1 /* #ident "@(#)mglueP.h 1.2 96/01/18 SMI" */
4 * This header contains the private mechglue definitions.
6 * Copyright (c) 1995, by Sun Microsystems, Inc.
10 #ifndef _GSS_MECHGLUEP_H
11 #define _GSS_MECHGLUEP_H
15 #include "gssapiP_generic.h"
17 #define g_OID_copy(o1, o2) \
19 memcpy((o1)->elements, (o2)->elements, (o2)->length); \
20 (o1)->length = (o2)->length; \
24 * Array of context IDs typed by mechanism OID
26 typedef struct gss_ctx_id_struct {
27 struct gss_ctx_id_struct *loopback;
29 gss_ctx_id_t internal_ctx_id;
30 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
33 * Generic GSSAPI names. A name can either be a generic name, or a
34 * mechanism specific name....
36 typedef struct gss_name_struct {
37 struct gss_name_struct *loopback;
39 gss_buffer_t external_name;
41 * These last two fields are only filled in for mechanism
46 } gss_union_name_desc, *gss_union_name_t;
49 * Structure for holding list of mechanism-specific name types
51 typedef struct gss_mech_spec_name_t {
54 struct gss_mech_spec_name_t *next, *prev;
55 } gss_mech_spec_name_desc, *gss_mech_spec_name;
58 * Credential auxiliary info, used in the credential structure
60 typedef struct gss_union_cred_auxinfo {
63 OM_uint32 creation_time;
66 } gss_union_cred_auxinfo;
69 * Set of Credentials typed on mechanism OID
71 typedef struct gss_cred_id_struct {
72 struct gss_cred_id_struct *loopback;
75 gss_cred_id_t *cred_array;
76 gss_union_cred_auxinfo auxinfo;
77 } gss_union_cred_desc, *gss_union_cred_t;
79 typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)(
81 OM_uint32 *, /* minor_status */
82 const gss_name_t, /* desired_name */
83 const gss_buffer_t, /* password */
84 OM_uint32, /* time_req */
85 const gss_OID_set, /* desired_mechs */
87 gss_cred_id_t *, /* output_cred_handle */
88 gss_OID_set *, /* actual_mechs */
89 OM_uint32 * /* time_rec */
93 * Rudimentary pointer validation macro to check whether the
94 * "loopback" field of an opaque struct points back to itself. This
95 * field also catches some programming errors where an opaque pointer
96 * is passed to a function expecting the address of the opaque
99 #define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
101 /********************************************************/
102 /* The Mechanism Dispatch Table -- a mechanism needs to */
103 /* define one of these and provide a function to return */
104 /* it to initialize the GSSAPI library */
105 int gssint_mechglue_initialize_library(void);
107 OM_uint32 gssint_get_mech_type_oid(gss_OID OID, gss_buffer_t token);
110 * This is the definition of the mechs_array struct, which is used to
111 * define the mechs array table. This table is used to indirectly
112 * access mechanism specific versions of the gssapi routines through
113 * the routines in the glue module (gssd_mech_glue.c)
115 * This contants all of the functions defined in gssapi.h except for
116 * gss_release_buffer() and gss_release_oid_set(), which I am
117 * assuming, for now, to be equal across mechanisms.
