1 /* #ident "@(#)mglueP.h 1.2 96/01/18 SMI" */
4 * This header contains the private mechglue definitions.
6 * Copyright (c) 1995, by Sun Microsystems, Inc.
10 #ifndef _GSS_MECHGLUEP_H
11 #define _GSS_MECHGLUEP_H
15 #include "gssapiP_generic.h"
17 #define g_OID_copy(o1, o2) \
19 memcpy((o1)->elements, (o2)->elements, (o2)->length); \
20 (o1)->length = (o2)->length; \
24 * Array of context IDs typed by mechanism OID
26 typedef struct gss_ctx_id_struct {
27 struct gss_ctx_id_struct *loopback;
29 gss_ctx_id_t internal_ctx_id;
30 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
33 * Generic GSSAPI names. A name can either be a generic name, or a
34 * mechanism specific name....
36 typedef struct gss_name_struct {
37 struct gss_name_struct *loopback;
39 gss_buffer_t external_name;
41 * These last two fields are only filled in for mechanism
46 } gss_union_name_desc, *gss_union_name_t;
49 * Structure for holding list of mechanism-specific name types
51 typedef struct gss_mech_spec_name_t {
54 struct gss_mech_spec_name_t *next, *prev;
55 } gss_mech_spec_name_desc, *gss_mech_spec_name;
58 * Credential auxiliary info, used in the credential structure
60 typedef struct gss_union_cred_auxinfo {
63 OM_uint32 creation_time;
66 } gss_union_cred_auxinfo;
69 * Set of Credentials typed on mechanism OID
71 typedef struct gss_cred_id_struct {
72 struct gss_cred_id_struct *loopback;
75 gss_cred_id_t *cred_array;
76 gss_union_cred_auxinfo auxinfo;
77 } gss_union_cred_desc, *gss_union_cred_t;
79 typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)(
81 OM_uint32 *, /* minor_status */
82 const gss_name_t, /* desired_name */
83 const gss_buffer_t, /* password */
84 OM_uint32, /* time_req */
85 const gss_OID_set, /* desired_mechs */
87 gss_cred_id_t *, /* output_cred_handle */
88 gss_OID_set *, /* actual_mechs */
89 OM_uint32 * /* time_rec */
93 * Rudimentary pointer validation macro to check whether the
94 * "loopback" field of an opaque struct points back to itself. This
95 * field also catches some programming errors where an opaque pointer
96 * is passed to a function expecting the address of the opaque
99 #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
101 /********************************************************/
102 /* The Mechanism Dispatch Table -- a mechanism needs to */
103 /* define one of these and provide a function to return */
104 /* it to initialize the GSSAPI library */
105 int gssint_mechglue_initialize_library(void);
107 OM_uint32 gssint_get_mech_type_oid(gss_OID OID, gss_buffer_t token);
110 * This is the definition of the mechs_array struct, which is used to
111 * define the mechs array table. This table is used to indirectly
112 * access mechanism specific versions of the gssapi routines through
113 * the routines in the glue module (gssd_mech_glue.c)
115 * This contants all of the functions defined in gssapi.h except for
116 * gss_release_buffer() and gss_release_oid_set(), which I am
117 * assuming, for now, to be equal across mechanisms.
