1 /* #ident "@(#)mglueP.h 1.2 96/01/18 SMI" */
4 * This header contains the private mechglue definitions.
6 * Copyright (c) 1995, by Sun Microsystems, Inc.
10 #ifndef _GSS_MECHGLUEP_H
11 #define _GSS_MECHGLUEP_H
15 #include "gssapiP_generic.h"
17 #define g_OID_copy(o1, o2) \
19 memcpy((o1)->elements, (o2)->elements, (o2)->length); \
20 (o1)->length = (o2)->length; \
24 * Array of context IDs typed by mechanism OID
26 typedef struct gss_ctx_id_struct {
27 struct gss_ctx_id_struct *loopback;
29 gss_ctx_id_t internal_ctx_id;
30 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
33 * Generic GSSAPI names. A name can either be a generic name, or a
34 * mechanism specific name....
36 typedef struct gss_name_struct {
37 struct gss_name_struct *loopback;
39 gss_buffer_t external_name;
41 * These last two fields are only filled in for mechanism
46 } gss_union_name_desc, *gss_union_name_t;
49 * Structure for holding list of mechanism-specific name types
51 typedef struct gss_mech_spec_name_t {
54 struct gss_mech_spec_name_t *next, *prev;
55 } gss_mech_spec_name_desc, *gss_mech_spec_name;
58 * Credential auxiliary info, used in the credential structure
60 typedef struct gss_union_cred_auxinfo {
63 OM_uint32 creation_time;
66 } gss_union_cred_auxinfo;
69 * Set of Credentials typed on mechanism OID
71 typedef struct gss_cred_id_struct {
72 struct gss_cred_id_struct *loopback;
75 gss_cred_id_t *cred_array;
76 gss_union_cred_auxinfo auxinfo;
77 } gss_union_cred_desc, *gss_union_cred_t;
79 typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)(
81 OM_uint32 *, /* minor_status */
82 const gss_name_t, /* desired_name */
83 const gss_buffer_t, /* password */
84 OM_uint32, /* time_req */
85 const gss_OID_set, /* desired_mechs */
87 gss_cred_id_t *, /* output_cred_handle */
88 gss_OID_set *, /* actual_mechs */
89 OM_uint32 * /* time_rec */
93 * Rudimentary pointer validation macro to check whether the
94 * "loopback" field of an opaque struct points back to itself. This
95 * field also catches some programming errors where an opaque pointer
96 * is passed to a function expecting the address of the opaque
99 #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
101 /********************************************************/
102 /* The Mechanism Dispatch Table -- a mechanism needs to */
103 /* define one of these and provide a function to return */
104 /* it to initialize the GSSAPI library */
105 int gssint_mechglue_initialize_library(void);
107 OM_uint32 gssint_get_mech_type_oid(gss_OID OID, gss_buffer_t token);
110 * This is the definition of the mechs_array struct, which is used to
111 * define the mechs array table. This table is used to indirectly
112 * access mechanism specific versions of the gssapi routines through
113 * the routines in the glue module (gssd_mech_glue.c)
115 * This contants all of the functions defined in gssapi.h except for
116 * gss_release_buffer() and gss_release_oid_set(), which I am
117 * assuming, for now, to be equal across mechanisms.
