_set * /* new oid set */
);
(OM_uint32 *, /* minor_status */
gss_OID, /* name_type */
gss_OID /* mech */
);
/*
* Sun extensions to GSS-API v2
*/
const char *mech, /* mechanism string name */
);
const char *
);
char *mechArray[], /* array to populate with mechs */
int arrayLen /* length of passed in array */
);
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* input_cred_handle */
gss_cred_usage_t, /* cred_usage */
const gss_OID, /* desired_mech */
OM_uint32, /* overwrite_cred */
OM_uint32, /* default_cred */
gss_OID_set *, /* elements_stored */
gss_cred_usage_t * /* cred_usage_stored */
);
int
unsigned char **, /* buf */
unsigned int, /* buf_len */
unsigned int * /* bytes */
);
unsigned int
gssint_der_length_size(unsigned int /* len */);
int
unsigned int, /* length */
unsigned char **, /* buf */
unsigned int /* max_len */
);
/* Solaris kernel and gssd support */
/*
* derived types for passing context and credential handles
* between gssd and kernel
*/
typedef unsigned int gssd_ctx_id_t;
typedef unsigned int gssd_cred_id_t;
#define GSSD_NO_CONTEXT ((gssd_ctx_id_t)0)
#define GSSD_NO_CREDENTIAL ((gssd_cred_id_t)0)
#ifdef _KERNEL
#ifndef _KRB5_H
/* These macros are defined for Kerberos in krb5.h, and have priority */
#endif /* _KRB5_H */
#endif /* _KERNEL */
struct kgss_cred {
};
struct kgss_ctx {
#ifdef _KERNEL
#endif /* _KERNEL */
};
#define KGSS_CTX_TO_GSSD_CTX(ctx) \
#define KGSS_CTX_TO_GSSD_CTXV(ctx) \
#ifdef _KERNEL
#define KCTX_TO_CTX(ctx) \
/* EXPORT DELETE START */
/* EXPORT DELETE END */
#else /* !_KERNEL */
#define KGSS_CRED_ALLOC() (struct kgss_cred *) \
#endif /* _KERNEL */
/* SUNW15resync - moved from gssapiP_generic.h for sake of non-krb5 mechs */
(OM_uint32*, /* minor_status */
gss_buffer_t /* buffer */
);
(OM_uint32*, /* minor_status */
gss_OID_set* /* set */
);
(OM_uint32*, /* minor_status */
gss_OID* /* set */
);
(OM_uint32 *, /* minor_status */
gss_OID * /* new_oid */
);
(OM_uint32 *, /* minor_status */
gss_OID_set * /* oid_set */
);
(OM_uint32 *, /* minor_status */
gss_OID_desc * const, /* member_oid */
gss_OID_set * /* oid_set */
);
(OM_uint32 *, /* minor_status */
gss_OID_desc * const, /* member */
gss_OID_set, /* set */
int * /* present */
);
(OM_uint32 *, /* minor_status */
gss_OID_desc * const, /* oid */
gss_buffer_t /* oid_str */
);
(OM_uint32 *, /* minor_status */
gss_buffer_t, /* oid_str */
gss_OID * /* oid */
);
OM_uint32 *, /* minor_status */
const char *, /* prefix */
size_t, /* prefix_len */
int, /* suffix */
gss_OID_desc *); /* oid */
OM_uint32 *, /* minor_status */
const char *, /*prefix */
size_t, /* prefix_len */
gss_OID_desc *, /* oid */
int *); /* suffix */
(OM_uint32 * /*minor_status*/,
gss_buffer_set_t * /*buffer_set*/);
(OM_uint32 * /*minor_status*/,
const gss_buffer_t /*member_buffer*/,
gss_buffer_set_t * /*buffer_set*/);
(OM_uint32 * /*minor_status*/,
gss_buffer_set_t * /*buffer_set*/);
/*
* SUNW17PACresync
* New map error API in MIT 1.7, at build time generates code for errors.
* Solaris does not gen the errors at build time so we just stub these
* for now, need to revisit.
* See mglueP.h and util_errmap.c in MIT 1.7.
*/
#ifdef _KERNEL
#define map_errcode(MINORP)
#else /* _KERNEL */
/* Use this to map an error code that was returned from a mech
operation; the mech will be asked to produce the associated error
messages.
Remember that if the minor status code cannot be returned to the
caller (e.g., if it's stuffed in an automatic variable and then
ignored), then we don't care about producing a mapping. */
/* Use this to map an errno value or com_err error code being
generated within the mechglue code (e.g., by calling generic oid
ops). Any errno or com_err values produced by mech operations
should be processed with map_error. This means they'll be stored
separately even if the mech uses com_err, because we can't assume
that it will use com_err. */
#define map_errcode(MINORP) \
#endif /* _KERNEL */
#endif /* _GSS_MECHGLUEP_H */