120 typedef struct gss_config {
121 gss_OID_desc mech_type;
123 OM_uint32 (*gss_acquire_cred)
125 OM_uint32*, /* minor_status */
126 gss_name_t, /* desired_name */
127 OM_uint32, /* time_req */
128 gss_OID_set, /* desired_mechs */
129 int, /* cred_usage */
130 gss_cred_id_t*, /* output_cred_handle */
131 gss_OID_set*, /* actual_mechs */
132 OM_uint32* /* time_rec */
134 OM_uint32 (*gss_release_cred)
136 OM_uint32*, /* minor_status */
137 gss_cred_id_t* /* cred_handle */
139 OM_uint32 (*gss_init_sec_context)
141 OM_uint32*, /* minor_status */
142 gss_cred_id_t, /* claimant_cred_handle */
143 gss_ctx_id_t*, /* context_handle */
144 gss_name_t, /* target_name */
145 gss_OID, /* mech_type */
146 OM_uint32, /* req_flags */
147 OM_uint32, /* time_req */
148 gss_channel_bindings_t, /* input_chan_bindings */
149 gss_buffer_t, /* input_token */
150 gss_OID*, /* actual_mech_type */
151 gss_buffer_t, /* output_token */
152 OM_uint32*, /* ret_flags */
153 OM_uint32* /* time_rec */
155 OM_uint32 (*gss_accept_sec_context)
157 OM_uint32*, /* minor_status */
158 gss_ctx_id_t*, /* context_handle */
159 gss_cred_id_t, /* verifier_cred_handle */
160 gss_buffer_t, /* input_token_buffer */
161 gss_channel_bindings_t, /* input_chan_bindings */
162 gss_name_t*, /* src_name */
163 gss_OID*, /* mech_type */
164 gss_buffer_t, /* output_token */
165 OM_uint32*, /* ret_flags */
166 OM_uint32*, /* time_rec */
167 gss_cred_id_t* /* delegated_cred_handle */
169 OM_uint32 (*gss_process_context_token)
171 OM_uint32*, /* minor_status */
172 gss_ctx_id_t, /* context_handle */
173 gss_buffer_t /* token_buffer */
175 OM_uint32 (*gss_delete_sec_context)
177 OM_uint32*, /* minor_status */
178 gss_ctx_id_t*, /* context_handle */
179 gss_buffer_t /* output_token */
181 OM_uint32 (*gss_context_time)
183 OM_uint32*, /* minor_status */
184 gss_ctx_id_t, /* context_handle */
185 OM_uint32* /* time_rec */
187 OM_uint32 (*gss_get_mic)
189 OM_uint32*, /* minor_status */
190 gss_ctx_id_t, /* context_handle */
191 gss_qop_t, /* qop_req */
192 gss_buffer_t, /* message_buffer */
193 gss_buffer_t /* message_token */
195 OM_uint32 (*gss_verify_mic)
197 OM_uint32*, /* minor_status */
198 gss_ctx_id_t, /* context_handle */
199 gss_buffer_t, /* message_buffer */
200 gss_buffer_t, /* token_buffer */
201 gss_qop_t* /* qop_state */
203 OM_uint32 (*gss_wrap)
205 OM_uint32*, /* minor_status */
206 gss_ctx_id_t, /* context_handle */
207 int, /* conf_req_flag */
208 gss_qop_t, /* qop_req */
209 gss_buffer_t, /* input_message_buffer */
210 int*, /* conf_state */
211 gss_buffer_t /* output_message_buffer */
213 OM_uint32 (*gss_unwrap)
215 OM_uint32*, /* minor_status */
216 gss_ctx_id_t, /* context_handle */
217 gss_buffer_t, /* input_message_buffer */
218 gss_buffer_t, /* output_message_buffer */
219 int*, /* conf_state */
220 gss_qop_t* /* qop_state */
222 OM_uint32 (*gss_display_status)
224 OM_uint32*, /* minor_status */
225 OM_uint32, /* status_value */
226 int, /* status_type */
227 gss_OID, /* mech_type */
228 OM_uint32*, /* message_context */
229 gss_buffer_t /* status_string */
231 OM_uint32 (*gss_indicate_mechs)
233 OM_uint32*, /* minor_status */
234 gss_OID_set* /* mech_set */
236 OM_uint32 (*gss_compare_name)
238 OM_uint32*, /* minor_status */
239 gss_name_t, /* name1 */
240 gss_name_t, /* name2 */
241 int* /* name_equal */
243 OM_uint32 (*gss_display_name)
245 OM_uint32*, /* minor_status */
246 gss_name_t, /* input_name */