120 typedef struct gss_config {
121 gss_OID_desc mech_type;
123 OM_uint32 (*gss_acquire_cred)
125 OM_uint32*, /* minor_status */
126 gss_name_t, /* desired_name */
127 OM_uint32, /* time_req */
128 gss_OID_set, /* desired_mechs */
129 int, /* cred_usage */
130 gss_cred_id_t*, /* output_cred_handle */
131 gss_OID_set*, /* actual_mechs */
132 OM_uint32* /* time_rec */
134 OM_uint32 (*gss_release_cred)
136 OM_uint32*, /* minor_status */
137 gss_cred_id_t* /* cred_handle */
139 OM_uint32 (*gss_init_sec_context)
141 OM_uint32*, /* minor_status */
142 gss_cred_id_t, /* claimant_cred_handle */
143 gss_ctx_id_t*, /* context_handle */
144 gss_name_t, /* target_name */
145 gss_OID, /* mech_type */
146 OM_uint32, /* req_flags */
147 OM_uint32, /* time_req */
148 gss_channel_bindings_t, /* input_chan_bindings */
149 gss_buffer_t, /* input_token */
150 gss_OID*, /* actual_mech_type */
151 gss_buffer_t, /* output_token */
152 OM_uint32*, /* ret_flags */
153 OM_uint32* /* time_rec */
155 OM_uint32 (*gss_accept_sec_context)
157 OM_uint32*, /* minor_status */
158 gss_ctx_id_t*, /* context_handle */
159 gss_cred_id_t, /* verifier_cred_handle */
160 gss_buffer_t, /* input_token_buffer */
161 gss_channel_bindings_t, /* input_chan_bindings */
162 gss_name_t*, /* src_name */
163 gss_OID*, /* mech_type */
164 gss_buffer_t, /* output_token */
165 OM_uint32*, /* ret_flags */
166 OM_uint32*, /* time_rec */
167 gss_cred_id_t* /* delegated_cred_handle */
169 OM_uint32 (*gss_process_context_token)
171 OM_uint32*, /* minor_status */
172 gss_ctx_id_t, /* context_handle */
173 gss_buffer_t /* token_buffer */
175 OM_uint32 (*gss_delete_sec_context)
177 OM_uint32*, /* minor_status */
178 gss_ctx_id_t*, /* context_handle */
179 gss_buffer_t /* output_token */
181 OM_uint32 (*gss_context_time)
183 OM_uint32*, /* minor_status */
184 gss_ctx_id_t, /* context_handle */
185 OM_uint32* /* time_rec */
187 OM_uint32 (*gss_get_mic)
189 OM_uint32*, /* minor_status */
190 gss_ctx_id_t, /* context_handle */
191 gss_qop_t, /* qop_req */
192 gss_buffer_t, /* message_buffer */
193 gss_buffer_t /* message_token */
195 OM_uint32 (*gss_verify_mic)
197 OM_uint32*, /* minor_status */
198 gss_ctx_id_t, /* context_handle */
199 gss_buffer_t, /* message_buffer */
200 gss_buffer_t, /* token_buffer */
201 gss_qop_t* /* qop_state */
203 OM_uint32 (*gss_wrap)
205 OM_uint32*, /* minor_status */
206 gss_ctx_id_t, /* context_handle */
207 int, /* conf_req_flag */
208 gss_qop_t, /* qop_req */
209 gss_buffer_t, /* input_message_buffer */
210 int*, /* conf_state */
211 gss_buffer_t /* output_message_buffer */
213 OM_uint32 (*gss_unwrap)
215 OM_uint32*, /* minor_status */
216 gss_ctx_id_t, /* context_handle */
217 gss_buffer_t, /* input_message_buffer */
218 gss_buffer_t, /* output_message_buffer */
219 int*, /* conf_state */
220 gss_qop_t* /* qop_state */
222 OM_uint32 (*gss_display_status)
224 OM_uint32*, /* minor_status */
225 OM_uint32, /* status_value */
226 int, /* status_type */
227 gss_OID, /* mech_type */
228 OM_uint32*, /* message_context */
229 gss_buffer_t /* status_string */
231 OM_uint32 (*gss_indicate_mechs)
233 OM_uint32*, /* minor_status */
234 gss_OID_set* /* mech_set */
236 OM_uint32 (*gss_compare_name)
238 OM_uint32*, /* minor_status */
239 gss_name_t, /* name1 */
240 gss_name_t, /* name2 */
241 int* /* name_equal */
243 OM_uint32 (*gss_display_name)
245 OM_uint32*, /* minor_status */
