/*
*/
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
* Permission to use, copy, modify, distribute, and sell this software
* and its documentation for any purpose is hereby granted without fee,
* provided that the above copyright notice appears in all copies and
* that both that copyright notice and this permission notice appear in
* supporting documentation, and that the name of OpenVision not be used
* in advertising or publicity pertaining to distribution of the software
* without specific, written prior permission. OpenVision makes no
* representations about the suitability of this software for any
* purpose. It is provided "as is" without express or implied warranty.
*
* OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
* EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
/*
* $Id: gssapi_krb5.c 18343 2006-07-19 18:14:01Z lxs $
*/
/* For declaration of krb5_ser_context_init */
#include "k5-int.h"
#include "gssapiP_krb5.h"
#ifndef _KERNEL
#include "gss_libinit.h"
#endif
/*
* Solaris Kerberos
* Kernel kgssd module debugging aid. The global variable "krb5_log" is a bit
* mask which allows various types of log messages to be printed out.
*
* The log levels are defined in:
*
* Note, KRB5_LOG_LVL can be assigned via the make invocation.
* See KRB5_DEFS in the various Makefiles.
*/
#ifdef KRB5_LOG_LVL
/* set the log level to that specified */
#else
/* default log level */
#endif /* KRB5_LOG_LVL */
/** exported constants defined in gssapi_krb5{,_nx}.h **/
/* these are bogus, but will compile */
/*
* The OID of the draft krb5 mechanism, assigned by IETF, is:
* iso(1) org(3) dod(5) internet(1) security(5)
* kerberosv5(2) = 1.3.5.1.5.2
* The OID of the krb5_name type is:
* iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
* krb5(2) krb5_name(1) = 1.2.840.113554.1.2.2.1
* The OID of the krb5_principal type is:
* iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
* krb5(2) krb5_principal(2) = 1.2.840.113554.1.2.2.2
* The OID of the proposed standard krb5 mechanism is:
* iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
* krb5(2) = 1.2.840.113554.1.2.2
* The OID of the proposed standard krb5 v2 mechanism is:
* iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
* krb5v2(3) = 1.2.840.113554.1.2.3
*
*/
/*
* Encoding rules: The first two values are encoded in one byte as 40
* * value1 + value2. Subsequent values are encoded base 128, most
* significant digit first, with the high bit (\200) set on all octets
* except the last in each value's encoding.
*/
/* this is the official, rfc-specified OID */
/* this pre-RFC mech OID */
/* this is the unofficial, incorrect mech OID emitted by MS */
/* this is the v2 assigned OID */
{9, "\052\206\110\206\367\022\001\002\003"},
/* these two are name type OID's */
/* 2.1.1. Kerberos Principal Name Form: (rfc 1964)
* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* krb5(2) krb5_name(1)}. The recommended symbolic name for this type
* is "GSS_KRB5_NT_PRINCIPAL_NAME". */
{10, "\052\206\110\206\367\022\001\002\002\001"},
/* gss_nt_krb5_principal. Object identifier for a krb5_principal. Do not use. */
{10, "\052\206\110\206\367\022\001\002\002\002"},
{ 0, 0 }
};
};
/** default credential support */
#ifndef _KERNEL
/*
* init_sec_context() will explicitly re-acquire default credentials,
* so handling the expiration/invalidation condition here isn't needed.
*/
{
return(major);
}
*minor_status = 0;
return(GSS_S_COMPLETE);
}
{
/*
* Sync up the context ccache name with the GSSAPI ccache name.
* If kg_ccache_name is NULL -- normal unless someone has called
* gss_krb5_ccache_name() -- then the system default ccache will
* be picked up and used by resetting the context default ccache.
* This is needed for platforms which support multiple ccaches.
*/
if (!err) {
/* if NULL, resets the context default ccache */
(char *) k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME));
}
*minor_status = err;
}
/* This function returns whether or not the caller set a cccache name. Used by
* gss_acquire_cred to figure out if the caller wants to only look at this
* ccache or search the cache collection for the desired name */
int *out_caller_provided_name)
{
if (out_caller_provided_name) {
}
*minor_status = 0;
return GSS_S_COMPLETE;
}
{
char *kg_ccache_name;
if (kg_ccache_name != NULL) {
} else {
/* Reset the context default ccache (see text above), and then
retrieve it. */
if (!err)
if (!err) {
if (name) {
}
}
if (context)
}
if (!err) {
if (out_name) {
}
}
*minor_status = err;
}
{
char *kg_ccache_name;
if (name) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
}
if (kerr != 0) {
/* Can't store, so free up the storage. */
/* ??? free(new_name); */
*minor_status = kerr;
return GSS_S_FAILURE;
}
*minor_status = 0;
return GSS_S_COMPLETE;
}
/*
* gss_inquire_sec_context_by_oid() methods
*/
static struct {
{
},
{
{GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID},
},
{
},
{
},
{
{GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID},
}
};
const gss_ctx_id_t context_handle,
const gss_OID desired_object,
{
size_t i;
if (minor_status == NULL)
return GSS_S_CALL_INACCESSIBLE_WRITE;
*minor_status = 0;
if (desired_object == GSS_C_NO_OID)
return GSS_S_CALL_INACCESSIBLE_READ;
return GSS_S_CALL_INACCESSIBLE_WRITE;
if (!kg_validate_ctx_id(context_handle))
return GSS_S_NO_CONTEXT;
if (!ctx->established)
return GSS_S_NO_CONTEXT;
for (i = 0; i < sizeof(krb5_gss_inquire_sec_context_by_oid_ops)/
sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) {
data_set);
}
}
*minor_status = EINVAL;
return GSS_S_UNAVAILABLE;
}
#if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */
#endif
{
#if 0 /* Solaris Kerberos - revisit for full 1.7/next resync */
#ifdef _GSS_STATIC_LINK
return gssint_mechglue_initialize_library();
#else
return CALL_INIT_FUNCTION(gss_krb5int_lib_init);
#endif
#endif
return gssint_initialize_library();
}
#endif /* !KERNEL */