(o1)->length = (o2)->length; \
} while (0)
-#define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\
- (buf)->value == NULL || (buf)->length == 0)
-
/*
* Array of context IDs typed by mechanism OID
*/
-typedef struct gss_union_ctx_id_t {
+typedef struct gss_ctx_id_struct {
+ struct gss_ctx_id_struct *loopback;
gss_OID mech_type;
gss_ctx_id_t internal_ctx_id;
} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
* Generic GSSAPI names. A name can either be a generic name, or a
* mechanism specific name....
*/
-typedef struct gss_union_name_t {
+typedef struct gss_name_struct {
+ struct gss_name_struct *loopback;
gss_OID name_type;
gss_buffer_t external_name;
/*
/*
* Set of Credentials typed on mechanism OID
*/
-typedef struct gss_union_cred_t {
+typedef struct gss_cred_id_struct {
+ struct gss_cred_id_struct *loopback;
int count;
gss_OID mechs_array;
gss_cred_id_t *cred_array;
gss_union_cred_auxinfo auxinfo;
} gss_union_cred_desc, *gss_union_cred_t;
-
+
+typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)(
+ OM_uint32 *, /* minor_status */
+ const gss_name_t, /* desired_name */
+ const gss_buffer_t, /* password */
+ OM_uint32, /* time_req */
+ const gss_OID_set, /* desired_mechs */
+ int, /* cred_usage */
+ gss_cred_id_t *, /* output_cred_handle */
+ gss_OID_set *, /* actual_mechs */
+ OM_uint32 * /* time_rec */
+ /* */);
+
+/*
+ * Rudimentary pointer validation macro to check whether the
+ * "loopback" field of an opaque struct points back to itself. This
+ * field also catches some programming errors where an opaque pointer
+ * is passed to a function expecting the address of the opaque
+ * pointer.
+ */
+#define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
+
/********************************************************/
/* The Mechanism Dispatch Table -- a mechanism needs to */
/* define one of these and provide a function to return */
-/* it to initialize the GSSAPI library */
+/* it to initialize the GSSAPI library */
+int gssint_mechglue_initialize_library(void);
+
+OM_uint32 gssint_get_mech_type_oid(gss_OID OID, gss_buffer_t token);
/*
* This is the definition of the mechs_array struct, which is used to
*
* This contants all of the functions defined in gssapi.h except for
* gss_release_buffer() and gss_release_oid_set(), which I am
- * assuming, for now, to be equal across mechanisms.
+ * assuming, for now, to be equal across mechanisms.
*/
-
+
typedef struct gss_config {
- OM_uint32 priority;
- char * mechNameStr;
gss_OID_desc mech_type;
void * context;
OM_uint32 (*gss_acquire_cred)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_name_t, /* desired_name */
OM_uint32, /* time_req */
);
OM_uint32 (*gss_release_cred)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_cred_id_t* /* cred_handle */
);
OM_uint32 (*gss_init_sec_context)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_cred_id_t, /* claimant_cred_handle */
gss_ctx_id_t*, /* context_handle */
);
OM_uint32 (*gss_accept_sec_context)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_ctx_id_t*, /* context_handle */
gss_cred_id_t, /* verifier_cred_handle */
);
OM_uint32 (*gss_process_context_token)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_buffer_t /* token_buffer */
);
OM_uint32 (*gss_delete_sec_context)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_ctx_id_t*, /* context_handle */
gss_buffer_t /* output_token */
);
OM_uint32 (*gss_context_time)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
OM_uint32* /* time_rec */
);
- OM_uint32 (*gss_sign)
+ OM_uint32 (*gss_get_mic)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
- int, /* qop_req */
+ gss_qop_t, /* qop_req */
gss_buffer_t, /* message_buffer */
gss_buffer_t /* message_token */
);
- OM_uint32 (*gss_verify)
+ OM_uint32 (*gss_verify_mic)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_buffer_t, /* message_buffer */
gss_buffer_t, /* token_buffer */
- int* /* qop_state */
+ gss_qop_t* /* qop_state */
);
- OM_uint32 (*gss_seal)
+ OM_uint32 (*gss_wrap)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
- int, /* qop_req */
+ gss_qop_t, /* qop_req */
gss_buffer_t, /* input_message_buffer */
int*, /* conf_state */
gss_buffer_t /* output_message_buffer */
);
- OM_uint32 (*gss_unseal)
+ OM_uint32 (*gss_unwrap)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_buffer_t, /* input_message_buffer */