246 gss_name_t, /* input_name */
247 gss_buffer_t, /* output_name_buffer */
248 gss_OID* /* output_name_type */
250 OM_uint32 (*gss_import_name)
252 OM_uint32*, /* minor_status */
253 gss_buffer_t, /* input_name_buffer */
254 gss_OID, /* input_name_type */
255 gss_name_t* /* output_name */
257 OM_uint32 (*gss_release_name)
259 OM_uint32*, /* minor_status */
260 gss_name_t* /* input_name */
262 OM_uint32 (*gss_inquire_cred)
264 OM_uint32 *, /* minor_status */
265 gss_cred_id_t, /* cred_handle */
266 gss_name_t *, /* name */
267 OM_uint32 *, /* lifetime */
268 int *, /* cred_usage */
269 gss_OID_set * /* mechanisms */
271 OM_uint32 (*gss_add_cred)
273 OM_uint32 *, /* minor_status */
274 gss_cred_id_t, /* input_cred_handle */
275 gss_name_t, /* desired_name */
276 gss_OID, /* desired_mech */
277 gss_cred_usage_t, /* cred_usage */
278 OM_uint32, /* initiator_time_req */
279 OM_uint32, /* acceptor_time_req */
280 gss_cred_id_t *, /* output_cred_handle */
281 gss_OID_set *, /* actual_mechs */
282 OM_uint32 *, /* initiator_time_rec */
283 OM_uint32 * /* acceptor_time_rec */
285 OM_uint32 (*gss_export_sec_context)
287 OM_uint32 *, /* minor_status */
288 gss_ctx_id_t *, /* context_handle */
289 gss_buffer_t /* interprocess_token */
291 OM_uint32 (*gss_import_sec_context)
293 OM_uint32 *, /* minor_status */
294 gss_buffer_t, /* interprocess_token */
295 gss_ctx_id_t * /* context_handle */
297 OM_uint32 (*gss_inquire_cred_by_mech)
299 OM_uint32 *, /* minor_status */
300 gss_cred_id_t, /* cred_handle */
301 gss_OID, /* mech_type */
302 gss_name_t *, /* name */
303 OM_uint32 *, /* initiator_lifetime */
304 OM_uint32 *, /* acceptor_lifetime */
305 gss_cred_usage_t * /* cred_usage */
307 OM_uint32 (*gss_inquire_names_for_mech)
309 OM_uint32 *, /* minor_status */
310 gss_OID, /* mechanism */
311 gss_OID_set * /* name_types */
313 OM_uint32 (*gss_inquire_context)
315 OM_uint32 *, /* minor_status */
316 gss_ctx_id_t, /* context_handle */
317 gss_name_t *, /* src_name */
318 gss_name_t *, /* targ_name */
319 OM_uint32 *, /* lifetime_rec */
320 gss_OID *, /* mech_type */
321 OM_uint32 *, /* ctx_flags */
322 int *, /* locally_initiated */
325 OM_uint32 (*gss_internal_release_oid)
327 OM_uint32 *, /* minor_status */
330 OM_uint32 (*gss_wrap_size_limit)
332 OM_uint32 *, /* minor_status */
333 gss_ctx_id_t, /* context_handle */
334 int, /* conf_req_flag */
335 gss_qop_t, /* qop_req */
336 OM_uint32, /* req_output_size */
337 OM_uint32 * /* max_input_size */
343 gss_OID, /* name type */
344 gss_OID, /* mech type */
347 OM_uint32 (*gssint_userok)
349 OM_uint32 *, /* minor_status */
350 const gss_name_t, /* pname */
351 const char *, /* local user */
355 OM_uint32 (*gss_export_name)
357 OM_uint32 *, /* minor_status */
358 const gss_name_t, /* input_name */
359 gss_buffer_t /* exported_name */
361 OM_uint32 (*gss_store_cred)
363 OM_uint32 *, /* minor_status */
364 const gss_cred_id_t, /* input_cred */
365 gss_cred_usage_t, /* cred_usage */
366 const gss_OID, /* desired_mech */
367 OM_uint32, /* overwrite_cred */
368 OM_uint32, /* default_cred */
369 gss_OID_set *, /* elements_stored */
370 gss_cred_usage_t * /* cred_usage_stored */
376 OM_uint32 (*gss_inquire_sec_context_by_oid)
378 OM_uint32 *, /* minor_status */
379 const gss_ctx_id_t, /* context_handle */
380 const gss_OID, /* OID */
381 gss_buffer_set_t * /* data_set */
383 OM_uint32 (*gss_inquire_cred_by_oid)