120 typedef struct gss_config {
121 gss_OID_desc mech_type;
123 OM_uint32 (*gss_acquire_cred)
125 OM_uint32*, /* minor_status */
126 gss_name_t, /* desired_name */
127 OM_uint32, /* time_req */
128 gss_OID_set, /* desired_mechs */
129 int, /* cred_usage */
130 gss_cred_id_t*, /* output_cred_handle */
131 gss_OID_set*, /* actual_mechs */
132 OM_uint32* /* time_rec */
134 OM_uint32 (*gss_release_cred)
136 OM_uint32*, /* minor_status */
137 gss_cred_id_t* /* cred_handle */
139 OM_uint32 (*gss_init_sec_context)
141 OM_uint32*, /* minor_status */
142 gss_cred_id_t, /* claimant_cred_handle */
143 gss_ctx_id_t*, /* context_handle */
144 gss_name_t, /* target_name */
145 gss_OID, /* mech_type */
146 OM_uint32, /* req_flags */
147 OM_uint32, /* time_req */
148 gss_channel_bindings_t, /* input_chan_bindings */
149 gss_buffer_t, /* input_token */
150 gss_OID*, /* actual_mech_type */
151 gss_buffer_t, /* output_token */
152 OM_uint32*, /* ret_flags */
153 OM_uint32* /* time_rec */
155 OM_uint32 (*gss_accept_sec_context)
157 OM_uint32*, /* minor_status */
158 gss_ctx_id_t*, /* context_handle */
159 gss_cred_id_t, /* verifier_cred_handle */
160 gss_buffer_t, /* input_token_buffer */
161 gss_channel_bindings_t, /* input_chan_bindings */
162 gss_name_t*, /* src_name */
163 gss_OID*, /* mech_type */
164 gss_buffer_t, /* output_token */
165 OM_uint32*, /* ret_flags */
166 OM_uint32*, /* time_rec */
167 gss_cred_id_t* /* delegated_cred_handle */
169 OM_uint32 (*gss_process_context_token)
171 OM_uint32*, /* minor_status */
172 gss_ctx_id_t, /* context_handle */
173 gss_buffer_t /* token_buffer */
175 OM_uint32 (*gss_delete_sec_context)
177 OM_uint32*, /* minor_status */
178 gss_ctx_id_t*, /* context_handle */
179 gss_buffer_t /* output_token */
181 OM_uint32 (*gss_context_time)
183 OM_uint32*, /* minor_status */
184 gss_ctx_id_t, /* context_handle */
185 OM_uint32* /* time_rec */
187 OM_uint32 (*gss_get_mic)
189 OM_uint32*, /* minor_status */
190 gss_ctx_id_t, /* context_handle */
191 gss_qop_t, /* qop_req */
192 gss_buffer_t, /* message_buffer */
193 gss_buffer_t /* message_token */
195 OM_uint32 (*gss_verify_mic)
197 OM_uint32*, /* minor_status */
198 gss_ctx_id_t, /* context_handle */
199 gss_buffer_t, /* message_buffer */
200 gss_buffer_t, /* token_buffer */
201 gss_qop_t* /* qop_state */
203 OM_uint32 (*gss_wrap)
205 OM_uint32*, /* minor_status */
206 gss_ctx_id_t, /* context_handle */
207 int, /* conf_req_flag */
208 gss_qop_t, /* qop_req */
209 gss_buffer_t, /* input_message_buffer */
210 int*, /* conf_state */
211 gss_buffer_t /* output_message_buffer */
213 OM_uint32 (*gss_unwrap)
215 OM_uint32*, /* minor_status */
216 gss_ctx_id_t, /* context_handle */
217 gss_buffer_t, /* input_message_buffer */
218 gss_buffer_t, /* output_message_buffer */
219 int*, /* conf_state */
220 gss_qop_t* /* qop_state */
222 OM_uint32 (*gss_display_status)
224 OM_uint32*, /* minor_status */
225 OM_uint32, /* status_value */
226 int, /* status_type */
227 gss_OID, /* mech_type */
228 OM_uint32*, /* message_context */
229 gss_buffer_t /* status_string */
231 OM_uint32 (*gss_indicate_mechs)
233 OM_uint32*, /* minor_status */
234 gss_OID_set* /* mech_set */