gss_buffer_t, /* output_message_buffer */
int*, /* conf_state */
- int* /* qop_state */
+ gss_qop_t* /* qop_state */
);
OM_uint32 (*gss_display_status)
(
- void*, /* context */
OM_uint32*, /* minor_status */
OM_uint32, /* status_value */
int, /* status_type */
);
OM_uint32 (*gss_indicate_mechs)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_OID_set* /* mech_set */
);
OM_uint32 (*gss_compare_name)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_name_t, /* name1 */
gss_name_t, /* name2 */
);
OM_uint32 (*gss_display_name)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_name_t, /* input_name */
gss_buffer_t, /* output_name_buffer */
);
OM_uint32 (*gss_import_name)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_buffer_t, /* input_name_buffer */
gss_OID, /* input_name_type */
);
OM_uint32 (*gss_release_name)
(
- void*, /* context */
OM_uint32*, /* minor_status */
gss_name_t* /* input_name */
);
OM_uint32 (*gss_inquire_cred)
(
- void*, /* context */
OM_uint32 *, /* minor_status */
gss_cred_id_t, /* cred_handle */
gss_name_t *, /* name */
);
OM_uint32 (*gss_add_cred)
(
- void*, /* context */
OM_uint32 *, /* minor_status */
gss_cred_id_t, /* input_cred_handle */
gss_name_t, /* desired_name */
);
OM_uint32 (*gss_export_sec_context)
(
- void*, /* context */
OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
gss_buffer_t /* interprocess_token */
);
OM_uint32 (*gss_import_sec_context)
(
- void *, /* context */
OM_uint32 *, /* minor_status */
gss_buffer_t, /* interprocess_token */
gss_ctx_id_t * /* context_handle */
);
OM_uint32 (*gss_inquire_cred_by_mech)
(
- void *, /* context */
OM_uint32 *, /* minor_status */
gss_cred_id_t, /* cred_handle */
gss_OID, /* mech_type */
);
OM_uint32 (*gss_inquire_names_for_mech)
(
- void *, /* context */
OM_uint32 *, /* minor_status */
gss_OID, /* mechanism */
gss_OID_set * /* name_types */
);
OM_uint32 (*gss_inquire_context)
(
- void *, /* context */
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
gss_name_t *, /* src_name */
OM_uint32 *, /* lifetime_rec */
gss_OID *, /* mech_type */
OM_uint32 *, /* ctx_flags */
- int *, /* locally_initiated */
+ int *, /* locally_initiated */
int * /* open */
);
OM_uint32 (*gss_internal_release_oid)
(
- void *, /* context */
OM_uint32 *, /* minor_status */
gss_OID * /* OID */
);
OM_uint32 (*gss_wrap_size_limit)
(
- void *, /* context */
OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
OM_uint32, /* req_output_size */
OM_uint32 * /* max_input_size */
);
+#if 0
int (*pname_to_uid)
(
- void *, /* context */
char *, /* pname */
gss_OID, /* name type */
gss_OID, /* mech type */
);
OM_uint32 (*gssint_userok)
(
- void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* pname */
const char *, /* local user */
int * /* user ok? */
/* */);
+#endif
OM_uint32 (*gss_export_name)
(
- void *, /* context */
OM_uint32 *, /* minor_status */
const gss_name_t, /* input_name */
gss_buffer_t /* exported_name */
/* */);
OM_uint32 (*gss_store_cred)
(
- void *, /* context */
OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* input_cred */
gss_cred_usage_t, /* cred_usage */
gss_OID_set *, /* elements_stored */
gss_cred_usage_t * /* cred_usage_stored */
/* */);
+
+
+ /* GGF extensions */
+
+ OM_uint32 (*gss_inquire_sec_context_by_oid)
+ (
+ OM_uint32 *, /* minor_status */
+ const gss_ctx_id_t, /* context_handle */
+ const gss_OID, /* OID */
+ gss_buffer_set_t * /* data_set */
+ );
+ OM_uint32 (*gss_inquire_cred_by_oid)
+ (
+ OM_uint32 *, /* minor_status */
+ const gss_cred_id_t, /* cred_handle */
+ const gss_OID, /* OID */
+ gss_buffer_set_t * /* data_set */
+ );
+ OM_uint32 (*gss_set_sec_context_option)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t *, /* context_handle */
+ const gss_OID, /* OID */
+ const gss_buffer_t /* value */
+ );
+ OM_uint32 (*gssspi_set_cred_option)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_cred_id_t *, /* cred_handle */
+ const gss_OID, /* OID */
+ const gss_buffer_t /* value */
+ );
+ OM_uint32 (*gssspi_mech_invoke)
+ (
+ OM_uint32*, /* minor_status */
+ const gss_OID, /* mech OID */
+ const gss_OID, /* OID */
+ gss_buffer_t /* value */
+ );
+
+ /* AEAD extensions */
+ OM_uint32 (*gss_wrap_aead)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int, /* conf_req_flag */