247 gss_buffer_t, /* output_name_buffer */
248 gss_OID* /* output_name_type */
250 OM_uint32 (*gss_import_name)
252 OM_uint32*, /* minor_status */
253 gss_buffer_t, /* input_name_buffer */
254 gss_OID, /* input_name_type */
255 gss_name_t* /* output_name */
257 OM_uint32 (*gss_release_name)
259 OM_uint32*, /* minor_status */
260 gss_name_t* /* input_name */
262 OM_uint32 (*gss_inquire_cred)
264 OM_uint32 *, /* minor_status */
265 gss_cred_id_t, /* cred_handle */
266 gss_name_t *, /* name */
267 OM_uint32 *, /* lifetime */
268 int *, /* cred_usage */
269 gss_OID_set * /* mechanisms */
271 OM_uint32 (*gss_add_cred)
273 OM_uint32 *, /* minor_status */
274 gss_cred_id_t, /* input_cred_handle */
275 gss_name_t, /* desired_name */
276 gss_OID, /* desired_mech */
277 gss_cred_usage_t, /* cred_usage */
278 OM_uint32, /* initiator_time_req */
279 OM_uint32, /* acceptor_time_req */
280 gss_cred_id_t *, /* output_cred_handle */
281 gss_OID_set *, /* actual_mechs */
282 OM_uint32 *, /* initiator_time_rec */
283 OM_uint32 * /* acceptor_time_rec */
285 OM_uint32 (*gss_export_sec_context)
287 OM_uint32 *, /* minor_status */
288 gss_ctx_id_t *, /* context_handle */
289 gss_buffer_t /* interprocess_token */
291 OM_uint32 (*gss_import_sec_context)
293 OM_uint32 *, /* minor_status */
294 gss_buffer_t, /* interprocess_token */
295 gss_ctx_id_t * /* context_handle */
297 OM_uint32 (*gss_inquire_cred_by_mech)
299 OM_uint32 *, /* minor_status */
300 gss_cred_id_t, /* cred_handle */
301 gss_OID, /* mech_type */
302 gss_name_t *, /* name */
303 OM_uint32 *, /* initiator_lifetime */
304 OM_uint32 *, /* acceptor_lifetime */
305 gss_cred_usage_t * /* cred_usage */
307 OM_uint32 (*gss_inquire_names_for_mech)
309 OM_uint32 *, /* minor_status */
310 gss_OID, /* mechanism */
311 gss_OID_set * /* name_types */
313 OM_uint32 (*gss_inquire_context)
315 OM_uint32 *, /* minor_status */
316 gss_ctx_id_t, /* context_handle */
317 gss_name_t *, /* src_name */
318 gss_name_t *, /* targ_name */
319 OM_uint32 *, /* lifetime_rec */
320 gss_OID *, /* mech_type */
321 OM_uint32 *, /* ctx_flags */
322 int *, /* locally_initiated */
325 OM_uint32 (*gss_internal_release_oid)
327 OM_uint32 *, /* minor_status */
330 OM_uint32 (*gss_wrap_size_limit)
332 OM_uint32 *, /* minor_status */
333 gss_ctx_id_t, /* context_handle */
334 int, /* conf_req_flag */
335 gss_qop_t, /* qop_req */
336 OM_uint32, /* req_output_size */
337 OM_uint32 * /* max_input_size */
343 gss_OID, /* name type */
344 gss_OID, /* mech type */
347 OM_uint32 (*gssint_userok)
349 OM_uint32 *, /* minor_status */
350 const gss_name_t, /* pname */
351 const char *, /* local user */
355 OM_uint32 (*gss_export_name)
357 OM_uint32 *, /* minor_status */
358 const gss_name_t, /* input_name */
359 gss_buffer_t /* exported_name */
361 OM_uint32 (*gss_store_cred)
363 OM_uint32 *, /* minor_status */
364 const gss_cred_id_t, /* input_cred */
365 gss_cred_usage_t, /* cred_usage */
366 const gss_OID, /* desired_mech */
367 OM_uint32, /* overwrite_cred */
368 OM_uint32, /* default_cred */
369 gss_OID_set *, /* elements_stored */
370 gss_cred_usage_t * /* cred_usage_stored */
376 OM_uint32 (*gss_inquire_sec_context_by_oid)
378 OM_uint32 *, /* minor_status */
379 const gss_ctx_id_t, /* context_handle */
380 const gss_OID, /* OID */
381 gss_buffer_set_t * /* data_set */
383 OM_uint32 (*gss_inquire_cred_by_oid)
385 OM_uint32 *, /* minor_status */
386 const gss_cred_id_t, /* cred_handle */