236 OM_uint32 (*gss_compare_name)
238 OM_uint32*, /* minor_status */
239 gss_name_t, /* name1 */
240 gss_name_t, /* name2 */
241 int* /* name_equal */
243 OM_uint32 (*gss_display_name)
245 OM_uint32*, /* minor_status */
246 gss_name_t, /* input_name */
247 gss_buffer_t, /* output_name_buffer */
248 gss_OID* /* output_name_type */
250 OM_uint32 (*gss_import_name)
252 OM_uint32*, /* minor_status */
253 gss_buffer_t, /* input_name_buffer */
254 gss_OID, /* input_name_type */
255 gss_name_t* /* output_name */
257 OM_uint32 (*gss_release_name)
259 OM_uint32*, /* minor_status */
260 gss_name_t* /* input_name */
262 OM_uint32 (*gss_inquire_cred)
264 OM_uint32 *, /* minor_status */
265 gss_cred_id_t, /* cred_handle */
266 gss_name_t *, /* name */
267 OM_uint32 *, /* lifetime */
268 int *, /* cred_usage */
269 gss_OID_set * /* mechanisms */
271 OM_uint32 (*gss_add_cred)
273 OM_uint32 *, /* minor_status */
274 gss_cred_id_t, /* input_cred_handle */
275 gss_name_t, /* desired_name */
276 gss_OID, /* desired_mech */
277 gss_cred_usage_t, /* cred_usage */
278 OM_uint32, /* initiator_time_req */
279 OM_uint32, /* acceptor_time_req */
280 gss_cred_id_t *, /* output_cred_handle */
281 gss_OID_set *, /* actual_mechs */
282 OM_uint32 *, /* initiator_time_rec */
283 OM_uint32 * /* acceptor_time_rec */
285 OM_uint32 (*gss_export_sec_context)
287 OM_uint32 *, /* minor_status */
288 gss_ctx_id_t *, /* context_handle */
289 gss_buffer_t /* interprocess_token */
291 OM_uint32 (*gss_import_sec_context)
293 OM_uint32 *, /* minor_status */
294 gss_buffer_t, /* interprocess_token */
295 gss_ctx_id_t * /* context_handle */
297 OM_uint32 (*gss_inquire_cred_by_mech)
299 OM_uint32 *, /* minor_status */
300 gss_cred_id_t, /* cred_handle */
301 gss_OID, /* mech_type */
302 gss_name_t *, /* name */
303 OM_uint32 *, /* initiator_lifetime */
304 OM_uint32 *, /* acceptor_lifetime */
305 gss_cred_usage_t * /* cred_usage */
307 OM_uint32 (*gss_inquire_names_for_mech)
309 OM_uint32 *, /* minor_status */
310 gss_OID, /* mechanism */
311 gss_OID_set * /* name_types */
313 OM_uint32 (*gss_inquire_context)
315 OM_uint32 *, /* minor_status */
316 gss_ctx_id_t, /* context_handle */
317 gss_name_t *, /* src_name */
318 gss_name_t *, /* targ_name */
319 OM_uint32 *, /* lifetime_rec */
320 gss_OID *, /* mech_type */
321 OM_uint32 *, /* ctx_flags */
322 int *, /* locally_initiated */
325 OM_uint32 (*gss_internal_release_oid)
327 OM_uint32 *, /* minor_status */
330 OM_uint32 (*gss_wrap_size_limit)
332 OM_uint32 *, /* minor_status */
333 gss_ctx_id_t, /* context_handle */
334 int, /* conf_req_flag */
335 gss_qop_t, /* qop_req */
336 OM_uint32, /* req_output_size */
337 OM_uint32 * /* max_input_size */
343 gss_OID, /* name type */
344 gss_OID, /* mech type */
347 OM_uint32 (*gssint_userok)
349 OM_uint32 *, /* minor_status */
350 const gss_name_t, /* pname */
351 const char *, /* local user */
355 OM_uint32 (*gss_export_name)
357 OM_uint32 *, /* minor_status */
358 const gss_name_t, /* input_name */
359 gss_buffer_t /* exported_name */
361 OM_uint32 (*gss_store_cred)
363 OM_uint32 *, /* minor_status */
364 const gss_cred_id_t, /* input_cred */
365 gss_cred_usage_t, /* cred_usage */