385 OM_uint32 *, /* minor_status */
386 const gss_cred_id_t, /* cred_handle */
387 const gss_OID, /* OID */
388 gss_buffer_set_t * /* data_set */
390 OM_uint32 (*gss_set_sec_context_option)
392 OM_uint32 *, /* minor_status */
393 gss_ctx_id_t *, /* context_handle */
394 const gss_OID, /* OID */
395 const gss_buffer_t /* value */
397 OM_uint32 (*gssspi_set_cred_option)
399 OM_uint32 *, /* minor_status */
400 gss_cred_id_t, /* cred_handle */
401 const gss_OID, /* OID */
402 const gss_buffer_t /* value */
404 OM_uint32 (*gssspi_mech_invoke)
406 OM_uint32*, /* minor_status */
407 const gss_OID, /* mech OID */
408 const gss_OID, /* OID */
409 gss_buffer_t /* value */
412 /* AEAD extensions */
413 OM_uint32 (*gss_wrap_aead)
415 OM_uint32 *, /* minor_status */
416 gss_ctx_id_t, /* context_handle */
417 int, /* conf_req_flag */
418 gss_qop_t, /* qop_req */
419 gss_buffer_t, /* input_assoc_buffer */
420 gss_buffer_t, /* input_payload_buffer */
421 int *, /* conf_state */
422 gss_buffer_t /* output_message_buffer */
425 OM_uint32 (*gss_unwrap_aead)
427 OM_uint32 *, /* minor_status */
428 gss_ctx_id_t, /* context_handle */
429 gss_buffer_t, /* input_message_buffer */
430 gss_buffer_t, /* input_assoc_buffer */
431 gss_buffer_t, /* output_payload_buffer */
432 int *, /* conf_state */
433 gss_qop_t * /* qop_state */
436 /* SSPI extensions */
437 OM_uint32 (*gss_wrap_iov)
439 OM_uint32 *, /* minor_status */
440 gss_ctx_id_t, /* context_handle */
441 int, /* conf_req_flag */
442 gss_qop_t, /* qop_req */
443 int *, /* conf_state */
444 gss_iov_buffer_desc *, /* iov */
448 OM_uint32 (*gss_unwrap_iov)
450 OM_uint32 *, /* minor_status */
451 gss_ctx_id_t, /* context_handle */
452 int *, /* conf_state */
453 gss_qop_t *, /* qop_state */
454 gss_iov_buffer_desc *, /* iov */
458 OM_uint32 (*gss_wrap_iov_length)
460 OM_uint32 *, /* minor_status */
461 gss_ctx_id_t, /* context_handle */
462 int, /* conf_req_flag*/
463 gss_qop_t, /* qop_req */
464 int *, /* conf_state */
465 gss_iov_buffer_desc *, /* iov */
469 OM_uint32 (*gss_complete_auth_token)
471 OM_uint32*, /* minor_status */
472 const gss_ctx_id_t, /* context_handle */
473 gss_buffer_t /* input_message_buffer */
478 OM_uint32 (*gss_acquire_cred_impersonate_name)
480 OM_uint32 *, /* minor_status */
481 const gss_cred_id_t, /* impersonator_cred_handle */
482 const gss_name_t, /* desired_name */
483 OM_uint32, /* time_req */
484 const gss_OID_set, /* desired_mechs */
485 gss_cred_usage_t, /* cred_usage */
486 gss_cred_id_t *, /* output_cred_handle */
487 gss_OID_set *, /* actual_mechs */
488 OM_uint32 * /* time_rec */
491 OM_uint32 (*gss_add_cred_impersonate_name)
493 OM_uint32 *, /* minor_status */
494 gss_cred_id_t, /* input_cred_handle */
495 const gss_cred_id_t, /* impersonator_cred_handle */
496 const gss_name_t, /* desired_name */
497 const gss_OID, /* desired_mech */
498 gss_cred_usage_t, /* cred_usage */
499 OM_uint32, /* initiator_time_req */
500 OM_uint32, /* acceptor_time_req */
501 gss_cred_id_t *, /* output_cred_handle */
502 gss_OID_set *, /* actual_mechs */
503 OM_uint32 *, /* initiator_time_rec */
504 OM_uint32 * /* acceptor_time_rec */
507 OM_uint32 (*gss_display_name_ext)
509 OM_uint32 *, /* minor_status */
510 gss_name_t, /* name */
511 gss_OID, /* display_as_name_type */
512 gss_buffer_t /* display_name */
515 OM_uint32 (*gss_inquire_name)
517 OM_uint32 *, /* minor_status */