387 const gss_OID, /* OID */
388 gss_buffer_set_t * /* data_set */
390 OM_uint32 (*gss_set_sec_context_option)
392 OM_uint32 *, /* minor_status */
393 gss_ctx_id_t *, /* context_handle */
394 const gss_OID, /* OID */
395 const gss_buffer_t /* value */
397 OM_uint32 (*gssspi_set_cred_option)
399 OM_uint32 *, /* minor_status */
400 gss_cred_id_t, /* cred_handle */
401 const gss_OID, /* OID */
402 const gss_buffer_t /* value */
404 OM_uint32 (*gssspi_mech_invoke)
406 OM_uint32*, /* minor_status */
407 const gss_OID, /* mech OID */
408 const gss_OID, /* OID */
409 gss_buffer_t /* value */
412 /* AEAD extensions */
413 OM_uint32 (*gss_wrap_aead)
415 OM_uint32 *, /* minor_status */
416 gss_ctx_id_t, /* context_handle */
417 int, /* conf_req_flag */
418 gss_qop_t, /* qop_req */
419 gss_buffer_t, /* input_assoc_buffer */
420 gss_buffer_t, /* input_payload_buffer */
421 int *, /* conf_state */
422 gss_buffer_t /* output_message_buffer */
425 OM_uint32 (*gss_unwrap_aead)
427 OM_uint32 *, /* minor_status */
428 gss_ctx_id_t, /* context_handle */
429 gss_buffer_t, /* input_message_buffer */
430 gss_buffer_t, /* input_assoc_buffer */
431 gss_buffer_t, /* output_payload_buffer */
432 int *, /* conf_state */
433 gss_qop_t * /* qop_state */
436 /* SSPI extensions */
437 OM_uint32 (*gss_wrap_iov)
439 OM_uint32 *, /* minor_status */
440 gss_ctx_id_t, /* context_handle */
441 int, /* conf_req_flag */
442 gss_qop_t, /* qop_req */
443 int *, /* conf_state */
444 gss_iov_buffer_desc *, /* iov */
448 OM_uint32 (*gss_unwrap_iov)
450 OM_uint32 *, /* minor_status */
451 gss_ctx_id_t, /* context_handle */
452 int *, /* conf_state */
453 gss_qop_t *, /* qop_state */
454 gss_iov_buffer_desc *, /* iov */
458 OM_uint32 (*gss_wrap_iov_length)
460 OM_uint32 *, /* minor_status */
461 gss_ctx_id_t, /* context_handle */
462 int, /* conf_req_flag*/
463 gss_qop_t, /* qop_req */
464 int *, /* conf_state */
465 gss_iov_buffer_desc *, /* iov */
469 OM_uint32 (*gss_complete_auth_token)
471 OM_uint32*, /* minor_status */
472 const gss_ctx_id_t, /* context_handle */
473 gss_buffer_t /* input_message_buffer */
478 OM_uint32 (*gss_acquire_cred_impersonate_name)
480 OM_uint32 *, /* minor_status */
481 const gss_cred_id_t, /* impersonator_cred_handle */
482 const gss_name_t, /* desired_name */
483 OM_uint32, /* time_req */
484 const gss_OID_set, /* desired_mechs */
485 gss_cred_usage_t, /* cred_usage */
486 gss_cred_id_t *, /* output_cred_handle */
487 gss_OID_set *, /* actual_mechs */
488 OM_uint32 * /* time_rec */
491 OM_uint32 (*gss_add_cred_impersonate_name)
493 OM_uint32 *, /* minor_status */
494 gss_cred_id_t, /* input_cred_handle */
495 const gss_cred_id_t, /* impersonator_cred_handle */
496 const gss_name_t, /* desired_name */
497 const gss_OID, /* desired_mech */
498 gss_cred_usage_t, /* cred_usage */
499 OM_uint32, /* initiator_time_req */
500 OM_uint32, /* acceptor_time_req */
501 gss_cred_id_t *, /* output_cred_handle */
502 gss_OID_set *, /* actual_mechs */
503 OM_uint32 *, /* initiator_time_rec */
504 OM_uint32 * /* acceptor_time_rec */
507 OM_uint32 (*gss_display_name_ext)
509 OM_uint32 *, /* minor_status */
510 gss_name_t, /* name */
511 gss_OID, /* display_as_name_type */
512 gss_buffer_t /* display_name */
515 OM_uint32 (*gss_inquire_name)
517 OM_uint32 *, /* minor_status */
518 gss_name_t, /* name */
519 int *, /* name_is_MN */
520 gss_OID *, /* MN_mech */
521 gss_buffer_set_t * /* attrs */