366 const gss_OID, /* desired_mech */
367 OM_uint32, /* overwrite_cred */
368 OM_uint32, /* default_cred */
369 gss_OID_set *, /* elements_stored */
370 gss_cred_usage_t * /* cred_usage_stored */
376 OM_uint32 (*gss_inquire_sec_context_by_oid)
378 OM_uint32 *, /* minor_status */
379 const gss_ctx_id_t, /* context_handle */
380 const gss_OID, /* OID */
381 gss_buffer_set_t * /* data_set */
383 OM_uint32 (*gss_inquire_cred_by_oid)
385 OM_uint32 *, /* minor_status */
386 const gss_cred_id_t, /* cred_handle */
387 const gss_OID, /* OID */
388 gss_buffer_set_t * /* data_set */
390 OM_uint32 (*gss_set_sec_context_option)
392 OM_uint32 *, /* minor_status */
393 gss_ctx_id_t *, /* context_handle */
394 const gss_OID, /* OID */
395 const gss_buffer_t /* value */
397 OM_uint32 (*gssspi_set_cred_option)
399 OM_uint32 *, /* minor_status */
400 gss_cred_id_t, /* cred_handle */
401 const gss_OID, /* OID */
402 const gss_buffer_t /* value */
404 OM_uint32 (*gssspi_mech_invoke)
406 OM_uint32*, /* minor_status */
407 const gss_OID, /* mech OID */
408 const gss_OID, /* OID */
409 gss_buffer_t /* value */
412 /* AEAD extensions */
413 OM_uint32 (*gss_wrap_aead)
415 OM_uint32 *, /* minor_status */
416 gss_ctx_id_t, /* context_handle */
417 int, /* conf_req_flag */
418 gss_qop_t, /* qop_req */
419 gss_buffer_t, /* input_assoc_buffer */
420 gss_buffer_t, /* input_payload_buffer */
421 int *, /* conf_state */
422 gss_buffer_t /* output_message_buffer */
425 OM_uint32 (*gss_unwrap_aead)
427 OM_uint32 *, /* minor_status */
428 gss_ctx_id_t, /* context_handle */
429 gss_buffer_t, /* input_message_buffer */
430 gss_buffer_t, /* input_assoc_buffer */
431 gss_buffer_t, /* output_payload_buffer */
432 int *, /* conf_state */
433 gss_qop_t * /* qop_state */
436 /* SSPI extensions */
437 OM_uint32 (*gss_wrap_iov)
439 OM_uint32 *, /* minor_status */
440 gss_ctx_id_t, /* context_handle */
441 int, /* conf_req_flag */
442 gss_qop_t, /* qop_req */
443 int *, /* conf_state */
444 gss_iov_buffer_desc *, /* iov */
448 OM_uint32 (*gss_unwrap_iov)
450 OM_uint32 *, /* minor_status */
451 gss_ctx_id_t, /* context_handle */
452 int *, /* conf_state */
453 gss_qop_t *, /* qop_state */
454 gss_iov_buffer_desc *, /* iov */
458 OM_uint32 (*gss_wrap_iov_length)
460 OM_uint32 *, /* minor_status */
461 gss_ctx_id_t, /* context_handle */
462 int, /* conf_req_flag*/
463 gss_qop_t, /* qop_req */
464 int *, /* conf_state */
465 gss_iov_buffer_desc *, /* iov */
469 OM_uint32 (*gss_complete_auth_token)
471 OM_uint32*, /* minor_status */
472 const gss_ctx_id_t, /* context_handle */
473 gss_buffer_t /* input_message_buffer */
478 /* This structure MUST NOT be used by any code outside libgss */
479 typedef struct gss_config_ext {
480 gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password;
481 } *gss_mechanism_ext;
484 * In the user space we use a wrapper structure to encompass the
485 * mechanism entry points. The wrapper contain the mechanism
486 * entry points and other data which is only relevant to the gss-api
487 * layer. In the kernel we use only the gss_config strucutre because
488 * the kernal does not cantain any of the extra gss-api specific data.