+ gss_qop_t, /* qop_req */
+ gss_buffer_t, /* input_assoc_buffer */
+ gss_buffer_t, /* input_payload_buffer */
+ int *, /* conf_state */
+ gss_buffer_t /* output_message_buffer */
+ /* */);
+
+ OM_uint32 (*gss_unwrap_aead)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ gss_buffer_t, /* input_message_buffer */
+ gss_buffer_t, /* input_assoc_buffer */
+ gss_buffer_t, /* output_payload_buffer */
+ int *, /* conf_state */
+ gss_qop_t * /* qop_state */
+ /* */);
+
+ /* SSPI extensions */
+ OM_uint32 (*gss_wrap_iov)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int, /* conf_req_flag */
+ gss_qop_t, /* qop_req */
+ int *, /* conf_state */
+ gss_iov_buffer_desc *, /* iov */
+ int /* iov_count */
+ /* */);
+
+ OM_uint32 (*gss_unwrap_iov)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int *, /* conf_state */
+ gss_qop_t *, /* qop_state */
+ gss_iov_buffer_desc *, /* iov */
+ int /* iov_count */
+ /* */);
+
+ OM_uint32 (*gss_wrap_iov_length)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int, /* conf_req_flag*/
+ gss_qop_t, /* qop_req */
+ int *, /* conf_state */
+ gss_iov_buffer_desc *, /* iov */
+ int /* iov_count */
+ /* */);
+
+ OM_uint32 (*gss_complete_auth_token)
+ (
+ OM_uint32*, /* minor_status */
+ const gss_ctx_id_t, /* context_handle */
+ gss_buffer_t /* input_message_buffer */
+ );
+
+ /* New for 1.8 */
+
+ OM_uint32 (*gss_acquire_cred_impersonate_name)
+ (
+ OM_uint32 *, /* minor_status */
+ const gss_cred_id_t, /* impersonator_cred_handle */
+ const gss_name_t, /* desired_name */
+ OM_uint32, /* time_req */
+ const gss_OID_set, /* desired_mechs */
+ gss_cred_usage_t, /* cred_usage */
+ gss_cred_id_t *, /* output_cred_handle */
+ gss_OID_set *, /* actual_mechs */
+ OM_uint32 * /* time_rec */
+ /* */);
+
+ OM_uint32 (*gss_add_cred_impersonate_name)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_cred_id_t, /* input_cred_handle */
+ const gss_cred_id_t, /* impersonator_cred_handle */
+ const gss_name_t, /* desired_name */
+ const gss_OID, /* desired_mech */
+ gss_cred_usage_t, /* cred_usage */
+ OM_uint32, /* initiator_time_req */
+ OM_uint32, /* acceptor_time_req */
+ gss_cred_id_t *, /* output_cred_handle */
+ gss_OID_set *, /* actual_mechs */
+ OM_uint32 *, /* initiator_time_rec */
+ OM_uint32 * /* acceptor_time_rec */
+ /* */);
+
+ OM_uint32 (*gss_display_name_ext)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_OID, /* display_as_name_type */
+ gss_buffer_t /* display_name */
+ /* */);
+
+ OM_uint32 (*gss_inquire_name)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ int *, /* name_is_MN */
+ gss_OID *, /* MN_mech */
+ gss_buffer_set_t * /* attrs */
+ /* */);
+
+ OM_uint32 (*gss_get_name_attribute)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t, /* attr */
+ int *, /* authenticated */
+ int *, /* complete */
+ gss_buffer_t, /* value */
+ gss_buffer_t, /* display_value */
+ int * /* more */
+ /* */);
+
+ OM_uint32 (*gss_set_name_attribute)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ int, /* complete */
+ gss_buffer_t, /* attr */
+ gss_buffer_t /* value */
+ /* */);
+
+ OM_uint32 (*gss_delete_name_attribute)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t /* attr */
+ /* */);
+
+ OM_uint32 (*gss_export_name_composite)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t /* exp_composite_name */
+ /* */);
+
+ OM_uint32 (*gss_map_name_to_any)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ int, /* authenticated */
+ gss_buffer_t, /* type_id */
+ gss_any_t * /* output */
+ /* */);
+
+ OM_uint32 (*gss_release_any_name_mapping)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t, /* type_id */
+ gss_any_t * /* input */
+ /* */);
+
+ OM_uint32 (*gss_pseudo_random)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context */
+ int, /* prf_key */
+ const gss_buffer_t, /* prf_in */
+ ssize_t, /* desired_output_len */
+ gss_buffer_t /* prf_out */
+ /* */);
+
+ OM_uint32 (*gss_set_neg_mechs)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_cred_id_t, /* cred_handle */
+ const gss_OID_set /* mech_set */
+ /* */);
+
+ OM_uint32 (*gss_inquire_saslname_for_mech)
+ (
+ OM_uint32 *, /* minor_status */
+ const gss_OID, /* desired_mech */
+ gss_buffer_t, /* sasl_mech_name */
+ gss_buffer_t, /* mech_name */
+ gss_buffer_t /* mech_description */