518 gss_name_t, /* name */
519 int *, /* name_is_MN */
520 gss_OID *, /* MN_mech */
521 gss_buffer_set_t * /* attrs */
524 OM_uint32 (*gss_get_name_attribute)
526 OM_uint32 *, /* minor_status */
527 gss_name_t, /* name */
528 gss_buffer_t, /* attr */
529 int *, /* authenticated */
530 int *, /* complete */
531 gss_buffer_t, /* value */
532 gss_buffer_t, /* display_value */
536 OM_uint32 (*gss_set_name_attribute)
538 OM_uint32 *, /* minor_status */
539 gss_name_t, /* name */
541 gss_buffer_t, /* attr */
542 gss_buffer_t /* value */
545 OM_uint32 (*gss_delete_name_attribute)
547 OM_uint32 *, /* minor_status */
548 gss_name_t, /* name */
549 gss_buffer_t /* attr */
552 OM_uint32 (*gss_export_name_composite)
554 OM_uint32 *, /* minor_status */
555 gss_name_t, /* name */
556 gss_buffer_t /* exp_composite_name */
559 OM_uint32 (*gss_map_name_to_any)
561 OM_uint32 *, /* minor_status */
562 gss_name_t, /* name */
563 int, /* authenticated */
564 gss_buffer_t, /* type_id */
565 gss_any_t * /* output */
568 OM_uint32 (*gss_release_any_name_mapping)
570 OM_uint32 *, /* minor_status */
571 gss_name_t, /* name */
572 gss_buffer_t, /* type_id */
573 gss_any_t * /* input */
578 /* This structure MUST NOT be used by any code outside libgss */
579 typedef struct gss_config_ext {
580 gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password;
581 } *gss_mechanism_ext;
584 * In the user space we use a wrapper structure to encompass the
585 * mechanism entry points. The wrapper contain the mechanism
586 * entry points and other data which is only relevant to the gss-api
587 * layer. In the kernel we use only the gss_config strucutre because
588 * the kernal does not cantain any of the extra gss-api specific data.
590 typedef struct gss_mech_config {
591 char *kmodName; /* kernel module name */
592 char *uLibName; /* user library name */
593 char *mechNameStr; /* mechanism string name */
594 char *optionStr; /* optional mech parameters */
595 void *dl_handle; /* RTLD object handle for the mech */
596 gss_OID mech_type; /* mechanism oid */
597 gss_mechanism mech; /* mechanism initialization struct */
598 gss_mechanism_ext mech_ext; /* extensions */
599 int priority; /* mechanism preference order */
600 int freeMech; /* free mech table */
601 struct gss_mech_config *next; /* next element in the list */
604 /********************************************************/
605 /* Internal mechglue routines */
608 int gssint_mechglue_init(void);
609 void gssint_mechglue_fini(void);
612 gss_mechanism gssint_get_mechanism (gss_OID);
613 gss_mechanism_ext gssint_get_mechanism_ext(const gss_OID);
614 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t);
615 char *gssint_get_kmodName(const gss_OID);
616 char *gssint_get_modOptions(const gss_OID);
617 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t,
619 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID,
620 const gss_name_t, gss_buffer_t);
621 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t,
622 gss_buffer_t, gss_OID *);
623 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *);
624 OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID,
625 gss_ctx_id_t *, gss_buffer_t);
626 #ifdef _GSS_STATIC_LINK
627 int gssint_register_mechinfo(gss_mech_info template);
630 OM_uint32 gssint_convert_name_to_union_name
631 (OM_uint32 *, /* minor_status */
632 gss_mechanism, /* mech */
