$(srcdir)/g_sign.c \
$(srcdir)/g_store_cred.c \
$(srcdir)/g_unseal.c \
- $(srcdir)/g_userok.c \
$(srcdir)/g_utils.c \
$(srcdir)/g_verify.c \
- $(srcdir)/gssd_pname_to_uid.c \
$(srcdir)/oid_ops.c
STLIBOBJS = \
g_sign.o \
g_store_cred.o \
g_unseal.o \
- g_userok.o \
g_utils.o \
g_verify.o \
- gssd_pname_to_uid.o \
oid_ops.o
EHDRDIR= $(BUILDTOP)$(S)include$(S)gssapi
+++ /dev/null
-/* #ident "@(#)gss_indicate_mechs.c 1.13 95/08/04 SMI" */
-
-/*
- * Copyright 1996 by Sun Microsystems, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of Sun Microsystems not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. Sun Microsystems makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * glue routine for gss_indicate_mechs
- */
-
-#include "mglueP.h"
-#include <stdio.h>
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#include <string.h>
-
-extern gss_mechanism *gssint_mechs_array;
-
-static gss_OID_set_desc supported_mechs_desc;
-static gss_OID_set supported_mechs = NULL;
-
-OM_uint32 KRB5_CALLCONV
-gss_indicate_mechs (minor_status,
- mech_set)
-
-OM_uint32 * minor_status;
-gss_OID_set * mech_set;
-
-{
- int i;
-
- gss_initialize();
-
- if (minor_status)
- *minor_status = 0;
-
- /*
- * If we have already computed the mechanisms supported, return
- * a pointer to it. Otherwise, compute them and return the pointer.
- */
-
- if(supported_mechs == NULL) {
-
- supported_mechs = &supported_mechs_desc;
- supported_mechs->count = 0;
-
- /* Build the mech_set from the OIDs in mechs_array. */
-
- for(i=0; gssint_mechs_array[i]->mech_type.length != 0; i++)
- supported_mechs->count++;
-
- supported_mechs->elements =
- (void *) malloc(supported_mechs->count *
- sizeof(gss_OID_desc));
-
- for(i=0; i < supported_mechs->count; i++) {
- supported_mechs->elements[i].length =
- gssint_mechs_array[i]->mech_type.length;
- supported_mechs->elements[i].elements = (void *)
- malloc(gssint_mechs_array[i]->mech_type.length);
- memcpy(supported_mechs->elements[i].elements,
- gssint_mechs_array[i]->mech_type.elements,
- gssint_mechs_array[i]->mech_type.length);
- }
- }
-
- if(mech_set != NULL)
- *mech_set = supported_mechs;
-
- return(GSS_S_COMPLETE);
-}
return (aMech->mech);
} /* gssint_get_mechanism */
-gss_mechanism_ext
-gssint_get_mechanism_ext(oid)
-const gss_OID oid;
-{
- gss_mech_info aMech;
- gss_mechanism_ext mech_ext;
-
- /* check if the mechanism is already loaded */
- if ((aMech = searchMechList(oid)) != NULL && aMech->mech_ext != NULL)
- return (aMech->mech_ext);
-
- if (gssint_get_mechanism(oid) == NULL)
- return (NULL);
-
- if (aMech->dl_handle == NULL)
- return (NULL);
-
- /* Load the gss_config_ext struct for this mech */
-
- mech_ext = (gss_mechanism_ext)malloc(sizeof (struct gss_config_ext));
-
- if (mech_ext == NULL)
- return (NULL);
-
- /*
- * dlsym() the mech's 'method' functions for the extended APIs
- *
- * NOTE: Until the void *context argument is removed from the
- * SPI method functions' signatures it will be necessary to have
- * different function pointer typedefs and function names for
- * the SPI methods than for the API. When this argument is
- * removed it will be possible to rename gss_*_sfct to gss_*_fct
- * and and gssspi_* to gss_*.