490 typedef struct gss_mech_config {
491 char *kmodName; /* kernel module name */
492 char *uLibName; /* user library name */
493 char *mechNameStr; /* mechanism string name */
494 char *optionStr; /* optional mech parameters */
495 void *dl_handle; /* RTLD object handle for the mech */
496 gss_OID mech_type; /* mechanism oid */
497 gss_mechanism mech; /* mechanism initialization struct */
498 gss_mechanism_ext mech_ext; /* extensions */
499 int priority; /* mechanism preference order */
500 int freeMech; /* free mech table */
501 struct gss_mech_config *next; /* next element in the list */
504 /********************************************************/
505 /* Internal mechglue routines */
508 int gssint_mechglue_init(void);
509 void gssint_mechglue_fini(void);
512 gss_mechanism gssint_get_mechanism (gss_OID);
513 gss_mechanism_ext gssint_get_mechanism_ext(const gss_OID);
514 OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t);
515 char *gssint_get_kmodName(const gss_OID);
516 char *gssint_get_modOptions(const gss_OID);
517 OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t,
519 OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID,
520 const gss_name_t, gss_buffer_t);
521 OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t,
522 gss_buffer_t, gss_OID *);
523 OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *);
524 OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID,
525 gss_ctx_id_t *, gss_buffer_t);
526 #ifdef _GSS_STATIC_LINK
527 int gssint_register_mechinfo(gss_mech_info template);
530 OM_uint32 gssint_convert_name_to_union_name
531 (OM_uint32 *, /* minor_status */
532 gss_mechanism, /* mech */
533 gss_name_t, /* internal_name */
534 gss_name_t * /* external_name */
536 gss_cred_id_t gssint_get_mechanism_cred
537 (gss_union_cred_t, /* union_cred */
538 gss_OID /* mech_type */
541 OM_uint32 gssint_create_copy_buffer(
542 const gss_buffer_t, /* src buffer */
543 gss_buffer_t *, /* destination buffer */
544 int /* NULL terminate buffer ? */
547 OM_uint32 gssint_copy_oid_set(
548 OM_uint32 *, /* minor_status */
549 const gss_OID_set_desc * const, /* oid set */
550 gss_OID_set * /* new oid set */
553 gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */
555 OM_uint32 gss_add_mech_name_type
556 (OM_uint32 *, /* minor_status */
557 gss_OID, /* name_type */
562 * Sun extensions to GSS-API v2
567 const char *mech, /* mechanism string name */
568 gss_OID *oid /* mechanism oid */
573 const gss_OID oid /* mechanism oid */
577 gssint_get_mechanisms(
578 char *mechArray[], /* array to populate with mechs */
579 int arrayLen /* length of passed in array */
584 OM_uint32 *, /* minor */
585 const gss_name_t, /* name */
586 const char *, /* user */
592 OM_uint32 *, /* minor_status */
593 const gss_cred_id_t, /* input_cred_handle */
594 gss_cred_usage_t, /* cred_usage */
595 const gss_OID, /* desired_mech */
596 OM_uint32, /* overwrite_cred */
597 OM_uint32, /* default_cred */
598 gss_OID_set *, /* elements_stored */
599 gss_cred_usage_t * /* cred_usage_stored */
603 gssint_get_der_length(
604 unsigned char **, /* buf */
605 unsigned int, /* buf_len */
606 unsigned int * /* bytes */
610 gssint_der_length_size(unsigned int /* len */);
613 gssint_put_der_length(
614 unsigned int, /* length */
615 unsigned char **, /* buf */
616 unsigned int /* max_len */
620 gssint_wrap_aead (gss_mechanism, /* mech */
621 OM_uint32 *, /* minor_status */
622 gss_union_ctx_id_t, /* ctx */
623 int, /* conf_req_flag */
624 gss_qop_t, /* qop_req_flag */
625 gss_buffer_t, /* input_assoc_buffer */
626 gss_buffer_t, /* input_payload_buffer */
627 int *, /* conf_state */
628 gss_buffer_t); /* output_message_buffer */
630 gssint_unwrap_aead (gss_mechanism, /* mech */
631 OM_uint32 *, /* minor_status */
632 gss_union_ctx_id_t, /* ctx */
633 gss_buffer_t, /* input_message_buffer */
634 gss_buffer_t, /* input_assoc_buffer */
635 gss_buffer_t, /* output_payload_buffer */
636 int *, /* conf_state */
637 gss_qop_t *); /* qop_state */
640 /* Use this to map an error code that was returned from a mech
641 operation; the mech will be asked to produce the associated error
644 Remember that if the minor status code cannot be returned to the
645 caller (e.g., if it's stuffed in an automatic variable and then
646 ignored), then we don't care about producing a mapping. */
647 #define map_error(MINORP, MECH) \
648 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type))
649 #define map_error_oid(MINORP, MECHOID) \
650 (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID)))
652 /* Use this to map an errno value or com_err error code being
653 generated within the mechglue code (e.g., by calling generic oid
654 ops). Any errno or com_err values produced by mech operations
655 should be processed with map_error. This means they'll be stored
656 separately even if the mech uses com_err, because we can't assume
657 that it will use com_err. */
658 #define map_errcode(MINORP) \
659 (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP)))
661 #endif /* _GSS_MECHGLUEP_H */