633 gss_name_t, /* internal_name */
634 gss_name_t * /* external_name */
636 gss_cred_id_t gssint_get_mechanism_cred
637 (gss_union_cred_t, /* union_cred */
638 gss_OID /* mech_type */
641 OM_uint32 gssint_create_copy_buffer(
642 const gss_buffer_t, /* src buffer */
643 gss_buffer_t *, /* destination buffer */
644 int /* NULL terminate buffer ? */
647 OM_uint32 gssint_copy_oid_set(
648 OM_uint32 *, /* minor_status */
649 const gss_OID_set_desc * const, /* oid set */
650 gss_OID_set * /* new oid set */
653 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */
655 OM_uint32 gss_add_mech_name_type
656 (OM_uint32 *, /* minor_status */
657 gss_OID, /* name_type */
662 * Sun extensions to GSS-API v2
667 const char *mech, /* mechanism string name */
668 gss_OID *oid /* mechanism oid */
673 const gss_OID oid /* mechanism oid */
677 gssint_get_mechanisms(
678 char *mechArray[], /* array to populate with mechs */
679 int arrayLen /* length of passed in array */
684 OM_uint32 *, /* minor */
685 const gss_name_t, /* name */
686 const char *, /* user */
692 OM_uint32 *, /* minor_status */
693 const gss_cred_id_t, /* input_cred_handle */
694 gss_cred_usage_t, /* cred_usage */
695 const gss_OID, /* desired_mech */
696 OM_uint32, /* overwrite_cred */
697 OM_uint32, /* default_cred */
698 gss_OID_set *, /* elements_stored */
699 gss_cred_usage_t * /* cred_usage_stored */
703 gssint_get_der_length(
704 unsigned char **, /* buf */
705 unsigned int, /* buf_len */
706 unsigned int * /* bytes */
710 gssint_der_length_size(unsigned int /* len */);
713 gssint_put_der_length(
714 unsigned int, /* length */
715 unsigned char **, /* buf */
716 unsigned int /* max_len */
720 gssint_wrap_aead (gss_mechanism, /* mech */
721 OM_uint32 *, /* minor_status */
722 gss_union_ctx_id_t, /* ctx */
723 int, /* conf_req_flag */
724 gss_qop_t, /* qop_req_flag */
725 gss_buffer_t, /* input_assoc_buffer */
726 gss_buffer_t, /* input_payload_buffer */
727 int *, /* conf_state */
728 gss_buffer_t); /* output_message_buffer */
730 gssint_unwrap_aead (gss_mechanism, /* mech */
731 OM_uint32 *, /* minor_status */
732 gss_union_ctx_id_t, /* ctx */
733 gss_buffer_t, /* input_message_buffer */
734 gss_buffer_t, /* input_assoc_buffer */
735 gss_buffer_t, /* output_payload_buffer */
736 int *, /* conf_state */
737 gss_qop_t *); /* qop_state */
740 /* Use this to map an error code that was returned from a mech
741 operation; the mech will be asked to produce the associated error
744 Remember that if the minor status code cannot be returned to the
745 caller (e.g., if it's stuffed in an automatic variable and then
746 ignored), then we don't care about producing a mapping. */
747 #define map_error(MINORP, MECH) \
748 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type))
749 #define map_error_oid(MINORP, MECHOID) \
750 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID)))
752 /* Use this to map an errno value or com_err error code being
753 generated within the mechglue code (e.g., by calling generic oid
754 ops). Any errno or com_err values produced by mech operations
755 should be processed with map_error. This means they'll be stored
756 separately even if the mech uses com_err, because we can't assume
757 that it will use com_err. */
758 #define map_errcode(MINORP) \
759 (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP)))
761 #endif /* _GSS_MECHGLUEP_H */
projects / krb5.git / blob