524 OM_uint32 (*gss_get_name_attribute)
526 OM_uint32 *, /* minor_status */
527 gss_name_t, /* name */
528 gss_buffer_t, /* attr */
529 int *, /* authenticated */
530 int *, /* complete */
531 gss_buffer_t, /* value */
532 gss_buffer_t, /* display_value */
536 OM_uint32 (*gss_set_name_attribute)
538 OM_uint32 *, /* minor_status */
539 gss_name_t, /* name */
541 gss_buffer_t, /* attr */
542 gss_buffer_t /* value */
545 OM_uint32 (*gss_delete_name_attribute)
547 OM_uint32 *, /* minor_status */
548 gss_name_t, /* name */
549 gss_buffer_t /* attr */
552 OM_uint32 (*gss_export_name_composite)
554 OM_uint32 *, /* minor_status */
555 gss_name_t, /* name */
556 gss_buffer_t /* exp_composite_name */
559 OM_uint32 (*gss_map_name_to_any)
561 OM_uint32 *, /* minor_status */
562 gss_name_t, /* name */
563 int, /* authenticated */
564 gss_buffer_t, /* type_id */
565 gss_any_t * /* output */
568 OM_uint32 (*gss_release_any_name_mapping)
570 OM_uint32 *, /* minor_status */
571 gss_name_t, /* name */
572 gss_buffer_t, /* type_id */
573 gss_any_t * /* input */
576 OM_uint32 (*gss_pseudo_random)
578 OM_uint32 *, /* minor_status */
579 gss_ctx_id_t, /* context */
581 const gss_buffer_t, /* prf_in */
582 ssize_t, /* desired_output_len */
583 gss_buffer_t /* prf_out */
588 /* This structure MUST NOT be used by any code outside libgss */
589 typedef struct gss_config_ext {
590 gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password;
591 } *gss_mechanism_ext;
594 * In the user space we use a wrapper structure to encompass the
595 * mechanism entry points. The wrapper contain the mechanism
596 * entry points and other data which is only relevant to the gss-api
597 * layer. In the kernel we use only the gss_config strucutre because
598 * the kernal does not cantain any of the extra gss-api specific data.
600 typedef struct gss_mech_config {
601 char *kmodName; /* kernel module name */
602 char *uLibName; /* user library name */
603 char *mechNameStr; /* mechanism string name */
604 char *optionStr; /* optional mech parameters */
605 void *dl_handle; /* RTLD object handle for the mech */
606 gss_OID mech_type; /* mechanism oid */
607 gss_mechanism mech; /* mechanism initialization struct */
608 gss_mechanism_ext mech_ext; /* extensions */
609 int priority; /* mechanism preference order */
610 int freeMech; /* free mech table */
611 struct gss_mech_config *next; /* next element in the list */
614 /********************************************************/
615 /* Internal mechglue routines */
618 int gssint_mechglue_init(void);
619 void gssint_mechglue_fini(void);
622 gss_mechanism gssint_get_mechanism (gss_OID);
623 gss_mechanism_ext gssint_get_mechanism_ext(const gss_OID);
624 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t);
625 char *gssint_get_kmodName(const gss_OID);
626 char *gssint_get_modOptions(const gss_OID);
627 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t,
629 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID,
630 const gss_name_t, gss_buffer_t);
631 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t,
632 gss_buffer_t, gss_OID *);
633 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *);
634 OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID,
635 gss_ctx_id_t *, gss_buffer_t);
636 #ifdef _GSS_STATIC_LINK
637 int gssint_register_mechinfo(gss_mech_info template);
640 OM_uint32 gssint_convert_name_to_union_name
641 (OM_uint32 *, /* minor_status */