- */
- mech_ext->gss_acquire_cred_with_password =
- (gss_acquire_cred_with_password_sfct)dlsym(aMech->dl_handle,
- "gssspi_acquire_cred_with_password");
-
- /* Set aMech->mech_ext */
- (void) k5_mutex_lock(&g_mechListLock);
-
- if (aMech->mech_ext == NULL)
- aMech->mech_ext = mech_ext;
- else
- free(mech_ext); /* we raced and lost; don't leak */
-
- (void) k5_mutex_unlock(&g_mechListLock);
-
- return (aMech->mech_ext);
-
-} /* gssint_get_mechanism_ext */
-
/*
* this routine is used for searching the list of mechanism data.
+++ /dev/null
-/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
- */
-
-/* #pragma ident "@(#)g_userok.c 1.1 04/03/25 SMI" */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <mglueP.h>
-#include <gssapi/gssapi.h>
-
-
-static OM_uint32
-compare_names(OM_uint32 *minor,
- const gss_OID mech_type,
- const gss_name_t name,
- const char *user,
- int *user_ok)
-{
-
- OM_uint32 status, tmpMinor;
- gss_name_t imported_name;
- gss_name_t canon_name;
- gss_buffer_desc gss_user;
- int match = 0;
-
- *user_ok = 0;
-
- gss_user.value = (void *)user;
- if (!gss_user.value || !name || !mech_type)
- return (GSS_S_BAD_NAME);
- gss_user.length = strlen(gss_user.value);
-
- status = gss_import_name(minor,
- &gss_user,
- GSS_C_NT_USER_NAME,
- &imported_name);
- if (status != GSS_S_COMPLETE) {
- goto out;
- }
-
- status = gss_canonicalize_name(minor,
- imported_name,
- mech_type,
- &canon_name);
- if (status != GSS_S_COMPLETE) {
- (void) gss_release_name(&tmpMinor, &imported_name);
- goto out;
- }
-
- status = gss_compare_name(minor,
- canon_name,
- name,
- &match);
- (void) gss_release_name(&tmpMinor, &canon_name);
- (void) gss_release_name(&tmpMinor, &imported_name);
- if (status == GSS_S_COMPLETE) {
- if (match)
- *user_ok = 1; /* remote user is a-ok */
- }
-
-out:
- return (status);
-}
-
-
-OM_uint32
-gssint_userok(OM_uint32 *minor,
- const gss_name_t name,
- const char *user,
- int *user_ok)
-
-{
- gss_mechanism mech;
- gss_union_name_t intName;
- gss_name_t mechName = NULL;
- OM_uint32 major;
-
- if (minor == NULL || user_ok == NULL)
- return (GSS_S_CALL_INACCESSIBLE_WRITE);
-
- if (name == NULL || user == NULL)
- return (GSS_S_CALL_INACCESSIBLE_READ);
-
- *user_ok = 0;
- *minor = GSS_S_COMPLETE;
-
- intName = (gss_union_name_t)name;
-
- mech = gssint_get_mechanism(intName->mech_type);
- if (mech == NULL)
- return (GSS_S_UNAVAILABLE);
-
- /* may need to import the name if this is not MN */
- if (intName->mech_type == NULL) {
- return (GSS_S_FAILURE);
- } else
- mechName = intName->mech_name;
-
- if (mech->gssint_userok)
- major = mech->gssint_userok(mech->context, minor, mechName,
- user, user_ok);
- else
- major = compare_names(minor, intName->mech_type,
- name, user, user_ok);
-
- return (major);
-} /* gss_userok */
+++ /dev/null
-/*
- * Copyright 1993 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "mglueP.h"
-
-/*
- * See krb5/gssapi_krb5.c for a description of the algorithm for
- * encoding an object identifier.