+ /* */);
+
+ OM_uint32 (*gss_inquire_mech_for_saslname)
+ (
+ OM_uint32 *, /* minor_status */
+ const gss_buffer_t, /* sasl_mech_name */
+ gss_OID * /* mech_type */
+ /* */);
+
+ OM_uint32 (*gss_inquire_attrs_for_mech)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_const_OID, /* mech */
+ gss_OID_set *, /* mech_attrs */
+ gss_OID_set * /* known_mech_attrs */
+ /* */);
+
} *gss_mechanism;
+/* This structure MUST NOT be used by any code outside libgss */
+typedef struct gss_config_ext {
+ gss_acquire_cred_with_password_sfct gssspi_acquire_cred_with_password;
+} *gss_mechanism_ext;
+
/*
* In the user space we use a wrapper structure to encompass the
* mechanism entry points. The wrapper contain the mechanism
void *dl_handle; /* RTLD object handle for the mech */
gss_OID mech_type; /* mechanism oid */
gss_mechanism mech; /* mechanism initialization struct */
+ gss_mechanism_ext mech_ext; /* extensions */
+ int priority; /* mechanism preference order */
+ int freeMech; /* free mech table */
struct gss_mech_config *next; /* next element in the list */
} *gss_mech_info;
/********************************************************/
/* Internal mechglue routines */
+#if 0
int gssint_mechglue_init(void);
void gssint_mechglue_fini(void);
+#endif
gss_mechanism gssint_get_mechanism (gss_OID);
+gss_mechanism_ext gssint_get_mechanism_ext(const gss_OID);
OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t);
char *gssint_get_kmodName(const gss_OID);
char *gssint_get_modOptions(const gss_OID);
OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t,
gss_buffer_t, gss_OID *);
OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *);
+OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID,
+ gss_ctx_id_t *, gss_buffer_t);
+#ifdef _GSS_STATIC_LINK
+int gssint_register_mechinfo(gss_mech_info template);
+#endif
OM_uint32 gssint_convert_name_to_union_name
(OM_uint32 *, /* minor_status */
OM_uint32 gssint_copy_oid_set(
OM_uint32 *, /* minor_status */
- const gss_OID_set_desc *, /* oid set */
+ const gss_OID_set_desc * const, /* oid set */
gss_OID_set * /* new oid set */
);
);
OM_uint32
-gss_store_cred(
- OM_uint32 *, /* minor_status */
- const gss_cred_id_t, /* input_cred_handle */
- gss_cred_usage_t, /* cred_usage */
- const gss_OID, /* desired_mech */
- OM_uint32, /* overwrite_cred */
- OM_uint32, /* default_cred */
- gss_OID_set *, /* elements_stored */
- gss_cred_usage_t * /* cred_usage_stored */
+gssint_userok(
+ OM_uint32 *, /* minor */
+ const gss_name_t, /* name */
+ const char *, /* user */
+ int * /* user_ok */
);
int
unsigned int /* max_len */
);
+OM_uint32
+gssint_wrap_aead (gss_mechanism, /* mech */
+ OM_uint32 *, /* minor_status */
+ gss_union_ctx_id_t, /* ctx */
+ int, /* conf_req_flag */
+ gss_qop_t, /* qop_req_flag */
+ gss_buffer_t, /* input_assoc_buffer */
+ gss_buffer_t, /* input_payload_buffer */
+ int *, /* conf_state */
+ gss_buffer_t); /* output_message_buffer */
+OM_uint32
+gssint_unwrap_aead (gss_mechanism, /* mech */
+ OM_uint32 *, /* minor_status */
+ gss_union_ctx_id_t, /* ctx */
+ gss_buffer_t, /* input_message_buffer */
+ gss_buffer_t, /* input_assoc_buffer */
+ gss_buffer_t, /* output_payload_buffer */
+ int *, /* conf_state */
+ gss_qop_t *); /* qop_state */
+
+
+/* Use this to map an error code that was returned from a mech
+ operation; the mech will be asked to produce the associated error
+ messages.
+
+ Remember that if the minor status code cannot be returned to the
+ caller (e.g., if it's stuffed in an automatic variable and then
+ ignored), then we don't care about producing a mapping. */
+#define map_error(MINORP, MECH) \
+ (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type))
+#define map_error_oid(MINORP, MECHOID) \
+ (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID)))
+
+/* Use this to map an errno value or com_err error code being
+ generated within the mechglue code (e.g., by calling generic oid
+ ops). Any errno or com_err values produced by mech operations
+ should be processed with map_error. This means they'll be stored
+ separately even if the mech uses com_err, because we can't assume
+ that it will use com_err. */
+#define map_errcode(MINORP) \
+ (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP)))
+
#endif /* _GSS_MECHGLUEP_H */
projects / krb5.git / blobdiff