642 gss_mechanism, /* mech */
643 gss_name_t, /* internal_name */
644 gss_name_t * /* external_name */
646 gss_cred_id_t gssint_get_mechanism_cred
647 (gss_union_cred_t, /* union_cred */
648 gss_OID /* mech_type */
651 OM_uint32 gssint_create_copy_buffer(
652 const gss_buffer_t, /* src buffer */
653 gss_buffer_t *, /* destination buffer */
654 int /* NULL terminate buffer ? */
657 OM_uint32 gssint_copy_oid_set(
658 OM_uint32 *, /* minor_status */
659 const gss_OID_set_desc * const, /* oid set */
660 gss_OID_set * /* new oid set */
663 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */
665 OM_uint32 gss_add_mech_name_type
666 (OM_uint32 *, /* minor_status */
667 gss_OID, /* name_type */
672 * Sun extensions to GSS-API v2
677 const char *mech, /* mechanism string name */
678 gss_OID *oid /* mechanism oid */
683 const gss_OID oid /* mechanism oid */
687 gssint_get_mechanisms(
688 char *mechArray[], /* array to populate with mechs */
689 int arrayLen /* length of passed in array */
694 OM_uint32 *, /* minor */
695 const gss_name_t, /* name */
696 const char *, /* user */
702 OM_uint32 *, /* minor_status */
703 const gss_cred_id_t, /* input_cred_handle */
704 gss_cred_usage_t, /* cred_usage */
705 const gss_OID, /* desired_mech */
706 OM_uint32, /* overwrite_cred */
707 OM_uint32, /* default_cred */
708 gss_OID_set *, /* elements_stored */
709 gss_cred_usage_t * /* cred_usage_stored */
713 gssint_get_der_length(
714 unsigned char **, /* buf */
715 unsigned int, /* buf_len */
716 unsigned int * /* bytes */
720 gssint_der_length_size(unsigned int /* len */);
723 gssint_put_der_length(
724 unsigned int, /* length */
725 unsigned char **, /* buf */
726 unsigned int /* max_len */
730 gssint_wrap_aead (gss_mechanism, /* mech */
731 OM_uint32 *, /* minor_status */
732 gss_union_ctx_id_t, /* ctx */
733 int, /* conf_req_flag */
734 gss_qop_t, /* qop_req_flag */
735 gss_buffer_t, /* input_assoc_buffer */
736 gss_buffer_t, /* input_payload_buffer */
737 int *, /* conf_state */
738 gss_buffer_t); /* output_message_buffer */
740 gssint_unwrap_aead (gss_mechanism, /* mech */
741 OM_uint32 *, /* minor_status */
742 gss_union_ctx_id_t, /* ctx */
743 gss_buffer_t, /* input_message_buffer */
744 gss_buffer_t, /* input_assoc_buffer */
745 gss_buffer_t, /* output_payload_buffer */
746 int *, /* conf_state */
747 gss_qop_t *); /* qop_state */
750 /* Use this to map an error code that was returned from a mech
751 operation; the mech will be asked to produce the associated error
754 Remember that if the minor status code cannot be returned to the
755 caller (e.g., if it's stuffed in an automatic variable and then
756 ignored), then we don't care about producing a mapping. */
757 #define map_error(MINORP, MECH) \
758 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type))
759 #define map_error_oid(MINORP, MECHOID) \
760 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID)))
762 /* Use this to map an errno value or com_err error code being
763 generated within the mechglue code (e.g., by calling generic oid
764 ops). Any errno or com_err values produced by mech operations
765 should be processed with map_error. This means they'll be stored
766 separately even if the mech uses com_err, because we can't assume
767 that it will use com_err. */
768 #define map_errcode(MINORP) \
769 (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP)))
771 #endif /* _GSS_MECHGLUEP_H */
projects / krb5.git / blob