- */
-
-/*
- * The OID of user_name is:
- * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) user_name(1) = 1.2.840.113554.1.2.1.1
- * machine_uid_name:
- * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) machine_uid_name(2) = 1.2.840.113554.1.2.1.2
- * string_uid_name:
- * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) string_uid_name(3) = 1.2.840.113554.1.2.1.3
- * service_name:
- * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4) = 1.2.840.113554.1.2.1.4
- */
-
-static const gss_OID_desc oids[] = {
- {10, "\052\206\110\206\367\022\001\002\001\001"},
- {10, "\052\206\110\206\367\022\001\002\001\002"},
- {10, "\052\206\110\206\367\022\001\002\001\003"},
- {10, "\052\206\110\206\367\022\001\002\001\004"},
-};
-
-const gss_OID_desc * const gss_nt_user_name = oids+0;
-const gss_OID_desc * const gss_nt_machine_uid_name = oids+1;
-const gss_OID_desc * const gss_nt_string_uid_name = oids+2;
-const gss_OID_desc * const gss_nt_service_name = oids+3;
+++ /dev/null
-/* #pragma ident "@(#)gssd_pname_to_uid.c 1.18 04/02/23 SMI" */
-
-/*
- * Copyright 1996 by Sun Microsystems, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of Sun Microsystems not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. Sun Microsystems makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * glue routines that test the mech id either passed in to
- * gss_init_sec_contex() or gss_accept_sec_context() or within the glue
- * routine supported version of the security context and then call
- * the appropriate underlying mechanism library procedure.
- *
- */
-
-#include "mglueP.h"
-
-int gssd_pname_to_uid(pname, name_type, mech_type, uid)
-
-char * pname;
-gss_OID name_type;
-gss_OID mech_type;
-uid_t * uid;
-{
- int status;
- gss_mechanism mech;
-
- /*
- * find the appropriate mechanism specific pname_to_uid procedure and
- * call it.
- */
-
- mech = gssint_get_mechanism (mech_type);
-
- if (mech) {
- if (mech_type == GSS_C_NULL_OID)
- mech_type = &mech->mech_type;
-
- if (mech->pname_to_uid)
- status = mech->pname_to_uid(mech->context,
- pname, name_type, mech_type, uid);
- else
- status = GSS_S_BAD_MECH;
- } else
- status = GSS_S_BAD_MECH;
-
- return(status);
-}
/* GSSAPI Extension functions -- these functions aren't */
/* in the GSSAPI, but they are provided in this library */
-int gssd_pname_to_uid (char *, gss_OID, gss_OID, uid_t *);
-void gss_initialize (void);
-
#endif /* _GSS_MECHGLUE_H */
gss_union_cred_auxinfo auxinfo;
} gss_union_cred_desc, *gss_union_cred_t;
-typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)(
- void *, /* context */
- OM_uint32 *, /* minor_status */
- const gss_name_t, /* desired_name */
- const gss_buffer_t, /* password */
- OM_uint32, /* time_req */
- const gss_OID_set, /* desired_mechs */
- int, /* cred_usage */
- gss_cred_id_t *, /* output_cred_handle */
- gss_OID_set *, /* actual_mechs */
- OM_uint32 * /* time_rec */
- /* */);
-
/********************************************************/
/* The Mechanism Dispatch Table -- a mechanism needs to */
/* define one of these and provide a function to return */
/* */);
} *gss_mechanism;
-/* This structure MUST NOT be used by any code outside libgss */
-typedef struct gss_config_ext {
- gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password;
-} *gss_mechanism_ext;
-
/*
* In the user space we use a wrapper structure to encompass the
* mechanism entry points. The wrapper contain the mechanism
void *dl_handle; /* RTLD object handle for the mech */
gss_OID mech_type; /* mechanism oid */
gss_mechanism mech; /* mechanism initialization struct */
- gss_mechanism_ext mech_ext; /* extensions */
struct gss_mech_config *next; /* next element in the list */
} *gss_mech_info;
void gssint_mechglue_fini(void);
gss_mechanism gssint_get_mechanism (gss_OID);
-gss_mechanism_ext gssint_get_mechanism_ext(const gss_OID);
OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t);
char *gssint_get_kmodName(const gss_OID);
char *gssint_get_modOptions(const gss_OID);
int arrayLen /* length of passed in array */
);
-OM_uint32
-gssint_userok(
- OM_uint32 *, /* minor */
- const gss_name_t, /* name */
- const char *, /* user */
- int * /* user_ok */
-);
-
OM_uint32
gss_store_cred(
OM_uint32 *, /* minor_status */